Trent's picture

Hi team,

I’ve got a turnkey linux wordpress VM running, and I want to put it behind my NGINX reverse proxy, as I’ve done with many of my other websites/appliances.

For some reason the Turnkey Linux Wordpress server is inaccessible outside the LAN using NGINX, with the exact same configuration that works for non-Turnkey Linux Wordpress websites.

I don’t know what it is about the Turnkey Linux instance that seems to break the reverse proxy, and so I’m hoping you might be able to steer me in the right direction.

Kind regards,

Forum: 
Jeremy Davis's picture

Hi Trent

Your use case certainly should work, although clearly there is something "not quite right".

Have you made any modifications to the default Apache config (that we ship with our WP appliance)? Also, are you proxying to http or https on your WP server? If proxying to https, you'll need to either get a proper cert on your server, or disable SSL verification (Nginx will fail to connect to https with a self signed cert by default). Actually, could you please share your Nginx reverse proxy config?

Also if you could please share the specific error message when it fails (my guess is that it's a 50x error - but be good to know for sure).

Look forward to hearing a few more details so hopefully we can get you up and running ASAP.

Trent's picture

Thanks for your reply.

I'm using https://nginxproxymanager.com/ as my reverse proxy, and using that to request client-facing certs.

The apache config is all stock, and so is the reverse proxy setup, SSL verification is disabled.

Cheers

Jeremy Davis's picture

I've never used Nginx proxy manager but would expect that it would "just work" as confirmed working config (see below) is fairly minimalist vanilla Nginx reverse proxy config - without anything special.

Regardless, if you could actually share the Nginx config that it has generated for you, perhaps I can see what has gone wrong (and you can report upstream to Nginx proxy manager devs)?

FYI, to test, I launched a vanilla v17.1 WordPress appliance and a v17.1 Nginx appliance. Other than running through the firstboot scripts, I changed nothing on WP.

On Nginx, I disabled the 'tkl-default' site ('rm /etc/nginx/sites-enabled/tkl-default') and created a new config file (/etc/nginx/sites-available/wp-rev-proxy) as below (note this doesn't support IPv6 - let me know if you need IPv6 and I can include that too):

server {
    listen 80 default_server;

    # SSL configuration
    listen 443 ssl default_server;
    include snippets/ssl.conf;
    server_name wp.jeremydavis.org; # change this to your domain

    add_header Cache-Control public;

    location / {
        proxy_pass https://192.168.1.121; # change this to your wp server
        proxy_ssl_verify off;
        proxy_redirect off;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
    }
}

After adding that, I enabled it ('ln -s /etc/nginx/sites-available/wp-rev-proxy /etc/nginx/sites-enabled/wp-rev-proxy'), restarted Nginx ('systemctl restart nginx') and it "just works" for me!?

Note that whilst the config above works, it could be improved (it's pretty basic and minimalist).

I can only assume that Nginx proxy manager is doing something weird? I'm assuming that there must be some way to match the options in my config? And/or perhaps you can do some sort of site config manual override?

Good luck and please let me know how you go.

Add new comment