I’m 99% confident this is an Apache/PHP configuration thats doing some sort of rewrite/forwarding causing my problem.
Please note these similar issues. I’ve tried the suggestions listed but still can’t get it to work:
I’ve tried the
wp-config.php updates mentioned in these posts and I still can’t get it to respond when trying to access through the load balancer.
Our site has many different services behind Amazon’s ELB but for some reason this simple Apache site project has turned into a major headache since I can’t resolve this one site through ELB.
When browsing to the public domain name (that routes to ELB) over HTTPS the browser just times out! (Chrome throws a
ERR_CONNECTION_TIMED_OUT). Browsing to local site (bypassing ELB) works fine.
- ELB: Application load balancer. It listens on 443 and terminates TLS certificate. Working great for many hosts, just not this wordpress site.
- WordPress Host: Apache container running wordpress (official Docker image
wordpress:4.9.8-php7.1-apache). Listens on port 8008 HTTP only, no TLS configuration set on the container/Apache since the load balancer handles TLS.
DNS: Both public and private DNS servers are setup for
CNAMErecords for the ELB endpoint.
I just created a brand new site (it’s a wordpress site) using the official WordPress docker image
wordpress:4.9.8-php7.1-apache – Basically it’s just an apache server. I can load the site without issue using the IP/port of the host.
The site itself works fine! I can browse to it using clear HTTP using its internal IP and port.
So I then added it to my ELB setup just like all our other sites (I’ve done this a million times before).
- Cert is already installed for the ELB listener as this is just oen of many sites on this listener.
- Security group for the host allows inbound for the appropriate listening port from my entire VPC.
- Security group for the ELB listener is
0.0.0.0/0for 443, and again works fine for the other sites.
- Listener rule configured to filter by hostname and route to the appropriate target group. Screenshot below.
- Target group shows the endpoint is “healthy”
- When browsing to the internal IP/port the site loads fine.
- I have many other services running on this host that are routed to it through the same ELB, so the subnet config is ok.
- I checked the apache logs, and it doesn’t look like any packets are being sent to Apache (nothing shows in the logs) when attempting to connect via ELB.
- DNS routes to the CNAME of the ELB. This works fine for all our other services.
Since I’m very comfortable with ELB and I am very confident my cert is installed ok and my listener host filtering/target group config is healthy and looking good, where else should I check? Is there any logging of ELB so I can trace what’s going on? Is there maybe something in Apache that I can check?
Because Apache is forcing the 301, that makes me think it’s assuming the page is not https. I’ve already tried setting rules such as the following:
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) $_SERVER['HTTPS']='on';
However, no success still. This appears to be the same behavior both if I have wordpress options
siteurl set to the external https hostname or the internal ip:port over http.
curl -I output. I’ve replaced my real host domain with example.com:*
C02SL234G8WN:Documents user$ curl -I marketing-wp.example.com HTTP/1.1 200 OK Date: Tue, 21 Aug 2018 20:59:16 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive Server: Apache/2.4.25 (Debian) X-Powered-By: PHP/7.1.20 Link: <https://marketing-wp.example.com/wp-json/>; rel="https://api.w.org/"
I managed to get this working by updating the
is_ssl() function in
wp-includes/load.php to force return
true. The page now loads! However the wp-admin page isn’t working still. Still hacking away at it