Wordpress site with Cloudflare Tunnel

I have a Wordpress site that I am hosting in a docker container as a localhost on my Synology nas at say 192.168.1.10:8080. I am running cloud flared tunnel in docker as well on the same nas. I have several other localhost sites that work fine through the Cloudflare tunnel, but not Wordpress. When I try to load my Cloudflare tunneled subdomain to my Wordpress site, it just hangs. I looked at the docker logs, and it seems like it is getting traffic through the tunnel ok, but Wordpress seems to be throwing a 301 redirect. Doing some research it seems like there are issues with Wordpress running non-SSL localhost site behind a reverse proxy and it can go into a redirect loop, so I think it is related to this, but I am not sure how to fix it.

Anyone have any ideas or have you successfully setup Wordpress in this manner?

May I ask if you’ve installed WordPress on your local machine via HTTP and before moving / configuring cloudflared tunnel?

I’d suggest, since it’s localhost, to double-check database and search for HTTP permalinks, tehrefore replace them (also those like http://localhost) with the actual sub.domain.com, therefore make sure to replace the HTTP with HTTPS due to the permalink structure

I have some general tips to avoid this WordPress redirect loop, as it’s a common issue.

WordPress needs to know you’re accessing it securely. If you access Cloudflare via SSL, but then the Tunnel endpoint is non-SSL (e.g. localhost:80), then WordPress doesn’t know the communication has been via SSL up until that point.

You have two main options:

1. Trick WordPress into thinking it’s being accessed via SSL.

In wp-config.php, you should be able to add $_SERVER['HTTPS'] = 'on'; right near the top.

2. Setup a local SSL certificate on your host.

If you setup a self-signed SSL certificate on your web server, you can then configure your tunnel to connect via HTTPS (tunnel route becomes https://localhost:443/). However, you also need to configure your Tunnel to ignore SSL errors (self signed certificates will be rejected by default).

If you use Tunnel Remote Configuration, there’s no UI I’m aware to do this, but you can use the Clouflare API to do this:

PUT https://api.cloudflare.com/client/v4/accounts/<account id>/cfd_tunnel/<tunnel id>/configurations

{
    "config": {
      "originRequest": {
        "noTLSVerify": true
      },
      "ingress": [
        {
          "service": "https://<servers IP>:443"
        }
      ]
    }
}

If you have’t used the API before, I suggest doing this with a test tunnel (not a live one) in case you stuff up your tunnel config.

A good way to try it with that option too if some issues as well, since no SSL cert at local machine (except self-signed option as suggested)

Thanks for the replies. I am still trying to sort this out. I think Docker was causing some issues, so I decided to abandon that approach.

I decided to go down the path to install Wordpress manually, but I am having some issues with that as well, but I don’t think they are related. I am trying to just get a simple web page hosted to debug that. I was able to get the Cloudflare tunnel to route to that, so I know my server configuration is all correct. Now, I am just trying to debug my Wordpress install.

I am sure this is just something stupid I am missing…

I was able to get my Wordpress site working locally and with port forwarding over SSL, but cloudflared tunneling seems to still be an issue. Something within Wordpress just chokes on it.

I was able to get Wordpress working over docker as well using this tutorial. I’m still not sure what I was doing wrong, but it works when you use the portainer application template one click install like he shows. No changes needed to SSL and Wordpress locally. It works over HTTP, but it’s SSL over the tunnel.

https://www.youtube.com/watch?v=G_PqTyeZCWk

I also figured out my issue with SSL using my localhost instance of Apache and Wordpress. I did have to get it to work over localhost SSL which I did by creating a self signed certificate. I also had it in a folder rather than at root level, and since you can’t have a path in a domain or tunnel, I simply used HTTPS localhost for my tunnel and then in my browser I navigated to the /myblog path and it works now. I knew it was something stupid, I just needed to wrap my head around these concepts and apply it correctly.

Thanks all for the help leading me down the right path.

It seems as though I needed to do one more thing to get the admin and URLs to work.

That was force SSL like some of you said by setting $_SERVER[‘HTTPS’] = ‘on’; in wp-config. I also had to change the site URL in wp-config as well by adding

define('WP_HOME','https://blog.mydomain.com/blog/');
define('WP_SITEURL','https://blog.mydomain.com/blog/');

All is working now, and I guess I don’t actually need to have the Wordpress instance running locally over SSL at https://localhost/blog/. It works fine pointing it to the non-SSL HTTP local version.

I just set up Wordpress https running behind cloudflared, hereby my two cents:

1. make the WordPress https/ssl ready before going into cloudflare tunnel. Even if you can see the main page of Wordpress, it will fail somewhere when you try plugins and advance config due to the source is not https/ssl ready.
   p.s. test it with the old school port forwarding and DNS settings if that’s possible.

2. I have difficulties using bitnami/Wordpress to obtain https (due to its permission settings and persist config i guess), and couldn’t find other reliable/well-acknowledge source of docker using PHP-FPM/FastCGI.

3. set HTTPS with TLS verification to be false in cloudflare tunnel settings, and route to be localhost:443