Wordpress site with Cloudflare Tunnel

cyclicalsystem · January 16, 2023, 9:41pm

I have a Wordpress site that I am hosting in a docker container as a localhost on my Synology nas at say 192.168.1.10:8080. I am running cloud flared tunnel in docker as well on the same nas. I have several other localhost sites that work fine through the Cloudflare tunnel, but not Wordpress. When I try to load my Cloudflare tunneled subdomain to my Wordpress site, it just hangs. I looked at the docker logs, and it seems like it is getting traffic through the tunnel ok, but Wordpress seems to be throwing a 301 redirect. Doing some research it seems like there are issues with Wordpress running non-SSL localhost site behind a reverse proxy and it can go into a redirect loop, so I think it is related to this, but I am not sure how to fix it.

Anyone have any ideas or have you successfully setup Wordpress in this manner?

fritex · January 16, 2023, 10:00pm

May I ask if you’ve installed WordPress on your local machine via HTTP and before moving / configuring cloudflared tunnel?

I’d suggest, since it’s localhost, to double-check database and search for HTTP permalinks, tehrefore replace them (also those like http://localhost) with the actual sub.domain.com, therefore make sure to replace the HTTP with HTTPS due to the permalink structure

anthony27 · January 16, 2023, 11:04pm

I have some general tips to avoid this WordPress redirect loop, as it’s a common issue.

WordPress needs to know you’re accessing it securely. If you access Cloudflare via SSL, but then the Tunnel endpoint is non-SSL (e.g. localhost:80), then WordPress doesn’t know the communication has been via SSL up until that point.

You have two main options:

1. Trick WordPress into thinking it’s being accessed via SSL.

In wp-config.php, you should be able to add $_SERVER['HTTPS'] = 'on'; right near the top.

2. Setup a local SSL certificate on your host.

If you setup a self-signed SSL certificate on your web server, you can then configure your tunnel to connect via HTTPS (tunnel route becomes https://localhost:443/). However, you also need to configure your Tunnel to ignore SSL errors (self signed certificates will be rejected by default).

If you use Tunnel Remote Configuration, there’s no UI I’m aware to do this, but you can use the Clouflare API to do this:

PUT https://api.cloudflare.com/client/v4/accounts/<account id>/cfd_tunnel/<tunnel id>/configurations

{
    "config": {
      "originRequest": {
        "noTLSVerify": true
      },
      "ingress": [
        {
          "service": "https://<servers IP>:443"
        }
      ]
    }
}

If you have’t used the API before, I suggest doing this with a test tunnel (not a live one) in case you stuff up your tunnel config.

fritex · January 16, 2023, 11:11pm

A good way to try it with that option too if some issues as well, since no SSL cert at local machine (except self-signed option as suggested)

cyclicalsystem · January 18, 2023, 12:21pm

Thanks for the replies. I am still trying to sort this out. I think Docker was causing some issues, so I decided to abandon that approach.

I decided to go down the path to install Wordpress manually, but I am having some issues with that as well, but I don’t think they are related. I am trying to just get a simple web page hosted to debug that. I was able to get the Cloudflare tunnel to route to that, so I know my server configuration is all correct. Now, I am just trying to debug my Wordpress install.

I am sure this is just something stupid I am missing…

cyclicalsystem · January 18, 2023, 2:46pm

I was able to get my Wordpress site working locally and with port forwarding over SSL, but cloudflared tunneling seems to still be an issue. Something within Wordpress just chokes on it.

cyclicalsystem · January 19, 2023, 3:24pm

I was able to get Wordpress working over docker as well using this tutorial. I’m still not sure what I was doing wrong, but it works when you use the portainer application template one click install like he shows. No changes needed to SSL and Wordpress locally. It works over HTTP, but it’s SSL over the tunnel.

https://www.youtube.com/watch?v=G_PqTyeZCWk

cyclicalsystem · January 20, 2023, 1:06pm

I also figured out my issue with SSL using my localhost instance of Apache and Wordpress. I did have to get it to work over localhost SSL which I did by creating a self signed certificate. I also had it in a folder rather than at root level, and since you can’t have a path in a domain or tunnel, I simply used HTTPS localhost for my tunnel and then in my browser I navigated to the /myblog path and it works now. I knew it was something stupid, I just needed to wrap my head around these concepts and apply it correctly.

Thanks all for the help leading me down the right path.

cyclicalsystem · January 20, 2023, 1:28pm

It seems as though I needed to do one more thing to get the admin and URLs to work.

That was force SSL like some of you said by setting $_SERVER[‘HTTPS’] = ‘on’; in wp-config. I also had to change the site URL in wp-config as well by adding

define('WP_HOME','https://blog.mydomain.com/blog/');
define('WP_SITEURL','https://blog.mydomain.com/blog/');

All is working now, and I guess I don’t actually need to have the Wordpress instance running locally over SSL at https://localhost/blog/. It works fine pointing it to the non-SSL HTTP local version.