I have set up a simple docker-compose file with an nginx proxying to a wordpress container. The nginx also handles basic authentication.
When a form is submitted in wordpress, I have to make a call to another service using wp_remote_post. Unfortunately this fails, since my nginx (confirmed it is my nginx) is sending back a 401 code, asking for authentication.
Is there anything in my configs that could be interfering here?
The response:
Array
(
[headers] => Requests_Utility_CaseInsensitiveDictionary Object
(
[data:protected] => Array
(
[server] => nginx/1.19.6
[date] => Wed, 06 Oct 2021 11:30:12 GMT
[content-type] => text/html
[content-length] => 179
[www-authenticate] => Basic realm="Login Required"
)
)
[body] => <html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.19.6</center>
</body>
</html>
[response] => Array
(
[code] => 401
[message] => Unauthorized
)
[cookies] => Array
(
)
[filename] =>
[http_response] => WP_HTTP_Requests_Response Object
(
[response:protected] => Requests_Response Object
(
[body] => <html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.19.6</center>
</body>
</html>
[raw] => HTTP/1.1 401 Unauthorized
Server: nginx/1.19.6
Date: Wed, 06 Oct 2021 11:30:12 GMT
Content-Type: text/html
Content-Length: 179
Connection: close
WWW-Authenticate: Basic realm="Login Required"
<html>
<head><title>401 Authorization Required</title></head>
<body>
<center><h1>401 Authorization Required</h1></center>
<hr><center>nginx/1.19.6</center>
</body>
</html>
[headers] => Requests_Response_Headers Object
(
[data:protected] => Array
(
[server] => Array
(
[0] => nginx/1.19.6
)
[date] => Array
(
[0] => Wed, 06 Oct 2021 11:30:12 GMT
)
[content-type] => Array
(
[0] => text/html
)
[content-length] => Array
(
[0] => 179
)
[www-authenticate] => Array
(
[0] => Basic realm="Login Required"
)
)
)
[status_code] => 401
[protocol_version] => 1.1
[success] =>
[redirects] => 1
[url] => https://www.mywebsite.com
[history] => Array
(
[0] => Requests_Response Object
(
[body] => "An alternate resource is located at https://www.mywebsite.com."
[raw] => HTTP/1.1 303 See Other
Date: Wed, 06 Oct 2021 11:30:12 GMT
Content-Type: text/plain
Content-Length: 75
Connection: close
Location: https://www.mywebsite.com
Vary: Origin
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: qe0q9we09qe090qw9-TXL
"An alternate resource is located at https://www.mywebsite.com."
[headers] => Requests_Response_Headers Object
(
[data:protected] => Array
(
[date] => Array
(
[0] => Wed, 06 Oct 2021 11:30:12 GMT
)
[content-type] => Array
(
[0] => text/plain
)
[content-length] => Array
(
[0] => 75
)
[location] => Array
(
[0] => https://mywebsite.com
)
[vary] => Array
(
[0] => Origin
)
[cf-cache-status] => Array
(
[0] => DYNAMIC
)
[expect-ct] => Array
(
[0] => max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
)
[server] => Array
(
[0] => cloudflare
)
[cf-ray] => Array
(
[0] => d989qw8e9df9s8d0q3e8-TXL
)
)
)
[status_code] => 303
[protocol_version] => 1.1
[success] =>
[redirects] => 0
[url] => https://the_service_url.com
[history] => Array
(
)
[cookies] => Requests_Cookie_Jar Object
(
[cookies:protected] => Array
(
)
)
)
)
[cookies] => Requests_Cookie_Jar Object
(
[cookies:protected] => Array
(
)
)
)
[filename:protected] =>
[data] =>
[headers] =>
[status] =>
)
)
docker-compose.yml
version: "3.8"
networks:
db:
proxy:
services:
proxy:
image: "nginx:1"
container_name: "proxy"
depends_on:
- wordpress
- devWordpress
- phpmyadmin
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/conf:/etc/nginx/conf.d
- ./nginx/certs:/etc/certs
- ./nginx/htpasswd/.htpasswd:/etc/nginx/.htpasswd
restart: always
networks:
- proxy
wordpress:
image: "wordpress:latest"
container_name: wordpress
volumes:
- ./wordpress:/var/www/html
depends_on:
- db
environment:
ServerName: mywebsite.com
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_wp_pw
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_NAME: wordpress
restart: always
secrets:
- db_wp_pw
networks:
- db
- proxy
nginx.conf
ssl_certificate /etc/certs/certificate.cert;
ssl_certificate_key /etc/certs/privkey.key;
server {
listen 80;
listen [::]:80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
auth_basic "Login Required";
auth_basic_user_file "/etc/nginx/.htpasswd";
# . files
location ~ /\.(?!well-known) {
deny all;
}
# restrict methods
if ($request_method !~ ^(GET|POST)$) {
return '405';
}
location / {
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
# Proxy timeouts
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
proxy_redirect off;
proxy_pass http://wordpress;
}
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss xml application/atom xml image/svg xml;
}
CodePudding user response:
You can combine your current auth_basic but whitelist your servers that made the wp_remote_post request by their IPs:
satisfy any;
allow 192.168.1.0/24; #replace with your server IP
allow 192.168.2.0/24; #replace with your server IP
deny all;
auth_basic "Login Required";
auth_basic_user_file "/etc/nginx/.htpasswd"; # . files