search

Home  >  Q&A  >  body text

wordpress - nginx reverse generation Varnish go Https, WP backend 'You do not have sufficient permissions to access this page. ’

question:

Recently researching Https on Varnish, currently nginx:443 is the reverse generation of varnish:80 backend nginx:80. So I walked around to find one. But after it’s done. The frontend is normal and opens quickly, but in the backend wp-admin, it says 'You do not have sufficient permissions to access this page. ’ Even after reinstalling WP, the problem persists.

Nginx:443’s anti-generation rules

location ~ / {
            proxy_pass http://127.0.0.1:80;
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_set_header X-SSL on;
            proxy_hide_header Vary;
            proxy_redirect off;
        }

Varnish’s Rules

vcl 4.0;
 
# 后端服务器配置
backend default {
  .host = "127.0.0.1"; # 后端服务器的域名或 IP
  .port = "8080";                    # 端口
  .connect_timeout = 600s;
  .first_byte_timeout = 600s;
  .between_bytes_timeout = 600s;
  .max_connections = 128;
}
 
acl purge {
    "localhost";
    "127.0.0.1";
}
 
# vcl_recv 表示 Varnish 收到客户端请求的时候
sub vcl_recv {
  # 当 HTTP 方法是 Purge 时,检查来源 IP,如果 IP 有效,则进行 Purge 操作
  if (req.method == "PURGE") {
    if (!client.ip ~ purge) {
      return(synth(405, "This IP is not allowed to send PURGE requests."));
    }
    return (purge);
  }
 
  # 不缓存有密码控制的内容和 Post 请求
  if (req.http.Authorization || req.method == "POST") {
    return (pass);
  }
 
  # 不缓存管理员页面和预览页面
  if (req.url ~ "wp-(login|admin)" || req.url ~ "preview=true") {
    return (pass);
  }
 
  # 不缓存已登录用户的内容
  if (req.http.Cookie ~ "wordpress_logged_in_") {
    return (pass);
  }
 
  # 清除 cookie,因为 WordPress 会根据用户 cookie 在评论框中直接输出昵称
  unset req.http.cookie;
 
  # 进行 hash 操作,见下面的定义
  return (hash);
}
 
sub vcl_pipe {
        return (pipe);
}
 
sub vcl_pass {
        return (fetch);
}
 
# 定义用于缓存的键
sub vcl_hash {
  # 这里使用 URL 做为键,如果是多域名站点,则需要使用 req.http.host + req.url
  hash_data(req.url);
  return (lookup);
}
 
# 处理后端服务器的响应
sub vcl_backend_response {
  # 删掉一些没有用的项
  unset beresp.http.X-Powered-By;
  unset beresp.http.x-mod-pagespeed;
 
  # 对于图片之类的静态内容,删掉 cookie 并且设置浏览器缓存时间为一个月
  if (bereq.url ~ "\.(css|js|png|gif|jp(e?)g|swf|ico|txt|eot|svg|woff)") {
    unset beresp.http.cookie;
    set beresp.http.cache-control = "public, max-age=2700000";
  }
 
  # 不缓存管理员页面和预览页面
  if (bereq.url ~ "wp-(login|admin)" || bereq.url ~ "preview=true") {
    set beresp.uncacheable = true;
    set beresp.ttl = 30s;
    return (deliver);
  }
 
  # 这一段很重要,在用户提交评论的同时,立即清空该页面的缓存,这样用户可以加载到最新的页面
  if (bereq.url == "/wp-comments-post.php") {
    ban("req.url == " + regsub(beresp.http.Location, "^http(s)?://bb\.mf8\.biz(/.*/)$
  }
 
  # 不缓存 Post 请求和有密码的内容
  if ( bereq.method == "POST" || bereq.http.Authorization ) {
    set beresp.uncacheable = true;
    set beresp.ttl = 120s;
    return (deliver);
  }
 
  # 只缓存正常的响应和 404
  if ( beresp.status != 200 && beresp.status != 404 ) {
    set beresp.uncacheable = true;
    set beresp.ttl = 120s;
    return (deliver);
  }
 
  unset beresp.http.set-cookie;
 
  # 默认缓存时间是 24 小时
  set beresp.ttl = 24h;
  set beresp.grace = 30s;
  return (deliver);
}
 
sub vcl_deliver {
  return (deliver);
}
sub vcl_init {
        return (ok);
}
sub vcl_fini {
        return (ok);
}
曾经蜡笔没有小新曾经蜡笔没有小新2756 days ago567

reply all(1)I'll reply

  • 某草草

    某草草2017-05-16 17:17:47

    It has been solved and is organized as follows:
    https://www.mf8.biz/varnish-wordpress-make-fast-2/

    reply
    0
  • Cancelreply