How to serve WordPress behind Caddy Reverse Proxy

Caddy, if you have not heard of it before, is an awesome web server with automatic HTTPS and TLS baked in (Yay, Let’s Encrypt!). It also features fast and powerful reverse proxy functions that are exceedingly simple to setup. This makes it very simple to serve multiple web services on the same address.

Out of the box however, WordPress doesn’t seem to play nicely with Caddy’s reverse proxy directive. I ran into two separate issues when I first tried to set it up. The first issue was that the TLS was broken, and all of the images and CSS files on the WordPress site were being blocked by my browser for being insecure. The second issue I was having involved signing into the admin page, which kept showing me the error “Sorry, you are not allowed to access this page” after inputting admin credentials. Both of these problems were fixable by adding some lines to the wp-config.php file in the root directory of the WordPress files.

Caddyfile configuration

Firstly I should mention that these fixes will rely on you having a somewhat similar proxy setup to my own, so I’ll share my Caddy configuration. In my Caddyfile I ended up doing something along these lines…

host blog.[your-site].com {
    //* Other directives you may require *//
    reverse_proxy / [your.WordPress.host.address]:[your_port] {
        transparent
    }
}

This simple configuration allowed me to access the WordPress server behind my Caddy server, however all of the images and CSS broke as my browser claimed they were insecure.

Fixing TLS

The fix for this issue ended up being rather simple, all you need to do is either edit your site configuration via admin controls to point your Site Address to your new endpoint…

Go to “Settings” and then Under “General” You’ll see the following fields. Enter your new endpoint here.

Alternatively, you could also edit the wp-config.php file directly to define these manually if you can’t reach the admin page. Worth noting, If you have these manually set in wp-config.php already, than it will show up how mine does above and will not let you edit using the admin page. Otherwise, you should be able to enter it through the settings page. To set it manually simply add these two lines near the bottom of your wp-config.php

define( 'WP_HOME', 'https://[your-endpoint-here]' );
define( 'WP_SITEURL', 'https://[your-endpoint-here]' );

In my case [your-endpoint-here] was blog.evanolder.com. This simple fix stopped my browser from blocking the images and CSS.

Fixing “Sorry, you are not allowed access to this page”

To fix this issue you’re going to need to be able to edit the wp-config.php file. Simply add these lines near the bottom…

if ( ! empty( $_SERVER['HTTP_X_FORWARDED_HOST'] ) ) {
    $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
}

And lastly, add these lines right after the <?php. It is important to note that if you don’t put them at the top after the <?php then it will not function correctly.

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
  $_SERVER['HTTPS']='on';
}

Fixed!

It works!

You should now be able to reach your WordPress site without SSL errors, and be able to make changes to the site via the admin panel. Hope this helps you get started blogging!

2 thoughts on “How to serve WordPress behind Caddy Reverse Proxy

Leave a Reply

Your email address will not be published. Required fields are marked *