Tiny WordPress Insights

Nginx Rewrite Rules for WP Admin over SSL

Pothi

This is a continuation of administering your WordPress blog over SSL to increase your blog security.

Nginx rewrite rules are tricky, but are easier to learn once you understand them. I’m sure they are lot easier to understand, learn and write than .htaccess rules for Apache HTTP server. Here I solve an important issue when you use WordPress over HTTPS, otherwise called the secure protocol.

The Problem

Once you modified the wp-config.php file as per the instructions on the other post, all the administration would happen via HTTPS. But, it doesn’t stop the visitors to browse the site through secure protocol. You wouldn’t want this happen, especially for search engines as they see duplicate content now.

The Solution – Nginx Rewrite Rule

To overcome this, we can write a simple rewrite rule in Nginx to redirect the regular visitors and search engines to browse regular posts via port 80. Here is how to do this…

On your site’s configuration file…

server {
  listen 443;
  server yourdomain.com;

  # Regular rules to manage WordPress over SSL such as
  location /wp-admin {
     # proxy_pass or fastcgi_pass rule/s
  }

  # Put this as the last line
  # To redirect regular pages to HTTP
  location / { rewrite ^ http://$host$request_uri permanent; }
}

Do you have any questions or need clarification regarding the above Nginx rewrite rule to manage WordPress over secure protocol? Please do write them as a comment. I’m glad to assist you.

Updated (on August 16, 2012), after the request from Don:

Here is the working example code. To see this for yourself, please visit http://ssl.pothi.info. You may try log into the backend. You will get a SSL warning, because the SSL certificate is valid only for my primary domain (pothi.info). There are multiple ways to achieve the same configuration. This is just my way. :)

server {
  listen 80;
  server_name ssl.pothi.info;
  root /path/to/wordpress;
  index index.php;

  location ~ \.php$ {
    # Request to wp-login and wp-admin to go via HTTPS protocol
    location ~ /wp-(admin|login) {
      return 301 https://$host$request_uri;
    }

    # Process non-admin requests
    try_files $uri =404;
    include fastcgi_params;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_pass  unix:/var/lock/php-fpm;
    fastcgi_intercept_errors on;
  }

  location / {
    try_files $uri $uri/ /index.php;
  }

}

server {
  listen 443 ssl;
  server_name ssl.pothi.info;

  ssl_certificate xyz.crt;
  ssl_certificate_key xyz.key;

  root /path/to/wordpress;
  index index.php;

  # Process only the requests to wp-login and wp-admin
  location ~ /wp-(admin|login) {
    location ~ \.php$ {
      try_files $uri =404;
      include fastcgi_params;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      fastcgi_pass  unix:/var/lock/php-fpm;
      fastcgi_intercept_errors on;
    }
  }

  # Redirect everything else to port 80
  location / {
    return 301 http://$host$request_uri;
  }
}
Exit mobile version