« Back to home

WordPress, Varnish, Jetpack, and SSL/HSTS

WordPress, Varnish, Jetpack, and SSL/HSTS

If you're self-hosting WordPress on the HAProxy + Varnish + Nginx stack we've long talked about here at BigDino, you might have run into a few configuration quirks during set-up that went outside the scope of our blog entries a bit. One of those quirks is getting WordPress working with Jetpack, a WordPress plugin by the WordPress folks that adds a whole dump truck's worth of extra management features and functionality to self-hosted WordPress.

The first problem you might see is that when activating Jetpack with Varnish in place, Varnish throws a guru meditation error. There's a two year old thread in the Wordpress.org support forums describing the issue, but no solution appears to be available as yet; fortunately, the error doesn't actually prevent Jetpack from installing correctly. If you run into this, refreshing the activation link should return the correct response.

More serious, though, is the error you might see when attempting to leverage some of that fancy extended Jetpack functionality and manage your blog via the new Calypso WordPress app (currently OS X only, looks like). Specifically, you'll get an error that looks something like this:

The error you'll see

Attempting to access your Jetpack-enabled site via the WP app yields the red trouble "splat" at left. When clicked, it produces a more verbose (but still not terribly helpful error stating that your site cannot be accessed.

The solution comes from Stephan Burlot, who suggests that the underlying issue is caused by WordPress.com trying to access your site's xmlrpc.php file; the fact that you've probably got something else (like HAProxy or Varnish) listening on port 80 is causing a response that isn't anticipated. Burlot cleverly notes that modifying your wp-config.php file to include a SERVER_PORT variable pointing to HTTP port 80 will fix the problem—but that doesn't quite do it for us, since we're HSTS-compliant and we don't do port 80 anymore.

Adapting Burlot's fix for HTTPS, fortunately, is as easy as you might expect. Just add the following line near the beginning of wp_config.php:

$_SERVER['SERVER_PORT'] = 443;

Restart Nginx and Varnish just to be safe, and you should be good to go—your WordPress app should now function properly.

Discuss this post on the BigDinosaur forums