Nginx非www转www配置异常导致WordPress REST API及回环请求故障求助
大家好,我最近碰到一个头疼的问题,想请各位帮忙分析下:我们的Nginx在配置非www转www的跳转后,WordPress后台出现了页面加载缓慢的情况,而且在Tools > Site Health里检测到两个关键错误,怀疑根源出在Nginx的配置上,具体情况如下:
问题背景
最初我们的Nginx配置是把example.com跳转到https://www.example.com,一开始正常工作。但自从Chrome在2021年默认启用HTTPS后,用户访问https://example.com时会出现SSL错误(因为我们只给www.example.com申请了证书)。
后来我们更新了Nginx配置来处理这个问题,但之后发现WordPress部分页面(包括wp-admin)加载变慢,调整memory_limit也没用。更关键的是,当WordPress的站点URL设置为www.example.com时,Site Health会报错;但如果设置为服务器IP,就完全正常,所以我推测是Nginx的跳转配置导致了问题。
当前Nginx配置(nginx.conf)
# Moves to HTTPS and serve certbot certificates server { listen 80; server_name example.com www.example.com app.example.com; location ~ /.well-known/acme-challenge/ { root /var/www/certbot; } location / { return 301 https://$host$request_uri; } } # Includes www server { listen 443 ssl; server_name example.com; error_log /var/log/nginx/example.com.error.log; access_log /var/log/nginx/example.com.access.log; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_dhparam /etc/letsencrypt/dhparams.pem; return 301 https://www.example.com$request_uri; } # WordPress site server { listen 443 ssl; server_name www.example.com; error_log /var/log/nginx/www.example.com.error.log; access_log /var/log/nginx/www.example.com.access.log; ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; ssl_dhparam /etc/letsencrypt/dhparams.pem; location ^~ / { proxy_pass http://10.0.0.131:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 443 ssl; server_name app.example.com; error_log /var/log/nginx/app.example.com.error.log; access_log /var/log/nginx/app.example.com.access.log; ssl_certificate /etc/letsencrypt/live/app.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/app.example.com/privkey.pem; ssl_dhparam /etc/letsencrypt/dhparams.pem; location ^~ / { proxy_pass http://10.0.0.160:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } error_page 400 401 402 403 404 500 502 503 504 =200 /error/unavailable.html; location = /error/unavailable.html { internal; alias /etc/nginx/html/error/; try_files /unavailable.html =404; access_log /var/log/nginx/error.log; } }
具体错误信息
在Site Health中检测到以下两个错误:
REST API异常
REST API Endpoint: https://www.example.com/index.php?rest_route=%2Fwp%2Fv2%2Ftypes%2Fpost&context=edit
REST API Response: (http_request_failed) cURL error 28: Connection timed out after 10000 milliseconds回环请求失败
The loopback request to your site failed, this means features relying on them are not currently working as expected.
Error: cURL error 28: connection timed out after 10001 milliseconds (http_request_failed)
环境布局与排查进展
我们的架构是:
- 一台Proxmox服务器(IP:10.0.0.3)部署在防火墙设备(IP:10.0.0.1)之后
- Proxmox上有两个容器:Nginx容器(10.0.0.125)和WordPress容器(10.0.0.131)
- App服务器(10.0.0.160)部署在另一台独立机器上
已经做的排查:
- 关闭了所有防火墙:Proxmox集群级防火墙(
pve-firewall stop)、容器上的UFW、WordPress的Wordfence插件 - 防火墙设备日志中没有看到任何拦截记录
- Nginx和WordPress容器可以互相ping通,也能ping通Proxmox、防火墙接口和外部站点
- 查看了Wordfence的日志,没有找到和
wp-json相关的请求记录
容器的hosts文件内容:
- Nginx容器(10.0.0.125)
/etc/hosts:127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters # --- BEGIN PVE --- 10.0.0.125 nginx.local nginx # --- END PVE --- - WordPress容器(10.0.0.131)
/etc/hosts:127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters # --- BEGIN PVE --- 10.0.0.131 example.com example # --- END PVE ---
现在我实在找不到问题所在了,想请各位帮忙看看Nginx的配置哪里可能有问题,或者还有什么其他排查方向可以尝试?
备注:内容来源于stack exchange,提问作者rd1218
