D8 + split-nginx frontend + backend-proxy config loses D8 theming; otherwise functions OK

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
Anonymous's picture

I run nginx 1.9.9 + php7 + php-fpm

With a single, standlone nginx config, I installed Drupal 8.0.1. Everything works & displays correctly.

Next, I need to split the nginx config into front-/back-ends.

I created two configs for the front- & back-ends.

In the split-config, Drupal functions correctly, but displays no themeing; just 'generic'.

css links in ViewSource are accessible.

I suspect I've missed something in header-passing between the front & back.

Here are the current configs I'm working with,

frontend:

server {
    server_name dev.example.com;
    listen 192.0.2.1:443 ssl http2;
    more_set_headers "Secure Server";

    root /tmp/nulldir;

    access_log  /var/log/nginx/access.log  main;
    error_log   /var/log/nginx/error.log  error;
    rewrite_log off;

    index  index.php;
    autoindex  off;

    ssl on;
    ssl_certificate_key     "ssl/example.key";
    ssl_certificate         "ssl/example.crt";
    ssl_trusted_certificate "ssl/example.crt";
    ssl_verify_client off;
    include includes/ssl.conf;

    location / {
        proxy_pass http://127.0.0.1:11111;
        proxy_connect_timeout 600s;
        proxy_read_timeout 600s;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header HTTPS on;
        proxy_set_header X-Client-Verify $ssl_client_verify;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-SSL-Client-Verify $ssl_client_verify;
        proxy_set_header X-SSL-Issuer  $ssl_client_i_dn;
        proxy_set_header X-SSL-Subject $ssl_client_s_dn;
    }
}

backend:

server {
    server_name dev.example.com;
    listen 127.0.0.1:11111 default;

    root /dev/web/sites/example01/drupal8/;

    access_log  /var/log/nginx/access.log  main;
    error_log   /var/log/nginx/error.log  error;
    rewrite_log on;

    index  index.php;
    autoindex   on;

    ssl          off;
    gzip         off;

    location = /favicon.ico  { log_not_found off; access_log off; }
    location = /robots.txt   { log_not_found off; access_log off; allow all; }
    location ~* .(txt|log)$ { allow 192.0.2.0/24; deny all; }
    location = /backup       { deny all; }
    location ~ ../..php$ { return 403; }
    location ~ (^|/).       { return 403; }
    location ~ ^/sites/./private/ { access_log off; deny all; }
    location ~ /vendor/.
.php$ { deny all; return 404; }

    location / {
        try_files $uri @rewrite;
    }

    location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }

    location ~ ^/sites/./files/styles/ {
        try_files $uri @rewrite;
    }

    location ~ .php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+?.php)(|/.
)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_intercept_errors on;
        fastcgi_pass 127.0.0.1:9000;
    }

    location @rewrite {
        rewrite ^ /index.php;
    }
}

What's 'eating' my display themeing?

Comments

What's 'eating' my display

bugsonly's picture

What's 'eating' my display themeing?

Answering my own question -- NOT the configs above.

The problem's resolved in Drupal's settings.php.

With D8, $base_url= spec'n in settings.php is going (gone?) away,

"Remove the option to specify a base_url from within settings.php"
https://www.drupal.org/node/2528988

Setting the reverse_proxy_* settings in settings.php to correctly mirror the ENV in the nginx config above,

"Support X-Forwarded-* HTTP headers alternates"
https://www.drupal.org/node/313145

fixes the problem. All theming's returned, and the setup works with either http:// or SSL-terminated https:// on the front-end

Nginx

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: