NGINX Ingress + Wordpress-fpm = ERR_TOO_MANY_REDIRECTS

[TheAggressive]

I've been searching and looking everywhere on the internet and on these forms for days to help understand this issue and how to properly setup NGINX Ingress with Wordpress-fpm. I'm rather new to Kubernetes and all so I've been working on setting this up to help me learn it all.

I can get it to work using the image of Wordpress that has Apache included (Wordpress:latest) but I rather use NGINX ingress to do the lifting instead of the built in Apache so this is the reason I'm trying to get it to work. Also good to learn a little more complex setup with Nginx ingress.

It seems that once all manifests are applied I visit localhost and I see this, ERR_TOO_MANY_REDIRECTS. I'm guessing that Wordpress can't get the header of X-Forwarded-Proto that it's looking for in the wp-config.php to let it know it's behind a reverse proxy of sorts.

Any help to understand what is the missing piece is greatly appreciated from more knowledgeable professionals who use this technology on a daily basis. It’s also driving me nuts why I can’t figure out how to correct it with the menu annotations I’ve tried.

Below are the manifest that I'm using:

wordpress.yml

apiVersion: v1
kind: Service
metadata:
  name: wordpress-service
  namespace: wordpress
spec:
  selector:
    app: wordpress-fpm
  type: ClusterIP
  ports:
  - name: https
    port: 443
    targetPort: 9000
    protocol: TCP
  - name: http
    port: 80
    targetPort: 9000
    protocol: TCP
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: wp-pv-claim
  namespace: wordpress
  labels:
    app: wordpress-fpm
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 20Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: wordpress-fpm
  namespace: wordpress
  labels:
    app: wordpress-fpm
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wordpress-fpm
  template:
    metadata:
      labels:
        app: wordpress-fpm
    spec:
      containers:
      - name: wordpress-fpm
        image: wordpress:5.5-php7.4-fpm-alpine
        env:
        - name: WORDPRESS_DB_HOST
          value: maria-db-service
        - name: WORDPRESS_DB_NAME
          valueFrom:
            secretKeyRef:
              name: maria-db-secret
              key: db-name
        - name: WORDPRESS_DB_USER
          valueFrom:
            secretKeyRef:
              name: maria-db-secret
              key: db-user
        - name: WORDPRESS_DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: maria-db-secret
              key: db-user-password
        volumeMounts:
        - name: wordpress-persistent-storage
          mountPath: /var/www/html
      volumes:
      - name: wordpress-persistent-storage
        persistentVolumeClaim:
          claimName: wp-pv-claim

ingress.yml

apiVersion: v1
kind: ConfigMap
metadata:
  name: nginx-config
  namespace: wordpress
data:
  SCRIPT_FILENAME: "/var/www/html/index.php"
  FASTCGI_PASS : "wordpress-fpm:9000"
  fastcgi_pass: "wordpress-fpm:9000"
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx
  namespace: wordpress
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/backend-protocol: "FCGI"
    nginx.ingress.kubernetes.io/fastcgi-index: index.php
    nginx.ingress.kubernetes.io/fastcgi-params-configmap: nginx-config
    ingress.kubernetes.io/rewrite-target: /$1
spec:
  tls:
  - hosts:
      - localhost
    secretName: testsecret-tls
  rules:
    - host: localhost
      http:
        paths:
        - pathType: Prefix
          path: "/"
          backend:
            service:
              name: wordpress-service
              port:
                name: http

[Bluefitdev]

I'm having similar issue on configuring this for laravel as well.. currently have the setup for ingress controller to point to service that points to pods with nginx and php-fpm. Would prefer to point to php-fpm straightaway, however I can't find any working example specifically on:
SCRIPT_FILENAME: "/var/www/html/index.php"

How does your ingress controller have access to the script path? is it through persistent volume?

[ernst77]

It seems like nobody was able to implement nginx-ingress -> fpm, so far as well looked for any successful implementation, but all of them using nginx as a sidecard with fpm container... no straight ingress -> fpm yet...

[elliotwestlake]

Has anyone been able to configure nginx-ingress -> fpm ? Been unable to configure this

[robertwt7]

I have managed to get it working, see my question in #6897, also related to #4822. Basically you have to translate most of the block in your nginx your-site.conf that you want to serve and map it to the fastcgi_param as you need.

Also node that try_files directive does not work, so you have to serve static files somewhere else (in my case laravel uses try_files directive before forwarding all uri to index.php)

[peco8]

This should be officially supported. I configured nginx as a sidecar but I'm adding prometheus exporters for each (nginx, and php-fpm), and the log shipper as well. It will be so messy within the pod.

[kundan2707]

/help wanted

[iamNoah1]

/help

[k8s-ci-robot]

@iamNoah1:
This request has been marked as needing help from a contributor.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[viktor-lt]

Has anyone been able to configure nginx-ingress -> fpm ? Been unable to configure this

Have you managed to do it ? I'm still unable to run a simple website:

php:7.4-fpm -> /var/www/html/index.php -> <?php phpinfo(); ?>

ConfigMap -> SCRIPT_FILENAME: "/var/www/html/index.php"

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
 name: fcgi-ingress
 namespace: website
 annotations:
   kubernetes.io/ingress.class: "nginx"
   nginx.ingress.kubernetes.io/backend-protocol: "FCGI"
   nginx.ingress.kubernetes.io/fastcgi-index: "index.php"
   nginx.ingress.kubernetes.io/fastcgi-params-configmap: "namespace/example-cm"
   cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  tls:
    - hosts:
        - example.com
      secretName: fcgi-services-tls
 rules:
   - host: example.com
     http:
       paths:
         - path:
           backend:
             serviceName: example-service
             servicePort: 4243

[sjoukedv]

For me it works with

  DOCUMENT_ROOT: "/var/www/html"
  SCRIPT_FILENAME: "/var/www/html/$fastcgi_script_name"
  HTTP_PROXY: ""
  HTTPS: "1"

And

    nginx.ingress.kubernetes.io/backend-protocol: "FCGI"
    nginx.ingress.kubernetes.io/fastcgi-index: "index.php"
    nginx.ingress.kubernetes.io/fastcgi-params-configmap: ...

Nevertheless, you still have the issue that the ingress controller enables fastcgi for every path and you cannot serve static files anymore.