How to Deploy WordPress Behind a Reverse Proxy on cPanel/Apache
Introduction
Running WordPress behind a reverse proxy is a common requirement when your website sits behind an SSL-enabled domain or when you want to control requests before they hit your WordPress instance. This setup ensures security, flexibility, and proper handling of forwarded headers like HTTPS.
In this guide, we’ll walk through setting up WordPress in a proxy environment under cPanel with Apache as the reverse proxy.
Prerequisites:
1. A cPanel hosting account with SSH access.
2. Apache installed with mod_ssl, mod_rewrite, and mod_proxy enabled.
3. A valid SSL certificate issued for your domain (e.g., via Let’s Encrypt).
Step 1:
For most cPanel accounts, the project web root is located under:
| $ cd /home2/example.com/public_html/test/userguide |
Step 2:
Fetch the latest version of WordPress:
| $ wget https://wordpress.org/latest.tar.gz |
Step 3:
Extract WordPress
| $ tar -xzvf latest.tar.gz |
Step 4:
Move the extracted files into your project directory and clean up:
| $ mv wordpress/* /home2/example.com/public_html/test/userguide/ $ rm -rf wordpress latest.tar.gz |
Step 5:
Edit the wp-config.php file and set your database credentials:
| define(‘DB_NAME’, ‘example_database’); define(‘DB_USER’, ‘example_wpuser’); define(‘DB_PASSWORD’, ‘example@123’); define(‘DB_HOST’, ‘localhost’); |
Then, add the site URLs and configure proxy handling:
| define(‘WP_HOME’, ‘https://example.com/test/user-guide’); define(‘WP_SITEURL’, ‘https://example.com/test/user-guide’); // Handle forwarded HTTPS header from reverse proxy if (isset($_SERVER[‘HTTP_X_FORWARDED_PROTO’]) && $_SERVER[‘HTTP_X_FORWARDED_PROTO’] === ‘https’) { $_SERVER[‘HTTPS’] = ‘on’; } |
Step 6:
Assign the correct ownership to your WordPress directory:
| $ chown -R testownership:testownership /home2/example.com/public_html/test/userguide/ |
Step 7:
Edit your Apache SSL configuration file:
| $ vi /etc/apache2/sites-available/exampletest.com-le-ssl.conf |
Inside your <virtualHost> block, add:
| RequestHeader set X-Forwarded-Proto “https” RequestHeader set X-Forwarded-Port “443” Redirect non-slash to slash RewriteEngine On RewriteRule ^/test/user-guide$ /test/user-guide/ [R=301,L] RequestHeader set Host “example.com” ProxyPass “http://example.com/workforce/user-guide/” ProxyPassReverse “http://example.com/workforce/user-guide/” |
Step 8:
Run the following to check for syntax errors:
| $ apachectl -t |
Step 9:
Apply your changes by restarting Apache
| $ systemctl restart apache2 |
