Title: REST API errors
Last modified: November 27, 2020

---

# REST API errors

 *  [lucker](https://wordpress.org/support/users/lucker/)
 * (@lucker)
 * [5 years, 6 months ago](https://wordpress.org/support/topic/rest-api-errors-3/)
 * Hello there,
 * I use single site WP FEMP setup behind nginx proxy, which terminates https requests(
   also 301 redirect all requests to https) and passing them to another nginx servers(
   in freebsd jails). In jails I have only local IPs (10.0.0.2, etc) and connections
   from external IP redirected with pf firewall to proxy (which distribute them 
   to different services, including the WP installation). All usually works smoothly
   without any problem. Except the REST API.
 * I noticed quite long time ago that Site Health Status reports two problems, both
   related to loopback requests, though quite non-specific:
    1. 1. The REST API encountered an error: The REST API request failed due to an 
       error.
        Error: Connection refused (http_request_failed) 2. Your site could not
       complete a loopback request: The loopback request to your site failed, this 
       means features relying on them are not currently working as expected. Error:
       Connection refused (http_request_failed)
 * Since I do not use scheduling for posts (at least at the moment) it didn’t bother
   me much. Alas, the problem comes from the further astonishing WP development.
   After updates of WP and plugins (I do the chores once in couple of months) some
   plugins refused to work, namely “Redirection”, “Yoast SEO” to index content, 
   etc.
 * My fingers grew really tired while searching info to mitigate the issue. A lot
   of try and error, but eventually I managed to pin down the problem to some extent.
   If I specify the domain of the WP website in hosts file, like `10.0.0.3 example.
   com`, where the IP is for nginx proxy, Site Health Status stops to complain. 
   But other issues appear:
    1.  1. in Site Health Status the warning: A scheduled event has failed. The scheduled
       event, action_scheduler_run_queue, failed to run
        2. in Site Health Status the
       warning: The REST API did not behave correctly. The REST API did not process
       the `context` query parameter correctly 3. XSS cookies, I suppose due to the
       difference of the hosts (proxy and WP)
 * I can mitigate such by disabling all advanced security setup in naxsi, but that
   against my vision. Also I could live without scheduling, at least for a while
   till the further progressive development render this a real problem.
 * If I specify tor the localhosts the IP of the WP installation, which probably
   is intended to work this way, the REST API still doesn’t work, though I easily
   access website from curl from inside the jail.
 * The wp-cli works except the cron command. In `wp-config.php` I have besides other
   staff the following:
 *     ```
       if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false && $_SERVER['REMOTE_ADDR'] != '10.0.0.3')
       	$_SERVER['HTTPS']='on';
       // Code for showing correct client IP address
       if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) { 
          $mte_xffaddrs = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] ); 
          $_SERVER['REMOTE_ADDR'] = $mte_xffaddrs[0]; 
       }
       define('FORCE_SSL_ADMIN', true);
       ```
   
 * The nginx configs are rather long, but comply with codex and I would post them
   if needed.
 * My wild guess is that REST API make request to WP with https, but I don’t know
   how to proof or exclude this, since I have almost no knowledge of PHP and where
   to look for.
 * I have a strong feeling, that I miss something very obvious, which prevent the
   REST API to work as expected. But I have exhausted all ideas and feel like I 
   am about to jeopardies security eventually.
 * Could you please point me to the right direction? I am banging my head against
   the wall…
    -  This topic was modified 5 years, 6 months ago by [lucker](https://wordpress.org/support/users/lucker/).

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Moderator [t-p](https://wordpress.org/support/users/t-p/)
 * (@t-p)
 * [5 years, 6 months ago](https://wordpress.org/support/topic/rest-api-errors-3/#post-13718941)
 * > Status reports two problems, both related to loopback requests, though quite
   > non-specific
 * Contact your hosting provider support and ask them why loopback is failing.
 *  Thread Starter [lucker](https://wordpress.org/support/users/lucker/)
 * (@lucker)
 * [5 years, 6 months ago](https://wordpress.org/support/topic/rest-api-errors-3/#post-13719795)
 * [@t-p](https://wordpress.org/support/users/t-p/) Thank you for the suggestion.
   Long before I decided to ask for support here I was chasing this ghost for nothing.
   You might see how misleading this messages are and why I called them ‘non-specific’.
 * The loopback works, WP can’t communicate with it. Please take a look at the line`
   < Location: https://mydomain.com/wp-json/wp/v2/plugins` – it seems like the WP
   asks for `https`
 *     ```
       # jexec myjail curl -vv localhost/wp-json/wp/v2/plugins
       *   Trying 10.0.0.3:80...
       * Connected to localhost (10.0.0.3) port 80 (#0)
       > GET /wp-json/wp/v2/plugins HTTP/1.1
       > Host: localhost
       > User-Agent: curl/7.72.0
       > Accept: */*
       >
       * Mark bundle as not supporting multiuse
       < HTTP/1.1 301 Moved Permanently
       < Server: nginx
       < Date: Sat, 28 Nov 2020 11:53:02 GMT
       < Content-Type: text/html; charset=UTF-8
       < Transfer-Encoding: chunked
       < Connection: keep-alive
       < Location: https://mydomain.com/wp-json/wp/v2/plugins
       < Last-Modified: Sat, 28 Nov 2020 11:27:02 GMT
       < Expires: Sat, 28 Nov 2020 12:27:02 GMT
       < Pragma: public
       < Cache-Control: max-age=2040, public
       < ETag: "d41d8cd98f00b204e9800998ecf8427e"
       < Cache-Control: public
       < X-Frame-Options: SAMEORIGIN
       < Strict-Transport-Security: max-age=31536000; preload
       < X-XSS-Protection: 1; mode=block
       < X-Content-Type-Options: nosniff
       < Referrer-Policy: no-referrer-when-downgrade
       ...
       * Connection #0 to host localhost left intact
       ```
   
 * The more curious thing is that the same WP installation on the **identical** 
   FEMP setup (except the nginx proxy has no server block to redirect `http` to `
   https`) on local virtual machine gives slightly different response. Instead of`
   < Location: https://mydomain.com/wp-json/wp/v2/plugins` it has `< Link: <http://
   mydomain.com/wp-json/>; rel="https://api.w.org/"` and definitely communicates
   with REST API since it denied authorisation.
 *     ```
        # jexec myjail curl -vv localhost/wp-json/wp/v2/plugins
       *   Trying 10.0.0.3:80...
       * Connected to localhost (10.0.0.3) port 80 (#0)
       > GET /wp-json/wp/v2/plugins HTTP/1.1
       > Host: localhost
       > User-Agent: curl/7.72.0
       > Accept: */*
       >
       * Mark bundle as not supporting multiuse
       < HTTP/1.1 401 Unauthorized
       < Server: nginx
       < Date: Sat, 28 Nov 2020 11:33:58 GMT
       < Content-Type: application/json; charset=UTF-8
       < Transfer-Encoding: chunked
       < Connection: keep-alive
       < X-Robots-Tag: noindex
       < Link: <http://mydomain.com/wp-json/>; rel="https://api.w.org/"
       < X-Content-Type-Options: nosniff
       < Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages, Link
       < Access-Control-Allow-Headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
       < Vary: Origin
       <
       * Connection #0 to host localhost left intact
       {"code":"rest_cannot_view_plugins","message":"\u041a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e, \u0432\u044b \u043d\u0435 \u0438\u043c\u0435\u0435\u0442\u0435 \u043f\u0440\u0430\u0432\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043f\u043b\u0430\u0433\u0438\u043d\u0430\u043c\u0438 \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0441\u0430\u0439\u0442\u0430.","data":{"status":401}}
       ```
   
 * So, here I have stuck. It’s either the WP mistakenly asks for `https` from localhost,
   or the backend nginx somehow passes to the php-fpm protocol and insists on using
   it.
 * Any idea where to dig further?
    -  This reply was modified 5 years, 6 months ago by [lucker](https://wordpress.org/support/users/lucker/).
      Reason: Spelling
 *  Thread Starter [lucker](https://wordpress.org/support/users/lucker/)
 * (@lucker)
 * [5 years, 6 months ago](https://wordpress.org/support/topic/rest-api-errors-3/#post-13719973)
 * Just in case post the configs.
 * `wp-config.php`
 *     ```
       <?php
       /** Enable W3 Total Cache */
       define('WP_CACHE', true); // Added by W3 Total Cache
       /* Turn HTTPS 'on' if HTTP_X_FORWARDED_PROTO matches 'https' */
       if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
       	$_SERVER['HTTPS']='on';
       // Code for showing correct client IP address
       if ( isset( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) { 
          $mte_xffaddrs = explode( ',', $_SERVER['HTTP_X_FORWARDED_FOR'] ); 
          $_SERVER['REMOTE_ADDR'] = $mte_xffaddrs[0]; 
       }
   
       define('FORCE_SSL_ADMIN', true);
       define('FORCE_SSL_LOGIN', true);
   
       define('WP_FAIL2BAN_PROXIES','10.0.0.1');
       include __DIR__.'/wp-content/plugins/wp-fail2ban/lib/constants.php';
       define('WP_FAIL2BAN_LOG_SPAM', true);
       define('WP_FAIL2BAN_PLUGIN_LOG_SPAM', true);
       define('WP_FAIL2BAN_BLOCK_USER_ENUMERATION', true);
       define('WP_FAIL2BAN_LOG_PASSWORD_REQUEST', true);
       define('WP_FAIL2BAN_PLUGIN_LOG_XMLRPC', true);
       define('WP_FAIL2BAN_PLUGIN_LOG_REST', true);
       define('WP_FAIL2BAN_LOG_PINGBACKS', true);
       define('WP_FAIL2BAN_COMMENT_LOG', LOG_LOCAL7);
       define('WP_FAIL2BAN_LOG_COMMENTS', true);
       define('WP_FAIL2BAN_COMMENT_EXTRA_LOG', LOG_LOCAL7);
       define('WP_FAIL2BAN_LOG_COMMENTS_EXTRA', WPF2B_EVENT_COMMENT_NOT_FOUND | WPF2B_EVENT_COMMENT_CLOSED | WPF2B_EVENT_COMMENT_TRASH | WPF2B_EVENT_COMMENT_DRAFT | WPF2B_EVENT_COMMENT_PASSWORD);
   
       define('DB_NAME', 'mysite_202010');
       define('DB_USER', 'user');
       define('DB_PASSWORD', 'pAs$woRt');
       define('DB_HOST', '10.0.0.15');
       define('DB_CHARSET', 'utf8');
       define('DB_COLLATE', '');
       @ini_set( ‘upload_max_size’ , ’10MB’ );
       @ini_set( ‘post_max_size’, ’15MB’);
   
       define('WP_HOME','https://mysite.com');
       define('WP_SITEURL','https://mysite.com');
   
       define( 'WP_REDIS_CLIENT', 'pecl' );
       define( 'WP_REDIS_SCHEME', 'tcp' );
       define( 'WP_REDIS_HOST', '10.0.0.16' );
       define( 'WP_REDIS_PORT', '6379' );
       define( 'WP_REDIS_DATABASE', '0' );
   
       define('AUTH_KEY',         'dfhrdst');
       define('SECURE_AUTH_KEY',  'xtgdfbx');
       define('LOGGED_IN_KEY',    'xbcvbrftgbret');
       define('NONCE_KEY',        'rthergtbgfbd');
       define('AUTH_SALT',        'xcfbgxfthdrt');
       define('SECURE_AUTH_SALT', 'mjutyurtghn');
       define('LOGGED_IN_SALT',   'nyhyujmghn');
       define('NONCE_SALT',       'gfbnrtyghjtry');
   
       $table_prefix  = 'wp_';
   
       define('WPLANG', 'ru_RU');
       define('WP_MEMORY_LIMIT', '128M');
       define( 'AUTOMATIC_UPDATER_DISABLED', true );
   
       define( 'DISALLOW_FILE_EDIT', true );
       define('WP_DEBUG', false);
   
       if ( ! defined( 'ABSPATH' ) ) {
       	define( 'ABSPATH', __DIR__ . '/' );
       }
   
       require_once(ABSPATH . 'wp-settings.php');
   
       if ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) && $_SERVER["REMOTE_ADDR"] == "10.10.0.1")  {     $forwardip = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);     $_SERVER['REMOTE_ADDR'] = $forwardip[0];}
       ```
   
 * `nginx-proxy.conf`
 *     ```
       user                	www;
       worker_processes    	auto;
       worker_rlimit_nofile  	1024;
       pcre_jit            	on;     # Offers a performance boost to regular expression processing
       worker_priority     	10;	
       error_log           	/var/log/nginx/error.nc.log warn;
       events  {
       worker_connections	1024;
       use 			kqueue; # No epoll on FreeBSD
                   }
       http    {
       client_body_timeout		5s; # maximum time between packets the client can pause when sending nginx any data
       client_header_timeout		5s; # maximum time the client has to send the entire header to nginx
       #keepalive_timeout		75s; # timeout which a single keep-alive client connection will stay open
       keepalive_timeout     300 300;
       send_timeout			15s; # maximum time between packets nginx is allowed to pause when sending the client data
   
       ## General Options
       aio				on;  # asynchronous file I/O, fast with ZFS, make sure sendfile=off
       charset				utf-8; # adds the line "Content-Type" into response-header, same as "source_charset"
       default_type			application/octet-stream;
       gzip_proxied			any;  # allows compressed responses for any request even from proxies
       gzip_vary               	on;  # send response header "Vary: Accept-Encoding"
       ignore_invalid_headers  	on;
       include                 	mime.types;
       keepalive_disable       	none; # allow all browsers to use keepalive connections
       keepalive_requests      	50;  # number of requests per connection, does not affect SPDY
       max_ranges              	0;   # disabled to stop range header DoS attacks as resumed downloads are denied
       msie_padding            	off;
       output_buffers          	1 512;
       postpone_output         	1460;   # postpone sends to match our machine's MSS
       proxy_headers_hash_bucket_size  128;
       proxy_headers_hash_max_size	1024;
       read_ahead              	512K;   # kernel read head set to the output_buffers
       recursive_error_pages   	on;
       reset_timedout_connection	on;  # reset timed out connections freeing ram
       sendfile                	off;  # on for decent direct disk I/O
       server_tokens           	off; # version number in error pages
       server_name_in_redirect 	off; # if off, nginx will use the requested Host header
       source_charset          	utf-8; # same value as "charset"
       tcp_nodelay             	on; # Nagle buffering algorithm, used for keepalive only
       tcp_nopush              	on; #highly recommend testing your server with this option enabled
   
       ## Log Format
       log_format      	main    '$remote_addr - $remote_user [$time_local] "$request" '
       					'$status $body_bytes_sent "$http_referer" '
       					'"$http_user_agent" "$http_x_forwarded_for"';
       access_log			/var/log/nginx/access.log  main buffer=32k;
   
       proxy_http_version		1.1;
       proxy_connect_timeout      900;
       proxy_send_timeout         900;
       proxy_read_timeout         900;
       proxy_intercept_errors     on;
       proxy_buffering    			off;
   
       set_real_ip_from  10.0.0.1;
       real_ip_header    X-Forwarded-For;
       limit_req_zone  $binary_remote_addr  zone=gulag:10m   rate=1250r/m;
   
       add_header  Cache-Control "public";
       add_header  X-Frame-Options SAMEORIGIN always;
       listen      10.0.0.1:80;
       limit_req   zone=gulag  burst=500 nodelay;
       server_name             mysite.com www.mysite.com;
   
       client_max_body_size 5M;
   
       proxy_cache			off;
       proxy_redirect		off;
   
       location / {
                   return 301 https://$host$request_uri;
                   }
       }
   
       server  	{
           add_header         Cache-Control "public";
           add_header         X-Frame-Options SAMEORIGIN always;
           limit_req          zone=gulag  burst=500 nodelay;
           listen             10.0.0.1:443 default_server ssl http2 sndbuf=512k reuseport accept_filter=dataready;
           server_name        mysite.com www.mysite.com;
   
       access_log  /var/log/nginx/access.mysitecom.log  main buffer=32k;
       error_log  /var/log/nginx/error.mysitecom.log  warn;
   
       proxy_buffering             off;
       proxy_request_buffering     off;
       proxy_redirect          	off;
           proxy_set_header   Host             $host;
           proxy_set_header   X-Real-IP        $remote_addr;
           proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
   
       proxy_set_header        X-Forwarded-Port    $server_port;
       proxy_set_header        X-Forwarded-Proto   $scheme;
   
       ssl_certificate			/usr/local/acme/mysitecom/rsa-certs/fullchain.pem;
       ssl_certificate_key		/usr/local/acme/mysitecom/rsa-certs/privkey.pem;
       ssl_trusted_certificate	/usr/local/acme/mysitecom/rsa-certs/chain.pem;
       ssl_certificate			/usr/local/acme/mysitecom/ecc-certs/fullchain.pem;
       ssl_certificate_key		/usr/local/acme/mysitecom/ecc-certs/privkey.pem;
       ssl_dhparam				/etc/ssl/certs/dhparam.pem;
       ssl_session_timeout			1d;
       ssl_session_cache			shared:le_nginx_SSL:10m;
       ssl_prefer_server_ciphers		off;  # off for TLSv1.3 so clients assumed cipher is used, save one(1) round trip 
       ssl_session_tickets			on;  # off for Perfect Forward Secrecy (PFS)
       ssl_buffer_size				128k;
       ssl_protocols				TLSv1.3 TLSv1.2;
       ssl_ciphers				'TLS-AES-128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384';
       ssl_ecdh_curve				secp521r1:secp384r1;
       ssl_stapling				on;
       resolver 9.9.9.9 8.8.8.8 valid=30s;
       resolver_timeout 5s;
   
           proxy_set_header        Early-Data $ssl_early_data;
   
           location / {
                       proxy_pass          http://10.0.0.3:80;
                       http2_push_preload  on;
                       }
       }
       ```
   
 * `nginx-backend.conf`
 *     ```
       user                  www;
       worker_processes      auto;
       worker_priority       15;    # renice workers to reduce priority compared to system processes for
                                   # machine health. worst case nginx will get ~25% system resources at nice=15
       worker_rlimit_nofile  1024; # maximum number of open files                            
       pcre_jit              on;
       load_module /usr/local/libexec/nginx/ngx_http_naxsi_module.so;
       events {
           use kqueue; # No epoll on FreeBSD
           worker_connections  1024;
       }
   
       http {
       include /usr/local/etc/nginx/naxsi_core.rules;
         client_body_timeout      10s; # maximum time between packets the client can pause when sending nginx any data
         client_header_timeout    10s; # maximum time the client has to send the entire header to nginx
         keepalive_timeout       75s; # timeout which a single keep-alive client connection will stay open
         send_timeout            15s; # maximum time between packets nginx is allowed to pause when sending the client data
       ## General Options
       aio                     on;	# asynchronous file I/O, fast with ZFS, make sure sendfile=off
       charset                 utf-8; # adds the line "Content-Type" into response-header, same as "source_charset"
       default_type            application/octet-stream;
       gzip_static             on;  # precompress content (gzip -1) with an external script
       gzip                    off; # disable on the fly gzip compression due to higher latency, only use gzip_static
       gzip_vary               on;  # send response header "Vary: Accept-Encoding"
       gzip_proxied            any;  # allows compressed responses for any request even from proxies
       include                 gzip_types;
       ignore_invalid_headers  on;
       include                 mime.types;
       keepalive_requests      50;  # number of requests per connection, does not affect SPDY
        keepalive_disable       none; # allow all browsers to use keepalive connections
       max_ranges              1;
       msie_padding            off;
       open_file_cache         max=1000 inactive=30d;
       open_file_cache_errors  on;
       open_file_cache_min_uses 1;
       open_file_cache_valid   1h;
       output_buffers          2 512k;  # 1MB for gigabit/sec outward bandwidth, 1 buffer for static content
       postpone_output         1460;   # postpone sends to match our machine's MSS
       read_ahead              512K;   # kernel read head set to the output_buffers
       recursive_error_pages     on;
       reset_timedout_connection on;  # reset timed out connections freeing ram
       sendfile                  off;  # on for decent direct disk I/O
       server_tokens             off; # version number in error pages
       server_name_in_redirect   off; # if off, nginx will use the requested Host header
       source_charset            utf-8; # same value as "charset"
       tcp_nodelay               on; # Nagle buffering algorithm, used for keepalive only
       tcp_nopush                on; #highly recommend testing your server with this option enabled
   
       set_real_ip_from  10.0.0.1;
       real_ip_header    X-Forwarded-For;
   
       limit_req_zone  $binary_remote_addr  zone=gulag:5m   rate=1000r/m;
   
           log_format				main  '$remote_addr - $remote_user [$time_local] "$request" '
       									'$status $body_bytes_sent "$http_referer" '
       									'"$http_user_agent" "$http_x_forwarded_for"';
       server {
       add_header  Cache-Control "public";
       add_header  X-Frame-Options SAMEORIGIN always;
       limit_req   zone=gulag burst=500 nodelay;
       listen       10.0.0.3:80 sndbuf=512k accept_filter=httpready;
       server_name  mysite.com www.mysite.com;
   
           include snippets/mysitecom-redirection-rewrite;
   
       location / {
           try_files $uri $uri/ /index.php$is_args$args;
       }
       location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|rar|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
           access_log off; log_not_found off; expires max;
       }
       location ~ \.php$ {
           fastcgi_param  QUERY_STRING       $query_string;
           fastcgi_param  REQUEST_METHOD     $request_method;
           fastcgi_param  CONTENT_TYPE       $content_type;
           fastcgi_param  CONTENT_LENGTH     $content_length;
   
           fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
           fastcgi_param  REQUEST_URI        $request_uri;
           fastcgi_param  DOCUMENT_URI       $document_uri;
           fastcgi_param  DOCUMENT_ROOT      $document_root;
           fastcgi_param  SERVER_PROTOCOL    $server_protocol;
           fastcgi_param  REQUEST_SCHEME     $scheme;
           fastcgi_param  HTTPS              $https if_not_empty;
   
           fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
           fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
   
           fastcgi_param  REMOTE_ADDR        $remote_addr;
           fastcgi_param  REMOTE_PORT        $remote_port;
           fastcgi_param  SERVER_ADDR        $server_addr;
           fastcgi_param  SERVER_PORT        $server_port;
           fastcgi_param  SERVER_NAME        $server_name;
   
           fastcgi_param  REDIRECT_STATUS    200;
   
           fastcgi_split_path_info ^(.+\.php)(/.+)$;
   
       try_files $fastcgi_script_name =404;
       set $path_info $fastcgi_path_info;
       fastcgi_param PATH_INFO $path_info;
       fastcgi_pass_header Authorization;
       fastcgi_param SCRIPT_FILENAME $request_filename;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_index index.php;
   
           fastcgi_pass unix:/var/run/php-fpm.sock;
       }
       location = /favicon.ico {
           log_not_found off;
           access_log off;
       }
       location = /robots.txt {
           allow all;
           log_not_found off;
           access_log off;
       }
           include /home/mysitecom/public_html/w3tc-nginx.conf;
   
       access_log  /var/log/nginx/access.mysitecom.log  main buffer=32k;
       error_log  /var/log/nginx/error.mysitecom.log warn;
   
       root   /home/mysitecom/public_html;
       index index.php index.html index.htm;
   
       add_header Link "</fonts/lora-v15-latin_cyrillic-700.woff2>; as=font; rel=preload; type=font/woff2; crossorigin";
       add_header Link "</wp-includes/js/jquery/jquery.js>; as=script; rel=preload; type=text/javascript";
   
       client_max_body_size    5M;
   
         error_page 404 /404.html;
         error_page   500 502 503 504  /50x.html;
       location = /50x.html {
           root   /usr/local/www/nginx-dist;
       }
         location = /nginx.conf {
         deny all;
         }
       }
       }
       ```
   
 *  Thread Starter [lucker](https://wordpress.org/support/users/lucker/)
 * (@lucker)
 * [5 years, 6 months ago](https://wordpress.org/support/topic/rest-api-errors-3/#post-13720300)
 * Seems like I found a proof, that the cause is in WP.
 * The same request but with additional header output shows that WP redirects the
   request to [https://mysite.com/](https://mysite.com/) instead of getting script
   from localhost:
 *     ```
       jexec myjail curl -i -vv localhost/wp-json/wp/v2/plugins
       *   Trying 10.0.0.3:80...
       * Connected to localhost (10.0.0.3) port 80 (#0)
       > GET /wp-json/wp/v2/plugins HTTP/1.1
       > Host: localhost
       > User-Agent: curl/7.72.0
       > Accept: */*
       >
       * Mark bundle as not supporting multiuse
       < HTTP/1.1 301 Moved Permanently
       HTTP/1.1 301 Moved Permanently
       < Server: nginx
       Server: nginx
       ...
       < X-Redirect-By: WordPress
       X-Redirect-By: WordPress
       < Location: https://mysite.com/wp-json/wp/v2/plugins
       Location: https://mysite.com/wp-json/wp/v2/plugins
       ...
       < Link: </fonts/lora-v15-latin_cyrillic-700.woff2>; as=font; rel=preload; type=font/woff2; crossorigin
       ...
       * Connection #0 to host localhost left intact
       ```
   
 * If I made request on the same installation, but for a file outside the WP, it
   works perfectly. The file contains `<?php var_export($_SERVER)?>` only.
 *     ```
       jexec myjail curl -vv localhost/test-vars.php
       *   Trying 10.0.0.3:80...
       * Connected to localhost (10.0.0.3) port 80 (#0)
       > GET /test-vars.php HTTP/1.1
       > Host: localhost
       > User-Agent: curl/7.72.0
       > Accept: */*
       >
       * Mark bundle as not supporting multiuse
       < HTTP/1.1 200 OK
       < Server: nginx
       < Date: Sat, 28 Nov 2020 15:09:51 GMT
       < Content-Type: text/html; charset=UTF-8
       < Transfer-Encoding: chunked
       < Connection: keep-alive
       < Vary: Accept-Encoding
       < Cache-Control: public
       < X-Frame-Options: SAMEORIGIN
       < Strict-Transport-Security: max-age=31536000; preload
       < X-XSS-Protection: 1; mode=block
       < X-Content-Type-Options: nosniff
       < Referrer-Policy: no-referrer-when-downgrade
       < Link: </fonts/lora-v15-latin_cyrillic-700.woff2>; as=font; rel=preload; type=font/woff2; crossorigin
       ...
       < Link: </wp-includes/js/jquery/jquery.js>; as=script; rel=preload; type=text/javascript
       <
       array (
         'HOME' => '/nonexistent',
         'USER' => 'www',
         'HTTP_ACCEPT' => '*/*',
         'HTTP_USER_AGENT' => 'curl/7.72.0',
         'HTTP_HOST' => 'localhost',
         'SCRIPT_FILENAME' => '/home/mysitecom/public_html/test-vars.php',
         'PATH_INFO' => '',
         'REDIRECT_STATUS' => '200',
         'SERVER_NAME' => 'mysite.com',
         'SERVER_PORT' => '80',
         'SERVER_ADDR' => '10.0.0.3',
         'REMOTE_PORT' => '36565',
         'REMOTE_ADDR' => '10.0.0.3',
         'SERVER_SOFTWARE' => 'nginx/1.18.0',
         'GATEWAY_INTERFACE' => 'CGI/1.1',
         'REQUEST_SCHEME' => 'http',
         'SERVER_PROTOCOL' => 'HTTP/1.1',
         'DOCUMENT_ROOT' => '/home/mysitecom/public_html',
         'DOCUMENT_URI' => '/test-vars.php',
         'REQUEST_URI' => '/test-vars.php',
         'SCRIPT_NAME' => '/test-vars.php',
         'CONTENT_LENGTH' => '',
         'CONTENT_TYPE' => '',
         'REQUEST_METHOD' => 'GET',
         'QUERY_STRING' => '',
         'FCGI_ROLE' => 'RESPONDER',
         'PHP_SELF' => '/test-vars.php',
         'REQUEST_TIME_FLOAT' => 1606576191.918095,
         'REQUEST_TIME' => 1606576191,
       * Connection #0 to host localhost left intact
       ```
   
 * So, the main question for now is why the WP redirects requests to REST API from
   localhost? From outside it works as expected.
    -  This reply was modified 5 years, 6 months ago by [lucker](https://wordpress.org/support/users/lucker/).

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘REST API errors’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 4 replies
 * 2 participants
 * Last reply from: [lucker](https://wordpress.org/support/users/lucker/)
 * Last activity: [5 years, 6 months ago](https://wordpress.org/support/topic/rest-api-errors-3/#post-13720300)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics