I'm trying to deploy Wordpress behind Traefik on Azure, using a PersistentVolume backed by Azure Files. For the most part, it works. I could set up wordpress, configure it, access it externally, make content edits, etc.
The docker image is the official one up on Hub (https://hub.docker.com/_/wordpress). The only change I made is to tell the MYSQL client to use SSL, otherwise everything else is vanilla.
The strange part is that no images get served correctly. Apache thinks it serves them fine, but Traefik rejects the response as malformed. Specifically it receives 'bytes' instead of the response code and drops the connection, returning 500 back to the browser.
I've traced it back to the apache server itself and am stumped. Here's what I see - again, only for images.
This is run from inside the container sitting on AKS.
root@wordpress-7bd5ccfd77-drm96:/var/www/html# curl --http0.9 -iv --raw http://localhost:80/wp-includes/images/spinner.gif
* Trying ::1:80...
* Connected to localhost (::1) port 80 (#0)
> GET /wp-includes/images/spinner.gif HTTP/1.1
> Host: localhost
> User-Agent: curl/7.74.0
> Accept: */*
>
ges: bytes
Content-Length: 3656
Content-Type: image/gif
GIF89a...
As you can see, part of the HTTP response is truncated.
If I do the same thing but ask for page content, I don't have any issues.
root@wordpress-7bd5ccfd77-drm96:/var/www/html# curl --http0.9 -iv --raw http://localhost:80/
* Trying ::1:80...
* Connected to localhost (::1) port 80 (#0)
> GET / HTTP/1.1
> Host: localhost
> User-Agent: curl/7.74.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Mon, 17 Jan 2022 09:15:33 GMT
...
If I copy the same file out of the pod remotely, or via the Azure Files fileshare remotely, it comes through as expected, so it's not corrupted on the volume, or with how the volume is mounted.
kubectl cp it-scribe-wordpress/wordpress-794cbff687-ts6q9:/var/www/html/wp-includes/images/spinner.gif ./spinner.gif
tar: Removing leading `/' from member names
I get a perfectly useful spinner.gif.
AFAICT it only happens with images. Any thoughts would be much appreciated.
Ian
Edit: The reason I use --http0.9 is without it, curl fails early and doesn't let me see the response. The flag just affects curl's processing, not the request body. Here's an example without the flag.
root@wordpress-7bd5ccfd77-drm96:/var/www/html# curl -iv --raw http://localhost:80/wp-includes/images/spinner.gif
* Trying ::1:80...
* Connected to localhost (::1) port 80 (#0)
> GET /wp-includes/images/spinner.gif HTTP/1.1
> Host: localhost
> User-Agent: curl/7.74.0
> Accept: */*
>
* Received HTTP/0.9 when not allowed
* Closing connection 0
curl: (1) Received HTTP/0.9 when not allowed
I believe there is an issue with the interaction between Azure Files, the AKS CSI and Apache. I can only reproduce this behavior with Azure Files - other forms of volume mount (Disk, container files, NFS) all work as expected.
There is some evidence of other people that have hit this : https://github.com/Azure/AKS/issues/2614
I have worked around using an NFS mount.
The issue is likely not WordPress specific, more an issue with Apache and Azure Files.
The issue does not occur using NGINX. I'd suggest switching to NGINX and PHP-FPM.
Anyway, as the pods are connected to Azure Files over SMB, a quick google will show many people have the same issue with Apache and SMB.
A quick simple solution is to turn on EnableSendFile.
See - https://httpd.apache.org/docs/current/mod/core.html#EnableSendfile
You can do this by adding the following line to .htaccess, the main apache config or the vhost config.