I'm an amateur here. So my blog set up is:
Root site on one droplet: example.com, SSL via Let's Encrypt
Ghost blog hosted as subdirectory, i.e. example.com/blog, on a separate droplet
On main server's Nginx config, location /blog/ is directed the blog server's IP and port 2368 via proxy pass
It was working for quite a while until it is not đ
Somehow the Ghost config file corrupted (completely emptied), and Ghost could not run. As it was still on Ghost 3, so decided to do a clean migration on a new one-click droplet with Ghost 5.
I had all posts exported before and Ghost/content/images all backed up.
The new site imported content seems fine. But I could not get the HTTPS working. The root site is on HTTPS and loads the blog page fine, but all posts are requesting images via http - which won't work and gives Mixed Content error. Something like:
Mixed Content: The page at 'https://www.example.com/blog/post-title/' was loaded over HTTPS, but requested an insecure image 'http://www.example.com/blog/content/images/size/route-to-image.jpg'. This request has been blocked; the content must be served over HTTPS.
Any idea? I also noticed that after migration I have to proxy pass to just the IP rather than IP + port 2368 to actually make the site work.
I have tried Ghost setup SSL but it gave errors.
In Ghost admin panel, all images show up fine even it's still requesting via http.
Related
I have a RaspberryPi running Wordpress on my internal home network (DietPi, lighttpd). I can access WordPress at home by typing http://192.168.1.2/wordpress on my browser.
I have a domain name e.g. example.com, my DNS redirects that to my home router. I have another RaspberryPi running Nginx Proxy Manager. This manages my Letsencrypt SSL certificates and should allow me to access the Wordpress site outside my network.
I get a 404 error. I changed the SITE URL to example.com (using http://192.168.1.2/wordpress/wp-admin/options-general.php). Still no joy. I tried copying index.php to the /var/www. Still no joy. I followed this guide, and it does not work https://wordpress.org/support/article/changing-the-site-url/.
I revert to http://192.168.1.2/wordpress, and things work. What and I doing wrong?
I'm suppsed to move to docker (docker-compose) a wordpress site that already works "correctly" in cPanel. I say "correctly" as the "site url" and "wordpress site url" both report http:// rather that https.
In the cPanel setup you can visit http or https and any internal link to js and css use https. After moving to docker behind traefik load balancer I get the page with all links using http. That clearly breaks security and the site is unusable.
What's the mechanism used to build up the links to assets? does it use some variables that can be set differently? My docker has apache and I'm using the same .htaccess (at least I'm using what is in the cPanel's backup...).
If I force to https, /wp-admin becomes unreachable... Currently traefik serves correclty resources requested using both http and https.
EDIT: adding
$_SERVER['HTTPS']='on';
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);
does turn most internal links to https, but /wp-admin becomes unreachable ("you're not allowed to visit thie page"). As an example it loads /wp-includes/js/jquery/jquery.js via http.
Why the
Any hint is appreciated...
I use ngrok for tunnelling to my localhost, and the only way I could successfully run my environment over proxied https is by converting wordpress permalink url's to relative urls using...
https://wordpress.org/plugins/relative-url/
The plugin is 2 years out of date but still does the job fine and allows my tunnelling to my localhost to run over https. Handy for localhost https endpoint access (without force define home/urls in wp-config.php)
I solved it rearranging the order of the settings in wp-config.php.
wp-configi.php is not just a configuration file as the name suggests. You need to set _SERVER['HTTP'] before the last line:
$_SERVER["HTTPS"] = "on";
require_once(ABSPATH . 'wp-settings.php');
(thanks to my friend Dario for the help).
I am running a WordPress site on Ubuntu VM as a reverse proxy (URL rewrite) behind an internet-facing IIS windows server. The site works fine with HTTP. No issues.
However, been having a few issues with HTTPS / SSL configuration. The SSL certificate is attached to the domain name on IIS on the internet-facing windows server while the site is served by Linux VM.
After changing it to https, if I change the site URL in WordPress settings page to https from HTTP, the site does not work and I get a âtoo many redirectsâ or âpage not redirecting properlyâ error (in the browser if you open developer tools, you can see the site reloading and looping but no output on screen).
If I leave the siteurl in settings as HTTP domain(dot)com, site loads and PHP works but no scripts or JS files are loaded by the browser, and the error is âBlocked loading mixed active content by firefox HTTP domain(dot)com/some/script/CSSâ because the siteurl is still HTTP and not https.
I have also tried to change the site URL for specific files in .htaccess and wp-config file and functions page and get different errors.
It is most likely due to termination of SSL. WorldPress doesn't handle proxies all that well. So you may need to add a bit of code to wp-config file.
Open file and find:
define('WP_DEBUG', false);
Add:
if ( $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' )
{
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = 443;
}
You have to run WordPress on that Ubuntu VM under HTTPS, in order to break from endless HTTP->HTTPS redirection.
Currently WordPress decides to redirect, because it detects that only HTTP requests are coming,
Browser ---HTTPS--> IIS ARR ---HTTP--> WordPress
It only stops redirection if you get
Browser ---HTTPS--> IIS ARR ---HTTPS--> WordPress
Used Dreamhostâs free Letâs Encrypt on my website. Now when I try to reach my Wordpress site I receive, Page not working - redirected you too many times. Domain and site are hosted on Dreamhost.
I used Letâs encrypt on my root domain on an empty Wordpress site and it worked. I made a subdomain off the main one, built out the content on the Wordpress site then tried to encrypt it and thatâs when I canât access it.
This happens when the database URLs are being forced to use either WWW or non-WWW. And what the SSL does is add HTTPS and remove WWW, so it creates a loop.
https://help.dreamhost.com/hc/en-us/articles/360003304711-Changing-all-URLs-in-your-WordPress-database
I have created an instance of wordpress with open LiteSpeed cache in Digital Ocean droplets, it works fine if I have the IP configured in the Settings/General Site and Wordpress URL, but when I add my dns name, starts popping up 404 everywhere. The screen reads:
404
Not Found
The resource requested could not be found on this server!
Proudly powered by LiteSpeed Web Server
Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.
I believe the problem is in this LiteSpeed, which don't seem to be clever enough to figure that there is a new domain configured? Unfortunately restarting the LiteSpeed web server did not help...
Any ideas?
You have to access the OpenLiteSpeed Console, you can find the password for the console in the .litespeed_password file in the root's home directory on the server.
You also need to allow your IP address to be able to connect to the console, you can do this simply by executing ufw allow from <your_home_ip_address>.
Also documented here: https://docs.litespeedtech.com/Cloud/wordpress/#web-server-control-panel-access
When you're within the Console you can go to "Listeners", here you'll find two listeners, one named "Default" and one named "Defaultssl".
On each listener you have to modify the "Virtual Host Mappings" to use your domain under "Domains" - after this restart OpenLiteSpeed, and it should no longer return a 404 when you access the site via your domain.