I'm suppsed to move to docker (docker-compose) a wordpress site that already works "correctly" in cPanel. I say "correctly" as the "site url" and "wordpress site url" both report http:// rather that https.
In the cPanel setup you can visit http or https and any internal link to js and css use https. After moving to docker behind traefik load balancer I get the page with all links using http. That clearly breaks security and the site is unusable.
What's the mechanism used to build up the links to assets? does it use some variables that can be set differently? My docker has apache and I'm using the same .htaccess (at least I'm using what is in the cPanel's backup...).
If I force to https, /wp-admin becomes unreachable... Currently traefik serves correclty resources requested using both http and https.
EDIT: adding
$_SERVER['HTTPS']='on';
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);
does turn most internal links to https, but /wp-admin becomes unreachable ("you're not allowed to visit thie page"). As an example it loads /wp-includes/js/jquery/jquery.js via http.
Why the
Any hint is appreciated...
I use ngrok for tunnelling to my localhost, and the only way I could successfully run my environment over proxied https is by converting wordpress permalink url's to relative urls using...
https://wordpress.org/plugins/relative-url/
The plugin is 2 years out of date but still does the job fine and allows my tunnelling to my localhost to run over https. Handy for localhost https endpoint access (without force define home/urls in wp-config.php)
I solved it rearranging the order of the settings in wp-config.php.
wp-configi.php is not just a configuration file as the name suggests. You need to set _SERVER['HTTP'] before the last line:
$_SERVER["HTTPS"] = "on";
require_once(ABSPATH . 'wp-settings.php');
(thanks to my friend Dario for the help).
Related
I'm an amateur here. So my blog set up is:
Root site on one droplet: example.com, SSL via Let's Encrypt
Ghost blog hosted as subdirectory, i.e. example.com/blog, on a separate droplet
On main server's Nginx config, location /blog/ is directed the blog server's IP and port 2368 via proxy pass
It was working for quite a while until it is not đ
Somehow the Ghost config file corrupted (completely emptied), and Ghost could not run. As it was still on Ghost 3, so decided to do a clean migration on a new one-click droplet with Ghost 5.
I had all posts exported before and Ghost/content/images all backed up.
The new site imported content seems fine. But I could not get the HTTPS working. The root site is on HTTPS and loads the blog page fine, but all posts are requesting images via http - which won't work and gives Mixed Content error. Something like:
Mixed Content: The page at 'https://www.example.com/blog/post-title/' was loaded over HTTPS, but requested an insecure image 'http://www.example.com/blog/content/images/size/route-to-image.jpg'. This request has been blocked; the content must be served over HTTPS.
Any idea? I also noticed that after migration I have to proxy pass to just the IP rather than IP + port 2368 to actually make the site work.
I have tried Ghost setup SSL but it gave errors.
In Ghost admin panel, all images show up fine even it's still requesting via http.
I am running a WordPress site on Ubuntu VM as a reverse proxy (URL rewrite) behind an internet-facing IIS windows server. The site works fine with HTTP. No issues.
However, been having a few issues with HTTPS / SSL configuration. The SSL certificate is attached to the domain name on IIS on the internet-facing windows server while the site is served by Linux VM.
After changing it to https, if I change the site URL in WordPress settings page to https from HTTP, the site does not work and I get a âtoo many redirectsâ or âpage not redirecting properlyâ error (in the browser if you open developer tools, you can see the site reloading and looping but no output on screen).
If I leave the siteurl in settings as HTTP domain(dot)com, site loads and PHP works but no scripts or JS files are loaded by the browser, and the error is âBlocked loading mixed active content by firefox HTTP domain(dot)com/some/script/CSSâ because the siteurl is still HTTP and not https.
I have also tried to change the site URL for specific files in .htaccess and wp-config file and functions page and get different errors.
It is most likely due to termination of SSL. WorldPress doesn't handle proxies all that well. So you may need to add a bit of code to wp-config file.
Open file and find:
define('WP_DEBUG', false);
Add:
if ( $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' )
{
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = 443;
}
You have to run WordPress on that Ubuntu VM under HTTPS, in order to break from endless HTTP->HTTPS redirection.
Currently WordPress decides to redirect, because it detects that only HTTP requests are coming,
Browser ---HTTPS--> IIS ARR ---HTTP--> WordPress
It only stops redirection if you get
Browser ---HTTPS--> IIS ARR ---HTTPS--> WordPress
I've configured all my site to work over https.
https://bloginformatico.com
It's working but the assets are not loaded because are served over http.
Is there a way to change all assets to be served also over https?
Log in to http://bloginformatico.com/wp-admin/ , go to Settings â General and check if both your Site Address and Wordpress Address start with https:// (I don't think they do). Change and save this.
I have a VPS on which I serve my domain and where I have all the WordPress installation files. The domain is served with SSL over CloudFlare.
Problem is that the markup inside the installation files does not use https for stylesheets, JS files, etc. They are always served over http and Google or WordPress docs do not help with solving this issue. With this being said, the installation layout looks pretty ugly without any loaded stylesheet whatsoever, or JS functionality.
I certainly doubt that .htaccess rewrites would help with this.
How do you enforce WordPress installation over HTTPS?
(This is how the markup actually looks like, and see the URL in the address bar)
if your web server is running Nginx, you can easily redirect all of your HTTP traffic to HTTPS by adding the following code to your Nginx config file. This is the recommended method for redirecting WordPress running on Nginx.
server { listen 80;server_name domain.com www.domain.com;xamplereturn 301[https://ez.com$request_uri][1];}
I have an annoying issue with https on a wordpress website running on aws eb single instance.
I have the same website in a vps, https works fine, styles and css are served via https. Just to be sure (I've spent 2 days trying to figure out what's wrong) few minutes ago I deployed on eb a copy of the website - editing only the database settings.
So, the issue is that in eb if I go to https://mywebsite.com the page is "broken", styles and scripts are server through http.
In the vps if I go to https://mywebsite.com styles and scripts are https://mywebsite.com/styles/style.css, in eb styles and scripts are http://mywebsite.com/styles/style.css.
Why is this happening and how can I fix that?
I've tried edit the wp_options table and set siteurl and home to https://mywebsite.com (the same website in the vps has values set to http://mywebsite.com)
AWS Elasticbeanstalk single instance Force SSL Redirect loop
htaccess (to force https or to force only http) is simply ignored, I've tried so many solutions but no one worked. The only solution that works for me is a php redirect to http after checking if the server variable http_x_forwarded_server is set
I've read that all the https connections - in eb single instance - through port 443 are "proxied" to port 80 (that could be the problem?)
So, any solutions? I don't want to force https in the website, so I don't want to install plugins that forces https, I just want that the website doesn't broke when navigating the website through https
Just after adding the post, I've managed to solve this problem.
For future references, the solutions is to add this variable $_SERVER['HTTPS'] and set it to 'on'.
This is my code
if(isset($_SERVER['HTTP_X_FORWARDED_SERVER'])) {
$_SERVER['HTTPS'] = 'on';
}
You can add it to index.php, or as I did, in the header.php of your theme (in this case be aware that if you change theme that code will not executed)