wordpress site behand load balancer not loading - wordpress

I have a WordPress site that is not loading after passing it through https. The site is hosted in AWS and is behind the load balancer. The domain of the site is registered under an external registerer.
I also have other sites in which the domain is registered with AWS and they are behind the load balancer as well and they load perfectly on https. I am not sure why this one is not loading, the load balancer health check status indicated that it is healthy.
This is what I have on my wp-config.php file
define('WP_HOME','domain.com');
define('WP_SITEURL','domain.com');
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

I believe that you have set the SSL cert for the load balancer. I guess that you are sending the SSL traffic to the ec2 instances. If you send the SSL traffic to the ec2 instances, the instances should have the SSL certificate and decrypt the incoming traffic.
Alternatively, You can choose to terminate the SSL at the load balancer and send the decrypted traffic to the instances.
if you look at the screenshot taken of the ec2 classic load balancer console below, SSL traffic is sent to the instance via port 80.

I pass the ns records to my external domain registerer to add it on the the dns record, then I try again and it pickup.

Related

DigitalOcean Load Balancer and Nginx droplet returns 503

I have a load balancer set with the following forwarding rule
HTTPS:443 -> HTTPS:443 with a certificate I am not using Passthrough
forwarding rules and health checks
this load balancer has two droplets with Nginx setup with an SSL certificate when I try to access the domain name I get a 503 service Unavailable although it was working fine before the Load balancer
Am I missing something here ?

Trouble getting SSL encryption to work with load balance (HTTPS redirect problem)

I have a question regarding SSL encryption for streaming server.
I have a load balancer connected to main panel and both have SSL certs installed properly. However, when the stream is hosted in load balancer, the main panel redirects requests to Load balancer's protected stream link using a simple temporary token over HTTP, and I want encrypted credentials to be sent over HTTPS. I have tried using a redirect to HTTPS, but a sniffer shows that the HTTP header contains the streaming credentials in clear text, when I want them encrypted.
I don't have access to the streaming server and the files are encrypted, so I can't edit the server configs to force the HTTPS redirect. However, through the admin panel, I can add the domain of load balancer, so, for example, if my domain is Server.com, the main panel redirects to the load balancer using this format:
http://server.com?token=djnsjkdnjsnas.
Is there any way to write the domain name in a way, such as https://server.com, that will result in a redirect URL something like something like http://https://server.com, while ignoring the HTTP header and using HTTPS instead?
BTW, the streaming server is xtream iu, or the upgraded version of xtream codes.
To force https on the load balancer you need to send a simple command to your mysql database, via terminal,by default, xtream codes will use http, login to your mysql via putty then type in "UPDATE xtream_iptvpro.settings SET use_https='["1"]' WHERE id='1';" or you can apply the same update via phpMiniAdmin if your xtream build supports it, this will force https in the m3u playlist, add the id number of your load balancer to apply the changes. I used 1 as an example it wont be 1 that will be your main server so adjust accordingly. Also the ssl certs on both the main and load balancers will need to match the root domain, if you install individual ssl certs for each domain it will fail and wont stream. So you will need to use a multi ssl cert. Some will cover up to 100 domains on the same cert.

How to AWS Route Load Balancer from HTTP to HTTPS for TOMCAT Server

I have JAVA REST API Web Server on Tomcat Server which is running on port 8080 in the AWS EC2 instance.
And There is a Classic Load Balancer to manage all traffic for this instance. So before, ELB was on the HTTP and after sometimes, it was routed from HTTPS(443: ELB Port) to HTTP(8080: Instance Port) on the Listeners of the ELB.
And I added inbound rule in the security groups of ELB for HTTPS(443).
Elastic Load Balancer Image
Security Group of Elastic Load Balancer
When I call HTTP request, response is received but when I call HTTPS, it says Could not get any response.
And I added some Web UI to check, that shows for both the HTTP and HTTPS Request but https shows like line-through(HTML type) the https and Not Secure in the URL Address Bar.
check if 443 port is open for the ELB. Go to Security Groups on EC2 console and ensure the ELB security group has port 443 open.
open HTTPS 443 port on EC2 security group
Check if you have a rule set in Ec2 security group which allows inbound traffic on port 443 and port 80 from source ELB security group. If you do not have such rule try adding one and then check again.
I have opened the ports - 80and443 on both the ELB and EC2 sides. Now it is working.

Mixed content issue in using Application Load Balancer (ALB) in AWS

I have an ASP.Net web application hosted on IIS. The web application (an Umbraco site) is configured to have an HTTP binding in IIS and an SSL certificate is bound to an Application Load Balancer (ALB) in AWS which is used to manage user requests via HTTPS. This means that when a user requests a resource the ALB redirects any HTTP traffic to HTTPS and then forwards the requests to IIS via the port 80 (internal traffic within the VPC).
For most resources this is absolutely fine but there are a handfull of resources (fonts and images) which seem to be requested over HTTP which causes a mixed content warning in the browser. I have tried HTTP -> HTTPS rewrite rules in IIS and outbound rules to rewrite the response but this does not seem to resolve the issue.
Can anyone help?
The solution to the problem was this to run the the web-app locally as HTTPS rather than HTTP and update the load balancer to forward requests to the web-server on port 443 rather than port 80.
To do so
Create a development SSL certificate on IIS. Rather than creating a self-signed certificate I used this project (https://github.com/FiloSottile/mkcert) to do so that the certificate was tusted
In AWS update the target group that the ALB listener used to forward requests to the IIS server on port 443 rather than port 80.

Failed redirect from naked domain on SSL

I have recently installed SSL on my AWS hosted wordpress site and my named domain is no longer working.
https:// example.com, https:// www.example.com, www.example.com are all working as expected.
example.com is not working. example.com throws a connection refused error.
The Setup:
Wordpress hosting is on a single AWS EC2 installed off the bitnami AMI. EC2 sits behind a classic load balancer.
SSL certificate is managed on AWS certificate manager and was issued to *.example.com, example.com and www.example.com
DNS uses route 53: www.doamin.com and domain.com have A records that point to the same load balancer alias
.htacces has been modified with RewriteRule ^(.*)$ https://example.com/$1 [R,L]
What do I do to get this working?
HTTPS does work, so the issue is not DNS. You mention a load balancer. The Connection Refused error indicates that your request is not making it to the load balancer or being accepted by the load balancer.
Check your security groups for the load balancer and ensure port 80 inbound is allowed.
Check your load balancer has a listener on port 80.
If you have modified the NACL's (Network Access Control Lists) on the public subnets of the loadbalancer, then you will need to allow 80 inbound and everything outbound. The default NACL rules already allow this.
As an aside, I note that you are terminating SSL on the load balancer (because you are using an ACM cert). Depending on your configuration, this may mean that you are forwarding requests to your web server unencrypted on port 80. If so then your re-write rules will not correctly detect the use of HTTPS. AWS has some documentation explaining this in more detail.

Resources