Backend: "Bitnami WordPress with NGINX and SSL Stack for Google Cloud Platform" from marketplace.
I used this guide: https://www.am22tech.com/google-cloud-cdn-wordpress/
I ended up with a somewhat working system as follows:
My Domain ->(google managed cert)-> CDN + Load Balancer -> Instance Group ->(http)-> VM with bitnami stack.
All works well and seems very fast. The biggest gap in my understanding is how the VM can be told it needs to behave as if it's the original domain.
For example, in the nginx server config, any kind of reference to $host seems to return the VM's IP address or something like that.
Also, in wordpress, in a lot of places the domain is replaced by an IP address, even though the site URL and wordpress address show up correctly. This isn't a wordpress question though, as I'm quite sure there is a more general solution I'm missing to do perhaps with NGINX or the load balancer configuration. I think PHP detects the host and passed it along to wordpress but I'm not clear how.
I found a reference somewhere in the google documentation how to manually assign a domain to a VM but not sure that's what's needed here.
Further to this, I'm totally unclear how I would set up https between the vm and the load balancer, yet only have one domain/ip address for the global forward rule. Maybe a separate question.
Bitnami Engineer here. If you already have the domain, certificates and the Load Balancer in place, you will need to configure WordPress to use that domain name as default domain of the application. You will need to edit the wp-config.php file and configure these lines
define('WP_SITEURL', 'http://DOMAIN/');
define('WP_HOME', 'http://DOMAIN/');
More info: https://docs.bitnami.com/google/apps/wordpress-pro/administration/configure-domain/
In case you also want NGINX to redirect you your domain, no matter how you access your app's information, you can add this configuration line
return 301 https://DOMAIN$request_uri;
in the /opt/bitnami/nginx/conf/bitnami/bitnami.conf file
More info: https://docs.bitnami.com/google/apps/wordpress-pro/administration/force-https-nginx/
I had better luck having the load balancer talk to my VM with https. Once I got that working, I didn't have to make any changes to wp-config.php. In this case I didn't bother with varnish because I think it only supports http. I'm hoping google's CDN will be sufficient regarding caching, and I may try a helper plugin in wordpress.
To redirect http to https, I followed the bitnami instructions to set up to front ends to the load balancer pointing to the same static ip address, then in my nginx server blocks, I added a redirect line in the https block (not the http block), since the google load balancer communicates with my backend via https. Google sets the http_x_fowward_proto to http so I check that and redirect if necessary.
if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; }
The bitnami stack is amazing, everything seems extremely fast!
Related
My setup:
Bitnami Wordpress
GCP VM
GCP HTTPs Load Balancer
Load Balancer has http to https redirection, www to non-www redirection
Cloud CDN
Main Problem:
The VM's external IP (22.22.22.22) is indexed by Google Search. I'm unable to remove it from Google Search because it is not recognized as a property that belongs to me and the indexed page (http://22.22.22.22/home) is live. http://22.22.22.22/home is resolved to example.com which is a live page.
what I have checked
The domain name and Load Balancer's IP is properly resolved
No new mod_rewrite rules other than those from the default installation
The site does not have any reference to VM's external IP, including database
No cache plugins installed
Wordpress's site address and home address is pointing to http://example.com
what I have done to rectify
I've added 301 redirects which I'm not sure if that helps. It will take some time to check if that works.
My questions
Is there a way to prevent Google from indexing IPs(Any IPs in general)?
How to prevent VM's ext. IP from being indexed by Google especially when load balancer is in use?
There is a simple solution but it takes time. Configure the Apache web server to redirect IP-based queries to your domain or return an error. Google Search will eventually notice the redirect and remove the IP address from search queries.
For redirects, use a permanent redirect (301).
301 Moved Permanently
How To Create Temporary and Permanent Redirects with Apache and Nginx
There are WordPress plugins to do the same, but I prefer to configure Apache directly and not add another plugin to a site.
Is there a way to prevent Google from indexing IPs(Any IPs in
general)?
No, Google can index any site, IP or Hostname based, that is public unless restricted via robots.txt.
Introduction to robots.txt
How to prevent VM's ext. IP from being indexed by Google especially
when load balancer is in use?
You can create a VPC Firewall rule that only allows traffic from the load balancer and blocks Internet ingress traffic.
Load Balancer Firewall Rules
Additional information:
Remove a page hosted on your site from Google
I have this scenario with Nginx as reverse proxy and Prestashop:
I have Prestashop installed as a container with Proxmox and it has been configured with a local IP address (192.168.0.10) instead of a domain name. I can access Prestashop via the local IP without problems through the local network.
I have nginx as a reverse proxy installed on another VM that receives the request with a domain name (subdomain.example.com) with an SSL certificate on the Nginx, and makes a proxy_pass for the local IP address (192.168.0.10).
When the request is made via the external domain Prestashop redirects [subdomain.example.com] to [192.168.0.1] which is not expected.
With other attempts returns the error (too many redirects) ...
other attempts returns the error 500 ...
I've already tried to enable SSL on prestashop, assign the domain [subdomain.example.com] on prestashop, activate multistore and several other attempts without any success.
I found a tutorial that suggest do edit de [Link.php] file on Prestashop but don't work for me too.
I can't find any material on the web that solves this problem, nor in the Prestashop documentation, so I ask for your help.
This is probably a misconfiguration in Prestashop as your webserver config is pretty straightforward.
Please make sure :
that your DB table ps_shop_url is containing the correct subdomain.example.com in domain and domain_ssl row.
that .htaccess file in Prestashop in root folder is not containing references to your backend IP (192.168.0.1) - If this is the case, you'll need to regenerate in from backoffice (click SAVE in Seo&URL tab )
So I have a domain(example.com), where I want the root url
example.com
to direct to my landing page's DNS that comes from its hosting provider and I want every other url
example.com/whatever-here
to direct to my main hosting provider, which is digital ocean with its DNS. I did it before, but with subdomains. The example.com part was directing to my landings and their hosts, while everything that started with the "app" subdomain (app.example.com) directed users to my main hosting. Now I want to do it without introduction of subdomains. Is it done somewhere on Nginx level? Or is it configured in my hosting providers' settings? Couldn't find the answer so far.
You can't.
The hostname indicates what server your browser is going to connect to. The requested path is then sent to that server, only after the browser has connected to it.
Just as #Brad said, it's impossible to directly host a domain name on two different DNS'es simultaneously. However, I managed to find two approaches that don't do what I wanted, but the end result is pretty much the same:
Host www.domain.com on one server and domain.com on another. Not all providers support it, so it's a not guaranteed-to-work solution. But it's still a solution.
Use Nginx's proxy-pass without redirect or a similar function of your webserver.
This way, you can have example.com actually load some-other-site.com without changing the browser url. I'll provide my Nginx configuration for reference:
location = / {
include proxy_params;
proxy_pass http://other-domain-or-ip.com/;
}
This is just the result I wanted and it makes me think that I fell victim to the X->Y problem here.
Has anyone with a WP multisite been through this process? I have created the Load Balancer and have a domain (one of the multisite sites) on an EC2 instance.
My load balancer setup looks like this:
Going to https://foobar.com just times out and going to https://www.foobar.com just ignores the SSL request. Is there a step I'm missing? Maybe something in httpd.conf or wp-config?
I'm sure someone has gone through something similar, it would help us all dealing with such an issue. I feel like going with WPEngine would've made much more sense than AWS for an simple WP site :(
Looks like you load balancer is setup with SSL termination as I can see you're forwarding the traffic to http target group, not https, do you have self-certified SSL.
you wanna make sure in your wp-config.php to detect SSL :
// Update 8-April-2018: I moved https redirection from the Apache virtual
server config to wp-config.php using this snippet.
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
for more details, check the link : https://blog.lawrencemcdaniel.com/wordpress-aws-elb-ssl/
I have a Wordpress website running on an AWS EC2 instance. This is served through an AWS Elastic Load Balancer, which has HTTPS enabled with a certificate I got from Amazon.
The intention is to serve both an http and an https version of the website. Loading the http version works fine.
When I load the https version however, I'm getting mixed content errors because get_template_directory_uri() always returns http links. The way the load balancer works is the TLS terminates at the LB, and it communicates with the actual EC2 instance over port 80. therefore, there is no HTTPS on the instance itself.
A lot of this is beyond my skill to heal. I know just enough to have figured out what the problem seems to be, but I'm really not sure what the right way to fix it is.
Assuming I still want to serve both http and https versions of the page (there is no ecommerce or auth on the page -- it's just informational), how should I go about fixing this?
FYI, the EC2 instance is running on an Amazon ABI, which is basically RHEL.
So first off, you will find it difficult to run both an http and https WordPress version off the same database data because WordPress saves a lot of links as absolute links (i.e. with the http(s)://mydomain.com part) and a lot of plugins just don't bother adapting to the current protocol either.
Your best bet is going to be doing redirects through your htaccess file to redirect all http traffic to https.
That being said, one way you could do what you asked for is through a filter used by get_template_directory_uri:
add_filter('template_directory_uri', 'smart_template_directory_uri', 10, 3);
function smart_template_directory_uri($template_dir_uri, $template, $theme_root_uri) {
return preg_replace('/^https?\:/i', '//', $template_dir_uri); // replace "http://" or "https://" by "//", which browsers will automatically set to the current page's protocol
}
Hope this helps!