I have an annoying issue with https on a wordpress website running on aws eb single instance.
I have the same website in a vps, https works fine, styles and css are served via https. Just to be sure (I've spent 2 days trying to figure out what's wrong) few minutes ago I deployed on eb a copy of the website - editing only the database settings.
So, the issue is that in eb if I go to https://mywebsite.com the page is "broken", styles and scripts are server through http.
In the vps if I go to https://mywebsite.com styles and scripts are https://mywebsite.com/styles/style.css, in eb styles and scripts are http://mywebsite.com/styles/style.css.
Why is this happening and how can I fix that?
I've tried edit the wp_options table and set siteurl and home to https://mywebsite.com (the same website in the vps has values set to http://mywebsite.com)
AWS Elasticbeanstalk single instance Force SSL Redirect loop
htaccess (to force https or to force only http) is simply ignored, I've tried so many solutions but no one worked. The only solution that works for me is a php redirect to http after checking if the server variable http_x_forwarded_server is set
I've read that all the https connections - in eb single instance - through port 443 are "proxied" to port 80 (that could be the problem?)
So, any solutions? I don't want to force https in the website, so I don't want to install plugins that forces https, I just want that the website doesn't broke when navigating the website through https
Just after adding the post, I've managed to solve this problem.
For future references, the solutions is to add this variable $_SERVER['HTTPS'] and set it to 'on'.
This is my code
if(isset($_SERVER['HTTP_X_FORWARDED_SERVER'])) {
$_SERVER['HTTPS'] = 'on';
}
You can add it to index.php, or as I did, in the header.php of your theme (in this case be aware that if you change theme that code will not executed)
Related
I have a fresh Wordpress install that isn't loading the database site_url value properly. On the index, post permalinks are using https, but all assets (css, js, php files) are trying to load over http. As a result, no assets are loading and I can't even log in to the site as a result. When I try to login I get a warning about unsecured forms and the wp-admin login page just reloads.
I updated both site_url and home values in the database to be https but when I echo the site_url it's still http. Also, after I made this change, the wp-admin page won't load anymore, I get a re-direct loop error.
I've tried forcing SSL by adding the options in the wp-config file, but it doesn't fix it. I've followed every method for changing Site URL from the Wordpress docs, but this also didn't fix anything.
I've added a virtual host for port 80 as well, and it's working properly, but it didn't fix anything. I don't know if I have to add a Virtual Host for port 443 (I'm a front-end dev, not a server expert!). I feel like at this point I've gone through every similar Stack Overflow thread and tried everything there, but so far nothing has helped. It feels to me like the problem is at the server level, not Wordpress, but I might be wrong.
Has the URL been set by a constant in your wp-config.php?
Fixed – after a ton of digging around, the issue was the fact that Wordpress is behind a load balancer (again, forgive my lack of server knowledge...)
Added the following to the wp-config file to fix the issue:
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = 443;
I'm suppsed to move to docker (docker-compose) a wordpress site that already works "correctly" in cPanel. I say "correctly" as the "site url" and "wordpress site url" both report http:// rather that https.
In the cPanel setup you can visit http or https and any internal link to js and css use https. After moving to docker behind traefik load balancer I get the page with all links using http. That clearly breaks security and the site is unusable.
What's the mechanism used to build up the links to assets? does it use some variables that can be set differently? My docker has apache and I'm using the same .htaccess (at least I'm using what is in the cPanel's backup...).
If I force to https, /wp-admin becomes unreachable... Currently traefik serves correclty resources requested using both http and https.
EDIT: adding
$_SERVER['HTTPS']='on';
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);
does turn most internal links to https, but /wp-admin becomes unreachable ("you're not allowed to visit thie page"). As an example it loads /wp-includes/js/jquery/jquery.js via http.
Why the
Any hint is appreciated...
I use ngrok for tunnelling to my localhost, and the only way I could successfully run my environment over proxied https is by converting wordpress permalink url's to relative urls using...
https://wordpress.org/plugins/relative-url/
The plugin is 2 years out of date but still does the job fine and allows my tunnelling to my localhost to run over https. Handy for localhost https endpoint access (without force define home/urls in wp-config.php)
I solved it rearranging the order of the settings in wp-config.php.
wp-configi.php is not just a configuration file as the name suggests. You need to set _SERVER['HTTP'] before the last line:
$_SERVER["HTTPS"] = "on";
require_once(ABSPATH . 'wp-settings.php');
(thanks to my friend Dario for the help).
I connected cloudflare to my WordPress and enabled HTTPS flexible.
made 2 page rules
https://www.example.com/wp-login.php*
https://www.example.com/wp-admin/*
leaving SSL as flexible but disabling cache and security level
I did install two plugins
http-https-remover
https-redirection [which I disabled now]
I mistakenly changed my sit and home urls to https://example.com
so I did access with FTP to fix it back , however the www is back still can't access the website
when I disable http-https-remover the website loads the content but its not aligned .
the website it self got the following errors :
www.site.com/:8 A Parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.cloudflare.com/cdn-cgi/nexp/dok3v=f2befc48d1/cloudflare.min.js, is invoked via document.write. This MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message.See https://www.chromestatus.com/feature/5718547946799104 for more details.
but they are not effecting the look and feel of the website .
for https://www.example.com/wp-admin/
the console is empty and the page returnes 200
the http version(when I disabel ssl from cloudflare for the 2 page rules) it gives me.
"This page isn’t working
www.assesstm.com redirected you too many time"
console :GET http://www.assesstm.com/wp-admin/ net::ERR_TOO_MANY_REDIRECTS
and the network is redirecting like crazy between http and https
disabling https in all the website gives me the redirect loop in the rest of the site
also worth mentioning that I'm not able to get the debug file after defining DEBUG with true in the wp-config.php file .
tried to force ssl on admin but didn't get a solution .
those are my wordpress plugins currently
a:14:{i:0;s:19:"akismet/akismet.php";i:1;s:44:"css3-text-and-image-overlay/css3_overlay.php";i:2;s:39:"easy-google-fonts/easy-google-fonts.php";i:3;s:50:"google-analytics-for-wordpress/googleanalytics.php";i:4;s:19:"jetpack/jetpack.php";i:5;s:29:"pirate-forms/pirate-forms.php";i:6;s:43:"shortcodes-ultimate/shortcodes-ultimate.php";i:7;s:41:"sp-news-and-widget/sp-news-and-widget.php";i:8;s:27:"tawkto-live-chat/tawkto.php";i:9;s:43:"themeisle-companion/themeisle-companion.php";i:10;s:37:"tinymce-advanced/tinymce-advanced.php";i:11;s:24:"wordpress-seo/wp-seo.php";i:12;s:32:"wp-overlays/wp-overlays-lite.php";i:13;s:25:"cloudflare/cloudflare.php";}
any suggestion
You should turn off SSL at your site and at cloudflare. See if that works.
Then set dns at cloudflare to bypass the cdn (grey cloud). Get ssl going on your site, and see if it loads under https.
If all that works, you can now turn on ssl at cloudflare (FULL, not Flexible) and switch dns back to using cloudflare (orange cloud).
Also,disable SSL and clean the cache, I'm sure that out there is a plugin for WP to help to propagate ssl url's, be sure you have it too, but what fixed my problem was disabling the rocket loader, you can find it in the speed option in cloudfare.
I am getting a Cloudflare error 525 in my Wordpress.
I'm working on a subdomain where the domain has https that work fine through cloudflare but the subdomain does not.
Hosting: Godaddy
The SSL certificate is UCC bought from Godaddy.
Crypto SSL in Cloudflare: FULL
I made all the changes in Wordpress mainly following these steps: force https pages wordpress
And all URLs are changed from http:// to https://.
Can anyone help me, I'm running out of ideas and I do not know what else I should do?
That error indicates that the ssl handshake is failing on the subdomain. The subdomain might be configured differently at a web-server level, or there may be Page Rules that change the behavior
https://support.cloudflare.com/hc/en-us/articles/200278659-Error-525-SSL-handshake-failed
In case someone still get this error, here is how I fixed it.
This was driving me crazy because the site was working fine and then the error started to manifest intermittently: error page shows, then by refreshing a couple of times the site loaded but with some missing images. So it was a mess.
Tried to reach out for godaddy support but it was not very useful. They checked the files, database, open ports and even changed the propagating DNS, but still the error was persisting.
At the end I tried:
Disable my ssl plugin in wordpress (really simple SSL)
Go back to http setting
In cloudflare, set the SSL setting to flexible
I found out that Cloudflare takes over the writing of the https links, so the plugin was creating a redirect loop and that was causing the handshake to fail.
The admin side of my wordpress site is stuck in HTTPS and very slow as a result.
I am trying to set the admin to HTTP.
Here is my setup and what I've tried so far.
Godaddy VPS with Godaddy SSL certificate
In wp-config.php I have: define( 'FORCE_SSL_ADMIN', false );
Tried installing the wordpress-https plugin. The admin https checkbox is greyed out / disabled.
Here are the settings on that plugin.
Check httpd.conf and htaccess files for any rewrites - none found.
Server does have Vernish installed - asked Godaddy support to check for any relevant configs in Varnish. None found.
I have tried commenting out code in wp-includes/functions.php based on suggestion here (see comment by user joelbair).
I always flush caches, and sometimes reboot the VPS completely after making changes.
Any suggestions?
Could it be related to SSL signing certificates or how SSL was installed on the server initially?
Was the HTTPS server sending the Strict-Transport-Security header? If so, your browser received instructions to always use HTTPS version of the site. Try opening the HTTP version in another browser, or try clearing your browser cache in an attempt to remove that header's control.
Install WordPress Force HTTPS plugin.
Change you're WordPress Address (URL) and Site Address (URL) in General Setting to https://yoursite.domain
Clear browser cache
No configuration needed.