I got Mixed Content errors on wordpress site, after I set up automatic redirection from http to https on apache.
Mixed Content: The page at 'https://example.example.com/' was loaded over HTTPS, but requested an insecure stylesheet http://example.example.com/wp-content/uploads/elementor/css/post-2612.css?ver=1481615259'. This request has been blocked; the content must be served over HTTPS
I want to know if the problem with my htaccess / virtualhost or maybe with the code, css, etc..
My htaccess code looks like this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
My VirtualHost looks like this:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
ServerName example.example.com
ServerAdmin hostmaster#example.com
DocumentRoot /mnt/data/html1
ErrorLog /mnt/data/html1/example.example.com_error.log
CustomLog /mnt/data/html1/example.example.com_access_log combined env=!dontlog
</VirtualHost>
<VirtualHost _default_:443>
SSLEngine on
RewriteEngine On
RewriteCond %{HTTPS} on
SSLCertificateFile /etc/httpd/sites-available/crt.crt
SSLCertificateKeyFile /etc/httpd/sites-available/pem.pem
ServerName example.example.com
DocumentRoot /mnt/data/html1
ErrorLog /mnt/data/html1/example.example.com_error.log
CustomLog /mnt/data/html1/example.example.com_access_log combined env=!dontlog
</VirtualHost>
<Directory "/mnt/data/html1">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /mnt/data/html1/.htpasswd
Require valid-user
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Tracking down and solving all mixed content issues can be annoying. Here's an excellent guide from google to methodically go through it.
https://developers.google.com/web/fundamentals/security/prevent-mixed-content/fixing-mixed-content
personally i have been using cloudflare's auto rewrite system at DNS level, which is completely turnkey and an excellent trick for the lazy.
Although chrome should identify the difference between content loaded via 3rd party (let's say you have JS vendor lib which is pulling in assets from somewhere, I understand this sometimes contributes to the warning, reviewing your network tab in browser will identify which outbound links are triggering the problem.
Related
I've got a question about apache configs or it may be the .httaccess file. I have staging site : staging.witnesstolove.org with https enabled. when I try to go to the site, I'm redirected to stagingwitnesstolove.org and I'm not sure why?
My apache config seems pretty basic:
<VirtualHost *:80>
ServerAdmin accounts#1905newmedia.com
DocumentRoot /home/ubuntu/staging/witnesstolove/current/site/web/
ServerName staging.witnesstolove.org
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /home/ubuntu/staging/witnesstolove/current/site/web/>
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =staging.witnesstolove.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
I see in devtools that i'm getting a 301 redirect and it says it's being redirected by wordpress.
If I look at the .htaccess file for the site, it's like this:
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Based on the response headers I'm getting back, it sounds like wordpress is redirecting the traffic to the other domain?
Here's the HTTPS config for the site in Apache:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin accounts#1905newmedia.com
DocumentRoot /home/ubuntu/staging/witnesstolove/current/site/web/
ServerName staging.witnesstolove.org
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /home/ubuntu/staging/witnesstolove/current/site/web/>
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
RewriteEngine on
# Some rewrite rules in this file were disabled on your HTTPS site,
# because they have the potential to create redirection loops.
# RewriteCond %{SERVER_NAME} =staging.witnesstolove.org
# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
SSLCertificateFile /etc/letsencrypt/live/staging.witnesstolove.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/staging.witnesstolove.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Hi I am having a little problem after using permalinks wordpress, the https version of the site shows the Apache start page. On the http version, the site and all permalinks work fine. I also want to say that without using permalinks, the site on http and https works well. I am using CentOS 8
My .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
My httpd.conf
IncludeOptional conf.d/*.conf
<VirtualHost *:443>
DocumentRoot "/var/www/wordpress"
ServerAlias www.example.com
<Directory "/var/www/wordpress">
allow from all
Options None
Require all granted
</Directory>
SSLEngine on
SSLProtocol +TLSv1.1 +TLSv1.2
SSLCertificateFile /var/ssls/cazzy_store.crt
SSLCertificateKeyFile /var/ssls/cazzy.key
SSLCACertificateFile /var/ssls/cazzy_store.ca-bundle
</VirtualHost>
I tried adding AllowOverride All ”to the <Directory” in my httpd.conf file but it didn't help
I solved the problem by adding this to my .htaccess file
<IfModule mod_rewrite.c>
RewriteEngine On
Options +FollowSymLinks
</IfModule>
I need to renew my letsencrypt certificate. For that, I need to disable the http to https redirect.
However I can't manage to to that.
I am running Apache und Raspbian. Here's my sites-available/000-default.conf:
<VirtualHost *:80>
ServerAdmin example#mail.com
DocumentRoot "/var/www/html/tennis/public"
DirectoryIndex index.php
<Directory /var/www/html/tennis/public>
Options All
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
#RewriteEngine on
#RewriteCond %{SERVER_NAME} = my.domain.com
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
I though commenting the last three lines out would solve the problem, however I still get an 301 redirect to https.
My .htaccess looks like this:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
#Header always edit Set-Cookie (.*) $1;Secure
Header always append X-Frame-Options DENY
#Header set Connection keep-alive
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
I can reach the website via http if I use the IP address, so I know that http is still working.
So I can't figure out on which point I still got the redirect to https. When installing the certificate the first time, I used the certbot to always redirect to https, may be it sets this redirect somewhere else?
Okay, this is not a problem from my side at all. My dyndns provider got an issue with his certificates and therefore this error occurs.
On my Apache server I have a WordPress installation working on www.domain.com and I want to add a Symfony4 installation on www.domain.com/symfony. Symfony routes are taken to the WordPress 404 page (but still are the correct URL i.e. www.domain.com/symfony/about). However, if there are NO routes defined in my Symfony app, then the base www.domain.com/symfony/ URL will correctly display the Symfony4 getting started page. What is wrong in my Apache conf files?
Web server is Apache 2.4, I have tried using Alias and AliasMatch directives in the /etc/apache2 conf files. Alias displays WordPress 404 for all Symfony routes and AliasMatch appends many /index.php's onto the URL and displays the same 404. I tried to copy what phpmyadmin does with its Alias /phpmyadmin /usr/share/phpmyadmin
# /etc/apache2/sites-available/wordpress.conf
<Directory /var/www/wordpress>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin me#myemail.com
DocumentRoot /var/www/wordpress
</VirtualHost>
# /var/www/wordpress/.htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# /etc/apache2/sites-available/symfony.conf
Alias /symfony /var/www/symfony/app/public
<Directory /var/www/symfony/app/public>
Options FollowSymLinks
AllowOverride All
Require all granted
Allow from All
FallbackResource /index.php
</Directory>
# /var/www/symfony/app/config/routes.yaml
about_index:
path: /about
controller: App\Controller\AboutController::index
I expected www.domain.com/symfony/about to go to /var/www/symfony/app/public/index.php and route to App\Controller\AboutController::index, but it looks like WordPress is trying to find the page /symfony/about and 404's.
When I change my Alias /symfony /var/www/symfony/app/public to AliasMatch ^/symfony.* /var/www/symfony/app/public it changes the Symfony URL to www.domain.com/symfony/index.php/index.php/index.php/index.php/index.php/index.php but has the same result (WordPress 404 page). None of my changes have impacted the WordPress part at all - it still functions perfectly.
EDIT 1
Tried a new conf to test if it's my symfony config - it works as expected so I just think it must be something in my Apache confs. This config treats the symfony app as the main site and wordpress is totally disabled:
# /etc/apache2/sites-available/symfony_only.conf
<Directory /var/www/symfony/app/public>
Options FollowSymLinks
AllowOverride All
Require all granted
Allow from All
FallbackResource /index.php
</Directory>
<Directory /var/www/symfony/app/public/bundles>
FallbackResource disabled
</Directory>
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin me#myemail.com
DocumentRoot /var/www/symfony/app/public
</VirtualHost>
Looks like I got a working conf now. Not sure if it's even resulting in any different configuration than the one I had. I also did a lot of php bin/console cache:clear as I was even getting 404 and 500 errors on the little debug bar at the bottom of the symfony welcome page (not displayed on the bar, but the bar actually wouldn't properly load). The below file is my entire conf which I combined into one file. It serves from my Symfony4 app if the url path begins with /symfony, and the routes all work.
# /etc/apache2/sites-available/wordpress_symfony.conf
Alias /symfony /var/www/symfony/app/public
<Directory /var/www/symfony/app/public>
AllowOverride All
Require all granted
Allow from All
FallbackResource /index.php
</Directory>
<Directory /var/www/symfony/app/public/bundles>
FallbackResource disabled
</Directory>
<Directory /var/www/wordpress>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin me#myemail.com
DocumentRoot /var/www/wordpress
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Also I added the symfony/apache-pack with composer which added this .htaccess in the symfony public directory. The docs said I can get improved performance by moving all these rules into my .conf file and disabling overrides:
# /var/www/symfony/app/public/.htaccess
DirectoryIndex index.php
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteCond %{HTTP:Authorization} .
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [L]
RewriteRule ^ %{ENV:BASE}/index.php [L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
RedirectMatch 307 ^/$ /index.php/
</IfModule>
</IfModule>
I have folder structure like this:
-- /var/www/domain
|
|-- wordpress
|-- framework
The desired functionality is when you go to domain.com its "document root" is in wordpress folder.
When you open domain.com/embed "document root" would be in framework folder.
I thikn the biggest problem is that I still need to support canonical URLS inside both of those folders.
Some example urls for wordpress are:
domain.com/contact
domain.com/solutions/finance
domain.com/blog/something-happened-yesterday (this might be subdomain blog.domain.com - not decided yet)
Embed will be always in format:
domain.com/embed/Category/Item?some=1,params=0
Wordpress and framework code is 100% independent of each other.
I think if I would simply move framework folder into wordpress folder and named it "embed" it would probably save a lot of trouble and work pretty well. But I feel like its not good solutions, and would prefer to keep them separate as they are now.
Some more snippets:
I tried many apache configurations, this is one of them:
<VirtualHost *:80>
ServerName u.ipushpull.com
ServerAdmin admin#ipushpull.com
DocumentRoot /var/www/ipushpull.com/u/wordpress
DirectoryIndex index.php index.html
Alias /embed/ /var/www/ipushpull.com/u/framework/code/wwwroot/
CustomLog ${APACHE_LOG_DIR}/ipushpull_web_u_access.log combined
ErrorLog ${APACHE_LOG_DIR}/ipushpull_web_u_error.log
LogLevel warn
</VirtualHost>
The .htaccess in framework folder:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
Thank you
Ok I found solution.
After looking into logs I noticed errors that were looking for files where they shouldn't be. And after more time googling finally I found something useful.
In your htaccess you MUST setup RewriteBase to whatever first parameter of your Alias is.
My final setting:
Apache Virtual Host
<VirtualHost *:80>
ServerName u.ipushpull.com
ServerAdmin admin#ipushpull.com
Alias /embed /var/www/ipushpull.com/u/framework/code/wwwroot
<Directory "/var/www/ipushpull.com/u/framework/code/wwwroot">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
Allow from all
</Directory>
DocumentRoot /var/www/ipushpull.com/u/wordpress
DirectoryIndex index.php index.html
CustomLog ${APACHE_LOG_DIR}/ipushpull_web_u_access.log combined
ErrorLog ${APACHE_LOG_DIR}/ipushpull_web_u_error.log
LogLevel warn
</VirtualHost>
.htaccess (in framework/code/wwwroot)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /embed
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
Works like a charm