[Plugin: WordPress HTTPS (SSL)] Force SSL Exclusively not working on multisites
-
I’m using this extension to force logins via HTTPS, but want pages and posts to redirect from https to http to avoid duplicate content (Force SSL Exclusively Setting).
This works on the main site, but not on additional sites.
Current WordPress Multisite with Domain Mappings. Everything else seems to work fine.
-
This is still the case for version 3.1.1 of the plugin.
So you have a multi-site network where each site has it’s own Dashboard and you’ve gone to each site’s Dashboard and enabled that option for each site and it’s not working for just your sub-sites?
That’s correct. This setting does not seem to have any effect on sub-sites.
I certainly can’t reproduce that. I’ve used the plugin on a few multisites. For example, here’s a sub-site using this feature and working https://blog.wordpresshttps.com/sample-page/.
Are you sure it’s not browse caching or something like that? Could you try setting up a fresh WP install on the same server, installing the plugin, and seeing if the problem persists?
Mhhh, it’s very tricky to debug.
I’m quite sure it has something to do with how WP Multisite, Domain Mappings and HTTPS are playing together. Let me give you some more details on the setup:
Nginx:
server { listen 80; listen 443 ssl; server_name blog.example.org team.example.org; ssl_certificate /etc/ssl/startssl/blog.example.org.crt; ssl_certificate_key /etc/ssl/startssl/blog.example.org.key; root /var/www/blog.example.org; index index.php; location / { root /var/www/blog.example.org; index index.php; try_files $uri/ $uri /index.php?q=$uri&&$args; port_in_redirect off; } # php via fastcgi location ~ \.php$ { fastcgi_index index.php; fastcgi_intercept_errors on; fastcgi_param HTTPS on; include "fastcgi_params"; fastcgi_pass unix:/var/run/php-fastcgi.sock; } # wordpress permalink rewrite if (-f $request_filename) { break; } # uploaded files -> wp-includes/ms-files.php rewrite /files/$ /index.php last; if ($uri !~ wp-content/plugins) { rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last; } }
Relevant entries in wp-config.php:
define('FORCE_SSL_ADMIN', true); define('FORCE_SSL_LOGIN', true); define('WPLANG', ''); define('WP_DEBUG', false); define('WP_ALLOW_MULTISITE', true); define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', 'blog.example.org'); define('PATH_CURRENT_SITE', '/'); define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1); define('SUNRISE', true);
WP HTTPS Config in blog.example.org: http://imgur.com/wV4CO
WP HTTPS Config in team.blog.example.org: http://imgur.com/VImRwActivated in Domain Mapping Settings:
[X] User domain mapping page, [X] Redirect administration pages to site’s original domain (remote login disabled if this redirect is disabled)
Primary Domain for the team.blog.example.org subsite is team.example.org
So, with this setup, everything works fine. The subsite dashboard redirects to https://team.blog.example.org/wp-admin/ like it should, too. The only thing not working is this:
curl -I -k “https://team.example.org/2012/07/01/test-foo/”
HTTP/1.1 200 OK
Date: Fri, 20 Jul 2012 08:27:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
X-Pingback: https://team.example.org/xmlrpc.php
Set-Cookie: redirect_count=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Link: <https://team.example.org/?p=2544>; rel=shortlinkwhere it should redirect like on the parent blog.example.org.
I hope this narrows it down a bit?
Not really, that’s just confusing.
You mentioned blog.example.org and team.blog.example.org in all your screenshots, and then you make a cURL request to
https://team.example.org/2012/07/01/test-foo
.What?
That’s the domain mapping working.
Primary Domain for the team.blog.example.org subsite is team.example.org
When you’re using an SSL Host that doesn’t match your Site URL, the code never verifies that you’re hitting the site over HTTPS from that host. It assumes that if your SSL Host doesn’t match your Site URL, there’s probably only one URL you can hit that site securely with, so it doesn’t bother verifying. If you’re SSL Host doesn’t match your Site URL and the page is HTTPS, you’re good to go. No redirect.
I’m guessing
http://team.example.org/2012/07/01/test-foo/
works as intended?I could add in a check pretty easily, but to date there’s never been a reason to.
Yeah, that sounds about right.
I think our setup here is not that unreasonable so supporting this usecase should make sense. WP Multisite plus Domain Mapping is tricky enough like it is 😉
Thanks!
please, say to this newbie how to setup the plugin in multisite domain mapping:
a) is recomended enable the plugin to all the network or
b) is nedded to enable the plugin in each subsite??
best regards, pescadito
I’ve never really used the Domain Mapping plugin. In the current version, the plugin is not running its installation process for each subsite when you do a Network Activate. This will be fixed in the next release. It will be out within a week if you’d like to wait.
Mvied, I see you committed some changes to the plugin repository already. Are you running trunk (3.2) on a production site already? I’d like to upgrade 😉
We are having the same issue. We’re on Apache and we have the most current version of this plugin. It’s still redirecting when we try and login via the admin between the domain and sub-domain and the login fails. So if a fix was leveraged, it’s not working with the most recent version of Domain Mapping on 3.4.2.
In my secured (SSL) site (after using WordPress HTTPS SSL plugin)
every page works fine but,In footer I had given:
Designer: http://www.designersite.com
on click it goes to https://www.designersite.comie. HTTP TO HTTPS
Please help?
- The topic ‘[Plugin: WordPress HTTPS (SSL)] Force SSL Exclusively not working on multisites’ is closed to new replies.