[Plugin: WordPress HTTPS (SSL)] Force SSL Exclusively not working on multisites

jessor
(@jessekeys)

11 years, 9 months ago

I’m using this extension to force logins via HTTPS, but want pages and posts to redirect from https to http to avoid duplicate content (Force SSL Exclusively Setting).

This works on the main site, but not on additional sites.

Current WordPress Multisite with Domain Mappings. Everything else seems to work fine.

http://wordpress.org/extend/plugins/wordpress-https/

Viewing 14 replies - 1 through 14 (of 14 total)

Thread Starter jessor
(@jessekeys)

11 years, 9 months ago

This is still the case for version 3.1.1 of the plugin.

Plugin Author Mike Ems
(@mvied)

11 years, 9 months ago

So you have a multi-site network where each site has it’s own Dashboard and you’ve gone to each site’s Dashboard and enabled that option for each site and it’s not working for just your sub-sites?

Thread Starter jessor
(@jessekeys)

11 years, 9 months ago

That’s correct. This setting does not seem to have any effect on sub-sites.

Plugin Author Mike Ems
(@mvied)

11 years, 9 months ago

I certainly can’t reproduce that. I’ve used the plugin on a few multisites. For example, here’s a sub-site using this feature and working https://blog.wordpresshttps.com/sample-page/.

Are you sure it’s not browse caching or something like that? Could you try setting up a fresh WP install on the same server, installing the plugin, and seeing if the problem persists?
Thread Starter jessor
(@jessekeys)

11 years, 9 months ago
Mhhh, it’s very tricky to debug.

I’m quite sure it has something to do with how WP Multisite, Domain Mappings and HTTPS are playing together. Let me give you some more details on the setup:

Nginx:
```
server {
    listen  80;
    listen  443 ssl;

    server_name blog.example.org team.example.org;

    ssl_certificate /etc/ssl/startssl/blog.example.org.crt;
    ssl_certificate_key /etc/ssl/startssl/blog.example.org.key;

    root /var/www/blog.example.org;
    index index.php;

    location / {
        root /var/www/blog.example.org;
        index index.php;
        try_files $uri/ $uri /index.php?q=$uri&amp&$args;
        port_in_redirect off;
    }

    # php via fastcgi
    location ~ \.php$ {
        fastcgi_index   index.php;
        fastcgi_intercept_errors on;
        fastcgi_param   HTTPS on;
        include         "fastcgi_params";
        fastcgi_pass    unix:/var/run/php-fastcgi.sock;
    }

    # wordpress permalink rewrite
    if (-f $request_filename) {
        break;
    }

    # uploaded files -> wp-includes/ms-files.php
    rewrite /files/$ /index.php last;

    if ($uri !~ wp-content/plugins) {
        rewrite /files/(.+)$ /wp-includes/ms-files.php?file=$1 last;
    }
}
```
Relevant entries in wp-config.php:
```
define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
define('WPLANG', '');
define('WP_DEBUG', false);
define('WP_ALLOW_MULTISITE', true);
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', true);
define('DOMAIN_CURRENT_SITE', 'blog.example.org');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);
define('SUNRISE', true);
```
WP HTTPS Config in blog.example.org: http://imgur.com/wV4CO
WP HTTPS Config in team.blog.example.org: http://imgur.com/VImRw

Activated in Domain Mapping Settings:

[X] User domain mapping page, [X] Redirect administration pages to site’s original domain (remote login disabled if this redirect is disabled)

Primary Domain for the team.blog.example.org subsite is team.example.org

So, with this setup, everything works fine. The subsite dashboard redirects to https://team.blog.example.org/wp-admin/ like it should, too. The only thing not working is this:

curl -I -k “https://team.example.org/2012/07/01/test-foo/”
HTTP/1.1 200 OK
Date: Fri, 20 Jul 2012 08:27:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
X-Pingback: https://team.example.org/xmlrpc.php
Set-Cookie: redirect_count=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Link: <https://team.example.org/?p=2544>; rel=shortlink

where it should redirect like on the parent blog.example.org.

I hope this narrows it down a bit?
Plugin Author Mike Ems
(@mvied)

11 years, 9 months ago

Not really, that’s just confusing.

You mentioned blog.example.org and team.blog.example.org in all your screenshots, and then you make a cURL request to https://team.example.org/2012/07/01/test-foo.

What?

Thread Starter jessor
(@jessekeys)

11 years, 9 months ago

That’s the domain mapping working.

Primary Domain for the team.blog.example.org subsite is team.example.org

Plugin Author Mike Ems
(@mvied)

11 years, 9 months ago

When you’re using an SSL Host that doesn’t match your Site URL, the code never verifies that you’re hitting the site over HTTPS from that host. It assumes that if your SSL Host doesn’t match your Site URL, there’s probably only one URL you can hit that site securely with, so it doesn’t bother verifying. If you’re SSL Host doesn’t match your Site URL and the page is HTTPS, you’re good to go. No redirect.

I’m guessing http://team.example.org/2012/07/01/test-foo/ works as intended?

I could add in a check pretty easily, but to date there’s never been a reason to.

Thread Starter jessor
(@jessekeys)

11 years, 9 months ago

Yeah, that sounds about right.

I think our setup here is not that unreasonable so supporting this usecase should make sense. WP Multisite plus Domain Mapping is tricky enough like it is 😉

Thanks!

pescadito01
(@pescadito01)

11 years, 9 months ago

please, say to this newbie how to setup the plugin in multisite domain mapping:

a) is recomended enable the plugin to all the network or

b) is nedded to enable the plugin in each subsite??

best regards, pescadito

Plugin Author Mike Ems
(@mvied)

11 years, 9 months ago

I’ve never really used the Domain Mapping plugin. In the current version, the plugin is not running its installation process for each subsite when you do a Network Activate. This will be fixed in the next release. It will be out within a week if you’d like to wait.

Thread Starter jessor
(@jessekeys)

11 years, 8 months ago

Mvied, I see you committed some changes to the plugin repository already. Are you running trunk (3.2) on a production site already? I’d like to upgrade 😉

plugins_lexblog
(@plugins_lexblog)

11 years, 4 months ago

We are having the same issue. We’re on Apache and we have the most current version of this plugin. It’s still redirecting when we try and login via the admin between the domain and sub-domain and the login fails. So if a fix was leveraged, it’s not working with the most recent version of Domain Mapping on 3.4.2.

gufranchorghay
(@gufranchorghay)

11 years, 3 months ago

In my secured (SSL) site (after using WordPress HTTPS SSL plugin)
every page works fine but,

In footer I had given:

Designer: http://www.designersite.com
on click it goes to https://www.designersite.com

ie. HTTP TO HTTPS

Please help?

Viewing 14 replies - 1 through 14 (of 14 total)

The topic ‘[Plugin: WordPress HTTPS (SSL)] Force SSL Exclusively not working on multisites’ is closed to new replies.

Tags