WordPress.org

Ready to get started?Download WordPress

Forums

WordPress HTTPS (SSL)
[Plugin: WordPress HTTPS] Setting up Shared SSL (4 posts)

  1. AaronW
    Member
    Posted 3 years ago #

    My site URL looks like www.regular-domain.com. However, since I'm on a shared server I get a Shared SSL which I get by going to https://servername.webhostname.com/~username/.

    I've installed WordPress HTTPS, unchecked every setting except for Shared SSL, and put https://servername.webhostname.com/~username/ in the Shared SSL field. I've also put define('FORCE_SSL_ADMIN', true) in my wp-config.php.

    However, when I try going to the login page (e.g. through www.regular-domain.com/wp-login.php I get redirected to https://servername.webhostname.com/~username/~username/wp-login.php and get a 404.

    P.S. Any way to make URLs typed here be not converted into actual links?

  2. luud
    Member
    Posted 3 years ago #

    Same here.

    For some reason it struggles with the fact that the https URL contains a path.

    I tried creating a symbolic link ~username into the public_html directory pointing to the current directory, i.e. ~username -> .

    What we get then is that it starts a redirect loop, making the url look line https://https.host.com/~username/~username/~username/.../~username/some/local/path/to/file.php

    For some reason it sees the shared ssl host url and thinks it needs to redirect it to the shared host url again, and again, and again, going back and forth with the browser. The latter finally gives up as it detects the redirect loop. Maybe it does not detect properly that the shared ssl host is actually ssl for some reason.

  3. luud
    Member
    Posted 3 years ago #

    I added a bit of logging to the plugin using the logging class I found here: http://www.redips.net/php/write-to-log-file/

    Something that struck me is that the is_ssl function does not seem to be entirely reliable.

    I loaded the home page of the blog twice, once as plain http and the second time as https. For both runs, it did not find that the request was https:

    21:33:53 (index)
    21:33:53 (index) *** NEW REQUEST ***
    21:33:53 (index)
    21:33:53 (index) $this->http_url = http://gatorXXXX.hostgator.com
    21:33:53 (index) $this->https_url = https://gatorXXXX.hostgator.com
    21:33:53 (index) Turn on Shared SSL
    21:33:53 (index) $this->https_url = https://gatorXXXX.hostgator.com/~username
    21:33:53 (index) remove redirect_canonical filter
    21:33:53 (index) function is_ssl() :
    21:33:53 (index) $this->shared_ssl = 1
    21:33:53 (index) $this->https_url = https://gatorXXXX.hostgator.com/~username
    21:33:53 (index) $_SERVER['HTTP_X_FORWARDED_SERVER'] =
    21:33:53 (index) return is_ssl() = false
    21:34:47 (index)
    21:34:47 (index) *** NEW REQUEST ***
    21:34:47 (index)
    21:34:47 (index) $this->http_url = http://gatorXXXX.hostgator.com
    21:34:47 (index) $this->https_url = https://gatorXXXX.hostgator.com
    21:34:47 (index) Turn on Shared SSL
    21:34:47 (index) $this->https_url = https://gatorXXXX.hostgator.com/~username
    21:34:47 (index) remove redirect_canonical filter
    21:34:48 (index) function is_ssl() :
    21:34:48 (index) $this->shared_ssl = 1
    21:34:48 (index) $this->https_url = https://gatorXXXX.hostgator.com/~username
    21:34:48 (index) $_SERVER['HTTP_X_FORWARDED_SERVER'] =
    21:34:48 (index) return is_ssl() = false

    I directly loaded the page as https, thus $_SERVER['HTTP_X_FORWARDED_SERVER'] is expected to be empty. Threfore the function reverts to what the wordpress function is_ssl() provides. Unfortunately, this function seems not to see the fact that the request actually was ssl.

    Looking at what is in $REQUEST, it makes some sense as the $REQUEST['HTTPS'] header turned out to be empty and the server port was set to 80. It is really strange what is going on here. The request is to https, but for some reason it is seen as http by the receiving server. The browser sees it as https though. All I can think of now is that Hostgator applies some proxy that hides the ssl connection for the receiving server...

  4. Mvied
    Member
    Plugin Author

    Posted 3 years ago #

    This is very common with Shared SSL certificates and proxies. Unfortunately it is impossible (as far as I know) to detect SSL without those global variables being set correctly.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic