Closed gecampbell closed 10 years ago
ottok
commented
10 years ago Hello!
Thanks for your feedback. In what situation exactly do you experience "does not use the domain defined". Can you send outputs of what you seen when you run curl -I http://example.com/ on the front-end, and then also what it looks like between the load balancer and back-end?
gecampbell
commented
10 years ago Hi, Otto
My primary domain is http://curmudgeon.io. I’ve defined the HTTPS_DOMAIN_ALIAS as admin.curmudgeon.io. At the moment, both domains are pointing to the same server, but I’d like to change the base domain to a load balancer with multiple servers behind it.
The primary domain:
$ curl -k -I http://curmudgeon.io HTTP/1.1 200 OK Date: Mon, 03 Feb 2014 19:00:24 GMT Server: Apache/2.2.15 (CentOS) X-Powered-By: PHP/5.3.3 X-Pingback: http://curmudgeon.io/xmlrpc.php Content-Type: text/html; charset=UTF-8 Age: 0 Connection: close
The admin (HTTPS) domain:
$ curl -k -I https://curmudgeon.io HTTP/1.1 200 OK Date: Mon, 03 Feb 2014 19:00:54 GMT Server: Apache/2.2.15 (CentOS) X-Powered-By: PHP/5.3.3 X-Pingback: https://curmudgeon.io/xmlrpc.php Connection: close Content-Type: text/html; charset=UTF-8
As you can see, it’s not issuing a Location: header or otherwise.
Does the plugin require that a network be set up? At the moment, I’m running WP 3.8.1 on a single domain, but I could add a network if needed.
On February 3, 2014 at 4:31:08 AM, Otto Kekäläinen (notifications@github.com) wrote:
Hello!
Thanks for your feedback. In what situation exactly do you experience "does not use the domain defined". Can you send outputs of what you seen when you run curl -I http://example.com/ on the front-end, and then also what it looks like between the load balancer and back-end?
— Reply to this email directly or view it on GitHub.
ottok
commented
10 years ago You cannot curl directly on https, because https is on a lower network level than PHP and PHP will have nothing to do if you already approach it with https.
This plugin works on the WordPress PHP level. So a better test is to run
$ curl -I http://curmudgeon.io/wp-admin/
HTTP/1.1 301 Moved Permanently
Date: Tue, 04 Feb 2014 09:20:09 GMT
Server: Apache/2.2.15 (CentOS)
Location: https://admin.curmudgeon.io/wp-admin/
Connection: close
Content-Type: text/html; charset=iso-8859-1At wp-admin PHP will execute and send you a redirect to https://admin.curmudgeon.io/wp-admin/ instead of non-https or default domain. Looking at the above headers everything seems to work.
If this explanation solves it for you, please consider contributing to the plugin by updating the readme.txt, I'd love to pull in a merge for it.
gecampbell
commented
10 years ago Yes, I see that.
However, the URL in the browser is still pointing to curmudgeon.io, which is the load balancer. And the requests themselves are going to the load balancer, not to admin.curmudgeon.io. So half of those requests are failing, because port 443 isn’t open except on the admin machine with the SSL.
It looks like WordPress itself is converting admin. the bare domain. Maybe?
On February 4, 2014 at 3:23:07 AM, Otto Kekäläinen (notifications@github.com) wrote:
You cannot curl directly on https, because https is on a lower network level than PHP and PHP will have nothing to do if you already approach it with https.
This plugin works on the WordPress PHP level. So a better test is to run
$ curl -k -I http://curmudgeon.io/wp-admin/ HTTP/1.1 301 Moved Permanently Date: Tue, 04 Feb 2014 09:20:09 GMT Server: Apache/2.2.15 (CentOS) Location: https://admin.curmudgeon.io/wp-admin/ Connection: close Content-Type: text/html; charset=iso-8859-1
At wp-admin PHP will execute and send you a redirect to https://admin.curmudgeon.io/wp-admin/ instead of non-https or default domain. Looking at the above headers everything seems to work.
— Reply to this email directly or view it on GitHub.
ottok
commented
10 years ago Sorry but I still don't understand what the problem is and when exactly it happens.
If I put in by browser http://curmudgeon.io/wp-admin/ it will first jump to https://admin.curmudgeon.io/wp-admin/ and then that page will redirect to https://curmudgeon.io/wp-login.php?redirect_to=https%3A%2F%2Fadmin.curmudgeon.io%2Fwp-admin%2F&reauth=1
I don't know why that happens, next what would be needed is to activate the debugging code in the plugin and look at apache/nginx error.log when it happens. Can you change add_filter('wp_redirect', '_https_domain_rewrite'); to add_filter('wp_redirect', '_debug_rewrite'); and send the relevant log output?
gecampbell
commented
10 years ago Aargh. Honestly, this probably isn’t a problem in your plugin.
Here’s the architecture:
curmudgeon.io is a load balancer, only on port 80, points to two (or more) serversadmin.curmudgeon.io is one of those servers with port 443 open and a certificate to be used as the master.
For example, images uploaded to this server will automatically get propagated to the other server(s).When you try to connect to https://curmudgeon.io it fails, because the load balancer only support port 80. If I point the domain at the server, it will redirect to https://admin.curmudgeon.io, but that means that I’m only using a single server instead of a load-balanced cluster.
On February 4, 2014 at 11:08:34 AM, Otto Kekäläinen (notifications@github.com) wrote:
Sorry but I still don't understand what the problem is and when exactly it happens.
If I put in by browser http://curmudgeon.io/wp-admin/ it will first jump to https://admin.curmudgeon.io/wp-admin/ and then that page will redirect to https://curmudgeon.io/wp-login.php?redirect_to=https%3A%2F%2Fadmin.curmudgeon.io%2Fwp-admin%2F&reauth=1
I don't know why that happens, next what would be needed is to activate the debugging code in the plugin and look at apache/nginx error.log when it happens. Can you change add_filter('wp_redirect', '_https_domain_rewrite'); to add_filter('wp_redirect', '_debug_rewrite'); and send the relevant log output?
— Reply to this email directly or view it on GitHub.
ottok
commented
10 years ago Do you have both of these defined:
define('FORCE_SSL_ADMIN', true);
define('HTTPS_DOMAIN_ALIAS', 'admin.curmudgeon.io');If backend does redirect all requests to https I don't think it will work. Redirect to https alias is done only for https URLs. If you have a company and want to sponsor plugin development, I could perhaps code in some PROXY_REDIRECT thing to support a SSL endpoint at the proxy level but plain https in the backends.
gecampbell
commented
10 years ago Thanks for your help. I think I'm giving up for now. I do NOT believe it's a problem in your plugin, but rather how the load balancers are working.
I've installed the plugin and defined the constants in
wp-config.php, and it does switch over to using HTTPS. However, it does not use the domain defined inHTTPS_DOMAIN_ALIAS. I'm running multiple servers behind a load balancer; I'd like the admin to have a different domain (the master for replication) and it's staying on the original domain.