MultiSite SSL over Nginx proxy

Discussion:

Tom Barrett

2013-08-01 08:16:04 UTC

Hi

I have a multisite installation, with domain mapping. I have purchased a
wildcard SSL for the network domain. I'm using Nginx, listening on 443 on a
front end router proxying to the webserver (over private IP) upstream (on
port 80).

What I need to do is have one subdomain (blog/site), without domain
mapping, to be served up over SSL (to briefly capture and pass on sensitive
data).

I have read this:
http://codex.wordpress.org/Administration_Over_SSL

I have played with these:
http://wordpress.org/plugins/wordpress-https/
http://wordpress.org/plugins/wordpress-https-test/
http://wordpress.org/plugins/ssl-insecure-content-fixer/
http://wordpress.org/plugins/ssl-subdomain-for-multisite/

I suffer from this:
http://core.trac.wordpress.org/ticket/19337

But I don't seem to be able to hit the sweet spot (i.e. get it all to
work). I might be confusing myself (having only recently discovering the
proxy ssl issue).

Obviously I can't have the frontend over SSL (don't have certificates for
all the mapped domains, or IP addresses to go witht them). And other than
the admin bar links working (remaining logged in whilst switching from
secure site A to 'normal' site 'B'), that's all I need.

Any help would be great.

Thanks.

--
http://www.tcbarrett.com | http://gplus.to/tcbarrett |
http://twitter.com/tcbarrett

Martin Lazarov

2013-08-01 09:07:08 UTC

Permalink

What did you mean "without domain mapping"? Separete blog installation?
You can do that playing with nginx and/or with the webserver config
over the private ip. Just make required vhost.

Post by Tom Barrett
Hi
I have a multisite installation, with domain mapping. I have purchased a
wildcard SSL for the network domain. I'm using Nginx, listening on 443 on a
front end router proxying to the webserver (over private IP) upstream (on
port 80).
What I need to do is have one subdomain (blog/site), without domain
mapping, to be served up over SSL (to briefly capture and pass on sensitive
data).
http://codex.wordpress.org/Administration_Over_SSL
http://wordpress.org/plugins/wordpress-https/
http://wordpress.org/plugins/wordpress-https-test/
http://wordpress.org/plugins/ssl-insecure-content-fixer/
http://wordpress.org/plugins/ssl-subdomain-for-multisite/
http://core.trac.wordpress.org/ticket/19337
But I don't seem to be able to hit the sweet spot (i.e. get it all to
work). I might be confusing myself (having only recently discovering the
proxy ssl issue).
Obviously I can't have the frontend over SSL (don't have certificates for
all the mapped domains, or IP addresses to go witht them). And other than
the admin bar links working (remaining logged in whilst switching from
secure site A to 'normal' site 'B'), that's all I need.
Any help would be great.
Thanks.
--
http://www.tcbarrett.com | http://gplus.to/tcbarrett |
http://twitter.com/tcbarrett
_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers

Tom Barrett

2013-08-05 10:15:23 UTC

Permalink

Post by Martin Lazarov
What did you mean "without domain mapping"? Separete blog installation?

I mean that the blog_id has no mapped domain on it.

Post by Martin Lazarov
You can do that playing with nginx and/or with the webserver config
over the private ip. Just make required vhost.

I think this is an example that breaks down my problem. This is what I want
(numbers are blog_id).

1. HTTP: www.my-network.com
2. HTTP: apples.my-network.com (DM: www.my-apples.com)
3. HTTP: pears.my-network.com
4. HTTPS: ssl.my-network.com

Proxy server (Server A) pushes requests onto web server (Server B). All 443
and 80 traffic is proxied from A to B on port 80 over private IP.

Using this as my starting point, all blogs (1,2,3 and 4) 'work' on port 80
and 443. But on 443 all the subrequests are on http, which breaks things
(like CSS).

If I add an Nginx redirect:
server {
listen 111.222.333.444:80;
server_name ssl.my-network.com;

rewrite ^(.*) https://ssl.my-network.com$1 redirect;
}
That doesn't fix the issue with the subrequests.

Are you saying this is entirely an nginx set up problem, and it can be done
without any amends to WordPress or use of plugins?

Have I befuddled myself?

--
http://www.tcbarrett.com | http://gplus.to/tcbarrett |
http://twitter.com/tcbarrett

Martin Lazarov

2013-08-05 12:33:49 UTC

Permalink

Yes, i doesn't and will not!

The right way is to make wordpress to send html with httpS url's!

Post by Tom Barrett
That doesn't fix the issue with the subrequests.
Are you saying this is entirely an nginx set up problem, and it can be done
without any amends to WordPress or use of plugins?
Have I befuddled myself?

Tom Barrett

2013-08-05 15:42:35 UTC

Permalink

Could you expand on that?

I've created a network plugin that has just this code, to make WordPress
think that the ssl site is on https:

global $blog_id;
if( $blog_id == 4 )
$_SERVER['HTTPS'] = 'on';

However, this has 2 unwanted behaviours:
1. All the links under 'my sites' point to https (e.g
https://www.my-network.com)
2. It logs me out of the other 3 sites. Logging in to any of them, logs me
out of ssl (blog 4)

So I'm still stuck.

Post by Martin Lazarov
Yes, i doesn't and will not!
The right way is to make wordpress to send html with httpS url's!

Post by Tom Barrett
That doesn't fix the issue with the subrequests.
Are you saying this is entirely an nginx set up problem, and it can be

done

Post by Tom Barrett
without any amends to WordPress or use of plugins?
Have I befuddled myself?

_______________________________________________
wp-hackers mailing list
http://lists.automattic.com/mailman/listinfo/wp-hackers

--
http://www.tcbarrett.com | http://gplus.to/tcbarrett |
http://twitter.com/tcbarrett