Keywords: WordPress - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 9dd36888-9a65-37a5-44a7-7ad3cfda0279
We have a bitnami Wordpress server running in an EC2 instance. Like good citizens, we got an SSL cert and set it up for our domain name (say example.com). Works fine. The problem is that entering http://[the bare IP addr for our instance] gives the exact same site content, but in insecure http.
I have spent well over 12 hours last week failing to sort this out (edit httpd.conf and bitnami.conf, etc). Incredibly frustrating. Esp. when "the system" keeps telling us "everything should be https." Seems like a common use case which doesn't "just work" and something non-standard needs to be done.
More important than solving my specific problem is having a more robust "workflow" in the bitnami setup process. Like "Get your SSL cert, do this, do that, viola, everything is secure." Security should not be an IQ test, we should have processes that are secure by default and you have to actively go off the beaten path to make yourself insecure.
After saying all this - maybe a few months ago we did do something non-standard that I'm forgetting about! So maybe I'm full of it!
Unencrypted bare IP addr sounds like an unacceptable risk, and the answer is not obvious or I would've stumbled across the magic SX answer by now.