HTTP -> HTTPS redirect not working

ScorpioX 2017-01-17 12:51:25 UTC #1

Hi,
I have HTTPS running for my Wordpress site (on AWS). Now, I want to force all HTTP-connections to HTTPS.
I've followed the guide
https://docs.bitnami.com/aws/components/apache/#how-to-force-https-redirection-for-an-application
So my files now contains:
/opt/bitnami/apache2/conf/bitnami/bitnami.conf

<VirtualHost _default_:80>
DocumentRoot "/opt/bitnami/apache2/htdocs"
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
...

/opt/bitnami/apps/wordpress/conf/httpd-prefix.conf

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
...

(I know it''s a waste to change both, it's just an act of desperation)

I've restarted Apache. However, I don't get forwarded when I try it out. I've searched through the forum without any luck.

Force https redirect for all apps on Nginx

Http to https on lightsail aws bitnami wordpress

dbarranco 2017-01-18 11:08:42 UTC #2

Hi @ScorpioX

I'm afraid to tell you that I have not been able to reproduce your issue. I followed the guide you posted above and I only modified the bitnami.conf file. This is hoy my configuration file looks like:

# Default Virtual Host configuration.

<IfVersion < 2.3 >
  NameVirtualHost *:80
  NameVirtualHost *:443
</IfVersion>

<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]  
  <Directory "/opt/bitnami/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    <IfVersion < 2.3 >
      Order allow,deny                          
      Allow from all
    </IfVersion>
    <IfVersion >= 2.3 >
      Require all granted
    </IfVersion>
  </Directory>

  # Error Documents
  ErrorDocument 503 /503.html

  # Bitnami applications installed with a prefix URL (default)
  Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>

# Default SSL Virtual Host configuration.

<IfModule !ssl_module>
  LoadModule ssl_module modules/mod_ssl.so
</IfModule>

Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog  builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
  SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
            
  <Directory "/opt/bitnami/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    <IfVersion < 2.3 >
      Order allow,deny                          
      Allow from all
    </IfVersion>
    <IfVersion >= 2.3 >
      Require all granted
    </IfVersion>
  </Directory>

  # Error Documents
  ErrorDocument 503 /503.html
        
  # Bitnami applications installed with a prefix URL (default)
  Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>

# Bitnami applications that uses virtual host configuration
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf"

# Status
ExtendedStatus on
<VirtualHost _default_:80>
ServerName local-stackdriver-agent.stackdriver.com
<Location /server-status>
  SetHandler server-status
  Order deny,allow
  Deny from all
  Allow from 127.0.0.1
</Location>
</VirtualHost>

Hope it helps. Best regards.

ScorpioX 2017-01-19 18:53:09 UTC #3

Hi,
Thanks for trying.
I ran a automated compare of the files, and my bitnami.conf file is identical to yours, except that I'm missing the Status part of the file.

Could you advice some simple test that I could use to confirm that changes I make to bitnami.conf actually have effect?

Would it be a good idea to try out the Redirect function described here: https://httpd.apache.org/docs/2.4/rewrite/avoid.html#redirect
Where would I then put it in my Bitnami environment?

dbarranco 2017-01-20 09:33:55 UTC #4

Hi @ScorpioX

I highly recommend you to leave the httpd-vhosts.conf as default and change the bitnami.conf as I showed to you above to force all HTTP connections to HTTPS.

And then, restart apache.

Best regards.

ScorpioX 2017-01-20 17:57:03 UTC #5

Excuse me, I typed the wrong file name. I have not made any changes to httpd-vhosts.conf and it's therefore as default.

I've done some thinking, I realized that my issue might be related to the fact that I'm using AWS Elastic Load Balancer which handles my SSL-certificate. So I found this page: https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/ which tries to achive what I'm trying to do. Solution is to use the code snippet:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

and add it to the top of /opt/bitnami/apps/wordpress/conf/httpd-prefix.conf and restart Apache.

dbarranco 2017-01-23 12:04:56 UTC #6

Hi @ScorpioX

Glad you could your problem and thanks for sharing the solution, I'm sure somebody will find it useful.
If you have any other question, please do not hesitate to let us know.

Best regards.

fabio27 2017-07-31 17:52:54 UTC #7

Hi,
I am trying to configure my Wordpress through a Load Balancer via HTTPS, for this I am using the following configuration:

An EC2 instance of AWS - Bitnami Multisite (ami-99022cf9)
An AWS ACM certificate for my domain (here I have added all the additional names I need)
The records "mydomain.com" and "www.mydomain.com" as record A (alias of Route 53) to the Load Balancer address

My idea is to have some sites in this my Multisite, but not all can be HTTPS, so I read in several places that I can change the bitnami.conf file in opt/bitnami/apache2/conf/bitnami

These instructions are here:
https://docs.bitnami.com/aws/components/apache/#how-to-force-https-for-all-applications

But in doing so, I had a problem, because all my sites have turned HTTPS and I can not leave it like this, only some must be HTTPS, others must remain HTTP.

So I tried this:

But in my case it did not work very well, because mine is a Multisite and then all my sites "redirected" to one.

So I tried this:

And it just worked!!!
All I expected was for the user to enter any address, enter through https://www.mydomain.com but upon entering my mydomain2.com for example continue HTTP and these instructions solved that.

The only problem I am now, unfortunately, is that I can not log into WP-Admin anymore, when I do this I'm in a loop.

In short, all Bitnami files are the same as when I started the instance for the first time, except for the file /opt/bitnami/apps/wordpress/conf/httpd-prefix.conf I added this:

RewriteEngine On
RewriteCond% {HTTP: X-Forwarded-Proto} = http
RewriteRule. Https: //% {HTTP: Host}% {REQUEST_URI} [L, R = permanent]

It seems that all that is missing is to add a condition in this code to accept my WP-Admin, but my limitations to this did not allow me to continue, please, anyone know what I should do?

Thanks and Best Regards

dbarranco 2017-08-01 14:04:11 UTC #8

Hi @fabio27

You may be in a loop with the redirection rule you're using, could you please try this one?

RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

You have more information about it here.

I hope this information is useful for you.

Thank you and best regards,
David Barranco.

Was my answer helpful? Click on

fabio27 2017-08-01 17:04:05 UTC #9

Hi @dbarranco,
Thanks for your response, I tried to follow your instructions, but unfortunately it did not work.

So by testing a few more options, I've managed to solve my problem and I'll share it here if anyone has the same difficulty as me.

First, all @ScorpioX informed us, in fact it worked, my problem was just in /wp-admin and they lacked for me two things:

1- Install the SSL Insecure Content Fixer plugin and select the HTTP_X_FORWARDED_PROTO (eg load balancer, reverse proxy, NginX) option in HTTPS detection

2- Then I noticed that my site had two domains, for example:
www.mydomain.com
mydomain.com

The whole looping problem was, because www.mydomain.com was a primary domain on my Wordpress, but my site address (URL) was mydomain.com so I got into a redirect looping when trying to access /wp-admin.

So all I did was leave everything the same and everything is working well!

Thanks and Best Regards!

jsalmeron 2017-08-02 10:40:45 UTC #10

Hi,

So, from what I read, looks like the issue is fixed. Good to know! Thanks for sharing your solution, all users will benefit from that. If come across more issues, please let us know.

Best regards,

Javier J. Salmerón

Was my answer helpful? Click on

jsalmeron 2017-10-27 15:19:26 UTC #11

Bitnami provides free all-in-one installers, virtual machines and cloud images for popular open source applications. Get them now!