Load Balancer and server level configuration

Keywords: WordPress - Google Cloud Platform - How to - Secure Connections (SSL/HTTPS)

Description:
To redirect www to non-www and http to https.

Assume it is a vanilla install.

If I were to set up redirection at the load balancer level, how should I configure the bitnami wordpress virtual hosts? Is there a need to change the configuration of a default setup?

Is there still a need to install a SSL at the server level?

Thanks

Hi @4WU,

You would only need to update the Apache server configuration on the Bitnami application instance to handle SSL requests from the load balancer:

https://docs.bitnami.com/aws/how-to/configure-elb-ssl-aws/#step-4-modify-the-web-server-configuration-on-the-bitnami-application-instance

Regards,
Michiel

Regards,
Michiel

Thanks @michiel

That’s for step 4, 5 and 6?

Couldn’t find this directory /opt/bitnami/apps/APPNAME/conf/httpd-prefix.conf. The package that I installed is Package A. Thanks

Hi @4WU,

Yes, the guide is for WordPress multi tier, but it should work in your case as well.

You can add it to /opt/bitnami/apache/conf/bitnami/bitnami.conf

Regards,
Michiel


Please click on :heart: if you think my answer was helpful.


Thanks @michiel

Do you mean

/opt/bitnami/apache/conf/bitnami/bitnami.conf

Add this

 SetEnvIf x-forwarded-proto https HTTPS=on
/opt/bitnami/apps/wordpress/htdocs/wp-config.php

Add this

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
    $_SERVER['HTTPS']='on';

/opt/bitnami/apache2/conf/bitnami/bitnami.conf

Add this:

<VirtualHost *:80>
  ...
  RewriteEngine On
  RewriteCond %{HTTP:X-Forwarded-Proto} !https
  RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
  ...

Thanks

Hi

The bitnami wordpress comes with a dummy SSL example.com, with load balancer handling all the redirection, do we still need to install our domain’s SSL at the application level?

Thanks

Hi,

With a vanilla wordpress install, I managed to configure the load balancer to redirect http to https and www to non-www without editing any server files.

  1. I wonder if I have missed out any important issues without editing the application’s files as per guide?

The web application is currently accessible by the Load Balancer’s IP and VM’s IP.

http://VM-EXT-IP ----> http://wordpress_front_page
http://VM-EXT-IP/wp-admin -----> http://Wordpress_Admin_Page

httpS://VM-EXT-IP ----> NET::ERR_CERT_AUTHORITY_INVALID
httpS://VM-EXT-IP/Wp-admin —> NET::ERR_CERT_AUTHORITY_INVALID

  1. I understand the app comes with a dummy SSL. The NET::ERR_CERT_AUTHORITY_INVALID is it because of not editing the files as per the guide? or I do still need to install our domain’s SSL at the server level?

  2. After I edited the siteurl and home address via wp-config.php, to reflect the domain name

define( ‘WP_HOME’, ‘http://domain.com/’ );
define( ‘WP_SITEURL’, ‘http://domain.com/’);

http://VM-EXT-IP ----> http://Wordpress front page
http://VM-EXT-IP/wp-admin -----> httpS://domain.com/wp-admin

httpS://VM-EXT-IP ---->NET::ERR_CERT_AUTHORITY_INVALID
httpS://VM-EXT-IP/wp-admin —> NET::ERR_CERT_AUTHORITY_INVALID

  1. Does Bitnami recommend editing the wp-config.php tp change the IP to domain name? Also, is it necessary to change IP to domain name?

Thanks for your time and patience

Hi @4WU,

We have a Support Tool that will gather relevant information for us to analyze your configuration and logs. Could you please execute it on the machine where the stack is running by following the steps described in the guide below?

How to Run the Bitnami Support Tool in a cloud image or virtual machine

Please note that you need to paste the code ID that is shown at the end.

Regards,
Michiel

Hi michiel,

Thanks. I have not configured anything at the server level.

I wonder if what I have described is an expected behaviour if one didn’t edit the server’s files as per guide?

Thanks

Hi michiel,

0e9359d4-91a3-0f1b-e033-bb06eb054677

Is there a way that we can edit the post instead of replying?

Hi @4WU,

Sorry, I just realised I didn’t answer all your questions.

You don’t need to configure the SSL at the server level. The SSL is offloaded by the loadbalancer and sends requests to port 80 (HTTP). The x-forwarded proto rules described in the guide are needed to let WordPress know that it’s in fact a HTTPS request to prevent endless redirects.

Yes, we recommend it in our guide:

https://docs.bitnami.com/bch/apps/wordpress/administration/configure-domain/

Unfortunately not.

Could you tell me if applying the steps in the guide has solved the issue?

Regards,
Michiel

HI @michel

71be7aed-6f21-c317-c55d-db4c19ec60b8

Thanks. After applying the changes as per guide, it is still the same.

Hi @4WU,

I visited your site and the certificate seems to be ok. Could you give more details?

Regards,
Michiel

Hi @michiel

Thanks and I posted it here

Is it the expected behaviour?

Hi @4WU,

Yes, it’s configured correctly.

Regards,
Michiel

Thanks @michiel for your patience.

For this.

[http://VM-EXT-IP](http://vm-ext-ip/) ----> http://wordpress_front_page
[http://VM-EXT-IP/wp-admin](http://vm-ext-ip/wp-admin) -----> http://Wordpress_Admin_Page

[httpS://VM-EXT-IP](https://vm-ext-ip/) ----> NET::ERR_CERT_AUTHORITY_INVALID
[httpS://VM-EXT-IP/Wp-admin](https://vm-ext-ip/Wp-admin) —> NET::ERR_CERT_AUTHORITY_INVALID

Is it possible to be

[http://VM-EXT-IP](http://vm-ext-ip/) ----> httpS://domain name
[http://VM-EXT-IP/wp-admin](http://vm-ext-ip/wp-admin) -----> httpS://domain name

[httpS://VM-EXT-IP](https://vm-ext-ip/) ----> httpS://domain name
[httpS://VM-EXT-IP/Wp-admin](https://vm-ext-ip/Wp-admin) —> httpS://domain name

The domain is resolved to load balancer’s IP so how can I use it with letsencrypt at the server level?

Thanks

Hi @4WU,

I was assuming you configured the SSL at the loadbalancer level here, so my comments are meant for that scenario.

If you are using a load balancer you need to configure it with it’s own SSL, which is described in the guide.

Regards,
Michiel

Hi @michiel

Thanks.

Is it possible to make it

http://VM-EXT-IP ----> httpS://domain name
http://VM-EXT-IP/wp-admin -----> httpS://domain name

httpS://VM-EXT-IP ----> httpS://domain name
httpS://VM-EXT-IP/Wp-admin —> httpS://domain name

Hi @4WU,

I’m not sure I understand what you mean. Could you expain?

Regards,
Michiel