Skip to content
This repository has been archived by the owner on Mar 11, 2018. It is now read-only.

Unable to properly configure SSL on a wordpress hosted on Heroku #119

Open
JeanLebrument opened this issue Sep 1, 2016 · 2 comments
Open

Comments

@JeanLebrument
Copy link

JeanLebrument commented Sep 1, 2016

Hello,

I would like to force SSL on every page of a wordpress site hosted on Heroku using a custom subdomain.

Here is what I tried so far:

  1. I created my wordpress project from this repository: https://github.com/mhoofman/wordpress-heroku
  2. I added a custom subdomain in the Heroku settings with the following configuration:

Configuration: mysubdomain.mydomain.com
DNS Target: my-app.herokuapp.com

  1. I added the Heroku SSL plugin
  2. I uploaded my SLL certs of my wildcard SSL certificate bought from DNSSimple to Heroku and I get back the following url: an-app-id.herokussl.com
  3. I created a CNAME redirection from mysubdomain.mydomain.com to an-app-id.herokussl.com
  4. The wordpress is configured as bellow in Settings -> General:

WordPress Address (URL): http://mysubdomain.mydomain.com
Site Address (URL): http://mysubdomain.mydomain.com

  1. The HTTPS plugin is configured as bellow:

SSL Host: mysubdomain.mydomain.com PORT: default port
Force SSL Administration: Checked
Force SSL Exclusively: Checked
Remove Unsecure Elements: Uncheked
Debug Mode: Checked
Proxy: No

Without any further custom configurations.

I have one problem:

1/ When I go to this URL: https://mysubdomain.mydomain.com I'm redirected to http://mysubdomain.mydomain.com

What did I miss?

@ladydanger
Copy link

Hey mate, I know this is late and you’ve most likely already found a solution, but I stumbled on your issue when looking to add ssl today on my wordpress blog hosted with heroku.

This worked for me with no redirects. I'm using Automated Certificate Management on Heroku that was released last month though so not using the ssl plugin and I’ve made changes directly to the files.

In the wp-config.php file add the following just above the /* That's all, stop editing! Happy blogging. */ line.

define('FORCE_SSL_ADMIN', true);
// in some setups HTTP_X_FORWARDED_PROTO might contain 
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
       $_SERVER['HTTPS']='on';

And in the .htcaccess file add this below <IfModule mod_rewrite.c> and above RewriteEngine On.

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Then push to production.

@rutchkiwi
Copy link

Thanks @ladydanger that sorted it out for me too!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants