Score:0

Forcing HTTP/HTTPS Redirect on AWS LightSail Wordpress Multisite - Not being implemented

mp flag

I have searched many site and also Bitnami support pages and I was unable to find an answer to this issue I see. I cannot post on Bitnami support cummunity as a new topic as I have just joined :/

I have summarised as best I can but there is a lot of detail because I have added all the relevant configuration files.

I am running Wordpress MultiSite application running on AWS Lightsail Linux instance launched using Bitnami Installation System Package. My site is running fine and I have also successfully added and configured an Lets Encrypt SSL certificate. I can send both HTTP and HTTPS requests for my root and subdomain and see 200 OK in both curl types. Therefore the SSL certificate configured on port 443 is working as expected.

curl -L -svo /dev/null https://trevorwalsh.art

The only redirect currently configured on Apache is redirecting requests subdomain 'www.trevorwalsh.art' ----> 'trevorwalsh.art'. This is added when setting up this WordPress multisite.

curl -L -svo /dev/null www.trevorwalsh.art

I verified that for Wordpress MultiSite, the process for adding the Lets Encrypt SSL cert does currently allow for the configuration of HTTP to HTTPS redirection in Apache unlike in if using standard Wordpress and Apache. Therefore I researched and following the guidance seen in the following Bitnami doc. My stack is 'Approach A: Bitnami Installations Using System Packages' [1] Force HTTPS Redirection With Apache:-

I have added the contents of each relevant file that are required to be edited below:-


File --> /opt/bitnami/apache2/conf/bitnami/bitnami.conf

# Let Apache know we're behind a SSL reverse proxy
SetEnvIf X-Forwarded-Proto https HTTPS=on

<VirtualHost _default_:80>
   DocumentRoot "/opt/bitnami/apache/htdocs"
# BEGIN: Configuration for letsencrypt 
   Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
   RewriteEngine On
   RewriteCond %{HTTPS} !=on
   RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
   RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]   
# END: Configuration for letsencrypt
 <Directory "/opt/bitnami/apache/htdocs">
   Options Indexes FollowSymLinks
   AllowOverride All
   Require all granted
 </Directory>

 # Error Documents
 ErrorDocument 503 /503.html
 </VirtualHost>

 Include "/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf"

File --> /opt/bitnami/apache2/conf/bitnami/bitnami-ssl.conf

<IfModule !ssl_module>
  LoadModule ssl_module modules/mod_ssl.so
</IfModule>

Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EX$
SSLPassPhraseDialog  builtin
SSLSessionCache "shmcb:/opt/bitnami/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
   DocumentRoot "/opt/bitnami/apache/htdocs"
   SSLEngine on
   SSLCertificateFile "/opt/bitnami/apache/conf/trevorwalsh.art.crt"
   SSLCertificateKeyFile "/opt/bitnami/apache/conf/trevorwalsh.art.key"
# BEGIN: Configuration for letsencrypt
   Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
   RewriteEngine On
   RewriteCond %{HTTPS} !=on
   RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
   RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L] 
# END: Configuration for letsencrypt
   <Directory "/opt/bitnami/apache/htdocs">
     Options Indexes FollowSymLinks
     AllowOverride All
     Require all granted
   </Directory>

  # Error Documents
   ErrorDocument 503 /503.html
 </VirtualHost>

File --> /opt/bitnami/apache2/conf/vhosts/00_status-vhost.conf

<VirtualHost 127.0.0.1:80>

  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
  RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

 ServerName status.localhost
  <Location /server-status>
    Require local
    SetHandler server-status
  </Location>

 </VirtualHost>

I added the correct 'ServerName' and 'ServerAlias' root domain and subdomain values based on the guidance seen in the this doc:- [2] Configure Blogs For Different Domains With Different SSL Certificates:-

File --> /opt/bitnami/apache2/conf/vhosts/wordpress-https-vhost.conf

<VirtualHost 127.0.0.1:443 _default_:443>
  ServerName trevorwalsh.art
  ServerAlias *.trevorwalsh.art
  SSLEngine on
  SSLCertificateFile "/opt/bitnami/apache/conf/trevorwalsh.art.crt"
  SSLCertificateKeyFile "/opt/bitnami/apache/conf/trevorwalsh.art.key"
  DocumentRoot /opt/bitnami/wordpress
# BEGIN: Configuration for letsencrypt
  Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
  RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
# END: Configuration for letsencrypt
  <Directory "/opt/bitnami/wordpress">
    Options -Indexes +FollowSymLinks -MultiViews
    AllowOverride None
    Require all granted
    # BEGIN WordPress fix for plugins and themes
    # Certain WordPress plugins and themes do not properly link to PHP files because of symbolic links
    # https://github.com/bitnami/bitnami-docker-wordpress-nginx/issues/43
    RewriteEngine On
    RewriteRule ^bitnami/wordpress(/.*) $1 [L]
    # END WordPress fix for plugins and themes
    # BEGIN nip.io redirection
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(:[0-9]{1,5})?$
    RewriteRule ^/?(.*) %{REQUEST_SCHEME}://%1.nip.io%2/$1 [L,R=302,NE]
    # END nip.io redirection
    # BEGIN WordPress Multisite
    # Using subdomain network type: https://wordpress.org/support/article/htaccess/#multisite
    RewriteEngine On
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    # add a trailing slash to /wp-admin
    RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
    RewriteRule ^(.*\.php)$ $1 [L]
    RewriteRule . index.php [L]
    # END WordPress Multisite
  </Directory>
  Include "/opt/bitnami/apache/conf/vhosts/htaccess/wordpress-htaccess.conf"
 </VirtualHost>

File --> /opt/bitnami/apache2/conf/vhosts/wordpress-vhost.conf

<VirtualHost 127.0.0.1:80 _default_:80> ServerAlias * DocumentRoot /opt/bitnami/wordpress
 # <VirtualHost _default_:80>  # BEGIN: Configuration for letsencrypt
 # BEGIN: Configuration for letsencrypt
     Include "/opt/bitnami/apps/letsencrypt/conf/httpd-prefix.conf"
     RewriteEngine On
     RewriteCond %{HTTPS} !=on
     RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
     RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]  
# END: Configuration for letsencrypt
   <Directory "/opt/bitnami/wordpress">
     Options -Indexes +FollowSymLinks -MultiViews
     AllowOverride None
     Require all granted
     # BEGIN WordPress fix for plugins and themes
     # Certain WordPress plugins and themes do not properly link to PHP files because of symbolic links
     # https://github.com/bitnami/bitnami-docker-wordpress-nginx/issues/43
     RewriteEngine On
     RewriteRule ^bitnami/wordpress(/.*) $1 [L]
     # END WordPress fix for plugins and themes
     # BEGIN nip.io redirection
     RewriteEngine On
     RewriteCond %{HTTP_HOST} ^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(:[0-9]{1,5})?$
     RewriteRule ^/?(.*) %{REQUEST_SCHEME}://%1.nip.io%2/$1 [L,R=302,NE]
     # END nip.io redirection
     # BEGIN WordPress Multisite
     # Using subdomain network type: https://wordpress.org/support/article/htaccess/#multisite
     RewriteEngine On
     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
     RewriteBase /
     RewriteRule ^index\.php$ - [L]
     # add a trailing slash to /wp-admin
     RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
     RewriteCond %{REQUEST_FILENAME} -f [OR]
     RewriteCond %{REQUEST_FILENAME} -d
     RewriteRule ^ - [L]
     RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
     RewriteRule ^(.*\.php)$ $1 [L]
     RewriteRule . index.php [L]
     # END WordPress Multisite
   </Directory>
   Include "/opt/bitnami/apache/conf/vhosts/htaccess/wordpress-htaccess.conf"
 </VirtualHost>

Lastly, I verified that I had the correct parameters in the 'wordpress-htaccess.conf' file seen below after reviewing the information seen in the following doc:- [3] Understand Default .Htaccess File Configuration - Add A New Section In The .Htaccess File

File --> /opt/bitnami/apache2/conf/vhosts/htaccess/wordpress-htaccess.conf

<Directory "/opt/bitnami/wordpress/wp-content/plugins/akismet">
# <Directory "/opt/bitnami/wordpress">
  # Only allow direct access to specific Web-available files.

  # Apache 2.2
  <IfModule !mod_authz_core.c>
        Order Deny,Allow
        Deny from all
  </IfModule>

  # Apache 2.4
  <IfModule mod_authz_core.c>
        Require all denied
  </IfModule>

  # Akismet CSS and JS
  <FilesMatch "^(form\.js|akismet\.js|akismet\.css)$">
        <IfModule !mod_authz_core.c>
                Allow from all
        </IfModule>
        
        <IfModule mod_authz_core.c>
                Require all granted
        </IfModule>
  </FilesMatch>

  # Akismet images
  <FilesMatch "^logo-(a|full)-2x\.png$">
        <IfModule !mod_authz_core.c>
                Allow from all
        </IfModule>
        
        <IfModule mod_authz_core.c>
                Require all granted
        </IfModule>
  </FilesMatch>
</Directory>

However I can not get the Forcing HTTP/HTTPS Redirect to work and after attempting to resolve this myself I need help as I maybe missing something here.

Thanks in advance for your help.

Score:1
er flag

I was having the same issue you had. The only way I found for the moment is using this plugin suggested by AWS: Really Simple SSL

Once activated, it forces HTTP to HTTPS automatically, using the previously ssl certificate installed with bncert tool and Let's Encrypt.

https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress

Score:0
cn flag

you need to

sudo /opt/bitnami/ctlscript.sh restart apache

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.