How to properly configure DNS and Flexible SSL for Wordpress hosted on OpenShift through CloudFlare

Question

TL;DR: I want to redirect https to http on all pages except for admin/login, where I want the exact opposite to happen. I also want www redirected to bare domain name. (UPDATE: Check Update 3 for the answer)

As is probably clear from the title, I have a Wordpress blog hosted on OpenShift for free. I have a custom domain bought from GoDaddy. I'm using cloudflare so I can have free SSL.

Here's my configuration:

CloudFlare DNS:

CloudFlare Page Rules:

This is what worked best. I actually wanted to have this rule:

*ghostlessmachine.com/* -> https://ghostlessmachine.com/$1

But I ran into even more problems like that, even though it seems to be pretty much what I'm supposed to do according to this CloudFlare article. Actually, initially I wanted to only force SSL in admin pages, but I didn't even know how to attempt that. I thought of using two page rules, like this:

*ghostlessmachine.com/* -> http://ghostlessmachine.com/$2

*ghostlessmachine.com/wp-* -> http://ghostlessmachine.com/$2

But I had no luck.

Here's my OpenShift configuration:

When I write ghostlessmachine.com in my address bar, it correctly takes me to https:.... I have shared a link, however (https://ghost...), and one person has reported not being able to access it. I couldn't reproduce locally.

When I try www.ghost..., I get:

This webpage has a redirect loop

ERR_TOO_MANY_REDIRECTS

Does anybody have any idea what I'm doing wrong? I've lost track of how many different configurations I've tried, but nothing seems to work.

Thanks!

UPDATE

OK, so following the advice in the comment I managed to get the situation a bit better. Still it's counter intuitive for me how the article I initially linked to just didn't get the job done while the other SO question did. So here's what I've changed:

Deleted the www.ghost... alias from OpenShift.
Changed CloudFlare's CNAME record from www -> blabla.rhcloud.com to www -> ghostlessmachine.com
Created this Page Rule: www.ghostlessmachine.com/* -> http://ghostlessmachine.com/$1

Now both ghost... and www.ghost... work and take me to http://ghost.... However, if I type https://ghost..., it also works without redirecting me to simple http. This is a problem.

I tried using this Page Rule instead:

ghostlessmachine.com/ -> http://ghostlessmachine.com/$2

So that I got https://, http://www, www, everything redirected to http://ghost..., but it doesn't work. I can't access my blog anymore and whatever address I try I get ERR_TOO_MANY_REDIRECTS.

UPDATE 2

Here's my full setup after all suggestions:

htaccess:

wp-config.php:

CloufFlare:

Result:

https -> http on non-admin/login pages: WORKING ✓
Trying to access admin/login pages: ERR_TOO_MANY_REDIRECTS

Update 3

This did the trick:

I still don't understand why this works and the rest doesn't though. This was basically a series of rather blind trial and error with some input from Allen here and Simon in the CloudFlare support page. In any case, all my requirements are respected now, thanks!

I would configure the DNS this way `ghostlessmachine.com CNAME wordpress-ghostlessmachine.rhcloud.com` and `www.ghostlessmachine.com CNAME ghostlessmachine.com` to prevent the redirect loop, as [answered here](http://stackoverflow.com/questions/23169529/how-to-use-naked-godaddy-domain-with-openshift-hosting). — Jiri Fiala, Jan 15 '16 at 10:34
I followed the instructions you linked to: changed the second CNAME record + removed the OpenShift alias with `www`. I didn't create any page rule though. I expected this to make ERR_TOO_MANY_REDIRECTS disappear but to keep the `www` in the URL, or to get a ERR_NAME_NOT_RESOLVED. Instead, I keep getting ERR_TOO_MANY_REDIRECTS. Do you understand why? I have no idea. — Ariel, Jan 15 '16 at 13:46
I added this page rule: `www.ghostlessmachine.com/* -> http://ghostlessmachine.com/$1`. I entered the address and I got redirected to `https://www.ghostlessmachine.com/app`. I have no idea where the `https` and `/app` are coming from! Still I get ERR_TOO_MANY_REDIRECTS. — Ariel, Jan 15 '16 at 13:50
Oops, false alarm! I guess I didn't wait enough before testing. It seems to be working now! I just have to make the `https` work only for admin pages now. — Ariel, Jan 15 '16 at 14:18

score 0 · Answer 1 · edited May 23 '17 at 12:08

0

make sure following in your wp-config.php file:

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);

look over here: Force non-WWW but force https across all of wordpress & the entire domain

for redirect everything else to non-https, you can add following into your root .htaccess file, before the wordpress rewrite:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/wp-admin.*
RewriteCond %{REQUEST_URI} !^/wp-login.*
RewriteCond %{HTTP_REFERER} !^https://.*
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [L]

RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Update: CloudFlare's Page rule has following "Page rule priority is determined by their position in the list. If multiple rules match a URL, rules at the top take higher priority. "

let's see what happens before:

request to https://www.ghostlessmachine.com/wp-admin hit the first rule, match found, then it goes to http://www.ghostlessmachine.com/wp-admin!
now here comes http://www.ghostlessmachine.com/wp-admin, first rule, no rewrite, goes down to 3rd rule, oops, it needs goto https://www.ghostlessmachine.com/wp-admin!

this is how the loop comes

edited May 23 '17 at 12:08

Community

1
1

answered Jan 19 '16 at 14:43

Allen

6,505
16
19

But I also want to redirect HTTPS to HTTP when it's NOT an admin page. How do I do that? – Ariel Jan 19 '16 at 18:49
in your .htaccess use following : `RewriteCond %{HTTPS} =on RewriteCond %{REQUEST_URI} !^/wp-admin.* RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [L]` – Allen Jan 19 '16 at 19:32
Didn't work. And correcting what I said previously: I want to force HTTPS for admin AND LOGIN pages*. All the rest should redirect HTTPS to HTTP. – Ariel Jan 21 '16 at 09:07
@Ariel what is your account login url? – Allen Jan 21 '16 at 13:50
Still not working =/ I'm wondering if something is causing the `htaccess` rules to not take effect… – Ariel Jan 22 '16 at 13:54
@Ariel, what is not working? www.ghostlessmachine.com/wp-admin got redirected to https! – Allen Jan 22 '16 at 14:07
Yes, that has been working since I edited `wp-config.php`. But `https://ghostlessmachine.com/en/`(with S) is NOT redirecting to `http://ghost...` (without S). Check my first comment to this answer. – Ariel Jan 22 '16 at 14:19
@Ariel do it in the cloudflare's page rules! – Allen Jan 22 '16 at 14:33
I did it, and it worked. But it seemed like a non-ideal solution because I only have the right to 3 Page Rules and I had to redirect `/en/` and `/pt/` because I can't use regex in the page rules and can only include patterns, but not exclude them. So instead of excluding `wp-admin` and `wp-login`, I had to include only `/en` and `/pt`. Then what if I add another language in the future? It's not very ok. – Ariel Jan 22 '16 at 14:52
3 rules should be enough for your case, first 2 rules for wp-admin and wp-login to https, then the rest use * to http. – Allen Jan 22 '16 at 15:24
I've tried that, but that creates a conflict: If I try to access `http://.../wp-admin/login`, the `admin/login -> https` rule takes me to HTTPS, but then the `* -> http` rule tries to redirect me back to HTTP and I get ERR_TOO_MANY_REDIRECTS. – Ariel Jan 22 '16 at 15:29
`*example.com/wp-admin/*SSL: Full SSL, Cache expiration: 4 hours *example.com/wp-login*SSL: Full SSL, Cache expiration: 4 hours *example.com/*SSL: Off, Cache expiration: 4 hours` worked for me, no redirects! – Allen Jan 22 '16 at 17:37
Still getting ERR_TOO_MANY_REDIRECTS. Check the updated the question. – Ariel Jan 22 '16 at 20:38
@Ariel, put the * as the last rule! order is important. – Allen Jan 22 '16 at 21:05
It worked in the sense that I don't get the redirect loop error anymore, but if you check the TL;DR in the first line of my question, you'll see I also want `www` redirected to the bare domain, and that is not working. – Ariel Jan 24 '16 at 10:15
I merged the `wp-admin` and `wp-login` page rule and then I could add a 301 redirect from `www` to bare domain. Now everything works. I still don't know why it works though and why the rest failed. There are many configurations that seemed like they "should work". If you update your answer with my final configuration and add a brief explanation of what's going on, I'll accept it :) Thanks for the help! – Ariel Jan 24 '16 at 10:35

How to properly configure DNS and Flexible SSL for Wordpress hosted on OpenShift through CloudFlare

Update 3

1 Answers1