0

I'm starting with AWS deployment, mostly out of necessity, with a Wordpress install on Elastic Beanstalk, Elastic Filesystem, Amazon RDS (MariaDB) and Route 53 plus certificates. I followed a couple for starting up and keeping everything together, and so far I've done quite well, but now I'm facing a couple of issues.

  1. After setting Route 53 and a certificate, I wanted to force HTTPS, so I did what I used to do on my WP installs: install Really Simple SSL. So far, it went well. Then I deployed a couple of changes through EB CLI, and I went on a redirect loop hell that forced me to remove that plugin. I tried this a couple of times, with the same result.
  2. I found out that redeploying Wordpress resets some configurations that are supposed to be saved on the database. So far, I noticed permalinks, language and other minor settings are reset after deploying a new version of the app. And maybe this is causing the redirect loops I mentioned.

Looking for a solution, I came across this answer which I have implemented, but I can't tell if it's actually working or not.

What can I do?

Update

I tried the solution proposed by this answer to no avail, the issue replicated. Further searching got me to find someone with exactly the same issue as mine.

From this I thought that maybe Really Simple SSL is the culprit, and started to look for an alternative without using a plugin. So I landed to this AWS Developer Forums thread where some things went kinda well, as I managed to get the homepage and WP Admin to be redirected to HTTPS. But the rest of the site doesn't.

noquierouser
  • 963
  • 2
  • 11
  • 25
  • Are you restoring/migrating to a different domain that the one currently configured in the DB? – Rodrigo Murillo Dec 11 '17 at 19:38
  • @RodrigoM No, it's a fresh install. The only thing I did on Wordpress settings was to change the site url options when I associated the Route 53 domain with Elastic Beanstalk. – noquierouser Dec 11 '17 at 19:45

3 Answers3

1

The following has worked for me on multiple occasions. This assumes that you have an SSL certificate with AWS Certificate Manager.

1. Configure your certificate

Create a file secure-listener.config in your .ebextensions directory with the following content:

option_settings:
    aws:elb:listener:443:
        SSLCertificateId: replace:with:your:arn
        ListenerProtocol: HTTPS
        InstancePort: '80'

Replace the replace:with:your:arn text with the ARN for your certificate. The above tells Elastic Beanstalk to use your SSL certificate with requests on port 443 and to forward those requests to port 80 on your EC2 instances.

2. Set up redirects and environment variables

Create a file ssl-rewrite.config in your .ebextensions directory with the following content:

files:
    "/etc/httpd/conf.d/ssl_rewrite.conf":
        mode: "000444"
        owner: root
        group: root
        content: |
            RewriteEngine On
            <If "-n '%{HTTP:X-Forwarded-Proto}' && %{HTTP:X-Forwarded-Proto} != 'https'">
                RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L=301]
            </If>
            SetEnvIfNoCase X-FORWARDED-PROTO "^https$" HTTPS=on

The <If></If> clause checks whether the X-Forwarded-Proto header, set by Elastic Beanstalk, is equal to https. If not, the request is redirected to https. The SetEnvIfNoCase statement creates an HTTPS environment variable if the original request was over https. WordPress needs this environment variable set to behave correctly.

3. Update your WordPress configuration

Assuming your site is www.example.com, add the following to your wp-config.php file:

define('WP_HOME', 'https://www.example.com');
define('WP_SITEURL', 'https://www.example.com');

This response is based on this tutorial, which may be helpful for additional detail.

S Cherry
  • 71
  • 2
  • Thanks for your answer, @s-cherry, but it didn't get me very far from where I was. When I tried your suggestions in step 1, ELB console complained about deprecated instructions in `secure-listener.config`. Anyway, I manually changed those settings in ELB console configuration. About the rest, it's no different from what I've tried. Do I need to install Really Simple SSL plugin after this or it isn't mandatory? Thanks in advance. – noquierouser Dec 20 '17 at 04:12
  • Bummer, sorry that didn't work. Can you share the exact message about deprecated instructions? I've had trouble in the past going the manual configuration route so using the config file would be preferable if we can get it working. The above won't require the Really Simple SSL plugin. – S Cherry Dec 20 '17 at 18:32
0

Try to set the RELOCATE in the wp-config.php

define('RELOCATE',true);

From Changing the Site URL

Note: When the RELOCATE flag is set to true, the Site URL will be automatically updated to whatever path you are using to access the login screen. This will get the admin section up and running on the new URL, but it will not correct any other part of the setup. Those you will still need to alter manually.

Also check the following tables for consistency:

select * from options where option_name = 'siteurl';
select * from options where option_name = 'home';
select domain from site;
select * from sitemeta;
select * from blogs;
select * from  sitemeta where meta_key = 'siteurl';
Rodrigo Murillo
  • 13,080
  • 2
  • 29
  • 50
0

I didn't get from your comment if you are you using a load balancer (ELB). But even then, Really-simple-ssl should detect that.

The issue with Permalinks can be attributed to that you are actually ignoring your local .htaccess file or it is different from the one on the server. Make sure you include it when updating. Your database is not resetting or being altered when updating. Note that, when you deploy with EB CLI, it basically takes a snapshot of your local version, zips it, and uploads to a new application version, and therefore it completely ignores anything you had in a previous version on your server.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Try to keep all important environment values in EBS, take a look here. I am also including WP_HOME and WP_SITEURL in the those ENV variables so they can easily be adjusted. If you cannot update your database via Phpmyadmin or similar software, use the following in your functions.php to update to HTTPS as well!

update_option( 'siteurl', 'https://example.com' );
update_option( 'home', 'https://example.com' );

In any case you would need this addon to your wp-config.php

if (($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] ==
'https') OR ($_SERVER['HTTP_X_FORWARDED_PROTO'] ==
'https'))
 {$_SERVER['HTTPS']='on';}

I would recommended using this step-by-step guide to install EBS if you haven't already..

If you've tried those things before, let me know, I have some other tricks as well. Also note, that I am assuming you are using the right Security Group settings everywhere!

Cheers!

Hendrik Vlaanderen
  • 808
  • 1
  • 7
  • 13
  • Thanks for your answer Hendrik, but this only solves the problem partially, as I already had. You mention about `.htaccess` file, but my project doesn't have any. Should I generate one? Based on what? I already have `WP_HOME` and `WP_SITEURL` defined in `wp-config.php`. Do I need to use `update_option()` as well? So far the guide you've linked is not far away from what I've already done so far. – noquierouser Dec 20 '17 at 04:06
  • Yes true, that's actually good that it's the same. The issue seems to come from the .htaccess then. Create one locally with the edit above. In case you run it on a sub folder or something, make sure you update it accordingly. Make sure your .gitignore doesn't ignore those files and use eb cli to deploy. I would try the update_option as outlined above, unless you have access to PhpmyAdmin or Adminer to update your database. – Hendrik Vlaanderen Dec 20 '17 at 12:53