How to set up SSL for wordpress-ha?

[DarthJahus]

We're trying to migrate our website to Google Cloud platform, but the click-to-deploy solution " WordPress High Availability (Beta)" doesn't come with HTTPS.

What is the best way to implement it?

Edit: It would be great to integrate SSL into the click-to-deploy process as HTTPS is now the standard that's pushed even by Google.

[YaguraStation]

You enable HTTPS and add a certificate on the GCP Load Balancer.

[haqmmm]

I have the same issue. activated the google cloud Wordpress HA, added https to the same IP which has active HTTP.

SSL successfully activated, ssllabs.com/ssltest/analyze.html reports are also OK

I am able to visit the website with HTTP but if I access it through https, it shows a broken page without images - plus also not allowing me to visit /wp-admin error is too many redirects.

[aav66]

Thanks for reporting this issue. As I know this feature was implemented. Please follow instructions from Wordpress solution: https://github.com/GoogleCloudPlatform/click-to-deploy/tree/master/k8s/wordpress#create-tls-certificate-for-wordpress

[himanshuahuja96]

I have same issue, I have deployed ssl on load balancer it was success and after that I'm getting infinite redirect when I'm trying to visit /wp-admin.

Could you please help with this issue?

[haqmmm]

I still have the same issue as mentioned above

On Wed, Apr 1, 2020 at 7:16 PM himanshuahuja96 [email protected] wrote:

I have same issue, I have deployed ssl on load balancer it was success and after that I'm getting infinite redirect when I'm trying to visit /wp-admin.

Could you please help with this issue?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/GoogleCloudPlatform/click-to-deploy/issues/485#issuecomment-607293060, or unsubscribe https://github.com/notifications/unsubscribe-auth/AOQKAMORG24HWHFWM56HYDTRKNHVRANCNFSM4HD5WLKA .

[sushen]

I was running a binary WordPress in VM before. Now I deploy this from the application I lost the SSL. I see The instruction Create TLS certificate for WordPress But Can you tell me, please? If I Run Cluster Cloud Shell is it work?

[chateauvieux]

I am facing the same issue: I get "mixed content errors" when I attempt to use a HTTPS load balancer in front of the wordpress-ha. I have tried, to no avail, to make use of HTTP Hearders in the url mapping to signal Wordpress that it is behind a HTTPS LB (by adding the X-Forwarded-Proto:https header). The only way I found to get rid of the issue is to 'force' Wordpress to behave as if it is requested in HTTPS by adding a PHP $_server['secure'] tweak in the wp-config.php file

PS: It is difficult to understand why there is no standard 'use SSL' option in the deployment template for this...

[chateauvieux]

I found a solution ! By adding an Apache rewrite rule in a .htaccess file, we can let Wordpress know that the client who is requesting data is actually using SSL (something that WP doesn't know when behind the LB, as the LB does SSL termination). It is as simple as leveraging the de-facto X-Forwarded-Proto standard that the LB luckily propagates down to WP. This rule made the trick for me:

<IfModule mod_setenvif.c> SetEnvIf X-Forwarded-Proto "^https$" HTTPS </IfModule>

[srossross]

Any update on this issue? I don't see the . htaccess file @chateauvieux mentioned in the storage bucket.

On top of that, I don't think the rewrite will work, the config seems to be hard coding the IP address instead of the domain I linked:

If I go to https://mydomain.com then I see hard coded refrences to the IP http://34.95.82.51 in the page source

<link rel='dns-prefetch' href='//34.95.82.51' />
  | <link rel='dns-prefetch' href='//s.w.org' />
  | <link rel="alternate" type="application/rss+xml" title="WordPress HA on Google Cloud &raquo; Feed" href="http://34.95.82.51/?feed=rss2" />
  | <link rel="alternate" type="application/rss+xml" title="WordPress HA on Google Cloud &raquo; Comments Feed" href="http://34.95.82.51/?feed=comments-rss2" />