Support Forum

Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
general-topic
SSL on the fourm - Can't Edit Posts
Avatar
Stephen Schefer
Member
Free Members
sp_UserOfflineSmall Offline
Apr 3, 2014 - 12:20 pm

Pre - I just put the website on a farm (self hosted) and I'm using ARR so I can serve up multiple sites across multiple servers using a single IP address. This appears to be working perfectly.

I added WordPress HTTPS) SSL to the site and bound my SSL certificate for the site (not wildcarded) to the webite in the IIS-7 Server.

I set the page "Forum" in the webserver for Post to use HTTPS and child post to use HTTPS.

Everything seems to work fine except the ability to edit posts. This function is seen as insecure and will not load. I have an idea that it's calling an insecure script directly.

What are your thoughts?

Update: I've been thinking it's possibly the post back to the TinyMCE editor that's throwing the exception.

Avatar
Stephen Schefer
Member
Free Members
sp_UserOfflineSmall Offline
Apr 3, 2014 - 4:32 pm

The problem it seems is that if I don't make the whole site https and change the name of the website in WP settings to https then the TinyMCE editor barfs in simple-press. WordPress HTTPS was the solution in prior versions but it doesn't play well with 3.8.1.

At this point I've resolved to just setting the admin dashboard and the login page to use SSL. That in itself presents issues because if you jump to the forum from the login page without actually logging in and your menu item is a page then the forum page gets called with https instead of http. I fixed that by using a link instead of a page in the menu and making the link to http. Not the best solution but it works.

In the process of making the admin page load with ssl I found that when I went to edit a page, IE, Firefox and Chrome all puked back a message about non secure items in the page. TinyMCE is my default editor so that pretty much nails it down to being the culprit.

Don't scratch your heads over this too much. One of us doing that is enough for now. If I find the solution, and I will eventually, I will post it back here.

Steve

Avatar
Stephen Schefer
Member
Free Members
sp_UserOfflineSmall Offline
Apr 3, 2014 - 5:28 pm

#spPostForm is where it's puking on me with SSL enabled.

Any help?

Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Apr 3, 2014 - 8:58 pm

how are you doing ssl? which wp ssl constants are defined in the wp-config.php file?  fundamentally, wp does the heavy lifting on ssl...

not sure why a url fragment would affect ssl... dont see anything that does not permit it...

Avatar
Stephen Schefer
Member
Free Members
sp_UserOfflineSmall Offline
Apr 7, 2014 - 4:51 pm

Mr Papa said
how are you doing ssl? which wp ssl constants are defined in the wp-config.php file?  fundamentally, wp does the heavy lifting on ssl...

not sure why a url fragment would affect ssl... dont see anything that does not permit it...

I was able to correct the problem using IIS URL Rewrite 2.0 and Application Request Routing. The{HOST_REQUEST} to TinyMCE was being made to http while {HTTPS} was on. I added a outbound rule to take care of it.

Realizing the potential for this in any plugin, I set all permalinks back to the Wordpress defaults and then created the rules at the server level.

The caveat is that if you've got a poorly written plugin that you like it may break if it calls back to a source server that does not have a valid certificate. My favorite Weather plugin did that so I ended up writing my own.

Steve

Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Apr 7, 2014 - 9:22 pm

still not sure I followed all that! 😉  partly because have never used IIS...

so, currently, all is well with simple press then?

Avatar
Stephen Schefer
Member
Free Members
sp_UserOfflineSmall Offline
Apr 16, 2014 - 2:44 pm

I had most of it resolved but still needed to add the if statement to wp-config to make it work right.

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
       $_SERVER['HTTPS']='on';

That gives me  Word Press logons under SSL but doesn't give me Simple Press logons using SSL. The only thing I care about is the logon. After that it can go back to http.

I could go in and mod the logon function but that would like get overwritten with the next update. A secure logon plugin would be nice.

An interesting note for people that might think about installing a separate Application Request Routing Server is that you really need to do a mips analysis on all the resources it needs to touch. Sizing can become somewhat exponential resulting in bottlenecks. It can provide disk caching but that's not a good choice with dynamic websites and specially ones like WordPress that are constantly changing. There are other problems also such as the way it deals with static and dynamic compression.

What I ended up doing was placing all of my http requirements on a relatively large webserver and then use the ARR server to manage the SSL requests only. I can now route SSL to several servers on a single IP address and still deliver HTTP traffic on that same address. This was my original goal but then I decided to push the envelope.

The reason this all came about is because I have several small business clients that have MS Small Business Server. My forte' is IT cost reduction and this is another tool for accomplishing that.

Avatar
Mr Papa
Simi Valley, CA
SP Master
Free Members
sp_UserOfflineSmall Offline
Apr 16, 2014 - 10:51 pm

wonder if thats an IIS thing?  because I dont have any issue with simple press and https... but must admit, we are no where near ssl experts and have rudimentary understanding... 

and btw, there is no such thing as a simple press logon - all our wp... we may put their form in the forum header, but its still wp handling the login...  if that inline form is the issue, I would just turn it off and instead have the login link direct to the site login page... should give you what you are after oto...

Forum Timezone: Europe/Stockholm
Most Users Ever Online: 1170
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Mr Papa: 19448
Ike: 2086
Brandon: 864
kvr28: 804
jim: 650
FidoSysop: 577
Conrad_Farlow: 531
fiddlerman: 358
Stefano Prete: 325
Member Stats:
Guest Posters: 619
Members: 17361
Moderators: 0
Admins: 4
Forum Stats:
Groups: 7
Forums: 17
Topics: 10127
Posts: 79625