Support Forum
Pre - I just put the website on a farm (self hosted) and I'm using ARR so I can serve up multiple sites across multiple servers using a single IP address. This appears to be working perfectly.
I added WordPress HTTPS) SSL to the site and bound my SSL certificate for the site (not wildcarded) to the webite in the IIS-7 Server.
I set the page "Forum" in the webserver for Post to use HTTPS and child post to use HTTPS.
Everything seems to work fine except the ability to edit posts. This function is seen as insecure and will not load. I have an idea that it's calling an insecure script directly.
What are your thoughts?
Update: I've been thinking it's possibly the post back to the TinyMCE editor that's throwing the exception.
The problem it seems is that if I don't make the whole site https and change the name of the website in WP settings to https then the TinyMCE editor barfs in simple-press. WordPress HTTPS was the solution in prior versions but it doesn't play well with 3.8.1.
At this point I've resolved to just setting the admin dashboard and the login page to use SSL. That in itself presents issues because if you jump to the forum from the login page without actually logging in and your menu item is a page then the forum page gets called with https instead of http. I fixed that by using a link instead of a page in the menu and making the link to http. Not the best solution but it works.
In the process of making the admin page load with ssl I found that when I went to edit a page, IE, Firefox and Chrome all puked back a message about non secure items in the page. TinyMCE is my default editor so that pretty much nails it down to being the culprit.
Don't scratch your heads over this too much. One of us doing that is enough for now. If I find the solution, and I will eventually, I will post it back here.
Steve
how are you doing ssl? which wp ssl constants are defined in the wp-config.php file? fundamentally, wp does the heavy lifting on ssl...
not sure why a url fragment would affect ssl... dont see anything that does not permit it...
Visit Cruise Talk Central and Mr Papa's World
Mr Papa said
how are you doing ssl? which wp ssl constants are defined in the wp-config.php file? fundamentally, wp does the heavy lifting on ssl...not sure why a url fragment would affect ssl... dont see anything that does not permit it...
I was able to correct the problem using IIS URL Rewrite 2.0 and Application Request Routing. The{HOST_REQUEST} to TinyMCE was being made to http while {HTTPS} was on. I added a outbound rule to take care of it.
Realizing the potential for this in any plugin, I set all permalinks back to the Wordpress defaults and then created the rules at the server level.
The caveat is that if you've got a poorly written plugin that you like it may break if it calls back to a source server that does not have a valid certificate. My favorite Weather plugin did that so I ended up writing my own.
Steve
still not sure I followed all that! 😉 partly because have never used IIS...
so, currently, all is well with simple press then?
Visit Cruise Talk Central and Mr Papa's World
I had most of it resolved but still needed to add the if statement to wp-config to make it work right.
define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
That gives me Word Press logons under SSL but doesn't give me Simple Press logons using SSL. The only thing I care about is the logon. After that it can go back to http.
I could go in and mod the logon function but that would like get overwritten with the next update. A secure logon plugin would be nice.
An interesting note for people that might think about installing a separate Application Request Routing Server is that you really need to do a mips analysis on all the resources it needs to touch. Sizing can become somewhat exponential resulting in bottlenecks. It can provide disk caching but that's not a good choice with dynamic websites and specially ones like WordPress that are constantly changing. There are other problems also such as the way it deals with static and dynamic compression.
What I ended up doing was placing all of my http requirements on a relatively large webserver and then use the ARR server to manage the SSL requests only. I can now route SSL to several servers on a single IP address and still deliver HTTP traffic on that same address. This was my original goal but then I decided to push the envelope.
The reason this all came about is because I have several small business clients that have MS Small Business Server. My forte' is IT cost reduction and this is another tool for accomplishing that.
wonder if thats an IIS thing? because I dont have any issue with simple press and https... but must admit, we are no where near ssl experts and have rudimentary understanding...
and btw, there is no such thing as a simple press logon - all our wp... we may put their form in the forum header, but its still wp handling the login... if that inline form is the issue, I would just turn it off and instead have the login link direct to the site login page... should give you what you are after oto...
Visit Cruise Talk Central and Mr Papa's World
1 Guest(s)