You are here
Simi - Sat, 2018/02/24 - 19:04
Hi,
I've just installed Turnkey Linux and I would like to ask you how I can use SSL for Wordpress. I'm getting defaulte Apache webpage instead wordpress website (without ssl wordpress is being loaded).
I would also like to ask you about redirection from http to https. I need to always encrypt my website.
Thanks!
Simon
Forum:
Hi Simi
Regarding redirection, you have 2 options that come to mind. You can use redirection to explicitly set the server to redirect to https:/your.domain.com. Or you can use rewrite rules to redirect from http to https (regardless of what domain/IP address). Both of these will need to go within the "<VirtualHost *:80>" section of the site conf (i.e. /etc/apache2/sites-available/wordpress.conf).
Redirect:
Rewrite:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L,QSA]Both will require a reload/restart of Apache, the rewrite will also require that the rewrite module is enabled. E.g. for the rewrite:
Hi Jeremy!
Hi Jeremy!
The config file is the same. I use a self-signed cert but I assume it's not causing an issue.
I'm getting "Apache2 Debian Default Page".
Can I debug apache somehow?
Thanks!
Simon
That doesn't sound right?!
Perhaps another config file is adjusting things? Please give the output of this:
That will show all the sites/virtualhosts enabled. IIRC there should only be 2, wordpress.conf and adminer.conf. If you have any others, perhaps try disabling them? E.g.:
Also if your site is publicly available, please feel free to post a url and I can check it from my end (just to double check).
Also FYI, the /etc directory is saved as a git repo (via etckeeper) so you can view changes that have been made to config files if you think it may have been something you've done accidentally or inadvertently.
Problem solved! I had problem
Problem solved! I had problem with my firewall, my apologize. Last question.
I'm trying to install Let's encrypt cert but the wrapper script stops at 34%.
ERROR: Challenge is invalid! (returned: invalid)
Do I have to do something else?
Thanks
Simon
I assume that you are referring to Confconsole Let's Encrypt?
If so, my assumption is that you've hit a known bug. FWIW I have fixed that (and made some improvements), but we haven't yet uploaded the new package. In the meantime, there is a workaround posted in this comment (starts with the sentence "The workaround is really simple!").
Sorry that we don't yet have an updated package, but it'll be up really soon hopefully (within the next week or 2).
Thank you so much Jeremy! You
Thank you so much Jeremy! You've solved all my problems.
I wish you all the best!
Regards,
Simon
Great news Simon! :)
Please do not hesitate to post back if you have further questions, feedback or recommended improvements we might be able to make in he future. Probably best to start a new thread though if it's not directly related to this one.
Good luck with it all moving forward, and hopefully chat with you another day! :)
Follow up question
Hey, thanks for the instructions! This is probably a silly question, but is there any reason to prefer one approach over the other (redirection vs. rewrite)? Also, is there any reason not to enable both approaches if the goal is simply to ensure that all resources are served over https?
Best regards,
Rob
Redirect vs Rewrite
No it's not a silly question. There is overlap in use case (mainly because Rewrite is much more flexible), but they fundamentally do different things (with the implication that , yes you can use them together, but be careful you don't accidentally create an infinite loops).
The Redirect directive comes from mod_alias. It's a fairly simple operation that essentially just tells the client to request an alternate URL.
Rewrite refers to the "Rewrite module" aka mod_rewrite. It provides directives like RewriteEngine, RewriteCond and RewriteRule. It supports regex and is incredibly flexible. It can be used to silently redirect traffic internally (i.e. without changing the address in the browser address bar) but it can also support redirection as well (i.e. so the address in the browser address bar will also be updated). Because of it's flexibility (and resulting complexity) there is an additional Apache doc page which covers a number of pragmatic examples.
Redirect is generally preferable where possible, due to it's simplicity (and resulting lower server load and faster processing time). Where more flexibility is required, use rewrite. Unless your site is serving a ton of traffic and/or has lots of rewrite, it's likely that you won't notice any significant performance difference either way. Although it is worth noting that the load will scale with the amount of rewrites and the volume of traffic (i.e. "additional server load" = "number of configured rewrites being processed" x "volume of traffic"). So there is certainly going to be a point where minimizing rewrites will make a noticeable difference.
It's perhaps also worth noting that using permanent rewrites (i.e. 301 or 308 - both are permanent redirects; 301 being older and more generic; 308 being newer and more strict) will mitigate the load for repeat visitors (for both Redirect and Rewrite). That is because the browser will cache a permanent redirect, thus relieving the server of any associated processing load for future visits.
Add new comment