Wordpress Bug With Redis Cache + HTTPS on WordPress Homepage

bruno · Oct 25, 2016

Am on the latest beta, have installed wordpress via #22.

I notice that when I enable Redis Cache with the method outlined on this site (or by choosing it as an option from the GUI), a strange bug occurs.

After enabling Redis Cache, and typing "mysite.com/whatever/page" on any device, it will take me to the http version (despite me having a cloudflare rule to force https - and the fact that all mentions of the URL in the database are https:// , not http:// )

Of course, with no caching enabled (and with wp super cache), when i entered the same URL, it would take me to the https version.

After clicking any link on the page that is initially loaded (http), it will take you to a https version of the following page. So, for example:

type: mysite.com/hello
click: "home" button
takes you to https://mysite.com

Can anyone help me understand why this could be?

PS. i do not have a selfsigned ssl cert. am using cloudflare flexible ssl and a page rule that forces all urls to be https

eva2000 · Oct 26, 2016

with redis cache enabled and then disabled, what is the output for ssh commands below
Code (Text):
curl -Is http://mysite.com
curl -Is https://mysite.com
Might want to use CODE tags for code How to use forum BBCODE code tags

bruno · Oct 26, 2016

hmm a bit confused now.. so i tried to switch to wp super cache by commenting/uncommenting the appropriate lines in /usr/local/nginx/conf/conf.d/test.vincentius.com.conf

it seems that now the issue occurs also with wp super cache. below are the results of the requested commands:

Super Cache ENABLED in wp-admin:

Code:

curl -Is http://test.vincentius.com
HTTP/1.1 200 OK
Date: Tue, 25 Oct 2016 14:27:51 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 119438
Last-Modified: Tue, 25 Oct 2016 14:24:14 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "580f6b0e-1d28e"
Server: nginx centminmod
X-Powered-By: centminmod
Accept-Ranges: bytes

Code:

curl -Is https://test.vincentius.com

(nothing showed up)

Super Cache DISABLED in wp-admin:

Code:

curl -Is http://test.vincentius.com
HTTP/1.1 200 OK
Date: Tue, 25 Oct 2016 14:30:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=mhhobuqhnkusmc0dtp6ob4ttg5; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: wp_woocommerce_session_49fcf23d1065c25732ba329b06dbdf78=7aaae3af51260002a286bf8c0a838dc6%7C%7C1477578642%7C%7C1477575042%7C%7C16a584b3fc2b5be46eae181ceca6ea35; expires=Thu, 27-Oct-2016 14:30:42 GMT; Max-Age=172800; path=/
Link: <https://test.vincentius.com/wp-json/>; rel="https://api.w.org/"
Server: nginx centminmod
X-Powered-By: centminmod

Code:

 curl -Is https://test.vincentius.com

(nothing showed up)

eva2000 · Oct 26, 2016

add a v flag to curl to make it output more verbose to see better
Code (Text):
curl -Isv http://mysite.com
curl -Isv https://mysite.com

bruno · Oct 26, 2016

Code:

test.vincentius.com port 80 (#0)
*   Trying 10.128.0.2...
* Connected to test.vincentius.com (10.128.0.2) port 80 (#0)
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: test.vincentius.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Tue, 25 Oct 2016 14:37:40 GMT
Date: Tue, 25 Oct 2016 14:37:40 GMT
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Connection: keep-alive
Connection: keep-alive
< Vary: Accept-Encoding
Vary: Accept-Encoding
< Set-Cookie: PHPSESSID=it45h8vs1o5e1eo7rbng17mc47; path=/
Set-Cookie: PHPSESSID=it45h8vs1o5e1eo7rbng17mc47; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
Pragma: no-cache
< Set-Cookie: wp_woocommerce_session_49fcf23d1065c25732ba329b06dbdf78=340789d97e714c7b674de89305a310ca%7C%7C1477579060%7C%7C1477575460%7C%7C40bd1f134cfc8c87ebe5b6f36fb66741; expires=Thu, 27-Oct-2016 14:37:40 GMT; Max-Age=172800; path=/
Set-Cookie: wp_woocommerce_session_49fcf23d1065c25732ba329b06dbdf78=340789d97e714c7b674de89305a310ca%7C%7C1477579060%7C%7C1477575460%7C%7C40bd1f134cfc8c87ebe5b6f36fb66741; expires=Thu, 27-Oct-2016 14:37:40 GMT; Max-Age=172800; path=/
< Link: <https://test.vincentius.com/wp-json/>; rel="https://api.w.org/"
Link: <https://test.vincentius.com/wp-json/>; rel="https://api.w.org/"
< Server: nginx centminmod
Server: nginx centminmod
< X-Powered-By: centminmod
X-Powered-By: centminmod

<
* Connection #0 to host test.vincentius.com left intact
[root@test conf.d]# curl -Isv https://test.vincentius.com

eva2000 · Oct 26, 2016

missed the https version output

also what's output for these commands changing /home/nginx/domains/domain.com/public/ to the path to where you installed wordpress i.e. if domain.com/blog then it would be /home/nginx/domains/domain.com/public/blog
Code (Text):
cd /home/nginx/domains/domain.com/public/
wp option get siteurl --allow-root
wp option get home --allow-root

bruno · Oct 26, 2016

my bad! will find those outputs now

Code:

<
* Connection #0 to host test.vincentius.com left intact
[root@test conf.d]# curl -Isv https://test.vincentius.com
* About to connect() to test.vincentius.com port 443 (#0)
*   Trying 10.128.0.2...
* Connected to test.vincentius.com (10.128.0.2) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=test.vincentius.com,OU=IT,O=test.vincentius.com,L=Los Angeles,ST=California,C=US
*       start date: Oct 25 13:35:09 2016 GMT
*       expire date: Oct 01 13:35:09 2116 GMT
*       common name: test.vincentius.com
*       issuer: CN=test.vincentius.com,OU=IT,O=test.vincentius.com,L=Los Angeles,ST=California,C=US
* NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)
* Peer's certificate issuer has been marked as not trusted by the user.
* Closing connection 0

bruno · Oct 26, 2016

Code:

[root@test conf.d]# cd /home/nginx/domains/test.vincentius.com/public/
[root@test public]# wp option get siteurl --allow-root
https://test.vincentius.com
[root@test public]# wp option get home --allow-root
https://test.vincentius.com
[root@test public]#

eva2000 · Oct 26, 2016

looks right with https version for home and siteurl for wordpress blog

bruno said: ↑

* issuer: CN=test.vincentius.com,OU=IT,O=test.vincentius.com,L=Los Angeles,ST=California,C=US * NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER) * Peer's certificate issuer has been marked as not trusted by the user. * Closing connection 0
Click to expand...

there's the problem for https version of site, your https version is using the self-signed ssl cert centmin mod vhost generated via centmin.sh menu option 2, 22 or nv command line method of creating and adding a domain to nginx. Which means you haven't properly enabled Cloudflare HTTPS or you only just enabled it and need to wait up to a 24hrs IIRC for Cloudflare SSL certificate to deploy the first time round for your domain.

How long ago did you enable Cloudflare HTTPS for your site ?

You can probably use dev.ssllabs.com test site to check your https version of your site

bruno · Oct 26, 2016

hmm.. shouldn't be a problem with ssl cert. result of that test: SSL Server Test: test.vincentius.com (Powered by Qualys SSL Labs)

also.. as soon as you click anywhere else on the site, it uses https:// and it is working correctly

the problem is that when you type "test.vincentius.com" into url bar and hit enter, it doesn't redirect you to the https version. it only does so when if you type "Vincentius Apparel" or if you do the process i mentioned above, where you click on any link within the domain.

i think i had a messed up conf file before - i have now created a fresh #22 with wp super cache, and copied that conf file into /usr/local/nginx/conf/conf.d/test.vincentius.com.conf (of course, making sure the URLs were changed to match the new one)

here are the outputs of the commands you mentioned earlier:

Code:

[root@test conf.d]# curl -Isv http://test.vincentius.com
* About to connect() to test.vincentius.com port 80 (#0)
*   Trying 10.128.0.2...
* Connected to test.vincentius.com (10.128.0.2) port 80 (#0)
> HEAD / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: test.vincentius.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Date: Tue, 25 Oct 2016 15:03:17 GMT
Date: Tue, 25 Oct 2016 15:03:17 GMT
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Connection: keep-alive
Connection: keep-alive
< Vary: Accept-Encoding
Vary: Accept-Encoding
< Set-Cookie: PHPSESSID=sp8rohfeju4a7doiudv4d05qb0; path=/
Set-Cookie: PHPSESSID=sp8rohfeju4a7doiudv4d05qb0; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
Pragma: no-cache
< Set-Cookie: wp_woocommerce_session_49fcf23d1065c25732ba329b06dbdf78=c0ed019d589ec045d80fa90997217a12%7C%7C1477580596%7C%7C1477576996%7C%7Ccd7b79f606641e3dd0c62fb7d0eb383a; expires=Thu, 27-Oct-2016 15:03:16 GMT; Max-Age=172800; path=/
Set-Cookie: wp_woocommerce_session_49fcf23d1065c25732ba329b06dbdf78=c0ed019d589ec045d80fa90997217a12%7C%7C1477580596%7C%7C1477576996%7C%7Ccd7b79f606641e3dd0c62fb7d0eb383a; expires=Thu, 27-Oct-2016 15:03:16 GMT; Max-Age=172800; path=/
< Link: <https://test.vincentius.com/wp-json/>; rel="https://api.w.org/"
Link: <https://test.vincentius.com/wp-json/>; rel="https://api.w.org/"
< Server: nginx centminmod
Server: nginx centminmod
< X-Powered-By: centminmod
X-Powered-By: centminmod

<
* Connection #0 to host test.vincentius.com left intact
[root@test conf.d]# curl -Isv https://test.vincentius.com
* About to connect() to test.vincentius.com port 443 (#0)
*   Trying 10.128.0.2...
* Connection refused
* Failed connect to test.vincentius.com:443; Connection refused
* Closing connection 0

And here is the conf file, just in case:

Code:

# Centmin Mod Getting Started Guide
# must read http://centminmod.com/getstarted.html

# redirect from non-www to www
# uncomment, save file and restart Nginx to enable
# if unsure use return 302 before using return 301
#server {
#            listen   80;
#            server_name test.vincentius.com;
#            return 301 $scheme://www.test.vincentius.com$request_uri;
#       }

server {

  server_name test.vincentius.com www.test.vincentius.com;

# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;

  #add_header X-Frame-Options SAMEORIGIN;
  #add_header X-Xss-Protection "1; mode=block" always;
  #add_header X-Content-Type-Options "nosniff" always;

  # limit_conn limit_per_ip 16;
  # ssi  on;

  access_log /home/nginx/domains/test.vincentius.com/log/access.log main_ext buffer=256k flush=60m;
  error_log /home/nginx/domains/test.vincentius.com/log/error.log;

  include /usr/local/nginx/conf/autoprotect/test.vincentius.com/autoprotect-test.vincentius.com.conf;
  root /home/nginx/domains/test.vincentius.com/public;
  # uncomment cloudflare.conf include if using cloudflare for
  # server and/or vhost site
  #include /usr/local/nginx/conf/cloudflare.conf;
  include /usr/local/nginx/conf/503include-main.conf;

  #include /usr/local/nginx/conf/wpincludes/test.vincentius.com/wpcacheenabler_test.vincentius.com.conf;
  include /usr/local/nginx/conf/wpincludes/test.vincentius.com/wpsupercache_test.vincentius.com.conf;
  # https://community.centminmod.com/posts/18828/
  #include /usr/local/nginx/conf/wpincludes/test.vincentius.com/rediscache_test.vincentius.com.conf;

  location / {
  include /usr/local/nginx/conf/503include-only.conf;


  # Enables directory listings when index file not found
  #autoindex  on;

  # for wordpress super cache plugin
  try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;

  # for wp cache enabler plugin
  #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;

  # Wordpress Permalinks
  #try_files $uri $uri/ /index.php?q=$uri&$args;

  # Nginx level redis Wordpress
  # https://community.centminmod.com/posts/18828/
  #try_files $uri $uri/ /index.php?$args;

  }

location ~* /(wp-login\.php) {
    limit_req zone=xwplogin burst=1 nodelay;
    #limit_conn xwpconlimit 30;
    auth_basic "Private";
    auth_basic_user_file /home/nginx/domains/test.vincentius.com/htpasswd_wplogin;
    include /usr/local/nginx/conf/php-wpsc.conf;
    # https://community.centminmod.com/posts/18828/
    #include /usr/local/nginx/conf/php-rediscache.conf;
}

location ~* /(xmlrpc\.php) {
    limit_req zone=xwprpc burst=45 nodelay;
    #limit_conn xwpconlimit 30;
    include /usr/local/nginx/conf/php-wpsc.conf;
    # https://community.centminmod.com/posts/18828/
    #include /usr/local/nginx/conf/php-rediscache.conf;
}

  include /usr/local/nginx/conf/wpincludes/test.vincentius.com/wpsecure_test.vincentius.com.conf;
  include /usr/local/nginx/conf/php-wpsc.conf;
  # https://community.centminmod.com/posts/18828/
  #include /usr/local/nginx/conf/php-rediscache.conf;
  include /usr/local/nginx/conf/staticfiles.conf;
  include /usr/local/nginx/conf/drop.conf;
  #include /usr/local/nginx/conf/errorpage.conf;
  include /usr/local/nginx/conf/vts_server.conf;
}

eva2000 · Oct 26, 2016

is that the https nginx vhost config file for working or not working one ?

strange then, did you add anything into /etc/hosts or your local pc's hosts file to override and bypass the test.vincentius.com domain's DNS A record used by Cloudflare with the real IP backend of the server ? If you did then anytime your local pc accesses test.vincentius.com, it will lookup the bypassed DNS A record reported by Cloudflare and use the backend real IP of your server so any https access will hit the self-signed ssl certificate generated by Centmin Mod nginx vhost generator.

actually might be the case for reported ip in curl verbose output ?
Code (Text):
curl -Isv http://test.vincentius.com
* About to connect() to test.vincentius.com port 80 (#0)
*   Trying 10.128.0.2...
* Connected to test.vincentius.com (10.128.0.2) port 80 (#0)
10.128.0.2 isn't a cloudflare IP 10.128.0.2, United States

NetRange: 10.0.0.0 - 10.255.255.255
CIDR: 10.0.0.0/8
OriginAS:
NetName: PRIVATE-ADDRESS-ABLK-RFC1918-IANA-RESERVED
NetHandle: NET-10-0-0-0-1
Parent:
NetType: IANA Special Use
Click to expand...

bruno · Oct 26, 2016

hmm.. well 10.128.0.2 is the google cloud internal IP, so it's not cloudflare. by the way, i have uncommented the cloudflare conf line also.

there's nothing particular about my local hosts file.. have checked on my mobile too, same problem. are you able to replicate it on your end? try to type "test.vincentius.com" in your browser?

also, attached conf file is the "current" one, the "working" one..

cheers!

eva2000 · Oct 26, 2016

yes accessing domain gives http version there's no 301 redirect to https

what's the page rule you used at cloudflare for http to https redirect ? some info Page Rules Tutorial – Cloudflare Support

Always Use HTTPS:
Convert any http:// URL to an https:// URL by creating a 301 redirect. This is commonly used if you want to force some sections of your site to HTTPS, which uses certificates to secure the connection between a client and our edge.
Click to expand...

bruno · Oct 26, 2016

Please find screenshot of page rules:

bruno · Oct 26, 2016

@eva2000 also using the Cloudflare Flexible SSL plugin to make it work

eva2000 · Oct 26, 2016

believe you only need always https rule, you don't need the flexible ssl one

bruno said: ↑

Cloudflare Flexible SSL plugin to make it work
Click to expand...

wordpress CloudFlare Flexible SSL — WordPress Plugins ? you don't need such plugins, disable it in wordpress

eva2000 · Oct 26, 2016

don't need Cloudflare flexible ssl wordpress plugin to be honest. You can just force https via wp-config.php at The Definitive Guide to WordPress SSL Security
Code (Text):
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

bruno · Oct 26, 2016

Disabled the plugin but still no luck.. only showing http when you type test.vincentius.com

bruno · Oct 26, 2016

Thanks for that tip. Will add it to wp-config.php

eva2000 · Oct 26, 2016

strange then, maybe try http to https redirect at centmin mod nginx level, in your non-https domain.com.conf set above the existing server {} context the following
Code (Text):
 uncomment, save file and restart Nginx to enable
 if unsure use return 302 before using return 301
server {
            listen   80;
            server_name test.vincentius.com;
            return 302 https://test.vincentius.com$request_uri;
       }
test in incognito private browser sessions
if you do that you can probably switch from flexible ssl to full ssl What do the SSL options mean? – Cloudflare Support as cloudflare will talk with your backend origin site via the self-signed ssl cert instead but that means whatever custom settings in domain.com.conf need to be replicated in domain.com.ssl.conf for self-signed ssl

never really come across redis/wp super cache making cloudflare forced https not work like this

Log in / Register

Forums

Welcome to Centmin Mod Community

Wordpress Bug With Redis Cache + HTTPS on WordPress Homepage

bruno Member

eva2000 Administrator Staff Member

bruno Member

eva2000 Administrator Staff Member

bruno Member

eva2000 Administrator Staff Member

bruno Member

bruno Member

eva2000 Administrator Staff Member

bruno Member

eva2000 Administrator Staff Member

bruno Member

eva2000 Administrator Staff Member

bruno Member

Attached Files:

IMG_25102016_162155_20161025_171003.jpg

bruno Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

bruno Member

bruno Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Welcome to Centmin Mod Community

Wordpress Bug With Redis Cache + HTTPS on WordPress Homepage

bruno Member

eva2000 Administrator Staff Member

bruno Member

eva2000 Administrator Staff Member

bruno Member

eva2000 Administrator Staff Member

bruno Member

bruno Member

eva2000 Administrator Staff Member

bruno Member

eva2000 Administrator Staff Member

bruno Member

eva2000 Administrator Staff Member

bruno Member

Attached Files:

IMG_25102016_162155_20161025_171003.jpg

bruno Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

bruno Member

bruno Member

eva2000 Administrator Staff Member

.