Welcome to Centmin Mod Community
Register Now

Wordpress Bug With Redis Cache + HTTPS on WordPress Homepage

Discussion in 'Blogs & CMS usage' started by bruno, Oct 25, 2016.

  1. bruno

    bruno Premium Member Premium Member

    51
    3
    8
    Oct 14, 2016
    Ratings:
    +7
    Local Time:
    2:47 AM
    Am on the latest beta, have installed wordpress via #22.

    I notice that when I enable Redis Cache with the method outlined on this site (or by choosing it as an option from the GUI), a strange bug occurs.

    After enabling Redis Cache, and typing "mysite.com/whatever/page" on any device, it will take me to the http version (despite me having a cloudflare rule to force https - and the fact that all mentions of the URL in the database are https:// , not http:// )

    Of course, with no caching enabled (and with wp super cache), when i entered the same URL, it would take me to the https version.

    After clicking any link on the page that is initially loaded (http), it will take you to a https version of the following page. So, for example:

    type: mysite.com/hello
    click: "home" button
    takes you to https://mysite.com

    Can anyone help me understand why this could be?

    PS. i do not have a selfsigned ssl cert. am using cloudflare flexible ssl and a page rule that forces all urls to be https
     
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    with redis cache enabled and then disabled, what is the output for ssh commands below

    Code (Text):
    curl -Is http://mysite.com
    curl -Is https://mysite.com

    Might want to use CODE tags for code How to use forum BBCODE code tags :)
     
  3. bruno

    bruno Premium Member Premium Member

    51
    3
    8
    Oct 14, 2016
    Ratings:
    +7
    Local Time:
    2:47 AM
    hmm a bit confused now.. so i tried to switch to wp super cache by commenting/uncommenting the appropriate lines in /usr/local/nginx/conf/conf.d/test.vincentius.com.conf

    it seems that now the issue occurs also with wp super cache. below are the results of the requested commands:

    Super Cache ENABLED in wp-admin:
    Code:
    curl -Is http://test.vincentius.com
    HTTP/1.1 200 OK
    Date: Tue, 25 Oct 2016 14:27:51 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 119438
    Last-Modified: Tue, 25 Oct 2016 14:24:14 GMT
    Connection: keep-alive
    Vary: Accept-Encoding
    ETag: "580f6b0e-1d28e"
    Server: nginx centminmod
    X-Powered-By: centminmod
    Accept-Ranges: bytes
    Code:
    curl -Is https://test.vincentius.com 
    (nothing showed up)

    Super Cache DISABLED in wp-admin:
    Code:
    curl -Is http://test.vincentius.com
    HTTP/1.1 200 OK
    Date: Tue, 25 Oct 2016 14:30:42 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: keep-alive
    Vary: Accept-Encoding
    Set-Cookie: PHPSESSID=mhhobuqhnkusmc0dtp6ob4ttg5; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Set-Cookie: wp_woocommerce_session_49fcf23d1065c25732ba329b06dbdf78=7aaae3af51260002a286bf8c0a838dc6%7C%7C1477578642%7C%7C1477575042%7C%7C16a584b3fc2b5be46eae181ceca6ea35; expires=Thu, 27-Oct-2016 14:30:42 GMT; Max-Age=172800; path=/
    Link: <https://test.vincentius.com/wp-json/>; rel="https://api.w.org/"
    Server: nginx centminmod
    X-Powered-By: centminmod
    Code:
     curl -Is https://test.vincentius.com 
    (nothing showed up)
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    add a v flag to curl to make it output more verbose to see better
    Code (Text):
    curl -Isv http://mysite.com
    curl -Isv https://mysite.com
     
  5. bruno

    bruno Premium Member Premium Member

    51
    3
    8
    Oct 14, 2016
    Ratings:
    +7
    Local Time:
    2:47 AM
    Code:
    test.vincentius.com port 80 (#0)
    *   Trying 10.128.0.2...
    * Connected to test.vincentius.com (10.128.0.2) port 80 (#0)
    > HEAD / HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: test.vincentius.com
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    HTTP/1.1 200 OK
    < Date: Tue, 25 Oct 2016 14:37:40 GMT
    Date: Tue, 25 Oct 2016 14:37:40 GMT
    < Content-Type: text/html; charset=UTF-8
    Content-Type: text/html; charset=UTF-8
    < Connection: keep-alive
    Connection: keep-alive
    < Vary: Accept-Encoding
    Vary: Accept-Encoding
    < Set-Cookie: PHPSESSID=it45h8vs1o5e1eo7rbng17mc47; path=/
    Set-Cookie: PHPSESSID=it45h8vs1o5e1eo7rbng17mc47; path=/
    < Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    < Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    < Pragma: no-cache
    Pragma: no-cache
    < Set-Cookie: wp_woocommerce_session_49fcf23d1065c25732ba329b06dbdf78=340789d97e714c7b674de89305a310ca%7C%7C1477579060%7C%7C1477575460%7C%7C40bd1f134cfc8c87ebe5b6f36fb66741; expires=Thu, 27-Oct-2016 14:37:40 GMT; Max-Age=172800; path=/
    Set-Cookie: wp_woocommerce_session_49fcf23d1065c25732ba329b06dbdf78=340789d97e714c7b674de89305a310ca%7C%7C1477579060%7C%7C1477575460%7C%7C40bd1f134cfc8c87ebe5b6f36fb66741; expires=Thu, 27-Oct-2016 14:37:40 GMT; Max-Age=172800; path=/
    < Link: <https://test.vincentius.com/wp-json/>; rel="https://api.w.org/"
    Link: <https://test.vincentius.com/wp-json/>; rel="https://api.w.org/"
    < Server: nginx centminmod
    Server: nginx centminmod
    < X-Powered-By: centminmod
    X-Powered-By: centminmod
    
    <
    * Connection #0 to host test.vincentius.com left intact
    [root@test conf.d]# curl -Isv https://test.vincentius.com
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    missed the https version output :)

    also what's output for these commands changing /home/nginx/domains/domain.com/public/ to the path to where you installed wordpress i.e. if domain.com/blog then it would be /home/nginx/domains/domain.com/public/blog
    Code (Text):
    cd /home/nginx/domains/domain.com/public/
    wp option get siteurl --allow-root
    wp option get home --allow-root
    
     
  7. bruno

    bruno Premium Member Premium Member

    51
    3
    8
    Oct 14, 2016
    Ratings:
    +7
    Local Time:
    2:47 AM
    my bad! will find those outputs now

    Code:
    <
    * Connection #0 to host test.vincentius.com left intact
    [root@test conf.d]# curl -Isv https://test.vincentius.com
    * About to connect() to test.vincentius.com port 443 (#0)
    *   Trying 10.128.0.2...
    * Connected to test.vincentius.com (10.128.0.2) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * Server certificate:
    *       subject: CN=test.vincentius.com,OU=IT,O=test.vincentius.com,L=Los Angeles,ST=California,C=US
    *       start date: Oct 25 13:35:09 2016 GMT
    *       expire date: Oct 01 13:35:09 2116 GMT
    *       common name: test.vincentius.com
    *       issuer: CN=test.vincentius.com,OU=IT,O=test.vincentius.com,L=Los Angeles,ST=California,C=US
    * NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)
    * Peer's certificate issuer has been marked as not trusted by the user.
    * Closing connection 0
     
  8. bruno

    bruno Premium Member Premium Member

    51
    3
    8
    Oct 14, 2016
    Ratings:
    +7
    Local Time:
    2:47 AM
    Code:
    [root@test conf.d]# cd /home/nginx/domains/test.vincentius.com/public/
    [root@test public]# wp option get siteurl --allow-root
    https://test.vincentius.com
    [root@test public]# wp option get home --allow-root
    https://test.vincentius.com
    [root@test public]#
     
  9. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    looks right with https version for home and siteurl for wordpress blog
    there's the problem for https version of site, your https version is using the self-signed ssl cert centmin mod vhost generated via centmin.sh menu option 2, 22 or nv command line method of creating and adding a domain to nginx. Which means you haven't properly enabled Cloudflare HTTPS or you only just enabled it and need to wait up to a 24hrs IIRC for Cloudflare SSL certificate to deploy the first time round for your domain.

    How long ago did you enable Cloudflare HTTPS for your site ?

    You can probably use dev.ssllabs.com test site to check your https version of your site
     
  10. bruno

    bruno Premium Member Premium Member

    51
    3
    8
    Oct 14, 2016
    Ratings:
    +7
    Local Time:
    2:47 AM
    hmm.. shouldn't be a problem with ssl cert. result of that test: SSL Server Test: test.vincentius.com (Powered by Qualys SSL Labs)

    also.. as soon as you click anywhere else on the site, it uses https:// and it is working correctly

    the problem is that when you type "test.vincentius.com" into url bar and hit enter, it doesn't redirect you to the https version. it only does so when if you type "Vincentius Apparel" or if you do the process i mentioned above, where you click on any link within the domain.

    i think i had a messed up conf file before - i have now created a fresh #22 with wp super cache, and copied that conf file into /usr/local/nginx/conf/conf.d/test.vincentius.com.conf (of course, making sure the URLs were changed to match the new one)

    here are the outputs of the commands you mentioned earlier:

    Code:
    [root@test conf.d]# curl -Isv http://test.vincentius.com
    * About to connect() to test.vincentius.com port 80 (#0)
    *   Trying 10.128.0.2...
    * Connected to test.vincentius.com (10.128.0.2) port 80 (#0)
    > HEAD / HTTP/1.1
    > User-Agent: curl/7.29.0
    > Host: test.vincentius.com
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    HTTP/1.1 200 OK
    < Date: Tue, 25 Oct 2016 15:03:17 GMT
    Date: Tue, 25 Oct 2016 15:03:17 GMT
    < Content-Type: text/html; charset=UTF-8
    Content-Type: text/html; charset=UTF-8
    < Connection: keep-alive
    Connection: keep-alive
    < Vary: Accept-Encoding
    Vary: Accept-Encoding
    < Set-Cookie: PHPSESSID=sp8rohfeju4a7doiudv4d05qb0; path=/
    Set-Cookie: PHPSESSID=sp8rohfeju4a7doiudv4d05qb0; path=/
    < Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    < Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    < Pragma: no-cache
    Pragma: no-cache
    < Set-Cookie: wp_woocommerce_session_49fcf23d1065c25732ba329b06dbdf78=c0ed019d589ec045d80fa90997217a12%7C%7C1477580596%7C%7C1477576996%7C%7Ccd7b79f606641e3dd0c62fb7d0eb383a; expires=Thu, 27-Oct-2016 15:03:16 GMT; Max-Age=172800; path=/
    Set-Cookie: wp_woocommerce_session_49fcf23d1065c25732ba329b06dbdf78=c0ed019d589ec045d80fa90997217a12%7C%7C1477580596%7C%7C1477576996%7C%7Ccd7b79f606641e3dd0c62fb7d0eb383a; expires=Thu, 27-Oct-2016 15:03:16 GMT; Max-Age=172800; path=/
    < Link: <https://test.vincentius.com/wp-json/>; rel="https://api.w.org/"
    Link: <https://test.vincentius.com/wp-json/>; rel="https://api.w.org/"
    < Server: nginx centminmod
    Server: nginx centminmod
    < X-Powered-By: centminmod
    X-Powered-By: centminmod
    
    <
    * Connection #0 to host test.vincentius.com left intact
    [root@test conf.d]# curl -Isv https://test.vincentius.com
    * About to connect() to test.vincentius.com port 443 (#0)
    *   Trying 10.128.0.2...
    * Connection refused
    * Failed connect to test.vincentius.com:443; Connection refused
    * Closing connection 0
    And here is the conf file, just in case:

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    
    # redirect from non-www to www
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    #server {
    #            listen   80;
    #            server_name test.vincentius.com;
    #            return 301 $scheme://www.test.vincentius.com$request_uri;
    #       }
    
    server {
    
      server_name test.vincentius.com www.test.vincentius.com;
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      #add_header X-Frame-Options SAMEORIGIN;
      #add_header X-Xss-Protection "1; mode=block" always;
      #add_header X-Content-Type-Options "nosniff" always;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/test.vincentius.com/log/access.log main_ext buffer=256k flush=60m;
      error_log /home/nginx/domains/test.vincentius.com/log/error.log;
    
      include /usr/local/nginx/conf/autoprotect/test.vincentius.com/autoprotect-test.vincentius.com.conf;
      root /home/nginx/domains/test.vincentius.com/public;
      # uncomment cloudflare.conf include if using cloudflare for
      # server and/or vhost site
      #include /usr/local/nginx/conf/cloudflare.conf;
      include /usr/local/nginx/conf/503include-main.conf;
    
      #include /usr/local/nginx/conf/wpincludes/test.vincentius.com/wpcacheenabler_test.vincentius.com.conf;
      include /usr/local/nginx/conf/wpincludes/test.vincentius.com/wpsupercache_test.vincentius.com.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/wpincludes/test.vincentius.com/rediscache_test.vincentius.com.conf;
    
      location / {
      include /usr/local/nginx/conf/503include-only.conf;
    
    
      # Enables directory listings when index file not found
      #autoindex  on;
    
      # for wordpress super cache plugin
      try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?q=$uri&$args;
    
      # for wp cache enabler plugin
      #try_files $cache_enabler_uri $uri $uri/ $custom_subdir/index.php?$args;
    
      # Wordpress Permalinks
      #try_files $uri $uri/ /index.php?q=$uri&$args;
    
      # Nginx level redis Wordpress
      # https://community.centminmod.com/posts/18828/
      #try_files $uri $uri/ /index.php?$args;
    
      }
    
    location ~* /(wp-login\.php) {
        limit_req zone=xwplogin burst=1 nodelay;
        #limit_conn xwpconlimit 30;
        auth_basic "Private";
        auth_basic_user_file /home/nginx/domains/test.vincentius.com/htpasswd_wplogin;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
    location ~* /(xmlrpc\.php) {
        limit_req zone=xwprpc burst=45 nodelay;
        #limit_conn xwpconlimit 30;
        include /usr/local/nginx/conf/php-wpsc.conf;
        # https://community.centminmod.com/posts/18828/
        #include /usr/local/nginx/conf/php-rediscache.conf;
    }
    
      include /usr/local/nginx/conf/wpincludes/test.vincentius.com/wpsecure_test.vincentius.com.conf;
      include /usr/local/nginx/conf/php-wpsc.conf;
      # https://community.centminmod.com/posts/18828/
      #include /usr/local/nginx/conf/php-rediscache.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }
     
  11. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    is that the https nginx vhost config file for working or not working one ?

    strange then, did you add anything into /etc/hosts or your local pc's hosts file to override and bypass the test.vincentius.com domain's DNS A record used by Cloudflare with the real IP backend of the server ? If you did then anytime your local pc accesses test.vincentius.com, it will lookup the bypassed DNS A record reported by Cloudflare and use the backend real IP of your server so any https access will hit the self-signed ssl certificate generated by Centmin Mod nginx vhost generator.

    actually might be the case for reported ip in curl verbose output ?
    Code (Text):
    curl -Isv http://test.vincentius.com
    * About to connect() to test.vincentius.com port 80 (#0)
    *   Trying 10.128.0.2...
    * Connected to test.vincentius.com (10.128.0.2) port 80 (#0)


    10.128.0.2 isn't a cloudflare IP 10.128.0.2, United States
     
  12. bruno

    bruno Premium Member Premium Member

    51
    3
    8
    Oct 14, 2016
    Ratings:
    +7
    Local Time:
    2:47 AM
    hmm.. well 10.128.0.2 is the google cloud internal IP, so it's not cloudflare. by the way, i have uncommented the cloudflare conf line also.

    there's nothing particular about my local hosts file.. have checked on my mobile too, same problem. are you able to replicate it on your end? try to type "test.vincentius.com" in your browser?

    also, attached conf file is the "current" one, the "working" one..

    cheers!
     
  13. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    yes accessing domain gives http version there's no 301 redirect to https

    upload_2016-10-26_1-48-57.png

    what's the page rule you used at cloudflare for http to https redirect ? some info Page Rules Tutorial – Cloudflare Support

     
  14. bruno

    bruno Premium Member Premium Member

    51
    3
    8
    Oct 14, 2016
    Ratings:
    +7
    Local Time:
    2:47 AM
    Please find screenshot of page rules:
     

    Attached Files:

  15. bruno

    bruno Premium Member Premium Member

    51
    3
    8
    Oct 14, 2016
    Ratings:
    +7
    Local Time:
    2:47 AM
    @eva2000 also using the Cloudflare Flexible SSL plugin to make it work
     
  16. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    believe you only need always https rule, you don't need the flexible ssl one
    wordpress CloudFlare Flexible SSL — WordPress Plugins ? you don't need such plugins, disable it in wordpress
     
  17. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    don't need Cloudflare flexible ssl wordpress plugin to be honest. You can just force https via wp-config.php at The Definitive Guide to WordPress SSL Security

    Code (Text):
    define('FORCE_SSL_LOGIN', true);
    define('FORCE_SSL_ADMIN', true);
    
     
  18. bruno

    bruno Premium Member Premium Member

    51
    3
    8
    Oct 14, 2016
    Ratings:
    +7
    Local Time:
    2:47 AM
    Disabled the plugin but still no luck.. only showing http when you type test.vincentius.com
     
  19. bruno

    bruno Premium Member Premium Member

    51
    3
    8
    Oct 14, 2016
    Ratings:
    +7
    Local Time:
    2:47 AM
    Thanks for that tip. Will add it to wp-config.php
     
  20. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:47 AM
    Nginx 1.13.x
    MariaDB 5.5
    strange then, maybe try http to https redirect at centmin mod nginx level, in your non-https domain.com.conf set above the existing server {} context the following

    Code (Text):
     uncomment, save file and restart Nginx to enable
     if unsure use return 302 before using return 301
    server {
                listen   80;
                server_name test.vincentius.com;
                return 302 https://test.vincentius.com$request_uri;
           }

    test in incognito private browser sessions
    if you do that you can probably switch from flexible ssl to full ssl What do the SSL options mean? – Cloudflare Support as cloudflare will talk with your backend origin site via the self-signed ssl cert instead but that means whatever custom settings in domain.com.conf need to be replicated in domain.com.ssl.conf for self-signed ssl

    never really come across redis/wp super cache making cloudflare forced https not work like this