I was working on a project to migrate WordPress site (https://mykbsite.com) from one server to another server. The purpose of the migration is to add more security to existing infrastructure by adding load balancer, proxy server & integrating Web Application Firewall (WAF).
Migration process was performed by restoring the MySQL database, configuring httpd service and restoring WordPress site using duplicatePro tool. At this point site was functional on port 80 at http://mykbsite.com. Before introducing SSL, load balancer & WAF were added to the configuration. Load balancer was listening on port 80. WAF was only allowing site request coming from United States. I kept the proxy configuration for later. I will go over how to for OCI load balancer and WAF in separate blogs.
I will focus on enabling HTTPS at port 443 and the challenge I had with site working after. To enable HTTPS, following steps were performed.
- Move all mykbsite certificates/CA-bundles/keys and localhost cert/key from the existing server to the new server.
- Modify /etc/httpd/conf.d/ssl.conf file by adding following lines.
ServerName mykbsite.com
SSLCertificateFile /etc/httpd/certs/mykbsite.com.crt
SSLCertificateKeyFile /etc/httpd/certs/mykbsite.key
SSLCertificateChainFile /etc/httpd/certs/mykbsite.com.ca-bundle
- Restart httpd service
- Update /var/www/html/wp-config.php with correct WP_HOME & WP_SITEURL.
define( ‘WP_HOME’, ‘https://mykbsite.com);
define( ‘WP_SITEURL’, ‘https://mykbsite.com’ );
- Create load balancer listener to listen to port 443 using all mykbsite certs/keys/ca-bundle as listed in step 2.
- While accessing the site using https://<LoadBalancer-IP>, it DOES NOT WORK. I get too may redirect error as shown below.
Now I started looking everywhere in the configuration including,
- httpd/ssl configuration files
- WordPress configuration (wp-config.php)
- Load balancer configuration/listener/backend set.
When I went straight to the WordPress server to access the site, it worked. In other words, following URL worked fine. So it was clear that when request is going to load balancer, something is not working.
The solution to this issue after researching for a while was to add following parameter to /var/www/html/wp-config.php file.
$_SERVER[‘HTTPS’] = ‘on’;
So, let’s talk about what happened in my migration scenario. I had load balancer listening to port 443, so communication between client and load balancer were encrypted. Load balancer backend sets were listening on port 80, so communication between load balancer and WordPress server was not encrypted. This was the problem of too many redirects error. WordPress is working on http and load balancer is working on https causing the traffic to move between http to https to http to https…….and so on creating never ending loop. Above parameter forced WordPress to start working on https. Here is a simplified view of this.