Unable to properly configure SSL on a wordpress hosted on Heroku

Question

Unable to properly configure SSL on a wordpress hosted on Heroku

JeanLebrument opened this issue 8 years ago · 2 comments

JeanLebrument commented 8 years ago

Hello,

I would like to force SSL on every page of a wordpress site hosted on Heroku using a custom subdomain.

Here is what I tried so far:

I created my wordpress project from this repository: https://github.com/mhoofman/wordpress-heroku
I added a custom subdomain in the Heroku settings with the following configuration:

Configuration: mysubdomain.mydomain.com
DNS Target: my-app.herokuapp.com

I added the Heroku SSL plugin
I uploaded my SLL certs of my wildcard SSL certificate bought from DNSSimple to Heroku and I get back the following url: an-app-id.herokussl.com
I created a CNAME redirection from mysubdomain.mydomain.com to an-app-id.herokussl.com
The wordpress is configured as bellow in Settings -> General:

WordPress Address (URL): http://mysubdomain.mydomain.com
Site Address (URL): http://mysubdomain.mydomain.com

The HTTPS plugin is configured as bellow:

SSL Host: mysubdomain.mydomain.com PORT: default port
Force SSL Administration: Checked
Force SSL Exclusively: Checked
Remove Unsecure Elements: Uncheked
Debug Mode: Checked
Proxy: No

Without any further custom configurations.

I have one problem:

1/ When I go to this URL: https://mysubdomain.mydomain.com I'm redirected to http://mysubdomain.mydomain.com

What did I miss?

Answer 1 · 2017-04-07T23:16:42.000Z

Hey mate, I know this is late and you’ve most likely already found a solution, but I stumbled on your issue when looking to add ssl today on my wordpress blog hosted with heroku.

This worked for me with no redirects. I'm using Automated Certificate Management on Heroku that was released last month though so not using the ssl plugin and I’ve made changes directly to the files.

In the wp-config.php file add the following just above the /* That's all, stop editing! Happy blogging. */ line.

define('FORCE_SSL_ADMIN', true);
// in some setups HTTP_X_FORWARDED_PROTO might contain 
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
       $_SERVER['HTTPS']='on';

And in the .htcaccess file add this below <IfModule mod_rewrite.c> and above RewriteEngine On.

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Then push to production.

Answer 2 · 2018-02-22T10:47:37.000Z

Thanks @ladydanger that sorted it out for me too!