Use a different domain for SSL

1 Views

long time lurker – first time poster.

A client of mine has a website developed in CakePHP, and a wordpress blog installed in the /blog/ directory.

Read More

Let’s say the url of the main domain is http://www.realdomain.com, with the blog being http://www.realdomain.com/blog/.

They don’t have their own SSL certificate so they use my companies. Let’s say the secure URL is https://realdomain.maindomain.net/blog/

I have the following code in my wp-config.php file: 

define('WP_SITEURL', 'https://realdomain.maindomain.net/blog');
define('WP_CONTENT_URL', 'http://www.realdomain.com/blog/wp-content');
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);

When I go to the /wp-login.php, it redirects me to the secure URL which is perfect.

However, when I log in to the secure site, WordPress tries to loads JavaScripts and styles from 

`http**s**://realdomain.com`

Which causes problems because the main site doesn’t have a SSL certificate and as a result doesn’t load anything from https://realdomain.com

Is there anything else I’m missing?

Is the solution a .htaccess rule?
A rule which routed all “https://realdomain.com” to "https://realdomain.maindomain.com“?

I’ll pay anyone $20 who can help me fix it. I’ve Google’d until my hearts content and I don’t know what else I can do.

Thanks so much!

Post Views: 1

Related posts

Leave a Reply

5 comments

  1. Just to keep things nice & clear, I’ve posted this as a new answer. Let’s reset the playing field & follow the below instructions as if it were a shiny new install (ignore all code & suggestions in previous answers).

    In your wp-config.php

    define( 'WP_SITEURL', 'http://www.realdomain.com/blog' );
define( 'SSL_DOMAIN_ALIAS', 'realdomain.maindomain.net' );

define( 'FORCE_SSL_LOGIN', true );
define( 'FORCE_SSL_ADMIN', true );

    And in wp-content/mu-plugins/ssl-domain-alias.php

    <?php

/**
 * Plugin Name: SSL Domain Alias
 * Plugin URI: http://wordpress.stackexchange.com/questions/38902
 * Description: Use a different domain for serving your website over SSL, set with <code>SSL_DOMAIN_ALIAS</code> in your <code>wp-config.php</code>.
 * Author: TheDeadMedic
 * Author URI: http://wordpress.stackexchange.com/users/1685/thedeadmedic
 *
 * @package SSL_Domain_Alias
 */

/**
 * Swap out the current site domain with {@see SSL_DOMAIN_ALIAS} if the
 * protocol is HTTPS.
 *
 * This function is not bulletproof, and expects both {@see WP_SITEURL} and
 * {@see SSL_DOMAIN_ALIAS} to be defined.
 *
 * @todo The replacement is a simple string replacement (for speed). If the
 * domain name is matching other parts of the URL other than the host, we'll
 * need to switch to a more rigid regex.
 *
 * @param string $url
 * @return string
 */
function _use_ssl_domain_alias_for_https( $url )
{
    static $domain;
    if ( ! isset( $domain ) )
        $domain = defined( 'WP_SITEURL' ) && defined( 'SSL_DOMAIN_ALIAS' ) ? parse_url( WP_SITEURL, PHP_URL_HOST ) : false;

    if ( $domain && strpos( $url, 'https' ) === 0 )
        $url = str_replace( $domain, SSL_DOMAIN_ALIAS, $url );

    return $url;
}
add_filter( 'plugins_url', '_use_ssl_domain_alias_for_https', 1 );
add_filter( 'content_url', '_use_ssl_domain_alias_for_https', 1 );
add_filter( 'site_url', '_use_ssl_domain_alias_for_https', 1 );

?>

    I’ve suggested using a Must-Use plugin (mu-plugins), since these are autoloaded without having to be activated first.

    If you’d rather it be a standard plugin, you’ll need to add the FORCE_SSL_* constants after activation.

  2. I banged my head against the wall trying to move the admin functions on wordpress to a separate server. I thought I’d just add to it that having two host names does break the “preview” function in the editor, and so you need to modify your .htaccess to make that work again. 

    #special fixes on previews when wordpress sends user to the public blog & we want the hidden one.
RewriteCond %{HTTP_HOST} ^public.site.com$ [NC]
RewriteCond %{QUERY_STRING} .*(/?preview=true.*) [OR]
RewriteCond %{QUERY_STRING} (.*&preview=true.*) [NC]
RewriteRule ^(.*)$ http://secure.site.com/$1$2  [L,R=301]

  3. WordPress will force HTTPS for all assets if the current protocol is SSL. I’m assuming realdomain.maindomain.net is an alias for realdomain.com?

    If so, set your content URL to http://realdomain.maindomain.net/blog/wp-content.

    All assets will be served from this URL, and automatically rewritten to HTTPS when required.

    If (for whatever reason) you only ever want to serve content from the aliased domain inside the admin (i.e. via HTTPS), you can change the content URL conditionally:

    define( 'WP_CONTENT_URL', 'http://www.realdomain.com/blog/wp-content' );

function use_alias_for_ssl( $url )
{
    if ( is_ssl() )
        $url = str_replace( 'www.realdomain.com', 'realdomain.maindomain.net', $url );
    return $url;
}
add_filter( 'content_url', 'use_alias_for_ssl' );
add_filter( 'plugins_url', 'use_alias_for_ssl' );

    UPDATE: Try this, without any of the previous filters or additional defines;

    /* wp-config.php */
define( 'WP_SITEURL', 'https://realdomain.maindomain.net/blog' );
define( 'FORCE_SSL_LOGIN', true );
define( 'FORCE_SSL_ADMIN', true );

/* wp-content/mu-plugins/any-filename.php */
add_filter( 'blog_option_siteurl', '_config_wp_siteurl' );

  4. I updated the wp-config.php and WordPress MU isn’t installed, so I created the mu-plugins folder in the /wp-content/ folder. A few things happened:
    When viewing the public side, it loaded certain files from https://realdomain.maindomain.net/blog and some from http://realdomain.com. Like this:

    <script src="http://www.realdomain.com/blog/wp-content/plugins/commentluv/js/commentluv.js?ver=3.2.1" type="text/javascript">

    <link href="https://realdomain.maindomain.net/blog/xmlrpc.php?rsd" title="RSD" type="application/rsd+xml" rel="EditURI">

    <link href="https://realdomain.maindomain.net/blog/wp-includes/wlwmanifest.xml" type="application/wlwmanifest+xml" rel="wlwmanifest">

    However, blog post URLs and thumbnails were linking correctly. It was just 4 files which were retrieved from the https:// site

    On the wp-login page, the form URL was correct, https:// and it loaded the secure site..
    However, I didn’t change anything. It still pulls in 7 <script> & <link> files from https://realdomain.com.

    The URLs on all the <forms> all POST to the correct https:// site..

    Thanks for all your help so far, I really appreciate it!

  5. To enable admin access for http://blog.example.com through https://ssl.example.com/wp-admins/blog/wp-login.php with pure Apache config so you have no dependence on WordPress plugins and updates you may want to…

    …use mod_proxy on an HTTPS apache virtual host to forward traffic, ensure ProxyPreserveHost is Off so that host names in the proxy statements are sent through to the wordpress server. Then mod_substitute is used (make sure to turn it on) to fix the broken links coming back from wordpress.

    <Location /wp-admins/blog/>

  AddOutputFilterByType SUBSTITUTE text/html
  AddOutputFilterByType SUBSTITUTE text/css
  AddOutputFilterByType SUBSTITUTE application/javascript
  AddOutputFilterByType SUBSTITUTE application/json
  Substitute "s|http://blog.example.com|https://ssl.example.com/wp-admins/blog|i"
  Substitute "s|blog.example.com\/|blog.example.com\/wp-admins\/blog\/|i"
  Substitute "s|'/wp-admin|'/wp-admins/blog/wp-admin|i"
  Substitute "s|"/wp-admin|"/wp-admins/blog/wp-admin|i"
  Substitute "s|'/wp-includes|'/wp-admins/blog/wp-includes|i"
  ProxyPassReverseCookiePath / /wp-admins/blog/

</Location>

ProxyPass /wp-admins/blog/ http://blog.example.com/
ProxyPassReverse /wp-admins/blog/ http://blog.example.com/

    For the reverse proxy to work, you need to specify the internal IP of the server hosting blog.example.com. This solution ensures this will work even if the upstream server (10.0.0.4) has several name-based virtual hosts.

    10.0.0.4 blog.example.com

    For more details, see:

    http://tec.libertar.se/how-to-host-wordpress-admin-on-a-seperate-domain-and-subfolder/