Domain Mapping to either http or https

I have a multisite set up to force https on the primary and subdomains via htaccess. But I would like users to be able to choose either http or https if they want to map to their subdomain. Once they do, I want traffic to be forced to whatever they choose. So for example, if they choose https, but a visitor uses http for the URL prefix, I would like it to be forced to https. Currently the Domain Mapping plugin as configured only returns 'Valid' in the plug's Health Status for https, which then maps/routes traffic properly when the https is the URL prefix. If http is used however, it routes traffic to an error page.

How do I get the other options to validate properly in Health Status, and then map/route traffic as above?

All help is certainly appreciated!

Martin

P.S. The htaccess instructions are:

RewriteOptions inherit
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

RewriteRule ^(.*/)?sitemap.xml wp-content/sitemap.php [L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
  • James Morris

    Hello Martin,

    I hope you are well today.

    Theoretically, the end-user should always be directed to the URL specified in Domain Mapping. So, if https is defined, they should be directed to that URL. If they are not, that points to an issue in your configuration that is preventing DM from working correctly.

    In order to help you better with your issue, would you please grant me access to your site so I can take a closer look at what's going on?

    You can learn how to grant WPMU DEV Support Access at the following link:

    https://premium.wpmudev.org/manuals/wpmu-dev-dashboard-enabling-staff-login/

    Please reply back here once you've enabled access so I will be notified.

    Best regards,

    James Morris

  • James Morris

    Hello Martin,

    When I attempted to access one of the mapped domains via the https protocol, I was presented with an invalid SSL certificate warning.

    When I then tried to access the same domain using the http protocol, it showed a default cPanel error page.

    This indicates that there is either a configuration issue with the server or the DNS. In order to help you better with your issue, would you please grant me access to your site and server?

    Please visit the Contact page and complete the form with the following information:

    Subject: "Attn: James Morris"

    In the Message box, please provide the following:

    - link back to this thread for reference
    - any other relevant urls

    - Admin login:
    Admin username
    Admin password
    Login url

    - Domain Registrar Login
    Admin username
    Admin password
    Login url

    - Hosting Control Panel Login
    Admin username
    Admin password
    Login url

    - FTP credentials
    host
    username
    password
    (and port if required)

    Best regards,

    James Morris

  • James Morris

    Hello Martin,

    Thank you for sending me access. I've been able to determine the source of the problem you're having and apply the necessary changes. What I have done is detailed below:

    It seems you may not have a dedicated IP address on your server. When this is the case, when a user points their domain to your site, it will result in the default cPanel page as you were seeing. The solution is to add their domain in cPanel as an add-on domain and point it to the web root of your multisite install. See the following: https://goo.gl/WywUJY

    EDIT: Please see the following for more information... https://premium.wpmudev.org/forums/topic/domain-mapping-without-creating-add-on-domains

    With regards to redirecting to the member's choice of domain, there were a couple issues... First, there was a directive in your .htaccess that forced redirection to https regardless of domain. If you want your users to be able to choose using Domain Mapping, this cannot be there. I've commented out these directives so you can test this properly.

    Second, Domain Mapping was not setup to redirect to the mapped, primary domain. This controls which URL is presented. I have changed this setting so that, whatever the user sets in Domain Mapping will be the URL the end user is redirected to. See the following: https://goo.gl/WidA2c and https://goo.gl/6oxzZl

    Since you do not have a SSL cert on your mapped domains, the browser warning is still occurring on your mapped domains, but other than that, everything seems to be working well now. Can you please confirm?

    Best regards,

    James Morris

  • aecnu

    Greetings Gentlemen :slight_smile:

    Part of the answer is indeed Martin no longer has a dedicated IP as he added a second entry to his IP being a dev site that then changes the dedicated IP to a shared IP ( but still only shared exclusively by his hosting account ) by said action and therefore the behavior as described above regarding "A" records sending a domain at the server that the server does not know about and the server cannot resolve - therefore the symptoms of not resolving correctly to the WordPress MultiSite installation.

    When using a dedicated IP the server actually does not come into play and WordPress itself resolves the DNS in the "A" record type setup to the applicable subdomain/subdirectory site.

    Being that we are the hosting company involved I know exactly every in and out of these MultiSites and servers of course and we can certainly take care of Martin by moving his dev site off the formally dedicated IP and make the IP once again dedicated to just his MultiSite ... but this in itself will present several other challenges ...

    For example going https:// on the addon domain in an "A" record DNS environment WITHOUT making an alias or addon domain entry means each and every domain that uses SSL ( https:// ) will require a purchased SSL certificate to be created and installed.

    I say purchased due to the fact that unless the server has appropriate DNS entries itself one cannot take advantage of our FREE SSL certificates that are now automatically issued and assigned to every domain added to the server which includes both alias and addon domains.

    Now I am strictly referring to Domain Mapping and not the MultiSites main domain which can be either subdomain ( use a purchased wildcard SSL certificate ) ~or~ subdirectory/sub folder which our systems will automatically add a Grade "A" SSL Certificate in association with cPanel and Comodo themselves.

    So the choices are as follows ...

    A) Unsecure - Going only http with mapped domains - no problem and the dedicated IP is the solution even if the main MultiSite domain has the applicable SSL certificate installed - the MultiSites subdomains ~or~ subfolders will still work as secure with a https:// URL but not the domain mapped domains. But for SEO and security this would not be good ... see below.

    B) Secure https:// URL's for mapped domains - In this scenario to get the mapped domain secure and to work correctly Martin or client/end user will need to pay for SSL certificate first creating the applicable CSR which is then submitted to the SSL certificate supplier and then in turn the SSL certificate supplier will send an email to the domains registered owner to authorize the SSL certificate.

    When the SSL certificate is authorized by the registrant which is usually as simple as clicking a link ... then the SSL certificate is issued and sent to the purchaser in which then needs to be manually installed on the server which Martin certainly has the access to perform.

    Then every year when the certificate expires the same procedure must be re-enacted including the CSR and manual installation.

    Now lets compare this to the other option which is a whole lot simpler, requires the least amount of interaction by all concerned parties and what I recommend which providing for the least expense and manual labor/intervention ... whereas option B above requires much more interaction not limited to but including interaction of the admin and the client/end user of approving the certificate and certificate installation ...

    C) Secure https:// URL's for mapped domains the client proceeds as normal sending the domain to the MultiSite installation using the "A" record method. Martin manually adds the mapped domain to his cPanel either as a addon domain ~or~ alias ( formally called parked ) resolving to /public_html

    The SSL Certificate is automatically added to the domain by our systems FREE without any further interaction by either the administrator nor the client/end user. These FREE SSL Certificates also auto renew themselves so that portion is also removed from the equation.

    This is far more efficient and less costly even IF Martin decided to charge a nominal fee for the "secure" URL version for manually adding the domain to the server as a addon on or alias taking only a minute or two to perform and most likely cheaper then the cost of a SSL Certificate not to mention the hassle of creating and submitting the CSR etc. etc.

    Furthermore considering that the Google Chrome Security team announced the Chrome browser will begin labeling HTTP connections as insecure starting in January 2017 and that HTTPS:// secure sites are also rated higher then non secure sites as reported in the WPMU DEV newsletter referring to the WP Tavern article https://wptavern.com/chrome-to-add-security-warning-to-http-sites-beginning-2017 - it is my opinion that NOT making all the sites forced SSL is a disservice to the client/end user and to said clients/end users visitors and it appears Google agrees considering they are the ones that are marking sites secure or not and giving further ranking to secure sites versus unsecure sites.

    Secure sites obviously improve the user experience by not only encrypting the transmissions between the two but also security wise in the perspective that hacker injections to date are almost always to an insecure domain making the injection super obvious in a secure environment which would then indicate it is insecure making the injection stick out like a sore thumb making detection and mitigation easy peasy.

    With the big picture at hand ... with all the above realized and factual - it is my opinion that Martin and his cleints/end users would be best served forcing SSL on everything, using the fact that "all sites are secure with FREE SSL certificate" as an advertised or mentioned feature would please the potential client/end user and everything secure would get the SEO secure ranking bonus ... and all Martin needs to do is add the "A" record mapped domain to his control panel as either a addon domain ~or~ alias/parked domain to achieve all of the aforementioned.

    Joe :slight_smile:

  • aecnu

    Following up as I see a potential issue that could be easily mitigated ... Martin is using .htaccess to force SSL but I am not sure this works for the graphics and other items within the theme ... if it does I would like to know of this.

    If not, though depending on how the theme or coder adds the graphics and content ... we ourselves use WP Force SSL which we found on the themes we have used does the job not only forcing SSL but also using secure URL's for the graphics etc. as well.

    WP Force SSL is a free plugin available in the WordPress repository https://wordpress.org/plugins/wp-force-ssl/

    Joe :slight_smile:

  • Martin

    Hi James - sorry for my misunderstanding on the dedicated IP. I've responded to Joe directly in WPMU Hosting so I've marked this ticket resolved. But I wanted to let you (and other users) know how helpful you've been going the extra mile to get this handled! I really appreciate it James!

    And for others who might be interested in extraordinary hosting for their multisites, Joe (aecnu here) at WPMU Hosting is absolutely the best I've run across. He's not just knowledgeable and extremely on top of things, but a great guy who typically sees though questions to answers that support a complete understanding of a circumstance even if something wasn't specifically addressed in the question. I completely concur with his assessment as to option C here, which would have been my preference if I could have figured out how to implement blanket SSL for all mapped domains. But as usual, Joe has already implemented it along with a whole lot of other features to support multisites like no other. The thing is this is how ALL my interactions have been, and hope others who want lightning fast, stable and secure, websites, and great customer support at an absurdly fair price, will talk to Joe. BTW, I'm not getting paid for recommending him, LOL. I just think we all benefit by praising excellence when we find it so others can take advantage of it too!

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.