Domain Mapping w/ HTTPS - My Scenario 2 - Staff Check In :)

Hi WPMUDev,

I hope your day is going well :slight_smile:

I have a new Domain Mapping thread for y'all... this is picking up where my last thread left off https://premium.wpmudev.org/forums/topic/domain-mapping-w-https-my-scenario-1-staff-check-in#post-766785

THIS IS A TOTALLY FRESH INSTALL

This may be similar or somehow related to the issues discussed in these threads:
https://premium.wpmudev.org/forums/topic/domain-mapping-cdsso-cookie-issue
https://premium.wpmudev.org/forums/topic/infinite-redirect-bug-in-domain-mapping-when-logging-into-subblog
https://premium.wpmudev.org/forums/topic/admin-ajaxphpactiondomainmap-setup-cdsso-impacting-performance
https://premium.wpmudev.org/forums/topic/users-logging-in-on-subdomain-arent-being-logged-into-main-site

Ok, here is a paste from my setup log (typed with y'all in mind):

Abstract:

Multisite Network using subdirectories @ tivism.com
Server IP: 185.56.85.36
Wildcard SSL for tivism.com & *.tivism.com

Primary should be forced HTTPS frontend
Primary should be forced HTTPS login/admin
Subsites should be forced HTTP frontend @ Mapped URL
Subsites should be forced HTTPS login/admin @ Original URL

Cross-Domain Logins should be supported

Primary Domain Mapping Network Settings:
Server IP: 185.56.85.36
Admin Mapping: Original
Login Mapping: Original
Cross-Domain: Yes
Verify: No
Force HTTPS Login/Admin: Yes
Force HTTPS Frontend: Yes

Subsites Domain Mapping Subsite Settings:
Protocol: http
(all subsites will be mapped with 'www' in URL for CloudFlare Railgun compatibility) - NOT currently using CF!

Server: GoGeek @ SiteGround.com - will use varnish caching, currently all cache systems OFF

Setup & primary testing from Win8 Transformer Book - IE, Chrome, Firefox (all latest versions)
____

Completely fresh WPMS

Domain Mapping v4.0.4 uploaded, Sunrise moved, wp-config updated.

Cleared Borwser; Logged into http://tivism.com (NOT using HTTPS yet, right)

Network activated Domain Mapping plugin, installed and network activated WPMUDev Dashboard plugin upon prompt.

Navigated to network > settings > domain mapping --> applied following settings:

Domain Mapping Network Settings:
Server IP: 185.56.85.36
Admin Mapping: Original
Login Mapping: Original
Cross-Domain: Yes
Verify: No
Force HTTPS Login/Admin: Yes
Force HTTPS Frontend: Yes

I was then immediately logged out, but to an HTTPS page- lookin' good!

Cleared browser data
Flushed local dns cache

Tested URLs
Primary frontend forced to HTTPS
Primary login forced to HTTPS

Logged in to https://tivism.com

Added two subsites:

https://tivism.com/tivismnet-secure-access
https://tivism.com/tivismorg-secure-access

Tested cross-domain logins:

Logged into primary site - I am able to visit any subsite admin area, visit any subsite frontend and see admin bar, able to go from frontend to frontend and still see admin bar.

Logged in via any subsite - I am able to visit any subsite admin area, visit any subsite frontend and see admin bar, able to go from frontend to frontend and still see admin bar, able to access primary site and network admin.

Logged out, cleared browser data, flushed local DNS cache.

Tested URLs:

Primary is forced HTTPS frontend
Primary is forced HTTPS login
Subsites are forced HTTPS for frontend
Subsites are forced HTTPS for login

OK! This is looking awesome! Everything appears to be working prior to mapping TLDs to network subsites!

Used SSL Configuration testing tools

https://sslcheck.globalsign.com/en_US/sslcheck?host=tivism.com#185.56.85.36
https://www.sslshopper.com/ssl-checker.html#hostname=tivism.com

Logged in to https://tivism.com/tivismorg-secure-access

Navigated to network > admin > settings > domain mapping to verify correct settings

Navigated to tivismorg subsite admin > tools > domain mapping

With protocol selection set for 'HTTP' mapped URL http://www.tivism.org to network subsite tivism.com/tivismorg-secure-access --> health status wheel just spins though I have DM set to NOT verify new domain mappings

See screenshots

Opened new browser tab for tivismnet subsite admin > tools > domain mapping

With protocol selection set for 'HTTP' mapped URL http://www.tivism.net to network subsite tivism.com/tivismnet-secure-access --> health status wheel just spins though I have DM set to NOT verify new domain mappings

See screenshots

I have been down this road before… so I let these windows sit open for a few minutes… the 'Health Status' remains the spinning wheel…

Any attempt to navigate to other admin areas shows I am now logged out, yet above note how I was able to open a new tab…

In any case, I went ahead and reset my browser data again, and cleared local DNS cache

Logged in to https://tivism.com

When I try to navigate via admin menu to https://tivism.com/tivismnet-secure-access I am asked to login

When I navigate via direct type in via browser address bar to http://tivism.net while logged in to https://tivism.com as superadmin I am not shown as logged in, even after hard page refresh. Clicking login from tivism.net brings me to https://tivism.com/tivismnet-secure-access/wp-login.php as it should - except that I'm already logged in and it should know that!!!

When I try to navigate via admin menu to https://tivism.com/tivismorg-secure-access I am asked to login

When I navigate via direct type in via browser address bar to http://tivism.org while logged in to https://tivism.com as superadmin I am not shown as logged in, even after hard page refresh. Clicking login from tivism.net brings me to https://tivism.com/tivismorg-secure-access/wp-login.php as it should - except that I'm already logged in and it should know that!!!

Even more concerning is that after logging in to https://tivism.com/wp-admin/ as superadmin when I navigate via the admin menu or via direct type-in to https://tivism.com/wp-admin/network/ I am redirected to https://tivism.com/wp-login.php?redirect_to=https%3A%2F%2Ftivism.com%2Fwp-admin%2Fnetwork%2F&reauth=1 and asked to sign in again!!! Edit --> this last behavior seems to no longer be occurring; it was def there before though, right after setup.

Opened DIFFERENT Computer - Win7 Toshiba w/Chrome & Firefox - I have had this one offline for past two months - its fresh :wink:
Cleared browser data
Flushed local dns cache

Logged in to https://tivism.com

When I try to navigate via admin menu to https://tivism.com/tivismnet-secure-access I am asked to login

When I navigate via direct type in via browser address bar to http://tivism.net while logged in to https://tivism.com as superadmin I am not shown as logged in, even after hard page refresh. Clicking login from tivism.net brings me to https://tivism.com/tivismnet-secure-access/wp-login.php as it should - except that I'm already logged in and it should know that!!!

When I try to navigate via admin menu to https://tivism.com/tivismorg-secure-access I am asked to login

When I navigate via direct type in via browser address bar to http://tivism.org while logged in to https://tivism.com as superadmin I am not shown as logged in, even after hard page refresh. Clicking login from tivism.net brings me to https://tivism.com/tivismorg-secure-access/wp-login.php as it should - except that I'm already logged in and it should know that!!!

So, yeah… :slight_smile:

Support Access is ACTIVE

Please get on in there and have a look.

I will email full creds to anyone who wants 'em :slight_smile:

Thanks for your help.

Cheers, Max

  • Tyler Postle

    Hey Max,

    Hope you're doing well today and thanks for that thorough explanation!

    Just to sum up, the issues you are facing are:

    1. The http://www.tivism.net/org domains are not mapping? This is likely happening because WordPress Multisite doesn't support www domains and although it has been discussed in the past there is no support for www in our plugin far as I know. I tested this on my own installation and got the same behaviour as well.

    2. When you login with https then visit the http version, it is showing you logged out? and is this only happening on mapped domain sites?

    I am going to be testing this on my installation now and also as per this thread: https://premium.wpmudev.org/forums/topic/domain-mapping-cdsso-cookie-issue#post-766790

    Hopefully I'm understanding your issue correctly, if not, let me know and I'll make sure I'm testing for the right thing :slight_smile:

    Talk to you soon!

    Cheers,
    Tyler

  • Tyler Postle

    Hey Max,

    Just reporting back what I found during my tests.

    My logins were forcing https as expected with the login/admin mapping set to "yes", I believe that was your experience as well correct? After logging in, I would remain logged in whether I tried to navigate to http directly or not.

    What I did find, was the issue on the above thread. Once a domain was mapped, I was no longer able to login to it. Would just re-load the login every time. Unless I turned off the https force, then I could login fine.

    I'm going to report this as a bug on the other thread, just going to post there now :slight_smile:

    Hope the rest of your weekend is going well!

    Cheers,
    Tyler

    • wp.network

      Hi @Tyler Postle - thanks for your reply!

      1) The http://www.tivism.net/org domains are not mapping?

      This is not correct.

      the URLs
      http://www.tivism.net
      http://www.tivism.org
      seem to be mapped ok, and will resolve now if you visit them :slight_smile:

      2) When you login with https then visit the http version, it is showing you logged out? and is this only happening on mapped domain sites?

      This is also not correct.

      When I login with HTTPS to Primary, then visit a HTTPS Subsite (original) address, it is showing me logged out!

      (with my setup there is no HTTP version, all are forced to HTTPS except mapped domain frontends).

      My issue is that after logging in to primary site, I am prompted to login when navigating to network subsite admin areas yet those logins fail!

      Navigating to a mapped address like http://www.tivism.net via direct type-in (not logged in to primary) and clicking login takes me to the original address for login as it should (https://tivism.com/tivismnet-secure-access/wp-login.php) but this login fails!

      Further, after navigating via direct type-in to a mapped address like http://www.tivism.net and going to login at its HTTPS original address like https://tivism.com/tivismnet-secure-access/wp-login.php and then having the login fail...
      clicking back button takes me back to http://www.tivism.net however...
      the link 'Back to TiVISMnet' at bottom of login screen takes me to the ORIGINAL address at https://tivism.com/tivismnet-secure-access/ INSTEAD of mapped address despite being set to force mapped address!!!

      As you can see in above setup description, I have been clearing browser data and flushing local dns cache during this testing :slight_smile:

      Hope this gets resolved soon!

      I'd love to send you superadmin and cpanel creds so you can look at how things are setup & behaving directly if that'd be at all helpful in speeding a thorough bug report/fix - just say the word :slight_smile:

      Cheers, Max

  • Tyler Postle

    Hey Max,

    Thanks for getting back to me!

    Yes, my mistake on the www there. I don't think I was being patient enough :p

    It is supported just fine.

    When I login with HTTPS to Primary, then visit a HTTPS Subsite (original) address, it is showing me logged out!

    This is the same behaviour I got on domain mapped sites using their original domain. Are you getting this only on original domain subsites that are mapped? Or all subsites?

    You can send the credentials in to me via our support form:

    Send in:

    Subject: "Attn: Tyler Postle"
    -WordPress admin username
    -WordPress admin password
    -login url
    -FTP credentials (host/username/password)
    -link back to this thread for reference
    -any other relevant urls

    Select "I have a different question" for your topic - this and the subject line ensure that it gets assigned to me :slight_smile:

    https://premium.wpmudev.org/contact/

    You can include cPanel too if you want :slight_smile: may or may not need to take a look there.

    All the best,
    Tyler

  • wp.network

    @Tyler Postle

    This is the same behaviour I got on domain mapped sites using their original domain. Are you getting this only on original domain subsites that are mapped? Or all subsites?

    Only on original domain subsites that are mapped.

    I have a subsite which does NOT have a mapped address which is working just fine.

    https://tivism.com/unmapped-test

    I can access this subsite and login directly, or I can access subsite admin after logging in at primary & this subsite IS properly forced to HTTPS frontend and login/admin backend.

    This really seems to point the finger at the actual domain mapping portion of Domain Mapping, amirite?

    Shoulda included this info from beginning, apologies :slight_smile:

    Kind Regards, Max

  • Gabe

    @TiViSM

    Hey Max, it looks like we're having similar issues. I can confirm the issues are happening with subsites with mapped domains, those without seem to work fine. As mentioned, it looks like @Tyler Postle has already reproduced the errors, so we should be on our way to resolution.

    Maybe @Tyler Postle or @Sam can confirm this, but I've found that Force HTTPS Frontend: Yes should be off for most networks using https sitewide on the main site and http on the front ends of mapped subsites. From what I've seen (at least previously, haven't tested it lately) this setting applies to the whole network, not just the primary site. Since a wildcard SSL certificate only covers subdomains, the frontends of subsites with mapped domains typically can't go https, so I just leave it off. I guess the force none/http/https option in the domain mapping settings of each subset may be the solution to this, but with the other bugs it's hard to verify. Other than that, our network domain mapping settings are identical.

    • wp.network

      Nice to get your input @Gabe - Thank you :slight_smile:

      1) Force HTTPS Frontend: Yes

      I have this set to 'Yes' currently, and though it is indeed difficult to be accurate in a cloud of bugs, it does seem to apply network wide for subsites using ORIGINAL addresses only - again, I'm running with subdirectories here so its a little different...

      eg. tivism.com/unmapped-test - HTTPS is being forced!

      I have then mapped two test cases with the new protocol selector
      (drop down menu at admin > tools > domain mapping : force none | http | https)
      set to HTTP

      these addresses are resolving
      http://www.tivism.net
      http:disappointed:www.tivism.org

      However, HTTP is NOT being forced!

      eg. one can resolve to https://www.tivism.net - meaning the new 'protocol selector' settings at admin > tools > domain mapping aren't working it seems.

      2) At this point, beyond the login/cookie issues I am concerned that HTTP is not being forced for mapped domains' frontend, but even more that domain mapping is not forcing to mapped address either!

      Both mapped and original are being allowed as though 'as entered' had been selected in mapping!

      eg. you can resolve to both
      http://www.tivism.net
      https://tivism.com/tivismnet-secure-access

      As you can see in screenshots above, I have set frontend redirect to be set to mapped domains.

      Are you experiencing this as well?

      Kind Regards, Max

  • wp.network

    Just an update to link to additional threads:
    https://premium.wpmudev.org/forums/topic/possible-bug-in-domain-mapping-when-paired-with-ssl

    and especially
    https://premium.wpmudev.org/forums/topic/domain-mapping-the-solution

    There seem to be a rather significant number of non-trivial bugs running around & many users experiencing issues - though few (including myself) are as able to clearly describe as @sybre and a several other awesome WPMUDev members.

    Thanks to everyone involved for pulling towards resolution :slight_smile:

    Kind Regards, Max

  • Tyler Postle

    Hey guys,

    Thanks for all the additional information you have been sharing here :slight_smile: awesome stuff.

    Thanks for sending in your credentials too Max.

    I've been working on this with Sam and I was also able to replicate an issue with the frontend redirect. This appears to be related to the login/admin mapping issue as well.

    "Directed to mapped primary domain" is not working as expected. I've passed this info on to Sam :slight_smile:

    Thanks again guys for all your help in getting this sorted.

    Let me know if you have any further questions in the meantime.

    All the best,
    Tyler

  • wp.network

    Thanks for your reply @Tyler Postle

    1) I am aware that DM v4.2.0.5 has been released, have not yet updated, mostly due to the following:

    "Directed to mapped primary domain" is not working as expected. I've passed this info on to Sam :slight_smile:

    2) If the above is still being worked on, perhaps I will wait to update
    2a) If above has already been worked on I can update and test, please advise

    3) On the current DM project page, there seems to be a tiny typo in the change log

    * Fixed: bug in SSO when logging in subdomain and not getting logged in in mapped domain

    should likely read

    * Fixed: bug in SSO when logging in subdomain and not getting logged in to mapped domain

    Thanks for the speedy work here, this is a crucial bit of functionality!

    Kind Regards,
    Max

  • wp.network

    Tested 4.2.0.5

    Login issues seem resolved

    Outstanding issues include:
    1) mapped domains frontend redirect not forced to http, allows https
    see attached pdf
    2) mapped domains frontend redirect incorrectly forced to https when network > settings > domain mapping : "Would you like to force http/https in front-end page" is set to "Force https"
    see attached pdf

    Not important for my desired configuration, but I noticed:
    3) mapped domains frontend redirect not forced to https, allows http
    see attached pdf

    Attached screenshot goes with "Super Freaky Behavior" described in pdf - notice address is http yet security error is shown?

    Browser data & local dns cache cleared throughout testing :slight_smile:

    Hope this helps narrow things down a bit.

    Creds remain the same, Support access is Active.

    The mapping for TIVISMorg subsite remains setup to force https in mapped domain frontend redirect, though it is not working - this only remains for testing.

    The mapping for all other subsites is setup to force http in mapped domain frontend redirect, though it is not working - see pdf.

    All other settings are as desired, except for network > settings > domain mapping : "Would you like to force http/https in front-end page" which is currently set to "No" - my desired setting is "Force https" but this causes errors as documented in attached pdf.

    As I stated in my original post, my desired configuration is:
    Primary should be forced HTTPS frontend
    Primary should be forced HTTPS login/admin
    Subsites should be forced HTTP frontend @ Mapped URL
    Subsites should be forced HTTPS login/admin @ Original URL

    Thanks WPMUDev|(Sam) for your work on this, looking forward to clearing these last few hurdles :slight_smile:

    Kind Regards,
    Max

  • wp.network

    Tested 4.2.0.6

    mapped domains frontend redirect incorrectly forced to https when network > settings > domain mapping : "Would you like to force http/https in front-end page" is set to "Force https" --> Resolved!

    Outstanding issues include:
    1) mapped domains frontend redirect NOT forced to http, allows https
    https://www.beaverton.bike should be forced to http://www.beaverton.bike but is NOT
    https://www.winwinwork.com should be forced to http://www.winwinwork.com but is NOT
    see attached pdf

    Not important for my desired configuration, but I noticed:
    2) mapped domains frontend redirect NOT* forced to https ONLY in Internet Explorer
    see screenshot & pdf
    2a) mapped domains frontend redirect IS forced to https in Chrome, Firefox, Safari (this is improved from 4.2.0.5!)
    http://www.tivism.net IS forced to https://www.tivism.net as expected with current settings
    see pdf

    Attached screenshot goes with IE issue described in #2 above - notice address is http yet security error is shown?

    Browsers tested: IE, Firefox, Chrome, Safari

    Platforms tested: Win8, OSX, Android

    Browser data & local dns cache cleared throughout testing :slight_smile:

    Hope this helps narrow things down a bit more.

    Creds remain the same, Support access is Active.

    The mapping for TIVISMorg and TIVISMnet subsites remain setup to force https in mapped domain frontend redirect - this only remains for testing.

    The mapping for all other subsites is setup to force http in mapped domain frontend redirect, though it is NOT working - see pdf.

    As I stated in my original post, my desired configuration is:
    Primary should be forced HTTPS frontend
    Primary should be forced HTTPS login/admin
    Subsites should be forced HTTP frontend @ Mapped URL
    Subsites should be forced HTTPS login/admin @ Original URL

    Thanks @Sam & @Tyler Postle for your work on this, looking forward to clearing these last few hurdles :slight_smile:

    Kind Regards,
    Max

    • Gabe

      @TiViSM Hey Max, the multidomain thing was a bug I originally reported here: https://premium.wpmudev.org/forums/topic/minor-typo-in-domain-mappingphp

      The multidomain support is intended to be off by default and manually enabled if required. In previous versions it was on by default. So to enable it, just uncomment it. You can find it in domain-mapping.php in the main plugin folder on line 37 and 38:

      // UnComment the line below to allow multiple domain mappings per blog
      //define('DOMAINMAPPING_ALLOWMULTI', 'yes');
      • wp.network

        Thanks for correcting me @Gabe!

        I don't usually use that feature and had forgotten when it changed to a hidden thing by default :slight_smile:

        I had seen some leftover changes that Sam had made on my network (added non-www domain for subsite mapped to www domain) and was looking into that when I noticed that I could not use features I remembered.

        How about the other bug?

        mapped domains frontend redirect NOT forced to http, allows https

        Any thoughts/experience?

        Cheers, Max

        • Gabe

          @TiViSM Hey Max. It's kind of fixed on my end. In the domain mapping settings of each subsite if you select to force http it'll still throw an SSL error, but it will eventually redirect to http after clicking through the SSL warning. This may just be the way it is since browsers are more cautious about SSL errors these days (web is moving to all SSL) and the plugin doesn't force http early enough in the page loading process, @Sam will have to confirm is this is as intended or not.

          • wp.network

            Thanks for the confirmation @Gabe

            if you select to force http it'll still throw an SSL error, but it will eventually redirect to http after clicking through the SSL warning.

            This is my experience as well.

            the plugin doesn't force http early enough in the page loading process

            I was thinking similar, don't have tech skills to analyze that carefully :slight_smile:

            I hope Sam knows how to address this; I noticed that in 4.2.0.6 if you select to force https in the domain mapping settings of each subsite that https is now forced...

            I'm thinking 'why does one way work and not the other?' but I have no real answers to share, just observations of behavior :slight_smile:

            Again, thanks for taking the time Gabe

            Aloha, Max

  • Sybre Waaijer

    Hi @TiViSM - This is a little bit too much text for me to read all through so I'm going to ask a few questions directly:
    1 Do you have a certificate for tivism.com?
    2 Do you use WHM/cPanel?
    3 Do you want tivism.com to have mandatory //www.?
    4 Do you want tivism.com to have a certificate?
    5 Why have you chosen for subdirectory instead of subdomain?
    6 Are you planning on selling hosting accounts through your WPMU install?

    • wp.network

      I feel you on the volume issue @Sybre :slight_smile:

      1 Do you have a certificate for tivism.com?

      Wildcard SSL
      2 Do you use WHM/cPanel?
      cPanel, no WHM
      3 Do you want tivism.com to have mandatory //www.?
      primary=non-www
      mapped subsites=www
      4 Do you want tivism.com to have a certificate?
      ? not sure I understand this Q... I desire:
      Primary forced HTTPS frontend & login/admin
      Subsites forced HTTP frontend @ Mapped URL
      Subsites forced HTTPS login/admin @ Original URL
      5 Why have you chosen for subdirectory instead of subdomain?
      Mostly to mitigate certain technical issues: I have been told that using subdomains is more complicated technically than using subdirectories.
      My primary need with WPMS is for mapped domains; however bare subdomain addresses would actually work really well with my primary:
      ac.tivism.com | rela.tivism.com | click.tivism.com | wp.tivism.com | sybre.tivism.com
      and so on :slight_smile:
      I do appreciate that subdomains would serve to isolate my primary from impacts of subsite use seo-wise compared to subdirectories.
      I would love your opinion on subdomain vs. subdirectory wpms!
      6 Are you planning on selling hosting accounts through your WPMU install?
      Hosting=no
      I plan to use ProSites to charge an ongoing platform access fee & also will have a setup fee during registration - Demo level, no free level. This will essentially be a closed-network model.

      My primary issue at this point is the bug noted above:
      mapped domains frontend redirect NOT forced to http, allows https

      I am very curious to know if you observe this with subdomains?

      If you are not experiencing the above bug, I may decide to wipe my install and test with subdomains.

      Looking forward to your reply :slight_smile:

      Cheers, Max

      Attached: pdf results of my 4.2.0.6 test matrix

      • Sybre Waaijer

        I definitely would like to promote the use of subdomains instead of subdirectories. I haven't had any specific issues that I remember with the use of subdomains, and yes: Google treats them as different domains so your SEO ranking will be much better.

        It's possible to change it without re-installing your WordPress, but I've done so 5 months ago so I can't really recall on how to do this. I know it involves this page: https://yourdomain.net/wp-admin/network/setup.php, disabling multi-site AND of course DISABLE all plugins before you go and do so.
        Yup, I'd recommend a reïnstall if you are planning on going for a subdomain install (there's not much to lose for now) - You have the wildcard cert already which you paid good money for :slight_smile:.

        In the PDF you posted, I noticed one line: "issue in IE11". This is because IE11 has a much superior cache handling (at least, for developers) than Chrome and FireFox and uses the best practices. This means most of the time, if an issue is present in IE11, it's most likely to stick and be an issue in Chrome/Firefox too in the near future.
        I know everyone's bashing Internet Explorer but I'd use it as my default browser over any if it had fully supported ad-blocking.

        Before I elaborate any further, I have some follow up questions:
        1. Have you installed the certs correctly in cPanel, meaning: are the certs installed per domain instead of per IP?
        2. I assume you have a dedicated IP address?
        3.
        www. is a subdomain in itself and has been introduced by server developers to easily document their website's behavior, be it http://ftp.domain.com, http://www.domain.com, mail.domain.com etc.
        They could've just used: domain.com:21, domain.com:80, domain.com:143.
        Now www. is so widely used but has never had a real meaning. However, WPMU doesn't really like subdomains for their subdomains/directories.
        Wouldn't it be easier to create a CNAME to the main domain where users get redirected to if they type in http://www.tivism.net - Just like you've done so with http://www.tivism.com? This would solve a lot of problems already.

        I await your response. I believe that you need to solve problems in the core first before you solve the things outside of it - this goes for relationships, wars, industries and also your WPMU install :slight_smile: Yup, I'm that deep.

        EDIT:
        5. Do you want //tivism.net to have a cert (and use SSL)? And do you have a certificate for it?

        • wp.network

          @Sybre

          1) Thanks for your thoughts on subdomain viability & seo

          2)
          This is a sandbox install; I am an expert at setting up WPMS at this point, its trivial to do it again and that way I know for sure everything is reset (caveats of being a tech-limited dev).

          3)
          "IE11 has a much superior cache handling than Chrome and FireFox ... This means most of the time, if an issue is present in IE11, it's most likely to stick and be an issue in Chrome/Firefox too in the near future." --> this is great to know, and to me, emphasizes possibility of lurking bugs in mapped domain fronted redirects correctly forcing protocol schema...

          4) "Before I elaborate any further, I have some follow up questions:"
          4.1. Have you installed the certs correctly in cPanel, meaning: are the certs installed per domain instead of per IP?
          My host (SiteGround.com) installed SSL.
          I have just checked with them, they say:

          The SSL certificate is installed in the cPanel for your domain only.
          It is installed for a specific domain and it also provides your account with a dedicated IP.

          4.2. I assume you have a dedicated IP address?
          yes - 185.56.85.36
          4.3. Wouldn't it be easier to create a CNAME to the main domain where users get redirected to if they type in http://www.tivism.net ?
          Generally, yes. However, the need for 'www' use with mapped domains is related to my hosts CloudFlare integration (I want to try using CF Railgun for mapped domains - primary NOT using CF).
          for instance: http://www.winwinwork.com is a mapped URL for https://tivism.com/winwinwork-secure-access
          4.3a) Just like you've done so with http://www.tivism.com?
          As far as I knew, WP itself was controlling the redirect from http://www.tivism.com to tivism.com based on SITEURL/HOME values?
          4.3b) This would solve a lot of problems already.
          First clarifying that I ONLY wish to use 'www' for mapped urls and NOT primary site or 'original' subdomain/subdirectory urls, I am wondering if you have any particular problems in mind, or just a general observation? - While I am open to abandoning attempt to use CF Railgun (and thereby abandon any use of 'www') if this is the sticking point, WPMUDev has said that using 'www' in mapped URLs is supported. Thoughts?

          5) Thank you very much for your inputs, I believe community collaboration leads to non-zero sum outcomes - this goes for relationships, wars, industries and also my WPMS install - Yup, I'm that deep too. :slight_smile:

          Kind Regards & Aloha, Max

          • Sybre Waaijer

            Hi @TiViSM, in response to your answers:

            4) 1. I see you have limited control over your content, this isn't a bad thing, but it could make customization and problem solving a bit hard.
            I noticed http://www.tivism.net is calling the tivism.com certificate. This should not happen if the certs are installed correctly. Please tell your hosting provider the following:
            "https://www.tivism.net is loading the Wildcard Certificate from https://*.tivism.com, why is this?"

            2. Good

            3. I've also installed CF Railgun and the www. is not mandatory. Note: I have installed it for my users to use CloudFlare if they want, however, the "changes" they make in themes and the like will not propagate until a big change like a new blogpost has been produced. Even then, not all pages will change their theme for a good 5 to 24 hours. This is extremely NOT user-friendly although your server load will be lower on regular visits.

            3a) Yes and no,
            (darn auto http://www in these forums, ignore my //'s)
            it's also in your DNS settings:

            www is the CNAME of //tivism.com.
            //tivism.com is the ANAME for 185.56.85.36

            tivism.net is the ANAME for 185.56.85.36
            www is the CNAME of //tivism.net

            You forced the CNAME to be the default, this is generally acceptable and works well - unless you're in a WPMU environment.

            3b) elaborating on 3a) Yup, it's a problem.
            From http://wpmututorials.com/hacks/forcing-mu-to-use-www/
            Ron (a WP core developer):

            WordPress will respond to the www. (as did MU). If you want to force it on the www then change your site & home URL to www before installing the network. If you force it on the www, a WordPress network won’t respond to the non-www URL.

            This means that you're basically blocking out the regular URL. Note that his post is 4 years old though.

            From http://codex.wordpress.org/Before_You_Create_A_Network

            While it's not recommended to use www in your domain URL, if you chose to do so and plan to use subdomains for multisite, make sure that both the site address and the WordPress address are the same. Also keep in mind some hosts will default to showing this sort of URL:

            http://codex.wordpress.org/images/1/1b/no-www.png

            For this, and many other reasons, we do not suggest you use www in your domain name whenever possible. If you plan on changing them to domain.com or http://www.domain.com, do so before you begin the rest of the setup for multisite, as changing the domain name after the fact is more complicated.

            For these reasons and warnings, many users defer from using www. in their multisite domains and is less supported because of this.

            For example, Domain Mapping strips the URLS to work correctly, now they also have to ruminate and code the www. in them (and preserve them, or not) in the URLS - As you can see, it causes confusion and bugs.

            It's best to stick to the most commonly used practices (e.g. wordpress.com and edublogs.org) so you'll get the best results out of your production.

  • wp.network

    Update: In addition to above detailed bug (mapped domains frontend redirect NOT forced to http, allows https) - I have noticed another apparent bug:

    All subsites with mapped addresses are not forcing the mapped address when set to force mapped address for frontend redirect.

    Current settings:
    Network > Settings > Domain Mapping
    Admin Mapping: Original
    Login Mapping: Original
    Cross-Domain: Yes
    Verify: No
    Force HTTPS Login/Admin: Yes
    Force HTTPS Frontend: Yes

    Subsite > Tools > Domain Mapping
    Protocol: http:// - (two testing subsites set to force https://)
    Frontend redirect: mapped (primary)

    I have tested on WIn8, OSX, Android w/ chrome firefox, IE, safari
    browsers/local dns cleared in testing

    This behavior is the same for mapped domains set to force http & mapped domains set to force https.

    Mapped domains set to force http
    http://www.winwinwork.com -- https://tivism.com/winwinwork-secure-access
    http://www.beaverton.bike -- https://tivism.com/beavertondotbike-secure-access
    http://www.beaverton.marketing -- https://tivism.com/beavertondotmarketing-secure-access
    http://www.canna.farm -- https://tivism.com/cannadotfarm-secure-access

    Mapped domains set to force https (for testing only)
    https://www.tivism.net -- https://tivism.com/tivismnet-secure-access
    https://www.tivism.org -- https://tivism.com/tivismorg-secure-access

    Currently, all the above addresses are resolving for me.

    They are all behaving as though I had set the frontend redirect option to 'as entered by user' but they are all set to 'mapped (primary)' ?

    Cheers, Max

    Just created a new subsite and mapped URL forced to http & without 'www' for testing, all other settings same; behaves the same.
    http://beavertonlandscaping.com -- https://tivism.com/beavertonlandscaping-secure-access

  • wp.network

    Update for WPMUDev Staff, @Tyler Postle and @Sam

    I still consider there to be two significant issues unresolved from this thread, both seemingly related to the settings made at subsite > tools > domain mapping.

    1) All subsites with mapped addresses: frontend redirect NOT forced to http when protocol selection is http://, allows https as well ( http://beavertonlandscaping.com & https://beavertonlandscaping.com )
    2) All subsites with mapped addresses: NOT forcing the mapped address when set to force mapped address for frontend redirect, allows original address as well ( http://beavertonlandscaping.com & https://tivism.com/beavertonlandscaping-secure-access )

    I'd like to see the settings do what they say, however, immediate results are more important to me right now, so I am open to temporarily using workarounds which will produce my desired outcomes (such as custom htaccess):
    Primary forced HTTPS frontend
    Primary forced HTTPS login/admin
    Subsites forced HTTP frontend @ Mapped URL
    Subsites forced HTTPS login/admin @ Original URL

    I am also open to spinning the remaining issues out into their own bug report threads as this one is now enormous :slight_smile:

    Finally, @Gabe and particularly @Sybre have been really helpful here; I've sent some rep points, but believe they each deserve more and hope y'all will send some their way :slight_smile:

    Kind Regards,
    Max