Timeout users on ssl sessions in multisite

It looks like google is expecting every site to use ssl in near future and I don't know what impact this has on multisite performance etc.

Starting a new multisite project I have setup on a server with plesk 12.5 using apache-Nginx. I have the free certificates from Lets Encrypt. I have a test bed using "domain mapping plugin" that has multiple domains.tld each having their own Lets Encrypt certificate.

1. Do I need a "user timeout" plugin to conserve resources ?
2. Are there any specific server and / or plugin settings for using ssl for performance?
3. Are there any problems with wpmudev plugins for multisite with multiple domains using multiple ssl certificates?
4. Are there nginx directives for this configuration?

Thank you.

  • Predrag Dubajic

    Hi wpmudevorg24,

    Hope you're doing well today :slight_smile:

    I'm no SSL expert but I'll do my best to help you out here with these questions :slight_smile:

    1. Do I need a "user timeout" plugin to conserve resources ?

    This would mostly depend on the server you running on and the package you have for your hosting.

    2. Are there any specific server and / or plugin settings for using ssl for performance?

    Perhaps this could help with server setup:
    http://www.lognormal.com/blog/2013/06/22/setting-up-ssl-on-nginx/

    To reduce load from Domain Mapping settings you can disable Cross Domain login, Verify domain's DNS settings and Check Domain propagation before mapping options.

    3. Are there any problems with wpmudev plugins for multisite with multiple domains using multiple ssl certificates?

    I don't remember any complaints so far, if you do hit some issues let us know and we'll gladly help.

    4. Are there nginx directives for this configuration?

    This would be best asking your hosting provider as they should be able to give you best suggestions for their servers.

    Best regards,
    Predrag

  • Lee

    I am sorry for not making myself more clear.

    When I ask questions here in support forum it is specific to wpmudev plugins and concerns not hosting etc. unless wpmudev plugin needs a specific hosting setup hence why I ask the questions.

    Since wpmudev staff are the experts on multisite I thought I would gain insight to problems before they occur by asking about ssl issues.

    I am having all kind of hummingbird issues if I use recommendations for nginx directives. That is another trouble ticket.

    I can search for things on the web for general config so please review again with an eye to use of wpmudev plugins. If there are no know issues great but hard to believe.

    Thank you.

  • Adam Czajczyk

    Hello wpmudevorg24!

    Let me please rephrase what my colleague Predrag wrote and add up to it a bit. I hope this will help here.

    1. Do I need a "user timeout" plugin to conserve resources ?

    In my opinion there's no need for this. I didn't come across any resource/performance related issues on our members' sites where the SSL certificates where implemented and properly configured. By "properly configured" I mean that the implementation wasn't leading to "mixed content" issues and/or "too many redirects" issues (which are the two most common problems).

    2. Are there any specific server and / or plugin settings for using ssl for performance?

    I'm not aware of any. The SSL is handled, as you know, on a server level rather than on WP level. If any such issues (slower performance of sites due to e.g. large number of certs implemented) would occur this would be something for the hosting provider/server admin to investigate and diagnose.

    3. Are there any problems with wpmudev plugins for multisite with multiple domains using multiple ssl certificates?

    There shouldn't be any if only the server is able to handle multiple SSL certificates. Domain Mapping plugin doesn't care if server handles single or multiple SSL certificates. As long as server properly transfers all traffic/data to it, it will work.

    4. Are there nginx directives for this configuration?

    This is strictly server-related question. As I explained above, nor WordPress neither Domain Mapping plugin doesn't require any specific settings here as long as server and/or web server software (NGINX) in this case functions as expected. Therefore, if SSL certificates are handled by NGINX both WordPress and Domain Mapping should be fine with it.

    As for nginx-specific setup for multiple certificates, this may be of help (most likely starting from "Create Virtual Host" section):

    https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-nginx-on-ubuntu-12-04

    If you have any further questions, please ask and I'll be happy to answer.

    Best regards,
    Adam

  • Lee

    Thank you for the response.

    1. Domain Mapping plugin with multiple mapped domains doing any kind of transaction will use multiple SSL certificates. I would think that wp-config.php or other configuration might be required to have something set / reset for these overlaps. With all the wpmudev global type plugins crossing domains something has to break or get into a loop.

    I currently have this in wp-config.php but felt it did not address ssl session variables that wordpress or plugins might use.

    define( 'SUNRISE', 'on' );
    define( 'WP_ALLOW_MULTISITE', true );
    define('MULTISITE', true);
    define('SUBDOMAIN_INSTALL', false);
    define('DOMAIN_CURRENT_SITE', $_SERVER[ 'HTTP_HOST' ]);
    define('PATH_CURRENT_SITE', '/');
    define('SITE_ID_CURRENT_SITE', 1);
    define('BLOG_ID_CURRENT_SITE', 1);

    /* Clear cookies each visit */
    define( 'COOKIE_DOMAIN', $_SERVER[ 'HTTP_HOST' ] );
    define('ADMIN_COOKIE_PATH', '/');
    define('COOKIEPATH', '');
    define('SITECOOKIEPATH', '');

    2. Your hummingbird plugin recommends nginx setting that do not work for me. A trouble ticket is open on this issue. I ask here again for nginx settings that might be needed for the reset / cache issues or flow from domain to domain that are potentially similar to items in wp-config.php. The above wp-config.php entries have been suggested to solve redirect issues but I don't know if they are complete.

    3. My setup with Plesk, 12.5, centos 7, apache, nginx and Let's Encrypt seem to work. I have a a few domains mapped to a mutlisite each domain with it's SSL certificate but it is just a bare test bed with nothing going on. Setup just to see how the domain mapping and ssl would work or if.

  • Adam Czajczyk

    Hello wpmudevorg24,

    Thank you for your replay!

    1. Domain Mapping plugin with multiple mapped domains doing any kind of transaction will use multiple SSL certificates. I would think that wp-config.php or other configuration might be required to have something set / reset for these overlaps. With all the wpmudev global type plugins crossing domains something has to break or get into a loop.

    There's no need for additional settings in "wp-config.php". As I mentioned before, for Domain Mapping plugin it makes no difference whether it's a multi-domain certificate or multiple single domain certificates. This is because traffic over SSL "happens" before it even reaches Domain Mapping. The workflow is basically like this:

    browser issues request -> request hits server -> server forwards it to your WP install -> Domain Mapping acts only then

    Furthermore, all the "mapped" domains initially point to the same IP and to the same root folder, meaning that they all (before being mapped) should load the main site of your site. Domain Mapping "reads" the domain and decides which site should be served. However it doesn't "secure/handle SSL" itself. There's an option to "Force SSL" but that's a sort of "redirect". So, with SSL certs fully working Domain Mapping shouldn't come into any issues there.

    2. Your hummingbird plugin recommends nginx setting that do not work for me. A trouble ticket is open on this issue. I ask here again for nginx settings that might be needed for the reset / cache issues or flow from domain to domain that are potentially similar to items in wp-config.php. The above wp-config.php entries have been suggested to solve redirect issues but I don't know if they are complete.

    Since you started a separate thread for this issue, it would be better to continue there. The more specific/narrow is the ticket, the better and faster support we're able to provide you with. It would be great though if you could share a link of that ticket here with me so I would know what's been suggested there and stay in touch with the staff person that's working with you there.

    3. My setup with Plesk, 12.5, centos 7, apache, nginx and Let's Encrypt seem to work. I have a a few domains mapped to a mutlisite each domain with it's SSL certificate but it is just a bare test bed with nothing going on. Setup just to see how the domain mapping and ssl would work or if.

    I understand that it seems to be working fine so far (I'm referring to the Domain Mapping mostly here), is that right?

    Best regards,
    Adam

  • Lee

    Thanks for the details.

    My original question was to find out what I don't know about using multisite and your various plugins.

    I understand that it seems to be working fine so far (I'm referring to the Domain Mapping mostly here), is that right?

    AS far as it working I have not proceeded building out anymore than a simple test bed until I know what direction I can take with marketpress, pro sites, membership2, domain mapping and multi domain plugins. I create two multisites site from scratch one a subdomain and one a suburl/path/dir type. I have two domains for each with their own Lets Encrypt certs. Along with two subdomains with their own Let Encrypt certs. No users no content just default page to learn about the SSL and DNS issues. I have domain mapping and multi domain active.

    So based upon

    Furthermore, all the "mapped" domains initially point to the same IP and to the same root folder, meaning that they all (before being mapped) should load the main site of your site. Domain Mapping "reads" the domain and decides which site should be served. However it doesn't "secure/handle SSL" itself. There's an option to "Force SSL" but that's a sort of "redirect". So, with SSL certs fully working Domain Mapping shouldn't come into any issues there.

    you think the following will work:

    a visitor / shopper landing in a multisite setup that goes from abc.domain.tld selecting product ABC then goes to xyz.domain.tld and selects product XYZ can checkout using a global cart? abc.domain.tld and xyz.domain.tld each have their own certificate on my system not a wild card cert until "Lets Encrypt" decides to support wildcards.

  • Adam Czajczyk

    Hello wpmudevorg24!

    you think the following will work:

    a visitor / shopper landing in a multisite setup that goes from abc.domain.tld selecting product ABC then goes to xyz.domain.tld and selects product XYZ can checkout using a global cart? abc.domain.tld and xyz.domain.tld each have their own certificate on my system not a wild card cert until "Lets Encrypt" decides to support wildcards.

    This is a specific question and thank you for asking it this way. This particular scenario will not work. From MarketPress docs:

    Due to cross-domain security concerns, the global cart is not compatible with domain mapped sub-sites.

    The global cart feature depends on access to cookies and as those are not cross-domain available, especially if the traffic is SSL encrypted. That's a security related issue and not related to the MarketPress and/or Domain Mapping itself.

    The global cart will only work withing the same network, where the sites are set under sub-domains of a main domain.

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.