Tag Archives: ssl

WordPress, HTTPS, CDN and W3 Total Cache – Take 2

I’ve previously mentioned some of the workarounds of using the excellent W3 Total Cache plugin with a CDN and utilising HTTPS on some pages. The heart of the matter is that some CDN providers do not provide Custom HTTPS support out of the box or do but with a normally large monthly fee attached, some like the excellent MaxCDN will provide free shared SSL support but that is on there own domain, for example for this website, using MaxCDN my HTTPS domain for CDN is stswebsite-somersettechnica.netdna-ssl.com.

The Problem

By default when you configure W3 Total Cache with a CDN it assumes that your CDN hostname is the same for HTTP or HTTPS. However for providers like MaxCDN and people that don’t want to pay or simply merit the costs of Custom HTTPS support, this means, that as before without disabling CDN on HTTPS pages you would get a mixed content error or worse the CDN elements may fail to load at all, something especially true with Google Chrome.

The Solution

We stumbled upon a solution while chatting with the W3 EDGE team about the issue that there currently exists a way to specify the HTTPS CDN hostname separately from the HTTP hostname. It appears that this feature request was completed some time ago but never made its way into documentation, and the solution is remarkably simple and requires no code changes or additions to get working.

w3tc-cdn-settingsYes it is that simple! in case the image is unclear, in the replace site’s hostname with field, simply supply a comma separated list of hostnames in the format

cdn.httpdomain.com, cdn.httpsdomain.com

and W3 Total Cache will do the rest for you. If you take a look of our Contact page source then you will see that things like CSS files are now loaded from the different HTTPS endpoint compared to the other pages on the site.

If you are a MaxCDN or NetDNA customer you can find your HTTPS domain very easily, login to your MaxCDN/NetDNA portal, go and manage your Pull Zone, there should be a tab called SSL, simply make sure the enable shared SSL option is ticked and save your settings, then the SSL URL should be shown on that same tab if it wasn’t already like in this screenshot:

maxcdn-ssl

Now you can enjoy faster more consistent page load times even on HTTPS without causing an extra drain on your server or your wallet.

WordPress, HTTPS, CDN and W3 Total Cache

I’ve worked with a few sites recently that use HTTPS to secure certain parts of there site and also a couple of pages here are SSL protected due to the data captured. If you use the W3 Total Cache plugin like I do, and I really recommend that you do if you have a wordpress site, and make use of its CDN functionality, you might hit the following snag:

My CDN provider doesnt provide a HTTPS endpoint or its different to my normal CDN URL

the simple solution to this would be, to force loading of cdn assets via HTTP like so:

 

 

 

 

This has one other issue

Why dont i see the Blue/Green Bar?

That’s because your loading HTTP assets on a HTTPS page, for some this is an acceptable tradeoff. but for some this is bar is a must to convey trust to users. Thankfully the solution is fairly simple, Disable the CDN on SSL pages. To disable the CDN on SSL pages only add the following code snippet to your themes functions.php file, this snippet requires the W3TC plugin to be enabled and working to work as its code that tells W3TC: “hey, don’t load the cdn on this page!”

add_action('wp_head','nocdn_on_ssl_page');
function nocdn_on_ssl_page() {
if ($_SERVER['HTTPS'] == "on") {
define('DONOTCDN', true);
}
}

reload an SSL page and watch the address bar and do a view source to see the results!

Nginx and SSL – PHP Redirect Loops

Small post, I’ve been struggling a little with getting ssl to work reliably with https. specifically relating to the following piece of code:

fastcgi_param   HTTPS   on;

Lets wind back, I can get HTTPS working with nginx no problem and the above provided I do the following, maintain 2 vhosts for the same domain, one for http and one for https. The only difference is that the above line is present in the HTTPS vhost’s PHP block.

However thats messy, I either have to maintain 2 vhosts or then deal with extra includes, which just asks for trouble to maintain. Nginx has supported combined HTTP and HTTPS vhosts for some time, so I looked at how I could make this work within a combined vhost. with a little bit of IF magic (yes I know ifisevil) I can add the following to my fastcgi_params file and just forget about it 🙂

set $ssl off;

if ($ssl_protocol != "" ) {
set $ssl on;
}

fastcgi_param   HTTPS                   $ssl;

Now PHP scripts will correctly detect SSL status and work correctly, no nasty redirect loops (particularly with WordPress) and nice clean vhosts and easy management. Hopefully the great team at Nginx can convert this bit of code into an actual variable in the SSL module which would probably be faster at higher traffic levels