Where to upload files for subdomain over HTTPS in PLESK 10? - ssl

This has taken me hours already.
I've a new server with a fresh PLESK 10 installation. Now subdomains are handled differently in PLESK 10, that I know (not domain.tld/subdomains/httpdocs but domain.tld/httpdocs_subdomain for instance).
Now, I got a subdomain working over HTTP perfectly. However, when I change it to https://subdomain.domain.tld it just gives me a Default page.
In older versions, one could select "use one directory for both http and https" but PLESK 10 seems to make no difference anymore. However... Why do I get a Default Page when using https? And more important: How to fix this?
I hope someone can help me out!

Plesk 10 changes the way it manages http and https.
Both http and https point to the same directory now.
When you create a subdomain in Plesk 10, a directory is created in your http root and in the subdomains folder, so say you create a subdomain called "secure", you'll get:
/secure
/subdomains/secure
As for your issue, is SSL enabled for that subdomain?
Within Plesk 10 ensure you have SSL enabled:
Website & Domains
Click on your subdomain
Check Enable SSL Support

Maybe its easy:
Open Plesk
Click on required Domain
Click on File Manager
Click Sub Domain Folder.
Click Add File
Give the path and Click on some buttons.
It does not matter if you are using plesk with https ot http, because even configured over SSL it always fetch the files from httpdocs folder.

Related

Clean install of Apache redirects domain to https

I've just done a clean install of my server, and installed apache and PHP. I've adapted the default apache virtual hosts file to target the necessary folder and enabled the site, but for some reason when I attempt to access the page in a browser it attempts to reach https://example.com/ instead of http://example.com/
This is newly installed apache server so I have no clue why it would try and use SSL, and as far as I can tell my DNS settings for the domain are correct and I can't see any redirects to https

Why are http and https protocols pointing at different directories?

I originally had 4 subdomains, and when each was created, they were assigned a subdirectory off my public_html
So
subdomain1 points at public_html/subdirectory1
subdomain2 points at public_html/subdirectory2
subdomain3 points at public_html/subdirectory3
Each had a Wordpress site installed in the appropriate subdirectory
I then purchased a global (wildcard) SSL certifcate, and installed it... so it was for *.mydomain
And then all I had to do is in each Wordpress install, change the site url and home url, in General settings, to be https: subdomain.mydomain instead of http:subdomain.mydomain
Everything worked fine, I had no other changes to make.
Since then, I have added new subdomians, subdomain 4 and subdomain5
Again, each was assigned a subdirectory off public_html
subdomain4 points at public_html/subdirectory4
subdomain5 points at public_html/subdirectory5
Wordpress installed on each.
Each worked OK when the site and home urls were http:
Changing to https: site becomes unobtainable! White screen all the time, no error messages.
I contacted the tech support of my hosting providers, and what we established was that an http: request was targetting the public_html/subdirectory4 (or 5) directory, but that an https: request was targetting public_html ! They said that I had to amend my public_html/.htaccess file to redirect the https requests, on a subdomain by subdomain basis, to the relevant subdirectory.
Apart from this having knock on effects in the code of my sites, some of which is common across all 5, I do not understand why this is necessary. It was not necessary for the original sites that were present when I installed the SSL certificate. There are no entries in either the .htaccess file in public_html or in the .htaccess files of each subdirectory that pertain to http or https access.
There must be something else somewhere that makes the original subdomains work, but not the new ones created SINCE the SSL certificate was installed.
And it is nothing at all to do with Wordpress because I created a new subdomain and subdirectory with nothing but an index.php file echoing "Hello world", and it works if requested through http, not if requested through https:
I need to know anything else that can be making the original subdomains work WITHOUT any alteration to the .htaccess files, and why the new subdomains, created after the SSL certificate was installed, behave differently. And then obviously how to make them behave as the original subdomains do.
Don't know why the Tech Support for my hosting company couldn't tell me this, it was so simple once I looked in the right place.
Logged into WHM, and there's an SSL/TLS tab. Looking under "Manage SSL Hosts", I could see the subdomains that were working correctly had an entry in the table there. Backing out, and going to "Install an SSL Certificate on a Domain", I was able to install the certificate to the new subdomains, and lo and behold, when I returned to "Manage SSL Hosts", the new subdomains were there too.
So, undid all the changes made to the new WP installs, and now working perfectly, in the same manner as the all the other subdomains.
Hope this saves somebody else half the time I wasted!

MAMP PRO document root forbidden when adding ssl

Just upgraded to Mamp Pro 3.5 from simple MAMP and all worked great till I added a self signed cert.
My document root for my local.mysite.com was set to htdocs/html/magento
Site works fine using http.
When I add the self signed ssl the site now only works correctly at https pages. If I try to go to any page without https such as http://local.mysite.com/store I get this in the apache log:
File does not exist: /Applications/MAMP/htdocs/store
If I uncheck the ssl the http urls all work again.
Did I miss something in the set up?
Thanks
It's far from obvious, but you can actually add a second host with the exact same domain name (local.mysite.com in your case) but this time leave SSL disabled on the SSL tab.
You'll therefore have two hosts, both for local.mysite.com. One is for https and the other for http.

Cannot identify how one website is redirecting to another

I have a strange problem which I can't identify the cause of.
There are two servers which host two different sites. Both sites are PHP-based apps.
Server 1 (Ubuntu)
https://app.site1.com
Server has SSL enabled for this site. This site works fine.
Server 2 (Red Hat)
http://app.site2.com
Server does not have SSL enabled for this site.
Here's what happens:
If I access site 2 on http:// it works fine.
If I access site 2 on https:// it redirects to site 1 on the other server.
Now obviously there is something telling this subdomain to go to the other site when served via SSL.
What I have checked:
All virtual hosts on both servers
All DNS records on both servers
All Site 2 website code
Site 2 .htaccess files
Using uncached browsers
There is NOTHING on either of the servers, that I can find, telling site 2 to redirect to site 1, only on HTTPS. Now obviously I don't expect anybody to find the problem directly because you can't see my entire server configuration, but I am looking for suggestions as to where else this redirect could come from.
I could understand this if you had site1 and site2 hosted on the same server.
Basically if you have no config set up for a second vhost on https (port 443) then Apache will fall back to first vhost by default.
So if both sites were in same Apache config then that might be it. But you say they are not. Are you sure you are not serving both sites from the same server (perhaps with a copy in the other server)? Are the IP addresses the same? Are there any load balancers or CDN infrastructure in front of both servers?
Also you say "If I access site 2 on https:// it redirects to site 1 on the other server." Can you explain more about what happens here? If you go to site 2 and do not have https set up then how can this even respond to this request? What certificate is being presented to that initial request (i.e. before the redirect)? Is it the site1 certificate? And if so then do you get a certificate error in the browser (since its presenting the wrong certificate for the site you requested) that you have to click through before you get redirected? Or is the cert valid for both sites?
You can also use this openssl command to see what the server returns (and in particular which certificate it returns):
openssl s_client -connect app.site2.com:443
It would also be handy to look at the browsers developer tools and see how exactly the redirect is happening. In Chrome press F12, go to Network tab, click on preserve log and then go to https://app.site2.com/. What is the first request? Is it a 301 or 302 (i.e. Server side redirect)? Or if it's a 200 followed by the https://app.site1.com/ then some piece of JavaScript must have caused the redirect.
Once you have answered those questions it may be possible to provide further guidance.

SSL 301 Redirect Errors- Joomla and Nginx

My website is www.survivorssupply.com. I want to use SSL for my entire site because when I use SSL on only certain portions, the SSL certificate says certain parts were not delivered securely, not everything is secure, etc.
When I go into the Joomla admin panel, I set the entire site to force SSL for everything. I then get an issue with an endless redirect loop (301 error). My site is running the latest version of Joomla 2.5 on Nginx.
Is there some kind of rewrite I can use or does anyone know any Joomla tricks?
You are probably missing an extra parameter in the 443-section of your Nginx configuration. Add "fastcgi_param HTTPS on;" to the fastcgi-section.
#alfasin, Nginx doesn't use files like httpd.conf or .htaccess
check your httpd.conf and .htaccess for 301 redirect rules regarding HTTPS
you receive the warning that parts of your site are not secured because you have embedded links which use HTTP instead of HTTPS - I would create a backup of teh site and start changing all the urls in the: template, articles, modules etc.