Multisite with domain mapper and SSL

There’s a checkbox in the domain mapping settings to tell it to use the subdomain for the admin area or not.

In 3.0 there’s a problem using FORCE_SSL_ADMIN with a wildcard cert and domain mapping:

If you go to https://site.com/wp-admin it will redirect to SSL at https://site.com/wp-login.php, then redirect to https://site.network.com/wp-login.php, which will get you a certificate warning because you probably don’t have a valid cert for site.com.

It works fine if you directly to https://site.example.com/wp-admin, but it would be better if you could just tell users to go to /wp-admin.

FORCE_SSL_LOGIN works fine with domain mapping, but once you’re in it’s not secure.

The redirection happens at the beginning of wp-login.php, and I don’t know if there’s any way for domain mapping or any other plugin to modify this behavior. If not, should this be a bug filed with WP core?

Nathan

Thanks for your confirmation of this issue Nathan. In the meantime I made a small plugin that modifies the admin links to point to the correct domain.

<?php
/*
Plugin Name: Better Admin Links
Description: Makes admin links go to the WP multisite domain when using domain mapping and HTTPS
Author: Robert Carter
Version: 0.1
*/

function fix_domain( $link ) {
	$opt = get_alloptions();
	$siteurl = $opt['siteurl'];

	preg_match('|(http[s]?://.+?/)|', $link, $m);
	$mappedurl = $m[1];

	$html = str_replace($mappedurl, $siteurl, $link);

	return $html;
}

add_filter('edit_post_link', 'fix_domain');
add_filter('get_edit_post_link', 'fix_domain');
add_filter('edit_comment_link', 'fix_domain');
add_filter('edit_bookmark_link', 'fix_domain');
add_filter('edit_tag_link', 'fix_domain');

//add_filter('loginout', 'fix_domain');
//add_filter('register', 'fix_domain');

?>

If anyone can tell me how to modify the top-left link on the wordpress login page (_back to MySite_), that would help.

Rob

The redirection happens at the beginning of wp-login.php, and I don’t know if there’s any way for domain mapping or any other plugin to modify this behavior.

There is:

$location = apply_filters('wp_redirect', $location, $status);

The plugin might be able to hook in there and redirect to the appropriate mapped domain.

Just created a Trac ticket.

Rob

Thanks Mark, will test and report back.

The plugin might be able to hook in there and redirect to the appropriate mapped domain.

The issue they are having is wp-login is initially redirecting to the mapped domain which they don’t have a SSL certificate for.

In this instance what needs to be done is add a small plugin that filters on wp_redirect and changes the request for the SSL mapped domain login to the SSL subdomain login.

Quick and dirty: https://gist.github.com/821559

Working for me so far when placed in mu-plugins, but this is the 1st plugin I’ve ever written, so any feedback and cleanup would be appreciated.

Nathan

I’ve got a 1st draft plugin up on GitHub. If anybody’s interested I can put it in the plugin directory and such things:

https://github.com/cramerdev/acms-admin-wildcard-redirect

Hey Nathan, your plugin works great! A much more generic solution than matching links in the content. I will contact Donncha O Caoimh – the author of domain mapper and point him to this thread. Perhaps he can add this function into domain mapper.

The only remaining issue is the one I mentioned before. When you click the link

<- Back to All about fish

On a page like this:

https://allaboutfish.mywww.ads-software.com/wp-login.php

You go to https://allaboutfish.org – so you still get a cert error in this case.

Anyone know a filter hook to take care of that one?

Rob

Rob, up in the posts above Ron is also one of the domain mapping devs….