Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
These are instructions related to this article (How to Properly Set up an SSL Certificate for a News Site Based on WordPress) http://orbisius.com/wordpress/properly-set-ssl-certificate-news-site-based-wordpress/
How To Setup Let's Encrypt SSL certificate for a news Site and Fix Mixed Content Error
///////////////////////////////////
// put this in wp-config.php
// orbisius.com
// GPL
ob_start( 'orbisius_custom_link_corrector_global' );
/**
* This is used here to correct all links that are not ssl
* the known ones are converted to https.
* The unknon ones are sent thorugh a redirect script
*/
function orbisius_custom_link_corrector_global( $buff ) {
// JFIF => JPEG
// Skip modification if servicing binary files via php
// Most of the Word files do contain some compression just like the zip files.
if ( preg_match( '#PK|PDF|GIF|PNG|JFIF#si', substr( $buff, 0, 120 ) ) ) {
return $buff;
}
if ( function_exists( 'is_ssl' ) && is_ssl() ) {
$buff = trim( $buff );
// There's a broken image on blogspot
// I tried to fix it but this breaks the top slider
// blogspot.com/-tSf506il_hI/WCC-OrSOMNI/AAA...
/*$buff = preg_replace(
'#<img.*?-tSf506il_hI/WCC-OrSOMNI/[\w/\s\.]*\s*</div>\s*</div>\s*</div>#si',
'<img border="0" height="320" src="https://4.bp.blogspot.com/-tSf506il_hI/WCC-OrSOMNI/AAAAAAAAark/ZtCogy6lYJIhODIa-naBZgPzwW7Ubng2wCLcB/s1600/stern-report.jpg" /></div></li>',
$buff
);
// ="https://3.bp.blogspot.com/-S-7BTob6PWA/WBXjwF58zHI/AAAAA
$buff = preg_replace(
'#<img.*?-S-7BTob6PWA/WBXjwF58zHI/AAAAA[\w/\s\.]*\s*</div>\s*</div>\s*</div>#si',
'<img border="0" height="320" src="https://3.bp.blogspot.com/-S-7BTob6PWA/WBXjwF58zHI/AAAAAAAARQs/kUAbKdLaLVselpWKpveJtoUm7uy0mjfNgCLcB/s1600/5021131286_f35c898b78_b.jpg" /></div></li>',
$buff
);*/
// Correct http links to ssl ones
$buff = preg_replace(
'#http://([\w\-\.]*)(icopyright.net|feedburner|blogscanada|facebook|desmogblog|google.com|feedblitz.com|blogspot|twitter.com|stumble\-?upon.com|digg.com)#si',
'https://${1}${2}',
$buff
);
// Convert all links that are non-ssl to a redirect link so browsers do not
// complain about mixed secure and non-secure content.
$buff = preg_replace( '#([\'\"])(http://[a-z\d\-\.\:]+)#si', '${1}https://example.com/z-redir.php?r=${2}', $buff );
//$buff .= '<!-- orbisius_custom_link_corrector_global -->';
}
return $buff;
}
///////////////////////////////////
server {
listen 80;
server_name awesome-client.com www.awesome-client.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name awesome-client.com www.awesome-client.com;
root /var/www/vhosts/clients/awesome-client.com/htdocs;
index index.php index.html index.htm;
error_log /var/www/vhosts/clients/awesome-client.com/log/error.log;
location ^~ /.well-known {
allow all;
}
listen 443 ssl http2;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl on;
ssl_certificate /etc/letsencrypt/live/awesome-client.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/awesome-client.com/privkey.pem;
# ....
}
# /user/local/bin/renew_ssl.sh
letsencrypt renew --verbose >> /var/log/renew_ssl.log &2>> /var/log/renew_ssl.log
nginx -s reload
chmod 0755 /user/local/bin/le_renew_ssl.sh
crontab -e
# Will run at 12:30am on the first day of the month.
30 * * 1 * /user/local/bin/le_renew_ssl.sh
<?php
// This is used to rewrite the non-ssl links
// name: z-redir.php
// so the mixed content error is avoided.
// (c) http://orbisius.com
//
// Example
// http://localhost/projects/redirect/?r=http://shamelessmag.com/images/made/images/blog/_resized/WeeklyRoundUp_Main_820_446_90.jpg
// @see http://david.elbe.me/code/php/2014/09/17/cache-images-with-php.html
$r = empty( $_REQUEST['r'] ) ? '' : $_REQUEST['r'];
$r = strip_tags( $r );
$r = trim( $r );
// It seems the browser uses the current connection to load external images.
// So from SSL -> proxy images -> produces mixed content error
if ( preg_match( '#\.(jpe?g|png|gif)#si', $r, $matches )
&& preg_match( '#https?://#si', $r, $matches )
&& ! preg_match( '#example.com#si', $r, $matches )
) {
// Let's cache only the web path because the host can change and the schema
$domain = parse_url( $r, PHP_URL_HOST ); // /images/made/images/blog/_resized/WeeklyRoundUp_Main_820_446_90.jpg
$cache_str = parse_url( $r, PHP_URL_PATH ); // /images/made/images/blog/_resized/WeeklyRoundUp_Main_820_446_90.jpg
$cache_suff = sha1( $cache_str );
// Let's make the dir deep
$web_path_local_cache = dirname( $_SERVER['PHP_SELF'] ) . '/wp-content/zzz_remote_assets_cache/' . substr( $cache_suff, 0, 1 ) . '/' . substr( $cache_suff, 1, 1 ) . '/' . substr( $cache_suff, 2, 1 ) . '/' . $domain . '_' . $cache_suff . '_' . basename( $r );
$local_cached_image_file = __DIR__ . $web_path_local_cache;
$protocol = ( stripos( $_SERVER['SERVER_PROTOCOL'], 'https' ) === true ) || isset($_SERVER["HTTPS"]) ? 'https://' : 'http://';
$full_cache_url = $protocol . $_SERVER['HTTP_HOST'] . $web_path_local_cache;
if ( ! is_file( $local_cached_image_file )
|| ( time() - filemtime( $local_cached_image_file ) > 30 * 24 * 3600 ) ) { // file doesn't exist or is older than 30 days
// Let's not verify ssl stuff.
$ctx_options = array(
"ssl" => array(
"allow_self_signed" => true,
"verify_peer" => false,
"verify_peer_name" => false,
),
);
$use_include_path = false;
$data = file_get_contents( $r, $use_include_path, stream_context_create( $ctx_options) );
if ( strlen( $data ) < 512 || preg_match( '#\berror\b#si', $data ) ) {
usleep( 500000 ); // 0.5 sec // 2000000 is 2 sec
$data = file_get_contents( $r, $use_include_path, stream_context_create( $ctx_options) );
}
// All is good let's store the image
if ( ! empty( $data ) && preg_match( '#PK|PDF|GIF|PNG|JFIF#si', substr( $data, 0, 120 ) ) ) {
if ( ! is_dir( dirname( $local_cached_image_file ) ) ) {
mkdir( dirname( $local_cached_image_file ), 755, 1 );
}
$st = file_put_contents( $local_cached_image_file, $data, LOCK_EX );
if ( $st ) {
$r = $full_cache_url;
}
}
} else {
$r = $full_cache_url;
}
}
if ( ! empty( $r ) ) {
header ("HTTP/1.1 302 Found");
header( "Location: $r" );
} else {
header('HTTP/1.0 404 Not Found', true, 404);
echo "Can't redirect.";
}
exit;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.