The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PHP-FPM Interferes With HTTPS mod_rewrite In Subfolder?

Discussion in 'EasyApache' started by linux4me2, Jan 17, 2017.

Tags:
  1. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    149
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I'm running WHM 60 Build 35 and EA4. I have an account that runs WordPress in the web root, and a phpBB3 3.2 forum in a /forum subfolder. Both the WordPress install and the forum are set up to run via HTTPS, and there is a mod_rewrite rule that forces HTTPS in the .htaccess in the root web folder:

    Code:
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    The server is running MPM Event, and that account is running PHP 7.

    I just enabled PHP-FPM a few days ago. Since then, users of the forum began complaining that the "Remember Me" function was no longer working. It turned out the problem was that the mod_rewrite rule that forces HTTPS wasn't working in the forum subfolder with PHP-FPM enabled, so a user could visit the site via HTTP, log in, and the "Remember Me" cookie would be saved via HTTPS; however, when they re-visited the site via HTTP, they weren't "remembered", because the cookie was an HTTPS cookie. The HTTPS redirect still worked in the web root folder for WordPress.

    If I disabled PHP-FPM, forcing HTTPS worked, and I couldn't visit the Forum via HTTP.

    I set up a test in a clean subfolder on another account that had WordPress installed in the web root to make sure that the Forum's own .htaccess wasn't causing the problem. On the test account, forcing HTTPS worked with and without PHP-FPM enabled, which led me to the workaround. The only difference between the test account's .htaccess and the one on the original site was that I had set Strict-Transport-Security on the test account.

    When I added the Strict-Transport-Security setting to the original site and re-enabled PHP-FPM, HTTPS was forced as it should be:

    Code:
    <IfModule mod_headers.c>
      # The following line only allows HTTPS connections for six months. 
      Header set Strict-Transport-Security "max-age=15768000"
    </IfModule>
    
    With the Strict-Transport-Security header set, I haven't been able to connect to the site via HTTP, it correctly redirects all connections to HTTPS. That looks like the workaround.

    I'm posting in case anyone else runs into this, or knows of something I was doing wrong.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look at the affected system? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  3. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    149
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I just tried to reproduce the problem on a test account prior to getting my web host to submit a ticket, but I can't reproduce it. I hate it when that happens. I even went back to the production site and commented out the Strict-Transport-Security setting in .htaccess, then tried to access the Forum via HTTP, and it is redirecting to HTTPS just as it should. I can't think of anything I've changed, or why it's working now when it wouldn't when I posted. I guess you can mark this one solved as-is.
     
Loading...

Share This Page