WordPress Multisite, Domain Mapping, IP Addresses and SSL Certs

I’ve been using EE for a while now. I’ve been able to successfully deploy many variations of WordPress. And while I have my own wish-list for EE, it does what it is supposed to, with such ease and reliability, I now use it exclusively, for all my WordPress websites.

However, I’m having a lot of problems understanding how to use EE, to deploy and manage WordPress Multisite, requiring Domain Mapping, separate dedicated IP Addresses for each domain and SSL Certs on multiple domains.

If anyone can point me to a tutorial on how to make all this work together, I’d greatly appreciate it.

In multisite, all sites supposed to share same IP address. Then you point all mapped domains to that server.

On server side you add domain to wordpress site. We use this plugin -https://wordpress.org/plugins/wordpress-mu-domain-mapping/

SSL is very tricky. Are you open to using Let’s Encrypt for SSL? I will check with team if Let’s Encrypt can solve this problem.

Otherwise you will need to manually write nginx conf files managing each domains SSL parameters.

I’m open to use whoever for SSL, but we are looking for E-SSL.

Most importantly, I’m looking for a process that can be easily replicated.

If I use Let’s Encrypt for SSL, can I use one SSL to cover all of Sub-directory Multisite installation?

Personally, I am using domain mapping and SSL and doing exactly as Rahul suggested: one file (server) per domain my ee site configuration simply looks like:

#server configuration moved to 'conf' folder to use templates
include /var/www/example.com/conf/nginx/*.conf;

Then for each domain, for example, example.net I do:

server {
    listen 80;
    listen 443 ssl spdy;
    server_name www.example.net example.net;
    ssl_certificate /var/www/example.com/conf/certs/example.net.crt;
    ssl_certificate_key /var/www/example.com/conf/certs/private/example.net.key;

    # Uncomment the following line for domain mapping
    server_name_in_redirect off;

    access_log /var/log/nginx/example.com.access.log rt_cache;
    error_log /var/log/nginx/example.com.error.log;

    root /var/www/example.com/htdocs;

    index index.php index.html index.htm;

    # Redirect server error pages to the static page /50x.html
    error_page 500 502 503 504 /50x.html;
            location = /50x.html {
            root /var/www/html;
    }

    include  common/php-hhvm.conf;

    include common/wpcommon.conf;
    include common/locations.conf;
    #include custom server configurations (such as subdirectory installs)
    include /var/www/example.com/conf/nginx/example.net.config*;

}

or similar, according to your desired ee configuration…

Of course, you also have place all the keys and certificates in the ./conf/certs folder, etc.

I hope it helps.

It does help, a little.

I have found and read the instructions at: https://easyengine.io/tutorials/nginx/letsencrypt/

I have a website (example.com) which was installed using:

sudo ee site create example.com --wpsubdir --wpfc

Obviously this is a subdirectory configuration. I wonder if a basic implementation of Let’s Encrypt (as found at: https://easyengine.io/tutorials/nginx/letsencrypt/)will provide SSL to both example.com and all subdirectory sites of example.com (I will not be mapping other domains to this specific example).

I have followed the instructions at: https://easyengine.io/tutorials/nginx/letsencrypt/ and presently have https://bamajr.com & https://www.bamajr.com running on a “Let’s Encrypt” SSL Cert. However, there are three noticeable concerns:

  1. What if I only want certain pages protected with SSL?
  2. What if I want a WordPress Plugin (Say WordPress HTTPS - https://wordpress.org/plugins/wordpress-https/) to manage when SSL is Necessary?
  3. How does one use the same “Let’s Encrypt” SSL Cert to cover the EE Admin found at :22222 (port 22222)?

Answer to question no.3:

You need to add the ssl config settings to this file:

/etc/nginx/sites-available/22222

must look like so:

server {

  listen 22222 default_server ssl spdy;

  access_log   /var/log/nginx/22222.access.log rt_cache;
  error_log    /var/log/nginx/22222.error.log;
  ssl on;
  ssl_certificate /path/to-your/letsencryptcert-for-this-domain.crt;
  ssl_certificate_key /path/to-your/letsencryptprivatekey-for-this-domain.key;

  proxy_ssl_session_reuse off;


  add_header Alternate-Protocol 443:npn-spdy/3;

Make sure to include your ciphers and dhparam.pem definitions as well (have a look in your maindomain configuration file and simply copy the ssl content over to the 22222 sites-available content.

Saskia

How do I make SSL work on the primary domain, but not on subdomain nor subdirectory sites, in the multisite configuration?

This question may be too ambiguous for an answer…

I have installed EE and created a website using:

sudo ee site create example.com --wpsubdom --wpredis --php7

How do I force all subdomains to operate with HTTP only?

How do I force all subdomain site owners to log in at https://example.com only? I don’t want anyone logging in through any subdomain URL.