Set up the wp-config.php file to work with CloudFront.
CF distributions have HTTPS enabled by default for their default domain, something like yadayadayada.cloudfront.net
. We will be configuring our WordPress instance to use HTTP as the origin of our distribution and configure our distribution to terminate SSL/TLS and forward all content requests to your instance using an HTTP connection.
The connection between the client and our CF distribution is encrypted using HTTPS. The connection between our distribution and EC2 instance is un-encrypted using HTTP only. This configuration is known as SSL/TLS termination.
We will configure your distribution’s origin protocol policy to use HTTP only, which is the default.
We will edit the WordPress configuration file on your instance to account for the TLS termination behavior from your distribution. If not, our site visitors will see a 502 error, or your website content might not be formatted correctly.
I always like to start by taking a snapshot of my WordPress instance before getting started. This snapshot will serve as a backup that we can restore to another instance if something goes sideways.
Next, we will need to ssh to our server; if you need the connection string, you can find it by selecting your EC2 instance and clicking on the connect button
> SSH client: under example, you will see a string that looks like this.
ssh -i "~\pathto\mykey.pem" ubuntu@ec2-1-1-1-1.compute-1.amazonaws.com
You can paste that into your terminal window or us with putty.
Now that we are connected to our instance, we need to do the following: enter the following command to create a backup of the wp-config.php
file. This command assumes that path you will need to know your correct path.
sudo cp /var/www/mysite/wordpress/wp-config.php /var/www/mysite/wordpress/wp-config.php.backup
Now that we have a backup of the file let’s make some magic happen. Open wp-config.php
with your favorite editor. I’ll be using vim.
sudo vi /var/www/mysite/wordpress/wp-config.php
Press “I” to enter insert mode and delete the following lines.
define('WP_SITEURL', 'http://' . $_SERVER['HTTP_HOST'] . '/');
define('WP_HOME', 'http://' . $_SERVER['HTTP_HOST'] . '/');
Add the following to the file where we just deleted the other two lines.
define('WP_SITEURL', 'https://' . $_SERVER['HTTP_HOST'] . '/');
define('WP_HOME', 'https://' . $_SERVER['HTTP_HOST'] . '/');
if (isset($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'])
&& $_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
}
Press the ESC key to exit insert mode in Vim, then type :wq!
and press Enter to save your changes and quit Vim.
Now we will restart apache2 with the following command.
sudo apache2ctl restart
If something went wrong, re-connect to your instance. Use the following command to restore the wp-config.php
file with the backup you made when we first started.
sudo cp /var/www/mysite/wordpress/wp-config.php.backup /var/www/mysite/wordpress/wp-config.php