Redirect Loop / wp-login.php w/out error msg on newly installed roots/bedrock in Apache2

micattack · May 2, 2014, 10:01am

Hi All!

I just installed roots/bedrock and cannot seem to not even get a login error message on this new install.

I verified the following:

Password Hash/MD5 - I tried a new install with a simpler/short password without special chars
Looked throu access.log and error.log for anything out of the ordinary
verified that home and siteurl entries in wp_options table are correct (point to /wp/)
tried different browser and incoknito mode (no chrome plugins)

This is where the login-form resides http://www.naturentdecker.at/wp/wp-login.php
I include some debugging output (the _SERVER[‘REQUEST_METHOD’])

Interesting enough, when you press Login you get a 301 redirect to wp-admin, but it doesn’t seem to show up in the logs. This is what Chrome Debugger shows:

Remote Address:216.239.34.21:80
Request URL:http://naturentdecker.at/wp/wp-login.php
Request Method:POST
Status Code:301 Moved Permanently
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-GB,en;q=0.8,en-US;q=0.6,de;q=0.4,sv;q=0.2
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:138
Content-Type:application/x-www-form-urlencoded
Host:naturentdecker.at
Origin:http://www.naturentdecker.at
Referer:http://www.naturentdecker.at/wp/wp-login.php
User-Agent:Mozilla/5.0 
Form Dataview sourceview URL encoded
log:dsajkl
pwd:hdjkashdkjsa
rememberme:forever
wp-submit:Log In
redirect_to:http://naturentdecker.at/wp/wp-admin/
testcookie:1
Response Headersview source
Alternate-Protocol:80:quic
Content-Length:241
Content-Type:text/html; charset=UTF-8
Date:Fri, 02 May 2014 09:49:31 GMT
Location:http://www.naturentdecker.at/wp/wp-login.php
Server:ghs
X-Frame-Options:SAMEORIGIN
X-XSS-Protection:1; mode=block

My guess to what’s wrong

There needs to be some special dir options for the /var/www/naturentdecker/web root in the apache config?
Some security plugin that is installed as default interferes with the empty DB on fresh installs?
My Apache is somehow broken?

Why don’t I get at least a login error message (wrong password)?

Can anyone help me debug this, so I can get bedrock running?

Thanks

swalkinshaw · May 2, 2014, 1:19pm

Could you post your Apache conf for that virtual host? And .htaccess as well.

micattack · May 2, 2014, 4:04pm

This is the apache config part in virtual hosts. nothing fancy.

<VirtualHost 216.144.241.26:80>
   ServerName  naturentdecker.at
   ServerAlias www.naturentdecker.at
   ServerAdmin webmaster@localhost

    DocumentRoot /var/www/naturentdecker/web


    ErrorLog /var/log/apache2/naturentdecker-error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    #LogLevel warn
    LogLevel debug

    CustomLog /var/log/apache2/naturentdecker.log combined

 </VirtualHost>

There is no .htaccess generated so far.

I did some more testing

created a new directory and downloaded latest Wordpress to ./wp/ Directory
Used same DB with the existing tables (from the bedrock install)

=> Same problems. Logging at the apache logs in debug details I think that the form never gets POSTed

Drop all tables and re-run wp in-Browser installer
Suddenly wp-login.php works - apache.log:

[02/May/2014:19:47:56 +0200] “POST /wp/wp-login.php HTTP/1.1” 302 1118 “http://www.naturentdecker.at/wp/wp-login.php” “Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36”
Now reused the bedrock dir/installation with this DB
Suddenly http://www.naturentdecker.at/wp/wp-login.php only produces GET requests (as far as I can tell)

##DOMAIN Trouble? ##
Here are the two entries out of wp_options table, which seem to make the same problems I get, but for wp mu (multisite) users:

mysql> select * from wp_options where option_name = "siteurl" or option_name = "home";

+-----------+-------------+-----------------------------+----------+
| option_id | option_name | option_value                | autoload |
+-----------+-------------+-----------------------------+----------+
|        35 | home        | http://naturentdecker.at/wp | yes      |
|         3 | siteurl     | http://naturentdecker.at/wp | yes      |
+-----------+-------------+-----------------------------+----------+
2 rows in set (0.00 sec)

They are the same regardless if you install wp from the wordpress.org/latest.tar.gz or through composer/bedrock

And now for the killer argument for my domain trouble thesis:

I also got a funny redirect loop between the APEX Domain and the www. domain name when accessing http://www.naturentdecker.at without a path

But even on wp-login.php when debugging in Chrome I get the following request which (of course) get’s answered by a 301 by the server (and hence fails?

Remote Address:216.239.34.21:80
Request URL:http://naturentdecker.at/wp/wp-login.php
Request Method:POST
Status Code:301 Moved Permanently
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-GB,en;q=0.8,en-US;q=0.6,de;q=0.4,sv;q=0.2
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:134
Content-Type:application/x-www-form-urlencoded
Host:naturentdecker.at
Origin:http://www.naturentdecker.at
Referer:http://www.naturentdecker.at/wp/wp-login.php
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36
Form Dataview sourceview URL encoded
log:neadmin
pwd:neadmin
rememberme:forever
wp-submit:Log In
redirect_to:http://naturentdecker.at/wp/wp-admin/
testcookie:1
Response Headersview source
Alternate-Protocol:80:quic
Content-Length:241
Content-Type:text/html; charset=UTF-8
Date:Fri, 02 May 2014 16:19:13 GMT
Location:http://www.naturentdecker.at/wp/wp-login.php
Server:ghs
X-Frame-Options:SAMEORIGIN
X-XSS-Protection:1; mode=block

The action in the html of wp-login.php is

action="http://naturentdecker.at/wp/wp-login.php

This seems to get generated at line 866 of wp-login.php

<form name="loginform" id="loginform" action="<?php echo esc_url( site_url( 'wp-login.php', 'login_post' ) ); ?>" method="post">

And that is where the error happens site_url uses get_site_url, and for some reason this returns

http://naturentdecker.at/wp

But why?

Regards
Leo

swalkinshaw · May 2, 2014, 7:11pm

Yeah, that’s the problem. home shouldn’t have /wp. siteurl should.

Are you using a .env file to set the constants? If so, what did you set WP_HOME and WP_SITEURL as?

micattack · May 3, 2014, 6:13am

Thanks @swalkinshaw I solved it!

I did use the APEX Domain when creating the .env (so no leading www.). Since I use a third party rediretor for theat the POST to the naked domain name never lands on my server directly.
Of course, simply adding www. in front of the URLs in the .env solved all my troubles.

It also explaines, why I never saw anything in the apache.log (as the request never even came to that server)