I have the following setup. An Elastic Beanstalk Environment with a Load balancer. The web application, installed in the root, is using CodeIgniter. Wordpress is installed in the subdirectory /blog off the root. The CodeIgniter application requires https, but wordpress needs to be http. The load balancer is configured to listen on https and http, the instances behind the load balancer are http.

My first configuration to manage this is a .ebextensions file in the root. This file is deployed with the application to set a .conf to redirect all http traffic to https EXCEPT /blog. That file looks like this

files:
    "/etc/httpd/conf.d/ssl_rewrite.conf":
        mode: "000644"
        owner: root
        group: root
        content: |
            RewriteEngine On
            <If "-n '%{HTTP:X-Forwarded-Proto}' && %{HTTP:X-Forwarded-Proto} != 'https'">
            RewriteCond %{REQUEST_URI} !^/blog/
            RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
            </If>

The next step in the configuration is an .htaccess file in the root. This controls the CI requests. It looks like this:

<FilesMatch "\.(ttf|otf|eot|woff|woff2|svg)$">
  <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
  </IfModule>
</FilesMatch>

RewriteEngine on
RewriteBase /
RewriteCond $1 !^(index\.php|uploads|blog|assets|robots\.txt)
RewriteRule ^(.*)$ /index.php/$1 [L]
Options -Indexes

Finally in the /blog directory containing Wordpress I have this .htaccess

RewriteEngine On
RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]

The CI app works fine, and http requests are sent to https correctly. The /blog root directory itself (i.e. the 'home page' such as http://example.com/blog) also works fine. Even the /blog/subdirectories such as http://example.com/blog/wp-admin/options-general.php work fine. What does not work are permalinks such as http://example.com/blog/my-article (presumably because they are not real files). If I change the permalinks setting to remove the permalinks and allow post urls to look like this http://example.com/blog/?p=123 that also works. Only permalinks do not work.

An additional problem (which should be obvious) is that if anyone tries to access the blog with https directly, they will get a mixed content warning and broken links. So I also need to redirect https://example.com/blog/* back to http.

I am sure this setup is over complicated, and I could remove both .htaccess files and place all my settings in the .ebextensions config file however I am not sure how to do that. I have been piecing together several solutions such as this and this for days and each solution creates another problem.

For anyone going to suggest that Wordpress should be https as well, I am not opposed to that, however I have been down that road for over a week with no good solution that allows me to maintain non-ssl test and development environments that will deploy to AWS properly without messy plugins, files that change in production which I cannot easily port back to test and dev, and host of other https/wordpress problems. The simplest solution seems to be running Wordpress http. I'm also open to another CMS to replace Wordpress. Bottom line is I just want a blog to live under CI on AWS, in https/http, play nice together, and deploy easily.

It should also be noted that in dev and test, everything works fine. The only significant difference between dev and test is the .ebextensions file and the https redirect.

Any help is appreciated.