Hard to explain in the subject what's my problem, but it will have sense I promise.
I debug locally with an URL different than localhost (due to azure AD redirect), I have all the HOST configurations in place, everything works fine except for this "Not Secure" warning, that sometimes annoys my UI while calling the BE.
But if I navigate my page by using LOCALHOST:same port, the issue is not present.
What steps should I configure in order to prevent this warning while using an URL? So it works similar to LOCALHOST.
I tried so far to include the certificate in the Personal folder (following several tutorials) but did nothing.
Regards.
Related
Dig, wget, nslookup and curl commands work perfectly for a specific URL I have pointed to another server less than 24 hours ago.
Problem is, it just refuses to be resolved by the browser (Chrome, Safari and Firefox). The strangest part is that it is being successfully resolved by Postman (by testing the OPTIONS and the GET methods separately), but still doesn't return a proper response on the browser side of things.
DNS checks are returning positive, so this is when I started suspecting that the problem is actually within the headers of the HTTP protocol's requests which are sent - alongside the fact that different responses are being returned for the requests that don't include the default browser headers (being issued through the different command-line tools & Postman) and the ones who do (being issued by the browsers automatically or manually using the dev tools).
After fully flushing the current local system's DNS cache, including the browsers's and even trying another device on another network - I still get still no response on the browser.
Kept going, and attempted to verify that with a VPN (locally - which didn't work), and an online web proxy tool (which did work).
Finally, I extracted the router's default DNS server address, used nslookup to look up the URL again, this time specifically mentioning the desired DNS server (the one stated above), and after getting a successful response with the correct values, I am now pretty much sure the HTTP request is causing the problem.
The URL is hosted on Amazon S3 Static Hosting option, which I used many times before, and didn't have a problem with, with that exact same configuration. Looking up the recent changes/features that were possibly added, pointed out that I may need to explicitly set a CORS policy for the newly created bucket, on top of the usual public access policy that is needed.
After applying that as-well - it still doesn't seem to work.
As a quick change in direction that may possibly make some parts clearer about what's going on (and as I started to think that the browser might not be getting the correct Content-Type header in the response, which should be text/html header as its response, and therefore, possibly doesn't resolve the URL with the expected behavior), I went ahead and applied a 301 redirection on the S3 bucket, instead of the static files hosting, and again, it all works perfectly through the command line tools, but not through the browsers.
Anyway, the browser just doesn't seem to complete any of the requests being sent to the URL.
That might be the OPTIONS pre-flight request failing to respond correctly, and the browser just doesn't continue to issuing the GET request, or the URL is not being found by the DNS route the browser is taking, which is unclear to me currently if that is the option.
Any ideas? (besides the fact that sometimes it just takes longer time for some DNS servers that happen to be on the chosen route to update/refresh their cache, which doesn't appear to be affecting my local machine's DNS route specifically for this case. That, being said with caution, was verified by validating the different parts of DNS configuration and prioritization throughout the different possible parts on my system (Mac OS X), including the fact that the response gets back with the correct address successfully).
Found my answer here:
https://serverfault.com/questions/942030/aws-s3-static-hosting-how-to-debug-connection-timeout
As linked there, more details can be found here:
Non-Authoritative-Reason header field [HTTP]
Solution & Explanation: Because of the nature of the domain extension I have purchased (.dev extension) Chrome was silently using HTTPS because of the URL being part of Chrome's HTTP Strict Transport Security (HSTS), because all .dev domains should be using HTTPS only. Therefore, the issue was still showing up, even when explicitly typing http:// into the URL address bar.
This can be overridden by applying a CloudFront distribution with HTTPS support on top of the S3 Static Hosting, as usual (but still, it should be noted as HSTS listings can cause that for different cases, including this one as part of them, because of the .dev domain extension).
Useful Resources (for debugging purposes)
In addition to what is stated here:
https://gist.github.com/stollcri/7c09bafc97223481920e
You can issue a lookup query (and also add or delete your local set of HSTS listings) through the following Chrome's settings URL:
You can also check the current listings here: https://hstspreload.org/
I have a web app and trying to host it on Heroku. I also bought the domain name on name.com. Everything works locally just fine. It also works with URL "app.herokuapp.com." But when I add DNS mapping, enable SSL, and try to go by my link, I have an error that IP is not found. Can anybody say what I did wrong?
UPD: Okay, I did everything one more time, and now it works, but only with HTTP, even though I enabled automatic SSL.
Screenshot:
Thanks a lot. I managed to solve my problem. I don`t know where the issue was, but I just removed all records from DNS in Heroku settings and added it one more time. And added default SSL support. Everything works.
I have created a virtual server say aaa.com but when I access the site (via editing my hosts file on Windows 7, cos I have a live aaa.com running on the Internet), it brings me to my other virtual server's site I have, like bbb.com
Why is that? I don't have any redirection running. Not in my script files (like html or php) and no redirection set under "Server Configurations" -> "Website Redirects" and none at "Services" -> "Click Configure Website" -> "Aliases and Redirects." The only script files I have are fresh new WordPress installation files (under home/aaa/public_html).
How do I fix this?
Mullazman is right (thanks!). I have just had this problem after enabling the SSL on the domain A. Then, all the domains in the same installation were pointing to A.
I fixed it by editing the file located in /etc/apache2/sites-enabled/A.conf and changing the first line:
Wrong line -> <VirtualHost A.B.C.D:80>
Correct line -> <VirtualHost *:80>
Had the same issue. For anyone interested it's because I had at the header of my sites-enables/aaa.com.conf which was picking up all requests and send them to the first host.
Change it to and it started directing traffic to the correct virtual hosts.
It was triggered when I enabled SSL on aaa.com, it for some reason re-wrote the config file to use IP based filtering not domain name
Try to delete browser cache with CTRL+F5,
then try again. If that doesn't help, check virtualhost configuration files -maybe there lies the problem.
The solution I found
I had the same problem ...
And I ended up with a lot of doubts ...
And I searched for a SOLUTION for this case, I hope to help ...
1 - Should the BIND have an external or internal IP in the domain? I use only one IP for all servers, and in BIND all domains are with external IP. (The question is whether it should be external or internal IP).
R = Yes, you must configure the internal IP in Virtualmin, prefer to edit the file. Only in localhost you should have 127.0.0.1
2 - Would NGINX have any configuration? How to remove IP and just put (listen *: 80) instead of (listen 288.218.198.981:80)
R = This configuration was changed but then I had problems with DNS and I returned to use the INTERNAL IP (not the localhost) ... Normally this IP starts as: 10.1xx.xx.xx
But which configuration would work in general?
Restart these steps ...
If you still have an error ...
Back up ... And in Virtualmin settings ...
Edit Virtual Server >> Activate Features >>
Uncheck NGINX, BIND, NGINX SSL.
He will ask for confirmation and click to confirm.
After this process is completed, return to the same option and reschedule ...
This will make it delete the old ones and put a new one.
(This works great for those who changed hosting and has old settings).
If you are importing a backup. Do not select the DNS and NGINX option ...
One tip is to create Virtual Server {your domain / site} First of all ...
And only then only import directories and databases ...
So you will not have problems with DNS and wrong redirects ...
Update
This also occurs when the SSL certificate is not issued correctly.
Folder permissions are incorrect.
Chmod 0755 folders
0644 Files
SOLUTION!!!
Cheap workaround let us say our domain is domain.xyz
Under the BindDNS Master Zone for domain.xyz create a cname record I believe it is listed in webmin as Name Alias and name it 000.domain.xyz
Under apache create a virtual server with the name 000.domain.xyz and make sure it has the same directory as domain.xyz
After this is done you are golden all your websites will come up as they should!
Is it proper well maybe not.
Does it work well like a charm of course otherwise I wouldn't be sharing for some reason the way the severs are listed it defaults to the first on the list well that'll fix that there should be a method of pinning the servers or doing something to prevent such a thing from happening what a pain in the rear I spent a full day dumbfounded thinking what in the world is going on I am losing my touch.
If this helps give a like if its wrong apologies all I know is that it works.
Read the thread.
Many folks claim this is an SSL thing.
Zero people have eluded to the true method of fixing it or the proper directions to do so or if they did I'm too blind to see it.
The guy below me commenting hrmmm... Yeah browser caches for my website didn't exist on my devices I tried them on to verify that was not the problem. But yes this is a typical problem with a lot of things indeed. It is the only reason I have several browsers on my PC actually for that reason. For a while there there were pages that chrome would function with that IE wouldn't or Firefox would best them both. Not to mention cache is always a pita its always usually one of my steps in troubleshooting any issues with web pages. I'll even try openDNS or other DNS servers.
But holy cats I can't believe how fast DNS just updates once you got things set it makes me wonder if there is a lot of fudge in propigation when you purchase hosting being "24 -48 hours" I think there is a lot of fudge in those numbers after my experiences trying to figure out what was causing the issue here. Some servers struggle yes but for the most part it was pretty instant for me.
In my case it happened after creating SSL certificate, I forgot to do:
Edit Virtual Server -> Enable Apache SSL Website
I'm trying to setup a Shipyard server (controller) at work, but I've run into an issue. The server is up and running, which I can confirm with curl just fine. And we've configured Apache httpd to do forwarding, as we intend for the machine running Shipyard to not be directly accessible. So basically we setup a rule for Apache that incoming requests to /shipyard map to :8080/ which is where it's being served from. So the problem is that I need a way to tell Shipyard to remap "/" to "/shipyard". When I try to go to the Shipyard homepage, nothing on the page loads correctly. For example, Shipyard tried to load some js files:
/app/images/images.module.js
But to work with our forwarding, it needs to try to load:
/shipyard/app/images/images.module.js
With the kinds of servers I'm used to working with, this would normally be done by specifying a "context" or "base path" in your server config for it to serve from. I'm wondering how to do something similar for Shipyard?
It turns out there is already a github issue for this exact scenario:
https://github.com/shipyard/shipyard/issues/972
I'm trying to use Liferay for http and https
if I include in portal-ext.properties:
company.security.auth.requires.https=true
web.server.protocol=https
Will be working ok with https but in http is showing incorrect themes due is trying to load https://domain.com/theme
If I remove this two lines is working ok for http but not for https.
What can I do?
IMHO mixed mode, e.g. offering http as well as https never gives you what you expect: You expect security from https, but you always risk leaking session information, e.g. being vulnerable to session-hijacking attacks (ala Firesheep). My actual advice would be to go https only if you do https for security. Read on if that's not an option for you, but don't complain when you find information leaking (this is not dependent on Liferay, but for any web-based environment)
What is the exact problem that you have with the themes? (images/css through http?) Which version of Liferay are you using?
Before you specify more, you might want to configure your theme's "virtual path", this will rewrite all the URLs referring to your theme. It's typically used to serve static resources through a webserver or cdn, but it works with any kind of URL. Simply using a protocol-relative URL should work (I love this mostly unknown http feature):
Add this to your theme's liferay-look-and-feel.xml:
<look-and-feel>
<theme id="my" name="My Theme">
<virtual-path>//domain.com/myTheme</virtual-path>
</theme>
</look-and-feel>
note that the URL omits the protocol part, http: or https:, thus the browser will use the same protocol that the whole page is loaded with.
Edit: corrected the xml. Will investigate if there's a problem with protocol-relative URLs in themes.
Edit 2: Something is weird. It seems, virtual-path does not work like this, but I recall it did earlier. Do you add domain.com as cdn.host.http or cdn.host.https? (this would be concatenated)
On related stuff, please check if you're running Apache in front of your appserver. In this case you might forward some traffic for the portal (e.g. in the virtual host for http) but not forward the traffic in the https virtual host.