First of all, my thanks to this community for helping me solve many, many issues over the years. In fact, I have never needed to post a new question - I was always able to find an answer (eventually).
Not so this time. I am a moderately experienced hobby developer, self-hosting a small set of sites on my Mac Mini (Apache 2.4, PHP 8.0, MySQL 5.6). I built a reasonably complex site (www.fundas.us/manhattanzen) and everything was working perfectly.
I then decided to add SSL encryption to my server (certificate purchased from ssl.com) and installed it with no issues. Checking the SSL configuration via "SSL Checker" and Whynopadlock.com confirms that the certificate is properly installed. The only "warning" I get is that I only have TLSv1 enabled on the server. This despite the fact that my httpd-ssl.conf file says "SSLProtocol -all SSLv3". I mention this in case it is the cause of my troubles.
The issue I am experiencing is that the SSL encrypted site works perfectly using Firefox and Chrome on the Mac Mini (Mojave), but fails using Safari on the same Mac and fails using any of the browsers on my iPad or iPhone. Safari's web console shows "Failed to load resource: The network connection was lost." and the server log shows "child pid XXXXX exit signal Segmentation fault (11)".
The resources that fail to load are some (but not all) of the css and js resources that reside on the local (Mac Mini) server. All other resources (residing on external servers) load fine.
I have tried a number of suggestions found on Stack Overflow, including
changing file permissions to 777 on the offending resources (js, css files)
setting KeepAlive to Off in httpd-default.conf
minifying offending resource files
increasing SSLSessionCache in httpd-ssl.conf
None of it has made any difference. I should also point out that I have configured .htaccess in the root folder of my site to force all incoming connections to https://
This seems like the last hurdle to make this website fully encrypted and fully functional and I am thoroughly stuck. I will appreciate any pointers you have for me. Many thanks.
Was able to figure this out and wanted to answer my own question, in case it helps anybody else.
First, the strange test results from SSL validation sites that my server was not TLSv1.2 ready. I fixed this by changing the SSLProtocol line in httpd-ssl.conf to explicitly only permit TLSv1.2 ("SSLProtocol all -SSLv3" --> "SSLProtocol TLSv1.2")
Second, the odd behavior of Safari (on both desktop and mobile) occasionally hanging unable to load a page (while other browsers had no issues). I found the solution to this at https://serverfault.com/questions/937253/https-doesnt-work-with-safari. Making the recommended change to httpd-ssl.conf and adding the line "Header unset Upgrade" solved the Safari issue.
Related
I have a meteor webapp that has been around for a few years. It hasn't been updated particularly often and thus the version is little bit old (Meteor 1.6.1.4), however it runs locally without an issue and I currently have a version of it it deployed without issue on a Digital Ocean droplet with Mongo on AtlasDB and the DNS on Cloudflare.
However I've been running into an issue deploying updates with the Meteor Up (MUP) tool. On my production server when I run mup deploy with my latest code the deployment works and validates successfully, however the live site now loops on page load. The page completes the load (including a call to Stripe API front end library) and the images load and as soon as that has happened the same page is loaded again over and over. This happens on each page of the webapp. There are no errors logged in the console.
I'm almost sure this isn't a codebase issue as I have a staging version of this same app running on an identical spec droplet which I can deploy to without issue. The only difference between the production and staging is that the staging uses a LetsEncrypt cert generated by MUP and production uses a Cloudflare issued cert. I can't remember exactly the reason for this as it was the outcome of my last round of troubleshooting, which did result in a successful deployment. The LetsEncrypt configuration with MUP seemed to be problematic when I last set everything up. Either way there is no obvious good reason why this error should occur.
So I think that the issue is most likely something to do with Cloudflare, however I don't have many clues as to what. I've tried clearing the full cache after deploying. I cannot disable the Cloudflare proxy as I get unsecure error.
For my next steps I'm thinking of setting up another staging droplet but with Cloudflare in front in the same way, to see if I can get a non-critical replicable version of the same error. From there I'm not sure what I would do to debug and fix. I was also wondering if configuring a load balancer for this webapp might be smart at this moment, though if in an SSL passthrough I wonder if it would not solve the underlying issue. This would also not necessarily be answering this question but rather just avoiding it. I'm also considering trying to update the version of the Meteor app as far as I can to see if there is any chance that codebase is part of the issue.
Any suggestions?
I was working on a website on my local computer (mac OS High Sierra) and had put some redirects in the websites .htaccess file (in order to get images from the remote server instead of downloading them). After this it seemed that I could no longer access the website from my Chrome browser. Chrome would answer to any URL leading to the remote server with ERR_CONNECTION_REFUSED.
I tried other browsers on my computer such as Firefox, Chrome Canary, Chromium and Opera. None of them could provide a connection.
Next I checked with a different internet access via TOR-Browser on the same computer whether I could access the website, and it worked.
Next I checked via Terminal whether I could connect to the remote server with ping, nslookup and traceroute. All connecting to the server as expected.
I googled up possible solutions to this problem but could not find one so far. I had read that resetting the DNS cache could help and tried sudo killall -HUP mDNSResponder but it did not.
I did not edit the /etc/hosts file; a restart of the computer did not help; a reset of the .htaccess to the previous state did not help; resetting the caches in the browsers did not help.
How can I access the remote website from my browsers normally again?
EDIT1: Related question: Failed to load resource: net::ERR_CONNECTION_REFUSED for only selective images from instagram API
EDIT2: After about one day I was able to access the remote website again with no further incidents of ERR_CONNECTION_REFUSED even after putting the redirects into the .htaccess file. So it seems to me of being some sort of caching on my computer which prevents the browsers from accessing the remote website. However I have no clue what caused the error message in the first place and what kind of cache it might be.
Shortly after EDIT2 when I was able to access the remote website again, the ERR_CONNECTION_REFUSED appeared again - this time I tested another device with the same internet connection and I had encountered the connection error too. Now I believe it has something to do with the router and/or it's firewall - not the ISP since I could connect to the remote website with shell commands (named above). The image requests to the remote website seem to cause the router to block further access from browsers, probably as a security measure similar to the situation in this article https://www.cnet.com/forums/discussions/can-t-access-a-specific-website-going-thru-my-router-274637/
I'm setting up Apache on Centos the way I have done in the past, but for some reason mod_spdy is not running. I'm following the instructions here:
https://developers.google.com/speed/spdy/mod_spdy/
When I run rpm -U mod-spdy-beta_current_x86_64.rpm I get this message:
warning: mod-spdy-beta_current_x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 7fac5991: NOKEY
package mod-spdy-beta-0.9.4.3-420.x86_64 is already installed
If I open chrome://net-internals/#spdy and my site in another tab, it doesn't show my site. If I look in the network panel, I don't see the x-mod-spdy header.
Update: If I use Firefox firebug, I see the x-mod-spdy header. I don't see my site in Chrome spdy sessions, but I see other sites in it.
What could I be doing wrong?
Ok it seems the issue is that Chrome 40.x dropped support for SPDY/3 and only supports SPDY/3.1, but the mod_spdy module for Apache only supports SPDY/3, so basically no SPDY for Chrome users if you use Apache as a web server.
mod_spdy is currently in a bad state where either Google nor Apache is maintaining it after Google donated it to the Asf. Google recently made the statement that they will drop the SPDY support from Chrome in early 2016, but what they forgot to say that they started dropping older versions of SPDY already (including SPDY/3) (I like these partially true statements by the way), so basically if you are on Apache then for your Chrome users you can't provide SPDY short of implementing SPDY/3.1 yourself.
So, how was that "do no evil"? :-)
See details: https://groups.google.com/forum/#!topic/mod-spdy-discuss/FPEj0zG5I0Y
and https://code.google.com/p/mod-spdy/issues/detail?id=100&colspec=ID%20Type%20Status%20Priority%20Owner%20Summary%20Stars
One option you might consider is switching to Nginx and using SPDY/3.1 over there.
I just installed Windows 8, and I'm having a hard time running Apache on it.
After a couple of adjustments on httpd.conf file (changing ports because of WWAHost.exe and allowing ::1 due to IPv6) I finally got it running (installed with EasyPHP), but when I open some local site on Internet Explorer 10, Apache stops responding and keep trying to load the page forever.
I think it has to do with Internet Explorer 10, because on other browsers work fine before loading any local site on Internet Explorer. After that I have to restart Apache to work again and not use Internet Explorer 10 any more in order to keep it running.
Did you have the same problem?
I had a similar problem and managed to fix it with the following solution. See IE freezes when requesting an EasyPHP/Apache hosted page.
As I already had a modern Apache, I just added:
AcceptFilter https none
AcceptFilter http none
EnableSendfile Off
EnableMMAP off
before loadmodules section. This worked like a charm.
My configuration was: Apache 2.4.4 and Internet Explorer 10
I had the same problem running Apache 2.4.2 (EasyPHP 12) with Internet Explorer 10 on Windows 7, although think I've found a solution on astutelogic.com that seems to work... At least, upgrading Apache to 2.4.4 using those instructions worked for me.
I downloaded the Apache binaries from Apache Lounge, then after the extracting/renaming steps, I copied my current 'php.ini' and 'httpd.conf' files across to the new folder and added the additional lines to my 'httpd.conf' file as instructed.
As per the linked page, a note on development servers vs live servers:
As far as I can see, the AcceptFilter directive only really works on FreeBSD and Linux (to a lesser extent) so there isn’t any benefit from having them on Windows. I could be wrong though… In any case, its only a development environment so a few milliseconds slower shouldn’t be a problem.
Update
Just noticed EasyPHP 13.1 has been released, which comes with Apache 2.4.4. If you haven't already tried the steps I linked to above (or simply updated EasyPHP), I'd recommend you just download the updated stack.
I have been attempting to fix the same issue on Internet Explorer 10 on Windows 7 and have found that using compatibility mode alleviated most of the delays using localhost sites.
I know it isn't exactly a solution, but I also experienced these issues on Windows 8 and tried the common fixes to no avail.
It might be something with ThreadsPerChild.
Check error.log and httpf.conf:
# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf
I had the same problem in Internet Explorer 10, but now I can't seem to reproduce it. Normally I use Firefox, and there is no problem. It seems I got this problem after updating to Apache 2.4.
I'm hosting my website www.xgclan.com with the latest apache 2.4.1 and sometimes my server gets jammed, it doesn't seem to send any data but you don't get a timeout like when the Apache process isn't running.
A reboot of the process resolves this issue.
It seems to happen when you open the website in multiple browsers on the same system.
I've tested it on 2 different systems to make sure its not a bandwith or cpu problem.
Putting this without the quotes "AcceptFilter http none" in the httpd.conf fixed the issue for me.
I found the solution here: http://www.apachelounge.com/viewtopic.php?t=4543&postdays=0&postorder=asc&start=20