I have an HTTPS-based site that loads CSS via HTML just fine, but not via HTTPS.
http://site/foo.css
... loads the asset fine. But...
https://site/foo.css
Does not. I get an Apache 502 error. The Apache access log shows:
[07/Nov/2018:10:17:20 -0800] "GET /foo.css HTTP/1.0" 200 95568 "-" ...
That tells me that it's trying to load my foo.css as HTTP even though I specified HTTPS. Also note that while my browser gives a 502 error, I get a 200 response in the logs.
Seems like some sort of HTTPS misconfiguration but I'm not sure what. Help?
Use
//site/foo.css
instead of adding protocol when linking your css.
link everything with https as secure sites does not support mixed content.
Related
On apache access log, I find out that https return bigger size than http
210.10.0.156 - - [29/Apr/2019:12:22:46 +0800] "GET /robots.txt HTTP/1.1" 200 5837 "-" "curl/7.52.1"
If you can see it is 5837 bytes where is for http less than 1000 bytes
my robots.txt content is only
User-agent: *
Disallow: /
Is this a normal things?
When i tried to do same thing on other server with cpanel installed, the size is much more lower, im not sure what configuration i missed, any advise?
Yes, this is perfectly normal.
Your website may not be configured for HTTP, which will redirect people to HTTPS with a 301 or 302 rule, meaning all they see when they access your site through HTTP is a redirect page, which is usually smaller than the regular webpage which they were expecting.
You can go to your website with http:// or https:// at the start of the URL and see if it looks any different.
I'm using an app (MediaCP) that thinks both HTTP and HTTPS can coexist on the same port. I cannot modify the code since it uses IonCube and some other shenanigans, but I could edit the JS player, or add files if needed. Since it's minified it's hard to know where to look for, I'm attaching it if you want to take a look at it: https://pastebin.com/DiCnMq32
The thing is that when I request a .js file while being on an HTTP page, it tries to load the content using HTTP, probably because it uses /// as a request protocol...
If entering https://mywebsite.com, then the jwplayer.js file loads https://example.com:2000/jwplayer.flash.swf and works just fine
If entering http://mywebsite.com, then the jwplayer.js file tries to load http://example.com:2000/jwplayer.flash.swf and it fails with a 400 error since the server obviously expected an HTTPS handshake. It doesn't matter that jwplayer.js was loaded using https.
I've been using ErrorDocument 400 to redirect these requests to HTTPS but the REQUEST_URI is lost on the process...
ErrorDocument 400 https://example.com:2000
This work just fine for users trying to login, but when entering http://example.com:2000/jwplayer.flash.swf it will always redirect to https://example.com:2000 and the JS code won't work.
I cannot use the REDIRECT_ server variables, because of the https:// prefix, that makes Apache think that the redirect is going to a remote server and by default it won't sent those headers.
I cannot remove the https://example.com:2000 prefix to use a local php / cgi file since it causes an infinite loop (oh, https is wrong lets try to load the 400 error page, oh https is wrong, lets...). Perhaps using a ScriptAlias would override the HTTPS check? I haven't got any luck with it but I'll try if you think it will make it work.
I've also tried to add %{REQUEST_URI} to the ErrorDocument line but it seems the variable is always empty.
Any ideas?
PS: I´m using Apache 2.4.25 on CentOS 7
Try to reference the JavaScript files as src="//url/somfolder/somefile.js" in the tags, it should use the current ref prefix http: or https: without specifically calling it out. Example:
<script src="//example.com/script.js"></script>
Note CSS can be referenced in a similar fashion:
<link rel="stylesheet" href="//example.com/style.css">
I have site using cloudflare.com's free plan as reverse proxy.
I had one script which took more than 60 seconds to execute , and server threw 504 Gateway time-out , but i didnt get my web servers page, instead i got the custom page setup by cloudflare,
I have double checked and my Smart-errors application in cloudflare is turned OFF , so why cloudflare is still giving their custom made page ?
How can i switch off cloudflare's all custom pages and just use as reverse proxy.?
So my question is how can i turn off all the custom error pages from cloudflare ?
I am using nginx latest server on cent os 7. 64 bit.
with php-fpm latest.
update :
This is what i got , when i go the 504 error.
Error 504 Ray ID: 1fb6a3feef7c17c8 • 2015-06-24 07:16:17 UTC
Gateway time-out
You
Browser
Working
Singapore
CloudFlare
Working
mydomain.com
Host
Error
What happened?
The web server reported a gateway time-out error.
What can I do?
Please try again in a few minutes.
CloudFlare Ray ID: 1fb6a3feef7c17c8 • Your IP: myip • Performance & security by CloudFlare
Update : as suggested by damoncloudflare, i would like to add more details.,
its a dedicated server, with linux cent os 7, 64 bit , latest nginx , php-fpm,
in nginx conf i have already specified how to handle 504 errors by
error_page 500 502 503 504 /50x.html;
How to replicate it .
code
<?php
http_response_code(504);
?>
or
<?php
sleep(61);
echo 'i am done sleeping';
?>
where 61 is more than max_execution_time which is 60
More details , as why originally this happened.
i was downloading huge file and the download took more than 60 seconds which is max_execution_time set in php.ini file.
So i received the cloudflare error.,
i would like to add there is nothing wrong with my server.
i have one more query , will i be able to disable cloudlfare 504 error and show my web servers custom page, if i upgrade from free to pro ?
update 2
i guess , now i understand the issue .,
Error 504
Gateway time-out
is triggered when server is not reachable and thats where cloudflare shows their page,
obviously if server not reachable then , its not possible for server to show 504 page.
thanks for your reply.
You need a premium Cloudflare plan to customize error pages for certain response codes. From the Cloudflare dashboard (domain name > Custom Pages tab):
500 Class Errors [...] Upgrade to Pro [...] Once you publish your custom page, Cloudflare will use your customized page instead of serving our standard 500 Class Errors page to your visitors on 502, 504, and 52x errors.
Even if NGINX sends your error page to Cloudflare, Cloudflare will see the 5xx response code being sent back along with your error page and will respond with their error page instead of yours.
There exists a workaround. From the NGINX documentation on the error_page directive:
Furthermore, it is possible to change the response code to another using the “=response” syntax, for example:
error_page 404 =200 /empty.gif;
In NGINX, before responding to Cloudflare we map the 'offending' 5xx error to a different response code. That is, instead of sending the offending 5xx response code along with our error page we change the response code to one for which Cloudflare will not override our pages. It is a good idea to map the offending 5xx error to another 5xx class error (500). Although less information is conveyed, this preserves the general meaning of the 5xx class error.
error_page 500 503 /50x.html;
error_page 502 504 =500 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
internal;
}
I should add - if you are getting your error page for the 504 error, then NGINX is being reached. This error would then mean, in the reverse proxy context, that NGINX passed the request on successfully but the upstream service (web server) took too long to respond.
A 504 or 502 Gateway error is actually indicative of an issue with your back end server & I would recommend contacting your hosting provider/checking your server logs.
"So my question is how can i turn off all the custom error pages from cloudflare ?"
Customers on a paid plan (Pro or above) can customize error pages.
"I have double checked and my Smart-errors application in cloudflare is turned OFF , so why cloudflare is still giving their custom made page ?"
SmartErrors is an entirely different feature. It is designed to only trigger when we get a 404 on a URL on your site.
Morning
I have a domain, www.example.com, which is a Contao 3.1.3 CMS website on Linux Apache.
I have just purchased and installed SSL certificate for the domain.
When I go to https://www.example.com (or https://example.com) all works fine.
when I try one of the other pages on the domain, http://www.example.com/folder/page.html all is fine, but with https://www.example.com/folder/page.html
, I get an error:
The requested URL /folder/page.html was not found on this server.
This does not happen with pages in the admin area, which all appear fine via https
Console log shows:
Failed to load resource: the server responded with a status of 404 (Not Found)
What is the solution to make all pages appear ok under https
I tried this: https://community.contao.org/de/showthread.php?43595-SSL-und-Contao
but it didn't help
I also checked https://www.sslshopper.com/ssl-checker.htm to see if the error is with the ssl certificate, but no problems found there.
Jez D
Problem cannot be on the SSL. From your explanation I would suggest you play around with disabling folder urls and url rewrite in the settings. Then make sure the page exists. I am sure from here you will be able trace down the problem.
Make sure also in the root page, the 'domain' field is on https if its set.
You can restore your folder and url rewrite settings when all is well
The issue was actually with the directives on the virtual server.
I'm having a problem implementing custom 404 error pages. my setup is a front-end apache 2.2.6 proxy request other than static file to the backend app server(apache 1.3.36)
i send 404 header back along with error page when user request a non-existing page to the backend server. I do get the error page back but somehow the backend apache server injects its own 404 not found page in the error page as well.
here is what injected to the not found page by apache:
Not Found
The requested URL /product/8jd4776 was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.36 Server at www.example.com Port 8888
any idea why this is happening?
set "ProxyErrorOverride On" with ErrorDocument in the front-end apache server solve the problem.
The content length of your custom 404 message must be 512 bytes or more.