Page 2 of 3

Re: HTTPS Howto?

Posted: 03 May 2013, 20:35
by graymattr
Thanks for the suggestions, everyone. I'll keep poking away at it. It's odd that I am seeing stuff like this only when I hit the site over 443. These errors look to me to be directory/file issues, but my eye is very much untrained. If I use the site on port 80, I rarely see any errors. I also can trigger this every time by trying to load preferences. If I dont navigate to them, I can use the site without much issue. =/

Code: Select all

[Fri May 03 20:28:05 2013] [notice] child pid 11954 exit signal Segmentation fault (11)
[Fri May 03 20:28:05 2013] [notice] child pid 11956 exit signal Segmentation fault (11)
[Fri May 03 20:28:17 2013] [error] [client x.x.x.x] PHP Warning:  require_once(functions.php): failed to open stream: No such file or directory in /home/user/public_html/mysite.com/backend.php on line 41, referer: https://www.mysite.com/prefs.php
[Fri May 03 20:28:17 2013] [error] [client x.x.x.x] PHP Fatal error:  require_once(): Failed opening required 'functions.php' (include_path='.:/usr/share/php:/usr/share/pear') in /home/user/public_html/mysite.com/backend.php on line 41, referer: https://www.mysite.com/prefs.php
[Fri May 03 20:28:17 2013] [error] [client x.x.x.x] PHP Fatal error:  Cannot redeclare session_get_schema_version() (previously declared in /home/user/public_html/mysite.com/include/sessions.php:24) in /home/user/public_html/mysite.com/include/sessions.php on line 35, referer: https://www.mysite.com/prefs.php
[Fri May 03 20:28:17 2013] [notice] child pid 11955 exit signal Segmentation fault (11)
[Fri May 03 20:28:17 2013] [error] [client x.x.x.x] PHP Warning:  require_once(functions.php): failed to open stream: No such file or directory in /home/user/public_html/mysite.com/backend.php on line 41, referer: https://www.mysite.com/prefs.php
[Fri May 03 20:28:17 2013] [error] [client x.x.x.x] PHP Fatal error:  require_once(): Failed opening required 'functions.php' (include_path='.:/usr/share/php:/usr/share/pear') in /home/user/public_html/mysite.com/backend.php on line 41, referer: https://www.mysite.com/prefs.php
[Fri May 03 20:28:18 2013] [error] [client x.x.x.x] PHP Warning:  require_once(): A session is active. You cannot change the session module's ini settings at this time in /home/user/public_html/mysite.com/include/functions.php on line 2877, referer: https://www.mysite.com/prefs.php
[Fri May 03 20:28:18 2013] [error] [client x.x.x.x] PHP Warning:  require_once(db.php): failed to open stream: No such file or directory in /home/user/public_html/mysite.com/backend.php on line 43, referer: https://www.mysite.com/prefs.php
[Fri May 03 20:28:18 2013] [error] [client x.x.x.x] PHP Fatal error:  require_once(): Failed opening required 'db.php' (include_path='.:/usr/share/php:/usr/share/pear') in /home/user/public_html/mysite.com/backend.php on line 43, referer: https://www.mysite.com/prefs.php


In the meantime, I changed my php memory setting to 256, which does not seem to have fixed the issue. I'll keep digging.

Anyhow, thanks again!

Re: HTTPS Howto?

Posted: 03 May 2013, 22:03
by gbcox
Do you have your ownership and access privs set properly? I believe I posted a link to a howto for Fedora. I would recommend you look it up and use the suggested defaults. You are pointing to /home/user/ typically for apache/nginx most often stuff resides at /var/www/html/ and the owner is apache:apache - in addition all my files in that directory are set to 777 (which probably shouldn't be the case btw...)

Re: HTTPS Howto?

Posted: 03 May 2013, 22:28
by graymattr
For security purposes, I try to keep all the web files in a user directory, rather than in /var/. Point taken on the permissions; I'll take a look. I previously didn't look into this because it all works unless I am on port 443, which is the odd part.

Thanks.

Re: HTTPS Howto?

Posted: 04 May 2013, 01:53
by graymattr
I got it fixed (!!!). It turns out that an incomplete configuration of SPDY was to blame (Doh!). I had neglected to make the switch from mod_php5 to fcgid_module, which was causing the errors. Once I did this, all is working as expected. Sorry for all of the noise, hopefully this saves the next guy/gal from the same mistake. Here's the page that has the walkthrough for fixing this:

https://developers.google.com/speed/spdy/mod_spdy/php

Thanks to all of the helpful folks who jumped in to try to help out, I appreciate it! Cheers!

Re: HTTPS Howto?

Posted: 04 May 2013, 03:51
by sleeper_service
graymattr wrote:I got it fixed (!!!). It turns out that an incomplete configuration of SPDY was to blame (Doh!).


funny, SPDY was the cause of another "your damn ttrss crap is broken" thread just a few days ago.

at least you weren't as adamant that it was ttrss that was broken ;)

turned out to be the same mod_php problem then, too.

Re: HTTPS Howto?

Posted: 04 May 2013, 04:11
by gbcox
SPDY will be enabled by default on Nginx 1.4.0 when it arrives in Fedora 19 - scheduled for July.

Re: HTTPS Howto?

Posted: 04 May 2013, 04:28
by sleeper_service
gbcox wrote:SPDY will be enabled by default on Nginx 1.4.0 when it arrives in Fedora 19 - scheduled for July.


well, hopefully, it'll be configured properly, so people won't keep blaming ttrss when it's their misconfigured servers.

Re: HTTPS Howto?

Posted: 04 May 2013, 04:53
by gbcox
sleeper_service wrote:well, hopefully, it'll be configured properly, so people won't keep blaming ttrss when it's their misconfigured servers.


ROFL... well, everybody has to start somewhere - many folks haven't done anything like this before. I'm trying to do my part by staying ahead of the curve - testing things out and writing how-to postings and updating my blog. I built the nginx rpm for F18 tonight from the F19 source and it was as easy as: yum upgrade nginx
I've also upgraded to mariadb from mysql since that is going to be the default in F19. It is a drop-in replacement and the commands are the same. No issues there either. I posted an article for those running F18 on how to do it if they wanted to implement before F19 and avoid the conversion process at that time.

Here is some good advice for everybody:
Image

Re: HTTPS Howto?

Posted: 04 May 2013, 05:05
by graymattr
sleeper_service wrote:
graymattr wrote:I got it fixed (!!!). It turns out that an incomplete configuration of SPDY was to blame (Doh!).


funny, SPDY was the cause of another "your damn ttrss crap is broken" thread just a few days ago.

at least you weren't as adamant that it was ttrss that was broken ;)

turned out to be the same mod_php problem then, too.


Welp, I sure wish I had seen that, or if I did, connected the dots sooner. :P

Re: HTTPS Howto?

Posted: 04 May 2013, 05:37
by gbcox
Don't know which browser you're using, but Firefox and Chrome both have a plugin which shows a green lightning bolt when SPDY is enabled. It's kinda cool for testing purposes...

For Firefox:
https://addons.mozilla.org/en-US/firefo ... indicator/
For Chrome:
http://www.devthought.com/2012/03/10/ch ... indicator/

Re: HTTPS Howto?

Posted: 04 May 2013, 05:45
by gbcox
Oh, if you're running nginx header compression is off by default...

You'll want these two parameters in your config:
listen 443 ssl spdy; # turn spdy on
spdy_headers_comp 7; # compress your headers

Here is the nginx reference page:
http://nginx.org/en/docs/http/ngx_http_spdy_module.html

If you're running apache, it's probably similar... but since I'm not running it, can't comment on that...
Have fun...

Re: HTTPS Howto?

Posted: 04 May 2013, 09:54
by graymattr
Plugin installed, thanks!

Re: HTTPS Howto?

Posted: 04 May 2013, 12:44
by xtaz
gbcox wrote:SPDY will be enabled by default on Nginx 1.4.0 when it arrives in Fedora 19 - scheduled for July.


Not quite. You have to enable it by adding the keyword spdy in the listen line, so you have something like "listen 443 default_server ssl spdy;". I've been running spdy on my nginx for months as I ran the 1.3.x development version, although I've now switched to 1.4.0 now it's become the stable one. It works fine. Unfortunately it's only version 2 of the protocol, but I guess they'll update it to version 3 at some point. If you're interested in this sort of thing you should also enable OCSP stapling as that's a speed increase as well for compatible browsers as it doesn't have to go off to the CA to check if the cert is valid.

As for this problem.... I knew it wasn't anything to do with tt-rss. You were getting the PHP interpreter crashing with signal 11 and zend heap corruption messages. That pointed to something like memory corruption. I've only really ever seen things like this with broken hardware. Not completely sure why mod_php is this low level with SPDY support in apache. Would have thought the two would be completely separate. This reminds me of why I run nginx.

Re: HTTPS Howto?

Posted: 04 May 2013, 12:46
by fox
This is a well documented thing, discussed on this very forum recently.

Re: HTTPS Howto?

Posted: 04 May 2013, 18:00
by gbcox
xtaz wrote:Not quite. You have to enable it by adding the keyword spdy in the listen line

Depends what the definition of enabled is... :wink: Yeah, poor choice of words... I can see where that could be misinterpreted.
I had posted those configuration instructions a few comments up, and they are in a F18 howto I wrote yesterday. In any event, SPDY is included in nginx 1.4.0...

Regarding OCSP, that doesn't apply if you're using a self signed cert - and most people I would guess didn't pay a third party for a cert so they could have that third party vouch that their server was theirs. This is TTRSS, not Fort Knox.... :shock: Yeah, you'll get a message when you first access that the cert isn't signed by a trusted CA.. do you want to accept forever or for just this session. Click forever and you're done.