HTTPS Howto?

Support requests, bug reports, etc. go here. Dedicated servers / VDS hosting only
graymattr
Bear Rating Trainee
Bear Rating Trainee
Posts: 24
Joined: 29 Apr 2013, 02:46

Re: HTTPS Howto?

Postby graymattr » 03 May 2013, 20:35

Thanks for the suggestions, everyone. I'll keep poking away at it. It's odd that I am seeing stuff like this only when I hit the site over 443. These errors look to me to be directory/file issues, but my eye is very much untrained. If I use the site on port 80, I rarely see any errors. I also can trigger this every time by trying to load preferences. If I dont navigate to them, I can use the site without much issue. =/

Code: Select all

[Fri May 03 20:28:05 2013] [notice] child pid 11954 exit signal Segmentation fault (11)
[Fri May 03 20:28:05 2013] [notice] child pid 11956 exit signal Segmentation fault (11)
[Fri May 03 20:28:17 2013] [error] [client x.x.x.x] PHP Warning:  require_once(functions.php): failed to open stream: No such file or directory in /home/user/public_html/mysite.com/backend.php on line 41, referer: https://www.mysite.com/prefs.php
[Fri May 03 20:28:17 2013] [error] [client x.x.x.x] PHP Fatal error:  require_once(): Failed opening required 'functions.php' (include_path='.:/usr/share/php:/usr/share/pear') in /home/user/public_html/mysite.com/backend.php on line 41, referer: https://www.mysite.com/prefs.php
[Fri May 03 20:28:17 2013] [error] [client x.x.x.x] PHP Fatal error:  Cannot redeclare session_get_schema_version() (previously declared in /home/user/public_html/mysite.com/include/sessions.php:24) in /home/user/public_html/mysite.com/include/sessions.php on line 35, referer: https://www.mysite.com/prefs.php
[Fri May 03 20:28:17 2013] [notice] child pid 11955 exit signal Segmentation fault (11)
[Fri May 03 20:28:17 2013] [error] [client x.x.x.x] PHP Warning:  require_once(functions.php): failed to open stream: No such file or directory in /home/user/public_html/mysite.com/backend.php on line 41, referer: https://www.mysite.com/prefs.php
[Fri May 03 20:28:17 2013] [error] [client x.x.x.x] PHP Fatal error:  require_once(): Failed opening required 'functions.php' (include_path='.:/usr/share/php:/usr/share/pear') in /home/user/public_html/mysite.com/backend.php on line 41, referer: https://www.mysite.com/prefs.php
[Fri May 03 20:28:18 2013] [error] [client x.x.x.x] PHP Warning:  require_once(): A session is active. You cannot change the session module's ini settings at this time in /home/user/public_html/mysite.com/include/functions.php on line 2877, referer: https://www.mysite.com/prefs.php
[Fri May 03 20:28:18 2013] [error] [client x.x.x.x] PHP Warning:  require_once(db.php): failed to open stream: No such file or directory in /home/user/public_html/mysite.com/backend.php on line 43, referer: https://www.mysite.com/prefs.php
[Fri May 03 20:28:18 2013] [error] [client x.x.x.x] PHP Fatal error:  require_once(): Failed opening required 'db.php' (include_path='.:/usr/share/php:/usr/share/pear') in /home/user/public_html/mysite.com/backend.php on line 43, referer: https://www.mysite.com/prefs.php


In the meantime, I changed my php memory setting to 256, which does not seem to have fixed the issue. I'll keep digging.

Anyhow, thanks again!

gbcox
Bear Rating Master
Bear Rating Master
Posts: 149
Joined: 25 Apr 2013, 04:52

Re: HTTPS Howto?

Postby gbcox » 03 May 2013, 22:03

Do you have your ownership and access privs set properly? I believe I posted a link to a howto for Fedora. I would recommend you look it up and use the suggested defaults. You are pointing to /home/user/ typically for apache/nginx most often stuff resides at /var/www/html/ and the owner is apache:apache - in addition all my files in that directory are set to 777 (which probably shouldn't be the case btw...)

graymattr
Bear Rating Trainee
Bear Rating Trainee
Posts: 24
Joined: 29 Apr 2013, 02:46

Re: HTTPS Howto?

Postby graymattr » 03 May 2013, 22:28

For security purposes, I try to keep all the web files in a user directory, rather than in /var/. Point taken on the permissions; I'll take a look. I previously didn't look into this because it all works unless I am on port 443, which is the odd part.

Thanks.

graymattr
Bear Rating Trainee
Bear Rating Trainee
Posts: 24
Joined: 29 Apr 2013, 02:46

Re: HTTPS Howto?

Postby graymattr » 04 May 2013, 01:53

I got it fixed (!!!). It turns out that an incomplete configuration of SPDY was to blame (Doh!). I had neglected to make the switch from mod_php5 to fcgid_module, which was causing the errors. Once I did this, all is working as expected. Sorry for all of the noise, hopefully this saves the next guy/gal from the same mistake. Here's the page that has the walkthrough for fixing this:

https://developers.google.com/speed/spdy/mod_spdy/php

Thanks to all of the helpful folks who jumped in to try to help out, I appreciate it! Cheers!

User avatar
sleeper_service
Bear Rating Overlord
Bear Rating Overlord
Posts: 884
Joined: 30 Mar 2013, 23:50
Location: Dallas, Texas

Re: HTTPS Howto?

Postby sleeper_service » 04 May 2013, 03:51

graymattr wrote:I got it fixed (!!!). It turns out that an incomplete configuration of SPDY was to blame (Doh!).


funny, SPDY was the cause of another "your damn ttrss crap is broken" thread just a few days ago.

at least you weren't as adamant that it was ttrss that was broken ;)

turned out to be the same mod_php problem then, too.

gbcox
Bear Rating Master
Bear Rating Master
Posts: 149
Joined: 25 Apr 2013, 04:52

Re: HTTPS Howto?

Postby gbcox » 04 May 2013, 04:11

SPDY will be enabled by default on Nginx 1.4.0 when it arrives in Fedora 19 - scheduled for July.

User avatar
sleeper_service
Bear Rating Overlord
Bear Rating Overlord
Posts: 884
Joined: 30 Mar 2013, 23:50
Location: Dallas, Texas

Re: HTTPS Howto?

Postby sleeper_service » 04 May 2013, 04:28

gbcox wrote:SPDY will be enabled by default on Nginx 1.4.0 when it arrives in Fedora 19 - scheduled for July.


well, hopefully, it'll be configured properly, so people won't keep blaming ttrss when it's their misconfigured servers.

gbcox
Bear Rating Master
Bear Rating Master
Posts: 149
Joined: 25 Apr 2013, 04:52

Re: HTTPS Howto?

Postby gbcox » 04 May 2013, 04:53

sleeper_service wrote:well, hopefully, it'll be configured properly, so people won't keep blaming ttrss when it's their misconfigured servers.


ROFL... well, everybody has to start somewhere - many folks haven't done anything like this before. I'm trying to do my part by staying ahead of the curve - testing things out and writing how-to postings and updating my blog. I built the nginx rpm for F18 tonight from the F19 source and it was as easy as: yum upgrade nginx
I've also upgraded to mariadb from mysql since that is going to be the default in F19. It is a drop-in replacement and the commands are the same. No issues there either. I posted an article for those running F18 on how to do it if they wanted to implement before F19 and avoid the conversion process at that time.

Here is some good advice for everybody:
Image

graymattr
Bear Rating Trainee
Bear Rating Trainee
Posts: 24
Joined: 29 Apr 2013, 02:46

Re: HTTPS Howto?

Postby graymattr » 04 May 2013, 05:05

sleeper_service wrote:
graymattr wrote:I got it fixed (!!!). It turns out that an incomplete configuration of SPDY was to blame (Doh!).


funny, SPDY was the cause of another "your damn ttrss crap is broken" thread just a few days ago.

at least you weren't as adamant that it was ttrss that was broken ;)

turned out to be the same mod_php problem then, too.


Welp, I sure wish I had seen that, or if I did, connected the dots sooner. :P

gbcox
Bear Rating Master
Bear Rating Master
Posts: 149
Joined: 25 Apr 2013, 04:52

Re: HTTPS Howto?

Postby gbcox » 04 May 2013, 05:37

Don't know which browser you're using, but Firefox and Chrome both have a plugin which shows a green lightning bolt when SPDY is enabled. It's kinda cool for testing purposes...

For Firefox:
https://addons.mozilla.org/en-US/firefo ... indicator/
For Chrome:
http://www.devthought.com/2012/03/10/ch ... indicator/

gbcox
Bear Rating Master
Bear Rating Master
Posts: 149
Joined: 25 Apr 2013, 04:52

Re: HTTPS Howto?

Postby gbcox » 04 May 2013, 05:45

Oh, if you're running nginx header compression is off by default...

You'll want these two parameters in your config:
listen 443 ssl spdy; # turn spdy on
spdy_headers_comp 7; # compress your headers

Here is the nginx reference page:
http://nginx.org/en/docs/http/ngx_http_spdy_module.html

If you're running apache, it's probably similar... but since I'm not running it, can't comment on that...
Have fun...

graymattr
Bear Rating Trainee
Bear Rating Trainee
Posts: 24
Joined: 29 Apr 2013, 02:46

Re: HTTPS Howto?

Postby graymattr » 04 May 2013, 09:54

Plugin installed, thanks!

xtaz
Bear Rating Master
Bear Rating Master
Posts: 174
Joined: 24 Dec 2009, 16:48

Re: HTTPS Howto?

Postby xtaz » 04 May 2013, 12:44

gbcox wrote:SPDY will be enabled by default on Nginx 1.4.0 when it arrives in Fedora 19 - scheduled for July.


Not quite. You have to enable it by adding the keyword spdy in the listen line, so you have something like "listen 443 default_server ssl spdy;". I've been running spdy on my nginx for months as I ran the 1.3.x development version, although I've now switched to 1.4.0 now it's become the stable one. It works fine. Unfortunately it's only version 2 of the protocol, but I guess they'll update it to version 3 at some point. If you're interested in this sort of thing you should also enable OCSP stapling as that's a speed increase as well for compatible browsers as it doesn't have to go off to the CA to check if the cert is valid.

As for this problem.... I knew it wasn't anything to do with tt-rss. You were getting the PHP interpreter crashing with signal 11 and zend heap corruption messages. That pointed to something like memory corruption. I've only really ever seen things like this with broken hardware. Not completely sure why mod_php is this low level with SPDY support in apache. Would have thought the two would be completely separate. This reminds me of why I run nginx.

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: HTTPS Howto?

Postby fox » 04 May 2013, 12:46

This is a well documented thing, discussed on this very forum recently.

gbcox
Bear Rating Master
Bear Rating Master
Posts: 149
Joined: 25 Apr 2013, 04:52

Re: HTTPS Howto?

Postby gbcox » 04 May 2013, 18:00

xtaz wrote:Not quite. You have to enable it by adding the keyword spdy in the listen line

Depends what the definition of enabled is... :wink: Yeah, poor choice of words... I can see where that could be misinterpreted.
I had posted those configuration instructions a few comments up, and they are in a F18 howto I wrote yesterday. In any event, SPDY is included in nginx 1.4.0...

Regarding OCSP, that doesn't apply if you're using a self signed cert - and most people I would guess didn't pay a third party for a cert so they could have that third party vouch that their server was theirs. This is TTRSS, not Fort Knox.... :shock: Yeah, you'll get a message when you first access that the cert isn't signed by a trusted CA.. do you want to accept forever or for just this session. Click forever and you're done.


Return to “Support”

Who is online

Users browsing this forum: Google [Bot] and 9 guests