Installed latest Ngnix and now XF isnt loading properly?

Kainzo

Active member
Installed latest Ngix and now this..
herocraftonline.com
Unsure what could have caused this.
Note: I am self hosting. Have been using XF since 2011 and have never encountered this issue before.
 

Attachments

  • BZVleRb.webp
    BZVleRb.webp
    61.2 KB · Views: 17
Last edited:
Probably going to relate to this
Code:
(index):21 Mixed Content: The page at 'https://herocraftonline.com/main/' was loaded over HTTPS, but requested an insecure stylesheet 'http://herocraftonline.com/main/css.php?css=EWRporta2,EWRporta2_ArticleList…ices,panel_scroller,profile_post_list_simple&style=31&dir=LTR&d=1518540542'. This request has been blocked; the content must be served over HTTPS.

(index):41 Mixed Content: The page at 'https://herocraftonline.com/main/' was loaded over HTTPS, but requested an insecure stylesheet 'http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css'. This request has been blocked; the content must be served over HTTPS.

(index):1 Mixed Content: The page at 'https://herocraftonline.com/main/' was loaded over HTTPS, but requested an insecure stylesheet 'http://herocraftonline.com/main/css.php?css=xenforo,form,public&style=31&dir=LTR&d=1518540542'. This request has been blocked; the content must be served over HTTPS.

(index):1 Mixed Content: The page at 'https://herocraftonline.com/main/' was loaded over HTTPS, but requested an insecure stylesheet 'http://herocraftonline.com/main/css.php?css=EWRporta2,EWRporta2_ArticleList…ices,panel_scroller,profile_post_list_simple&style=31&dir=LTR&d=1518540542'. This request has been blocked; the content must be served over HTTPS.

(index):1 Mixed Content: The page at 'https://herocraftonline.com/main/' was loaded over HTTPS, but requested an insecure stylesheet 'http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css'. This request has been blocked; the content must be served over HTTPS.

Looks like you have a LOT of calls to an HTTP resource and it should be HTTPS.

You say you "installed the latest nginx"? What were you using before? Did you install NGINX mainline? NGINX stable? NGINX unit?
Did you install it via the OS process (APT, YUM) or did you install it manually? Did it advise that it was changing any control files during the upgrade (if this was an update to an existing install) and did you pay attention to what those changes were?

Are you using CloudFlare with your site?
Answer... yep, looks like it

Screen Shot 2018-02-13 at 11.18.55 AM.webp

You need to disable that crappy RocketLoader.... and there may be another setting for compression that you need to disable.
Are you using Full SSL, Flexible SSL?
Is this something you just did?
So many questions that have not been answered.
 
Last edited:
Probably going to relate to this
Code:
(index):21 Mixed Content: The page at 'https://herocraftonline.com/main/' was loaded over HTTPS, but requested an insecure stylesheet 'http://herocraftonline.com/main/css.php?css=EWRporta2,EWRporta2_ArticleList…ices,panel_scroller,profile_post_list_simple&style=31&dir=LTR&d=1518540542'. This request has been blocked; the content must be served over HTTPS.

(index):41 Mixed Content: The page at 'https://herocraftonline.com/main/' was loaded over HTTPS, but requested an insecure stylesheet 'http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css'. This request has been blocked; the content must be served over HTTPS.

(index):1 Mixed Content: The page at 'https://herocraftonline.com/main/' was loaded over HTTPS, but requested an insecure stylesheet 'http://herocraftonline.com/main/css.php?css=xenforo,form,public&style=31&dir=LTR&d=1518540542'. This request has been blocked; the content must be served over HTTPS.

(index):1 Mixed Content: The page at 'https://herocraftonline.com/main/' was loaded over HTTPS, but requested an insecure stylesheet 'http://herocraftonline.com/main/css.php?css=EWRporta2,EWRporta2_ArticleList…ices,panel_scroller,profile_post_list_simple&style=31&dir=LTR&d=1518540542'. This request has been blocked; the content must be served over HTTPS.

(index):1 Mixed Content: The page at 'https://herocraftonline.com/main/' was loaded over HTTPS, but requested an insecure stylesheet 'http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css'. This request has been blocked; the content must be served over HTTPS.

Looks like you have a LOT of calls to an HTTP resource and it should be HTTPS.

You say you "installed the latest nginx"? What were you using before? Did you install NGINX mainline? NGINX stable? NGINX unit?
Did you install it via the OS process (APT, YUM) or did you install it manually? Did it advise that it was changing any control files during the upgrade (if this was an update to an existing install) and did you pay attention to what those changes were?

Are you using CloudFlare with your site?
Answer... yep, looks like it

View attachment 168796

You need to disable that crappy RocketLoader.... and there may be another setting for compression that you need to disable.
Are you using Full SSL, Flexible SSL?
Is this something you just did?
So many questions that have not been answered.
Actually, if I recall the sequence of events.. It may not have been updating to Nginx latest...
1. Saw that I had a handshaking error in cloudflare so I went from "full" to "flexible" SSL.
2. Looked into DigitalOcean and saw that my machine power cycled
3. Updated 70 packages in Webmin (including Nginx)
4. Saw the default apache message (Weird?) on the websites so checked Nginx status
5. Something else was binding to the ip so had to clear it and restart Ngix
6. Herocraftonline.com reacted as such.

Maybe my SSL cert went bad? I really dont know much about it and I am at a loss why it just randomly died or expired...
Just now disabled RocketLoader. (it was set to manual)
 
Is Webmin using nginx as a reverse proxy or as an actual HTTP primary service? I don't do panels because they actually add a level of unnecessary complexity when trouble shooting IMHO.
If you went to Flexible SSL there will be changes you have to make on the HTTP server to REMOVE all SSL rewrites since you are not serving up your site via SSL any longer (unless you are using a cert you created on the VPS). There is also a setting that sometimes has to be set in the XenForo config file when using SSL with CloudFlare - but I honestly don't remember what it was.
 
Is Webmin using nginx as a reverse proxy or as an actual HTTP primary service? I don't do panels because they actually add a level of unnecessary complexity when trouble shooting IMHO.
If you went to Flexible SSL there will be changes you have to make on the HTTP server to REMOVE all SSL rewrites since you are not serving up your site via SSL any longer (unless you are using a cert you created on the VPS). There is also a setting that sometimes has to be set in the XenForo config file when using SSL with CloudFlare - but I honestly don't remember what it was.
I added Flexible because it wouldnt even let me into the domain otherwise. I think my SSL cert expired or became invalid? im unsure of that.
Uncheck the 'Minify CSS' option under the 'Speed' tab in CF.
Unchecked Minify all the things and purged cache to see if it works.
Retested and it still is mishapen and things... does anyone know how I can resolve the SSL issue?

SSL
Encrypt communication to and from your website using SSL.
It may take up to 24 hours after the site becomes active on Cloudflare for new certificates to issue.
Status Active Certificate
 
Top Bottom