1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 Trouble loading resources via SSL

Discussion in 'Troubleshooting and Problems' started by DeltaHF, Aug 3, 2015.

Tags:
  1. DeltaHF

    DeltaHF Well-Known Member

    Since applying the 1.4.10 patch (I think - I have since completed the full upgrade to 1.4.10), my XenForo install has had intermittent difficulty connecting to external sites and services running SSL. The problem manifests in a few ways:

    1.) My Server Error Logs are full of these messages. Note that the Sitemap can't be submitted to Google, either. (I'm not sure about those TCP errors from Blogspot. It appears they were generated by a user attempting to load images into the XFMG from a Blogspot URL.)
    Screen Shot 2015-08-03 at 6.18.54 PM.png

    2.) The image proxy seemingly randomly fails to load images served from SSL origin servers. Certain images hosted by Wikimedia, Flickr, Pinterest, and other major CDNs all report the same "Error #110: Connection timed out" error message when I input their URLs to the Image Proxy test in the AdminCP.

    3.) The XF Media Gallery cannot pull thumbnails or metadata from YouTube when submitting new media. It generates roughly the same message in the Server Error Logs:

    Code:
    Zend_Http_Client_Adapter_Exception: Unable to Connect to ssl://www.youtube.com:443. Error #110: Connection timed out - library/Zend/Http/Client/Adapter/Socket.php:235
    Generated By: username, 23 minutes ago
    I'm at a bit of a loss on how to troubleshoot this further. Any help would be appreciated.
     
  2. Chris D

    Chris D XenForo Developer Staff Member

    We haven't made any changes here, and these are typically connectivity issues. For persistent connectivity issues, these won't be caused by changes in the code so the first port of call would be looking into any changes that may have been made on the server/network side.
     
    DeltaHF likes this.
  3. Dan

    Dan Well-Known Member

    I have been getting these as well. I haven't found anything that would suggest it is a XenForo issue, unfortunately, as it would be easier to track down.
     
  4. Dan

    Dan Well-Known Member

  5. DeltaHF

    DeltaHF Well-Known Member

    Interesting that you're also seeing this, @Dan. What is your server configuration like? I'm on a dedicated server, CentOS 6.6, configured with Centminmod (Nginx/PHP-FPM/MariaDB/CSF Firewall).

    Since posting this thread, I've tried using wget to download two of the images that were failing, bypassing PHP:
    Code:
    $ wget https://s-media-cache-ak0.pinimg.com/736x/86/ea/2b/86ea2bb8fc6e82c1db13e1b3cbf09742.jpg
    
    --2015-08-03 18:47:59--  https://s-media-cache-ak0.pinimg.com/736x/86/ea/2b/86ea2bb8fc6e82c1db13e1b3cbf09742.jpg
    Resolving s-media-cache-ak0.pinimg.com... 2600:1408:17:3a2::2781, 2600:1408:17:39e::2781, 2600:1408:17:3a0::2781, ...
    Connecting to s-media-cache-ak0.pinimg.com|2600:1408:17:3a2::2781|:443... failed: Connection timed out.
    Connecting to s-media-cache-ak0.pinimg.com|2600:1408:17:39e::2781|:443... failed: Connection timed out.
    Connecting to s-media-cache-ak0.pinimg.com|2600:1408:17:3a0::2781|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 71070 (69K) [image/jpeg]
    Saving to: “86ea2bb8fc6e82c1db13e1b3cbf09742.jpg”
    
    100%[=========================================================================================================================>] 71,070      --.-K/s   in 0.03s
    
    2015-08-03 18:48:30 (2.31 MB/s) - “86ea2bb8fc6e82c1db13e1b3cbf09742.jpg” saved [71070/71070]
    
    Code:
    $ wget https://upload.wikimedia.org/wikipedia/commons/c/ce/Alfa_Romeo_GTV_facelift_front.JPG
    
    --2015-08-03 18:51:29--  https://upload.wikimedia.org/wikipedia/commons/c/ce/Alfa_Romeo_GTV_facelift_front.JPG
    Resolving upload.wikimedia.org... 2620:0:861:ed1a::2:b, 208.80.154.240
    Connecting to upload.wikimedia.org|2620:0:861:ed1a::2:b|:443... failed: Connection timed out.
    Connecting to upload.wikimedia.org|208.80.154.240|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 442188 (432K) [image/jpeg]
    Saving to: “Alfa_Romeo_GTV_facelift_front.JPG”
    
    100%[=========================================================================================================================>] 442,188     2.35M/s   in 0.2s  
    
    2015-08-03 18:51:44 (2.35 MB/s) - “Alfa_Romeo_GTV_facelift_front.JPG” saved [442188/442188]
    

    Curiously, both of these hosts seem to be using IPv6 in addition to SSL, and I'm sure Google supports IPv6 for their account authorization servers, too...
     
  6. Dan

    Dan Well-Known Member

    Centos 6.6 VPS with standard lamp with CSF Firewall

    The above samples work for me though they are not trying IPv6 :
    Code:
    root@host [~]# wget https://upload.wikimedia.org/wikipedia/commons/c/ce/Alfa_Romeo_GTV_facelift_front.JPG
    --2015-08-03 18:45:33--  https://upload.wikimedia.org/wikipedia/commons/c/ce/Alfa_Romeo_GTV_facelift_front.JPG
    Resolving upload.wikimedia.org... 208.80.154.240, 2620:0:861:ed1a::2:b
    Connecting to upload.wikimedia.org|208.80.154.240|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 442188 (432K) [image/jpeg]
    Saving to: “Alfa_Romeo_GTV_facelift_front.JPG”
    
    100%[======================================>] 442,188     2.00M/s   in 0.2s   
    
    2015-08-03 18:45:34 (2.00 MB/s) - “Alfa_Romeo_GTV_facelift_front.JPG” saved [442188/442188]
     
  7. BamaStangGuy

    BamaStangGuy Well-Known Member

    Same issues here.
     
    Andy.N likes this.
  8. DeltaHF

    DeltaHF Well-Known Member

    I found the problem: a misconfigured router on my hosting company's network was delaying IPv6 traffic.

    @BamaStangGuy @Dan @bloop Are you guys also hosting with ReliableSite.net?

    I was able to identify the problematic router by running some mtr trace routes out of my server to IPv6 compatible hosts. As you can see, it was always failing at the fourth hop if I let it default to IPv6. When forcing it to IPv4 (with the -4 flag), it completed the trace quickly.
    Code:
    $ mtr --report --report-cycles=20 google.com
    HOST: server.mydomain.net        Loss%   Snt   Last   Avg  Best  Wrst StDev
      1. 2605:9880:0:65::1             0.0%    20    0.3   0.6   0.2   4.2   1.0
      2. ethernetethernet15-c5-14-a2-  0.0%    20    0.2   0.3   0.2   0.4   0.0
      3. vl210-br2.pnj1.choopa.net    0.0%    20    4.0   4.0   0.2  12.5   4.5
      4. ???                          100.0    20    0.0   0.0   0.0   0.0   0.0
    
    $ mtr --report -4 google.com
    HOST: server.mydomain.net        Loss%   Snt   Last   Avg  Best  Wrst StDev
      1. hosted-by.reliablesite.net   0.0%    10    0.8   0.8   0.7   0.8   0.0
      2. ethernetethernet15-c5-14-a2-  0.0%    10    0.1   0.2   0.1   0.3   0.0
      3. vl210-br2.pnj1.choopa.net    0.0%    10    0.2   0.2   0.2   0.3   0.1
      4. 108.61.244.41                 0.0%    10  100.9  12.2   0.2 100.9  31.4
      5. core1-0-2-0.lga.net.google.c  0.0%    10    1.1   1.2   1.0   1.3   0.1
      6. 216.239.50.108                0.0%    10    1.9   1.8   1.6   2.0   0.1
      7. 209.85.253.111                0.0%    10    1.8   1.8   1.7   1.9   0.1
      8. lga25s40-in-f14.1e100.net    0.0%    10    1.8   1.8   1.7   2.1   0.1
    
    $ mtr --report google.com
    HOST: server.mydomain.net        Loss%   Snt   Last   Avg  Best  Wrst StDev
      1. 2605:9880:0:65::1             0.0%    10    0.3   0.3   0.2   0.4   0.0
      2. ethernetethernet15-c5-14-a2-  0.0%    10    0.2   0.3   0.2   0.3   0.0
      3. vl210-br2.pnj1.choopa.net    0.0%    10    1.8   1.0   0.2   3.8   1.2
      4. ???                          100.0    10    0.0   0.0   0.0   0.0   0.0
    
    $ mtr --report -4 upload.wikimedia.org
    HOST: server.mydomain.net        Loss%   Snt   Last   Avg  Best  Wrst StDev
      1. hosted-by.reliablesite.net   0.0%    10    0.8   0.8   0.6   0.9   0.1
      2. ethernetethernet15-c5-14-a2-  0.0%    10    0.2   0.2   0.2   0.2   0.0
      3. vl210-br2.pnj1.choopa.net    0.0%    10    0.3   2.1   0.2   9.6   3.7
      4. 108.61.244.41                 0.0%    10    2.3   4.7   0.2  11.9   4.0
      5. nyc1-core.gigabiteth4-0.swip  0.0%    10    1.1   1.1   1.0   1.3   0.1
      6. ash1-peer-1.xe-0-2-1-unit0.t  0.0%    10    6.9   6.8   6.7   6.9   0.1
      7. 130.244.6.243                 0.0%    10    7.0   6.8   6.7   7.0   0.1
      8. upload-lb.eqiad.wikimedia.or  0.0%    10    6.5   6.3   6.2   6.6   0.2
    
    $ mtr --report upload.wikimedia.org
    HOST: server.mydomain.net        Loss%   Snt   Last   Avg  Best  Wrst StDev
      1. 2605:9880:0:65::1             0.0%    10    0.3   0.3   0.2   0.6   0.1
      2. ethernetethernet15-c5-14-a2-  0.0%    10    0.2   0.3   0.2   0.4   0.0
      3. vl210-br2.pnj1.choopa.net    0.0%    10    0.2   0.8   0.2   4.1   1.2
      4. ???                          100.0    10    0.0   0.0   0.0   0.0   0.0
    
    $ mtr --report -4 facebook.com
    HOST: server.mydomain.net        Loss%   Snt   Last   Avg  Best  Wrst StDev
      1. hosted-by.reliablesite.net   0.0%    10    0.7   0.7   0.6   0.8   0.0
      2. ethernetethernet15-c5-14-a2-  0.0%    10    0.2   0.2   0.1   0.2   0.0
      3. vl210-br2.pnj1.choopa.net    0.0%    10    0.3   3.4   0.2   9.8   3.7
      4. ae-33.r05.nycmny01.us.bb.gin  0.0%    10    1.6   1.5   1.4   1.6   0.1
      5. ae-1.r23.nycmny01.us.bb.gin. 90.0%    10    8.8   8.8   8.8   8.8   0.0
      6. ae-9.r22.asbnva02.us.bb.gin.  0.0%    10    7.2   7.6   7.1  10.2   0.9
      7. ae-44.r06.asbnva02.us.bb.gin  0.0%    10    7.4   7.6   7.4   7.9   0.2
      8. ae-2.facebook.asbnva02.us.bb 0.0%    10    7.9   9.7   6.9  30.0   7.2
      9. be12.bb01.iad3.tfbnw.net     0.0%    10   25.8  25.7  25.6  25.9   0.1
    10. ae28.bb04.frc3.tfbnw.net     0.0%    10   22.7  24.0  22.6  31.7   2.8
    11. ae4.dr05.frc1.tfbnw.net      0.0%    10   22.8  22.5  22.3  22.8   0.2
    12. ???                          100.0    10    0.0   0.0   0.0   0.0   0.0
    13. ???                          100.0    10    0.0   0.0   0.0   0.0   0.0
    14. ???                          100.0    10    0.0   0.0   0.0   0.0   0.0
    15. ???                          100.0    10    0.0   0.0   0.0   0.0   0.0
    16. edge-star-shv-12-frc3.facebo  0.0%    10   25.3  25.2  25.1  25.3   0.1
    
    $ mtr --report facebook.com
    HOST: server.mydomain.net        Loss%   Snt   Last   Avg  Best  Wrst StDev
      1. 2605:9880:0:65::1             0.0%    10    0.3   0.3   0.2   0.5   0.1
      2. ethernetethernet15-c5-14-a2-  0.0%    10    0.2   0.3   0.2   0.4   0.1
      3. vl210-br2.pnj1.choopa.net    0.0%    10    0.2   2.3   0.2   8.3   3.0
      4. ???                          100.0    10    0.0   0.0   0.0   0.0   0.0
    I sent these mtr results to RelaibleSite and they had it fixed in a few hours. Since then, no problems running trace routes, no problems connecting to accounts.google.com, and no more image proxy issues. If you are hosting with another provider, I would recommend running these tests from your server to confirm.

    Thanks to @eva2000 for helping me troubleshoot this!
     
    bloop, Dan, eva2000 and 1 other person like this.
  9. Andy.N

    Andy.N Well-Known Member

    Great job. I had the same host and issue.
    now, will get them to fix this.
     
  10. DeltaHF

    DeltaHF Well-Known Member

    Ah! The problem may already be fixed for you, assuming all our servers' traffic is running through that same router.

    Note that the broken images in XenForo's Image Proxy won't immediately fix themselves until they expire or are requested again.
     
    eva2000 likes this.
  11. Mouth

    Mouth Well-Known Member

    The irony! :)
     
    Andy.N and DeltaHF like this.
  12. DeltaHF

    DeltaHF Well-Known Member

    I know...they kind of set themselves up with that name, didn't they? :ROFLMAO:

    To their credit, though, they were very responsive and fixed the problem quickly, and I've been very happy with their service, otherwise.
     
  13. eva2000

    eva2000 Well-Known Member

    Nice seems to have a few folks on reliablesite hosting hit with this :)

    Glad I was able to steer you in right direction :)
     
  14. Andy.N

    Andy.N Well-Known Member

    Their recent ipv6 issue caused my site to be down for over 24 hours.
    Twice.
    They only have email support and it took several hours to get a reply "we are assigning this to a technician who will look into this" while my paying customers post on our FB account about what's going on.
    To say I"m not happy is an understatement. I seriously considered moving to another host.
    Maybe I still move after this.
     
  15. Dan

    Dan Well-Known Member

    @DeltaHF Thanks for this. I am with KnownHost but I will check into this. On a side note, haven't received another of these errors in some time.
     
  16. DeltaHF

    DeltaHF Well-Known Member

    Yikes, yeah, that's not good. Best of luck in whatever you decide to do.

    I actually think KnownHost operates out of the same datacenter in Piscataway, New Jersey. It's a huge facility.
     
    Dan likes this.
  17. bloop

    bloop Member

    @DeltaHF, thank you so much, I am indeed with Reliablesite.
     
    DeltaHF likes this.
  18. BamaStangGuy

    BamaStangGuy Well-Known Member

    Hello,

    Thank you for the details. We have notified the networking team and will keep you updated until the issue has been resolved.

    Thank you,
    ReliableSite.Net LLC
     
  19. Andy.N

    Andy.N Well-Known Member

    They have fixed the problem for our server.
     
    bloop and DeltaHF like this.
  20. Andy.N

    Andy.N Well-Known Member

    @BamaStangGuy @Dan @bloop @DeltaHF
    Not sure if you guys get these errors last few days

    Code:
    Zend_Http_Client_Adapter_Exception: Read timed out after 10 seconds - library/Zend/Http/Client/Adapter/Socket.php:512
    Generated By: Unknown Account, Today at 3:13 PM
    Stack Trace
    #0 /home/nginx/domains/public/library/Zend/Http/Client/Adapter/Socket.php(330): Zend_Http_Client_Adapter_Socket->_checkSocketReadTimeout()
    #1 /home/nginx/domains/public/library/Zend/Http/Client.php(989): Zend_Http_Client_Adapter_Socket->read()
    #2 /home/nginx/domains/public/library/DigitalPointBetterAnalytics/Helper/Reporting.php(491): Zend_Http_Client->request('GET')
    #3 /home/nginx/domains/public/library/DigitalPointBetterAnalytics/Helper/Reporting.php(395): DigitalPointBetterAnalytics_Helper_Reporting->_execHandler('analytics_realt...')
    #4 /home/nginx/domains/public/library/DigitalPointBetterAnalytics/Model/Analytics.php(205): DigitalPointBetterAnalytics_Helper_Reporting->getRealtime('rt:activeUsers', 'rt:pagePath', '-rt:activeUsers', 'rt:pagePath=~/i...')
    #5 /home/nginx/domains/public/library/DigitalPointBetterAnalytics/CronEntry/Cron.php(15): DigitalPointBetterAnalytics_Model_Analytics->getRealtimeUsage()
    #6 [internal function]: DigitalPointBetterAnalytics_CronEntry_Cron::runVeryOften(Array)
    #7 /home/nginx/domains/public/library/XenForo/Model/Cron.php(357): call_user_func(Array, Array)
    #8 /home/nginx/domains/public/library/WhoHasReadAThread/Model/Cron.php(30): XenForo_Model_Cron->runEntry(Array)
    #9 /home/nginx/domains/public/library/XenForo/Deferred/Cron.php(24): WhoHasReadAThread_Model_Cron->runEntry(Array)
    #10 /home/nginx/domains/public/library/XenForo/Model/Deferred.php(294): XenForo_Deferred_Cron->execute(Array, Array, 7.9999971389771, '')
    #11 /home/nginx/domains/public/library/XenForo/Model/Deferred.php(428): XenForo_Model_Deferred->runDeferred(Array, 7.9999971389771, '', false)
    #12 /home/nginx/domains/public/library/XenForo/Model/Deferred.php(373): XenForo_Model_Deferred->_runInternal(Array, NULL, '', false)
    #13 /home/nginx/domains/public/deferred.php(23): XenForo_Model_Deferred->run(false)
    #14 {main}
    Not sure if this is a Google server issue, my host issue or something with @digitalpoint Better Analytics addon.
     

Share This Page