Discover Centmin Mod today
Register Now

New Install: WP + LetsEncrypt SSL = Content Formatting Off

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Michael W, Nov 12, 2018.

  1. Michael W

    Michael W New Member

    8
    1
    3
    Nov 12, 2018
    Ratings:
    +3
    Local Time:
    6:20 PM
    Hello,

    Just testing out your Centmin Mod stack, and it's been great thus far.. but ran into a small issue.

    Cent OS 7 64-Bit on Vultr
    Centmin Mod: 123.09beta01
    PHP 7.2

    Installed Wordpress successfully using "centmin" and 22). Add Wordpress Nginx vhost + Cache Plugin"

    I went through the prompts to use LetsEncrypt SSL and the install appeared to be successful.

    However, once the site loaded, it redirected to the https:// version of the site and the formatting was off (theme wasn't loading correctly).

    Strangely, I was able to log into wp-admin, and the site looked completely fine once I was logged in. I searched the entire db for any entries pointing to the non-secure version of the site and replaced it with the secure https version, so it's not a mixed content issue. I even forced https redirect, didn't help fix the issue.

    Any help?
     
  2. eva2000

    eva2000 Administrator Staff Member

    37,261
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    9:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    There could be 2 possible reasons for theme issues

    1. mixed content
    2. centmin mod centmin.sh menu option 22 wpsecure and autoprotect.sh blocking your theme or plugin functionality

    Or combination of both issues.

    If you have mixed content issue so need to adjust your web app and/or web site style itself see What Is Mixed Content? - KeyCDN Support

    Centmin Mod values security and puts additional measures in place so that end users are also mindful of security. So in your case, you might need to whitelist or unblock the WP plugins related to your 403 permission denied messages.

    If you used centmin.sh menu option 22 auto installer Wordpress Nginx Auto Installer, the default wpsecure conf file at /usr/local/nginx/conf/wpincludes/${vhostname}/wpsecure_${vhostname}.conf where vhostname is your domain name, blocks php scripts from executing in wp-content for security

    Below links you can see examples of setting up specific wordpress location matches to punch a hole in the wpsecure blocking to whitelist specific php files that need to be able to run.

    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
    Check if your nginx vhost at either or both /usr/local/nginx/conf/conf.d/domain.com.conf and/or /usr/local/nginx/conf/conf.d/domain.com.ssl.conf has include file for autoprotect example
    Code (Text):
    include /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf;
    

    see if your directory for the script which has issues is caught in an autoprotect include entry in /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf which has a deny all entry
    Code (Text):
    cat /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf
    

    i.e.
    Code (Text):
    # /home/nginx/domains/domain.com/public/subdirectory/js
    location ~* ^/subdirectory/js/ { allow 127.0.0.1; deny all; }
    

    If caught you can whitelist it by autoprotect bypass .autoprotect-bypass file - details below here. So if problem js file is at domain.com/subdirectory/js/file.js then it is likely /subdirectory/js has a .htaccess with deny all in it - make sure that directory is meant to be publicly accessible by contacting author of script and if so, you can whitelist it and re-run autoprotect script to regenerate your /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    it maybe you need to also whitelist /subdirectory then it would be as follows creating bypass files at /home/nginx/domains/domain.com/public/subdirectory/.autoprotect-bypass and /home/nginx/domains/domain.com/public/subdirectory/js/.autoprotect-bypass
    Code (Text):
    cd /home/nginx/domains/domain.com/public/subdirectory/
    touch .autoprotect-bypass
    cd /home/nginx/domains/domain.com/public/subdirectory/js
    touch .autoprotect-bypass
    /usr/local/src/centminmod/tools/autoprotect.sh
    nprestart
    

    then double check to see if updated /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf include file now doesn't show an entry for /subdirectory/js
     
  3. Michael W

    Michael W New Member

    8
    1
    3
    Nov 12, 2018
    Ratings:
    +3
    Local Time:
    6:20 PM
    Thanks for the reply, eva2000.

    hmm.. still kind of stumped.

    I completely disabled autoprotect to see if that would resolve the issue, but the site is still not loading correctly.

    I don't believe I have any mixed content issue. I've already went through the db and checked for any old links to the http:// version of the site. I ran a test on Why No Padlock? and it showed I had no mixed content either.
     
  4. eva2000

    eva2000 Administrator Staff Member

    37,261
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    9:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    have you checked chrome devtool network and console tab for clues ?
     
  5. Michael W

    Michael W New Member

    8
    1
    3
    Nov 12, 2018
    Ratings:
    +3
    Local Time:
    6:20 PM
    Thanks. I see a couple errors:

    First error:
    Code:
    Refused to apply style from 'https://domain.com/wp-content/cache/autoptimize/autoptimize_single_9994bfceda93b8700b8b290c7a008579.php' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
    Then second error:
    Code:
    GET https://domain.com/wp-content/cache/autoptimize/autoptimize_ab564aab6d43605b89db18355ee3e04a.php net::ERR_ABORTED 403 (Forbidden)

    Seems the autoptimize is causing me some troubles. Any ideas?
     
  6. eva2000

    eva2000 Administrator Staff Member

    37,261
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    9:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    When did you install and run centmin.sh menu option 22, as I committed a fix which should of fixed this back on November 1, 2018 AEST ~11 days ago centminmod/centminmod - edit: actually, i made the fix in the newer fastcgi_cache routines and forgot to add it to cacher enabler routine :eek: Just updated to add missing update at update inc/wpsetup.inc autoptimize plugin wp-cli set up in 123.09beta01 · centminmod/[email protected]

    it's due to autoptmize newer 2.4 version having additional settings field changes which were incompatible with my automatically set autoptimize settings.

    so if you go into wp-admin autoptimize and re-save the settings it should fix it.
     
    Last edited: Nov 12, 2018
    • Informative Informative x 1
  7. Michael W

    Michael W New Member

    8
    1
    3
    Nov 12, 2018
    Ratings:
    +3
    Local Time:
    6:20 PM
    Thanks, going into autoptimize and re-saving the settings/clear cache, fixed the issue.

    I installed centminmod today and ran the script today.
     
    • Like Like x 1
  8. eva2000

    eva2000 Administrator Staff Member

    37,261
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    9:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    • Like Like x 1
  9. Michael W

    Michael W New Member

    8
    1
    3
    Nov 12, 2018
    Ratings:
    +3
    Local Time:
    6:20 PM
    • Informative Informative x 1
  10. eva2000

    eva2000 Administrator Staff Member

    37,261
    8,140
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,532
    Local Time:
    9:20 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Seems like autoptimize has more new updates for their latest version. So maybe might di auto settings config though i haven't experienced this myself
     
..