Want more timely Centmin Mod News Updates?
Become a Member

Xenforo Server Config Issue Causing Problems With XenForo

Discussion in 'Forum software usage' started by BamaStangGuy, Aug 6, 2015.

Tags:
  1. BamaStangGuy

    BamaStangGuy Active Member

    465
    136
    43
    May 25, 2014
    Ratings:
    +179
    Local Time:
    12:19 PM
    We recently did an upgrade using the latest CentminMod and started having the following errors:

    Code:
    Server Error Log
    
    
    
    Error Info
    
    Zend_Http_Client_Adapter_Exception: Unable to Connect to ssl://accounts.google.com:443. Error #110: Connection timed out - library/Zend/Http/Client/Adapter/Socket.php:235
    Generated By: Unknown Account, 31 minutes ago
    
    Stack Trace
    
    #0 /home/nginx/domains/christianforums.com/public/library/Zend/Http/Client.php(973): Zend_Http_Client_Adapter_Socket->connect('accounts.google...', 443, true)
    #1 /home/nginx/domains/christianforums.com/public/library/XenForo/ControllerPublic/Register.php(1041): Zend_Http_Client->request('POST')
    #2 /home/nginx/domains/christianforums.com/public/library/XenForo/FrontController.php(347): XenForo_ControllerPublic_Register->actionGoogle()
    #3 /home/nginx/domains/christianforums.com/public/library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
    #4 /home/nginx/domains/christianforums.com/public/index.php(13): XenForo_FrontController->run()
    #5 {main}
    
    Request State
    
    array(3) {
      ["url"] => string(119) "http://www.christianforums.com/register/google?code=4/NLQDmH_UM2_nszR0cjLGE_HGTjdWAYd4PiJ7sxxHNwA&csrf=L6u-zema8MqICzz1"
      ["_GET"] => array(3) {
        ["/register/google"] => string(0) ""
        ["code"] => string(45) "4/NLQDmH_UM2_nszR0cjLGE_HGTjdWAYd4PiJ7sxxHNwA"
        ["csrf"] => string(16) "L6u-zema8MqICzz1"
      }
      ["_POST"] => array(0) {
      }
    }
    
    This also occurs with Facebook, Twitter and ReCaptcha. It appears anything that connects to a secure connection fails.

    Any ideas what we did wrong?
     
    • Like Like x 1
  2. Andy

    Andy Active Member

    281
    42
    28
    Aug 6, 2014
    Ratings:
    +49
    Local Time:
    1:19 PM
    I got the same issue, at the time I thought it was with the server since we got some host issue at the time.
    I turn off recapcha no capcha but I believe I still have them complaining about unable to connect to google server for various things such as google sitemap, etc.

    I didn't see anyone reported on XF so I thought only i had this issue.
     
  3. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,743
    Local Time:
    3:19 AM
    Nginx 1.13.x
    MariaDB 5.5
  4. BamaStangGuy

    BamaStangGuy Active Member

    465
    136
    43
    May 25, 2014
    Ratings:
    +179
    Local Time:
    12:19 PM
    I opened a ticket and Mike said others have reported it and it probably had something to do with IPV6 server config.

    Hi,

    We have had some reports of this recently, though it's really an issue with your network stack specifically and not something that XF has any direct control over.

    It may be related to Google advertising IPv6 routes and there being issues with your IPv6 network settings. This is something that would need to be addressed on the server itself.

    Regards,
    Mike
     
  5. BamaStangGuy

    BamaStangGuy Active Member

    465
    136
    43
    May 25, 2014
    Ratings:
    +179
    Local Time:
    12:19 PM
    5.6
     
  6. Andy

    Andy Active Member

    281
    42
    28
    Aug 6, 2014
    Ratings:
    +49
    Local Time:
    1:19 PM
    ipv6 seems to be an issue. But we need to show the host how they can replicate from their ends. Not sure how to do it since it's application specific.

    I run php 5.6.11 and nginx 1.9.3, centos 7.1
     
  7. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,743
    Local Time:
    3:19 AM
    Nginx 1.13.x
    MariaDB 5.5
    haha guess all you folks are on reliablesite.net hosting Timeouts when downloading resources via SSL/IPv6 | Centmin Mod Community ?

    FYI, quick test you can do for IPv6 enabled servers is curl test for google 443 port.
    on working IPv6 system should return curl IPv6 only test output as follows
    Code:
    curl -6 -vvvv https://www.google.com/
    *   Trying 2607:f8b0:400a:807::2004...
    * Connected to www.google.com (2607:f8b0:400a:807::2004) port 443 (#0)
    * successfully set certificate verify locations:
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * TLSv1.2, TLS handshake, Client hello (1):
    * TLSv1.2, TLS handshake, Server hello (2):
    * TLSv1.2, TLS handshake, CERT (11):
    * TLSv1.2, TLS handshake, Server key exchange (12):
    * TLSv1.2, TLS handshake, Server finished (14):
    * TLSv1.2, TLS handshake, Client key exchange (16):
    * TLSv1.2, TLS change cipher, Client hello (1):
    * TLSv1.2, TLS handshake, Finished (20):
    * TLSv1.2, TLS change cipher, Client hello (1):
    * TLSv1.2, TLS handshake, Finished (20):
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
    * Server certificate:
    *        subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=www.google.com
    *        start date: 2015-07-23 15:41:59 GMT
    *        expire date: 2015-10-21 00:00:00 GMT
    *        subjectAltName: www.google.com matched
    *        issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
    *        SSL certificate verify ok.
    > GET / HTTP/1.1
    > User-Agent: curl/7.40.0
    > Host: www.google.com
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < Date: Wed, 05 Aug 2015 19:44:29 GMT
    < Expires: -1
    < Cache-Control: private, max-age=0
    < Content-Type: text/html; charset=ISO-8859-1
    < P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
    < Server: gws
    < X-XSS-Protection: 1; mode=block
    < X-Frame-Options: SAMEORIGIN
    < Set-Cookie: PREF=ID=1111111111111111:FF=0:TM=1438803869:LM=1438803869:V=1:S=VMKoP6X7elCoGRjM; expires=Fri, 04-Aug-2017 19:44:29 GMT; path=/; domain=.google.com
    < Set-Cookie: NID=70=p275rU6GHON0AWZURznrNMr54y0Jdx_ecLVR3NDbbgTo1a-nDHMd8EqZGjyojnipQlrAw4nW9bNbA7ZLvDlCg3sdQli8qG2-SxtuBF5sD1Ye7v0V5SAbZ65X2hqPK-Y-; expires=Thu, 04-Feb-2016 19:44:29 GMT; path=/; domain=.google.com; HttpOnly
    < Alternate-Protocol: 443:quic,p=1
    < Accept-Ranges: none
    < Vary: Accept-Encoding
    < Transfer-Encoding: chunked
    
    on no working IPv6 or IPv6 disabled system curl test over IPv6 should timeout
    Code:
    curl -6 -vvvv https://www.google.com/
    * About to connect() to www.google.com port 443 (#0)
    *   Trying 2a00:1450:4001:807::1014...
    * Connection timed out
    * Failed connect to www.google.com:443; Connection timed out
    * Closing connection 0
    curl: (7) Failed connect to www.google.com:443; Connection timed out
    But @deltahf mtr results more useful for web hosts I guess XF 1.4 - Trouble loading resources via SSL | XenForo Community
     
    Last edited: Aug 6, 2015
  8. BamaStangGuy

    BamaStangGuy Active Member

    465
    136
    43
    May 25, 2014
    Ratings:
    +179
    Local Time:
    12:19 PM
    I opened a ticket with ReliableSite
     
    • Like Like x 1
  9. Andy

    Andy Active Member

    281
    42
    28
    Aug 6, 2014
    Ratings:
    +49
    Local Time:
    1:19 PM
    my curl ipv6 got timeout
     
  10. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,743
    Local Time:
    3:19 AM
    Nginx 1.13.x
    MariaDB 5.5
    guess all sorted now ?
     
  11. Andy

    Andy Active Member

    281
    42
    28
    Aug 6, 2014
    Ratings:
    +49
    Local Time:
    1:19 PM
    Yes, they sorted it out.
    Thanks
     
    • Like Like x 1
  12. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,743
    Local Time:
    3:19 AM
    Nginx 1.13.x
    MariaDB 5.5
    Great to hear :)

    IPv6 can be a pain heh.. which is why alot of my servers don't have IPv6 or have it disabled :)

    Only site with active IPv6 usage is my sslspdy.com site :)
     
    • Informative Informative x 1