Xenforo Server Config Issue Causing Problems With XenForo

BamaStangGuy · Aug 6, 2015

We recently did an upgrade using the latest CentminMod and started having the following errors:

Code:

Server Error Log



Error Info

Zend_Http_Client_Adapter_Exception: Unable to Connect to ssl://accounts.google.com:443. Error #110: Connection timed out - library/Zend/Http/Client/Adapter/Socket.php:235
Generated By: Unknown Account, 31 minutes ago

Stack Trace

#0 /home/nginx/domains/christianforums.com/public/library/Zend/Http/Client.php(973): Zend_Http_Client_Adapter_Socket->connect('accounts.google...', 443, true)
#1 /home/nginx/domains/christianforums.com/public/library/XenForo/ControllerPublic/Register.php(1041): Zend_Http_Client->request('POST')
#2 /home/nginx/domains/christianforums.com/public/library/XenForo/FrontController.php(347): XenForo_ControllerPublic_Register->actionGoogle()
#3 /home/nginx/domains/christianforums.com/public/library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#4 /home/nginx/domains/christianforums.com/public/index.php(13): XenForo_FrontController->run()
#5 {main}

Request State

array(3) {
  ["url"] => string(119) "http://www.christianforums.com/register/google?code=4/NLQDmH_UM2_nszR0cjLGE_HGTjdWAYd4PiJ7sxxHNwA&csrf=L6u-zema8MqICzz1"
  ["_GET"] => array(3) {
    ["/register/google"] => string(0) ""
    ["code"] => string(45) "4/NLQDmH_UM2_nszR0cjLGE_HGTjdWAYd4PiJ7sxxHNwA"
    ["csrf"] => string(16) "L6u-zema8MqICzz1"
  }
  ["_POST"] => array(0) {
  }
}

This also occurs with Facebook, Twitter and ReCaptcha. It appears anything that connects to a secure connection fails.

Any ideas what we did wrong?

eva2000 · Aug 6, 2015

I believe @Andy experienced the same not sure if he resolved the problem ?

XF 1.3 - Unable to Connect to ssl://accounts.google.com:443 | XenForo Community

XF 1.4 - Google Login and Recaptcha Not Working | XenForo Community

XF 1.4 - Trouble loading resources via SSL | XenForo Community @deltahf

XF 1.4 - SSL Server Error - Couldn't connect to ssl:// | XenForo Community

XF 1.4 - Unable to Connect to ssl://secure.gravatar.com:443 | XenForo Community

Andy · Aug 6, 2015

I got the same issue, at the time I thought it was with the server since we got some host issue at the time.
I turn off recapcha no capcha but I believe I still have them complaining about unable to connect to google server for various things such as google sitemap, etc.

I didn't see anyone reported on XF so I thought only i had this issue.

eva2000 · Aug 6, 2015

added a few links with issues I found i.e. XF 1.4 - Trouble loading resources via SSL | XenForo Community

what version of PHP are you guys using ?

BamaStangGuy · Aug 6, 2015

I opened a ticket and Mike said others have reported it and it probably had something to do with IPV6 server config.

Hi,

We have had some reports of this recently, though it's really an issue with your network stack specifically and not something that XF has any direct control over.

It may be related to Google advertising IPv6 routes and there being issues with your IPv6 network settings. This is something that would need to be addressed on the server itself.

Regards,
Mike

BamaStangGuy · Aug 6, 2015

5.6

Andy · Aug 6, 2015

ipv6 seems to be an issue. But we need to show the host how they can replicate from their ends. Not sure how to do it since it's application specific.

I run php 5.6.11 and nginx 1.9.3, centos 7.1

eva2000 · Aug 6, 2015

haha guess all you folks are on reliablesite.net hosting Timeouts when downloading resources via SSL/IPv6 | Centmin Mod Community ?

FYI, quick test you can do for IPv6 enabled servers is curl test for google 443 port.
on working IPv6 system should return curl IPv6 only test output as follows

Code:

curl -6 -vvvv https://www.google.com/
*   Trying 2607:f8b0:400a:807::2004...
* Connected to www.google.com (2607:f8b0:400a:807::2004) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2, TLS handshake, Client hello (1):
* TLSv1.2, TLS handshake, Server hello (2):
* TLSv1.2, TLS handshake, CERT (11):
* TLSv1.2, TLS handshake, Server key exchange (12):
* TLSv1.2, TLS handshake, Server finished (14):
* TLSv1.2, TLS handshake, Client key exchange (16):
* TLSv1.2, TLS change cipher, Client hello (1):
* TLSv1.2, TLS handshake, Finished (20):
* TLSv1.2, TLS change cipher, Client hello (1):
* TLSv1.2, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*        subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=www.google.com
*        start date: 2015-07-23 15:41:59 GMT
*        expire date: 2015-10-21 00:00:00 GMT
*        subjectAltName: www.google.com matched
*        issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
*        SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.40.0
> Host: www.google.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Wed, 05 Aug 2015 19:44:29 GMT
< Expires: -1
< Cache-Control: private, max-age=0
< Content-Type: text/html; charset=ISO-8859-1
< P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
< Server: gws
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: PREF=ID=1111111111111111:FF=0:TM=1438803869:LM=1438803869:V=1:S=VMKoP6X7elCoGRjM; expires=Fri, 04-Aug-2017 19:44:29 GMT; path=/; domain=.google.com
< Set-Cookie: NID=70=p275rU6GHON0AWZURznrNMr54y0Jdx_ecLVR3NDbbgTo1a-nDHMd8EqZGjyojnipQlrAw4nW9bNbA7ZLvDlCg3sdQli8qG2-SxtuBF5sD1Ye7v0V5SAbZ65X2hqPK-Y-; expires=Thu, 04-Feb-2016 19:44:29 GMT; path=/; domain=.google.com; HttpOnly
< Alternate-Protocol: 443:quic,p=1
< Accept-Ranges: none
< Vary: Accept-Encoding
< Transfer-Encoding: chunked

on no working IPv6 or IPv6 disabled system curl test over IPv6 should timeout

Code:

curl -6 -vvvv https://www.google.com/
* About to connect() to www.google.com port 443 (#0)
*   Trying 2a00:1450:4001:807::1014...
* Connection timed out
* Failed connect to www.google.com:443; Connection timed out
* Closing connection 0
curl: (7) Failed connect to www.google.com:443; Connection timed out

But @deltahf mtr results more useful for web hosts I guess XF 1.4 - Trouble loading resources via SSL | XenForo Community

BamaStangGuy · Aug 6, 2015

I opened a ticket with ReliableSite

Andy · Aug 6, 2015

my curl ipv6 got timeout

eva2000 · Aug 6, 2015

Andy said: ↑

my curl ipv6 got timeout
Click to expand...

guess all sorted now ?

Andy · Aug 7, 2015

eva2000 said: ↑

guess all sorted now ?
Click to expand...

Yes, they sorted it out.
Thanks

eva2000 · Aug 7, 2015

Andy said: ↑

Yes, they sorted it out.
Thanks
Click to expand...

Great to hear

IPv6 can be a pain heh.. which is why alot of my servers don't have IPv6 or have it disabled

Only site with active IPv6 usage is my sslspdy.com site

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

Xenforo Server Config Issue Causing Problems With XenForo

BamaStangGuy Active Member

eva2000 Administrator Staff Member

Andy Active Member

eva2000 Administrator Staff Member

BamaStangGuy Active Member

BamaStangGuy Active Member

Andy Active Member

eva2000 Administrator Staff Member

BamaStangGuy Active Member

Andy Active Member

eva2000 Administrator Staff Member

Andy Active Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

Xenforo Server Config Issue Causing Problems With XenForo

BamaStangGuy Active Member

eva2000 Administrator Staff Member

Andy Active Member

eva2000 Administrator Staff Member

BamaStangGuy Active Member

BamaStangGuy Active Member

Andy Active Member

eva2000 Administrator Staff Member

BamaStangGuy Active Member

Andy Active Member

eva2000 Administrator Staff Member

Andy Active Member

eva2000 Administrator Staff Member

.