Want to subscribe to topics you're interested in?
Become a Member

XenForo Image Proxy Doesn't Work PHP error

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by BamaStangGuy, May 17, 2017.

  1. BamaStangGuy

    BamaStangGuy Active Member

    465
    136
    43
    May 25, 2014
    Ratings:
    +179
    Local Time:
    12:01 PM
    Code:
    https://scontent.flhr4-1.fna.fbcdn.net/v/t1.0-9/18423910_10155664309115663_595233483256971599_n.jpg?oh=7ec179134b11792e0f76cd2b70451b0e&oe=5974297D could not be fetched or is not a valid image. The specific error message was: Unable to Connect to ssl://scontent.flhr4-1.fna.fbcdn.net:443. Error #110: Connection timed out
    This is a fresh CentminMod install and I have moved an xenforo forum to this install. Everything else is working correctly it seems but the image proxy will only return that when I test it.

    The same image works correctly on all other xf sites on other centminmod installs.

    I am at a lost as to what is going on here?
     
  2. BamaStangGuy

    BamaStangGuy Active Member

    465
    136
    43
    May 25, 2014
    Ratings:
    +179
    Local Time:
    12:01 PM
    I have compared Curl and PHP settings between the server this works on and the one it doesn't and can't find anything. :confused:
     
  3. eva2000

    eva2000 Administrator Staff Member

    28,976
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,765
    Local Time:
    3:01 AM
    Nginx 1.13.x
    MariaDB 5.5
    could be network related you have IPv6 enabled ?
     
  4. BamaStangGuy

    BamaStangGuy Active Member

    465
    136
    43
    May 25, 2014
    Ratings:
    +179
    Local Time:
    12:01 PM
    I can't see where it would be different ipv6 wise than other servers. Each server is a OVH one I tested on where the image works and all have IPV6 enabled.

    Not sure where to go troubleshooting IPV6?
     
  5. BamaStangGuy

    BamaStangGuy Active Member

    465
    136
    43
    May 25, 2014
    Ratings:
    +179
    Local Time:
    12:01 PM
    This isn't an IPV6 issue. I have disabled IPV6 on the server and the error persists.
     
  6. eva2000

    eva2000 Administrator Staff Member

    28,976
    6,579
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,765
    Local Time:
    3:01 AM
    Nginx 1.13.x
    MariaDB 5.5
    What output do you get from this command
    Code (Text):
    curl -Iv 'https://scontent.flhr4-1.fna.fbcdn.net/v/t1.0-9/18423910_10155664309115663_595233483256971599_n.jpg?oh=7ec179134b11792e0f76cd2b70451b0e&oe=5974297D'
    

    example from my OVH BHS server facebook CDN image url connected via HTTP/2 based HTTPS with ECC 256bit based ECDSA ssl cipher SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and prioritised IPv6 first which I have not configured (yet to disabled) and waits a few seconds before it is connected via IPv4 IP.
    Code (Text):
    *   Trying 2a00:23a0:1f4:0:face:b00c:0:a7...
    * TCP_NODELAY set
    *   Trying 109.144.0.145...
    * TCP_NODELAY set
    * Connected to scontent.flhr4-1.fna.fbcdn.net (109.144.0.145) port 443 (#0)
    * Initializing NSS with certpath: sql:/etc/pki/nssdb
    *   CAfile: none
      CApath: none
    * loaded libnssckbi.so
    * ALPN, server accepted to use h2
    * SSL connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    * Server certificate:
    *       subject: CN=*.flhr4-1.fna.fbcdn.net,O="Facebook, Inc.",L=Menlo Park,ST=CA,C=US
    *       start date: Aug 01 00:00:00 2016 GMT
    *       expire date: Aug 09 12:00:00 2017 GMT
    *       common name: *.flhr4-1.fna.fbcdn.net
    *       issuer: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
    * Using HTTP2, server supports multi-use
    * Connection state changed (HTTP/2 confirmed)
    * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
    * Using Stream ID: 1 (easy handle 0xe88bb0)
    > HEAD /v/t1.0-9/18423910_10155664309115663_595233483256971599_n.jpg?oh=7ec179134b11792e0f76cd2b70451b0e&oe=5974297D HTTP/2
    > Host: scontent.flhr4-1.fna.fbcdn.net
    > User-Agent: curl/7.54.0
    > Accept: */*
    >
    * Connection state changed (MAX_CONCURRENT_STREAMS updated)!
    < HTTP/2 200
    HTTP/2 200
    

    if i disabled IPv6 specifically FAQ/CentOS7 - CentOS Wiki then it would connect first to IPv4