Problem loading pictures when HTTPS (with self-signed SSL) is installed

Friday, December 27, 2024 8:44:07 AM
  • Posted: Sunday, October 7, 2018 3:09 PM
  • 8
Followed the instructions from GrandNode Blog with installation as follows:

Version of GrandNode: 4.20.01
Version of MongoDB: 4.0.2
OS: Ubuntu 16.04.5 on Digital Ocean
NGINX version 1.14.0
OpenSSL 1.0.2g
Both GrandNode and MongoDB on the same droplet.
ufw firewall in Ubuntu: enabled or disabled - same behavior
Digital Ocean firewall:
Inbound Rules on: for HTTP   TCP   80 and 443   for All IPv4 All IPv6
Outbound Rules on: ICMP, All TCP, All UDP for All IPv4 All IPv6

Problem:
As I am trying to setup Digital Ocean firewall and setup new categories and products from time to time pictures are not showing up. Including the ones specific to the store , like logo (not only related to products).

It is becoming more obvious  (no pictures at all) when disabling HTTP in the Inbound Rules in Digital Ocean firewall or outbound rules.

In /etc/nginx/conf.d/default.conf,  I am redirecting all HTTP requests to HTTPS as recomended by:
https://mozilla.github.io/server-side-tls/ssl-config-generator/:
for OpenSSL 1.0.2g and NGINX version 1.14.0

server {
  listen 80;

   # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$host$request_uri;
    }
server {
  listen 443;
  server_name testapp.rubytreesoftware.com;
  root /opt/www/testapp/current/public;

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  ssl                  on;
  ssl_certificate      /etc/ssl/certs/secure.rubytreesoftware.com.1.2016.chain.crt;
  ssl_certificate_key  /etc/ssl/private/secure.rubytreesoftware.com.1.key;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers   "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

  ssl_prefer_server_ciphers   on;
  ssl_session_timeout  10m;  
  ssl_session_cache shared:SSL:10m;
  ssl_stapling on;

  try_files $uri/index.html $uri @unicorn;
  location @unicorn {
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;
    proxy_pass http://unicorn_testapp;
  }
  
  error_page 500 502 503 504 /500.html;
  client_max_body_size 4G;
  keepalive_timeout 10;  
}  
    
0
  • Posted: Sunday, October 7, 2018 4:22 PM
  • 8
My mistake as above I have pasted another  /etc/nginx/conf.d/default.conf.
Basically I am redirecting all HTTP requests to HTTPS as recommended by:
https://mozilla.github.io/server-side-tls/ssl-config-generator/:
for OpenSSL 1.0.2g and NGINX version 1.14.0
and customizing the rest of the file based on my application current settings.
(I can not paste the code as I can not select the content of the file using DigitalOcean's console)

server {
  listen 80;

   # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
    return 301 https://$host$request_uri;
    }
server {
listen 443 ssl http2;
listen [::] : 443 ssl http2;

ssl on;
...customized GrandNode setting....

}
0
  • Posted: Monday, October 8, 2018 10:00 AM
  • 953
Hello,

Can you show me appsettings.json file?

Best,
Patryk
Best regards,
Patryk

GrandNode Team
0
  • Posted: Monday, October 8, 2018 5:14 PM
  • 8
Update: As another example of the same behavior. Almost always the pictures for the categories set to Show on home page are missing but the rest of the pictures are visible.

If I log in as with the main account every pictures shows up.

Paul.
0
  • Posted: Monday, October 8, 2018 5:17 PM
  • Team
  • 153
Hi,
Could you share your store URL ?
Regards
Krzysztof
0
  • Posted: Monday, October 8, 2018 7:22 PM
  • 8
The test site: firstchoicechannel.com

Right now on
1. Laptop/Linux/Firefox 62.0.3 (64-bit) - the Books category does not show any pictures
2. iPhone 6s: Safari no pictures at all on any categories. Chrome the only pictures are missing are from the books category.

The checkout still not working neither as a guest nor as a registered user.

This is only a test site.
0
  • Posted: Monday, October 8, 2018 7:41 PM
  • Team
  • 153
Paul,
Please try to install correct Certificate SSL :) Try use Let's encrypt.
In browser console there is a message: ERR_CERT_AUTHORITY_INVALID
I think the problem caused by incorrect certificate.
Regards
Krzysztof
0
  • Posted: Monday, October 8, 2018 8:05 PM
  • Team
  • 153
About checkout page and redirect to cart - Your billing save url address has wrong value Billing.saveUrl "http://www.firstchoicechannel.com/checkout/OpcSaveBilling/"
it shouldbe have with HTTPS
It would be great if you send us access to your admin panel (by email)
Regards
Krzysztof
0
back to top
Filters