I've got mod_pagespeed installed under apache2/php5-fpm and it's working fine on my domain that isn't using SSL (it's combining css and js no probs), however when I access the SSL version of the same site, it no longer works. I've tried setting the variable:
ModPagespeedFetchHttps enable
But it still is not working. The site is behind basic auth security, would this matter?
I can see in the response headers under the SSL version of the site that mod_pagespeed is there, but it's not working it's magic.
Does accessing resources require authentication? If so, then mod_pagespeed probably is not able to access them (it just does an http fetch for resources to rewrite).
Are the same resources available on http? If so, you're best bet might be MapOriginDomain:
ModPagespeedMapOriginDomain http://www.example.com/ https://www.example.com/
This will fetch all resources with HTTP even when the page is requested with HTTPS. So this would avoid the authentication issue.
See also, https://developers.google.com/speed/pagespeed/module/https_support for more help with various HTTPS issues.
In addition to the above answer, also make sure you have added the directory for the ModPagespeedSslCertFile in your config file.
Check "Configuring SSL Certificates" at
https://developers.google.com/speed/pagespeed/module/https_support
Related
I am working on a 2-player card game. The two client facing pages are hosted on Github pages and the node server is running on AWS.
Everything works fine when I view my client side pages locally, but when I try to open them on Github pages I get this error:
Mixed Content: The page at '' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ''. This request has been blocked; the content must be served over HTTPS.
So then I change the connection url to include https like this:
var socket = io.connect("https://ec2-18-191-142-129.us-east-2.compute.amazonaws.com:3000");
And I get this error:
index.js:83 GET https://ec2-18-191-142-129.us-east-2.compute.amazonaws.com:3000/socket.io/?EIO=3&transport=polling&t=N71Cs6c net::ERR_SSL_PROTOCOL_ERROR
Here are my security groups:
Do I need to do something with an SSL certificate? Is it even possible with my current setup as I don't have access to the domain I am hosting on (Github Pages). If it's not possible are there any online services I can host my client code on and get an SSL certificate, or do I have to buy a domain and hosting? Any help welcome, but please try to explain it because I am very new to all this. Thank you.
Ec2 doesn't support https like this ("out of the box").
There is several way of doing it, but I suggest you should create a application load balancer (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html) and then configure https on it (https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html).
Other solution can be using Cloudfront, or configure https directly on the instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-amazon-linux-2.html).
Hope that makes sense.
As mentioned by alcyon, changing from HTTP to HTTPS does not enable your application to run over HTTPS. There are many ways to achieve this. Checkout the detailed guide by AWS for your use-case at https://aws.amazon.com/premiumsupport/knowledge-center/configure-acm-certificates-ec2/ .
I have my domain pointed in Cloudflare with SSL. My website runs with HTTPS protocol. The reason i mention them running is this.
I have my blog at blogspot and want to give it custom domain name which google allows. Unfortunately google wont allow HTTPS there. I had created my blog like this in DNS as blog.domain.com which runs as https://blog.domain.com and if i host this subdomain via Github, it opens correctly. The problem is when i use this subdomain in blogger, then there arises conflict and my site goes offline. Where am i mistaking in setting up all this?
Don't enable full or restricted SSL option in cloudflare. Use flexible SSL instead. This will setup things correctly.
We have a cpanel server that hosts some web sites. we have 2 hosts that use SSL. When I open a non SSL website with http:// everything is ok but when I type https:// , it shows the contents of one of the SSL websites instead of displaying not found error!!
Usually the first one which is defined in httpd.conf.
I also signed up in cPanel forum, but I do not know how to post a new question!! I cannot find post a question or new post or something like that.
Any help is appreciated.
Your question is really confusing. It would be better if you can edit and elaborate your question. Still let me guess your question and answer it.
Your cPanel server has hosted more than one websites, out of them only two have SSL certificate. Let me guess those two sites as abc.com and xyz.com. Now if I have understood your question properly, when you try to access 123.com (which is non HTTPS website) with HTTPS it is showing content of abc.com.
If yes, then this case refers to SSL misconfiguration. To solve this issue, SSL certificate should be installed properly on both websites and only those two sites can be accessible with HTTPS. It is advisable to use SSL Certificate checker for both sites to know whether SSL is installed properly or not.
We're seeing some minor issues with a cache and https on a non-secure site/domain.
The site doesn't have a certificate and therefore is not https. URLs are generated dynamically on the site though, so if someone manually visits the site using https, https will be used in the relative URLs - this is an issue for images and external resources as they then get blocked.
On an individual basis this doesn't worry me, the real issue is that if the above happens on a page that hasn't yet been cached, the cache reflects the https error in the URLs, and attempts to serve https resources to normal users, thereby leaving all external resources blocked. We've just seen this happen on a set of pages.
I have no idea why someone would be attempting to access the site using https, but unfortunately it seems to happen.
Is there any way to route all https traffic directly to http? It's a frustrating issue as the site doesn't purport to be secure, doesn't have a certificate, and therefore security issues like this are meaningless - ideally https requests should just be being parsed as http.
Any help appreciated!
Edit:
Turns out after some research that this may not be possible. The method suggested in the comments should work (with the addition of an on/off flag for the condition), however it only works if SSL is available. i.e. if https isn't working in the first place, it doesn't seem you can build conditions around it.
I've got a fairly simple app deployed on OpenShift that uses CloudFlare as a DNS provider, since they support CNAME records for the root domain, which our current domain provider does not.
The issue with this setup is somewhere along the line https is not working. I believe this is an OpenShift issue because it's the same kind of issue you get when you've mapped the domain name to your app but haven't added the proper aliases yet - you get a timeout essentially.
We've got two aliases - with www and without. There's no option to specify https or anything with OpenShift aliases from what I can see. There aren't any SSL certificates assigned to these aliases as we do not need or use https - we're on the Free plan.
The main URL to access the site is http://www.jcuri.com - notice this works as expected, however https://www.jcuri.com times out.
Initially we were thinking of using CloudFlare page rules to auto-redirect to a non-https URL however this is locked down behind a paywall which we're hoping to avoid, as we don't need any of the Pro features.
Is there something I'm missing here? It seems that OpenShift is just denying any https connections purely because we don't have certificates assigned to the aliases. I wouldn't even mind if there were certificate errors, at least that would give us a chance to do a redirect on the actual NodeJS application, but we don't even reach that point.
Can anyone offer some advice on this?
Since those domains are not pointed directly at openshift via CNAME, but are seemingly redirected via another service (from what i can tell from the dns) it is hard to say whether it is OpenShift that is causing the https issues. If you do not have a custom ssl certificate installed on openshift, you will just get an invalid certificate error, but since you are using a redirect service, maybe it is possible that the service is checking the certificate first, seeing an error, and then not working?
Since the https page rules you stated above are behind a paywall, this actually makes a lot of sense that they are blocking it, not OpenShift. Godaddy provided a forwarding service that would allow you to point both www and naked domain to openshift correctly using cnames, i have used it before.