We have an iOS app that reads information from our secure web server. Everything was working great until my friend moved back to the US. Now his phone only downloads data the first time after the app run for the first time after installation or after he switches from phone data to wifi. The app works perfectly every time for me and I'm outside the US (as it did for him before he moved to the US). His relatives have reported the same issue.
Both of us have an iPhone 6 running iOS 10.2. I've got the development code but he's not a developer and doesn't have a macbook so I cant debug his phone directly. I've downloaded the app from Test Flight to make sure I've got the same binary.
(FYI: I did fix an issue with an old self-signed certificate being left behind on the server that caused him issues with SSL failures. I have no TLS/networking info.plist entries in the app other than Non-Exempt Encryption = No.)
Our server is hosted in the US and runs Apache 2.4.18 with PHP and has a commercial certificate. I've run various certificate testers and they all say the certificate works perfectly (even before I added Forwarding Secrecy). I've cranked up the Apache logs to "trace6" to see what the SSL is doing but his second attempts to access the server (almost) never logs anything in the site access.log or error.log.
Occasionally he will get this in the Apache site error.log on his second attempts in the app (I've done a little redacting):
[Sun Jan 29 18:27:48.129214 2017] [ssl:info] [pid 6690] [client 70.211.19.XXX:8740] AH01964: Connection to child 8 established (server (redacted).net:443)
[Sun Jan 29 18:27:48.129312 2017] [ssl:trace2] [pid 6690] ssl_engine_rand.c(126): Seeding PRNG with 656 bytes of entropy
[Sun Jan 29 18:27:48.129354 2017] [ssl:trace3] [pid 6690] ssl_engine_kernel.c(1970): [client 70.211.19.XXX:8740] OpenSSL: Handshake: start
[Sun Jan 29 18:27:48.129365 2017] [ssl:trace3] [pid 6690] ssl_engine_kernel.c(1979): [client 70.211.19.XXX:8740] OpenSSL: Loop: before/accept initialization
[Sun Jan 29 18:27:48.129376 2017] [ssl:trace4] [pid 6690] ssl_engine_io.c(2065): [client 70.211.19.XXX:8740] OpenSSL: I/O error, 11 bytes expected to read on BIO#5566ac3b3e20 [mem: 5566ac3ef790]
[Sun Jan 29 18:27:48.129380 2017] [ssl:trace3] [pid 6690] ssl_engine_kernel.c(2008): [client 70.211.19.XXX:8740] OpenSSL: Exit: error in SSLv2/v3 read client hello A
[Sun Jan 29 18:27:48.129385 2017] [ssl:debug] [pid 6690] ssl_engine_io.c(1227): (70014)End of file found: [client 70.211.19.XXX:8740] AH02007: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
[Sun Jan 29 18:27:48.129390 2017] [ssl:info] [pid 6690] [client 70.211.19.XXX:8740] AH01998: Connection closed to child 8 with abortive shutdown (server (redacted).net:443)
One concern here is the line with "OpenSSL: Exit: error in SSLv2/v3 read client hello A". TLS 1.2 is on the server, of course, and SSLv3 is disabled - as I believe it should be.
As a test I created a test app to test DNS, HTTP and HTTPS and he gets 404 errors only on the https pages. I can access any page from my phone as often as I like - at exactly the same time he gets 404s. I then get him to access https:\\www.google.com and it works every time for him. He then tries our server and ... instant 404 and nothing in the server logs.
I repeat - I never have any problems at all. Same phone, same iOS, same binary.
Has anyone come across anything like this before?
EDIT: Updated the scenario and correct some information that wasn't quite right.
I found my issue and it's a little embarrassing but if this helps someone else then here goes. The 404 was trying to tell me something.
In my country all the ISPs are still running IPv4. My friend moved to the US and everything over there is IPv6. Basically, by accident I hadn't setup Apache to point the IPv6/SSL config to the same "HTML" directory as IPv4/SSL - hence the 404s for him and not for me. However IPv6 on port 80 was configured correctly. I couldn't test IPv6 because it's not available to me.
I figured it out after using wget on the server. I could get a hit on the index.html page but nothing else. I found an extra "html" directory and hence the IPv6 config that pointed to it. There was nothing in the logs because they were the wrong logs (rolls eyes and feels like a noob).
I had tried an IPv6 proxy page but, as it turns out, it's broken. Even after I fixed my site and the app works on IPv6 the proxy site still gives SSL errors. It might be using an outdated protocol that I've banned. Quite the red herring.
Related
I have a Docker container with all my PHP7 enviroment for develop and everything works well except xdebug. The extension is enabled, with all the correct settings to enable remote debug, I setted up the remote host which is ok but when I make a request to a website inside this container if I check the apache error log I see this error:
[Thu Jun 01 05:44:31.529883 2017] [:error] [pid 916] [client 172.18.0.1:40306] XDebug could not open the remote debug file '/var/log/apache2/xdebug_remote.log'., referer: XXXXXXX
The file xdebug_remote.log has all the privileges, so this in theory would not be the problem. So, anyone has any idea what the problem might be?
I am having a hard time tracing an issue and hope someone can help. We have a Joomla Site along with ApnsPHP that is able to send push messages for one app already. We have a second app, using a different PEM. Only the first message is sent out, then there is no answer from the apple push Server and everything hangs until the time out Ends the request.
The same site is running on two other Servers, on Windows and one OS X machine. Both do send out Messages with the same Code/PEM/Tokens successfully. It is the Clients OS X Mac Mini Server which is failing.
This is what I get on the Client machine:
Tue, 15 Dec 2015 17:02:55 +0100 ApnsPHP[42117]: INFO: Trying tls://gateway.push.apple.com:2195...
Tue, 15 Dec 2015 17:02:56 +0100 ApnsPHP[42117]: INFO: Connected to tls://gateway.push.apple.com:2195.
Tue, 15 Dec 2015 17:02:56 +0100 ApnsPHP[42117]: INFO: Sending messages queue, run #1: 1 message(s) left in queue.
Tue, 15 Dec 2015 17:02:56 +0100 ApnsPHP[42117]: STATUS: Sending message ID 1 [custom identifier: CYD-Badge-1] (1/3): 157 bytes.
I have a rails application that uses PostgreSQL. Today is the first time messing around with it after upgrading to Ubuntu 15.04 from 14.04 (I upgraded just about a week ago). When I try to start the rails server, it says:
"/home/nate/.rvm/gems/ruby-2.1.5/gems/activerecord-4.2.0/lib/active_record/connection_adapters/postgresql_adapter.rb:651:in `initialize': could not connect to server: Connection refused (PG::ConnectionBad)
Is the server running on host "localhost" (127.0.0.1) and accepting
TCP/IP connections on port 5432?"
Based on this message, I first tried rebooting and then when that did not work, ran this command to start the server:
sudo /etc/init.d/postgresql start
I ran the rails server and it worked! However, after clicking around a few times I got another similar message and noticed that the service had stopped again. I started it again and then a few minutes later it happened again.
Next, I checked the PostgreSQL log and found this. I see several "record with zero length at..." entries as well as "database system was interrupted" and "database was not properly shut down". After some more searching I found some posts that said to use "pg_resetxlog", but with no real details on how to issue the command (it requires additional parameters)...but other sites say only do that as a very last resort. So I'm not sure what to do. Any ideas? Here is the PostgreSQL log:
2015-05-14 14:46:40 CDT [12654-1] LOG: database system was shut down at 2015-05-07 20:20:04 CDT
2015-05-14 14:46:40 CDT [12655-1] [unknown]#[unknown] LOG: incomplete startup packet
2015-05-14 14:46:40 CDT [12659-1] LOG: autovacuum launcher started
2015-05-14 14:46:40 CDT [12653-1] LOG: database system is ready to accept connections
2015-05-14 14:49:42 CDT [12871-1] LOG: database system was interrupted; last known up at 2015-05-14 14:46:40 CDT
2015-05-14 14:49:42 CDT [12871-2] LOG: database system was not properly shut down; automatic recovery in progress
2015-05-14 14:49:42 CDT [12871-3] LOG: record with zero length at 0/147A88F8
2015-05-14 14:49:42 CDT [12871-4] LOG: redo is not required
2015-05-14 14:49:42 CDT [12875-1] LOG: autovacuum launcher started
2015-05-14 14:49:42 CDT [12870-1] LOG: database system is ready to accept connections
Please edit this file postgresql.conf listen_addresses = '*'
Edit this file pg_hba.conf and add host all all 127.0.0.1/32 md5
I am running a cowboy erlang server. My server was genereted by following the getting started instructions on the 99s site, and I am running it with a command line:
./_rel/myapp_release/bin/myapp_release console
Thing is, after a certain while of no activity, the server crashes, and does not recover. The message I am getting is this:
heart: Sat Aug 16 22:33:18 2014: heart-beat time-out, no activity for 1771 seconds
heart: Sat Aug 16 22:33:18 2014: Would reboot. Terminating.
{"Kernel pid terminated",heart,{port_terminated,{heart,loop,[<0.0.0>,#Port<0.25>,[]]}}}
I know about the heart tool that can be used to monitor a service and restart it after a while if it's not getting any requests (I guess the logic is that if nothing is happening with the service something is wrong), but I can't figure out where in the cowboy application this configuration exists.
So I would ask:
Can anyone explain why is the server crashing?
If it is indeed crashing "on purpose", where is the configuration to set up things like the time-out period?
Ideally the application would restart itself if it's crashed (using a supervisor?). Does cowboy have a built in supervisor for apps that cowboy is running?
I've inherited the maintenance and development of a Ruby on Rails site that runs on Ruby 1.8.7 and Rails 2.3.2. While we try to deploy to Linux servers using Passenger as much as possible, my boss has told me that there we must be able to deploy to Windows at times for our clients.
I have installed my Rails app fine and it works perfectly when I test with the Webrick server. I have also installed Apache 2.2 which is serving up generic HTML pages perfectly. However, when I try to run my Rails app under Apache I get a 503 Service Temporarily Unavailable error
There is no error listed in the Apache logs but when I check the RoR logs it does show
127.0.0.1 - - [09/Aug/2012:10:31:02 +1000] "GET / HTTP/1.1" 503 323
127.0.0.1 - - [09/Aug/2012:10:31:02 +1000] "GET /favicon.ico HTTP/1.1" 503 323
and
[Thu Aug 09 10:31:06 2012] [error] proxy: BALANCER: (balancer://mmapscluster). All workers are in error state
[Thu Aug 09 10:31:07 2012] [error] proxy: BALANCER: (balancer://mmapscluster). All workers are in error state
As you may have guessed we are running Mongrel as a proxy server for performance reasons.
When I removed all of the proxying from the Apache configuration (incidentally restarting Apache is not enough for the proxy config - I had to reboot the entire machine), I got a seemingly endless list of the following Apache errors,
[notice] Parent: Created child process 1944
[notice] Child 1944: Child process is running
[notice] Parent: child process exited with status 255 -- Restarting.
[notice] Apache/2.2.15 (Win32) configured -- resuming normal operations
I have gone round and round on this and I've checked my config against a working installation that we have but I cannot see any differences in the setup. The only real difference is that the working one is running on a 32-bit machine and the failing one is running on a 64-bit machine.
Could this be the problem? Has anybody else had any similar types of problems running Apache on 64-bit machines?