0

I followed the [excellent Digital Ocean tutorial][1] and the SSL cert verifies as valid. However the Drupal login to access the admin no longer activates and the page just reloads to itself. I enabled debug for the NGINX logs and below are the results. It ends with:

recv() not ready (11: Resource temporarily unavailable).

What's odd is our dev Drupal site works just fine. When I compare the logs the only difference is that this appears in the dev site:

4 http request line: "POST /user HTTP/1.1"

Below are the verbose debug logs. Any suggestions? Below that are results of curl -vvv to the login page. Also nginx/1.4.6 (Ubuntu)

2016/01/21 11:38:56 [debug] 12534#0: *6467 write new buf t:1 f:0 00000000025F8510, pos 00000000025F8510, size: 239 file: 0, size: 0
2016/01/21 11:38:56 [debug] 12534#0: *6467 http write filter: l:0 f:0 s:239
2016/01/21 11:38:56 [debug] 12534#0: *6467 http output filter "/node/add/page?render=overlay"
2016/01/21 11:38:56 [debug] 12534#0: *6467 http copy filter: "/node/add/page?render=overlay"
2016/01/21 11:38:56 [debug] 12534#0: *6467 image filter
2016/01/21 11:38:56 [debug] 12534#0: *6467 xslt filter body
2016/01/21 11:38:56 [debug] 12534#0: *6467 http postpone filter "/node/add/page?render=overlay" 00000000025F8670
2016/01/21 11:38:56 [debug] 12534#0: *6467 write old buf t:1 f:0 00000000025F8510, pos 00000000025F8510, size: 239 file: 0, size: 0
2016/01/21 11:38:56 [debug] 12534#0: *6467 write new buf t:0 f:0 0000000000000000, pos 00000000006C6460, size: 132 file: 0, size: 0
2016/01/21 11:38:56 [debug] 12534#0: *6467 write new buf t:0 f:0 0000000000000000, pos 00000000006C6740, size: 61 file: 0, size: 0
2016/01/21 11:38:56 [debug] 12534#0: *6467 http write filter: l:1 f:0 s:432
2016/01/21 11:38:56 [debug] 12534#0: *6467 http write filter limit 0
2016/01/21 11:38:56 [debug] 12534#0: *6467 writev: 432
2016/01/21 11:38:56 [debug] 12534#0: *6467 http write filter 0000000000000000
2016/01/21 11:38:56 [debug] 12534#0: *6467 http copy filter: 0 "/node/add/page?render=overlay"
2016/01/21 11:38:56 [debug] 12534#0: *6467 http finalize request: 0, "/node/add/page?render=overlay" a:1, c:1
2016/01/21 11:38:56 [debug] 12534#0: *6467 set http keepalive handler
2016/01/21 11:38:56 [debug] 12534#0: *6467 http close request
2016/01/21 11:38:56 [debug] 12534#0: *6467 http log handler
2016/01/21 11:38:56 [debug] 12534#0: *6467 free: 00000000025F76A0, unused: 0
2016/01/21 11:38:56 [debug] 12534#0: *6467 free: 00000000025E6CC0, unused: 2666
2016/01/21 11:38:56 [debug] 12534#0: *6467 free: 000000000263C350
2016/01/21 11:38:56 [debug] 12534#0: *6467 hc free: 0000000000000000 0
2016/01/21 11:38:56 [debug] 12534#0: *6467 hc busy: 0000000000000000 0
2016/01/21 11:38:56 [debug] 12534#0: *6467 tcp_nodelay
2016/01/21 11:38:56 [debug] 12534#0: *6467 reusable connection: 1
2016/01/21 11:38:56 [debug] 12534#0: *6467 event timer add: 5: 65000:1453394401016
2016/01/21 11:38:56 [debug] 12534#0: *6467 post event 0000000002681950
2016/01/21 11:38:56 [debug] 12534#0: *6467 delete posted event 0000000002681950
2016/01/21 11:38:56 [debug] 12534#0: *6467 http keepalive handler
2016/01/21 11:38:56 [debug] 12534#0: *6467 malloc: 000000000263C350:1024
2016/01/21 11:38:56 [debug] 12534#0: *6467 recv: fd:5 -1 of 1024
2016/01/21 11:38:56 [debug] 12534#0: *6467 recv() not ready (11: Resource temporarily unavailable)
2016/01/21 11:38:56 [debug] 12534#0: *6467 free: 000000000263C350

2016/01/21 11:39:10 [debug] 12534#0: *6442 event timer del: 3: 1453394350048
2016/01/21 11:39:10 [debug] 12534#0: *6442 http keepalive handler
2016/01/21 11:39:10 [debug] 12534#0: *6442 close http connection: 3
2016/01/21 11:39:10 [debug] 12534#0: *6442 reusable connection: 0
2016/01/21 11:39:10 [debug] 12534#0: *6442 free: 0000000000000000
2016/01/21 11:39:10 [debug] 12534#0: *6442 free: 00000000025E12D0, unused: 0
2016/01/21 11:39:10 [debug] 12534#0: *6442 free: 000000000263DDA0, unused: 128

[1]: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04?comment=42425

curl -vvv https ourdomain.org/user less

* SSLv3, TLS handshake, Finished (20):

  • SSL connection using ECDHE-RSA-AES256-GCM-SHA384

  • Server certificate:

  • subject: CN=ourdomain.org

  • start date: 2016-01-20 20:37:00 GMT

  • expire date: 2016-04-19 20:37:00 GMT

  • subjectAltName: ourdomain.org matched

  • issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X1

  • SSL certificate verify ok.

      GET /user HTTP/1.1
  User-Agent: curl/7.35.0
  Host: ourdomain.org
  Accept: */*
  HTTP/1.1 200 OK

  • Server nginx/1.4.6 (Ubuntu) is not blacklisted

      Server: nginx/1.4.6 (Ubuntu)
  Date: Thu, 21 Jan 2016 05:52:22 GMT
  Content-Type: text/html; charset=utf-8
  Transfer-Encoding: chunked
  Connection: keep-alive
  X-Powered-By: PHP/5.5.9-1ubuntu4.5
  Expires: Sun, 19 Nov 1978 05:00:00 GMT
  Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
  X-Content-Type-Options: nosniff
  Content-Language: en
  X-Generator: Drupal 7 (http://drupal.org)
Gryu
  • 479
  • 1
  • 6
  • 14
RobbieTheK
  • 21
  • 2

2 Answers2

1

Well looks like this was an issue with a configuration in the (optional) Domain Access module (which allows for a "Drupal Way" to manage subdomains with the Drupal admin).

The "Domain URL scheme" should be set to "https://" and "URL scheme for accessing this domain" needs to be made "Active"

Just make sure the SSL certificate is created correctly because as this issue posits, "If https/ssl subsequently fails due to some issue for that site, admins will not easily be able to login and alter this."

RobbieTheK
  • 21
  • 2
0

Did you implement this step from the tutorial?

return 301 https://$host$request_uri;

If so then it's very well possible you are in a redirect loop, because nginx will 301-redirect traffic from port 80 to 443.

That's not bad in itself, but if you have other redirects in you configuration, or if drupal redirects to a http:// location then you are stuck in a loop.

I suggest you try installing the Firebug extension in Firefox, enable the network module, toggle 'permanent' and open your login page. That will give you a good overview of the requests your browser is doing, and then you can see if indeed you are bouncing back and forth between http and https.

remote mind
  • 361
  • 2
  • 5
  • I sure did and move it to the top and no difference. Still getting lots of:recv() not ready (11: Resource temporarily unavailable) I'm new to Firebug I see "Net", where is the permanent option? What am I looking for specifically? – RobbieTheK Jan 21 '16 at 20:28
  • Sorry, I only have the german version. If you have the 'Net' tab open, it should be the second from the left. I think it is 'Persist' as per http://i.stack.imgur.com/HvgLb.png – remote mind Jan 21 '16 at 21:00
  • Yes I see it ok it's clicked. On the dev site we see https when you hover over the URL in Headers and a 302 Moved Temporarily. The login works with dev. However on our live site, I see http (no 's') and 301 Moved Permanently. Both are labeled 'Post User'. – RobbieTheK Jan 21 '16 at 21:01
  • Have you reloaded the live site with Persist on? Also If you examine the 301 request closely, where to does it redirect? – remote mind Jan 21 '16 at 21:18
  • The live site redirects to the correct the same URL, https://ourdomain/users. The other differences are that in the dev site within Headers, I see Set-Cookie, Transfer-Encoding, X-Drupal-Cache, X-Powered-By, and x-content-type-options. Connection for the both sites shows keep-alive, however, I only see Cache-Control for the dev site. The Location on dev shows the path correctly to ourdomain.org/users/myname. – RobbieTheK Jan 21 '16 at 21:36