Migration issues

colak · 2020-12-06 17:18:13

I took the plunge and I am migrating our sites to dreamhost. I have changed the DNS records and added a LE certificate. For a couple of sites, including neme.org, the only way I can visit them is via Tor. I have cleared all my cookies and history but no cigar. Could somebody please just visit www.neme.org and tell me what they see?

jakob · 2020-12-06 17:22:06

I see neme.org just fine :-)

colak · 2020-12-06 18:01:20

Hi Julian, thanks so much for checking. Do you actually see it with https? My issue is in ff and safari where i see the site hosted in WF without the LE certificate.

gaekwad · 2020-12-06 18:26:37

You likely have stale DNS on your computer. Try this:

help.dreamhost.com/hc/en-us/articles/214981288-Flushing-your-DNS-cache-in-Mac-OS-X-and-Linux

Edit: less terse stuff below.

You have a valid TLS cert on neme.org: crt.sh/?q=neme.org

You have a good rating at SSL Labs: www.ssllabs.com/ssltest/analyze.html?d=neme.org&hideResults=on&latest

It’s all good.

Last edited by gaekwad (2020-12-06 18:31:05)

jakob · 2020-12-06 19:09:10

colak wrote #327299:

Hi Julian, thanks so much for checking. Do you actually see it with https? My issue is in ff and safari where i see the site hosted in WF without the LE certificate.

Like Pete, it looks fine to me. https is working on safari and the certificate shows as being valid until March 2021.

bici · 2020-12-06 22:07:04

colak wrote #327296:

I took the plunge and I am migrating our sites to dreamhost. I have changed the DNS records and added a LE certificate. For a couple of sites, including neme.org, the only way I can visit them is via Tor. I have cleared all my cookies and history but no cigar. Could somebody please just visit www.neme.org and tell me what they see?

works fine for me in safari.
https://www.neme.org

jrmartin · 2020-12-07 17:17:17

Works fine in Firefox.

colak · 2020-12-07 17:22:04

Thanks guys. It works now… except the javascripts for some reason.

gaekwad · 2020-12-07 17:38:38

colak wrote #327334:

It works now… except the javascripts for some reason.

Check your console – errors with Content Security Policy here:

Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).

Aside: front page forum column shows an error relating to MySQL.

Last edited by gaekwad (2020-12-07 17:38:49)

colak · 2020-12-07 18:05:10

gaekwad wrote #327335:

Check your console – errors with Content Security Policy here:

Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”)....

I saw that, but I have no idea what it actually means!

Aside: front page forum column shows an error relating to MySQL.

Yep… We may have to do away with the punbb forum. It’s not php 7+ compatible. I’m still investigating it as they say that it is.

gaekwad · 2020-12-07 18:14:02

colak wrote #327338:

We may have to do away with the punbb forum. It’s not php 7+ compatible.

You could try FluxBB, it’s forked from PunBB and there are migration routes. The current release isn’t compatible with PHP 7.4, so make sure you have a PHP 7.3 instance available.

Last edited by gaekwad (2020-12-07 18:14:20)

colak · 2020-12-07 18:19:24

gaekwad wrote #327341:

You could try FluxBB, it’s forked from PunBB and there are migration routes. The current release isn’t compatible with PHP 7.4, so make sure you have a PHP 7.3 instance available.

I may go that way! Thanks Pete!

gaekwad · 2020-12-07 18:20:52

colak wrote #327338:

I saw that, but I have no idea what it actually means!

Broadly speaking, your web server is configured to allow access to content based on origin, type and presentation. The thing that controls it is Content Security Policy, aka CSP.

For JavaScript, it’s the script-src policy that’s controlling what your site can do, and it’s falling down on some inline JavaScript. At the moment, you have:

script-src 'self' www.google.com ajax.googleapis.com *.google-analytics.com https://www.google.com https://ajax.googleapis.com https://*.google-analytics.com https://*.twitter.com;

…which says JavaScript can be called as files from neme.org, then all the URLs after the fact. JavaScript that’s inline is not permitted with this policy as it stands, though there are solutions:

spin out the inline JS to a file, or…
add 'unsafe-inline' to the policy declaration

…then it should work.

colak · 2020-12-09 07:23:46

Hi guys,

1. I am having the same issue with the js not loading with some sub-domains. One of them is on respublika.neme.org/seminars/, which I recently updated to the latest txp release. The particular page should have a slide-show on the top. Currently only one slide is loading.

2. Another issue I am having is that I have a font which I am loading for the site_name (Respublika!) but it now only loads on ff.

diagnostics (knowing that I still have to update some plugins and the code-base as the site was designed and maintained before the introduction of short-tags)

Textpattern version: 4.8.4 (b1d8d97c3c8ac6238394682e3c76a8d6)
Last update: 2020-12-09 06:36:12/2020-12-09 06:31:23
Textpattern path: __TXP-ROOT/textpattern
Article URL pattern: section_title
Production status: live
Temporary directory path: /path/to/tmp
PHP version: 7.2.33
GD Graphics Library: bundled (2.1.0 compatible); Supported formats: GIF, JPEG, PNG, WebP.
Server timezone: America/Los_Angeles
Server local time: 2020-12-08 23:15:10
Daylight Saving Time enabled?: 0
Automatically adjust Daylight Saving Time setting?: 0
Time zone (GMT offset in seconds): Asia/Nicosia (+0)
MySQL: 5.7.28-log (Source distribution) 
Database server time: 2020-12-08 23:15:10
Database server time offset: 1 s
Database server timezone: SYSTEM
Database session timezone: SYSTEM
Locale: en_GB.UTF-8
Site / Admin language: en-gb / en-gb
Web server: Apache
PHP server API: cgi-fcgi
RFC 2616 headers: 0
Server OS: Linux 3.14.52-vs2.3.6.15-1
Admin-side theme: hive 4.8.4
Active plugins: 
	act_if_mobile-0.1.2
	com_connect-4.6.0-beta
	mdn_count-1.4
	oui_cookie-1.0.0-beta2
	pap_comconnect-0.1.2
	pat_speeder-0.7.4
	rss_admin_db_manager-4.5.1
	rvm_css-1.2
	smd_if-1.0.0 (modified)
	smd_macro-0.41
	smd_user_manager-0.21
	smd_where_used-0.2
	smd_wrap-0.20
	spf_js-0.51

.htaccess file contents: 
------------------------
<IfModule mod_headers.c>
Header set Connection keep-alive
Header unset P3P
Header append X-XSS-Protection "1; mode=block"
Header append X-Frame-Options "DENY"
Header append X-Content-Type-Options "nosniff"
Header set Cache-Control "no-transform"
Header append Content-Security-Policy "default-src 'self'; img-src 'self' data: * https://*; style-src 'self' 'unsafe-inline' ajax.googleapis.com platform.twitter.com https://ajax.googleapis.com https://fonts.googleapis.com https://platform.twitter.com; script-src 'self' 'unsafe-inline' www.google.com ajax.googleapis.com *.google-analytics.com https://www.google.com https://ajax.googleapis.com https://*.google-analytics.com https://*.twitter.com; frame-src *.youtube-nocookie.com https://*.youtube-nocookie.com *.twitter.com https://*.twitter.com twitter.com https://twitter.com http://*.vimeo.com https://*.vimeo.com"
</ifModule>


# BEGIN Textpattern

#DirectoryIndex index.php index.html

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Enable the `FollowSymLinks` option below if it isn't already.
    #Options +FollowSymlinks

    #RewriteBase /relative/web/path/

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^(.+) - [PT,L]

    RewriteCond %{REQUEST_URI} !=/favicon.ico
    RewriteRule ^(.*) index.php

    RewriteCond %{HTTP:Authorization}  !^$
    RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
</IfModule>

<IfModule mod_mime.c>
    AddType image/svg+xml  svg svgz
    AddEncoding gzip       svgz
</IfModule>

# For additional Apache-compatible web server configuration settings to enhance
# site performance and security, we recommend:
# https://github.com/h5bp/server-configs-apache/blob/master/dist/.htaccess

# END Textpattern

------------------------

phiw13 · 2020-12-09 09:40:04

colak wrote #327373:

Hi guys,

1. I am having the same issue with the js not loading with some sub-domains. One of them is on respublika.neme.org/seminars/, which I recently updated to the latest txp release. The particular page should have a slide-show on the top. Currently only one slide is loading.

2. Another issue I am having is that I have a font which I am loading for the site_name (Respublika!) but it now only loads on ff.

It is the same issue as before, the resources – scripts, fonts — are not allowed by your CSP settings (odd that FX seems to allow your font(s) ? Safari does not, a long list in the console)

MDN CSP script-src and font-src in your search engine will point to the relevant docs on MDN with a readable explanation.

Textpattern CMS support forum

#1 2020-12-06 17:18:13