Opened 2 months ago

Closed 3 weeks ago

#14378 closed Bug/Something is broken (fixed)

Website down

Reported by: https://id.mayfirst.org/corweb Owned by: https://id.mayfirst.org/jaimev
Priority: Urgent Component: Tech
Keywords: Cc: rogermanningnyc@…
Sensitive: no

Description

Culturesofresistancefilms.com is down. When you go to the site, you get a message saying:

Welcome to julia.mayfirst.org Namesake: https://secure.wikimedia.org/wikipedia/en/wiki/Julia_De_Burgos This page is probably not the page you are expecting to see.

There are several reasons why you may be seeing this page, which include:

The site you are trying to visit is experiencing technical difficulties (and may be disabled). If so, please be patient while the site administrators bring the site back up. You are a May First/People member and for one reason or another, your site is not properly configured. If this is the case, please open a ticket to ask for help configurating your site. You wandered onto this page looking for May First/People Link. If that's the case, please visit our main site You are looking for phpmyadmin, which is accessible via https://julia.mayfirst.org/phpmyadmin.

Change History (14)

comment:1 Changed 2 months ago by https://id.mayfirst.org/jaimev

  • Owner set to https://id.mayfirst.org/jaimev
  • Status changed from new to assigned

It looks like someone attempted to generate a certificate for the site this morning and the process failed. I've just switched it back to using http only.

https://members.mayfirst.org/cp/index.php?area=hosting_order&service_id=7&hosting_order_id=1000411&action=edit&item_id=29976

All of your listed domains in the web configuration must be able to reach julia before attempting to enable https.

Also I see you are now using Deflect caching service. You will need to ensure that Deflect allows both http and https traffic before you can attempt to enable https. You can change this in the Deflect control panel. Once that change is made you can attempt to enable https through the May First control panel again. Once that is successful you can then change the Deflect control panel to use https only again.

comment:2 Changed 2 months ago by https://id.mayfirst.org/corweb

  • Cc rogermanningnyc@… added

hi May First,

Developer type person joining in here. We've been trying get deflect working with main domains culturesofresistance.org and culturesofresistancefilms.com and seemed to succeed until until today's attempt to add in culturesofresistancefilms.org which previously had no nameservers set, but was forwarding via setting at networksolutions.com. Early today I set culturesofresistancefilms.org's nameservers to point to deflect and attempted to adjust web configuration and DNS settings in 'Cultures of Resistance film site'hosting order.

All the domains on deflect are set for https. I'm guessing the certificate generation attempt the morning happened from simply saving one the various configurations OR trying enable culturesofresistancefilms.org a record?

rm

Last edited 2 months ago by https://id.mayfirst.org/corweb (previous) (diff)

comment:3 Changed 2 months ago by https://id.mayfirst.org/jaimev

Have you set culturesofresistancefilms.org to forward to the origin server through Deflect?

Certificate generation on our end will fail if LetsEncrypt's servers can't reach the origin server through Deflect. This is why it is necessary to both make sure all the domains can reach the origin through Deflect and that both http and https traffic is allowed because the first attempt at cert generation will need to be done over http.

comment:4 follow-up: Changed 2 months ago by https://id.mayfirst.org/corweb

Have you set culturesofresistancefilms.org to forward to the origin server through Deflect?

Yep.

both http and https traffic is allowed

yes.

I think the issue occurred a while after adding culturesofresistancefilms.org to the May First web configuration and enabling an existing May First DNS A record for culturesofresistancefilms.org that been disabled long ago.

Prior to our Deflect configuring culturesofresistancefilms.org was only forwarding to culturesofresistancefilms.com (via Network solution settings). It stopped connecting therefore the effort to run it through Deflect.

I've searched in vain for documentation on the best way to forward a domain to Deflect(ed) domain. Any info there?

For now I'll be taking culturesofresistancefilms.org off deflect and restoring the May First Web config/DNS.

thanks. r

comment:5 Changed 2 months ago by https://id.mayfirst.org/corweb

Switched off https at Deflect and tried to restore culturesofresistancefilms.com https on May First this morning, but still got the 'soft-error', so returned to http. Then restored May First nameservers at networksolutions about 30 minutes ago and it seem to already taken, but still getting the 'soft-error' when trying to turn on https.

comment:6 in reply to: ↑ 4 Changed 2 months ago by https://id.mayfirst.org/jaimev

So let's slow down at look at this step by step. I think the first thing to establish is that the domains are really pointing where they should.

DNS records created in the May First control panel will not have any effect unless unless you have assigned the domain to Use the May First DNS servers. Domains that are not actually using our dns servers appear with an asterisk to their right in the MFPL control panel.

Now, in order to use Deflect properly you would have to change the DNS servers for ALL of the domains you plan to use to point to the DNS server specified by Deflect. Changing the primary and secondary DNS can take up to 24 hours to be effective.

At the moment culturesofresistancefilms.com is using the May First DNS servers but culturesofresistancefilms.org is using another set that don't appear to be related to Deflect either.

My suggestion at this point would be to assign both domains to use the MFPL nameservers and get everything working through May First. The site is not under attack so there is not immediate necessity for Deflect. Ensure you have the correct DNS records generated in the MFPL control panel for all of the domains and subdomain. Once you are sure everything is in place and that all desired domains and subdomains are reaching the correct server (you can test with with a simple "ping domainname.org") then you can edit the web configuration to enable https.

Once that is working you can decide to add Deflect to the equation by assigning all of your domains to use the DNS servers suggested by Deflect. Then go through the same process in their dashboard.

Several May First members use Deflect. We know this works.

comment:7 follow-up: Changed 2 months ago by https://id.mayfirst.org/corweb

Yes, that's the process I'm trying to follow. Saw that the asterik next to culturesofresistancefilms.com was gone, so tried https etc.

Before any of this, culturesofresistancefilms.org was not assigned to May First nameservers and was set to forward to culturesofresistancefilms.com - setting which I restored yesterday. Don't know where those nameservers showing at network solutions came from, but just entered the May First nameservers.

Yes, deflect was working for us until the attempt to add culturesofresistancefilms.org to May First web configuration yesterday - I guess upon saving the web config.

Last edited 2 months ago by https://id.mayfirst.org/corweb (previous) (diff)

comment:8 in reply to: ↑ 7 Changed 2 months ago by https://id.mayfirst.org/jaimev

Replying to https://id.mayfirst.org/corweb:

Yes, that's the process I'm trying to follow. Saw that the asterik next to culturesofresistancefilms.com was gone, so tried https etc.

You need to be sure all domains listed in your web configuration are properly configured. Do you have access to the ping command in a console/terminal somewhere. That might be an easier way to test?

Before any of this, culturesofresistancefilms.org was not assigned to May First nameservers and was set to forward to culturesofresistancefilms.com - setting which I restored yesterday.

I would recommend against this. Assign the domain to use the nameservers dircetly. It will be easier to control this way.

Don't know where those nameservers showing at network solutions came from, but just entered the May First nameservers.

The change isn't instantaneous. It can take up to 24 hours to propagate to all DNS serves.

comment:9 Changed 2 months ago by https://id.mayfirst.org/corweb

Assign the domain to use the nameservers dircetly

Yep. Did that today(the forwarding and rest of the settings were in place before I joined team).

Do you have access to the ping command

Yep, using it. culturesofresistancefilms.org is showing MF IP# 162.247.75.106 now and going to site from browser (after clearing browser cache).

Now, what's the best way to get culturesofresistancefilms.org to resolve(forward) to culturesofresistancefilms.com?

Last edited 2 months ago by https://id.mayfirst.org/corweb (previous) (diff)

comment:10 Changed 2 months ago by https://id.mayfirst.org/corweb

I see the following for culturesofresistance.org:

RewriteEngine On
RewriteCond % !^culturesofresistance\.org$ [NC]
RewriteCond % !^$
RewriteRule ^/(.*) http://culturesofresistance.org/$1 [L,R]
Last edited 2 months ago by https://id.mayfirst.org/corweb (previous) (diff)

comment:11 Changed 2 months ago by https://id.mayfirst.org/jaimev

Yeah I think you could just adapt that to forward to culturesofresistancefilms.com instead.

But first I think you've listed the following domains for your site.

culturesofresistancefilms.com culturesofresistancefilms.org films.culturesofresistance.org www.culturesofresistancefilms.com www.culturesofresistancefilms.org www.films.culturesofresistance.org

But it looks like 3 domains still haven't been setup to reach the server.

films.culturesofresistance.org

www.culturesofresistancefilms.org

www.films.culturesofresistance.org

So I think you're missing DNS records for those subdomains and this would cause our automated cert generation to fail.

comment:12 Changed 2 months ago by https://id.mayfirst.org/corweb

setup to reach the server

We're talking nameservers? DNS?

Added www.culturesofresistancefilms.org A record in DNS

films.culturesofresistance.org is the May First hosting order. Right now it's attached to the (working)Deflect culturesofresistance.org setup.

comment:13 Changed 2 months ago by https://id.mayfirst.org/corweb

Deflect has been disabled for both c.o.r. sites and May First nameservers re-applied to all domains. Forwarding for 'culturesofresistancefilms.org' at Network solutions has been turned off and May First nameservers applied. https is now workng again all around. Though 'films.culturesofresistance.org' is in the 'culturesofresistancefilms.com' DNS settings, it wouldn't free up from Deflect until 'culturesofresistance.org' was returned to May First. With the May First settings straightened out it seems Deflect is once again an option.

Meahwhile, wondering why this isn't working for culturesofresistancefilms.com (to get all domains to resolve to culturesofresistancefilms.com)

RewriteEngine On
RewriteCond % !^culturesofresistancefilms\.com$ [NC]
RewriteCond % !^$
RewriteRule ^/(.*) http://culturesofresistancefilms.com/$1 [L,R]

thanks

comment:14 Changed 3 weeks ago by https://id.mayfirst.org/corweb

  • Resolution set to fixed
  • Status changed from assigned to closed

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.