Question
EhsanJ on Tue, 04 Oct 2016 04:45:31
Hi There,
I have setup my CDN on azure,
And configured it to point to my domain name.
Since my ssl cert does not accept subdomains, I did not configure custom domain, so It all points to my cdn in azure.
Now it acts weird.
since yesterday, any image that I upload to my CMS, Worpress, is returning a 502 error, but it works well on http.
You can check these 2:
https://jahandarpour.azureedge.net/wp-content/uploads/2016/01/Abir-All-in-one-1.png
http://jahandarpour.azureedge.net/wp-content/uploads/2016/01/Abir-All-in-one-1.png
Since, my website have SSL, so those images on http won't do any goo to my website.
I appreciate if you could help me fix it.
Cheers,
Ehsan
Replies
EhsanJ on Tue, 04 Oct 2016 07:46:14
Here i the latest update.
It's so strange.
I have change Nothing, and now the whole website is giving 502 Bad error.
Check this out:
https://jahandarpour.com/
https://jahandarpour.azureedge.net/
Anton Kucer - MSFT on Sat, 08 Oct 2016 01:05:11
EhsanJ on Sat, 08 Oct 2016 04:18:44
would you care to share a solution on how to disable SNI on my apache on ubuntu?
Anton Kucer - MSFT on Sat, 08 Oct 2016 04:56:26
Are you able to set SSLStrictSNIVHostCheck off in your apache config file (http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI)?
EhsanJ on Sat, 08 Oct 2016 05:47:56
Hey Anton,
Just did it and restarted apache
However, the 502 error still exist.
Here is my apache config:
# Default Virtual Host configuration.
<IfVersion < 2.3 >
NameVirtualHost *:80
NameVirtualHost *:443
ServerName MyDomainname.com
</IfVersion>
<VirtualHost _default_:80>
ServerName MyDomainname.com
DocumentRoot "/opt/bitnami/apache2/htdocs"
<Directory "/opt/bitnami/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>
# Error Documents
ErrorDocument 503 /503.html
# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>
# Default SSL Virtual Host configuration.
<IfModule !ssl_module>
LoadModule ssl_module modules/mod_ssl.so
</IfModule>
Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/opt/bitnami/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLStrictSNIVHostCheck off
<VirtualHost _default_:443>
ServerName MyDomainname.com
DocumentRoot "/opt/bitnami/apache2/htdocs"
SSLEngine on
SSLCertificateFile "/opt/bitnami/apache2/conf/server.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
SSLCertificateChainFile "/opt/bitnami/apache2/conf/server.ca-bundle"
<Directory "/opt/bitnami/apache2/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
<IfVersion < 2.3 >
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3 >
Require all granted
</IfVersion>
</Directory>
# Error Documents
ErrorDocument 503 /503.html
# Bitnami applications installed with a prefix URL (default)
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf"
</VirtualHost>
# Bitnami applications that uses virtual host configuration
Include "/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf"
EhsanJ on Mon, 10 Oct 2016 16:25:42
Hey Anton,
Did you find anything I have to change? as I still get 502!
EhsanJ on Tue, 11 Oct 2016 16:26:33
Will anyone please care to respond?
It's been a week!!
I can't believe that Microsoft Engineers can not solve such an easy issue, It's on Azure, from azure, and in Azure. !!
BrianCDN on Tue, 11 Oct 2016 17:07:52
Hello Ehsan
Apologies for the delay, we will make a configuration to solve this issue for you. We will reach out separately in a ticket and contact you.
Thank you,
Brian Pillsbury
EhsanJ on Tue, 11 Oct 2016 17:23:18
Hey Brian,
Really looking forward to hearing from you, Soon.
Thanks,
Ehsan
BrianCDN on Tue, 11 Oct 2016 17:57:51
Hi Ehsan,
You should have received an email that a case has been created for this issue. Please look for further updates there and we will correspond through that.
Thank you,
Brian Pillsbury
BrianCDN on Tue, 11 Oct 2016 20:21:48
Hi Ehsan,
We are pushing out a fix which should be globally propagated in ~2 hours. The issue was actually a cipher suite mismatch (not an SNI problem) when the CDN was trying to connect to your origin server using TLS. Please give it a bit of time and then you can re-test.
Thank you,
Brian Pillsbury
Anton Kucer - MSFT on Fri, 14 Oct 2016 02:06:00