Support » Plugin: Post SMTP Mailer/Email Log » UI is unusable on my WP instance

  • Resolved aberbenni

    (@aberbenni)


    NGINX
    PHP-FPM 7.2
    WP 5.0.3
    Tested with Health Check plugin with only Post SMTP plugin activated.

    User Interface is completely unusable, cannot see buttons and tabs, so I cannot use the plugin.

    I have a screenshot.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author yehudah

    (@yehudah)

    Paste diagnostic test here

    Does not work: https://ibb.co/7zg28cs

    Plugin Author yehudah

    (@yehudah)

    Disable every plugin.
    Does the error remain?

    Yes, found this in console:

    postman.css:1 Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR
    postman.js:1 Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR
    postman_diagnostics.js:1 Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR

    NGINX is configured with SSL and HTTP2. I’m looking further into this.

    Strange thing is that only postman files have spdy protocol error, the rest of admin is working.

    Browser Vivaldi/Chrome. Same in Firefox.

    I’m using Avast but web protection is disabled for this website domain.

    Digging into the issue I decided to create an /smtp/ folder with an index.html file and test with curl.

    curl -v -L -I https://www.mywebsite.com/smtp/index.html

    Result:

    *   Trying XX.XX.XXX.XXX...
    * TCP_NODELAY set
    * Connected to www.mywebsite.com (XX.XX.XXX.XXX) port 443 (#0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
    * successfully set certificate verify locations:
    *   CAfile: /etc/ssl/cert.pem
      CApath: none
    * TLSv1.2 (OUT), TLS handshake, Client hello (1):
    * TLSv1.2 (IN), TLS handshake, Server hello (2):
    * TLSv1.2 (IN), TLS handshake, Certificate (11):
    * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
    * TLSv1.2 (IN), TLS handshake, Server finished (14):
    * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
    * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
    * TLSv1.2 (OUT), TLS handshake, Finished (20):
    * TLSv1.2 (IN), TLS change cipher, Client hello (1):
    * TLSv1.2 (IN), TLS handshake, Finished (20):
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
    * ALPN, server accepted to use h2
    * Server certificate:
    *  subject: CN=*.mywebsite.com
    *  start date: Oct  9 00:00:00 2018 GMT
    *  expire date: Oct  9 12:00:00 2019 GMT
    *  subjectAltName: host "www.mywebsite.com" matched cert's "*.mywebsite.com"
    *  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=RapidSSL RSA CA 2018
    *  SSL certificate verify ok.
    * Using HTTP2, server supports multi-use
    * Connection state changed (HTTP/2 confirmed)
    * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
    * Using Stream ID: 1 (easy handle 0x6ff558000300)
    > HEAD /smtp/index.html HTTP/2
    > Host: www.mywebsite.com
    > User-Agent: curl/X.XX.X
    > Accept: */*
    >
    * Connection state changed (MAX_CONCURRENT_STREAMS updated)!
    * HTTP/2 stream 1 was not closed cleanly: INTERNAL_ERROR (err 2)
    * Closing connection 0
    * TLSv1.2 (OUT), TLS alert, Client hello (1):
    curl: (92) HTTP/2 stream 1 was not closed cleanly: INTERNAL_ERROR (err 2)

    In access.log I found:

    [06/Feb/2019:22:49:52 +0100] "HEAD /smtp/index.html HTTP/2.0" 444 0 "-" "curl/X.XX.X" "-"

    At the end I discovered a (common) misconfiguration of NGIX that blocks access to location containing smtp, and other strings:

    # Block web attacks
    location ~* (roundcube|webdav|smtp|http\:|soap|w00tw00t) {
        return 444;
    }

    Suggested here http://www.queryadmin.com/1071/deny-access-sensitive-files-nginx/ and in many other sites on the web. I think this is a common nginx configuration.

    Plugin Author yehudah

    (@yehudah)

    I saw this but didn’t had the time to thank you for sharing.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘UI is unusable on my WP instance’ is closed to new replies.