Overview A file upload initiated in an application written in Ruby, Node, or Python launched through Passenger will fail to upload. Thus far, the confirmed failure occurs in RefineryCMS with a generic undefined route message following upload. Cause It is a conflict between upload screening and Passenger, but the underlying cause is not clearly understood. Upload…
Overview Accessing a website, protected by SSL, yields a “mixed-mode” notice or the SSL indicator displays different than normal. Cause SSL is designed to protect data transfer from third-party snooping through encryption. By accessing a resource over a non-encrypted stream (e.g. including an image on a site as <img src=”http://mysite.com/img.jpg” />), this protection is circumvented. The request is made…
Overview All payments are automatically recurring. Once a payment method is in the system, it is automatically billed on its anniversary date. Non-U.S. credit cards may be blocked by the issuing bank from automatically debiting on the anniversary date resulting in a failed transaction. Cause In a world of unprecedented fraud, banks, which impose zero liability…
Overview When uploading a particular file it fails with a 406, Not Acceptable error message. Cause Effective April 9, 2016, all inbound file uploads are scanned for viruses before being saved on the server. If a file is found to contain a virus, it is rejected with a 406, Not Acceptable message. File scanning is performed…
Overview v5+ and above platforms support Let’s Encrypt certificates within the control panel. Let’s Encrypt is a free certificate authority that provides free trusted certificates accepted by all modern browsers. Let’s Encrypt certificates may be issued within the control panel under Web > SSL Certificates. Let’s Encrypt has a few limitations: Only 100 hostnames may be bundled into a…
Yes, all packages support FTP using explicit TLS, also called “Auth TLS”. Auth TLS initiates encryption after a handshake and protocol announcement, which is the origin of “explicit”. Conversely, implicit TLS, which is not supported, does not require announcement and encryption happens immediately at connection. The difference between implicit and explicit TLS is protocol formality…
Overview .htaccess files are used to control behaviors of applications by overriding global server configuration. Any Passenger-based application, which includes Node, Python, and Ruby, will stop processing rules beyond the document root, often noted by convention as public/. Cause Passenger is managed by a separate facility that immediately takes control of the request once Apache detects that the…
Overview Applications launched through Passenger, which includes Node, Python, Ruby, and Meteor, may receive optimizations to JavaScript, CSS, and image assets which are not explicitly defined within application logic. Take for example a small external JavaScript asset that may become inlined after the first request: <head> <script src=”//test.js””></script> <!– rest of head –> becomes: <head> <script>//<![CDATA[ console.log(“Hello 212a.”);…
Overview All platforms run a secondary web server with an older version of PHP other than the default. On newer platforms, v6+, this interpreter is PHP 5.4. These secondary interpreters are deprecated and should only be used temporarily until the offending site can be updated to make use of the latest, more secure release of PHP. Usage An site…
Overview Services or scripts may be set to run upon server start within the control panel or via crontab(5) from the terminal. Either solution requires task scheduling support, which is found on Developer+ packages. Within the control panel Visit Dev > Task Scheduler to add a new routinely scheduled task. Command syntax follows the same as a…