C4f1151075b447779af31e99d6cf70e2c6eb47ac
By:
newbie

some resources are not loading for the first time. but ok on refresh

May 12, 2017 689 views
Nginx WordPress Security Ubuntu 16.04

Hi,
i think this is a wired problem.
when i open up my site for the first time on chrome, some of the resources (image, js, css) are not loaded. from chrome developer console these are the error massage.

Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR                velocity.min.js
Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR                add-ons.png 
Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR                integrations.png 
Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR                trucking.svg 
Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR                calculating.png 
Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR                novo-header-bg.jpg

but right after refreshing the page, its completely fine. also its not like error with the same resources every time i open my site on chrome incognito. sometime, error gives for 17 items, sometime for 8 items randomly. this is happening with my all sites including which are on sub-domain.

im using latest chrome version, deleted chrome entire cache, flush my dns resolver but none helped me. also no error on my server error log.
for Firefox everything is fine. this is happening on chrome/desktop

anyone faced the similar issue?
im using latest nginx with http2 by the way... and here is my ssl config

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
        ssl_ecdh_curve secp384r1;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 60m;
        ssl_session_tickets off;
        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 8.8.8.8 8.8.4.4 valid=300s;
        resolver_timeout 5s;
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;

thanks in advance.
@jtittle @hansen

3 Answers

@newbie

That's definitely a little odd. I'm seeing reports of this with Chrome 53.x, but those same reports state that it's fixed in 54.x or higher.

Others are showing it's potentially an issue with current/previous redirects such as 301, 302, etc. The type that stick and can result in problems in some cases.

That said, I pulled up a few of the sites I manage as well as a few of the demo sites I've setup that run source compiles of NGINX (the latest mainline -- 1.13.0 as of this post) and I can't replicate the issue.

I'm using Chrome 57.0.2987.98 (64-bit) on MacOS right now and the dev console is clean.

  • thanks for the research budy @jtittle
    im using Version 58.0.3029.110 (64-bit) of chrome.
    anyways, i reported this to chrome now lets see if something changes in next update.

@newbie

From what I'm reading, you may need to flush the socket connections within Chrome. I've never ran in to this issue before, though it seems to pop up frequently.

Open a new tab in Chrome and paste in:

chrome://net-internals/#sockets

Click on "Flush Socket Pools" -- that should help from what I'm reading.

  • @jtittle
    thanks for the reply,

    this is what i exactly did before posting this issue.
    but that didnt resolve :(

    • @newbie

      The only other issue that I can think of that would be the cause is if you're trying to use the SPDY module with NGINX -- it's now deprecated in favor of HTTP/2.

      You can run nginx -V to see what modules are compiled in with your NGINX release. If it's compiled in, you may need to run a release that doesn't have it compiled in and one that only uses the HTTP/2 module.

      That's one issue with repository plugins from time to time -- sometimes they run older and less frequently updated modules.

      • i couldn't find anything related SPDY here.

        built with OpenSSL 1.0.2g  1 Mar 2016
        TLS SNI support enabled
        configure arguments: --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-vxW18j/nginx-1.10.3/debian/modules/nginx-auth-pam --add-dynamic-module=/build/nginx-vxW18j/nginx-1.10.3/debian/modules/nginx-dav-ext-module --add-dynamic-module=/build/nginx-vxW18j/nginx-1.10.3/debian/modules/nginx-echo --add-dynamic-module=/build/nginx-vxW18j/nginx-1.10.3/debian/modules/nginx-upstream-fair --add-dynamic-module=/build/nginx-vxW18j/nginx-1.10.3/debian/modules/ngx_http_substitutions_filter_module
        
        
Have another answer? Share your knowledge.