Https shows blank page

Mojn.

I'm installing Mastodon on ionos VPS following this How to Install Mastodon Social Network on Debian 12

I got it all running and opened the browser a saw the default landing page for mastodon over https just fine. Went to have dinner and arrived back hit refresh to get only a blank page in firefox and chrome it gives me a HTTP ERROR 403.

letsdebug.net also reports 403 forbidden for http-01, all ok for DNS and TLS

Any pointers as I'm lost to where to start, many thanks
SMC

My domain is: sudomakecake.com

I ran this command: sudo certbot certonly --nginx --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m sudomakecake@gmail.com -d sudomakecake.com

everything installed just fine

sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/sudomakecake.com.conf


Simulating renewal of an existing certificate for sudomakecake.com


Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/sudomakecake.com/fullchain.pem (success)


My web server is (include version): nginx version: nginx/1.27.3

The operating system my web server runs on is (include version): debian 12

My hosting provider, if applicable, is: ionos vps

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no via terminal over ssh

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 3.1.0

Below is the result of sudo nginx -T

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;
    
    server_names_hash_bucket_size 64;
    include /etc/nginx/conf.d/*.conf;
}

# configuration file /etc/nginx/mime.types:

types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;

    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;

    image/avif                                       avif;
    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;

    font/woff                                        woff;
    font/woff2                                       woff2;

    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/wasm                                 wasm;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;

    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;

    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;

    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}

# configuration file /etc/nginx/conf.d/default.conf:
server {
    listen       80;
    server_name  localhost;

    #access_log  /var/log/nginx/host.access.log  main;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}


# configuration file /etc/nginx/conf.d/mastodon.conf:
map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

upstream backend {
    server 127.0.0.1:3000 fail_timeout=0;
}

upstream streaming {
    server 127.0.0.1:4000 fail_timeout=0;
}

proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;

server {
  listen 80 default_server;
  server_name sudomakecake.com;
  location / { return 301 https://$host$request_uri; }
}

server {
   listen 443 ssl;
   server_name sudomakecake.com;
   
   access_log  /var/log/nginx/mastodon.access.log;
   error_log   /var/log/nginx/mastodon.error.log;

   http2 on; # Enable HTTP/2 - works only on Nginx 1.25.1+

   ssl_certificate /etc/letsencrypt/live/sudomakecake.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/sudomakecake.com/privkey.pem;
   ssl_trusted_certificate /etc/letsencrypt/live/sudomakecake.com/chain.pem;
   ssl_session_timeout 1d;

   # Enable TLS versions (TLSv1.3 is required upcoming HTTP/3 QUIC).
   ssl_protocols TLSv1.2 TLSv1.3;

   # Enable TLSv1.3's 0-RTT. Use $ssl_early_data when reverse proxying to
   # prevent replay attacks.
   #
   # @see: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
   ssl_early_data on;

   ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384';
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;
   ssl_session_tickets off;
   
   keepalive_timeout    70;
   sendfile             on;
   client_max_body_size 80m;

   # OCSP Stapling ---
   # fetch OCSP records from URL in ssl_certificate and cache them
   ssl_stapling on;
   ssl_stapling_verify on;
   ssl_dhparam /etc/ssl/certs/dhparam.pem;

   add_header X-Early-Data $tls1_3_early_data;
   
   root /opt/mastodon/web/public;
   
   gzip on;
   gzip_disable "msie6";
   gzip_vary on;
   gzip_proxied any;
   gzip_comp_level 6;
   gzip_buffers 16 8k;
   gzip_http_version 1.1;
   gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
   
   add_header Strict-Transport-Security "max-age=31536000" always;

  location / {
    try_files $uri @proxy;
  }

  location ~ ^/(system/accounts/avatars|system/media_attachments/files) {
    add_header Cache-Control "public, max-age=31536000, immutable";
    add_header Strict-Transport-Security "max-age=31536000" always;
    root /opt/mastodon/;
    try_files $uri @proxy;
  }

  location ~ ^/(emoji|packs) {
    add_header Cache-Control "public, max-age=31536000, immutable";
    add_header Strict-Transport-Security "max-age=31536000" always;
    try_files $uri @proxy;
  }

  location /sw.js {
    add_header Cache-Control "public, max-age=0";
    add_header Strict-Transport-Security "max-age=31536000" always;
    try_files $uri @proxy;
  }

  location @proxy {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Proxy "";
    proxy_pass_header Server;

    proxy_pass http://backend;
    proxy_buffering on;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    proxy_cache CACHE;
    proxy_cache_valid 200 7d;
    proxy_cache_valid 410 24h;
    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
    add_header X-Cached $upstream_cache_status;
    add_header Strict-Transport-Security "max-age=31536000" always;

    tcp_nodelay on;
  }

  location /api/v1/streaming {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Proxy "";

    proxy_pass http://streaming;
    proxy_buffering off;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    tcp_nodelay on;
  }

  error_page 500 501 502 503 504 /500.html;
}

# This block is useful for debugging TLS v1.3. Please feel free to remove this
# and use the `$ssl_early_data` variable exposed by NGINX directly should you
# wish to do so.
map $ssl_early_data $tls1_3_early_data {
  "~." $ssl_early_data;
  default "";
}

I'm not sure why most of the URLs are responding with a 403 error, but e.g. the /sw.js path works just fine. HTTP redirects to HTTPS for any URL and /sw.js gets served over HTTPS without any problem.

My suggestion would be to look at the nginx error logs, but I don't think this is a HTTPS/certificate issue.

1 Like

Here's the last 50 line, does that make any sense to you ? Thanks

tail -50 /var/log/nginx/error.log

2025/01/28 20:28:42 [notice] 295568#295568: cache loader process 295572 exited with code 0
2025/01/28 20:28:42 [notice] 295568#295568: signal 29 (SIGIO) received
2025/01/28 20:49:02 [notice] 332349#332349: signal process started
2025/01/28 20:49:02 [notice] 295568#295568: signal 1 (SIGHUP) received from 332349, reconfiguring
2025/01/28 20:49:02 [notice] 295568#295568: reconfiguring
2025/01/28 20:49:02 [notice] 295568#295568: using the "epoll" event method
2025/01/28 20:49:02 [notice] 295568#295568: start worker processes
2025/01/28 20:49:02 [notice] 295568#295568: start worker process 332350
2025/01/28 20:49:02 [notice] 295568#295568: start worker process 332351
2025/01/28 20:49:02 [notice] 295568#295568: start cache manager process 332352
2025/01/28 20:49:02 [notice] 295569#295569: gracefully shutting down
2025/01/28 20:49:02 [notice] 295569#295569: exiting
2025/01/28 20:49:02 [notice] 295569#295569: exit
2025/01/28 20:49:02 [notice] 295570#295570: gracefully shutting down
2025/01/28 20:49:02 [notice] 295570#295570: exiting
2025/01/28 20:49:02 [notice] 295571#295571: exiting
2025/01/28 20:49:02 [notice] 295570#295570: exit
2025/01/28 20:49:02 [notice] 295568#295568: signal 17 (SIGCHLD) received from 295571
2025/01/28 20:49:02 [notice] 295568#295568: cache manager process 295571 exited with code 0
2025/01/28 20:49:02 [notice] 295568#295568: signal 29 (SIGIO) received
2025/01/28 20:49:02 [notice] 295568#295568: signal 17 (SIGCHLD) received from 295569
2025/01/28 20:49:02 [notice] 295568#295568: worker process 295569 exited with code 0
2025/01/28 20:49:02 [notice] 295568#295568: signal 29 (SIGIO) received
2025/01/28 20:49:02 [notice] 295568#295568: signal 17 (SIGCHLD) received from 295570
2025/01/28 20:49:02 [notice] 295568#295568: worker process 295570 exited with code 0
2025/01/28 20:49:02 [notice] 295568#295568: signal 29 (SIGIO) received
2025/01/28 20:49:04 [notice] 332604#332604: signal process started
2025/01/28 20:49:04 [notice] 295568#295568: signal 1 (SIGHUP) received from 332604, reconfiguring
2025/01/28 20:49:04 [notice] 295568#295568: reconfiguring
2025/01/28 20:49:04 [notice] 295568#295568: using the "epoll" event method
2025/01/28 20:49:04 [notice] 295568#295568: start worker processes
2025/01/28 20:49:04 [notice] 295568#295568: start worker process 332605
2025/01/28 20:49:04 [notice] 295568#295568: start worker process 332606
2025/01/28 20:49:04 [notice] 295568#295568: start cache manager process 332607
2025/01/28 20:49:05 [notice] 332350#332350: gracefully shutting down
2025/01/28 20:49:05 [notice] 332350#332350: exiting
2025/01/28 20:49:05 [notice] 332350#332350: exit
2025/01/28 20:49:05 [notice] 332352#332352: exiting
2025/01/28 20:49:05 [notice] 332351#332351: gracefully shutting down
2025/01/28 20:49:05 [notice] 332351#332351: exiting
2025/01/28 20:49:05 [notice] 332351#332351: exit
2025/01/28 20:49:05 [notice] 295568#295568: signal 17 (SIGCHLD) received from 332352
2025/01/28 20:49:05 [notice] 295568#295568: worker process 332350 exited with code 0
2025/01/28 20:49:05 [notice] 295568#295568: cache manager process 332352 exited with code 0
2025/01/28 20:49:05 [notice] 295568#295568: signal 29 (SIGIO) received
2025/01/28 20:49:05 [notice] 295568#295568: signal 17 (SIGCHLD) received from 332351
2025/01/28 20:49:05 [notice] 295568#295568: worker process 332351 exited with code 0
2025/01/28 20:49:05 [notice] 295568#295568: signal 29 (SIGIO) received
2025/01/28 20:53:56 [warn] 332606#332606: no resolver defined to resolve e5.o.lencr.org while requesting certificate status, responder: e5.o.lencr.org, certificate: "/etc/letsencrypt/live/sudomakecake.com/fullchain.pem"
2025/01/28 20:53:56 [warn] 332605#332605: no resolver defined to resolve e5.o.lencr.org while requesting certificate status, responder: e5.o.lencr.org, certificate: "/etc/letsencrypt/live/sudomakecake.com/fullchain.pem"

The last two warnings are related to OCSP and shouldn't result in those 403s.. They are not fatal. No errors are present in that error log :thinking: Maybe nginx logs those 403 stuff in the access log? :man_shrugging: I'm more of an Apache person.

Don't know what OCSP is but I have seen that some people talked about changing the folder permissions to 755, but I feel that's the wrong donkey :slight_smile:

Not related to the 403 but you can remove the lines for stapling. Let's Encrypt is stopping OCSP support very soon.

The 403 is not coming directly from nginx. It is coming from the thing you proxy to. For some reason that responds properly for the sw.js file but not any others.

Are there logs at that proxy you can check?

1 Like

mojn

hmm I followed the install here How to Install Mastodon Social Network on Debian 12 I don't have a proxy that I know off, can I remove that?

thanks

You definitely do :slight_smile: It is the @ProXy See below

As for what it does you'll have to ask the people who wrote those instructions

location / {
    try_files $uri @proxy;
  }

location @proxy {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Proxy "";
    proxy_pass_header Server;

    proxy_pass http://backend;
    (...)

and

1 Like

Mojn

Well we are on the correct way :slight_smile:
I removed some of the proxy references and at least I'm now seeing an mastodon error page instead of just a blank page

tail -50 /var/log/nginx/error.log

2025/01/28 22:01:56 [notice] 444927#444927: exit
2025/01/28 22:01:56 [emerg] 458788#458788: invalid number of arguments in "try_files" directive in /etc/nginx/conf.d/mastodon.conf:68
2025/01/28 22:03:41 [notice] 462064#462064: using the "epoll" event method
2025/01/28 22:03:41 [notice] 462064#462064: nginx/1.27.3
2025/01/28 22:03:41 [notice] 462064#462064: built by gcc 12.2.0 (Debian 12.2.0-14) 
2025/01/28 22:03:41 [notice] 462064#462064: OS: Linux 6.1.0-30-cloud-amd64
2025/01/28 22:03:41 [notice] 462064#462064: getrlimit(RLIMIT_NOFILE): 1024:524288
2025/01/28 22:03:41 [notice] 462065#462065: start worker processes
2025/01/28 22:03:41 [notice] 462065#462065: start worker process 462066
2025/01/28 22:03:41 [notice] 462065#462065: start worker process 462067
2025/01/28 22:03:41 [notice] 462065#462065: start cache manager process 462068
2025/01/28 22:03:41 [notice] 462065#462065: start cache loader process 462069
2025/01/28 22:03:55 [warn] 462067#462067: no resolver defined to resolve e5.o.lencr.org while requesting certificate status, responder: e5.o.lencr.org, certificate: "/etc/letsencrypt/live/sudomakecake.com/fullchain.pem"
2025/01/28 22:04:41 [notice] 462069#462069: http file cache: /var/cache/nginx 0.000M, bsize: 4096
2025/01/28 22:04:41 [notice] 462065#462065: signal 17 (SIGCHLD) received from 462069
2025/01/28 22:04:41 [notice] 462065#462065: cache loader process 462069 exited with code 0
2025/01/28 22:04:41 [notice] 462065#462065: signal 29 (SIGIO) received
2025/01/28 22:05:57 [notice] 462065#462065: signal 15 (SIGTERM) received from 465963, exiting
2025/01/28 22:05:57 [notice] 462066#462066: exiting
2025/01/28 22:05:57 [notice] 462067#462067: exiting
2025/01/28 22:05:57 [notice] 462066#462066: exit
2025/01/28 22:05:57 [notice] 462067#462067: exit
2025/01/28 22:05:57 [notice] 462068#462068: exiting
2025/01/28 22:05:57 [notice] 462065#462065: signal 15 (SIGTERM) received from 1, exiting
2025/01/28 22:05:57 [notice] 462065#462065: signal 17 (SIGCHLD) received from 462066
2025/01/28 22:05:57 [notice] 462065#462065: worker process 462066 exited with code 0
2025/01/28 22:05:57 [notice] 462065#462065: signal 29 (SIGIO) received
2025/01/28 22:05:57 [notice] 462065#462065: signal 17 (SIGCHLD) received from 462068
2025/01/28 22:05:57 [notice] 462065#462065: cache manager process 462068 exited with code 0
2025/01/28 22:05:57 [notice] 462065#462065: signal 29 (SIGIO) received
2025/01/28 22:05:57 [notice] 462065#462065: signal 17 (SIGCHLD) received from 462067
2025/01/28 22:05:57 [notice] 462065#462065: worker process 462067 exited with code 0
2025/01/28 22:05:57 [notice] 462065#462065: exit
2025/01/28 22:05:57 [emerg] 465973#465973: invalid number of arguments in "try_files" directive in /etc/nginx/conf.d/mastodon.conf:74
2025/01/28 22:07:08 [notice] 467907#467907: using the "epoll" event method
2025/01/28 22:07:08 [notice] 467907#467907: nginx/1.27.3
2025/01/28 22:07:08 [notice] 467907#467907: built by gcc 12.2.0 (Debian 12.2.0-14) 
2025/01/28 22:07:08 [notice] 467907#467907: OS: Linux 6.1.0-30-cloud-amd64
2025/01/28 22:07:08 [notice] 467907#467907: getrlimit(RLIMIT_NOFILE): 1024:524288
2025/01/28 22:07:08 [notice] 467908#467908: start worker processes
2025/01/28 22:07:08 [notice] 467908#467908: start worker process 467909
2025/01/28 22:07:08 [notice] 467908#467908: start worker process 467910
2025/01/28 22:07:08 [notice] 467908#467908: start cache manager process 467911
2025/01/28 22:07:08 [notice] 467908#467908: start cache loader process 467912
2025/01/28 22:07:18 [warn] 467910#467910: no resolver defined to resolve e5.o.lencr.org while requesting certificate status, responder: e5.o.lencr.org, certificate: "/etc/letsencrypt/live/sudomakecake.com/fullchain.pem"
2025/01/28 22:07:23 [warn] 467909#467909: no resolver defined to resolve e5.o.lencr.org while requesting certificate status, responder: e5.o.lencr.org, certificate: "/etc/letsencrypt/live/sudomakecake.com/fullchain.pem"
2025/01/28 22:08:08 [notice] 467912#467912: http file cache: /var/cache/nginx 0.000M, bsize: 4096
2025/01/28 22:08:08 [notice] 467908#467908: signal 17 (SIGCHLD) received from 467912
2025/01/28 22:08:08 [notice] 467908#467908: cache loader process 467912 exited with code 0
2025/01/28 22:08:08 [notice] 467908#467908: signal 29 (SIGIO) received

type or paste code here

Glad you are getting it sorted. although it still looks badly broken to me (see http 500 below)

Configuring nginx to support a particular package is not what we focus on here. That's best handled with the authors of that package.

I see your domain uses a valid Let's Encrypt cert and that's often where we stop. We sometimes help with common issues but this is not that.

Don't forget to remove those lines about stapling though. That is definitely in our scope :slight_smile:

curl -I https://sudomakecake.com
HTTP/2 500
server: nginx/1.27.3
date: Tue, 28 Jan 2025 22:12:16 GMT

Mojn

Thanks a lot, I now know it's not the ssl that is the issue. So I will look elsewhere, clearly a ngnix issue somewhere. Yes the 500 error that is me trying something else :slight_smile: I'm live faffing about as we talk.