I have the following meta tags
<meta data-n-head="true" data-hid="og-title" property="og:title" content=" | Skryit"><meta data-n-head="true" data-hid="og-description" property="og:description" content="">
<meta data-n-head="true" data-hid="og-type" property="og:type" content="website">
<meta data-n-head="true" data-hid="og-url" property="og:url" content="https://www.skryit.com/vonawesome/posts/f5449c93-1666-4a80-adce-9648cfa75715">
<meta data-n-head="true" data-hid="og-image" property="og:image" content="https://api.skryit.com/media/f0759ad8-9d30-4e28-8d23-a4e3fc198114.png">
I am trying to get facebook's share to pull the correct meta image og:image, but it isn't.
I was debugging with facebook debugger
I get the following
Provided og:image, https://api.skryit.com/media/f0759ad8-9d30-4e28-8d23-a4e3fc198114.png
could not be downloaded. This can happen due to several different reasons such as your server
using unsupported content-encoding. The crawler accepts deflate and gzip content encodings.
but it isn't true. Checking the network tab it is using gzip.
Then I started checking nginx.
This is my configuration (partial)
server {
listen 443 ssl http2;
listen [::]:443 ssl http2 ipv6only=on;
ssl_certificate /etc/letsencrypt/live/domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
ssl_protocols TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
gzip on;
gzip_types text/plain application/xml text/css application/javascript;
gzip_min_length 1000;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
alias /home/proj/staticfiles/;
}
location /media/ {
alias /home/proj/media/;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
proxy_ssl_server_name on;
}
}
I checked nginx logs and found this in error.log
2019/12/11 23:35:32 [crit] 8037#8037: *232 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 18.212.76.137, server: 0.0.0.0:443
2019/12/11 23:38:05 [crit] 9257#9257: *7 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 173.252.83.9, server: 0.0.0.0:443
2019/12/11 23:38:06 [crit] 9257#9257: *8 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 173.252.83.19, server: 0.0.0.0:443
2019/12/12 00:07:11 [crit] 9257#9257: *33 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 18.212.76.137, server: 0.0.0.0:443
2019/12/12 00:07:54 [crit] 9257#9257: *34 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 128.14.134.170, server: 0.0.0.0:443
2019/12/12 00:20:04 [crit] 9257#9257: *65 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking, client: 184.105.139.69, server: 0.0.0.0:443
I have looked further for trying to resolve the above error. adding proxy_ssl_server_name on did nothing. I have looked at another solution but weren't really helpful in resolving the issue I had.
The solution worked with @Wizkid's help.
In nginx config also included TLSv1.2 in ssl_protocols
So, it came out to be
ssl_protocols TLSv1.2 TLSv1.3