Adding an offline page when rebuilding

Hm. We are not sure if changing that text actually works for us. Do we have to consider something special here when amending this guy?


Also, we would like to mention that during specific time range while the site was down, it was yelling differently like

image

Do you have an idea how we would be able to change that also?

I use that, but i want a custom offline webpage and im not able to do it

Very very thank you for such a wonderful guide. But due to very un-familarity with ubuntu and html type of things, I was struck at (almost) the very end.
Could I ask ask 2-3 things.

Since I don’t know html, could you tell how can we use/download/upload your 3 files (discourse_offline.html, d-logo-sketch.png and sob.png)? Do I first download these to my local PC and then (how can I) upload them into DO server’s proper folder?

There are 2 server sections in ‘default’ file. Where do we add these 3 lines. Is it necessary to add these at the bottom (just before the last closing braces), or at the top (after the first brace)?

Again, is this line to be added to the end of the default file, or just before the closing brace?
Does spacing and alignment would matter as much as it does in app.yml?

Thank you.

First things first: Are you sure you want to go ahead? This is an advanced setup, so if you’re unfamiliar with these things, this may not be the best idea – at least unless you’re OK with experimenting a bit (and your site being unavailable while you do).

That’s typically the easiest option. You can use an SFT program for that. If you’re on Windows, WinSCP is my recommended option.

For the remainder of your questions: The first thing the guide above does with the default nginx configuration is to completely replace it:

It looks like you didn’t do that :slight_smile:

2 Likes

Thank you.

  1. But I’m experimenting all this on a fresh/spare install of Discourse on DO. So no worries of going down or breaking something. And I’ve already done 90% of the steps successfully. I was struct just at last, where I’ve to give the error page to it.
  2. I’m using Win10 with Linux sub system built in. I’m accessing and giving all the Ubuntu commands from/thru my windows terminal (after SSHing). I just don’t know how to upload the 3 files thru Ubuntu terminal/commands. Since I’m using it for many many days now, I feel more familiarity with it, than configuring SFTp/Filezilla from start (many times, one is struck with wrong permissions to ubuntu folders and paths thru Sftp). But if you’d insist, I’d try to go thru that path.

I did replace the contents with the contents given by you.
But, what I was asking were the later steps. There, at two places, you’ve asked to add some text to the ‘default’ file (not replace, but add somewhere). And I couldn’t follow, exactly after which line I’ve to add those few lines.
And also was worried, if white spaces or alignment matter as much as in app.yml?

2 Likes

No problem! You can use scp then. A short manual is here, it boils down to running something like scp {{path/to/local_file}} {{remote_host}}:{{path/to/remote_file}}.

Ah, I see, sorry. All edits will happen in the second block, the one responsible for HTTPS.

As background: The first block has one purpose only: It tells nginx that everything that is not HTTPS should be redirected there (for security), except for the requests needed to get a certificate from Let’s Encrypt. You should never need to edit this block again.
Everything else is handled by the second block, which configures what happens to HTTPS requests (which should be forwarded to Discourse, unless that fails, then you want the error page).

Nope, nginx is very forgiving here. However, semicolons (;) are important!

That’s how you learn – good luck :slight_smile:
Please, ask again if you have more questsion.

4 Likes

You’re a patient man.

I suppose I have to add the last told texts just before the last closing parenthesis. Like the last 2 closing parenthesis shown here, I’ve to insert it after first parenthesis and before 2nd (parenthesis)?

    proxy_set_header X-Real-IP $remote_addr;
  }
}

Correct :slight_smile:

location blocks (which tell nginx how it should react to certain URLs) should always be within server blocks.

1 Like

This is a very useful article written in a very clear way.
Yet, howsoever clear something may be, some people are there, like me, who are struck at some places.

I’d like to tell on which step I was struck and how did I interpret or solve the same.
If I’m wrong anywhere, pls tell me, I’ll edit the post accordingly. I’m no authority on this.
1.

“this way/below given way” would be more clear.

I think that “We need to add a new server block, *below* the old server block” would be more clear.

Mind that (in the later/current version of Discourse) ‘Force/Use https’ setting won’t appear in Admin Settings> Security if your ssl setup is running from inside discourse container.

This is the main step, where I was struck. Since I don’t know html, I had to copy the ready-made error page files. And I didn’t know how to copy these 3 files to my remote server. But with a some help from this article writer, I took below given steps, successfully.

I did the following to copy the error html files from my local windows pc to remoter ubuntu server.
Opened Linux terminal on Win10.
First of all, download the 3 files from this webpage article onto your local/windows pc.
Then run the terminal: Bash

Then, inside the terminal, go to the local path where your 'to be copied' files are lying. E.g. I had downloaded these 3 files below given location of my pc. 
So commanded (at root of the linux terminal/bash, not root of the windows, nor the root of your remote server):
cd 'mnt/l/1. wp websites/1. disco/website offline'
ls (just to check that all 3 files are showing ok in this path).

Then just command this (still at bash prompt, nor local, not remote server):
scp *.* root@157.245.199.111:/var/www/errorpages (don't forget to use OWN your server username and ip address, this imagined ip is for illustration only)

And that's it. But 2-3 extra things. I've set the login by SSH keys. If you use pw method, if might ask the password before executing this command.
Next is that I could copy the file to the home folder of the root user of remote server first, if the target's long path is giving some problem and then login to the remoter sever and copy/move the files from the user root to the desired path. In that case, the above command would be:
scp *.* root@target_ipaddress:~

Then login to remoter server, go user home folder and give this command:
cp *.* /var/www/errorpages

And another aproach could be to zip the 'files to be copied' first and then unzip them at the target. In that case, you will create zipped archive in local windows pc. Then the command would become: 
scp zipped_archive.zip root@target_ipadress:~

And then you can unzip them with this command, after logging into the remote server: 
unzip zipped_archive.zip -d destination_folder_path

And last, I got a bit worried as to where do I have to add these 2-3 lines (app.yml has made me very afraid of messing up these technical files. But the writer of the article told me that html files are not that sensitive of alignment of white spaces) just before the very last brace in the default file. After this addition, it’d show like this:

===== Also, there is much text above this line, but end would be like this =========== 
  location / {                                                                         
    proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:; 
    proxy_set_header Host $http_host;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;                                          
    proxy_set_header X-Real-IP $remote_addr;
  }

  location /errorpages/ {
    alias /var/www/errorpages/;
  }

error_page 502 =502 /errorpages/discourse_offline.html; 
proxy_intercept_errors on;
}                                                                                  

And it all worked as well as the writer said it would.
Great many thanks to orig writer.

P.S: I don’t know, how can we show diff colours in the code? I mean, in the OP, the writer has shown the code we are supposed to copy/write in our configuration. But how he achieved diff colours in that?
E.g. the below given line showed in light pink/red. How did it?

'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'

Thanks! I’ve made some adjustments to the original post.

By the way, it’s a wiki post – feel free to make further enhancements yourself!

The colors aren’t diff colors, just syntax highlighting. Feel free to edit the post to see its source :slight_smile:

2 Likes

Thanks for incorporating my suggestions.
Are we able to choose colors to our liking or not? If yes, how?
Or, some particular syntax is auto-highlighted by Disco composer window?

This is fully automatic, with support for a few different programming (and configuration) languages.

1 Like

Since I was experimenting with this guide, I happen to install the Letsencrypt certificate a few times (I think somewhere between 4 times and 6 in the last 10 days). I did this, because I thought that I can erase and reinstall something as many times as I want, without troubling any server or anybody.

But clearly, I was wrong and didn’t know (alas there was no such warning regarding this!!) that this is not Windows and the same is not permitted by LetsEncrypt. This site showed that I’ve requested new certificates to be issued more than 10 times (between the last 10 or so days), which surprised even me. May be I tried installing these certs while practicing something else.

Now, can anyone tell me a way to avoid this frustration (now or in future)? (As of now, I’d destroyed the droplet and installed everything afresh when this error occurred)
I mean, around the steps, in which I request the certificate, can I take some steps to keep the Certs copy intact somewhere else and then retrieve the certificates again when needed?
I hope, me being not an expert on these, you can spell out the actual Ubuntu commands to achieve that.

Upon a bit research, I’ve found that our certificates, which were generated earlier, can be retrieved from Letsencrypt servers. This is a guess only.

I’ve found my certificates, if only I’m correct, here, on this website.

Can someone pls help (tell exact commands) as how can I get those certificates copy into my nginx server (if indeed they are)?

While the certificates can be retrieved, the private key cannot, so you are most likely out of luck.
You most likely are running against a limit on the number of duplicate certificates, which you can work around by requesting a certificate with a different set of domains (e.g. hotelbobbygg.xyz and www.hotelbobbygg.xyz).

Backing up your certificate is possible, but I’d suggest instead that you simply don’t start over so often, but try to understand and fix your problem if you run into one :slight_smile:

2 Likes

Yes. As shown in my SS, duplicate certificates was the problem.
But thank you very much that your suggestion of prepending ‘www’ was very easy. Didn’t have to do much, just create a new sub-domain (and attach to the old droplet) in DO, overwrite the droplet with the fresh ubuntu OS image, install discourse and here I was ready again (for 5 new tries anyway :slight_smile: ) in 15 minutes.

P.S.: I don’t know why the droplet won’t let discourse installation run without first (destroying and) overwriting it with new Ubuntu image though. It was giving some error to the effect that some files related to SSL were already running or not-running and it couldn’t change their status. Installation failed at the very first step, just after we tell it a few things like domain name and email smtp things.

Wonderful guide.
But if only you had told some commands to auto-renew this certificate also. It’d be a complete guide.
Because I’ve seen the link mentioned here. But that link only tells to install the certificate fresh. Or to renew it.
But I couldn’t find the guidance to ‘Auto-renew’ the same.

Thanks.

1 Like

Good point! I updated this section above in the original post :arrow_double_up:

1 Like

Thanks for the update.
by “your package repository” you mean the one maintained by Ubuntu
or the one maintained by Certbot [add-apt-repository ppa:certbot/certbot]

Which repository should we install from so that it could be renewed automatically?
And why is it imperative that we would want the certificate to renew just before it is going to expire, can’t we renew it much in advance, or just after it has expired.
Sorry to put naive questions.
Thanks again.

I’m pretty sure both handle that.

It’s not – by default, Certbot will renew 30 days before expiration :slight_smile:

4 Likes