I have set up a new Ubuntu 18 Cloud Server and installed Discourse like I did it all times, the Standard under 30 Min setup. When I now want to first create a admin, I am calling the installation in my browser and getting error that server is not reachable. 2 things are different to my other servers, 1. I changed to Hetzner Cloud, 2. I can only call the installtion with the IP adress at the moment, as I want to switch another existing server to the new one.
The Hetzner Ubuntu Image is minimal I think, nothing installed. I am out of knowledge now and hope that someone could point me the right direction
thx for reply. I think I explained wrong. I tried only to access via IP, the domain name is still not pointed on the new server. The result of trying to access via IP is the error I said before.
Discourse is up and running but the server somehow diesn´t point to the docker container. I don´t have clue.
I have another stupid question, really stupid
Do I need an an apache or any other webserver installed additionally? Or does the mentioned install method supports everything needed for launching? Sorry for that dumb question
The server is complete fresh, minimal installation of ubuntu, so nothing more is installed.
I recommend opening a ticket with the provider and/or checking their settings to see if you need to do something to open up ports. Sometimes all ports are closed by default.
My provider Hetzner doesn´t offers a extern firewall for the cloud server structure. The only I can do is to check up my system configuration, ufw for example.
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00013s latency).
Not shown: 131065 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
6010/tcp open x11
68/udp open|filtered dhcpc
Nmap done: 1 IP address (1 host up) scanned in 4851.83 seconds
root@crazy-geek:~# ufw status
Status: inactive
As I said, its a standard configuration. I am sure I am missing a small thing (
One or both of those should return a bunch of html. If they don’t, go look at the log files in /var/discourse/shared/standalone/log/var-log/nginx/ and /var/discourse/shared/standalone/log/rails/production.log for clues about what could be wrong
You could try ./launcher enter app in the discourse directory and running the top command to verify that nginx, redis, postmaster and ruby are all running. curl is available to test inside the container too.
root@crazy-geek:~# cd /var/discourse
root@crazy-geek:/var/discourse# ./launcher enter app
root@crazy-geek-app:/var/www/discourse# curl http://localhost/
curl: (7) Failed to connect to localhost port 80: Connection refused
root@crazy-geek-app:/var/www/discourse# curl http://172.17.0.2/
curl: (7) Failed to connect to 172.17.0.2 port 80: Connection refused
Outside the container:
root@crazy-geek:/var/discourse# curl http://localhost/
curl: (56) Recv failure: Connection reset by peer
root@crazy-geek:/var/discourse# curl http://172.17.0.2/
curl: (7) Failed to connect to 172.17.0.2 port 80: Connection refused
Error Logs from inside the container:
Nginx (whole error.log is full of the same message):
Thanks a lot. That was a noob mistake actually. I needed to deactivate ssl templates in app.yml and rebuild new. Problem was that letsencrypt couldn´t verify the cert for the domain, as the domain is still pointed to the old server
Sorry for my mistakes and thx a lot for the provided help!
One has to then go into app.yml, comment out the Let’s Encrypt email line and the ssl templates and then launcher rebuilt. I think this should be considered a bug in the discourse-setup. Also discourse-setup should have support for installing your own SSL cert gotten from another authority right at the beginning so you don’t have to rebuild.
It’s intentional, Discourse installs secure by default with https by out of the box. That email field is only to notify you of renewal problems.
What benefit is there to using the cert from a different CA? EV certs aren’t really a thing any more and Discourse can manage it’s own certificate automatically.
Discourse setup is for only the most standard installation. If you’re capable of getting your own cert then you are responsible for installing it. I agree that it’s a bit confusing that let’s encrypt is installed by default, but it’s safer and it’s been that way for a very long time now with very few reports of problems.
Then the prompt on the Let’s Encrypt part should not say SKIP on it since it does not really skip it if you hit ENTER. Or give you some hint of what to do if not using Let’s Encrypt.
But in my opinion SKIP should be supported and if it is skipped discourse should be setup with no SSL at that point working only on port 80 rather than not working at all
in a very mysterious and hard to debug state like the posts above show.
I’ll need to look more carefully, but I think you’re right. I suspect that what it should do is not ask you anything and just use the developer email address for let’s encrypt. The rub is that it’s legal to include multiple addresses for developer emails, but not for let’s encrypt, so it’d be somewhat fiddly, but do able.
@Stephen Well, like the start of this thread states, whatever was “automatic” did not work. The system was in a state were it would not serve web pages at all on port 80 or 443. Once I commented out the ssl templates and rebuilt, it worked on port 80 just fine.