when I enter discourse application, I can realize that the container of my discourse forum is ubuntu 16.04. Its working fine. However I’m curious, can we install discourse on other container distros like centos or ubuntu 18.04?
ubuntu 18 04 ok for me.
I’m not asking if discourse can be installed on an ubuntu 18.04 server. I’m pretty much sure it works ok.
My question is about the container distro. now its 16.04 and I’m asking if it can be changed to any other distro.
Ah, now i understand. I don’t have any idea though. Team could answer this.
You are free to try. Just keep in mind that we only support our official images here in Meta.
I exactly want to know if there is an official way to use another distro for discourse container.
No. If you want to build your own Discourse container based on another distribution (and why would you?), you’re on your own.
I have a weird problem with ubuntu 16.04 in some of my servers. The problem is that in a fresh ubuntu 16.04, whether it is a docker container or it is an ubuntu server, curl of most https sites wont give me an output. for example I get this:
curl https://ipinfo.io curl: (35) gnutls_handshake() failed: The TLS connection was non-properly terminated.
now for the case of discourse, this problem prevents letsencrypt from working. because in the middle of acme.sh code, there is a curl to this address:
Now hopefully today an ubuntu specialist take a look at my case and he somehow found the problem. As he said, the problem is that curl with whatever reason, didn’t support http2 websites. and he add http2 support to curl by these :
add-apt-repository ppa:jonathonf/curl apt-get update apt-get upgrade
Now my problem is how I can execute this code to discourse container before discourse installation?
And also can someone explain why curl in ubuntu 16.04 isn’t supporting http2, at least in my discourse container?
Are you sure that the problem is our container curl version? Or are you behind a bad proxy?
I just run this curl using our official image just fine.
Are you using our official image and launcher?
Yes. For me it was also ok till some days ago. And suddenly, letsencrypt stopped renewing.
I think I’m not behind a bad proxy. because I’m ok with curl of any https website in my discourse server that is a centos 7.
My server is centos. Its not a problem with centos server. the problem is inside discourse container.
btw the point here is that I’m able to fix the problem by entring discourse container and running those command I mentioned:
I mean After running these commands, Then I’m able to manually renew letsencrypth according to this guide.
Well, just add this to your app.yml file:
hooks: before_ssl: - exec: cmd: - add-apt-repository ppa:jonathonf/curl - apt-get update - apt-get upgrade
Thank you very much. It fixed my problem.
However I believe its worth checking the problem of curl in the container.
But there is no problem! I just tested in a container we deployed today in AWS.
Here, let me curl from the container that is running this forum right now:
root@app-07d915db576094080:/# curl https://acme-v01.api.letsencrypt.org/directory -vv -I * Trying 184.108.40.206... * Connected to acme-v01.api.letsencrypt.org (220.127.116.11) port 443 (#0) * found 148 certificates in /etc/ssl/certs/ca-certificates.crt * found 594 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384 * server certificate verification OK * server certificate status verification SKIPPED * common name: acme-v02.api.letsencrypt.org (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: CN=acme-v02.api.letsencrypt.org * start date: Fri, 25 May 2018 00:25:19 GMT * expire date: Thu, 23 Aug 2018 00:25:19 GMT * issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3 * compression: NULL * ALPN, server accepted to use http/1.1 > HEAD /directory HTTP/1.1 > Host: acme-v01.api.letsencrypt.org > User-Agent: curl/7.47.0 > Accept: */* > < HTTP/1.1 200 OK HTTP/1.1 200 OK
The curl version does negotiate http/1.1 indeed (it would try both 1.1 and 2.0 in latest curl) but it works just fine. There is no way a site doesn’t offers http 1.1 today.
I think you have some bad configured proxy somewhere that is breaking ALPN.