Cannot connect to IP address and no errors in log

I am not sure how much information to include in this topic, so let me know if information should be added. Here is a summary:

  1. I am installing Discourse on a Digital Ocean droplet, using my own ssl keys.
  2. The initial install resulted in the IP resolving, but not the domain.
  3. When I added the ssl keys and then performed rebuild, neither domain nor IP resolved.
  4. The log file had several errors, and I resolved them one by one by looking up the causes in the Discourse forums. There are a couple remaining errors, but the forums said to disregard.

Below is the log file output:

run-parts: executing /etc/runit/1.d/00-ensure-links
run-parts: executing /etc/runit/1.d/00-fix-var-logs
run-parts: executing /etc/runit/1.d/anacron
run-parts: executing /etc/runit/1.d/cleanup-pids
Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
run-parts: executing /etc/runit/1.d/enable-brotli
Started runsvdir, PID is 41
ok: run: redis: (pid 51) 0s
ok: run: postgres: (pid 55) 0s
rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.
rsyslogd: activation of module imklog failed
Server listening on 0.0.0.0 port 22.
Server listening on :: port 22.
2019-01-14T01:05:43.285264+00:00 Discourse-sfo2-01-app rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="59" x-info=] start
2019-01-14T01:05:43.280184+00:00 Discourse-sfo2-01-app rsyslogd-2307: warning: ~ action is deprecated, consider using the 'stop' statement instead  ]
supervisor pid: 52 unicorn pid: 80

This is the port info:

root@Discourse-sfo2-01:~# sudo netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1440/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      1440/sshd

The domain is keepinglookout.com, and the ip is 178.128.2.158.

I look forward to any advice anyone has.

It looks like your ports 80 and 443 aren’t forwarding to your docker container.

Can you show us:

  • the errors you needed to resolve and the changes you made
  • output of docker ps on the server?

DNS “resolution” is the process of turning a name (keepinglookout.com) into an IP address (178.128.2.158). That’s the part that’s working:

○ → host keepinglookout.com
keepinglookout.com has address 178.128.2.158

I think what you mean is that you can’t connect to the name or IP?

2 Likes

Thank you for the quick reply! I believe nearly all the changes that I remember making that had appeared in the log were regarding “rsyslog”. For example, I changed “xconsole” to “console”, and commented out parts of the yml. I can provide you with the yml, but honestly I cannot remember the exact changes. I should have kept a record of that. Another change I made was in regards to the ssl files. The log said I had placed them in the wrong folder, and I believe the change in location fixed that problem.

You are correct that i intended to say that I just cannot connect to the name or IP.

Below is the docker ps:

CONTAINER ID        IMAGE                 COMMAND             CREATED             STATUS              PORTS               NAMES
8c697843abcf        local_discourse/app   "/sbin/boot"        3 hours ago         Up 3 hours                              app

Thanks again for the quick reply.

Also, regarding the following instructions found on this page ( Advanced Setup Only: Allowing SSL / HTTPS for your Discourse Docker setup ):

Configure NGINX

Add a reference to the nginx ssl template from your app.yml configuration file:

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/sshd.template.yml"
  - "templates/web.template.yml"
  - "templates/web.ssl.template.yml"

Configure your Docker Container

Tell your container to listen on SSL

expose:
  - "80:80"
  - "2222:22"
  - "443:443"

Would I implement the above recommendations in the app.yml (as I understand them to read), or in some other place, such as the “docker container” or nginx ssl template?

Did you have a reason not to use Let’s encrypt as suggested in that topic?

Do you not have ports 443 and 80 in the expose section?

3 Likes

You’ve removed the part that tells docker to forward 80 (HTTP) and 443 (HTTPS) to Discourse. You need those in place.

You should follow this guide: Setting up HTTPS support with Let's Encrypt

Yes, that expose command goes into your app.yml

2 Likes

I initially tried to use Let’s Encrypt, but after many, many attempts was unsuccessful (many dozen, I am sure). I then decided to attempt adding my own SSL. After dozens of attempts there, I decided to post my forum question. I nearly decided to pay someone to configure for me since I lost so much time in failed attempts. I cannot say it was a total loss, though, because I learned a lot about the process along the way and became VERY familiar with the instructions.

Ultimately, today, I decided to attempt Let’s Encrypt again. I noticed a sentence in the instructions I had never noticed before,

Note: ./discourse-setup will enable Let’s Encrypt. And as of March 2017, you can run it again, and press return a few times and enter your email address ; the script will include the required templates and insert your email address as required. If you installed Discourse a long time ago , you might still have to edit app.yml by hand.

This was what I was missing. I was apparently over-configuring by editing the yml. Today I was successful, though. Hooray!

I’m not sure if the process is too simple or if the “how-to” instruction is not clear enough, but I have spent an embarrassing amount of time troubleshooting this problem.

I really like this forum, though. Everyone is very helpful and the responses from people are fast! I look forward to learning more from you all and playing with the product.

3 Likes

Thank you for the response. I un-commented the corresponding portion of that yml countless times. I even learned yml validation in the process. Oddly, in my case, I was able to resolve my problem without editing the yml today. Like I said in my other comment moments ago, the key sentence in the installation how-to has been staring at me for a week while I made a thousand different errors that brought me back to square one and forced me to re-read the how-to more carefully:

Note: ./discourse-setup will enable Let’s Encrypt. And as of March 2017, you can run it again, and press return a few times and enter your email address ; the script will include the required templates and insert your email address as required. If you installed Discourse a long time ago , you might still have to edit app.yml by hand.

2 Likes