Trying to fresh install discourse on bare metal OVH server running Fedora Server 38 and installation went fine but I cannot connect to it using the hostname I specified in the app.yml forums.dogsrv.dev.
OVH edge firewall is disabled, firewalld is disabled, iptables is disabled, DNS resolves fine, I’m lost at what else to check at this point, any ideas would be appreciated.
You can look at /var/discourse/shared/standalone/log/var-log/nginx/production.log. My guess is that you got rate limited by let’s encrypt because dns or something else kept a certificate from being issued.
If that’s the case you can wait a week or use a different subdomain (like forum instead of forums).
Did you run discourse-setup?
1 Like
Oddly enough I don’t have a production.log in that folder, however I do have an error.log which contains nothing but this error over and over
2023/06/02 07:27:34 [emerg] 289163#289163: cannot load certificate "/shared/ssl/forums.dogsrv.dev.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)
and indeed when I looked at that cert file it was empty.
I did run discourse-setup initially but it would always error out with
Hostname for your Discourse? [forums.dogsrv.dev]:
Checking your domain name . . .
WARNING: Port 443 of computer does not appear to be accessible using hostname: forums.dogsrv.dev.
WARNING: Connection to http://forums.dogsrv.dev (port 80) also fails.
Which I assumed was due to the .dev TLD being on Google’s HSTS preload list by default so I just configured the app.yml manually and ran ./launcher rebuild app which seemed to work fine.
I’ve tried switching the subdomain over to forum instead and rebuilt the app but still having the same issue and getting the same error as before except with forum instead of forums.
Have you open ports on your firewall outside Docker?
Yep, firewalld is disabled completely along with iptables. If I manually install and configure apache or nginx on the server itself I can see that on both port 80 and 443 traffic is allowed but because of HSTS I need to have HTTPS rewrite enabled on all HTTP requests and a working SSL cert which is the thing that’s being an issue at the moment.
Perhaps you should open ports 80 and 443 then?
1 Like
It still sounds like something is interfering with incoming traffic. Are you using cloudflare for dns?
Nope, using Google.
If the test that Discourse-setup is doing is failing then you need to find the explanation for that. It’s pretty clear that it’s right and that let’s encrypt can’t assign a certificate.
Since you know to install nginx and apache you can try getting let’s encrypt to issue a certificate, but it’s pretty clear that so it’s blocking 80 and/or 443.
1 Like
Ok so the issue was that discourse-setup is broken when using newer netcat versions as can be seen in this pull request: https://github.com/discourse/discourse_docker/pull/697
Removing the -p flag fixes discourse-setup from falsely reporting that it cannot establish a connection on the ports and then it finishes and rebuilds the app successfully and I can now connect to my install flawlessly.
Thanks for the help.
1 Like
Glad you got it working! I’m confused about why the rebuild was failing to get the certificate, as I thought that you’d do the rebuild and skipped the discourse-setup step.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.