Can't relay Discourse traffic for website with nginx and vestacp


(Ann Lee Watson) #21

I don’t want to bother you, I am always as root, and run inside the directory several times the rebuild ;(


(Felix Freiberger) #22

In that case I’m out of guesses for now. Maybe someone else can pick this up :smiley:


(Ann Lee Watson) #23

dont worry mate :slight_smile: thanks anyways


(Ann Lee Watson) #24

if this can help:

root@51:/var/discourse# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6b2524b57663 local_discourse/app "/sbin/boot" 10 minutes ago Up 4 minutes app
whenever I launch it, says it is launched already but when access the subdomain does nothing


(Felix Freiberger) #25

Oh wait – you try to start it after rebuilding? That’s not needed, the container is started automatically.

What exactly do you get when you try to access the subdomain where Discourse should be running?


(Ann Lee Watson) #26

I get nothing when acces the subdomain (I also check with htop it is running)

perhaps there are some log files to check?


(Felix Freiberger) #27

What is “nothing”, exactly? A timeout? A bad gateway error? Your computer disappears?


(Ann Lee Watson) #28

sorry, please have a look by yourself: http://community.smartcitylinares.com/

and my htop:


(Felix Freiberger) #29

Your nginx is not relaying the requests to Discourse. Did you follow the configuration guide I mentioned above, and remembered to reload the nginx configuration afterwards?

If you cannot solve this yourself, we’ll need (the relevant pars of) your nginx configuration to help you debug this.


(Ann Lee Watson) #30

thanks, I did all the steps but excluding that I had nginx already installed (it came with vestacp)

I can paste here any logs you wish


(Felix Freiberger) #31

Can you paste both your /etc/nginx/conf.d/discourse.conf and the nginx configuration file belonging to VESTA?


(Ann Lee Watson) #32

discourse.conf:

server {
        listen 80; listen [::]:80;
        server_name community.smartcitylinares.com;  # <-- change this

        location / {
                proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
                proxy_set_header Host $http_host;
                proxy_http_version 1.1;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

and the nginx.conf:

# Server globals
user                    www-data;
worker_processes        2;
error_log               /var/log/nginx/error.log;
pid                     /var/run/nginx.pid;


# Worker config
events {
        worker_connections  1024;
        use                 epoll;
}


http {
    # Main settings
    sendfile                        on;
    tcp_nopush                      on;
    tcp_nodelay                     on;
    client_header_timeout           1m;
    client_body_timeout             1m;
    client_header_buffer_size       2k;
    client_body_buffer_size         256k;
    client_max_body_size            256m;
    large_client_header_buffers     4   8k;
    send_timeout                    30;
    keepalive_timeout               60 60;
    reset_timedout_connection       on;
    server_tokens                   off;
    server_name_in_redirect         off;
    server_names_hash_max_size      512;
    server_names_hash_bucket_size   512;


    # Log format
    log_format  main    '$remote_addr - $remote_user [$time_local] $request '
                        '"$status" $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';
    log_format  bytes   '$body_bytes_sent';
    #access_log          /var/log/nginx/access.log  main;
    access_log off;


    # Mime settings
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;


    # Compression
    gzip                on;
    gzip_comp_level     9;
    gzip_min_length     512;
    gzip_buffers        8 64k;
    gzip_types          text/plain text/css text/javascript
                        application/x-javascript application/javascript;
    gzip_proxied        any;


    # Proxy settings
    proxy_redirect      off;
    proxy_set_header    Host            $host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass_header   Set-Cookie;
    proxy_connect_timeout   90;
    proxy_send_timeout  90;
    proxy_read_timeout  90;
    proxy_buffers       32 4k;


    # Cloudflare https://www.cloudflare.com/ips
    set_real_ip_from   199.27.128.0/21;
    set_real_ip_from   173.245.48.0/20;
    set_real_ip_from   103.21.244.0/22;
    set_real_ip_from   103.22.200.0/22;
    set_real_ip_from   103.31.4.0/22;
    set_real_ip_from   141.101.64.0/18;
    set_real_ip_from   108.162.192.0/18;
    set_real_ip_from   190.93.240.0/20;
    set_real_ip_from   188.114.96.0/20;
    set_real_ip_from   197.234.240.0/22;
    set_real_ip_from   198.41.128.0/17;
    set_real_ip_from   162.158.0.0/15;
    set_real_ip_from   104.16.0.0/12;
    set_real_ip_from   172.64.0.0/13;
    #set_real_ip_from   2400:cb00::/32;
    #set_real_ip_from   2606:4700::/32;
    #set_real_ip_from   2803:f800::/32;
    #set_real_ip_from   2405:b500::/32;
    #set_real_ip_from   2405:8100::/32;
    real_ip_header     CF-Connecting-IP;


    # SSL PCI Compliance
    ssl_session_cache   shared:SSL:10m;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers        "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";


    # Error pages
    error_page          403          /error/403.html;
    error_page          404          /error/404.html;
    error_page          502 503 504  /error/50x.html;


    # Cache
    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=512m;
    proxy_cache_key "$host$request_uri $cookie_user";
    proxy_temp_path  /var/cache/nginx/temp;
    proxy_ignore_headers Expires Cache-Control;
    proxy_cache_use_stale error timeout invalid_header http_502;
    proxy_cache_valid any 3d;

    map $http_cookie $no_cache {
        default 0;
        ~SESS 1;
        ~wordpress_logged_in 1;
    }


    # Wildcard include
    include             /etc/nginx/conf.d/*.conf;
}

(Felix Freiberger) #33

Is there any other nginx configuration in effect? So far, I don’t see any reason why nginx should respond to queries to http://community.smartcitylinares.com/ with anything containing VESTA, which it does. I’d guess that VESTA has configured nginx to send all requests to it.


(Ann Lee Watson) #34

thank you so much for your support, but I think we are in a dead point, even if I stop nginx it won’t load discourse

perhaps it is an ussie related to the DNS? you are free to make seat if anyone else wants to help

So this thread makes people notice that a full tutorial (or video :)) for installing discourse + sites should be needed, and good for discourse business as company


(Felix Freiberger) #35

DNS is innocent: community.smartcitylinares.com resolves to you (it is clearly your server which is answering).

That’s not surprising: Discourse is now listening on the socket file, so it can only answer if nginx relays requests to this socket. If Discourse was not listening and nginx was configured correctly, you’d get something like this:

This is not an issue with Discourse: This is an issue with configuring nginx (and how VESTA utilizes nginx). The instructions in the how-to topic do work (I’m running such an installation myself) as long as no other nginx configuration is grabbing the traffic :smiley:


(Ann Lee Watson) #36

lol DNS is innocent oki