Cloudflare error 524

I’m having this issue now on my Discourse subdomain. No Railgun. Default Ubuntu 16.04 Discourse installation. Going to the IP directly shows the default Nginx page. Going to the DNS returns 524 error from Cloudflare. Worked fine as of two days ago. Ran discourse-doctor and it returns this:

DISCOURSE DOCTOR Sat Nov 10 07:34:57 UTC 2018
OS: Linux forum 4.4.0-138-generic #164-Ubuntu SMP Tue Oct 2 17:16:02 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Found containers/app.yml

==================== YML SETTINGS ====================

==================== DOCKER INFO ====================
DOCKER VERSION: Docker version 18.06.0-ce, build 0ffa825

DOCKER PROCESSES (docker ps -a)

CONTAINER ID        IMAGE                 COMMAND             CREATED             STATUS              PORTS                  NAMES
d3962029d351        local_discourse/app   "/sbin/boot"        15 hours ago        Up 15 hours>80/tcp   app

d3962029d351        local_discourse/app   "/sbin/boot"        15 hours ago        Up 15 hours>80/tcp   app

Discourse container app is running

==================== PLUGINS ====================
          - git clone

No non-official plugins detected.

See for the official list.


Any thoughts would be appreciated.

What happens if you disable the orange cloud at Cloudflare? Does it work?

1 Like

If the ip gives you the default nginx page, then something is wrong. What did a rebuild do?

Accessing the subdomain with the cloud off produces a privacy error

Accessing the ip with the cloud off produces the nginx default page.

Is it possible that the SSL cert expired or something? I checked the nginx configuration on the server and it looks fine for the reverse proxy through cloudflare.

A rebuild unfortunately produces the same results. I’ve tried it twice now.

If you click “ADVANCED” on the SSL warning page it might tell you there.

Is it possible that Discourse or the Docker image is blocking Cloudflare’s IP address?

Advanced warning:

I never set up any blacklisted IPs when the instance was accessible. Is there another way to check if the origin IP is being blocked?

Having this icloud same issue. Has anyone found a way to fix this? What is google classroom causing this? Explain please.

Thanks in advance.

1 Like

I haven’t tried it but it looks like you can get the certificate dates with this command:

certbot certificates

Edit: I’m not sure how Discourse blocks IPs.

Seems certbot is not installed on this default instance:

certbot: command not found

Which doesn’t make much sense since it clearly has used Lets Encrypt in the past. :thinking:

It’s using Let’s Encrypt, but I’m not sure if it’s using certbot. It looks like templates/web.ssl.template.yml has some other setup information in it.

Maybe the other method below would work, but I’m not sure. I’m still learning my way around Discourse.

Interesting… here are the dates sudo openssl x509 -dates -noout -in /path/to/cert.pem return

notBefore=Aug 12 16:30:25 2018 GMT
notAfter=Nov 10 16:30:25 2018 GMT

Maybe something in this thread would work:

Looking at your certificate it expired, how long ago did you set this instance up?

Certbot is installed inside docker, if you ./launcher enter app then it will be there, but let’s not get ahead of ourselves:

  • Have you tried to rebuild with Cloudflare disabled? Certbot can use an HTTP challenge for expired certs, which won’t work with Cloudflare enabled.
  • Have you ever changed FQDN? Are you running a single site install following the standard install guide?

Months ago - probably been using it consistently for at least 4-6 months. Went to it yesterday to find the 524 error.

Just did that after going through some of the troubleshooting steps here and now when I run ./launcher enter app it returns:

Error response from daemon: Container 1a9eaa93f3cb8253a4e6451672669ab289154ac33b6aeba16bd046bfb641eb71 is not running

Not sure what this is, so I’m going to say probably not.

Yes, I’m running on a standard instance installed on Digital Ocean. I think I may have even used the one-click installer they provide for Discourse.

And if you:

./launcher start app

what happens?

starting up existing container
+ /usr/bin/docker start app
Error response from daemon: driver failed programming external connectivity on endpoint app (87e15001c7d61c9e0ce698d81ccc2e532fbb95d39433b1940d7ee293f678ad32): Error starting userland proxy: listen tcp bind: address already in use
Error: failed to start containers: app

Cloudflare still disabled, not sure if that makes a difference here.

Ok, that means this install is harder to support (hence the #unsupported-install tag above) you might need to ask them for assistance here too.

I would reboot the box, something else is listening on that port. Report back when done - we will likely still need to run another rebuild but I want to see what state it restarts in.

Rebooted and power cycled the server. Still got the daemon error so I’m running a rebuild now. I’ll report back with results.