Discourse not starting up: nginx: unable to open supervise/ok: file does not exist


I’m trying to run Discourse with Let’s Encrypt behind an Apache Proxy on Ubuntu 16.04.
When I start up the application, nobody is listening on the correct port (I’ve mapped it to 12080/12443 in the app.yml), and the logs show the following error:

Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
run-parts: executing /etc/runit/1.d/enable-brotli
run-parts: executing /etc/runit/1.d/letsencrypt
[Fri Dec  2 17:57:12 UTC 2016] Skip, Next renewal time is: Mon Feb 20 16:36:38 UTC 2017
[Fri Dec  2 17:57:12 UTC 2016] Add '--force' to force to renew.
[Fri Dec  2 17:57:12 UTC 2016] Installing key to:/shared/ssl/discourse.mydomain.com.key
[Fri Dec  2 17:57:12 UTC 2016] Installing full chain to:/shared/ssl/discourse.mydomain.com.cer
[Fri Dec  2 17:57:12 UTC 2016] Run Le_ReloadCmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Fri Dec  2 17:57:12 UTC 2016] Reload error for :discourse.mydomain.com
Started runsvdir, PID is 135
ok: run: redis: (pid 143) 0s
ok: run: postgres: (pid 145) 0s
sh: echo: I/O error

(To clarify: I’ve replaced my FQDN with “discourse.mydomain.com” in these logs.)

This Reload Error appears to be preventing discourse from starting up properly. I’ve had a look but all references to “unable to open supervise/ok” appear to be a fixed bug in runit.

Things I’ve tried:

  • Running ./launcher rebuild app
  • Running the debug steps in Setting up Let's Encrypt (they succeed but produce no different result)

Has anyone encountered this error, and/or does anyone know how to resolve it?


New user invite links only give ERR_SSL_PROTOCOL_ERROR
(Rafael dos Santos Silva) #2

I don’t think our Let’s Encrypt template works when behind a proxy.

Usually the last web server handles SSL termination / certificates / etc.


All right, I’ve resolved it by not doing that. Instead Apache now handles the LetsEncrypt logic.
Maybe the LetsEncrypt guide could mention this?

(ginger man) #4

@Pingless Can you explain how you accomplished apache letencrypt configuration within docker container ? How do you ensure the ssl config remains during the rebuild ?