Docker Install w/ Letsencrypt bombing


(MD8D Director) #1

I’ve been trying to debug why a new docker install of discourse wasn’t coming up. So I went for a deep dive, and found that inside the container, port 80 would not respond to telnet, but port 3000 would.

So something going on with nginx.

in /shared/log/var-log/nginx/error.log, I found a repeated line every second:

I’m going to reinstall this without letsencrypt for now :slight_smile:


(MD8D Director) #2

ok, it’s still having the same kinds of problems.

  • stop app
  • rename /var/discourse /var/discourse-broken
  • mkdir /var discourse
  • install as usual
  • leave letsencrypt email address empty

Now I’m still unable to hit port 80 from localhost and am getting the following error:

2016/11/16 11:16:34 [emerg] 1302#1302: BIO_new_file("/shared/ssl/discourse.md8d.org.cer") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/shared/ssl/discourse.md8d.org.cer','r') error:2006D080:BIO routines:BIO_new_file:no such file)

If it helps, I’m on Ubuntu 16.04,
docker -v
Docker version 1.12.3, build 6b644ec


(Alan Tan) #3

What does ./launcher logs app give you?

In the meantime, you can disable Let’s Encrypt by commenting out the template and rebuilding.


(MD8D Director) #4

I checked, the lets encrypt lines were NOT enabled on the second install, yet the error remained.

I rebuilt just for giggles, and now I’m getting the congratulations screen. So I’m in busienss. Strange.

# ./launcher logs app
run-parts: executing /etc/runit/1.d/00-ensure-links
run-parts: executing /etc/runit/1.d/00-fix-log-permissions
run-parts: executing /etc/runit/1.d/00-fix-var-logs
run-parts: executing /etc/runit/1.d/anacron
run-parts: executing /etc/runit/1.d/cleanup-pids
Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
run-parts: executing /etc/runit/1.d/enable-brotli
Started runsvdir, PID is 42
sh: echo: I/O error
ok: run: redis: (pid 50) 0s
ok: run: postgres: (pid 53) 0s
                _._                                                  
           _.-``__ ''-._                                             
      _.-``    `.  `_.  ''-._           Redis 3.0.6 (00000000/0) 64 bit
  .-`` .-```.  ```\/    _.,_ ''-._                                   
 (    '      ,       .-`  | `,    )     Running in standalone mode
 |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
 |    `-._   `._    /     _.-'    |     PID: 50
  `-._    `-._  `-./  _.-'    _.-'                                   
 |`-._`-._    `-.__.-'    _.-'_.-'|                                  
 |    `-._`-._        _.-'_.-'    |           http://redis.io        
  `-._    `-._`-.__.-'_.-'    _.-'                                   
 |`-._`-._    `-.__.-'    _.-'_.-'|                                  
 |    `-._`-._        _.-'_.-'    |                                  
  `-._    `-._`-.__.-'_.-'    _.-'                                   
      `-._    `-.__.-'    _.-'                                       
          `-._        _.-'                                           
              `-.__.-'                                               

50:M 16 Nov 12:03:39.739 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
50:M 16 Nov 12:03:39.739 # Server started, Redis version 3.0.6
50:M 16 Nov 12:03:39.739 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
50:M 16 Nov 12:03:39.739 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
50:M 16 Nov 12:03:39.743 * DB loaded from disk: 0.004 seconds
50:M 16 Nov 12:03:39.746 * The server is now ready to accept connections on port 6379
rsyslogd: command 'KLogPermitNonKernelFacility' is currently not permitted - did you already set it via a RainerScript command (v6+ config)? [v8.16.0 try http://www.rsyslog.com/e/2222 ]
rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.
rsyslogd: activation of module imklog failed [v8.16.0 try http://www.rsyslog.com/e/2145 ]
rsyslogd: Could not open output pipe '/dev/xconsole':: No such file or directory [v8.16.0 try http://www.rsyslog.com/e/2039 ]
2016-11-16 12:03:40 UTC [68-1] LOG:  database system was shut down at 2016-11-16 12:02:13 UTC
2016-11-16 12:03:40 UTC [68-2] LOG:  MultiXact member wraparound protections are now enabled
2016-11-16 12:03:40 UTC [53-1] LOG:  database system is ready to accept connections
2016-11-16 12:03:40 UTC [72-1] LOG:  autovacuum launcher started
supervisor pid: 51 unicorn pid: 74
50:M 16 Nov 12:08:40.031 * 10 changes in 300 seconds. Saving...
50:M 16 Nov 12:08:40.037 * Background saving started by pid 900
900:C 16 Nov 12:08:40.044 * DB saved on disk
900:C 16 Nov 12:08:40.044 * RDB: 2 MB of memory used by copy-on-write
50:M 16 Nov 12:08:40.140 * Background saving terminated with success
50:M 16 Nov 12:13:41.029 * 10 changes in 300 seconds. Saving...
50:M 16 Nov 12:13:41.030 * Background saving started by pid 1232
1232:C 16 Nov 12:13:41.070 * DB saved on disk
1232:C 16 Nov 12:13:41.071 * RDB: 0 MB of memory used by copy-on-write
50:M 16 Nov 12:13:41.130 * Background saving terminated with success
50:M 16 Nov 12:18:42.033 * 10 changes in 300 seconds. Saving...
50:M 16 Nov 12:18:42.033 * Background saving started by pid 1579
1579:C 16 Nov 12:18:42.041 * DB saved on disk
1579:C 16 Nov 12:18:42.042 * RDB: 0 MB of memory used by copy-on-write
50:M 16 Nov 12:18:42.134 * Background saving terminated with success