Failed to bootstrap (/tmp/add-cloudflare-ips)

Hello!

I have this error when try rebuild:

FAILED
--------------------
Pups::ExecError: /tmp/add-cloudflare-ips failed with return #<Process::Status: pid 1484 exit 8>
Location of failure: /usr/local/lib/ruby/gems/2.7.0/gems/pups-1.1.1/lib/pups/exec_command.rb:117:in `spawn'
exec failed with the params "/tmp/add-cloudflare-ips"
9fe8337bb7b8e64abb480bd2527551585759e48df340dc74bb84c67bdf1ee6b2
** FAILED TO BOOTSTRAP ** please scroll up and look for earlier error messages, there may be more than one.
./discourse-doctor may help diagnose the problem.

This error was safe with enable and disable proxy (orange cloud) on CloudFlare :frowning:

1 Like

Can you scroll up and show the output from above where the /tmp/add-cloudflare-ips command fails?

Done compiling CSS: 2022-03-22 16:54:37 UTC
I, [2022-03-22T16:54:37.832057 #1]  INFO -- : Downloading MaxMindDB...
Compressing Javascript and Generating Source Maps

I, [2022-03-22T16:54:37.874506 #1]  INFO -- : File > /usr/local/bin/discourse  chmod: +x  chown:
I, [2022-03-22T16:54:37.880784 #1]  INFO -- : File > /usr/local/bin/rails  chmod: +x  chown:
I, [2022-03-22T16:54:37.887872 #1]  INFO -- : File > /usr/local/bin/rake  chmod: +x  chown:
I, [2022-03-22T16:54:37.894248 #1]  INFO -- : File > /usr/local/bin/rbtrace  chmod: +x  chown:
I, [2022-03-22T16:54:37.900136 #1]  INFO -- : File > /usr/local/bin/stackprof  chmod: +x  chown:
I, [2022-03-22T16:54:37.907873 #1]  INFO -- : File > /etc/update-motd.d/10-web  chmod: +x  chown:
I, [2022-03-22T16:54:37.912825 #1]  INFO -- : File > /etc/logrotate.d/rails  chmod:   chown:
I, [2022-03-22T16:54:37.917132 #1]  INFO -- : File > /etc/logrotate.d/nginx  chmod:   chown:
I, [2022-03-22T16:54:37.924129 #1]  INFO -- : File > /etc/runit/1.d/00-ensure-links  chmod: +x  chown:
I, [2022-03-22T16:54:37.930083 #1]  INFO -- : File > /etc/runit/1.d/01-cleanup-web-pids  chmod: +x  chown:
I, [2022-03-22T16:54:37.936780 #1]  INFO -- : File > /root/.bash_profile  chmod: 644  chown:
I, [2022-03-22T16:54:37.941664 #1]  INFO -- : File > /usr/local/etc/ImageMagick-7/policy.xml  chmod:   chown:
I, [2022-03-22T16:54:37.949303 #1]  INFO -- : Replacing (?-mix:server.+{) with limit_req_zone $binary_remote_addr zone=flood:10m rate=$reqs_per_secondr/s;
limit_req_zone $binary_remote_addr zone=bot:10m rate=$reqs_per_minuter/m;
limit_req_status 429;
limit_conn_zone $binary_remote_addr zone=connperip:10m;
limit_conn_status 429;
server {
 in /etc/nginx/conf.d/discourse.conf
I, [2022-03-22T16:54:37.952599 #1]  INFO -- : Replacing (?-mix:location @discourse {) with location @discourse {
  limit_conn connperip $conn_per_ip;
  limit_req zone=flood burst=$burst_per_second nodelay;
  limit_req zone=bot burst=$burst_per_minute nodelay; in /etc/nginx/conf.d/discourse.conf
I, [2022-03-22T16:54:37.960935 #1]  INFO -- : File > /tmp/add-cloudflare-ips  chmod: +x  chown:
I, [2022-03-22T16:54:37.961856 #1]  INFO -- : > /tmp/add-cloudflare-ips
--2022-03-22 16:54:37--  https://www.cloudflare.com/ips-v4/
Resolving www.cloudflare.com (www.cloudflare.com)... 104.16.124.96, 104.16.123.96, 2606:4700::6810:7c60, ...
Connecting to www.cloudflare.com (www.cloudflare.com)|104.16.124.96|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2022-03-22 16:54:38 ERROR 403: Forbidden.

I, [2022-03-22T16:54:38.130543 #1]  INFO -- :
I, [2022-03-22T16:54:38.146489 #1]  INFO -- : Terminating async processes
I, [2022-03-22T16:54:38.148916 #1]  INFO -- : Sending INT to HOME=/var/lib/postgresql USER=postgres exec chpst -u postgres:postgres:ssl-cert -U postgres:postgres:ssl-cert /usr/lib/postgresql/13/bin/postmaster -D /etc/postgresql/13/main pid: 42
2022-03-22 16:54:38.149 UTC [42] LOG:  received fast shutdown request
I, [2022-03-22T16:54:38.150508 #1]  INFO -- : Sending TERM to exec chpst -u redis -U redis /usr/bin/redis-server /etc/redis/redis.conf pid: 103
103:signal-handler (1647968078) Received SIGTERM scheduling shutdown...
2022-03-22 16:54:38.155 UTC [42] LOG:  aborting any active transactions
2022-03-22 16:54:38.167 UTC [42] LOG:  background worker "logical replication launcher" (PID 51) exited with exit code 1
2022-03-22 16:54:38.171 UTC [46] LOG:  shutting down
103:M 22 Mar 2022 16:54:38.203 # User requested shutdown...
103:M 22 Mar 2022 16:54:38.204 * Saving the final RDB snapshot before exiting.
103:M 22 Mar 2022 16:54:38.213 * DB saved on disk
103:M 22 Mar 2022 16:54:38.214 # Redis is now ready to exit, bye bye...
2022-03-22 16:54:38.228 UTC [42] LOG:  database system is shut down


FAILED
--------------------
Pups::ExecError: /tmp/add-cloudflare-ips failed with return #<Process::Status: pid 1487 exit 8>
Location of failure: /usr/local/lib/ruby/gems/2.7.0/gems/pups-1.1.1/lib/pups/exec_command.rb:117:in `spawn'
exec failed with the params "/tmp/add-cloudflare-ips"
3123cbaef859e04ff382e3194e1745b88ee6e4777de9f0f7b45cb6cf2ac6d757
** FAILED TO BOOTSTRAP ** please scroll up and look for earlier error messages, there may be more than one.
./discourse-doctor may help diagnose the problem.
root@app:/var/discourse#

Cloudflare has blocked your IP from retrieving its list of IPs. You can try again, ask them why, or manage the list yourself.

To fix the immediate problem I would probably retrieve the list from your local computer and adapt the template to hardcode it instead of retrieving from Cloudflare, then get in touch with them.

@RyanK any suggestions on this? our template pulls the lists every build, but this shouldn’t be a problem. I would expect to get 429 rate-limited rather than 403ed if it were

3 Likes

Sorry, for the question, I’m not profi :frowning: How I can added CloudFlare IPs without use this template cloudflare.template.yml? I’m use Discourse Docker on Ubuntu 20.04.

I have the same issue on two separate instances, different IP’s. @GreenOWL what DC are you using?

1 Like

If Cloudflare is blocking your access and you aren’t familiar enough to manually fix it I deeply recommend removing the Cloudflare fronting.

4 Likes

Opens the hell gates for abusers.

1 Like

Your hosting provider data center.

1 Like

Unless you run a community that attracts abusers it shouldn’t be a problem. And running discourse if such a way that your ip isn’t leaked is rather tricky.

Variant 2.

If you can’t help - stop offended users.

Actually the template action can be embeded manually by fetching the CF IPs from another IP. @Falco gave you a solid advice.

Yes, vultr aswell. I guess you should post a ticket to them mentioning its a problem on all their IPs

Check in your yaml the location of the mounted volume.

I try replace url cloudflare.com/ips-v4/, cloudflare.com/ips-v6/ in cloudflare.template.yml to IPs on my server (when hosted ip list).

contents: |
        #!/bin/bash -e
        # Download list of CloudFlare ips
        wget -q https://www.myserver.com/ips-v4/ -O - > /tmp/cloudflare-ips
        echo >> /tmp/cloudflare-ips
        wget -q https://www.myserver.com/ips-v6/ -O - >> /tmp/cloudflare-ips
        # Make into nginx commands and escape for inclusion into sed append command
        CONTENTS=$(</tmp/cloudflare-ips sed '/^$/d; s/^.*/set_real_ip_from &;/' | tr '\n' '\\' | sed 's/\\/\\n/g')

Have this result

I, [2022-03-22T18:49:10.469231 #1]  INFO -- : Downloading MaxMindDB...
Compressing Javascript and Generating Source Maps

I, [2022-03-22T18:49:10.514524 #1]  INFO -- : File > /usr/local/bin/discourse  chmod: +x  chown:
I, [2022-03-22T18:49:10.521050 #1]  INFO -- : File > /usr/local/bin/rails  chmod: +x  chown:
I, [2022-03-22T18:49:10.528727 #1]  INFO -- : File > /usr/local/bin/rake  chmod: +x  chown:
I, [2022-03-22T18:49:10.534748 #1]  INFO -- : File > /usr/local/bin/rbtrace  chmod: +x  chown:
I, [2022-03-22T18:49:10.541288 #1]  INFO -- : File > /usr/local/bin/stackprof  chmod: +x  chown:
I, [2022-03-22T18:49:10.549718 #1]  INFO -- : File > /etc/update-motd.d/10-web  chmod: +x  chown:
I, [2022-03-22T18:49:10.554428 #1]  INFO -- : File > /etc/logrotate.d/rails  chmod:   chown:
I, [2022-03-22T18:49:10.558589 #1]  INFO -- : File > /etc/logrotate.d/nginx  chmod:   chown:
I, [2022-03-22T18:49:10.565929 #1]  INFO -- : File > /etc/runit/1.d/00-ensure-links  chmod: +x  chown:
I, [2022-03-22T18:49:10.571595 #1]  INFO -- : File > /etc/runit/1.d/01-cleanup-web-pids  chmod: +x  chown:
I, [2022-03-22T18:49:10.578243 #1]  INFO -- : File > /root/.bash_profile  chmod: 644  chown:
I, [2022-03-22T18:49:10.583602 #1]  INFO -- : File > /usr/local/etc/ImageMagick-7/policy.xml  chmod:   chown:
I, [2022-03-22T18:49:10.589959 #1]  INFO -- : Replacing (?-mix:server.+{) with limit_req_zone $binary_remote_addr zone=flood:10m rate=$reqs_per_secondr/s;
limit_req_zone $binary_remote_addr zone=bot:10m rate=$reqs_per_minuter/m;
limit_req_status 429;
limit_conn_zone $binary_remote_addr zone=connperip:10m;
limit_conn_status 429;
server {
 in /etc/nginx/conf.d/discourse.conf
I, [2022-03-22T18:49:10.592764 #1]  INFO -- : Replacing (?-mix:location @discourse {) with location @discourse {
  limit_conn connperip $conn_per_ip;
  limit_req zone=flood burst=$burst_per_second nodelay;
  limit_req zone=bot burst=$burst_per_minute nodelay; in /etc/nginx/conf.d/discourse.conf
I, [2022-03-22T18:49:10.601940 #1]  INFO -- : File > /tmp/add-cloudflare-ips  chmod: +x  chown:
I, [2022-03-22T18:49:10.604368 #1]  INFO -- : > /tmp/add-cloudflare-ips
I, [2022-03-22T18:49:10.791696 #1]  INFO -- :
I, [2022-03-22T18:49:10.811681 #1]  INFO -- : Terminating async processes
I, [2022-03-22T18:49:10.813970 #1]  INFO -- : Sending INT to HOME=/var/lib/postgresql USER=postgres exec chpst -u postgres:postgres:ssl-cert -U postgres:postgres:ssl-cert /usr/lib/postgresql/13/bin/postmaster -D /etc/postgresql/13/main pid: 42
2022-03-22 18:49:10.815 UTC [42] LOG:  received fast shutdown request
I, [2022-03-22T18:49:10.816541 #1]  INFO -- : Sending TERM to exec chpst -u redis -U redis /usr/bin/redis-server /etc/redis/redis.conf pid: 103
103:signal-handler (1647974950) Received SIGTERM scheduling shutdown...
2022-03-22 18:49:10.820 UTC [42] LOG:  aborting any active transactions
2022-03-22 18:49:10.834 UTC [42] LOG:  background worker "logical replication launcher" (PID 51) exited with exit code 1
2022-03-22 18:49:10.837 UTC [46] LOG:  shutting down
2022-03-22 18:49:10.877 UTC [42] LOG:  database system is shut down
103:M 22 Mar 2022 18:49:10.896 # User requested shutdown...
103:M 22 Mar 2022 18:49:10.897 * Saving the final RDB snapshot before exiting.
103:M 22 Mar 2022 18:49:10.923 * DB saved on disk
103:M 22 Mar 2022 18:49:10.924 # Redis is now ready to exit, bye bye...


FAILED
--------------------
Pups::ExecError: /tmp/add-cloudflare-ips failed with return #<Process::Status: pid 1487 exit 8>
Location of failure: /usr/local/lib/ruby/gems/2.7.0/gems/pups-1.1.1/lib/pups/exec_command.rb:117:in `spawn'
exec failed with the params "/tmp/add-cloudflare-ips"
7b755fd1f149c4b1bfb984edccf952001a7d97621aba59a111d07784bf39dc78
** FAILED TO BOOTSTRAP ** please scroll up and look for earlier error messages, there may be more than one.
./discourse-doctor may help diagnose the problem.

Try copying the existing cloudflare.template.yml to cloudflare-static.template.yml and replace the top part to make it look like:

run:
  - file:
      path: /tmp/add-cloudflare-ips
      chmod: +x
      contents: |
        #!/bin/bash -e
        cat <<EOF > /tmp/cloudflare-ips
        173.245.48.0/20
        103.21.244.0/22
        103.22.200.0/22
        103.31.4.0/22
        141.101.64.0/18
        108.162.192.0/18
        190.93.240.0/20
        188.114.96.0/20
        197.234.240.0/22
        198.41.128.0/17
        162.158.0.0/15
        104.16.0.0/13
        104.24.0.0/14
        172.64.0.0/13
        131.0.72.0/22
        2400:cb00::/32
        2606:4700::/32
        2803:f800::/32
        2405:b500::/32
        2405:8100::/32
        2a06:98c0::/29
        2c0f:f248::/32
        EOF
        # Make into nginx commands and escape for inclusion into sed append command
        CONTENTS=$(</tmp/cloudflare-ips sed '/^$/d; s/^.*/set_real_ip_from &;/' | tr '\n' '\\' | sed 's/\\/\\n/g')
        
        echo CloudFlare IPs:
        echo $(echo | sed "/^/a $CONTENTS")
        # Insert into discourse.conf
        sed -i "/sendfile on;/a $CONTENTS\nreal_ip_header CF-Connecting-IP;" /etc/nginx/conf.d/discourse.conf
        # Clean up
        rm /tmp/cloudflare-ips

  - exec: "/tmp/add-cloudflare-ips"
  - exec: "rm /tmp/add-cloudflare-ips"

Then change your app container to use the -static template instead of the original one.

Don’t leave it like that forever.

3 Likes

I can fix it in cloudflare.template.yml

I’m use GitHub to hosting CloudFlare IPs list and have this error becouse use link with symbol /

        # Download list of CloudFlare ips
        wget https://raw.githubusercontent.com/xxx-cloud/CloudFlare-IPs/main/ips-v4/ -O - > /tmp/cloudflare-ips
        echo >> /tmp/cloudflare-ips
        wget https://raw.githubusercontent.com/xxx-cloud/CloudFlare-IPs/main/ips-v6/ -O - >> /tmp/cloudflare-ips

Need url without / this:

        # Download list of CloudFlare ips
        wget https://raw.githubusercontent.com/xxx-cloud/CloudFlare-IPs/main/ips-v4 -O - > /tmp/cloudflare-ips
        echo >> /tmp/cloudflare-ips
        wget https://raw.githubusercontent.com/xxx-cloud/CloudFlare-IPs/main/ips-v6 -O - >> /tmp/cloudflare-ips

It’s work :slight_smile:

I think in the perspective need create mirror to CloudFlare IPs website https://www.cloudflare.com/ips-v4 and https://www.cloudflare.com/ips-v6 to get fresh list and bypass block.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.