Failed to bootstrap (/tmp/add-cloudflare-ips)

Hello!

I have this error when try rebuild:

FAILED
--------------------
Pups::ExecError: /tmp/add-cloudflare-ips failed with return #<Process::Status: pid 1484 exit 8>
Location of failure: /usr/local/lib/ruby/gems/2.7.0/gems/pups-1.1.1/lib/pups/exec_command.rb:117:in `spawn'
exec failed with the params "/tmp/add-cloudflare-ips"
9fe8337bb7b8e64abb480bd2527551585759e48df340dc74bb84c67bdf1ee6b2
** FAILED TO BOOTSTRAP ** please scroll up and look for earlier error messages, there may be more than one.
./discourse-doctor may help diagnose the problem.

This error was safe with enable and disable proxy (orange cloud) on CloudFlare

Can you scroll up and show the output from above where the /tmp/add-cloudflare-ips command fails?

Done compiling CSS: 2022-03-22 16:54:37 UTC
I, [2022-03-22T16:54:37.832057 #1]  INFO -- : Downloading MaxMindDB...
Compressing Javascript and Generating Source Maps

I, [2022-03-22T16:54:37.874506 #1]  INFO -- : File > /usr/local/bin/discourse  chmod: +x  chown:
I, [2022-03-22T16:54:37.880784 #1]  INFO -- : File > /usr/local/bin/rails  chmod: +x  chown:
I, [2022-03-22T16:54:37.887872 #1]  INFO -- : File > /usr/local/bin/rake  chmod: +x  chown:
I, [2022-03-22T16:54:37.894248 #1]  INFO -- : File > /usr/local/bin/rbtrace  chmod: +x  chown:
I, [2022-03-22T16:54:37.900136 #1]  INFO -- : File > /usr/local/bin/stackprof  chmod: +x  chown:
I, [2022-03-22T16:54:37.907873 #1]  INFO -- : File > /etc/update-motd.d/10-web  chmod: +x  chown:
I, [2022-03-22T16:54:37.912825 #1]  INFO -- : File > /etc/logrotate.d/rails  chmod:   chown:
I, [2022-03-22T16:54:37.917132 #1]  INFO -- : File > /etc/logrotate.d/nginx  chmod:   chown:
I, [2022-03-22T16:54:37.924129 #1]  INFO -- : File > /etc/runit/1.d/00-ensure-links  chmod: +x  chown:
I, [2022-03-22T16:54:37.930083 #1]  INFO -- : File > /etc/runit/1.d/01-cleanup-web-pids  chmod: +x  chown:
I, [2022-03-22T16:54:37.936780 #1]  INFO -- : File > /root/.bash_profile  chmod: 644  chown:
I, [2022-03-22T16:54:37.941664 #1]  INFO -- : File > /usr/local/etc/ImageMagick-7/policy.xml  chmod:   chown:
I, [2022-03-22T16:54:37.949303 #1]  INFO -- : Replacing (?-mix:server.+{) with limit_req_zone $binary_remote_addr zone=flood:10m rate=$reqs_per_secondr/s;
limit_req_zone $binary_remote_addr zone=bot:10m rate=$reqs_per_minuter/m;
limit_req_status 429;
limit_conn_zone $binary_remote_addr zone=connperip:10m;
limit_conn_status 429;
server {
 in /etc/nginx/conf.d/discourse.conf
I, [2022-03-22T16:54:37.952599 #1]  INFO -- : Replacing (?-mix:location @discourse {) with location @discourse {
  limit_conn connperip $conn_per_ip;
  limit_req zone=flood burst=$burst_per_second nodelay;
  limit_req zone=bot burst=$burst_per_minute nodelay; in /etc/nginx/conf.d/discourse.conf
I, [2022-03-22T16:54:37.960935 #1]  INFO -- : File > /tmp/add-cloudflare-ips  chmod: +x  chown:
I, [2022-03-22T16:54:37.961856 #1]  INFO -- : > /tmp/add-cloudflare-ips
--2022-03-22 16:54:37--  https://www.cloudflare.com/ips-v4/
Resolving www.cloudflare.com (www.cloudflare.com)... 104.16.124.96, 104.16.123.96, 2606:4700::6810:7c60, ...
Connecting to www.cloudflare.com (www.cloudflare.com)|104.16.124.96|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2022-03-22 16:54:38 ERROR 403: Forbidden.

I, [2022-03-22T16:54:38.130543 #1]  INFO -- :
I, [2022-03-22T16:54:38.146489 #1]  INFO -- : Terminating async processes
I, [2022-03-22T16:54:38.148916 #1]  INFO -- : Sending INT to HOME=/var/lib/postgresql USER=postgres exec chpst -u postgres:postgres:ssl-cert -U postgres:postgres:ssl-cert /usr/lib/postgresql/13/bin/postmaster -D /etc/postgresql/13/main pid: 42
2022-03-22 16:54:38.149 UTC [42] LOG:  received fast shutdown request
I, [2022-03-22T16:54:38.150508 #1]  INFO -- : Sending TERM to exec chpst -u redis -U redis /usr/bin/redis-server /etc/redis/redis.conf pid: 103
103:signal-handler (1647968078) Received SIGTERM scheduling shutdown...
2022-03-22 16:54:38.155 UTC [42] LOG:  aborting any active transactions
2022-03-22 16:54:38.167 UTC [42] LOG:  background worker "logical replication launcher" (PID 51) exited with exit code 1
2022-03-22 16:54:38.171 UTC [46] LOG:  shutting down
103:M 22 Mar 2022 16:54:38.203 # User requested shutdown...
103:M 22 Mar 2022 16:54:38.204 * Saving the final RDB snapshot before exiting.
103:M 22 Mar 2022 16:54:38.213 * DB saved on disk
103:M 22 Mar 2022 16:54:38.214 # Redis is now ready to exit, bye bye...
2022-03-22 16:54:38.228 UTC [42] LOG:  database system is shut down


FAILED
--------------------
Pups::ExecError: /tmp/add-cloudflare-ips failed with return #<Process::Status: pid 1487 exit 8>
Location of failure: /usr/local/lib/ruby/gems/2.7.0/gems/pups-1.1.1/lib/pups/exec_command.rb:117:in `spawn'
exec failed with the params "/tmp/add-cloudflare-ips"
3123cbaef859e04ff382e3194e1745b88ee6e4777de9f0f7b45cb6cf2ac6d757
** FAILED TO BOOTSTRAP ** please scroll up and look for earlier error messages, there may be more than one.
./discourse-doctor may help diagnose the problem.
root@app:/var/discourse#

Cloudflare has blocked your IP from retrieving its list of IPs. You can try again, ask them why, or manage the list yourself.

To fix the immediate problem I would probably retrieve the list from your local computer and adapt the template to hardcode it instead of retrieving from Cloudflare, then get in touch with them.

@RyanK any suggestions on this? our template pulls the lists every build, but this shouldn’t be a problem. I would expect to get 429 rate-limited rather than 403ed if it were

Sorry, for the question, I’m not profi How I can added CloudFlare IPs without use this template cloudflare.template.yml? I’m use Discourse Docker on Ubuntu 20.04.

I have the same issue on two separate instances, different IP’s. @GreenOWL what DC are you using?

If Cloudflare is blocking your access and you aren’t familiar enough to manually fix it I deeply recommend removing the Cloudflare fronting.

Opens the hell gates for abusers.

Your hosting provider data center.

Unless you run a community that attracts abusers it shouldn’t be a problem. And running discourse if such a way that your ip isn’t leaked is rather tricky.

Variant 2.

If you can’t help - stop offended users.

Actually the template action can be embeded manually by fetching the CF IPs from another IP. @Falco gave you a solid advice.

Yes, vultr aswell. I guess you should post a ticket to them mentioning its a problem on all their IPs

Check in your yaml the location of the mounted volume.

I try replace url cloudflare.com/ips-v4/, cloudflare.com/ips-v6/ in cloudflare.template.yml to IPs on my server (when hosted ip list).

contents: |
        #!/bin/bash -e
        # Download list of CloudFlare ips
        wget -q https://www.myserver.com/ips-v4/ -O - > /tmp/cloudflare-ips
        echo >> /tmp/cloudflare-ips
        wget -q https://www.myserver.com/ips-v6/ -O - >> /tmp/cloudflare-ips
        # Make into nginx commands and escape for inclusion into sed append command
        CONTENTS=$(</tmp/cloudflare-ips sed '/^$/d; s/^.*/set_real_ip_from &;/' | tr '\n' '\\' | sed 's/\\/\\n/g')

Have this result

I, [2022-03-22T18:49:10.469231 #1]  INFO -- : Downloading MaxMindDB...
Compressing Javascript and Generating Source Maps

I, [2022-03-22T18:49:10.514524 #1]  INFO -- : File > /usr/local/bin/discourse  chmod: +x  chown:
I, [2022-03-22T18:49:10.521050 #1]  INFO -- : File > /usr/local/bin/rails  chmod: +x  chown:
I, [2022-03-22T18:49:10.528727 #1]  INFO -- : File > /usr/local/bin/rake  chmod: +x  chown:
I, [2022-03-22T18:49:10.534748 #1]  INFO -- : File > /usr/local/bin/rbtrace  chmod: +x  chown:
I, [2022-03-22T18:49:10.541288 #1]  INFO -- : File > /usr/local/bin/stackprof  chmod: +x  chown:
I, [2022-03-22T18:49:10.549718 #1]  INFO -- : File > /etc/update-motd.d/10-web  chmod: +x  chown:
I, [2022-03-22T18:49:10.554428 #1]  INFO -- : File > /etc/logrotate.d/rails  chmod:   chown:
I, [2022-03-22T18:49:10.558589 #1]  INFO -- : File > /etc/logrotate.d/nginx  chmod:   chown:
I, [2022-03-22T18:49:10.565929 #1]  INFO -- : File > /etc/runit/1.d/00-ensure-links  chmod: +x  chown:
I, [2022-03-22T18:49:10.571595 #1]  INFO -- : File > /etc/runit/1.d/01-cleanup-web-pids  chmod: +x  chown:
I, [2022-03-22T18:49:10.578243 #1]  INFO -- : File > /root/.bash_profile  chmod: 644  chown:
I, [2022-03-22T18:49:10.583602 #1]  INFO -- : File > /usr/local/etc/ImageMagick-7/policy.xml  chmod:   chown:
I, [2022-03-22T18:49:10.589959 #1]  INFO -- : Replacing (?-mix:server.+{) with limit_req_zone $binary_remote_addr zone=flood:10m rate=$reqs_per_secondr/s;
limit_req_zone $binary_remote_addr zone=bot:10m rate=$reqs_per_minuter/m;
limit_req_status 429;
limit_conn_zone $binary_remote_addr zone=connperip:10m;
limit_conn_status 429;
server {
 in /etc/nginx/conf.d/discourse.conf
I, [2022-03-22T18:49:10.592764 #1]  INFO -- : Replacing (?-mix:location @discourse {) with location @discourse {
  limit_conn connperip $conn_per_ip;
  limit_req zone=flood burst=$burst_per_second nodelay;
  limit_req zone=bot burst=$burst_per_minute nodelay; in /etc/nginx/conf.d/discourse.conf
I, [2022-03-22T18:49:10.601940 #1]  INFO -- : File > /tmp/add-cloudflare-ips  chmod: +x  chown:
I, [2022-03-22T18:49:10.604368 #1]  INFO -- : > /tmp/add-cloudflare-ips
I, [2022-03-22T18:49:10.791696 #1]  INFO -- :
I, [2022-03-22T18:49:10.811681 #1]  INFO -- : Terminating async processes
I, [2022-03-22T18:49:10.813970 #1]  INFO -- : Sending INT to HOME=/var/lib/postgresql USER=postgres exec chpst -u postgres:postgres:ssl-cert -U postgres:postgres:ssl-cert /usr/lib/postgresql/13/bin/postmaster -D /etc/postgresql/13/main pid: 42
2022-03-22 18:49:10.815 UTC [42] LOG:  received fast shutdown request
I, [2022-03-22T18:49:10.816541 #1]  INFO -- : Sending TERM to exec chpst -u redis -U redis /usr/bin/redis-server /etc/redis/redis.conf pid: 103
103:signal-handler (1647974950) Received SIGTERM scheduling shutdown...
2022-03-22 18:49:10.820 UTC [42] LOG:  aborting any active transactions
2022-03-22 18:49:10.834 UTC [42] LOG:  background worker "logical replication launcher" (PID 51) exited with exit code 1
2022-03-22 18:49:10.837 UTC [46] LOG:  shutting down
2022-03-22 18:49:10.877 UTC [42] LOG:  database system is shut down
103:M 22 Mar 2022 18:49:10.896 # User requested shutdown...
103:M 22 Mar 2022 18:49:10.897 * Saving the final RDB snapshot before exiting.
103:M 22 Mar 2022 18:49:10.923 * DB saved on disk
103:M 22 Mar 2022 18:49:10.924 # Redis is now ready to exit, bye bye...


FAILED
--------------------
Pups::ExecError: /tmp/add-cloudflare-ips failed with return #<Process::Status: pid 1487 exit 8>
Location of failure: /usr/local/lib/ruby/gems/2.7.0/gems/pups-1.1.1/lib/pups/exec_command.rb:117:in `spawn'
exec failed with the params "/tmp/add-cloudflare-ips"
7b755fd1f149c4b1bfb984edccf952001a7d97621aba59a111d07784bf39dc78
** FAILED TO BOOTSTRAP ** please scroll up and look for earlier error messages, there may be more than one.
./discourse-doctor may help diagnose the problem.

Try copying the existing cloudflare.template.yml to cloudflare-static.template.yml and replace the top part to make it look like:

run:
  - file:
      path: /tmp/add-cloudflare-ips
      chmod: +x
      contents: |
        #!/bin/bash -e
        cat <<EOF > /tmp/cloudflare-ips
        173.245.48.0/20
        103.21.244.0/22
        103.22.200.0/22
        103.31.4.0/22
        141.101.64.0/18
        108.162.192.0/18
        190.93.240.0/20
        188.114.96.0/20
        197.234.240.0/22
        198.41.128.0/17
        162.158.0.0/15
        104.16.0.0/13
        104.24.0.0/14
        172.64.0.0/13
        131.0.72.0/22
        2400:cb00::/32
        2606:4700::/32
        2803:f800::/32
        2405:b500::/32
        2405:8100::/32
        2a06:98c0::/29
        2c0f:f248::/32
        EOF
        # Make into nginx commands and escape for inclusion into sed append command
        CONTENTS=$(</tmp/cloudflare-ips sed '/^$/d; s/^.*/set_real_ip_from &;/' | tr '\n' '\\' | sed 's/\\/\\n/g')
        
        echo CloudFlare IPs:
        echo $(echo | sed "/^/a $CONTENTS")
        # Insert into discourse.conf
        sed -i "/sendfile on;/a $CONTENTS\nreal_ip_header CF-Connecting-IP;" /etc/nginx/conf.d/discourse.conf
        # Clean up
        rm /tmp/cloudflare-ips

  - exec: "/tmp/add-cloudflare-ips"
  - exec: "rm /tmp/add-cloudflare-ips"

Then change your app container to use the -static template instead of the original one.

Don’t leave it like that forever.

I can fix it in cloudflare.template.yml

I’m use GitHub to hosting CloudFlare IPs list and have this error becouse use link with symbol /

        # Download list of CloudFlare ips
        wget https://raw.githubusercontent.com/xxx-cloud/CloudFlare-IPs/main/ips-v4/ -O - > /tmp/cloudflare-ips
        echo >> /tmp/cloudflare-ips
        wget https://raw.githubusercontent.com/xxx-cloud/CloudFlare-IPs/main/ips-v6/ -O - >> /tmp/cloudflare-ips

Need url without / this:

        # Download list of CloudFlare ips
        wget https://raw.githubusercontent.com/xxx-cloud/CloudFlare-IPs/main/ips-v4 -O - > /tmp/cloudflare-ips
        echo >> /tmp/cloudflare-ips
        wget https://raw.githubusercontent.com/xxx-cloud/CloudFlare-IPs/main/ips-v6 -O - >> /tmp/cloudflare-ips

It’s work

I think in the perspective need create mirror to CloudFlare IPs website https://www.cloudflare.com/ips-v4 and https://www.cloudflare.com/ips-v6 to get fresh list and bypass block.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.