[изображение удалено]
Я перенес это в новую тему @Monikas. Для уточнения: вы заметили эту проблему после недавнего обновления сайта?
Также проверьте justnainai.com/logs — обычно к такому сообщению об ошибке, которое видит пользователь, прилагается соответствующая запись в логах.
Я не понимаю, что означает эта ошибка.
На прошлой неделе я перенес свои форумы, используя резервные копии и переопределения app.yml, затем переключил SMTP с Microsoft Mail 360 на Google Mail. Кроме того, я использовал панель 1Panel для создания инфраструктуры на основе «Веб-платформы OpenResty на базе NGINX и LuaJIT», а также настроил обратные прокси-серверы. Вот исходный код конфигурации обратного прокси и его конфигурационный файл.
error.txt|вложение (614.2 КБ)
Также я использовал Cloudflare и следовал конфигурации, описанной на форумах, для настройки:
Результаты поиска по запросу ‘cloudflare’ - Discourse Meta
Сертификат использует Origin Server в Cloudflare.
У меня не запущено никаких брандмауэров.
Конфигурация веб-сайта
server {
listen 80 ;
listen 443 ssl http2 ;
server_name www.justnainai.com;
index index.php index.html index.htm default.php default.htm default.html;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
access_log /www/sites/www.justnainai.com/log/access.log main;
error_log /www/sites/www.justnainai.com/log/error.log;
location ^~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
include /www/sites/www.justnainai.com/proxy/*.conf;
if ($scheme = http) {
return 301 https://$host$request_uri;
}
ssl_certificate /www/sites/www.justnainai.com/ssl/fullchain.pem;
ssl_certificate_key /www/sites/www.justnainai.com/ssl/privkey.pem;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!SRP:!CAMELLIA:!SEED;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
proxy_set_header X-Forwarded-Proto https;
add_header Strict-Transport-Security "max-age=31536000";
}
Оригинальный обратный прокси
location ^~ / {
proxy_pass http://127.0.0.1:50080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
add_header X-Cache $upstream_cache_status;
add_header Cache-Control no-cache;
proxy_ssl_server_name off;
proxy_ssl_name $proxy_host;
add_header Strict-Transport-Security “max-age=31536000”;
}
(google_oauth2) Ошибка аутентификации! access_denied: OmniAuth::Strategies::OAuth2::CallbackError, access_denied
ОШИБКА
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:134:in `block in error'
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `block in dispatch'
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `each'
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `dispatch'
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:134:in `error'
omniauth-1.9.2/lib/omniauth/strategy.rb:163:in `log'
omniauth-1.9.2/lib/omniauth/strategy.rb:486:in `fail!'
omniauth-oauth2-1.7.3/lib/omniauth/strategies/oauth2.rb:89:in `callback_phase'
omniauth-1.9.2/lib/omniauth/strategy.rb:238:in `callback_call'
omniauth-1.9.2/lib/omniauth/strategy.rb:189:in `call!'
omniauth-1.9.2/lib/omniauth/strategy.rb:169:in `call'
omniauth-1.9.2/lib/omniauth/builder.rb:45:in `call'
/var/www/discourse/lib/middleware/omniauth_bypass_middleware.rb:43:in `call'
rack-2.2.10/lib/rack/tempfile_reaper.rb:15:in `call'
rack-2.2.10/lib/rack/conditional_get.rb:27:in `call'
rack-2.2.10/lib/rack/head.rb:12:in `call'
actionpack-7.2.2/lib/action_dispatch/http/permissions_policy.rb:38:in `call'
/var/www/discourse/lib/content_security_policy/middleware.rb:12:in `call'
/var/www/discourse/lib/middleware/anonymous_cache.rb:397:in `call'
/var/www/discourse/lib/middleware/csp_script_nonce_injector.rb:12:in `call'
/var/www/discourse/config/initializers/008-rack-cors.rb:14:in `call'
rack-2.2.10/lib/rack/session/abstract/id.rb:266:in `context'
rack-2.2.10/lib/rack/session/abstract/id.rb:260:in `call'
actionpack-7.2.2/lib/action_dispatch/middleware/cookies.rb:704:in `call'
actionpack-7.2.2/lib/action_dispatch/middleware/callbacks.rb:31:in `block in call'
activesupport-7.2.2/lib/active_support/callbacks.rb:101:in `run_callbacks'
actionpack-7.2.2/lib/action_dispatch/middleware/callbacks.rb:30:in `call'
actionpack-7.2.2/lib/action_dispatch/middleware/debug_exceptions.rb:31:in `call'
actionpack-7.2.2/lib/action_dispatch/middleware/show_exceptions.rb:32:in `call'
logster-2.20.0/lib/logster/middleware/reporter.rb:40:in `call'
railties-7.2.2/lib/rails/rack/logger.rb:41:in `call_app'
railties-7.2.2/lib/rails/rack/logger.rb:29:in `call'
/var/www/discourse/config/initializers/100-quiet_logger.rb:20:in `call'
/var/www/discourse/config/initializers/100-silence_logger.rb:29:in `call'
actionpack-7.2.2/lib/action_dispatch/middleware/request_id.rb:33:in `call'
/var/www/discourse/lib/middleware/enforce_hostname.rb:24:in `call'
rack-2.2.10/lib/rack/method_override.rb:24:in `call'
actionpack-7.2.2/lib/action_dispatch/middleware/executor.rb:16:in `call'
rack-2.2.10/lib/rack/sendfile.rb:110:in `call'
rack-mini-profiler-3.3.1/lib/mini_profiler.rb:191:in `call'
/var/www/discourse/lib/middleware/processing_request.rb:12:in `call'
message_bus-4.3.8/lib/message_bus/rack/middleware.rb:60:in `call'
/var/www/discourse/lib/middleware/request_tracker.rb:360:in `call'
actionpack-7.2.2/lib/action_dispatch/middleware/remote_ip.rb:96:in `call'
railties-7.2.2/lib/rails/engine.rb:535:in `call'
railties-7.2.2/lib/rails/railtie.rb:226:in `public_send'
railties-7.2.2/lib/rails/railtie.rb:226:in `method_missing'
rack-2.2.10/lib/rack/urlmap.rb:74:in `block in call'
rack-2.2.10/lib/rack/urlmap.rb:58:in `each'
rack-2.2.10/lib/rack/urlmap.rb:58:in `call'
unicorn-6.1.0/lib/unicorn/http_server.rb:634:in `process_client'
unicorn-6.1.0/lib/unicorn/http_server.rb:739:in `worker_loop'
unicorn-6.1.0/lib/unicorn/http_server.rb:547:in `spawn_missing_workers'
unicorn-6.1.0/lib/unicorn/http_server.rb:143:in `start'
unicorn-6.1.0/bin/unicorn:128:in `<top (required)>'
/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `load'
/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `<main>'
(microsoft_office365) Ошибка аутентификации! access_denied: OmniAuth::Strategies::OAuth2::CallbackError, access_denied | Пользователь запретил доступ к области, запрошенной клиентским приложением.
ОШИБКА2
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:134:in `block in error'
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `block in dispatch'
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `each'
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:231:in `dispatch'
activesupport-7.2.2/lib/active_support/broadcast_logger.rb:134:in `error'
omniauth-1.9.2/lib/omniauth/strategy.rb:163:in `log'
omniauth-1.9.2/lib/omniauth/strategy.rb:486:in `fail!'
omniauth-oauth2-1.7.3/lib/omniauth/strategies/oauth2.rb:89:in `callback_phase'
omniauth-1.9.2/lib/omniauth/strategy.rb:238:in `callback_call'
omniauth-1.9.2/lib/omniauth/strategy.rb:189:in `call!'
omniauth-1.9.2/lib/omniauth/strategy.rb:169:in `call'
omniauth-1.9.2/lib/omniauth/strategy.rb:192:in `call!'
omniauth-1.9.2/lib/omniauth/strategy.rb:169:in `call'
omniauth-1.9.2/lib/omniauth/builder.rb:45:in `call'
/var/www/discourse/lib/middleware/omniauth_bypass_middleware.rb:43:in `call'
rack-2.2.10/lib/rack/tempfile_reaper.rb:15:in `call'
rack-2.2.10/lib/rack/conditional_get.rb:27:in `call'
rack-2.2.10/lib/rack/head.rb:12:in `call'
actionpack-7.2.2/lib/action_dispatch/http/permissions_policy.rb:38:in `call'
/var/www/discourse/lib/content_security_policy/middleware.rb:12:in `call'
/var/www/discourse/lib/middleware/anonymous_cache.rb:397:in `call'
/var/www/discourse/lib/middleware/csp_script_nonce_injector.rb:12:in `call'
/var/www/discourse/config/initializers/008-rack-cors.rb:14:in `call'
rack-2.2.10/lib/rack/session/abstract/id.rb:266:in `context'
rack-2.2.10/lib/rack/session/abstract/id.rb:260:in `call'
actionpack-7.2.2/lib/action_dispatch/middleware/cookies.rb:704:in `call'
actionpack-7.2.2/lib/action_dispatch/middleware/callbacks.rb:31:in `block in call'
activesupport-7.2.2/lib/active_support/callbacks.rb:101:in `run_callbacks'
actionpack-7.2.2/lib/action_dispatch/middleware/callbacks.rb:30:in `call'
actionpack-7.2.2/lib/action_dispatch/middleware/debug_exceptions.rb:31:in `call'
actionpack-7.2.2/lib/action_dispatch/middleware/show_exceptions.rb:32:in `call'
logster-2.20.0/lib/logster/middleware/reporter.rb:40:in `call'
railties-7.2.2/lib/rails/rack/logger.rb:41:in `call_app'
railties-7.2.2/lib/rails/rack/logger.rb:29:in `call'
/var/www/discourse/config/initializers/100-quiet_logger.rb:20:in `call'
/var/www/discourse/config/initializers/100-silence_logger.rb:29:in `call'
actionpack-7.2.2/lib/action_dispatch/middleware/request_id.rb:33:in `call'
/var/www/discourse/lib/middleware/enforce_hostname.rb:24:in `call'
rack-2.2.10/lib/rack/method_override.rb:24:in `call'
actionpack-7.2.2/lib/action_dispatch/middleware/executor.rb:16:in `call'
rack-2.2.10/lib/rack/sendfile.rb:110:in `call'
rack-mini-profiler-3.3.1/lib/mini_profiler.rb:191:in `call'
/var/www/discourse/lib/middleware/processing_request.rb:12:in `call'
message_bus-4.3.8/lib/message_bus/rack/middleware.rb:60:in `call'
/var/www/discourse/lib/middleware/request_tracker.rb:360:in `call'
actionpack-7.2.2/lib/action_dispatch/middleware/remote_ip.rb:96:in `call'
railties-7.2.2/lib/rails/engine.rb:535:in `call'
railties-7.2.2/lib/rails/railtie.rb:226:in `public_send'
railties-7.2.2/lib/rails/railtie.rb:226:in `method_missing'
rack-2.2.10/lib/rack/urlmap.rb:74:in `block in call'
rack-2.2.10/lib/rack/urlmap.rb:58:in `each'
rack-2.2.10/lib/rack/urlmap.rb:58:in `call'
unicorn-6.1.0/lib/unicorn/http_server.rb:634:in `process_client'
unicorn-6.1.0/lib/unicorn/http_server.rb:739:in `worker_loop'
unicorn-6.1.0/lib/unicorn/http_server.rb:547:in `spawn_missing_workers'
unicorn-6.1.0/lib/unicorn/http_server.rb:143:in `start'
unicorn-6.1.0/bin/unicorn:128:in `<top (required)>'
/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `load'
/var/www/discourse/vendor/bundle/ruby/3.3.0/bin/unicorn:25:in `<main>'
app.yml
templates:
- "templates/postgres.template.yml"
- "templates/redis.template.yml"
- "templates/web.template.yml"
- "templates/web.ratelimited.template.yml"
- "templates/cloudflare.template.yml"
expose:
- "50080:80"
- "50443:443"
params:
db_default_text_search_config: "pg_catalog.english"
#db_shared_buffers: "256MB"
#db_work_mem: "40MB"
#version: tests-passed
env:
LC_ALL: en_US.UTF-8
LANG: en_US.UTF-8
LANGUAGE: en_US.UTF-8
# DISCOURSE_DEFAULT_LOCALE: en
#UNICORN_WORKERS: 3
DISCOURSE_HOSTNAME: 'www.justnainai.com'
DISCOURSE_DEVELOPER_EMAILS: ''
DISCOURSE_MAX_REQS_PER_IP_PER_10_SECONDS: 400
DISCOURSE_MAX_ASSET_REQS_PER_IP_PER_10_SECONDS: 800
DISCOURSE_SMTP_ADDRESS: smtp.gmail.com
DISCOURSE_SMTP_PORT: 587
DISCOURSE_SMTP_USER_NAME: ''
DISCOURSE_SMTP_PASSWORD: ''
DISCOURSE_SMTP_ENABLE_START_TLS: true
DISCOURSE_SMTP_AUTHENTICATION: login
volumes:
- volume:
host: /var/discourse/shared/standalone
guest: /shared
- volume:
host: /var/discourse/shared/standalone/log/var-log
guest: /var/log
OAuth2::ConnectionError (FinalDestination: все разрешенные IP-адреса были запрещены)
Недавно на форумах появилась эта ошибка, и 4797 записей не отображаются в логах одновременно.
Только что проверил на локальном компьютере.
Проблем с входом через Google не обнаружил.
Это указывает на проблему с сетью на вашем новом хостинге. Я подозреваю, что проблемы начались после переезда. Что-то в вашем стеке блокирует запросы к серверам авторизации… К сожалению, я не могу помочь дальше, но я протестировал на размещённом нами сайте, и авторизация через Google работает корректно.