(SSL: error:02001002:system library:fopen:No such file or directory:fopen(’/var/dis (…)
I’m following the guide, but I can’t find anything about this error
1 Like
cd ssl: No such file or directory
Hey @slivo
This indicates that your Lets Encrypt setup did not create the certs when you last rebuilt your container.
Of course, I an sure you know that already!
I had an install that failed something like that this week. Maybe try to do a
./launcher rebuild app
2 Likes
I rebuilt it again. I set it up according to the guidelines. Certified ssl set (/etc/nginx/sites-enabled/discourse.conf) but I have an error:
SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE
I can’t take off with nxinx at all
nginx.service: Control process exited, code=exited status=1
nginx.service: Failed with result 'exit-code'.
Process: 3840 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 25108 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=1/FAILURE)
// Failed to start A high performance web server and a reverse proxy server.
Hey @slivo
Thanks for the update on getting this setup.
Are you setting up Discourse with the standard Docker build without a reverse proxy outside the container?
yes and also im using this guide Run other websites on the same machine as Discourse
Hey @slivo
In that link above, that is an outline of running Discourse in a docker container exposing the application using a UNIX socket to a reverse proxy.
In that case, you should NOT enable SSL in the container yml file; and you SHOULD configure SSL with Let’s Encrypt using certbot outside the container on the reverse proxy only.
The general high level architecture looks like this:
WEB USERS <-- HTTPS --> REVERSE PROXY <-- HTTP --> DOCKER CONTAINER
Please post your yml file by xxxx’ing out your password and email addresses; and let’s see what you have going on.
Thanks.
1 Like
But now I don’t understand. Then I made a new certificate using certbot. And I have it here like:
/etc/letsencrypt/live/myadress.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/myadress.com/privkey.pem
Do I have to change the address in this file or like /etc/nginx/sites-enabled/discourse.conf or I’m doing it completely wrong ?
Hi @slivo
When you are configuring a reverse proxy in front of another app with a nginx instance : you must be very specific about the location of the config files, in the container or out?
I don’t know if I fully understand. I just want a discourse behind nginx. I don’t have another application on the server, but i want do it for more cover from the outside
Hi @slivo
I understand your frustration. Let me kindly explain to you.
In one of your posts above, you say
/etc/letsencrypt/live/myadress.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/myadress.com/privkey.pem
You did not mention if you are in the Docker container or outside the Docker container.
As you know, nginx (in your case) is running both on the host directly and inside the app (the Docker container).
When you post:
/etc/letsencrypt/live/myadress.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/myadress.com/privkey.pem
How can we, as outsiders, know what exactly you are referring to if you do not post the full information. Is that configuration inside or outside the container? We can “guess” and “assume” you are talking about outside the container, but since you do not provide these details, we cannot know for sure. My experience is that the shortest line between a problem and a solution is to never assume anything and to pay close attention to the details.
In addition, you have not posted your yml file. You have also not posted your nginx configuration files outside the container. Therefore, we cannot “see” what you are actually doing in your configuration.
HTH
1 Like