iPhone timeout

Hello! I’ve successfully installed Discourse (as recommended, default docker installation), I am on Debian 12, 2 cores, 4Gb memory, 80 Gb disk space: https://oreillefine.art
The problem is that from my laptop I can always access this website, however from my iPhone (also, tested on different iPhones) it just fails to connect (“can’t establish secure connection”). After 2-3 hours, suddenly I was able to connect from iPhone, but then again, connection drops and again “can’t establish secure connection”… SSL certificate seems to be ok, checked here:

Capture d’écran 2024-05-11 à 20.05.162103×729 67.1 KB

x86_64 arch detected.
run-parts: executing /etc/runit/1.d/00-ensure-links
run-parts: executing /etc/runit/1.d/00-fix-var-logs
run-parts: executing /etc/runit/1.d/01-cleanup-web-pids
run-parts: executing /etc/runit/1.d/anacron
run-parts: executing /etc/runit/1.d/cleanup-pids
Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
run-parts: executing /etc/runit/1.d/letsencrypt
[Sat 11 May 2024 05:43:22 PM UTC] Domains not changed.
[Sat 11 May 2024 05:43:22 PM UTC] Skip, Next renewal time is: 2024-07-08T11:05:55Z
[Sat 11 May 2024 05:43:22 PM UTC] Add '--force' to force to renew.
[Sat 11 May 2024 05:43:22 PM UTC] Installing key to: /shared/ssl/oreillefine.art.key
[Sat 11 May 2024 05:43:22 PM UTC] Installing full chain to: /shared/ssl/oreillefine.art.cer
[Sat 11 May 2024 05:43:22 PM UTC] Run reload cmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Sat 11 May 2024 05:43:22 PM UTC] Reload error for :
[Sat 11 May 2024 05:43:22 PM UTC] Domains not changed.
[Sat 11 May 2024 05:43:22 PM UTC] Skip, Next renewal time is: 2024-07-08T11:06:01Z
[Sat 11 May 2024 05:43:22 PM UTC] Add '--force' to force to renew.
[Sat 11 May 2024 05:43:23 PM UTC] Installing key to: /shared/ssl/oreillefine.art_ecc.key
[Sat 11 May 2024 05:43:23 PM UTC] Installing full chain to: /shared/ssl/oreillefine.art_ecc.cer
[Sat 11 May 2024 05:43:23 PM UTC] Run reload cmd: sv reload nginx
warning: nginx: unable to open supervise/ok: file does not exist
[Sat 11 May 2024 05:43:23 PM UTC] Reload error for :
Started runsvdir, PID is 537
ok: run: redis: (pid 549) 0s
ok: run: postgres: (pid 554) 0s
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/discourse.conf:60
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/conf.d/discourse.conf:61
supervisor pid: 544 unicorn pid: 577

ss -lnptu | grep :443 gives this:

tcp   LISTEN 0      4096             0.0.0.0:443        0.0.0.0:*    users:(("docker-proxy",pid=191092,fd=4)) 
tcp   LISTEN 0      4096                [::]:443           [::]:*    users:(("docker-proxy",pid=191098,fd=4))

Any ideas? Many thanks in advance!

Hello,

Is the laptop an Apple device? Are you testing always with Safari? Did you try other browsers?

My wild guess is that the IP has a bad reputation and might be blocked by Safari.

blacklist check

Check IP Address Reputation | IP Reputation Lookup History | IP Reputation API

image1200×90 2.63 KB

reputation check

Network Tools: DNS,IP,Email

image725×442 42.6 KB

This is not surprising when it comes to OVH servers, as they are often used for spamming.
It would be a good idea to change IP if you can.

Yes, I have a MacBook and I am using Safari too… but somehow it works on MacBook…

UPD: tried Firefox on iPhone. Having “NSURLErrorDomain” error… basically same outcome, the network connection was lost

Safari has built-in security features; it might be possible that Safari on Mobile doesn’t contain the latest data on this IP (or the inverse with the Desktop version). I don’t know exactly how this works-- but the IP being blacklisted with a bad reputation is definitively an issue for me.

You can always try another browser on mobile to test or your wifi connection.

(On my side, the site loads fine windows Desktop, Chrome android, and iPad Safari)

Ok, I checked with my WiFi, and it worked! So, it means this IP is blacklisted by my mobile operator… well, didn’t know his about OVH…