The self-check occurs before a certificate is issued.
What about iptables?
See this example from the Oracle trial install guide: https://meta.discourse.org/t/install-discourse-on-oracle-cloud-free-tier/215749#configure-ubuntus-firewall-iptables-11
You can check this logs:
/var/log/nginx/error.log
/var/log/apache2/error.log
/var/log/nginx/access.log
/var/log/apache2/access.log
/var/log/syslog
/var/log/dmesg
And discourse one from docker logs your-container
(or) your logfile if you are hosting without docker.
There are too much possibles issues here:
- DNS or SSL issue (more common).
- Firewall, routing or network missconfigurations.
- Database, caching, Discourse services.
Without logs or more info it’s almost impossible to give more advise.
The next step is as simple as saving the certificate file as ssl.crt and ssl by category.key and dragging it to the server directory /var/discourse/shared/standalone/ssl/ssl.crt and /var/discourse/shared/standalone/ssl/ssl.key
I saw the example you give me. I followed all the steps.
The only difference is when i run : netfilter-persistent save
I answers nothing contrary to the example where you can see it answers run-parts: …
I retry to install discourse from the beginin and run this 2 iptables before :
iptables -I INPUT 5 -i ens3 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -I INPUT 5 -i ens3 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
I get this issue:
Ports 80 and 443 are free for use
‘samples/standalone.yml’ → ‘containers/app.yml’
Found 2GB of memory and 1 physical CPU cores
setting db_shared_buffers = 256MB
setting UNICORN_WORKERS = 4
containers/app.yml memory parameters updated.
Hostname for your Discourse? [discourse.example.com]: mywebsite.fr
Checking your domain name . . .
WARNING: Port 443 of computer does not appear to be accessible using hostname: mywebsite.fr.
WARNING: Connection to http://mywebsite.fr (port 80) also fails.
This suggests that mywebsite.fr resolves to some IP address that does not reach this
machine where you are installing discourse.
The first thing to do is confirm that mywebsite.fr resolves to the IP address of this server.
You usually do this at the same place you purchased the domain.
If you are sure that the IP address resolves correctly, it could be a firewall issue.
A web search for “open ports YOUR CLOUD SERVICE” might help.
This tool is designed only for the most standard installations. If you cannot resolve
the issue above, you will need to edit containers/app.yml yourself and then type
Hello @matenauta
I checked I don’t have this folder /var/log/nginx /var/log/apache2
I’m not sure to understand @xiaokong23357.
You mean I can install the http configuration by uncoment the https ligne in the app.yml and afterward do this step manualy:
saving the certificate file as ssl.crt and ssl by category.key and dragging it to the server directory /var/discourse/shared/standalone/ssl/ssl.crt and /var/discourse/shared/standalone/ssl/ssl.key
Hello,
I modify the app.yml manualy. Now I’ve got the following message on my browser :
Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.
For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.
Thank you for using nginx.
And it’s seems I get the ssl, because : /var/discourse/shared/standalone/ssl# ls -l
total 8
-rw-r–r-- 1 root root 0 Mar 3 01:00 mydomain.fr.cer
-rw------- 1 root root 3243 Mar 3 01:00 mydomain.fr.key
-rw-r–r-- 1 root root 0 Mar 3 01:01 mydomain.fr_ecc.cer
-rw------- 1 root root 227 Mar 3 01:01 mydomain.fr_ecc.key
What can I do now please ? How can I perform the requested configuration ?
In fact, when you introduce the template item “templates/web.ssl.template.yml” in app.yml, your website has already begun to use https communication, and I said above to configure the SSL certificate configuration method
Also, nginx is generally used when running multiple websites on your server, and you can choose to ignore it if you only run discourse
That’s OK because you are running a single instance but I just asking because that’s something to check.
You are almost done, just need to check SSL certificates creation step like Snow Love said.
I suspect that you ignore some on the guidelines, friendly tip → it’s better to take our time while reading docs and guidelines (for our own time, I mean).
Good luck
@xiaokong23357 I only use discourse. How can ignore it ?
Hello @matenauta
Sorry which guidelines you’re talking about ?
I followed this doc: discourse/INSTALL-cloud.md at main · discourse/discourse · GitHub
How can I do that: need to check SSL certificates creation step like Snow Love said.
I found this in /var/discourse/shared/standalone/ssl# ls -l
total 8
-rw-r–r-- 1 root root 0 Mar 3 01:00 mydomain.fr.cer
-rw------- 1 root root 3243 Mar 3 01:00 mydomain.fr.key
-rw-r–r-- 1 root root 0 Mar 3 01:01 mydomain.fr_ecc.cer
-rw------- 1 root root 227 Mar 3 01:01 mydomain.fr_ecc.key
Look at you, I’m not using nginx for my deployment here
If you need to use nginx, put the “-80:80” in expose
#http “Modify to” - “9090:80” # http" ensures that nginx can be proxed to discourse
I don’t understand why I have this nginx issue. I never requested to use nginx.
You mean I have to change the app.yml file to:
expose:
- “9090:80” # http" ensures that nginx can be proxed to discourse
- “443:443” # https
yes,To use nginx, you need to modify the HTTP proxy port
If you don’t use nginx, change HTTP port 9090 to 80
@Titi what is the result of running this command?
apt list | grep nginx
.
I’m thinking from the fact you got the generic default nginx index page that your VPS in fact does have nginx installed on it and is causing your issue.
Discourse does use nginx internally as well, but you would need a severely broken install for the internal nginx to show that page.
Easier task is to do systemctl status nginx
. If the status is alive then you stop it systemctl stop nginx
and to be sure it will stay taht way you will do systemctl disable nginx
.
And after all of that you’’ll doublecheck you are still exposing 80:80 and 443:443 on app.yml. That’s it.