Nginx / letsencrypt / docker -- Ubuntu 16.04

Hosting: Digitalocean.
Followed; all guides here also on digitalocean, for installating and configiring the NGINX with Letencrypt together.
Successfully running HTTPS - https://hkh.pm/
ENDED up with 502 Bad Gateway

discourse config in /etc/nginx/sites-enabled/

server {
        listen 80;
        server_name www.hkh.pm;
        return 301 https://hkh.pm$request_uri;
}
server {
        listen 443 ssl http2; 
        server_name hkh.pm;

        ssl_certificate /etc/letsencrypt/live/hkh.pm/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/hkh.pm/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
        location / {
                proxy_pass      http://hkh.pm:25654/;
                proxy_read_timeout      90;
                proxy_redirect  http://hkh.pm:25654/ https://hkh.pm;
        }
}

App.yml config

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - #"templates/web.ratelimited.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
  - #"templates/web.ssl.template.yml"
  - #"templates/web.letsencrypt.ssl.template.yml"

## which TCP/IP ports should this container expose?
## If you want Discourse to share a port with another webserver like Apache or nginx,
## see https://meta.discourse.org/t/17247 for details
expose:
  - "25654:80"   # http
  - "443:443" # https

NGINX Status :

dbm@hkh:~$ systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2018-01-13 09:48:08 UTC; 16min ago
  Process: 1459 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status
  Process: 1389 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exite
 Main PID: 1484 (nginx)
    Tasks: 3
   Memory: 10.4M
      CPU: 229ms
   CGroup: /system.slice/nginx.service
           ├─1484 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
           ├─1485 nginx: worker process
           └─1486 nginx: worker process

Docker ps -a

dbm@hkh:~$ docker ps -a
CONTAINER ID        IMAGE                 COMMAND             CREATED             STATUS                      PORTS               NAMES
b91fdb1b28df        local_discourse/app   "/sbin/boot"        About an hour ago   Exited (5) 17 minutes ago      

So my conclusion that there is some kind of problem with ports that indicates that forwarding is not configured properly and im out of ideas. (tried almost everything that i could find on google and discourse community). Here we can see that problem;

dbm@hkh:~$ sudo netstat -plntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1484/nginx -g daemo
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1484/nginx -g daemo
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1417/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      1417/sshd

seems like docker-proxy is not being loaded and not forwarding to port 25654 - Also i had a problem that was saying that port 80 was being used. And after that i’ve rebooted, and ngnix didnt say that we have some errors.

dbm@hkh:~$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Any advices or tips what could i do to sort this out! Thanks in advance

What are You trying to achieve?

That configuration looks okay but is there a service running on

http://hkh.pm:25654/

Because that is not returning anything

That is the problem… there is no service running there. And it should be running right? – By the configuration. That problem appears when i install nginx. And letsencrypt. Before doing that, i could reach my discourse on that port.

EDITED:

Like i said here, i think that problem come from here.

EDIT2:

 docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2018-01-13 09:48:09 UTC; 3h 6min ago
     Docs: https://docs.docker.com
 Main PID: 1382 (dockerd)
    Tasks: 22
   Memory: 113.6M
      CPU: 1min 16.716s
   CGroup: /system.slice/docker.service
           ├─1382 /usr/bin/dockerd -H fd://
           └─1492 docker-containerd --config /var/run/docker/containerd/containerd.toml

Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.658704124Z" level=error msg="b91fdb1b28df259975c52de80ab51f8a11d5c43daf3f1da1f767df7031dd5a5e cleanup: fai
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.659260943Z" level=error msg="Failed to start container b91fdb1b28df259975c52de80ab51f8a11d5c43daf3f1da1f76
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.659896029Z" level=info msg="Loading containers: done."
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.696332892Z" level=info msg="Docker daemon" commit=03596f5 graphdriver(s)=overlay2 version=18.01.0-ce
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.697512501Z" level=info msg="Daemon has completed initialization"
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.708078451Z" level=info msg="API listen on /var/run/docker.sock"
Jan 13 09:48:09 hkh systemd[1]: Started Docker Application Container Engine.
Jan 13 09:53:43 hkh dockerd[1382]: time="2018-01-13T09:53:43Z" level=info msg="shim docker-containerd-shim started" address="/containerd-shim/moby/efc749e9f165b37aa8e1
Jan 13 09:53:43 hkh dockerd[1382]: time="2018-01-13T09:53:43Z" level=info msg="shim reaped" id=efc749e9f165b37aa8e12c891f74b606b38b318e43efc39213903f00c1d74b79 module=
Jan 13 09:53:43 hkh dockerd[1382]: time="2018-01-13T09:53:43.962437141Z" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="
~

Jan 13 09:48:09 hkh dockerd[1382]: time=“2018-01-13T09:48:09.659260943Z” level=error msg="Failed to start container b91fdb1b28df259975c52de80ab51f8a11d5c43daf3f1da1f76

This is my docker images;

dbm@hkh:~$ sudo docker images
REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
local_discourse/app   latest              c8f855b4c3a9        4 hours ago         2.79GB
<none>                <none>              b0cd4d872d9d        4 hours ago         2.79GB
discourse/base        2.0.20171231        3925ef3919cc        12 days ago         1.73GB

Do you have other web sites hosted on this server? What are you trying to do?

Docker isn’t running because Your nginx has occupied Port 443 for SSL!

You need to use websockets instead of proxy redirect.

Take some cues from Here: Adding an offline page when rebuilding

@itsbhanusharma Thanks, for replying. Gonna try it asap. Keeping this updated

@pfaffman - no, only Discourse

SOLUTION

@itsbhanusharma, @pfaffman - thanks both for help and your time. Highly appreciate it!

Also, special thanks to @fefrei

Cheers!