Nginx / letsencrypt / Docker -- Ubuntu 16.04

Hosting: DigitalOcean.
Befolgt: Alle Anleitungen hier sind auch auf DigitalOcean verfügbar, für die Installation und Konfiguration von NGINX zusammen mit Let’s Encrypt.
Erfolgreich läuft HTTPS - https://hkh.pm/
Ist jedoch mit einem 502 Bad Gateway endet.

Discourse-Konfiguration in /etc/nginx/sites-enabled/

server {
        listen 80;
        server_name www.hkh.pm;
        return 301 https://hkh.pm$request_uri;
}
server {
        listen 443 ssl http2; 
        server_name hkh.pm;

        ssl_certificate /etc/letsencrypt/live/hkh.pm/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/hkh.pm/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
        location / {
                proxy_pass      http://hkh.pm:25654/;
                proxy_read_timeout      90;
                proxy_redirect  http://hkh.pm:25654/ https://hkh.pm;
        }
}

App.yml-Konfiguration

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - #"templates/web.ratelimited.template.yml"
## Deaktivieren Sie diese beiden Zeilen, wenn Sie Let's Encrypt (https) hinzufügen möchten
  - #"templates/web.ssl.template.yml"
  - #"templates/web.letsencrypt.ssl.template.yml"

## Welche TCP/IP-Ports soll dieser Container freigeben?
## Wenn Sie Discourse einen Port mit einem anderen Webserver wie Apache oder nginx teilen möchten,
## siehe https://meta.discourse.org/t/17247 für Details
expose:
  - "25654:80"   # http
  - "443:443" # https

NGINX-Status:

dbm@hkh:~$ systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2018-01-13 09:48:08 UTC; 16min ago
  Process: 1459 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status
  Process: 1389 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exite
 Main PID: 1484 (nginx)
    Tasks: 3
   Memory: 10.4M
      CPU: 229ms
   CGroup: /system.slice/nginx.service
           ├─1484 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
           ├─1485 nginx: worker process
           └─1486 nginx: worker process

Docker ps -a

dbm@hkh:~$ docker ps -a
CONTAINER ID        IMAGE                 COMMAND             CREATED             STATUS                      PORTS               NAMES
b91fdb1b28df        local_discourse/app   "/sbin/boot"        About an hour ago   Exited (5) 17 minutes ago      

Meine Schlussfolgerung ist also, dass es ein Problem mit den Ports gibt, was darauf hindeutet, dass die Weiterleitung nicht korrekt konfiguriert ist, und ich bin ratlos. (Ich habe fast alles ausprobiert, was ich bei Google und in der Discourse-Community finden konnte.) Hier können wir das Problem sehen:

dbm@hkh:~$ sudo netstat -plntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1484/nginx -g daemo
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1484/nginx -g daemo
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1417/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      1417/sshd

Es scheint, als ob docker-proxy nicht geladen wird und nicht an Port 25654 weiterleitet – Außerdem hatte ich ein Problem, bei dem gemeldet wurde, dass Port 80 bereits belegt sei. Danach habe ich neu gestartet, und NGINX meldete keine Fehler mehr.

dbm@hkh:~$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Jede Beratung oder Tipps, was ich tun kann, um das Problem zu lösen! Vielen Dank im Voraus.

What are You trying to achieve?

That configuration looks okay but is there a service running on

http://hkh.pm:25654/

Because that is not returning anything

That is the problem… there is no service running there. And it should be running right? – By the configuration. That problem appears when i install nginx. And letsencrypt. Before doing that, i could reach my discourse on that port.

EDITED:

Like i said here, i think that problem come from here.

EDIT2:

 docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2018-01-13 09:48:09 UTC; 3h 6min ago
     Docs: https://docs.docker.com
 Main PID: 1382 (dockerd)
    Tasks: 22
   Memory: 113.6M
      CPU: 1min 16.716s
   CGroup: /system.slice/docker.service
           ├─1382 /usr/bin/dockerd -H fd://
           └─1492 docker-containerd --config /var/run/docker/containerd/containerd.toml

Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.658704124Z" level=error msg="b91fdb1b28df259975c52de80ab51f8a11d5c43daf3f1da1f767df7031dd5a5e cleanup: fai
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.659260943Z" level=error msg="Failed to start container b91fdb1b28df259975c52de80ab51f8a11d5c43daf3f1da1f76
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.659896029Z" level=info msg="Loading containers: done."
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.696332892Z" level=info msg="Docker daemon" commit=03596f5 graphdriver(s)=overlay2 version=18.01.0-ce
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.697512501Z" level=info msg="Daemon has completed initialization"
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.708078451Z" level=info msg="API listen on /var/run/docker.sock"
Jan 13 09:48:09 hkh systemd[1]: Started Docker Application Container Engine.
Jan 13 09:53:43 hkh dockerd[1382]: time="2018-01-13T09:53:43Z" level=info msg="shim docker-containerd-shim started" address="/containerd-shim/moby/efc749e9f165b37aa8e1
Jan 13 09:53:43 hkh dockerd[1382]: time="2018-01-13T09:53:43Z" level=info msg="shim reaped" id=efc749e9f165b37aa8e12c891f74b606b38b318e43efc39213903f00c1d74b79 module=
Jan 13 09:53:43 hkh dockerd[1382]: time="2018-01-13T09:53:43.962437141Z" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="
~

Jan 13 09:48:09 hkh dockerd[1382]: time=“2018-01-13T09:48:09.659260943Z” level=error msg="Failed to start container b91fdb1b28df259975c52de80ab51f8a11d5c43daf3f1da1f76

This is my docker images;

dbm@hkh:~$ sudo docker images
REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
local_discourse/app   latest              c8f855b4c3a9        4 hours ago         2.79GB
<none>                <none>              b0cd4d872d9d        4 hours ago         2.79GB
discourse/base        2.0.20171231        3925ef3919cc        12 days ago         1.73GB

Do you have other web sites hosted on this server? What are you trying to do?

Docker isn’t running because Your nginx has occupied Port 443 for SSL!

You need to use websockets instead of proxy redirect.

Take some cues from Here: Adding an offline page when rebuilding

@itsbhanusharma Thanks, for replying. Gonna try it asap. Keeping this updated

@pfaffman - no, only Discourse

SOLUTION

@itsbhanusharma, @pfaffman - thanks both for help and your time. Highly appreciate it!

Also, special thanks to @fefrei

Cheers!