Nginx / letsencrypt / docker -- Ubuntu 16.04

Alojamiento: DigitalOcean.
Seguido: todas las guías aquí también están en DigitalOcean, para instalar y configurar NGINX con Let’s Encrypt juntos.
Ejecutado con éxito HTTPS - https://hkh.pm/
Terminé con 502 Bad Gateway

Configuración de Discourse en /etc/nginx/sites-enabled/

server {
        listen 80;
        server_name www.hkh.pm;
        return 301 https://hkh.pm$request_uri;
}
server {
        listen 443 ssl http2; 
        server_name hkh.pm;

        ssl_certificate /etc/letsencrypt/live/hkh.pm/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/hkh.pm/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;
        location / {
                proxy_pass      http://hkh.pm:25654/;
                proxy_read_timeout      90;
                proxy_redirect  http://hkh.pm:25654/ https://hkh.pm;
        }
}

Configuración de App.yml

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - #"templates/web.ratelimited.template.yml"
## Descomenta estas dos líneas si deseas agregar Let's Encrypt (https)
  - #"templates/web.ssl.template.yml"
  - #"templates/web.letsencrypt.ssl.template.yml"

## ¿Qué puertos TCP/IP debe exponer este contenedor?
## Si deseas que Discourse comparta un puerto con otro servidor web como Apache o nginx,
## consulta https://meta.discourse.org/t/17247 para más detalles
expose:
  - "25654:80"   # http
  - "443:443" # https

Estado de NGINX:

dbm@hkh:~$ systemctl status nginx.service
● nginx.service - Servidor web de alto rendimiento y servidor proxy inverso
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2018-01-13 09:48:08 UTC; 16min ago
  Process: 1459 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status
  Process: 1389 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exite
 Main PID: 1484 (nginx)
    Tasks: 3
   Memory: 10.4M
      CPU: 229ms
   CGroup: /system.slice/nginx.service
           ├─1484 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
           ├─1485 nginx: worker process
           └─1486 nginx: worker process

Docker ps -a

dbm@hkh:~$ docker ps -a
CONTAINER ID        IMAGE                 COMMAND             CREATED             STATUS                      PORTS               NAMES
b91fdb1b28df        local_discourse/app   "/sbin/boot"        About an hour ago   Exited (5) 17 minutes ago      

Mi conclusión es que hay algún tipo de problema con los puertos que indica que el reenvío no está configurado correctamente y se me han acabado las ideas. (he intentado casi todo lo que pude encontrar en Google y en la comunidad de Discourse). Aquí podemos ver el problema;

dbm@hkh:~$ sudo netstat -plntu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      1484/nginx -g daemo
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1484/nginx -g daemo
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1417/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      1417/sshd

Parece que docker-proxy no se está cargando y no está reenviando al puerto 25654. También tuve un problema que indicaba que el puerto 80 estaba siendo utilizado. Después de eso, reinicié y nginx no indicó que hubiera errores.

dbm@hkh:~$ sudo nginx -t
nginx: la sintaxis del archivo de configuración /etc/nginx/nginx.conf es correcta
nginx: la prueba del archivo de configuración /etc/nginx/nginx.conf es exitosa

¿Alguna sugerencia o consejo sobre qué podría hacer para resolver esto? ¡Gracias de antemano!

What are You trying to achieve?

That configuration looks okay but is there a service running on

http://hkh.pm:25654/

Because that is not returning anything

That is the problem… there is no service running there. And it should be running right? – By the configuration. That problem appears when i install nginx. And letsencrypt. Before doing that, i could reach my discourse on that port.

EDITED:

Like i said here, i think that problem come from here.

EDIT2:

 docker.service - Docker Application Container Engine
   Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2018-01-13 09:48:09 UTC; 3h 6min ago
     Docs: https://docs.docker.com
 Main PID: 1382 (dockerd)
    Tasks: 22
   Memory: 113.6M
      CPU: 1min 16.716s
   CGroup: /system.slice/docker.service
           ├─1382 /usr/bin/dockerd -H fd://
           └─1492 docker-containerd --config /var/run/docker/containerd/containerd.toml

Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.658704124Z" level=error msg="b91fdb1b28df259975c52de80ab51f8a11d5c43daf3f1da1f767df7031dd5a5e cleanup: fai
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.659260943Z" level=error msg="Failed to start container b91fdb1b28df259975c52de80ab51f8a11d5c43daf3f1da1f76
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.659896029Z" level=info msg="Loading containers: done."
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.696332892Z" level=info msg="Docker daemon" commit=03596f5 graphdriver(s)=overlay2 version=18.01.0-ce
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.697512501Z" level=info msg="Daemon has completed initialization"
Jan 13 09:48:09 hkh dockerd[1382]: time="2018-01-13T09:48:09.708078451Z" level=info msg="API listen on /var/run/docker.sock"
Jan 13 09:48:09 hkh systemd[1]: Started Docker Application Container Engine.
Jan 13 09:53:43 hkh dockerd[1382]: time="2018-01-13T09:53:43Z" level=info msg="shim docker-containerd-shim started" address="/containerd-shim/moby/efc749e9f165b37aa8e1
Jan 13 09:53:43 hkh dockerd[1382]: time="2018-01-13T09:53:43Z" level=info msg="shim reaped" id=efc749e9f165b37aa8e12c891f74b606b38b318e43efc39213903f00c1d74b79 module=
Jan 13 09:53:43 hkh dockerd[1382]: time="2018-01-13T09:53:43.962437141Z" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="
~

Jan 13 09:48:09 hkh dockerd[1382]: time=“2018-01-13T09:48:09.659260943Z” level=error msg="Failed to start container b91fdb1b28df259975c52de80ab51f8a11d5c43daf3f1da1f76

This is my docker images;

dbm@hkh:~$ sudo docker images
REPOSITORY            TAG                 IMAGE ID            CREATED             SIZE
local_discourse/app   latest              c8f855b4c3a9        4 hours ago         2.79GB
<none>                <none>              b0cd4d872d9d        4 hours ago         2.79GB
discourse/base        2.0.20171231        3925ef3919cc        12 days ago         1.73GB

Do you have other web sites hosted on this server? What are you trying to do?

Docker isn’t running because Your nginx has occupied Port 443 for SSL!

You need to use websockets instead of proxy redirect.

Take some cues from Here: Adding an offline page when rebuilding

@itsbhanusharma Thanks, for replying. Gonna try it asap. Keeping this updated

@pfaffman - no, only Discourse

SOLUTION

@itsbhanusharma, @pfaffman - thanks both for help and your time. Highly appreciate it!

Also, special thanks to @fefrei

Cheers!