No connection accepted on http / https after fresh installation on Ubuntu 22.04 LTS

Installation
1

Not my first discourse installation, but I’ve managed to get stumped after three attempts doing a standard installation on a Digital Ocean droplet (1GB NVMe SSD Premium AMD) using Ubuntu 22.04 LTS. I went through the guide and provided an email for LetsEncrypt as I have done many times before in the past. After the Discourse installation didn’t show up in the browser (either via the A record or the direct IP of the droplet), I then confirmed that the installation refuses connections on both http and https ports and have been hitting my head ever since.

The only odd thing I noticed during install is that Docker wasn’t installed by default on the digital ocean droplet and prompted me to install it after detecting that the git clone of the Discourse container required it. Other than that, I proceeded as normal and tested both Docker and the Discourse installation.

Good news - Discourse successfully executes the email deliverability test, which implies that the installation is there and running, and Docker seems to be working fine (after running “docker run -it --rm hello-world”). I also pinged github.com and do get responses, so it doesn’t appear to be a firewall or connectivity issue.

Problem: connections refused
However, running “curl -v localhost:8080” returns:

*   Trying 127.0.0.1:8080...
* connect to 127.0.0.1 port 8080 failed: Connection refused
*   Trying ::1:8080...
* connect to ::1 port 8080 failed: Connection refused
* Failed to connect to localhost port 8080 after 1 ms: Connection refused
* Closing connection 0

curl -v localhost returns:

*   Trying 127.0.0.1:80...
* Connected to localhost (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: localhost
> User-Agent: curl/7.81.0
> Accept: */*
>
* Empty reply from server
* Closing connection 0
curl: (52) Empty reply from server

Here is my app.yml and the results from running discourse-doctor:

app.yml 
 ## How many concurrent web requests are supported? Depends on memory and CPU cores.
  ## will be set automatically by bootstrap based on detected CPUs, or you can override
  UNICORN_WORKERS: 2

  ## TODO: The domain name this Discourse instance will respond to
  ## Required. Discourse will not work with a bare IP number.
  DISCOURSE_HOSTNAME: community.example.io

  ## Uncomment if you want the container to be started with the same
  ## hostname (-h option) as specified above (default "$hostname-$config")
  #DOCKER_USE_HOSTNAME: true

  ## TODO: List of comma delimited emails that will be made admin and developer
  ## on initial signup example 'user1@example.com,user2@example.com'
  DISCOURSE_DEVELOPER_EMAILS: 'example@example.com'

  ## TODO: The SMTP mail server used to validate new accounts and send notifications
  # SMTP ADDRESS, username, and password are required
  # WARNING the char '#' in SMTP password can cause problems!
  DISCOURSE_SMTP_ADDRESS: smtp.mailgun.org
  DISCOURSE_SMTP_PORT: 587
  DISCOURSE_SMTP_USER_NAME: no-reply@example.io
  DISCOURSE_SMTP_PASSWORD: "XXXXXX"
  #DISCOURSE_SMTP_ENABLE_START_TLS: true           # (optional, default true)
  DISCOURSE_SMTP_DOMAIN: community.example.io
  DISCOURSE_NOTIFICATION_EMAIL: noreply@community.example.io

  ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
  LETSENCRYPT_ACCOUNT_EMAIL: example@example.com

  ## The http or https CDN address for this Discourse instance (configured to pull)
  ## see https://meta.discourse.org/t/14857 for details
  #DISCOURSE_CDN_URL: https://discourse-cdn.example.com

  ## The maxmind geolocation IP address key for IP address lookup
  ## see https://meta.discourse.org/t/-/137387/23 for details
  DISCOURSE_MAXMIND_LICENSE_KEY: XXXXX

## The Docker container is stateless; all data is stored in /shared
volumes:
  - volume:
      host: /var/discourse/shared/standalone
      guest: /shared
  - volume:

  ## TODO: The domain name this Discourse instance will respond to
  ## Required. Discourse will not work with a bare IP number.
  DISCOURSE_HOSTNAME: community.example.io

  ## Uncomment if you want the container to be started with the same
  ## hostname (-h option) as specified above (default "$hostname-$config")
  #DOCKER_USE_HOSTNAME: true

  ## TODO: List of comma delimited emails that will be made admin and developer
  ## on initial signup example 'user1@example.com,user2@example.com'
  DISCOURSE_DEVELOPER_EMAILS: 'example@example.com'

  ## TODO: The SMTP mail server used to validate new accounts and send notifications
  # SMTP ADDRESS, username, and password are required
  # WARNING the char '#' in SMTP password can cause problems!
  DISCOURSE_SMTP_ADDRESS: smtp.mailgun.org
  DISCOURSE_SMTP_PORT: 587
  DISCOURSE_SMTP_USER_NAME: no-reply@example.io
  DISCOURSE_SMTP_PASSWORD: "XXXXXXXX"
  #DISCOURSE_SMTP_ENABLE_START_TLS: true           # (optional, default true)
  DISCOURSE_SMTP_DOMAIN: community.example.io
  DISCOURSE_NOTIFICATION_EMAIL: noreply@community.example.io

  ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
  LETSENCRYPT_ACCOUNT_EMAIL: example@example.com

  ## The http or https CDN address for this Discourse instance (configured to pull)
  ## see https://meta.discourse.org/t/14857 for details
  #DISCOURSE_CDN_URL: https://discourse-cdn.example.com

  ## The maxmind geolocation IP address key for IP address lookup
  ## see https://meta.discourse.org/t/-/137387/23 for details
  DISCOURSE_MAXMIND_LICENSE_KEY: XXXXXX

## The Docker container is stateless; all data is stored in /shared
volumes:
  - volume:
      host: /var/discourse/shared/standalone
      guest: /shared
  - volume:
      host: /var/discourse/shared/standalone/log/var-log
      guest: /var/log
discourse-doctor results 
Found containers/app.yml

==================== YML SETTINGS ====================
DISCOURSE_HOSTNAME=community.example.io
SMTP_ADDRESS=smtp.mailgun.org
DEVELOPER_EMAILS=example@example.com
SMTP_PASSWORD=XXXXXXXX
SMTP_PORT=587
SMTP_USER_NAME=no-reply@example.io
LETSENCRYPT_ACCOUNT_EMAIL=example@example.com

==================== DOCKER INFO ====================
DOCKER VERSION: Docker version 20.10.21, build baeda1f

DOCKER PROCESSES (docker ps -a)

CONTAINER ID   IMAGE                 COMMAND        CREATED          STATUS          PORTS                                                                      NAMES
e1d88ff15b5b   local_discourse/app   "/sbin/boot"   18 minutes ago   Up 18 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   app

e1d88ff15b5b   local_discourse/app   "/sbin/boot"   18 minutes ago   Up 18 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   app

Discourse container app is running


==================== PLUGINS ====================
          - git clone https://github.com/discourse/docker_manager.git

No non-official plugins detected.

See https://github.com/discourse/discourse/blob/main/lib/plugin/metadata.rb for the official list.

========================================
Discourse version at community.example.io: NOT FOUND
Discourse version at localhost: NOT FOUND


==================== MEMORY INFORMATION ====================
RAM (MB): 1016

               total        used        free      shared  buff/cache   available
Mem:             969         687          61          21         220         110
Swap:           2047         241        1806

==================== DISK SPACE CHECK ====================
---------- OS Disk Space ----------
Filesystem      Size  Used Avail Use% Mounted on
/dev/vda1        25G  8.2G   16G  34% /

==================== DISK INFORMATION ====================
Disk /dev/loop0: 63.22 MiB, 66293760 bytes, 129480 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop1: 102.98 MiB, 107986944 bytes, 210912 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/loop2: 47.98 MiB, 50315264 bytes, 98272 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


Disk /dev/vda: 25 GiB, 26843545600 bytes, 52428800 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 728BDF97-580D-4B6F-9462-7E2540D5378B

Device      Start      End  Sectors  Size Type
/dev/vda1  227328 52428766 52201439 24.9G Linux filesystem
/dev/vda14   2048    10239     8192    4M BIOS boot
/dev/vda15  10240   227327   217088  106M EFI System

Partition table entries are not in disk order.


Disk /dev/vdb: 466 KiB, 477184 bytes, 932 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

==================== END DISK INFORMATION ====================

==================== MAIL TEST ====================
For a robust test, get an address from http://www.mail-tester.com/
Or just send a test message to yourself.
Email address for mail test? ('n' to skip) [example@example.com  ]:
Sending mail to example@example.com  . . .
Testing sending to example@example.com  using smtp.mailgun.org:587, username:no-reply@example.io with plain auth.
SMTP server connection successful.
Sending to example@example.com. . .
Mail accepted by SMTP server.
Message-ID: e3455d15-eb48-48bf-9859-a30f1acc765c@community.example.io

If you do not receive the message, check your SPAM folder
or test again using a service like http://www.mail-tester.com/.

If the message is not delivered it is not a problem with Discourse.
Check the SMTP server logs for the above Message ID to see why it
failed to deliver the message.
Replacing: SMTP_PASSWORD
Replacing: LETSENCRYPT_ACCOUNT_EMAIL
Replacing: DEVELOPER_EMAILS
Replacing: DISCOURSE_DB_PASSWORD
Replacing: Sending mail to

==================== DONE! ====================

I also ran ./launcher enter app in the discourse directory + the top command to verify that nginx, redis, postmaster and ruby are all running. I don’t see nginx in the list

launcher enter app --> top results 
Tasks:  31 total,   1 running,  30 sleeping,   0 stopped,   0 zombie
%Cpu(s):  1.3 us,  2.3 sy,  0.0 ni, 96.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.3 st
MiB Mem :    969.4 total,     72.4 free,    659.0 used,    238.0 buff/cache
MiB Swap:   2048.0 total,   1667.2 free,    380.8 used.    141.1 avail Mem

    PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND
   4528 discour+  25   5  951480 289404   3096 S   0.3  29.2   4:21.14 ruby
      1 root      20   0    6772      0      0 S   0.0   0.0   0:00.02 boot
   4428 root      20   0    2340     24      0 S   0.0   0.0   0:01.14 runsvdir
   4429 root      20   0    2188      0      0 S   0.0   0.0   0:00.00 runsv
   4430 root      20   0    2188      0      0 S   0.0   0.0   0:00.00 runsv
   4431 root      20   0    2188      0      0 S   0.0   0.0   0:00.00 runsv
   4432 root      20   0    2188      0      0 S   0.0   0.0   0:00.00 runsv
   4433 root      20   0    2188    280    256 S   0.0   0.0   1:28.21 runsv
   4434 root      20   0    2188      0      0 S   0.0   0.0   0:00.00 runsv
   4435 root      20   0    2336      0      0 S   0.0   0.0   0:00.05 svlogd
   4436 redis     20   0   58072   2900   1624 S   0.0   0.3   3:17.52 redis-server
   4438 root      20   0    2336      0      0 S   0.0   0.0   0:00.00 svlogd
   4439 discour+  20   0   15256   1128    912 S   0.0   0.1   0:25.85 unicorn_launche
   4441 root      20   0    6620    488    384 S   0.0   0.0   0:00.21 cron
   4442 postgres  20   0  213172   5220   4776 S   0.0   0.5   0:02.75 postmaster
   4445 root      20   0  151068    132      0 S   0.0   0.0   0:00.06 rsyslogd
   4458 postgres  20   0  213392  10404   9896 S   0.0   1.0   0:00.78 postmaster
   4459 postgres  20   0  213172   5004   4604 S   0.0   0.5   0:01.50 postmaster
   4460 postgres  20   0  213172   4956   4588 S   0.0   0.5   0:27.50 postmaster
   4461 postgres  20   0  213840   2264   1652 S   0.0   0.2   0:01.98 postmaster
   4462 postgres  20   0   68200    788      0 S   0.0   0.1   0:05.01 postmaster
   4463 postgres  20   0  213724   1164    700 S   0.0   0.1   0:00.05 postmaster
   4464 discour+  20   0  457692 171868   1364 S   0.0  17.3   0:22.71 ruby
   4503 postgres  20   0  220116  11116  10812 S   0.0   1.1   0:01.51 postmaster
   4538 discour+  20   0  768724 169816   1032 S   0.0  17.1   0:08.27 ruby
   4549 discour+  20   0  768724 169948   1220 S   0.0  17.1   0:08.55 ruby
   4580 postgres  20   0  219408  10580  10460 S   0.0   1.1   0:00.13 postmaster
 134464 postgres  20   0  217332  21388  17444 S   0.0   2.2   0:00.24 postmaster
 137350 root      20   0    7036   3468   2972 S   0.0   0.3   0:00.02 bash
 137382 root      20   0   10108   3756   3080 R   0.0   0.4   0:00.08 top
 137609 discour+  20   0   13760   2004   1732 S   0.0   0.2   0:00.00 sleep

Took a look at error.log inside of var/discourse/shared/standalone/log/var-log/nginx:

2022/12/12 07:55:26 [emerg] 5040#5040: cannot load certificate "/shared/ssl/community.example.io.cer": PEM_read_bio_X509_AUX(>
2022/12/12 07:55:27 [emerg] 5042#5042: cannot load certificate "/shared/ssl/community.example.io.cer": PEM_read_bio_X509_AUX(>
2022/12/12 07:55:28 [emerg] 5044#5044: cannot load certificate "/shared/ssl/community.example.io.cer": PEM_read_bio_X509_AUX(>
2022/12/12 07:55:29 [emerg] 5046#5046: cannot load certificate "/shared/ssl/community.example.io.cer": PEM_read_bio_X509_AUX(>
....
1 Like
2

Okay, so based on the error.log file inside of var/discourse/shared/standalone/log/var-log/nginx , I decided to edit out the ssl templates in app.yml:

## Uncomment these two lines if you wish to add Lets Encrypt (https)
##  - "templates/web.ssl.template.yml"
## - "templates/web.letsencrypt.ssl.template.yml"

Then I ran ./launcher stop app and ./launcher rebuild app , which now successfully runs the discourse build via http and throws up “congratulations, you installed discourse!” in the browser.

One step forward, but I can’t seem to get ssl working. I haven’t expired my LE certs yet, the DNS looks good, and this is a fresh install with very cookie-cutter server specs.

Any ideas on why the installation isn’t allowing me to enable ssl via Let’sEncrypt?

1 Like
3

My guess is that your DNS is wrong, or was wrong, and you tried enough times that you got rate limited. The easy solutions are to wait a week or to choose a different subdomain name.

Since you don’t share your hostname, we can’t help know if DNS is working.

4

Thanks for the response @pfaffman . http:// is working fine, but ssl fails to work when enabling Let’s Encrypt. Even though I set LE up via a fresh install, I gave the Setting up LE tutorial a read and didn’t see any mention of DNS modifications.

What specifically do I need from the DNS side to allow LE/SSL to work?

Here is a screenshot from my DNS setup:

Advanced-DNS
Advanced-DNS1701×682 69.9 KB

(DKIM/SPF has been validated and Discourse mail is working well, just fyi)

5

Again, my guess is that you tried many times to request an address from let’s encrypt and it failed for some reason, and now you can’t try again for a week. If I’m right, then wait a week, or use a different name.

There is a way to get the error from them, but I can’t remember our find it on my phone.

6

Got it. After the seven day mark early next week, I’ll re-enable ssl in app.yml + rebuild and report back.

1 Like