I’m trying to install Discourse on a cloud server from Hetzner but when running ./discourse-setup I get the message that ports are blocked (domain.de is obviously not the real domain):
WARNING: Port 443 of computer does not appear to be accessible using hostname: discourse.domain.de.
WARNING: Connection to http://discourse.domain.de (port 80) also fails.
As suggested from the setup tool I now want to check if discourse.domain.de resolves to the IP address of the cloud server. When I do dig discourse.domain.de I get the following output:
; <<>> DiG 9.16.1-Ubuntu <<>> discourse.domain.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28839
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;discourse.domain.de. IN A
;; ANSWER SECTION:
discourse.domain.de. 4134 IN A XXX.XXX.XXX.XXX (correct ip address)
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Apr 24 10:14:44 UTC 2022
;; MSG SIZE rcvd: 70
Which seems good to me.
The next thing that is suggested is that it could be a firewall issue. I have a firewall with the following ports open:
So I think the firewall is not the reason for the message above. Is it possible that there is something else that is blocking the ports? I’ve read that Apache could cause such a problem but it is not installed on the cloud server.
I tried telnet discourse.domain.de 443 to see if the ports are open and I got
telnet: Unable to connect to remote host: Network is unreachable
Does anyone have an idea how to fix this problem?
Thank you!
Unfortunately, email spammers and scammers like to use cloud hosting providers. And we at Hetzner naturally want to prevent this. That’s why we block ports 25 and 465 by default on all cloud servers. This is a very common practice in the cloud hosting industry because it prevents abuse. We want to build trust with our new customers before we unblock these mail ports. Once you have been with us for a month and paid your first invoice, you can create a limit request to unblock these ports for a valid use case. In your request, you can tell us details about your use case. We make decisions on a case-by-case basis.
As an alternative, you can also use port 587 to send emails via external mail delivery services. Port 587 is not blocked and can be used without sending a limit request.
I’m still confused, but at Digital Ocean firewall must be set up. Clean install doesn’t have any ports open (except for SSH but that is dfferent thing). I don’t know how Hetzner works. And if VPS is behind closed ports, it doesn’t matter what we have on app.yml.
Manual configuration of app.yml is the solution to the problem for me as well. Thanks!
I also found this thread, but I guess I didn’t read it carefully enough…
I think so. When I start a VPS (Ubuntu 20), nginx isn’t installed by default: discourse-setup installs it.
I’ve installed Discourse numerous times on Hetzner VPS without any problem for years (the last time was in February).
That’s why I’m puzzled about this topic.
edit: for some reasons my brain mixed up docker and nginx
There is two options: using firewall by Digital Ocean or installing UFW (or similar) after creation of VPS. Any of my installations don’t use theirs so all ports are closed until I open them from UFW.
Anyway — now I/we know when, where and how Nginx is installed. Every day something new (when you/I/someone don’t understand how docker works )