We are running a Discourse instance on an Aliyun/Alibaba Ubuntu 20.04 server, and as with everything related to Git, we face issues due to the Great Firewall. Upgrading manually with launcher rebuild app most of the time fails due to GnuTLS errors (various types). It’s not related to the Git versions installed on the server, it’s in fact related to the handshake handling inside the GFW; of course we do not understand the details, but several sources discuss this matter in detail. So compiling Git manually with OpenSSL instead is also not an option.
Sometimes the pull process makes it past the core, even manages to clone the Docker Manager plugin, but after 2-3 plugin pulls, there usually is a timeout or another error.
Example:
$ ./launcher rebuild app
Ensuring launcher is up to date
Fetching origin
Launcher is up-to-date
Stopping old container
+ /usr/bin/docker stop -t 60 app
app
cd /pups && git pull && git checkout v1.0.3 && /pups/bin/pups --stdin
fatal: unable to access 'https://github.com/discourse/pups.git/': gnutls_handshake() failed: The TLS connection was non-properly terminated.
76630913bae18d6b45b6b3ecc3ec390c1e69222a493f2ecf424ee06adf9d1002
** FAILED TO BOOTSTRAP ** please scroll up and look for earlier error messages, there may be more than one.
./discourse-doctor may help diagnose the problem.
This one is also rather common:
fatal: unable to access 'https://github.com/discourse/discourse.git/': GnuTLS recv error (-54): Error in the pull function.
potential solution 1
Usually when cloning from GitHub, doing so via SSH instead of HTTPS gives better results or does not fail, but due to Discourse’s unique rebuild task, I have no clue where to configure what, so that the launcher pulls via SSH instead of HTTPS. Is it possible to set up the Discourse instance to do so?
potential solution 2
As another option, I have a SOCKS5 proxy available to circumvent the GFW for watching porn to access blocked resources from inside China, and I do know Git can be configured to use the socks:// protocol, but I unfortunately do not understand how and where to set up the configuration in Discourse, so that the pull processes of the Discourse launcher can use the proxy. I would like to avoid to do this with git config --global for the root user, but rather have this information in a config for the Discourse repos. Can anybody point me to how to achieve this?
It’s cumbersome, as we use this Discourse instance in our intranet and right now our instance is basically dead for more than a month, which of course has severe impact on our operations.