403 forbidden
Hi, we have Ubuntu 18.10, the loomio installation went pretty smooth, we just had some process listening on port 25 so we had error on docker-compose up -d on the mailin field, but we killed the process listening and everything was ok.
now as we try to access our domain we receive error 403 forbidden
as we try sudo docker-compose logs -f we have this:
""loomio-letsencrypt | Info: Custom Diffie-Hellman group found, generation skipped.
loomio-letsencrypt | Reloading nginx proxy (477cbc2c84801e7cfb41f952efd8ffb565be282b174a34ea7fe69f29a9dd5f43)...
loomio-letsencrypt | 2019/11/18 13:31:29 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
loomio-letsencrypt | 2019/11/18 13:31:29 [notice] 72#72: signal process started
loomio-letsencrypt | 2019/11/18 13:31:30 Generated '/app/letsencryptservicedata' from 6 containers
loomio-letsencrypt | 2019/11/18 13:31:30 Running '/app/signalleservice'
loomio-letsencrypt | 2019/11/18 13:31:30 Watching docker events
loomio-letsencrypt | 2019/11/18 13:31:30 Contents of /app/letsencryptservicedata did not change. Skipping notification '/app/signalleservice'
loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app
loomio-letsencrypt | Reloading nginx proxy (477cbc2c84801e7cfb41f952efd8ffb565be282b174a34ea7fe69f29a9dd5f43)...
loomio-letsencrypt | 2019/11/18 13:31:31 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''
loomio-letsencrypt | 2019/11/18 13:31:31 [notice] 98#98: signal process started
loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)
loomio-letsencrypt | 2019-11-18 13:31:32,066:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
loomio-letsencrypt | /app
loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app
loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)
loomio-letsencrypt | 2019-11-18 13:31:33,099:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
loomio-letsencrypt | /app
loomio-letsencrypt | Sleep for 3600s
loomio-letsencrypt | 2019/11/18 13:37:45 Received event start for container 2c56195a41f3
loomio-letsencrypt | 2019/11/18 13:38:00 Debounce minTimer fired
loomio-letsencrypt | 2019/11/18 13:38:00 Contents of /app/letsencryptservicedata did not change. Skipping notification '/app/signalleservice'
loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app
loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)
loomio-letsencrypt | 2019-11-18 14:31:34,071:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
loomio-letsencrypt | /app
loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app
loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)
loomio-letsencrypt | 2019-11-18 14:31:34,860:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
loomio-letsencrypt | /app
loomio-letsencrypt | Sleep for 3600s
loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app
loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)
loomio-letsencrypt | 2019-11-18 15:31:35,811:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
loomio-letsencrypt | /app
loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app
loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)
loomio-letsencrypt | 2019-11-18 15:31:36,585:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
loomio-letsencrypt | /app
loomio-letsencrypt | Sleep for 3600s
loomio-nginx | WARNING: /etc/nginx/dhparam/dhparam.pem was not found. A pre-generated dhparam.pem will be used for now while a new one
loomio-nginx | is being generated in the background. Once the new dhparam.pem is in place, nginx will be reloaded.
loomio-nginx | forego | starting dockergen.1 on port 5000
loomio-nginx | forego | starting nginx.1 on port 5100
loomio-nginx | dockergen.1 | 2019/11/18 13:31:25 Generated '/etc/nginx/conf.d/default.conf' from 5 containers
loomio-nginx | dockergen.1 | 2019/11/18 13:31:25 Running 'nginx -s reload'
loomio-nginx | dockergen.1 | 2019/11/18 13:31:25 Watching docker events
loomio-nginx | dockergen.1 | 2019/11/18 13:31:25 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
loomio-nginx | dockergen.1 | 2019/11/18 13:31:28 Received event start for container dadccdbda65b
loomio-nginx | dockergen.1 | 2019/11/18 13:31:28 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
loomio-nginx | 2019/11/18 13:32:08 [notice] 104#104: signal process started
loomio-nginx | Generating DH parameters, 2048 bit long safe prime, generator 2
loomio-nginx | This is going to take a long time
loomio-nginx | dhparam generation complete, reloading nginx
loomio-nginx | dockergen.1 | 2019/11/18 13:37:45 Received event start for container 2c56195a41f3
loomio-nginx | dockergen.1 | 2019/11/18 13:37:45 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'
loomio-nginx | nginx.1 | labpuzzle.ddns.net 188.217.117.145 - - [18/Nov/2019:13:44:23 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
loomio-mailin | info: Mailin v3.0.4
loomio-mailin | info: Webhook url: http://app:3000/email_processor/
loomio-mailin | info: Log file: /var/log/mailin.log
loomio-mailin | info: Mailin Smtp server listening on port 25
loomio-mailin | warn: Webhook http://app:3000/email_processor/ seems invalid or down. You may want to double check the webhook url.
loomio-worker | [Worker(host:34e06f4fd379 pid:7)] Starting job worker
loomio-worker | 2019-11-18T13:31:41+0000: [Worker(host:34e06f4fd379 pid:7)] Starting job worker
loomio-app | [8] Puma starting in cluster mode...
loomio-app | [8] * Version 4.2.1 (ruby 2.6.5-p114), codename: Distant Airhorns
loomio-app | [8] * Min threads: 12, max threads: 12
loomio-app | [8] * Environment: production
loomio-app | [8] * Process workers: 2
loomio-app | [8] * Preloading application
loomio-app | /usr/local/bundle/gems/hassecuretoken-1.0.0/lib/activesupport/coreext/securerandom.rb:4: warning: already initialized constant SecureRandom::BASE58_ALPHABET
loomio-app | /usr/local/bundle/gems/activesupport-5.2.3/lib/activesupport/coreext/securerandom.rb:6: warning: previous definition of BASE58_ALPHABET was here
loomio-app | [8] * Listening on tcp://0.0.0.0:3000
loomio-app | [8] ! WARNING: Detected 2 Thread(s) started in app boot:
loomio-app | [8] ! #<Thread:0x000055a4f1a42c98@/usr/local/bundle/gems/activerecord-5.2.3/lib/activerecord/connectionadapters/abstract/connectionpool.rb:299 sleep> - /usr/local/bundle/gems/activerecord-5.2.3/lib/activerecord/connectionadapters/abstract/connectionpool.rb:301:in `sleep'
loomio-app | [8] ! #<Thread:0x000055a4f1bdabf0@/usr/local/bundle/gems/activerecord-5.2.3/lib/activerecord/connectionadapters/abstract/connectionpool.rb:299 sleep> - /usr/local/bundle/gems/activerecord-5.2.3/lib/activerecord/connectionadapters/abstract/connectionpool.rb:301:in `sleep'
loomio-app | [8] Use Ctrl-C to stop
loomio-app | [8] - Worker 0 (pid: 14) booted, phase: 0
loomio-app | [8] - Worker 1 (pid: 31) booted, phase: 0
loomio-app | source=rack-timeout id=f4e42b74-ee4d-4cb1-b50f-c872d74d140a timeout=15000ms state=ready
loomio-app | Started HEAD "/email_processor/" for 172.17.0.8 at 2019-11-18 13:37:48 +0000
loomio-app | Processing by GroupsController#show as HTML
loomio-app | Parameters: {"id"=>"email_processor"}
loomio-app | Redirected to https://app/email_processor
loomio-app | Filter chain halted as #<Proc:0x000055a4f02694c8@/usr/local/bundle/gems/actionpack-5.2.3/lib/actioncontroller/metal/forcessl.rb:67> rendered or redirected
loomio-app | Completed 301 Moved Permanently in 5ms
loomio-app | source=rack-timeout id=f4e42b74-ee4d-4cb1-b50f-c872d74d140a timeout=15000ms service=12ms state=completed
loomio-redis | 1:C 18 Nov 2019 13:31:16.945 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
loomio-redis | 1:C 18 Nov 2019 13:31:16.945 # Redis version=5.0.6, bits=64, commit=00000000, modified=0, pid=1, just started
loomio-redis | 1:C 18 Nov 2019 13:31:16.945 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
loomio-redis | 1:M 18 Nov 2019 13:31:16.946 # You requested maxclients of 10000 requiring at least 10032 max file descriptors.
loomio-redis | 1:M 18 Nov 2019 13:31:16.946 # Server can't set maximum open files to 10032 because of OS error: Operation not permitted.
loomio-redis | 1:M 18 Nov 2019 13:31:16.946 # Current maximum open files is 4096. maxclients has been reduced to 4064 to compensate for low ulimit. If you need higher maxclients increase 'ulimit -n'.
loomio-redis | 1:M 18 Nov 2019 13:31:16.947 * Running mode=standalone, port=6379.
loomio-redis | 1:M 18 Nov 2019 13:31:16.947 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
loomio-redis | 1:M 18 Nov 2019 13:31:16.947 # Server initialized
loomio-redis | 1:M 18 Nov 2019 13:31:16.947 # WARNING overcommitmemory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommitmemory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
loomio-redis | 1:M 18 Nov 2019 13:31:16.947 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
loomio-redis | 1:M 18 Nov 2019 13:31:16.948 * Ready to accept connections
loomio-db | LOG: database system was shut down at 2019-11-18 13:28:53 UTC
loomio-db | LOG: MultiXact member wraparound protections are now enabled
loomio-db | LOG: autovacuum launcher started
loomio-db | LOG: database system is ready to accept connections
loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app
loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)
loomio-letsencrypt | 2019-11-18 16:31:37,585:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
loomio-letsencrypt | /app
loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app
loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)
loomio-letsencrypt | 2019-11-18 16:31:38,387:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.
loomio-letsencrypt | /app
loomio-letsencrypt | Sleep for 3600s""
we don't know what to do :/ can you please help us?
Francesco Thu 28 Nov 2019 5:51PM
sorry for the delay, this is my env file
# this is the hostname of your app used by loomio
CANONICAL_HOST=labpuzzle.ddns.net
# this is to tell nginx that you want requests for this hostname to come to the app
VIRTUAL_HOST=labpuzzle.ddns.net
SITE_NAME=labpuzzle.ddns.net
# this is to configure letsencrypt to automatically issue and renew your hostname
LETSENCRYPT_HOST=labpuzzle.ddns.net
LETSENCRYPTEMAIL=lab[email protected]
# the number of dots in your hostname
TLD_LENGTH=2
# uncomment this if you want a default subdomain of www (eg: www.loomio.org)
# DEFAULT_SUBDOMAIN=www
# smtp settings
SUPPORTEMAIL=lab[email protected]
SMTP_DOMAIN=labpuzzle.ddns.net
SMTP_SERVER=smtp.sendgrid.net
SMTP_PORT=465
SMTP_USERNAME=apikey
SMTPPASSWORD=XXXXXX
REPLY_HOSTNAME=labpuzzle.ddns.net
# helper bot is the account which welcomes people to their groups.
HELPERBOT[email protected]
RAILS_ENV=production
# Number of webserver processes and threads
# threads are per worker. See https://github.com/puma/puma
PUMA_WORKERS=2
MIN_THREADS=12
MAX_THREADS=12
# Force all connections to be https
FORCE_SSL=1
# Enable rate limiting on group creation, other POST actions
USERACKATTACK=1
# Send catch up email (missed yesterday) weekly
# EMAILCATCHUP_WEEKLY=1
# subscribe on participation default for new users
# uncomment this to change "subscribe on participation" to be false for new users
# EMAILONPARTICIPATIONDEFAULTFALSE=1
# Uncomment these to disable features
# FEATURESDISABLECREATE_USER=1 # users must be invited
# FEATURESDISABLECREATE_GROUP=1 # users cannot create groups
# FEATURESDISABLEPUBLIC_GROUPS=1 # disable /explore
# FEATURESDISABLEHELP_LINK=1 # disable the help link
# MAXPENDINGINVITATIONS=100 # maximum unaccepted invitations a group have have
# Enable search engines to index public content
# ALLOW_ROBOTS=1
# oauth providers, to let your users login using external accounts
# FACEBOOKAPPKEY=REPLACE
# FACEBOOKAPPSECRET=REPLACE
# TWITTERAPPKEY=REPLACE
# TWITTERAPPSECRET=REPLACE
# GOOGLEAPPKEY=REPLACE
# GOOGLEAPPSECRET=REPLACE
# SLACKAPPKEY
# SLACKAPPSECRET
# Theme images
# images should be a multiple of 32px tall.
# THEMEICONSRC=/files/icon.png
# THEMEAPPLOGO_SRC=/files/logo.svg
# THEMEEMAILHEADERLOGOSRC=/files/logo_128h.png
# THEMEEMAILFOOTERLOGOSRC=/files/logo_64h.png
# used in emails. use rgb or hsl values, not hex
# THEMEPRIMARYCOLOR=rgb(255,167,38)
# THEMEACCENTCOLOR=rgb(0,188,212)
# THEMETEXTONPRIMARYCOLOR=rgb(255,255,255)
# THEMETEXTONACCENTCOLOR=rgb(255,255,255)
# select a palette from material: https://material.io/guidelines/style/color.html#color-color-palette
# or generate your own theme at http://mcg.mbitson.com/
# THEMEPRIMARYPALETTE=custom_primary
# THEMEACCENTPALETTE=custom_accent
# THEMEPRIMARYPALETTE_CONFIG={"default": "500"}
# THEMEACCENTPALETTE_CONFIG={"default": "500", "hue-1": "400", "hue-2": "300", "hue-3": "200"}
# THEMECUSTOMPRIMARY_PALETTE={ "50": "f2e0e5", "100": "deb3bf", "200": "c98094", "300": "b34d69", "400": "a22648", "500": "920028", "600": "8a0024", "700": "7f001e", "800": "750018", "900": "63000f", "A100": "ff939b", "A200": "ff606c", "A400": "ff2d3c", "A700": "ff1425", "contrastDefaultColor": "light", "contrastDarkColors": [ "50", "100", "200", "A100", "A200" ], "contrastLightColors": [ "300", "400", "500", "600", "700", "800", "900", "A400", "A700" ] }
# THEMECUSTOMACCENT_PALETTE={ "50": "e9f4fb", "100": "c8e4f6", "200": "a3d3f0", "300": "7ec1ea", "400": "62b3e6", "500": "46a6e1", "600": "3f9edd", "700": "3795d9", "800": "2f8bd5", "900": "207bcd", "A100": "ffffff", "A200": "d2e8ff", "A400": "9fcfff", "A700": "85c2ff", "contrastDefaultColor": "light", "contrastDarkColors": [ "50", "100", "200", "300", "400", "500", "600", "700", "A100", "A200", "A400", "A700" ], "contrastLightColors": [ "800", "900" ] }
DEVISE_SECRET=XXXXXX
SECRETCOOKIETOKEN=XXXXX
Robert Guthrie · Tue 19 Nov 2019 1:14AM
Hi @Francesco. Can you please send me your env file so I can see how you've configured your server?
Thank you.