Loomio

403 forbidden

F
Francesco Public Seen by 179

Hi, we have Ubuntu 18.10, the loomio installation went pretty smooth, we just had some process listening on port 25 so we had error on docker-compose up -d on the mailin field, but we killed the process listening and everything was ok.

now as we try to access our domain we receive error 403 forbidden

as we try sudo docker-compose logs -f we have this:

""loomio-letsencrypt | Info: Custom Diffie-Hellman group found, generation skipped.

loomio-letsencrypt | Reloading nginx proxy (477cbc2c84801e7cfb41f952efd8ffb565be282b174a34ea7fe69f29a9dd5f43)...

loomio-letsencrypt | 2019/11/18 13:31:29 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''

loomio-letsencrypt | 2019/11/18 13:31:29 [notice] 72#72: signal process started

loomio-letsencrypt | 2019/11/18 13:31:30 Generated '/app/letsencryptservicedata' from 6 containers

loomio-letsencrypt | 2019/11/18 13:31:30 Running '/app/signalleservice'

loomio-letsencrypt | 2019/11/18 13:31:30 Watching docker events

loomio-letsencrypt | 2019/11/18 13:31:30 Contents of /app/letsencryptservicedata did not change. Skipping notification '/app/signalleservice'

loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app

loomio-letsencrypt | Reloading nginx proxy (477cbc2c84801e7cfb41f952efd8ffb565be282b174a34ea7fe69f29a9dd5f43)...

loomio-letsencrypt | 2019/11/18 13:31:31 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification ''

loomio-letsencrypt | 2019/11/18 13:31:31 [notice] 98#98: signal process started

loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)

loomio-letsencrypt | 2019-11-18 13:31:32,066:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.

loomio-letsencrypt | /app

loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app

loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)

loomio-letsencrypt | 2019-11-18 13:31:33,099:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.

loomio-letsencrypt | /app

loomio-letsencrypt | Sleep for 3600s

loomio-letsencrypt | 2019/11/18 13:37:45 Received event start for container 2c56195a41f3

loomio-letsencrypt | 2019/11/18 13:38:00 Debounce minTimer fired

loomio-letsencrypt | 2019/11/18 13:38:00 Contents of /app/letsencryptservicedata did not change. Skipping notification '/app/signalleservice'

loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app

loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)

loomio-letsencrypt | 2019-11-18 14:31:34,071:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.

loomio-letsencrypt | /app

loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app

loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)

loomio-letsencrypt | 2019-11-18 14:31:34,860:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.

loomio-letsencrypt | /app

loomio-letsencrypt | Sleep for 3600s

loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app

loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)

loomio-letsencrypt | 2019-11-18 15:31:35,811:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.

loomio-letsencrypt | /app

loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app

loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)

loomio-letsencrypt | 2019-11-18 15:31:36,585:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.

loomio-letsencrypt | /app

loomio-letsencrypt | Sleep for 3600s

loomio-nginx | WARNING: /etc/nginx/dhparam/dhparam.pem was not found. A pre-generated dhparam.pem will be used for now while a new one

loomio-nginx | is being generated in the background. Once the new dhparam.pem is in place, nginx will be reloaded.

loomio-nginx | forego | starting dockergen.1 on port 5000

loomio-nginx | forego | starting nginx.1 on port 5100

loomio-nginx | dockergen.1 | 2019/11/18 13:31:25 Generated '/etc/nginx/conf.d/default.conf' from 5 containers

loomio-nginx | dockergen.1 | 2019/11/18 13:31:25 Running 'nginx -s reload'

loomio-nginx | dockergen.1 | 2019/11/18 13:31:25 Watching docker events

loomio-nginx | dockergen.1 | 2019/11/18 13:31:25 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'

loomio-nginx | dockergen.1 | 2019/11/18 13:31:28 Received event start for container dadccdbda65b

loomio-nginx | dockergen.1 | 2019/11/18 13:31:28 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'

loomio-nginx | 2019/11/18 13:32:08 [notice] 104#104: signal process started

loomio-nginx | Generating DH parameters, 2048 bit long safe prime, generator 2

loomio-nginx | This is going to take a long time

loomio-nginx | dhparam generation complete, reloading nginx

loomio-nginx | dockergen.1 | 2019/11/18 13:37:45 Received event start for container 2c56195a41f3

loomio-nginx | dockergen.1 | 2019/11/18 13:37:45 Contents of /etc/nginx/conf.d/default.conf did not change. Skipping notification 'nginx -s reload'

loomio-nginx | nginx.1 | labpuzzle.ddns.net 188.217.117.145 - - [18/Nov/2019:13:44:23 +0000] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"

loomio-mailin | info: Mailin v3.0.4

loomio-mailin | info: Webhook url: http://app:3000/email_processor/

loomio-mailin | info: Log file: /var/log/mailin.log

loomio-mailin | info: Mailin Smtp server listening on port 25

loomio-mailin | warn: Webhook http://app:3000/email_processor/ seems invalid or down. You may want to double check the webhook url.

loomio-worker | [Worker(host:34e06f4fd379 pid:7)] Starting job worker

loomio-worker | 2019-11-18T13:31:41+0000: [Worker(host:34e06f4fd379 pid:7)] Starting job worker

loomio-app | [8] Puma starting in cluster mode...

loomio-app | [8] * Version 4.2.1 (ruby 2.6.5-p114), codename: Distant Airhorns

loomio-app | [8] * Min threads: 12, max threads: 12

loomio-app | [8] * Environment: production

loomio-app | [8] * Process workers: 2

loomio-app | [8] * Preloading application

loomio-app | /usr/local/bundle/gems/hassecuretoken-1.0.0/lib/activesupport/coreext/securerandom.rb:4: warning: already initialized constant SecureRandom::BASE58_ALPHABET

loomio-app | /usr/local/bundle/gems/activesupport-5.2.3/lib/activesupport/coreext/securerandom.rb:6: warning: previous definition of BASE58_ALPHABET was here

loomio-app | [8] * Listening on tcp://0.0.0.0:3000

loomio-app | [8] ! WARNING: Detected 2 Thread(s) started in app boot:

loomio-app | [8] ! #<Thread:0x000055a4f1a42c98@/usr/local/bundle/gems/activerecord-5.2.3/lib/activerecord/connectionadapters/abstract/connectionpool.rb:299 sleep> - /usr/local/bundle/gems/activerecord-5.2.3/lib/activerecord/connectionadapters/abstract/connectionpool.rb:301:in `sleep'

loomio-app | [8] ! #<Thread:0x000055a4f1bdabf0@/usr/local/bundle/gems/activerecord-5.2.3/lib/activerecord/connectionadapters/abstract/connectionpool.rb:299 sleep> - /usr/local/bundle/gems/activerecord-5.2.3/lib/activerecord/connectionadapters/abstract/connectionpool.rb:301:in `sleep'

loomio-app | [8] Use Ctrl-C to stop

loomio-app | [8] - Worker 0 (pid: 14) booted, phase: 0

loomio-app | [8] - Worker 1 (pid: 31) booted, phase: 0

loomio-app | source=rack-timeout id=f4e42b74-ee4d-4cb1-b50f-c872d74d140a timeout=15000ms state=ready

loomio-app | Started HEAD "/email_processor/" for 172.17.0.8 at 2019-11-18 13:37:48 +0000

loomio-app | Processing by GroupsController#show as HTML

loomio-app | Parameters: {"id"=>"email_processor"}

loomio-app | Redirected to https://app/email_processor

loomio-app | Filter chain halted as #<Proc:0x000055a4f02694c8@/usr/local/bundle/gems/actionpack-5.2.3/lib/actioncontroller/metal/forcessl.rb:67> rendered or redirected

loomio-app | Completed 301 Moved Permanently in 5ms

loomio-app | source=rack-timeout id=f4e42b74-ee4d-4cb1-b50f-c872d74d140a timeout=15000ms service=12ms state=completed

loomio-redis | 1:C 18 Nov 2019 13:31:16.945 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo

loomio-redis | 1:C 18 Nov 2019 13:31:16.945 # Redis version=5.0.6, bits=64, commit=00000000, modified=0, pid=1, just started

loomio-redis | 1:C 18 Nov 2019 13:31:16.945 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf

loomio-redis | 1:M 18 Nov 2019 13:31:16.946 # You requested maxclients of 10000 requiring at least 10032 max file descriptors.

loomio-redis | 1:M 18 Nov 2019 13:31:16.946 # Server can't set maximum open files to 10032 because of OS error: Operation not permitted.

loomio-redis | 1:M 18 Nov 2019 13:31:16.946 # Current maximum open files is 4096. maxclients has been reduced to 4064 to compensate for low ulimit. If you need higher maxclients increase 'ulimit -n'.

loomio-redis | 1:M 18 Nov 2019 13:31:16.947 * Running mode=standalone, port=6379.

loomio-redis | 1:M 18 Nov 2019 13:31:16.947 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.

loomio-redis | 1:M 18 Nov 2019 13:31:16.947 # Server initialized

loomio-redis | 1:M 18 Nov 2019 13:31:16.947 # WARNING overcommitmemory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommitmemory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.

loomio-redis | 1:M 18 Nov 2019 13:31:16.947 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.

loomio-redis | 1:M 18 Nov 2019 13:31:16.948 * Ready to accept connections

loomio-db | LOG: database system was shut down at 2019-11-18 13:28:53 UTC

loomio-db | LOG: MultiXact member wraparound protections are now enabled

loomio-db | LOG: autovacuum launcher started

loomio-db | LOG: database system is ready to accept connections

loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app

loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)

loomio-letsencrypt | 2019-11-18 16:31:37,585:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.

loomio-letsencrypt | /app

loomio-letsencrypt | /etc/nginx/certs/labpuzzle.ddns.net /app

loomio-letsencrypt | Creating/renewal labpuzzle.ddns.net certificates... (labpuzzle.ddns.net)

loomio-letsencrypt | 2019-11-18 16:31:38,387:INFO:simp_le:1546: Certificates already exist and renewal is not necessary, exiting with status code 1.

loomio-letsencrypt | /app

loomio-letsencrypt | Sleep for 3600s""

we don't know what to do :/ can you please help us?

RG

Rob Guthrie Tue 19 Nov 2019

Hi @Francesco. Can you please send me your env file so I can see how you've configured your server?

Thank you.

F

Francesco Thu 28 Nov 2019

sorry for the delay, this is my env file

# this is the hostname of your app used by loomio

CANONICAL_HOST=labpuzzle.ddns.net

# this is to tell nginx that you want requests for this hostname to come to the app

VIRTUAL_HOST=labpuzzle.ddns.net

SITE_NAME=labpuzzle.ddns.net

# this is to configure letsencrypt to automatically issue and renew your hostname

LETSENCRYPT_HOST=labpuzzle.ddns.net

LETSENCRYPTEMAIL=labpuzzle.info@inventati.org

# the number of dots in your hostname

TLD_LENGTH=2

# uncomment this if you want a default subdomain of www (eg: www.loomio.org)

# DEFAULT_SUBDOMAIN=www

# smtp settings

SUPPORTEMAIL=labpuzzle.info@inventati.org

SMTP_DOMAIN=labpuzzle.ddns.net

SMTP_SERVER=smtp.sendgrid.net

SMTP_PORT=465

SMTP_USERNAME=apikey

SMTPPASSWORD=XXXXXX

REPLY_HOSTNAME=labpuzzle.ddns.net

# helper bot is the account which welcomes people to their groups.

HELPERBOTEMAIL=no-reply@labpuzzle.ddns.net

RAILS_ENV=production

# Number of webserver processes and threads

# threads are per worker. See https://github.com/puma/puma

PUMA_WORKERS=2

MIN_THREADS=12

MAX_THREADS=12

# Force all connections to be https

FORCE_SSL=1

# Enable rate limiting on group creation, other POST actions

USERACKATTACK=1

# Send catch up email (missed yesterday) weekly

# EMAILCATCHUP_WEEKLY=1

# subscribe on participation default for new users

# uncomment this to change "subscribe on participation" to be false for new users

# EMAILONPARTICIPATIONDEFAULTFALSE=1

# Uncomment these to disable features

# FEATURESDISABLECREATE_USER=1 # users must be invited

# FEATURESDISABLECREATE_GROUP=1 # users cannot create groups

# FEATURESDISABLEPUBLIC_GROUPS=1 # disable /explore

# FEATURESDISABLEHELP_LINK=1 # disable the help link

# MAXPENDINGINVITATIONS=100 # maximum unaccepted invitations a group have have

# Enable search engines to index public content

# ALLOW_ROBOTS=1

# oauth providers, to let your users login using external accounts

# FACEBOOKAPPKEY=REPLACE

# FACEBOOKAPPSECRET=REPLACE

# TWITTERAPPKEY=REPLACE

# TWITTERAPPSECRET=REPLACE

# GOOGLEAPPKEY=REPLACE

# GOOGLEAPPSECRET=REPLACE

# SLACKAPPKEY

# SLACKAPPSECRET

# Theme images

# images should be a multiple of 32px tall.

# THEMEICONSRC=/files/icon.png

# THEMEAPPLOGO_SRC=/files/logo.svg

# THEMEEMAILHEADERLOGOSRC=/files/logo_128h.png

# THEMEEMAILFOOTERLOGOSRC=/files/logo_64h.png

# used in emails. use rgb or hsl values, not hex

# THEMEPRIMARYCOLOR=rgb(255,167,38)

# THEMEACCENTCOLOR=rgb(0,188,212)

# THEMETEXTONPRIMARYCOLOR=rgb(255,255,255)

# THEMETEXTONACCENTCOLOR=rgb(255,255,255)

# select a palette from material: https://material.io/guidelines/style/color.html#color-color-palette

# or generate your own theme at http://mcg.mbitson.com/

# THEMEPRIMARYPALETTE=custom_primary

# THEMEACCENTPALETTE=custom_accent

# THEMEPRIMARYPALETTE_CONFIG={"default": "500"}

# THEMEACCENTPALETTE_CONFIG={"default": "500", "hue-1": "400", "hue-2": "300", "hue-3": "200"}

# THEMECUSTOMPRIMARY_PALETTE={ "50": "f2e0e5", "100": "deb3bf", "200": "c98094", "300": "b34d69", "400": "a22648", "500": "920028", "600": "8a0024", "700": "7f001e", "800": "750018", "900": "63000f", "A100": "ff939b", "A200": "ff606c", "A400": "ff2d3c", "A700": "ff1425", "contrastDefaultColor": "light", "contrastDarkColors": [ "50", "100", "200", "A100", "A200" ], "contrastLightColors": [ "300", "400", "500", "600", "700", "800", "900", "A400", "A700" ] }

# THEMECUSTOMACCENT_PALETTE={ "50": "e9f4fb", "100": "c8e4f6", "200": "a3d3f0", "300": "7ec1ea", "400": "62b3e6", "500": "46a6e1", "600": "3f9edd", "700": "3795d9", "800": "2f8bd5", "900": "207bcd", "A100": "ffffff", "A200": "d2e8ff", "A400": "9fcfff", "A700": "85c2ff", "contrastDefaultColor": "light", "contrastDarkColors": [ "50", "100", "200", "300", "400", "500", "600", "700", "A100", "A200", "A400", "A700" ], "contrastLightColors": [ "800", "900" ] }

DEVISE_SECRET=XXXXXX

SECRETCOOKIETOKEN=XXXXX