Forem Creators and Builders

G. F. Hopper
G. F. Hopper

Posted on

Self-host Instruction Issue

I tried to set up Forem using the instructions through GCP, but when I go to the IP the playbook gave me, it says it can't establish a secure connection. I tried setting up my domain to redirect to it anyway, and am still hitting the same issue. The response given is SSL_INTERNAL_ERROR_ALERT. The instructions for Forem aren't terribly clear for those of us who don't use these tools on a daily basis, but I would really like to make this a success (and foremctl seems like it will be really cool once the site can actually be reached).

Error

Discussion (21)

Collapse
coffeecraftcode profile image
Christina Gorton

Hey! We definitely want this to be a success for you too. Can you walk me through the last few steps you took before you got this error so I can help you debug this?
After you provisioned the ansible-playbook for Google Cloud did you set up the DNS for your website?

And if so, were you able to run the commandsystemctl restart forem-traefik.service via SSH to restart your Forem VM?

Collapse
gfhopper profile image
G. F. Hopper Author

I've been trying to figure out how to get it to do that. This is my first time working with GCP. DreamHost is my domain registrar. I have an A record at DreamHost with the IP from the playbook. I cannot access the site from the IP either.

Collapse
coffeecraftcode profile image
Christina Gorton

Ok thank you.

If you have set up DNS with DreamHost can you go to your terminal and type in the following command:
dig <you url>
And then see if the ip address in the Answer Section looks the same as your IP address?

Here is an example using dig with google.com. Check the section with the red box and see if the IP address matches the one you put in DreamHost:
Dig command in terminal

After that is confirmed I can help you with the next step.

Thread Thread
gfhopper profile image
G. F. Hopper Author

The answer section and the A record both match. I just checked and logged into DreamHost to make sure.

Thread Thread
coffeecraftcode profile image
Christina Gorton

Ok great! So DNS is set up correctly and we can now go to the next step.
Next step:
If you haven't done it already you will need to SSH in to your Forem server. You have to do this to restart your Forem once DNS is set up.
You can do this with the following command:
ssh core@<SERVER IP ADDRESS>
`ssh core@

So for my community I can run ssh core@rootlinux.tech or I could use the IP address instead of the url.

You should see something like this in your terminal:

ssh in to server

You may be asked to may see a warning that about the authenticity of the host and it will ask you to accept the fingerprint you can type yes in your terminal here.

Once you are connected you can then run this command to restart your Forem:
sudo systemctl restart forem-traefik.service

After that you should be able to navigate to your URL and see your Forem.

Let me know if you get stuck on any of those steps.

Thread Thread
gfhopper profile image
G. F. Hopper Author

So, I SSH'd in, and ran the command, and the site is still not up. Same error. Is there a set of logs I need to dump somewhere? This is a stack I'm unfamiliar with, although I've used Rails lightly in the past.

Thread Thread
coffeecraftcode profile image
Christina Gorton

Hey our systems team said you can use the journalctlcommand to view logs.

To output logs for a single service to file:

journalctl -u forem-traefik.service > forem_traefik_service_logs.txt
Enter fullscreen mode Exit fullscreen mode

Also they wanted me to ask when you orginially cloned the repo. If it was before Aug 9th you may need to repull the repo and rebuild your Forem from scratch because of the PR below.

Add retry logic to forem-container service #32

This backports a fix for an issue seen in Forem Cloud, where forem-container.service would run too quickly on initial boot, and be unable to pull the app container image down (but the service wouldn't fail, due to the exit 0 in the affected if block inside foremimg).

Thread Thread
gfhopper profile image
G. F. Hopper Author

Gonna have to repull. The output of git show says the last commit was July 27th by you, actually lol

Thread Thread
coffeecraftcode profile image
Christina Gorton

Let me know if you run in to any more trouble after you repull. I'm happy to help debug any more issues.

Thread Thread
gfhopper profile image
G. F. Hopper Author • Edited

So, I just got done re-pulling and doing everything over. I deleted the original VM in GCP as well. Re-pulled from scratch, went through the motions, STILL getting an internal SSL error, same as before. Even re-ran the Traefik command in the VM. I can Zoom if you or any other staff are available, I followed the instructions down to a T. The most I can think of is user error in the GCP admin console, but even then I went through that to a T as well. I'm actually pretty frustrated right now. I don't know many web apps that are this difficult to get running...or maybe I'm just getting old lmao

Thread Thread
coffeecraftcode profile image
Christina Gorton

I'm away from my computer right now but I'd be happy to set up a quick zoom call with you this week to see if we can debug this error you are getting.
I'll get back to you tomorrow morning with some possible times to see if you are available.

Thread Thread
gfhopper profile image
G. F. Hopper Author

@coffeecraftcode I just took a log dump like recommended as well. It's a lot to post, and there's sensitive information in it such as IPs, connections made, etc, and in the interest of security I can't post it here. HOWEVER, Traefik appears to not be working even after restarting the service. It seems to loop, trying to create a cert, cert not working, failure to abort process, repeat. Too long to exactly to paste here.

Thread Thread
coffeecraftcode profile image
Christina Gorton

Yeah, don't worry about pasting the logs here. Let's set up a time this week to chat over zoom and see if can help.

Thread Thread
gfhopper profile image
G. F. Hopper Author

Thank you so much! I appreciate the work you and the kind folks at DEV do! :-)

Thread Thread
coffeecraftcode profile image
Christina Gorton

I have some time available tomorrow and Friday. Let me know if any of the times/days work for you.
calendly.com/christina-forem/30min

Thread Thread
gfhopper profile image
G. F. Hopper Author

Do you have any times available next Monday or Tuesday?

Thread Thread
coffeecraftcode profile image
Christina Gorton

I added some time on Monday and Tuesday.
calendly.com/christina-forem/30min

Thread Thread
gfhopper profile image
G. F. Hopper Author

I'm sorry, I'm gonna have to wait for a day off it looks like. Most days I work 11AM-10PM.

Thread Thread
coffeecraftcode profile image
Christina Gorton

If you happen to have a Calendly you could send me a link and I can see if there is a time available for both of us? Maybe that would be easier for you 😄

Thread Thread
gfhopper profile image
G. F. Hopper Author

Yeah, I'll set one up

Collapse
derekenos profile image
derekenos

I don't know if it's relevant but I ran into a similar issue that ended up being related to HTTPS-only config in Cloudflare. Maybe GCP is doing something similar? I detailed my experience here: github.com/derekenos/forem-selfhos...