Hi, I've just set up the Forem on my Digital Ocean.
All services are running:
UNIT LOAD ACTIVE SUB DESCRIPTION
forem-imgproxy.service loaded active running Forem Imgproxy Service
forem-openresty.service loaded active running Forem OpenResty Service
forem-pod.service loaded active running Forem pod service
forem-postgresql.service loaded active running Forem Postgresql Service
forem-rails.service loaded active running Forem Rails Service
forem-redis.service loaded active running Forem Redis Service
forem-traefik.service loaded active running Forem Traefik Service
forem-worker.service loaded active running Forem Worker Service
forem.service loaded active exited Forem Service
I've already restarted forem-traefik.service
with command sudo systemctl restart forem-traefik.service
before.
But I cannot access my website.
The TLS certificate is not valid.
And after skipping the security (Your connection is not private), it returns '404 page not found':
This is logs from forem-traefik.service
:
forem-traefik[5043]: Getting image source signatures
forem-traefik[5043]: Copying blob sha256:9cf20b02ab4a630af472bde66f4a1aaab968bb559e087f7bc84ccd58fc2026d6
forem-traefik[5043]: Copying blob sha256:cbdbe7a5bc2a134ca8ec91be58565ec07d037386d1f1d8385412d224deafca08
forem-traefik[5043]: Copying blob sha256:f16506d32a25436b458a7f443ec1ca0d096d99d3479523c92c247856fc6148c0
forem-traefik[5043]: Copying blob sha256:e85488a2df0db068fb7613371d238500acff2cc0f1f0cdc9d12219592b149118
forem-traefik[5043]: Copying config sha256:d2f13a1d85e62ada746f1cf825d3724e46b429c4211490fdfc37e3a601bf6cdc
forem-traefik[5043]: Writing manifest to image destination
forem-traefik[5043]: Storing signatures
forem-traefik[5043]: d2f13a1d85e62ada746f1cf825d3724e46b429c4211490fdfc37e3a601bf6cdc
podman[5043]: 2021-09-04 12:33:43.554598458 +0000 UTC m=+0.084198040 image pull docker.io/library/traefik:2.3.0
podman[5074]: 2021-09-04 12:33:45.517162405 +0000 UTC m=+0.143656465 container create a0a6734bf2c39b29730068a30128b95d44cff0a8442425986e68130a4aa40355 (image=docker.io/library/traefik:2.3.0, name=forem-traefik, org.opencontainers.image.documentation=https://docs.traefik.io, org.opencontainers.image.title=Traefik, org.opencontainers.image.url=https://traefik.io, org.opencontainers.image.vendor=Traefik Labs, org.opencontainers.image.version=v2.3.0, PODMAN_SYSTEMD_UNIT=forem-traefik.service, org.opencontainers.image.description=A modern reverse-proxy)
podman[5074]: 2021-09-04 12:33:45.449806387 +0000 UTC m=+0.076300471 image pull docker.io/library/traefik:2.3.0
podman[5074]: 2021-09-04 12:33:45.596485818 +0000 UTC m=+0.222979836 container init a0a6734bf2c39b29730068a30128b95d44cff0a8442425986e68130a4aa40355 (image=docker.io/library/traefik:2.3.0, name=forem-traefik, org.opencontainers.image.description=A modern reverse-proxy, org.opencontainers.image.documentation=https://docs.traefik.io, org.opencontainers.image.title=Traefik, org.opencontainers.image.url=https://traefik.io, org.opencontainers.image.vendor=Traefik Labs, org.opencontainers.image.version=v2.3.0, PODMAN_SYSTEMD_UNIT=forem-traefik.service)
podman[5074]: 2021-09-04 12:33:45.61073126 +0000 UTC m=+0.237225256 container start a0a6734bf2c39b29730068a30128b95d44cff0a8442425986e68130a4aa40355 (image=docker.io/library/traefik:2.3.0, name=forem-traefik, org.opencontainers.image.documentation=https://docs.traefik.io, org.opencontainers.image.title=Traefik, org.opencontainers.image.url=https://traefik.io, org.opencontainers.image.vendor=Traefik Labs, org.opencontainers.image.version=v2.3.0, PODMAN_SYSTEMD_UNIT=forem-traefik.service, org.opencontainers.image.description=A modern reverse-proxy)
forem-traefik[5074]: a0a6734bf2c39b29730068a30128b95d44cff0a8442425986e68130a4aa40355
systemd[1]: Started Forem Traefik Service.
conmon[5104]: time="2021-09-04T12:33:45Z" level=info msg="Configuration loaded from file: /etc/traefik/traefik.toml"
conmon[5104]: time="2021-09-04T12:33:45Z" level=info msg="Traefik version 2.3.0 built on 2020-09-23T10:55:07Z"
conmon[5104]: time="2021-09-04T12:33:45Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{\"redirections\":{\"entryPoint\":{\"to\":\"websecure\",\"scheme\":\"https\",\"permanent\":true,\"priority\":2147483647}}}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"file\":{\"watch\":true,\"filename\":\"/etc/traefik/dynamic.toml\"}},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"certificatesResolvers\":{\"forem\":{\"acme\":{\"email\":\"[myemail]@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/etc/traefik/acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"}}}}}"
conmon[5104]: time="2021-09-04T12:33:45Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
conmon[5104]: time="2021-09-04T12:33:45Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
conmon[5104]: time="2021-09-04T12:33:45Z" level=debug msg="Start TCP Server" entryPointName=websecure
conmon[5104]: time="2021-09-04T12:33:45Z" level=debug msg="Start TCP Server" entryPointName=web
conmon[5104]: time="2021-09-04T12:33:45Z" level=info msg="Starting provider *file.Provider {\"watch\":true,\"filename\":\"/etc/traefik/dynamic.toml\"}"
conmon[5104]: time="2021-09-04T12:33:45Z" level=error msg="Cannot start the provider *file.Provider: Near line 22 (last key parsed 'http.middlewares.security.headers.ReferrerPolicy'): expected value but found \"same\" instead"
conmon[5104]: time="2021-09-04T12:33:45Z" level=info msg="Starting provider *acme.Provider {\"email\":\"[myemail]@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/etc/traefik/acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"},\"ResolverName\":\"forem\",\"store\":{},\"ChallengeStore\":{}}"
conmon[5104]: time="2021-09-04T12:33:45Z" level=info msg="Testing certificate renew..." providerName=forem.acme
conmon[5104]: time="2021-09-04T12:33:45Z" level=info msg="Starting provider *traefik.Provider {}"
conmon[5104]: time="2021-09-04T12:33:45Z" level=debug msg="Configuration received from provider forem.acme: {\"http\":{},\"tls\":{}}" providerName=forem.acme
conmon[5104]: time="2021-09-04T12:33:45Z" level=debug msg="Configuration received from provider internal: {\"http\":{\"routers\":{\"web-to-websecure\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"redirect-web-to-websecure\"],\"service\":\"noop@internal\",\"rule\":\"HostRegexp(`{host:.+}`)\",\"priority\":2147483647}},\"services\":{\"noop\":{}},\"middlewares\":{\"redirect-web-to-websecure\":{\"redirectScheme\":{\"scheme\":\"https\",\"port\":\"443\",\"permanent\":true}}}},\"tcp\":{},\"tls\":{}}" providerName=internal
conmon[5104]: time="2021-09-04T12:33:45Z" level=debug msg="No default certificate, generating one"
conmon[5104]: time="2021-09-04T12:33:45Z" level=debug msg="Added outgoing tracing middleware noop@internal" routerName=web-to-websecure@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
conmon[5104]: time="2021-09-04T12:33:45Z" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal
conmon[5104]: time="2021-09-04T12:33:45Z" level=debug msg="Setting up redirection to https 443" routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme entryPointName=web
conmon[5104]: time="2021-09-04T12:33:45Z" level=debug msg="Adding tracing to middleware" routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal entryPointName=web
conmon[5104]: time="2021-09-04T12:33:45Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
conmon[5104]: time="2021-09-04T12:33:45Z" level=debug msg="No default certificate, generating one"
conmon[5104]: time="2021-09-04T12:35:34Z" level=debug msg="Serving default certificate for request: \"[mydomain].com\""
conmon[5104]: time="2021-09-04T12:35:34Z" level=debug msg="http: TLS handshake error from 64.71.131.244:53144: local error: tls: bad record MAC"
conmon[5104]: time="2021-09-04T12:35:34Z" level=debug msg="Serving default certificate for request: \"www.[mydomain].com\""
conmon[5104]: time="2021-09-04T12:35:34Z" level=debug msg="http: TLS handshake error from 64.71.131.244:53164: local error: tls: bad record MAC"
conmon[5104]: time="2021-09-04T12:35:34Z" level=debug msg="Serving default certificate for request: \"[mydomain].com\""
conmon[5104]: time="2021-09-04T12:35:34Z" level=debug msg="http: TLS handshake error from 64.71.131.244:53178: local error: tls: bad record MAC"
conmon[5104]: time="2021-09-04T12:35:34Z" level=debug msg="Serving default certificate for request: \"www.[mydomain].com\""
conmon[5104]: time="2021-09-04T12:35:34Z" level=debug msg="http: TLS handshake error from 64.71.131.244:53190: local error: tls: bad record MAC"
[after using browser for access]
conmon[5104]: time="2021-09-04T12:37:24Z" level=debug msg="Serving default certificate for request: \"\""
conmon[5104]: time="2021-09-04T12:38:24Z" level=debug msg="Serving default certificate for request: \"www.[mydomain].com\""
conmon[5104]: time="2021-09-04T12:38:24Z" level=debug msg="http: TLS handshake error from [myBrowserIpAddress]:52578: remote error: tls: unknown certificate"
conmon[5104]: time="2021-09-04T12:38:24Z" level=debug msg="Serving default certificate for request: \"www.[mydomain].com\""
conmon[5104]: time="2021-09-04T12:38:24Z" level=debug msg="http: TLS handshake error from [myBrowserIpAddress]:60329: read tcp 10.88.0.2:443->[myBrowserIpAddress]:60329: read: connection reset by peer"
conmon[5104]: time="2021-09-04T12:38:25Z" level=debug msg="Serving default certificate for request: \"www.[mydomain].com\""
conmon[5104]: time="2021-09-04T12:38:25Z" level=debug msg="http: TLS handshake error from [myBrowserIpAddress]:55157: remote error: tls: unknown certificate"
conmon[5104]: time="2021-09-04T12:39:01Z" level=debug msg="Serving default certificate for request: \"www.[mydomain].com\""
conmon[5104]: time="2021-09-04T12:39:01Z" level=debug msg="http: TLS handshake error from [myBrowserIpAddress]:59509: remote error: tls: unknown certificate"
conmon[5104]: time="2021-09-04T12:39:01Z" level=debug msg="Serving default certificate for request: \"www.[mydomain].com\""
conmon[5104]: time="2021-09-04T12:39:04Z" level=debug msg="Serving default certificate for request: \"www.[mydomain].com\""
conmon[5104]: time="2021-09-04T12:39:04Z" level=debug msg="http: TLS handshake error from [myBrowserIpAddress]:54926: remote error: tls: unknown certificate"
conmon[5104]: time="2021-09-04T12:39:05Z" level=debug msg="Serving default certificate for request: \"www.[mydomain].com\""
conmon[5104]: time="2021-09-04T12:39:06Z" level=debug msg="Serving default certificate for request: \"www.[mydomain].com\""
conmon[5104]: time="2021-09-04T12:39:06Z" level=debug msg="http: TLS handshake error from [myBrowserIpAddress]:51946: read tcp 10.88.0.2:443->[myBrowserIpAddress]:51946: read: connection reset by peer"
conmon[5104]: time="2021-09-04T12:39:06Z" level=debug msg="Serving default certificate for request: \"www.[mydomain].com\""
Thanks :)
Top comments (4)
Hey same issue here
forem.dev/jdoss/comment/37o
See github.com/forem/selfhost/issues/4... for a fix.
Thanks :)