Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Bugreport - App in recovery mode crashing nginx - Cloudron frontend not accessible

    Support
    reverseproxy certificates
    3
    3
    164
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BrutalBirdie
      BrutalBirdie Staff last edited by girish

      I just had an interesting support case.
      A customer had a Cloudron that was non accessible via the frontend.

      Looking at the system (and knowing no frontend at all) can only mean nginx issues.

      journalctl -u nginx

      Feb 23 05:18:47 my systemd[1]: Starting nginx - high performance web server...
Feb 23 05:18:52 my nginx[6671]: nginx: [emerg] cannot load certificate "/home/yellowtent/platformdata/nginx/cert/orga.domain.tld.cert": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen
Feb 23 05:18:52 my systemd[1]: nginx.service: Control process exited, code=exited status=1
Feb 23 05:18:52 my systemd[1]: nginx.service: Failed with result 'exit-code'.
Feb 23 05:18:52 my systemd[1]: Failed to start nginx - high performance web server.

      Huh.
      cd /etc/nginx/applications
      grep -rin "orga" (searching for the subdomain of the app so I can get the nginx confile filename aka. appid.

      f3a6649e-86c9-4fd0-ac97-a3675a36c19d.conf:16:    server_name  orga.sub.domain;
f3a6649e-86c9-4fd0-ac97-a3675a36c19d.conf:44:    server_name  orga.sub.domain;
f3a6649e-86c9-4fd0-ac97-a3675a36c19d.conf.off:50:    ssl_certificate      /home/yellowtent/platformdata/nginx/cert/orga.sub.domain.cert;
f3a6649e-86c9-4fd0-ac97-a3675a36c19d.conf:51:    ssl_certificate_key  /home/yellowtent/platformdata/nginx/cert/orga.sub.domain.key;

      Moving the file to .off so nginx won't load it as config
      mv f3a6649e-86c9-4fd0-ac97-a3675a36c19d.conf f3a6649e-86c9-4fd0-ac97-a3675a36c19d.conf.off
      systemctl restart nginx.service

      Now the frontend is accessible again.

      HUH!
      f3a6649e-86c9-4fd0-ac97-a3675a36c19d is a Redmine 4.2.1 => org.redmine.coudronapp@1.7.1 => Last Updated 10 months ago
      and its labeled orga.sub.domain - broken and the app is in recovery mode.
      Trying a force renew all certs:

      Log:

      Feb 23 12:24:32 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/oldorga.sub.domain.cert notAfter=Sep 11 08:32:00 2021 GMT daysLeft=-165.11981987268518

      What the..? oldorga.sub.domain?

      @staff Could it be that an app in recovery mode does not get any new certs?
      And simple the app had been so long in recovery mode the certs have not been renewed?
      Why is there an oldorga.sub.domain which is getting renewed? There is no app with this location.

      Something is fishy 🐟

      Like my work? Consider donating a beer 🍻 Cheers!

      rmdes girish 2 Replies Last reply Reply Quote 0
      • rmdes
        rmdes @BrutalBirdie last edited by

        @BrutalBirdie from my epxerience, Apps in recovery mode or in any other state than "running" do not get certs or updates.

        1 Reply Last reply Reply Quote 0
        • girish
          girish Staff @BrutalBirdie last edited by girish

          @BrutalBirdie yes, this was a bug in 7.0.x. certificates of apps are "deleted" after 6 months or so. when this happens, the nginx config is left dangling. This is fixed in 7.1 with https://git.cloudron.io/cloudron/box/-/commit/5382e3d8321ddb96817f50ab94e9da56258b11e9

          1 Reply Last reply Reply Quote 2
          • First post
            Last post
          Powered by NodeBB