After Lets Encrypt - ERR_ADDRESS_UNREACHABLE

sharpec · April 3, 2018, 7:46am

Good Morning ,
after enable lets encrypt certificate with
sudo bench setup lets-encrypt [site-name]

the page response is
ERR_ADDRESS_UNREACHABLE

in logs/web.error.log

[2018-04-03 08:42:42 +0000] [1169] [ERROR] Error handling request /api/method/frappe.async.get_user_info?sid=33289b131d5e07688b3d4f74b90adc47f745f93f15b2337765680178
Traceback (most recent call last):
  File "/home/frappe/frappe-bench/env/lib/python2.7/site-packages/gunicorn/workers/sync.py", line 135, in handle
    self.handle_request(listener, req, client, addr)
  File "/home/frappe/frappe-bench/env/lib/python2.7/site-packages/gunicorn/workers/sync.py", line 176, in handle_request
    respiter = self.wsgi(environ, resp.start_response)
  File "/home/frappe/frappe-bench/env/lib/python2.7/site-packages/werkzeug/local.py", line 228, in application
    return ClosingIterator(app(environ, start_response), self.cleanup)
  File "/home/frappe/frappe-bench/env/lib/python2.7/site-packages/werkzeug/wrappers.py", line 291, in application
    return f(*args[:-2] + (request,))(*args[-2:])
  File "/home/frappe/frappe-bench/apps/frappe/frappe/app.py", line 88, in application
    response = handle_exception(e)
  File "/home/frappe/frappe-bench/apps/frappe/frappe/app.py", line 143, in handle_exception
    if frappe.local.is_ajax or 'application/json' in frappe.get_request_header('Accept'):
TypeError: argument of type 'NoneType' is not iterable

tail -f frappe-bench/logs/node-socketio.log

 method: 'GET',
    path: '/api/method/frappe.async.get_user_info?sid=33289b131d5e07688b3d4f74b90adc47f745f93f15b2337765680178',
    _ended: true,
    parser: null,
    res: [Object] },
 text: '<html>\n  <head>\n    <title>Internal Server Error</title>\n  </head>\n  <body>\n    <h1><p>Internal Server Error</p></h1>\n    \n  </body>\n</html>\n',
 body: {},
 files: undefined,
 buffered: true,
 headers: 
  { server: 'nginx/1.10.2',
    date: 'Tue, 03 Apr 2018 06:42:42 GMT',
    'content-type': 'text/html',
    'content-length': '141',
    connection: 'close' },
 header: 
  { server: 'nginx/1.10.2',
    date: 'Tue, 03 Apr 2018 06:42:42 GMT',
    'content-type': 'text/html',
    'content-length': '141',
    connection: 'close' },
 statusCode: 500,
 status: 500,
 statusType: 5,
 info: false,
 ok: false,
 redirect: false,
 clientError: false,
 serverError: true,
 error: 
  { Error: cannot GET /api/method/frappe.async.get_user_info?sid=33289b131d5e07688b3d4f74b90adc47f745f93f15b2337765680178 (500)
      at Response.toError (/home/frappe/frappe-bench/node_modules/superagent/lib/node/response.js:94:13)
      at ResponseBase._setStatusProperties (/home/frappe/frappe-bench/node_modules/superagent/lib/response-base.js:122:16)
      at new Response (/home/frappe/frappe-bench/node_modules/superagent/lib/node/response.js:40:8)
      at Request._emitResponse (/home/frappe/frappe-bench/node_modules/superagent/lib/node/index.js:738:20)
      at IncomingMessage.<anonymous> (/home/frappe/frappe-bench/node_modules/superagent/lib/node/index.js:883:38)
      at emitNone (events.js:91:20)
      at IncomingMessage.emit (events.js:185:7)
      at endReadableNT (_stream_readable.js:974:12)
      at _combinedTickCallback (internal/process/next_tick.js:74:11)
      at process._tickCallback (internal/process/next_tick.js:98:9)
    status: 500,
    text: '<html>\n  <head>\n    <title>Internal Server Error</title>\n  </head>\n  <body>\n    <h1><p>Internal Server Error</p></h1>\n    \n  </body>\n</html>\n',
    method: 'GET',
    path: '/api/method/frappe.async.get_user_info?sid=33289b131d5e07688b3d4f74b90adc47f745f93f15b2337765680178' },
 accepted: false,
 noContent: false,
 badRequest: false,
 unauthorized: false,
 notAcceptable: false,
 forbidden: false,
 notFound: false,
 type: 'text/html',
 links: {},
 setEncoding: [Function: bound ],
 redirects: [] } }
listening on *: 9000

any idea?
Thanks

vjFaLk · April 3, 2018, 7:57am

Well, this would happen if your server is not reachable for whatever reason.

What was the name of your site? And tail /var/log/nginx/error.log and put it here.

sharpec · April 3, 2018, 8:09am

Hi use internal dns server with map 192.168.1.248 with hostname erp.domain.it
yes, i found this in log

2018/04/03 08:52:03 [error] 2614#0: *72 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.1.28, server: erp.domain.it, request: "GET /socket.io/?EIO=3&transport=polling&t=MAAHk6L HTTP/1.1", upstream: "
http://127.0.0.1:9000/socket.io/?EIO=3&transport=polling&t=MAAHk6L", host: "erp.texol.it", referrer: "http://erp.domain.it/desk"    
2018/04/03 09:31:14 [error] 5244#0: *1 "/usr/share/nginx/html/socket.io/index.html" is not found (2: No such file or directory), client: 192.168.1.210, server: _, request: "GET /socket.io/?EIO=3&transport=polling&t=MAAQhun HTTP/1.1", host: "erp.domain.it", referrer: "http://erp.domain.it/desk"
    2018/04/03 09:31:21 [error] 5244#0: *1 "/usr/share/nginx/html/socket.io/index.html" is not found (2: No such file or directory), client: 192.168.1.210, server: _, request: "GET /socket.io/?EIO=3&transport=polling&t=MAAQjc9 HTTP/1.1", host: "erp.domain.it", referrer: "http://erp.domain.it/desk"
    2018/04/03 09:31:28 [error] 5244#0: *1 "/usr/share/nginx/html/socket.io/index.html" is not found (2: No such file or directory), client: 192.168.1.210, server: _, request: "GET /socket.io/?EIO=3&transport=polling&t=MAAQlJX HTTP/1.1", host: "erp.domain.it", referrer: "http://erp.domain.it/desk"
    2018/04/03 09:31:35 [error] 5244#0: *1 "/usr/share/nginx/html/socket.io/index.html" is not found (2: No such file or directory), client: 192.168.1.210, server: _, request: "GET /socket.io/?EIO=3&transport=polling&t=MAAQn0w HTTP/1.1", host: "erp.domain.it", referrer: "http://erp.domain.it/desk"
    2018/04/03 09:31:42 [error] 5244#0: *1 "/usr/share/nginx/html/socket.io/index.html" is not found (2: No such file or directory), client: 192.168.1.210, server: _, request: "GET /socket.io/?EIO=3&transport=polling&t=MAAQokH HTTP/1.1", host: "erp.domain.it", referrer: "http://erp.domain.it/desk"
    2018/04/03 09:31:49 [error] 5244#0: *1 "/usr/share/nginx/html/socket.io/index.html" is not found (2: No such file or directory), client: 192.168.1.210, server: _, request: "GET /socket.io/?EIO=3&transport=polling&t=MAAQqRf HTTP/1.1", host: "erp.domain.it", referrer: "http://erp.domain.it/desk"
    2018/04/03 09:31:54 [error] 5244#0: *1 open() "/usr/share/nginx/html/desk" failed (2: No such file or directory), client: 192.168.1.210, server: _, request: "GET /desk HTTP/1.1", host: "erp.domain.it", referrer: "http://erp.domain.it/desk"
    2018/04/03 09:31:54 [error] 5244#0: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 192.168.1.210, server: _, request: "GET /favicon.ico HTTP/1.1", host: "erp.domain.it", referrer: "http://erp.domain.it/desk"

this the output of netstat -an

tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:11000         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:8000          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:12000         0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:13000         0.0.0.0:*               LISTEN

spa · April 3, 2018, 2:29pm

is the nginx.conf correct? please post

… btw did you stop nginx before committing lets encrypt command?

did you

bench setup nginx

and

sudo servece nginx reload

after setting up the cert?

sharpec · April 3, 2018, 2:45pm

yes, many time!

and frappe-bench/config/nginx.conf contain

upstream frappe-bench-frappe {
    server 127.0.0.1:8000 fail_timeout=0;
}

upstream frappe-bench-socketio-server {
    server 127.0.0.1:9000 fail_timeout=0;
}



# setup maps


# server blocks



server {
        listen 443;
        server_name
                erp.domain.it
                ;

        root /home/frappe/frappe-bench/sites;




        ssl on;
        ssl_certificate      /etc/letsencrypt/live/erp.domain.it/fullchain.pem;
        ssl_certificate_key  /etc/letsencrypt/live/erp.domain.it/privkey.pem;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
        ssl_prefer_server_ciphers   on;


        location /assets {
                try_files $uri =404;
        }

        location ~ ^/protected/(.*) {
                internal;
                try_files /$host/$1 =404;
        }

        location /socket.io {
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_set_header X-Frappe-Site-Name $host;
                proxy_set_header Origin $scheme://$http_host;
                proxy_set_header Host $host;

                proxy_pass http://frappe-bench-socketio-server;
        }

        location / {
                try_files /$host/public/$uri @webserver;
        }

        location @webserver {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Frappe-Site-Name $host;
                proxy_set_header Host $host;
                proxy_set_header X-Use-X-Accel-Redirect True;
                proxy_read_timeout 120;
                proxy_redirect off;

                proxy_pass  http://frappe-bench-frappe;
        }

        # error pages
        error_page 502 /502.html;
        location /502.html {
                root /home/frappe/bench-repo/bench/config/templates;
                internal;
        }

        # optimizations
        sendfile on;
        keepalive_timeout 15;
        client_max_body_size 50m;
        client_body_buffer_size 16K;
        client_header_buffer_size 1k;

        # enable gzip compresion
        # based on https://mattstauffer.co/blog/enabling-gzip-on-nginx-servers-including-laravel-forge
        gzip on;
        gzip_http_version 1.1;
        gzip_comp_level 5;
        gzip_min_length 256;
        gzip_proxied any;
        gzip_vary on;
        gzip_types
                application/atom+xml
                application/javascript
                application/json
                application/rss+xml
                application/vnd.ms-fontobject
                application/x-font-ttf
                application/font-woff
                application/x-web-app-manifest+json
                application/xhtml+xml
                application/xml
                font/opentype
                image/svg+xml
                image/x-icon
                text/css
                text/plain
                text/x-component
                ;
                # text/html is always compressed by HttpGzipModule
}

# http to https redirect
        server {
            listen 80;
                server_name
                        erp.domain.it
                        ;

            return 301 https://$host$request_uri;
        }

spa · April 3, 2018, 5:41pm

well that looks ok.

What are you trying to access with - I presume normal webinterface?
or maybe app?

What versions are you running

OS?
Frappe?
ERPNext?
dev or master?

Im just guessing now but socket io does get a little odd from version to version when it comes to special local setups
maybe you might want to try to revert to port based config to see if the bug persists!?
if it doesnt it might be caused by your dns server config or how the referers are handeled

I also dont get why it serches for /usr/share/nginx/html/socket.io/index.html
in my installation (Deb 9.4 / Frappe 10.1.16- master / ERPNext 10.1.16 - master)that does not exist either
same as /usr/share/html/desk
so it asks for the wrong recources I think

sorry I cant do more for now

sharpec · April 4, 2018, 11:32am

Hi spa thanks for your replays
I access from webinterface (chrom / firefox )

Centos 7
ERPNext: v10.1.18 (master)
Frappe Framework: v10.1.16 (master)
dev

I actualy use erpnext with hostname erp.domain.it
For lets encrypt configuration i have natted port 80 on internal host and insert in my external domain dns A external address

sharpec · April 4, 2018, 3:09pm

@spa @vjFaLk

I made a newbie error,
the centos firewall blocked 443

with
sudo iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

erpnext work perfectly

sorry guys