Issue Installing Rocket Chat in Plesk with Docker using tutorial, need an answer.

[David Borrink]

Yes, the port is 3000 per the docker-compose.yml file setup I used.

I see your example matches the one on the Rocket Chat docs page for "Running under Plesk Onyx behind Nginx". I'm on Obsidian but I tried this anyway....

#manual extension docker with socket upgrade begin
location ~ ^/.* {
    proxy_pass http://0.0.0.0:3000;
    proxy_set_header Host             $host;
    proxy_set_header X-Real-IP        $remote_addr;
    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Forwarded-Proto http;
    proxy_set_header X-Nginx-Proxy true;
    proxy_http_version 1.1;

    proxy_redirect off;
}

Still a 502 error.

These are the log entries my proxy error log from the attempt. I'm XXX-ing out my domain name.

2024/04/21 08:54:47 [error] 8327#0: *1227907 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 47.225.20.180, server: chat.XXX.com, request: "GET / HTTP/2.0", upstream: "http://0.0.0.0:3000/", host: "chat.XXX.com"

 

[David Borrink]

3000 is my port. Still a 502 error. Here's my log (with domain xxx'd out):

2024/04/21 08:54:47 [error] 8327#0: *1227907 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 47.225.20.180, server: chat.xxx.com, request: "GET / HTTP/2.0", upstream: "http://0.0.0.0:3000/", host: "chat.x.com"

 

[David Borrink]

Sorry for the duplication. I didn't see my note show up and didn't realize a "page 2" had started.

 

[Hangover2]

Do you have any active firewall? If so please check the rules if they are preventing the access. The default Plesk firewall would do so in your scenario on port 3000.

System policy for incoming traffic    => Deny all other incoming traffic

 

[David Borrink]

I changed the System policy for incoming traffic setting to allow incoming traffic but that didn't change it. Still getting a 502 error.

 

[Hangover2]

Did you try to disable the whole firewall for a short test? Because actually you need to open all ports needed for in- and outgoing traffic.

 

[David Borrink]

No. I just changed that one setting. I do have firewall blocks for a good number of IP addresses, and four countries set up as custom rules. I do have a "system policy for traffic forwarding" setting that is set at "deny forwarding for all other traffic". Most of my firewall settings are for "allow".

 

[Hangover2]

And here is the problem. The Docker traffic is a different interface. If you cannot disable the firewall for a short test you should open the needed ports and forwardings with your own firewall rules. Check your kern.log for dropped packages. There you will see if requests to your Rocket.Chat container are blocked.

 

[David Borrink]

I'm familiar with a few log files located in my logs folders in my domains but I don't see a kern.log file in there. Is this more a server log? I'm not familiar with where to find that. Is this something I can find via terminal?

What would I be looking for for information so that I know what kind of a firewall rule to write up?

 

[David Borrink]

I tried to dig online where the kern.log file is. I was able to look up the (apparently newer feature) of Website Log Check under Tools and Settings > Assistance and Troubleshooting but the help documentation for Plesk says

At the moment, Website Log Check can detect the following issues:

• PHP-FPM “server reached max_children setting”
• ModSecurity “Access denied with code 403”
• PHP “Internal Server error 500: Allowed memory size of XXX exhausted”
• PHP “open_basedir restriction in effect”
• Apache .htaccess “403 Forbidden AH01797: client denied by server configuration”
• Apache “Cannot access a website directory in Plesk: 403 Forbidden”
• Nginx “Cannot access a website directory in Plesk: 403 Forbidden”
• Apache .htaccess “403 Forbidden: pcfg_openfile: unable to check htaccess file, ensure it is readable”
• Nginx “Too many open files”

In the future, Website Log Check will be able to detect the following issues:

• Nginx “502 Bad Gateway: upstream sent too big header while reading response header”

So that doesn't seem to give me any direction of where the kern.log would be.

 

[Hangover2]

Those are not the correct logs. I think it would be better you learn first more about the error handling, log files and debugging of CentOS 7.9. It is very hard to help, if you do not know the basics of your operation system. The whole docker topic is very complex with all systems involved - also concerning the security of the data of your clients. So to confirm if your problem is a firewall problem tools like tcpdump, telnet and the kern.log would be one way to check why the network traffic is maybe blocked.