How to access remote DigitalOcean Managed Database with Rails+Nginx+Postgresql+DigitalOcean?

February 19, 2019 556 views
Nginx Ruby on Rails PostgreSQL DigitalOcean Ubuntu 18.04

My Rails config/database.yml is:

production:
url: <%= ENV["DO_DATABASE"] %>

Url is based on provided by DO connection details (connection string).
I've made rails db:migrate and db:seed. And it worked. When I check database content then everything is inside as it should.
So I have a connection to db.

But, after my app restart, when I go to my web page I receive:

502 Bad Gateway
nginx/1.14.0 (Ubuntu)

After a while it changes to:
503 Service Unavailable
No server is available to handle this request.

My server error log looks like:
2019/02/18 23:33:06 [error] 32636#32636: *1267 connect() failed (111: Connection refused) while connecting to upstream, client: someIPwhichdoesntmatter, server: _, request: "GET / HTTP/1.0", upstream: "http://127.0.0.1:3000/", host: "cloud.digitalocean.com"

So: even if I could connect to remote db to migrate and seed it, I cannot access it by webpage. When I come back (for a while) to internal database then page works.

I don't know if it is about server configuration or it's database configuration (in DigitalOcean database cluster I cannot reach configuration files, I have only an direct access to postgresql).

At database DigitalOcean level settings are regular, so:
There is my droplet added to "ALLOWED INBOUND SOURCES".

I was trying a lot of with NGINX 'server block' for my app of my droplet. Now the file /etc/nginx/sites-available/rails looks like that:

server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /home/rails/modelapp/public;
server
name _;
index index.htm index.html;

    location ~ /.well-known {
            allow all;
    }

    # From https://object.io/site/2015/rails-nginx-easy-assets
    #
    # Cache forever publicly: files for generated assets
    #   /assets/application-2565b50fc38a0b3a44882faa3e936262.css
    #
    # This setup means a CDN may cache these files
    location ~ "^/assets/.+-[0-9a-f]{32}.*" {
            gzip_static on;
            expires     max;
            add_header  Cache-Control public;
    }

    location / {
    proxy_pass http://localhost:3000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-Port 443;
    proxy_set_header X-Client-Verify SUCCESS;
    proxy_set_header X-Client-DN $ssl_client_s_dn;
    proxy_set_header X-SSL-Subject $ssl_client_s_dn;
    proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
    proxy_read_timeout 1800;
    proxy_connect_timeout 1800;
    }

}

My firewall setup:

Status: active

To                         Action      From
--                         ------      ----
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
22/tcp                     LIMIT       Anywhere                  
3000                       ALLOW       Anywhere                  
Nginx HTTP                 ALLOW       Anywhere                  
Nginx Full                 ALLOW       Anywhere                  
OpenSSH                    ALLOW       Anywhere                  
25060                      ALLOW       Anywhere                  
25061                      ALLOW       Anywhere                  
25060/tcp                  ALLOW       Anywhere                  
25061/tcp                  ALLOW       Anywhere                  
53                         ALLOW       Anywhere                  
53/tcp                     ALLOW       Anywhere                  
53/udp                     ALLOW       Anywhere                  
80/tcp (v6)                ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)             
22/tcp (v6)                LIMIT       Anywhere (v6)             
3000 (v6)                  ALLOW       Anywhere (v6)             
Nginx HTTP (v6)            ALLOW       Anywhere (v6)             
Nginx Full (v6)            ALLOW       Anywhere (v6)             
OpenSSH (v6)               ALLOW       Anywhere (v6)             
25060 (v6)                 ALLOW       Anywhere (v6)             
25061 (v6)                 ALLOW       Anywhere (v6)             
25060/tcp (v6)             ALLOW       Anywhere (v6)             
25061/tcp (v6)             ALLOW       Anywhere (v6)             
53 (v6)                    ALLOW       Anywhere (v6)             
53/tcp (v6)                ALLOW       Anywhere (v6)             
53/udp (v6)                ALLOW       Anywhere (v6)  

So it seems to me that it is a matter of NGINX configuration, but right now I have no idea where to look for.
Or maybe it is something with this SSL mode of a database?
Any ideas?

2 Answers

Hey friend,

Thanks for posting this question, it can help others who experience similar. In this case I'd like to narrow it down to this:

2019/02/18 23:33:06 [error] 32636#32636: *1267 connect() failed (111: Connection refused) while connecting to upstream, client: someIPwhichdoesntmatter, server: _, request: "GET / HTTP/1.0", upstream: "http://127.0.0.1:3000/", host: "cloud.digitalocean.com"

While you have port 3000 open, Nginx is receiving a "Connection refused" error when connecting locally to port 3000. This most likely means that your application is not currently running/listening on port 3000. You can use "netstat -tulpn | grep 3000" to confirm. If you get no return, then the app isn't listening. Check the output when you start your application, it may be failing to start.

Jarland

Hi, thanks, it helped. After investigation I figured out that my env variable <%= ENV["DO_DATABASE"] %>was seen by system while doing migration, but it wasn't seen while doing server restart by systemctl restart rails.service . Basically I have no idea why. So I decided to insert exceptionally data to my code. Then server restart works correctly (app starts running). Thanks once again.

Have another answer? Share your knowledge.