How to access remote DigitalOcean Managed Database with Rails+Nginx+Postgresql+DigitalOcean?
My Rails config/database.yml is:
production:
url: <%= ENV["DO_DATABASE"] %>
Url is based on provided by DO connection details (connection string).
I've made rails db:migrate and db:seed. And it worked. When I check database content then everything is inside as it should.
So I have a connection to db.
But, after my app restart, when I go to my web page I receive:
502 Bad Gateway
nginx/1.14.0 (Ubuntu)
After a while it changes to:
503 Service Unavailable
No server is available to handle this request.
My server error log looks like:
2019/02/18 23:33:06 [error] 32636#32636: *1267 connect() failed (111: Connection refused) while connecting to upstream, client: someIPwhichdoesntmatter, server: _, request: "GET / HTTP/1.0", upstream: "http://127.0.0.1:3000/", host: "cloud.digitalocean.com"
So: even if I could connect to remote db to migrate and seed it, I cannot access it by webpage. When I come back (for a while) to internal database then page works.
I don't know if it is about server configuration or it's database configuration (in DigitalOcean database cluster I cannot reach configuration files, I have only an direct access to postgresql).
At database DigitalOcean level settings are regular, so:
There is my droplet added to "ALLOWED INBOUND SOURCES".
I was trying a lot of with NGINX 'server block' for my app of my droplet. Now the file /etc/nginx/sites-available/rails looks like that:
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /home/rails/modelapp/public;
servername _;
index index.htm index.html;
location ~ /.well-known {
allow all;
}
# From https://object.io/site/2015/rails-nginx-easy-assets
#
# Cache forever publicly: files for generated assets
# /assets/application-2565b50fc38a0b3a44882faa3e936262.css
#
# This setup means a CDN may cache these files
location ~ "^/assets/.+-[0-9a-f]{32}.*" {
gzip_static on;
expires max;
add_header Cache-Control public;
}
location / {
proxy_pass http://localhost:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-Client-DN $ssl_client_s_dn;
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_read_timeout 1800;
proxy_connect_timeout 1800;
}
}
My firewall setup:
Status: active
To Action From
-- ------ ----
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
22/tcp LIMIT Anywhere
3000 ALLOW Anywhere
Nginx HTTP ALLOW Anywhere
Nginx Full ALLOW Anywhere
OpenSSH ALLOW Anywhere
25060 ALLOW Anywhere
25061 ALLOW Anywhere
25060/tcp ALLOW Anywhere
25061/tcp ALLOW Anywhere
53 ALLOW Anywhere
53/tcp ALLOW Anywhere
53/udp ALLOW Anywhere
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
22/tcp (v6) LIMIT Anywhere (v6)
3000 (v6) ALLOW Anywhere (v6)
Nginx HTTP (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
25060 (v6) ALLOW Anywhere (v6)
25061 (v6) ALLOW Anywhere (v6)
25060/tcp (v6) ALLOW Anywhere (v6)
25061/tcp (v6) ALLOW Anywhere (v6)
53 (v6) ALLOW Anywhere (v6)
53/tcp (v6) ALLOW Anywhere (v6)
53/udp (v6) ALLOW Anywhere (v6)
So it seems to me that it is a matter of NGINX configuration, but right now I have no idea where to look for.
Or maybe it is something with this SSL mode of a database?
Any ideas?