SSL Setup for Bench and CloudFare

I installed ERPNext on DigitalOcean Ubuntu 16.04 (and 14.04.5) but every time I reboot, the site fails to load. Surprisingly, it doesn’t even install properly at first. After few attempts, it installs but I’m not able to reboot the server. As soon as I reboot, the setup malfunctions and the site stops to respond!
I followed the steps as explained on GitHub and every time I setup on fresh server!

If you have any error messages during or after installation share them here

Well, once it is installed, there are no error messages. It works without any problem. But when I reboot the VPS, the site just stops working. As I use CloudFlare, while trying to load the site after reboot, CloudFlare reports, “The web server reported a bad gateway error.” I don’t know what to make of that!
I will try to install against and post error messages (shown during installation) if I face them. But till then can you throw some light on this current issue which is persisting even after successful installation!

And in this state, when I try to start the service manually, “bench start”, the terminal returns-"[3163] [ERROR] Procfile does not exist or is not a file". Maybe this can help you diagnose.

“bench restart” returns this -“unix:///var/run/supervisor.sock no such file”

try
bench setup procfile

1 Like

try this:
frappe-bench$ sudo systemctl enable supervisor
frappe-bench$ sudo reboot

1 Like

Hey @komsel2228
Your suggestion worked. Now the site is loading normally.
But now I’m unable to install fail2ban … even apt-get update is not working! Any clues?

[update]
I reboot the server and apt-get is now working. However, “bench update” is not working…It throws following errors…
XX–XX–XX–XX
Traceback (most recent call last):
File “/usr/local/bin/bench”, line 11, in
load_entry_point(‘bench’, ‘console_scripts’, ‘bench’)()
File “/home/frappe/.bench/bench/cli.py”, line 40, in cli
bench_command()
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 716, in call
return self.main(*args, **kwargs)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 696, in main
rv = self.invoke(ctx)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 1060, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 889, in invoke
return ctx.invoke(self.callback, **ctx.params)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 534, in invoke
return callback(*args, **kwargs)
File “/home/frappe/.bench/bench/commands/update.py”, line 30, in update
patches.run(bench_path=’.’)
File “/home/frappe/.bench/bench/patches/init.py”, line 21, in run
result = execute(bench_path)
File “/home/frappe/.bench/bench/patches/v3/celery_to_rq.py”, line 7, in execute
frappe_branch = get_current_branch(‘frappe’, bench_path)
File “/home/frappe/.bench/bench/app.py”, line 171, in get_current_branch
return get_cmd_output(“basename $(git symbolic-ref -q HEAD)”, cwd=repo_dir)
File “/home/frappe/.bench/bench/utils.py”, line 321, in get_cmd_output
return subprocess.check_output(cmd, cwd=cwd, shell=True, stderr=open(os.devnull, ‘wb’)).strip()
File “/usr/lib/python2.7/subprocess.py”, line 567, in check_output
process = Popen(stdout=PIPE, *popenargs, **kwargs)
File “/usr/lib/python2.7/subprocess.py”, line 711, in init
errread, errwrite)
File “/usr/lib/python2.7/subprocess.py”, line 1343, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory: ‘./apps/frappe’
XX–XX–XX–XX

Is your present working directory frappe-bench?
bench commands should be run in frappe-bench directory.

Hi @KanchanChauhan

Thanks for your reply. I tried to run “sudo bench update” from the directory /home/frappe/frappe-bench and received following error:

XX–XX–XX–XX–XX
INFO:bench.utils:updating bench
remote: Counting objects: 12, done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 12 (delta 10), reused 12 (delta 10), pack-reused 0
Unpacking objects: 100% (12/12), done.
From https://github.com/frappe/bench
b07de26…164bc13 master -> origin/master
Updating b07de26…164bc13
error: Your local changes to the following files would be overwritten by merge:
bench/patches/v4/update_node.py
playbooks/develop/ubuntu.yml
Please, commit your changes or stash them before you can merge.
Aborting
Traceback (most recent call last):
File “/usr/local/bin/bench”, line 11, in
load_entry_point(‘bench’, ‘console_scripts’, ‘bench’)()
File “/home/frappe/.bench/bench/cli.py”, line 40, in cli
bench_command()
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 716, in call
return self.main(*args, **kwargs)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 696, in main
rv = self.invoke(ctx)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 1060, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 889, in invoke
return ctx.invoke(self.callback, **ctx.params)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 534, in invoke
return callback(*args, **kwargs)
File “/home/frappe/.bench/bench/commands/update.py”, line 34, in update
update_bench()
File “/home/frappe/.bench/bench/utils.py”, line 227, in update_bench
exec_cmd(“git pull”, cwd=cwd)
File “/home/frappe/.bench/bench/utils.py”, line 127, in exec_cmd
raise CommandFailedError(cmd)
bench.utils.CommandFailedError: git pull
XX–XX–XX–XX–XX

For “bench update” i.e. without sudo, I receive following error:

XX–XX–XX–XX–XX
Traceback (most recent call last):
File “/usr/local/bin/bench”, line 11, in
load_entry_point(‘bench’, ‘console_scripts’, ‘bench’)()
File “/home/frappe/.bench/bench/cli.py”, line 40, in cli
bench_command()
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 716, in call
return self.main(*args, **kwargs)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 696, in main
rv = self.invoke(ctx)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 1057, in invoke
Command.invoke(self, ctx)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 889, in invoke
return ctx.invoke(self.callback, **ctx.params)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 534, in invoke
return callback(*args, **kwargs)
File “/home/frappe/.bench/bench/commands/init.py”, line 21, in bench_command
setup_logging(bench_path=bench_path)
File “/home/frappe/.bench/bench/utils.py”, line 265, in setup_logging
hdlr = logging.FileHandler(log_file)
File “/usr/lib/python2.7/logging/init.py”, line 913, in init
StreamHandler.init(self, self._open())
File “/usr/lib/python2.7/logging/init.py”, line 943, in _open
stream = open(self.baseFilename, self.mode)
IOError: [Errno 13] Permission denied: ‘/home/frappe/frappe-bench/logs/bench.log’
XX–XX–XX–XX–XX

Any suggestions?

I just tried setting up SSL certificate.

First I generated my own SSL certificate with these commands:
sudo mkdir /PATH/TO/ssl
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /PATH/TO/ssl/nginx.key -out /PATH/TO/ssl/nginx.crt

Then I followed steps mentioned on this URL but unfortunately this doesn’t work.

My server is behind CloudFlare. When I switch from Flexible to Full (in Crypto SSL settings), it shows web-server is down. When I switch back from Full to Flexible the server again goes up.

I have setup a page rule on CloudFlare to force HTTPS on my ERP server URL.

Any idea to resolve this?

Hi @rmehta
The errors shown above are still hounding my server. Can you please spare few minutes and revert with possible solution for the issue?

@saurabh

You shouldn’t run bench commands as root. To fix this, do :

chown -R frappe:frappe frappe-bench outside the frappe-bench folder. And then you’ll have to go into the erpnext and frappe app folders in frappe-bench/apps/ and then run git reset --hard. Then try bench update again without sudo as the frappe user.

I don’t think self-signed certificates will work. The reason “Flexible” setup works on Cloudflare, is because in that scenario the server and Cloudflare’s connection is not secure. “Full” setup requires SSL between the server and Cloudflare. Your SSL wasn’t working.

You can use Let’s Encrypt to get SSL on your server. There’s a handy command for that in bench. Use it so:

bench setup lets-encrypt [site-name]

Hi @vjFaLk

Thanks for your response. Unfortunately, your fix didn’t worked for updating setup. I used following steps:

1.) cd /home/frappe/frappe-bench/apps/erpnext

2.) sudo git reset --hard
Above command returned:
HEAD is now at a8b8d81 Merge branch ‘hotfix’

3.) cd /home/frappe/frappe-bench/apps/frappe

4.) sudo git reset --hard
Above command returned:
HEAD is now at 5b83bb4 Merge branch ‘hotfix’

5.) cd /home/frappe/frappe-bench

6.) bench update --user frappe
Above command returned following error:

Traceback (most recent call last):
File “/usr/local/bin/bench”, line 11, in
load_entry_point(‘bench’, ‘console_scripts’, ‘bench’)()
File “/home/frappe/.bench/bench/cli.py”, line 40, in cli
bench_command()
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 716, in call
return self.main(*args, **kwargs)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 696, in main
rv = self.invoke(ctx)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 1057, in invoke
Command.invoke(self, ctx)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 889, in invoke
return ctx.invoke(self.callback, **ctx.params)
File “/usr/local/lib/python2.7/dist-packages/click/core.py”, line 534, in invoke
return callback(*args, **kwargs)
File “/home/frappe/.bench/bench/commands/init.py”, line 21, in bench_command
setup_logging(bench_path=bench_path)
File “/home/frappe/.bench/bench/utils.py”, line 265, in setup_logging
hdlr = logging.FileHandler(log_file)
File “/usr/lib/python2.7/logging/init.py”, line 913, in init
StreamHandler.init(self, self._open())
File “/usr/lib/python2.7/logging/init.py”, line 943, in _open
stream = open(self.baseFilename, self.mode)
IOError: [Errno 13] Permission denied: ‘/home/frappe/frappe-bench/logs/bench.log’

Also, no luck with SSL using LetsEncrypt. When I enter the following command:

1.) cd /home/frappe/frappe-bench/

2.) sudo bench setup lets-encrypt site1.local
Above command returns following error:
You cannot setup SSL without DNS Multitenancy

Due to above error, I had to use the normal HTTPS setup which failed. I have setup other normal websites with self-signed certificates and they work like a charm through CloudFlare FULL SSL setting. As per CloudFlare, followin settings works as explained below:
FLEXIBLE: Need not have any SSL on server but connection from CF CDN to your server would not be encrypted, yet the browser will show HTTPS enabled on the site.
FULL: Need to have a SSL on the server (may that even be self-signed). The connection from visitor to the server is encrypted throughout.
STRICT: Need to have a VALID SSL issued by an authorized CA. The connection from visitor to the server is encrypted throughout.

So when I self-sign the certificate, it should work here in ERPNext setup too.

Suggestions to resolve would be highly appreciated!!

Please don’t use sudo for git commands. I’d suggest repeating my previous commands from the top without sudo.

Your site is named ‘site1.local’, which is a problem. It should be named according to your actual domain. The reason your self-signed certificate didn’t work, was the same reason. You need to rename your site.

@vjFaLk

I use following command and it returns shown error:

COMMAND: git reset --hard
ERROR: fatal: Unable to create ‘/home/frappe/frappe-bench/apps/frappe/.git/index.lock’: Permission denied

Regarding SSL: Can you advise how to change site name without breaking/disturbing other site settings?

https://discuss.erpnext.com/t/forum-rules-read-before-posting/8106

Please don’t call out users. Point 2

If you need urgent help. Hire a freelancer.

1 Like

Hi @vjFaLk

[UPDATE]

I tried to individually run the following commands for updating ERPNext (I had to use “sudo” to run these commands and without “sudo” it didn’t worked):

bench update --pull
bench update --patch
bench update --build
bench update --bench
bench update --requirements

Amongst the above, all commands ran like a charm, except this one:

bench update --bench

It seems there is some issue with “bench” pulling updates from “git”. Any suggestions now?

Hi @vjFaLk

[UPDATE]

I reinstalled complete setup on a fresh server (Ubuntu 14.04.5 this time) and I’m able to update setup using following commands:

1.) cd /home/frappe/frappe-bench/

2.) sudo bench update

Above commands fails without sudo.

SSL is still haunting me. I don’t know how to change site-name. I tried using following command to add my domain to the setup:

bench setup add-domain my.domain.com

This command returns no error and the config file shows the updated domain but SSL still fails over CloudFlare. Suggestions would be highly appreciated!

TIA