Hi, I successfully installed Retool on premise on my Google Cloud Platform but after finishing the configuration of SSL certificate the application start give me often this error: ERR_CONNECTION_REFUSED
It's impossible to use it because it happens very often.
It happens also that some page give and error like this Loading CSS chunk 656104 failed.
The firewall it’s correct, I really don’t know how to handle this issue.
Could someone give me some advices?
Hey @mattia! Would you mind sharing a screenshot of your resource setup page, as well as a screenshot of the app error you’re running into?
In both cases, do you see any browser console errors?
The webserver is in a continuous restarting after a few seconds.
retool-onpremise_api_1 docker-entrypoint.sh bash ... Up 0.0.0.0:3000->3000/tcp,:::3000->3000/tcp, 3001/tcp, 3002/tcp
retool-onpremise_db-connector_1 docker-entrypoint.sh bash ... Up 3000/tcp, 3001/tcp, 3002/tcp
retool-onpremise_db-ssh-connector_1 docker-entrypoint.sh bash ... Up 3000/tcp, 3001/tcp, 3002/tcp
retool-onpremise_https-portal_1 /init nginx-debug -g daemo ... Restarting
retool-onpremise_jobs-runner_1 docker-entrypoint.sh bash ... Up 3000/tcp, 3001/tcp, 3002/tcp
retool-onpremise_postgres_1 docker-entrypoint.sh postgres Up 5432/tcp
retool-onpremise_user-postgres_1 docker-entrypoint.sh postgres Up 5432/tcp
2022/12/17 10:36:46 [warn] 161#161: conflicting server name "retool.volty.it" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "retool.volty.it" on 0.0.0.0:80, ignored
2022/12/17 10:36:46 [notice] 161#161: signal process started
2022/12/17 10:36:47 [warn] 191#191: conflicting server name "retool.volty.it" on 0.0.0.0:80, ignored
2022/12/17 10:36:47 [warn] 190#190: conflicting server name "retool.volty.it" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "retool.volty.it" on 0.0.0.0:80, ignored
nginx: [warn] conflicting server name "retool.volty.it" on 0.0.0.0:80, ignored
2022/12/17 10:36:47 [emerg] 191#191: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2022/12/17 10:36:47 [emerg] 191#191: bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
2022/12/17 10:36:47 [emerg] 191#191: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2022/12/17 10:36:47 [emerg] 191#191: bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
2022/12/17 10:36:47 [emerg] 191#191: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2022/12/17 10:36:47 [emerg] 191#191: bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
2022/12/17 10:36:47 [emerg] 191#191: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2022/12/17 10:36:47 [emerg] 191#191: bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
2022/12/17 10:36:47 [emerg] 191#191: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2022/12/17 10:36:47 [emerg] 191#191: bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
2022/12/17 10:36:47 [emerg] 191#191: still could not bind()
If possible, sending me a DM with me your env file would be super helpful!
This error can come up with the DOMAINS variable is set to incorrectly, like https://retool.yourorg.name/
The correct format is with no protocol specified? So something like this:
DOMAINS=retool.yourorg.name -> http://api:3000
After making this change (if relevant), you would restart your containers!
These docs might be helpful here: https://docs.retool.com/docs/configure-ssl-certificates#set-up-and-configure-nginx
Let me know if this helps at all, or if you're still blocked 
Hi, i sent you the env file.
Could you help me to solve this issue?
Received—thank you! Will take a look and get back to you
While I’m looking, I just want to make sure I know which setup process you followed so I can try to track down the error Did you follow this doc by any chance? https://docs.retool.com/docs/configure-ssl-certificates
docker-compose.yml
my image is
image: tryretool/https-portal:latest
not
image: nginx:latest
should i change it?
Depends on which section of your docker-compose.yml you're referring to!
The image: nginx:latest is for the https-portal in your docker-compose.yml
I wonder if the issue is in the nginx's container's ability to issue the certificate. Specifically, it looks like the container might be having a problem confirming the DNS record which means the outbound request on port 80 might not be making it through. Can we try opening up port 80, restarting, and then checking the https-portal logs to see if that resolves the error?
Just to double check, have you opened up your instance's security group to port 80 from 0.0.0.0/0.
I do believe we need to keep this open to all port ranges. LetsEncrypt, the service that provides the certificate, doesn't provide a list of IPs that are needed (see their FAQ here). If locking down the list of outbound IP's is an important step, I'd recommend moving off of LetsEncrypt and switching to AWS as the certificate provider.