I just wanted to share steps that I did, on setting up a subfolder along with cloudflare, especially when the main website is live already and the root domain can not be pointed to the forum server (even temporarily).
Key Points
- The existing
mywebsite.com
currently points to1.1.1.1
and is live - We should route
mywebsite.com/forum
(and its subdirectories) to2.2.2.2
- Since during discourse installation we can not pass the letsencrypt validation (that checks if the domain resolves the current server) we should use DNS validation
Changes in app.yml
Letsencrypt updates
Create a new letsencrypt template and set it in app.yml according to this topic: LetsEncrypt DNS Validation Template Using Cloudflare
However, make sure to copy only issue_cert
method from that post, and the rest of the content take from the original web.letsencrypt.ssl.template.yml
(as it was changed after the topic was posted).
LETSENCRYPT_CF_TOKEN: ""
LETSENCRYPT_CF_ACCOUNT_ID: ""
LETSENCRYPT_CF_ZONE_ID: ""
LETSENCRYPT_DNS_PROVIDER: "dns_cf"
- You can create the cloudflare token from CF My profile → “API Tokens” page.
- Account ID and Zone ID are shows on the domain’s Overview page.
- Leave the dns provider value as above
Subdirectory updates
According to this topic Serve Discourse from a subfolder (path prefix) instead of a subdomain set DISCOURSE_RELATIVE_URL_ROOT: /forum
under env:
and update the run:
section.
Note this post for user ips: Serve Discourse from a subfolder (path prefix) instead of a subdomain - #111 by varun21
Rebuild
After chaging the app.yml to run the rebuild command we need to skip the discourse check for the domain to resolve the current server’s ip (since our mywebsite.com
is already pointing to 1.1.1.1
, and discourse checks the root domain), for that run:
./launcher rebuild app --skip-connection-test
Cloudflare Setup
I know some people are recommending to use Workers to route /forum
to the 2.2.2.2
, however I found much easier to do it with with Load Balancing. With workers I could not solve css/js related issues anyway, even with rocket loader and other similar settings disabled. So,
- Activate the Load Balancer (under Traffic)
- Select “Manage Pools” → “Create”
- Create 2 pools (for the main website and for the forum), each of them should have only one endpoint
- Create Load Balancer, hostname should be
mywebsite.com
- Under endpoints section, choose both pools
- Skip Monitors (since we do not need to monitor the server’s health, main website should always point to
1.1.1.1
and forum to2.2.2.2
), Skip Traffic Steering (default is off) - Under Custom Rule, create one with path condition as
/forum
and point to forum endpoint
- Save/Deploy
Notes
- For some reason copying the sample app.yml and then rebuilding did not work for me (probably was doing smth wrong). So, as a solution I ran the discourse-setup for the first time with other domain and then, along with other app.yml changes above, changed the hostname and did the final rebuild
- Discourse generates 2 certificates from letsencrypt,
RSA cert
andECDSA cert
, and letsencrypt has a limit of 5 certificates per exact domain per week, if you do smth wrong 2 times in a row, the 3rd attemp will only issue one certificate, and the forum will not work (you can check the current limit by this script GitHub - sahsanu/lectl: Script to check issued certificates by Let's Encrypt on CTL (Certificate Transparency Log) using https://crt.sh). - CF Load Balancer is not free, however considering(as of now) 5 usd per 500k DNS requests cost, I think it is worth it, in comparison to the hassle with nginx etc.