Adding an offline page when rebuilding

(Jeff Atwood) #45

Hmm, wait, @sam complained this turns off http2. But, I upgraded to Ubuntu 16.04 and then changed this line:

listen 443 ssl; listen [::]:443 ssl;


listen 443 ssl http2; listen [::]:443 ssl http2;

And it seems to pass http/2 through fine now?

(Rafael dos Santos Silva) #46

Yeah, on 16.04 nginx can do http2.

(Felix Freiberger) #47

I’ve slightly worded down the warning in the initial post to reflect this. Thanks for confirming, @codinghorror and @Falco!

(Jeff Atwood) split this topic #48

6 posts were split to a new topic: Let’s Encrypt won’t renew with offline page

(Hosein Naseri) #49

Can you clarify the purpose of adding this header here? It seems it has conflict with embedding comments.

(Felix Freiberger) #50

No sense at all, at least now, since Discourse returns its own header. I’ll remove it from the howto. Thanks for reporting this!

Let's Encrypt won't renew with offline page
(Dan) #51

Hi, with the recent version of discourse is this still needed?
Any downside/disadvantage of using this approach?

Why not modify directly the Nginx built in/default with discourse/docker to specify error pages?

(Matt Palmer) #52

Because the container needs to running in order to serve pages, and the point of this configuration is to serve an error page when the Discourse app container isn’t running.

(Hosein Naseri) #53

When you define the ssl_ciphers in nginx like what is proposed here, then your instance doesn’t support TLSv1 and TLSv1.1 anymore. Or at least not in my situation.

(Felix Freiberger) #54

True that, so you could simplify the configuration by removing the outdated protocols. I’ll do that, thanks!

(Bhanu Sharma) #55

I had a Question!!

will using https:// instead of http:// in the above url break or else create any complication into the setup?

(Felix Freiberger) #56

Why would you want to do that? This traffic never touches the network, there is no reason for HTTPS here.
In this setup, HTTPS is provided entirely by the outer Nginx instance :slight_smile:

(Bhanu Sharma) #57

I asked that because in such a case with wordpress, using a https proxy for a http site will mess up a lot of thing even if one has got site working on both if the url is left http then there are a lot of content warnings at times so I was just curious to know.

anyway thanks for clarification.

(Felix Freiberger) #58

This is taken care of by the headers set by Nginx, especially X-Forwarded-Proto: It tells Discourse that the user-facing protocol is HTTPS :slight_smile:

(Bhanu Sharma) #59

So necessarily it won’t matter if http or https is used in this configuration? right?

Ps: sorry for a noob question, I don’t really know much about http headers

(Felix Freiberger) #60

If you follow the instructions in the original post, this should work out :+1:

(Bhanu Sharma) #61

That’s exactly the way I got it to work, this is why I had that one question so I asked. that setup is really a life saver in terms of crowd retention.


(Bhanu Sharma) #62

Also, this tutorial comes in handy if one doesn’t want to use the webroot module!

Slight configuration change is required to the default vhost then this will work just fine!

(Diego Barreiro) #63

This is still showing me the 502 error page from Cloudflare:

My NGINX config file:

server {
  listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2;

  client_max_body_size 0;

  location / {
    error_page 502 =502 /errorpages/discourse_offline.html;
    proxy_intercept_errors on;

    proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
    proxy_set_header Host $http_host;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;

  location /errorpages/ {
    alias /var/www/errorpages/;

However this works:

(Felix Freiberger) #64

Are you sure that you followed the steps exactly? Can you post your app.yml file (with sensitive information redacted)? Did you rebuild after changing app.yml?