An error occurs when building Discourse over HTTP

ramamang · December 26, 2024, 11:15am

Domain configuration completed
AWS EC2 instance created
Certificate issued using ACM
Configured 443 and connected the certificate via ALB
ALB routes domain traffic to the EC2 instance on port 80

Before building Discourse, I modified the app.yml file to configure HTTP connections:

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  ## Uncomment the next line to enable the IPv6 listener
  #- "templates/web.ipv6.template.yml"
  - "templates/web.ratelimited.template.yml"
  ## Uncomment these two lines if you wish to add Lets Encrypt (https)
  #- "templates/web.ssl.template.yml"
  #- "templates/web.letsencrypt.ssl.template.yml"

## which TCP/IP ports should this container expose?
## If you want Discourse to share a port with another webserver like Apache or nginx,
## see https://meta.discourse.org/t/17247 for details
expose:
  - "80:80"   # http
 #- "443:443" # https

After making the changes, I built Discourse and checked the configuration, but nginx keeps requesting an SSL key with the following error:

[emerg] 7416#7416: cannot load certificate "/shared/ssl/discourse.xxxxxxx.com.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0480006C:PEM routines::no start line:Expecting: TRUSTED CERTIFICATE)

Is there a way to prevent nginx from attempting to load the key or to make nginx work properly over HTTP?

MihirR · December 27, 2024, 4:44am

The error happens because Nginx is still looking for an SSL certificate, but your ALB is handling the SSL. Here’s how to fix it:

Check your app.yml: It looks like you’ve already disabled SSL templates, so you can skip this.
Rebuild Discourse: Run ./launcher rebuild app to apply the changes.
Check Nginx settings: Inside the container, look at the Nginx config and make sure there are no SSL lines (ssl_certificate, ssl_certificate_key). If you find any, remove them and restart Nginx with sv restart nginx.
Verify your ALB setup: Make sure your ALB is terminating SSL on port 443 and forwarding HTTP (port 80) to your EC2.

That should stop Nginx from looking for the SSL certificate, and everything should work fine over HTTP!

ramamang · December 27, 2024, 5:04am

Thank you. I resolved the issue based on the related content and other feedback.

Topic		Replies	Views
Discourse without SSL? SSL in apache2 proxy Installation	4	2580	December 10, 2019
SSL zero length .cer file Installation	3	413	August 10, 2024
Discourse website not loading after installation without enabling Let's Encrypt Installation	17	2644	April 9, 2020
502 Gateway Error on Nginx? Installation	3	833	May 7, 2020
I can't set nginx: [emerg] cannot load certificate "/var/discourse/shared/standalone/ssl/ssl.crt": BIO_new_file() failed Installation	12	5616	August 20, 2020

An error occurs when building Discourse over HTTP

Related topics