Concatenating letsencrypt ssl key/cert after discourse build


(Andygmb) #1

Hi all,

I’m running haproxy infront of discourse, and haproxy needs the /shared/ssl/hostname.key & /shared/ssl/hostname.cer files to be concatenated. I can do this manually of course, but I would like to be able to add a simple cat /var/discourse/shared/ssl/hostname.key >> /var/discourse/shared/ssl/hostname.cer after the files are generated.

I attempted to add it as an exec:cmd: to the end of /var/discourse/templates/web.letsencrypt.ssl.template.yml but when I rebuilt the app I was getting git errors about unstaged changes (naturally).

I’m using this discourse/docker setup GitHub - discourse/discourse_docker: A Docker image for Discourse

TL;DR I need to cat ssl.key >> ssl.cer after the letsencrypt template generates them, what is the best way to do this?


(Jay Pfaffman) #2

Is haproxy running outside the Discourse/Docker instance? If so, maybe what you want to do is cat those in /etc/rc.local on the instance that’s running haproxy? For that matter, if I understand your setup, maybe you want to is just do all the letsencrypt stuff outside of the Docker instance.


(Andygmb) #3

Thanks for the response.

Haproxy is running outside of the docker instance, it redirects people either to discourse on port 8080, or a seperate apache instance on port 8888.

maybe what you want to do is cat those in /etc/rc.local on the instance that’s running haproxy

I’m not entirely sure what you mean by this. Could you explain further?

maybe you want to is just do all the letsencrypt stuff outside of the Docker instance.

The benefit of using the letsencrypt template is that it’s all handled for me by the template - I don’t want to break that ease of use by having to set up all my own scripts for it.


(Jay Pfaffman) #4

But since you are running Haproxy outside of docker, you do have to create your own scripts if you want to use the letsencrypt stuff that is inside of docker (that’s what you’re asking for!). The good news is that you can use the lets encrypt scripts on the VM where haproxy is running and it’ll handle it automagically just like the one inside docker is doing. Check out Getting Started - Let’s Encrypt - Free SSL/TLS Certificates and How To Secure Apache with Let’s Encrypt on Ubuntu 14.04 | DigitalOcean.