Hi All
I have been through the docs and read through the configuration setups and recommendations posted and have tried to modify the same for my unique situation.
For something that appears to be quite simple, it is incredibly frustrating that none of the proposed solutions have worked.
Our environment:
- We run an AWS EC2 instance, more specifically an AWS Linux 2 AMI;
- We have apache2 running and configured;
- The instance is part of an AWS target group which is referenced by our AWS load balancer;
- Our SSL / TLS certificate is AWS provided and is associated with the load balancer;
- Our domain provider is
name.com; - As part of our setup we have multiple sub domains routed using CNAME records all pointing to the AWS load balancer which then manages traffic to the EC2 instance;
- All traffic routed to the load balancer and served to the web user is secure;
- On our server we run three separate node express applications;
- The ports are defined in express as part of the express server setup, currently ports 3000, 4000 and 5000;
- Traffic is routed by apache using the sub domain to the relevant web app, for example:
<VirtualHost *:80>
ServerName subdomain.domain.io
ProxyPreserveHost On
ProxyPass "/" "http://localhost:4000/"
ProxyPassReverse "/" "http://localhost:4000/"
</VirtualHost>
-
Though not particularly relevant we use PM2 to manage our express apps so that they automatically start up on server reboot.
-
On the same server we have installed docker;
-
We have then also installed discourse using app.yaml copy (using Run other websites on the same machine as Discourse - #182 by angus for guidance).
Current status:
- Docker is running
- The discourse app (container) is running
- The express apps are all running and are being properly routed by apache
Notes:
- I tried running building the app initially without exposing the ports per the documentation, when that didn’t work I did expose port 8000 over http port 80;
- In my simple understanding docker is like a house and the various containers are the rooms. Docker determines how the app is accessed i.e. which room to access. My thought by exposing port 8000 was that I could then reference port 8000 as I do with my other express apps now that 8000 was exposed. But this does not work, below is an example of what I tried to do in apache:
# FAQ (DISCOURSE ROUTES)
<VirtualHost *:80>
ServerName discourse.domain.io
ProxyPreserveHost On
ProxyPass "/" "http://localhost:8000/"
ProxyPassReverse "/" "http://localhost:8000/"
</VirtualHost>
- The simple test was to try and put localhost:8000 into the browser on the server and test. The server is the AWS guid with chromium installed. The fact that this does not resolve immediately tells me that there is an issue and that my understanding is missing something fundamental. My web apps run and are available on the ports I specify in the express setup, my expectation was that it was the same for the docker container.
Additional notes:
- I realise that there is a potential solution by putting NGINX “in front of” apache and docker to route traffic from
discourse.domain.ioto say port 8000 on the local server i.e. the port that is exposed for the docker container and also route all other traffic from *.domain.io to apache on say port 9000 and then change my virtual host config to route traffic from port 9000 accordingly, i.e. :
# EXPRESS APP ROUTING IN APACHE
<VirtualHost *:9000>
ServerName other_sub_domains.domain.io
ProxyPreserveHost On
ProxyPass "/" "http://localhost:4000/"
ProxyPassReverse "/" "http://localhost:4000/"
</VirtualHost>
- To me this seems completely unnecessary. If the domain
discourse.domain.iois routed to apache and apache receives the request and then tries to route it should be as simple as pointing it to the docker container exposed port. - Also if localhost:8000 on the server itself isn’t resolving then this would not work anyway.
Currently I get a 502 error in chrome when I try to navigate to my discourse docker container. (See above screenshot).
Extract from app.yml
## this is the all-in-one, standalone Discourse Docker container template
##
## After making changes to this file, you MUST rebuild
## /var/discourse/launcher rebuild app
##
## BE *VERY* CAREFUL WHEN EDITING!
## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
## visit http://www.yamllint.com/ to validate this file as needed
templates:
- "templates/postgres.template.yml"
- "templates/redis.template.yml"
- "templates/web.template.yml"
- "templates/web.ratelimited.template.yml"
- "templates/web.socketed.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
#- "templates/web.ssl.template.yml"
#- "templates/web.letsencrypt.ssl.template.yml"
## which TCP/IP ports should this container expose?
## If you want Discourse to share a port with another webserver like Apache or nginx,
## see https://meta.discourse.org/t/17247 for details
expose:
- "8000:80" # http
#- "443:443" # https
params:
db_default_text_search_config: "pg_catalog.english"
## Set db_shared_buffers to a max of 25% of the total memory.
## will be set automatically by bootstrap based on detected RAM, or you can override
#db_shared_buffers: "256MB"
## can improve sorting performance, but adds memory usage per-connection
#db_work_mem: "40MB"
## Which Git revision should this container use? (default: tests-passed)
#version: tests-passed
env:
LC_ALL: en_US.UTF-8
LANG: en_US.UTF-8
LANGUAGE: en_US.UTF-8
# DISCOURSE_DEFAULT_LOCALE: en
## How many concurrent web requests are supported? Depends on memory and CPU cores.
## will be set automatically by bootstrap based on detected CPUs, or you can override
#UNICORN_WORKERS: 3
## TODO: The domain name this Discourse instance will respond to
## Required. Discourse will not work with a bare IP number.
DISCOURSE_HOSTNAME: 'discourse.domain.io'
## Uncomment if you want the container to be started with the same
## hostname (-h option) as specified above (default "$hostname-$config")
#DOCKER_USE_HOSTNAME: true
## TODO: List of comma delimited emails that will be made admin and developer
## on initial signup example 'user1@example.com,user2@example.com'
DISCOURSE_DEVELOPER_EMAILS: 'user@domain.io'
## TODO: The SMTP mail server used to validate new accounts and send notifications
# SMTP ADDRESS, username, and password are required
# WARNING the char '#' in SMTP password can cause problems!
DISCOURSE_SMTP_ADDRESS: email-smtp.us-east-1.amazonaws.com
DISCOURSE_SMTP_PORT: 587
DISCOURSE_SMTP_USER_NAME: ******
DISCOURSE_SMTP_PASSWORD: ******
#DISCOURSE_SMTP_ENABLE_START_TLS: true # (optional, default true)
#DISCOURSE_SMTP_DOMAIN: ****** # (required by some providers)
#DISCOURSE_NOTIFICATION_EMAIL: ****** # (address to send notifications from)
## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
#LETSENCRYPT_ACCOUNT_EMAIL: me@example.com
## The http or https CDN address for this Discourse instance (configured to pull)
## see https://meta.discourse.org/t/14857 for details
#DISCOURSE_CDN_URL: https://discourse-cdn.example.com
## The maxmind geolocation IP address key for IP address lookup
## see https://meta.discourse.org/t/-/137387/23 for details
#DISCOURSE_MAXMIND_LICENSE_KEY: 1234567890123456
## The Docker container is stateless; all data is stored in /shared
volumes:
- volume:
host: /var/discourse/shared/standalone
guest: /shared
- volume:
host: /var/discourse/shared/standalone/log/var-log
guest: /var/log
## Plugins go here
## see https://meta.discourse.org/t/19157 for details
hooks:
after_code:
- exec:
cd: $home/plugins
cmd:
- git clone https://github.com/discourse/docker_manager.git
## Any custom commands to run after building
run:
- exec: echo "Beginning of custom commands"
## If you want to set the 'From' email address for your first registration, uncomment and change:
## After getting the first signup email, re-comment the line. It only needs to run once.
#- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
- exec: echo "End of custom commands"
My domain, email address and email config are correct. As mentioned, I do not require SSL/TLS configuration.
Request:
- Is the NGINX solution the only way I can get this setup working and if so is there a clearer explanation available with regards to the setup steps? I am not in a position to start with the server from scratch just to get discourse working and with no guarantees.
- In Discourse behind reverse proxy and https - #2 by itsbhanusharma @Dark Matter provided the following as an apache2 solution, but I do not believe this solution has a node express environment in mind and with my localhost:8000 not resolving I am not sure if this would work:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName discourse.example.com
DocumentRoot /website/discourse
RewriteEngine On
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / unix:/var/discourse/shared/socket-only/nginx.http.sock|http://localhost/
ProxyPassReverse / unix:/var/discourse/shared/socket-only/nginx.http.sock|http://localhost/
ErrorLog /var/log/apache2/discourse.error.log
LogLevel warn
CustomLog /var/log/apache2/discourse.access.log combined
RewriteCond %{SERVER_NAME} =discourse.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
- Is the issue here with my discourse config? Is the issue perhaps my apache routing (I suspect)? Or am I missing something more fundamental here?
- I do think that resolving this will help a lot of users in the future.
- First prize would be to route to discourse on the server locally.
- Then routing via the url would be the next prize.
Best regards
Matthew Lucas
