Discourse behind reverse proxy and https

I got Apache2 working “no problem” in a test bed with Apache2 as a reverse proxy to a unix socket in the container:

The only difference I found (note: only a few hours of testing, nothing complete) was:

  • Apache2 will not work with with a symlink to the unix socket in the shared volume in the container;
  • Apache2 was a bit slower in a rough test, but not by much.

Personally, I’m not a fan of religious wars over technologies; so I disagree that “Apache2 will give you a lot of issues.” I did not experience any negative issues with Apache2 during my tests.

Here is the core setup I used with Apache2 (HTTP, worked fine with LETSENCRYPT, BTW):

# cat discourse.example.conf
<VirtualHost *:80>
  ServerAdmin webmaster@localhost
  ServerName  discourse.example.com
  DocumentRoot /website/discourse

  RewriteEngine On
  ProxyPreserveHost On
  ProxyRequests Off
  ProxyPass / unix:/var/discourse/shared/socket-only/nginx.http.sock|http://localhost/
  ProxyPassReverse  / unix:/var/discourse/shared/socket-only/nginx.http.sock|http://localhost/
  ErrorLog /var/log/apache2/discourse.error.log
  LogLevel warn
  CustomLog /var/log/apache2/discourse.access.log combined

  RewriteCond %{SERVER_NAME} =discourse.example.com
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Note: The only time we experienced issues with HTTP being served even when force_https set was when files were missing in the /uploads directory, but this (of course) is not related to Apache2 v. nginx as a reverse proxy.

1 Like