Install Discourse on a residential internet with Cloudflare Tunnel

Since Discourse now has support for running on a Raspberry Pi, running a small instance in your home lab will become a common use case. However, many residential ISPs block incoming traffic to the ports 80/443 that Discourse need.

For our demo site at https://discourse-on-a-pi.falco.dev/ we used Cloudflare Tunnel to work around this, and you can do it too!

Setup your tunnel

First, follow the following guide:

The only change you need is changing the URL from url: http://localhost:8000 to url: http://localhost:80. Leave the tunnel running the background already.

Disable Rocket Loader

You must disable Cloudfalre Rocket Loader for Discourse to work properly.

https://community.cloudflare.com/t/how-can-i-remove-the-rocket-loader-script-from-the-header-tag-on-my-website/4229/2

Install Discourse

Follow How to install Discourse in production, but hit CTRL+C after it creates the the app.yml file gives you a 5 seconds count-down.

Now edit the file first few lines so it looks like this:

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - "templates/cloudflare.template.yml"
#  - "templates/web.ratelimited.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
#  - "templates/web.ssl.template.yml"
#  - "templates/web.letsencrypt.ssl.template.yml"

and add the following line under the env: section:

DISCOURSE_FORCE_HTTPS: true

And then run ./launcher rebuild app.

While you are waiting, install a page rule to always redirect to HTTPS like this:

In a few minutes your new Discourse instance will be available on the domain you used in the tunnel/discourse configuration .

I think it’s better that mention about port. If user decide to use argo tunnel, then they need to setup their port the same as tunnel settings. For example:

-80:80
#-443:443

then they need to let the tunnel listen
http://localhost:80

What I use is use unix socket to connect them.

Isn’t that what I mention here:

?

Hi Rafael,

Thanks for the tutorial.

I’ve followed everything as per your guide above and everything works fine however;

Upon clicking on the link in the email to activate my account I get flown back to the correct webpage with an activation button, however this button doesn’t work. I’ve looked up guidance on this forum and it looks like a domain to ip issue?

I have confirmed force_https is set to true in the config.

Any thoughts / did you run into this issue (Screenshot attached) of the button that doesn’t do anything?

SCR-20211222-q2s2324×460 42.2 KB

Alright so I managed to fix this.

Just ensure rocket loader is disabled

Cheers!

Finally, installed Discourse on Raspberry Pi. But i have problems with Cloudflare Tunnels.

I can’t access to Discourse site with domain, something strange in the config.yml configuration?

url: http://localhost:80
tunnel: 371dd57c-************
credentials-file: /home/pi/.cloudflared/371dd57c-*********.json

What is the tunnel command output? It should be explicit about any mistakes you made on the configuration.

cloudflared tunnel info output:

cloudflared tunnel info ******
2022-01-24T04:55:47Z INF Cannot determine default origin certificate path. No file cert.pem in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared] originCertPath=
2022-01-24T04:55:47Z ERR You need to specify the origin certificate path with --origincert option, or set TUNNEL_ORIGIN_CERT environment variable. See https://developers.cloudflare.com/argo-tunnel/reference/arguments/ for more information. originCertPath=
error parsing tunnel ID: Error locating origin cert: client didn't specify origincert path when running from terminal

Looks like you misplaced the certificate file? If you are running as root, the file should be under

/root/.cloudflared/

and not where you put it as

I have already cert.pem file.

And are you trying to start the tunnel as the pi user or as root?

I am using this command as pi user

cloudflared tunnel run <UUID or NAME>

image586×844 104 KB

Hi @bekircem,

It looks like your Cloudflared has been able to initiate a connection to Cloudflare’s edge.

Have you enabled the Routing with a CNAME to your Argo Tunnel ID on Cloudflare?

https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/routing-to-tunnel/dns

Cheers,

Alex.

Hi @Stigin, thank you for the reply.

Yes, i am enabled routing from the command line

image2046×228 33.1 KB

Interesting one @bekircem - Hmm!!

What is the current error you’re getting when browsing to your website address? Is it just a generic Cloudflare Argo Tunnel error page?

Could you please show us your running containers by running the command: docker ps and show us your current running tunnels with cloudflared tunnel list || Make sure you blur out your argo route / any non-relevant containers!

Alex.

What is the current error you’re getting when browsing to your website address? Is it just a generic Cloudflare Argo Tunnel error page?

No there is no Cloudflare Argo Tunnel error page.

ERR_NAME_NOT_RESOLVED

docker ps

CONTAINER ID   IMAGE                 COMMAND        CREATED        STATUS        PORTS                                                                      NAMES
f1bde9b70f55   local_discourse/app   "/sbin/boot"   11 hours ago   Up 11 hours   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp   app

When use this command as a root user cloudflared tunnel list

2022-01-24T15:55:03Z INF Cannot determine default origin certificate path. No file cert.pem in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared] originCertPath=
2022-01-24T15:55:03Z ERR You need to specify the origin certificate path with --origincert option, or set TUNNEL_ORIGIN_CERT environment variable. See https://developers.cloudflare.com/argo-tunnel/reference/arguments/ for more information. originCertPath=
Error locating origin cert: client didn't specify origincert path when running from terminal

When use this command as a pi user cloudflared tunnel list

You can obtain more detailed information for each tunnel with `cloudflared tunnel info <name/uuid>`
ID                                   NAME      CREATED              CONNECTIONS
371dd57c-**************** ze****2022-01-24T03:35:19Z

It is normal?

We need to use a subdomain for DISCOURSE_HOSTNAME in the config.yml file, right?

Update: I am uninstalled Cloudflared and reinstalled with root user and it works now. I still don’t understand where exactly I went wrong in my previous attempt.

Somehow I finally ran the site on Raspberry and it’s live.

I don’t really understand how. I am removed Cloudflared and re-install it with root user. And it works…

I have two questions,

1- It seems my SSL certificate not work correctly so I can’t login to my admin account on Discourse. (It appears to be running in incognito tab. Maybe it’s something about cache.) Are you using full or full(strict)?

image1920×1044 139 KB

2- I have questions about running cloudflared as a service. https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/run-as-service

I ran tunnel with cloudflared tunnel run <UUID or NAME> command. But when i close the iterm windows will it stop working?

image1084×956 129 KB

If you have already logged in and have a configuration file in ~/.cloudflared/ , these will be copied to /etc/cloudflared/ .

If you do not have a configuration file, you will need to create a config.yml file with fields listed above. You can pass a custom file by running cloudflared --config CONFIG-FILE service install .

I checked, i don’t have configuration file in /etc/cloudflared/. In this case, what should I do to run this service automatically?

Thank you.

Questions that are more specific about the Cloudflare tunnel service may receive better answers at Topics tagged cloudflaretunnel

Hey @bekircem,

I think reinstalling it would of fixed the issue of cloudflared not finding the certificate…

With regards to running Cloudflare as a service - the configuration file you created when running the service manually will need to be moved to /etc/cloudflared.

I’m unsure about linking personal sites here so please let me know if I need to remove this but I’ve covered this under my one of my blogs under the section called: ‘Setup and Run Cloudflared as a Service’

Let us know how you get on!

Alex.

Thank you for the reply.

Great blog post, thanks for sharing.

Run Cloudflared as a Service

sudo cloudflared service install

config.yml file automatically copied to /etc/cloudflared/.

sudo systemctl start cloudflared

sudo systemctl enable cloudflared

And it’s working great. I haven’t tried rebooting yet but I hope it will work.