Discourse without SSL? SSL in apache2 proxy

Installation
1

Hey there! I just set up Discourse and have some issues. I set the port to something different because I would like to use my apache2 Server as a proxy/reserse-proxy (I don’t know what’s the correct term)
When I try to start my Discourse instance, it prints this error to the logs and I can’t open Discourse:

nginx: [emerg] cannot load certificate "/shared/ssl/subdomain.website.tld.cer": PEM_read_bio_X509_AUX() failed (SSL: error:0909006C:PEM routines:get_name:no start line:Expecting: TRUSTED CERTIFICATE)

Is there a way to just simply disable SSL, as I usually do SSL through apache2 anyways, since I can just easily use my .crt and .key files there. If not, a) how can I fix this issue (looks like a .cer file is missing, since there is no shared/ssl folder at all; how can I obtain that since I only have .crt and .key) and b) what would I have to do in the Vhost with the SSL if it’s already done by Discourse?
This is the parts regarding the proxying and SSL I’d normally use:

ProxyPass / http://<ip-of-discourse-vps>:<http port>/
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/<filename>.crt
SSLCertificateKeyFile /etc/apache2/ssl/<filename>.key
2

If you want to disable SSL in Discourse, edit the app.yml file (/var/discourse/containers/app.yml) and remove the templates with SSL in the name on the first lines. After that issue a rebuild (./launcher rebuild app) and after the rebuild finishes Discourse will be HTTP only.

1 Like
3

That was very easy. I now tried that, but my page is still not accessible, but at least I have a different output in the logs now:

root@<vps-hostname>:/var/discourse# docker container logs <container-id>
run-parts: executing /etc/runit/1.d/00-ensure-links
run-parts: executing /etc/runit/1.d/00-fix-var-logs
run-parts: executing /etc/runit/1.d/anacron
run-parts: executing /etc/runit/1.d/cleanup-pids
Cleaning stale PID files
run-parts: executing /etc/runit/1.d/copy-env
Started runsvdir, PID is 38
ok: run: redis: (pid 48) 0s
ok: run: postgres: (pid 46) 0s
chgrp: invalid group: ‘syslog’
rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.
rsyslogd: activation of module imklog failed [v8.1901.0 try https://www.rsyslog.com/e/2145 ]
supervisor pid: 51 unicorn pid: 76
4

Discourse doesn’t act as a “normal” container, so docker logs are useless for us.

The actual logs live in /var/discourse/shared/standalone/logs/.

But if the rebuild finished with success with zero errors, what happens when you try to curl the application in the port you set it to listen to?

1 Like
5

Do you mean the folder “log”? Because there is no folder “logs”. In that I have the folders var-log and rails both with multiple files in them. Which ones do I have to look at?
Also, I don’t know how curl works. (I would google, but I don’t know what exactly I have to do with curl, so I don’t know what to google)