For Cloudflare SSL, all I did was regular install and DNS A record. (Is this ok? Sure was easy)


#1

The SSL instructions were kinda confusing me because I used Cloudflare for a particular site. Discourse SSL install was talking about lets encrypt and never mentioned too much how to use any other way, in fact I posted a topic offering paid help but no one even replied (months ago)

so forums.siteexample.com rule has https and I figured out how to set up the nginx vhost file for it after months got lucky.

So Im wondering if this is fine and there will be no problems. I do have that one message:

Some problems have been found with your installation of Discourse:

  • Your website is using SSL. But [force_https](https://forums.siteexample.com/admin/site_settings/category/all_results?filter=force_https) is not yet enabled in your site settings.

gonna try to enable it soon just to see what happens, everything has been fine so far


(Geran Smith) #2

You might not be able to do force HTTPS if you never configured your server for HTTPS support. There won’t be issues if you don’t enable that.


#3

Thanks for some insight. I do wonder why they never just suggested to do is this way (site and subdomain wide ssl. CF even has its on force https, plus if people didnt use that option with CLF theres always .htaccess redirect code too.

Thanks Geran


(Rafael dos Santos Silva) #4

Because it’s bad. All traffic between your server and Cloudflare will be insecure.

Since Discourse supports free, real SSL out of the box, there is no reason to suggest a more complicated alternative that results in less security.


#5

CF has different options for that to make it secure in that regard afaik, not sure if that changes anything but point taken, and thanks for the info Rafael


(Cameron:D) #6

CloudFlare does have those options, but only the basic/‘pretend’ option (SSL between the user and CF, insecure between CF and server) will work unless you set up SSL on your Discourse server, and if you’re going to do that, Let’s Encrypt is the easiest way - a few lines in a config file and you’re done.


#7

Yea I’m starting to look into it now. Lets encrypt on whole LEMP server, will reinstall discourse with my settings on my test site. Thx cam