I would to redirect users that access the discourse site on port http to port https. I have checked force https
but that does not seem to be causing a redirect to happen. The SSL termination is being done external to discourse (discourse always listens on 80).
So add a HSTS header there.
What does the force https
setting do if it doesnt set HSTS and it doesnt do a 3xx redirect?
Add the SSL-only cookies among other things.
In our recommended way to setting SSL, this is all handled automatically:
That template seeks to handle the SSL termination entirely. Would be nice to have a simpler template for cases where termination is handled by eg the load balancer. Also ,I think that even with that flag set, I a seeing cookies with out the secure flag set.
Hey @Falco, let me get into this conversation…
I’ve the same proble as @arothberg described. I am using a AWS Load Balancer with an Amazon Issued Certificate. When i was accessing my forum by https://www.forum.com.br it worked fine, but when accessing by forum.com.br , as the default is http, not working.
I tried adding:
- replace:
filename: "/etc/nginx/conf.d/discourse.conf"
from: /server.+{/
to: |
server {
listen 80;
return 301 https://$$ENV_DISCOURSE_HOSTNAME$request_uri;
}
server {
But i received a Too Many Request error. I tried also:
- replace:
filename: "/etc/nginx/conf.d/discourse.conf"
from: /server.+{/
to: |
server {
listen 80;
server_name forum.com.br www.forum.com.br;
rewrite ^/(.*) https://$$ENV_DISCOURSE_HOSTNAME$request_uri permanent;
}
server {
But with no success…
Do you guys can help me? My forum is down…
Thanks in advance.
I’ve replace the entire web.ssl.template.yml
with both snippets as i said above.
Did you solved that problem ? geting same bug …
For people who use AWS Classic Load Balancer still trying to solve this.
You should read this page: Redirect HTTP Traffic to HTTPS Using ELB
Basically, Ngnix should redirect to https if X-Forwarded-Proto: http
. This header is set by the load balancer. Thus the communication between web server and load balancer is always http. That means that Ngnix serves only http and the load balancer through https.
So, what I did, was to add the following to my container configuration (web.yml):
run:
- replace:
filename: "/etc/nginx/conf.d/discourse.conf"
from: /server.+{/
to: |
server {
if ($http_x_forwarded_proto = 'http'){
return 301 https://$host$request_uri;
}
Great hint indeed ! Thanks
I can confirm that using the X-Forwarded-Proto
to redirect the requests also works like a charm with Google Cloud’s HTTPS Load Balancer, if anyone wonders