Force Redirect HTTP to HTTPS


(Alex Rothberg) #1

I would to redirect users that access the discourse site on port http to port https. I have checked force https but that does not seem to be causing a redirect to happen. The SSL termination is being done external to discourse (discourse always listens on 80).


(Rafael dos Santos Silva) #2

So add a HSTS header there.


(Alex Rothberg) #3

What does the force https setting do if it doesnt set HSTS and it doesnt do a 3xx redirect?


(Rafael dos Santos Silva) #4

Add the SSL-only cookies among other things.

In our recommended way to setting SSL, this is all handled automatically:


(Alex Rothberg) #5

That template seeks to handle the SSL termination entirely. Would be nice to have a simpler template for cases where termination is handled by eg the load balancer. Also ,I think that even with that flag set, I a seeing cookies with out the secure flag set.


(Michael Coelho) #6

Hey @Falco, let me get into this conversation…

I’ve the same proble as @arothberg described. I am using a AWS Load Balancer with an Amazon Issued Certificate. When i was accessing my forum by https://www.forum.com.br it worked fine, but when accessing by forum.com.br , as the default is http, not working.

I tried adding:

  - replace:
     filename: "/etc/nginx/conf.d/discourse.conf"
     from: /server.+{/
     to: |
       server {
         listen 80;
         return 301 https://$$ENV_DISCOURSE_HOSTNAME$request_uri;
       }
       server {

But i received a Too Many Request error. I tried also:

  - replace:
     filename: "/etc/nginx/conf.d/discourse.conf"
     from: /server.+{/
     to: |
       server {
         listen 80;
         server_name forum.com.br www.forum.com.br;
         rewrite ^/(.*) https://$$ENV_DISCOURSE_HOSTNAME$request_uri permanent;
       }
       server {

But with no success…

Do you guys can help me? My forum is down…

Thanks in advance.


(Michael Coelho) #7

I’ve replace the entire web.ssl.template.yml with both snippets as i said above.


(Mindaugas Bartusevičius) #8

Did you solved that problem ? geting same bug …