How can I enable SSL while running on a different port + Issue with subdomain


(Daffy Chu) #1

Hello,

Recently, I have just successfully installed this forum into my server machine. But instead of just running a single Discourse forum on the machine, I combined it with cpanel web host for running custom html for other contents that I need. So I followed the How to set up Discourse on a server with existing Apache sites guide from the howto section. It works perfectly but the tutorial only provided with http with HAProxy. Then, I did a little research on getting SSL to work with HAProxy, it turned out its just pointing certificates in HAProxy. And Okay, that is solved, but here comes another problem, since I had to change the port in order for it to not conflict with each other, I decided to change Discourse’s app.yml from 443:443 to 4445:443 but whenever I rebuild the apps and tries to get into the site with that port, it doesn’t tend to want to load. (I also disabled the port 80:80 which I changed to 8888:80 (which works fine)) Lastly, the problem with my domain, since I’m using Cpanel, when I set the Cname community to point to my domain, I always get to the page Cpanel defaultpage where nothing could be found. I was wondering if it’s possible to have the subdomain point to the discourse forum instead of pointing in the folders.

The way I setup my subdomain for this purpose was (Since I use cloudflare for my dns) I setup a Cname of community pointing to my ipaddress of the machine, and usually I would create the subdomain in cpanel as well, but since I believe it will conflict each other, so I didn’t create a subdomain in cpanel with community.


To summarize my issues

  • SSL Port not working when changed to something other than 443
  • SubDomain not working due to Cpanel, even though I have the domain setup correctly

Here’s my discourse app.yml file, I have removed my domain and email w/ password for security
http://pastebin.com/95Auak28
Here’s my HAProxy config
http://pastebin.com/JSmTHN8k

Was wondering if anyone has tried this and succeed before (Cpanel w/ discourse and w/ SSL Enabled)

Any help would be appreciated, will try to reply ASAP

  • DC

Discourse + VestaCP
(Felix Freiberger) #2

Who is handling SSL here, HAProxy or Discourse? It seems like the answer is “both”, which is not good.

The usual approach is to let the front-end server handle SSL (HAProxy in your case), and then only use HTTP for the internal communication.


(Daffy Chu) #3

I was trying to have both HAProxy and discourse running in SSL, but currently I think I will have to figure out my subdomain problem first in order to test if the SSL will function correctly. Yet, still have no luck so far. I kept on rebuilding my discourse it said that it’s installing under /var/www/discourse/public/ but when I navigated into the folder, I don’t see anything that has to do with discourse. or am I looking at the wrong place for the website?
Would you possibly have any idea on the sub domain part?
Using Cpanel with Cloudflare DNS and trying to get the subdomain to go to Discourse.

-DC

(Sorry for the confusion)


(Felix Freiberger) #4

Yes, you are: Discourse is running inside its Docker container. All data is kept in /var/discourse. If you need to, you can enter the container with ./launcher enter app, but you normally shouldn’t need to. Also, you should keep in mind that you shouldn’t change the container as all changes will be lost on rebuilding.

I’ve never user Cpanel or HAProxy before, so I cannot help you directly (I use nginx as my front-end server). I just have some general guidelines:

  • Cpanel should have nothing to do with Discourse, except that you want to host it on the same server as Discourse.
  • All SSL should be handled by HAProxy.
  • The DNS for the subdomain you use for Discourse must point at your server.
  • If DNS is correct, but nothing from Discourse shows up at the subdomain, it is most likely a configuration problem with HAProxy (which is not redirecting the requests to Discourse correctly).

(Daffy Chu) #5

Solved! It was the HAProxy that i forgot to add the subdomain in, completely forgot to replace the hostname in it


(Régis Hanol) #6