How to make Discourse use https:// links for itself?


(Ralf Jung) #1

Right now, whenever Discourse has to print its own full URL, it uses “http://forum.DOMAIN”. I can see this

  • in the mails it sends
  • in the sourcecode: url('/assets/...?http://forum.DOMAIN&2&v=4.5.0');
  • during oauth, where I have to allow the http:// URL in the oauth provider

Of course my forum is available via https://, and actually all requests are redirected. How can I configure Discourse to use the correct URL?

There are other, non-Dockerized services running on the same machine as Discourse, so I have an Apache on port 80 and 443 that forwards requests to Discourse:

           # Reverse proxy configuration
           ProxyPass /.well-known/acme-challenge/ !
           ProxyPass / http://127.0.0.1:8088/
           ProxyPassReverse / http://127.0.0.1:8088/

and I told Docker to bind Discourse to port 8088:

expose:
  - "127.0.0.1:8088:80"   # fwd host port 8080   to container port 80 (http)

(Felix Freiberger) #2

There’s a site settings for this, search for HTTPS.


(Ralf Jung) #3

I found “use https” in “Security” and enabled it. However, the URL from the site source that I quoted above still is http://, I found some more http:// links (quoted below), and I still have to use the http:// URL in the OAuth provider settings or authentication won’t work.

        <link rel="alternate" type="application/rss+xml" title="Letzte Beiträge" href="https://forum.DOMAIN/posts.rss" />
    <link rel="alternate" type="application/rss+xml" title="Aktuelle Themen" href="http://forum.DOMAIN/latest.rss" />

(Ralf Jung) #4

Interestingly though, the password reminder I just sent to myself did have an https:// link. Hu?


(Ralf Jung) #5

I digged a little into the source to figure out how it could be possible that some links are https:// while others are http://. Disclaimer: I have no Ruby or Rails experience whatsoever.

It seems to me the two lines I quoted above are emitted by

    <%= auto_discovery_link_tag(:rss, "#{Discourse.base_url}/posts.rss", title: I18n.t("rss_description.posts")) %>
    <%= auto_discovery_link_tag(:rss, { action: "#{@rss}_feed" }, title: I18n.t("rss_description.#{@rss}")) %>

in app/views/list/list.erb. The first link ends up being https://, so it seems #{Discourse.base_url} is correct. The second link, I think, comes from list_controller.rb:

  def latest_feed
    discourse_expires_in 1.minute

    @title = "#{SiteSetting.title} - #{I18n.t("rss_description.latest")}"
    @link = "#{Discourse.base_url}/latest"
    @atom_link = "#{Discourse.base_url}/latest.rss"
    @description = I18n.t("rss_description.latest")
    @topic_list = TopicQuery.new(nil, order: 'created').list_latest

    render 'list', formats: [:rss]
  end

The first line in that function makes me thing that there is some caching being done here. And the cached data is incorrect, or generated incorrectly, it seems. Is there any way to test this more specifically? Is there a way to delete the cache? I have re-built the Docker image since doing the configuration change, that did not help.


(Carlo Kok) #6

This worked for me: Switched to HTTPS, 1 of the rss link is http


(Ralf Jung) #7

Thanks for the pointer! Indeed that problem sounds very similar. SSL terminates at the Apache, it would be a waste of resources to encrypt the localhost connection between Apache and Discourse.

I first tried to add a hook that patched the nginx configuration, as described in the post you linked, but whenever I did that, redis setup would fail during container build. I have no idea, why. But eventually, I learned that I could just change my apache config, which now reads

           RequestHeader set X-Forwarded-Proto "https"
           ProxyPass /.well-known/acme-challenge/ !
           ProxyPass / http://127.0.0.1:8088/
           ProxyPassReverse / http://127.0.0.1:8088/

That fixed the problem. Thanks a lot!

It is kind of strange though that some parts of Discourse take the actual protocol used for the current request into account, while others do not. In particular, since this concerns two URLs printed right next to each other in the sources^^.