Set up Discourse on a server with existing Apache sites

AstonJ · 2020 年 1 月 5 日午後 8:22

HTTPS については、私の最新の設定ファイルをご覧ください:

global
	#
	# 以下のパスにアップロード: /etc/haproxy/
	#
  # これらのメッセージを /var/log/haproxy.log に出力するには、
  # 以下の手順が必要です:
  #
  # 1) syslog がネットワークログイベントを受け付けるように設定します。
  #    /etc/sysconfig/syslog の SYSLOGD_OPTIONS に '-r' オプションを追加することで可能です。
  #
  # 2) local2 イベントを /var/log/haproxy.log ファイルに送信するように設定します。
  #    /etc/sysconfig/syslog に以下のような行を追加できます。
  #
  #    local2.*                       /var/log/haproxy.log
  #
  # log         127.0.0.1 local2


  tune.ssl.default-dh-param 2048

  ssl-default-bind-options no-sslv3 no-tls-tickets
  ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

  ssl-default-server-options no-sslv3 no-tls-tickets
  ssl-default-server-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA



  # chroot      /var/lib/haproxy
  pidfile     /var/run/haproxy.pid
  maxconn     4000
  user        haproxy
  group       haproxy
  daemon

  # stats unix socket を有効化
  stats socket /var/lib/haproxy/stats

  tune.ssl.default-dh-param 2048

defaults
  mode                    http
  log                     global
  option                  httplog
  option                  dontlognull
  option http-server-close
  # option forwardfor       except 127.0.0.0/8
  option forwardfor
  option                  redispatch
  retries                 3
  timeout http-request    10s
  timeout queue           1m
  timeout connect         10s
  timeout client          1m
  timeout server          1m
  timeout http-keep-alive 10s
  timeout check           10s
  maxconn                 3000


frontend http-in
  bind *:80
  bind :::80 
  bind *:443 ssl crt /etc/haproxy/certs/ no-sslv3 no-tlsv10
  bind :::443 ssl crt /etc/haproxy/certs/ no-sslv3 no-tlsv10
  acl letsencrypt-acl path_beg /.well-known/acme-challenge/
  use_backend letsencrypt-backend if letsencrypt-acl
  default_backend main_apache_sites
  reqadd X-Forwarded-Proto:\ https if { ssl_fc }


  # ホストを定義
  redirect prefix http://forum1domain.com code 301 if { hdr(host) -i www.forum1domain.com }
  acl host_discourse hdr(host) -i forum1domain.com
  redirect prefix http://forum2domain.com code 301 if { hdr(host) -i www.forum2domain.com }
  acl host_discourse_2 hdr(host) -i forum2domain.com
  redirect prefix http://forum3domain.com code 301 if { hdr(host) -i www.forum3domain.com }
  acl host_discourse_3 hdr(host) -i forum3domain.com

  # サイトを HTTPS にリダイレクト
  acl ssl_redirect_hosts hdr(Host) -i forum2domain.com
  acl ssl_redirect_hosts hdr(Host) -i forum1domain.com
  acl ssl_redirect_hosts hdr(Host) -i forum3domain.com
  redirect scheme https if ssl_redirect_hosts !{ ssl_fc }
  redirect scheme https code 301 if !{ ssl_fc }


  # 使用するバックエンドを決定
  use_backend discourse_docker if host_discourse
  use_backend discourse_docker_2 if host_discourse_2
  use_backend discourse_docker_3 if host_discourse_3


backend main_apache_sites
  server server1 127.0.0.1:8080 cookie A check
  cookie JSESSIONID prefix nocache

backend discourse_docker
  server server2 127.0.0.1:8888 cookie A check
  cookie JSESSIONID prefix nocache

backend discourse_docker_2
  server server2 127.0.0.1:8889 cookie A check
  cookie JSESSIONID prefix nocache

backend discourse_docker_3
  server server2 127.0.0.1:8890 cookie A check
  cookie JSESSIONID prefix nocache

backend letsencrypt-backend
  server letsencrypt 127.0.0.1:54321

トピック		返信	表示
Discourse not loading with Apache and proxy redirect Self-hosting	8	2459	2020 年 8 月 14 日
Discourse + web server. Possible or better to avoid? Self-hosting	17	3753	2020 年 8 月 14 日
I want to install using a reverse proxy for Apache Self-hosting	13	4558	2021 年 8 月 8 日
Run other websites on the same machine as Discourse Self-Hosting advanced-setup , how-to	66	137022	2025 年 2 月 23 日
Fresh install returning 502 Bad Gateway Self-hosting unsupported-install	28	850	2024 年 4 月 11 日

Set up Discourse on a server with existing Apache sites

関連トピック