Using Apache as a proxy is not recommended as Apache Httpd uses thread-per-connection model, and will likely run out of threads very fast as Discourse uses long polling. (related).
The goal of this post is to help you set up Let’s Encrypt with Apache SSL. It assumes that you have already properly configured Discourse.
Configuration notes
Do not enable web.ssl.template.yml
and web.letsencrypt.ssl.template.yml
. You only need one of your servers to present a certificate, and that should be your Apache server.
Configure your apache virtualhost
Keep only one virtualhost per file. Configure as per usual. Really, this step doesn’t matter much.
Get your Let’s Encrypt certificate
Get your certificate with certbot
from Let’s Encrypt:
certbot --apache -d forum.example.org
Modify the Apache files
You should have two files that are enabled: forum.example.org.conf
and forum.example.org-le-ssl.conf
. Make them the following:
forum.example.org.conf:
<VirtualHost x.x.x.x:80>
ServerName forum.example.org
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteCond %{SERVER_NAME} =forum.example.org
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
forum.example.org-le-ssl.conf:
<VirtualHost x.x.x.x:443>
ServerName forum.example.org
RewriteEngine On
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/forum.example.org/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/forum.example.org/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://127.0.0.1:4578/
ProxyPassReverse / http://127.0.0.1:4578/
</VirtualHost>
Done
This should work. Good luck!