HTTPS through Proxy; Discourse still trying to get files using HTTP

Hey there! I just attempted to setup my Discourse Forum. When I clicked the link in the E-Mail I saw a button, but couldn’t press it. I saw quite a bunch of errors which seems to be there because it’s trying to load files over HTTP. This may be caused by the fact that I’m not using HTTPS through Discourse but rather through my apache2 Webserver using a ProxyPass. How can I make it request the files ofer HTTPS without using Discourse’s HTTPS? (Or tell me a way to use my already to easily existing .crt and .key Files with Discourse that would work as well :wink:)

Did you enable force https in discourse?

1 Like

How would I do this? (without using LetsEncrypt or SSL via Discourse)
Would I just uncomment the templates/web.ssl.template.yml and leave templates/web.letsencrypt.ssl.template.yml commented? (Sorry for asking but it takes so long to rebuild so I’d rather make sure)

You Just have to go to settings and enable the checkbox that says force https.

Just to be clear, be 100% sure that your reverse proxy can handle ssl for discourse before enabling that setting.

:warning: Discourse doesn’t play nice with apache2 … If possible move to nginx.

Wait what Settings? Where the hell would I find a checkbox? is the path where you’ll find your Discourse admin panel.

But for that I need an Account on my Forum first, which I can’t create without fixing the HTTPS Issue

You can enable force SSL via console:

./launcher enter app
rails c
SiteSetting.force_https = true
1 Like

Do I have to rebuild or do anything after that?
Edit: I’ve rebuilded. Still get that same error that some files are still loaded via HTTP

force_https was removed from the admin UI as it caused more confusion than anything else.

As discourse installs https by default now, it’s only cases like this one where it needs to be enabled manually.

1 Like

It wasn’t enabled by default for me. I was having trouble using the installer script so I edited the app.yml. Is this the reason?

Are you doing HTTP behind the proxy by disabling the template for HTTPS?

The two HTTPS Templates were disabled by default for me.
Discourse is running on the two default Ports on Server 2
I’m then using a ProxyPass in an apache2 (running on Server 1) VHost where SSL is configured.
I just noticed that I can just enable HTTPs via Discourse and since Discourse is running on the Default Ports, I can just put on the IP of Server 2.
How would I go about enabling SSL? Uncomment the two templates and then enter the LetsEncrypt E-Mail? Also, how do I create an Account on LetsEncrypt? I can’t find any “Register” Button on their website.

Pretty much that, enable the template for HTTPS and let’s encrypt, make sure port 443 is exposed and specify an email before rebuilding.

There’s very few good reasons to put Discourse behind a proxy. If it has a dedicated server and FQDN it will be much easier to manage with the above.

But what E-Mail do I have to specify there? It says for an LetsEncrypt Account, so I have to create one? Where?

Just an email to receive notifications on. You don’t need to register it beforehand.

I just enabled SSL and everything, but now I get a Cloudflare 502 Error.

Make sure that the proxy is setting the X-Forwarded-Proto header to https appropriately, which should fix https detection.

1 Like

Turn Cloudflare off for now. Unless you’re frequently attacked it’s a cause of more hurt than good.

If the orange cloud is enabled Discourse can’t enrol the certificate from Let’s Encrypt.

Did that. HTTPS is working now, it’s loading everything over HTTPS, BUT:
I still can’t press the Button on the Account Verification Page.

There is an error and a few warnings in the Console as well: