HTTPS works perfectly, but HTTP URL displays NGINX welcome page and doesn't redirect

I’ve recently installed Discourse to a Ubuntu Focal Fossa VPS and it works great, however I’m struggling to overcome some URL peculiarities.

The following is the behaviour I am seeing (in Safari). I have A NAME records for @, WWW and * created in with my registrar. [displays Welcome to nginx! page] FAIL [redirects to] PASS [displays Welcome to nginx! page] FAIL [redirects to and works fine] PASS [works as expected, doesn't redirect] PASS [errors with 'This Connection is Not Private' browser message] FAIL

I would like my installation to be at the root/apex so I entered at setup.

Any advice graciously received!

Are you running an external nginx in the Discourse server? Why?

Discourse already ships with a pre-configured nginx that will handle that provided you let it listen to the 80 and 443 ports.

1 Like

Hi @Falco, thank you for your reply. Not to my knowledge no, the image from the VPS provider is just called “Focal Fossa Clean OS” which I assume means it contains no third party tools.

This is just straight out of the box using the “30 minute” install route published.

sudo su

wget -qO- | sh

git clone /var/discourse

cd /var/discourse

1 Like

Ohh that is a really weird behavior then!

Can you share your app.yml here (remove the sensitive data like passwords). The file lives at /var/discourse/containers/app.yml.

Also the docker ps -a output.

Sure thing, thank you. Would my domain having a weird TLD cause any issues? (it’s a .community).

## this is the all-in-one, standalone Discourse Docker container template
## After making changes to this file, you MUST rebuild
## /var/discourse/launcher rebuild app
## visit to validate this file as needed

  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - "templates/web.ratelimited.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
  - "templates/web.ssl.template.yml"
  - "templates/web.letsencrypt.ssl.template.yml"

## which TCP/IP ports should this container expose?
## If you want Discourse to share a port with another webserver like Apache or nginx,
## see for details
  - "80:80"   # http
  - "443:443" # https

  db_default_text_search_config: "pg_catalog.english"

  ## Set db_shared_buffers to a max of 25% of the total memory.
  ## will be set automatically by bootstrap based on detected RAM, or you can override
  db_shared_buffers: "768MB"

  ## can improve sorting performance, but adds memory usage per-connection
  #db_work_mem: "40MB"

  ## Which Git revision should this container use? (default: tests-passed)
  #version: tests-passed

  LANG: en_US.UTF-8

  ## How many concurrent web requests are supported? Depends on memory and CPU cores.
  ## will be set automatically by bootstrap based on detected CPUs, or you can override

  ## TODO: The domain name this Discourse instance will respond to
  ## Required. Discourse will not work with a bare IP number.

  ## Uncomment if you want the container to be started with the same
  ## hostname (-h option) as specified above (default "$hostname-$config")

  ## TODO: List of comma delimited emails that will be made admin and developer
  ## on initial signup example ','

  ## TODO: The SMTP mail server used to validate new accounts and send notifications
  # SMTP ADDRESS, username, and password are required
  # WARNING the char '#' in SMTP password can cause problems!
  #DISCOURSE_SMTP_ENABLE_START_TLS: true           # (optional, default true)
  #DISCOURSE_SMTP_DOMAIN:    # (required by some providers)

  ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate

  ## The http or https CDN address for this Discourse instance (configured to pull)
  ## see for details

  ## The maxmind geolocation IP address key for IP address lookup
  ## see for details

## The Docker container is stateless; all data is stored in /shared
  - volume:
      host: /var/discourse/shared/standalone
      guest: /shared
  - volume:
      host: /var/discourse/shared/standalone/log/var-log
      guest: /var/log

## Plugins go here
## see for details
    - exec:
        cd: $home/plugins
          - git clone

## Any custom commands to run after building
  - exec: echo "Beginning of custom commands"
  ## If you want to set the 'From' email address for your first registration, uncomment and change:
  ## After getting the first signup email, re-comment the line. It only needs to run once.
  #- exec: rails r "SiteSetting.notification_email=''"
  - exec: echo "End of custom commands"


CONTAINER ID   IMAGE                 COMMAND        CREATED          STATUS          PORTS                                      NAMES
465fbf1c3fb8   local_discourse/app   "/sbin/boot"   47 minutes ago   Up 46 minutes>80/tcp,>443/tcp   app

Maybe this distro your provider give you comes with pre-installed nginx ?

What does curl -I localhost prints?

HTTP/1.1 301 Moved Permanently
Server : nginx/1.18.0
Date : Mon, 25 Jan 2021 20:18:00 GMT
Content-Type : text/html
Content-Length : 169
Connection : keep-alive
Location :

Does this mean it was already installed? (sorry I’m a n00b at this)

That is the exact expect response when it’s working. So, is still showing nginx welcome page? is working just fine, but (HTTP) goes off to the Welcome to nginx! page :sob:

Can you share the actual domain?

Sooo, that doesn’t give me the nginx welcome page at all.

Can you try it on another device like your phone?

curl -I -L
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0
Date: Mon, 25 Jan 2021 20:35:21 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

HTTP/2 200 
server: nginx
date: Mon, 25 Jan 2021 20:35:22 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
x-discourse-route: finish_installation/index
cache-control: no-cache, no-store
content-security-policy: base-uri 'none'; object-src 'none'; script-src; worker-src 'self'
x-request-id: 8755d4fa-387f-4509-8709-b6075f274d09
x-runtime: 0.026020
strict-transport-security: max-age=31536000
1 Like

Ok well I’m clearly a moron. Tried on my phone over 4G (to check local DNS), all those URLs worked fine. Reconnected to WiFi, all work fine. So I then cleared the cache of Safari on the desktop and boom — everything works there too.

It must have been from when I was initially testing the host and the cache hasn’t flushed since. Thank you so much for your help to troubleshoot and sorry for taking up your time.