For testing/validation purposes, I am installing Discourse on a local Ubuntu machine with a fixed local IP, let’s say 192.168.1.200.
It is behind a router with a public IP, let’s say A.B.C.D, which is not full-cone NAT.
For reasons beyond my control, I cannot change it to full-cone NAT. Therefore, my NAT configuration on the router is limited to a range of high-numbered incoming ports, meaning neither 443 nor 80 is available.
For example, let’s say I forward incoming port 50000 (TCP/UDP) to 192.168.1.200 on port 443.
In theory, a request arriving at the public IP A.B.C.D on port 50000 should be forwarded to 192.168.1.200:443.
I have a subdomain, let’s say: forum.mondomaine.me, with A and AAAA records pointing to the public IP A.B.C.D (for IPv4).
When I try to access the aforementioned URL, I see the redirection to A.B.C.D:50000, and of course, a rejection since nothing is (yet) listening on 192.168.1.200:443.
The tricky part is that during the Docker installation of Discourse on my machine, the domain configuration verification step fails:
Yes, as I initially wrote, I’m installing Discourse on an Ubuntu machine at home, so it is indeed a home network.
Could your ISP be blocking the traffic?
That’s exactly the case when the public IP is not full-stack. At this point, there’s nothing I can do about it.
Why not use a VPS instead?
Because for this test, I’m not planning to buy a VPS. But I agree: a VPS would be the solution if I already had one ready to go. And I wouldn’t have hesitated.
As for using a Cloudflare tunnel, from what I’ve just observed, it seems like overkill for so little… And then there’s Cloudflare…
If only it were as simple and quick to install Discourse on an isolated local network (or not)…
I did see there’s a guide somewhere (whose URL I’ve already lost) for an intranet, which also seemed quite heavy, especially compared to a standard installation!
Let’s drop it; it’s not vital, and I don’t want to spend hours on it.
For the time spent fixing everything between your own network, Your ISP actually forwarding traffic correctly, and You ensuring you’re not leaving any doors open for a suspicious actor to hijack your home network, using cloudflare tunnels is pretty easy and straightforward imo. Particularly on a home network.
Of course, I followed this topic and verified the existence of /var/discourse/shared/ssl/forum.mondomaine.me.cer, and it’s there, along with the .key and two other files: .me_ecc.cer and .key.
I rebuilt the container, but the issue persists.
I can confirm that installing Discourse on a local test machine is a real battle!
It’s clearly not encouraged.
And since there’s no simple solution (no, I will not use CloudFlare, no need to go down that road, thanks), I think this will be my last post on the subject.
One more thing: I noticed that the docker run command included DISCOURSE_FORCE_HTTPS=true, so I tried setting it to false and then restarted after rebuilding the container.
