There seems to be missing a whitespace in the pasted code at the beginning of line 17.
I just thought that’s it, but it seems correct (two whitespace) in my local file…
As sure as I can get, which would never be 100% though…
To confirm again, I edited the file with notepad++on my local machine, deleting the two whitespaces and the linebreak, hitting enter and adding two whitespaces manually. another copy to pastebin has the same result: http://pastebin.com/rYPc5xSg
At last, I edited the file on the server the same way, using nano, copy from there to pastebin: same strange result: http://pastebin.com/MBVPXkV5
Definitly highly suspicius, but I am out of ideas…
The activation link still starts with “http://http://…”, could this be caused by discourse.conf in the nginx/conf.d? I copied it from the howto on Running other websites on the same machine as Discourse, only altering the server_name.
Watch out: My example enables HSTS. If your site goes live with this configuration, visitors that have seen it will refuse to use http for up to 2 years.
Ok, your last warning made me rather try the SSL config from the howto on running other websites on the same machine as Discourse.
I have a partial success: when I enter the old http domain, it routes me to the https site and shows the correct certificate. But there is no discourse, only a bad gateway (502).
Also, I had to stop apache2 for enabling the new nginx config, probably because apache2 was still listening on port 443. So now I assume I have to change the port in the in the apache config that listens to SSL to another port, to which nginx needs to forward requests to subfolders it cannot find. How do I configure nginx to do this?
EDIT: Reading through the SSL tutorial again reminded me I needed to add the “templates/web.ssl.template.yml” which I deleted before. Rebuilding took for ever, because “Generating DH parameters” - but in the end, still the same result (bad gateway). I bet I missed to enable SSL in some config file…
You don’t actually needed that, as you want the outer nginx to handle SSL, not Discourse’s internal nginx instance.
If my HSTS remark scared you off, you can just comment out the line that sets Strict-Transport-Security or decrease the number there to a low number of seconds.
Ah, I see. I will try with your config and “add_header Strict-Transport-Security “max-age=60;”;” then. Restarting nginx gave me complaints about the cert now, so I am rebuilding the app again without the web.ssl.template.yml. Another 6 long minutes…
Is it correct for the same reason I do not need to expose port 443 within the app.yml, because all the port handeling happens outside of the container, or could there be an error? I deleted the lines "expose: - “80:80"” "expose: - “443:443"” and and added “templates/web.socketed.template.yml” instead (as explained in the howto on running other websites on the same machine as Discourse).
No improvement
The rebuild was unnecessary I guess, I should have adjusted the certificate paths. Now nginx starts correctly again, but still bad gatway on every domain and subfolder.
Do I need to configure SSL within my nginx sites enabled? Because that I haven’t done yet…
Yes, that sounds right. You want the Discourse (and its inner nginx instance) to simply listen to normal HTTP traffic on the socket, all handling of HTTPS (and sorting traffic between Discourse and Apache) is handled by the outer nginx.
(The configurations I posted above are slightly cleaned up versions of what I run in production.)
I’m a bit surprised by that. As long as you took the original port-80-configuration block and simply changed the port to 443 and added the relevant SSL options, nothing in the routing should change, i.e. you should see the same behavior, just over HTTPS instead of HTTP.
I think I got it. Embarassing to say, but I missed one path at your redirect block needed adjustment to my setup proxy_pass http://unix:/var/discourse/shared/vorkurs/nginx.http.sock:; must be proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
for me and it works… I have a secure discourse setup
But how do I forward the subfolders from my owncloud and dokuwiki to the apache?
That soulds like a good source of error for my problem. But if that is what the location part from the howto on Running other websites on the same machine as Discourse does, it is included: