That was easy. Thanks again 
It seems it is working great now, the last part is to enable ssl. As I see it, I need to
change /etc/nginx/conf.d/discourse.conf as described in the howto on Running other websites on the same machine as Discourse.
Put my ssl certificate files into /var/discourse/shared/standalone/ssl/ and change the file names according to the howto
? Is that it, or do I also need to make changes to nginx.conf and/or nginx/conf.d/discourse.conf?
My recommendation would be:
server block to be the block for SSL.server block that redirects all HTTP requests to HTTPs.For reference, here is such a redirect block:
server {
listen 80;
server_name domain.com;
return 301 https://$host$request_uri;
}
Hereās how the SSL configuration could look like:
server {
listen 443 ssl;
server_name domain.com;
ssl_certificate /etc/ssl/certs/cert.crt;
ssl_trusted_certificate /etc/ssl/certs/cert.crt;
ssl_certificate_key /etc/ssl/private/cert.key;
ssl_ciphers "AES256+EECDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000;";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_stapling on;
ssl_stapling_verify on;
client_max_body_size 20m;
location / {
proxy_pass http://unix:/var/discourse/shared/vorkurs/nginx.http.sock:;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# proxy_redirect http://vorkurs-discourse.cs.uni-saarland.de/ https://vorkurs-discourse.cs.uni-saarland.de/;
}
}
Watch out: My example enables HSTS. If your site goes live with this configuration, visitors that have seen it will refuse to use http for up to 2 years.
Ok, your last warning made me rather try the SSL config from the howto on running other websites on the same machine as Discourse.
I have a partial success: when I enter the old http domain, it routes me to the https site and shows the correct certificate. But there is no discourse, only a bad gateway (502).
Also, I had to stop apache2 for enabling the new nginx config, probably because apache2 was still listening on port 443. So now I assume I have to change the port in the in the apache config that listens to SSL to another port, to which nginx needs to forward requests to subfolders it cannot find. How do I configure nginx to do this?
EDIT: Reading through the SSL tutorial again reminded me I needed to add the ātemplates/web.ssl.template.ymlā which I deleted before. Rebuilding took for ever, because āGenerating DH parametersā - but in the end, still the same result (bad gateway). I bet I missed to enable SSL in some config fileā¦
You donāt actually needed that, as you want the outer nginx to handle SSL, not Discourseās internal nginx instance.
If my HSTS remark scared you off, you can just comment out the line that sets Strict-Transport-Security or decrease the number there to a low number of seconds.
Ah, I see. I will try with your config and āadd_header Strict-Transport-Security āmax-age=60;ā;ā then. Restarting nginx gave me complaints about the cert now, so I am rebuilding the app again without the web.ssl.template.yml. Another 6 long minutesā¦
Is it correct for the same reason I do not need to expose port 443 within the app.yml, because all the port handeling happens outside of the container, or could there be an error? I deleted the lines "expose: - ā80:80"ā "expose: - ā443:443"ā and and added ātemplates/web.socketed.template.ymlā instead (as explained in the howto on running other websites on the same machine as Discourse).
No improvement 
The rebuild was unnecessary I guess, I should have adjusted the certificate paths. Now nginx starts correctly again, but still bad gatway on every domain and subfolder.
Do I need to configure SSL within my nginx sites enabled? Because that I havenāt done yetā¦
Yes, that sounds right. You want the Discourse (and its inner nginx instance) to simply listen to normal HTTP traffic on the socket, all handling of HTTPS (and sorting traffic between Discourse and Apache) is handled by the outer nginx.
(The configurations I posted above are slightly cleaned up versions of what I run in production.)
Iām a bit surprised by that. As long as you took the original port-80-configuration block and simply changed the port to 443 and added the relevant SSL options, nothing in the routing should change, i.e. you should see the same behavior, just over HTTPS instead of HTTP.
I think I got it. Embarassing to say, but I missed one path at your redirect block needed adjustment to my setup
proxy_pass http://unix:/var/discourse/shared/vorkurs/nginx.http.sock:; must be
proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
for me and it worksā¦ I have a secure discourse setup 
But how do I forward the subfolders from my owncloud and dokuwiki to the apache?
Oops, I forgot to clean up that path 
As the other paths are on the same hostname as far as I understand, you want to add blocks like this to the same server block:
location /example/ {
proxy_pass http://localhost:8080/example/;
proxy_redirect http://domain.com/example/ https://domain.com/example/;
proxy_redirect http://domain.com:8080/example/ https://domain.com/example/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
You may have to experiment with these a bit, especially the proxy_redirect ones. You can read up details in the nginx documentation.
Ok, I need to send requests that went to
https://domain.com/owncloud
http://domain.com/owncloud
on to the apache, I configured ports.conf as follows:
NameVirtualHost 127.0.0.1:8080
Listen 127.0.0.1:8080
so it listens on port 8080 (and only on that, because nginx will not start if apache blocks a port that nginx wants to use).
In the nginx sites-enabled I added the following location part
location /owncloud/ {
proxy_pass http://localhost:8080/owncloud/;
proxy_redirect http://domain.com/owncloud/ https://domain.com/owncloud/;
proxy_redirect http://domain.com:8080/owncloud/ https://domain.com/owncloud/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
but https://domain.com/owncloud and http://domain.com/owncloud still send me to a discourse site saying the site is not availableā¦
Did you make sure that the location-block sending traffic to Discourse only matches the subfolder Discourse is running in?
That soulds like a good source of error for my problem. But if that is what the location part from the howto on Running other websites on the same machine as Discourse does, it is included:
location /forum/ {
proxy_pass https://unix:/var/discourse/shared/standalone/nginx.https.sock:;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
is it correct to put the discourse subfolder into the first line? It is not in the howto, but it isnāt meant for subfolder configā¦
ā¦included in the domain config within the nginx sites-enabled, not in the nginx/conf.d/discourse.conf. Replacing the locations part there with the one mentioned above there leeds to 404 and 502 all overā¦
Hm, not good. Your configuration is probably too specific to debug this remotely, so here is some more general advice:
/forum/ traffic to Discourse, or it will ā surpsrise ā route all traffic to Discourse./forum/somewhere. Therefore, the outer nginx must not strip the /forum from the request, or Discourse will rightfully respond with 404 errors.
Also, your proxy_pass directive above looks fishy: nginx should speak HTTP to Discourse, not HTTPS.
Ok, you are right, it has allready become quite specificā¦
Thanks a lot for your patience and walking me through to this point. I will try to figure out the rest and hopefully get back to this thread with a positive result.
Thanks again for your effort, I got the main part working thanks to you and I learned a lot, which is worth even more to me
Sweet, it works now - all perfect 
One remaining problem was proxy_pass needed to be
https://localhost:8080/subfolder instead of
http://localhost:8080/subfolder
And there was an apache misconfiguration (rewrite rules that enforced https before, which is now handeled by nginx)
fefrei, I would not have gotten near this far without your patient help, thank you very much!
Thanks for reporting back!
If you want, you can post a cleaned-up version of your configuration here, in case someone else has a similar setup.
Of course, thatās a good idea and the least I can do!
I attached the files to this post, because the format seems to get broken by some characters inside the files. The ending .txt must of course be deleted, but I needed to add this to be allowed to upload the files hereā¦ and the capitalized parts of the code need to be changed to the individual system.
I think all the changes I made were in these files:
I hope I this might help someone someday 
Cheers!
Here is a solution how it works with nginx. http://www.benjaminroesner.com/blog/install-discourse-with-docker-in-subfolder-with-ssl-and-serve-other-content-under-the-same-domain/