So I’ve finally found time to work through the “Setting up Let’s Encrypt with Multiple Domains” and “Redirect single/multiple domain(s) to your Discourse instance” guides.
I’ve added a lot more to my containers/app.yml file than you did and nearly everything works correctly.
My Discourse is hosted on the www. subdomain and my goal was to redirect http and https requests from the apex domain to the www subdomain. This now works but if I go to https://mydomain.com, it does redirect but Chrome the following warning in the console:
Redirecting navigation example.com -> www.example.com because the server presented a certificate valid for www.example.com but not for example.com. To disable such redirects launch Chrome with the following flag: --disable-features=SSLCommonNameMismatchHandling
Here’s my app.yml additions:
after_ssl:
- replace:
filename: "/etc/runit/1.d/letsencrypt"
from: /--keylength/
to: "-d example.com -d www.example.com --keylength"
- replace:
filename: "/etc/nginx/conf.d/discourse.conf"
from: /return 301 https.+/
to: |
return 301 https://$host$request_uri;
- replace:
filename: "/etc/nginx/conf.d/discourse.conf"
from: /gzip on;[^\}]+\}/m
to: |
gzip on;
add_header Strict-Transport-Security 'max-age=31536000'; # remember the certificate for a year and automatically connect to HTTPS for this domain
after_web_config:
- replace:
filename: /etc/nginx/nginx.conf
from: /sendfile.+on;/
to: |
server_names_hash_bucket_size 64;
sendfile on;
- file:
path: /etc/nginx/conf.d/discourse_redirect_1.conf
contents: |
server {
listen 80;
listen 443 ssl;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
Does this look correct? If so, is there a solution to the certificate name mismatch problem?
EDIT: I have two A Records, one for the www subdomain and another using @ to catch all requests to the apex domain. Both point to my Digital ocean droplet IP. I assume this is also correct?
Thanks.