Masked domain a really bad idea with Discourse?


(Peter Bäckgren) #1

I’m in the process of changing a raw ip address to a domain name (or subdomain actually). Since I’m running into problems I’ll probably save time and/or do it smarter by asking a few simple questions (ok, forget the word simple). I’ve read some of the basics like Change the domain name or rename my Discourse? and was thrilled to see you can change all posts to the new domain name… but, but, but…

So I’ve been having our forum at http://139.59.213.172/ and it has worked well for half a year.

I have registered jobscoop.fi at Gandi (several weeks ago).

So now I figured the easiest way to test this is to mask forum.jobscoop.fi to 139.59.213.172 (also weeks ago). As Gandi shows it:
forum -> http://139.59.213.172/ (cloak)

Maybe cloaking is a really bad idea, maybe I should go with CNAME or something. Not too familiar with all this (I do not care about search engine results). This is probably my most important question.

Once the rebuild after the change to app.yml finally ended…

I got nervous enough at propagating when I got the 502 Bad Gateway but that resolved itself fast enough.

To make things really fun I use SSO btw :wink: .

I’ve also had some issues with Firefox lately in another instance of Discourse (not mine). FYI.

Now, http://forum.jobscoop.fi/ does not work with Firefox anymore (but http://139.59.213.172/ still does). Chropera, Edge work (almost) fine so not too worried (except I need to solve the following by looking at the Discourse login logs eventually). FYI again.

So, basically Chropera and Edge work. I can see Discourse sends forum.jobscoop.fi in the sso. But after replying I get returned to the login sso page for some reason even though the login succeeds because I can verify it by going to http://139.59.213.172/ as the next step and Discourse happily lets me in (no login asked). Note, forum.jobscoop.fi does not let me in.

With Firefox, if I use http://139.59.213.172/, as I said, Firefox hangs at the forum.jobscoop.fi and once I replace that with http://139.59.213.172/ manually I get

“Account login timed out, please try logging in again.”

After which http://139.59.213.172/ works just fine. Since I know it’s not timing out in a few seconds it’s just the replacing of forum… with 139… that Discourse (or Firefox?) somehow hates.

Sorry about the rambling style, I’ve been writing/reading/solving for hours and it’s way past midnight.

Maybe using CNAME will make everything work as supposed?

Still CURIOUS why this does NOT work. I found the new (?) “sso allows all return paths” but changing that did not make a difference. Not sure if I’ve seen “verbose sso logging” before but that could come in handy.

“Verbose SSO log: Started SSO process nonce…”
“Verbose SSO log: User was logged on…”

But I already knew that. What I don’t know is why I get returned to the sso login screen.

And right now I cannot remember/google where the command window logs are… the extremely detailed one you viewed with the launcher or something?

Yes, time for bed, obviously.


(Joe Buhlig) #2

I had trouble following this so let me ask a simple question. Did you create an A record (not CNAME) for forum on the jobscoop.fi domain that points to 139.59.213.172? That would be key to the whole process and I didn’t see anywhere that you mentioned that piece.


(Peter Bäckgren) #3

I did that once but could not get it to work.

So I tried a masked forwarding one instead of a direct one (since I want the url to look right). Usually works quite well in small projects but this is more complicated software so…

I will try again following

I’m still curious why I get returned to the login screen. So could someone tell me how to locate the detailed logs from command line (the admin error logs are not detailed - not the way I remember them from over a year ago). What I’m looking for is access that looked like something like this which showed sso nonce and a whole lot of other stuff:

cd /var/discourse
./launcher xxxxx
yyyyy???


(Peter Bäckgren) #4

OK, that propagated fast. This time it worked (and the user interface looked easier than half a year ago). Just for reference, as pictures make things easier for whoever as clueless as me trying it later on:

“*” points to another site with web pages and stuff
"forum" points to a Digital Ocean droplet

Thanks for the help.

(still would like to find the more detailed logs)