Thought I would give an update on my situation.
After some study, I decided I needed a multisite setup (one container at this point) with an ‘outside’ nginx site to explain the setup and direct people and traffic to the separate discourse sites. That way I could make both sites open for read-only access (and web crawlers) without the folks on list1 having to deal with the content from list2. I may have to fiddle with robots.txt to make the web crawlers happy.
The multisite setup examples were instructive, but I could not get it to work with a unix socket (gateway error), so I wound up forwarding them to another port and redirecting that port to 443 inside the container.
In my app.yml file I enabled the SSL template but not the letsencrypt one.
I did get the testbed site working, now I’m looking for any issues that might arise when I convert the production site, hopefully later this month or next.
I’m taking care of the certificate issue on the outside server side, but I ran into the ‘not secure’ issue that I fixed by requiring https in the container. I have a task that I will run via cron to copy the latest certificate and key to the container’s /shared/ssl directory (as ssl.crt and ssl.key). Not sure if I will need to force a reload of nginx inside the container to make sure a new certificate is loaded when it changes (in July, I think).
I did run into one discourse gotcha:
In the container /etc/nginx/conf.d/discourse.conf file there is this code fragment (domain name changed):
if ($http_host != ‘site1.my.domain’) {
rewrite (.*) https://site1.my.domain$1 permanent
}
This was causing site2.my.domain to be redirected to site1.my.domain, so I had to comment it out.
NOTE: Rebuilding the container requires redoing this edit, is there a way to avoid that?
And this led to a browser gotcha, because now firefox had flagged that redirect as permanent, so I had to delete the browser cache. (That took me far too long to figure out!)
I did come up with one other strange thing.
On my testbed site, the parameter to require https was not checked for either site. On my production site that parameter isn’t even present in the settings file. I’m guessing that has something to do with differences between the two sites.