Similar situation here. I installed Discourse on example.com and had a CNAME DNS record for www.example.com.
Now I went to https://check-your-website.server-daten.de and got a bad rating, because the SSL certificate was not valid for www.example.com and also http://www.example.com was forwarding to https://example.com.
Steps I took:
- Replace CNAME record for
www.example.comby A and AAAA records. - Add
www.example.comas an additional domain to app.yml following
Redirect additional domain(s) to your Discourse instanceafter_web_config: - replace: filename: /etc/nginx/nginx.conf from: /sendfile.+on;/ to: | server_names_hash_bucket_size 64; sendfile on; - file: path: /etc/nginx/conf.d/discourse_redirect_1.conf contents: | server { listen 80; server_name www.example.com; return 301 $scheme://example.com$request_uri; } - Adjust SSL following Set up Let’s Encrypt with multiple domains / redirects
after_ssl: - replace: filename: "/etc/runit/1.d/letsencrypt" from: /-k 4096 -w \/var\/www\/discourse\/public/ to: | -d www.example.com -d example.com -k 4096 -w /var/www/discourse/public - replace: filename: "/etc/runit/1.d/letsencrypt" from: /-k 4096 --force -w \/var\/www\/discourse\/public/ to: | -d www.example.com -d example.com -k 4096 --force -w /var/www/discourse/public - replace: filename: "/etc/nginx/conf.d/discourse.conf" from: /return 301 https.+/ to: | return 301 https://$host$request_uri; - replace: filename: "/etc/nginx/conf.d/discourse.conf" from: /gzip on;[^\}]+\}/m to: | gzip on; add_header Strict-Transport-Security 'max-age=31536000'; ./launcher rebuild app
Now, the rating for the site has improved, but one issue remains:
Wrong redirect http ⇒ http
Somewhere there’s 301 redirect
http://www.example.com ⇒ http://example.com.
I guess it should be
http://www.example.com ⇒ https://www.example.com ⇒ https://example.com
Any idea how to achieve this?