Reverse Proxy and HTTPS

chrisonline · February 16, 2019, 8:07pm

On my Synology NAS I have added a reverse proxy to my local Ubuntu server.

My setup is as follow:
My domains are pointing to the public IP address and the router is routing the port 80 and 443 to the Synology NAS because my websites are installed on this NAS.

For Discourse I have installed a Ubuntu server and have set a reverse proxy on the Synology NAS to point to this server.

HTTP is working and I can access the site but not with HTTPS.
Also in the installation of discourse I got the warning that the site is not reachable via HTTPS.

Any hint why this is not working?

itsbhanusharma · February 16, 2019, 7:33pm

First thing I’d check is the reverse proxy configuration.

What You should really be doing is to proxy the HTTPS to HTTP and then manage SSL through reverse proxy

My best guess in this case is that discourse is unable to generate SSL due to the complex setup and that’s why it is not available over HTTPS

chrisonline · February 16, 2019, 7:40pm

The reverse proxy configuration is easy. I only set a source HTTP 80 and a destination HTTPS 80 and the same for HTTPS with port 443.

Source is always the domain name and destination is the internal IP.

OK can anyone confirm that this setup is not supported for SSL? Or do I miss something?

itsbhanusharma · February 16, 2019, 7:56pm

Wait, are You trying to serve HTTPS over port 80 or am I missing something?

chrisonline · February 16, 2019, 7:57pm

No 80 to 80 and 443 to 443.

itsbhanusharma · February 16, 2019, 7:58pm

Do it this way:
80 to 80
443 to 80

And terminate SSL on your reverse proxy

chrisonline · February 16, 2019, 8:01pm

Why? So Discourse is getting the port 80 and SSL won’t work or the certificate.

itsbhanusharma · February 16, 2019, 8:09pm

The only explanation I have for you sounds like this:

You’re using a complex setup.
I run my discourse behind an nginx reverse proxy
I followed a guide here on meta to configure my proxy
It said that you have to terminate ssl to rp and forward requests to Discourse over port 80 (or socket in my case)

What I know of the internet is that You can’t reverse proxy SSL certificates.

That’s the best I have for You, can’t help any more than that.

EDIT: this is the guide I’m talking about: Adding an offline page when rebuilding

chrisonline · February 16, 2019, 8:24pm

Ok thanks. I will try this tomorrow.

Stephen · February 17, 2019, 6:05am

If you aren’t encapsulating https in docker there’s no need to expose 443 at all. Your proxy can forward that.

chrisonline · February 17, 2019, 6:24am

I don’t get it.
I want that my site is available via HTTPS.
So I do the setup with SSL Let’s Encrypt.
But I get the warning that it is not reachable via port 443.

So I need a reverse proxy with 443 to 443.
Why should I don’t need 443?

Stephen · February 17, 2019, 6:51am

Do your rules in AWS allow 443/HTTPS?

itsbhanusharma · February 17, 2019, 8:11am

Where is AWS coming from?
His setup is a VM running on Synology NAS

Stephen · February 17, 2019, 8:27am

itsbhanusharma · February 17, 2019, 8:28am

So both topics are related?

Stephen · February 17, 2019, 8:34am

Only that they’re failing to configure discourse in both places. Another #unsupported-install anyhow

chrisonline · February 17, 2019, 1:50pm

No AWS. Local install!

chrisonline · February 17, 2019, 1:51pm

No AWS and no VM running on Synology NAS.

I have a small server (no VM) running in my network.
My Synology NAS is only the main entry point from the router for the traffic 80 and 443 because I have hosted some Websites on my NAS.

But the Discourse setup is running on a local server (not virtual) with Ubuntu.
The reverse proxy is on my Synology NAS and should route the subdomain to the local server.

chrisonline · February 17, 2019, 1:53pm

No they are different.
This topic is for the local server and the reverse proxy on my Synology NAS.
The other topic is for the AWS installation and already fixed.