Reverse Proxy and HTTPS

Support
1

On my Synology NAS I have added a reverse proxy to my local Ubuntu server.

My setup is as follow:
My domains are pointing to the public IP address and the router is routing the port 80 and 443 to the Synology NAS because my websites are installed on this NAS.

For Discourse I have installed a Ubuntu server and have set a reverse proxy on the Synology NAS to point to this server.

HTTP is working and I can access the site but not with HTTPS.
Also in the installation of discourse I got the warning that the site is not reachable via HTTPS.

Any hint why this is not working?

2

First thing I’d check is the reverse proxy configuration.

What You should really be doing is to proxy the HTTPS to HTTP and then manage SSL through reverse proxy

My best guess in this case is that discourse is unable to generate SSL due to the complex setup and that’s why it is not available over HTTPS

3

The reverse proxy configuration is easy. I only set a source HTTP 80 and a destination HTTPS 80 and the same for HTTPS with port 443.

Source is always the domain name and destination is the internal IP.

OK can anyone confirm that this setup is not supported for SSL? Or do I miss something?

4

Wait, are You trying to serve HTTPS over port 80 or am I missing something?

5

No 80 to 80 and 443 to 443.

6

Do it this way:
80 to 80
443 to 80

And terminate SSL on your reverse proxy

7

Why? So Discourse is getting the port 80 and SSL won’t work or the certificate.

8

The only explanation I have for you sounds like this:

You’re using a complex setup.
I run my discourse behind an nginx reverse proxy
I followed a guide here on meta to configure my proxy
It said that you have to terminate ssl to rp and forward requests to Discourse over port 80 (or socket in my case)

What I know of the internet is that You can’t reverse proxy SSL certificates.

That’s the best I have for You, can’t help any more than that.

EDIT: this is the guide I’m talking about: Adding an offline page when rebuilding

1 Like
9

Ok thanks. I will try this tomorrow.

10

If you aren’t encapsulating https in docker there’s no need to expose 443 at all. Your proxy can forward that.

1 Like
11

I don’t get it.
I want that my site is available via HTTPS.
So I do the setup with SSL Let’s Encrypt.
But I get the warning that it is not reachable via port 443.

So I need a reverse proxy with 443 to 443.
Why should I don’t need 443?

12

Do your rules in AWS allow 443/HTTPS?

13

Where is AWS coming from?
His setup is a VM running on Synology NAS

14
15

So both topics are related?

16

Only that they’re failing to configure discourse in both places. Another unsupported-install anyhow

1 Like
17

No AWS. Local install!

18

No AWS and no VM running on Synology NAS.

I have a small server (no VM) running in my network.
My Synology NAS is only the main entry point from the router for the traffic 80 and 443 because I have hosted some Websites on my NAS.

But the Discourse setup is running on a local server (not virtual) with Ubuntu.
The reverse proxy is on my Synology NAS and should route the subdomain to the local server.

19

No they are different.
This topic is for the local server and the reverse proxy on my Synology NAS.
The other topic is for the AWS installation and already fixed.