@pfaffman edited this heavily 2022.02.24. Blame me if it’s broken.
If you want to run other websites on the same machine as Discourse, you need to set up an extra NGINX or HAProxy proxy in front of the Docker container.
NOTE: This is for advanced admins
This guide assumes you already have Discourse working - if you don’t, it may be hard to tell whether or not the configuration is working.
You cannot use ./discourse-setup to set up Discourse if another server is using port 80 or 443. You will need to copy and edit samples/standalone.yml with your favorite text editor.
Install nginx outside the container
First, make sure the container is not running:
cd /var/discourse
./launcher stop app
Then install nginx and certbot:
sudo apt-get update && sudo apt-get install nginx certbot python3-certbot-nginx
Change the container definition
This is where we change how Discourse actually gets set up. We don’t want the container listening on ports - instead, we’ll tell it to listen on a special file.
You need to edit /var/discourse/containers/app.yml to disable ssl and add template to create nginx sock. It should look like this:
# base templates used; can cut down to include less functionality per container templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  # - "templates/web.ssl.template.yml" # remove - https will be handled by outer nginx
  # - "templates/web.letsencrypt.ssl.template.yml" # remove -- https will be handled by outer nginx
  - "templates/web.ratelimited.template.yml"
  - "templates/web.socketed.template.yml"  # <-- Added
Be sure to remove or comment out the exposed ports by putting a # in front.
# which ports to expose?
# expose: comment out entire section by putting a # in front of each line
# - "80:80"   # http
# - "443:443" # https
Now you can
/var/discourse/launcher rebuild app
to rebuild Discourse to make its data available to the socket.
If you are using some other reverse proxy that cannot use a web socket, you can instead expose a different port in the section above like - 8080:80.
Create an NGINX ‘site’ for the outer nginx
Create a site file for Discourse:
cd /etc/nginx/sites-available
cp default discourse.example.com
cd ../sites-enabled
ln -s ../sites-available/discourse.example.com
Next edit that file by commenting out these lines:
        #listen 80 default_server;
        #listen [::]:80 default_server;
and editing the server_name and location stanza like this:
    server_name discourse.example.com;  # <-- change this
location / {
                proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
                proxy_set_header Host $http_host;
                proxy_http_version 1.1;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Real-IP $remote_addr;
}
If you’re using a two-container installation the socket line will be:
                proxy_pass http://unix:/var/discourse/shared/web_only/nginx.http.sock:;
Then, in a shell:
certbot --nginx
And follow the instructions. If you don’t understand the prompts, you probably shouldn’t be doing this, but can check the certbot docs for help.
@pfaffman thinks that certbot will do this for you, but if you make changes to the nginx config you will need to
sudo service nginx reload
Create your other sites
You’re done with the Discourse section!
Make other NGINX “sites”, then link and enable them, as in the last step above.
Tips
- sudo netstat -tulpn: This will tell you what ports are being used
- /var/log/nginx/error.log: Is the location of the nginx log on ubuntu. This will tell you what the error is when you get a 502 Bad Gateway error.