If you want to run other websites on the same machine as Discourse, you need to set up an extra NGINX or HAProxy proxy in front of the Docker container.
NOTE: This is for advanced admins
This guide assumes you already have Discourse working - if you don’t, it may be hard to tell whether or not the configuration is working.
You cannot use ./discourse-setup
to set up Discourse if another server is using port 80 or 443. You will need to copy and edit samples/standalone.yml
with your favorite text editor.
Install nginx outside the container
First, make sure the container is not running:
cd /var/discourse
./launcher stop app
Then install nginx:
sudo apt-get update && sudo apt-get install nginx
Change the container definition
This is where we change how Discourse actually gets set up. We don’t want the container listening on ports - instead, we’ll tell it to listen on a special file.
Change your /var/discourse/containers/app.yml
to look like this:
# base templates used; can cut down to include less functionality per container templates:
# - "templates/cron.template.yml" # cron is now included in base image
- "templates/postgres.template.yml"
- "templates/redis.template.yml"
- "templates/sshd.template.yml"
- "templates/web.template.yml"
# - "templates/web.ssl.template.yml" # remove - https will be handled by outer nginx
- "templates/web.ratelimited.template.yml"
- "templates/web.socketed.template.yml" # <-- Added
Be sure to remove or comment out the exposed ports by putting a #
in front.
# which ports to expose?
# expose: comment out entire section by putting a # in front of each line
# - "80:80" # http
# - "443:443" # https
If you are using some other reverse proxy that cannot use a web socket, you can instead expose a different port in the section above like - 8080:80
.
Create an NGINX ‘site’ for the outer nginx
For an HTTPS site, put this in /etc/nginx/sites-enabled/discourse.conf
, making sure to change the server_name
:
server {
listen 80; listen [::]:80;
server_name forum.example.com; # <-- change this
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2; listen [::]:443 ssl http2;
server_name forum.example.com; # <-- change this
ssl_certificate /var/discourse/shared/standalone/ssl/ssl.crt;
ssl_certificate_key /var/discourse/shared/standalone/ssl/ssl.key;
ssl_dhparam /var/discourse/shared/standalone/ssl/dhparams.pem;
ssl_session_tickets off;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
http2_idle_timeout 5m; # up from 3m default
location / {
proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
}
}
For an HTTP-only site (not recommended, but left here for historical purposes):
server {
listen 80; listen [::]:80;
server_name forum.example.com; # <-- change this
location / {
proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
}
Make sure that the default site is either disabled or has the correct server_name
set.
Then, in a shell:
# Make sure that Discourse isn't running
/var/discourse/launcher stop app || true
# test configuration
sudo nginx -t
# Important: If nginx -t comes back with an error, correct the config before reloading!
sudo service nginx reload
# Rebuild the container to apply changes
/var/discourse/launcher rebuild app
Create your other sites
You’re done with the Discourse section!
Make other NGINX “sites”, then link and enable them, as in the last step above.
Tips
-
sudo netstat -tulpn
: This will tell you what ports are being used -
/var/log/nginx/error.log
: Is the location of the nginx log on ubuntu. This will tell you what the error is when you get a 502 Bad Gateway error.