Running other websites on the same machine as Discourse


(Kane York) #1

If you want to run other websites on the same machine as Discourse, you need to set up an extra NGINX or HAProxy proxy in front of the Docker container.

If you have not already, please read the Advanced Troubleshooting with Docker guide, as it covers the basics on the separation between host and container.

This guide assumes you already have Discourse working - if you don’t, it may be hard to tell whether or not the configuration is working.

Install nginx outside the container

First, make sure the container is not running:

cd /var/discourse
./launcher stop app

Then install nginx from its PPA (Ubuntu ships by default a very old version, 1.4.0):

sudo add-apt-repository ppa:nginx/stable -y
sudo apt-get update && sudo apt-get install nginx

Change the container definition

This is where we change how Discourse actually gets set up. We don’t want the container listening on ports - instead, we’ll tell it to listen on a special file.

Change your /var/discourse/containers/app.yml to look like this:

# base templates used; can cut down to include less functionality per container templates:
  - "templates/cron.template.yml"
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/sshd.template.yml"
  - "templates/web.template.yml"
  # - "templates/web.ssl.template.yml" # remove - https will be handled by outer nginx
  - "templates/web.ratelimited.template.yml"
  - "templates/web.socketed.template.yml"  # <-- Added
# which ports to expose?
# expose: comment out entire section

Be sure to remove the next line containing

- "80:80" # fwd host port 80 to container port 80 (http)

Create an NGINX ‘site’ for the outer nginx

For an HTTPS site, put this in /etc/nginx/sites-enabled/discourse.conf, making sure to change the server_name:

server {
    listen 80; listen [::]:80;
    server_name forum.example.com;  # <-- change this

    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;  listen [::]:443 ssl http2;
    server_name forum.example.com;  # <-- change this

    ssl on;
    ssl_certificate      /var/discourse/shared/standalone/ssl/ssl.crt;
    ssl_certificate_key  /var/discourse/shared/standalone/ssl/ssl.key;
    ssl_dhparam          /var/discourse/shared/standalone/ssl/dhparams.pem;
    ssl_session_tickets off;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;

    http2_idle_timeout 5m; # up from 3m default

    location / {
        proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
        proxy_set_header Host $http_host;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

For an HTTP-only site:

server {
	listen 80; listen [::]:80;
	server_name forum.example.com;  # <-- change this

	location / {
		proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
		proxy_set_header Host $http_host;
		proxy_http_version 1.1;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Real-IP $remote_addr;
	}
}

Make sure that the default site is either disabled or has the correct server_name set.

Then, in a shell:

# Make sure that Discourse isn't running
/var/discourse/launcher stop app || true

# test configuration
sudo nginx -t
# Important: If nginx -t comes back with an error, correct the config before reloading!
sudo service nginx reload

# Rebuild the container to apply changes
/var/discourse/launcher rebuild app

Create your other sites

You’re done with the Discourse section!

Make other NGINX “sites”, then link and enable them, as in the last step above.


Port already in use, what to do?
Run Discourse with or alongside existing Apache sites?
Best way to install Discourse on my server?
Multisite configuration with Docker
How can I create a seperate home page along with discourse as my main website?
Installing Discourse Under Nginx
Can't make Discourse accessible through Apache
Take down site during maintenance
Error: listen tcp 0.0.0.0:80: bind: address already in use
[Solved] Help setting other websites on the same DigitalOcean droplet
Nginx configuration for discourse
All of my internal users show as coming from 127.0.0.1!
A better "site not available" page
Wordpress and Discourse in a single droplet
Faster rebuilds?
Container rebuild is failing with permission error
Preview pane uses local docker container IP address
Unable to get nginx to work together
Discourse with Nginx proxy | error
I need help with my nginx settings for multiple sites
Discourse doesn't deliver webpages, fresh install on Linode Ubuntu 14.04
Using Discourse With Other Sites on Same Droplet
Using Multiple Websites with Nginx + Discourse
Discourse + Nginx reverse Proxy
429 too many connections issue with NGINX in front of NGINX
IP adress for two web servers
Problems rebooting due to Nginx taking port 80
Custom Intro page for discourse
Setting up nginx for use with Discourse
Installing docker on an already running web server?
Which performance is better if discourse or phpbb hosts on a same vps?
403 forbidden after installation
Launcher rebuild app failing: repository name must be lowercase [SOLVED]
Disable direct access with port (nginx)
Using nginx alongside the Docker install
Nginx + discourse
NGINX proxy in front of the Docker container.errors
Discourse and Apache using same ports
Adding an offline page when rebuilding
Cannot start container -- Port 80 already in use
Rate Limiting when behind Nginx Proxy
Nginx configuration for discourse
Nginx configuration for discourse
Discourse not working through separate nginx docker
NGINX proxy in front of the Docker container.errors
Discourse must be the only software on the server?
Regenerating LetsEncrypt keys from behind nginx
Generals Subfolder recommendations and tips
Run other php script
Can't relay Discourse traffic for website with nginx and vestacp
Multisite configuration with Docker
Installation on v-server as a subfolder with other services in subfolders using apache
Multiple Standalone containers instead of multisite?
How should I enable letsencrypt while discourse is beside other websites
How to Docker+Discourse and Apache too?
Help understanding the structure of using discourse + static website
Installation on v-server as a subfolder with other services in subfolders using apache
Can't log in on Android Chrome
Discourse with PHP main page
Installation on v-server as a subfolder with other services in subfolders using apache
Installed OK. Working fine for one day. Suddenly stopped working
Docker0 Missing (OpenVZ)
Using the docker container ./launcher script how would I rebuild the web_only container before taking the old one offline?
Moved from PluXml and phpBB to Wordpress and Discourse, my all-new experience :tada:
Discourse not showing up at specified hostname
Success - New Multisite Install on Dedicated server using ServerPilot, Nginx and Apache
Error in installing
Fix for "Logjam" vulnerability is deployed; requires rebuild
Sandbox and test discourse on host?
[Solved] Dev instance with nginx: topic preview not working
Oauth2 redirect_uri uses HTTP when my forum is using HTTPS
Installation on Ubuntu 14.04 LTS + Apache 2 + Plesk 12
Changing Max Attachment Size
Webhooks/Sidekiq issue on dev instance
Discouse passes localhost uri as oauth redirect_uri
Wordpress and discourse on the same server
How to install wordpress & discourse on the same server?
Hosting wordpress, discourse, and a php app on the same server
What is the recommended practice for WordPress and Discourse on the same server?
Discourse socketed: Nginx in front of discourse: no IP adresses
Redirecting old forum URLs to new Discourse URLs
Broken images inside posts
Blank pages, 500 errors and no logs
Nginx + discourse
Discourse with zpanel
Backup uploads terribly slow
How to install wordpress in the Secondary directory?
How should I enable letsencrypt while discourse is beside other websites
Deploying discourse on server already running another rails app
I got a problem when starting ./launcher start app
I got a problem when starting ./launcher start app
Apache webserver already running
How to upload files in root directory?
Installation Help required
Running Discourse out of a folder, on a server running Wordpress with Apache, with SSL support
WordPress, Discourse and Local SMTP Server
Default app.yml file anywhere?
SSL received a record that exceeded the maximum permissible length
Remote users IPV6 address shows as localhost
502 Bad gateway error after switching to SSL
Wrong sending domain used
Wrong sending domain used
Wordpress integration with mini forums
Discourse + VestaCP
How can one install a panel with discourse?
Configuring Website with Discourse and Wordpress?!
Bad gateway when trying to use SSL
I have a VPS and it nginx installed and now i want install discourse in subdomain how i can do that
Adding an offline page when rebuilding
Accessing to the database from outside the container
Site doesn't launch after bringing back nginx reverse proxy
Verification link not working
How to change the port from docker - help
How to get into nginx for a digitalocean 1-click setup?
Installation problem with Discourse
Docker upgrade prevents access to Discourse on Digital Ocean
Discourse stopped working after installing Plesk
Problem with discourse in a subfolder
Discourse blocking with password reset
Not able to send email Net::ReadTimeout
Adding an offline page when rebuilding
Twitter Login Redirect Is Incorrect And Uses Port
Twitter Login Redirect Is Incorrect And Uses Port
Twitter Login Redirect Is Incorrect And Uses Port
SSL with Apache reverse proxy and docker container
Installing wp in sub folder (https-docker-setup)
Installing wp in sub folder (https-docker-setup)
Unable to start docker service (latest step)
Difference between socket- and port-based connection to outer NGINX?
Problem installing, with nginx
Nginx configuration for discourse
Advanced Troubleshooting with Docker
Can I install Discourse on existing server that uses Nginx?
Custom Layouts Plugin
Setting up HTTPS support with Let's Encrypt
Setting up HTTPS support with Let's Encrypt
Setting up Discourse on a VPS with other sites
Setting up Discourse on a VPS with other sites
How to move my Discourse instance LOCALLY? Or at least the big files?
Put forum under sub-domain and have website
Discourse + Docker on existing VM with PHP site
Port already in use, what to do?
Can Discourse ship frequent Docker images that do not need to be bootstrapped?
Can Discourse ship frequent Docker images that do not need to be bootstrapped?
All avatar uploads are broken
Discourse with ec2 doubt
Embedding comments via JS not working
Starting a second Discourse forum on the same VPS
ERR_TOO_MANY_REDIRECTS After Rebuild
IP Spoofing Attack
Discourse with apache port problem
Discourse, Docker, Container question
Domain names pointing with shared AWS instance
Domain names pointing with shared AWS instance
Site & SSH inaccessible after Discourse installation
Moving to subdomain
Install on vps problem?
Serving public files
E-mail didn't delivered in the easyengine(nginx) proxy mandrill environment
Unsure About How to Start a Website Project
Wordpress + Discourse using Digital Ocean and Serverpilot
Where to put custom content?
Add subdomain exception to nginx to host another site on same host
Error while doing discourse setup
ERR_SSL_PROTOCOL_ERROR with Letsencrypt
Discourse and Wordpress help
Error install. Help please!
How do I do what I did in htaccess in nginx?
How do I do what I did in htaccess in nginx?
Advice on integrating into a Docker-Compose setup?
How to install discourse on hosting?
URLs for avatars & emoticons adding :80 to the end of the domain
CDN causes white screen
Install discourse alongside WordPress in a dedicated server
How do I install multiple discourse forums on a root server?
(Angus McLeod) #182

The guide in the first post is great and, on the whole, still works just fine :sunny:

There are three things worth noting:

  1. I initially missed some of the app.yml changes. There are 3 things you need to change in your app.yml. If you miss any of these things it won’t work:

    1. Comment out all ssl templates in the templates. If you are using letsencrypt you will have two:
      # - "templates/web.ssl.template.yml"
      # - "templates/web.letsencrypt.ssl.template.yml"
      
    2. Add a socket template:
      - "templates/web.socketed.template.yml" 
      
    3. Comment out all exposed ports:
      # - "80:80"   # http
      # - "443:443" # https
      
  2. As others mentioned, I had to change the ssl cert and key names in the discourse.conf:

    ssl_certificate      /var/discourse/shared/standalone/ssl/discourse.angusmcleod.com.au.cer;
    ssl_certificate_key  /var/discourse/shared/standalone/ssl/discourse.angusmcleod.com.au.key;
    
  3. Turns out my site didn’t have a dhparams.pem key (dh stands for Diffie Hellman, there’s some good explanations of what this is here). You can generate this yourself:

    openssl dhparam -out /var/discourse/shared/standalone/ssl/dhparams.pem 2048
    

Some other things you may find useful:

  • sudo netstat -tulpn: This will tell you what ports are being used

  • /var/log/nginx/error.log: Is the location of the nginx log on ubuntu. This will tell you what the error is when you get a 502 Bad Gateway error.

  • You may finish a ./launcher rebuild app, excitedly go to your domain to see if it worked and be greeted with a depressing 502 Bad Gateway error. Before giving up in frustration, try restarting nginx one more time:

    sudo service nginx restart

    This clinched it for me.

Now my sandbox is using nginx outside the container (although I haven’t added the extra website yet).


(Coin-coin le Canapin) #220

Hi, I’m a bit puzzled.
I have a server with several web applications (Wordpress).

When I try to Install Discourse, I got this message:
root@canapin:/var/discourse# ./discourse-setup
Port 80 appears to already be in use.

This will show you what command is using port 80
COMMAND   PID  USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
nginx   16526  root   26u  IPv4 2931156      0t0  TCP canapin.com:http (LISTEN)
nginx   17035 nginx   26u  IPv4 2931156      0t0  TCP canapin.com:http (LISTEN)

If you are trying to run Discourse simultaneously with another web
server like Apache or nginx, you will need to bind to a different port

See https://meta.discourse.org/t/17247

This topic and several others I read ask to edit containers/app.yml as a first step, but I have no such a file in my containers directory.
image
What am I supposed to do?


Install Discourse on CentOS alongside installed Apache with DirectAdmin
Docker and Engintron issue
(Bhanu Sharma) #221

If I’m not mistaken your app.yml is generated after you have successfully bootstrapped.

You may have to stop your running webserver (apache/nginx/whatever) until discourse is installed and you have modified app.yml to use either an alternative port or an alternative method e.g. sockets to make your forum run behind a proxy i.e. your webserver.


(Kane York) #222

The app.yml is generated during discourse-setup - you can bootstrap/rebuild separately by following the old Docker install instructions.


(Coin-coin le Canapin) #223

From the official installation guide, on the /discourse-setup part:

This will generate an app.yml configuration file on your behalf, and then kicks off bootstrap.

And I can’t go past the ./discourse-setup part since the installation stops because of the port thing.

I’ll try to stop my webserver as you suggest.


(Bhanu Sharma) #224

Just stop the webserver beforehand and complete the ./discourse-setup script. You’ll have an app.yml file in the containers folder when the script completes successfully.


(Coin-coin le Canapin) #225

Yes I stopped apache and nginx and the install is working, thanks guys. :slight_smile:


(Coin-coin le Canapin) #226

Well I then followed the steps on this thread and:
from /var/discourse/containers/app.yml,
- "templates/cron.template.yml" > I didn’t have this line and I didn’t add it since this guide doesn’t tell to add it.

Then the guide tells:

# expose: comment out entire section

And then

Be sure to remove the next line containing

- "80:80" # fwd host port 80 to container port 80 (http)

So, should I remove nor comment this line since it is from the # expose section? I commented it by the way.

For an HTTPS site, make /etc/nginx/sites-enabled/discourse.conf look like this:

I didn’t have such a file and I created it. Is the file supposed to be already here after installing Discourse, or is it normal that I had to create it?

Then I followed the remaining steps and I didn’t forget to restart nginx, but my Discourse installation doesn’t show up (I created my subdomain from Plesk):

Finally, I see that this guide mention:

This guide assumes you already have Discourse working

But what if we don’t have Discourse working, especially because we already have other web apps running? Is there another guide intended for this configuration?


(Bhanu Sharma) #227

Try searching for “offline page while rebuilding” guide here on meta and observe it’s nginx configuration.


(Coin-coin le Canapin) #228

Thank you. I don’t have any error message of any kind, my subdomain just shows up the default home page for any new subdomain created from plesk.


(Bhanu Sharma) #229

That is because it can’t reach discourse which is trapped inside docker until you show it the way to interact with outside world.


(Coin-coin le Canapin) #231

Hi, I started back from the beginning and I have Discourse working now :slight_smile:; I just need to read and apply this guide again, but still, I have quick questions before doing so. I don’t want to mess up.
I don’t have the /etc/nginx/sites-enabled/discourse.conf file. Is it supposed to be that way and do I have to create it?
Also the -templates/cron.template.yml" line in app.yml file which I don’t know if I have to add it or not since it’s not present in my own config file.


(Bhanu Sharma) #232

Yes

If it’s not there and you don’t know the use of it then don’t bother about it.


(Coin-coin le Canapin) #233

Thank you again for your reply.

From what I see, the /sites-enabled/ directory is not included in my nginx.conf. However, this file contains :

include /etc/nginx/conf.d/*.conf;

So I created a discourse.conf file in this /conf.d/ directory. My discourse.conf contains among other lines these copy-pasted from the guide:

    ssl_certificate      /var/discourse/shared/standalone/ssl/ssl.crt;
    ssl_certificate_key  /var/discourse/shared/standalone/ssl/ssl.key;
    ssl_dhparam          /var/discourse/shared/standalone/ssl/dhparams.pem;

nginx tells me that these files don’t exist.
I replaced ssl.crt by forum.canapin.com.cer and ssl.key by forum.canapin.com.key as I these ones exist. But I can’t find any dhparams.pem.

Any idea?


(Bhanu Sharma) #234

If you’ve installed letsencrypt certificate then dhparams.pem should be generated in your working directory /etc/letsencrypt you can copy it from there.


(Coin-coin le Canapin) #235

Thank you, I’ve been able to get this file.

I think I’m very close to having Discourse working :slight_smile: I had no error message whatsoever which is a new thing compared to my previous config attempts and I’ve been able to start the app after making all this configuration.

However, forum.canapin.com still shows the default page generated by Plesk.

So I guess I’m missing a little something somewhere…


(Bhanu Sharma) #236

Hmm … That sums it down. You may have to stop nginx from proxying requests for forum.canapin.com to apache2 and rather proxy them to the socket instead.

I’d hint on modifying the default nginx config (the other config in the conf.d folder) to be domain agnostic and specifically not handle requests for forum.canapin.com subdomain.


(Coin-coin le Canapin) #237

Hi,

I thought that’s what the checkbox unchecked would do since it mentions “turn off to stop using Apache”.
The only other files that I have in my conf.d folder are ssl.conf and zz010_psa_nginx.conf, the latter containing:

#ATTENTION!
#
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,
#SO ALL YOUR CHANGES WILL BE LOST THE NEXT TIME THE FILE IS GENERATED.
include /etc/nginx/plesk.conf.d/server.conf;
include /etc/nginx/plesk.conf.d/webmails/*.conf;
include /etc/nginx/plesk.conf.d/vhosts/*.conf;
include /etc/nginx/plesk.conf.d/forwarding/*.conf;
include /etc/nginx/plesk.conf.d/wildcards/*.conf;

(Bhanu Sharma) #238

I’m not a plesk user so I don’t know much details about how it handles request but if nginx is responsible for everything after that checkbox is unchecked then it should definitely read the discourse.conf but looks like it’s not reading that.

I’ve gone through your configurations and both look okay so I don’t have much to say. I’d like to know if you have some way to alter configurations inside of your plesk panel. if so, try to edit the configuration from there.