If you want to run other websites on the same machine as Discourse, you need to set up an extra NGINX or HAProxy proxy in front of the Docker container.
If you have not already, please read the Advanced Troubleshooting with Docker guide, as it covers the basics on the separation between host and container.
This guide assumes you already have Discourse working - if you don’t, it may be hard to tell whether or not the configuration is working.
Install nginx outside the container
First, make sure the container is not running:
cd /var/discourse
./launcher stop app
Then install nginx from its PPA (Ubuntu ships by default a very old version, 1.4.0):
sudo add-apt-repository ppa:nginx/stable -y
sudo apt-get update && sudo apt-get install nginx
Change the container definition
This is where we change how Discourse actually gets set up. We don’t want the container listening on ports - instead, we’ll tell it to listen on a special file.
Change your /var/discourse/containers/app.yml
to look like this:
# base templates used; can cut down to include less functionality per container templates:
- "templates/cron.template.yml"
- "templates/postgres.template.yml"
- "templates/redis.template.yml"
- "templates/sshd.template.yml"
- "templates/web.template.yml"
# - "templates/web.ssl.template.yml" # remove - https will be handled by outer nginx
- "templates/web.ratelimited.template.yml"
- "templates/web.socketed.template.yml" # <-- Added
# which ports to expose?
# expose: comment out entire section
Be sure to remove the next line containing
- "80:80" # fwd host port 80 to container port 80 (http)
Create an NGINX ‘site’ for the outer nginx
For an HTTPS site, put this in /etc/nginx/sites-enabled/discourse.conf
, making sure to change the server_name
:
server {
listen 80; listen [::]:80;
server_name forum.example.com; # <-- change this
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2; listen [::]:443 ssl http2;
server_name forum.example.com; # <-- change this
ssl on;
ssl_certificate /var/discourse/shared/standalone/ssl/ssl.crt;
ssl_certificate_key /var/discourse/shared/standalone/ssl/ssl.key;
ssl_dhparam /var/discourse/shared/standalone/ssl/dhparams.pem;
ssl_session_tickets off;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
http2_idle_timeout 5m; # up from 3m default
location / {
proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
}
}
For an HTTP-only site:
server {
listen 80; listen [::]:80;
server_name forum.example.com; # <-- change this
location / {
proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
}
}
Make sure that the default site is either disabled or has the correct server_name
set.
Then, in a shell:
# Make sure that Discourse isn't running
/var/discourse/launcher stop app || true
# test configuration
sudo nginx -t
# Important: If nginx -t comes back with an error, correct the config before reloading!
sudo service nginx reload
# Rebuild the container to apply changes
/var/discourse/launcher rebuild app
Create your other sites
You’re done with the Discourse section!
Make other NGINX “sites”, then link and enable them, as in the last step above.