Back again and as always, apologies for my noob devops questions, but here it goes …
I’m trying to setup https for a docker instance of Discourse that’s deployed on AWS. I’m able to successfully run Discourse on AWS using the following setup:
- EC2 t2.medium instance (attached to an elastic IP address)
- RDS postgres db.t2.small (SSD / 100GB)
- ElastiCache Redis server cache.m3.medium (2 clusters)
- SES
- appropriate VPC and Security Groups setup for SSH, HTTP, HTTPS, Postgres (5432), and Redis (6379)
I recently tried to setup HTTPS for the Discourse server and have ran into a few issues, hoping someone has either seen before or I can get help resolving:
I have my key and certs and following AWS’ tutorial, I created an Elastic Load Balancer (to include HTTPS setup), where I uploaded the certs. Some things to note:
- I had to setup the Health Check to TCP:80/ because the root URL redirects to /login if not logged in (this is just a note for others trying to do this).
Discourse docker app doesn’t support listening (at least for ELB) on HTTPS (443).
- I setup two Listeners: (Load Balancer Protocol > Instance Protocol)
- HTTP (80) > HTTP (80)
- HTTPS (443) > HTTPS (443) >> which includes referencing the SSL cert and cipher
NOTE: This does NOT work. I have to change the second Listener to HTTPS (443) > HTTP (80) even though I’ve gone into the EC2 server (cd /var/docker/containers sudo nano app.yml) and added in the “443:443” to the expose: section.
Rebuilding the app (sudo ./launcher rebuild app) breaks ELB, causing:
- the Health Check to fail and returns a 503 Service Unavailable (Back-end server is at capacity)
- to resolve, requires the EC2 instance to be removed from the Load Balancer, EC2 instance reboot and reattach the instance to the ELB
I found a thread regarding the 503 error, not sure if it’s 100% the same, but may be helpful for troubleshooting, but this is out of my realm of expertise. >> https://forums.aws.amazon.com/thread.jspa?messageID=542790
I started to follow @sam’s SSL + Docker setup (Advanced Setup Only: Allowing SSL / HTTPS for your Discourse Docker setup), but I may be missing something because I can’t find the folder
/var/discourse/shared/standalone/ssl/
instead when I cd / ls through the directory, I get
/var/discourse/shared/web-only/
with no path to an ssl folder within web-only (the folders available are: backups, log, state, uploads), which is when I stopped and decided to start this thread.
With all this said …
If I have everything configured as noted above in AWS, the outstanding issues that still remain are:
- the Discourse server doesn’t let the ELB listen on HTTPS (443) even if you set “443:443” in app.yml
- I don’t have a good resolution on how to perform updates that don’t break the ELB, forcing me to detach, reboot, and reattach the EC2 instance
- I can’t get HTTP to redirect to HTTPS (am I missing something here?)
I know there’s the setting in Security (below) that sets Discourse.base_url, but that doesn’t seem to change any actions regarding a redirect from HTTP to HTTPS
Any help on this would be awesome. I feel like I’ve gotten 90% of the way there, just need help identifying how to resolve these last couple of issues