Setting up HTTPS for Discourse hosted on DigitalOcean


(Donald) #1

I have a static website hosted on AWS S3 and Cloudfront with an SSL certificate provided by AWS Certificate Manager.

I’ve just set up a forum in a droplet on DigitalOcean at forum.mydomain.org.

Does anybody know how I can set this up so that the forum uses HTTPS too, preferably sharing the SSL certificate I have already set up for the static website?

I am quite new to all of this. Any help would be appreciated.

Thanks


(Jay Pfaffman) #2

The easiest way is to run disourse-setup again and enable let’s encrypt.


(Bhanu Sharma) #3

AFAIK the default Digitalocean image (ubuntu16+Discourse) enables letsencrypt … so maybe he already has ssl enabled … Just gotta check?


(Donald) #4

How recently did the default image enable letsencrypt? I created the forum droplet a few months ago. In any case, https://forum.mydomain.org is not working, only http://

If I create a brand new Digital Ocean Discourse app, will that work? And does that mean I’ll be using different certificates for the main site and the forum, and if so, are there any disadvantages to that?

Thanks again


(Bhanu Sharma) #5

as far as certificates are concerned, I don’t think it’ll create much of a difference, You’re on HTTPS and that works for all the good purposes. If You’re paranoid about the certificates, I’d suggest following the Guides available on forum to use custom certificate instead of the letsencrypt ones.

about the Digitalocean thing, Don’t go for a new one when You can enable ssl on your existing one.

as @pfaffman suggested, get into ssh, change directory to /var/discourse and re run

./discourse-setup

and remember to fill in the letsencrypt-email when asked for it. You’d be saving much hassle & time.


(Donald) #6

Sorry, how do I get the let’s encrypt account email? I can’t seem to find a place on their website to create an account.


(Felix Freiberger) #7

You create an account simply by entering your email address when prompted by discourse-setup :slight_smile:


(Donald) #8

Oops. I think I have screwed something up. I followed the instructions here: Certbot and got an account email. I then tried to re-run discourse setup but am now seeing:

root@forum:/var/discourse# ./discourse-setup
Port 80 appears to already be in use.

If you are trying to run Discourse simultaneously with another web
server like Apache or nginx, you will need to bind to a different port

See https://meta.discourse.org/t/17247

If you are reconfiguring an already-configured Discourse, use

./launcher stop app

to stop Discourse before you reconfigure it and try again.

When I do:

root@forum:/var/discourse# ./launcher stop app

I get:

+ /usr/bin/docker stop -t 10 app
app

Then when I do:

root@forum:/var/discourse# ./discourse-setup

It loops back to:

Port 80 appears to already be in use.

If you are trying to run Discourse simultaneously with another web
server like Apache or nginx, you will need to bind to a different port

See https://meta.discourse.org/t/17247

If you are reconfiguring an already-configured Discourse, use

./launcher stop app

Have I stuffed something up?


(Jay Pfaffman) #9

Is there a chance that you have apache it nginx running?

Google “what is using port Ubuntu” for a command to see what is using the port.


(Donald) #10

When I type:

lsof -i :80

I am seeing a lot of text output but nothing that mentions port 80, specifically, that I can see. Before I followed the instructions at Certbot I was able to run ./discourse-setup (and I got to the part where I had to enter the let’s encrypt email) which is when I stopped and did:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx

and then did:

$ sudo certbot --nginx

And then I went back to run discourse and encountered the problem.


(Bhanu Sharma) #11

You were not supposed to do this!

Simply run the discourse-setup and enter your regular email ID when asked for letsencrypt email that’s all.


(Donald) #12

I just went to visit forum.mydomain.com in my browser and am now seeing:

# Welcome to nginx!
If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to [nginx.org](http://nginx.org/).
Commercial support is available at [nginx.com](http://nginx.com/).

*Thank you for using nginx.*

So I’m guessing I did something stupid like installing a fresh web server over the top of my discourse forum?

In which case, I’m guessing the best thing to do would be to recreate my discourse droplet from an image?


(Bhanu Sharma) #13

Congratulations, You’ve managed to install the nginx server outside of your docker image as well!

it is a good time to set up an offline page if You’re an advanced user! :wink:


(Donald) #14

Definitely not an advanced user :rofl: so I’m going to recreate my forum from a recent droplet snapshot.


(Bhanu Sharma) #15

Well, Go ahead :+1: All the best


(Jay Pfaffman) #16

All you needed to do was to run disourse-setup and enter your email address (even a bogus one if you don’t want to get a warning if your certificate is about to expire).


(Donald) #17

Got it working! Thanks everybody for your help :smile:


(Bhanu Sharma) #18

congratulations!

All the best deploying your forum :wink: