I’ve got three Discourse forums on this server as well as numerous other sites (as per this howto) - any idea what the best way is for me to use lets encrypt for my discourse forums? (I’m assuming the guide in this thread won’t work?)
Should lovely Certbot from EFF help you?
I saw CertBot, got me wondering if the default method for Discourse should use it. I’m no expert on this though. Any experts like to comment?
This guide shows the complete automation method. ACME is well supported by Let’s Encrypt. You don’t need to worry about it at all. Implementation may come and go, all you need is using this template
@AstonJ are you running them as multi-site? If so, you might be able to still use this how-to, you just might have to alter the letsencrypt template to pass multiple domains.
If they are separate containers, you can simply use the template as is.
@AstonJ I would just do it manually using https://github.com/Neilpang/acme.sh or whichever client of your choice. I helped a friend yesterday and it took me about 10 mins to get it done.
@cpradio yep my instances are separate containers
With that in mind, do you still advise against using the template as per the first post @tgxworld?
That depends on your setup. If you have Apache/Nginx, always manage your certificate by yourself. So short answer is no. I have similar setup. Two container for production. One for a multi site. I uses the script and manage all those certificates.
I’ve got:
-------------> Sends request to a container if a discourse site/domain (all using separate containers)
HAProxy
-------------> Sends all other requests to Apache as usual
I recommend using Nginx Proxy together with the LetsEncrypt companion container for nginx-proxy. This setup allows me to run many containerized web apps at ports 80 or 443 as well as automatic certificate renewal.
Besides starting both containers the only configuration you need is to add 3 environment variables to a Docker container. Example for Discourse (in /var/discourse/containers/app.yml):
DISCOURSE_HOSTNAME: 'discourse.mydomain.tld'
VIRTUAL_HOST: 'discourse.mydomain.tld'
LETSENCRYPT_HOST: 'discourse.mydomain.tld'
LETSENCRYPT_EMAIL: 'your_mailbox@mydomain.tld'
Nginx Proxy needs the containers to expose their port to be proxied which you do like this in your app.yml:
expose:
- "80" # fwd host port 80 to container port 80 (http)
@fuerst - so, let me see if I got this correct.
- You have a data container for redis / pgsql
- You have a multisite web_only type container for your websites say abc.com, def.com and xyz.com with SSL and letsencrypt templates being used.
You then optionally have a VM which runs nginx_proxy and the letsencrypt companion container and these proxy to the web_only container?
I really don’t want to complicate my install so much. Would love to see a web_only multisite which supports letsencrypt for the domains. I’ll look at the templates / yml file … should not be rocket science as we do this day in and day out on nginx for php based apps, without docker.