Setting up Let's Encrypt for multisite


(AstonJ) #1

I’ve got three Discourse forums on this server as well as numerous other sites (as per this howto) - any idea what the best way is for me to use lets encrypt for my discourse forums? (I’m assuming the guide in this thread won’t work?)


Setting up Let's Encrypt
(Erick Guan) #2

Should lovely Certbot from EFF help you?


(Dave Higgins) #3

I saw CertBot, got me wondering if the default method for Discourse should use it. I’m no expert on this though. Any experts like to comment?


(Erick Guan) #4

This guide shows the complete automation method. ACME is well supported by Let’s Encrypt. You don’t need to worry about it at all. Implementation may come and go, all you need is using this template


(cpradio) #5

@AstonJ are you running them as multi-site? If so, you might be able to still use this how-to, you just might have to alter the letsencrypt template to pass multiple domains.

If they are separate containers, you can simply use the template as is.


(Alan Tan) #6

@AstonJ I would just do it manually using GitHub - Neilpang/acme.sh: A pure Unix shell script implementing ACME client protocol or whichever client of your choice. I helped a friend yesterday and it took me about 10 mins to get it done.


(AstonJ) #7

@cpradio yep my instances are separate containers :slight_smile:

With that in mind, do you still advise against using the template as per the first post @tgxworld?


(Erick Guan) #8

That depends on your setup. If you have Apache/Nginx, always manage your certificate by yourself. So short answer is no. I have similar setup. Two container for production. One for a multi site. I uses the script and manage all those certificates.


(AstonJ) #9

I’ve got:

-------------> Sends request to a container if a discourse site/domain (all using separate containers)
HAProxy
-------------> Sends all other requests to Apache as usual


(Bernhard Fürst) #10

I recommend using Nginx Proxy together with the LetsEncrypt companion container for nginx-proxy. This setup allows me to run many containerized web apps at ports 80 or 443 as well as automatic certificate renewal.

Besides starting both containers the only configuration you need is to add 3 environment variables to a Docker container. Example for Discourse (in /var/discourse/containers/app.yml):

  DISCOURSE_HOSTNAME: 'discourse.mydomain.tld'
  VIRTUAL_HOST: 'discourse.mydomain.tld'
  LETSENCRYPT_HOST: 'discourse.mydomain.tld'
  LETSENCRYPT_EMAIL: 'your_mailbox@mydomain.tld'

Nginx Proxy needs the containers to expose their port to be proxied which you do like this in your app.yml:

expose:
  - "80"   # fwd host port 80   to container port 80 (http)

Using Letsencrypt SSL in multi-site setup
(Shri) #11

@fuerst - so, let me see if I got this correct.

  • You have a data container for redis / pgsql
  • You have a multisite web_only type container for your websites say abc.com, def.com and xyz.com with SSL and letsencrypt templates being used.

You then optionally have a VM which runs nginx_proxy and the letsencrypt companion container and these proxy to the web_only container?

I really don’t want to complicate my install so much. Would love to see a web_only multisite which supports letsencrypt for the domains. I’ll look at the templates / yml file … should not be rocket science as we do this day in and day out on nginx for php based apps, without docker.


Using Letsencrypt SSL in multi-site setup