That’s right. If you don’t switch to alastaircoote’s image your existing certificates don’t get updates as well as new virtual hosts (in context of nginx-proxy) do not get certificates at all.
For the record: the changes have been merged and the two maintainers recommend to use the
Hi Guo, any update on this?
@rriemann is this still working? I tried but it was not working due to some errors.
@tgxworld is there a timeline for this to be supported officially?
Yes, it is working. Have you tried to follow our guide?
After multiple trials & errors, I finally managed to get it working thanks to @rriemann’s post. Turned out previous errors were all due to personal mistakes. I can confirm that the steps & commands listed in the post still working today. Thank you!
Hi rriemann, I’m trying to follow your guide but I’m new into discourse/docker/server configurations and couldn’t make it work.
Could you show your multisite app.yml configuration file?
I think mine is wrong:
(could access http://en.ancap.ch - which is a brand new discourse setup - but not https://br.ancap.ch - which is a ssl+let’s encrypt discourse setup - but after that failure I returned to my old single website https://br.ancap.ch)
templates: - "templates/postgres.template.yml" - "templates/redis.template.yml" - "templates/web.template.yml" - "templates/web.ratelimited.template.yml" ## Uncomment these two lines if you wish to add Lets Encrypt (https) ## - "templates/web.ssl.template.yml" - "templates/web.letsencrypt.ssl.template.yml" # tried to remove, also sisn't work expose: - "80" # http params: db_default_text_search_config: "pg_catalog.english" db_shared_buffers: "128MB" env: LANG: en_US.UTF-8 UNICORN_WORKERS: 2 DISCOURSE_HOSTNAME: br.ancap.ch VIRTUAL_HOST: 'br.ancap.ch,en.ancap.ch' LETSENCRYPT_HOST: 'br.ancap.ch,en.ancap.ch' LETSENCRYPT_EMAIL: 'email@example.com' LETSENCRYPT_ACCOUNT_EMAIL: 'firstname.lastname@example.org' DISCOURSE_DEVELOPER_EMAILS: 'email@example.com' ## DISCOURSE_SMTP_ADDRESS: xxxxxxxxxx DISCOURSE_SMTP_PORT: xxxx DISCOURSE_SMTP_USER_NAME: xxxxxxxxxxxxxxx DISCOURSE_SMTP_PASSWORD: xxxxxxxxxxxxxxx volumes: - volume: host: /var/discourse/shared/standalone guest: /shared - volume: host: /var/discourse/shared/standalone/log/var-log guest: /var/log hooks: after_postgres: - exec: sudo -u postgres createdb en_discourse || exit 0 - exec: stdin: | grant all privileges on database en_discourse to discourse; cmd: sudo -u postgres psql en_discourse raise_on_fail: false - exec: /bin/bash -c 'sudo -u postgres psql en_discourse <<< "alter schema public owner to discourse;"' - exec: /bin/bash -c 'sudo -u postgres psql en_discourse <<< "create extension if not exists hstore;"' - exec: /bin/bash -c 'sudo -u postgres psql en_discourse <<< "create extension if not exists pg_trgm;"' after_code: - exec: cd: $home/plugins cmd: - mkdir -p plugins - git clone https://github.com/discourse/docker_manager.git before_bundle_exec: - file: path: $home/config/multisite.yml contents: | secondsite: adapter: postgresql database: en_discourse pool: 25 timeout: 5000 db_id: 2 host_names: - en.ancap.ch after_bundle_exec: - exec: cd /var/www/discourse && sudo -E -u discourse bundle exec rake multisite:migrate run: - exec: echo "Beginning of custom commands" - exec: echo "End of custom commands"
I’ve read that letsencrypt should be setup at the host instead of my discourse docker. So i must remove everything related to ssl/letsencrypt in br.ancap.ch before following your guide?
Also, when I tried to access en.ancap.ch, only http worked (not https), would you know why?
Thanks in advance.
There are the important lines from my app.yml file:
templates: - "templates/postgres.template.yml" - "templates/redis.template.yml" - "templates/web.template.yml" - "templates/web.ratelimited.template.yml" ## Uncomment these two lines if you wish to add Lets Encrypt (https) # - "templates/web.ssl.template.yml" # - "templates/web.letsencrypt.ssl.template.yml" ## which TCP/IP ports should this container expose? ## If you want Discourse to share a port with another webserver like Apache or nginx, ## see https://meta.discourse.org/t/17247 for details expose: - "80" # - "80:80" # http # - "443:443" # https env: ## TODO: The domain name this Discourse instance will respond to DISCOURSE_HOSTNAME: first.forum.com VIRTUAL_HOST: 'first.forum.com,second.forum.com' LETSENCRYPT_HOST: 'first.forum.com,second.forum.com' LETSENCRYPT_EMAIL: 'firstname.lastname@example.org'
Once discourse is running, I run:
docker run --name nginx-proxy -p 80:80 -p 443:443 -v /var/discourse/host_nginx.conf:/etc/nginx/conf.d/host_nginx.conf:ro -v /var/discourse/certs:/etc/nginx/certs:ro -v /etc/nginx/vhost.d -v /usr/share/nginx/html -v /var/run/docker.sock:/tmp/docker.sock:ro --restart=always --detach jwilder/nginx-proxy docker run --name letsencrypt-companion -v /var/discourse/certs:/etc/nginx/certs:rw --volumes-from nginx-proxy -v /var/run/docker.sock:/var/run/docker.sock:ro --restart=always --detach jrcs/letsencrypt-nginx-proxy-companion
E ae Rafael! Hey Robert!
You guys explained and pointed perfectly, turns out the let’s wasn’t working because my root domain wasn’t registered as an domain at all!
worked, after following your instructions! (I was trying the Rafael links, but the Robert’s one, tried previously, outputted the same problem)
Cheers, guys! um abraço!
This is exactly what I am trying to get going!
Do you mind sharing content of your ‘host_nginx.conf’ (/var/discourse/host_nginx.conf:/etc/nginx/conf.d/host_nginx.conf)
host_nginx.conf file is surprisingly short!