I have seen a couple of tutorials that explain how to do this but in different ways which does not help me. Is there a way to make a apache virtual host config for Discourse so that a specific domain redirects to the software just like adding other websites and respective domains?
Thank you.
Yes. Those tutorials explain how.
Or, if you mean can you run discourse without docker and having apache as a reverse proxy, the answer is no.
For $5/month you an avoid that pain.
Thanks for the reply.
I am running it off a VPS. I have Apache installed and I am not too experienced with websites. I am looking at this, Running other websites on the same machine as Discourse
But with that it seems like I have to use Nginx because of the config files, but my question is, can I do the same with but with Apache?
Yeah I was looking at that too. He covered it for CentOS and not Ubuntu, some parts are unclear to me
If you aren’t familiar with this (and don’t want to become), I really recommend ditching Apache and running only Discourse in the VPS. If you need to run more stuff, get a VPS for Apache stuff and another for Discourse.
So I switched over to Nginx and everything is working. I believe SSL is setup properly but on chrome, it gives me the message “Your connection to this site is not fully secure”. Force HTTPs is on
The SSL is setup with the nginx service inside the container. If the container is exposed to the internet and you access it directly from the browser (default discourse installation), you will have SSL.
But if you put a reverse proxy in front of it (be it Apache, Nginx, or some 3rd party service, like Cloudflare), you will have to ensure that the connection between the browser and the reverse proxy is secure.
So, in your case, you will have to generate certificates for the nginx reverse proxy (I don’t think you need to add the SSL templates from discourse because the container is not exposed directly to the internet; you can, but don’t need).
You can take a look in how to do that using Let’s Encrypt (free, the same that is used in the default installation of Discourse, but in this case for the nginx outside the container).
TL;DR The nginx that acts as a reverse proxy needs SSL. The nginx that is inside the container doesn’t need SSL (assuming you are accessing from the same machine).
So to have security between browser and reverse proxy, I need to configure SSL in the nginx configuration file?
Thanks
This is my config here, what else do I need to add?
server {
listen 80; listen [::]:80;
server_name a1rp.xyz; # <-- change this
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2; listen [::]:443 ssl http2;
server_name a1rp.xyz; # <-- change this
ssl on;
ssl_certificate /var/discourse/shared/standalone/ssl/a1rp.xyz.cer;
ssl_certificate_key /var/discourse/shared/standalone/ssl/a1rp.xyz.key;
ssl_dhparam /var/discourse/shared/standalone/ssl/dhparams.pem;
ssl_session_tickets off;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
http2_idle_timeout 5m; # up from 3m default
location / {
proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
}
}
Make sure to:
templates (in app.yml) . If you are using letsencrypt you will have two:# - "templates/web.ssl.template.yml"
# - "templates/web.letsencrypt.ssl.template.yml"
- "templates/web.socketed.template.yml"
# - "80:80" # http
# - "443:443" # https
(or you may expose other ports like 8080:80 and 8443:443 and instead of using a socket in the next step you can redirect to an upstream that points to localhost:80 and/or localhost:443)
proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock;
I think you need to add : at the end of the socket:
proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
/var/discourse/shared/standalone/ssl/. Do you have them? I’m assuming you already own the domain a1rp.xyz and read about how to generate ssl certificates in the letsencrypt site. Also keep in mind that discourse handles the renewal of certificates for you in the default install, but in you case you would have to handle it (with a cronjob, for example), otherwise your certificates will expire after 3 months.See:
Yeah I have all of what you said to do in the app config (including the post correcting some things). As far as the :, I don’t think it makes a difference. There was a post saying there shouldn’t be a : there too. The SSL files I also already have
So I fixed the problem. Someone mentioned the favicon showing in http which is why it gave the error. I uploaded something else and deleted it, now the site is fully https 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.