Wanting to run Discourse alongside apache

I have seen a couple of tutorials that explain how to do this but in different ways which does not help me. Is there a way to make a apache virtual host config for Discourse so that a specific domain redirects to the software just like adding other websites and respective domains?

Thank you.

1 Like

Yes. Those tutorials explain how.

Or, if you mean can you run discourse without docker and having apache as a reverse proxy, the answer is no.

For $5/month you an avoid that pain.

2 Likes

Thanks for the reply.

I am running it off a VPS. I have Apache installed and I am not too experienced with websites. I am looking at this, Running other websites on the same machine as Discourse

But with that it seems like I have to use Nginx because of the config files, but my question is, can I do the same with but with Apache?

1 Like

Have a look at How to set up Discourse on a server with existing Apache sites

2 Likes

Yeah I was looking at that too. He covered it for CentOS and not Ubuntu, some parts are unclear to me

1 Like

If you aren’t familiar with this (and don’t want to become), I really recommend ditching Apache and running only Discourse in the VPS. If you need to run more stuff, get a VPS for Apache stuff and another for Discourse.

6 Likes

So I switched over to Nginx and everything is working. I believe SSL is setup properly but on chrome, it gives me the message “Your connection to this site is not fully secure”. Force HTTPs is on

2 Likes

The SSL is setup with the nginx service inside the container. If the container is exposed to the internet and you access it directly from the browser (default discourse installation), you will have SSL.

But if you put a reverse proxy in front of it (be it Apache, Nginx, or some 3rd party service, like Cloudflare), you will have to ensure that the connection between the browser and the reverse proxy is secure.

So, in your case, you will have to generate certificates for the nginx reverse proxy (I don’t think you need to add the SSL templates from discourse because the container is not exposed directly to the internet; you can, but don’t need).

You can take a look in how to do that using Let’s Encrypt (free, the same that is used in the default installation of Discourse, but in this case for the nginx outside the container).

TL;DR The nginx that acts as a reverse proxy needs SSL. The nginx that is inside the container doesn’t need SSL (assuming you are accessing from the same machine).

3 Likes

So to have security between browser and reverse proxy, I need to configure SSL in the nginx configuration file?

Thanks

2 Likes

This is my config here, what else do I need to add?

server {
listen 80; listen [::]:80;
server_name a1rp.xyz; # <-- change this

return 301 https://$host$request_uri;

}

server {
listen 443 ssl http2; listen [::]:443 ssl http2;
server_name a1rp.xyz; # <-- change this

ssl on;
ssl_certificate      /var/discourse/shared/standalone/ssl/a1rp.xyz.cer;
ssl_certificate_key  /var/discourse/shared/standalone/ssl/a1rp.xyz.key;
ssl_dhparam          /var/discourse/shared/standalone/ssl/dhparams.pem;
ssl_session_tickets off;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;

http2_idle_timeout 5m; # up from 3m default

location / {
    proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock;
    proxy_set_header Host $http_host;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Real-IP $remote_addr;
}

}

Make sure to:

  1. Comment out all ssl templates in the templates (in app.yml) . If you are using letsencrypt you will have two:
# - "templates/web.ssl.template.yml"
# - "templates/web.letsencrypt.ssl.template.yml"
  1. Add a socket template:
- "templates/web.socketed.template.yml" 
  1. Comment out all exposed ports:
# - "80:80"   # http
# - "443:443" # https

(or you may expose other ports like 8080:80 and 8443:443 and instead of using a socket in the next step you can redirect to an upstream that points to localhost:80 and/or localhost:443)

  1. You have:
proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock;

I think you need to add : at the end of the socket:

proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
  1. You need to have the ssl certificate files at /var/discourse/shared/standalone/ssl/. Do you have them? I’m assuming you already own the domain a1rp.xyz and read about how to generate ssl certificates in the letsencrypt site. Also keep in mind that discourse handles the renewal of certificates for you in the default install, but in you case you would have to handle it (with a cronjob, for example), otherwise your certificates will expire after 3 months.

See:

1 Like

Yeah I have all of what you said to do in the app config (including the post correcting some things). As far as the :, I don’t think it makes a difference. There was a post saying there shouldn’t be a : there too. The SSL files I also already have

So I fixed the problem. Someone mentioned the favicon showing in http which is why it gave the error. I uploaded something else and deleted it, now the site is fully https :slight_smile:

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.