I don’t have an example with me because I don’t use a proxy in front, although I think I implemented it some time ago. In any case, there’s no secret, it should be as you do with other reverse proxies. The following is just an overview of what should be done using ports (and not sockets):
-
Make sure you have a Wordpress service running in a port that’s not 80 and 443 (example: 8443) and working. You can try to expose it to the internet first to see if it’s working.
-
Make the same with discourse, mapping to different ports.
Change:
expose:
- "80:80" # http
- "443:443" # https
To (for example):
expose:
- "8081:80" # http
- "8444:443" # https
In your app.yml file (if you don’t have, I advise to run discourse in a standalone machine following the official guide just to see how it works, and take a look at the generated app.yml file at /var/discourse/containers/). Here is a sample of the app.yml file: discourse_docker/samples/standalone.yml at master · discourse/discourse_docker · GitHub
- Install nginx and in its configuration file, add the proxy directives. They should be similar to the following sample excerpt:
upstream blog {
server localhost:8080;
}
server {
server_name blog.barinaklar.com;
server_tokens off;
listen 80;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://blog.barinaklar.com$request_uri;
}
}
server {
server_name blog.barinaklar.com;
server_tokens off;
listen 443 ssl;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
proxy_pass http://blog;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
upstream forum {
server localhost:8081;
}
server {
server_name forum.barinaklar.com;
server_tokens off;
listen 80;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://forum.barinaklar.com$request_uri;
}
}
server {
server_name forum.barinaklar.com;
server_tokens off;
listen 443 ssl;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
proxy_pass http://forum;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
This assumes you have Wordpress running in port 8080 and Discourse running in port 8081). Make sure to put a firewall to block access to these ports (cloud providers commonly block all ports by default, except 22, so it should may not be needed).
In this case you should be responsible of generating the ssl/tls certificates (you can do it with certbot running periodically in a cron job, so I already included the paths /.well-known/acme-challenge/ in the nginx configuration).
As I said above, this is just an overview and there might be something that I overlooked. You should pay special attention to the base url due to the change in ports (to see if doesn’t try to redirect the user to https://yourdomain:8081 instead of https://yourdomain, and make changes to make it work if needed).
This might not be needed if Wordpress is running in a container with port 80 or 443 inside the container. With discourse it should be ok too. The problem that may arise is regarding https, it may redirect to http because it is using the http port in the proxy, so you might need to see if it happens and fix it in such case.