Since Discourse ships with Nginx, and SSL is an officially-supported option, will there be any kind of update automatically pushed out to disable SSLv3 to protect against the newly-announced POODLE vulnerability?
A nice summary from Digital Ocean:
How To Protect your Server Against the POODLE SSLv3 Vulnerability | DigitalOcean
If this isn’t something that can be pushed out automatically with an update, can someone either write up a fix document or maybe update the HOWTO for SSL?
So you’d like to enable SSL for your Docker-based Discourse setup? Let’s do it!
This guide assumes you used all the standard install defaults – a container configuration file at/var/discourse/containers/app.yml and Discourse docker is installed at: /var/discourse
Buy a SSL Certificate
namecheap or some other SSL cert provider and purchase a SSL cert for your domain. Follow all the step documented by them to generate private key and CSR and finally get your cert. I used the apache default…