Discourse is installed on Google Compute VM machine with no SSL certificates on this server. Force_https discourse setting is set to true (checked to force https).
We have the front end running with ‘Google Load Balancer’ with HTTPS certificate attached at Load balancer level.
Google Oauth credentials settings has both http and https callback URL’s set up.
User Request HTTPS.www.truvisa.com -> Google Load balancer -> HTTP Discourse on Google Compute engine.
User tries to log-in with Google OAuth. Works fine and user is logged in.
Problem:
User Request HTTP -> Google Load balancer -> HTTP Discourse on Google Compute engine.
The http://www.truvisa.com url works fine. We actually expected this to be redirected to HTTPs (as we have force https enabled), but it did not work.
User tries to log-in with Google OAuth. User cannot log-in.
What we think is happening:
I searched through the discourse forum for a solution and understand that Google load balancer (a proxy in our case) need to send the X-Forwarded-Proto header for discourse to redirect the http request to https version.
Google load balancer does send this X-Forwarded-Proto to discourse installation server.
My question:
Is there anything that needs to be changed in Discourse set up anywhere to make this work?
Are we missing any kind of redirection from http to https setting in default discourse install?
Take a look at the templates/cloudflare.template.yml file. Basically, you need to insert set_real_ip_from directives for the full list of load balancer IPs.
Thanks Kane for your help, but the primary problem is something else.
After further analysis, I think what we need is this redirection rule on Discourse Nginx config:
server {
listen 80;
server_name www.example.org;
if ($http_x_forwarded_proto != "https") {
rewrite ^(.*)$ https://$server_name$REQUEST_URI permanent;
}
}
This is because if the User is on HTTPS url and tries to log in with Google OAuth, it works fine. So, our primary problem is only related to redirection of http to https domain always.
I tried adding the above rule to app.yml file inside after_web_config and rebuild. It, then shows the nginx welcome screen