berliner
By:
berliner

How to install ssl certicate on Discourse one-click install droplet

December 13, 2015 3.3k views
Nginx

How to install ssl certicate on Discourse one-click install droplet?

How can I access Nginx server block configuration directory in Discourse one-click install?

7 Answers

You install via docker or from source code

So, I found the answer here: https://meta.discourse.org/t/allowing-ssl-https-for-your-discourse-docker-setup/13847

And successfully added SSL to my one-click Discourse droplet install digital ocean.

Below is copy of the written directions from the https://meta.discourse.org/t/allowing-ssl-https-for-your-discourse-docker-setup/13847

By Sam Saffron co-founder

So you'd like to enable SSL for your Docker-based Discourse setup? Let's do it!

This guide assumes you used all the standard install defaults -- a container configuration file at/var/discourse/containers/app.>yml and Discourse docker is installed at: /var/discourse

Buy a SSL Certificate

Go to namecheap468 or some other SSL cert provider and purchase a SSL cert for your domain. Follow all the step documented by >them to generate private key and CSR and finally get your cert. I used the apache defaults, they will work fine.

Keep your private key and cert somewhere safe.

Place the Certificate and Key

Get a signed cert and key and place them in the /var/discourse/shared/standalone/ssl/ folder

Private key is:

/var/discourse/shared/standalone/ssl/ssl.key

Cert is

/var/discourse/shared/standalone/ssl/ssl.crt

File names are critical do not stray from them or your nginx template will not know where to find the cert.

Have a look at your app.yml configuration file to see where the shared folder is mounted.

volumes:

  • volume: host: /var/discourse/shared/standalone guest: /shared In essence the files must be located at /shared/ssl/ssl.key /shared/ssl/ssl.crt inside the container.

For all clients to find a path from your cert to a trusted root cert (i.e., not give your users any warnings), you may need to >concatenate the cert files from your provider like so:

cat "Your PositiveSSL Certificate" "Intermediate CA Certificate" "Intermediate CA Certificate" >> ssl.crt
Configure NGINX

Add a reference to the nginx ssl template from your app.yml configuration file:

templates:

  • "templates/postgres.template.yml"
  • "templates/redis.template.yml"
  • "templates/sshd.template.yml"
  • "templates/web.template.yml"
  • "templates/web.ssl.template.yml" Configure your Docker Container

Tell your container to listen on SSL

expose:

  • "80:80"
  • "2222:22"
  • "443:443" Bootstrap your Docker Container

Rebuild your app

./launcher rebuild app
Profit, you are done!

Troubleshooting

Be sure to read through the logs using

./launcher logs app
If anything goes wrong.

edited by asb

in 2017 I found that if you just run ./discourse-setup in the /var/discourse/ folder again, it'll set up let's encrypt automatically. You've got to stop nginx (which is dead anyway) though with systemctl stop nginx and the app itself with ./launcher stop app.

Have another answer? Share your knowledge.