Question

How to install ssl certicate on Discourse one-click install droplet

  • Posted December 13, 2015
  • Nginx

How to install ssl certicate on Discourse one-click install droplet?

How can I access Nginx server block configuration directory in Discourse one-click install?

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

in 2017 I found that if you just run ./discourse-setup in the /var/discourse/ folder again, it’ll set up let’s encrypt automatically. You’ve got to stop nginx (which is dead anyway) though with systemctl stop nginx and the app itself with ./launcher stop app.

This comment has been deleted

So, I found the answer here: https://meta.discourse.org/t/allowing-ssl-https-for-your-discourse-docker-setup/13847

And successfully added SSL to my one-click Discourse droplet install digital ocean.

Below is copy of the written directions from the https://meta.discourse.org/t/allowing-ssl-https-for-your-discourse-docker-setup/13847

By Sam Saffron co-founder

So you’d like to enable SSL for your Docker-based Discourse setup? Let’s do it!

This guide assumes you used all the standard install defaults – a container configuration file at/var/discourse/containers/app.>yml and Discourse docker is installed at: /var/discourse

Buy a SSL Certificate

Go to namecheap468 or some other SSL cert provider and purchase a SSL cert for your domain. Follow all the step documented by >them to generate private key and CSR and finally get your cert. I used the apache defaults, they will work fine.

Keep your private key and cert somewhere safe.

Place the Certificate and Key

Get a signed cert and key and place them in the /var/discourse/shared/standalone/ssl/ folder

Private key is:

/var/discourse/shared/standalone/ssl/ssl.key

Cert is

/var/discourse/shared/standalone/ssl/ssl.crt

File names are critical do not stray from them or your nginx template will not know where to find the cert.

Have a look at your app.yml configuration file to see where the shared folder is mounted.

volumes:

  • volume: host: /var/discourse/shared/standalone guest: /shared In essence the files must be located at /shared/ssl/ssl.key /shared/ssl/ssl.crt inside the container.

For all clients to find a path from your cert to a trusted root cert (i.e., not give your users any warnings), you may need to >concatenate the cert files from your provider like so:

cat “Your PositiveSSL Certificate” “Intermediate CA Certificate” “Intermediate CA Certificate” >> ssl.crt Configure NGINX

Add a reference to the nginx ssl template from your app.yml configuration file:

templates:

  • “templates/postgres.template.yml”
  • “templates/redis.template.yml”
  • “templates/sshd.template.yml”
  • “templates/web.template.yml”
  • “templates/web.ssl.template.yml” Configure your Docker Container

Tell your container to listen on SSL

expose:

  • “80:80”
  • “2222:22”
  • “443:443” Bootstrap your Docker Container

Rebuild your app

./launcher rebuild app Profit, you are done!

Troubleshooting

Be sure to read through the logs using

./launcher logs app If anything goes wrong.

You install via docker or from source code

This comment has been deleted

This comment has been deleted