Programster's Blog

Tutorials focusing on Linux, programming, and open source

Add SSL Certificates to Discourse

After having deployed discourse, you may wish to configure it to use SSL so that people can log in securely.

Steps

You need to place the certificate file at:

/var/discourse/shared/standalone/ssl/ssl.crt

... and your key file needs to be:

/var/discourse/shared/standalone/ssl/ssl.key

These files are inside a volume used by the container, which is why the names and paths are important to get exactly right.

Update App.yml

Go to your app.yml file and uncomment the line:

  #- "templates/web.ssl.template.yml"

... so it should look like:

...
templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - "templates/web.ratelimited.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
  - "templates/web.ssl.template.yml"
  #- "templates/web.letsencrypt.ssl.template.yml"
...

Certificate Bundle

Since the discourse server uses nginx, your ssl.crt file needs to contain your site certificate any any intermediary certificate files and in the correct order. For example, if you have my-site.crt and a certificate authority file of ca.crt, then you would need to do the following to create your certificate file:

cat my-site.crt > ssl.crt
echo "" >> ssl.crt
​cat ca.crt >> ssl.crt

It is very important that you get the order correct.

Reload Nginx

Finally, we need need to get nginx to reload to use these certificates. Enter the container and run:

nginx -t

Read the output to check that nginx is happy with the configuration, if not then you need to check your certificates. Once you have confirmed nginx is happy with your configuration, reload it with:

sudo nginx -s reload​