Add SSL Certificates to Discourse
After having deployed discourse, you may wish to configure it to use SSL so that people can log in securely.
Steps
You need to place the certificate file at:
/var/discourse/shared/standalone/ssl/ssl.crt
... and your key file needs to be:
/var/discourse/shared/standalone/ssl/ssl.key
These files are inside a volume used by the container, which is why the names and paths are important to get exactly right.
Update App.yml
Go to your app.yml file and uncomment the line:
#- "templates/web.ssl.template.yml"
... so it should look like:
... templates: - "templates/postgres.template.yml" - "templates/redis.template.yml" - "templates/web.template.yml" - "templates/web.ratelimited.template.yml" ## Uncomment these two lines if you wish to add Lets Encrypt (https) - "templates/web.ssl.template.yml" #- "templates/web.letsencrypt.ssl.template.yml" ...
Certificate Bundle
Since the discourse server uses nginx, your ssl.crt
file needs to contain your site certificate any any intermediary certificate files and in the correct order. For example, if you have my-site.crt
and a certificate authority file of ca.crt
, then you would need to do the following to create your certificate file:
cat my-site.crt > ssl.crt
echo "" >> ssl.crt
cat ca.crt >> ssl.crt
Reload Nginx
Finally, we need need to get nginx to reload to use these certificates. Enter the container and run:
nginx -t
Read the output to check that nginx is happy with the configuration, if not then you need to check your certificates. Once you have confirmed nginx is happy with your configuration, reload it with:
sudo nginx -s reload​
First published: 16th August 2018