SSL for Discourse with Let's Encrypt
This all assumes you already have a running installation of Discourse on a Linux host.
There is already a great guide on setting up Discourse with SSL but I wanted to share the setup process I used specifically for Let's Encrypt which deviates slightly.
Head over to the Let's Encrypt docs for the official Let's Encrypt documentation.
Stop your Discourse container if it is already running.Let's Encrypt will need port 80 available to perform the domain verification. From /var/discourse:
./launcher stop [container name]
Download the Let's Encrypt client
git clone https://github.com/letsencrypt/letsencrypt
Run letsencrypt-auto in standalone mode. This is the best method to use (currently) since the nginx plugin isn't available yet and we will be using the certificate within a container once we get them.
git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt
./letsencrypt-auto certonly --standalone
Follow the prompts from letsencrypt. As it tells you when it completes, your certificates will be stored in
If you go there you will see four files:
Create SSL Directory in DiscourseCreate
/var/discourse/shared/standalone/sslif it does not already exist.
Update Discourse ConfigOpen
Add SSL TemplateAdd
"templates/web.ssl.template.yml"to your list of templates.
templates: - "templates/postgres.template.yml" - "templates/redis.template.yml" - "templates/sshd.template.yml" - "templates/web.template.yml" - "templates/web.ssl.template.yml"
Add listener for SSLAdd
"443:443"to allow your container to listen on port 443.
expose: - "80:80" - "2222:22" - "443:443"
Add Mount to Let's EncryptRather than copy your certificates into Discourse we will set up a mount point for the container. Still in app.yml, go down to the volumes section. If you haven't made any other modifications you will see the following:
volumes: - volume: host: /var/discourse/shared/standalone guest: /shared - volume: host: /var/discourse/shared/standalone/log/var-log guest: /var/log
Add an entry for Let's Encrypt:
volumes: - volume: host: /var/discourse/shared/standalone guest: /shared - volume: host: /var/discourse/shared/standalone/log/var-log guest: /var/log - volume: host: /etc/letsencrypt/ guest: /etc/letsencrypt/
Update SSL TemplateBy default
/var/discourse/shared/standalone/sslfor certificate information.
Update the template to point to your certificate and key located in the letsencrypt directory.
ssl_certificate /shared/ssl/ssl.crt; ssl_certificate_key /shared/ssl/ssl.key;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
Rebuild Your ContainerFrom
./launcher rebuild [your container name].A full rebuild is necessary to incorporate all the changes.
Once the container is rebuilt and running navigate to your domain and enjoy your new encrypted connection!
- Next: hubot-remote-ark