UPDATE: I looked through some old notes of when I got Discourse working on a previous server (although Nginx was on that same server). I followed Step 3 of this guide for generating the Let's Encrypt Key/Cert pair. Here is my Nginx conf file:
server {
listen 80; listen [::]:80;
server_name board.epochgames.co.uk;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
# The IP that you forwarded in your router (nginx proxy)
listen 443 ssl http2; listen [::]:443 ssl http2;
# Make site accessible from http://localhost/
server_name board.epochgames.co.uk;
root /home/lighttpd/http;
# SSL config
# ssl on;
ssl_certificate /etc/nginx/ssl/fullchain1.pem;
ssl_certificate_key /etc/nginx/ssl/privkey1.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# include /etc/nginx/snippets/ssl.conf;
# The internal IP of the VM that hosts your Apache config
set $upstream board.epochgames.co.uk;
location / {
# proxy_pass_header Authorization;
proxy_pass http://$upstream;
proxy_set_header Host $host;
proxy_set_header X-Forward-Proto $scheme; #X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
# proxy_set_header Connection "";
# proxy_buffering off;
# client_max_body_size 0;
proxy_read_timeout 90; #36000s;
proxy_redirect http://$upstream https://board.epochgames.co.uk;
}
}
And here are the results after restarting Nginx:
Domain Name | What Happens? |
---|---|
http://board.epochgames.co.uk/ | Redirects to https://board.epochgames.co.uk/ |
https://board.epochgames.co.uk/ | “Apache2 Ubuntu Default Page" It's identical to THIS page. |
http://board.epochgames.co.uk:2045 | “ Congratulations, you installed Discourse! ” (the message I expect to see) |
https://board.epochgames.co.uk:2045 | “ Secure Connection Failed: An error occurred during a connection to board.epochgames.co.uk:2045. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG” |
Let me make this clear: Apache is not installed on either the Nginx VM nor the Discourse VM! Ran an apt purge apache on both and the "apache" package was not found! |
So only difference now is https://board.epochgames.co.uk/. I remember running into the Apache Default Page before in a previous install of Discourse, but can't remember what fixed it. Any ideas?
Thanks for the link @JuergenAuer, but I don't believe this site is very straight-forward. So I sought out THIS guide to explain cerbot installation and went through the following steps:
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo vim /etc/nginx/sites-available/default
Added boards.epochgames.co.uk to the default
file. nginx -t
brought up an error about port 80 already being called, so I commented out server { listen 80; ... }
section in the board.epochgames.co.uk Nginx conf file. Now nginx -t
reports no errors.
So now I ran certbot --nginx
, where I "reinstalled" the existing certificate for board.epochgames.co.uk (and chose the Redirect
option). Got the Congratulations! You have successfully enabled https://board.epochgames.co.uk
message, restarted Nginx and tried out the site URLs again ... same results as before certbot install.
I don't think its the keys/certs anymore? I'm not really sure what to try next. I'm tempted to try installing Nginx straight to the Discourse VM itself and running through the Let's Encrypt key/cert process on that server, see if that does any good. Any ideas?