awsdiscourse

Enable SSL in Discourse

NOTE: We are in the process of modifying the file structure and configuration for many Bitnami stacks. On account of these changes, the file paths stated in this guide may change depending on whether your Bitnami stack uses native Linux system packages (Approach A), or if it is a self-contained installation (Approach B). To identify your Bitnami installation type and what approach to follow, run the command below:

 $ test ! -f "/opt/bitnami/common/bin/openssl" && echo "Approach A: Using system packages." || echo "Approach B: Self-contained installation."

The output of the command indicates which approach (A or B) is used by the installation, and will allow you to identify the paths, configuration and commands to use in this guide. Refer to the FAQ for more information on these changes.

First, configure Apache to enable SSL connections. Then, force HTTPS for all Discourse links using one of the following options:

  • Enable the following option in the Discourse site_settings.yml configuration file.

    NOTE: Depending on your installation type, the Discourse site_settings.yml configuration file can be found in the following locations:

    • Approach A (Bitnami installations using system packages): /opt/bitnami/discourse/config/site_settings.yml

    • Approach B (Self-contained Bitnami installations): /opt/bitnami/apps/discourse/htdocs/config/site_settings.yml

      security:
        force_https:
          default: true
    

    NOTE: In older Discourse versions, the option name is use_ssl or use_https.

  • If the HTTPS port is not the standard port 443, update the HTTPS port entry in the database by following the steps below:

    • Log in to the server console.

    • Start the PostgreSQL command-line client and connect to the PostgreSQL database.

    • Execute the following SQL command, replacing the NEW_PORT placeholder with the number of the SSL port.

        bitnami_discourse=# UPDATE site_settings SET value = 'NEW_PORT' WHERE name = 'port'
      
  • Disable HTTP and redirect all requests to HTTPS URLs.

  • Restart the server:

      $ sudo /opt/bitnami/ctlscript.sh restart
    
Last modification June 16, 2021