No internet connection

Talkyard with Nginx as reverse proxy and Letsencrypt for https [Mini tutorial]

By @Locatelli2020-05-18 06:17:49.259Z2020-05-19 15:04:25.711Z

Hello.

I finally made work my Talkyard instance with nginx as reverse proxy and letsencrypt for ssl, and it took me several hours so I thought I might leave this over here so others can do it in just minutes.

Environment is a VPS with Ubuntu 18.04.

1.. Follow the Talkyard official Install instructions at https://github.com/debiki/talkyard-prod-one UP TO STEP 6 ONLY.

2.. Now In the file /opt/talkyard/docker-compose.yml you must change this:

ports:
  - '80:80'
  - '443:443'

to this:

ports:
  - '8080:80'
  - '8443:443'

Or the port or number of your choice if you know what you are doing.

3.. Setup Talkyard to be able to work with https/ssl. If you don't do this it won't work:

sudo nano /opt/talkyard/conf/play-framework.conf 

now find:

talkyard.secure=false

and change it to:

talkyard.secure=true

4.. Now resume the official instructions at https://github.com/debiki/talkyard-prod-one from step 7 onwards . IMPORTANT: Ignore the HTTPS instructions present at that other doc at https://github.com/debiki/talkyard-prod-one/blob/master/docs/setup-https.md. They are confusing and don't work for what we want to do.

5.. Install nginx in your server:

sudo apt install nginx

6.. Create a new server block.

sudo nano /etc/nginx/sites-available/your.domain.com.conf

That file will be empty. Now fill it with the following (of course you need to replace your.domain.com with your actual subdomain. Remember talkyard only accepts subdomains):

server {
    listen 80;
    server_name your.domain.com;
    […]
    location /.well-known {
            alias /var/www/your.domain.com/.well-known;
    }
    location / {
        # proxy commands go here
        […]
    }
}

Save the file to /etc/nginx/sites-available/your.domain.com.conf and close the editor.

7.. Now follow the instructions in this post https://serverfault.com/a/784940 "LetsEncrypt with an nginx reverse proxy" in order to configure the nginx server block, get the Letsencypt certificate, and optionally set up automatic redirection to HTTPS.

8.. Now add the talkyard configuracion to the SSL part of your server block:

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  server_name talkyard.yourblog.com;

  # SSL config ...

  # Reverse proxy to Talkyard:
  location / {
    proxy_pass http://talkyard.yourblog.com:8080/;
    proxy_redirect http://talkyard.yourblog.com:8080/ https://talkyard.yourblog.com;
    proxy_http_version 1.1;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_read_timeout 120;
  }

Edit with your domain name. Now test nginx

sudo nginx -t

If there are problems, check for typos, etc. If everything is ok, enable the site:

sudo ln -s /etc/nginx/sites-available/your.domain.com.conf /etc/nginx/sites-enabled/

Now reload nginx

sudo systemctl reload nginx

If everything was ok, and you have have properly configured your domain at the DNS (which is outside the scope of this tutorial), then you should be able to see Talkyard working at your.domain.com.

I hope this was helpful.

  • 1 replies
  1. KajMagnus @KajMagnus2020-05-19 15:04:01.300Z

    Hi Locatelli, thanks for writing this — I now linked to this mini tutorial from the GitHub readme: https://github.com/debiki/talkyard-prod-one/tree/master#install-behind-nginx-reverse-proxy (and moved this topic to the Documentation category).

    @ others: That whole answer over at ServerFault, i.e.: https://serverfault.com/a/784940/44112 "LetsEncrypt with an nginx reverse proxy", is good to read all of it