Discourse is one of the most popular open-source platforms for community discussion, widely used by startups, enterprises, and developer communities. While deploying it on AWS is generally straightforward, issues often arise when trying to set up Discourse on a secondary subdomain, such as forum.sub.example.com. In this blog post, we’ll explore common reasons why such setups fail, and how to troubleshoot them effectively.
Understanding the Setup
Before diving into the failure points, let’s understand the setup:
- Primary domain:
example.com - Subdomain used for Discourse:
sub.example.com - Secondary subdomain (where the problem occurs):
forum.sub.example.com - Hosting environment: AWS (typically EC2, with S3, Route 53, and sometimes CloudFront)
You might be trying to host Discourse on forum.sub.example.com, but find that the site won’t load or errors occur during configuration.
Common Causes of Failure
DNS Misconfiguration (Route 53 or External DNS)
The most common reason a secondary subdomain fails is due to incorrect DNS records. If you’re using Route 53 or any external DNS provider, ensure:
- An A record or CNAME exists for
forum.sub.example.com. - The record correctly points to your EC2 instance’s IP or load balancer (if using one).
- DNS propagation has completed (it can take up to 48 hours in some cases).
Improper Nginx or Reverse Proxy Configuration
Discourse uses Nginx internally as a reverse proxy. If you’re using an external Nginx, Apache, or AWS ALB/NLB, make sure the configuration correctly routes traffic for the secondary subdomain. Watch out for:
- The
server_namedirective in your Nginx config (it must matchforum.sub.example.com). - Conflicting configurations that capture the base domain (
sub.example.com) but ignore sub-subdomains.
Let’s Encrypt/SSL Issues
Discourse’s default install uses Let’s Encrypt for HTTPS. Problems can arise when Let’s Encrypt:
- Fails to verify
forum.sub.example.comdue to DNS or firewall issues. - Tries to issue a certificate for a domain that hasn’t propagated.
- Encounters rate limits due to multiple attempts.
Check Discourse logs (/var/discourse/shared/standalone/log/rails/production.log) and Let’s Encrypt logs for clues.
Firewall and Security Groups
AWS EC2 instances have security groups that act as virtual firewalls. Ensure the following:
- Ports 80 and 443 are open to the internet.
- No IP restrictions are blocking your own access.
- Network ACLs (if configured) are not denying inbound or outbound traffic.
Incorrect App.yml Configuration
Discourse is configured via the containers/app.yml file. Common mistakes include:
- Setting the
DISCOURSE_HOSTNAMEenvironment variable to the wrong subdomain. - Misconfigured SMTP settings that block email validation or admin setup.
- Forgetting to rebuild the app after making DNS or hostname changes:
cd /var/discourse
./launcher rebuild app
Tips for Debugging
Here are some actionable steps to identify and resolve the problem:
- Use
digornslookupto verify DNS propagation:
dig forum.sub.example.com
- Check Nginx error logs:
sudo tail -f /var/log/nginx/error.log
- Inspect Discourse logs:
bash
CopyEdit
tail -f /var/discourse/shared/standalone/log/rails/production.log
- Use HTTPS testing tools (like SSL Labs) to validate certificate issues.
Conclusion
Setting up Discourse on a secondary subdomain within AWS can be challenging due to the interplay between DNS, SSL, firewalls, and application configuration. By systematically checking each layer — from DNS to Discourse’s internal setup — you can resolve most of these issues without needing to rebuild from scratch.
If you’re still stuck, consider checking the Discourse Meta forums or AWS support for help. Community forums often have threads that address even the most obscure bugs or edge cases.
If you have any problem you can also visit askfullstack.com