Forem Creators and Builders

Sergio Sánchez Zavala
Sergio Sánchez Zavala

Posted on

www. or nah

Hi! I recently deployed a forem selfhost on Digital Ocean. I'm still working customizing it and I'm amazed at how easy this was, thanks for the amazing tool!

I have a question, that I also realize might not be forem-specific but maybe?

I have my forem at www.tacosdedatos.dev if I go to tacosdedatos.dev on my computer browser it'll redirect me to www.tacosdedatos.dev no problem but if I try the same on my mobile, it doesn't work.

I added the appropriate records on Google domains and digital ocean. My question is, after deploying, can I change the URL to just be tacosdedatos.dev (no www) as I specified on the setup.yml at deployment? If not, has anyone else faced this same issue (mobile not redirecting appropriately)?

The error I get is

An SSL error has occurred and a secure connection to the server cannot be made.

NSURLErrorDomain
Enter fullscreen mode Exit fullscreen mode

Thanks in advance for any help and please let me know if I need to be more detailed (this is my first time doing this).

Discussion (26)

Collapse
coffeecraftcode profile image
Christina Gorton

@chekos I have a namecheap domain name and I was able to set up a redirect there in the advanced DNS area. I am not sure what domain provider you have but you may want to check there like @akhil suggested.

Example of my DNS setup:
DNS setup on namecheap

Collapse
chekos profile image
Sergio Sánchez Zavala Author

thank you! I have that set up in Google domains, for some reason it only works on desktop. On desktop I can visit tacosdedatos.dev and it works, on mobile I have to use tacosdedatos.dev 🤷🏻‍♂️ I'm still investigating 🕵️🏻‍♂️

Collapse
coffeecraftcode profile image
Christina Gorton

As a side note, I love that domain name!

Thread Thread
chekos profile image
Sergio Sánchez Zavala Author

thank you!! I'm v lucky no one snagged it before lol

Collapse
akhil profile image
Akhil Naidu

Check tacosdedatos.dev in your mobile.

If the above link was working in your mobile => force SSL and WWW(via 301 Redirect)

Collapse
manuel profile image
Manuel

Hi Christina,

Did you also add a URL Redirect record on the advanced DNS area on Namecheap? If so could you please share it? I tried couple of things but didnt work so far.

Thanks!

Collapse
chekos profile image
Sergio Sánchez Zavala Author

@akhil thanks so much for your help!

I had a typo in my DNS records which is why I kept getting the SSL error. I should have double checked all this before!

I'd still like to have my forem at my domain without www - I tried updating the ansible settings to @ , "", and even updating the app_domain in setup.yml so it would be just the domain without the subdomain www. None of these attempts worked. Is there a way to have my forem at a domain without www? (let me know if I should move this to another discussion or a GitHub issue instead of following up on this thread)

Collapse
akhil profile image
Akhil Naidu

If you can use forem.dev, it should means that Forem selfhost is working. Forem.dev is based on Forem selfhost which is backed by Forem selfhost(there might be few configuration and specification chnages).

So, I would suggest you to recheck things properly this time and confirm things.

Collapse
chekos profile image
Sergio Sánchez Zavala Author

Where can I see those configuration and specification changes?

Thread Thread
akhil profile image
Akhil Naidu • Edited

See, What I'm trying to say was, Forem cloud is not a single instance like how individuals host(It is a premium cloud platform) => rather than using ansible they might be using terraform or other Infrastructure as code tools (like Chef or Puppet or Saltstack)

Whatever is the case, it is for the maintanance of the multiple Forems, it is no way related to the code base. Both Forem cloud and Forem selfhost will use the same Fedora CoreOS image.


This concludes that, if you can access forem.dev without www, => you can also do the same to your selfhoted Forem. Failing to do it doesn't mean there are red flags to raise an issue.

Thread Thread
chekos profile image
Sergio Sánchez Zavala Author

Rather than knowing whether it's possible or not, I'd like to know how to do it. Do you have any idea how to do it using forem selfhost?

Thread Thread
akhil profile image
Akhil Naidu • Edited

There is a reason it is called as self host, anyways here it goes again:

  1. In your setup.yml => use "@" as subdomain
  2. Redeploy to digital ocean
  3. Update your DNS A record to "@" and "IP"
  4. While accessing your website => don't use www in the URL

That's it.


If you still have issue, I wont be much of help. You should contact the Forem team.

Thread Thread
chekos profile image
Sergio Sánchez Zavala Author

I'm asking because you already said this, I tried it and it didn't work.

If the #help tag is not for asking help about these things kindly let me know so I move to more appropriate channels.

Thread Thread
akhil profile image
Akhil Naidu • Edited

Hey, if my language sounded rude, reconsider it. I'm not a member of Forem and I'm helping the new community members launch their Forem on my free time.

This Forem.dev is meant to help community builders. And also the best place to get help.

I tried to help my best out of my time. I'm done with it.

Thread Thread
chekos profile image
Sergio Sánchez Zavala Author

thank you for taking the time to help however you could! I learned a few things along the way.

Collapse
djuber profile image
Daniel Uber

Hi Sergio,

if I go to tacosdedatos.dev on my computer browser it'll redirect me to tacosdedatos.dev no problem

This is probably the browser rewriting the url for you, and not the server redirecting, the two http names redirect to https:// but preserve the original name. It's possible that the mobile browser isn't doing this url fixup for you and the desktop browser is.

after deploying, can I change the URL

I don't think this is along the "happy path" of things the selfhost recipe makes easy.

I have heard from other users that this setup is achievable in Cloudflare, if you move your DNS there. The forem instance would only see traffic on the www subdomain and the ssl would work (it already does). I think this is what dev.to is doing in reverse, all traffic to dev.to is redirected to dev.to by cloudflare. community.cloudflare.com/t/the-per... might cover that use case accurately. This is the easist fix as long as you want the www subdomain to continue to work as well, and expect all traffic to be redirected to the same location at tacosdedatos.dev/ which already works. It looks like Christina said this is doable in Namecheap, also. I don't know what that would look like for a Google domain.

If you originally deployed with subdomain www, and don't want that subdomain to work at all, or need it to redirect, and for all requests to use the base domain only, (you only want tacosdedatos.dev/ to work), you can redeploy using no subdomain (this probably replaces your data, if you've done much setup already besides deploying).

Collapse
djuber profile image
Daniel Uber • Edited

Otherwise, if you wanted to use both names, and can't do this via a DNS redirect or rule, it's likely possible, but definitely untested, and not something the selfhost deploy recipe will handle for you. I can't stress strongly enough that if you're going to edit the traefik configuration files that you make a backup copy before you do. I did not test this and it might cause the service to fail to start completely.


Warranty void if cover removed

The core issue is that while the DNS setup sends all traffic for both names to your forem server, only the one name (www) is available for https traffic. Apart from the APP_DOMAIN environment variable in /opt/forem/envs/rails.env, the main issue is the traefik http router.

It also appears that there is no SSL certificate valid for tacosdedatos.dev answering (there is for tacosdedatos.dev only). These are requested from letsencrypt based on the traefik configuration. The static config /opt/forem/configs/traefik/traefik.toml handles the redirect to secure, and the configuration to use letsencrypt as the certificate authority is configured there, and reading traefik's documentation suggests the domains to request certificates for go into the dynamic config /opt/forem/configs/traefik/dynamic.toml. This is setup in the selfhost ansible template here.

The "app_domain" used during the deployment script gets interpolated into the rule for the "forem" router - it's possible that adding a second rule or amending the existing router's rule to include both tacosdedatos.dev and tacosdedatos.dev (see doc.traefik.io/traefik/routing/rou... for how this looks) would work.

Assuming you had a line like this in the http.routers.forem section of the dynamic config file

 rule = "Host(`www.tacosdedatos.dev`) && Method(`GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `HEAD`)"
Enter fullscreen mode Exit fullscreen mode

You might want instead this rule to handle routing requests (accept either www or the apex domain as a host):

rule = "( Host(`www.tacosdedatos.dev`) || Host(`tacosdedatos.dev`) ) && Method(`GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `HEAD`)"
Enter fullscreen mode Exit fullscreen mode

I am reading the docs here, and not testing, but it looks like the domains can be added to the issued certificate by putting the SAN (subject alternate name) in the routers.forem.tls.domains section (this does not exist yet). See doc.traefik.io/traefik/routing/rou... for this sections documentation.

It's possible that means the dynamic config/routers section might need to look like this, restart the traefik service, and try both domains (the traefik docs suggest this will validate both names when letsencrypt issues the certificate).

        [http.routers]
          [http.routers.forem]
            entrypoints= ["web", "websecure"]
            rule = "(Host(`www.tacosdedatos.dev`)  || Host(`tacosdedatos.dev`) ) && Method(`GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `HEAD`)"
            service = "forem"
            middlewares = ["security"]
            [http.routers.forem.tls]
              certResolver = "forem"
              [[http.routers.forem.tls.domains]]
                 main = "tacosdedatos.dev"
                 sans = ["www.tacosdedatos.dev"]
Enter fullscreen mode Exit fullscreen mode

I'm not aware of anything that redirects from one name to the other (that appears to be setup between the APP_DOMAIN environment variable and the app domain general setting in the rails app, handling one redirect from the original APP_DOMAIN in the environment file, to the configured domain from the settings), if the same resource is available both at the www and apex domain url there might be some implications to SEO. I don't see an option to set the app_domain in the settings page in admin (I'm possibly missing something obvious) - but it would be in the site_configs table or set by saving Settings::General.app_domain from ruby. If you're seeing both domains resolving and not one redirecting to the other, leveraging this redirect (where the environment variable is valid, but redirect to the setting when the setting differs) might do it.

Collapse
chekos profile image
Sergio Sánchez Zavala Author

wow thank you so much!! This was fantastic!!!

this actually helped me move my forem instance from tacosdedatos.dev to tacosdedatos.com without issues 💖 (just updating the rails.env and dynamic.toml files, for others that might be interested).

Thank you again, this was very helpful and illuminating!!

Collapse
akhil profile image
Akhil Naidu

See this is not an issue with self-host Forem. Depending upon your DNS provider check the documentation to create a 301 Redirect. 301 Redirect for @ -> www

Collapse
chekos profile image
Sergio Sánchez Zavala Author

what I'm hoping to do is not have www. at all, I deployed following the selfhost guide and used forem_subdomain_name: www in my setup.yml

I'm hoping to not have to have to use www and redirecting from www. to @ doesn't work.

Collapse
akhil profile image
Akhil Naidu • Edited

As you installed forem on subdomain www, you cannot access your Forem via root domain.

I haven't check this yet, but rather than using www as subdomain => try using @(means root). Now you can access your community on https://your-domain.com only.

Let me know your result in the above sever configuration => if it works then its good, or else I will look into it.

Thread Thread
chekos profile image
Sergio Sánchez Zavala Author

I tried switching to @ instead of www and now I get this error and I couldn't access it at all. Now I tried switching back to the default settings and I get this error 😭

error

Thread Thread
akhil profile image
Akhil Naidu

You switch to @, but why do you seach for a domain with www

Also, make sure you edited domain settings in your ansible settings and push those changes to digital ocean => then chage DNS settings.

Thread Thread
chekos profile image
Sergio Sánchez Zavala Author

I didn't get this error when I switched to @. Apologies, I must have not edited my comment.

this is what I get after reverting all changes back to the original settings.

Collapse
chekos profile image
Sergio Sánchez Zavala Author

I see others are having this same issue:
github.com/forem/selfhost/issues/24

Collapse
akhil profile image
Akhil Naidu

An SSL error has occurred and a secure connection to the server cannot be made.

Also, enforce https in your domain providor.