Hi! I recently deployed a forem selfhost on Digital Ocean. I'm still working customizing it and I'm amazed at how easy this was, thanks for the amazing tool!
I have a question, that I also realize might not be forem-specific but maybe?
I have my forem at www.tacosdedatos.dev if I go to tacosdedatos.dev on my computer browser it'll redirect me to www.tacosdedatos.dev no problem but if I try the same on my mobile, it doesn't work.
I added the appropriate records on Google domains and digital ocean. My question is, after deploying, can I change the URL to just be tacosdedatos.dev (no www) as I specified on the setup.yml at deployment? If not, has anyone else faced this same issue (mobile not redirecting appropriately)?
The error I get is
An SSL error has occurred and a secure connection to the server cannot be made.
NSURLErrorDomain
Thanks in advance for any help and please let me know if I need to be more detailed (this is my first time doing this).
Top comments (27)
@akhil thanks so much for your help!
I had a typo in my DNS records which is why I kept getting the SSL error. I should have double checked all this before!
I'd still like to have my forem at my domain without
www
- I tried updating the ansible settings to@
,""
, and even updating theapp_domain
insetup.yml
so it would be just the domain without the subdomainwww
. None of these attempts worked. Is there a way to have my forem at a domain withoutwww
? (let me know if I should move this to another discussion or a GitHub issue instead of following up on this thread)If you can use
forem.dev
, it should means that Forem selfhost is working. Forem.dev is based on Forem selfhost which is backed by Forem selfhost(there might be few configuration and specification chnages).So, I would suggest you to recheck things properly this time and confirm things.
Where can I see those configuration and specification changes?
See, What I'm trying to say was, Forem cloud is not a single instance like how individuals host(It is a premium cloud platform) => rather than using ansible they might be using terraform or other Infrastructure as code tools (like Chef or Puppet or Saltstack)
Whatever is the case, it is for the maintanance of the multiple Forems, it is no way related to the code base. Both Forem cloud and Forem selfhost will use the same Fedora CoreOS image.
This concludes that, if you can access forem.dev without www, => you can also do the same to your selfhoted Forem. Failing to do it doesn't mean there are red flags to raise an issue.
Rather than knowing whether it's possible or not, I'd like to know how to do it. Do you have any idea how to do it using forem selfhost?
There is a reason it is called as
self host
, anyways here it goes again:That's it.
If you still have issue, I wont be much of help. You should contact the Forem team.
I'm asking because you already said this, I tried it and it didn't work.
If the #help tag is not for asking help about these things kindly let me know so I move to more appropriate channels.
Hey, if my language sounded rude, reconsider it. I'm not a member of Forem and I'm helping the new community members launch their Forem on my free time.
This Forem.dev is meant to help community builders. And also the best place to get help.
I tried to help my best out of my time. I'm done with it.
thank you for taking the time to help however you could! I learned a few things along the way.
@chekos I have a namecheap domain name and I was able to set up a redirect there in the advanced DNS area. I am not sure what domain provider you have but you may want to check there like @akhil suggested.
Example of my DNS setup:
thank you! I have that set up in Google domains, for some reason it only works on desktop. On desktop I can visit tacosdedatos.dev and it works, on mobile I have to use tacosdedatos.dev 🤷🏻♂️ I'm still investigating 🕵️🏻♂️
As a side note, I love that domain name!
thank you!! I'm v lucky no one snagged it before lol
Check tacosdedatos.dev in your mobile.
If the above link was working in your mobile => force SSL and WWW(via 301 Redirect)
Hi Christina,
Did you also add a URL Redirect record on the advanced DNS area on Namecheap? If so could you please share it? I tried couple of things but didnt work so far.
Thanks!
Hi Sergio,
This is probably the browser rewriting the url for you, and not the server redirecting, the two http names redirect to https:// but preserve the original name. It's possible that the mobile browser isn't doing this url fixup for you and the desktop browser is.
I don't think this is along the "happy path" of things the selfhost recipe makes easy.
I have heard from other users that this setup is achievable in Cloudflare, if you move your DNS there. The forem instance would only see traffic on the www subdomain and the ssl would work (it already does). I think this is what dev.to is doing in reverse, all traffic to dev.to is redirected to dev.to by cloudflare. community.cloudflare.com/t/the-per... might cover that use case accurately. This is the easist fix as long as you want the www subdomain to continue to work as well, and expect all traffic to be redirected to the same location at tacosdedatos.dev/ which already works. It looks like Christina said this is doable in Namecheap, also. I don't know what that would look like for a Google domain.
If you originally deployed with subdomain www, and don't want that subdomain to work at all, or need it to redirect, and for all requests to use the base domain only, (you only want tacosdedatos.dev/ to work), you can redeploy using no subdomain (this probably replaces your data, if you've done much setup already besides deploying).
Otherwise, if you wanted to use both names, and can't do this via a DNS redirect or rule, it's likely possible, but definitely untested, and not something the selfhost deploy recipe will handle for you. I can't stress strongly enough that if you're going to edit the traefik configuration files that you make a backup copy before you do. I did not test this and it might cause the service to fail to start completely.
Warranty void if cover removed
The core issue is that while the DNS setup sends all traffic for both names to your forem server, only the one name (www) is available for https traffic. Apart from the APP_DOMAIN environment variable in /opt/forem/envs/rails.env, the main issue is the traefik http router.
It also appears that there is no SSL certificate valid for tacosdedatos.dev answering (there is for tacosdedatos.dev only). These are requested from letsencrypt based on the traefik configuration. The static config /opt/forem/configs/traefik/traefik.toml handles the redirect to secure, and the configuration to use letsencrypt as the certificate authority is configured there, and reading traefik's documentation suggests the domains to request certificates for go into the dynamic config /opt/forem/configs/traefik/dynamic.toml. This is setup in the selfhost ansible template here.
The "app_domain" used during the deployment script gets interpolated into the rule for the "forem" router - it's possible that adding a second rule or amending the existing router's rule to include both tacosdedatos.dev and tacosdedatos.dev (see doc.traefik.io/traefik/routing/rou... for how this looks) would work.
Assuming you had a line like this in the http.routers.forem section of the dynamic config file
You might want instead this rule to handle routing requests (accept either www or the apex domain as a host):
I am reading the docs here, and not testing, but it looks like the domains can be added to the issued certificate by putting the SAN (subject alternate name) in the routers.forem.tls.domains section (this does not exist yet). See doc.traefik.io/traefik/routing/rou... for this sections documentation.
It's possible that means the dynamic config/routers section might need to look like this, restart the traefik service, and try both domains (the traefik docs suggest this will validate both names when letsencrypt issues the certificate).
I'm not aware of anything that redirects from one name to the other (that appears to be setup between the APP_DOMAIN environment variable and the app domain general setting in the rails app, handling one redirect from the original APP_DOMAIN in the environment file, to the configured domain from the settings), if the same resource is available both at the www and apex domain url there might be some implications to SEO. I don't see an option to set the app_domain in the settings page in admin (I'm possibly missing something obvious) - but it would be in the site_configs table or set by saving
Settings::General.app_domain
from ruby. If you're seeing both domains resolving and not one redirecting to the other, leveraging this redirect (where the environment variable is valid, but redirect to the setting when the setting differs) might do it.wow thank you so much!! This was fantastic!!!
this actually helped me move my forem instance from tacosdedatos.dev to tacosdedatos.com without issues 💖 (just updating the
rails.env
anddynamic.toml
files, for others that might be interested).Thank you again, this was very helpful and illuminating!!
See this is not an issue with self-host Forem. Depending upon your DNS provider check the documentation to create a
301 Redirect
. 301 Redirect for@ -> www
what I'm hoping to do is not have www. at all, I deployed following the selfhost guide and used
forem_subdomain_name: www
in my setup.ymlI'm hoping to not have to have to use
www
and redirecting from www. to @ doesn't work.As you installed forem on subdomain
www
, you cannot access your Forem viaroot
domain.I haven't check this yet, but rather than using
www
as subdomain => try using@
(means root). Now you can access your community onhttps://your-domain.com
only.I tried switching to
@
instead ofwww
and now I get this error and I couldn't access it at all. Now I tried switching back to the default settings and I get this error 😭You switch to @, but why do you seach for a domain with www
Also, make sure you edited domain settings in your ansible settings and push those changes to digital ocean => then chage DNS settings.
I didn't get this error when I switched to @. Apologies, I must have not edited my comment.
this is what I get after reverting all changes back to the original settings.
I see others are having this same issue:
github.com/forem/selfhost/issues/24
I might be late, but it may help for future forem users,
If you don't want to use www or any subdomain in forem, While installing selfhost, remove
{{ forem_subdomain_name }}.
line in app_domain at inventory/forem/setup.ymlConvert this line from
to
then it will work.
If you have already installed forem and you want to redirect non www to www or vice versa, then add non www domain at /opt/forem/configs/traefik/dynamic.toml
and redirect non www to www at /opt/forem/configs/nginx.conf
After that it will works fine. i tried it and its works for me
Also, enforce
https
in your domain providor.