discourse · featheredtoast · Aug 19, 2025 · Aug 2, 2025 · Aug 3, 2025 · Aug 3, 2025
diff --git a/templates/web.letsencrypt.ssl.template.yml b/templates/web.letsencrypt.ssl.template.yml
@@ -19,6 +19,20 @@ run:
         LE_WORKING_DIR="${LETSENCRYPT_DIR}" ./acme.sh --upgrade --auto-upgrade
         LE_WORKING_DIR="${LETSENCRYPT_DIR}" ./acme.sh --set-default-ca  --server  letsencrypt
 
+        cat << EOF > /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf
+        server {
+          listen 80;
+
+          location ~ /.well-known {
+            root /var/www/discourse/public;
+            allow all;
+          }
+          location / {
+            return 301 https://${DISCOURSE_HOSTNAME}$request_uri;
+          }
+        }
+        EOF
+
         cat << EOF > /etc/nginx/letsencrypt.conf
         user www-data;
         worker_processes auto;
@@ -41,7 +55,6 @@ run:
 
           server {
             listen 80;
-            listen [::]:80;
 
             location ~ /.well-known {
               root /var/www/discourse/public;
@@ -51,6 +64,11 @@ run:
         }
         EOF
 
+        if [ -f "/proc/net/if_inet6" ] ; then
         if [ -f "/proc/net/if_inet6" ] ; then 
           sed -i 's/listen 80;/listen 80;\nlisten [::]:80;/g' /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf 
           sed -i 's/listen 443 ssl;/listen 443 ssl;\nlisten [::]:443 ssl;/g' /etc/nginx/conf.d/outlets/server/20-https.conf 
         fi 
         if [ -f "/proc/net/if_inet6" ] ; then 
           sed -i 's/listen 80;/listen 80;\nlisten [::]:80;/g' /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf 
           sed -i 's/listen 443 ssl;/listen 443 ssl;\nlisten [::]:443 ssl;/g' /etc/nginx/conf.d/outlets/server/20-https.conf 
         fi 
+          sed -i 's/listen 80;/listen 80;\nlisten [::]:80;/g' /etc/nginx/conf.d/outlets/before-server/20-redirect-http-to-https.conf
+          sed -i 's/listen 80;/listen 80;\nlisten [::]:80;/g' /etc/nginx/letsencrypt.conf
+        fi
+
         sed -Ei "s/^#?ACCOUNT_EMAIL=.+/ACCOUNT_EMAIL=${LETSENCRYPT_ACCOUNT_EMAIL}/" \
           /shared/letsencrypt/account.conf
 
@@ -71,8 +89,15 @@ run:
         LETSENCRYPT_DIR="/shared/letsencrypt"
         /usr/sbin/nginx -c /etc/nginx/letsencrypt.conf
 
+        extra_domains() {
+          if [ -n "$DISCOURSE_HOSTNAME_ALIASES" ]; then
+            domains=$(echo $DISCOURSE_HOSTNAME_ALIASES | sed "s/,/ -d /g")
+            echo "-d $domains"
+          fi
+        }
+
         issue_cert() {
-          LE_WORKING_DIR="${LETSENCRYPT_DIR}" ${LETSENCRYPT_DIR}/acme.sh --issue $2 -d ${DISCOURSE_HOSTNAME} --keylength $1 -w /var/www/discourse/public
+          LE_WORKING_DIR="${LETSENCRYPT_DIR}" ${LETSENCRYPT_DIR}/acme.sh --issue $2 -d ${DISCOURSE_HOSTNAME} $(extra_domains) --keylength $1 -w /var/www/discourse/public
         }
 
         cert_exists() {