Please enable (and enforce) HTTPS on discourse.huel.com. I see you are using Let’s Encrypt for us.huel.com and you should be able to get a cert for discourse.huel.com from them as well.
One of my browser extensions notifies me when I am inputting a password on a non-HTTPS site so I notice. I know the site could be using HTTP-digest authentication or some client-side JavaScript method to protect my password, but I prefer not needing to audit the code of a site to know if it is being responsible with my password.