Discourse setup

From Smith family
Jump to: navigation, search
Server setup
← Previous Next →
Backups Ghost

Discourse is an opinionated system, so you have to work around it a bit to get it to play nicely with my existing setup.

Discourse runs in its own Docker container. Apache proxys requests to the appropriate URL to this container.

Preparation

  • Add any domain names you need for the Discourse forums (e.g. forum.domain.tld) and the POP3 server you're about to enable (e.g. pop.domain.tld), both to your [DNS server setup|local DNS] and an external DNS.

Email accounts

Discourse uses POP3 for reading incoming email.

  • Enable POP3. Modify /etc/dovecot/conf.d/10-master.conf to enable it, but removing any port = 0 lines in the POP3 sections:
service pop3-login {
  inet_listener pop3 {
    port = 110
    # port = 0
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
    # port = 0
  }
}
  • Set up the forum@domain.tld and replies@domain.tld email accounts you need for Discourse. The first is the account used by Discourse to send emails; the second is the account used to receive email replies.
root@server:~# cd /etc/dovecot/
root@server:~# dovecot-adduser forum@domain.tld mailpassword
root@server:~# dovecot-adduser replies@domain.tld mailpassword
root@server:~# doveadm auth test forum@domain.tld mailpassword
root@server:~# doveadm auth test replies@domain.tld mailpassword
  • Ensure that domain.tld is listed in /etc/postfix/vhosts, and not included in any virtual_alias_domains statements in /etc/postfix/main.cf .
  • Open the server's firewall for POP3 access, but only for the local LAN and the Docker installation.
root@server:~# ufw allow in proto tcp from 192.168.0.0/16 to any port pop3
root@server:~# ufw allow in proto tcp from 192.168.0.0/16 to any port pop3s
root@server:~# ufw allow in proto tcp from 172.17.0.0/16 to any port pop3
root@server:~# ufw allow in proto tcp from 172.17.0.0/16 to any port pop3s
  • Reload Dovecot and Postfix for the new configuration
root@server:~# systemctl reload dovecot.service
root@server:~# systemctl reload postfix.service

Install Docker community edition

This involves adding a new PPA repository rather than Ubuntu's default version. Follow the Docker Community Edition instructions.

Basic installation

Discourse requires that it's the only thing listening on port 80 (and ideally port 443 as well) during setup. Therefore, you need to stop Apache before installing and configuring Discourse.

  • Disable Apache:
root@server:~# systemctl stop apache2
root@server:~# killall apache2
(You might need to kill leftover threads manually)
  • Install Discourse using the standard instructions. At present, don't set up any SSL support: that will be handled by the main Apache2 installation.

It may take some time.

Apache proxy

We'll now set up Apache to forward requests to forum.domain.tld to Discourse, while still serving the remainder of the sites itself.

  • Stop Discourse
root@server:/var/discourse# ./launcher stop app
  • Configure Discourse to serve port 7654 rather than 80 or 443. Edit /var/discourse/containers/app.yml
expose:
    #  - "80:80"   # http
    #  - "443:443" # https
    - "7654:80"
  • Enable the Apache proxy modules
 root@server:~# a2enmod proxy
 root@server:~# a2enmod proxy_http
  • Edit the /etc/apache2/sites-available/domain.tld.conf file to include the proxy information. Ensure this section comes before any wildcard matches for other subdomains on this domain.
Note that the main forum virtual host has a different log path from the rest of the sites on this domain. This stops the web log viewer getting swamped by all the internal Discourse page requests.
<VirtualHost *:443>
       ServerAdmin webmaster@localhost
       
       ServerName forum.domain.tld
       
       SSLEngine On
       SSLProxyEngine On
       SSLCertificateKeyFile /etc/letsencrypt/live/www.domain.tld/privkey.pem
       SSLCertificateFile /etc/letsencrypt/live/www.domain.tld/fullchain.pem
       
       SSLProxyCheckPeerName Off
       SSLProxyCheckPeerExpire off
       SSLProxyVerify none
       
       ProxyPreserveHost On
       ProxyRequests Off
       ProxyPass / http://0.0.0.0:7654/
       ProxyPassReverse / http://0.0.0.0:7654/
       
       CustomLog /var/log/apache2/forum.domain.tld.access.log combined
       ErrorLog /var/log/apache2/error.log
       
       ServerSignature off
       
</VirtualHost>

<VirtualHost *:80>
       ServerAdmin webmaster@localhost
       
       ServerName forum.domain.tld
       
       Redirect permanent / https://forum.mk-rpg.org.uk/
       CustomLog /var/log/apache2/domain.tld.access.log combined
       
       ServerSignature off
</VirtualHost>
  • Restart Apache2:
root@server:~# systemctl restart apache2
  • Restart Discourse:
root@server:/var/discourse# ./launcher stop app

You should now be able to visit http://forum.domain.tld and see the Discourse site.

Social logins

Essentially, follow the instructions for OAuth logins with Google and Facebook. The only things to watch out for are the API's Google wants authorised (I went with all four APIs in the Social category: Contacts, People, Google+, and Google+ Apps) and the OAuth redirect URIs.

  • For Google, the URI is http://forum.domain.tld/auth/google_oauth2/callback
  • For Facebook, the URI is http://forum.domain.tld/auth/facebook/callback

Note the lack of s in the http.

Reply by email

Again, the "Reply by email" instructions are pretty good.

I set the reply by email address to be replies+%{reply_key}@domain.tld. Make sure the character after replies matches one of the characters specified as a recipient_delimiter in Postfix.

You can set up categories to have threads created by email. In the category settings dialog, under the "Settings" tab, create a custom email address for that category, such as mycat@domain.tld for the My Category category. Then, in /etc/postfix/valiases, set the alias:

mycat@domain.tld  replies.mycat@domain.tld

and refresh the map

 root@server:/etc/postfix# postmap valiases

This will forward messages to mycat@domain.tld into the My Category category, so long as they're sent from registered users.

Backups

Enable daily backups in Discourse, then ensure that files in /var/discourse/shared/standalone/backups/default/* are [backed up daily].

See also