Discourse setup
| Server setup | |
| ← Previous | Next → |
| PiHole | Ghost |
Discourse is an opinionated system, so you have to work around it a bit to get it to play nicely with my existing setup.
Discourse runs in its own Docker container. Apache proxys requests to the appropriate URL to this container.
Preparation
- Add any domain names you need for the Discourse forums (e.g.
forum.domain.tld) and the POP3 server you're about to enable (e.g.pop.domain.tld), both to your [DNS server setup|local DNS] and an external DNS.
- Update any SSL certificates you need for the new forum domain name.
Email accounts
Discourse uses POP3 for reading incoming email.
- Enable POP3. Modify
/etc/dovecot/conf.d/10-master.confto enable it, but removing anyport = 0lines in the POP3 sections:
service pop3-login {
inet_listener pop3 {
port = 110
# port = 0
}
inet_listener pop3s {
port = 995
ssl = yes
# port = 0
}
}
- Set up the
forum@domain.tldandreplies@domain.tldemail accounts you need for Discourse. The first is the account used by Discourse to send emails; the second is the account used to receive email replies.
root@server:~# cd /etc/dovecot/ root@server:~# dovecot-adduser forum@domain.tld mailpassword root@server:~# dovecot-adduser replies@domain.tld mailpassword root@server:~# doveadm auth test forum@domain.tld mailpassword root@server:~# doveadm auth test replies@domain.tld mailpassword
- Ensure that
domain.tldis listed in/etc/postfix/vhosts, and not included in anyvirtual_alias_domainsstatements in/etc/postfix/main.cf.
- Update your mailserver SSL certificates to include
pop.domain.tld.
- Open the server's firewall for POP3 access, but only for the local LAN and the Docker installation.
root@server:~# ufw allow in proto tcp from 192.168.0.0/16 to any port pop3 root@server:~# ufw allow in proto tcp from 192.168.0.0/16 to any port pop3s root@server:~# ufw allow in proto tcp from 172.17.0.0/16 to any port pop3 root@server:~# ufw allow in proto tcp from 172.17.0.0/16 to any port pop3s
- Reload Dovecot and Postfix for the new configuration
root@server:~# systemctl reload dovecot.service root@server:~# systemctl reload postfix.service
Install Docker community edition
This involves adding a new PPA repository rather than Ubuntu's default version. Follow the Docker Community Edition instructions.
Basic installation
Discourse requires that it's the only thing listening on port 80 (and ideally port 443 as well) during setup. Therefore, you need to stop Apache before installing and configuring Discourse.
- Disable Apache:
root@server:~# systemctl stop apache2 root@server:~# killall apache2
- (You might need to kill leftover threads manually)
- Install Discourse using the standard instructions. At present, don't set up any SSL support: that will be handled by the main Apache2 installation.
It may take some time.
Apache proxy
We'll now set up Apache to forward requests to forum.domain.tld to Discourse, while still serving the remainder of the sites itself.
- Stop Discourse
root@server:/var/discourse# ./launcher stop app
- Configure Discourse to serve port 7654 rather than 80 or 443. Edit
/var/discourse/containers/app.yml
expose:
# - "80:80" # http
# - "443:443" # https
- "7654:80"
- Enable the Apache proxy modules
root@server:~# a2enmod proxy root@server:~# a2enmod proxy_http
- Edit the
/etc/apache2/sites-available/domain.tld.conffile to include the proxy information. Ensure this section comes before any wildcard matches for other subdomains on this domain.
- Note that the main forum virtual host has a different log path from the rest of the sites on this domain. This stops the web log viewer getting swamped by all the internal Discourse page requests.
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName forum.domain.tld
SSLEngine On
SSLProxyEngine On
SSLCertificateKeyFile /etc/letsencrypt/live/www.domain.tld/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/www.domain.tld/fullchain.pem
SSLProxyCheckPeerName Off
SSLProxyCheckPeerExpire off
SSLProxyVerify none
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://0.0.0.0:7654/
ProxyPassReverse / http://0.0.0.0:7654/
CustomLog /var/log/apache2/forum.domain.tld.access.log combined
ErrorLog /var/log/apache2/error.log
ServerSignature off
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName forum.domain.tld
Redirect permanent / https://forum.mk-rpg.org.uk/
CustomLog /var/log/apache2/domain.tld.access.log combined
ServerSignature off
</VirtualHost>
- Restart Apache2:
root@server:~# systemctl restart apache2
- Restart Discourse:
root@server:/var/discourse# ./launcher stop app
You should now be able to visit http://forum.domain.tld and see the Discourse site.
Social logins
Essentially, follow the instructions for OAuth logins with Google and Facebook. The only things to watch out for are the API's Google wants authorised (I went with all four APIs in the Social category: Contacts, People, Google+, and Google+ Apps) and the OAuth redirect URIs.
- For Google, the URI is
http://forum.domain.tld/auth/google_oauth2/callback - For Facebook, the URI is
http://forum.domain.tld/auth/facebook/callback
Note the lack of s in the http.
Reply by email
Again, the "Reply by email" instructions are pretty good.
I set the reply by email address to be replies+%{reply_key}@domain.tld. Make sure the character after replies matches one of the characters specified as a recipient_delimiter in Postfix.
You can set up categories to have threads created by email. In the category settings dialog, under the "Settings" tab, create a custom email address for that category, such as mycat@domain.tld for the My Category category. Then, in /etc/postfix/valiases, set the alias:
mycat@domain.tld replies.mycat@domain.tld
and refresh the map
root@server:/etc/postfix# postmap valiases
This will forward messages to mycat@domain.tld into the My Category category, so long as they're sent from registered users.
Backups
Enable daily backups in Discourse, then ensure that files in /var/discourse/shared/standalone/backups/default/* are [backed up daily].