Creating & Managing a Discourse Instance

guide
Tags: #<Tag:0x00007f62ee68fd00>
(Benjamin Lupton) #1

This is the guide that Bevry uses to maintain its discourse instances, including this one.

Creation

Create a gitlab user for the forum, and under it create a private gitlab repository with var/discourse/containers/app.yml that will contain the following:

## https://github.com/discourse/discourse_docker/blob/master/samples/standalone.yml
## /var/discourse/launcher rebuild app

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - "templates/web.ratelimited.template.yml"
  - "templates/web.ssl.template.yml"  # ENABLES SSL
  - "templates/web.letsencrypt.ssl.template.yml"  # ENABLES SSL

expose:
  - "80:80"
  - "443:443"  # ENABLES SSL

params:
  db_default_text_search_config: "pg_catalog.english"

env:
  LANG: en_US.UTF-8
  
  ## List of comma delimited emails that will be made admin and developer
  ## on initial signup example 'user1@example.com,user2@example.com'
  DISCOURSE_DEVELOPER_EMAILS: "your.email"

  ## The domain name this Discourse instance will respond to
  DISCOURSE_HOSTNAME: "discuss.your.domain"

  ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
  LETSENCRYPT_ACCOUNT_EMAIL: "ssl@your.domain"  # ENABLES SSL

  ## The mailserver this Discourse instance will use
  DISCOURSE_SMTP_ADDRESS: "smtp.mailgun.org"
  DISCOURSE_SMTP_PORT: 587
  DISCOURSE_SMTP_USER_NAME: "discourse@mailgun.your.domain"
  DISCOURSE_SMTP_PASSWORD: "your.mailgun.password"

## Any custom commands to run after building
run:
  - exec: rails r "SiteSetting.notification_email='noreply@mailgun.your.domain'"

## These containers are stateless, all data is stored in /shared
volumes:
  - volume:
      host: /var/discourse/shared/standalone
      guest: /shared
  - volume:
      host: /var/discourse/shared/standalone/log/var-log
      guest: /var/log

## Plugins go here
## see https://meta.discourse.org/t/19157 for details
hooks:
  after_code:
    - exec:
        cd: $home/plugins
        cmd:
          - mkdir -p plugins
          - git clone https://github.com/discourse/discourse-tagging.git
          - git clone https://github.com/discourse/discourse-solved.git
          - git clone https://github.com/discourse/discourse-github.git

This should be the only file in the repository, as it will be cloned out to the root directory of the droplet.

Management

Login to the system with:

ssh root@discuss.your.domain

Or if you are using the secret tool, it would be something like this:

# Login to discuss.bevry.me
secret get DISCOURSE_BEVRY_ROOT DISCOURSE_BEVRY_SSH SCALEWAY_SSH
secret env DISCOURSE_BEVRY_SERVER -- ssh 'root@$DISCOURSE_BEVRY_SERVER'

Once logged into the machine, configure the variables we will use for the subsequent installation or update commands:

# The email of the gitlab user we created
DEMAIL="bot+discourse@your.domain"

# The name of the gitlab user we created
DNAME="Your Discourse Gitlab Account"   

# The name of the SSH key file we will create
DSSH="root-discourse-gitlab"

# The gitlab slug of the repository you created
DGIT="org/repo"

For Bevry, it is the following:

DEMAIL="bot+discourse@bevry.me"
DNAME="Bevry Discourse Forum"
DSSH="root-discuss-gitlab"
DGIT="bevry/discourse"

Installation

Once logged into the machine, you can perform the initial installation via:

# Set root password
passwd

# Update System
apt-get update
apt-get dist-upgrade

# Configure Automatic Security Updates
dpkg-reconfigure -plow unattended-upgrades

# Install Docker (if needed only)
wget -qO- https://get.docker.com/ | sh

# Prepare System
sudo -s
apt-get install git

# Install Discourse Docker Setup
mkdir -p /var/discourse
git clone https://github.com/discourse/discourse_docker.git /var/discourse
cd /var/discourse
git pull origin master

# Setup Git
git config --global user.email "$DEMAIL"
git config --global user.name "$DNAME"

# Create SSH Key for Git
ssh-keygen -t rsa -b 4096 -C "$DSSH" -f ~/.ssh/$DSSH
chmod 600 ~/.ssh/$DSSH
chmod 600 ~/.ssh/$DSSH.pub
cat ~/.ssh/$DSSH.pub
# Attach the above output as the SSH Key on the GitLab account interface

# Add SSH Key to Git
eval "$(ssh-agent -s)" && ssh-add ~/.ssh/$DSSH
 
# Setup Configuration
cd /
git init
git remote add origin git@gitlab.com:$DGIT.git
git fetch origin
git checkout mater
git pull origin master

# Setup Discourse & Rebuild Discourse
# https://github.com/discourse/discourse/blob/master/docs/INSTALL-cloud.md
/var/discourse/launcher bootstrap app && /var/discourse/launcher rebuild app

Be sure to do any final email configurations:

And if emails aren’t sending:

And to restore a backup:

Update

Once logged into the machine, you can perform regular maintenance via:

# Add SSH Key to Git
eval "$(ssh-agent -s)" && ssh-add ~/.ssh/$DSSH

# Update Server Configuration
cd /
git fetch origin
git pull origin "$(git rev-parse --abbrev-ref HEAD)"

# Update Discourse Docker Setup
cd /var/discourse
git pull origin master

# Rebuild Discourse
/var/discourse/launcher rebuild app

If you need to update docker or the system, just create a new setup, and import your backup. As upgrading the existing machine often results in a failure.

SSL

SSL is now handled automatically.

Previously

Using Lets Encrypt

LETS_DOMAIN=discuss.your.domain
LETS_EMAIL=ssl@your.domain

# Stop our app
/var/discourse/launcher stop app

# Get the latest letsencrypt software
rm -Rf ~/letsencrypt
git clone https://github.com/letsencrypt/letsencrypt ~/letsencrypt

# DISABLE CLOUDFLARE NOW
# If /etc/letsencrypt exists, renew existing certificate
~/letsencrypt/letsencrypt-auto renew
# if it doesn't, create new certificate
~/letsencrypt/letsencrypt-auto certonly --rsa-key-size 4096 --standalone -d $LETS_DOMAIN --agree-tos --email $LETS_EMAIL
# RE-ENABLE CLOUDFLARE NOW

# Remove letsencrypt app dir, as no longer needed, data is stored in /etc/letsencrypt which we keep
rm -Rf ~/letsencrypt

# Remove old discourse certs, and insert new letsencrypt certs
rm /var/discourse/shared/standalone/ssl/*
cp /etc/letsencrypt/live/$LETS_DOMAIN/fullchain.pem /var/discourse/shared/standalone/ssl/ssl.crt
cp /etc/letsencrypt/live/$LETS_DOMAIN/privkey.pem /var/discourse/shared/standalone/ssl/ssl.key

# Add letsencrypt data for renewals, and the updated discourse certs, and commit and push them
git add /etc/letsencrypt /var/discourse/shared/standalone/ssl -f
git commit -m "lets encrypt"
git push origin master

# Rebuild the site
/var/discourse/launcher rebuild app

Using Cloudflare

DO NOT USE THIS METHOD. The Cloudflare certificate is not trusted, Safari and Google Chrome will reject it.

  1. Follow the prompts to generate a Origin Certificate for your discourse hostname.
  2. Put the certificate in /var/discourse/shared/standalone/ssl/ssl.crt
  3. Put the key in /var/discourse/shared/standalone/ssl/ssl.key
0 Likes