From ebd3be3f4656fa2a70f9b3d38bab79578ff8d135 Mon Sep 17 00:00:00 2001
From: Derptron <felix.huber@hubzurich.org>
Date: Thu, 5 Oct 2017 05:15:34 +0200
Subject: [PATCH] Documentation update (#850)

* Update to the Dependency in regard to using SeAT
* Update to the installation of SSL-Certificates with Discourse
* CleanUp of some missing information in the discourse section
---
 docs/installation/auth/dependencies.md  | 11 +++++
 docs/installation/services/discourse.md | 59 ++++++++++++++++++++++++-
 2 files changed, 69 insertions(+), 1 deletion(-)

diff --git a/docs/installation/auth/dependencies.md b/docs/installation/auth/dependencies.md
index 8627ceed..126a158d 100644
--- a/docs/installation/auth/dependencies.md
+++ b/docs/installation/auth/dependencies.md
@@ -25,6 +25,17 @@ Required for displaying web content
     apache2 libapache2-mod-php5 libapache2-mod-wsgi
 
 ### PHP
+
+```eval_rst
+.. note::
+    If you are not planing to install either phpBB, smf, evernus alliance market, etc do not install these modules.
+```
+
+```eval_rst
+.. important::
+    If you are not planing to use SeAT; php7.0 is the minimum required.
+```
+
 Required for phpBB, smf, evernus alliance market, etc
 
     php5 php5-gd php5-mysqlnd php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl
diff --git a/docs/installation/services/discourse.md b/docs/installation/services/discourse.md
index 06b15a22..8245f2e0 100644
--- a/docs/installation/services/discourse.md
+++ b/docs/installation/services/discourse.md
@@ -65,6 +65,11 @@ Now build:
     sudo ./launcher bootstrap app
     sudo ./launcher start app
 
+#### Errors:
+in case you run into not enough RAM for the docker bootstraping you might want to consider using `./discourse-setup` command. It will start bootstraping and is going to create the `/containers/app.yml` which you can edit.
+Note: every time you change something in the `app.yml` you must bootstrap again which will take between *2-8 minutes* and is accomplished by `./launcher rebuild app`.
+
+***
 ## Apache config
 
 Discourse must run on its own subdomain - it can't handle routing behind an alias like '/forums'. To do so, make a new apache config:
@@ -81,9 +86,59 @@ And enter the following, changing the port if you used a different number:
 
 Now enable proxies and restart apache:
 
+    sudo a2ensite discourse
     sudo a2enmod proxy_http
     sudo service apache2 reload
 
+### Setting up SSL
+
+It is 2017 and there is no reason why you should not setup a SSL certificate and enforce https. You may want to consider certbot with Let's encrypt: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04
+
+    sudo certbot --apache -d example.com
+
+now adapt the apache configuration:
+
+    sudo nano /etc/apache2/sites-enabled/discourse.conf
+
+and adapt it followlingly:
+
+    <VirtualHost *:80>
+        ServerName discourse.example.com
+        RewriteEngine on
+        RewriteCond %{SERVER_NAME} =discourse.example.com
+        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+    </VirtualHost>
+
+Then adapt change the ssl-config file:
+
+    sudo nano /etc/apache2/sites-enabled/discourse-le-ssl.conf
+
+and adapt it followlingly:
+
+    <IfModule mod_ssl.c>
+    <VirtualHost *:443>
+      ServerName discourse.example.com
+      ProxyPass / http://127.0.0.1:7890/
+      ProxyPassReverse / http://127.0.0.1:7890/
+      ProxyPreserveHost On
+      RequestHeader set X-FORWARDED-PROTOCOL https
+      RequestHeader set X-FORWARDED-SSL on
+      SSLCertificateFile /etc/letsencrypt/live/discourse.example.com/fullchain.pem
+      SSLCertificateKeyFile /etc/letsencrypt/live/discourse.example.com/privkey.pem
+      Include /etc/letsencrypt/options-ssl-apache.conf
+    </VirtualHost>
+    </IfModule>
+
+make sure that `a2enmod headers` is enabled and run:
+
+      sudo service apache2 restart
+
+Now you are all set-up and can even enforce https in discourse settings.
+
+
+
+
+
 ## Configure API
 
 ### Generate admin account
@@ -108,6 +163,7 @@ Scroll down to the Discourse section and set the following:
  - `DISCOURSE_API_USERNAME`: the username of the admin account you generated the API key with
  - `DISCOURSE_API_KEY`: the key you just generated
 
+***
 ### Configure SSO
 
 Navigate to `discourse.example.com` and log in. Back to the admin site, scroll down to find SSO settings and set the following:
@@ -120,6 +176,7 @@ Save, now change settings.py and add the following:
 
 ### Enable for your members
 
-Set either or both of `ENABLE_AUTH_DISCOURSE` and `ENABLE_BLUE_DISCOURSE` in settings.py for your members to gain access. Save and exit with control+o, enter, control+x.
+Assign discourse permissions for each auth-group that should have access to discourse.
+You might want to setup Read/Write/Delete rights per Auth group in discourse as you can limit which categories shall be accessablie per auth-group.
 
 ## Done