Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-07-10 04:50:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
allianceauth/docs/installation/services/discourse.md
Derptron ebd3be3f46 Documentation update (#850) 
* Update to the Dependency in regard to using SeAT
* Update to the installation of SSL-Certificates with Discourse
* CleanUp of some missing information in the discourse section
2017-10-05 13:15:34 +10:00

5.8 KiB
Raw Blame History

Discourse

Add services.modules.discourse to your INSTALLED_APPS list and run migrations before continuing with this guide to ensure the service is installed.

Install Docker

wget -qO- https://get.docker.io/ | sh

Get docker permissions

sudo usermod -aG docker allianceserver

Logout, then back in for changes to take effect.

Install Discourse

Download Discourse

sudo mkdir /var/discourse
sudo git clone https://github.com/discourse/discourse_docker.git /var/discourse

Configure

cd /var/discourse
sudo cp samples/standalone.yml containers/app.yml
sudo nano containers/app.yml

Change the following:

  • DISCOURSE_DEVELOPER_EMAILS should be a list of admin account email addresses separated by commas
  • DISCOUSE_HOSTNAME should be 127.0.0.1
  • Everything with SMTP depends on your mail settings. Account created through auth do not require email validation, so to ignore everything email (NOT RECOMMENDED), just change the SMTP address to something random so it'll install. Note that not setting up email means any password resets emails won't be sent, and auth cannot reset these. There are plenty of free email services online recommended by Discourse.

To install behind apache, look for this secion:

...
## which TCP/IP ports should this container expose?
expose:
  - "80:80"   # fwd host port 80   to container port 80 (http)
...

Change it to this:

...
## which TCP/IP ports should this container expose?
expose:
  - "7890:80"   # fwd host port 7890   to container port 80 (http)
...

Or any other port will do, if taken. Remember this number.

Build and launch

sudo nano /etc/default/docker

Uncomment this line:

DOCKER_OPTS="--dns 8.8.8.8 --dns 8.8.4.4"

Restart docker:

sudo service docker restart

Now build:

sudo ./launcher bootstrap app
sudo ./launcher start app

Errors:

in case you run into not enough RAM for the docker bootstraping you might want to consider using ./discourse-setup command. It will start bootstraping and is going to create the /containers/app.yml which you can edit. Note: every time you change something in the app.yml you must bootstrap again which will take between 2-8 minutes and is accomplished by ./launcher rebuild app.

Apache config

Discourse must run on its own subdomain - it can't handle routing behind an alias like '/forums'. To do so, make a new apache config:

sudo nano /etc/apache2/sites-available/discourse.conf

And enter the following, changing the port if you used a different number:

<VirtualHost *:80>
    ServerName discourse.example.com
    ProxyPass / http://0.0.0.0:7890/
    ProxyPassReverse / http://0.0.0.0:7890/
</VirtualHost>

Now enable proxies and restart apache:

sudo a2ensite discourse
sudo a2enmod proxy_http
sudo service apache2 reload

Setting up SSL

It is 2017 and there is no reason why you should not setup a SSL certificate and enforce https. You may want to consider certbot with Let's encrypt: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04

sudo certbot --apache -d example.com

now adapt the apache configuration:

sudo nano /etc/apache2/sites-enabled/discourse.conf

and adapt it followlingly:

<VirtualHost *:80>
    ServerName discourse.example.com
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =discourse.example.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

Then adapt change the ssl-config file:

sudo nano /etc/apache2/sites-enabled/discourse-le-ssl.conf

and adapt it followlingly:

<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName discourse.example.com
  ProxyPass / http://127.0.0.1:7890/
  ProxyPassReverse / http://127.0.0.1:7890/
  ProxyPreserveHost On
  RequestHeader set X-FORWARDED-PROTOCOL https
  RequestHeader set X-FORWARDED-SSL on
  SSLCertificateFile /etc/letsencrypt/live/discourse.example.com/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/discourse.example.com/privkey.pem
  Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

make sure that a2enmod headers is enabled and run:

  sudo service apache2 restart

Now you are all set-up and can even enforce https in discourse settings.

Configure API

Generate admin account

From the /var/discourse folder,

./launcher enter app
rake admin:create

Follow prompts, being sure to answer y when asked to allow admin privileges.

Create API key

Navigate to discourse.example.com and log on. Top right press the 3 lines and select Admin. Go to API tab and press Generate Master API Key.

Now go to the allianceauth folder and edit settings:

nano /home/allianceserver/allianceauth/alliance_auth/settings.py

Scroll down to the Discourse section and set the following:

  • DISCOURSE_URL: discourse.example.com
  • DISCOURSE_API_USERNAME: the username of the admin account you generated the API key with
  • DISCOURSE_API_KEY: the key you just generated

Configure SSO

Navigate to discourse.example.com and log in. Back to the admin site, scroll down to find SSO settings and set the following:

  • enable_sso: True
  • sso_url: http://example.com/discourse/sso
  • sso_secret: some secure key

Save, now change settings.py and add the following:

  • DISCOURSE_SSO_SECRET: the secure key you just set

Enable for your members

Assign discourse permissions for each auth-group that should have access to discourse. You might want to setup Read/Write/Delete rights per Auth group in discourse as you can limit which categories shall be accessablie per auth-group.

Done