Discourse installation notes

Continuing the discussion from Discourse for personal use and profit, the live blog! Or, a farewell to email (thanks for all the phish!).:

I wrote up this tutorial, but it is all over the place, and I haven’t made full sense of it.

Here’s my deal: I can go from zero to full Discourse in 45 minutes. But I’ve got three or more tabs open and am switching back and forth constantly, and tracking all these passwords and keys in a text file… so I looked it up and each of the three services I use have API options I could utilize.

So, rather than clean this up for human use (I switch perspective constantly) I’m gonna post it as an outline for generate one or more scripts to do most of this for me. :slight_smile:


When I spin up a Discourse instance, I set up all the services I’ll need, semi-concurrently. Currently I use three companies to host: Digital Ocean, Mailgun, and Gandi.

After this process I’ll have a Discourse instance with the following features:

  • Online, accessible via HTTPS
  • Dedicated mail delivery, with error handling
  • Reply-by-email
  • Uploads to object storage and served over CDN
  • Backups to private object storage

Okay, let’s start.

Gandi

We need a domain before we get started, and I have those in spades. But I also need a mailbox to serve as an inbox for the Discourse instance; this will allow folks to reply by email.

Nameservers

Because we are going to use DigitalOcean Spaces as object storage, their CDN service requires they handle your domain’s DNS. Not optimal, but for talkgroup.xyz the domain exist solely for this Discourse instance, so it’s fine for this case.

On the Gandi side that means updating the nameservers to point at DO’s nameservers. I normally handle all my DNS records at this point, because I need to create the records for Gandi’s mail service.

Reply-my-mail inbox

Gandi inboxes work fine for Discourse, they have plus-addressing, and they are reliable.

When setting up mail delivery there are some decisions to make about MX server records, and where email is coming from. How this is set up depends on need and domain usage, but for my single Discourse per domain setup I recieve email at the bare domain (replies@example.org) and send mail from a Mailgun subdomain (normally mg.example.org).

That means in DigitalOcean, I have MX records for both Gandi and Mailgun.

Finally, I set some aliases on the mailbox, if I need to route mail to categories or groups. I don’t use this feature on talkgroup, but I often setup aliases for the usual suspects: support, hello, info-*. Gandi aliases can use wildcards, so if I wanted a bunch of groups, I could say their address would be patterned as such: group-gamers@example.com. If I set the wildcard as group-*, I wouldn’t have to add any more, I could just use that pattern for the incoming email address at group creation. Neato!

Mailgun

If you don’t have email setup correctly you can not log in to Discourse. For reals, it’s a required service that needs to be running. That’s why I like getting Mailgun setup and working before spinning up a VPS.

Adding a domain, DNS

As noted, I go with the recommended mg.example.org. There are four DNS records that need to be added; two for verification, and two for routing and delivery, even if we aren’t recieving mail to that domain.

You’ll notice there is a CNAME record recommendation, but that is for tracking clicks and views and is invasive bullshit, so don’t set it. :slight_smile:

The usual “DNS updates can take up to 24-48 hours” warning applies, though my experience is Mailgun can read the records fairly quickly, but I often have to verify twice. I get an all clear, but the domain won’t resolve just yet, so I click around, go back to the domain listing, and check if it is cleared there (green checkbox).

Truth be told, most of my first admin login emails fail. Then I have to go re-verify, and that does the trick. I’m trying to figure out a better way to resolve this. Maybe a 10 minute timer. :grimacing:

Make sure to grab the SMTP credentials! You’ll need the login and password for sending mail on that domain, to be put in before the installer is run.

Webhook for bounces

Once DNS is resovled and verified, we are done until Discourse is installed. But since I’m on the Mailgun site I go and grab my webhook secret key, to put in later. I keep the tab open, as I’ll need to generate two webhooks to feed back to Discourse, which let’s us know if a message we sent is bouncing, and will actually deactivate mail for an account that is no longer working. Dope.

Digital Ocean

Okay, so far we ought to have a bunch of DNS records, and every thing is resolving. If not, wait.

$5 VPS

A $5 VPS is enough for many (most?) Discourse communities, and probably easily scales up? Maybe I find out one day…

I like spinning it up and adding the domain I’m gonna use to point at it. I use SSH keys to connect to servers, and I add the credentials to my SSH config, so I log in to the domain itself; this ensures the site is ready to be visited by me when it’s time to configure the web UI.

Object storage for fun (uploads) and profit (backups)

I spin up two, um, buckets? Spaces? Whatever they are called. I use KeePassXC’s passphrase generator to create two-word pairs to name buckets. Here’s some:

  • tinfoil-striving
  • destruct-stifling
  • unpadded-skincare
  • sporty-rut

Unpadded skincare:grimacing:

One space will be for backups, so it keeps the defaults: no public listing, no CDN. That’s done.

The other will have a CDN activated on it, and I use a sub-domain, normally something like uploads.example.org.

Aside: the CDN for talkgroup.xyz is bits-of-conversation, because I constantly delight the observant user.

Make note of the endpoints (bucket names and full URL of the region you are using, sfo2 in my case).

Finally, create an API key to access the spaces.

Now install…


That’s when I realized I should script this. :face_with_monocle:

1 Like