软创互联

Discourse部署说明


#1

Discourse安装操作

1.准备基础环境docker、git和discourse代码

wget -qO- https://get.docker.com/ | sh
sudo -s
mkdir /var/discourse
git clone https://github.com/discourse/discourse_docker.git /var/discourse
cd /var/discourse

2.准备公网域名地址和域名邮箱

  • 公网域名地址: Let encrypt证书签发证书和续签证书需要访问域名
  • 域名邮箱: Discourse基于邮件认证,需提供域名邮箱作为管理员用户进行邮件发送

3.创建discourse配置文件

配置文件信息:

路径: /var/discourse/containers/app.yml
  • template
templates/web.china.template.yml  # 将rubygem源替换为国内rubygem源
templates/web.ssl.template.yml    # 设置nginx为ssl反向代理
templates/web.letsencrypt.ssl.template.yml # 启用let encrypt自动签发和续签证书
  • expose:

容器对外暴露端口,80端口用于let encrypt续签证书使用。

  • 邮箱配置
  DISCOURSE_DEVELOPER_EMAILS: 
  DISCOURSE_SMTP_ADDRESS:    # SMPT地址,QQ企业邮箱为smtp.exmail.qq.com
  DISCOURSE_SMTP_PORT:       # 默认为587
  DISCOURSE_SMTP_USER_NAME:  # 邮箱账户名
  DISCOURSE_SMTP_PASSWORD:   # 密码
  DISCOURSE_SMTP_ENABLE_START_TLS: # 启用TLS协议
  DISCOURSE_SMTP_AUTHENTICATION: login # 此选项用于避免管理员邮件验证错误
  LETSENCRYPT_ACCOUNT_EMAIL: # Let encrypt认证邮箱,使用了web.letsencrypt.ssl.template.yml模板必须开启此选项
templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.china.template.yml"
  - "templates/web.template.yml"
  - "templates/web.ratelimited.template.yml"
  - "templates/web.ssl.template.yml"
  - "templates/web.letsencrypt.ssl.template.yml"

expose:
  - "80:80"   # http
  - "443:443" # https

params:
  db_default_text_search_config: "pg_catalog.english"

  ## Set db_shared_buffers to a max of 25% of the total memory.
  ## will be set automatically by bootstrap based on detected RAM, or you can override
  #db_shared_buffers: "256MB"

  ## can improve sorting performance, but adds memory usage per-connection
  #db_work_mem: "40MB"

  ## Which Git revision should this container use? (default: tests-passed)
  #version: tests-passed

env:
  LANG: en_US.UTF-8
  
  # 语言设置为中文
  DISCOURSE_DEFAULT_LOCALE: zh_CN
  UNICORN_WORKERS: 5

  # 域名地址
  DISCOURSE_HOSTNAME: 'of.gugud.com'

  # 管理员邮箱指定,smpt邮件配置
  DISCOURSE_DEVELOPER_EMAILS: 'system@intermaker.cn,lafrinte@hotmail.com'
  DISCOURSE_SMTP_ADDRESS: smtp.exmail.qq.com         # required
  DISCOURSE_SMTP_PORT: 587                        # (optional, default 587)
  DISCOURSE_SMTP_USER_NAME: system@intermaker.cn       # required
  DISCOURSE_SMTP_PASSWORD: XXXXXXX               # required, WARNING the char '#' in pw can cause problems!
  DISCOURSE_SMTP_ENABLE_START_TLS: true           # (optional, default true)
  DISCOURSE_SMTP_AUTHENTICATION: login
  DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none
  DISCOURSE_SMTP_ENABLE_START_TLS: true
  
  # Let encrypt 证书签发邮箱
  LETSENCRYPT_ACCOUNT_EMAIL: system@intermaker.cn

  ## The CDN address for this Discourse instance (configured to pull)
  ## see https://meta.discourse.org/t/14857 for details
  #DISCOURSE_CDN_URL: //discourse-cdn.example.com

## The Docker container is stateless; all data is stored in /shared
volumes:
  - volume:
      host: /var/discourse/shared/standalone
      guest: /shared
  - volume:
      host: /var/discourse/shared/standalone/log/var-log
      guest: /var/log

## Plugins go here
## see https://meta.discourse.org/t/19157 for details
hooks:
  after_code:
    - exec:
        cd: $home/plugins
        cmd:
          - git clone https://github.com/discourse/docker_manager.git

## Any custom commands to run after building
run:
  - exec: echo "Beginning of custom commands"
  - exec: echo "End of custom commands"

4.创建docker容器

cd /var/discourse
./launcher bootstrap app

命令中的app需对应yml配置文件名,即配置文件为containers/app.yml,命令中则使用app

5. 启动docker

./launcher start app

6. 访问页面,注册管理员邮箱

  • 分两步注册,第一步,访问页面,按引导进行操作直至显示发送验证邮件完成

  • 第二步见下:

执行以下命令,后台确认管理员邮箱。根据后台提示,依次输入管理员邮箱地址,密码,确认是否设置为管理员。

./launcher enter app
rake admin:create

访问页面,使用管理员用户登录,依次点击菜单选项卡-管理-必填,找到notification email,修改为app.yml中DISCOURSE_SMTP_USER_NAME对应的邮箱地址


再次点击邮箱标签,左下方有邮件发送测试,可输入一个邮箱进行发送测试。

FAQ

1. 关于非ubuntu系统,创建discourse命令提示docker存储设备格式不匹配问题处理

Your Docker installation is not using a supported storage driver. If we were to proceed you may have a broken install.
aufs is the recommended storage driver, although zfs/btrfs/overlay and overlay2 may work as well.
Other storage drivers are known to be problematic.
You can tell what filesystem you are using by running "docker info" and looking at the 'Storage Driver' line.

If you wish to continue anyway using your existing unsupported storage driver,
read the source code of launcher and figure out how to bypass this check.
  • 处理方式1:

增加skpi动作跳过discourse的docker存储设备类型检查

./launcher bootstrap app --skip-prereqs

后遗症: 每次执行./launcher都需要加上–skip-prereqs参数

  • 修改docker存储为aufs

先确认是否执行修改为aufs,无回显则为不支持,

grep aufs /proc/filesystems

具体修改参见如下网站https://ninghao.net/blog/4488

2. Let encrypt证书签发失败

of.gugud.com:Verify error:Invalid response from http://of.gugud.com/.well-known/acme-challenge/n_1Bx-cbbC1I9QxtD3SspYfwHT0k-hwRgSPK8I6iEoM:
    1. 排查域名是否能正常解析
    1. 排查let encrypt nginx的站点是否有权限访问

可用信息:

let encrypt Nginx 站点配置 /etc/nginx/letsencrypt.conf
./launcher logs app 可以查看详细日志信息
/etc/runit/1.d/letsencrypt 进行签名的shell脚本

3. 插件安装

  1. 从重构容器方式安装,需编辑containers/app.yml
hooks:
  after_code:
    - exec:
        cd: $home/plugins
        cmd:
          - mkdir -p plugins
          - git clone https://github.com/discourse/docker_manager.git
          - git clone https://github.com/discourse/discourse-spoiler-alert.git

git clone https://github.com/discourse/docker_manager.git后增加一行- git clone https://github.com/discourse/discourse-spoiler-alert.git, 即插件的git地址。

重新生成容器

cd /var/discourse
./launcher rebuild app

#4

ldap 这个我们可能搞错了,好像不应该独立的一个按钮,可能要个性化开发

1、新用户注册的时候,把用户名密码 同步记录到总的 ldap里面
2、已有用户如果是输入用户名密码登录 则 在登录的时候检测 ldap账号有效性

建议:

把界面上的LDAP按钮先取消


#6

已完成ldap插件卸载


#7

学习了!:eyes:


#8

@lafrinte 需要升级


#9

discourse升级操作

1. 更新discourse代码

依次执行以下命令

cd /var/discourse/
sudo ./launcher stop app --skip-prereqs
git pull

2. 重构镜像并启动

./launcher rebuild app --skip-prereqs

等待执行结束(时间约为10~15分钟,请耐心等待)

备注问题

    1. 目前为standalone部署方式,postgresql, redis, discourse, nginx在同一容器,后续应拆分为独立容器,以便实现容器的动态扩展
    1. postgresql实例与redis实例优化问题尚未处理,可考虑如何在discourse配置中增添优化配置
    1. 数据备份问题,目前discourse采用自动备份,但备份时间间隔较长,且均在本地备份,可关联aws s3做备份