Faatech

Security & Networking

Discourse forum behind Traefik Reverse Proxy

On

In

Discourse is a completely free open-source forum that can even be hosted in containers like Docker which is what we’ll be using and placing it behind Traefik. Discourse requires a working SMTP service in order to create an admin account and sending out registration mails. I highly recommend mailgun.org and don’t bother with MX records, especially if you’re not looking to receive mails.

Certificates will be issued by Let’s Encrypt via HTTP challenges.

Traefik configuration

Traefik’s docker-compose.yml file that is used: https://github.com/Faa7/traefik/blob/master/traefik-dockercompose.yml

Dynamic-config.yaml file around here: https://github.com/Faa7/traefik/blob/master/dynamic-config.yaml

Make sure to add a docker network named “traefik” because that’s the network containers will communicate over.

Installing Discourse

Obtaining the image isn’t done with a simple “docker pull” command or specifying the image name in docker-compose. Switch to a root user.

$ su root
$ git clone https://github.com/discourse/discourse_docker.git /var/discourse
$ cd /var/discourse

Run the configuration and it’ll prompt for a FQDN and SMTP settings/credentials. 

$ ./launcher discourse-setup

It’s fine if the procedure fails because we’re editing the app.yml file anyways.

$ cd /var/discourse/containers
$ nano app.yml

Make sure to comment out the ports 80 and 443. Specify the FQDN that’ll be used for the forum. Don’t forget to add “docker_args” below the labels. The network that is used for everything traefik related is just “traefik”. Lastly, the entrypoint which 

expose:
#  - "80:80"   # http
#  - "443:443" # https

labels:
  app_name:                                                                     discourse

  #----Enabling Traefik and its network------------------------
  traefik.enable:                                                               true
  traefik.docker.network:                                                       traefik
   #---HTTPS Router with rule FQDN
  traefik.http.routers.discourse-secure.rule:                                   Host(`forums.example.com`)
  traefik.http.routers.discourse-secure.entrypoints:                            web-secure
  traefik.http.services.discourse-secure.loadbalancer.server.port:              80
    #--TLS SECTION
  traefik.http.routers.discourse-secure.tls.certresolver:                       letsencrypthttpchallenge
  traefik.http.routers.discourse-secure.tls:                                    true

docker_args:
  - "--network=traefik"

Don’t forget to configure the discourse hostname and the SMTP settings.

To finalize the installation we’ll have to build the container with the ./launcher script. The script can only be executed in the /var/discourse directory. Be patient, it takes quite a while to complete the process.

$ cd /var/discourse
$ ./launcher rebuild app

Browse to ‘forums.example.com’ and register for an admin account. You should receive a mail asking to activate your account. Once that’s done complete the installation wizard where basic settings can be configured.

I noticed that Firefox prompts a HTTPS error for a partially secured connection. To fix that; enable force_https which you’ll find on the dashboard within discourse and reboot the server. Firefox shouldn’t display any errors at this point.

Leave a Reply

Your email address will not be published. Required fields are marked *