Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

How to set up Jekyll

Nice tutorials here:

Configure Domain (NameCheap)

The configuration looks like this:

Type Host Value TTL
CNAME Record www Automatic
A Record @ Automatic
A Record @ Automatic
A Record @ Automatic
A Record @ Automatic
A Record Automatic

Set up Discourse Forum


Create account & droplet in Digital Ocean. Droplet configure : 1GB RAM, 1 vCPU,25 GB HDD, 1 TB transfer, running Ubuntu 18.04-LTS.

Setup subdomain in namecheap

  • To create a subdomain, please do the following:
    • Go to your Domain List and click Manage next to the domain
    • Select the Advanced DNS tab
    • Find the Host Records section and click on the Add New Record button
    • Select A Record for Type and enter the Host you would like to point to an IP address DigitalOcean_Server_IP_Address

System Hostname

Make sure that the Droplet's /etc/hostname contains "".

Setup Discourse server

Connect to the droplet server provided by Digital Ocean, then do:

  • Install Docker:
wget -qO- | sh
  • Clone Discourse deploy
mkdir /var/discourse
git clone /var/discourse
cd /var/discourse
  • Install Discourse
Hostname      :
Email         : [initial administrator's email address]
SMTP address  : [press Enter]
SMTP port     : [press Enter]
SMTP username : [press Enter]
SMTP password : [press Enter]
Let's Encrypt : [press Enter]

Note that this skips SMTP (email). We run a mail server on the same machine as Discourse, so there is a circular dependency that we need to side-step: the mail server relies on Discourse to generate a SSL certificate, but Discourse needs a mail server to operate.

Other ways to side-step this:

  1. Run letsencrypt ourselves, outside of the Discourse container; make sure that works and then say "No" to the Let's Encrypt prompt.
  2. Run a second letsencrypt account for the same domain outside of the Discourse container?
  3. Run the mail server on a separate server e.g. with its own independent subdomain and certificates.

Setup Email

We run a small mail server on the same server as Discourse for it to send notifcations and password resets. Discourse recommends using a cloud service like MailGun or Amazon SES or SendGrid, but our usage is so small that the overhead (and risk) of outsourcing is high. Mail servers are something of an arcane art now, but never fear, these instructions will make it work.

Before continuing, make sure that Discourse has generated the SSL cert. It is in /var/discourse/shared/standalone/ssl/:

root@forum:~# ls -l /var/discourse/shared/standalone/ssl/{cer,key}
-rw-r--r-- 1 root root 3799 Dec  5 08:33 /var/discourse/shared/standalone/ssl/
-rw------- 1 root root 3247 Dec  5 08:33 /var/discourse/shared/standalone/ssl/

Install mail server

Install opensmtpd:

sudo apt-get install opensmtpd

The installer might(TODO: check on this) prompt you to name the system; make sure to tell it "". Afterwards, make sure that /etc/mailname contains "".

There is a bug in the OpenSMTPd packaged for Ubuntu 18.04: To work around it, apply this patch:

--- /lib/systemd/system/opensmtpd.service.old	2020-11-05 01:20:51.164473166 +0000
+++ /lib/systemd/system/opensmtpd.service	2020-11-03 21:22:34.309085523 +0000
@@ -6,7 +6,8 @@
-ExecStop=/usr/sbin/smtpctl stop # backported fix for
+ExecStop=/bin/kill -15 $MAINPID

Despite this bug, setting up opensmtpd is still leagues simpler and more reliable than postfix or sendmail.

Setup DNS for Email
  1. Again, triple-check that cat /etc/hostname and cat /etc/mailname and hostname all return ""; if not, edit those two files manually, then reboot and check again.
  2. In NameCheap, under the "" subdomain:
    1. Define the MX record: scroll to the email section, set it to "Custom MX" and write in MX forum =, priority 0.
      • to test: dig MX should return ""
    2. Set up SPF: again in namecheap, in the main records section, add TXT forum. = "v=spf1 a mx ip4: ~all"
      • to test: dig TXT should return the string above.
    3. DMARC: again in namecheap, add a record TXT = "v=DMARC1; p=none"; but I'm not sure this achieves anything really.
      • to test: dig TXT should return the string above.
  3. Reverse DNS: log in to the Droplet's control panel at DigitalOcean (DO) and set the name of the Droplet to ""; this causes the reverse DNS to be defined.
    • to test: dig +short -x $(dig +short should return "".
Configure mail server

Put this into /etc/smtpd.conf:

pki certificate "/var/discourse/shared/standalone/ssl/"
pki key "/var/discourse/shared/standalone/ssl/"

listen on eth0 tls-require pki auth-optional
listen on eth0 tls-require pki auth port 587
table aliases file:/etc/aliases
# incoming mail disabled until if/when we want
#accept from any for domain "" alias <aliases> deliver to maildir "~/.mail" 
accept for local alias <aliases> deliver to maildir "~/.mail" 
accept for any relay hostname ""

Enable the server with

systemctl enable --now opensmtpd

View the logs -- especially to look for configuration errors -- with

journalctl -f -u opensmtpd

(it helps to run this in a separate tab while doing the rest of the configuration and testing)

Test mail delivery

At this point the mail server should be a member of the internet email community. To test, use:

echo "Test Message" | mail -s "This is a message"

If you can, test with a few major email servers that we care about: "", "", "", "". Generally, if the above has been done right, your message should get past the spam filters, and if it was done wrong it either won't send or will be caught by the spam filters. is very helpful for finding issues missed above, especially around spamminess. Email is very very complicated and this helps a lot. Go to and copy the email address it gives you, then run the same test but with it as a target:

echo "Test Message" | mail -s "This is a message"

then click the "View My Results" button.

Review until you have a good score and mails are getting accepted.

Configure Discourse's email account

We need an SMTP account Discourse can send via. opensmtpd simply uses the OS's users by default, so we will make an OS user for outgoing emails. This username is not the same as what's on the email headers: opensmtpd allows authenticated users to spoof their identities, and we need actually want that because we want to send as

  1. Run a password generator and save the result temporarily. If you have a password manager, see if it has a password generator built in. Otherwise there's Diceware and xkpasswd and xkcdpass and pwgen
  2. Create the user;useradd -s /usr/sbin/nologin forum && passwd forum, inputting the saved password
  3. Test:
    • install swaks: sudo apt-get install swaks
    • swaks --to --from --server -p 25 --auth-user forum --tls-verify --tls
      Password: xxxxxxxxxxxxxxxxxxxxxxx
      === Trying
      === Connected to
      <~  250 2.0.0: 8ccb62c7 Message accepted for delivery
      ~> QUIT
      <~  221 2.0.0: Bye
    • try varying --to and --from to see how various servers react
    • if you do not see "accepted" stop and debug until it works
  4. Give Discourse the new SMTP credentials; this is done by re-running the installer. The original values will be saved and prompted; add in the new credentials:

    (cd /var/discourse; ./discourse-set
    Hostname      :
    Email         : [press enter]
    SMTP address  :
    SMTP port     : 587
    SMTP username : forum
    SMTP password : xxxxxxxxxxxxxxxxxxxxxxx
    Let's Encrypt : [press Enter]
  5. Test: make a post on the forum, and have someone else reply to it. Watch the mail log (journalctl -u -f opensmtpd!) and check if you receive the notification in your inbox.

### Configuring Google login for Discourse ([reference](

Go to, click on Credentials and create a new Project.
- Project name `Forum spinalcordmri`
- Project id `forum-spinalcordmri`

Select Credentials in the left menu, Create credentials and OAuth client ID type for the credentials.
- Application type `Web application`
- Name `Forum`
- Authorized JavaScript origins ``
- Authorized redirect URIs ``

Configure your OAuth Consent Screen
  - Product name shown to users `Forum`
  - Homepage URL ``
  - Privacy policy URL ``

Click Library in the left menu and you’ll see a huge list of Google API’s. Find Google+ API and enable them.

The API will create `google_client_id` and `google_client_secret` which you can add under, after checking `enable google oauth2 logins`
### Configure GitHub login for Discourse ([reference](

Under, click Settings (the gear icon), then look for OAuth Applications in the left menu. Select Register new application.
  - Application name
  Forum spinalcordmri
  - Homepage URL
  - Application description
  Forum spinalcordmri
  - Authorization callback URL
The app will create `github_client_id` and `github_client_secret`which you can add under, after checking `enable github logins`

## Debugging

Check what IP are associated with the URL:
Check that domain exists, and get info about registrar:


Web site of spinalcordmri organization.




No releases published


No packages published