Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

spinalcordmri.github.io

How to set up Jekyll

Nice tutorials here: https://www.taniarascia.com/make-a-static-website-with-jekyll/

Configure Domain (NameCheap)

The configuration looks like this:

Type Host Value TTL
CNAME Record www spinalcordmri.github.io Automatic
A Record @ 185.199.110.153 Automatic
A Record @ 185.199.108.153 Automatic
A Record @ 185.199.109.153 Automatic
A Record @ 185.199.111.153 Automatic
A Record forum.spinalcordmri.org 159.89.119.65 Automatic

Set up Discourse Forum

Reference

https://github.com/discourse/discourse/blob/master/docs/INSTALL-cloud.md

Create account & droplet in Digital Ocean. Droplet configure : 1GB RAM, 1 vCPU,25 GB HDD, 1 TB transfer, running Ubuntu 18.04-LTS.

Setup subdomain in namecheap

  • To create a subdomain, please do the following:
    • Go to your Domain List and click Manage next to the domain
    • Select the Advanced DNS tab
    • Find the Host Records section and click on the Add New Record button
    • Select A Record for Type and enter the Host forum.spinalcordmri.org you would like to point to an IP address DigitalOcean_Server_IP_Address

System Hostname

Make sure that the Droplet's /etc/hostname contains "forum.spinalcordmri.org".

Setup Discourse server

Connect to the droplet server provided by Digital Ocean, then do:

  • Install Docker:
wget -qO- https://get.docker.com/ | sh
  • Clone Discourse deploy
mkdir /var/discourse
git clone https://github.com/discourse/discourse_docker.git /var/discourse
cd /var/discourse
  • Install Discourse
./discourse-setup
Hostname      : forum.spinalcordmri.org
Email         : [initial administrator's email address]
SMTP address  : [press Enter]
SMTP port     : [press Enter]
SMTP username : [press Enter]
SMTP password : [press Enter]
Let's Encrypt : [press Enter]

Note that this skips SMTP (email). We run a mail server on the same machine as Discourse, so there is a circular dependency that we need to side-step: the mail server relies on Discourse to generate a SSL certificate, but Discourse needs a mail server to operate.

Other ways to side-step this:

  1. Run letsencrypt ourselves, outside of the Discourse container; make sure that works and then say "No" to the Let's Encrypt prompt.
  2. Run a second letsencrypt account for the same domain outside of the Discourse container?
  3. Run the mail server on a separate server e.g. mail.spinalcordmri.org with its own independent subdomain and certificates.

Setup Email

We run a small mail server on the same server as Discourse for it to send notifcations and password resets. Discourse recommends using a cloud service like MailGun or Amazon SES or SendGrid, but our usage is so small that the overhead (and risk) of outsourcing is high. Mail servers are something of an arcane art now, but never fear, these instructions will make it work.

Before continuing, make sure that Discourse has generated the SSL cert. It is in /var/discourse/shared/standalone/ssl/:

root@forum:~# ls -l /var/discourse/shared/standalone/ssl/forum.spinalcordmri.org.{cer,key}
-rw-r--r-- 1 root root 3799 Dec  5 08:33 /var/discourse/shared/standalone/ssl/forum.spinalcordmri.org.cer
-rw------- 1 root root 3247 Dec  5 08:33 /var/discourse/shared/standalone/ssl/forum.spinalcordmri.org.key

Install mail server

Install opensmtpd:

sudo apt-get install opensmtpd

The installer might(TODO: check on this) prompt you to name the system; make sure to tell it "forum.spinalcordmri.org". Afterwards, make sure that /etc/mailname contains "forum.spinalcordmri.org".

There is a bug in the OpenSMTPd packaged for Ubuntu 18.04: https://bugs.launchpad.net/ubuntu/+source/opensmtpd/+bug/1840586. To work around it, apply this patch:

--- /lib/systemd/system/opensmtpd.service.old	2020-11-05 01:20:51.164473166 +0000
+++ /lib/systemd/system/opensmtpd.service	2020-11-03 21:22:34.309085523 +0000
@@ -6,7 +6,8 @@
 [Service]
 Type=forking
 ExecStart=/usr/sbin/smtpd
-ExecStop=/usr/sbin/smtpctl stop # backported fix for https://bugs.launchpad.net/ubuntu/+source/opensmtpd/+bug/1840586
+ExecStop=/bin/kill -15 $MAINPID
 
 [Install]
 WantedBy=multi-user.target

Despite this bug, setting up opensmtpd is still leagues simpler and more reliable than postfix or sendmail.

Setup DNS for Email
  1. Again, triple-check that cat /etc/hostname and cat /etc/mailname and hostname all return "forum.spinalcordmri.org"; if not, edit those two files manually, then reboot and check again.
  2. In NameCheap, under the "forum.spinalcordmri.org" subdomain:
    1. Define the MX record: scroll to the email section, set it to "Custom MX" and write in MX forum = forum.spinalcordmri.org, priority 0.
      • to test: dig MX forum.spinalcordmri.org should return "forum.spinalcordmri.org"
    2. Set up SPF: again in namecheap, in the main records section, add TXT forum. = "v=spf1 a mx ip4:159.89.119.65 ~all"
      • to test: dig TXT forum.spinalcordmri.org should return the string above.
    3. DMARC: again in namecheap, add a record TXT _dmarc.forum. = "v=DMARC1; p=none"; but I'm not sure this achieves anything really.
      • to test: dig TXT _dmarc.forum.spinalcordmri.org should return the string above.
  3. Reverse DNS: log in to the Droplet's control panel at DigitalOcean (DO) and set the name of the Droplet to "forum.spinalcordmri.org"; this causes the reverse DNS to be defined.
    • to test: dig +short -x $(dig +short forum.spinalcordmri.org) should return "forum.spinalcordmri.org".
Configure mail server

Put this into /etc/smtpd.conf:

pki forum.spinalcordmri.org certificate "/var/discourse/shared/standalone/ssl/forum.spinalcordmri.org.cer"
pki forum.spinalcordmri.org key "/var/discourse/shared/standalone/ssl/forum.spinalcordmri.org.key"

listen on eth0 tls-require pki forum.spinalcordmri.org auth-optional
listen on eth0 tls-require pki forum.spinalcordmri.org auth port 587
table aliases file:/etc/aliases
# incoming mail disabled until if/when we want https://meta.discourse.org/t/set-up-reply-via-email-support/14003
#accept from any for domain "forum.spinalcordmri.org" alias <aliases> deliver to maildir "~/.mail" 
accept for local alias <aliases> deliver to maildir "~/.mail" 
accept for any relay hostname "forum.spinalcordmri.org"

Enable the server with

systemctl enable --now opensmtpd

View the logs -- especially to look for configuration errors -- with

journalctl -f -u opensmtpd

(it helps to run this in a separate tab while doing the rest of the configuration and testing)

Test mail delivery

At this point the mail server should be a member of the internet email community. To test, use:

echo "Test Message" | mail -s "This is a message" you@example.org

If you can, test with a few major email servers that we care about: "someone@polymtl.ca", "someoneelse@gmail.com", "antoinethethird@hotmail.com", "thefourthliest@yahoo.com". Generally, if the above has been done right, your message should get past the spam filters, and if it was done wrong it either won't send or will be caught by the spam filters.

https://www.mail-tester.com/ is very helpful for finding issues missed above, especially around spamminess. Email is very very complicated and this helps a lot. Go to https://www.mail-tester.com/ and copy the email address it gives you, then run the same test but with it as a target:

echo "Test Message" | mail -s "This is a message" somethingsomething@mail-tester.com

then click the "View My Results" button.

Review until you have a good score and mails are getting accepted.

Configure Discourse's email account

We need an SMTP account Discourse can send via. opensmtpd simply uses the OS's users by default, so we will make an OS user for outgoing emails. This username is not the same as what's on the email headers: opensmtpd allows authenticated users to spoof their identities, and we need actually want that because we want to send as noreply@forum.spinalcordtoolbox.org.

  1. Run a password generator and save the result temporarily. If you have a password manager, see if it has a password generator built in. Otherwise there's Diceware and xkpasswd and xkcdpass and pwgen
  2. Create the user forum@forum.spinalcordmri.org;useradd -s /usr/sbin/nologin forum && passwd forum, inputting the saved password
  3. Test:
    • install swaks: sudo apt-get install swaks
    • swaks --to me@example.com --from noreply@forum.spinalcordmri.org --server forum.spinalcordmri.org -p 25 --auth-user forum --tls-verify --tls
      Password: xxxxxxxxxxxxxxxxxxxxxxx
      === Trying forum.spinalcordmri.org:25...
      === Connected to forum.spinalcordmri.org.
      [...]
      <~  250 2.0.0: 8ccb62c7 Message accepted for delivery
      ~> QUIT
      <~  221 2.0.0: Bye
      
    • try varying --to and --from to see how various servers react
    • if you do not see "accepted" stop and debug until it works
  4. Give Discourse the new SMTP credentials; this is done by re-running the installer. The original values will be saved and prompted; add in the new credentials:

    (cd /var/discourse; ./discourse-set
    Hostname      : forum.spinalcordmri.org
    Email         : [press enter]
    SMTP address  : forum.spinalcordmri.org
    SMTP port     : 587
    SMTP username : forum
    SMTP password : xxxxxxxxxxxxxxxxxxxxxxx
    Let's Encrypt : [press Enter]
    
  5. Test: make a post on the forum, and have someone else reply to it. Watch the mail log (journalctl -u -f opensmtpd!) and check if you receive the notification in your inbox.

### Configuring Google login for Discourse ([reference](https://meta.discourse.org/t/configuring-google-login-for-discourse/15858))

Go to https://console.developers.google.com, click on Credentials and create a new Project.
- Project name `Forum spinalcordmri`
- Project id `forum-spinalcordmri`

Select Credentials in the left menu, Create credentials and OAuth client ID type for the credentials.
- Application type `Web application`
- Name `Forum spinalcordmri.org`
- Authorized JavaScript origins `http://forum.spinalcordmri.org`
- Authorized redirect URIs `http://forum.spinalcordmri.org/auth/google_oauth2/callback`

Configure your OAuth Consent Screen
  - Product name shown to users `Forum spinalcordmri.org`
  - Homepage URL `http://www.spinalcordmri.org/`
  - Privacy policy URL `http://www.spinalcordmri.org/`

Click Library in the left menu and you’ll see a huge list of Google API’s. Find Google+ API and enable them.

The API will create `google_client_id` and `google_client_secret` which you can add under http://forum.spinalcordmri.org/admin/site_settings/category/login, after checking `enable google oauth2 logins`
### Configure GitHub login for Discourse ([reference](https://meta.discourse.org/t/configuring-github-login-for-discourse/13745))

Under github.com/spinalcordmri, click Settings (the gear icon), then look for OAuth Applications in the left menu. Select Register new application.
  - Application name
  ~~~
  Forum spinalcordmri
  ~~~
  - Homepage URL
  ~~~
  http://forum.spinalcordmri.org/
  ~~~
  - Application description
  ~~~
  Forum spinalcordmri
  ~~~
  - Authorization callback URL
  ~~~
  http://forum.spinalcordmri.org//auth/github/callback
  ~~~
The app will create `github_client_id` and `github_client_secret`which you can add under http://forum.spinalcordmri.org/admin/site_settings/category/login, after checking `enable github logins`

## Debugging

Check what IP are associated with the URL:
~~~
host spinalcordmri.org
~~~
Check that domain exists, and get info about registrar:
~~~
whois spinalcordmri.org
~~~

About

Web site of spinalcordmri organization.

Topics

Resources

Releases

No releases published

Packages

No packages published