321 lines
15 KiB
Bash
321 lines
15 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Discourse Service
|
|
|
|
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
. /etc/federated
|
|
get_appvars
|
|
|
|
config_discourse() {
|
|
echo -ne "* Configuring discourse container.."
|
|
|
|
[[ ! -d "/federated/apps/redis" ]] && failcheck "Redis needs installed first. Run installapp redis"
|
|
|
|
if [ ! -d "/federated/apps/discourse" ]; then
|
|
mkdir -p /federated/apps/discourse/data/discourse/bitnami/discourse
|
|
mkdir -p /federated/apps/discourse/data/sidekiq/bitnami/discourse
|
|
mkdir -p /federated/apps/discourse/data/discourse/log
|
|
touch /federated/apps/discourse/data/discourse/log/.gitkeep
|
|
fi
|
|
chown lxd /federated/apps/discourse/data/discourse/log
|
|
chmod 775 /federated/apps/discourse/data/discourse/log
|
|
chown lxd:root /federated/apps/discourse/data/discourse/log/.gitkeep
|
|
chmod 664 /federated/apps/discourse/data/discourse/log/.gitkeep
|
|
|
|
cat > /federated/apps/discourse/docker-compose.yml <<EOF
|
|
services:
|
|
discourse:
|
|
image: docker.io/bitnami/discourse:\${IMAGE_VERSION}
|
|
container_name: discourse
|
|
hostname: discourse.$DOMAIN
|
|
restart: always
|
|
extra_hosts:
|
|
- "authelia.$DOMAIN:5.161.240.73"
|
|
networks:
|
|
core:
|
|
ipv4_address: 192.168.0.43
|
|
env_file:
|
|
- ./.env
|
|
volumes:
|
|
- ./data/discourse/bitnami/discourse:/bitnami/discourse
|
|
- ./data/discourse/log:/opt/bitnami/discourse/log
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.discourse.rule=Host(\`discourse.$DOMAIN\`, \`forum.$DOMAIN\`)"
|
|
- "traefik.http.routers.discourse.entrypoints=websecure"
|
|
- "traefik.http.routers.discourse.tls.certresolver=letsencrypt"
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "50m" # Maximum size of the log file
|
|
max-file: "1" # Keep only one log file
|
|
|
|
sidekiq:
|
|
image: docker.io/bitnami/discourse:\${IMAGE_VERSION}
|
|
container_name: discoursesidekiq
|
|
hostname: discoursesidekiq.$DOMAIN
|
|
restart: always
|
|
extra_hosts:
|
|
- "authelia.$DOMAIN:5.161.240.73"
|
|
networks:
|
|
core:
|
|
ipv4_address: 192.168.0.44
|
|
env_file:
|
|
- ./.env
|
|
depends_on:
|
|
- discourse
|
|
volumes:
|
|
- ./data/sidekiq/bitnami/discourse:/bitnami/discourse
|
|
command: /opt/bitnami/scripts/discourse-sidekiq/run.sh
|
|
|
|
networks:
|
|
core:
|
|
external: true
|
|
EOF
|
|
|
|
DISCOURSE_SECRET=$(create_password);
|
|
REDIS_SECRET=$(awk -F= '/REDIS_PASSWORD/ { print $2 }' /federated/apps/redis/.env)
|
|
[[ "${PLUS}" = "true" ]] && sed -i "s/letsencrypt/httpresolver/g" /federated/apps/discourse/docker-compose.yml
|
|
[[ -z "${ADMINPASS}" ]] && ADMINPASS=$(create_password)
|
|
|
|
cat > /etc/logrotate.d/federated <<EOF
|
|
/federated/apps/discourse/data/discourse/log/production.log
|
|
{
|
|
daily
|
|
rotate 31
|
|
compress
|
|
delaycompress
|
|
missingok
|
|
notifempty
|
|
copytruncate
|
|
}
|
|
EOF
|
|
|
|
cat > /federated/apps/discourse/.env <<EOF
|
|
IMAGE_VERSION="$(current_version discourse)"
|
|
DISCOURSE_HOST=discourse.$DOMAIN
|
|
DISCOURSE_USERNAME=admin
|
|
DISCOURSE_PASSWORD=$ADMINPASS
|
|
DISCOURSE_EMAIL=admin@$DOMAIN
|
|
DISCOURSE_SITE_NAME="$COMPANY Forum"
|
|
DISCOURSE_DATABASE_HOST=postgresql.$DOMAIN
|
|
DISCOURSE_DATABASE_PORT_NUMBER=5432
|
|
DISCOURSE_DATABASE_USER=discourse
|
|
DISCOURSE_DATABASE_NAME=discourse
|
|
DISCOURSE_DATABASE_PASSWORD=$DISCOURSE_SECRET
|
|
DISCOURSE_REDIS_HOST=redis.$DOMAIN
|
|
DISCOURSE_REDIS_PORT_NUMBER=6379
|
|
DISCOURSE_REDIS_PASSWORD=$REDIS_SECRET
|
|
DISCOURSE_SMTP_HOST=mail.$DOMAIN
|
|
DISCOURSE_SMTP_PORT=587
|
|
DISCOURSE_SMTP_USER=fcore
|
|
DISCOURSE_SMTP_PASSWORD=$ADMINPASS
|
|
DISCOURSE_SMTP_PROTOCOL=tls
|
|
BITNAMI_DEBUG=true
|
|
DISCOURSE_HOSTNAME=forum.$DOMAIN
|
|
DISCOURSE_SMTP_ADDRESS=mail.$DOMAIN
|
|
DISCOURSE_SMTP_USER_NAME=fcore
|
|
DISCOURSE_SMTP_ENABLE_START_TLS=true
|
|
RAILS_ENV=production
|
|
DISCOURSE_DB_HOST=postgresql.$DOMAIN
|
|
DISCOURSE_DB_PORT=5432
|
|
DISCOURSE_DB_USERNAME=discourse
|
|
DISCOURSE_DB_PASSWORD=$DISCOURSE_SECRET
|
|
DISCOURSE_DB_NAME=discourse
|
|
DISCOURSE_REDIS_PORT=6379
|
|
DISCOURSE_PASSENGER_EXTRA_FLAGS="--max-request-queue-size 1500 --min-instances 25 --max-pool-size 150 --pool-idle-time 800"
|
|
DISCOURSE_ASSET_RATE_LIMITERS=limiter60
|
|
DISCOURSE_RATE_LIMITERS=limiter60
|
|
DISCOURSE_MAX_REQS_PER_IP_EXCEPTIONS=192.168.0.13
|
|
EOF
|
|
chmod 600 /federated/apps/discourse/.env
|
|
|
|
# Tune discourse for each memory size
|
|
MEMTOTAL=$(awk '/MemTotal/ {printf( "%d\n", $2 / 1024 )}' /proc/meminfo)
|
|
[[ "${MEMTOTAL}" = "3815" ]] && sed -i "s/DISCOURSE_PASSENGER_EXTRA_FLAGS=.*/DISCOURSE_PASSENGER_EXTRA_FLAGS=\"--max-request-queue-size 100 --min-instances 3 --max-pool-size 15 --pool-idle-time 400\"/g" /federated/apps/discourse/.env
|
|
[[ "${MEMTOTAL}" = "7747" ]] && sed -i "s/DISCOURSE_PASSENGER_EXTRA_FLAGS=.*/DISCOURSE_PASSENGER_EXTRA_FLAGS=\"--max-request-queue-size 200 --min-instances 5 --max-pool-size 25 --pool-idle-time 500\"/g" /federated/apps/discourse/.env
|
|
[[ "${MEMTOTAL}" = "15610" ]] && sed -i "s/DISCOURSE_PASSENGER_EXTRA_FLAGS=.*/DISCOURSE_PASSENGER_EXTRA_FLAGS=\"--max-request-queue-size 400 --min-instances 10 --max-pool-size 50 --pool-idle-time 600\"/g" /federated/apps/discourse/.env
|
|
[[ "${MEMTOTAL}" = "31334" ]] && sed -i "s/DISCOURSE_PASSENGER_EXTRA_FLAGS=.*/DISCOURSE_PASSENGER_EXTRA_FLAGS=\"--max-request-queue-size 750 --min-instances 15 --max-pool-size 75 --pool-idle-time 700\"/g" /federated/apps/discourse/.env
|
|
[[ "${MEMTOTAL}" = "62786" ]] && sed -i "s/DISCOURSE_PASSENGER_EXTRA_FLAGS=.*/DISCOURSE_PASSENGER_EXTRA_FLAGS=\"--max-request-queue-size 1500 --min-instances 25 --max-pool-size 150 --pool-idle-time 800\"/g" /federated/apps/discourse/.env
|
|
|
|
# Create database and user in postgresql
|
|
docker exec postgresql psql -U postgres -c "CREATE USER discourse WITH PASSWORD '$DISCOURSE_SECRET'" &> /dev/null
|
|
docker exec postgresql psql -U postgres -c "CREATE DATABASE discourse" &> /dev/null
|
|
docker exec postgresql psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE discourse TO discourse" &> /dev/null
|
|
|
|
echo -ne "done.\n"
|
|
}
|
|
start_discourse() {
|
|
# Start service with command to make sure it's up before proceeding
|
|
start_service "discourse" "nc -z 192.168.0.43 3000 &> /dev/null" "70"
|
|
|
|
docker exec postgresql psql -U discourse -c "update users set username='admin@$DOMAIN' where username='admin';" &> /dev/null
|
|
docker exec postgresql psql -U discourse -c "update users set username_lower='admin@$DOMAIN' where username_lower='admin';" &> /dev/null
|
|
docker exec postgresql psql -U discourse -c "update site_settings set value='discourse@$DOMAIN' where name='notification_email';" &> /dev/null
|
|
|
|
if [[ "${PLUS}" != "true" ]]; then
|
|
docker exec pdns pdnsutil add-record $DOMAIN discourse A 86400 $EXTERNALIP &> /dev/null
|
|
docker exec pdns pdnsutil add-record $DOMAIN forum A 86400 $EXTERNALIP &> /dev/null
|
|
fi
|
|
|
|
echo -ne "done.\n"
|
|
}
|
|
email_discourse() {
|
|
echo -ne "* Sending email to customer.."
|
|
|
|
cat > /federated/apps/mail/data/root/certs/mailfile <<EOF
|
|
<html>
|
|
<img src="https://www.federated.computer/wp-content/uploads/2023/11/logo.png" alt="" /><br>
|
|
<p>
|
|
<h4>Discourse is now installed on $DOMAIN</h4>
|
|
<p>
|
|
Here is your applications chart on how to access this service:<br>
|
|
<p>
|
|
<h4>Applications</h4>
|
|
<style type="text/css">
|
|
.tg {border-collapse:collapse;border-spacing:0;}
|
|
.tg td{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;
|
|
overflow:hidden;padding:10px 5px;word-break:normal;}
|
|
.tg th{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;
|
|
font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;}
|
|
.tg .tg-cul6{border-color:inherit;color:#340096;text-align:left;text-decoration:underline;vertical-align:top}
|
|
.tg .tg-acii{background-color:#FFF;border-color:inherit;color:#333;text-align:left;vertical-align:top}
|
|
.tg .tg-0hty{background-color:#000000;border-color:inherit;color:#ffffff;font-weight:bold;text-align:left;vertical-align:top}
|
|
.tg .tg-kwiq{border-color:inherit;color:#000000;text-align:left;vertical-align:top}
|
|
.tg .tg-0pky{border-color:inherit;text-align:left;vertical-align:top}
|
|
</style>
|
|
<table class="tg" style="undefined;table-layout: fixed; width: 996px">
|
|
<colgroup>
|
|
<col style="width: 101.333333px">
|
|
<col style="width: 203.333333px">
|
|
<col style="width: 282.333333px">
|
|
<col style="width: 185.33333px">
|
|
<col style="width: 78.333333px">
|
|
<col style="width: 220.333333px">
|
|
</colgroup>
|
|
<thead>
|
|
<tr>
|
|
<th class="tg-0hty">Service</th>
|
|
<th class="tg-0hty">Link</th>
|
|
<th class="tg-0hty">User / Pass</th>
|
|
<th class="tg-0hty">Access</th>
|
|
<th class="tg-0hty">Docs</th>
|
|
<th class="tg-0hty">Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td class="tg-0pky">Discourse</td>
|
|
<td class="tg-0pky"><a href="https://discourse.$DOMAIN/login" target="_blank" rel="noopener noreferrer"><span style="color:#340096">discourse.$DOMAIN</span></a></td>
|
|
<td class="tg-0pky">admin@$DOMAIN<br>$ADMINPASS</td>
|
|
<td class="tg-0pky">User access is separate from panel</td>
|
|
<td class="tg-cul6"><a href="https://documentation.federated.computer/docs/getting_started/welcome/" target="_blank" rel="noopener noreferrer"><span style="color:#340096">Click here</span></a></td>
|
|
<td class="tg-0pky">Discourse is a simple, open-source, self-hosted, easy-to-use platform (Wiki) for organising and storing information</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
<h4>Thanks for your support!</h4>
|
|
<p>
|
|
Thank you for your support of Federated Computer. We really appreciate it and hope you have a very successful
|
|
time with Federated Core.
|
|
<p>
|
|
Again, if we can be of any assistance, please don't hesitate to get in touch.
|
|
<p>
|
|
Support: https://support.federated.computer<br>
|
|
Phone: (970) 722-8715<br>
|
|
Email: support@federated.computer<br>
|
|
<p>
|
|
It's <b>your</b> computer. Let's make it work for you!
|
|
</html>
|
|
EOF
|
|
|
|
# Send out e-mail from mail container with details
|
|
docker exec mail bash -c "mail -r admin@$DOMAIN -a \"Content-type: text/html\" -s \"Application installed on $DOMAIN\" $EMAIL < /root/certs/mailfile"
|
|
rm /federated/apps/mail/data/root/certs/mailfile
|
|
|
|
echo -ne "done.\n"
|
|
}
|
|
uninstall_discourse() {
|
|
echo -ne "* Uninstalling discourse container.."
|
|
|
|
# First stop the service
|
|
cd /federated/apps/discourse && docker compose -f docker-compose.yml -p discourse down &> /dev/null
|
|
|
|
# Delete database and user in postgresql
|
|
docker exec postgresql psql -U postgres -c "DROP DATABASE discourse" &> /dev/null
|
|
docker exec postgresql psql -U postgres -c "DROP USER discourse" &> /dev/null
|
|
|
|
# Delete the app directory
|
|
rm -rf /federated/apps/discourse
|
|
|
|
if [[ "${PLUS}" != "true" ]]; then
|
|
docker exec pdns pdnsutil delete-rrset $DOMAIN discourse A &> /dev/null
|
|
docker exec pdns pdnsutil delete-rrset $DOMAIN forum A &> /dev/null
|
|
fi
|
|
|
|
echo -ne "done.\n"
|
|
}
|
|
configsso_discourse() {
|
|
if [[ "${PLUS}" != "true" ]]; then
|
|
echo -ne "* Configuring discourse container with SSO.."
|
|
|
|
[ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
|
|
[ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
|
|
[[ $(grep "### Discourse" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Discourse configuration."
|
|
|
|
DISCOURSE_CLIENT_SECRET=$(create_password);
|
|
DISCOURSE_CLIENT_SECRET_HASH=$(docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $DISCOURSE_CLIENT_SECRET | awk '{ print $2 }')
|
|
echo "$DISCOURSE_CLIENT_SECRET" > /federated/apps/discourse/.discourse.client.secret
|
|
|
|
cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
|
|
### Discourse
|
|
- client_id: 'discourse'
|
|
client_name: 'Discourse'
|
|
client_secret: $DISCOURSE_CLIENT_SECRET_HASH
|
|
consent_mode: 'implicit'
|
|
public: false
|
|
authorization_policy: 'one_factor'
|
|
redirect_uris:
|
|
- 'https://discourse.$DOMAIN/auth/oidc/callback'
|
|
scopes:
|
|
- 'openid'
|
|
- 'profile'
|
|
- 'email'
|
|
- 'groups'
|
|
userinfo_signed_response_alg: 'none'
|
|
token_endpoint_auth_method: 'client_secret_basic'
|
|
EOF
|
|
|
|
# Restart Authelia for changes to take the above configuration
|
|
run_command "/federated/bin/stop authelia"
|
|
run_command "/federated/bin/start authelia"
|
|
|
|
docker exec discourse bash -c "cd /opt/bitnami/discourse && RAILS_ENV=production bundle exec rake plugin:install repo=https://github.com/discourse/discourse-openid-connect"
|
|
docker exec discourse bash -c "cd /opt/bitnami/discourse && RAILS_ENV=production bundle exec rake assets:precompile"
|
|
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('31', 'openid_connect_enabled', '5', 't', NOW(), NOW());"
|
|
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('32', 'openid_connect_discovery_document', '1', 'https://authelia.$DOMAIN/.well-known/openid-configuration', NOW(), NOW());"
|
|
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('33', 'openid_connect_client_id', '1', 'discourse', NOW(), NOW());"
|
|
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('34', 'openid_connect_authorize_scope', '1', 'openid email profile', NOW(), NOW());"
|
|
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('36', 'openid_connect_client_secret', '1', '$DISCOURSE_CLIENT_SECRET', NOW(), NOW());"
|
|
|
|
/federated/bin/stop discourse
|
|
/federated/bin/start discourse
|
|
|
|
echo -ne "done.\n"
|
|
fi
|
|
}
|
|
configsso_discourse_plus() {
|
|
DISCOURSE_CLIENT_SECRET=$(cat /federated/apps/discourse/.discourse.client.secret)
|
|
|
|
docker exec discourse bash -c "cd /opt/bitnami/discourse && RAILS_ENV=production bundle exec rake plugin:install repo=https://github.com/discourse/discourse-openid-connect"
|
|
docker exec discourse bash -c "cd /opt/bitnami/discourse && RAILS_ENV=production bundle exec rake assets:precompile"
|
|
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('31', 'openid_connect_enabled', '5', 't', NOW(), NOW());"
|
|
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('32', 'openid_connect_discovery_document', '1', 'https://authelia.$DOMAIN/.well-known/openid-configuration', NOW(), NOW());"
|
|
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('33', 'openid_connect_client_id', '1', 'discourse', NOW(), NOW());"
|
|
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('34', 'openid_connect_authorize_scope', '1', 'openid email profile', NOW(), NOW());"
|
|
docker exec postgresql psql -U discourse -c "insert into site_settings (id, name, data_type, value, created_at, updated_at) VALUES ('36', 'openid_connect_client_secret', '1', '$DISCOURSE_CLIENT_SECRET', NOW(), NOW());"
|
|
|
|
/federated/bin/stop discourse
|
|
/federated/bin/start discourse
|
|
}
|