runfoo-org/morethanadiagnosis-hub
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: discourse sso env vars, nginx proxy config, and setup docs

Browse source
This commit is contained in:
fullsizemalt 2025-11-19 19:57:47 -08:00
parent 77d1277cd8
commit 527bda634b
3 changed files with 74 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
DISCOURSE_SETUP.md Normal file
View file

@ -0,0 +1,47 @@
# Discourse Setup & Configuration Log
This document tracks the manual configuration changes made to the `nexus-vector` server to get Discourse running with SSO and email delivery.
## Server Details
- **Host**: `nexus-vector` (216.158.230.94)
- **Domain**: `forum.mtd.runfoo.run`
- **Container**: `app` (Discourse)
## Manual Configuration Changes
### 1. Discourse Configuration (`/var/discourse/containers/app.yml`)
The following changes were made to the default `app.yml` to resolve port conflicts and fix email delivery:
- **Port Mapping**: Removed `443:443` to avoid conflict with the host's Traefik/Nginx. Discourse listens on port 80 internally.
- **SSL**: Commented out internal Let's Encrypt templates (`templates/web.ssl.template.yml`, `templates/web.letsencrypt.ssl.template.yml`). SSL is terminated by the host's reverse proxy.
- **SMTP Settings**:
- `DISCOURSE_SMTP_ADDRESS`: `216.158.230.94` (Host IP)
- `DISCOURSE_SMTP_PORT`: `25` (Switched from 587 to bypass TLS handshake issues)
- `DISCOURSE_SMTP_DOMAIN`: `mtd.runfoo.run`
- `DISCOURSE_NOTIFICATION_EMAIL`: `noreply@mtd.runfoo.run`
- `DISCOURSE_SMTP_OPENSSL_VERIFY_MODE`: `none` (Initially tried, but port 25 switch was the effective fix)
### 2. Host Postfix Configuration (`/etc/postfix/main.cf`)
To allow the Docker container to send emails via the host's Postfix instance:
- **Relay Access**: Added Docker subnets to `mynetworks` to allow relaying.
- Added: `192.168.0.0/16` and `172.16.0.0/12`
- Command used: `sudo sed -i '/^mynetworks =/ s/$/ 192.168.0.0\/16 172.16.0.0\/12/' /etc/postfix/main.cf`
- Service reloaded: `sudo systemctl reload postfix`
### 3. Admin User
- **User**: `tenwest` (`tenwest@pm.me`)
- **Creation**: Manually created and activated via Rails console due to initial email issues.
```ruby
u = User.new(email: 'tenwest@pm.me', username: 'tenwest', password: '...', active: true, admin: true)
u.save!
```
### 4. SSO Configuration
- **Status**: SSO was temporarily disabled (`enable_sso = false`) to allow local admin login.
- **Next Steps**: Re-enable SSO in Discourse Admin UI -> Settings -> Login, pointing to the main application's SSO endpoint.
## Deployment Commands
- **Rebuild**: `cd /var/discourse && ./launcher rebuild app`
- **Restart**: `cd /var/discourse && ./launcher restart app`
- **Logs**: `docker logs -f app`

12
backend/docker-compose.gemini.yml
View file

@ -53,8 +53,10 @@ services:
DATABASE_URL: postgresql://admin:${DB_PASSWORD:-gemini-test-password}@postgres:5432/morethanadiagnosis DATABASE_URL: postgresql://admin:${DB_PASSWORD:-gemini-test-password}@postgres:5432/morethanadiagnosis
REDIS_URL: redis://:${REDIS_PASSWORD:-gemini-test-password}@redis:6379/0 REDIS_URL: redis://:${REDIS_PASSWORD:-gemini-test-password}@redis:6379/0
SECRET_KEY: ${SECRET_KEY:-gemini-test-secret} SECRET_KEY: ${SECRET_KEY:-gemini-test-secret}
CORS_ORIGINS: '["http://localhost:3001", "http://localhost:8081", "http://216.158.230.94:8081"]' CORS_ORIGINS: '["http://localhost:3001", "http://localhost:8081", "http://216.158.230.94:8081", "https://mtd.runfoo.run", "https://www.mtd.runfoo.run"]'
LOG_LEVEL: DEBUG LOG_LEVEL: DEBUG
DISCOURSE_URL: https://forum.mtd.runfoo.run
DISCOURSE_SSO_SECRET: gemini-test-sso-secret
ports: ports:
- "8001:8000" - "8001:8000"
depends_on: depends_on:
@ -78,7 +80,7 @@ services:
context: ../web context: ../web
dockerfile: Dockerfile dockerfile: Dockerfile
args: args:
NEXT_PUBLIC_API_BASE_URL: http://216.158.230.94:8001/api/v1 NEXT_PUBLIC_API_BASE_URL: https://mtd.runfoo.run/api/v1
container_name: mtad-web-gemini container_name: mtad-web-gemini
restart: unless-stopped restart: unless-stopped
expose: expose:
@ -88,14 +90,14 @@ services:
depends_on: depends_on:
- api - api
environment: environment:
NEXT_PUBLIC_API_BASE_URL: http://216.158.230.94:8001/api/v1 NEXT_PUBLIC_API_BASE_URL: https://mtd.runfoo.run/api/v1
nginx: nginx:
image: nginx:alpine image: nginx:alpine
container_name: mtad-nginx-gemini container_name: mtad-nginx-gemini
restart: unless-stopped restart: unless-stopped
ports: ports:
- "8081:80" - "80:80"
# - "8443:443" # SSL disabled for gemini test to avoid cert conflicts # - "8443:443" # SSL disabled for gemini test to avoid cert conflicts
volumes: volumes:
- ./nginx.gemini.conf:/etc/nginx/nginx.conf:ro - ./nginx.gemini.conf:/etc/nginx/nginx.conf:ro
@ -106,7 +108,7 @@ services:
depends_on: depends_on:
- api - api
healthcheck: healthcheck:
test: [ "CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/health" ] test: [ "CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:80/health" ]
interval: 30s interval: 30s
timeout: 10s timeout: 10s
retries: 3 retries: 3

22
backend/nginx.gemini.conf
View file

@ -41,10 +41,14 @@ http {
keepalive 32; keepalive 32;
} }
# HTTP server - Gemini Test Deployment
server { server {
listen 80; listen 80;
server_name _; # Catch all server_name mtd.runfoo.run www.mtd.runfoo.run;
# Force HTTPS (Cloudflare passes X-Forwarded-Proto)
if ($http_x_forwarded_proto = "http") {
return 301 https://$host$request_uri;
}
# Proxy frontend requests to Next.js service # Proxy frontend requests to Next.js service
location / { location / {
@ -97,4 +101,18 @@ http {
add_header Content-Type text/plain; add_header Content-Type text/plain;
} }
} }
# Forum Gateway
server {
listen 80;
server_name forum.mtd.runfoo.run;
location / {
proxy_pass http://app:80; # Proxy to Discourse container on internal network
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
} }