# Discourse Setup & Configuration Log

This document tracks the manual configuration changes made to the `nexus-vector` server to get Discourse running with SSO and email delivery.

## Server Details
- **Host**: `nexus-vector` (216.158.230.94)
- **Domain**: `forum.mtd.runfoo.run`
- **Container**: `app` (Discourse)

## Manual Configuration Changes

### 1. Discourse Configuration (`/var/discourse/containers/app.yml`)
The following changes were made to the default `app.yml` to resolve port conflicts and fix email delivery:

- **Port Mapping**: Removed `443:443` to avoid conflict with the host's Traefik/Nginx. Discourse listens on port 80 internally.
- **SSL**: Commented out internal Let's Encrypt templates (`templates/web.ssl.template.yml`, `templates/web.letsencrypt.ssl.template.yml`). SSL is terminated by the host's reverse proxy.
- **SMTP Settings**:
    - `DISCOURSE_SMTP_ADDRESS`: `216.158.230.94` (Host IP)
    - `DISCOURSE_SMTP_PORT`: `25` (Switched from 587 to bypass TLS handshake issues)
    - `DISCOURSE_SMTP_DOMAIN`: `mtd.runfoo.run`
    - `DISCOURSE_NOTIFICATION_EMAIL`: `noreply@mtd.runfoo.run`
    - `DISCOURSE_SMTP_OPENSSL_VERIFY_MODE`: `none` (Initially tried, but port 25 switch was the effective fix)

### 2. Host Postfix Configuration (`/etc/postfix/main.cf`)
To allow the Docker container to send emails via the host's Postfix instance:

- **Relay Access**: Added Docker subnets to `mynetworks` to allow relaying.
    - Added: `192.168.0.0/16` and `172.16.0.0/12`
    - Command used: `sudo sed -i '/^mynetworks =/ s/$/ 192.168.0.0\/16 172.16.0.0\/12/' /etc/postfix/main.cf`
    - Service reloaded: `sudo systemctl reload postfix`

### 3. Admin User
- **User**: `tenwest` (`tenwest@pm.me`)
- **Creation**: Manually created and activated via Rails console due to initial email issues.
    ```ruby
    u = User.new(email: 'tenwest@pm.me', username: 'tenwest', password: '...', active: true, admin: true)
    u.save!
    ```

### 4. SSO Configuration
- **Status**: SSO was temporarily disabled (`enable_sso = false`) to allow local admin login.
- **Next Steps**: Re-enable SSO in Discourse Admin UI -> Settings -> Login, pointing to the main application's SSO endpoint.

## Deployment Commands
- **Rebuild**: `cd /var/discourse && ./launcher rebuild app`
- **Restart**: `cd /var/discourse && ./launcher restart app`
- **Logs**: `docker logs -f app`