Discourse Setup & Configuration Log

This document tracks the manual configuration changes made to the nexus-vector server to get Discourse running with SSO and email delivery.

Server Details

The following changes were made to the default app.yml to resolve port conflicts and fix email delivery:

Port Mapping: Removed 443:443 to avoid conflict with the host's Traefik/Nginx. Discourse listens on port 80 internally.
SSL: Commented out internal Let's Encrypt templates (templates/web.ssl.template.yml, templates/web.letsencrypt.ssl.template.yml). SSL is terminated by the host's reverse proxy.
SMTP Settings:
- DISCOURSE_SMTP_ADDRESS: 216.158.230.94 (Host IP)
- DISCOURSE_SMTP_PORT: 25 (Switched from 587 to bypass TLS handshake issues)
- DISCOURSE_SMTP_DOMAIN: mtd.runfoo.run
- DISCOURSE_NOTIFICATION_EMAIL: noreply@mtd.runfoo.run
- DISCOURSE_SMTP_OPENSSL_VERIFY_MODE: none (Initially tried, but port 25 switch was the effective fix)

To allow the Docker container to send emails via the host's Postfix instance:

Relay Access: Added Docker subnets to mynetworks to allow relaying.
- Added: 192.168.0.0/16 and 172.16.0.0/12
- Command used: sudo sed -i '/^mynetworks =/ s/$/ 192.168.0.0\/16 172.16.0.0\/12/' /etc/postfix/main.cf
- Service reloaded: sudo systemctl reload postfix

Creation: Manually created and activated via Rails console due to initial email issues.

u = User.new(email: 'tenwest@pm.me', username: 'tenwest', password: '...', active: true, admin: true)
u.save!

Status: SSO was temporarily disabled (enable_sso = false) to allow local admin login.
Next Steps: Re-enable SSO in Discourse Admin UI -> Settings -> Login, pointing to the main application's SSO endpoint.