My Home

Setting up Discourse

I'm part of the local slacklining organization, and have been for the better part of its existence. Two weeks ago I finally decided it was time to step up and help out, be part of shaping how we work together.

The spark that lead to this decision was on one hand my aversion to using walled gardens like facebook joined by my ongoing efforts to leave certain parts of the internet behind without looking back, and on the other hand the discussion we had during our last in-person meeting, in which I brought up mailing-lists, and how organizing through chat alone doesn't really cut it.

Somebody mentioned forums, and now here we are.

This entry is written after the fact, it's been a few days since I set it up, and I probably don't remember all the parts. Ah well. Should help either way if I ever have to do this again.

General

Keep discourse's install guide at hand, refer to it when stuck.

Server

Using hetzner's smallest (and cheapest) offering of shared cloud servers. Set up a raw debian install. This can just be transferred to the association, I expect.

Make sure you get an IPv4 address, as you'll need access to github, which, in 2024, sTiLl doesn't know of IPv6.

Email

Using my personal email server behind this domain, as the whole thing is just for testing purposes. The association has its own mailing server as far as i know. They might also just be using some provider tho, will have to find out.

Firewall

The official way of using Discourse is through Docker. When docker starts up it seems to take over the whole firewall, which I honestly did not expect. As it only knows iptables make sure to install and use the translation layer to nftables:

# update-alternatives --set iptables /usr/sbin/iptables-nft
# update-alternatives --set ip6tables /usr/sbin/ip6tables-nft
# update-alternatives --set arptables /usr/sbin/arptables-nft
# update-alternatives --set ebtables /usr/sbin/ebtables-nft

The software

apt install docker.io git
git clone https://github.com/discourse/discourse_docker.git /var/discourse
cd /var/discourse
chmod 700 containers

./discourse-setup

That should be it. Took me ages to get it to work, because I made all the mistakes I could have. Starting with thinking I'd get away without and IPv4, to not allowing docker apps to get through to the internet. I thought enabling masquerading and allowing forwarding packages is what fixed it, but since docker seems to override all rules through the translation layer, maybe that's also what actually made it work. Either way, here'd be the masquerading for nftables:

table ip nat {
        chain postrouting {
                type nat hook postrouting priority srcnat; policy accept;
                masquerade
        }
}

Very much hope the local slackliners will give it a try and we'll be able to communicate in a fashion that's maybe a tiny bit more organized :)