How to run Discourse in Apache vhost, not Nginx

The container in the host never runs install-nginx as said above.

I’m not sure this topic is particularly useful.

You dislike the architecture of Discourse, won’t accept the word of the developers on the ways in which the product is optimized, you don’t appear to be familar with Docker and by your own admission are lying in your questions which is wasting our time collectively.

This topic already has an #unsupported-install tag because you’re straying far from the scope of the free support provided to the community. If this stuff really matters to you why not start a topic over on #marketplace - then that way you can invest your own money paying a consultant to educate, rather than our time.

1 Like

I haven’t, sorry. So I need to put the above sed commands in the hooks section of app.yml? Is there an example somewhere for how to do that to modify a file in the docker_discourse repo at bootstrap? Currently that section only has a git clone command for plugins.

I could probably drop those sed commands in a cmd section like the git clone is, but I don’t know which dir where the install-nginx script will live…

Also, where does app.yml live? I couldn’t link to the hooks section above as the containers dir is empty in the repo :confused:

All of the documentation to do these things exists here on meta. We all like to skip reading the manual, but in this case you really should be going back to basics.

You’re going about all of this backwards frankly.

I’m going to point back to the #unsupported-install tag - the expectation is that if you decide to deviate from the standard install you will assume the additional technical burden yourself.

How did you install the instance?

Sorry, but I do make an effort to search for documentation before posting. I’d love a Discourse manual, and I’ve read through many of the topics tagged #howo already. Unfortunately, there doesn’t appear to be a Discourse manual…

I do appreciate your help with this, and I’m sure it will help others in the future who are searching for documentation on how to do these things…

First discourse-setup, which ultimately gave me a broken install. Then manually editing app.yml followed by ./launcher rebuild app

I think this is an interesting discussion, just to get to know Discourse better.

I’d go with nginx, maybe modify the app.yml enough to add the mod_security module in the compiling process, and have my own base image built.

Now, Discourse is a complex piece of software, that runs on Rails that is even more complex to deploy easily and consistently, that’s why the staff has gone the extra mile in the Docker image they make.

The image has a lot of blackmagic happening, with tons and tons of optimizations just to run as good as possible in the supported install.

Knowing that, and being able to get all the pieces of the puzzle figured out (like, the 2-3 repositories needed to have Discourse running). It isn’t impossible to get what you want runnig.

Now, Knowing that your setup is nginx -> varnish -> apache, why don’t you run nginx -> varnish -> Discourse having the mod_security added to the base image and setup with hooks.

The likelihood that mod_security will increase your security is very, very, small. The people who maintain Discourse are very concerned with security, so the things that mod_security is supposed to fix are likely taken care of already. Further, the likelihood that if you were to get mod_security added to your image, it will make Discourse inoperable is significantly greater than zero. If you do install mod_security and find that Discourse won’t work, you’ll then be on your own to modify Discourse to work with mod_security and either convince the discourse maintainers that you have found a legitimate security concern or be forced to maintain your own fork going forward.

No good can come from this. It is highly improbable that any good can come from this.

2 Likes

Agreed, another WAF borders on security by obscurity.

Real proactive efforts to keep discourse secure are being made:

2 Likes

This topic has drifted from the original question of running discourse on apache (as opposed to a proxy back to nginx).

But I think a discussion on putting a WAF (mod_security or otherwise) before Discourse is useful to the community, so I’ve created a distinct topic to specifically discuss Discourse + WAF here: