It’s not as daunting as it sounds!
As you probably know, the only supported installs of Discourse are the Docker installs. While this may sound a bit intimidating at first, it’s really not all that bad. You basically need to do two things:
Install HAProxy (or an alternative) which will take over port 80 and then divert your Discourse traffic to your docker container, and all your other sites to your usual Apache set-up.
Let Apache know which port to listen for.
While this is only a rough guide, it should do a good job of pointing you in the right direction. Let’s get started!
Upgrade your kernel
I personally recommend you upgrade your kernel as docker works better with the latest kernels. Just Google how to upgrade your kernel for your distro.
Edit: This may not be such a good idea after all as Docker will only support certain kernels with certain distros. So if you can, upgrade your OS instead.
I used the CentOS guide here: https://docs.docker.com/installation/centos (you only need to go as far as installing docker - you don’t need to pull any images)
Then start it, and set it to start on boot.
Edit: Discourse works best with the latest Docker version, for CentOS upgrade as per instructions here: How to Upgrade Docker on Fedora / CentOS
Follow the install instructions (start from here: discourse/INSTALL-cloud.md at master · discourse/discourse · GitHub). When you come to edit app.yml, under “## which TCP/IP ports should this container expose?” you want:
"8888:80" # fwd host port 8888 to container port 80 (http)
Once it’s all installed you can continue setting up your Discourse forum after the rest of the steps below.
On CentOS it’s
yum install haproxy.
Then edit your config, to something like this:
global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 # chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 frontend http-in bind *:80 default_backend main_apache_sites # Define hosts acl host_discourse hdr(host) -i my_discourse_site.com # figure out which one to use use_backend discourse_docker if host_discourse backend main_apache_sites server server1 127.0.0.1:8080 cookie A check backend discourse_docker server server2 127.0.0.1:8888 cookie A check
Edit Apache config
Edit the Apache config to listen on port 8080:
Edit all of the existing virtual host files for each domain to reflect this change (first line should read)
You’ll want to install this or everyone’s IP will be of your servers. For CentOS see the guide here Preserve remote IP address with HAProxy on CENTOS | Albertech.net
For Centos 7, use: mod_remoteip - Apache HTTP Server Version 2.5
Configure NGINX (Discourse)
Add the following as a plugin (to the bottom of your app.yml) - be sure to add your server’s IP:
run: - replace: filename: "/etc/nginx/conf.d/discourse.conf" from: /^add_header Strict-Transport-Security 'max-age=31536000';$/ to: | add_header Strict-Transport-Security 'max-age=31536000'; # YourServerIP set_real_ip_from your.server.ip; real_ip_header CF-Connecting-IP;
Start HAProxy, restart apache and proceed to set up your discourse install
Set HAProxy to start to start on boot, start it, and then restart Apache to pick up your changes and you should be all sorted. All you’ve got left to do is set up your Discourse install.
Can a mod please edit this in to the end of the first post please…
Here are some notes on enabling HTTPS:
- It’s easier than you think!
- You don’t need to worry whether your sites are served via Docker, or Apache - it’s HAProxy that speaks to the browser so you can let HAProxy handle it all.
- You simply need to add
bind *:443 ssl crt /etc/haproxy/certs/to your front-end then just make sure your certs are in that directory.
- See this article on how to set-up and renew Lets Encrypt certs.
Thanks to @macsmith71 for his help with HAProxy
If I’ve missed anything out please let me know, it’s way past my bed time