Discourse is a pretty awesome piece of software and it come with plenty of options for hosting. We wanted to setup our on AWS with dedicated servers for each services for maximum scalability and performance
If you want an hassle free easy deployment I recommend using the default Docker install. If you want a fancier setup then read on.
For this tutorial let’s assure you have an Amazon Web Services and Cloudflare account with a registered domain name you control.
Before we start
Make sure you create all of your instances in the same region since there are not fees for bandwidth in the same region. You will also get better performance.
The first thing we need to create is the VPC. It’s your virtual network infrastructure and it’s a bit of a pain to get it working properly.
In the VPC dashboard create a VPC and a subnets within the VPC. The database need a second subnet in a different zone but within the same region. For example if your first subnet is in region us-west-1a then the second must be in us-west-1b or 1c. So go ahead and create another one.
To make things easy to setup we will create a “allow all” security group. Click on the “Security Groups” link and then “Create Security Group”. Make sure to select your VPC in the option. Once it’s created click on “Inbound Rules” and choose “All Traffic”, “All” protocols, “ALL” port and “0.0.0.0/0” as the source.
Make sure you also have a working Internet Gateway and Routing Table. Still not sure how those two should be setup up properly. I added 0.0.0.0/0 to my Routing Table to get my servers to talk to each other correctly.
In the EC2 Dashboard go to Instance and Launch Instance. Select Ubuntu. As the “Instance Type” you are free to choose whatever you need but t2.micro meet the minimum requirements and is eligible for free hosting.
Later you might want to take a look at reserved instances to reduce your costs.
Once you selected your instance type click “Next”. Make sure you create your instance in your VPC and your first subnet. In the storage pane hit next. The 8GB default is way enough since we’re not going to host images and database on the server. Chose the “Allow All” security group and start your instance.
Create a new key pair and save it somewhere safe.
Create and allocate an elastic ip to your EC2 instance. If you don’t, you’ll run into a lot of problems.
Before we setup the database we need to find what PostgreSQL version Discourse use. You can look into this Docker postgres template. Search for “chown postgres:postgres /shared/postgres_run/” and you should see the version on this line.
As of December 29th 2015 Discourse use 3.9.5
t2.micro instances will work fine.
Next go the Elasticache dashboard and create a Redis cache cluster. t2.micro will once again work fine.
Follow the first part of this guide.
At this point you should add your domain to your Cloudflare account and use default config values. Make sure the address you’ll use for your Discourse install point to your EC2 instance elastic ip.
Amazon allow any account to send 10,000 free e-mails from EC2 hosted servers. That’s way enough for starting Discourse community.
In the SES dashboard add and verify your domain. Do not check “Generate DKIM Settings”. Go to Cloudflare and add the verification TXT record. Your domain should get verified in about 15 minutes.
When it does, return to SES dashboard, visit “SMTP Settings” and hit “Create My SMTP Credentials”. Add a user and note the “Access Key ID” and the secret key. You can’t get the secret key back so save it in a safe place.
Now that our servers are ready to roll we can install Discourse. Read and follow the install Discourse in the Cloud under 30 minutes guide.
Of your EC2 is a t2.micro you will need to setup swap.
You’ll setup your AWS services in the app.yml :
- For email use your SES settings and SMTP credentials.
- For database use your RDS endpoint, db user/pass/name.
- For Redis use your Elasticache endpoint.
Make sure you add the Cloudflare config to your app.yml like specified here.
If your build fails or you need to rebuild, make sure your run “./launcher clean” or your server will fill up fast.
SSL and Cloudflare
Cloudflare allow us to use their SSL certificate for free but we still need to create an SSL certificate for Cloudflare and our server to communicate securely.
This is the guide we used to create our certificates. Make sure you name your certificates ssl.key and ssl.cert instead of apache.key and apache.cert.
Once you got your certificates follow this guide to activate SSL.
In your Cloudflare dashboard go to Crypto and select “Full” in the SSL section and make sure everything works.
What we will do here is setup our servers to only allow required connections so we can secure things up. In order for this to happen you’ll need to create a security group for EC2, Elasticache and RDS.
Elastichache and RDS should only accept incoming connections from your EC2 VPC private ip.
Set your EC2 to only accept SSL (443) traffic from Cloudflare. Consult their official list of IPV4 address. Yes it’s a bit long.
If you need to connect to SSH, add your ip to the security group then remove when done.
Discourse can save your backups to Amazon S3 and Glacier. Saving them to S3 is dead simple but to Glacier can be quite confusing. Make sure you read those two guiides:
Make sure you finish your S3 setup and activate automatic security updates.
Then you can follow all the optional guides to enable additional features and launch your community!
If you activate backup uploads to your S3 bucket you can even configure the bucket to store backups on Amazon Glacier which is even cheaper. The official documentation is a bit of a pain though.