# IMPORTANT: SET A SECRET PASSWORD in Postgres for the Discourse User
templates:
- "templates/sshd.template.yml"
- "templates/web.template.yml"
- "templates/web.ratelimited.template.yml"
- "templates/web.ssl.template.yml"
expose:
- "80:80"
- "443:443"
- "2222:22"
params:
## Which Git revision should this container use? (default: tests-passed)
#version: tests-passed
env:
LANG: en_US.UTF-8
## TODO: How many concurrent web requests are supported?
## With 2GB we recommend 3-4 workers, with 1GB only 2
UNICORN_WORKERS: {{ unicorn_workers }}
## TODO: configure connectivity to the databases
DISCOURSE_DB_SOCKET: ''
# DISCOURSE_DB_USER: discourse
DISCOURSE_DB_PASSWORD: {{ postgres_password }}
DISCOURSE_DB_HOST: {{ db_ip_address }}
DISCOURSE_REDIS_HOST: {{ redis_ip_address }}
##
## TODO: List of comma delimited emails that will be made admin and developer
## on initial signup example 'user1@example.com,user2@example.com'
DISCOURSE_DEVELOPER_EMAILS: '{{ developer_emails }}'
##
## TODO: The domain name this Discourse instance will respond to
DISCOURSE_HOSTNAME: '{{ hostname }}'
##
## TODO: The mailserver this Discourse instance will use
DISCOURSE_SMTP_ADDRESS: {{ smtp_address }} # (mandatory)
DISCOURSE_SMTP_PORT: {{ smtp_port }} # (optional)
DISCOURSE_SMTP_USER_NAME: {{ smtp_username }} # (optional)
DISCOURSE_SMTP_PASSWORD: {{ smtp_password }} # (optional)
##
## The CDN address for this Discourse instance (configured to pull)
#DISCOURSE_CDN_URL: //discourse-cdn.example.com
volumes:
- volume:
host: /var/discourse/shared/web
guest: /shared
- volume:
host: /var/discourse/shared/web/var-log
guest: /var/log
#Use 'links' key to link containers together, aka use Docker --link flag.
links:
- link:
name: data
alias: data
## The docker manager plugin allows you to one-click upgrade Discouse
## http://discourse.example.com/admin/docker
hooks:
after_code:
- exec:
cd: $home/plugins
cmd:
- mkdir -p plugins
- git clone https://github.com/discourse/docker_manager.git
## Remember, this is YAML syntax - you can only have one block with a name
run:
- exec: echo "Beginning of custom commands"
## If you want to configure password login for root, uncomment and change:
#- exec: apt-get -y install whois # for mkpasswd
## Use only one of the following lines:
#- exec: /usr/sbin/usermod -p 'PASSWORD_HASH' root
#- exec: /usr/sbin/usermod -p "$(mkpasswd -m sha-256 'RAW_PASSWORD')" root
## If you want to authorized additional users, uncomment and change:
#- exec: ssh-import-id username
#- exec: ssh-import-id anotherusername
- exec: echo "End of custom commands"
- exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}'
I’m using Ansible to automate stuff, hence the {{ vars }}
Thanks @riking for pointing me in the right direction. I had the /var/discourse/shared/web directory owned by an app user before running bootstrap (created when I copied SSL files into /var/discourse/shared/web/ssl before running bootstrap). Didn’t realize a link meant that permissions were shared too.
Indeed my own problem, sorry for taking everyone’s time!