Tips for setting up a small private Discourse behind a firewall?

The Discourse installation on DigitalOcean or similar servers is pretty straightfoward. But I’m considering setting up one for a small group where I work.

It might contain private or sensitive information so I would ideally be able to set it up on a server internal to the company. But there are complications such as getting an email service and something like below mentioned on the install page

:bell: Discourse will not work from an IP address, you must own a domain name such as example.com to proceed.

Has anyone set up a firewalled discourse like this? Any tips?

You’d use some company email server.

Put discourse behind a reverse proxy that has a valid cert.

1 Like

Thank you for the response. I’m not a network expert so while I have some idea of what you’re saying the details are still unclear to me.

The idea would be to run the Discourse docker on a server behind the firewall. Then I’d need a public-facing domain that redirects incoming browser requests to the server. This would seting up Nginx or something similar to be in the middle there? And I guess that should be some kind of company internal [sub]domain rather than a service like GoDaddy if I want to maximize privacy.

Can I still use the discourse-setup script under these conditions?

The cert is something I can request and manage with certbot and it goes into the Nginx setup?

Then the email server would be… through Microsoft because we use Outlook? I’ll probably have to contact the IT department to see if that is possible.

Overall is this generally the right idea?

Yes, it is possible. You need to decide:

  1. Whether you will use internal mail server or allow outgoing access to mailgun or similar (will expose data via email)
  2. If you have control of internal DNS and want to give a nice domain name on internal network IP.
1 Like

Use the standard install script, stop it after the app.yml is created, remove the Let’s Encrypt template, provide your own certificate from your internal PKI and it will work just fine.

3 Likes

Setting up anything behind a firewall is the kind of thing that requires the skills of a network expert.

If you don’t know how to set up a reverse proxy and/or do something like

You’ll need to find someone who configured the firewall and get them to help. If you don’t have someone like that at hand,

Not unless you know how to get certbot to work behind a firewall. But if you do, then you’re in good shape.

Yes. That’s what you need to do.

1 Like

Listen, I may not be an expert in networking but I am an expert in learning new skills :slight_smile: :saluting_face:

That said, I do need to get the IT department involved at some point regardless because certain steps are beyond my control. But I need to know what those steps are in advance so I know what to ask for, hence the purpose of making this topic and trying to understand the details.