Two standalone instances on one server?


(Chris Beach) #1

I’d like to create a second instance of Discourse on my server, which is completely self-contained. It will be another forum entirely.

I assume Docker helps us host setups like this, although I’m concerned to understand any potentially clashes between the two instances, if I were to add a second.


(Kai Liu) #2

No problem at all. I have such configuration running. You just need an external nginx to help mux 80/443 port.


(Sam Saffron) #3

Careful not to lose HTTP/2 and brotli when you do that, but yeah external NGINX is what I would go for as well.


Why is ngx_brotli installed with Nginx but not use on the front end?
(Kai Liu) #4

Uh… what’s brotli? First time heard of it.


(Sam Saffron) #5

Someone wrote a blog post about that :slight_smile:

https://samsaffron.com/archive/2016/06/15/the-current-state-of-brotli-compression


(Chris Beach) #6

Thanks!

Do I need to change app.yml in the second instance to avoid any name clashes within Docker engine?

Yup - planning on using my external Nginx as a front-end proxy.


(Kai Liu) #7

Thanks! Got some thing new to play with.


#8

Another alternative is to use haproxy as front end.
There are some old posts in Meta about this.


(Kai Liu) #9

You second instance cannot have “app.yml” as the filename since it is going to be the Docker container name. You can just copy the app.yml file from the first instance and edit it to suit your configuration for 2nd one, and save it under a different filename. Then you need to ./launcher bootstrap <new app.yml file> to bring it up.

Regarding HTTP2 support, all you need is a recent enough nginx which supports HTTP2. Since now you have an external nginx, the SSL setup should be done in it instead of in the container.

You have two options to do SSL setup, if you are using Let’s Encrypt.

  1. Setup LE outside of container. This is the approach I took. This enables you to manage the certificates from a single point. I personally prefer DNS over web server challenge validation. I have a blog post for that if you would like to give it a try.

  2. Let the two containers handle their LE application/renew stuff the same as you have with a single container. Since you can access container files under /var/discourse/shared from the host, you can let external nginx to pick the SSL certificates there and serve HTTPS. This may require some edit in app.yml. Since I personally don’t use it so you have to figure it out by yourself.


(Sam Saffron) #10

With HAProxy you will not get HTTP/2 so that would be a pretty big shame.


(Gerhard Schlager) #11

Shouldn’t it be possible to use HAProxy with mode tcp in order to use HTTP/2 on the backend servers?


(Sam Saffron) #12

How are you going to get the Hostname header without decrypting the SSL stream?


(Gerhard Schlager) #13

SNI? I guess that should work as long as you don’t need to support IE on Windows XP.


(Sam Saffron) #14

I guess, but then you are going to send a decrypted stream to nginx so you are going to teach it to handle http2 termination on an already decrypted stream. Doable but would require patching our NGINX templates.

http://stuff-things.net/2016/11/30/haproxy-sni/


(Gerhard Schlager) #15

From HAProxy SNI - Stuff… And Things…

In pass-through mode SSL, HAProxy doesn’t have a certificate because it’s not going to decrypt the traffic and that means it’s never going to see the Host header.

If I understand this correctly nginx will receive the unencrypted HTTP/2 stream. HAProxy just uses the hostname from SNI to send the raw tcp stream to the correct backend.


(Chris Beach) #16

EDIT: Some of these steps are unnecessary - see post below by @kraml

I now have my second Discourse instance running.

  1. Checked out the Discourse code into /var/[myforum]
  2. Took the content of standalone.yml from /samples and created /containers/[myforum].yml
  3. In /containers/[myforum].yml
  4. replaced all instances of /var/discourse with /var/[myforum] (e.g. volume configuration)
  5. set unique ports
  6. Ran ./launcher bootstrap [myforum].yml
  7. Ran ./launcher start [myforum].yml
  8. Added nginx config for the new domain

And it’s working perfectly first time. Another win for Discourse!


(Kai Liu) #17

You actually don’t need another /var/[myforum]… You can just use the same /var/discourse for multiple instances.

/var/discourse/containers/app.yml --> This is the default instance you get by running discourse-setup

/var/discourse/containers/myforum.yml --> This is the 2nd instance you get by running cp app.yml myforum.yml && edit && ./launcher bootstrap myforum

When editing myforum.yml, make sure you put a different host path under the volumes section, so that your 2nd container stores its data under a different directory than the 1st one.


(Jay Pfaffman) #18

How does one “be careful” not to lose brotli? If the external/host NGINX is doing the https will it Just Work?

Is there any easy way a mere mortal can check? (I read the blog post in its entirety, but that was yesterday).


(Rafael dos Santos Silva) #19

Well nginx doesn’t have brotli by default, you need to compile it by hand adding a plugin.


(Kai Liu) #20

A bit off topic. I got gzip content-encoding back from meta on Firefox 53 beta and Chrom 57. Is there anything wrong?