diff --git a/README.md b/README.md
index e630879647405d7d41d198b4c6cfc0c8389723c5..ce24b6d121dbac83ba891aa886ef89dc45f8aa11 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,11 @@
https://github.com/discourse/discourse/blob/master/docs/INSTALL-cloud.md
+https://meta.discourse.org/t/running-other-websites-on-the-same-machine-as-discourse/17247
Log: /var/discourse/shared/standalone/log/rails/production.log
+```
Usage: launcher COMMAND CONFIG [--skip-prereqs] [--docker-args STRING]
Commands:
start: Start/initialize a container
@@ -19,8 +21,7 @@ Commands:
Options:
--skip-prereqs Don't check launcher prerequisites
--docker-args Extra arguments to pass when running docker
-
-
+```
Manually create admin:
diff --git a/defaults/main.yml b/defaults/main.yml
index 38607144da72653cd6008650afefc9970a471f72..fb6501123304148992324aa873bcdb32386d43f6 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1 +1,2 @@
discourse_git_repo: 'https://github.com/discourse/discourse_docker.git'
+discourse_domain: ''
diff --git a/meta/main.yml b/meta/main.yml
index 90005a8ca55c56d66035e250415a02e3d778561d..85f752256497bf90b32e30f311d81860245b2824 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -2,3 +2,4 @@
dependencies:
- { role: docker }
+ - { role: apache }
diff --git a/tasks/apache.yml b/tasks/apache.yml
new file mode 100644
index 0000000000000000000000000000000000000000..628ce7ed73bebefd28673f6c37c3a9841656a8ba
--- /dev/null
+++ b/tasks/apache.yml
@@ -0,0 +1,17 @@
+---
+# file: roles/discourse/tasks/apache.yml
+
+- name: "Apache Configuration File"
+ template:
+ src: 'vhost.conf'
+ dest: '/etc/apache2/sites-available/discourse{{ apache_conf_ext }}'
+ owner: 'root'
+ group: 'root'
+ mode: '664'
+ notify:
+ - "Apache | Restart Apache"
+
+- name: "Apache enable our new site(s)"
+ command: a2ensite discourse creates=/etc/apache2/sites-enabled/discourse{{ apache_conf_ext }}
+ notify:
+ - "Apache | Restart Apache"
diff --git a/tasks/install.yml b/tasks/install.yml
index 41d8a1f2466bff649f1c94fa3cdd707a20ae6424..bf5e06b6acf8b992ad56b07fd0f17d6c323824b0 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -1,6 +1,9 @@
---
# file: roles/discourse/tasks/install.yml
+- name: "Configure Apache"
+ include_tasks: apache.yml
+
- name: "Clone Repository"
git:
accept_hostkey: yes
@@ -11,10 +14,14 @@
- block:
- name: "Configure"
- # /var/discourse/containers/app.yml
+ template:
+ src: 'app.yml'
+ dest: '/var/discourse/containers/app.yml'
+ owner: 'root'
+ group: 'root'
+ mode: '664'
- - name: "Install"
- # /var/discourse/discourse-setup
- # /var/discourse/launcher rebuild app
+ - name: "Install and Build"
+ shell: '/var/discourse/launcher rebuild app'
when: discourse_repository.changed
diff --git a/tasks/main.yml b/tasks/main.yml
index 610d18057e5f5da99e3a85b44e339307e6d034b8..c18ece267cd03aac9d694efdffedf0aa8dbb7b2a 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,7 +6,19 @@
tags: always
- block:
+ - name: "Install Certs"
+ include: '../../letsencrypt/tasks/cert.yml'
+ with_items:
+ - domain: '{{ discourse_domain }}'
+ loop_control:
+ loop_var: domain
+ when: discourse_protocol|default("https") == "https" and discourse_letsencrypt|default(true)
- - include_tasks: 'install.yml'
+ when: '"letsencrypt" not in excluded_roles and groups.proxyserver is not defined'
+
+- block:
+
+ - name: "Install Discourse"
+ include: install.yml
when: '"discourse" not in excluded_roles'
diff --git a/templates/app.yml b/templates/app.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9a41b7a6443dce0d00a7dd67a655d030aac9c5f4
--- /dev/null
+++ b/templates/app.yml
@@ -0,0 +1,98 @@
+## this is the all-in-one, standalone Discourse Docker container template
+##
+## After making changes to this file, you MUST rebuild
+## /var/discourse/launcher rebuild app
+##
+## BE *VERY* CAREFUL WHEN EDITING!
+## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
+## visit http://www.yamllint.com/ to validate this file as needed
+
+templates:
+ - "templates/postgres.template.yml"
+ - "templates/redis.template.yml"
+ - "templates/web.template.yml"
+ - "templates/web.ratelimited.template.yml"
+# - "templates/web.socketed.template.yml"
+## Uncomment these two lines if you wish to add Lets Encrypt (https)
+ #- "templates/web.ssl.template.yml"
+ #- "templates/web.letsencrypt.ssl.template.yml"
+
+## which TCP/IP ports should this container expose?
+## If you want Discourse to share a port with another webserver like Apache or nginx,
+## see https://meta.discourse.org/t/17247 for details
+expose:
+ - "8181:80"
+# - "80:80" # https
+# - "443:443" # https
+
+params:
+ db_default_text_search_config: "pg_catalog.english"
+
+ ## Set db_shared_buffers to a max of 25% of the total memory.
+ ## will be set automatically by bootstrap based on detected RAM, or you can override
+ #db_shared_buffers: "256MB"
+
+ ## can improve sorting performance, but adds memory usage per-connection
+ #db_work_mem: "40MB"
+
+ ## Which Git revision should this container use? (default: tests-passed)
+ #version: tests-passed
+
+env:
+ LANG: en_US.UTF-8
+ # DISCOURSE_DEFAULT_LOCALE: en
+
+ ## How many concurrent web requests are supported? Depends on memory and CPU cores.
+ ## will be set automatically by bootstrap based on detected CPUs, or you can override
+ #UNICORN_WORKERS: 3
+
+ ## TODO: The domain name this Discourse instance will respond to
+ DISCOURSE_HOSTNAME: {{ discourse_domain }}
+
+ ## Uncomment if you want the container to be started with the same
+ ## hostname (-h option) as specified above (default "$hostname-$config")
+ #DOCKER_USE_HOSTNAME: true
+
+ ## TODO: List of comma delimited emails that will be made admin and developer
+ ## on initial signup example 'user1@example.com,user2@example.com'
+ DISCOURSE_DEVELOPER_EMAILS: '{{ apache_server_admin }}'
+
+ ## TODO: The SMTP mail server used to validate new accounts and send notifications
+ DISCOURSE_SMTP_ADDRESS: {{ discourse_smtp.host }}
+ DISCOURSE_SMTP_PORT: {{ discourse_smtp.port }}
+ DISCOURSE_SMTP_USER_NAME: {{ discourse_smtp.user }}
+ DISCOURSE_SMTP_PASSWORD: "{{ discourse_smtp.pass }}"
+ #DISCOURSE_SMTP_ENABLE_START_TLS: true # (optional, default true)
+
+ ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
+ #LETSENCRYPT_ACCOUNT_EMAIL: me@example.com
+
+ ## The CDN address for this Discourse instance (configured to pull)
+ ## see https://meta.discourse.org/t/14857 for details
+ #DISCOURSE_CDN_URL: //discourse-cdn.example.com
+
+## The Docker container is stateless; all data is stored in /shared
+volumes:
+ - volume:
+ host: /var/discourse/shared/standalone
+ guest: /shared
+ - volume:
+ host: /var/discourse/shared/standalone/log/var-log
+ guest: /var/log
+
+## Plugins go here
+## see https://meta.discourse.org/t/19157 for details
+hooks:
+ after_code:
+ - exec:
+ cd: $home/plugins
+ cmd:
+ - git clone https://github.com/discourse/docker_manager.git
+
+## Any custom commands to run after building
+run:
+ - exec: echo "Beginning of custom commands"
+ ## If you want to set the 'From' email address for your first registration, uncomment and change:
+ ## After getting the first signup email, re-comment the line. It only needs to run once.
+ #- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
+ - exec: echo "End of custom commands"
diff --git a/templates/vhost.conf b/templates/vhost.conf
new file mode 100644
index 0000000000000000000000000000000000000000..9e1f54db80a35e9f55c522fb2e44ec5f2d166a50
--- /dev/null
+++ b/templates/vhost.conf
@@ -0,0 +1,99 @@
+<Proxy balancer://unicorns>
+ BalancerMember http://127.0.0.1:4000
+</Proxy>
+
+<VirtualHost *:80>
+ Include /etc/apache2/{{ apache_conf_dir }}/global-redirect.conf
+
+{% if discourse_protocol|default("https") == "https" and groups.proxyserver is not defined %}
+ ServerAdmin {{ apache_server_admin }}
+ ServerName {{ discourse_domain }}
+
+ RewriteEngine on
+ RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
+
+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+ LogLevel warn
+{% if apache_version|default('2.4') == '2.4' %}
+ ErrorLogFormat "[%{u}t] [%l] [pid %P] [client\ %{X-Forwarded-For}i] %M% ,\ referer:\ %{Referer}i"
+{% endif %}
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+ ErrorLog ${APACHE_LOG_DIR}/{{ discourse_domain }}-error.log
+ CustomLog ${APACHE_LOG_DIR}/{{ discourse_domain }}-access.log combined env=!forwarded
+ CustomLog ${APACHE_LOG_DIR}/{{ discourse_domain }}-access.log proxy env=forwarded
+</VirtualHost>
+
+<VirtualHost *:443>
+ Include /etc/apache2/{{ apache_conf_dir }}/global-redirect.conf
+
+{% endif %}
+ ServerAdmin {{ apache_server_admin }}
+ ServerName {{ discourse_domain }}
+
+ Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+ ServerSignature Off
+
+ ProxyPreserveHost On
+
+ # Ensure that encoded slashes are not decoded but left in their encoded state.
+ # http://doc.gitlab.com/ce/api/projects.html#get-single-project
+ AllowEncodedSlashes NoDecode
+
+ <Location />
+ Require all granted
+ ProxyPassReverse http://127.0.0.1:8181
+ ProxyPassReverse http://{{ discourse_domain }}/
+ </Location>
+
+ RewriteEngine on
+
+ #Don't escape encoded characters in api requests
+ RewriteCond %{REQUEST_URI} ^/api/v3/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
+
+ #Forward all requests to gitlab-workhorse except existing files like error documents
+ RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
+ RewriteCond %{REQUEST_URI} ^/uploads/.*
+ RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA]
+ RequestHeader set X_FORWARDED_PROTO 'https'
+ RequestHeader set X-Forwarded-Ssl on
+
+ DocumentRoot /var/www/html
+
+ <Directory "/var/www/html">
+ AllowOverride All
+ Options -MultiViews
+ Require all granted
+ </Directory>
+
+ SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+ LogLevel warn
+{% if apache_version|default('2.4') == '2.4' %}
+ ErrorLogFormat "[%{u}t] [%l] [pid %P] [client\ %{X-Forwarded-For}i] %M% ,\ referer:\ %{Referer}i"
+{% endif %}
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+ ErrorLog ${APACHE_LOG_DIR}/{{ discourse_domain }}-error.log
+ CustomLog ${APACHE_LOG_DIR}/{{ discourse_domain }}-access.log combined env=!forwarded
+ CustomLog ${APACHE_LOG_DIR}/{{ discourse_domain }}-access.log proxy env=forwarded
+
+ SetEnvIf X-Forwarded-Proto https HTTPS=on
+
+ BrowserMatch "MSIE [2-6]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+{% if discourse_protocol|default("https") == "https" and groups.proxyserver is not defined %}
+ Include /etc/apache2/{{ apache_conf_dir }}/options-ssl-apache.conf
+{% if discourse_letsencrypt|default(true) %}
+ SSLCertificateFile /etc/letsencrypt/live/{{ discourse_domain }}/cert.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/{{ discourse_domain }}/privkey.pem
+ SSLCertificateChainFile /etc/letsencrypt/live/{{ discourse_domain }}/chain.pem
+{% else %}
+{% for cert in discourse_certs|default([]) %}
+ {{ cert.type }} /etc/ssl/private/{{ cert.file }}
+{% endfor %}
+{% endif %}
+{% endif %}
+</VirtualHost>
diff --git a/templates/vhost.conf.jinja2 b/templates/vhost.conf.jinja2
deleted file mode 100644
index 56592da9386ee9f154633d6c298c897135f02b1b..0000000000000000000000000000000000000000
--- a/templates/vhost.conf.jinja2
+++ /dev/null
@@ -1,26 +0,0 @@
-# See also https://meta.discourse.org/t/running-other-websites-on-the-same-machine-as-discourse/17247
-
-<Proxy balancer://unicorns>
-BalancerMember http://127.0.0.1:4000
-</Proxy>
-
-<VirtualHost *:80>
- ServerName my.example.com
- CustomLog logs/sites/my.example.com/access_log combined
- ErrorLog logs/sites/my.example.com/error_log
- ServerAdmin me@example.com
-
- DocumentRoot /var/www/my.example.com/htdocs
- UserDir disabled
- DirectoryIndex disabled
-
- <Directory "/var/www/my.example.com/htdocs">
- AllowOverride All
- Options -MultiViews
- Require all granted
- </Directory>
-
- RewriteEngine on
- RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
- RewriteRule ^/(.*)$ balancer://unicorns%{REQUEST_URI} [P,QSA,L]
-</VirtualHost>