一、目标:
1、支持域名访问。https://discourse.chandz.com
2、支持https(可使用discourse默认的证书)
3、备份到oss
4、邮件通知
二、环境准备:
1、云服务器,最好大于2c4G
2、已经备案的域名(域名申请和备案参考:域名申请和备案)
3、oss的bucket
4、申请邮件通知服务(本次使用阿里云)
5、注意事项:
- 如果域名和云服务器不在同步一个服务商需要进行接入备份,例如域名在阿里云,云服务器在华为云,则需要在华为云提交接入备案申请,一般个人备案域名提供身份证和域名备案信息理由即可
- 挂载oss建议使用和云服务器同一个服务商,同一个可用区,使用内网地址挂载
- discourse需要下载github资源,国内的机器可以通过使用sshuttle方式打洞到非内地机器,所以本次是打洞到申请的阿里云香港精品线路的ecs,带宽5M已经可以满足大多数需求了。打洞的机器最好和部署的机器是同一个服务商,在线路上可能比其他服务商存在优势,用完释放即可
- 阿里云邮件服务每日有200封免费邮件可以用
三、环境搭建
1. 创建发信域名noreply.discourse.chandz.com
1>阿里云控制台的邮件推送服务创建发信域名
2>验证域名,在配置用获取需要添加的解析内容并且在域名解析中添加对应解析,添加后点击验证
3>创建发信地址,配置完成后点击验证,同时这种smtp密码,不设置无法发信
4>验证发送邮件是否正常,命令执行后会提示输入smtp的密码
yum -y install swaks
swaks --to duanshuaixing@gmail.com --from discourse@noreply.discourse.chandz.com --server smtpdm.aliyun.com --auth plain --auth-user discourse@noreply.discourse.chandz.com -p 80
2. 安装docker
#系统centos7
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache
yum -y install docker-ce
systemctl start docker
systemctl enable docker
cat >>/etc/docker/daemon.json<<EOF
{
"exec-opts": ["native.cgroupdriver=systemd"],
"max-concurrent-downloads": 15,
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"registry-mirrors": ["https://t3xbrfwz.mirror.aliyuncs.com"],
"live-restore": true
}
EOF
systemctl daemon-reload
systemctl restart docker
3. 安装discourse
1> 安装sshuttle、git
用sshuttle 配置连接香港精品线路ecs,-x是排除在隧道外的地址,8.218.139.133是香港ecs,172.31.63.0/24是香港ecs 主机网段、172.17.0.0/16是容器网段
yum -y install sshuttle git
sshuttle -l 0.0.0.0:0 -r root@8.218.139.133 -x 8.218.139.133 -x 127.0.0.1 -x 172.17.0.0/16 -x 172.31.63.0/24 0/0 --dns
2>clone discourse代码构建镜像,由于基础镜像比较大建议使用香港或者有外网的机器提前下载后传入到国内的镜像仓库然后在discourse所在机器进行docker pull下载
grep -rn 'discourse/base' /var/discourse/ |grep 'image='|awk -F 'image=' '{print $2}'
git clone https://github.com/discourse/discourse_docker.git /var/discourse
3>准备/var/discourse/containers/app.yml
templates:
- "templates/postgres.template.yml"
- "templates/redis.template.yml"
- "templates/web.template.yml"
- "templates/web.ratelimited.template.yml"
- "templates/web.ssl.template.yml"
expose:
- "80:80"
- "443:443"
params:
db_default_text_search_config: "pg_catalog.english"
env:
LC_ALL: en_US.UTF-8
LANG: en_US.UTF-8
LANGUAGE: en_US.UTF-8
EMBER_CLI_PROD_ASSETS: 1
DISCOURSE_DEFAULT_LOCALE: zh_CN
DISCOURSE_HOSTNAME: discourse.chandz.com
DISCOURSE_DEVELOPER_EMAILS: duanshuaixing@gmail.com
DISCOURSE_SMTP_ADDRESS: smtpdm.aliyun.com
DISCOURSE_SMTP_PORT: 80
DISCOURSE_SMTP_USER_NAME: discourse@noreply.discourse.chandz.com
DISCOURSE_SMTP_PASSWORD: xxxxxxxxxxx
DISCOURSE_SMTP_ENABLE_START_TLS: false
volumes:
- volume:
host: /var/discourse/shared/standalone
guest: /shared
- volume:
host: /var/discourse/shared/standalone/log/var-log
guest: /var/log
hooks:
after_code:
- exec:
cd: $home/plugins
cmd:
- git clone https://github.com/discourse/docker_manager.git
- git clone https://github.com/discourse/discourse-solved.git
- git clone https://github.com/discourse/discourse-math.git
- git clone https://github.com/discourse/discourse-voting.git
- git clone https://github.com/discourse/discourse-push-notifications.git
- git clone https://github.com/discourse/discourse-spoiler-alert.git
- git clone https://github.com/discourse/discourse-graphviz.git
- git clone https://github.com/unfoldingWord-dev/discourse-mermaid.git
- git clone https://github.com/discourse/discourse-checklist.git
- git clone https://github.com/discourse/discourse-assign.git
- git clone https://github.com/discourse/discourse-linkify-words.git
- git clone https://github.com/communiteq/discourse-suppress-category-from-latest.git
- git clone https://github.com/discourse/discourse-prometheus.git
- git clone https://github.com/discourse/discourse-docs.git
- git clone https://github.com/discourse/discourse-docs-card-filter.git
- git clone https://github.com/discourse/discourse-translator.git
- git clone https://github.com/discourse/discourse-oauth2-basic.git
run:
- exec:
cd: /var/www/discourse
cmd:
- sed -i 's/GlobalSetting.serve_static_assets/true/' config/environments/production.rb
- bash -c "touch -a /shared/log/rails/{sidekiq,puma.err,puma}.log"
- bash -c "ln -sf /shared/log/rails/{sidekiq,puma.err,puma}.log log/"
- sed -i 's/default \$scheme;/default https;/' /etc/nginx/conf.d/discourse.conf
- sed -i 's,^\(MinProtocol[ ]*=\).*,\1'TLSv1.0',g' /etc/ssl/openssl.cnf;
- sed -i 's,^\(CipherString[ ]*=\).*,\1'DEFAULT@SECLEVEL=1',g' /etc/ssl/openssl.cnf;
- yarn config set registry https://registry.npm.taobao.org/ ;
4>配置证书(nginx类型证书,本次使用是在公有云申请的免费单域名证书)
mkdir -p /var/discourse/shared/standalone/ssl/
cp discourse.chandz.com_server.crt /var/discourse/shared/standalone/ssl/ssl.crt
cp discourse.chandz.com_server.key /var/discourse/shared/standalone/ssl/ssl.key
5>引导并启动论坛服务
cd /var/discourse
./launcher bootstrap app
./launcher start app
6>创建admin用户
./launcher enter app #进入容器
rake admin:create
Email: duanshuaixing@gmail.com
Password:
Repeat password:
Do you want to grant Admin privileges to this account? (Y/n) Y
四、备份到OSS
思路:
1、一般使用s3fs或者对象存储提供的基于FUSE文件系统的工具,像阿里云的ossfs、百度云的bosfs诸如此类的工具挂载到discourse的备份数据目录/var/discourse/shared/standalone/backups/ 实现discourse自动管理备份
2、通过aws 等兼容s3协议的命令行工具对备份文件进行管理,需要通过脚本方式实现备份管理