deargle/_island.byu.edu-conf.md

## _island.byu.edu-conf.md

      
    Raw
  

              _island.byu.edu-conf.md
            
          
    how to start from scratch

Deprecated: see https://github.com/deargle/island-vNext instead


set up the nginx-proxy docker-compose. pull down nginx.tmpl.

This will give auto letsencrypt


git clone discourse into /home/deargle/island, drop in the two container config files below. Build them using the discourse launcher


git clone the discourse-cas repo, up that.


configure exim on the host to sign messages with dkim (see script below)


follow the steps for restoring island from backup:
  # download bkacups from aws and put it into `shared/standalone/backups/default/`. Then: 

  TARBALL_PATH=$(ls shared/standalone/backups/default/*.tar.gz | tail -n 1) 
  TARBALL_NAME=$(basename ${TARBALL_PATH}) 
  docker cp ${TARBALL_PATH} app:/var/www/discourse/public/backups/default/${TARBALL_NAME}
  docker exec -i app sh -x << EOF 
  discourse enable_restore 
  discourse restore ${TARBALL_NAME} 
  discourse disable_restore 
  EOF

  ./launcher rebuild app


## discourse containers app.yml
## this is the all-in-one, standalone Discourse Docker container template
##
## After making changes to this file, you MUST rebuild
## /var/discourse/launcher rebuild app
##
## BE *VERY* CAREFUL WHEN EDITING!
## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
## visit http://www.yamllint.com/ to validate this file as needed

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - "templates/web.ratelimited.template.yml"
## Uncomment these two lines if you wish to add Lets Encrypt (https)
#  - "templates/web.ssl.template.yml"
#  - "templates/web.socketed.template.yml"  # <-- Added
#  - "templates/web.letsencrypt.ssl.template.yml"

## which TCP/IP ports should this container expose?
## If you want Discourse to share a port with another webserver like Apache or nginx,
## see https://meta.discourse.org/t/17247 for details
expose:
#  - "80:80"   # http
#  - "443:443" # https

docker_args:
  - '--network nginx-proxy'
  - '-e VIRTUAL_HOST=island.byu.edu'
  - '-e VIRTUAL_PORT=80'
  - '-e LETSENCRYPT_HOST=island.byu.edu'
  - '-e LETSENCRYPT_EMAIL=dave@daveeargle.com'
  - '--expose 80'

params:
  db_default_text_search_config: "pg_catalog.english"

  ## Set db_shared_buffers to a max of 25% of the total memory.
  ## will be set automatically by bootstrap based on detected RAM, or you can override
  db_shared_buffers: "1024MB"

  ## can improve sorting performance, but adds memory usage per-connection
  #db_work_mem: "40MB"

  ## Which Git revision should this container use? (default: tests-passed)
  #version: tests-passed

env:
  LANG: en_US.UTF-8
  # DISCOURSE_DEFAULT_LOCALE: en

  ## How many concurrent web requests are supported? Depends on memory and CPU cores.
  ## will be set automatically by bootstrap based on detected CPUs, or you can override
  UNICORN_WORKERS: 4

  ## TODO: The domain name this Discourse instance will respond to
  DISCOURSE_HOSTNAME: island.byu.edu

  ## Uncomment if you want the container to be started with the same
  ## hostname (-h option) as specified above (default "$hostname-$config")
  #DOCKER_USE_HOSTNAME: true

  ## TODO: List of comma delimited emails that will be made admin and developer
  ## on initial signup example 'user1@example.com,user2@example.com'
  DISCOURSE_DEVELOPER_EMAILS: ''

  ## TODO: The SMTP mail server used to validate new accounts and send notifications
  DISCOURSE_SMTP_ADDRESS: 172.20.0.1
  DISCOURSE_SMTP_PORT: 25
  DISCOURSE_SMTP_USER_NAME: ''
  DISCOURSE_SMTP_PASSWORD: ""
  DISCOURSE_SMTP_ENABLE_START_TLS: false           # (optional, default true)
  DISCOURSE_SMTP_AUTHENTICATION: 'none'
  DISCOURSE_SMTP_DOMAIN: island.byu.edu

  ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
  #LETSENCRYPT_ACCOUNT_EMAIL: dave@daveeargle.com

  ## The CDN address for this Discourse instance (configured to pull)
  ## see https://meta.discourse.org/t/14857 for details
  #DISCOURSE_CDN_URL: //discourse-cdn.example.com

  DISCOURSE_SAML_TARGET_URL: "https://cas.byu.edu/cas"

## The Docker container is stateless; all data is stored in /shared
volumes:
  - volume:
      host: /home/deargle/island/shared/standalone
      guest: /shared
  - volume:
      host: /home/deargle/island/shared/standalone/log/var-log
      guest: /var/log

## Plugins go here
## see https://meta.discourse.org/t/19157 for details
hooks:
  after_code:
    - exec:
        cd: $home/plugins
        cmd:
          - git clone https://github.com/discourse/docker_manager.git
          - git clone -b category-specific-channels https://github.com/deargle/discourse-slack-plugin.git

## Any custom commands to run after building
run:
  - exec: echo "Beginning of custom commands"
  ## If you want to set the 'From' email address for your first registration, uncomment and change:
  ## After getting the first signup email, re-comment the line. It only needs to run once.
  #- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
  - exec: echo "End of custom commands"

## discourse containers mail-receiver.yml
## this is the incoming mail receiver container template
##
## After making changes to this file, you MUST rebuild
## /var/discourse/launcher rebuild mail-receiver
##
## BE *VERY* CAREFUL WHEN EDITING!
## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
## visit http://www.yamllint.com/ to validate this file as needed

base_image: discourse/mail-receiver:1.1.2
update_pups: false

#expose:
#  - "25:25"   # SMTP

docker_args:
  - '-p 128.187.61.25:25:25'
  #- '--network nginx-proxy'

env:
  LANG: en_US.UTF-8

  ## Where e-mail to your forum should be sent.  In general, it's perfectly fine
  ## to use the same domain as the forum itself here.
  MAIL_DOMAIN: island.byu.edu

  ## The URL of the mail processing endpoint of your Discourse forum.
  ## This is simply your forum's base URL, with `/admin/email/handle_mail`
  ## appended.  Be careful if you're running a subfolder setup -- in that case,
  ## the URL needs to have the subfolder included!
  DISCOURSE_MAIL_ENDPOINT: 'https://island.byu.edu/admin/email/handle_mail'

  ## The master API key of your Discourse forum.  You can get this from
  ## the "API" tab of your admin panel.
  DISCOURSE_API_KEY: <api key here>

  ## The username to use for processing incoming e-mail.  Unless you have
  ## renamed the `system` user, you should leave this as-is.
  DISCOURSE_API_USERNAME: system

volumes:
  - volume:
      host: /home/deargle/island/shared/mail-receiver/postfix-spool
      guest: /var/spool/postfix

## nginx-proxy | docker-compose.yml
version: '3'

services:
  nginx:
    image: nginx:1.14.2
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - certs:/etc/nginx/certs
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"

  dockergen:
    image: jwilder/docker-gen:0.7.3
    container_name: nginx-proxy-gen
    depends_on:
      - nginx
    command: -notify-sighup nginx-proxy -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
    volumes:
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - certs:/etc/nginx/certs
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro

  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-proxy-le
    depends_on:
      - nginx
      - dockergen
    environment:
      NGINX_PROXY_CONTAINER: nginx-proxy
      NGINX_DOCKER_GEN_CONTAINER: nginx-proxy-gen
    volumes:
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - certs:/etc/nginx/certs
      - /var/run/docker.sock:/var/run/docker.sock:ro

volumes:
  conf:
  vhost:
  html:
  certs:

# Do not forget to 'docker network create nginx-proxy' before launch, and to add '--network nginx-proxy' to proxied containers.

networks:
  default:
    external:
      name: nginx-proxy

## repositories.md

      
    Raw
  

              repositories.md
            
          
git@github.com:deargle/iosflashcards.git
git@github.com:deargle/discourse_cas_sso_byu.git


## setup-exim.sh
apt update && apt install exim4 ipcalc

cat <<EOF >> /etc/exim4/conf.d/transport/10_exim4-config_transport-macros
DKIM_DOMAIN = island.byu.edu
DKIM_SELECTOR = 20160822
DKIM_CANON = relaxed
DKIM_PRIVATE_KEY = /etc/exim4/dkim/island.byu.edu-dkim-private.pem
EOF


mkdir -p /etc/exim4/dkim/
# place the dkim private key file where it is expected... it is located in `lockbox:/Keys/island/`
chown Debian-exim:Debian-exim /etc/exim4/dkim/island.byu.edu-dkim-private.pem
chmod 400


name_of_network=docker0 # set this to the id for the user-defined network created for the nginx-proxy

docker0_ip=$(ip -4 -o addr show ${name_of_network} | awk '{print $4}' | cut -d'/' -f1)
docker0_network=$(ipcalc -n 172.17.0.1/16 | grep Network | awk '{print $2}')


cat <<EOF > /etc/exim4/update-exim4.conf.conf
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='satellite'
dc_other_hostnames=''
dc_local_interfaces='${docker0_ip};127.0.0.1 ; ::1'
dc_readhost='island.byu.edu'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets='${docker0_network}'
dc_smarthost='mmgateway.byu.edu'
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname='true'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'


cat <<EOF >> /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp
# DKIM setup copied from `30_exim4-config_remove_smtp`
# see: https://serverfault.com/a/782069/117087
.ifdef DKIM_DOMAIN
  dkim_domain = DKIM_DOMAIN
.endif
.ifdef DKIM_SELECTOR
  dkim_selector = DKIM_SELECTOR
.endif
.ifdef DKIM_PRIVATE_KEY
  dkim_private_key = DKIM_PRIVATE_KEY
.endif
.ifdef DKIM_CANON
  dkim_canon = DKIM_CANON
.endif
.ifdef DKIM_STRICT
  dkim_strict = DKIM_STRICT
.endif
.ifdef DKIM_SIGN_HEADERS
  dkim_sign_headers = DKIM_SIGN_HEADERS
.endif
EOF

sudo service exim4 restart # this recreates the conf-file
	## this is the all-in-one, standalone Discourse Docker container template
	##
	## After making changes to this file, you MUST rebuild
	## /var/discourse/launcher rebuild app
	##
	## BE VERY CAREFUL WHEN EDITING!
	## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
	## visit http://www.yamllint.com/ to validate this file as needed

	templates:
	- "templates/postgres.template.yml"
	- "templates/redis.template.yml"
	- "templates/web.template.yml"
	- "templates/web.ratelimited.template.yml"
	## Uncomment these two lines if you wish to add Lets Encrypt (https)
	# - "templates/web.ssl.template.yml"
	# - "templates/web.socketed.template.yml" # <-- Added
	# - "templates/web.letsencrypt.ssl.template.yml"

	## which TCP/IP ports should this container expose?
	## If you want Discourse to share a port with another webserver like Apache or nginx,
	## see https://meta.discourse.org/t/17247 for details
	expose:
	# - "80:80" # http
	# - "443:443" # https

	docker_args:
	- '--network nginx-proxy'
	- '-e VIRTUAL_HOST=island.byu.edu'
	- '-e VIRTUAL_PORT=80'
	- '-e LETSENCRYPT_HOST=island.byu.edu'
	- '-e LETSENCRYPT_EMAIL=dave@daveeargle.com'
	- '--expose 80'

	params:
	db_default_text_search_config: "pg_catalog.english"

	## Set db_shared_buffers to a max of 25% of the total memory.
	## will be set automatically by bootstrap based on detected RAM, or you can override
	db_shared_buffers: "1024MB"

	## can improve sorting performance, but adds memory usage per-connection
	#db_work_mem: "40MB"

	## Which Git revision should this container use? (default: tests-passed)
	#version: tests-passed

	env:
	LANG: en_US.UTF-8
	# DISCOURSE_DEFAULT_LOCALE: en

	## How many concurrent web requests are supported? Depends on memory and CPU cores.
	## will be set automatically by bootstrap based on detected CPUs, or you can override
	UNICORN_WORKERS: 4

	## TODO: The domain name this Discourse instance will respond to
	DISCOURSE_HOSTNAME: island.byu.edu

	## Uncomment if you want the container to be started with the same
	## hostname (-h option) as specified above (default "$hostname-$config")
	#DOCKER_USE_HOSTNAME: true

	## TODO: List of comma delimited emails that will be made admin and developer
	## on initial signup example 'user1@example.com,user2@example.com'
	DISCOURSE_DEVELOPER_EMAILS: ''

	## TODO: The SMTP mail server used to validate new accounts and send notifications
	DISCOURSE_SMTP_ADDRESS: 172.20.0.1
	DISCOURSE_SMTP_PORT: 25
	DISCOURSE_SMTP_USER_NAME: ''
	DISCOURSE_SMTP_PASSWORD: ""
	DISCOURSE_SMTP_ENABLE_START_TLS: false # (optional, default true)
	DISCOURSE_SMTP_AUTHENTICATION: 'none'
	DISCOURSE_SMTP_DOMAIN: island.byu.edu

	## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate
	#LETSENCRYPT_ACCOUNT_EMAIL: dave@daveeargle.com

	## The CDN address for this Discourse instance (configured to pull)
	## see https://meta.discourse.org/t/14857 for details
	#DISCOURSE_CDN_URL: //discourse-cdn.example.com

	DISCOURSE_SAML_TARGET_URL: "https://cas.byu.edu/cas"

	## The Docker container is stateless; all data is stored in /shared
	volumes:
	- volume:
	host: /home/deargle/island/shared/standalone
	guest: /shared
	- volume:
	host: /home/deargle/island/shared/standalone/log/var-log
	guest: /var/log

	## Plugins go here
	## see https://meta.discourse.org/t/19157 for details
	hooks:
	after_code:
	- exec:
	cd: $home/plugins
	cmd:
	- git clone https://github.com/discourse/docker_manager.git
	- git clone -b category-specific-channels https://github.com/deargle/discourse-slack-plugin.git

	## Any custom commands to run after building
	run:
	- exec: echo "Beginning of custom commands"
	## If you want to set the 'From' email address for your first registration, uncomment and change:
	## After getting the first signup email, re-comment the line. It only needs to run once.
	#- exec: rails r "SiteSetting.notification_email='info@unconfigured.discourse.org'"
	- exec: echo "End of custom commands"
	## this is the incoming mail receiver container template
	##
	## After making changes to this file, you MUST rebuild
	## /var/discourse/launcher rebuild mail-receiver
	##
	## BE VERY CAREFUL WHEN EDITING!
	## YAML FILES ARE SUPER SUPER SENSITIVE TO MISTAKES IN WHITESPACE OR ALIGNMENT!
	## visit http://www.yamllint.com/ to validate this file as needed

	base_image: discourse/mail-receiver:1.1.2
	update_pups: false

	#expose:
	# - "25:25" # SMTP

	docker_args:
	- '-p 128.187.61.25:25:25'
	#- '--network nginx-proxy'

	env:
	LANG: en_US.UTF-8

	## Where e-mail to your forum should be sent. In general, it's perfectly fine
	## to use the same domain as the forum itself here.
	MAIL_DOMAIN: island.byu.edu

	## The URL of the mail processing endpoint of your Discourse forum.
	## This is simply your forum's base URL, with `/admin/email/handle_mail`
	## appended. Be careful if you're running a subfolder setup -- in that case,
	## the URL needs to have the subfolder included!
	DISCOURSE_MAIL_ENDPOINT: 'https://island.byu.edu/admin/email/handle_mail'

	## The master API key of your Discourse forum. You can get this from
	## the "API" tab of your admin panel.
	DISCOURSE_API_KEY: <api key here>

	## The username to use for processing incoming e-mail. Unless you have
	## renamed the `system` user, you should leave this as-is.
	DISCOURSE_API_USERNAME: system

	volumes:
	- volume:
	host: /home/deargle/island/shared/mail-receiver/postfix-spool
	guest: /var/spool/postfix
	version: '3'

	services:
	nginx:
	image: nginx:1.14.2
	container_name: nginx-proxy
	ports:
	- "80:80"
	- "443:443"
	volumes:
	- conf:/etc/nginx/conf.d
	- vhost:/etc/nginx/vhost.d
	- html:/usr/share/nginx/html
	- certs:/etc/nginx/certs
	labels:
	- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"

	dockergen:
	image: jwilder/docker-gen:0.7.3
	container_name: nginx-proxy-gen
	depends_on:
	- nginx
	command: -notify-sighup nginx-proxy -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
	volumes:
	- conf:/etc/nginx/conf.d
	- vhost:/etc/nginx/vhost.d
	- html:/usr/share/nginx/html
	- certs:/etc/nginx/certs
	- /var/run/docker.sock:/tmp/docker.sock:ro
	- ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro

	letsencrypt:
	image: jrcs/letsencrypt-nginx-proxy-companion
	container_name: nginx-proxy-le
	depends_on:
	- nginx
	- dockergen
	environment:
	NGINX_PROXY_CONTAINER: nginx-proxy
	NGINX_DOCKER_GEN_CONTAINER: nginx-proxy-gen
	volumes:
	- conf:/etc/nginx/conf.d
	- vhost:/etc/nginx/vhost.d
	- html:/usr/share/nginx/html
	- certs:/etc/nginx/certs
	- /var/run/docker.sock:/var/run/docker.sock:ro

	volumes:
	conf:
	vhost:
	html:
	certs:

	# Do not forget to 'docker network create nginx-proxy' before launch, and to add '--network nginx-proxy' to proxied containers.

	networks:
	default:
	external:
	name: nginx-proxy
	apt update && apt install exim4 ipcalc

	cat <<EOF >> /etc/exim4/conf.d/transport/10_exim4-config_transport-macros
	DKIM_DOMAIN = island.byu.edu
	DKIM_SELECTOR = 20160822
	DKIM_CANON = relaxed
	DKIM_PRIVATE_KEY = /etc/exim4/dkim/island.byu.edu-dkim-private.pem
	EOF




	mkdir -p /etc/exim4/dkim/
	# place the dkim private key file where it is expected... it is located in `lockbox:/Keys/island/`
	chown Debian-exim:Debian-exim /etc/exim4/dkim/island.byu.edu-dkim-private.pem
	chmod 400


	name_of_network=docker0 # set this to the id for the user-defined network created for the nginx-proxy

	docker0_ip=$(ip -4 -o addr show ${name_of_network} \| awk '{print $4}' \| cut -d'/' -f1)
	docker0_network=$(ipcalc -n 172.17.0.1/16 \| grep Network \| awk '{print $2}')


	cat <<EOF > /etc/exim4/update-exim4.conf.conf
	# /etc/exim4/update-exim4.conf.conf
	#
	# Edit this file and /etc/mailname by hand and execute update-exim4.conf
	# yourself or use 'dpkg-reconfigure exim4-config'
	#
	# Please note that this is _not_ a dpkg-conffile and that automatic changes
	# to this file might happen. The code handling this will honor your local
	# changes, so this is usually fine, but will break local schemes that mess
	# around with multiple versions of the file.
	#
	# update-exim4.conf uses this file to determine variable values to generate
	# exim configuration macros for the configuration file.
	#
	# Most settings found in here do have corresponding questions in the
	# Debconf configuration, but not all of them.
	#
	# This is a Debian specific file

	dc_eximconfig_configtype='satellite'
	dc_other_hostnames=''
	dc_local_interfaces='${docker0_ip};127.0.0.1 ; ::1'
	dc_readhost='island.byu.edu'
	dc_relay_domains=''
	dc_minimaldns='false'
	dc_relay_nets='${docker0_network}'
	dc_smarthost='mmgateway.byu.edu'
	CFILEMODE='644'
	dc_use_split_config='true'
	dc_hide_mailname='true'
	dc_mailname_in_oh='true'
	dc_localdelivery='mail_spool'







	cat <<EOF >> /etc/exim4/conf.d/transport/30_exim4-config_remote_smtp
	# DKIM setup copied from `30_exim4-config_remove_smtp`
	# see: https://serverfault.com/a/782069/117087
	.ifdef DKIM_DOMAIN
	dkim_domain = DKIM_DOMAIN
	.endif
	.ifdef DKIM_SELECTOR
	dkim_selector = DKIM_SELECTOR
	.endif
	.ifdef DKIM_PRIVATE_KEY
	dkim_private_key = DKIM_PRIVATE_KEY
	.endif
	.ifdef DKIM_CANON
	dkim_canon = DKIM_CANON
	.endif
	.ifdef DKIM_STRICT
	dkim_strict = DKIM_STRICT
	.endif
	.ifdef DKIM_SIGN_HEADERS
	dkim_sign_headers = DKIM_SIGN_HEADERS
	.endif
	EOF

	sudo service exim4 restart # this recreates the conf-file