Skip to content
Snippets Groups Projects
Commit 473a822f authored by Chris Croome's avatar Chris Croome
Browse files

README updated

parent 6d6dd5aa
No related branches found
Tags 2.2.0
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 15 additions and 10 deletions
README.md
+ 15
10
View file @ 473a822f
......@@ -4,8 +4,10 @@ These Playbooks are designed to be used on Debian Stretch virtual servers.
## Discourse
Login to the console, install `python`, enable root ssh access using keys and
then run the first Playbook:
Login to the virtual server console, install `python`, enable root ssh access
using keys by adding your keys to `/root/.ssh/authorized_keys`, edit
`/etc/sshd/sshd_config` to set `PermitRootLogin prohibit-password`, run
`service ssh restart` and then run the first Playbook:
```bash
export SERVERNAME="community.coops.tech"
......@@ -28,22 +30,25 @@ Then check these settings for email:
* **Email : reply by email address** set this to `discourse+%{reply_key}@$SERVERNAME` (use the actual domain name not $SERVERNAME)
* **Email : manual polling enabled** rick *"Push emails using the API for email replies."*
Then tighten some security settings:
* **Security : force https** tick *"Force your site to use HTTPS only. WARNING: do NOT enable this until you verify HTTPS is fully set up and working absolutely everywhere! Did you check your CDN, all social logins, and any external logos / dependencies to make sure they are all HTTPS compatible, too?"*
* **Security : same site cookies** select *"Strict"*
If you are using this Playbook somewhere other than on a
[Webarchitects](https://www.webarchitects.coop/) virtual server in Sheffield
then the `iptables` and `munin-node` roles will, as a minimum, need editing and
might be best omitted.
The email setup is based on the
[mail-reciever](https://github.com/discourse/mail-receiver) Docker container
plus the [outstanding pull
request](https://github.com/discourse/mail-receiver/pull/2) and the [Postfix
notes](https://meta.discourse.org/t/emails-with-local-smtp/23645/28) for using
the host for outgoing email.
Tighten some security settings:
* **Security : force https** tick *"Force your site to use HTTPS only. WARNING: do NOT enable this until you verify HTTPS is fully set up and working absolutely everywhere! Did you check your CDN, all social logins, and any external logos / dependencies to make sure they are all HTTPS compatible, too?"*
* **Security : same site cookies** select *"Strict"*
If you are using this Playbook somewhere other than on a [Webarchitects](https://www.webarchitects.coop/) virtual server in Sheffield then the `iptables` and `munin-node` roles will as a minimum need editing and might be best omitted.
TODO:
* Test the iptables / fail2ban configuration
* Double check the email setup, work though [this thread](https://meta.discourse.org/t/reducing-backscatter-in-email-interface/59974) and all the referenced changes and also look again at the [mail-reciever](https://github.com/discourse/mail-receiver) configuration
* Munin node plugin setup
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Webarchitects | Forum | Status | SSH Fingerprints