for more information.
--------------------------------------------------------------------------------
/conf/systemd.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=__APP__ service
3 | Wants=postgresql.service
4 | Wants=redis-server.service
5 | After=redis-server.service
6 | After=postgresql.service
7 |
8 | [Service]
9 | User=__APP__
10 | Group=__APP__
11 | WorkingDirectory=__INSTALL_DIR__/discourse
12 | Environment=__ADDITIONAL_ENV__
13 | Environment=RAILS_ENV=production
14 | Environment=UNICORN_WORKERS=3
15 | Environment=UNICORN_SIDEKIQS=1
16 | Environment=LD_PRELOAD=__LIBJEMALLOC__
17 | Environment=RUBY_GC_HEAP_GROWTH_MAX_SLOTS=40000
18 | Environment=RUBY_GC_HEAP_INIT_SLOTS=400000
19 | Environment=RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR=1.5
20 | Environment=UNICORN_LISTENER=__INSTALL_DIR__/discourse/tmp/sockets/unicorn.sock
21 | Environment="PATH=__PATH_WITH_RUBY__:__TOOLS_PREFIX__/bin"
22 | ExecStart=__INSTALL_DIR__/discourse/bin/bundle exec unicorn --config config/unicorn.conf.rb -E production
23 | Restart=always
24 | RestartSec=10
25 |
26 | # Sandboxing options to harden security
27 | # Depending on specificities of your service/app, you may need to tweak these
28 | # .. but this should be a good baseline
29 | # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
30 | NoNewPrivileges=yes
31 | PrivateTmp=yes
32 | PrivateDevices=yes
33 | RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
34 | RestrictNamespaces=yes
35 | RestrictRealtime=yes
36 | DevicePolicy=closed
37 | ProtectSystem=full
38 | ProtectControlGroups=yes
39 | ProtectKernelModules=yes
40 | ProtectKernelTunables=yes
41 | LockPersonality=yes
42 | SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
43 |
44 | # Denying access to capabilities that should not be relevant for webapps
45 | # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
46 | CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
47 | CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
48 | CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
49 | CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
50 | CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
51 | CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
52 | CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
53 | CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
54 | CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
55 |
56 | [Install]
57 | WantedBy=multi-user.target
58 |
--------------------------------------------------------------------------------
/scripts/restore:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | source ../settings/scripts/_common.sh
4 | source /usr/share/yunohost/helpers
5 |
6 | if ! ynh_in_ci_tests; then
7 | # Check memory requirements
8 | check_memory_requirements
9 | fi
10 |
11 | #=================================================
12 | # RESTORE THE APP MAIN DIR
13 | #=================================================
14 | ynh_script_progression "Restoring the app main directory..."
15 |
16 | ynh_restore "$install_dir"
17 |
18 | chmod -R o-rwx "$install_dir"
19 | chown -R "$app:www-data" "$install_dir"
20 |
21 | #=================================================
22 | # RESTORE THE POSTGRESQL DATABASE
23 | #=================================================
24 | ynh_script_progression "Restoring the PostgreSQL database..."
25 |
26 | ynh_psql_db_shell <<< "CREATE EXTENSION IF NOT EXISTS hstore;"
27 | ynh_psql_db_shell <<< "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
28 |
29 | ynh_psql_db_shell < ./db.sql
30 |
31 | #=================================================
32 | # REINSTALL BUNDLE GEM
33 | #=================================================
34 | ynh_script_progression "Reinstall Bundle Gem..."
35 |
36 | pushd "$install_dir/discourse"
37 | gem install bundler
38 | popd
39 |
40 | #=================================================
41 | # RESTORE SYSTEM CONFIGURATIONS
42 | #=================================================
43 | ynh_script_progression "Restoring system configurations related to $app..."
44 |
45 | ynh_restore "/etc/nginx/conf.d/$domain.d/$app.conf"
46 |
47 | ynh_restore "/etc/systemd/system/$app.service"
48 | systemctl enable "$app.service" --quiet
49 |
50 | yunohost service add "$app" --log "$install_dir/discourse/log/unicorn.stderr.log" "$install_dir/discourse/log/unicorn.stdout.log" "$install_dir/discourse/log/production.log"
51 |
52 | ynh_restore "/etc/logrotate.d/$app"
53 |
54 | #=================================================
55 | # RELOAD NGINX AND PHP-FPM OR THE APP SERVICE
56 | #=================================================
57 | ynh_script_progression "Reloading NGINX web server and $app's service..."
58 |
59 | ynh_systemctl --service="$app" --action="start" --log_path="$install_dir/discourse/log/unicorn.stdout.log" --wait_until="INFO -- : worker=$((unicorn_workers-1)) ready"
60 |
61 | ynh_systemctl --service=nginx --action=reload
62 |
63 | #=================================================
64 | # END OF SCRIPT
65 | #=================================================
66 |
67 | ynh_script_progression "Restoration completed for $app"
68 |
--------------------------------------------------------------------------------
/scripts/change_url:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | source _common.sh
4 | source /usr/share/yunohost/helpers
5 |
6 | #=================================================
7 | # STOP SYSTEMD SERVICE
8 | #=================================================
9 | ynh_script_progression "Stopping $app's systemd service..."
10 |
11 | ynh_systemctl --service=$app --action="stop"
12 |
13 | #=================================================
14 | # MODIFY URL IN NGINX CONF
15 | #=================================================
16 | ynh_script_progression "Updating NGINX web server configuration..."
17 |
18 | ynh_config_change_url_nginx
19 |
20 | #=================================================
21 | # UPDATE A CONFIG FILE
22 | #=================================================
23 | ynh_script_progression "Updating a config file..."
24 |
25 | discourse_config_file="$install_dir/discourse/config/discourse.conf"
26 |
27 | old_relative_url_root="${old_path%/}"
28 | new_relative_url_root="${new_path%/}"
29 |
30 | # Configure hostname
31 | ynh_replace --match="hostname = .*" --replace="hostname = \"$new_domain\"" --file="$discourse_config_file"
32 | ynh_replace --match="relative_url_root = .*" --replace="relative_url_root = ${new_path%/}" --file="$discourse_config_file"
33 | ynh_replace --match="smtp_domain = .*" --replace="smtp_domain = $new_domain" --file="$discourse_config_file"
34 |
35 | # Calculate and store the config file checksum
36 | ynh_store_file_checksum "$discourse_config_file"
37 |
38 | # Change URL setting
39 | ynh_psql_db_shell \
40 | <<< "UPDATE site_settings SET value = replace(value, '$old_relative_url_root/images/', '$new_relative_url_root/images/');
41 | UPDATE site_settings SET value = '${new_path}' WHERE name='long_polling_base_url';"
42 |
43 | pushd "$install_dir/discourse"
44 | # Remap URLs in forum posts
45 | _exec_as_app_with_ruby_node RAILS_ENV=production bundle exec script/discourse remap "$old_relative_url_root/uploads" "$new_relative_url_root/uploads" <<< "YES
46 | # "
47 | # Regenerate assets
48 | ynh_hide_warnings _exec_as_app_with_ruby_node RAILS_ENV=production bin/rake assets:precompile
49 |
50 | # Regenerate all forum posts
51 | ynh_hide_warnings _exec_as_app_with_ruby_node RAILS_ENV=production bin/rake posts:rebake
52 | popd
53 |
54 | #=================================================
55 | # START SYSTEMD SERVICE
56 | #=================================================
57 | ynh_script_progression "Starting $app's systemd service..."
58 |
59 | ynh_systemctl --service="$app" --action="start" --log_path="$install_dir/discourse/log/unicorn.stdout.log" --wait_until="INFO -- : worker=$((unicorn_workers-1)) ready"
60 |
61 | #=================================================
62 | # END OF SCRIPT
63 | #=================================================
64 |
65 | ynh_script_progression "Change of URL completed for $app"
66 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Bug report
3 | about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently.
4 |
5 | ---
6 |
7 | **How to post a meaningful bug report**
8 | 1. *Read this whole template first.*
9 | 2. *Determine if you are on the right place:*
10 | - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!*
11 | - *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.*
12 | - *When in doubt, post here and we will figure it out together.*
13 | 3. *Delete the italic comments as you write over them below, and remove this guide.*
14 | ---
15 |
16 | ### Describe the bug
17 |
18 | *A clear and concise description of what the bug is.*
19 |
20 | ### Context
21 |
22 | - Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...*
23 | - YunoHost version: x.x.x
24 | - I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...*
25 | - Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes*
26 | - If yes, please explain:
27 | - Using, or trying to install package version/branch:
28 | - If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`*
29 |
30 | ### Steps to reproduce
31 |
32 | - *If you performed a command from the CLI, the command itself is enough. For example:*
33 | ```sh
34 | sudo yunohost app install the_app
35 | ```
36 | - *If you used the webadmin, please perform the equivalent command from the CLI first.*
37 | - *If the error occurs in your browser, explain what you did:*
38 | 1. *Go to '...'*
39 | 2. *Click on '...'*
40 | 3. *Scroll down to '...'*
41 | 4. *See error*
42 |
43 | ### Expected behavior
44 |
45 | *A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.*
46 |
47 | ### Logs
48 |
49 | *When an operation fails, YunoHost provides a simple way to share the logs.*
50 | - *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.*
51 | - *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.*
52 |
53 | *After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)*
54 |
55 | *If applicable and useful, add screenshots to help explain your problem.*
56 |
--------------------------------------------------------------------------------
/manifest.toml:
--------------------------------------------------------------------------------
1 | #:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/manifest.v2.schema.json
2 |
3 | packaging_format = 2
4 |
5 | id = "discourse"
6 | name = "Discourse"
7 | description.en = "Discussion platform"
8 | description.fr = "Plateforme de discussion"
9 |
10 | version = "3.5.2~ynh1"
11 |
12 | maintainers = ["JimboJoe"]
13 |
14 | [upstream]
15 | license = "GPL-2.0"
16 | website = "http://Discourse.org"
17 | demo = "https://try.discourse.org"
18 | code = "https://github.com/discourse/discourse"
19 | cpe = "cpe:2.3:a:discourse:discourse"
20 |
21 | [integration]
22 | yunohost = ">= 12.1.17"
23 | helpers_version = "2.1"
24 | architectures = "all"
25 | multi_instance = true
26 |
27 | ldap = true
28 | sso = false
29 |
30 | disk = "50M"
31 | ram.build = "50M"
32 | ram.runtime = "1G"
33 |
34 | [install]
35 | [install.domain]
36 | type = "domain"
37 |
38 | [install.path]
39 | type = "path"
40 | default = "/forum"
41 |
42 | [install.init_main_permission]
43 | type = "group"
44 | default = "visitors"
45 |
46 | [install.admin]
47 | type = "user"
48 |
49 | [resources]
50 | [resources.sources]
51 | [resources.sources.main]
52 | url = "https://github.com/discourse/discourse/archive/refs/tags/v3.5.2.tar.gz"
53 | sha256 = "77a487d170ccf47095545bab38f8b1c8012781da9ed126dedff0d78debcf7cea"
54 |
55 | autoupdate.strategy = "latest_github_tag"
56 |
57 | [resources.sources.ldap-auth]
58 | url = "https://github.com/jonmbake/discourse-ldap-auth/archive/refs/tags/v0.7.0.tar.gz"
59 | sha256 = "4e4fbdfced35d169a1a5f55ff801bc2ca27b65c1badf33b4dfc551304f6e5147"
60 |
61 | autoupdate.strategy = "latest_github_tag"
62 | autoupdate.upstream = "https://github.com/jonmbake/discourse-ldap-auth"
63 |
64 | [resources.sources.imagemagickv7]
65 | url = "https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.1.2-8.tar.gz"
66 | sha256 = "acf76a9dafbd18f4dd7b24c45ca10c77e31289fc28e4da0ce5cc3929fd0aef16"
67 |
68 | autoupdate.strategy = "latest_github_tag"
69 | autoupdate.upstream = "https://github.com/ImageMagick/ImageMagick"
70 |
71 | [resources.sources.oxipng]
72 | amd64.url = "https://github.com/oxipng/oxipng/releases/download/v9.1.5/oxipng-9.1.5-x86_64-unknown-linux-gnu.tar.gz"
73 | amd64.sha256 = "31988ec9631755c89466cc11397bd49346598f99cc2c48916d8bd4326e778f1f"
74 |
75 | arm64.url = "https://github.com/oxipng/oxipng/releases/download/v9.1.5/oxipng-9.1.5-aarch64-unknown-linux-gnu.tar.gz"
76 | arm64.sha256 = "5356a929eec64e8fb1673505b8c44239289ca84b469504a83f7158f1a021d6bf"
77 |
78 | autoupdate.strategy = "latest_github_release"
79 | autoupdate.upstream = "https://github.com/shssoichiro/oxipng"
80 | autoupdate.asset.amd64 = "^oxipng-.*-x86_64-unknown-linux-gnu\\.tar\\.gz$"
81 | autoupdate.asset.arm64 = "^oxipng-.*-aarch64-unknown-linux-gnu\\.tar\\.gz$"
82 |
83 | [resources.system_user]
84 |
85 | [resources.install_dir]
86 | group = "www-data:r-x"
87 |
88 | [resources.permissions]
89 | main.url = "/"
90 |
91 | [resources.apt]
92 | packages = [
93 | "advancecomp",
94 | "brotli",
95 | "cmake",
96 | "g++",
97 | "gifsicle",
98 | "jhead",
99 | "jpegoptim",
100 | "libapr1-dev",
101 | "libcurl4-openssl-dev",
102 | "libjemalloc-dev",
103 | "libjemalloc2",
104 | "libjpeg-turbo-progs",
105 | "libpq-dev",
106 | "libreadline-dev",
107 | "libssl-dev",
108 | "libtcmalloc-minimal4",
109 | "libunwind-dev",
110 | "libxml2-dev",
111 | "libxslt1-dev",
112 | "libyaml-dev",
113 | "optipng",
114 | "pngcrush",
115 | "pngquant",
116 | "redis-server",
117 | "zlib1g-dev",
118 |
119 | # Dependencies of imagemagick
120 | "make",
121 | "libltdl-dev",
122 | "libbz2-dev", "zlib1g-dev", "libfreetype6-dev", "libjpeg-dev", "liblzma-dev",
123 | "libwebp-dev", "libtiff-dev", "librsvg2-dev",
124 | "libpng16-16", "libpng-dev",
125 | "libjpeg62-turbo", "libjpeg62-turbo-dev",
126 | "libheif1", "libheif-dev",
127 | "libde265-0", "libde265-dev",
128 | # ${LIBWEBP}
129 |
130 | "postgresql",
131 | "postgresql-client",
132 | "postgresql-contrib",
133 | ]
134 | [resources.apt.extras.postgresql]
135 | repo = "deb https://apt.postgresql.org/pub/repos/apt __YNH_DEBIAN_VERSION__-pgdg main 15"
136 | key = "https://www.postgresql.org/media/keys/ACCC4CF8.asc"
137 | packages = [
138 | "postgresql-15-pgvector",
139 | ]
140 |
141 | [resources.database]
142 | type = "postgresql"
143 |
144 | [resources.nodejs]
145 | version = "22"
146 |
147 | [resources.ruby]
148 | version = "3.3.6"
149 |
--------------------------------------------------------------------------------
/doc/ADMIN.md:
--------------------------------------------------------------------------------
1 | ## Multi-user support
2 |
3 | Supported, with LDAP (no SSO).
4 |
5 | 
6 |
7 | Default administrator and YunoHost users must login using LDAP:
8 |
9 | * click on the "with LDAP" button
10 | * use your YunoHost credentials
11 |
12 | When disabling Local Login and other authentication services, clicking the `Login` or `Sign Up` button will directly bring up the LDAP Login popup.
13 |
14 | 
15 |
16 | 
17 |
18 | ## Configuration
19 |
20 | Use the admin panel of your Discourse to configure this app.
21 |
22 | ### Configuring "Reply-By-Email"
23 |
24 | * You should create a dedicated Yunohost user for Discourse whose mailbox will be used by the Discourse application. You can do this with `yunohost user create response`, for example. You should ensure that the email address is configured to be on your Discourse domain.
25 |
26 | * You should then configure your Discourse `/var/www/discourse/config/discourse.conf` file with the correct SMTP configuration values. Please see [this comment](https://github.com/YunoHost-Apps/discourse_ynh/issues/2#issuecomment-409510325) for an explanation of what values to change. Please be aware, when you update the application, you will have to re-apply this configuration.
27 |
28 | * You must enable the Pop3 configuration for Dovecot. See [this thread](https://forum.yunohost.org/t/how-to-enable-pop3-in-yunohost/1662/2) on how to do that. You can validate your configuration with `systemctl restart dovecot && dovecot -n`. Don't forget to open the ports you need (`995` is the default). You can validate that with `nmap -p 995 yunohostdomain.org`.
29 |
30 | * You should then configure the Pop3 polling in the Discourse admin interface. Please see [this comment](https://meta.discourse.org/t/set-up-reply-via-email-support/14003) for how to do so. You will need to follow step 5 in that comment. You can specify your main Yunohost domain for the `pop3_polling_host`.
31 |
32 | You should now be able to start testing. Try using the `/admin/email` "Send Test Email" and then view the "Sent" or "Skipped" etc. tabs. You should see a report on what happened with the email. You may also want to look in `/var/www/discourse/log/production.log` as well as `/var/www/mail.err`. You should perhaps also use [Rainloop](https://github.com/YunoHost-Apps/rainloop_ynh) or another Yunohost email client application to quickly test that both your user and the dedicated Yunohost Discourse user (`response@...`) is receiving mail.
33 |
34 | ### "Reply-By-Email" and mail forwarding
35 |
36 | If you use the administration UI in YunoHost to setup a mail forwarding address for your users then you may face the problem whereby your users are replying by email from the forwarded email address and the Discourse software is not able to understand how to receive that email.
37 |
38 | For example, your user has email address `foo@myyunohostdomain.org` and all mail is forwarded to `foo@theirexternalmail.com`. Discourse receives replies from `foo@theirexternalmail.com` but cannot understand how to deliver this to the user account with `foo@myyunohostdomain.org` configured.
39 |
40 | Their is on-going work to allow for [multiple email addresses for one user](https://meta.discourse.org/t/additional-email-address-per-user-account-support/59847) in Discourse development but at current major version (2.3 as of 2019-08-06), there is no web interface for this functionality. It is possible to set it up via the command-line interface but it is **experimental** and you should not undertake this work unless you take some time to understand what it is you are going to do.
41 |
42 | Here's how to setup a secondary mail address for a user account:
43 |
44 | ```bash
45 | cd /var/www/discourse
46 | RAILS_ENV=production /opt/rbenv/versions/2.7.1/bin/bundle exec rails c
47 | UserEmail.create!(user: User.find_by_username("foo"), email: "foo@theirexternalmail.com")
48 | ```
49 |
50 | ### LDAP integration
51 |
52 | * LDAP integration: on the login pop-up, you can choose "Login with LDAP" and use your YunoHost credentials
53 |
54 | 
55 |
56 | Default administrator and YunoHost users must login using LDAP:
57 | * click on the "with LDAP" button
58 | * use your YunoHost credentials
59 |
60 | When disabling Local Login and other authentication services, clicking the `Login` or `Sign Up` button will directly bring up the LDAP Login popup.
61 |
62 | 
63 |
64 | 
65 |
66 | ### Installing plugins
67 |
68 | ```bash
69 | cd /var/www/discourse/discourse
70 | sudo -i -u discourse RAILS_ENV=production bin/rake --trace plugin:install repo=https://github.com/discourse/discourse-solved (for example)
71 | sudo -i -u discourse RAILS_ENV=production bin/rake --trace assets:precompile
72 | systemctl restart discourse
73 | ```
74 |
--------------------------------------------------------------------------------
/doc/ADMIN_fr.md:
--------------------------------------------------------------------------------
1 | ## Prise en charge multi-utilisateurs
2 |
3 | 
4 |
5 | L'administrateur par défaut et les utilisateurs YunoHost doivent se connecter via LDAP :
6 |
7 | * cliquez sur le bouton "avec LDAP"
8 | * utilisez vos identifiants YunoHost
9 |
10 | Lors de la désactivation de la connexion locale et d'autres services d'authentification, cliquez sur le bouton « Connexion » ou « Inscription » pour afficher directement la fenêtre contextuelle de connexion LDAP.
11 |
12 | 
13 |
14 | 
15 |
16 | ## Configuration
17 |
18 | Utilisez le panneau d'administration de votre Discourse pour configurer cette application.
19 |
20 | ### Configuration de "Répondre par e-mail"
21 |
22 | * Vous devez créer un utilisateur Yunohost dédié pour Discourse dont la boîte aux lettres sera utilisée par l'application Discourse. Vous pouvez le faire avec `yunohost user create response`, par exemple. Vous devez vous assurer que l'adresse e-mail est configurée pour être sur votre domaine Discourse.
23 |
24 | * Vous devez ensuite configurer votre fichier Discourse `/var/www/discourse/config/discourse.conf` avec les valeurs de configuration SMTP correctes. Veuillez consulter [ce commentaire](https://github.com/YunoHost-Apps/discourse_ynh/issues/2#issuecomment-409510325) pour une explication des valeurs à modifier. Attention, lors de la mise à jour de l'application, vous devrez réappliquer cette configuration.
25 |
26 | * Vous devez activer la configuration Pop3 pour Dovecot. Voir [ce fil](https://forum.yunohost.org/t/how-to-enable-pop3-in-yunohost/1662/2) pour savoir comment procéder. Vous pouvez valider votre configuration avec `systemctl restart dovecot && dovecot -n`. N'oubliez pas d'ouvrir les ports dont vous avez besoin ('995' est la valeur par défaut). Vous pouvez valider cela avec `nmap -p 995 yunohostdomain.org`.
27 |
28 | * Vous devez ensuite configurer le sondage Pop3 dans l'interface d'administration de Discourse. Veuillez consulter [ce commentaire](https://meta.discourse.org/t/set-up-reply-via-email-support/14003) pour savoir comment procéder. Vous devrez suivre l'étape 5 de ce commentaire. Vous pouvez spécifier votre domaine Yunohost principal pour le `pop3_polling_host`.
29 |
30 | Vous devriez maintenant pouvoir commencer à tester. Essayez d'utiliser le `/admin/email` « Envoyer un e-mail de test », puis affichez les onglets « Envoyé » ou « Ignoré », etc. Vous devriez voir un rapport sur ce qui s'est passé avec l'e-mail. Vous pouvez également regarder dans `/var/www/discourse/log/production.log` ainsi que `/var/www/mail.err`. Vous devriez peut-être également utiliser [Rainloop](https://github.com/YunoHost-Apps/rainloop_ynh) ou une autre application client de messagerie Yunohost pour tester rapidement que votre utilisateur et l'utilisateur dédié Yunohost Discourse (`response@...` ) reçoit du courrier.
31 |
32 | ### "Réponse par e-mail" et transfert de courrier
33 |
34 | Si vous utilisez l'interface utilisateur d'administration de YunoHost pour configurer une adresse de transfert de courrier pour vos utilisateurs, vous risquez de rencontrer le problème selon lequel vos utilisateurs répondent par e-mail à partir de l'adresse e-mail transférée et le logiciel Discourse n'est pas capable de comprendre comment recevoir cet e-mail.
35 |
36 | Par exemple, votre utilisateur a l'adresse e-mail "foo@myyunohostdomain.org" et tout le courrier est transféré à "foo@theirexternalmail.com". Discourse reçoit des réponses de `foo@theirexternalmail.com` mais ne peut pas comprendre comment les envoyer au compte utilisateur avec `foo@myyunohostdomain.org` configuré.
37 |
38 | Leur travail est en cours pour permettre [plusieurs adresses e-mail pour un utilisateur](https://meta.discourse.org/t/additional-email-address-per-user-account-support/59847) dans le développement de discours mais dans la version majeure actuelle (2.3 au 06-08-2019), il n'y a pas d'interface Web pour cette fonctionnalité. Il est possible de le configurer via l'interface de ligne de commande mais c'est **expérimental** et vous ne devriez pas entreprendre ce travail à moins de prendre le temps de comprendre ce que vous allez faire.
39 |
40 | Voici comment configurer une adresse e-mail secondaire pour un compte utilisateur :
41 |
42 | ```bash
43 | cd /var/www/discourse
44 | RAILS_ENV=production /opt/rbenv/versions/2.7.1/bin/bundle exec rails c
45 | UserEmail.create!(user: User.find_by_username("foo"), email: "foo@theirexternalmail.com")
46 | ```
47 |
48 | ### Intégration LDAP
49 |
50 | * dans la pop-up de connexion, vous pouvez choisir "Se connecter avec LDAP" et utiliser vos identifiants YunoHost
51 |
52 | 
53 |
54 | L'administrateur par défaut et les utilisateurs YunoHost doivent se connecter via LDAP :
55 |
56 | * cliquez sur le bouton "avec LDAP"
57 | * utilisez vos identifiants YunoHost
58 |
59 | Lors de la désactivation de la connexion locale et d'autres services d'authentification, cliquez sur le bouton « Connexion » ou « Inscription » pour afficher directement la fenêtre contextuelle de connexion LDAP.
60 |
61 | 
62 |
63 | 
64 |
65 | ### Installer des plugins
66 |
67 | ```bash
68 | cd /var/www/discourse/discourse
69 | sudo -i -u discourse RAILS_ENV=production bin/rake --trace plugin:install repo=https://github.com/discourse/discourse-solved (for example)
70 | sudo -i -u discourse RAILS_ENV=production bin/rake --trace assets:precompile
71 | systemctl restart discourse
72 | ```
73 |
--------------------------------------------------------------------------------
/scripts/_common.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | #=================================================
4 | # COMMON VARIABLES AND CUSTOM HELPERS
5 | #=================================================
6 |
7 | libjemalloc="$(ldconfig -p | grep libjemalloc | awk 'END {print $NF}')"
8 |
9 | _exec_as_app_with_ruby_node() {
10 | ynh_exec_as_app env PATH="$path_with_nodejs:$path_with_ruby:$PATH" "$@"
11 | }
12 |
13 | # Returns true if a swap partition is enabled, false otherwise
14 | # usage: is_swap_present
15 | is_swap_present() {
16 | [ $(awk '/^SwapTotal:/{print $2}' /proc/meminfo) -gt 0 ]
17 | }
18 |
19 | # Returns true if swappiness higher than 10
20 | # usage: is_swappiness_sufficient
21 | is_swappiness_sufficient() {
22 | [ $(cat /proc/sys/vm/swappiness) -gt 10 ]
23 | }
24 |
25 | # Returns true if specified free memory is available (RAM + swap)
26 | # usage: is_memory_available MEMORY (in bytes)
27 | is_memory_available() {
28 | local needed_memory=$1
29 | local freemem="$(awk '/^MemAvailable:/{print $2}' /proc/meminfo)"
30 | local freeswap="$(awk '/^SwapFree:/{print $2}' /proc/meminfo)"
31 | [ $(($freemem+$freeswap)) -gt $needed_memory ]
32 | }
33 |
34 | # Checks discourse install memory requirements
35 | # terminates installation if requirements not met
36 | check_memory_requirements() {
37 | if ! is_swap_present ; then
38 | ynh_print_warn "You must have a swap partition in order to install and use this application"
39 | elif ! is_swappiness_sufficient ; then
40 | ynh_print_warn "Your swappiness must be higher than 10; please see https://en.wikipedia.org/wiki/Swappiness"
41 | elif ! is_memory_available 1000000 ; then
42 | ynh_print_warn "You must have a minimum of 1Gb available memory (RAM+swap) for the installation"
43 | fi
44 | }
45 | # Checks discourse upgrade memory requirements
46 | # Less requirements as the software is already installed and running
47 | # terminates upgrade if requirements not met
48 | check_memory_requirements_upgrade() {
49 | if ! is_memory_available 400000 ; then
50 | ynh_die "You must have a minimum of 400Mb available memory (RAM+swap) for the upgrade"
51 | fi
52 | }
53 |
54 | tools_prefix="$install_dir/dependencies"
55 |
56 | install_imagemagick() {
57 | # See https://github.com/discourse/discourse_docker/blob/main/image/base/install-imagemagick
58 | ynh_setup_source --source_id="imagemagickv7" --dest_dir="$install_dir/imagemagick_source"
59 | mkdir -p "$tools_prefix"
60 | chown -R "$app:$app" "$install_dir/imagemagick_source" "$tools_prefix"
61 |
62 | pushd "$install_dir/imagemagick_source"
63 | ynh_exec_as_app CFLAGS="-O2 -I$tools_prefix/include -Wno-deprecated-declarations" \
64 | ./configure \
65 | --prefix="$tools_prefix" \
66 | --enable-static \
67 | --enable-bounds-checking \
68 | --enable-hdri \
69 | --enable-hugepages \
70 | --with-threads \
71 | --with-modules \
72 | --with-quantum-depth=16 \
73 | --without-magick-plus-plus \
74 | --with-bzlib \
75 | --with-zlib \
76 | --without-autotrace \
77 | --with-freetype \
78 | --with-jpeg \
79 | --without-lcms \
80 | --with-lzma \
81 | --with-png \
82 | --with-tiff \
83 | --with-heic \
84 | --with-rsvg \
85 | --with-webp
86 | ynh_exec_as_app make all -j"$(nproc)"
87 | ynh_exec_as_app LIBTOOLFLAGS=-Wnone make install
88 | popd
89 | ynh_safe_rm "$install_dir/imagemagick_source"
90 | }
91 |
92 | install_oxipng() {
93 | ynh_setup_source --source_id="oxipng" --dest_dir="$install_dir/oxipng_source"
94 | mkdir -p "$tools_prefix/bin"
95 | mv "$install_dir/oxipng_source/oxipng" "$tools_prefix/bin/oxipng"
96 | ynh_safe_rm "$install_dir/oxipng_source"
97 | }
98 |
99 | ynh_maintenance_mode_ON () {
100 | # Create an html to serve as maintenance notice
101 | echo "
102 |
103 |
104 |
105 | Your app $app is currently under maintenance!
106 |
112 |
113 |
114 | Your app $app is currently under maintenance!
115 | This app has been put under maintenance by your administrator at $(date)
116 | Please wait until the maintenance operation is done. This page will be reloaded as soon as your app will be back.
117 |
118 |
119 | " > "/var/www/html/maintenance.$app.html"
120 |
121 | # Create a new nginx config file to redirect all access to the app to the maintenance notice instead.
122 | echo "# All request to the app will be redirected to ${path}_maintenance and fall on the maintenance notice
123 | rewrite ^${path}/(.*)$ ${path}_maintenance/? redirect;
124 | # Use another location, to not be in conflict with the original config file
125 | location ${path}_maintenance/ {
126 | alias /var/www/html/ ;
127 |
128 | try_files maintenance.$app.html =503;
129 |
130 | # Include SSOWAT user panel.
131 | include conf.d/yunohost_panel.conf.inc;
132 | }" > "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf"
133 |
134 | # The current config file will redirect all requests to the root of the app.
135 | # To keep the full path, we can use the following rewrite rule:
136 | # rewrite ^${path}/(.*)$ ${path}_maintenance/\$1? redirect;
137 | # The difference will be in the $1 at the end, which keep the following queries.
138 | # But, if it works perfectly for a html request, there's an issue with any php files.
139 | # This files are treated as simple files, and will be downloaded by the browser.
140 | # Would be really be nice to be able to fix that issue. So that, when the page is reloaded after the maintenance, the user will be redirected to the real page he was.
141 |
142 | systemctl reload nginx
143 | }
144 |
145 | ynh_maintenance_mode_OFF () {
146 | # Rewrite the nginx config file to redirect from ${path}_maintenance to the real url of the app.
147 | echo "rewrite ^${path}_maintenance/(.*)$ ${path}/\$1 redirect;" > "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf"
148 | systemctl reload nginx
149 |
150 | # Sleep 4 seconds to let the browser reload the pages and redirect the user to the app.
151 | sleep 4
152 |
153 | # Then remove the temporary files used for the maintenance.
154 | rm "/var/www/html/maintenance.$app.html"
155 | rm "/etc/nginx/conf.d/$domain.d/maintenance.$app.conf"
156 |
157 | systemctl reload nginx
158 | }
159 |
--------------------------------------------------------------------------------
/conf/nginx.conf:
--------------------------------------------------------------------------------
1 | # maximum file upload size (keep up to date when changing the corresponding site setting)
2 | client_max_body_size 10m;
3 |
4 | # extend timeouts
5 | proxy_connect_timeout 600;
6 | proxy_send_timeout 600;
7 | proxy_read_timeout 600;
8 | send_timeout 600;
9 |
10 | # path to discourse's public directory
11 | set $public __INSTALL_DIR__/discourse/public/;
12 |
13 | # without weak etags we get zero benefit from etags on dynamically compressed content
14 | # further more etags are based on the file in nginx not sha of data
15 | # use dates, it solves the problem fine even cross server
16 | etag off;
17 |
18 | # prevent direct download of backups
19 | location ^~ __PATH__/backups/ {
20 | internal;
21 | }
22 |
23 | # bypass rails stack with a cheap 204 for favicon.ico requests
24 | location __PATH__/favicon.ico {
25 | return 204;
26 | access_log off;
27 | log_not_found off;
28 | }
29 |
30 | #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
31 | location __PATH__/ {
32 | alias __INSTALL_DIR__/discourse/public/ ;
33 | proxy_hide_header ETag;
34 |
35 | # auth_basic on;
36 | # auth_basic_user_file /etc/nginx/htpasswd;
37 |
38 | location ~* (assets|plugins|uploads)/.*\.(eot|ttf|woff|woff2|ico)$ {
39 | expires 1y;
40 | more_set_headers "Cache-Control : public,immutable";
41 | more_set_headers "Access-Control-Allow-Origin : *";
42 | }
43 |
44 | location = __PATH__/srv/status {
45 | access_log off;
46 | log_not_found off;
47 | proxy_set_header Host $host;
48 | proxy_set_header X-Real-IP $remote_addr;
49 | proxy_set_header X-Request-Start "t=${msec}";
50 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
51 | proxy_set_header X-Forwarded-Proto https;
52 | proxy_pass http://unix:__INSTALL_DIR__/discourse/tmp/sockets/unicorn.sock;
53 | break;
54 | }
55 |
56 | # some minimal caching here so we don't keep asking
57 | # longer term we should increas probably to 1y
58 | location ~ ^/javascripts/ {
59 | expires 1d;
60 | more_set_headers "Cache-Control : public,immutable";
61 | }
62 |
63 | location ~ ^/assets/(?.+)$ {
64 | expires 1y;
65 | # asset pipeline enables this
66 | # brotli_static on;
67 | gzip_static on;
68 | more_set_headers "Cache-Control : public,immutable";
69 | # HOOK in asset location (used for extensibility)
70 | # TODO I don't think this break is needed, it just breaks out of rewrite
71 | break;
72 | }
73 |
74 | location ~ ^/plugins/ {
75 | expires 1y;
76 | more_set_headers "Cache-Control : public,immutable";
77 | }
78 |
79 | # cache emojis
80 | location ~ /images/emoji/ {
81 | expires 1y;
82 | more_set_headers "Cache-Control : public,immutable";
83 | }
84 |
85 | location ~ ^/uploads/ {
86 |
87 | # NOTE: it is really annoying that we can't just define headers
88 | # at the top level and inherit.
89 | #
90 | # proxy_set_header DOES NOT inherit, by design, we must repeat it,
91 | # otherwise headers are not set correctly
92 | proxy_set_header Host $host;
93 | proxy_set_header X-Real-IP $remote_addr;
94 | proxy_set_header X-Request-Start "t=${msec}";
95 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
96 | proxy_set_header X-Forwarded-Proto https;
97 | proxy_set_header X-Sendfile-Type X-Accel-Redirect;
98 | proxy_set_header X-Accel-Mapping __INSTALL_DIR__/discourse/public/=/downloads/;
99 | expires 1y;
100 | more_set_headers "Cache-Control : public,immutable";
101 |
102 | ## optional upload anti-hotlinking rules
103 | #valid_referers none blocked mysite.com *.mysite.com;
104 | #if ($invalid_referer) { return 403; }
105 |
106 | # custom CSS
107 | location ~ /stylesheet-cache/ {
108 | try_files $uri =404;
109 | }
110 | # this allows us to bypass rails
111 | location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff|svg|ico|webp)$ {
112 | try_files $uri =404;
113 | }
114 | # thumbnails & optimized images
115 | location ~ /_?optimized/ {
116 | try_files $uri =404;
117 | }
118 |
119 | proxy_pass http://unix:__INSTALL_DIR__/discourse/tmp/sockets/unicorn.sock;
120 | break;
121 | }
122 |
123 | location ~ ^/admin/backups/ {
124 | proxy_set_header Host $host;
125 | proxy_set_header X-Real-IP $remote_addr;
126 | proxy_set_header X-Request-Start "t=${msec}";
127 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
128 | proxy_set_header X-Forwarded-Proto https;
129 | proxy_set_header X-Sendfile-Type X-Accel-Redirect;
130 | proxy_set_header X-Accel-Mapping __INSTALL_DIR__/discourse/public/=/downloads/;
131 | proxy_pass http://unix:__INSTALL_DIR__/discourse/tmp/sockets/unicorn.sock;
132 | break;
133 | }
134 |
135 | # This big block is needed so we can selectively enable
136 | # acceleration for backups and avatars
137 | # see note about repetition above
138 | location ~ ^/(letter_avatar/|user_avatar|highlight-js|stylesheets|favicon/proxied|service-worker) {
139 | proxy_set_header Host $host;
140 | proxy_set_header X-Real-IP $remote_addr;
141 | proxy_set_header X-Request-Start "t=${msec}";
142 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
143 | proxy_set_header X-Forwarded-Proto https;
144 |
145 | # if Set-Cookie is in the response nothing gets cached
146 | # this is double bad cause we are not passing last modified in
147 | proxy_ignore_headers "Set-Cookie";
148 | proxy_hide_header "Set-Cookie";
149 |
150 | # note x-accel-redirect can not be used with proxy_cache
151 | # proxy_cache one;
152 | proxy_cache_valid 200 301 302 7d;
153 | proxy_cache_valid any 1m;
154 | proxy_pass http://unix:__INSTALL_DIR__/discourse/tmp/sockets/unicorn.sock;
155 | break;
156 | }
157 |
158 | # location /letter_avatar_proxy/ {
159 | # # Don't send any client headers to the avatars service
160 | # proxy_method GET;
161 | # proxy_pass_request_headers off;
162 | # proxy_pass_request_body off;
163 | #
164 | # # Don't let cookies interrupt caching, and don't pass them to the
165 | # # client
166 | # proxy_ignore_headers "Set-Cookie";
167 | # proxy_hide_header "Set-Cookie";
168 | #
169 | # proxy_cache one;
170 | # proxy_cache_key $uri;
171 | # proxy_cache_valid 200 7d;
172 | # proxy_cache_valid 404 1m;
173 | # proxy_set_header Connection "";
174 | #
175 | # proxy_pass https://avatars.discourse.org/;
176 | # break;
177 | # }
178 |
179 | # we need buffering off for message bus
180 | location __PATH__/message-bus/ {
181 | proxy_set_header X-Request-Start "t=${msec}";
182 | proxy_set_header Host $host;
183 | proxy_set_header X-Real-IP $remote_addr;
184 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
185 | proxy_set_header X-Forwarded-Proto https;
186 | proxy_http_version 1.1;
187 | proxy_buffering off;
188 | proxy_pass http://unix:__INSTALL_DIR__/discourse/tmp/sockets/unicorn.sock;
189 | break;
190 | }
191 |
192 | # this means every file in public is tried first
193 | try_files $uri @__APP__;
194 | }
195 |
196 | location __PATH__/downloads/ {
197 | internal;
198 | alias __INSTALL_DIR__/discourse/public/ ;
199 | }
200 |
201 | location @__APP__ {
202 | more_set_headers "Referrer-Policy : no-referrer-when-downgrade";
203 | proxy_set_header Host $host;
204 | proxy_set_header X-Request-Start "t=${msec}";
205 | proxy_set_header X-Real-IP $remote_addr;
206 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
207 | proxy_set_header X-Forwarded-Proto https;
208 | proxy_pass http://unix:__INSTALL_DIR__/discourse/tmp/sockets/unicorn.sock;
209 | }
210 |
--------------------------------------------------------------------------------
/scripts/install:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | source _common.sh
4 | source /usr/share/yunohost/helpers
5 |
6 | if ! ynh_in_ci_tests; then
7 | # Check memory requirements
8 | check_memory_requirements
9 | fi
10 |
11 | #=================================================
12 | # INITIALIZE AND STORE SETTINGS
13 | #=================================================
14 |
15 | relative_url_root=${path%/}
16 |
17 | # Create a random password
18 | admin_pwd=$(ynh_string_random)
19 | admin_mail=$(ynh_user_get_info --username=$admin --key=mail)
20 |
21 | redis_db=$(ynh_redis_get_free_db)
22 | ynh_app_setting_set --key=redis_db --value="$redis_db"
23 |
24 | # Set a secret value
25 | secret="$(ynh_string_random)"
26 |
27 | # We assume for the moment that ARM devices are only dual core, so
28 | # we restrict the number of workers to 2 (the default is 3)
29 | if dpkg --print-architecture | grep -q "arm"; then
30 | unicorn_workers=2
31 | else
32 | unicorn_workers=3
33 | fi
34 | ynh_app_setting_set --key=unicorn_workers --value=$unicorn_workers
35 |
36 | #=================================================
37 | # INSTALL DEPENDENCIES
38 | #=================================================
39 | ynh_script_progression "Installing dependencies..."
40 |
41 | # Building and installing ImageMagick v7
42 | install_imagemagick
43 |
44 | # Installing Oxipng
45 | install_oxipng
46 |
47 | #=================================================
48 | # CONFIGURE A POSTGRESQL DATABASE
49 | #=================================================
50 | ynh_script_progression "Configuring $app's PostgreSQL database..."
51 |
52 | # Set extensions
53 | ynh_psql_db_shell <<< "CREATE EXTENSION IF NOT EXISTS hstore;"
54 | ynh_psql_db_shell <<< "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
55 | ynh_psql_db_shell <<< "CREATE EXTENSION IF NOT EXISTS vector;"
56 |
57 | #=================================================
58 | # DOWNLOAD, CHECK AND UNPACK SOURCE
59 | #=================================================
60 | ynh_script_progression "Setting up source files..."
61 |
62 | # Download, check integrity, uncompress and patch the source from app.src
63 | ynh_setup_source --dest_dir="$install_dir/discourse"
64 |
65 | # Install LDAP plugin
66 | ynh_setup_source --source_id=ldap-auth --dest_dir="$install_dir/discourse/plugins/ldap"
67 |
68 | # Add a pids and socket directory for the systemd script.
69 | mkdir -p "$install_dir/discourse/tmp/pids"
70 | mkdir -p "$install_dir/discourse/tmp/sockets"
71 | mkdir -p "$install_dir/discourse/public/forum"
72 |
73 | # Create specific folders and links for subfolder compatibility
74 | # (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507)
75 | ln -s "$install_dir/discourse/public/uploads" "$install_dir/discourse/public/forum/uploads"
76 | ln -s "$install_dir/discourse/public/backups" "$install_dir/discourse/public/forum/backups"
77 |
78 | # Set permissions to app files
79 | chmod -R o-rwx "$install_dir"
80 | chown -R "$app:www-data" "$install_dir"
81 |
82 | #=================================================
83 | # ADD A CONFIGURATION
84 | #=================================================
85 | ynh_script_progression "Adding $app's configuration file..."
86 |
87 | ynh_config_add --template="discourse_defaults.conf" --destination="$install_dir/discourse/config/discourse.conf"
88 | ynh_config_add --template="secrets.yml" --destination="$install_dir/discourse/config/secrets.yml"
89 | ynh_config_add --template="settings.yml" --destination="$install_dir/discourse/plugins/ldap/config/settings.yml"
90 |
91 | # Disable svgo worker
92 | echo "svgo: false" | ynh_exec_as_app tee "$install_dir/discourse/.image_optim.yml" >/dev/null
93 |
94 | #=================================================
95 | # SETUP UNICORN, A RUBY SERVER
96 | #=================================================
97 | ynh_script_progression "Setting up Unicorn..."
98 |
99 | # On ARM architecture, replace bundled libpsl by system native libpsl
100 | # because the provided binary isn't compatible
101 | if dpkg --print-architecture | grep -q "arm"; then
102 | (
103 | cd "$install_dir/discourse/vendor/bundle/ruby"/*/"gems/mini_suffix-*/vendor"
104 | rm libpsl.so
105 | ln -s "$(ldconfig -p | grep libpsl | awk 'END {print $NF}')" libpsl.so
106 | )
107 | fi
108 |
109 | pushd "$install_dir/discourse"
110 | # Install bundler, a gems installer
111 | gem install bundler --conservative -v $(awk '/BUNDLED WITH/ { getline; gsub(/ /,""); print $0 }' $install_dir/discourse/Gemfile.lock)
112 | # Install without documentation
113 | echo "gem: --no-ri --no-rdoc" | ynh_exec_as_app tee "$install_dir/discourse/.gemrc" >/dev/null
114 |
115 | # Specific actions on ARM architecture
116 | if dpkg --print-architecture | grep -q "arm"; then
117 | # Define the platform specifically to retrieve binaries
118 | # for libv8 because it currently doesn't compile on ARM devices
119 | _exec_as_app_with_ruby_node bundle config specific_platform arm-linux
120 | fi
121 |
122 | # Install dependencies
123 | _exec_as_app_with_ruby_node bundle config --local path "$install_dir/discourse/vendor/bundle"
124 | _exec_as_app_with_ruby_node bundle config --local without test development
125 | _exec_as_app_with_ruby_node bundle install --jobs 2
126 | popd
127 |
128 | pushd "$install_dir/discourse"
129 | ynh_hide_warnings npm install --location=global pnpm@9 --force
130 | ynh_hide_warnings _exec_as_app_with_ruby_node pnpm install --frozen-lockfile
131 | popd
132 |
133 | #=================================================
134 | # PREPARE THE DATABASE
135 | #=================================================
136 | ynh_script_progression "Preparing the database..."
137 |
138 | pushd "$install_dir/discourse"
139 | ynh_hide_warnings _exec_as_app_with_ruby_node RAILS_ENV=production bundle exec rake db:migrate
140 | ynh_hide_warnings _exec_as_app_with_ruby_node RAILS_ENV=production bundle exec rake themes:update
141 | ynh_hide_warnings _exec_as_app_with_ruby_node RAILS_ENV=production DISCOURSE_DOWNLOAD_PRE_BUILT_ASSETS=0 bundle exec rake assets:precompile
142 | popd
143 |
144 | # Set default data (especially to have correct image URLs for subfolder install)
145 | ynh_config_add --template="provisioning.sql" --destination="$install_dir/provisioning.sql"
146 | ynh_psql_db_shell < "$install_dir/provisioning.sql"
147 | ynh_safe_rm "$install_dir/provisioning.sql"
148 |
149 | #=================================================
150 | # CREATE DISCOURSE ADMIN USER
151 | #=================================================
152 | ynh_script_progression "Creating Discourse admin user..."
153 |
154 | pushd "$install_dir/discourse"
155 | _exec_as_app_with_ruby_node RAILS_ENV=production bundle exec rake admin:create <<< "$admin_mail
156 | $admin_pwd
157 | $admin_pwd
158 | y
159 | "
160 | popd
161 |
162 | #=================================================
163 | # CONFIGURE PLUGINS
164 | #=================================================
165 | ynh_script_progression "Configuring plugins..."
166 |
167 | # Patch ldap-auth plugin dependency (omniauth-ldap) to fix it when using domain subfolder
168 | # (Can only do that now because we are patching dependencies which have just been downloaded)
169 | # Patch applied: https://github.com/omniauth/omniauth-ldap/pull/16
170 |
171 | patch -p4 -d "$install_dir/discourse/plugins/ldap/lib/omniauth/strategies"*/ \
172 | < "../conf/ldap-auth-fix-subfolder.patch"
173 |
174 | #=================================================
175 | # SYSTEM CONFIGURATION
176 | #=================================================
177 | ynh_script_progression "Adding system configurations related to $app..."
178 |
179 | # Create a dedicated NGINX config
180 | ynh_config_add_nginx
181 |
182 | # Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191
183 | if [ "$path" != "/" ] ; then
184 | ynh_replace --file="/etc/nginx/conf.d/$domain.d/$app.conf" \
185 | --match='$proxy_add_x_forwarded_for' \
186 | --replace='$http_your_original_ip_header'
187 | fi
188 | ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
189 |
190 | additional_env="UNICORN_WORKERS=$unicorn_workers"
191 |
192 | ynh_config_add_systemd
193 | yunohost service add "$app" --log "$install_dir/discourse/log/unicorn.stderr.log" "$install_dir/discourse/log/unicorn.stdout.log" "$install_dir/discourse/log/production.log"
194 |
195 | # Use logrotate to manage application logfile(s)
196 | ynh_config_add_logrotate "$install_dir/discourse/log/unicorn.stderr.log"
197 | ynh_config_add_logrotate "$install_dir/discourse/log/unicorn.stdout.log"
198 | ynh_config_add_logrotate "$install_dir/discourse/log/production.log"
199 |
200 | #=================================================
201 | # START SYSTEMD SERVICE
202 | #=================================================
203 | ynh_script_progression "Starting $app's systemd service..."
204 |
205 | ynh_systemctl --service="$app" --action="start" --log_path="$install_dir/discourse/log/unicorn.stdout.log" --wait_until="INFO -- : worker=$((unicorn_workers-1)) ready"
206 |
207 | #=================================================
208 | # END OF SCRIPT
209 | #=================================================
210 |
211 | ynh_script_progression "Installation of $app completed"
212 |
--------------------------------------------------------------------------------
/scripts/upgrade:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | source _common.sh
4 | source /usr/share/yunohost/helpers
5 |
6 | if ! ynh_in_ci_tests; then
7 | # Check memory requirements
8 | check_memory_requirements
9 | fi
10 |
11 | #=================================================
12 | # INITIALIZE AND STORE SETTINGS
13 | #=================================================
14 |
15 | relative_url_root=${path%/}
16 | admin_mail=$(ynh_user_get_info --username=$admin --key=mail)
17 | secret="$(ynh_string_random)"
18 |
19 | #=================================================
20 | # ENABLE MAINTENANCE MODE
21 | #=================================================
22 | ynh_script_progression "Enabling maintenance mode..."
23 |
24 | ynh_maintenance_mode_ON
25 |
26 | #=================================================
27 | # STOP SYSTEMD SERVICE
28 | #=================================================
29 | ynh_script_progression "Stopping $app's systemd service..."
30 |
31 | ynh_systemctl --service="$app" --action="stop" --log_path="$install_dir/discourse/log/unicorn.stdout.log"
32 |
33 | #=================================================
34 | # ENSURE DOWNWARD COMPATIBILITY
35 | #=================================================
36 | ynh_script_progression "Ensuring downward compatibility..."
37 |
38 | # If unicorn_workers doesn't exist, create it
39 | if [ -z "$unicorn_workers" ]; then
40 | # We assume for the moment that ARM devices are only dual core, so
41 | # we restrict the number of workers to 2 (the default is 3)
42 | if dpkg --print-architecture | grep -q "arm"; then
43 | unicorn_workers=2
44 | else
45 | unicorn_workers=3
46 | fi
47 | ynh_app_setting_set --key="unicorn_workers" --value="$unicorn_workers"
48 | fi
49 |
50 | if [ -f "$install_dir/tmp/sockets/unicorn.sock" ]; then
51 | # Move sources into the discourse subdir.
52 | mkdir -p "$install_dir/__new__"
53 | find "$install_dir" -mindepth 1 -maxdepth 1 -not -name "__new__" -print0 | xargs -0 mv -t "$install_dir/__new__"
54 | mv "$install_dir/__new__" "$install_dir/discourse"
55 | fi
56 |
57 | # See https://github.com/jonmbake/discourse-ldap-auth/issues/77
58 | if [ -d "$install_dir/discourse/plugins/discourse-ldap-auth" ]; then
59 | mv "$install_dir/discourse/plugins/discourse-ldap-auth" "$install_dir/discourse/plugins/ldap"
60 | fi
61 |
62 | if [ ! -d "$install_dir/discourse" ]; then
63 | tmpdir=$(mktemp -d)
64 | mv $install_dir $tmpdir/
65 | mkdir -p "$install_dir"
66 | mv $tmpdir/$app $install_dir/
67 | ynh_delete_file_checksum "$install_dir/config/discourse.conf"
68 | ynh_store_file_checksum "$install_dir/discourse/config/discourse.conf"
69 | ynh_delete_file_checksum "$install_dir/config/secrets.yml"
70 | ynh_store_file_checksum "$install_dir/discourse/config/secrets.yml"
71 | mv "$install_dir/discourse/plugins/discourse-ldap-auth" "$install_dir/discourse/plugins/ldap"
72 | ynh_delete_file_checksum "$install_dir/plugins/discourse-ldap-aut/config/settings.yml"
73 | ynh_store_file_checksum "$install_dir/discourse/plugins/ldap/config/settings.yml"
74 | ynh_safe_rm "$tmpdir"
75 | ynh_config_remove_logrotate
76 | ynh_safe_rm "$install_dir/public/forum/uploads"
77 | ynh_safe_rm "$install_dir/public/forum/backups"
78 | fi
79 |
80 | #=================================================
81 | # UPGRADING DEPENDENCIES
82 | #=================================================
83 | ynh_script_progression "Upgrading dependency..."
84 |
85 | # Building and upgrading ImageMagick v7
86 | install_imagemagick
87 |
88 | # Upgrading Oxipng
89 | install_oxipng
90 |
91 | #=================================================
92 | # CONFIGURE A POSTGRESQL DATABASE
93 | #=================================================
94 | ynh_script_progression "Upgrading $app's PostgreSQL database..."
95 |
96 | # Set extensions
97 | ynh_psql_db_shell <<< "CREATE EXTENSION IF NOT EXISTS hstore;"
98 | ynh_psql_db_shell <<< "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
99 | ynh_psql_db_shell <<< "CREATE EXTENSION IF NOT EXISTS vector;"
100 |
101 | #=================================================
102 | # DOWNLOAD, CHECK AND UNPACK SOURCE
103 | #=================================================
104 | ynh_script_progression "Upgrading source files..."
105 |
106 | # Small trick to backup non-core plugins
107 | mv "$install_dir/discourse/plugins" "$install_dir/discourse/plugins_old"
108 |
109 | # Download, check integrity, uncompress and patch the source from app.src
110 | ynh_setup_source --dest_dir="$install_dir/discourse" --full_replace --keep="config/discourse.conf plugins_old public/uploads public/backups log"
111 |
112 | # Restore all non-core plugins
113 | for plugin_dir in "$install_dir/discourse/plugins_old"/*; do
114 | plugin_name=$(basename "$plugin_dir")
115 | if [ ! -d "$install_dir/discourse/plugins/$plugin_name" ]; then
116 | mv "$plugin_dir" "$install_dir/discourse/plugins/$plugin_name"
117 | fi
118 | done
119 |
120 | ynh_safe_rm "$install_dir/discourse/plugins_old"
121 |
122 | # Install LDAP plugin
123 | ynh_setup_source --source_id=ldap-auth --dest_dir="$install_dir/discourse/plugins/ldap" --full_replace --keep="config/settings.yml"
124 |
125 | # Add a pids and socket directory for the systemd script.
126 | mkdir -p "$install_dir/discourse/tmp/pids"
127 | mkdir -p "$install_dir/discourse/tmp/sockets"
128 | mkdir -p "$install_dir/discourse/public/forum"
129 |
130 | # Create specific folders and links for subfolder compatibility
131 | # (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507)
132 | ln -s "$install_dir/discourse/public/uploads" "$install_dir/discourse/public/forum/uploads"
133 | ln -s "$install_dir/discourse/public/backups" "$install_dir/discourse/public/forum/backups"
134 |
135 | # Set permissions to app files
136 | chmod -R o-rwx "$install_dir"
137 | chown -R "$app:www-data" "$install_dir"
138 |
139 | #=================================================
140 | # UPDATE A CONFIG FILE
141 | #=================================================
142 | ynh_script_progression "Updating $app's config file..."
143 |
144 | ynh_config_add --template="discourse_defaults.conf" --destination="$install_dir/discourse/config/discourse.conf"
145 | ynh_config_add --template="secrets.yml" --destination="$install_dir/discourse/config/secrets.yml"
146 | ynh_config_add --template="settings.yml" --destination="$install_dir/discourse/plugins/ldap/config/settings.yml"
147 |
148 | # Disable svgo worker
149 | echo "svgo: false" | ynh_exec_as_app tee "$install_dir/discourse/.image_optim.yml" >/dev/null
150 |
151 | #=================================================
152 | # SETUP UNICORN, A RUBY SERVER
153 | #=================================================
154 | ynh_script_progression "Setting up Unicorn..."
155 |
156 | # Make a backup of the original config file if modified
157 | unicorn_config_file="$install_dir/discourse/config/unicorn.conf.rb"
158 | ynh_backup_if_checksum_is_different "$unicorn_config_file"
159 | ynh_store_file_checksum "$unicorn_config_file"
160 |
161 | # On ARM architecture, replace bundled libpsl by system native libpsl
162 | # because the provided binary isn't compatible
163 | if dpkg --print-architecture | grep -q "arm"; then
164 | (
165 | cd "$install_dir/discourse/vendor/bundle/ruby"/*/"gems/mini_suffix-*/vendor"
166 | rm libpsl.so
167 | ln -s "$(ldconfig -p | grep libpsl | awk 'END {print $NF}')" libpsl.so
168 | )
169 | fi
170 |
171 | pushd "$install_dir/discourse"
172 | # Install bundler, a gems installer
173 | gem install bundler --conservative -v $(awk '/BUNDLED WITH/ { getline; gsub(/ /,""); print $0 }' $install_dir/discourse/Gemfile.lock)
174 | # Install without documentation
175 | echo "gem: --no-ri --no-rdoc" | ynh_exec_as_app tee "$install_dir/discourse/.gemrc" >/dev/null
176 |
177 | # Specific actions on ARM architecture
178 | if dpkg --print-architecture | grep -q "arm"; then
179 | # Define the platform specifically to retrieve binaries
180 | # for libv8 because it currently doesn't compile on ARM devices
181 | _exec_as_app_with_ruby_node bundle config specific_platform arm-linux
182 | fi
183 |
184 | # Install dependencies
185 | _exec_as_app_with_ruby_node bundle config --local path "$install_dir/discourse/vendor/bundle"
186 | _exec_as_app_with_ruby_node bundle config --local without test development
187 | _exec_as_app_with_ruby_node bundle install --jobs 2
188 | popd
189 |
190 | pushd "$install_dir/discourse"
191 | ynh_hide_warnings npm install --location=global terser
192 | ynh_hide_warnings npm install --location=global uglify-js
193 | ynh_hide_warnings npm install --location=global pnpm@9
194 | ynh_hide_warnings _exec_as_app_with_ruby_node pnpm install --frozen-lockfile
195 | popd
196 |
197 | #=================================================
198 | # PREPARE THE DATABASE
199 | #=================================================
200 | ynh_script_progression "Preparing the database..."
201 |
202 | pushd "$install_dir/discourse"
203 | ynh_hide_warnings _exec_as_app_with_ruby_node RAILS_ENV=production bundle exec rake db:migrate
204 | ynh_hide_warnings _exec_as_app_with_ruby_node RAILS_ENV=production bundle exec rake themes:update
205 | ynh_hide_warnings _exec_as_app_with_ruby_node RAILS_ENV=production DISCOURSE_DOWNLOAD_PRE_BUILT_ASSETS=0 bundle exec rake assets:precompile
206 | popd
207 | #=================================================
208 | # CONFIGURE PLUGINS
209 | #=================================================
210 | ynh_script_progression "Configuring plugins..."
211 |
212 | # Patch ldap-auth plugin dependency (omniauth-ldap) to fix it when using domain subfolder
213 | # (Can only do that now because we are patching dependencies which have just been downloaded)
214 | # Patch applied: https://github.com/omniauth/omniauth-ldap/pull/16
215 | patch -p4 -d "$install_dir/discourse/plugins/ldap/lib/omniauth/strategies"*/ \
216 | < "../conf/ldap-auth-fix-subfolder.patch"
217 |
218 | #=================================================
219 | # REAPPLY SYSTEM CONFIGURATIONS
220 | #=================================================
221 | ynh_script_progression "Upgrading system configurations related to $app..."
222 |
223 | # Create a dedicated NGINX config
224 | ynh_config_add_nginx
225 | # Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191
226 | if [ "$path" != "/" ] ; then
227 | ynh_replace --file="/etc/nginx/conf.d/$domain.d/$app.conf" \
228 | --match='$proxy_add_x_forwarded_for' \
229 | --replace='$http_your_original_ip_header'
230 | fi
231 | ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
232 |
233 | additional_env="UNICORN_WORKERS=$unicorn_workers"
234 | ynh_config_add_systemd
235 | yunohost service add "$app" --log "$install_dir/discourse/log/unicorn.stderr.log" "$install_dir/discourse/log/unicorn.stdout.log" "$install_dir/discourse/log/production.log"
236 |
237 | # Use logrotate to manage application logfile(s)
238 | ynh_config_add_logrotate "$install_dir/discourse/log/unicorn.stderr.log"
239 | ynh_config_add_logrotate "$install_dir/discourse/log/unicorn.stdout.log"
240 | ynh_config_add_logrotate "$install_dir/discourse/log/production.log"
241 |
242 | #=================================================
243 | # START SYSTEMD SERVICE
244 | #=================================================
245 | ynh_script_progression "Starting $app's systemd service..."
246 |
247 | ynh_systemctl --service="$app" --action="start" --log_path="$install_dir/discourse/log/unicorn.stdout.log" --wait_until="INFO -- : worker=$((unicorn_workers-1)) ready"
248 |
249 | #=================================================
250 | # DISABLE MAINTENANCE MODE
251 | #=================================================
252 | ynh_script_progression "Disabling maintenance mode..."
253 |
254 | ynh_maintenance_mode_OFF
255 |
256 | #=================================================
257 | # END OF SCRIPT
258 | #=================================================
259 |
260 | ynh_script_progression "Upgrade of $app completed"
261 |
--------------------------------------------------------------------------------
/conf/discourse_defaults.conf:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE
3 | # If you need to make changes create a file called discourse.conf in this directory with your changes
4 | # On import this file will be imported using ERB
5 | #
6 |
7 | # Discourse supports multiple mechanisms for production config.
8 | #
9 | # 1. You can do nothing and get these defaults (not recommended, you should at least set hostname)
10 | # 2. You can copy this file to config/discourse.conf and amend with your settings
11 | # 3. You can pass in config from your environment, all the settings below are available.
12 | # Prepend DISCOURSE_ and upper case the setting in ENV. For example:
13 | # to pass in db_pool of 200 you would use DISCOURSE_DB_POOL=200
14 |
15 | # All settings apply to production only
16 |
17 | # connection pool size, sidekiq is set to 5, allowing an extra 3 for bg threads
18 | db_pool = 8
19 |
20 | # Database connection timeout in seconds
21 | db_connect_timeout = 5
22 |
23 | # socket file used to access db
24 | db_socket =
25 |
26 | # host address for db server
27 | # This is set to blank so it tries to use sockets first
28 | db_host =
29 |
30 | # host address for db server when taking a backup via `pg_dump`
31 | # Defaults to `db_host` if not configured
32 | db_backup_host =
33 |
34 | # port running db server, no need to set it
35 | db_port =
36 |
37 | # db server port to use when taking a backup via `pg_dump`
38 | db_backup_port = 5432
39 |
40 | # database name running discourse
41 | db_name = __DB_NAME__
42 |
43 | # username accessing database
44 | db_username = __DB_USER__
45 |
46 | # password used to access the db
47 | db_password = __DB_PWD__
48 |
49 | # Disallow prepared statements
50 | # see: https://github.com/rails/rails/issues/21992
51 | db_prepared_statements = false
52 |
53 | # host address for db replica server
54 | db_replica_host =
55 |
56 | # port running replica db server, defaults to 5432 if not set
57 | db_replica_port =
58 |
59 | db_advisory_locks = true
60 |
61 | # hostname running the forum
62 | hostname = "__DOMAIN__"
63 |
64 | # backup hostname mainly for cdn use
65 | backup_hostname =
66 |
67 | # address of smtp server used to send emails
68 | smtp_address = localhost
69 |
70 | # port of smtp server used to send emails
71 | smtp_port = 25
72 |
73 | # domain passed to smtp server
74 | smtp_domain = __DOMAIN__
75 |
76 | # username for smtp server
77 | smtp_user_name =
78 |
79 | # password for smtp server
80 | smtp_password =
81 |
82 | # smtp authentication mechanism
83 | smtp_authentication = plain
84 |
85 | # enable TLS encryption for smtp connections
86 | smtp_enable_start_tls = false
87 |
88 | # mode for verifying smtp server certificates
89 | # to disable, set to 'none'
90 | smtp_openssl_verify_mode =
91 |
92 | # force implicit TLS as per RFC 8314 3.3
93 | smtp_force_tls = false
94 |
95 | # number of seconds to wait while attempting to open a SMTP connection
96 | smtp_open_timeout = 5
97 |
98 | # Number of seconds to wait until timing-out a SMTP read(2) call
99 | smtp_read_timeout = 30
100 |
101 | # number of seconds to wait while attempting to open a SMTP connection only when
102 | # sending emails via group SMTP
103 | group_smtp_open_timeout = 30
104 |
105 | # Number of seconds to wait until timing-out a SMTP read(2) call only when sending
106 | # emails via group SMTP
107 | group_smtp_read_timeout = 60
108 |
109 | # load MiniProfiler in production, to be used by developers
110 | load_mini_profiler = false
111 |
112 | # Every how many requests should MP profile a request (aka take snapshot)
113 | # Default is never
114 | mini_profiler_snapshots_period = 0
115 |
116 | # specify the URL of the destination that MiniProfiler should ship snapshots to
117 | # mini_profiler_snapshots_transport_auth_key is required as well
118 | mini_profiler_snapshots_transport_url =
119 |
120 | # authorization key that will be included as a header in requests made by the
121 | # snapshots transporter to the URL specified above. The destination should
122 | # know this key and only accept requests that have this key in the
123 | # `Mini-Profiler-Transport-Auth` header.
124 | mini_profiler_snapshots_transport_auth_key =
125 |
126 | # recommended, cdn used to access assets
127 | cdn_url =
128 |
129 | # The hostname used by the CDN to request assets
130 | cdn_origin_hostname =
131 |
132 | # comma delimited list of emails that have developer level access
133 | developer_emails = __ADMIN_MAIL__
134 |
135 | # redis server address
136 | redis_host = localhost
137 |
138 | # redis server port
139 | redis_port = 6379
140 |
141 | # redis replica server address
142 | redis_replica_host =
143 |
144 | # redis replica server port
145 | redis_replica_port = 6379
146 |
147 | # redis database
148 | redis_db = __REDIS_DB__
149 |
150 | # redis username
151 | redis_username =
152 |
153 | # redis password
154 | redis_password =
155 |
156 | # skip configuring client id for cloud providers who support no client commands
157 | redis_skip_client_commands = false
158 |
159 | # uses SSL for all Redis connections if true
160 | redis_use_ssl = false
161 |
162 | # message bus redis server switch
163 | message_bus_redis_enabled = false
164 |
165 | # message bus redis server address
166 | message_bus_redis_host = localhost
167 |
168 | # message bus redis server port
169 | message_bus_redis_port = 6379
170 |
171 | # message bus redis replica server address
172 | message_bus_redis_replica_host =
173 |
174 | # message bus redis slave server port
175 | message_bus_redis_replica_port = 6379
176 |
177 | # message bus redis database
178 | message_bus_redis_db = 0
179 |
180 | # message bus redis username
181 | message_bus_redis_username =
182 |
183 | # message bus redis password
184 | message_bus_redis_password =
185 |
186 | # skip configuring client id for cloud providers who support no client commands
187 | message_bus_redis_skip_client_commands = false
188 |
189 | # enable Cross-origin Resource Sharing (CORS) directly at the application level
190 | enable_cors = false
191 | cors_origin = ''
192 |
193 | # enable if you really need to serve assets in prod
194 | serve_static_assets = true
195 |
196 | # number of sidekiq workers (launched via unicorn master)
197 | sidekiq_workers = 5
198 |
199 | # Logs Sidekiq jobs that have been running for longer than the configured number of minutes to the Rails log
200 | sidekiq_report_long_running_jobs_minutes =
201 |
202 | # connection reaping helps keep connection counts down, postgres
203 | # will not work properly with huge numbers of open connections
204 | # reap connections from pool that are older than 30 seconds
205 | connection_reaper_age = 30
206 |
207 | # run reap check every 30 seconds
208 | connection_reaper_interval = 30
209 |
210 | # set to relative URL (for subdirectory/subfolder hosting)
211 | # IMPORTANT: path must not include a trailing /
212 | # EG: /forum
213 | relative_url_root = "__RELATIVE_URL_ROOT__"
214 |
215 | # increasing this number will increase redis memory use
216 | # this ensures backlog (ability of channels to catch up are capped)
217 | # message bus default cap is 1000, we are winding it down to 100
218 | message_bus_max_backlog_size = 100
219 |
220 | # how often the message-bus backlog should be cleared
221 | # lower values will make memory usage more consistent, but will
222 | # increase redis CPU demands
223 | message_bus_clear_every = 50
224 |
225 | # must be a 64 byte hex string, anything else will be ignored with a warning
226 | secret_key_base =
227 |
228 | # fallback path for all assets which are served via the application
229 | # used by static_controller
230 | # in multi host setups this allows you to have old unicorn instances serve
231 | # newly compiled assets
232 | fallback_assets_path =
233 |
234 | # S3 settings used for serving ALL public files
235 | # be sure to configure a CDN as well per cdn_url
236 | s3_bucket =
237 | s3_region =
238 | s3_access_key_id =
239 | s3_secret_access_key =
240 | s3_use_iam_profile =
241 | s3_cdn_url =
242 | s3_endpoint =
243 | s3_http_continue_timeout =
244 | s3_install_cors_rule =
245 | enable_s3_transfer_acceleration =
246 |
247 | # Optionally, specify a separate CDN to be used for static JS assets stored on S3
248 | s3_asset_cdn_url =
249 |
250 | ### rate limits apply to all sites
251 | max_user_api_reqs_per_minute = 20
252 | max_user_api_reqs_per_day = 2880
253 |
254 | max_admin_api_reqs_per_minute = 60
255 |
256 | max_reqs_per_ip_per_minute = 200
257 | max_reqs_per_ip_per_10_seconds = 50
258 |
259 | # applies to asset type routes (avatars/css and so on)
260 | max_asset_reqs_per_ip_per_10_seconds = 200
261 |
262 | # global rate limiter will simply warn if the limit is exceeded, can be warn+block, warn, block or none
263 | max_reqs_per_ip_mode = block
264 |
265 | # bypass rate limiting any IP resolved as a private IP
266 | max_reqs_rate_limit_on_private = false
267 |
268 | # use per user rate limits vs ip rate limits for users with this trust level or more.
269 | skip_per_ip_rate_limit_trust_level = 1
270 |
271 | # logged in DoS protection
272 |
273 | # protection will only trigger for requests that queue longer than this amount
274 | force_anonymous_min_queue_seconds = 1
275 | # only trigger anon if we see more than N requests for this path in last 10 seconds
276 | force_anonymous_min_per_10_seconds = 3
277 |
278 | # Any requests with the headers Discourse-Background = true will not be allowed to queue
279 | # longer than this amount of time.
280 | # Discourse will rate limit and ask client to try again later.
281 | background_requests_max_queue_length = 0.5
282 |
283 | # if a message bus request queues for 100ms or longer, we will reject it and ask consumer
284 | # to back off
285 | reject_message_bus_queue_seconds = 0.1
286 |
287 | # disable search if app server is queueing for longer than this (in seconds)
288 | disable_search_queue_threshold = 1
289 |
290 | # maximum number of posts rebaked across the cluster in the periodical job
291 | # rebake process is very expensive, on multisite we have to make sure we never
292 | # flood the queue
293 | max_old_rebakes_per_15_minutes = 300
294 |
295 | # maximum number of log messages in /logs
296 | max_logster_logs = 1000
297 |
298 | # during precompile update maxmind database if older than N days
299 | # set to 0 to disable
300 | refresh_maxmind_db_during_precompile_days = 2
301 |
302 | # backup path containing maxmind db files
303 | maxmind_backup_path =
304 |
305 | # register an account at: https://www.maxmind.com/en/geolite2/signup
306 | # then head to profile and get your account ID and license key
307 | maxmind_account_id =
308 | maxmind_license_key =
309 |
310 | # Configures a URL mirror to download the MaxMind databases from.
311 | # When set, the file path will be appended to the mirror's URL.
312 | # If the mirror URL is https://some.url.com/maxmind/mirror for example, the
313 | # GeoLite2-City database file will be downloaded from https://some.url.com/maxmind/mirror/GeoLite2-City.tar.gz
314 | maxmind_mirror_url =
315 |
316 | # when enabled the following headers will be added to every response:
317 | # (note, if measurements do not exist for the header they will be omitted)
318 | #
319 | # X-Redis-Calls: 10
320 | # X-Redis-Time: 1.02
321 | # X-Sql-Calls: 102
322 | # X-Sql-Time: 1.02
323 | # X-Queue-Time: 1.01
324 | enable_performance_http_headers = false
325 |
326 | # gather JavaScript errors from clients (rate limited to 1 error per IP per minute)
327 | enable_js_error_reporting = true
328 |
329 | # This is probably not a number you want to touch, it controls the number of workers
330 | # we allow mini scheduler to run. Prior to 2019 we ran a single worker.
331 | # On extremely busy setups this could lead to situations where regular jobs would
332 | # starve. Specifically jobs such as "run heartbeat" which keeps sidekiq running.
333 | # Having a high number here is very low risk. Regular jobs are limited in scope and scale.
334 | mini_scheduler_workers = 5
335 |
336 | # enable compression on anonymous cache redis entries
337 | # this slightly increases the cost of storing cache entries but can make it much
338 | # cheaper to retrieve cache entries when redis is stores on a different machine to the one
339 | # running the web
340 | compress_anon_cache = false
341 |
342 | # Only store entries in redis for anonymous cache if they are observed more than N times
343 | # for a specific key
344 | #
345 | # This ensures there are no pathological cases where we keep storing data in anonymous cache
346 | # never to use it, set to 1 to store immediately, set to 0 to disable anon cache
347 | anon_cache_store_threshold = 2
348 |
349 | # EXPERIMENTAL - not yet supported in production
350 | # by default admins can install and amend any theme
351 | # you may restrict it so only specific themes are approved
352 | # in allowlist mode all theme updates must happen via git repos
353 | # themes missing from the list are automatically disallowed
354 | # list is a comma separated list of git repos eg:
355 | # https://github.com/discourse/discourse-custom-header-links.git,https://github.com/discourse/discourse-simple-theme.git
356 | allowed_theme_repos =
357 |
358 | # Demon::EmailSync is used in conjunction with the enable_imap site setting
359 | # to sync N IMAP mailboxes with specific groups. It is a process started in
360 | # unicorn.conf, and it spawns N threads (one for each multisite connection) and
361 | # for each database spans another N threads (one for each configured group).
362 | #
363 | # We want this off by default so the process is not started when it does not
364 | # need to be (e.g. development, test, certain hosting tiers)
365 | enable_email_sync_demon = false
366 |
367 | # we never want to queue more than 10000 digests per 30 minute block
368 | # this can easily lead to blocking sidekiq
369 | # on multisites we recommend a far lower number
370 | max_digests_enqueued_per_30_mins_per_site = 10000
371 |
372 | # This cluster name can be passed to the /srv/status route to verify
373 | # the application cluster is the same one you are expecting
374 | cluster_name =
375 |
376 | # The YAML file used to configure multisite clusters
377 | multisite_config_path = config/multisite.yml
378 |
379 | # If false, only short (regular) polling will be attempted
380 | enable_long_polling =
381 |
382 | # Length of time to hold open a long polling connection in milliseconds
383 | long_polling_interval =
384 |
385 | # Specify the mode for the early hint header. Can be nil (disabled), "preconnect" (lists just CDN domains) or "preload" (lists all assets).
386 | # The 'preload' mode currently serves inconsistent headers for different pages/users, and is not recommended for production use.
387 | early_hint_header_mode =
388 |
389 | # Specify which header name to use for the early hint. Defaults to "Link", but can be changed to support different proxy mechanisms.
390 | early_hint_header_name = "Link"
391 |
392 | # When using an external upload store, redirect `user_avatar` requests instead of proxying
393 | redirect_avatar_requests = false
394 |
395 | # Force the entire cluster into postgres readonly mode. Equivalent to running `Discourse.enable_pg_force_readonly_mode`
396 | pg_force_readonly_mode = false
397 |
398 | # default DNS query timeout for FinalDestination (used when not explicitely given programmatically)
399 | dns_query_timeout_secs =
400 |
401 | # Default global regex timeout
402 | regex_timeout_seconds = 2
403 |
404 | # Allow impersonation function on the cluster to admins
405 | allow_impersonation = true
406 |
407 | # The maximum number of characters allowed in a single log line.
408 | log_line_max_chars = 160000
409 |
410 | # this value is included when generating static asset URLs.
411 | # Updating the value will allow site operators to invalidate all asset urls
412 | # to recover from configuration issues which may have been cached by CDNs/browsers.
413 | asset_url_salt =
414 |
415 | # Enable Ruby YJIT to get better performances at the cost of using more memory.
416 | yjit_enabled = false
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 2, June 1991
3 |
4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
6 | Everyone is permitted to copy and distribute verbatim copies
7 | of this license document, but changing it is not allowed.
8 |
9 | Preamble
10 |
11 | The licenses for most software are designed to take away your
12 | freedom to share and change it. By contrast, the GNU General Public
13 | License is intended to guarantee your freedom to share and change free
14 | software--to make sure the software is free for all its users. This
15 | General Public License applies to most of the Free Software
16 | Foundation's software and to any other program whose authors commit to
17 | using it. (Some other Free Software Foundation software is covered by
18 | the GNU Lesser General Public License instead.) You can apply it to
19 | your programs, too.
20 |
21 | When we speak of free software, we are referring to freedom, not
22 | price. Our General Public Licenses are designed to make sure that you
23 | have the freedom to distribute copies of free software (and charge for
24 | this service if you wish), that you receive source code or can get it
25 | if you want it, that you can change the software or use pieces of it
26 | in new free programs; and that you know you can do these things.
27 |
28 | To protect your rights, we need to make restrictions that forbid
29 | anyone to deny you these rights or to ask you to surrender the rights.
30 | These restrictions translate to certain responsibilities for you if you
31 | distribute copies of the software, or if you modify it.
32 |
33 | For example, if you distribute copies of such a program, whether
34 | gratis or for a fee, you must give the recipients all the rights that
35 | you have. You must make sure that they, too, receive or can get the
36 | source code. And you must show them these terms so they know their
37 | rights.
38 |
39 | We protect your rights with two steps: (1) copyright the software, and
40 | (2) offer you this license which gives you legal permission to copy,
41 | distribute and/or modify the software.
42 |
43 | Also, for each author's protection and ours, we want to make certain
44 | that everyone understands that there is no warranty for this free
45 | software. If the software is modified by someone else and passed on, we
46 | want its recipients to know that what they have is not the original, so
47 | that any problems introduced by others will not reflect on the original
48 | authors' reputations.
49 |
50 | Finally, any free program is threatened constantly by software
51 | patents. We wish to avoid the danger that redistributors of a free
52 | program will individually obtain patent licenses, in effect making the
53 | program proprietary. To prevent this, we have made it clear that any
54 | patent must be licensed for everyone's free use or not licensed at all.
55 |
56 | The precise terms and conditions for copying, distribution and
57 | modification follow.
58 |
59 | GNU GENERAL PUBLIC LICENSE
60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
61 |
62 | 0. This License applies to any program or other work which contains
63 | a notice placed by the copyright holder saying it may be distributed
64 | under the terms of this General Public License. The "Program", below,
65 | refers to any such program or work, and a "work based on the Program"
66 | means either the Program or any derivative work under copyright law:
67 | that is to say, a work containing the Program or a portion of it,
68 | either verbatim or with modifications and/or translated into another
69 | language. (Hereinafter, translation is included without limitation in
70 | the term "modification".) Each licensee is addressed as "you".
71 |
72 | Activities other than copying, distribution and modification are not
73 | covered by this License; they are outside its scope. The act of
74 | running the Program is not restricted, and the output from the Program
75 | is covered only if its contents constitute a work based on the
76 | Program (independent of having been made by running the Program).
77 | Whether that is true depends on what the Program does.
78 |
79 | 1. You may copy and distribute verbatim copies of the Program's
80 | source code as you receive it, in any medium, provided that you
81 | conspicuously and appropriately publish on each copy an appropriate
82 | copyright notice and disclaimer of warranty; keep intact all the
83 | notices that refer to this License and to the absence of any warranty;
84 | and give any other recipients of the Program a copy of this License
85 | along with the Program.
86 |
87 | You may charge a fee for the physical act of transferring a copy, and
88 | you may at your option offer warranty protection in exchange for a fee.
89 |
90 | 2. You may modify your copy or copies of the Program or any portion
91 | of it, thus forming a work based on the Program, and copy and
92 | distribute such modifications or work under the terms of Section 1
93 | above, provided that you also meet all of these conditions:
94 |
95 | a) You must cause the modified files to carry prominent notices
96 | stating that you changed the files and the date of any change.
97 |
98 | b) You must cause any work that you distribute or publish, that in
99 | whole or in part contains or is derived from the Program or any
100 | part thereof, to be licensed as a whole at no charge to all third
101 | parties under the terms of this License.
102 |
103 | c) If the modified program normally reads commands interactively
104 | when run, you must cause it, when started running for such
105 | interactive use in the most ordinary way, to print or display an
106 | announcement including an appropriate copyright notice and a
107 | notice that there is no warranty (or else, saying that you provide
108 | a warranty) and that users may redistribute the program under
109 | these conditions, and telling the user how to view a copy of this
110 | License. (Exception: if the Program itself is interactive but
111 | does not normally print such an announcement, your work based on
112 | the Program is not required to print an announcement.)
113 |
114 | These requirements apply to the modified work as a whole. If
115 | identifiable sections of that work are not derived from the Program,
116 | and can be reasonably considered independent and separate works in
117 | themselves, then this License, and its terms, do not apply to those
118 | sections when you distribute them as separate works. But when you
119 | distribute the same sections as part of a whole which is a work based
120 | on the Program, the distribution of the whole must be on the terms of
121 | this License, whose permissions for other licensees extend to the
122 | entire whole, and thus to each and every part regardless of who wrote it.
123 |
124 | Thus, it is not the intent of this section to claim rights or contest
125 | your rights to work written entirely by you; rather, the intent is to
126 | exercise the right to control the distribution of derivative or
127 | collective works based on the Program.
128 |
129 | In addition, mere aggregation of another work not based on the Program
130 | with the Program (or with a work based on the Program) on a volume of
131 | a storage or distribution medium does not bring the other work under
132 | the scope of this License.
133 |
134 | 3. You may copy and distribute the Program (or a work based on it,
135 | under Section 2) in object code or executable form under the terms of
136 | Sections 1 and 2 above provided that you also do one of the following:
137 |
138 | a) Accompany it with the complete corresponding machine-readable
139 | source code, which must be distributed under the terms of Sections
140 | 1 and 2 above on a medium customarily used for software interchange; or,
141 |
142 | b) Accompany it with a written offer, valid for at least three
143 | years, to give any third party, for a charge no more than your
144 | cost of physically performing source distribution, a complete
145 | machine-readable copy of the corresponding source code, to be
146 | distributed under the terms of Sections 1 and 2 above on a medium
147 | customarily used for software interchange; or,
148 |
149 | c) Accompany it with the information you received as to the offer
150 | to distribute corresponding source code. (This alternative is
151 | allowed only for noncommercial distribution and only if you
152 | received the program in object code or executable form with such
153 | an offer, in accord with Subsection b above.)
154 |
155 | The source code for a work means the preferred form of the work for
156 | making modifications to it. For an executable work, complete source
157 | code means all the source code for all modules it contains, plus any
158 | associated interface definition files, plus the scripts used to
159 | control compilation and installation of the executable. However, as a
160 | special exception, the source code distributed need not include
161 | anything that is normally distributed (in either source or binary
162 | form) with the major components (compiler, kernel, and so on) of the
163 | operating system on which the executable runs, unless that component
164 | itself accompanies the executable.
165 |
166 | If distribution of executable or object code is made by offering
167 | access to copy from a designated place, then offering equivalent
168 | access to copy the source code from the same place counts as
169 | distribution of the source code, even though third parties are not
170 | compelled to copy the source along with the object code.
171 |
172 | 4. You may not copy, modify, sublicense, or distribute the Program
173 | except as expressly provided under this License. Any attempt
174 | otherwise to copy, modify, sublicense or distribute the Program is
175 | void, and will automatically terminate your rights under this License.
176 | However, parties who have received copies, or rights, from you under
177 | this License will not have their licenses terminated so long as such
178 | parties remain in full compliance.
179 |
180 | 5. You are not required to accept this License, since you have not
181 | signed it. However, nothing else grants you permission to modify or
182 | distribute the Program or its derivative works. These actions are
183 | prohibited by law if you do not accept this License. Therefore, by
184 | modifying or distributing the Program (or any work based on the
185 | Program), you indicate your acceptance of this License to do so, and
186 | all its terms and conditions for copying, distributing or modifying
187 | the Program or works based on it.
188 |
189 | 6. Each time you redistribute the Program (or any work based on the
190 | Program), the recipient automatically receives a license from the
191 | original licensor to copy, distribute or modify the Program subject to
192 | these terms and conditions. You may not impose any further
193 | restrictions on the recipients' exercise of the rights granted herein.
194 | You are not responsible for enforcing compliance by third parties to
195 | this License.
196 |
197 | 7. If, as a consequence of a court judgment or allegation of patent
198 | infringement or for any other reason (not limited to patent issues),
199 | conditions are imposed on you (whether by court order, agreement or
200 | otherwise) that contradict the conditions of this License, they do not
201 | excuse you from the conditions of this License. If you cannot
202 | distribute so as to satisfy simultaneously your obligations under this
203 | License and any other pertinent obligations, then as a consequence you
204 | may not distribute the Program at all. For example, if a patent
205 | license would not permit royalty-free redistribution of the Program by
206 | all those who receive copies directly or indirectly through you, then
207 | the only way you could satisfy both it and this License would be to
208 | refrain entirely from distribution of the Program.
209 |
210 | If any portion of this section is held invalid or unenforceable under
211 | any particular circumstance, the balance of the section is intended to
212 | apply and the section as a whole is intended to apply in other
213 | circumstances.
214 |
215 | It is not the purpose of this section to induce you to infringe any
216 | patents or other property right claims or to contest validity of any
217 | such claims; this section has the sole purpose of protecting the
218 | integrity of the free software distribution system, which is
219 | implemented by public license practices. Many people have made
220 | generous contributions to the wide range of software distributed
221 | through that system in reliance on consistent application of that
222 | system; it is up to the author/donor to decide if he or she is willing
223 | to distribute software through any other system and a licensee cannot
224 | impose that choice.
225 |
226 | This section is intended to make thoroughly clear what is believed to
227 | be a consequence of the rest of this License.
228 |
229 | 8. If the distribution and/or use of the Program is restricted in
230 | certain countries either by patents or by copyrighted interfaces, the
231 | original copyright holder who places the Program under this License
232 | may add an explicit geographical distribution limitation excluding
233 | those countries, so that distribution is permitted only in or among
234 | countries not thus excluded. In such case, this License incorporates
235 | the limitation as if written in the body of this License.
236 |
237 | 9. The Free Software Foundation may publish revised and/or new versions
238 | of the General Public License from time to time. Such new versions will
239 | be similar in spirit to the present version, but may differ in detail to
240 | address new problems or concerns.
241 |
242 | Each version is given a distinguishing version number. If the Program
243 | specifies a version number of this License which applies to it and "any
244 | later version", you have the option of following the terms and conditions
245 | either of that version or of any later version published by the Free
246 | Software Foundation. If the Program does not specify a version number of
247 | this License, you may choose any version ever published by the Free Software
248 | Foundation.
249 |
250 | 10. If you wish to incorporate parts of the Program into other free
251 | programs whose distribution conditions are different, write to the author
252 | to ask for permission. For software which is copyrighted by the Free
253 | Software Foundation, write to the Free Software Foundation; we sometimes
254 | make exceptions for this. Our decision will be guided by the two goals
255 | of preserving the free status of all derivatives of our free software and
256 | of promoting the sharing and reuse of software generally.
257 |
258 | NO WARRANTY
259 |
260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
268 | REPAIR OR CORRECTION.
269 |
270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
278 | POSSIBILITY OF SUCH DAMAGES.
279 |
280 | END OF TERMS AND CONDITIONS
281 |
282 | How to Apply These Terms to Your New Programs
283 |
284 | If you develop a new program, and you want it to be of the greatest
285 | possible use to the public, the best way to achieve this is to make it
286 | free software which everyone can redistribute and change under these terms.
287 |
288 | To do so, attach the following notices to the program. It is safest
289 | to attach them to the start of each source file to most effectively
290 | convey the exclusion of warranty; and each file should have at least
291 | the "copyright" line and a pointer to where the full notice is found.
292 |
293 |
294 | Copyright (C)
295 |
296 | This program is free software; you can redistribute it and/or modify
297 | it under the terms of the GNU General Public License as published by
298 | the Free Software Foundation; either version 2 of the License, or
299 | (at your option) any later version.
300 |
301 | This program is distributed in the hope that it will be useful,
302 | but WITHOUT ANY WARRANTY; without even the implied warranty of
303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
304 | GNU General Public License for more details.
305 |
306 | You should have received a copy of the GNU General Public License along
307 | with this program; if not, write to the Free Software Foundation, Inc.,
308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
309 |
310 | Also add information on how to contact you by electronic and paper mail.
311 |
312 | If the program is interactive, make it output a short notice like this
313 | when it starts in an interactive mode:
314 |
315 | Gnomovision version 69, Copyright (C) year name of author
316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
317 | This is free software, and you are welcome to redistribute it
318 | under certain conditions; type `show c' for details.
319 |
320 | The hypothetical commands `show w' and `show c' should show the appropriate
321 | parts of the General Public License. Of course, the commands you use may
322 | be called something other than `show w' and `show c'; they could even be
323 | mouse-clicks or menu items--whatever suits your program.
324 |
325 | You should also get your employer (if you work as a programmer) or your
326 | school, if any, to sign a "copyright disclaimer" for the program, if
327 | necessary. Here is a sample; alter the names:
328 |
329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program
330 | `Gnomovision' (which makes passes at compilers) written by James Hacker.
331 |
332 | , 1 April 1989
333 | Ty Coon, President of Vice
334 |
335 | This General Public License does not permit incorporating your program into
336 | proprietary programs. If your program is a subroutine library, you may
337 | consider it more useful to permit linking proprietary applications with the
338 | library. If this is what you want to do, use the GNU Lesser General
339 | Public License instead of this License.
340 |
--------------------------------------------------------------------------------
8 | Discourse, packaged for YunoHost
9 | 
19 | 
20 |