README.md

   1 ### About
   2
   3 - [Docker](https://www.docker.io/) is an open source project to pack, ship and run any Linux application in a lighter weight, faster container than a traditional virtual machine.
   4
   5 - Docker makes it much easier to deploy [a Discourse forum](https://github.com/discourse/discourse) on your servers and keep it updated. For background, see [Sam's blog post](http://samsaffron.com/archive/2013/11/07/discourse-in-a-docker-container).
   6
   7 - The templates and base image configure Discourse with the Discourse team's recommended optimal defaults.
   8
   9
  10 ### IMPORTANT: Before You Start
  11
  12 1. Make sure you're running a **64 bit** version of either [Ubuntu 12.04 LTS](http://releases.ubuntu.com/precise/), [Ubuntu 13.04](http://releases.ubuntu.com/13.04/) or [Ubuntu 13.10](http://releases.ubuntu.com/13.10/).
  13 1. Upgrade to the [latest version of Docker](http://docs.docker.io/en/latest/installation/ubuntulinux/).
  14 1. Create a directory for Discourse Docker (the expected path is `/var/docker`): `install -g docker -m 2775 -d /var/docker`
  15 1. Run the docker installation and launcher as **root** or a member of the **docker** group.
  16 1. Add your user account to the docker group: `usermod -a -G docker yourusername` and re-login.
  17
  18 If you do not do any of the above, as RoboCop once said, ["there will be… trouble."](http://www.youtube.com/watch?v=XxarhampSNI) *Please double check the above list before proceeding!*
  19
  20 ### Getting Started
  21
  22 The simplest way to get started is the  **standalone** template:
  23
  24 1. **Clone** this project from github into `/var/docker` on your server: `git clone https://github.com/discourse/discourse_docker.git /var/docker`
  25 2. **Copy** the standalone sample into the containers directory: `cp samples/standalone.yml containers/app.yml`
  26 3. **Edit** `containers/app.yml` with your environment specific information
  27   - [bindings](#expose)
  28   - [volumes](#volumes)
  29 4. **Bootstrap** the image: `sudo ./launcher bootstrap app`
  30 5. **Start** the image: `sudo ./launcher start app`
  31
  32 Note: you can add yourself to the Docker group if you wish to avoid `sudo` with `usermod -aG docker <your-user-name>`.
  33
  34 ### Directory Structure
  35
  36 #### `/cids`
  37
  38 Contains container ids for currently running Docker containers. cids are Docker's "equivalent" of pids. Each container will have a unique git like hash.
  39
  40 #### `/containers`
  41
  42 This directory is for container definitions for your various Discourse containers. You are in charge of this directory, it ships empty.
  43
  44 #### `/samples`
  45
  46 Sample container definitions you may use to bootstrap your environment. You can copy and amend templates here into the containers directory.
  47
  48 #### `/shared`
  49
  50 Placeholder spot for shared volumes with various Discourse containers. You may elect to store certain persistent information outside of a container, in our case we keep various logfiles and upload directory outside. This allows you to rebuild containers easily without losing important information. Keeping uploads outside of the container allows you to share them between multiple web instances.
  51
  52 #### `/templates`
  53
  54 [pups](https://github.com/samsaffron/pups) managed pups templates you may use to bootstrap your environment.
  55
  56 #### `/image`
  57
  58 Dockerfile for both the base image `samsaffron/discourse_base` and discourse image `samsaffron/discourse`.
  59
  60 - `samsaffron/discourse_base` contains all the OS dependencies including sshd, runit, postgres, nginx, ruby.
  61
  62 - `samsaffron/discourse` builds on the base image and configures a discourse user and `/var/www/discourse` directory for the Discourse source.
  63
  64 The Docker repository will always contain the latest built version at: https://index.docker.io/u/samsaffron/discourse/ , you should not need to build the base image.
  65
  66 ### Launcher
  67
  68 The base directory contains a single bash script which is used to manage containers. You can use it to "bootstrap" a new container, ssh in, start, stop and destroy a container.
  69
  70 ```
  71 Usage: launcher COMMAND CONFIG
  72 Commands:
  73     start:      Start/initialize a container
  74     stop:       Stop a running container
  75     restart:    Restart a container
  76     destroy:    Stop and remove a container
  77     ssh:        Start a bash shell in a running container
  78     logs:       Docker logs for container
  79     bootstrap:  Bootstrap a container for the config based on a template
  80 ```
  81
  82
  83 ### Container Configuration
  84
  85 The beginning of the container definition will contain 3 "special" sections:
  86
  87 #### templates:
  88
  89 ```
  90 templates:
  91   - "templates/cron.template.yml"
  92   - "templates/postgres.template.yml"
  93 ```
  94
  95 This template is "composed" out of all these child templates, this allows for a very flexible configuration struture. Furthermore you may add specific hooks that extend the templates you reference.
  96
  97 #### expose:
  98
  99 ```
 100 expose:
 101   - "2222:22"
 102   - "127.0.0.1:20080:80"
 103 ```
 104
 105 Expose port 22 inside the container on port 2222 on ALL local host interfaces. In order to bind to only one interface, you may specify the host's IP address as `([<host_interface>:[host_port]])|(<host_port>):]<container_port>[/udp]` as defined in the [docker port binding documentation](http://docs.docker.io/en/latest/use/port_redirection/)
 106
 107
 108 #### volumes:
 109
 110 ```
 111 volumes:
 112   - volume:
 113       host: /var/docker/shared
 114       guest: /shared
 115
 116 ```
 117
 118 Expose a directory inside the host inside the container.
 119
 120
 121 #### ssh:
 122
 123 In order to ssh into the container instance, you need to provide root's public key on host. You can get the root's public key using `sudo cat /root/.ssh/id_rsa.pub`. Then add a new entry into `app.yml` under `params` to specify the key.
 124
 125     ssh_key: ssh-rsa ROOT_PUBLIC_KEY_HERE
 126
 127 If you don't have a key there, you could generate one using `ssh-keygen`
 128
 129     sudo su     # switch to root
 130     cd ~
 131     ssh-keygen  # defaults are fine.
 132     exit        # return to your own account
 133
 134
 135 ### Upgrading Discourse
 136
 137 The Docker setup gives you multiple upgrade options:
 138
 139 1. Use the front end at http://yoursite.com/admin/docker to upgrade an already running image.
 140
 141 2. Create a new base image by running:
 142   - `./launcher destroy my_image`
 143   - `./launcher bootstrap my_image`
 144   - `./launcher start my_image`
 145
 146 ### Single Container vs. Multiple Container
 147
 148 The samples directory contains a standalone template. This template bundles all of the software required to run Discourse into a single container. The advantage is that it is easy.
 149
 150 The multiple container configuration setup is far more flexible and robust, however it is also more complicated to set up. A multiple container setup allows you to:
 151
 152 - Minimize downtime when upgrading to new versions of Discourse. You can bootstrap new web processes while your site is running and only after it is built, switch the new image in.
 153 - Scale your forum to multiple servers.
 154 - Add servers for redundancy.
 155 - Have some required services (e.g. the database) run on beefier hardware.
 156
 157 If you want a multiple container setup, see the `data.yml` and `web_only.yml` templates in the samples directory. To ease this process, `launcher` will inject an env var called `DISCOURSE_HOST_IP` which will be available inside the image.
 158
 159 WARNING: In a multiple container configuration, *make sure* you setup iptables or some other firewall to protect various ports (for postgres/redis).
 160 On Ubuntu, install the `ufw` or `iptables-persistent` package to manage firewall rules.
 161
 162 ### Email
 163
 164 For a Discourse instance to function properly Email must be set up. Use the `SMTP_URL` env var to set your SMTP address, see sample templates for an example. The Docker image does not contain postfix, exim or another MTA, it was omitted because it is very tricky to set up correctly.
 165
 166 ### Troubleshooting
 167
 168 You can ssh into your container using `./launcher ssh my_container`, we will automatically set up ssh access during bootstrap.
 169
 170
 171 ### Security
 172
 173 Directory permissions in Linux are UID/GID based, if your numeric IDs on the
 174 host do not match the IDs in the guest, permissions will mismatch. On clean
 175 installs you can ensure they are in sync by looking at `/etc/passwd` and
 176 `/etc/group`, the Discourse account will have UID 1000.
 177
 178
 179 ### Advanced topics
 180
 181 - [Setting up SSL with Discourse Docker](https://meta.discourse.org/t/allowing-ssl-for-your-discourse-docker-setup/13847)
 182 - [Multisite configuration with Docker](https://meta.discourse.org/t/multisite-configuration-with-docker/14084)