Initial Discourse server setup on Ubuntu


Placeholders: Input details here and the commands below will be auto-filled for you lower down for easy copy-pasting.

Choose a name for the project, which will be used for naming DO Project, Droplet, etc

This is the SSH key fingerprint that is in your Digital Ocean account, for initial root access only

Name of the new non-root user you want to create on the server (default: ‘discourse’)

This is the ssh-import-id identity you want to use for the new non-root user

Some useful command aliases

useful doupdates manual updater for the OS

echo "alias doupdates='sudo apt update && sudo apt -y dist-upgrade && sudo apt autoremove && sudo apt -y autoclean'" >> /etc/profile;source /etc/profile

quickly enter the discourse app container

echo "alias app='sudo su && cd /var/discourse && ./launcher enter app'" >> /etc/profile;source /etc/profile

cd to /var/discourse/ on login (where else would you be going?)

echo "var='cd /var/discourse/'" >> /etc/profile;source /etc/profile


using the aliases we’ve installed, updating server OS is now a single command:


Also worth setting up for Unattended Upgrades for stable security fixes.

dpkg-reconfigure -plow unattended-upgrades

User setup and hardening

context: you are logged in over SSH, as root

create a non-root user ‘=NEW_USERNAME=’

adduser =NEW_USERNAME=

make them a sudoer

usermod -aG sudo =NEW_USERNAME=

edit sudo config so that discourse user can sudo without password


adding the following after the last line


create an .ssh directory for the new user

mkdir /home/=NEW_USERNAME=/.ssh

change ownership of that directory to the new user


become the new user


import my SSH pubkey to this user’s authorized_keys file

ssh-import-id =NEW_USER_SSH_IMPORT=

check it worked (optional)

cat ~/.ssh/authorized_keys

The added key should be visible in the Authorized Keys file

SSH security configuration

edit the SSH config

sudo nano /etc/ssh/sshd_config

edit the SSH config so that the following are set to no and are uncommented
PermitRootLogin no
PasswordAuthentication no

then restart to apply the changes

sudo service ssh restart

test this by logging out and back in again


me@my-laptop:~$ ssh # test login as root Permission denied (publickey). # root login should fail

me@my-laptop:~$ ssh # test login with fictional user (normally would prompt for password) Permission denied (publickey). # password login should fail

me@my-laptop:~$ ssh # test login as discourse
discourse@myubuntuhostname:~$ # successful login without needing password

Install Discourse

according to discourse/ at main · discourse/discourse · GitHub

Note: Git is already installed on Ubuntu 20.04 and is an acceptable version.

sudo -s
git clone /var/discourse
cd /var/discourse

Run Discourse Setup which will install Docker if needed, and then it proceeds with the rest of installation.


Install the mail-receiver container for direct Reply By Email

cp samples/mail-receiver.yml containers/

Further info

Things to do now

depending on your requirements, edit containers/app.yml


Most often you will probably want to set up a firewall with the VPS provider, however if you cannot arrange this the ufw may be of use, see this article for more info.


List of things for hardening Ubuntu · GitHub
Initial Server Setup with Ubuntu 18.04 | DigitalOcean
How to Set Up SSH Keys on Ubuntu 18.04 | DigitalOcean