Placeholders: Input details here and the commands below will be auto-filled for you lower down for easy copy-pasting.
Choose a name for the project, which will be used for naming DO Project, Droplet, etc
This is the SSH key fingerprint that is in your Digital Ocean account, for initial
root access only
Name of the new non-root user you want to create on the server (default: ‘discourse’)
This is the
ssh-import-id identity you want to use for the new non-root user
doupdates manual updater for the OS
echo "alias doupdates='sudo apt update && sudo apt -y dist-upgrade && sudo apt autoremove && sudo apt -y autoclean'" >> /etc/profile;source /etc/profile
quickly enter the discourse app container
echo "alias app='sudo su && cd /var/discourse && ./launcher enter app'" >> /etc/profile;source /etc/profile
/var/discourse/ on login (where else would you be going?)
echo "var='cd /var/discourse/'" >> /etc/profile;source /etc/profile
using the aliases we’ve installed, updating server OS is now a single command:
Also worth setting up for Unattended Upgrades for stable security fixes.
dpkg-reconfigure -plow unattended-upgrades
context: you are logged in over SSH, as
create a non-root user ‘=NEW_USERNAME=’
make them a sudoer
usermod -aG sudo =NEW_USERNAME=
edit sudo config so that discourse user can sudo without password
adding the following after the last line
=NEW_USERNAME= ALL=(ALL) NOPASSWD: ALL
create an .ssh directory for the new user
change ownership of that directory to the new user
chown -R =NEW_USERNAME=:=NEW_USERNAME= /home/=NEW_USERNAME=/.ssh
become the new user
su - =NEW_USERNAME=
import my SSH pubkey to this user’s authorized_keys file
check it worked (optional)
The added key should be visible in the Authorized Keys file
SSH security configuration
sudo nano /etc/ssh/sshd_config
edit the SSH config so that the following are set to
no and are uncommented
then restart to apply the changes
sudo service ssh restart
test this by logging out and back in again
me@my-laptop:~$ ssh firstname.lastname@example.org # test login as root
email@example.com: Permission denied (publickey). # root login should fail
me@my-laptop:~$ ssh firstname.lastname@example.org # test login with fictional user (normally would prompt for password)
email@example.com: Permission denied (publickey). # password login should fail
me@my-laptop:~$ ssh firstname.lastname@example.org # test login as discourse
discourse@myubuntuhostname:~$ # successful login without needing password
Note: Git is already installed on Ubuntu 20.04 and is an acceptable version.
git clone https://github.com/discourse/discourse_docker.git /var/discourse
Run Discourse Setup which will install Docker if needed, and then it proceeds with the rest of installation.
cp samples/mail-receiver.yml containers/
depending on your requirements, edit
insert developer emails for initial admin accounts as necessary.
select and configure for initial plugins.
Set up email sending domain in Mailgun (or alternative) and arrange DNS flags for email verification with customer’s domain team.
Set up reply-by-email - using Direct-delivery incoming email for self-hosted sites - sysadmin - Discourse Meta
Most often you will probably want to set up a firewall with the VPS provider, however if you cannot arrange this the
ufw may be of use, see this article for more info.