Repository files navigation

A Terraform project to launch Discourse in the cloud.

You should firstgo to AWS Console and then click on Access Keys , and create a key-pair... you can also optionally setup an IAM user to limit your surface, this can be done atthrough IAM console. After you have done one of these things you should export your key so that we can use it to build your infrastructure.

export AWS_ACCESS_KEY_ID="<AccessKey>"export AWS_SECRET_ACCESS_KEY="<SecretKey>"export AWS_DEFAULT_REGION="us-west-2"

set AWS_ACCESS_KEY_ID="<AccessKey>"set AWS_SECRET_ACCESS_KEY="<SecretKey>"set AWS_DEFAULT_REGION="us-west-2"

# This generates an RSA Key.ssh-keygen -t rsa -b 4096 -f keys/deploy.keymv keys/deploy.key.pub keys/deploy.pub

On Windows you should either have bash on Windows, or you will need to visitGithub for a guide on how to create an SSH key with Github, Git Bash (CYGWin), or... if you know another way, then use it. Launch bash and then refer to theLinux/Unix section.

The following assumes you use a Yubikey to store your SSH keys on separate hardware, if you do not, switchcardno:<serial> with your email and it will extract your key.

ssh-add -L cardno:<Serial>> keys/user.pub

On Windows you will need to manually copy your public key from wherever you store it, if you usepa-agent it might be able to extract the public key on your behalf to a file to copy, if you have GPG2 and store your key on hardware, and it is in your path you should be able to do

gpg2 --export-ssh-key you@example.com

This is an important step, since we need both the AWS plugin, as well as the Template plugin so that we can build out your infrastructure.Please do not skip this step

terraform init

Inside ofvars.tf there are a bunch of variables you can customize, some of them, however, are required. You can set those withterraform.tfvars.

discourse_hostname="your.fqdn"discourse_smtp_username="you@example.com"discourse_developer_emails="you@example.com"discourse_smtp_password="myPassword"db_password="myPassword"

For a full list of customizable variables please refer tovars.tf everything in there except for templates is customizable viaterraform.tfvars

First you should review and make sure everything looks okay, never randomly launch instances without first reviewing. One of the golden rules of systems.

terraform plan

After reviewing you can launch the instances

terraform apply

This will launch a VPC, several Security Groups, an RDS (PostgreSQL) instance, 2 Subnets (across 2 Zones), an ElastiCache (Redis) instance, and an ELB to route your traffic to the instance. Each one of these is slugged, and designed so that you can spot them within your admin panel of your AWS control plane.By default this Terraform project is designed so that it can be ran on minimal costs, you can adjustvars.tf so that you can also run it entirely free

You should first visitthis blog post and learn how to create your own SSL certificate inside of AWS (for free of-course), there are manual and necessary steps to create one. After doing that you can run the following and repeat theterraform steps necessary to deploy.

cp templates/ssl.tf.

If you use a private provider, you should first copy your private key, andyour public key tokeys/ssl.key andkeys/ssl.crt respectively, and then run the following:

cp templates/ssl.private.tf ssl.tf

We will upload your certificate to the certificate manager and then attach it to your load balancer on your behalf, without much more interaction or requirement then that.