Step 1 – Install Docker in an LXD container
We first need to launch an LXD container capable of running Docker in it.
$ lxc launch ubuntu:18.04 container -c security.nesting=true
Here, container is the name of the LXD container. The security.nesting feature must be set to true to allow a Docker installation inside an LXD container.
Next, let’s install Docker Community Edition on Ubuntu 18.04 (Bionic Beaver).
$ lxc exec container bash
[email protected]:~$ apt-get update Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB] ... Reading package lists... Done [email protected]:~$ apt-get install \ > apt-transport-https \ > ca-certificates \ > curl \ > software-properties-common Reading package lists... Done ... The following additional packages will be installed: libcurl3-gnutls The following packages will be upgraded: curl libcurl3-gnutls 2 upgraded, 0 newly installed, 0 to remove and 20 not upgraded. ... [email protected]:~$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - OK [email protected]:~$ apt-key fingerprint 0EBFCD88 pub 4096R/0EBFCD88 2017-02-22 Key fingerprint = 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88 uid Docker Release (CE deb) <[email protected]> sub 4096R/F273FCD8 2017-02-22 [email protected]:~$ add-apt-repository \ > "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ > $(lsb_release -cs) \ > stable" [email protected]:~$ apt-get update ... [email protected]:~$ apt-get install docker-ce ... The following NEW packages will be installed: aufs-tools cgroupfs-mount docker-ce libltdl7 0 upgraded, 4 newly installed, 0 to remove and 20 not upgraded. Need to get 21.2 MB of archives. After this operation, 100 MB of additional disk space will be used. ... [email protected]:~$
Third, let’s test that Docker is working, by running the hello-world image.
[email protected]:~$ docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 5b0f327be733: Pull complete Digest: sha256:07d5f7800dfe37b8c2196c7b1c524c33808ce2e0f74e7aa00e603295ca9a0972 Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://cloud.docker.com/ For more examples and ideas, visit: https://docs.docker.com/engine/userguide/ [email protected]:~$
Finally, let’s go full inception by running Ubuntu in a Docker container inside an Ubuntu LXD container on Ubuntu 18.04.
[email protected]:~$ docker run -it ubuntu bash Unable to find image 'ubuntu:latest' locally latest: Pulling from library/ubuntu ae79f2514705: Pull complete 5ad56d5fc149: Pull complete 170e558760e8: Pull complete 395460e233f5: Pull complete 6f01dc62e444: Pull complete Digest: sha256:506e2d5852de1d7c90d538c5332bd3cc33b9cbd26f6ca653875899c505c82687 Status: Downloaded newer image for ubuntu:latest [email protected]:/# exit
Before we finish, let’s check what docker info says.
[email protected]:~$ docker info Containers: 2 Running: 0 Paused: 0 Stopped: 2 Images: 2 Server Version: 17.09.0-ce Storage Driver: vfs Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 06b9cb35161009dcb7123345749fef02f7cea8e0 runc version: 3f2f8b84a77f73d38244dd690525642a72156c64 init version: 949e6fa Security Options: apparmor seccomp Profile: default Kernel Version: 4.10.0-37-generic Operating System: Ubuntu 18.04.1 LTS OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 4.053 GiB Name: docker ID: KEA5:KU1N:MM6U:2ROA:UHJ5:3VRR:3B6C:ZWF4:KTOB:V6OT:ROLI:CAT3 Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false WARNING: No swap limit support WARNING: bridge-nf-call-iptables is disabled WARNING: bridge-nf-call-ip6tables is disabled [email protected]:~$
Step 2 – Install Discourse
/var/discourse folder, clone the Official Discourse Docker Image into it:
sudo -s mkdir /var/discourse git clone https://github.com/discourse/discourse_docker.git /var/discourse cd /var/discourse
You will need to be root through the rest of the setup and bootstrap process.
⚠️ Email is CRITICAL for account creation and notifications in Discourse. If you do not properly configure email before bootstrapping YOU WILL HAVE A BROKEN SITE!
Already have a mail server? Great. Use your existing mail server credentials.
No existing mail server? Check out our Recommended Email Providers for Discourse.
To ensure mail deliverability, you must add valid SPF and DKIM records in your DNS. See your mail provider instructions for specifics.
🔔 Discourse will not work from an IP address, you must own a domain name such as
Already own a domain name? Great. Select a subdomain such as
forum.example.comfor your Discourse instance.
Your DNS controls should be accessible from the place where you purchased your domain name. Create a DNS A record for the
discourse.example.comsubdomain in your DNS control panel, pointing to the IP address of your cloud instance where you are installing Discourse.
Edit Discourse Configuration
Launch the setup tool at
Answer the following questions when prompted:
Hostname for your Discourse? [discourse.example.com]: Email address for admin account(s)? [[email protected],[email protected]]: SMTP server address? [smtp.example.com]: SMTP port? : SMTP user name? [[email protected]]: SMTP password? [pa$word]: Let's Encrypt account email? (ENTER to skip) [[email protected]]:
This will generate an
app.yml configuration file on your behalf, and then kicks off bootstrap. Bootstrapping takes between 2-8 minutes to set up your Discourse. If you need to change these settings after bootstrapping, you can run
./discourse-setupagain (it will re-use your previous values from the file) or edit
/containers/app.yml manually with
nano and then
./launcher rebuild app, otherwise your changes will not take effect.
Important: Launcher will fail on VFS devices
While docker will run on VFS, the Discourse launcher script fails if VFS is detected.
The solution is simple, edit the launcher file and search for aufs where you’ll find valid disk options, add vfs as an option and re-run the launcher script.
Once bootstrapping is complete, your Discourse should be accessible in your web browser via the domain name
discourse.example.com you entered earlier.
Register New Account and Become Admin
Register a new admin account using one of the email addresses you entered before bootstrapping.
(If you are unable to register your admin account, check the logs at
/var/discourse/shared/standalone/log/rails/production.log and see our Email Troubleshooting checklist.)
After registering your admin account, the setup wizard will launch and guide you through basic configuration of your Discourse.
After completing the setup wizard, you should see Staff topics and READ ME FIRST: Admin Quick Start Guide. This guide contains advice for further configuring and customizing your Discourse install.
- We strongly suggest you turn on automatic security updates for your OS. In Ubuntu use the
dpkg-reconfigure -plow unattended-upgradescommand. In CentOS/RHEL, use the
- If you are using a password and not a SSH key, be sure to enforce a strong root password. In Ubuntu use the
apt-get install libpam-cracklibpackage. We also recommend
fail2banwhich blocks any IP addresses for 10 minutes that attempt more than 3 password retries.
apt-get install fail2ban
sudo yum install fail2ban(requires EPEL)
- If you need or want a default firewall, turn on ufw for Ubuntu or use
firewalldfor CentOS/RHEL 7 or later.
You will get email reminders as new versions of Discourse are released. Please stay current to get the latest features and security fixes. To upgrade Discourse to the latest version, visit
/admin/upgrade in your browser and click the Upgrade button.
launcher command in the
/var/discourse folder can be used for various kinds of maintenance:
Usage: launcher COMMAND CONFIG [--skip-prereqs] [--docker-args STRING] Commands: start: Start/initialize a container stop: Stop a running container restart: Restart a container destroy: Stop and remove a container enter: Use nsenter to get a shell into a container logs: View the Docker logs for a container bootstrap: Bootstrap a container for the config based on a template rebuild: Rebuild a container (destroy old, bootstrap, start new) cleanup: Remove all containers that have stopped for > 24 hours Options: --skip-prereqs Don't check launcher prerequisites --docker-args Extra arguments to pass when running docker
Problems running docker in an LXD container?If you encounter problems with Docker failing to run in LXD then you may need to tweak some settings in your host’s /etc/sysctl.conf Edit /etc/sysctl.conf and try these settings:
kernel.keys.maxkeys=2000 kernel.keys.maxbytes=200000 net.ipv4.tcp_mem=182757 243679 365514 net.core.netdev_max_backlog=182757Apply them using sysctl -p or reboot your host.