@Neeru-Gupta We tried using the same plugin,nodebb-plugin-fusionauth-oidc for authenticating through the keycloak provider but While rebuilding & restarting after installing our Nodebb app breaks. We are unable to proceed further. We have to again clone the whole code to get started with.
Could you please share with me the steps on how you have done & configured it?
We are using another plugin now as nodebb-plugin-sso-oidc which we are able to install & configure. But we are getting SSL protocol error while trying to login
I am quite new to NodeBB. Is there a best practice or a proposed way to temporarily revoke a user's permission to post to the forum? Only allowing reading for a certain amount of time?
I saw that a user can be banned (= from logging in) and I can also set a timer when the ban is being lifted automatically.
Is it easier to edit the single user's permissions or is there a quicker way using groups - although thinking of the situation - after a certain time of hour/days - when the permission are given back and the user is allowed to post again.
If you're a small user, are willing to spend some time tinkering without considering it a form of payment and can accept signing your soul to Oracle, forever doomed to enterprise marketing calls (actually seems like they stopped that some time ago, used to be that when you created a free account you'd get at least one call asking you about what were your needs and what would you need from Oracle Cloud to realize them or something like that), you can actually host NodeBB entirely for free.
Oracle Cloud seems fairly desperate to grab customers and as such is offering a fairly absurd Always Free tier, with a max of 4 VPS servers with 4 ARM cores (and a single hyperthreaded x86 core) to divide between them.
NodeBB works totally fine on ARM - Node is thankfully mostly platform agnostic - so after getting through some small networking hurdles if you're using Ubuntu (just install firewalld. It's the easiest way to make their default iptables config just work without the risk of making the VM unbootable by blocking its iSCSI boot disk, which ufw can apparently do), or just going through a normal config on Oracle Linux (Oracle packaged RHEL) or CentOS*, it works totally fine.
I didn't test it on a single core instance, but on 2 cores (admittedly, with some other things running in the background) a full build takes 63 seconds in total, with webpack responsible for 53 of those, which seems reasonable enough.
A fresh server hosted on the VPS I was testing the build times on, if someone wants to check how well it works: https://demo.nodebb.opliko.dev/ (I will probably shut it down in a few days though)
You can host for free without a standard VPS too. There is always Heroku, Railway and Glich, which both offer essentially a small server with a shared core and 512MB of RAM, (and fly.io which lets you run 3 apps with a shared core and 256MB of RAM, but I think it might be worse for this purpose) though under slightly different models than a VPS. I've seen people run NodeBB on Heroku here before, and have got it to work on Glitch as an experiment, though I'm not sure how the switch to Webpack affected build times - at least on Glitch they were quite slow before 2.0 already. But it's not like you need to do that often.
When it's running though it works fine, but I wouldn't try to run a DB alongside them there even if you could - for that you'll probably want a free MongoDB Atlas instance, which is quite neat, but limited to 512MB of storage, so not suitable for a large forum 🙂
So on the topic directly - NodeBB hosting isn't really more expensive than any other app that requires a connection with a server-side component and a database.
It's just that few PHP applications had the connection part and since they were so popular received first class support across web hosts, but we're currently seeing a major change in that paradigm as newer universal (railway, fly, heroku was really ahead of its time) and "serverless" (every cloud host now has one...) runtimes become commonplace.
The latter are probably now starting to become feasible for a NodeBB-like app, as more and more start supporting websockets for real-time communication (AWS Lambda, Cloudflare Workers, Deno Deploy/Netlify Edge Functions).
So as an aside @julian I just wanted to note that you probably didn't do math on Lambda paritally because it only made sense since 2019 when it WebSocket support via API Gateway 🙂
In the meantime, just renting a small VPS has also become absolutely affordable for individuals - there are many hosts that offer something reasonable for <$5 a month (Hetzner that was mentioned before, OVHCloud which I used for some time and was also totally fine, Vultr, Hostinger and quite a few others with similar models and pricing. Even on AWS you can get something decent for that price if you're willing to reserve it for a year or more).
The managed hosting is for larger sites and aimed at businesses/groups, not people who just want a place for a few dozen people. And for them labor costs might eclipse the managed hosting quite quickly.
Also, the hosting pays for development and maintenance of the software, so I find a bit of a premium to be quite reasonable. OSS doesn't make itself yet, and I personally find the "offer managed version" to be one of the most reasonable ways of maintaining it that doesn't rely on pure goodwill of the community.
@noob111 not so much of a migration, but I wanted to start a new technology forum and choose not only a new domain, but also NodeBB in place of Flarum
This was a hugely beneficial decision. The SEO (actually, the entire platform) here is so much better, and the engagement is well over what I'd expect a relatively new forum to be in a short space of time.
However, as with all websites, SEO plus regular visitors, donations etc don't just "happen" - content is king as they say and if you or others post infrequently, then your content will become stale very quickly.
Is there any NodeBB instance with over 45 million monthly active users in the EU? If not, then there is no requirement for NodeBB to implement any integration with any of this (and even then, at that point I imagine its maintainers can handle it themselves), and that's assuming the most ambitious option passes, as there are currently three with different levels of ambition proposed:
Option 1 is just harmonization of eIDs across EU. Currently there is no requirement for member states to "notify" of their eIDAS scheme, which essentially means they don't have to let others use their eIDs in their (currently only public) services. Some states elected to do so and chose to allow other eIDs in their public services too, but some didn't. Poland for example didn't notify the EU of its eIDAS scheme AFAIK, so while I can use it for public services here, it's useless anywhere else in the EU.
Option 2 involves expanding the scope of eIDAS outside of public services for access to information about a person. However, it only proposes requiring relying on this for already regulated sectors, such as energy and finance. But from my understanding it's basically still just about when a service requires a real identity anyway.
Option 3 is the most ambitious one, and it's the one proposing the creation of the "European Digital Identity Wallet" - a more centralized* way of managing the eID, and also identities for more online services, while allowing the user to control the amount of data shared. This is the closes to relevance for NodeBB, but even this doesn't add a requirement to actually implement this for anyone outside of regulated sectors, which at least here also includes "very large online platforms" (which seems vague, but is actually defined in Digital Services Act as online platforms which provide their services to a number of average monthly active recipients in the Union equal to or higher than 45 million. That number will also increase with larger changes in the EU population, so that it continues to be around 10% of EU population)
There is even a section in the proposal on impact on SMEs. The language there seems quite clear on it being something the EU wants to be desirable to implement and not forced:
Removing commonly reported barriers to SME uptake of eID and trust service solutions, such as complexity and lack of information, is therefore likely to support an increase in uptake up to slightly under half of SMEs (47%), and enable an additional 3 in 10 SMEs to access the benefits estimated.
And this from my understanding includes using eIDAS as end-user - so the goal isn't even for half of small to medium businesses to even use eID themselves, much less integrate with it themselves. About it, the document even has to say this:
SMEs would need to identify a strong business case in order to deploy the necessary resources and develop the wallet and conclude agreements with other players in the Wallet ecosystem e.g. credential providers).
So TL;DR: while one may have differing opinions on whether this direction foe eID is a good idea at all (I personally think that it will help with services that already had to identify you anyway, especially cross-broder, but for the rest I'm okay with most of it since it's not mandatory to use or even have eID), it doesn't impact NodeBB in any currently proposed form. Other than potentially allowing for development of an eIDAS authentication plugin sometime down the line if somebody wanted to do it 🙂
*there are sub options for what this means, but I think the option of one EU-wide app developed directly by the EU was actually discarded.
Are you sure you didn't sign up for two accounts with two different users?
I earlier wondered about that so I tried logging in using the alt gmail and was taken to a screen requesting I accept their access to info agreement, as if I were registering. I did not proceed.
So strong implication is that being signed up under that account was not my issue (though it's not 100% because maybe terms of usage had changed, or due to a long time of inactivity, system requires a re-confirmation procedure).
Could you try hitting the unsubscribe link in the email you receive?
Now that's such a good idea, I expose myself as a doofus.
The most recent email (to secondary account) had two links at the bottom:
First I tried the alter settings link:
Then I tried unsubscribe link:
I guess we'll see if that eliminates the nuisance emails.
The existence of the problem however remains mysterious.
Now, after typing all the above, I notice the link for the alter settings action is simply