Additionally, a note about how our disclosures are reported.
As outlined in our security policy, we maintain a bug bounty program. We use this as a central point of contact for reported vulnerabilities so that they do not get unintentionally exposed for exploit, and to keep better track of them over time.
Lastly, keep in mind that sso-oauth is not deprecated, and will still be maintained. It's still a reference implementation for OAuth2 providers that follow the standard loosely. Also it happens to be the only OAuth 1 reference implementation.
Occasionally, we will get asked whether there are any differences between our hosted service and the open source project.
It is as though we are holding back some great features and only allowing our paying customers access them! Conversely, it could be assumed that because we are hosting the software for others, that we would somehow out of self-interest or for economic reasons, deliver an inferior version with limitations.
I'd like to say upfront that this is not the case for NodeBB.
When you use our hosted service, you receive the same great NodeBB software that you can get for free off of our GitHub repository.
What we're selling is support, maintenance, upgrades, and peace of mind delivered by our world-class† support team.
You definitely can host NodeBB on your own! We've strived for years to deliver a piece of software that runs lean and fast on minimal hardware, great docs (some contributed by other admins!) that help you get up to speed quickly, and a fantastic community that will help you if you get stuck.
The reason I take this principled stand is simple — I think it's unfair when artificial limitations are placed on software just for the purpose of getting customers to pay more.
We've seen all this time and time again:
You can't install any plugin you want, just a select few from a small list
You can only have X units (tickets, posts, etc) of whatever you're using
You can only have X admins/owners
You can't see any messages older than X days
These limitations are all artificial, and serve to restrict the use of something to the bare minimum. Anything extra is — of course — available for the right price.
We don't do that. We tell everybody that NodeBB is powerful enough to run huge communities, and we stand by it. We tell everybody that NodeBB is flexible enough to look and function however you want, and we stand by it.
These are the real limitations we impose on our hosting service:
Hard drive space for uploads are imposed by our upstream provider and are set, though we are happy to add additional drive volumes for a fee)
We have soft "pageview" limits that any user on our hosting can exceed (in fact, many do). We set them purely as a benchmark for the point at which your NodeBB may slow down depending on the type of load that you get, and encourage dialogue to make sure that you're on the right plan (server resources, etc.)
We do not allow shell access for security reasons (and if you needed it, you probably could self-host)
So please do rest assured when I and others tell you that what you see is what you get. No more, no less. I'd rather everybody get to use the best of NodeBB, instead of serving a special feature-reduced version for others.
† I'm going to go out on limb here and say that we're probably the most qualified people to maintain NodeBB. Feel free to disagree 😉
One of the first important things to do after setting up NodeBB is to set up an emailer plugin. While NodeBB does include a local emailer, if your forum is particularly active we recommend using an third-party emailer such as SendGrid which provides better deliverability for sites that send a high volume of email. Setting up SendGrid in NodeBB is very easy.
Open the administrative dashboard using the 'gear' icon on your forum.
Open the Extend > Plugins menu, and select the Find Plugins tab.
Use the search on the right. Type 'SendGrid' and the plugin should appear -- select Install when you see it.
From Installed tab on the Plugins menu, search again for 'SendGrid' and select Activate.
Activating the plugin will require a restart of your forum. To restart, select the Dashboard menu and press the Restart button to the right. After NodeBB restarts, the SendGrid plugin will be active.
After you restart, there should be a item called Emailer (SendGrid) under the Plugins menu -- if you don't see this right away, try refreshing your browser.
Sign up to SendGrid
Go to the SendGrid website, open the pricing page and scroll to the bottom. Click on the link and create your free account.
Once you've confirmed your SendGrid account via email, you should be able to login to the SendGrid website. On the left side of your SendGrid dashboard, open Settings and click on API Keys.
Click the button in the top right to create a new key. Make sure that the key has Full Access for Send Mail and Alerts. When you are done, the new key to your clipboard.
Now, return to the SendGrid menu on your NodeBB admin panel. Paste the API key into the field, and save your changes. Now go back to the Dashboard to restart your forum one more time.