Hello Everyone,
I am new to NodeBB so kindly hold on with the tomatoes.
First, I must say that I found NodeBB only few days ago and been playing with it ever since.
I absolutely love it. You guys have made excellent work!!!
Kindly allow me to make a small contribution.
I was looking for ways to set up NodeBB with SSL, and I wanted to make sure the site is secured, and I must say that getting there gave me more gray hair than my calculus professor, lol
Let me cut some corners for ya-all:
Target platform: EC2 @ Amazon
OS: Amazon Linux2
Installation Steps:
- Note that in AWS Linux, you can't immediately install LetsEncrypt (Certbot) and Nodejs. For that follow:
1a. Aws Linux 2 is similar to Centos7, the best way to install is to follow: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-up-node-on-ec2-instance.html
1b. LetsEncrypt (with manual hack): https://community.letsencrypt.org/t/help-with-certbot-on-the-new-amazon-linux-2/49399/7
- Follow: https://hostpresto.com/community/tutorials/how-to-install-nodebb-forum-on-centos-7/
- Configure NodeBB with DB (I used AWS Redis - rants below)
- Install nginx: In AWS linux: $amazon-linux-extras install nginx1.12
- Note, I did not need to change SELinux on my setup.
Addressing SSL security:
- Find out the latest setup recommendations for security for your nginx version: https://mozilla.github.io/server-side-tls/ssl-config-generator/
- Remove exploits: Add into the nginx config file:
- I was having real hard time with HSTS header - it looks as though someone else (nodebb?) is inserting this header, so don't include that header in nginx.
- Check your site: go to: https://www.ssllabs.com/ssltest/ with the above you should get A+

Database Rants:
- Redis (AWS Free Tier) does not support backup, and its mighty expensive otherwise.
- MongDB is not available in AWS Free Tier.
- AWS Postgres is awesome and available for AWS Free Tier, making NodeBB + Postgres is the ultimate solution for AWS. I saw that mighty @Ben-Lubar got that figured out, however, his pull request is collecting dust as of Jan-13 (https://github.com/NodeBB/NodeBB/pull/5861). @barisusakli, your help pushing the code to master will be highly appreciated, thank you!!!
Security issues:
I wanted no guests, so following https://community.nodebb.org/topic/2371/faq-how-to-make-your-forum-private I added a small JS that checks if the UUID==0 and kicks the user to the login page.
- Clicking breadcrumb in the login page allows the guest user to go back to the forum main page (in my case, categories). I disabled categories to guests, so that page is now blank.
- The said JS code does not run for guests users, so if the guest used breadcrumb to redirect to the main page, I would have expected redirection to login.
How to repeat? Simply log out of your account. To resolve, may I suggest to:
- Remove breadcrumbs from the login page
- Allow the js code added in the admin page, to run for guests as well.
Additional issues:
- I installed the onesignal plugin, and I can confirm it does not work. Note, I pulled the latest code from github: https://github.com/CCob/nodebb-plugin-onesignal . Furthermore, the plugin description is a bit difficult - where should I change the "redirect_uri"? OneSignal gui does not allow you to add /onesignal/auth. Redirect entire site in nginx? but that would affect all users. @CCob your help will be highly appreciated.
- I can confirm the text in the chat window (when not in full screen) is reversed from the getgo, that is with no special css. @mohammadhassan is correct (see: https://github.com/NodeBB/NodeBB/issues/6192 ). The issue exists in the master branch. @julianlam, your help will be highly appreciated. May I suggest to remove the text, and use an icon similar to the one used in the full-page chat? When will the new chat GUI become available in master btw?
- Clicking the image of the user in the chat window (full screen), opens the user profile, but below the chat window. I believe it should be opened above the chat window - but this is no biggie.
Again, awesome forum!!! I love it. Amazing work guys. Chapeau!
All the best,
JJ.
[Now you can go ahead with the tomatoes]