Authentication, Mongo and Upstart

@tqwhite Is it docker?

@tqwhite

My test

In short, I tested ubuntu 14.04 and mongodb 3.2 from clean install with

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list
sudo apt-get update
sudo apt-get install -y mongodb-org

And added next to /etc/mongod.conf

security:
  authorization: enabled

And every thing is perfectly working. Even more funny thing is that, if one remove above authorization: enabled part, then mongod doesn't care of a password, which means any arbitrary passwords include empty string works fine with nodebb and mongodb

Also mongod data filew are at /var/lib/mongodb. even I have no /data

Question

So I would like to ask how you installed mongodb. By compile?

Some Information.

Actually I installed mongodb 2.4 first and install mongodb 3.2 on it. And I found out /etc/mongodb.conf and /etc/init.d/mongod were not updated. This means, service mongod start will bring wrong configurations. One should do start mongod instead of service mongod start to use proper configurations via initctl

Congratulations!

By the way, can I know your OS version? I would like to test by myself also

@SimonQ said:

The email is still not being sent through... Am I missing anything else? (I'm using the test email option that @julianlam suggested)

Edit: I received it after a few minutes of typing this!

• Edit : I missed second line begins with "Edit", congratulations

Have you checked email logs at mailgun site? That is the first thing you have to see.
I always keep it opened while email testing

OK, now I think I got full stories

Actually, my first question to your situation is that

@tqwhite said:

When I type "mongod", it starts the Mongo daemon. After I do that, I can start and run nodebb with no problems at all. Works 100%.

You might mean that you executed mongod at /var/lib/mongodb ( usually that is the data directory ), don't you?

something like

cd /var/lib/mongodb
mongod

@tqwhite said:

I just can't figure out how to specify the equivalent of "auth=true" in YAML.

I think you already did this, but just for sure.

From https://docs.mongodb.org/manual/administration/configuration/

security:
   authorization: enabled

So now, I have questions to the NodeBB development team. @julian

1. About @frissdiegurke 's idea.

   • What do you think? Is it secure or do you have any better ideas, policies , plans?

2. To manage dependencies between plugin,

   • Can we enforce to install and activate plugins by dependencies?
   • Or can we give warnings of wrong configurations, dependencies and so on by plugin on admin UI ( dash board? )?

3. Do we have secure way to add/remove/modify custom data by plugin in a filtering pipe?

   • For example, on filtering hook, data.pluginData.<plugin name> can be always for plugins (means some sure for core will not use it for different reason!! ), whether they are removed or not after filtering. I know if I select good name( random or highly uniq), then it will be quite safe but it will be better if we have an official space.

4. If I want to make a npm module which is dedicated to NodeBB while it's not a plugin, then what is good name for. Maybe nodebb-helper-any-name. It may be for individual plugins.

I had one more, but I forgot what was it while writing....

It's outdated, so don't use it.

1. you can use just redis instead of nodebb/docker:ubuntu-redis and build nodebb image with Dockerfile of NodeBB ( from official github repo ), but only for testing purpose.
2. Or check mine ( NodeBB with Docker full chain ( nginx, redis, mongodb ) )

But here is genenal answers for your questions.

Basically If a container is alive ( means if you can see the container with docker ps ) then you connect to bash shell

docker exec -it <container name> bash

If a container is Exit status, then it's more complicate. here An Golden Rule is that any modifications in containers is temporary and you will loose it. ( even there are ways to save a current container to image, but it's worst idea ).

Basically you can't connect to a container in Exit status, but

1. You can copy from or to the container with docker copy
2. You can manage files if you mounted volumes
3. After you solved problem then you can docker restart. BUT remember the Golden Rule

So best idea is, I think, you have to be able to make your own Dockerfile with proper options from scratch( means from ubunt) or official docker image like redis.

Docker is fun and powerful, fantastic, good to study, but much more complicate than without it before you have enough knowledge and skills. And even it will harm you easily.

Nevertheless, I don't discourage you to use docker!!, I encourage it
I'm just giving a most important tip here. "Don't use docker for production before you know how to deal with a concept of a temporary container" but GOOD FOR TEST AND LEARN.

Welcome to docker

And always do back them up.

@charles one can make an import plugin, but an easiest and efficient way for (quick) testings will be just with redis data dump file. First, load redis with data file, and that's it.

However, I agree that the importer can be better at some point.

@accalia Thank you for information. That sounds some inconvenient but may be good solution specially in budgets.

Also let me introduce good and secure backup solution for a server.
It's B2 Cloud storage by the BlackBlaze.
This is similar with Amazon S3 rather than the CrashPlan or BlackBlaze backup.
And quite cheap than S3.
I did't implement this for my servers, but be seriously considering.

@accalia said:

three servers,

It's interesting.

Does CrashPlan support command line backup client for backup?

I thought that the CrashPlan is for personal machines because of GUI.

@rod

Also I checked a mailgun at my [email protected] test bench in c9.io with a sandbox account.

And It works.

Here is a my configuration, it's obvious but if you are interested on

@rod said:

@qgp9 Strange. Strange. I could not get the mailgun plugin to work for me on v0.9.4 with my own domain even.

I also checked it at my [email protected] test bench in c9.io just before. It works.

@rod Good tip, but I'm living with nodebb-plugin-emailer-mailgun at [email protected].

So I'm the guy who can just say "It works". ( but of course with my own domain, not sandbox. I didn't try it ).

@yariplus Yes, exactly that's what I meant. Specially, I like to see a cooperation between a community and a NodeBB team, so we could have balanced and abundant result.

Also I'm thinking that, for example if we setup public workspace at http://c9.io with various version of NodeBB and sample data, one can easily clone it and test it.

Hi ,

Do we have any sample data to test NodeBB?

If any one have, or it will be good if there are some official data by NodeBB theam.

OR, do we make some by community effort?

With sample data and easy test systems, one can easily pre-view or check needs, and even it can be used for plugin developments.

If there are no existing one and no plans by NodeBB team, then any volunteers to build it together?

@Jenkler

What about simply playwith.club

1. Yes you need to fill both of api and domain name
2. I think you can use sandbox domain for a Domain Name field, but i'm not sure about a limitation of sandbox domain by mailgun. so Why don't you try it just?

@frissdiegurke said:

If you find any cons let me know.

Pros

1. Your method is very flexible. One can cooperate with other plugins just by just control of priorities. This is really un-replaceable advantage.
2. Also I can imagine that we could do this without activated NodeBB plugin called pre-parser but just with helper module per each plugin. I'm not sure of update and version control with npm, but I believe there are certain solutions.

Cons

1. If we want to provide "image list" or "link list" above "contents without code block", a situation will become too complicate. Without accurate and elaborate priorities configurations, we will loose an advantage in resources. In this situation, separated filtering pipe will be better.
2. Your method actually will be touching - let's say - core object. I think this is what we have to be very careful. In the future when NodeBB core development team wants to use get/set of postData, it can be a big problem. Actually it may be possible we check if there are already get/seter and make new get/seter which include old function, but depend on type of original functions, it's not easy to guarantee a proper working. I think a better way could be a pre-registration of plugins which use pre-parser and pre-parser access whole filtering pipe information and decide what to do in each step. An disadvantage of this is that after uninformed plugin before next get call of cached value, pre-parser should check what is changed.

Now what I want to say here is that your method is really brilliant and has un-replaceable advantage but too deep and touching core ( maybe not practically yet but conceptually ). Therefore it needs to be consulted by a core development team.

In other point, your method is quite independent from my custom filter hooks and we can even take both advantages ( of course it will make another problem like Too much or Too complicate :), but just as an idea ).

@accalia said:

use of a transparent proxy for unsecure images, such as camo (suggesteb first by @yariplus)
and
use of a plugin that rewrites links for known image hosts to use HTTPS and turns HTTP images into links for non whitelisted domains

Agree, and why not both.

• 2nd as default.
• 1st as option.