Hello, I am new here and this is my first post.
I am on the Ghost(Pro) paid plan and wish to set up a hosted Discourse instance, with SSO and Ghost as the source of truth for all Discourse logins and access to tiers within the Discourse forum.
I have read up on all the forum posts I can find on this topic, both in here and over in the Discourse Meta forum. I have enquired with Ghost and Discourse support teams about whether they can help, but am getting nowhere.
I have reached out to @vikaspotluri123, the developer who built the Discourse on Ghost (DoG) middleware app to see if he can help.
While waiting to hear back, I wanted to extend the request to other possible solutions providers: can anybody help to set up/adapt a secure, robust piece of middleware that allows my Ghost subscribers to log into Discourse using their registered Ghost email address?
For background, I did create my own piece of SSO Middleware with the help of ChatGpt and self-hosted this on a DigitalOcean droplet. The app worked, but I am very much low-code and it seems I opened up a security vulnerability by exposing the Admin API, so I immediately shut it down. I do not want to go down that route again and want something built by a professional that is 100% secure. Since I am not completely no-code, I can probably maintain it myself once it is up and running. It is just the initial setup I need help with. However, I do require a hosted Discourse instance because I do not want to have to worry about maintaining forum uptime, dealing with updates etc.
I was going to say something in regard to upkeep and security, but you pretty much nailed right there with that statement.
Hosting it yourself isn’t too terrible, as long as you know your way around terminal, UWF, and implement best practices like disable root login, harden ssh with sshkeys, etc.
As far as API Keys, it is my understanding that as long as you store this credential somewhere, you’re secure. Again, with those best practices as mentioned above.
Looking at the DoG GitHub, it looks pretty straight forward. But I only glanced at it.
I am not keen on hosting Discourse myself since it is heavy and my preference is in Flarum…
But I may be able to host the “bridge” in a reasonable pricing. Will have to look deeper into this though before I give the greenlight.
- JWT: Ghost can provide a verifiable token (called a JWT) that authenticates a member
- Allows Discourse on Ghost to sit on any domain (including a subdomain)
- Requires a bit more coordination (redirects/hops) between Discourse, DoG, and Ghost
I would think, I can create an instance in my CloudPanel on my VPS for Node.JS and do the rest. I’m no programmer or anything, I do this purely as a hobby lol.
But if this does work out, and it is something you want to do, I may do it for a set up fee and cheap “keep it alive” bill.
Maybe I can do this on multiple instances if others are in the same situation. I don’t think it would take up too much resources.
But honestly, if you spend a little time on yourself to get familiar with SSH Hardening and everything, you can easily set this up yourself.
A Digital Ocean Droplet for Discourse is maybe $5 a month? For more hands off, you can use the service at PikaPods to just fire up Discourse itself and come back to me and we can explore the above option as well. PikaPods is really greate for a set it and forget it type of deal since they do everything else in the background for you.
Thanks, I had not heard of PikaPods. Do they take care of Discourse updates? I am looking at Communiteq as a low-cost turnkey hosted solution for the Discourse instance. Their rates are competitive and I don’t have to worry about downtime, upscaling with usage, etc.
If you could take care of the SSO middleware setup, I would happily pay for your time. A retainer seems reasonable in case it breaks or wobbles.
I have a lot of things on my plate right now actually. So it might be a while before I can help you. Might have to move states.
But in the meantime, PikaPods is great, they handle everything. Their idea is, they manage it, you use it. They routinely keep backups from what I understand as well.