I’m looking for some up-to-date forum software for a community I want to “host” on the internet.
My requirements:
Not a resource hog like discourse
Classic layout with ways to customize it
Active dev community and low maintenance burden for plugins and the core itself
I tried looking around and I think MyBB is the best option so far.
I’m a bit allergic to software written in PHP (I remember PHP being a bitch to get right so the server/VPS is not pwned the second I open http port) but there is nothing ideal I guess.
Does anyone know any other options?
I’ve also tried flarum, they have a competent front-end plugin system, so with a few energy drinks I think I could crank out some plugin that turns it visually into something like MyBB/phpBB but at that point - I could’ve just used the original, right? Or is there something I don’t know about?
I miss my Jails. Ever since I ditched TrueNAS, I don’t have anything FreeBSD anymore outside of pfSense. The things keeping me away from it are the same arguments I had with Linux when using Windows. Maybe “I just need some time” ™. Is nomad something worth getting into? I read about it when I was learning Kubernetes.
And there is also Firecracker for you security folks out there avoiding containers.
Well, based on that article it looks like there are two viable commercial offerings, phpBB, MyBB, flarum and discourse… and thats it.
Also it looks like MyBB development is basically life support since 2018-2019, which kinda makes sense given this software is basically feature complete.
I disagree. A VM is just an operating system, it doesn’t inherently do anything to secure your workload. Op is almost certainly deploying to a VPS anyway, which is a VM already.
Docker makes it easy to add security related controls to applications that are technically possible to do without Docker, but are a pain so almost nobody does.
This includes running as non-root, having only the minimally needed set of binaries inside of the chroot, mounting the PHP source as read-only to make priv esc harder, etc. You still have to configure these things, but it is much easier with Docker/Podman, a lot of these are boolean flags to set.
Disabling SSH password auth + Docker with security configs + regular updates are your best bet for securing your service. If you’re truly paranoid about Linux kernel exploits, you should be running something like gVisor anyway.
Yes, it’s gonna be a VPS with just the forum on it.
modern single core CPU, dual core recommended
1 GB RAM minimum (with swap)
64 bit Linux compatible with Docker
10 GB disk space minimum
At first, it doesn’t sound too bad, just rent a decent VPS and it should be fine.
The problem is that everyone on the internet seem to agree that discourse takes more resource than this once the community hits any meaningful traffic and I also talked to a guy who had a look at whats used to host one medium community, said that discourse uses 4+GB GB of RAM…
I’ve been thinking that maybe the reason Discourse is like (energy-zapping) molasses on the client*, is because it offloads more work from the server to the client, so that it’s easier to host. I guess that’s not it then?
* My poor Pinephone is really struggling with L1T. It’s always a relief when I switch to reading some phpBB forum. It’s so much nicer to use (and not just because Discourse is slow)!
That being said, there seems to be very little security audit in mind with docker in general and more like “lets run this random thing and hope that it works” approach.
Yes, many people don’t take precautions, but that isn’t any different than sudo add-apt-repository ppa:<some-random-personn> && sudo apt install <foo> which I see all the time. That isn’t a problem with the tool, that’s just how people are to some extent. Want it working with the least effort possible.
It depends, it’s a single-page-application, so there is a lot of js running in the browser.
It’s not a mostly-static html output that you get from other classic forum engines like mybb and phpbb. It also makes it harder for search engines to index, tho I’m pretty sure discourse is providing some view for crawler bots that doesn’t require running the client side js.
Anyway, the resource intensive part of discourse probably boils down to two things:
it’s dynamic - you get notifications in near real time, you can see if someone is typing in a given thread, etc.
it’s written in ruby - I don’t know if this causes more memory/cpu usage, but I suspect that its not as fas as php backend
