I wanted to say thank you again for everything you guys have done and continue to do for the nodebb world.
You (@julian, @baris, and everyone that has contributed), have been on my short list of real heroes over the past decade and have made a profound impact in the lives of the regulars on https://kubuckets.com
We recently bumped up from v1.13.1 to the latest and greatest nodebb. I ended up "archiving" the old board by linking to it in categories and giving it a different domain name. I manually copied over some of the mongo data to preserve the user data and force reset everyones password. It was a bumpy road that led to a beautiful place
After reading Enshittification per my brothers recommendation in November, I started digging into the fediverse, and suddenly @julian popped up everywhere. It's serendipitous and a small world after all. I intend to fully explore what I can do with ActivityPub on https://kubuckets.com and https://unshittified.club in the coming year. I have had a couple failed attempts to link between the two, but I need to get more familiar with how to configure it. I'm hoping that with the fediverse I can grow our user bases a little bit, maybe we can be the first people who discuss sports on the fediverse. Haha. I tried to recruit on reddit a little bit but reddit didn't like that very much and quickly canceled me
Thank you guys! Merry Christmas!
@[email protected]
Apologies in advance if I misrepresented anybody or missed any crucial bits of information.
Attendees
Julian (@[email protected])
Ted Thibodeau Jr (he/him) (OpenLinkSw.com) // GitHub:@TallTed // Mastodon:@TallTed
Jesse Karmani ([email protected])
Agenda
Mastodon context issues (backfill not possible at the moment)
Context (topic/thread) deletion and moving between audiences (communities/categories)
Draft FEP for the above
Deleting entire tree vs. one post. with_replies or Remove(Context)?
Cross-posting (stalled?)
Mastodon context issues
Backfill not possible, context remains null
Claire and David are aware, can this be reproduced locally? @jesseplusplus
Mastodon keeps track of the conversation, but not what the root-level ID is; Frequency keeps track of the parents. This was new to Mastodon codebase (all internally)
Possibly the code shared for this is not working
Jesse will take a look (diff b/w Decodon and Mastodon)
Ted: in-reply-to tracking is akin to parent tracking
Jesse: Not quite; Mastodon now tracks root-level ID (that's the piece that might not be working.)
Mastodon reading context?
The other (harder) half: FEP f228
Jesse made David aware of the possibility of using f228 to backfill
Asked whether this would conflict with existing reply tree crawling — suspect it will not.
Expected 6–12 months out (or more)
tl;dr — no update available, but none was expected either.
Context Relocation and Removal
Pre-Draft FEP
ActivityPub.Space Discussion
Genesis of this FEP from needs of ActivityPub.Space. It bridges Microblogiverse and Threadiverse by importing discussions by hashtag (#activitypub among others)
Lots of curation needed as people tend to use the #activitypub hashtag when discussing non-AP things
Also non-English content, etc. (ActivityPub.Space is English-focused as we have two mods, Julian and another temporary mod from toot.wales/IFTAS)
Pre-draft shared with Rimu ([email protected]) and Felix ([email protected]) for their thoughts, discussion (linked above) started last night for some additional input.
No opposition to Move(Context) as it is not a functionality that is implemented by anybody at the moment
Hooray for greenfield AP dev!
Out-of-band discussion
Remove(Context) received some pushback from Lemmy. This was expected as both Lemmy and Piefed currently use Delete(Object)
Felix is recommending that Delete(Object) can supply with_replies property to explicitly denote that the entire reply tree is to be deleted.
Julian is recommending that Remove(Context) be used to explicitly denote that the reply-tree/container itself is removed, context can be resolved to determine which exact object IDs to delete if needed, Remove also tells you which audience/community it was removed from.
Rimu OK with either approach.
Felix raised objection to the wording that Delete(Post) is shown under "backwards compatibility" — Julian will update to reflect equal priority on both approaches.
ForumWG discussion
Julian admits that it is likely much much easier for Lemmy to update their handling of Delete vs. creating a new handler for Remove.
Julian notes disconnect with current behaviour (Delete(Object)) and new behaviour (same, but with_replies) and the actual effect (removal from the community); you cannot actually delete someone else's content because it does not satisfy same-origin constraint (yes, sometimes, but not always.)
Currently at an impasse as to how to proceed, but Julian encourages parties present to contribute to the discussion and review the FEP.
Would prefer alignment as opposed to supporting both Remove and Delete(Object) w/ replies given that it is unlikely both will be implemented widely.
Action Items
Jesse: investigate null context issue; Mastodon
Julian: Revise and publish FEP f15d
Relevant Mentions
[email protected] [email protected]
Hello everyone!
I'd like to share a new plugin that a friend and I created.
Upload Plus is a NodeBB plugin that extends the standard file upload functionality: it organizes files into nested subfolders (by name hash or date) and, if necessary, automatically converts images to WebP, returning a link to the WebP version to the client. The plugin includes settings for directory nesting depth and an option to enable/disable WebP conversion.
This plugin saves space by converting files to WebP and by using subfolder management.
https://github.com/mysteren/nodebb-plugin-upload-plus
https://www.npmjs.com/package/nodebb-plugin-upload-plus
how do you whitelist via acp. i tried to install nodebb-plugin-registration-notification via npm i notebb...etc. did not get an error. but also did not get a working plugin.
and yes, the nodebb email test worked just fine. and yes, my test registrations were in the cue. but not email happiness of notifcation.
soooo. how do i whitelist. and how do i test that it got accepted and works.
Hi NodeBB devs and plugin authors,
I help run an RP/creative community and we’re running into a major pain point for forum based roleplay: NodeBB has no built in or plugin support for true character/account switching.
Why This Matters
Many RP, fandom, and writing communities rely on users posting as different “characters” with unique avatars, bios, and post histories all under one main login.
On older forum platforms (like JCink, Invision, and iirc Dreamwidth) players can instantly swap between “character” accounts or tabs with a single click without logging out and in each time.
This makes RP more accessible, fun for users who manage many muses or need easy navigation.
What We’re Looking For
A plugin or core feature that lets users:
Link multiple “character” accounts under one primary account (with their own avatars, bios, and posts)
Instantly switch between them from a dropdown or button no logout/login needed
Keep character links private (except to mods/admins for anti abuse)
Manage characters in their profile/settings (add, remove, customize)
Preserve all NodeBB permissions and moderation controls
[Ideally] Include accessibility features (focusable switch UI, screenreader friendly, big buttons, high contrast)
This is a standard feature on almost all RP oriented forum software but NodeBB lacks it even as an unofficial plugin.
Previous Solutions/Attempts
I know “alt account” plugins have been suggested or half built but nothing is maintained or available for NodeBB v3+.
Current workarounds (separate accounts per character, custom profile fields, etc.) are clunky and hard for ND/disabled users.
Who Would Use This
RP, fanfic, and OC communities
Multi persona/gaming/alt identity forums
Anyone running a creative or fandom NodeBB
What We Can Provide
I can share a full feature spec and user stories (see below).
My community is willing to beta test or help with accessibility/UX feedback.
Feature Spec (TL;DR)
One main account can create/link multiple “character” profiles/accounts
Per character avatar, name, bio, and post history
Instant in forum switch (dropdown/button)
Privacy and moderation controls
Full accessibility support (keyboard, screenreader, color contrast)
Admin view for linked characters
(Nice to have) Public cast directory, quick switch widget, theme support
Final Note
NodeBB is an amazing modern forum but the lack of character/account switching is the one thing holding it back for a huge creative userbase.
If anyone is interested in developing this (open source!!) or has working solutions please reply here or DM me.
Thanks so much for your time!
Rika
Hi,
I wrote an Update Script because a lot Steps to do it safely.
#!/bin/bash
nodebb_path="/root"
nodebb_compose="docker-compose-orgi.yml"
plugins_ol="nodebb-plugin-embed nodebb-plugin-math-captcha nodebb-plugin-embed nodebb-plugin-emoji-android nodebb-plugin-google-analytics nodebb-plugin-sso-google nodebb-plugin-tenor-gif nodebb-plugin-sso-github"
if [ ! -f "$nodebb_compose" ]; then
echo "Compose does not exist, aborting"
exit 1
fi
if [ ! -d "$nodebb_path/nodebb" ]; then
echo "Path not exist, aborting"
exit 1
fi
# Backup current Data
if [ -d "$nodebb_path/nodebb-backup" ]; then
echo "nodebb-backup exist"
read -p "Delete old backup? (Y/N): " confirm
if [[ $confirm == [Yy] ]]; then
echo "Deleting backup"
rm -rf $nodebb_path/nodebb-backup
else
echo "Do not Update without current backup"
exit 1
fi
fi
echo "Backup NodeBB Folder"
cp -r "$nodebb_path/nodebb/" "$nodebb_path/nodebb-backup"
echo "Backup NodeBB Image"
docker save nodebb-nodebb:latest | gzip > "$nodebb_path/nodebb-backup/nodebb-nodebb_latest.tar.gz"
echo -e "\nFetch NodeBB Repository\n"
git fetch
echo -e "\nReset NodeBB Base\n"
git reset --hard origin/v4.x
echo -e "\nChange NodeBB User and Group\n"
chown -R 1001:1001 .docker public
echo -e "\nModify Dockerfile with Plugins\n"
if [[ $(grep -c "npm install" Dockerfile) -lt 2 ]]; then
sed -i "/EXPOSE 4567/a RUN npm install $plugins_ol" Dockerfile
fi
#echo "NPM Install count $(grep -c "npm install" Dockerfile)"
echo -e "\nBuilding NodeBB Image\n"
docker compose -f $nodebb_compose build
echo -e "\nDeploy NodeBB Image\n"
docker compose -f $nodebb_compose up -d
counter=0
while [ $(docker logs nodebb-nodebb-1 | grep -c "NodeBB is now listening") -lt 1 ]; do
docker logs --tail 20 nodebb-nodebb-1
sleep 10
counter=$((counter+1))
if [[ "$counter" -ge "30" ]]; then
echo -e "\nNodeBB not Coming up, please investigate\n"
exit 1
fi
done
docker logs --tail 20 nodebb-nodebb-1
docker exec -i nodebb-nodebb-1 npm list | grep nodebb > /tmp/nodebb-plugins.txt
for i in $plugins_ol; do
if [[ $(grep -c $i /tmp/nodebb-plugins.txt) == 1 ]]; then
echo "Plugin Installed $i"
else
echo "Plugin Not Installed $i"
fi
done
https://forum.its-egner.de/topic/4589/nodebb-docker-update-script
Greetings
To me, the strength of traditional forums lies in the longevity of topics. Unlike Reddit and its fediverse clones, which have a sorting algorithm that prioritizes new content rather than old but still relevant content, forums present threads in reverse chronological order based on the last reply, meaning as long as people are talking, the topic remains seen.
Consider the following example. Let's say I'm on a classic car forum and want to post about a restoration project I'm working on. I start a topic, explain what I'm doing in the OP, and post updates as replies. Others can follow the progress of my project and give comments and feedback by replying in that one thread. The project may take months or years, but that single topic will remain relevant and visible for as long as the community thinks it should be relevant, demonstrated by myself and other members posting replies. In time the topic may become an enduring facet of the forum's culture.
Now let's consider the same project undertaken on a redditlike site like Lemmy or Piefed or indeed Reddit itself. The default sorting algorithm causes posts to appear lower and lower down the list as time goes on. It also takes votes into account, which is another bone of contention I have with these platforms that I will address later. Anyway, I make my OP and others comment on it, but after a few days it's buried under newer threads, meaning new people (or old people who don't bookmark it) will probably never find it. The only solution is to post updates as brand new threads, which makes it hard to follow for newcomers and fractures the discussion. If I want to post updates frequently I end up spamming people's feeds and crowding out other stuff. On Reddit they even lock posts after six months, further aggravating the issue. I've experienced this firsthand, posting similar topics on a traditional phpBB forum and Lemmy. The phpBB thread hasn't left the front page of the subforum in the 2 years it's been there, with plenty of discussion by other users. Meanwhile, the Lemmy thread plummeted to irrelevance after a few days and I had to post new content as new threads, clogging the feed.
The multithreaded nature of comments on redditlike platforms also means you can't reply to more than one person at a time, you have to make multiple replies under each comment you want to reply to. This is in contrast to traditional forums where you can quote multiple users. Now this is potentially where redditlikes have an advantage. Even though you can't reply to multiple posts at once, multithreading replies makes the post as a whole easier to search by hand. Each top level reply can be it's own little mini post, and replies to that reply are sorted directly under it. While this makes the overall timeline of posts hard to follow, it makes it easier to find specific information because off-topic ramblings are clearly marked as long comment chains. When I bring up how I miss traditional forums, this is what people seem to bring up most often, that long threads that go on for years are hard to follow because they're discussing a completely different thing on page 33 vs page 1.
As for the voting system, I think it can have a place when searching for solutions to a problem or looking for advice, especially when you're not familiar with the subject and don't know what's good advice and what's nonsense (RIP YouTube dislike button). But outside of this narrow context I think voting systems are harmful to the community. They encourage echo chambers and reduce engagement to making a number go up or down. On a traditional forum if I want to express my opinion I have to post a comment. With a voting system it's just a number. They also feed social media addiction because monkey brain like number go up, and you can see this firsthand with karma farming on Reddit.
Such a seemingly little thing as the default sorting behavior of topics drastically changes the community's culture. On Lemmy at least, you can replicate the traditional forum experience by sorting topics by "latest comment" and even mimic the flat single-threaded comment structure in individual posts by using the "chat" option and sorting by old, but nobody does that, so the culture develops around the default.
I like tech but Ai is really spooky.
Having said that, Ai is making a mess of web traffic among all the other things.
How are people handling the massive surges in users that are apparently Ai crawler bots and whatever else, acting like DDoS attacks without being intentionally malicious (assumption), the whole thing is a real headache.
There are many facets to this topic, one also being the proliferation of Ai into everything, and Serach being an obvious one, where the top result is now an AI readout, that is and will kill clicks down the SERP page and changes user behaviours, causing revenue loss already I am sure.
Removing the need to think. Making knowledge access even more frictionless to the point that broad scale cognitive atrophy occurs or is the need result, potentially further concentrating knowledge into smaller more powerful control groups (due to the current horsepower required). It's eating our energy supply too. Essentially we are at the BORG stage of the game.
As all should be rather familiar with now, it goes well beyond web traffic, but web traffic is the entry point here because this is where NodeBB's bread and butter is.
I flagged this in multiple places, years back at this point, with multiple warnings, adoption was done in haste, reaction was negative (as usual) and there was no due regard to Pandora's tsunami peopel thought they coudl surf, but the adoption of the Ai into anything and everything is what has allowed the Ai bot swarms to proliferate. it's a vicious cycle and maybe worse.
I could see and rationalise years ago that Ai itself is a parasitic technology and works in net deficit, it functions at a permanent net-negative (I understand many tech do not see it like this, feel free to posit your rebuttle). Why this is not glaringly obvious, is another point, but a fundamental one at that. There are other fundamental points. This is one that get's less airtime afaict.
Well have at it if you think you can add value to help the whole, server tips, what do you do to mitigate the loads, protect you content form the LLM plunder bots, etc. etc. - try stay on point in web traffic terms, as hard as it it due to the vastness of the consequences and implications before us, and Merry Christmas too while I'm here too!
Hello @Everyone,
I am using AWS Cognito for authentication instead of the native NodeBB login flow.
Here is my current setup:
User registers and verifies their email in Cognito
After verification, I create the user in NodeBB programmatically
I then use Master Token + _uid to call NodeBB APIs
Creating topics works correctly
Uploading topic thumbnails also works
However, when I try to upload attachments using the following endpoint:
POST /api/post/upload
I always receive a 403 Forbidden error, even though:
I pass the Master Token
I pass x-nodebb-uid
The same credentials work for other APIs
My questions:
Is /api/post/upload intentionally restricted to logged-in users with a valid NodeBB session + CSRF token, even when using a Master Token?
Is it supported to upload post attachments using only Master Token + UID, without NodeBB login cookies?
If this is not supported, what is the recommended approach?
Upload files outside NodeBB (S3 / CDN) and store URLs in the post content?
Use another NodeBB API for attachments?
A plugin-based or presigned upload flow?
My goal is to avoid the NodeBB login flow entirely and rely only on Cognito for authentication.
Any guidance on the correct or recommended approach would be greatly appreciated.
Thank you.
Hey nodebb community,
I have a question, to which probably not a straight forward answer does exist, but I am still a bit puzzled by the lack of documentation resources and builtin features of NodeBB.
Question: Are there any best practices or resources on wrapping a NodeBB service within site a service instead of serving both as disjunct services in the proxy server serving the whole site (e.g., nginx)?
Context
We run a small developer community using NodeBB. I already implemented a while ago that NodeBB visually integrates into our site as in that the forum not only displays its own navbar but also the navbar of our site. But that is all a cheap hack; I just forked the Persona theme and inject there our nav menu in the relevant tpl files. This comes with extra maintenance costs to keep menu data aligned (and I also have to integrate whatever the NodeBB team is doing with that theme). And more importantly it also requires two routings (one for the site, one for the forum) in the web/proxy server, which then also complicates caching.
To do this in a way I would consider "properly", you would serve nodebb within the site service and not in the proxy server. The idea is simple, just add a /forum routing to your site service and there forward HTML data from the nodebb service after wrapping it in your site skeleton. In practice this is however not simple due to the fact that nodebb itself is a rather complex service. The last time I tried this, I ran into serious troubles with the nodebb session cookie and correctly displaying notifications and user profile information in the nodebb navbar (and maybe more, I did not went very far with this).
I just had a look at the 'exemplary' forums listed on the main page and they either are disjunct sites or they seem to use that hack I came up with too. The only exception seems to be the Vivaldi Forum, they seem to have truly integrated NodeBB into their site (the HTML at least implies that). Given that example, it seems to possible in principle to just forward requests/routings made to your main site service and then return mangled HTML data returned by NodeBB.
Does anyone have any tips or stories to share? I find it also a bit puzzling that the NodeBB team does not emphasize this subject more: Integrate nodebb into a commercial website. At least I have found no resources, when I have overlooked obvious ones: 'Mea culpa' in advance
Cheers,
zipit
To minimize load on our servers, I would like to set Cloudflare to cache as much of the content as possible.
I'm assuming that any image files or anything with a css/js/json file extension is safe to cache.
Obviously we can't cache html content for logged-in users, since there is user-specific data included in the headers.
As far as I can tell, it should be safe to cache html content for guests as long as the TTL is short (guests cannot post on our site, if that's relevant). However, it's not clear how we can implement that. The express.sid cookie is set for guests, so we can't just cache when that cookie is absent. It should be possible to set a custom cookie on login and clear that cookie on logout, but I can't find anywhere to set that cookie. I'm using a fork of https://github.com/julianlam/nodebb-plugin-sso-oauth, and the only place I can find a res object is https://github.com/julianlam/nodebb-plugin-sso-oauth/blob/master/library.js#L124, but setting the cookie fails because res.cookie is undefined.
Is there any way I can set a custom cookie on login, or ensure that NodeBB does not set an express.sid cookie for guests?
Copyright © 2025 NodeBB | Contributors
