NodeBB has a bug bounty program to supplement our efforts to identify vulnerabilities in our software, and to reward those who submit them to us for fixing.

Please visit our bug bounty page for more information.

The General Data Protection Regulation (GDPR) is a European Union law intended to promote the protection of privacy and personal information. It’s main goal to give users more control over their personal data.

NodeBB was the world's first GDPR compliant forum software. Please visit the NodeBB GDPR page to review our Data Protection Addendum (DPA) and our list of subprocessors.

NodeBB currently has integrations for:

• Slack
• Wordpress
• Google Adsense
• Mailchimp
• Pushbullet
• Ghost
• Twilio
• Amazon S3

Other integrations can be built, if you are interested please contact us for more information.

Enabling Facebook SSO requires that you have a Facebook account of your own. You will also need to restart your NodeBB instance a couple of times during the process. This will shut down your forum to users for a short period each time, so if you run a busy forum you may wish to do this during off-peak hours.

Install and activate plugin

1. Open the administrative dashboard using the 'gear' icon on your forum.
2. Open the Extend > Plugins menu.
3. Select the Find Plugins tab.
4. Use the plugin search on the right side to search for Facebook.
5. From Installed tab on the Plugins menu, search again for Facebook and select Activate.
6. Activating the plugin will require a restart of your forum. To restart, select the Dashboard menu and press the Restart button to the right. After NodeBB restarts, the Facebook SSO plugin will be active.
7. Refresh your browser to reveal the Social Authentication menu -- select this menu, and then select Facebook.

Enable Facebook sign-on

1. Go to the Facebook Developers page, which is linked from this menu.
2. Create a Facebook app shell. Select Create a new app, and enter the required information. 
3. Select Dashboard on the left of the page and locate your App ID and Secret code. 

Returning to NodeBB, copy and paste the Application ID and Secret code into the appropriate places on the Facebook menu page. You can also allow users who sign on with Facebook to skip the standard email verification step since Facebook usually does a good job of verifying these emails, but this is up to you. Be sure to save these settings. Once you are done, you will need to restart the forum one more time.

Once your forum restarts, new users will be able to join your forum using their Facebook ID. This option will be added to the user registration page automatically.

 Facebook SSO for NodeBB

Enabling Google SSO requires that you have a Google account of your own. You will also need to restart your forum a couple of times to activate Google SSO for your users. 

Install and activate plugin

1. Open the administrative dashboard.
2. Plugins > Install Plugins menu.
3. Select the Find Plugins tab, and search for Google. There are number of different Google-related plugins, so scroll down the list until you see the SSO plugin -- select Install when you see it.
4. From Installed tab on the Plugins menu, search again and select Activate.
5. Activating the plugin will require a restart of your forum. Select the Dashboard menu and press the Restart button to the right. After NodeBB restarts, the Google SSO plugin will be active.
6. Refresh your browser to reveal the Social Authentication menu -- select this menu, and then select Google.

Enable Google SSO

Authenticate your forum in the Google API console, which is linked from this page. Before opening the Google console, select and copy the text /auth/google/callback without the single quotes. You'll need this info later to link Google SSO with your forum.

1. Follow the Google SSO link.
2. Accept the terms of use.
3. Look for the Google+ API link, which you should find under the Social APIs menu. Click on this link, and then click Enable to the right of the title.
4. Click on "Go to Credentials."  
5. For where the API is being called from select "Web Server" and for the type of data select "User Data."  
6. Now click "What credentials do I need?"
7. Under "Authorized Javascript Origins" enter your forum address.  
8. Under "Authorized redirect URIs", enter the address again but this time paste the path you copied earlier to the end.
9. Click "Create Client ID."

Confirmation email address

You'll be asked to provide a confirmation email address and a product name. This information will be shown to users who register for your forum, so make sure the name given is descriptive of your site. On the last set up page, just click Done.

Your Client ID will now be set up. You'll need both Client ID number and Secret code to activate SSO. To get these, click on the name of your ID. The easiest thing to do is to copy and paste both these codes into a blank notepad window. Once you have done this, you can exit the Google API page.

Returning to NodeBB, copy and paste the Client ID and Secret code into the appropriate places on the Google menu page. You can also allow users who sign on with Google to skip the standard email verification step since Google usually does a good job of verifying these emails, but this is up to you. Be sure to save these settings. Once you are done, you will need to restart the forum one more time. 

Once your forum restarts, new users will be able to join your forum using their Google ID. This option will be added to the user registration page automatically.

 Enabling Google SSO for your NodeBB forum

NodeBB does allow uploaded images to be displayed, but it is not optimized for large images or a high volume of images. If your forum lends itself to a lot of image sharing by members, you will want to activate an image handling plugin. One popular example uses the image sharing site Imgur.

1. Open the administrative dashboard using the 'gear' icon on your forum.
2. Open the Extend > Plugins menu, and select the Find Plugins tab. The quickest way to find the plugin is to use the search on the right. Type 'Imgur' and the plugin should appear -- select Install when you see it.
3. From the Installed tab on the Plugins menu, search for 'Imgur' again, and select Activate.
4. Activating the plugin will require a restart of your forum. To restart, select the Dashboard menu and press the Restart button to the right. After NodeBB restarts, the Imgur plugin will be active.

Now you'll need to register your forum with Imgur. If you don't already have an Imgur account of your own you'll need to create one first.

1. Once this is done, go to the Plugin > Imgur menu in NodeBB. Here you will find set-up instructions.
2. Select and copy the callback URL example.
3. Then click on the link that leads to the Imgur application registration page.
4. Enter a name for your forum, and then paste in the callback URL example.
5. Now, select the portion of this that reads "yourforum.com" and replace it with the actual address for your forum.
6. Fill out the remaining fields and submit the form.
7. Imgur makes use of two different keys: a Client ID key and a secret ID. Copy and paste each of these keys into the appropriate field in NodeBB.
8. Hit the "Save" button at the bottom of the screen, then "Authorize." You will be re-directed back to Imgur where you will be asked to allow the forum to access your account.
9. Select "allow." You will then be redirected back to your forum.

Once these steps are completed, any images uploaded to your forum will automatically be stored in your Imgur account.

 Setting up Imgur image upload service for NodeBB

One of the first important things to do after setting up NodeBB is to set up an emailer plugin. While NodeBB does include a local emailer, if your forum is particularly active we recommend using an third-party emailer such as SendGrid which provides better deliverability for sites that send a high volume of email. Setting up SendGrid in NodeBB is very easy.

1. Open the administrative dashboard using the 'gear' icon on your forum.
2. Open the Extend > Plugins menu, and select the Find Plugins tab.
3. Use the search on the right. Type 'SendGrid' and the plugin should appear -- select Install when you see it.
4. From Installed tab on the Plugins menu, search again for 'SendGrid' and select Activate.
5. Activating the plugin will require a restart of your forum. To restart, select the Dashboard menu and press the Restart button to the right. After NodeBB restarts, the SendGrid plugin will be active.

After you restart, there should be a item called Emailer (SendGrid) under the Plugins menu -- if you don't see this right away, try refreshing your browser.

Sign up to SendGrid

1. Go to the SendGrid website, open the pricing page and scroll to the bottom. Click on the link and create your free account.
2. Once you've confirmed your SendGrid account via email, you should be able to login to the SendGrid website. On the left side of your SendGrid dashboard, open Settings and click on API Keys.
3. Click the button in the top right to create a new key. Make sure that the key has Full Access for Send Mail and Alerts.  When you are done, the new key to your clipboard.

Now, return to the SendGrid menu on your NodeBB admin panel. Paste the API key into the field, and save your changes. Now go back to the Dashboard to restart your forum one more time.

SendGrid should now be working for your forum.

 Setting up SendGrid mailer for NodeBB

While NodeBB does provide anti-spamming features, spam posts will occationally slip by.

Logged-in admins can edit or delete offending messages right away by clicking the 'gear' icon on any message. You can also create moderator accounts that are separate from the main admin group. In addition, we have user moderation tools which allow admins to to select multiple users to delete/ban them or to remove their topics/posts. We also have IP Blacklisting which will ban all users originating from a range of IP addresses.

Spam is a problem for many forums. To combat it, NodeBB uses a number of different services in a single anti-spam plugin known as Spam-be-Gone.

1. Open the administrative dashboard using the 'gear' icon on your forum.
2. Open the Extend > Plugins menu, and select the Find Plugins tab.
3. Use the search on the right. Type 'Spam' and the plugin should appear -- select Install when you see it.
4. From Installed tab on the Plugins menu, search again for 'Spam' and select Activate.
5. Activating the plugin will require a restart of your forum. To restart, select the Dashboard menu and press the Restart button to the right. After NodeBB restarts, the Spam-Be-Gone plugin will be active.
6. Configure the plugin, go to the Plugins menu and select Spam-Be-Gone.  

Spam-Be-Gone makes use of three separate services to limit spam. Each of these requires a one-time set-up to activate.

Akismet

Akismet is a spam filtering service that is run by the blogging platform WordPress. If you are running a non-commercial website you can use it on a pay-what-you-can basis.

1. Follow the link from the NodeBB dashboard to the Akismet site.  If you do not already have a WordPress account you may be prompted to create one. Once you have set this up, you can activate your Akismet account.  
2. You will be provided with an API key – copy it, and return to the NodeBB dashboard.
3. Enable the Akismet service, and paste the API key into the appropriate field. If you are new to using Akismet, leave the other fields at their default values as these will work for most sites.

Project Honeypot

Project Honeypot is a second service used by NodeBB to help identify individuals and bots who are known to be responsible for high volumes of spam postings. You can create a free Project Honeypot account by following the link from the dashboard and providing your information. Once confirmed, you can get an API key by logging into the Project Honeypot dashboard, and clicking the "get one" text link on the left side of the screen. Copy the key, then return to NodeBB, activate the service, and paste the key.

reCAPTCHA 

The Google reCAPTCHA service can be used to provide an additional layer of spam prevention by setting up a challenge that filters humans from bots. Activating this service requires a Google account.  If you wish to use this service, follow the link from the NodeBB dashboard, and enter the URL information for your forum. reCAPTCHA makes use of two different keys: a public API key and a private, or secret, key. Copy and paste each of these keys into the appropriate field in NodeBB.

When you are done entering information for all the services, be sure to hit Save at the bottom of the Spam-be-Gone page. You will need to restart the forum one more time for these changes to take effect.

 Setting up spam protection for NodeBB

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.

By default, all NodeBB hosted forums come with SSL enabled. This means that if you are using the NAME.nodebb.org domain that we provide, all your traffic will automatically be encrypted for better security.

If you wish to use your own domain name, please follow the steps outlined in this article. Once complete, contact us at [email protected] to setup your free SSL certificate to ensure that your traffic remains secure.

SSL certificates are provided by Let's Encrypt, please visit them at https://letsencrypt.org