projects / discourse_docker.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
more permission fixes for anacron, keep in base image as well
[discourse_docker.git] / templates / web.template.yml
CommitLineData
9fb5f2d3 1env:
9fb5f2d3 2 # You can have redis on a different box
9fb5f2d3
SS		 3 RAILS_ENV: 'production'
4 UNICORN_WORKERS: 3
42b06eef 5 UNICORN_SIDEKIQS: 1
5819e899
S		 6 # this gives us very good cache coverage, 96 -> 99
7 # in practice it is 1-2% perf improvement
54e43936 8 RUBY_GLOBAL_METHOD_CACHE_SIZE: 131072
9fb5f2d3 9
9be8f5b9 10 DISCOURSE_DB_SOCKET: /var/run/postgresql
c148f4c9
SS		 11 DISCOURSE_DB_HOST:
12 DISCOURSE_DB_PORT:
38000fc6
SS		 13
14
9fb5f2d3
SS		 15params:
16 # SSH key is required for remote access into the container
b56a2bd7 17 version: tests-passed
9fb5f2d3
SS		 18
19 home: /var/www/discourse
44c59d37 20 upload_size: 10m
9fb5f2d3 21
9fb5f2d3 22run:
d321b1b8 23 # see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
d47aa69b
S		 24 - replace:
25 filename: /usr/local/etc/ImageMagick-6/policy.xml
26 from: "<policymap>"
27 to: |
28 <policymap>
29 <policy domain="coder" rights="none" pattern="EPHEMERAL" />
ada30c34 30 <policy domain="coder" rights="none" pattern="URL" />
d47aa69b
S		 31 <policy domain="coder" rights="none" pattern="HTTPS" />
32 <policy domain="coder" rights="none" pattern="MVG" />
33 <policy domain="coder" rights="none" pattern="MSL" />
ada30c34
MT		 34 <policy domain="coder" rights="none" pattern="TEXT" />
35 <policy domain="coder" rights="none" pattern="SHOW" />
36 <policy domain="coder" rights="none" pattern="WIN" />
37 <policy domain="coder" rights="none" pattern="PLT" />
d47aa69b 38
b7f9f4c7 39 - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
28aa70d0 40 - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end'
cc81fc95 41 - exec: chown -R discourse /home/discourse
573617ea
S		 42 # TODO: move to base image (anacron can not be fired up using rc.d)
43 - exec: rm -f /etc/cron.d/anacron
44 - file:
45 path: /etc/cron.d/anacron
46 contents: |
47 SHELL=/bin/sh
48 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
49
50 30 7 * * * root /usr/sbin/anacron -s >/dev/null
87f8d0b3 51 - file:
089518ef 52 path: /etc/runit/1.d/copy-env
87f8d0b3
SS		 53 chmod: "+x"
54 contents: |
55 #!/bin/bash
c4498636 56 env > ~/boot_env
87f8d0b3 57 conf=/var/www/discourse/config/discourse.conf
87f8d0b3 58
1cb802ad 59 # find DISCOURSE_ env vars, strip the leader, lowercase the key
797864e6 60 /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf
11fe3546 61 - file:
8e4e9b34 62 path: /etc/runit/1.d/00-fix-log-permissions
11fe3546
S		 63 chmod: "+x"
64 contents: |
65 #!/bin/bash
8e4e9b34
S		 66 mkdir -p /var/log/nginx
67 chown -R www-data:www-data /var/log/nginx
68 chown www-data:www-data /var/log/nginx
0cc8a822
S		 69 chown -f syslog:adm /var/log/syslog*
70 chown -f syslog:adm /var/log/auth.log*
11fe3546 71 chown -f syslog:adm /var/log/kern.log*
1cb802ad 72
f132a635
S		 73 - file:
74 path: /etc/runit/1.d/enable-brotli
75 chmod: "+x"
76 contents: |
77 #!/bin/bash
78 [ ! -z "$COMPRESS_BROTLI" ] && sed -i "s/. brotli/ brotli/" /etc/nginx/conf.d/discourse.conf || sed -i "s/. brotli/# brotli/" /etc/nginx/conf.d/discourse.conf
79
9fb5f2d3
SS		 80 - file:
81 path: /etc/service/unicorn/run
82 chmod: "+x"
83 contents: |
84 #!/bin/bash
85 exec 2>&1
9fb5f2d3
SS		 86 # redis
87 # postgres
88 cd $home
6d00b2fa 89 chown -R discourse:www-data /shared/log/rails
56e5e6c2 90 LD_PRELOAD=/usr/lib/libjemalloc.so.1 HOME=/home/discourse USER=discourse exec chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb
9fb5f2d3 91
9fb5f2d3
SS		 92 - file:
93 path: /etc/service/nginx/run
94 chmod: "+x"
95 contents: |
96 #!/bin/sh
97 exec 2>&1
98 exec /usr/sbin/nginx
99
074f2b6a
S		 100 - file:
101 path: /etc/runit/3.d/01-nginx
102 chmod: "+x"
103 contents: |
104 #!/bin/bash
105 sv stop nginx
106
107 - file:
108 path: /etc/runit/3.d/02-unicorn
109 chmod: "+x"
110 contents: |
111 #!/bin/bash
112 sv stop unicorn
113
9fb5f2d3
SS		 114 - exec:
115 cd: $home
116 hook: code
117 cmd:
118 - git reset --hard
119 - git clean -f
36c6b609 120 - git remote set-branches --add origin master
d9c1b419
S		 121 - git pull
122 - git fetch origin $version
9fb5f2d3 123 - git checkout $version
9fb5f2d3
SS		 124 - mkdir -p tmp/pids
125 - mkdir -p tmp/sockets
b150cad1 126 - touch tmp/.gitkeep
e56a65f6 127 - mkdir -p /shared/log/rails
b6227eb0 128 - bash -c "touch -a /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log"
e56a65f6
MB		 129 - bash -c "ln -s /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log"
130 - bash -c "mkdir -p /shared/{uploads,backups}"
131 - bash -c "ln -s /shared/{uploads,backups} $home/public"
132 - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups
c4498636 133
9fb5f2d3
SS		 134 - exec:
135 cmd:
136 - "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf"
137 - "rm /etc/nginx/sites-enabled/default"
69c891fd 138 - "mkdir -p /var/nginx/cache"
9fb5f2d3
SS		 139
140 - replace:
141 filename: /etc/nginx/nginx.conf
142 from: pid /run/nginx.pid;
143 to: daemon off;
144
145 - replace:
146 filename: "/etc/nginx/conf.d/discourse.conf"
147 from: /upstream[^\}]+\}/m
148 to: "upstream discourse {
149 server 127.0.0.1:3000;
150 }"
151
152 - replace:
153 filename: "/etc/nginx/conf.d/discourse.conf"
154 from: /server_name.+$/
155 to: server_name _ ;
156
6e23c775 157 - replace:
158 filename: "/etc/nginx/conf.d/discourse.conf"
159 from: /client_max_body_size.+$/
160 to: client_max_body_size $upload_size ;
161
9e8e16a8
SS		 162 - exec:
163 cmd: echo "done configuring web"
164 hook: web_config
165
9fb5f2d3
SS		 166 - exec:
167 cd: $home
62418f96 168 hook: web
9fb5f2d3 169 cmd:
e64b0a0b
S		 170 # ensure we are on latest bundler
171 - gem update bundler
9fb5f2d3 172 - chown -R discourse $home
70710fa0
EG		 173
174 - exec:
175 cd: $home
176 hook: bundle_exec
177 cmd:
e56a65f6
MB		 178 - su discourse -c 'bundle install --deployment --verbose --without test --without development'
179 - su discourse -c 'bundle exec rake db:migrate'
180 - su discourse -c 'bundle exec rake assets:precompile'
9fb5f2d3 181
553a4fc9
S		 182 - file:
183 path: /usr/local/bin/discourse
184 chmod: +x
185 contents: |
186 #!/bin/bash
8a02b91e 187 (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@")
553a4fc9
S		 188
189 - file:
190 path: /usr/local/bin/rails
191 chmod: +x
192 contents: |
193 #!/bin/bash
cbfcacda 194 # If they requested a console, load pry instead
d16335a6 195 if [ "$*" == "c" -o "$*" == "console" ]
cbfcacda 196 then
8a02b91e 197 (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment)
cbfcacda 198 else
8a02b91e 199 (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@")
cbfcacda 200 fi
553a4fc9
S		 201
202 - file:
203 path: /usr/local/bin/rake
204 chmod: +x
205 contents: |
206 #!/bin/bash
8a02b91e 207 (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@")
553a4fc9
S		 208
209 - file:
210 path: /etc/update-motd.d/10-web
211 chmod: +x
212 contents: |
213 #!/bin/bash
214 echo
215 echo Use: rails, rake or discourse to execute commands in production
216 echo
217
be82e068
S		 218 - file:
219 path: /etc/logrotate.d/rails
220 contents: |
221 /shared/log/rails/*.log
222 {
223 rotate 14
224 dateext
225 daily
226 missingok
227 notifempty
228 delaycompress
229 compress
230 postrotate
231 sv 1 unicorn
232 endscript
233 }
55737024 234
5d256035
S		 235 - file:
236 path: /etc/logrotate.d/nginx
237 contents: |
238 /var/log/nginx/*.log {
239 daily
240 missingok
241 rotate 14
242 compress
243 delaycompress
244 notifempty
b3d252a0 245 create 0640 www-data www-data
5d256035
S		 246 sharedscripts
247 postrotate
248 sv 1 nginx
249 endscript
250 }
55737024 251
25a7de18
S		 252 # move state out of the container this fancy is done to support rapid rebuilds of containers,
253 # we store anacron and logrotate state outside the container to ensure its maintained across builds
254 # later move this snipped into an intialization script
be55cb66
S		 255 # we also ensure all the symlinks we need to /shared are in place in the correct structure
256 # this allows us to bootstrap on one machine and then run on another
257 - file:
258 path: /etc/runit/1.d/00-ensure-links
259 chmod: +x
260 contents: |
261 #!/bin/bash
262 if [[ ! -L /var/lib/logrotate ]]; then
263 rm -fr /var/lib/logrotate
264 mkdir -p /shared/state/logrotate
265 ln -s /shared/state/logrotate /var/lib/logrotate
266 fi
267 if [[ ! -L /var/spool/anacron ]]; then
268 rm -fr /var/spool/anacron
269 mkdir -p /shared/state/anacron-spool
270 ln -s /shared/state/anacron-spool /var/spool/anacron
271 fi
272 if [[ ! -d /shared/log/rails ]]; then
273 mkdir -p /shared/log/rails
274 chown -R discourse:www-data /shared/log/rails
275 fi
276 if [[ ! -d /shared/uploads ]]; then
277 mkdir -p /shared/uploads
278 chown -R discourse:www-data /shared/uploads
279 fi
280 if [[ ! -d /shared/backups ]]; then
281 mkdir -p /shared/backups
282 chown -R discourse:www-data /shared/backups
283 fi
0c456e8c
EG		 284
285 # change login directory to Discourse home
286 - file:
287 path: /root/.bash_profile
288 chmod: 644
289 contents: |
290 cd $home