Commit | Line | Data |
---|---|---|
9fb5f2d3 | 1 | env: |
9fb5f2d3 | 2 | # You can have redis on a different box |
9fb5f2d3 SS |
3 | RAILS_ENV: 'production' |
4 | UNICORN_WORKERS: 3 | |
42b06eef | 5 | UNICORN_SIDEKIQS: 1 |
5819e899 S |
6 | # this gives us very good cache coverage, 96 -> 99 |
7 | # in practice it is 1-2% perf improvement | |
54e43936 | 8 | RUBY_GLOBAL_METHOD_CACHE_SIZE: 131072 |
9fb5f2d3 | 9 | |
9be8f5b9 | 10 | DISCOURSE_DB_SOCKET: /var/run/postgresql |
c148f4c9 SS |
11 | DISCOURSE_DB_HOST: |
12 | DISCOURSE_DB_PORT: | |
38000fc6 SS |
13 | |
14 | ||
9fb5f2d3 SS |
15 | params: |
16 | # SSH key is required for remote access into the container | |
b56a2bd7 | 17 | version: tests-passed |
9fb5f2d3 SS |
18 | |
19 | home: /var/www/discourse | |
44c59d37 | 20 | upload_size: 10m |
9fb5f2d3 | 21 | |
9fb5f2d3 | 22 | run: |
d321b1b8 | 23 | # see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 |
d47aa69b S |
24 | - replace: |
25 | filename: /usr/local/etc/ImageMagick-6/policy.xml | |
26 | from: "<policymap>" | |
27 | to: | | |
28 | <policymap> | |
29 | <policy domain="coder" rights="none" pattern="EPHEMERAL" /> | |
ada30c34 | 30 | <policy domain="coder" rights="none" pattern="URL" /> |
d47aa69b S |
31 | <policy domain="coder" rights="none" pattern="HTTPS" /> |
32 | <policy domain="coder" rights="none" pattern="MVG" /> | |
33 | <policy domain="coder" rights="none" pattern="MSL" /> | |
ada30c34 MT |
34 | <policy domain="coder" rights="none" pattern="TEXT" /> |
35 | <policy domain="coder" rights="none" pattern="SHOW" /> | |
36 | <policy domain="coder" rights="none" pattern="WIN" /> | |
37 | <policy domain="coder" rights="none" pattern="PLT" /> | |
d47aa69b | 38 | |
b7f9f4c7 | 39 | - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end' |
28aa70d0 | 40 | - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end' |
cc81fc95 | 41 | - exec: chown -R discourse /home/discourse |
87f8d0b3 | 42 | - file: |
089518ef | 43 | path: /etc/runit/1.d/copy-env |
87f8d0b3 SS |
44 | chmod: "+x" |
45 | contents: | | |
46 | #!/bin/bash | |
c4498636 | 47 | env > ~/boot_env |
87f8d0b3 | 48 | conf=/var/www/discourse/config/discourse.conf |
87f8d0b3 | 49 | |
1cb802ad | 50 | # find DISCOURSE_ env vars, strip the leader, lowercase the key |
797864e6 | 51 | /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf |
1cb802ad | 52 | |
f132a635 S |
53 | - file: |
54 | path: /etc/runit/1.d/enable-brotli | |
55 | chmod: "+x" | |
56 | contents: | | |
57 | #!/bin/bash | |
58 | [ ! -z "$COMPRESS_BROTLI" ] && sed -i "s/. brotli/ brotli/" /etc/nginx/conf.d/discourse.conf || sed -i "s/. brotli/# brotli/" /etc/nginx/conf.d/discourse.conf | |
59 | ||
b3d252a0 | 60 | - file: |
4316c5e5 S |
61 | path: /etc/runit/1.d/ensure-web-nginx-read |
62 | chmod: "+x" | |
63 | contents: | | |
b3d252a0 | 64 | #!/bin/bash |
2191df8b | 65 | mkdir -p /var/log/nginx |
b3d252a0 S |
66 | chgrp -R www-data /var/log/nginx |
67 | chgrp www-data /var/log/nginx | |
4316c5e5 | 68 | |
9fb5f2d3 SS |
69 | - file: |
70 | path: /etc/service/unicorn/run | |
71 | chmod: "+x" | |
72 | contents: | | |
73 | #!/bin/bash | |
74 | exec 2>&1 | |
9fb5f2d3 SS |
75 | # redis |
76 | # postgres | |
77 | cd $home | |
6d00b2fa | 78 | chown -R discourse:www-data /shared/log/rails |
56e5e6c2 | 79 | LD_PRELOAD=/usr/lib/libjemalloc.so.1 HOME=/home/discourse USER=discourse exec chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb |
9fb5f2d3 | 80 | |
9fb5f2d3 SS |
81 | - file: |
82 | path: /etc/service/nginx/run | |
83 | chmod: "+x" | |
84 | contents: | | |
85 | #!/bin/sh | |
86 | exec 2>&1 | |
87 | exec /usr/sbin/nginx | |
88 | ||
074f2b6a S |
89 | - file: |
90 | path: /etc/runit/3.d/01-nginx | |
91 | chmod: "+x" | |
92 | contents: | | |
93 | #!/bin/bash | |
94 | sv stop nginx | |
95 | ||
96 | - file: | |
97 | path: /etc/runit/3.d/02-unicorn | |
98 | chmod: "+x" | |
99 | contents: | | |
100 | #!/bin/bash | |
101 | sv stop unicorn | |
102 | ||
9fb5f2d3 SS |
103 | - exec: |
104 | cd: $home | |
105 | hook: code | |
106 | cmd: | |
107 | - git reset --hard | |
108 | - git clean -f | |
36c6b609 | 109 | - git remote set-branches --add origin master |
d9c1b419 S |
110 | - git pull |
111 | - git fetch origin $version | |
9fb5f2d3 | 112 | - git checkout $version |
9fb5f2d3 SS |
113 | - mkdir -p tmp/pids |
114 | - mkdir -p tmp/sockets | |
b150cad1 | 115 | - touch tmp/.gitkeep |
e56a65f6 | 116 | - mkdir -p /shared/log/rails |
b6227eb0 | 117 | - bash -c "touch -a /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log" |
e56a65f6 MB |
118 | - bash -c "ln -s /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log" |
119 | - bash -c "mkdir -p /shared/{uploads,backups}" | |
120 | - bash -c "ln -s /shared/{uploads,backups} $home/public" | |
121 | - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups | |
c4498636 | 122 | |
9fb5f2d3 SS |
123 | - exec: |
124 | cmd: | |
125 | - "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf" | |
126 | - "rm /etc/nginx/sites-enabled/default" | |
69c891fd | 127 | - "mkdir -p /var/nginx/cache" |
9fb5f2d3 SS |
128 | |
129 | - replace: | |
130 | filename: /etc/nginx/nginx.conf | |
131 | from: pid /run/nginx.pid; | |
132 | to: daemon off; | |
133 | ||
134 | - replace: | |
135 | filename: "/etc/nginx/conf.d/discourse.conf" | |
136 | from: /upstream[^\}]+\}/m | |
137 | to: "upstream discourse { | |
138 | server 127.0.0.1:3000; | |
139 | }" | |
140 | ||
141 | - replace: | |
142 | filename: "/etc/nginx/conf.d/discourse.conf" | |
143 | from: /server_name.+$/ | |
144 | to: server_name _ ; | |
145 | ||
6e23c775 | 146 | - replace: |
147 | filename: "/etc/nginx/conf.d/discourse.conf" | |
148 | from: /client_max_body_size.+$/ | |
149 | to: client_max_body_size $upload_size ; | |
150 | ||
9e8e16a8 SS |
151 | - exec: |
152 | cmd: echo "done configuring web" | |
153 | hook: web_config | |
154 | ||
9fb5f2d3 SS |
155 | - exec: |
156 | cd: $home | |
62418f96 | 157 | hook: web |
9fb5f2d3 | 158 | cmd: |
e64b0a0b S |
159 | # ensure we are on latest bundler |
160 | - gem update bundler | |
9fb5f2d3 | 161 | - chown -R discourse $home |
70710fa0 EG |
162 | |
163 | - exec: | |
164 | cd: $home | |
165 | hook: bundle_exec | |
166 | cmd: | |
e56a65f6 MB |
167 | - su discourse -c 'bundle install --deployment --verbose --without test --without development' |
168 | - su discourse -c 'bundle exec rake db:migrate' | |
169 | - su discourse -c 'bundle exec rake assets:precompile' | |
9fb5f2d3 | 170 | |
553a4fc9 S |
171 | - file: |
172 | path: /usr/local/bin/discourse | |
173 | chmod: +x | |
174 | contents: | | |
175 | #!/bin/bash | |
8a02b91e | 176 | (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@") |
553a4fc9 S |
177 | |
178 | - file: | |
179 | path: /usr/local/bin/rails | |
180 | chmod: +x | |
181 | contents: | | |
182 | #!/bin/bash | |
cbfcacda | 183 | # If they requested a console, load pry instead |
d16335a6 | 184 | if [ "$*" == "c" -o "$*" == "console" ] |
cbfcacda | 185 | then |
8a02b91e | 186 | (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment) |
cbfcacda | 187 | else |
8a02b91e | 188 | (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@") |
cbfcacda | 189 | fi |
553a4fc9 S |
190 | |
191 | - file: | |
192 | path: /usr/local/bin/rake | |
193 | chmod: +x | |
194 | contents: | | |
195 | #!/bin/bash | |
8a02b91e | 196 | (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@") |
553a4fc9 S |
197 | |
198 | - file: | |
199 | path: /etc/update-motd.d/10-web | |
200 | chmod: +x | |
201 | contents: | | |
202 | #!/bin/bash | |
203 | echo | |
204 | echo Use: rails, rake or discourse to execute commands in production | |
205 | echo | |
206 | ||
be82e068 S |
207 | - file: |
208 | path: /etc/logrotate.d/rails | |
209 | contents: | | |
210 | /shared/log/rails/*.log | |
211 | { | |
212 | rotate 14 | |
213 | dateext | |
214 | daily | |
215 | missingok | |
216 | notifempty | |
217 | delaycompress | |
218 | compress | |
219 | postrotate | |
220 | sv 1 unicorn | |
221 | endscript | |
222 | } | |
55737024 | 223 | |
5d256035 S |
224 | - file: |
225 | path: /etc/logrotate.d/nginx | |
226 | contents: | | |
227 | /var/log/nginx/*.log { | |
228 | daily | |
229 | missingok | |
230 | rotate 14 | |
231 | compress | |
232 | delaycompress | |
233 | notifempty | |
b3d252a0 | 234 | create 0640 www-data www-data |
5d256035 S |
235 | sharedscripts |
236 | postrotate | |
237 | sv 1 nginx | |
238 | endscript | |
239 | } | |
55737024 | 240 | |
25a7de18 S |
241 | # move state out of the container this fancy is done to support rapid rebuilds of containers, |
242 | # we store anacron and logrotate state outside the container to ensure its maintained across builds | |
243 | # later move this snipped into an intialization script | |
be55cb66 S |
244 | # we also ensure all the symlinks we need to /shared are in place in the correct structure |
245 | # this allows us to bootstrap on one machine and then run on another | |
246 | - file: | |
247 | path: /etc/runit/1.d/00-ensure-links | |
248 | chmod: +x | |
249 | contents: | | |
250 | #!/bin/bash | |
251 | if [[ ! -L /var/lib/logrotate ]]; then | |
252 | rm -fr /var/lib/logrotate | |
253 | mkdir -p /shared/state/logrotate | |
254 | ln -s /shared/state/logrotate /var/lib/logrotate | |
255 | fi | |
256 | if [[ ! -L /var/spool/anacron ]]; then | |
257 | rm -fr /var/spool/anacron | |
258 | mkdir -p /shared/state/anacron-spool | |
259 | ln -s /shared/state/anacron-spool /var/spool/anacron | |
260 | fi | |
261 | if [[ ! -d /shared/log/rails ]]; then | |
262 | mkdir -p /shared/log/rails | |
263 | chown -R discourse:www-data /shared/log/rails | |
264 | fi | |
265 | if [[ ! -d /shared/uploads ]]; then | |
266 | mkdir -p /shared/uploads | |
267 | chown -R discourse:www-data /shared/uploads | |
268 | fi | |
269 | if [[ ! -d /shared/backups ]]; then | |
270 | mkdir -p /shared/backups | |
271 | chown -R discourse:www-data /shared/backups | |
272 | fi | |
0c456e8c EG |
273 | |
274 | # change login directory to Discourse home | |
275 | - file: | |
276 | path: /root/.bash_profile | |
277 | chmod: 644 | |
278 | contents: | | |
279 | cd $home |