Commit | Line | Data |
---|---|---|
9fb5f2d3 | 1 | env: |
9fb5f2d3 | 2 | # You can have redis on a different box |
9fb5f2d3 SS |
3 | RAILS_ENV: 'production' |
4 | UNICORN_WORKERS: 3 | |
42b06eef | 5 | UNICORN_SIDEKIQS: 1 |
9fb5f2d3 SS |
6 | # slightly less aggressive than "recommendation" but works fine with oobgc |
7 | RUBY_GC_MALLOC_LIMIT: 40000000 | |
8 | # this ensures we have enough heap space to handle a big pile of small reqs | |
ddf77f73 | 9 | RUBY_GC_HEAP_INIT_SLOTS: 800000 |
9fb5f2d3 | 10 | |
9be8f5b9 | 11 | DISCOURSE_DB_SOCKET: /var/run/postgresql |
c148f4c9 SS |
12 | DISCOURSE_DB_HOST: |
13 | DISCOURSE_DB_PORT: | |
38000fc6 SS |
14 | |
15 | ||
9fb5f2d3 SS |
16 | params: |
17 | # SSH key is required for remote access into the container | |
b56a2bd7 | 18 | version: tests-passed |
9fb5f2d3 SS |
19 | |
20 | home: /var/www/discourse | |
44c59d37 | 21 | upload_size: 10m |
9fb5f2d3 | 22 | |
9fb5f2d3 | 23 | run: |
d321b1b8 | 24 | # see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 |
d47aa69b S |
25 | - replace: |
26 | filename: /usr/local/etc/ImageMagick-6/policy.xml | |
27 | from: "<policymap>" | |
28 | to: | | |
29 | <policymap> | |
30 | <policy domain="coder" rights="none" pattern="EPHEMERAL" /> | |
ada30c34 | 31 | <policy domain="coder" rights="none" pattern="URL" /> |
d47aa69b S |
32 | <policy domain="coder" rights="none" pattern="HTTPS" /> |
33 | <policy domain="coder" rights="none" pattern="MVG" /> | |
34 | <policy domain="coder" rights="none" pattern="MSL" /> | |
ada30c34 MT |
35 | <policy domain="coder" rights="none" pattern="TEXT" /> |
36 | <policy domain="coder" rights="none" pattern="SHOW" /> | |
37 | <policy domain="coder" rights="none" pattern="WIN" /> | |
38 | <policy domain="coder" rights="none" pattern="PLT" /> | |
d47aa69b | 39 | |
b7f9f4c7 | 40 | - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end' |
28aa70d0 | 41 | - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end' |
cc81fc95 | 42 | - exec: chown -R discourse /home/discourse |
87f8d0b3 | 43 | - file: |
089518ef | 44 | path: /etc/runit/1.d/copy-env |
87f8d0b3 SS |
45 | chmod: "+x" |
46 | contents: | | |
47 | #!/bin/bash | |
c4498636 | 48 | env > ~/boot_env |
87f8d0b3 | 49 | conf=/var/www/discourse/config/discourse.conf |
87f8d0b3 | 50 | |
1cb802ad | 51 | # find DISCOURSE_ env vars, strip the leader, lowercase the key |
797864e6 | 52 | /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf |
1cb802ad | 53 | |
b3d252a0 | 54 | - file: |
4316c5e5 S |
55 | path: /etc/runit/1.d/ensure-web-nginx-read |
56 | chmod: "+x" | |
57 | contents: | | |
b3d252a0 | 58 | #!/bin/bash |
2191df8b | 59 | mkdir -p /var/log/nginx |
b3d252a0 S |
60 | chgrp -R www-data /var/log/nginx |
61 | chgrp www-data /var/log/nginx | |
4316c5e5 | 62 | |
9fb5f2d3 SS |
63 | - file: |
64 | path: /etc/service/unicorn/run | |
65 | chmod: "+x" | |
66 | contents: | | |
67 | #!/bin/bash | |
68 | exec 2>&1 | |
9fb5f2d3 SS |
69 | # redis |
70 | # postgres | |
71 | cd $home | |
6d00b2fa | 72 | chown -R discourse:www-data /shared/log/rails |
56e5e6c2 | 73 | LD_PRELOAD=/usr/lib/libjemalloc.so.1 HOME=/home/discourse USER=discourse exec chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb |
9fb5f2d3 | 74 | |
9fb5f2d3 SS |
75 | - file: |
76 | path: /etc/service/nginx/run | |
77 | chmod: "+x" | |
78 | contents: | | |
79 | #!/bin/sh | |
80 | exec 2>&1 | |
81 | exec /usr/sbin/nginx | |
82 | ||
074f2b6a S |
83 | - file: |
84 | path: /etc/runit/3.d/01-nginx | |
85 | chmod: "+x" | |
86 | contents: | | |
87 | #!/bin/bash | |
88 | sv stop nginx | |
89 | ||
90 | - file: | |
91 | path: /etc/runit/3.d/02-unicorn | |
92 | chmod: "+x" | |
93 | contents: | | |
94 | #!/bin/bash | |
95 | sv stop unicorn | |
96 | ||
9fb5f2d3 SS |
97 | - exec: |
98 | cd: $home | |
99 | hook: code | |
100 | cmd: | |
101 | - git reset --hard | |
102 | - git clean -f | |
36c6b609 | 103 | - git remote set-branches --add origin master |
d9c1b419 S |
104 | - git pull |
105 | - git fetch origin $version | |
9fb5f2d3 | 106 | - git checkout $version |
9fb5f2d3 SS |
107 | - mkdir -p tmp/pids |
108 | - mkdir -p tmp/sockets | |
b150cad1 | 109 | - touch tmp/.gitkeep |
e56a65f6 | 110 | - mkdir -p /shared/log/rails |
b6227eb0 | 111 | - bash -c "touch -a /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log" |
e56a65f6 MB |
112 | - bash -c "ln -s /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log" |
113 | - bash -c "mkdir -p /shared/{uploads,backups}" | |
114 | - bash -c "ln -s /shared/{uploads,backups} $home/public" | |
115 | - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups | |
c4498636 | 116 | |
9fb5f2d3 SS |
117 | - exec: |
118 | cmd: | |
119 | - "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf" | |
120 | - "rm /etc/nginx/sites-enabled/default" | |
69c891fd | 121 | - "mkdir -p /var/nginx/cache" |
9fb5f2d3 SS |
122 | |
123 | - replace: | |
124 | filename: /etc/nginx/nginx.conf | |
125 | from: pid /run/nginx.pid; | |
126 | to: daemon off; | |
127 | ||
128 | - replace: | |
129 | filename: "/etc/nginx/conf.d/discourse.conf" | |
130 | from: /upstream[^\}]+\}/m | |
131 | to: "upstream discourse { | |
132 | server 127.0.0.1:3000; | |
133 | }" | |
134 | ||
135 | - replace: | |
136 | filename: "/etc/nginx/conf.d/discourse.conf" | |
137 | from: /server_name.+$/ | |
138 | to: server_name _ ; | |
139 | ||
6e23c775 | 140 | - replace: |
141 | filename: "/etc/nginx/conf.d/discourse.conf" | |
142 | from: /client_max_body_size.+$/ | |
143 | to: client_max_body_size $upload_size ; | |
144 | ||
9e8e16a8 SS |
145 | - exec: |
146 | cmd: echo "done configuring web" | |
147 | hook: web_config | |
148 | ||
9fb5f2d3 SS |
149 | - exec: |
150 | cd: $home | |
62418f96 | 151 | hook: web |
9fb5f2d3 | 152 | cmd: |
e64b0a0b S |
153 | # ensure we are on latest bundler |
154 | - gem update bundler | |
9fb5f2d3 | 155 | - chown -R discourse $home |
70710fa0 EG |
156 | |
157 | - exec: | |
158 | cd: $home | |
159 | hook: bundle_exec | |
160 | cmd: | |
e56a65f6 MB |
161 | - su discourse -c 'bundle install --deployment --verbose --without test --without development' |
162 | - su discourse -c 'bundle exec rake db:migrate' | |
163 | - su discourse -c 'bundle exec rake assets:precompile' | |
9fb5f2d3 | 164 | |
553a4fc9 S |
165 | - file: |
166 | path: /usr/local/bin/discourse | |
167 | chmod: +x | |
168 | contents: | | |
169 | #!/bin/bash | |
8a02b91e | 170 | (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@") |
553a4fc9 S |
171 | |
172 | - file: | |
173 | path: /usr/local/bin/rails | |
174 | chmod: +x | |
175 | contents: | | |
176 | #!/bin/bash | |
cbfcacda | 177 | # If they requested a console, load pry instead |
d16335a6 | 178 | if [ "$*" == "c" -o "$*" == "console" ] |
cbfcacda | 179 | then |
8a02b91e | 180 | (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment) |
cbfcacda | 181 | else |
8a02b91e | 182 | (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@") |
cbfcacda | 183 | fi |
553a4fc9 S |
184 | |
185 | - file: | |
186 | path: /usr/local/bin/rake | |
187 | chmod: +x | |
188 | contents: | | |
189 | #!/bin/bash | |
8a02b91e | 190 | (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@") |
553a4fc9 S |
191 | |
192 | - file: | |
193 | path: /etc/update-motd.d/10-web | |
194 | chmod: +x | |
195 | contents: | | |
196 | #!/bin/bash | |
197 | echo | |
198 | echo Use: rails, rake or discourse to execute commands in production | |
199 | echo | |
200 | ||
be82e068 S |
201 | - file: |
202 | path: /etc/logrotate.d/rails | |
203 | contents: | | |
204 | /shared/log/rails/*.log | |
205 | { | |
206 | rotate 14 | |
207 | dateext | |
208 | daily | |
209 | missingok | |
210 | notifempty | |
211 | delaycompress | |
212 | compress | |
213 | postrotate | |
214 | sv 1 unicorn | |
215 | endscript | |
216 | } | |
55737024 | 217 | |
5d256035 S |
218 | - file: |
219 | path: /etc/logrotate.d/nginx | |
220 | contents: | | |
221 | /var/log/nginx/*.log { | |
222 | daily | |
223 | missingok | |
224 | rotate 14 | |
225 | compress | |
226 | delaycompress | |
227 | notifempty | |
b3d252a0 | 228 | create 0640 www-data www-data |
5d256035 S |
229 | sharedscripts |
230 | postrotate | |
231 | sv 1 nginx | |
232 | endscript | |
233 | } | |
55737024 | 234 | |
25a7de18 S |
235 | # move state out of the container this fancy is done to support rapid rebuilds of containers, |
236 | # we store anacron and logrotate state outside the container to ensure its maintained across builds | |
237 | # later move this snipped into an intialization script | |
be55cb66 S |
238 | # we also ensure all the symlinks we need to /shared are in place in the correct structure |
239 | # this allows us to bootstrap on one machine and then run on another | |
240 | - file: | |
241 | path: /etc/runit/1.d/00-ensure-links | |
242 | chmod: +x | |
243 | contents: | | |
244 | #!/bin/bash | |
245 | if [[ ! -L /var/lib/logrotate ]]; then | |
246 | rm -fr /var/lib/logrotate | |
247 | mkdir -p /shared/state/logrotate | |
248 | ln -s /shared/state/logrotate /var/lib/logrotate | |
249 | fi | |
250 | if [[ ! -L /var/spool/anacron ]]; then | |
251 | rm -fr /var/spool/anacron | |
252 | mkdir -p /shared/state/anacron-spool | |
253 | ln -s /shared/state/anacron-spool /var/spool/anacron | |
254 | fi | |
255 | if [[ ! -d /shared/log/rails ]]; then | |
256 | mkdir -p /shared/log/rails | |
257 | chown -R discourse:www-data /shared/log/rails | |
258 | fi | |
259 | if [[ ! -d /shared/uploads ]]; then | |
260 | mkdir -p /shared/uploads | |
261 | chown -R discourse:www-data /shared/uploads | |
262 | fi | |
263 | if [[ ! -d /shared/backups ]]; then | |
264 | mkdir -p /shared/backups | |
265 | chown -R discourse:www-data /shared/backups | |
266 | fi | |
0c456e8c EG |
267 | |
268 | # change login directory to Discourse home | |
269 | - file: | |
270 | path: /root/.bash_profile | |
271 | chmod: 644 | |
272 | contents: | | |
273 | cd $home |