[discourse_docker.git] / templates / web.template.yml

env:
  # You can have redis on a different box
  RAILS_ENV: 'production'
  UNICORN_WORKERS: 3
  UNICORN_SIDEKIQS: 1
  # slightly less aggressive than "recommendation" but works fine with oobgc
  RUBY_GC_MALLOC_LIMIT: 40000000
  # this ensures we have enough heap space to handle a big pile of small reqs
  RUBY_GC_HEAP_INIT_SLOTS: 800000

  DISCOURSE_DB_SOCKET: /var/run/postgresql
  DISCOURSE_DB_HOST:
  DISCOURSE_DB_PORT:


params:
  # SSH key is required for remote access into the container
  version: tests-passed

  home: /var/www/discourse
  upload_size: 10m

run:
  # see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
  - replace:
      filename: /usr/local/etc/ImageMagick-6/policy.xml
      from: "<policymap>"
      to: |
        <policymap>
          <policy domain="coder" rights="none" pattern="EPHEMERAL" />
          <policy domain="coder" rights="none" pattern="URL" />
          <policy domain="coder" rights="none" pattern="HTTPS" />
          <policy domain="coder" rights="none" pattern="MVG" />
          <policy domain="coder" rights="none" pattern="MSL" />
          <policy domain="coder" rights="none" pattern="TEXT" />
          <policy domain="coder" rights="none" pattern="SHOW" />
          <policy domain="coder" rights="none" pattern="WIN" />
          <policy domain="coder" rights="none" pattern="PLT" />

  - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
  - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end'
  - exec: chown -R discourse /home/discourse
  - file:
     path: /etc/runit/1.d/copy-env
     chmod: "+x"
     contents: |
        #!/bin/bash
        env > ~/boot_env
        conf=/var/www/discourse/config/discourse.conf

        # find DISCOURSE_ env vars, strip the leader, lowercase the key
        /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf

  - file:
     path: /etc/runit/1.d/ensure-web-nginx-read
     chmod: "+x"
     contents: |
        #!/bin/bash
        mkdir -p /var/log/nginx
        chgrp -R www-data /var/log/nginx
        chgrp www-data /var/log/nginx

  - file:
     path: /etc/service/unicorn/run
     chmod: "+x"
     contents: |
        #!/bin/bash
        exec 2>&1
        # redis
        # postgres
        cd $home
        chown -R discourse:www-data /shared/log/rails
        LD_PRELOAD=/usr/lib/libjemalloc.so.1 HOME=/home/discourse USER=discourse exec chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb

  - file:
     path: /etc/service/nginx/run
     chmod: "+x"
     contents: |
        #!/bin/sh
        exec 2>&1
        exec /usr/sbin/nginx

  - file:
     path: /etc/runit/3.d/01-nginx
     chmod: "+x"
     contents: |
       #!/bin/bash
       sv stop nginx

  - file:
     path: /etc/runit/3.d/02-unicorn
     chmod: "+x"
     contents: |
       #!/bin/bash
       sv stop unicorn

  - exec:
      cd: $home
      hook: code
      cmd:
        - git reset --hard
        - git clean -f
        - git remote set-branches --add origin master
        - git pull
        - git fetch origin $version
        - git checkout $version
        - mkdir -p tmp/pids
        - mkdir -p tmp/sockets
        - touch tmp/.gitkeep
        - mkdir -p                    /shared/log/rails
        - bash -c "touch -a           /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log"
        - bash -c "ln    -s           /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log"
        - bash -c "mkdir -p           /shared/{uploads,backups}"
        - bash -c "ln    -s           /shared/{uploads,backups} $home/public"
        - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups

  - exec:
      cmd:
        - "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf"
        - "rm /etc/nginx/sites-enabled/default"
        - "mkdir -p /var/nginx/cache"

  - replace:
      filename: /etc/nginx/nginx.conf
      from: pid /run/nginx.pid;
      to: daemon off;

  - replace:
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /upstream[^\}]+\}/m
      to: "upstream discourse {
        server 127.0.0.1:3000;
      }"

  - replace:
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /server_name.+$/
      to: server_name _ ;

  - replace:
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /client_max_body_size.+$/
      to: client_max_body_size $upload_size ;

  - exec:
      cmd: echo "done configuring web"
      hook: web_config

  - exec:
      cd: $home
      hook: web
      cmd:
        # ensure we are on latest bundler
        - gem update bundler
        - chown -R discourse $home

  - exec:
      cd: $home
      hook: bundle_exec
      cmd:
        - su discourse -c 'bundle install --deployment --verbose --without test --without development'
        - su discourse -c 'bundle exec rake db:migrate'
        - su discourse -c 'bundle exec rake assets:precompile'

  - file:
     path: /usr/local/bin/discourse
     chmod: +x
     contents: |
       #!/bin/bash
       (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@")

  - file:
     path: /usr/local/bin/rails
     chmod: +x
     contents: |
       #!/bin/bash
       # If they requested a console, load pry instead
       if [ "$*" == "c" -o "$*" == "console" ]
       then
        (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment)
       else
        (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@")
       fi

  - file:
     path: /usr/local/bin/rake
     chmod: +x
     contents: |
       #!/bin/bash
       (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@")

  - file:
     path: /etc/update-motd.d/10-web
     chmod: +x
     contents: |
       #!/bin/bash
       echo
       echo Use: rails, rake or discourse to execute commands in production
       echo

  - file:
     path: /etc/logrotate.d/rails
     contents: |
        /shared/log/rails/*.log
        {
                rotate 14
                dateext
                daily
                missingok
                notifempty
                delaycompress
                compress
                postrotate
                sv 1 unicorn
                endscript
        }

  - file:
     path: /etc/logrotate.d/nginx
     contents: |
        /var/log/nginx/*.log {
          daily
          missingok
          rotate 14
          compress
          delaycompress
          notifempty
          create 0640 www-data www-data
          sharedscripts
          postrotate
            sv 1 nginx
          endscript
        }

  # move state out of the container this fancy is done to support rapid rebuilds of containers,
  # we store anacron and logrotate state outside the container to ensure its maintained across builds
  # later move this snipped into an intialization script
  # we also ensure all the symlinks we need to /shared are in place in the correct structure
  # this allows us to bootstrap on one machine and then run on another
  - file:
      path: /etc/runit/1.d/00-ensure-links
      chmod: +x
      contents: |
        #!/bin/bash
        if [[ ! -L /var/lib/logrotate ]]; then
          rm -fr /var/lib/logrotate
          mkdir -p /shared/state/logrotate
          ln -s /shared/state/logrotate /var/lib/logrotate
        fi
        if [[ ! -L /var/spool/anacron ]]; then
          rm -fr /var/spool/anacron
          mkdir -p /shared/state/anacron-spool
          ln -s /shared/state/anacron-spool /var/spool/anacron
        fi
        if [[ ! -d /shared/log/rails ]]; then
          mkdir -p /shared/log/rails
          chown -R discourse:www-data /shared/log/rails
        fi
        if [[ ! -d /shared/uploads ]]; then
          mkdir -p /shared/uploads
          chown -R discourse:www-data /shared/uploads
        fi
        if [[ ! -d /shared/backups ]]; then
          mkdir -p /shared/backups
          chown -R discourse:www-data /shared/backups
        fi

  # change login directory to Discourse home
  - file:
     path: /root/.bash_profile
     chmod: 644
     contents: |
        cd $home
Commit	Line	Data
9fb5f2d3	1	env:
9fb5f2d3	2	# You can have redis on a different box
9fb5f2d3 SS	3	RAILS_ENV: 'production'
9fb5f2d3 SS	4	UNICORN_WORKERS: 3
42b06eef	5	UNICORN_SIDEKIQS: 1
9fb5f2d3 SS	6	# slightly less aggressive than "recommendation" but works fine with oobgc
	7	RUBY_GC_MALLOC_LIMIT: 40000000
	8	# this ensures we have enough heap space to handle a big pile of small reqs
ddf77f73	9	RUBY_GC_HEAP_INIT_SLOTS: 800000
9fb5f2d3	10
9be8f5b9	11	DISCOURSE_DB_SOCKET: /var/run/postgresql
c148f4c9 SS	12	DISCOURSE_DB_HOST:
c148f4c9 SS	13	DISCOURSE_DB_PORT:
38000fc6 SS	14
38000fc6 SS	15
9fb5f2d3 SS	16	params:
9fb5f2d3 SS	17	# SSH key is required for remote access into the container
b56a2bd7	18	version: tests-passed
9fb5f2d3 SS	19
9fb5f2d3 SS	20	home: /var/www/discourse
44c59d37	21	upload_size: 10m
9fb5f2d3	22
9fb5f2d3	23	run:
d321b1b8	24	# see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
d47aa69b S	25	- replace:
	26	filename: /usr/local/etc/ImageMagick-6/policy.xml
	27	from: "<policymap>"
	28	to: \|
	29	<policymap>
	30	<policy domain="coder" rights="none" pattern="EPHEMERAL" />
ada30c34	31	<policy domain="coder" rights="none" pattern="URL" />
d47aa69b S	32	<policy domain="coder" rights="none" pattern="HTTPS" />
	33	<policy domain="coder" rights="none" pattern="MVG" />
	34	<policy domain="coder" rights="none" pattern="MSL" />
ada30c34 MT	35	<policy domain="coder" rights="none" pattern="TEXT" />
	36	<policy domain="coder" rights="none" pattern="SHOW" />
	37	<policy domain="coder" rights="none" pattern="WIN" />
	38	<policy domain="coder" rights="none" pattern="PLT" />
d47aa69b	39
b7f9f4c7	40	- exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
28aa70d0	41	- exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end'
cc81fc95	42	- exec: chown -R discourse /home/discourse
87f8d0b3	43	- file:
089518ef	44	path: /etc/runit/1.d/copy-env
87f8d0b3 SS	45	chmod: "+x"
	46	contents: \|
	47	#!/bin/bash
c4498636	48	env > ~/boot_env
87f8d0b3	49	conf=/var/www/discourse/config/discourse.conf
87f8d0b3	50
1cb802ad	51	# find DISCOURSE_ env vars, strip the leader, lowercase the key
797864e6	52	/usr/local/bin/ruby -e 'ENV.each{\|k,v\| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf
1cb802ad	53
b3d252a0	54	- file:
4316c5e5 S	55	path: /etc/runit/1.d/ensure-web-nginx-read
	56	chmod: "+x"
	57	contents: \|
b3d252a0	58	#!/bin/bash
2191df8b	59	mkdir -p /var/log/nginx
b3d252a0 S	60	chgrp -R www-data /var/log/nginx
b3d252a0 S	61	chgrp www-data /var/log/nginx
4316c5e5	62
9fb5f2d3 SS	63	- file:
	64	path: /etc/service/unicorn/run
	65	chmod: "+x"
	66	contents: \|
	67	#!/bin/bash
	68	exec 2>&1
9fb5f2d3 SS	69	# redis
	70	# postgres
	71	cd $home
6d00b2fa	72	chown -R discourse:www-data /shared/log/rails
56e5e6c2	73	LD_PRELOAD=/usr/lib/libjemalloc.so.1 HOME=/home/discourse USER=discourse exec chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb
9fb5f2d3	74
9fb5f2d3 SS	75	- file:
	76	path: /etc/service/nginx/run
	77	chmod: "+x"
	78	contents: \|
	79	#!/bin/sh
	80	exec 2>&1
	81	exec /usr/sbin/nginx
	82
074f2b6a S	83	- file:
	84	path: /etc/runit/3.d/01-nginx
	85	chmod: "+x"
	86	contents: \|
	87	#!/bin/bash
	88	sv stop nginx
	89
	90	- file:
	91	path: /etc/runit/3.d/02-unicorn
	92	chmod: "+x"
	93	contents: \|
	94	#!/bin/bash
	95	sv stop unicorn
	96
9fb5f2d3 SS	97	- exec:
	98	cd: $home
	99	hook: code
	100	cmd:
	101	- git reset --hard
	102	- git clean -f
36c6b609	103	- git remote set-branches --add origin master
d9c1b419 S	104	- git pull
d9c1b419 S	105	- git fetch origin $version
9fb5f2d3	106	- git checkout $version
9fb5f2d3 SS	107	- mkdir -p tmp/pids
9fb5f2d3 SS	108	- mkdir -p tmp/sockets
b150cad1	109	- touch tmp/.gitkeep
e56a65f6	110	- mkdir -p /shared/log/rails
b6227eb0	111	- bash -c "touch -a /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log"
e56a65f6 MB	112	- bash -c "ln -s /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log"
	113	- bash -c "mkdir -p /shared/{uploads,backups}"
	114	- bash -c "ln -s /shared/{uploads,backups} $home/public"
	115	- chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups
c4498636	116
9fb5f2d3 SS	117	- exec:
	118	cmd:
	119	- "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf"
	120	- "rm /etc/nginx/sites-enabled/default"
69c891fd	121	- "mkdir -p /var/nginx/cache"
9fb5f2d3 SS	122
	123	- replace:
	124	filename: /etc/nginx/nginx.conf
	125	from: pid /run/nginx.pid;
	126	to: daemon off;
	127
	128	- replace:
	129	filename: "/etc/nginx/conf.d/discourse.conf"
	130	from: /upstream[^\}]+\}/m
	131	to: "upstream discourse {
	132	server 127.0.0.1:3000;
	133	}"
	134
	135	- replace:
	136	filename: "/etc/nginx/conf.d/discourse.conf"
	137	from: /server_name.+$/
	138	to: server_name _ ;
	139
6e23c775	140	- replace:
	141	filename: "/etc/nginx/conf.d/discourse.conf"
	142	from: /client_max_body_size.+$/
	143	to: client_max_body_size $upload_size ;
	144
9e8e16a8 SS	145	- exec:
	146	cmd: echo "done configuring web"
	147	hook: web_config
	148
9fb5f2d3 SS	149	- exec:
9fb5f2d3 SS	150	cd: $home
62418f96	151	hook: web
9fb5f2d3	152	cmd:
e64b0a0b S	153	# ensure we are on latest bundler
e64b0a0b S	154	- gem update bundler
9fb5f2d3	155	- chown -R discourse $home
70710fa0 EG	156
	157	- exec:
	158	cd: $home
	159	hook: bundle_exec
	160	cmd:
e56a65f6 MB	161	- su discourse -c 'bundle install --deployment --verbose --without test --without development'
	162	- su discourse -c 'bundle exec rake db:migrate'
	163	- su discourse -c 'bundle exec rake assets:precompile'
9fb5f2d3	164
553a4fc9 S	165	- file:
	166	path: /usr/local/bin/discourse
	167	chmod: +x
	168	contents: \|
	169	#!/bin/bash
8a02b91e	170	(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@")
553a4fc9 S	171
	172	- file:
	173	path: /usr/local/bin/rails
	174	chmod: +x
	175	contents: \|
	176	#!/bin/bash
cbfcacda	177	# If they requested a console, load pry instead
d16335a6	178	if [ "$" == "c" -o "$" == "console" ]
cbfcacda	179	then
8a02b91e	180	(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment)
cbfcacda	181	else
8a02b91e	182	(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@")
cbfcacda	183	fi
553a4fc9 S	184
	185	- file:
	186	path: /usr/local/bin/rake
	187	chmod: +x
	188	contents: \|
	189	#!/bin/bash
8a02b91e	190	(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@")
553a4fc9 S	191
	192	- file:
	193	path: /etc/update-motd.d/10-web
	194	chmod: +x
	195	contents: \|
	196	#!/bin/bash
	197	echo
	198	echo Use: rails, rake or discourse to execute commands in production
	199	echo
	200
be82e068 S	201	- file:
	202	path: /etc/logrotate.d/rails
	203	contents: \|
	204	/shared/log/rails/*.log
	205	{
	206	rotate 14
	207	dateext
	208	daily
	209	missingok
	210	notifempty
	211	delaycompress
	212	compress
	213	postrotate
	214	sv 1 unicorn
	215	endscript
	216	}
55737024	217
5d256035 S	218	- file:
	219	path: /etc/logrotate.d/nginx
	220	contents: \|
	221	/var/log/nginx/*.log {
	222	daily
	223	missingok
	224	rotate 14
	225	compress
	226	delaycompress
	227	notifempty
b3d252a0	228	create 0640 www-data www-data
5d256035 S	229	sharedscripts
	230	postrotate
	231	sv 1 nginx
	232	endscript
	233	}
55737024	234
25a7de18 S	235	# move state out of the container this fancy is done to support rapid rebuilds of containers,
	236	# we store anacron and logrotate state outside the container to ensure its maintained across builds
	237	# later move this snipped into an intialization script
be55cb66 S	238	# we also ensure all the symlinks we need to /shared are in place in the correct structure
	239	# this allows us to bootstrap on one machine and then run on another
	240	- file:
	241	path: /etc/runit/1.d/00-ensure-links
	242	chmod: +x
	243	contents: \|
	244	#!/bin/bash
	245	if [[ ! -L /var/lib/logrotate ]]; then
	246	rm -fr /var/lib/logrotate
	247	mkdir -p /shared/state/logrotate
	248	ln -s /shared/state/logrotate /var/lib/logrotate
	249	fi
	250	if [[ ! -L /var/spool/anacron ]]; then
	251	rm -fr /var/spool/anacron
	252	mkdir -p /shared/state/anacron-spool
	253	ln -s /shared/state/anacron-spool /var/spool/anacron
	254	fi
	255	if [[ ! -d /shared/log/rails ]]; then
	256	mkdir -p /shared/log/rails
	257	chown -R discourse:www-data /shared/log/rails
	258	fi
	259	if [[ ! -d /shared/uploads ]]; then
	260	mkdir -p /shared/uploads
	261	chown -R discourse:www-data /shared/uploads
	262	fi
	263	if [[ ! -d /shared/backups ]]; then
	264	mkdir -p /shared/backups
	265	chown -R discourse:www-data /shared/backups
	266	fi
0c456e8c EG	267
	268	# change login directory to Discourse home
	269	- file:
	270	path: /root/.bash_profile
	271	chmod: 644
	272	contents: \|
	273	cd $home