templates/web.template.yml

   1 env:
   2   # You can have redis on a different box
   3   RAILS_ENV: 'production'
   4   UNICORN_WORKERS: 3
   5   UNICORN_SIDEKIQS: 1
   6   # this gives us very good cache coverage, 96 -> 99
   7   # in practice it is 1-2% perf improvement
   8   RUBY_GLOBAL_METHOD_CACHE_SIZE: 131072
   9
  10   DISCOURSE_DB_SOCKET: /var/run/postgresql
  11   DISCOURSE_DB_HOST:
  12   DISCOURSE_DB_PORT:
  13
  14
  15 params:
  16   # SSH key is required for remote access into the container
  17   version: tests-passed
  18
  19   home: /var/www/discourse
  20   upload_size: 10m
  21
  22 run:
  23   # see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
  24   - replace:
  25       filename: /usr/local/etc/ImageMagick-6/policy.xml
  26       from: "<policymap>"
  27       to: |
  28         <policymap>
  29           <policy domain="coder" rights="none" pattern="EPHEMERAL" />
  30           <policy domain="coder" rights="none" pattern="URL" />
  31           <policy domain="coder" rights="none" pattern="HTTPS" />
  32           <policy domain="coder" rights="none" pattern="MVG" />
  33           <policy domain="coder" rights="none" pattern="MSL" />
  34           <policy domain="coder" rights="none" pattern="TEXT" />
  35           <policy domain="coder" rights="none" pattern="SHOW" />
  36           <policy domain="coder" rights="none" pattern="WIN" />
  37           <policy domain="coder" rights="none" pattern="PLT" />
  38
  39   - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
  40   - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end'
  41   - exec: chown -R discourse /home/discourse
  42   - file:
  43      path: /etc/runit/1.d/copy-env
  44      chmod: "+x"
  45      contents: |
  46         #!/bin/bash
  47         env > ~/boot_env
  48         conf=/var/www/discourse/config/discourse.conf
  49
  50         # find DISCOURSE_ env vars, strip the leader, lowercase the key
  51         /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf
  52   - file:
  53      path: /etc/runit/1.d/00-fix-log-permissions
  54      chmod: "+x"
  55      contents: |
  56        #!/bin/bash
  57        mkdir -p /var/log/nginx
  58        chown -R www-data:www-data /var/log/nginx
  59        chown www-data:www-data /var/log/nginx
  60        chown -f syslog:adm /var/log/syslog*
  61        chown -f syslog:adm /var/log/auth.log*
  62        chown -f syslog:adm /var/log/kern.log*
  63
  64   - file:
  65      path: /etc/runit/1.d/enable-brotli
  66      chmod: "+x"
  67      contents: |
  68         #!/bin/bash
  69         [ ! -z "$COMPRESS_BROTLI" ] && sed -i "s/. brotli/  brotli/" /etc/nginx/conf.d/discourse.conf || sed -i "s/. brotli/# brotli/" /etc/nginx/conf.d/discourse.conf
  70
  71   - file:
  72      path: /etc/service/unicorn/run
  73      chmod: "+x"
  74      contents: |
  75         #!/bin/bash
  76         exec 2>&1
  77         # redis
  78         # postgres
  79         cd $home
  80         chown -R discourse:www-data /shared/log/rails
  81         LD_PRELOAD=/usr/lib/libjemalloc.so.1 HOME=/home/discourse USER=discourse exec chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb
  82
  83   - file:
  84      path: /etc/service/nginx/run
  85      chmod: "+x"
  86      contents: |
  87         #!/bin/sh
  88         exec 2>&1
  89         exec /usr/sbin/nginx
  90
  91   - file:
  92      path: /etc/runit/3.d/01-nginx
  93      chmod: "+x"
  94      contents: |
  95        #!/bin/bash
  96        sv stop nginx
  97
  98   - file:
  99      path: /etc/runit/3.d/02-unicorn
 100      chmod: "+x"
 101      contents: |
 102        #!/bin/bash
 103        sv stop unicorn
 104
 105   - exec:
 106       cd: $home
 107       hook: code
 108       cmd:
 109         - git reset --hard
 110         - git clean -f
 111         - git remote set-branches --add origin master
 112         - git pull
 113         - git fetch origin $version
 114         - git checkout $version
 115         - mkdir -p tmp/pids
 116         - mkdir -p tmp/sockets
 117         - touch tmp/.gitkeep
 118         - mkdir -p                    /shared/log/rails
 119         - bash -c "touch -a           /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log"
 120         - bash -c "ln    -s           /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log"
 121         - bash -c "mkdir -p           /shared/{uploads,backups}"
 122         - bash -c "ln    -s           /shared/{uploads,backups} $home/public"
 123         - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups
 124
 125   - exec:
 126       cmd:
 127         - "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf"
 128         - "rm /etc/nginx/sites-enabled/default"
 129         - "mkdir -p /var/nginx/cache"
 130
 131   - replace:
 132       filename: /etc/nginx/nginx.conf
 133       from: pid /run/nginx.pid;
 134       to: daemon off;
 135
 136   - replace:
 137       filename: "/etc/nginx/conf.d/discourse.conf"
 138       from: /upstream[^\}]+\}/m
 139       to: "upstream discourse {
 140         server 127.0.0.1:3000;
 141       }"
 142
 143   - replace:
 144       filename: "/etc/nginx/conf.d/discourse.conf"
 145       from: /server_name.+$/
 146       to: server_name _ ;
 147
 148   - replace:
 149       filename: "/etc/nginx/conf.d/discourse.conf"
 150       from: /client_max_body_size.+$/
 151       to: client_max_body_size $upload_size ;
 152
 153   - exec:
 154       cmd: echo "done configuring web"
 155       hook: web_config
 156
 157   - exec:
 158       cd: $home
 159       hook: web
 160       cmd:
 161         # ensure we are on latest bundler
 162         - gem update bundler
 163         - chown -R discourse $home
 164
 165   - exec:
 166       cd: $home
 167       hook: bundle_exec
 168       cmd:
 169         - su discourse -c 'bundle install --deployment --verbose --without test --without development'
 170         - su discourse -c 'bundle exec rake db:migrate'
 171         - su discourse -c 'bundle exec rake assets:precompile'
 172
 173   - file:
 174      path: /usr/local/bin/discourse
 175      chmod: +x
 176      contents: |
 177        #!/bin/bash
 178        (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@")
 179
 180   - file:
 181      path: /usr/local/bin/rails
 182      chmod: +x
 183      contents: |
 184        #!/bin/bash
 185        # If they requested a console, load pry instead
 186        if [ "$*" == "c" -o "$*" == "console" ]
 187        then
 188         (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment)
 189        else
 190         (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@")
 191        fi
 192
 193   - file:
 194      path: /usr/local/bin/rake
 195      chmod: +x
 196      contents: |
 197        #!/bin/bash
 198        (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@")
 199
 200   - file:
 201      path: /etc/update-motd.d/10-web
 202      chmod: +x
 203      contents: |
 204        #!/bin/bash
 205        echo
 206        echo Use: rails, rake or discourse to execute commands in production
 207        echo
 208
 209   - file:
 210      path: /etc/logrotate.d/rails
 211      contents: |
 212         /shared/log/rails/*.log
 213         {
 214                 rotate 14
 215                 dateext
 216                 daily
 217                 missingok
 218                 notifempty
 219                 delaycompress
 220                 compress
 221                 postrotate
 222                 sv 1 unicorn
 223                 endscript
 224         }
 225
 226   - file:
 227      path: /etc/logrotate.d/nginx
 228      contents: |
 229         /var/log/nginx/*.log {
 230           daily
 231           missingok
 232           rotate 14
 233           compress
 234           delaycompress
 235           notifempty
 236           create 0640 www-data www-data
 237           sharedscripts
 238           postrotate
 239             sv 1 nginx
 240           endscript
 241         }
 242
 243   # move state out of the container this fancy is done to support rapid rebuilds of containers,
 244   # we store anacron and logrotate state outside the container to ensure its maintained across builds
 245   # later move this snipped into an intialization script
 246   # we also ensure all the symlinks we need to /shared are in place in the correct structure
 247   # this allows us to bootstrap on one machine and then run on another
 248   - file:
 249       path: /etc/runit/1.d/00-ensure-links
 250       chmod: +x
 251       contents: |
 252         #!/bin/bash
 253         if [[ ! -L /var/lib/logrotate ]]; then
 254           rm -fr /var/lib/logrotate
 255           mkdir -p /shared/state/logrotate
 256           ln -s /shared/state/logrotate /var/lib/logrotate
 257         fi
 258         if [[ ! -L /var/spool/anacron ]]; then
 259           rm -fr /var/spool/anacron
 260           mkdir -p /shared/state/anacron-spool
 261           ln -s /shared/state/anacron-spool /var/spool/anacron
 262         fi
 263         if [[ ! -d /shared/log/rails ]]; then
 264           mkdir -p /shared/log/rails
 265           chown -R discourse:www-data /shared/log/rails
 266         fi
 267         if [[ ! -d /shared/uploads ]]; then
 268           mkdir -p /shared/uploads
 269           chown -R discourse:www-data /shared/uploads
 270         fi
 271         if [[ ! -d /shared/backups ]]; then
 272           mkdir -p /shared/backups
 273           chown -R discourse:www-data /shared/backups
 274         fi
 275
 276   # change login directory to Discourse home
 277   - file:
 278      path: /root/.bash_profile
 279      chmod: 644
 280      contents: |
 281         cd $home