2 # You can have redis on a different box
3 RAILS_ENV: 'production'
6 # this gives us very good cache coverage, 96 -> 99
7 # in practice it is 1-2% perf improvement
8 RUBY_GLOBAL_METHOD_CACHE_SIZE: 131072
9 # stop heap doubling in size so aggressively, this conserves memory
10 RUBY_GC_HEAP_GROWTH_MAX_SLOTS: 40000
11 RUBY_GC_HEAP_INIT_SLOTS: 400000
12 RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR: 1.5
14 DISCOURSE_DB_SOCKET: /var/run/postgresql
20 # SSH key is required for remote access into the container
23 home: /var/www/discourse
27 # see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
29 filename: /usr/local/etc/ImageMagick-6/policy.xml
33 <policy domain="coder" rights="none" pattern="EPHEMERAL" />
34 <policy domain="coder" rights="none" pattern="URL" />
35 <policy domain="coder" rights="none" pattern="HTTPS" />
36 <policy domain="coder" rights="none" pattern="MVG" />
37 <policy domain="coder" rights="none" pattern="MSL" />
38 <policy domain="coder" rights="none" pattern="TEXT" />
39 <policy domain="coder" rights="none" pattern="SHOW" />
40 <policy domain="coder" rights="none" pattern="WIN" />
41 <policy domain="coder" rights="none" pattern="PLT" />
43 - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
44 - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end'
45 - exec: chown -R discourse /home/discourse
46 # TODO: move to base image (anacron can not be fired up using rc.d)
47 - exec: rm -f /etc/cron.d/anacron
49 path: /etc/cron.d/anacron
52 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
54 30 7 * * * root /usr/sbin/anacron -s >/dev/null
56 path: /etc/runit/1.d/copy-env
61 conf=/var/www/discourse/config/discourse.conf
63 # find DISCOURSE_ env vars, strip the leader, lowercase the key
64 /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf
66 path: /etc/runit/1.d/00-fix-log-permissions
70 mkdir -p /var/log/nginx
71 chown -R www-data:www-data /var/log/nginx
72 chown www-data:www-data /var/log/nginx
73 chown -f syslog:adm /var/log/syslog*
74 chown -f syslog:adm /var/log/auth.log*
75 chown -f syslog:adm /var/log/kern.log*
78 path: /etc/runit/1.d/enable-brotli
82 [ ! -z "$COMPRESS_BROTLI" ] && sed -i "s/. brotli/ brotli/" /etc/nginx/conf.d/discourse.conf || sed -i "s/. brotli/# brotli/" /etc/nginx/conf.d/discourse.conf
85 path: /etc/service/unicorn/run
93 chown -R discourse:www-data /shared/log/rails
94 LD_PRELOAD=$RUBY_ALLOCATOR HOME=/home/discourse USER=discourse exec chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb
97 path: /etc/service/nginx/run
105 path: /etc/runit/3.d/01-nginx
112 path: /etc/runit/3.d/02-unicorn
124 - git remote set-branches --add origin master
126 - git fetch origin $version
127 - git checkout $version
129 - mkdir -p tmp/sockets
131 - mkdir -p /shared/log/rails
132 - bash -c "touch -a /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log"
133 - bash -c "ln -s /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log"
134 - bash -c "mkdir -p /shared/{uploads,backups}"
135 - bash -c "ln -s /shared/{uploads,backups} $home/public"
136 - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups
140 - "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf"
141 - "rm /etc/nginx/sites-enabled/default"
142 - "mkdir -p /var/nginx/cache"
145 filename: /etc/nginx/nginx.conf
146 from: pid /run/nginx.pid;
150 filename: "/etc/nginx/conf.d/discourse.conf"
151 from: /upstream[^\}]+\}/m
152 to: "upstream discourse {
153 server 127.0.0.1:3000;
157 filename: "/etc/nginx/conf.d/discourse.conf"
158 from: /server_name.+$/
162 filename: "/etc/nginx/conf.d/discourse.conf"
163 from: /client_max_body_size.+$/
164 to: client_max_body_size $upload_size ;
167 cmd: echo "done configuring web"
174 # ensure we are on latest bundler
176 - chown -R discourse $home
182 - su discourse -c 'bundle install --deployment --verbose --without test --without development'
183 - su discourse -c 'bundle exec rake db:migrate'
184 - su discourse -c 'bundle exec rake assets:precompile'
187 path: /usr/local/bin/discourse
191 (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@")
194 path: /usr/local/bin/rails
198 # If they requested a console, load pry instead
199 if [ "$*" == "c" -o "$*" == "console" ]
201 (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment)
203 (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@")
207 path: /usr/local/bin/rake
211 (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@")
214 path: /etc/update-motd.d/10-web
219 echo Use: rails, rake or discourse to execute commands in production
223 path: /etc/logrotate.d/rails
225 /shared/log/rails/*.log
240 path: /etc/logrotate.d/nginx
242 /var/log/nginx/*.log {
249 create 0640 www-data www-data
256 # move state out of the container this fancy is done to support rapid rebuilds of containers,
257 # we store anacron and logrotate state outside the container to ensure its maintained across builds
258 # later move this snipped into an intialization script
259 # we also ensure all the symlinks we need to /shared are in place in the correct structure
260 # this allows us to bootstrap on one machine and then run on another
262 path: /etc/runit/1.d/00-ensure-links
266 if [[ ! -L /var/lib/logrotate ]]; then
267 rm -fr /var/lib/logrotate
268 mkdir -p /shared/state/logrotate
269 ln -s /shared/state/logrotate /var/lib/logrotate
271 if [[ ! -L /var/spool/anacron ]]; then
272 rm -fr /var/spool/anacron
273 mkdir -p /shared/state/anacron-spool
274 ln -s /shared/state/anacron-spool /var/spool/anacron
276 if [[ ! -d /shared/log/rails ]]; then
277 mkdir -p /shared/log/rails
278 chown -R discourse:www-data /shared/log/rails
280 if [[ ! -d /shared/uploads ]]; then
281 mkdir -p /shared/uploads
282 chown -R discourse:www-data /shared/uploads
284 if [[ ! -d /shared/backups ]]; then
285 mkdir -p /shared/backups
286 chown -R discourse:www-data /shared/backups
289 # change login directory to Discourse home
291 path: /root/.bash_profile