projects / discourse_docker.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Rename `ALLOCATOR` -> `RUBY_ALLOCATOR`.
[discourse_docker.git] / templates / web.template.yml
1 env:
2 # You can have redis on a different box
3 RAILS_ENV: 'production'
4 UNICORN_WORKERS: 3
5 UNICORN_SIDEKIQS: 1
6 # this gives us very good cache coverage, 96 -> 99
7 # in practice it is 1-2% perf improvement
8 RUBY_GLOBAL_METHOD_CACHE_SIZE: 131072
9 # stop heap doubling in size so aggressively, this conserves memory
10 RUBY_GC_HEAP_GROWTH_MAX_SLOTS: 40000
11 RUBY_GC_HEAP_INIT_SLOTS: 400000
12 RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR: 1.5
13
14 DISCOURSE_DB_SOCKET: /var/run/postgresql
15 DISCOURSE_DB_HOST:
16 DISCOURSE_DB_PORT:
17
18
19 params:
20 # SSH key is required for remote access into the container
21 version: tests-passed
22
23 home: /var/www/discourse
24 upload_size: 10m
25
26 run:
27 # see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
28 - replace:
29 filename: /usr/local/etc/ImageMagick-6/policy.xml
30 from: "<policymap>"
31 to: |
32 <policymap>
33 <policy domain="coder" rights="none" pattern="EPHEMERAL" />
34 <policy domain="coder" rights="none" pattern="URL" />
35 <policy domain="coder" rights="none" pattern="HTTPS" />
36 <policy domain="coder" rights="none" pattern="MVG" />
37 <policy domain="coder" rights="none" pattern="MSL" />
38 <policy domain="coder" rights="none" pattern="TEXT" />
39 <policy domain="coder" rights="none" pattern="SHOW" />
40 <policy domain="coder" rights="none" pattern="WIN" />
41 <policy domain="coder" rights="none" pattern="PLT" />
42
43 - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
44 - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end'
45 - exec: chown -R discourse /home/discourse
46 # TODO: move to base image (anacron can not be fired up using rc.d)
47 - exec: rm -f /etc/cron.d/anacron
48 - file:
49 path: /etc/cron.d/anacron
50 contents: |
51 SHELL=/bin/sh
52 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
53
54 30 7 * * * root /usr/sbin/anacron -s >/dev/null
55 - file:
56 path: /etc/runit/1.d/copy-env
57 chmod: "+x"
58 contents: |
59 #!/bin/bash
60 env > ~/boot_env
61 conf=/var/www/discourse/config/discourse.conf
62
63 # find DISCOURSE_ env vars, strip the leader, lowercase the key
64 /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf
65 - file:
66 path: /etc/runit/1.d/00-fix-log-permissions
67 chmod: "+x"
68 contents: |
69 #!/bin/bash
70 mkdir -p /var/log/nginx
71 chown -R www-data:www-data /var/log/nginx
72 chown www-data:www-data /var/log/nginx
73 chown -f syslog:adm /var/log/syslog*
74 chown -f syslog:adm /var/log/auth.log*
75 chown -f syslog:adm /var/log/kern.log*
76
77 - file:
78 path: /etc/runit/1.d/enable-brotli
79 chmod: "+x"
80 contents: |
81 #!/bin/bash
82 [ ! -z "$COMPRESS_BROTLI" ] && sed -i "s/. brotli/ brotli/" /etc/nginx/conf.d/discourse.conf || sed -i "s/. brotli/# brotli/" /etc/nginx/conf.d/discourse.conf
83
84 - file:
85 path: /etc/service/unicorn/run
86 chmod: "+x"
87 contents: |
88 #!/bin/bash
89 exec 2>&1
90 # redis
91 # postgres
92 cd $home
93 chown -R discourse:www-data /shared/log/rails
94 LD_PRELOAD=$RUBY_ALLOCATOR HOME=/home/discourse USER=discourse exec chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb
95
96 - file:
97 path: /etc/service/nginx/run
98 chmod: "+x"
99 contents: |
100 #!/bin/sh
101 exec 2>&1
102 exec /usr/sbin/nginx
103
104 - file:
105 path: /etc/runit/3.d/01-nginx
106 chmod: "+x"
107 contents: |
108 #!/bin/bash
109 sv stop nginx
110
111 - file:
112 path: /etc/runit/3.d/02-unicorn
113 chmod: "+x"
114 contents: |
115 #!/bin/bash
116 sv stop unicorn
117
118 - exec:
119 cd: $home
120 hook: code
121 cmd:
122 - git reset --hard
123 - git clean -f
124 - git remote set-branches --add origin master
125 - git pull
126 - git fetch origin $version
127 - git checkout $version
128 - mkdir -p tmp/pids
129 - mkdir -p tmp/sockets
130 - touch tmp/.gitkeep
131 - mkdir -p /shared/log/rails
132 - bash -c "touch -a /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log"
133 - bash -c "ln -s /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log"
134 - bash -c "mkdir -p /shared/{uploads,backups}"
135 - bash -c "ln -s /shared/{uploads,backups} $home/public"
136 - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups
137
138 - exec:
139 cmd:
140 - "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf"
141 - "rm /etc/nginx/sites-enabled/default"
142 - "mkdir -p /var/nginx/cache"
143
144 - replace:
145 filename: /etc/nginx/nginx.conf
146 from: pid /run/nginx.pid;
147 to: daemon off;
148
149 - replace:
150 filename: "/etc/nginx/conf.d/discourse.conf"
151 from: /upstream[^\}]+\}/m
152 to: "upstream discourse {
153 server 127.0.0.1:3000;
154 }"
155
156 - replace:
157 filename: "/etc/nginx/conf.d/discourse.conf"
158 from: /server_name.+$/
159 to: server_name _ ;
160
161 - replace:
162 filename: "/etc/nginx/conf.d/discourse.conf"
163 from: /client_max_body_size.+$/
164 to: client_max_body_size $upload_size ;
165
166 - exec:
167 cmd: echo "done configuring web"
168 hook: web_config
169
170 - exec:
171 cd: $home
172 hook: web
173 cmd:
174 # ensure we are on latest bundler
175 - gem update bundler
176 - chown -R discourse $home
177
178 - exec:
179 cd: $home
180 hook: bundle_exec
181 cmd:
182 - su discourse -c 'bundle install --deployment --verbose --without test --without development'
183 - su discourse -c 'bundle exec rake db:migrate'
184 - su discourse -c 'bundle exec rake assets:precompile'
185
186 - file:
187 path: /usr/local/bin/discourse
188 chmod: +x
189 contents: |
190 #!/bin/bash
191 (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@")
192
193 - file:
194 path: /usr/local/bin/rails
195 chmod: +x
196 contents: |
197 #!/bin/bash
198 # If they requested a console, load pry instead
199 if [ "$*" == "c" -o "$*" == "console" ]
200 then
201 (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment)
202 else
203 (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@")
204 fi
205
206 - file:
207 path: /usr/local/bin/rake
208 chmod: +x
209 contents: |
210 #!/bin/bash
211 (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@")
212
213 - file:
214 path: /etc/update-motd.d/10-web
215 chmod: +x
216 contents: |
217 #!/bin/bash
218 echo
219 echo Use: rails, rake or discourse to execute commands in production
220 echo
221
222 - file:
223 path: /etc/logrotate.d/rails
224 contents: |
225 /shared/log/rails/*.log
226 {
227 rotate 14
228 dateext
229 daily
230 missingok
231 notifempty
232 delaycompress
233 compress
234 postrotate
235 sv 1 unicorn
236 endscript
237 }
238
239 - file:
240 path: /etc/logrotate.d/nginx
241 contents: |
242 /var/log/nginx/*.log {
243 daily
244 missingok
245 rotate 14
246 compress
247 delaycompress
248 notifempty
249 create 0640 www-data www-data
250 sharedscripts
251 postrotate
252 sv 1 nginx
253 endscript
254 }
255
256 # move state out of the container this fancy is done to support rapid rebuilds of containers,
257 # we store anacron and logrotate state outside the container to ensure its maintained across builds
258 # later move this snipped into an intialization script
259 # we also ensure all the symlinks we need to /shared are in place in the correct structure
260 # this allows us to bootstrap on one machine and then run on another
261 - file:
262 path: /etc/runit/1.d/00-ensure-links
263 chmod: +x
264 contents: |
265 #!/bin/bash
266 if [[ ! -L /var/lib/logrotate ]]; then
267 rm -fr /var/lib/logrotate
268 mkdir -p /shared/state/logrotate
269 ln -s /shared/state/logrotate /var/lib/logrotate
270 fi
271 if [[ ! -L /var/spool/anacron ]]; then
272 rm -fr /var/spool/anacron
273 mkdir -p /shared/state/anacron-spool
274 ln -s /shared/state/anacron-spool /var/spool/anacron
275 fi
276 if [[ ! -d /shared/log/rails ]]; then
277 mkdir -p /shared/log/rails
278 chown -R discourse:www-data /shared/log/rails
279 fi
280 if [[ ! -d /shared/uploads ]]; then
281 mkdir -p /shared/uploads
282 chown -R discourse:www-data /shared/uploads
283 fi
284 if [[ ! -d /shared/backups ]]; then
285 mkdir -p /shared/backups
286 chown -R discourse:www-data /shared/backups
287 fi
288
289 # change login directory to Discourse home
290 - file:
291 path: /root/.bash_profile
292 chmod: 644
293 contents: |
294 cd $home