#!/usr/bin/env bash ## ## Make sure only root can run our script ## check_root() { if [[ $EUID -ne 0 ]]; then echo "This script must be run as root. Please sudo or log in as root first." 1>&2 exit 1 fi } ## ## Check whether a connection to HOSTNAME ($1) on PORT ($2) is possible ## connect_to_port () { HOST="$1" PORT="$2" VERIFY=`date +%s | sha256sum | base64 | head -c 20` echo -e "HTTP/1.1 200 OK\n\n $VERIFY" | nc -w 4 -l -p $PORT >/dev/null 2>&1 & if curl --proto =http -s $HOST:$PORT --connect-timeout 3 | grep $VERIFY >/dev/null 2>&1 then return 0 else curl --proto =http -s localhost:$PORT >/dev/null 2>&1 return 1 fi } check_IP_match () { HOST="$1" echo echo Checking your domain name . . . if connect_to_port $HOST 443 then echo echo "Connection to $HOST succeeded." else echo WARNING:: This server does not appear to be accessible at $HOST:443. echo if connect_to_port $HOST 80 then echo A connection to port 80 succeeds, however. echo This suggests that your DNS settings are correct, echo but something is keeping traffic to port 443 from getting to your server. echo Check your networking configuration to see that connections to port 443 are allowed. else echo "A connection to http://$HOST (port 80) also fails." echo echo This suggests that $HOST resolves to the wrong IP address echo or that traffic is not being routed to your server. fi echo echo Google: \"open ports YOUR CLOUD SERVICE\" for information for resolving this problem. echo echo You should probably answer \"n\" at the next prompt and disable Let\'s Encrypt. echo echo This test might not work for all situations, echo so if you can access Discourse at http://$HOST, you might try anyway. sleep 3 fi } ## ## Do we have docker? ## check_and_install_docker () { docker_path=`which docker.io || which docker` if [ -z $docker_path ]; then read -p "Docker not installed. Enter to install from https://get.docker.com/ or Ctrl+C to exit" curl https://get.docker.com/ | sh fi docker_path=`which docker.io || which docker` if [ -z $docker_path ]; then echo Docker install failed. Quitting. exit fi } ## ## What are we running on ## check_OS() { echo `uname -s` } ## ## OS X available memory ## check_osx_memory() { echo `top -l 1 | awk '/PhysMem:/ {print $2}' | sed s/G//` } ## ## Linux available memory ## check_linux_memory() { echo `free -g --si | awk ' /Mem:/ {print $2} '` } ## ## Do we have enough memory and disk space for Discourse? ## check_disk_and_memory() { os_type=$(check_OS) avail_mem=0 if [ "$os_type" == "Darwin" ]; then avail_mem=$(check_osx_memory) else avail_mem=$(check_linux_memory) fi if [ "$avail_mem" -lt 1 ]; then echo "WARNING: Discourse requires 1GB RAM to run. This system does not appear" echo "to have sufficient memory." echo echo "Your site may not work properly, or future upgrades of Discourse may not" echo "complete successfully." exit 1 fi if [ "$avail_mem" -le 2 ]; then total_swap=`free -g --si | awk ' /Swap:/ {print $2} '` if [ "$total_swap" -lt 2 ]; then echo "WARNING: Discourse requires at least 2GB of swap when running with 2GB of RAM" echo "or less. This system does not appear to have sufficient swap space." echo echo "Without sufficient swap space, your site may not work properly, and future" echo "upgrades of Discourse may not complete successfully." echo echo "Ctrl+C to exit or wait 5 seconds to have a 2GB swapfile created." sleep 5 ## ## derived from https://meta.discourse.org/t/13880 ## install -o root -g root -m 0600 /dev/null /swapfile dd if=/dev/zero of=/swapfile bs=1k count=2048k mkswap /swapfile swapon /swapfile echo "/swapfile swap swap auto 0 0" | tee -a /etc/fstab sysctl -w vm.swappiness=10 echo vm.swappiness = 10 | tee -a /etc/sysctl.conf total_swap=`free -g --si | awk ' /Swap:/ {print $2} '` if [ "$total_swap" -lt 2 ]; then echo "Failed to create swap, sorry!" exit 1 fi fi fi free_disk="$(df /var | tail -n 1 | awk '{print $4}')" if [ "$free_disk" -lt 5000 ]; then echo "WARNING: Discourse requires at least 5GB free disk space. This system" echo "does not appear to have sufficient disk space." echo echo "Insufficient disk space may result in problems running your site, and" echo "may not even allow Discourse installation to complete successfully." echo echo "Please free up some space, or expand your disk, before continuing." echo echo "Run \`apt-get autoremove && apt-get autoclean\` to clean up unused" echo "packages and \`./launcher cleanup\` to remove stale Docker containers." exit 1 fi } ## ## If we have lots of RAM or lots of CPUs, bump up the defaults to scale better ## scale_ram_and_cpu() { local changelog=/tmp/changelog.$PPID # grab info about total system ram and physical (NOT LOGICAL!) CPU cores avail_gb=0 avail_cores=0 os_type=$(check_OS) if [ "$os_type" == "Darwin" ]; then avail_gb=$(check_osx_memory) avail_cores=`sysctl hw.ncpu | awk '/hw.ncpu:/ {print $2}'` else avail_gb=$(check_linux_memory) avail_cores=$((`awk '/cpu cores/ {print $4;exit}' /proc/cpuinfo`*`sort /proc/cpuinfo | uniq | grep -c "physical id"`)) fi echo "Found ${avail_gb}GB of memory and $avail_cores physical CPU cores" # db_shared_buffers: 128MB for 1GB, 256MB for 2GB, or 256MB * GB, max 4096MB if [ "$avail_gb" -eq "1" ] then db_shared_buffers=128 else if [ "$avail_gb" -eq "2" ] then db_shared_buffers=256 else db_shared_buffers=$(( 256 * $avail_gb )) fi fi db_shared_buffers=$(( db_shared_buffers < 4096 ? db_shared_buffers : 4096 )) sed -i -e "s/^ #\?db_shared_buffers:.*/ db_shared_buffers: \"${db_shared_buffers}MB\"/w $changelog" $config_file if [ -s $changelog ] then echo "setting db_shared_buffers = ${db_shared_buffers}MB" rm $changelog fi # UNICORN_WORKERS: 2 * GB for 2GB or less, or 2 * CPU, max 8 if [ "$avail_gb" -le "2" ] then unicorn_workers=$(( 2 * $avail_gb )) else unicorn_workers=$(( 2 * $avail_cores )) fi unicorn_workers=$(( unicorn_workers < 8 ? unicorn_workers : 8 )) sed -i -e "s/^ #\?UNICORN_WORKERS:.*/ UNICORN_WORKERS: ${unicorn_workers}/w $changelog" $config_file if [ -s $changelog ] then echo "setting UNICORN_WORKERS = ${unicorn_workers}" rm $changelog fi echo $config_file memory parameters updated. } ## ## standard http / https ports must not be occupied ## check_ports() { check_port "80" check_port "443" echo "Ports 80 and 443 are free for use" } ## ## check a port to see if it is already in use ## check_port() { local valid=$(netstat -tln | awk '{print $4}' | grep ":${1}\$") if [ -n "$valid" ]; then echo "Port ${1} appears to already be in use." echo echo "If you are trying to run Discourse simultaneously with another web" echo "server like Apache or nginx, you will need to bind to a different port" echo echo "See https://meta.discourse.org/t/17247" echo echo "If you are reconfiguring an already-configured Discourse, use " echo echo "./launcher stop app" echo echo "to stop Discourse before you reconfigure it and try again." exit 1 fi } ## ## read a variable from the config file ## read_config() { config_line=`egrep "^ #?$1:" $config_file` read_config_result=`echo $config_line | awk '{print $2}'` read_config_result=`echo $read_config_result | sed "s/^\([\"']\)\(.*\)\1\$/\2/g"` } ## ## prompt user for typical Discourse config file values ## ask_user_for_config() { # NOTE: Defaults now come from standalone.yml local changelog=/tmp/changelog.$PPID read_config "DISCOURSE_SMTP_ADDRESS" local smtp_address=$read_config_result # NOTE: if there are spaces between emails, this breaks, but a human should be paying attention read_config "DISCOURSE_DEVELOPER_EMAILS" local developer_emails=$read_config_result read_config "DISCOURSE_SMTP_PASSWORD" local smtp_password=$read_config_result read_config "DISCOURSE_SMTP_PORT" local smtp_port=$read_config_result read_config "DISCOURSE_SMTP_USER_NAME" local smtp_user_name=$read_config_result if [ "$smtp_password" = "pa$$word" ] then smtp_password = "" fi read_config "LETSENCRYPT_ACCOUNT_EMAIL" local letsencrypt_account_email=$read_config_result if [ -z $letsencrypt_account_email ] then letsencrypt_account_email="me@example.com" fi if [ "$letsencrypt_account_email" = "me@example.com" ] then local letsencrypt_status="ENTER to skip" else local letsencrypt_status="Enter 'OFF' to disable." fi read_config "DISCOURSE_HOSTNAME" hostname=$read_config_result local new_value="" local config_ok="n" local update_ok="y" echo "" while [[ "$config_ok" == "n" ]] do if [ ! -z $hostname ] then read -p "Hostname for your Discourse? [$hostname]: " new_value if [ ! -z $new_value ] then hostname=$new_value fi fi if [ ! -z $developer_emails ] then read -p "Email address for admin account(s)? [$developer_emails]: " new_value if [ ! -z $new_value ] then developer_emails=$new_value fi fi if [ ! -z $smtp_address ] then read -p "SMTP server address? [$smtp_address]: " new_value if [ ! -z $new_value ] then smtp_address=$new_value fi fi if [ ! -z $smtp_port ] then read -p "SMTP port? [$smtp_port]: " new_value if [ ! -z $new_value ] then smtp_port=$new_value fi fi ## ## automatically set correct user name based on common mail providers ## if [ "$smtp_address" == "smtp.sparkpostmail.com" ] then smtp_user_name="SMTP_Injection" fi if [ "$smtp_address" == "smtp.sendgrid.net" ] then smtp_user_name="apikey" fi if [ "$smtp_address" == "smtp.mailgun.org" ] then smtp_user_name="postmaster@$hostname" fi if [ ! -z $smtp_user_name ] then read -p "SMTP user name? [$smtp_user_name]: " new_value if [ ! -z $new_value ] then smtp_user_name=$new_value fi fi read -p "SMTP password? [$smtp_password]: " new_value if [ ! -z $new_value ] then smtp_password=$new_value fi if [ ! -z $letsencrypt_account_email ] then read -p "Let's Encrypt account email? ($letsencrypt_status) [$letsencrypt_account_email]: " new_value if [ ! -z $new_value ] then letsencrypt_account_email=$new_value if [ "${new_value,,}" = "off" ] then letsencrypt_status="ENTER to skip" else letsencrypt_status="Enter 'OFF' to disable." fi fi fi if [ "$letsencrypt_status" == "Enter 'OFF' to disable." ] then check_IP_match $hostname fi echo -e "\nDoes this look right?\n" echo "Hostname : $hostname" echo "Email : $developer_emails" echo "SMTP address : $smtp_address" echo "SMTP port : $smtp_port" echo "SMTP username : $smtp_user_name" echo "SMTP password : $smtp_password" if [ "$letsencrypt_status" == "Enter 'OFF' to disable." ] then echo "Let's Encrypt : $letsencrypt_account_email" fi echo "" read -p "ENTER to continue, 'n' to try again, Ctrl+C to exit: " config_ok done sed -i -e "s/^ DISCOURSE_HOSTNAME:.*/ DISCOURSE_HOSTNAME: $hostname/w $changelog" $config_file if [ -s $changelog ] then rm $changelog else echo "DISCOURSE_HOSTNAME change failed." update_ok="n" fi sed -i -e "s/^ DISCOURSE_DEVELOPER_EMAILS:.*/ DISCOURSE_DEVELOPER_EMAILS: \'$developer_emails\'/w $changelog" $config_file if [ -s $changelog ] then rm $changelog else echo "DISCOURSE_DEVELOPER_EMAILS change failed." update_ok="n" fi sed -i -e "s/^ DISCOURSE_SMTP_ADDRESS:.*/ DISCOURSE_SMTP_ADDRESS: $smtp_address/w $changelog" $config_file if [ -s $changelog ] then rm $changelog else echo "DISCOURSE_SMTP_ADDRESS change failed." update_ok="n" fi sed -i -e "s/^ #\?DISCOURSE_SMTP_PORT:.*/ DISCOURSE_SMTP_PORT: $smtp_port/w $changelog" $config_file if [ -s $changelog ] then rm $changelog else echo "DISCOURSE_SMTP_PORT change failed." update_ok="n" fi sed -i -e "s/^ #\?DISCOURSE_SMTP_USER_NAME:.*/ DISCOURSE_SMTP_USER_NAME: $smtp_user_name/w $changelog" $config_file if [ -s $changelog ] then rm $changelog else echo "DISCOURSE_SMTP_USER_NAME change failed." update_ok="n" fi sed -i -e "s/^ #\?DISCOURSE_SMTP_PASSWORD:.*/ DISCOURSE_SMTP_PASSWORD: \"${smtp_password/\//\\/}\"/w $changelog" $config_file if [ -s $changelog ] then rm $changelog else echo "DISCOURSE_SMTP_PASSWORD change failed." update_ok="n" fi if [ "$letsencrypt_status" = "ENTER to skip" ] then local src='^ #\?- "templates\/web.ssl.template.yml"' local dst=' #\- "templates\/web.ssl.template.yml"' sed -i -e "s/$src/$dst/w $changelog" $config_file if [ ! -s $changelog ] then update_ok="n" echo "web.ssl.template.yml NOT DISABLED--Are you using a non-standard template?" fi local src='^ #\?- "templates\/web.letsencrypt.ssl.template.yml"' local dst=' #- "templates\/web.letsencrypt.ssl.template.yml"' sed -i -e "s/$src/$dst/w $changelog" $config_file if [ ! -s $changelog ] then update_ok="n" echo "web.ssl.template.yml NOT DISABLED--Are you using a non-standard template?" fi else # enable let's encrypt echo "Let's Encrypt will be enabled for $letsencrypt_account_email" sed -i -e "s/^ #\?LETSENCRYPT_ACCOUNT_EMAIL:.*/ LETSENCRYPT_ACCOUNT_EMAIL: $letsencrypt_account_email/w $changelog" $config_file if [ -s $changelog ] then rm $changelog else echo "LETSENCRYPT_ACCOUNT_EMAIL change failed." update_ok="n" fi local src='^ #\?- "templates\/web.ssl.template.yml"' local dst=' \- "templates\/web.ssl.template.yml"' sed -i -e "s/$src/$dst/w $changelog" $config_file if [ -s $changelog ] then echo "web.ssl.template.yml enabled" else update_ok="n" echo "web.ssl.template.yml NOT ENABLED--was it on already?" fi local src='^ #\?- "templates\/web.letsencrypt.ssl.template.yml"' local dst=' - "templates\/web.letsencrypt.ssl.template.yml"' sed -i -e "s/$src/$dst/w $changelog" $config_file if [ -s $changelog ] then echo "letsencrypt.ssl.template.yml enabled" else update_ok="n" echo "letsencrypt.ssl.template.yml NOT ENABLED -- was it on already?" fi fi if [ "$update_ok" == "y" ] then echo -e "\nConfiguration file at $config_file updated successfully!\n" else echo -e "\nUnfortunately, there was an error changing $config_file\n" echo -d "This may happen if you have made unexpected changes." exit 1 fi } ## ## is our config file valid? Does it have the required fields set? ## validate_config() { valid_config="y" for x in DISCOURSE_SMTP_ADDRESS DISCOURSE_SMTP_USER_NAME DISCOURSE_SMTP_PASSWORD \ DISCOURSE_DEVELOPER_EMAILS DISCOURSE_HOSTNAME do config_line=`grep "^ $x:" $config_file` local result=$? local default="example.com" if (( result == 0 )) then if [[ "$config_line" = *"$default"* ]] then echo "$x left at incorrect default of example.com" valid_config="n" fi config_val=`echo $config_line | awk '{print $2}'` if [ -z $config_val ] then echo "$x was left blank" valid_config="n" fi else echo "$x not present" valid_config="n" fi done if [ "$valid_config" != "y" ]; then echo -e "\nSorry, these $config_file settings aren't valid -- can't continue!" echo "If you have unusual requirements, edit $config_file and then: " echo "./launcher bootstrap $app_name" exit 1 fi } ## ## template file names ## app_name=app template_path=samples/standalone.yml config_file=containers/$app_name.yml changelog=/tmp/changelog ## ## Check requirements before creating a copy of a config file we won't edit ## check_root check_and_install_docker check_disk_and_memory ## ## make a copy of the simple standalone config file ## if [ -a $config_file ] then echo "The configuration file $config_file already exists." echo echo ". . . reconfiguring . . ." echo echo DATE=`date +"%Y-%m-%d-%H%M%S"` BACKUP=$app_name.yml.$DATE.bak echo Saving old file as $BACKUP cp $config_file containers/$BACKUP echo "Stopping existing container in 5 seconds or Control-C to cancel." sleep 5 ./launcher stop app echo else check_ports # don't need to check ports if Discourse was already installed cp $template_path $config_file fi scale_ram_and_cpu ask_user_for_config validate_config ## ## if we reach this point without exiting, OK to proceed ## rebuild won't fail if there's nothing to rebuild and does the restart ## echo "Updates successful. Rebuilding in 5 seconds." sleep 5 # Just a chance to ^C in case they were too fast on the draw time ./launcher rebuild $app_name