RAILS_ENV: 'production'
UNICORN_WORKERS: 3
UNICORN_SIDEKIQS: 1
- # slightly less aggressive than "recommendation" but works fine with oobgc
- RUBY_GC_MALLOC_LIMIT: 40000000
- # this ensures we have enough heap space to handle a big pile of small reqs
- RUBY_HEAP_MIN_SLOTS: 800000
+ # this gives us very good cache coverage, 96 -> 99
+ # in practice it is 1-2% perf improvement
+ RUBY_GLOBAL_METHOD_CACHE_SIZE: 131072
DISCOURSE_DB_SOCKET: /var/run/postgresql
DISCOURSE_DB_HOST:
version: tests-passed
home: /var/www/discourse
- upload_size: 3m
+ upload_size: 10m
run:
+ # see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
+ - replace:
+ filename: /usr/local/etc/ImageMagick-6/policy.xml
+ from: "<policymap>"
+ to: |
+ <policymap>
+ <policy domain="coder" rights="none" pattern="EPHEMERAL" />
+ <policy domain="coder" rights="none" pattern="URL" />
+ <policy domain="coder" rights="none" pattern="HTTPS" />
+ <policy domain="coder" rights="none" pattern="MVG" />
+ <policy domain="coder" rights="none" pattern="MSL" />
+ <policy domain="coder" rights="none" pattern="TEXT" />
+ <policy domain="coder" rights="none" pattern="SHOW" />
+ <policy domain="coder" rights="none" pattern="WIN" />
+ <policy domain="coder" rights="none" pattern="PLT" />
+
- exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
+ - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end'
+ - exec: chown -R discourse /home/discourse
+ # TODO: move to base image (anacron can not be fired up using rc.d)
+ - exec: rm -f /etc/cron.d/anacron
+ - file:
+ path: /etc/cron.d/anacron
+ contents: |
+ SHELL=/bin/sh
+ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+ 30 7 * * * root /usr/sbin/anacron -s >/dev/null
- file:
path: /etc/runit/1.d/copy-env
chmod: "+x"
# find DISCOURSE_ env vars, strip the leader, lowercase the key
/usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf
+ - file:
+ path: /etc/runit/1.d/00-fix-log-permissions
+ chmod: "+x"
+ contents: |
+ #!/bin/bash
+ mkdir -p /var/log/nginx
+ chown -R www-data:www-data /var/log/nginx
+ chown www-data:www-data /var/log/nginx
+ chown -f syslog:adm /var/log/syslog*
+ chown -f syslog:adm /var/log/auth.log*
+ chown -f syslog:adm /var/log/kern.log*
+
+ - file:
+ path: /etc/runit/1.d/enable-brotli
+ chmod: "+x"
+ contents: |
+ #!/bin/bash
+ [ ! -z "$COMPRESS_BROTLI" ] && sed -i "s/. brotli/ brotli/" /etc/nginx/conf.d/discourse.conf || sed -i "s/. brotli/# brotli/" /etc/nginx/conf.d/discourse.conf
- file:
path: /etc/service/unicorn/run
contents: |
#!/bin/sh
exec 2>&1
- mkdir -p /var/log/nginx
exec /usr/sbin/nginx
+ - file:
+ path: /etc/runit/3.d/01-nginx
+ chmod: "+x"
+ contents: |
+ #!/bin/bash
+ sv stop nginx
+
+ - file:
+ path: /etc/runit/3.d/02-unicorn
+ chmod: "+x"
+ contents: |
+ #!/bin/bash
+ sv stop unicorn
+
- exec:
cd: $home
hook: code
# ensure we are on latest bundler
- gem update bundler
- chown -R discourse $home
+
+ - exec:
+ cd: $home
+ hook: bundle_exec
+ cmd:
- su discourse -c 'bundle install --deployment --verbose --without test --without development'
- su discourse -c 'bundle exec rake db:migrate'
- su discourse -c 'bundle exec rake assets:precompile'
contents: |
#!/bin/bash
# If they requested a console, load pry instead
- if [ "$@" == "c" -o "$@" == "console" ]
+ if [ "$*" == "c" -o "$*" == "console" ]
then
(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment)
else
endscript
}
- - replace:
- filename: "/etc/logrotate.d/nginx"
- from: "weekly"
- to: "daily"
-
- - replace:
- filename: "/etc/logrotate.d/nginx"
- from: "52"
- to: "14"
+ - file:
+ path: /etc/logrotate.d/nginx
+ contents: |
+ /var/log/nginx/*.log {
+ daily
+ missingok
+ rotate 14
+ compress
+ delaycompress
+ notifempty
+ create 0640 www-data www-data
+ sharedscripts
+ postrotate
+ sv 1 nginx
+ endscript
+ }
# move state out of the container this fancy is done to support rapid rebuilds of containers,
# we store anacron and logrotate state outside the container to ensure its maintained across builds
mkdir -p /shared/backups
chown -R discourse:www-data /shared/backups
fi
+
+ # change login directory to Discourse home
+ - file:
+ path: /root/.bash_profile
+ chmod: 644
+ contents: |
+ cd $home