# this gives us very good cache coverage, 96 -> 99
# in practice it is 1-2% perf improvement
RUBY_GLOBAL_METHOD_CACHE_SIZE: 131072
+ # stop heap doubling in size so aggressively, this conserves memory
+ RUBY_GC_HEAP_GROWTH_MAX_SLOTS: 40000
+ RUBY_GC_HEAP_INIT_SLOTS: 400000
+ RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR: 1.5
DISCOURSE_DB_SOCKET: /var/run/postgresql
DISCOURSE_DB_HOST:
upload_size: 10m
run:
- # see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
- - replace:
- filename: /usr/local/etc/ImageMagick-6/policy.xml
- from: "<policymap>"
- to: |
- <policymap>
- <policy domain="coder" rights="none" pattern="EPHEMERAL" />
- <policy domain="coder" rights="none" pattern="URL" />
- <policy domain="coder" rights="none" pattern="HTTPS" />
- <policy domain="coder" rights="none" pattern="MVG" />
- <policy domain="coder" rights="none" pattern="MSL" />
- <policy domain="coder" rights="none" pattern="TEXT" />
- <policy domain="coder" rights="none" pattern="SHOW" />
- <policy domain="coder" rights="none" pattern="WIN" />
- <policy domain="coder" rights="none" pattern="PLT" />
-
+ - exec: thpoff echo "thpoff is installed!"
- exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
- exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end'
- exec: chown -R discourse /home/discourse
+ # TODO: move to base image (anacron can not be fired up using rc.d)
+ - exec: rm -f /etc/cron.d/anacron
+ - file:
+ path: /etc/cron.d/anacron
+ contents: |
+ SHELL=/bin/sh
+ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+ 30 7 * * * root /usr/sbin/anacron -s >/dev/null
- file:
path: /etc/runit/1.d/copy-env
chmod: "+x"
conf=/var/www/discourse/config/discourse.conf
# find DISCOURSE_ env vars, strip the leader, lowercase the key
- /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf
- - file:
- path: /etc/runit/1.d/fix-log-permissions
- chmod: "+x"
- contents: |
- #!/bin/bash
- # TODO this should be moved into the base image
- chown -fR www-data:adm /var/log/nginx
- chown -f syslog:adm /var/log/syslog*
- chown -f syslog:adm /var/log/auth.log*
- chown -f syslog:adm /var/log/kern.log*
+ /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = '\''#{v}'\''" if k =~ /^DISCOURSE_(.*)/}' > $conf
- file:
path: /etc/runit/1.d/enable-brotli
#!/bin/bash
[ ! -z "$COMPRESS_BROTLI" ] && sed -i "s/. brotli/ brotli/" /etc/nginx/conf.d/discourse.conf || sed -i "s/. brotli/# brotli/" /etc/nginx/conf.d/discourse.conf
- - file:
- path: /etc/runit/1.d/ensure-web-nginx-read
- chmod: "+x"
- contents: |
- #!/bin/bash
- mkdir -p /var/log/nginx
- chgrp -R www-data /var/log/nginx
- chgrp www-data /var/log/nginx
-
- file:
path: /etc/service/unicorn/run
chmod: "+x"
# postgres
cd $home
chown -R discourse:www-data /shared/log/rails
- LD_PRELOAD=/usr/lib/libjemalloc.so.1 HOME=/home/discourse USER=discourse exec chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb
+ LD_PRELOAD=$RUBY_ALLOCATOR HOME=/home/discourse USER=discourse exec thpoff chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb
- file:
path: /etc/service/nginx/run
cmd:
# ensure we are on latest bundler
- gem update bundler
- - chown -R discourse $home
+ - find $home ! -user discourse -exec chown discourse {} \+
- exec:
cd: $home
hook: bundle_exec
cmd:
- - su discourse -c 'bundle install --deployment --verbose --without test --without development'
+ - su discourse -c 'bundle install --deployment --verbose --without test --without development --retry 3 --jobs 4'
- su discourse -c 'bundle exec rake db:migrate'
- su discourse -c 'bundle exec rake assets:precompile'
#!/bin/bash
(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@")
+ - file:
+ path: /usr/local/bin/rbtrace
+ chmod: +x
+ contents: |
+ #!/bin/bash
+ (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec rbtrace "$@")
+
+ - file:
+ path: /usr/local/bin/stackprof
+ chmod: +x
+ contents: |
+ #!/bin/bash
+ (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec stackprof "$@")
+
- file:
path: /etc/update-motd.d/10-web
chmod: +x
contents: |
/shared/log/rails/*.log
{
- rotate 14
+ rotate 7
dateext
daily
missingok
- notifempty
delaycompress
compress
postrotate
/var/log/nginx/*.log {
daily
missingok
- rotate 14
+ rotate 7
compress
delaycompress
- notifempty
- create 0640 www-data www-data
+ create 0644 www-data www-data
sharedscripts
postrotate
sv 1 nginx