MAINTAINER Sam Saffron "https://twitter.com/samsaffron"
RUN echo "debconf debconf/frontend select Teletype" | debconf-set-selections &&\
- apt-get -y install fping &&\
- sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://proxy:3128\";}; };' > /etc/apt/apt.conf.d/40proxy || true" &&\
- apt-get -y update &&\
+ echo "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) main restricted universe" > /etc/apt/sources.list &&\
+ echo "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc)-updates main restricted universe" >> /etc/apt/sources.list &&\
+ echo "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc)-security main restricted universe" >> /etc/apt/sources.list &&\
+ apt-get update && apt-get -y install fping &&\
+ sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://proxy:3128\";}; };' > /etc/apt/apt.conf.d/40proxy && apt-get update || true" &&\
apt-get -y install software-properties-common &&\
- add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) main universe" &&\
- add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc)-updates main universe" &&\
- apt-get -y update &&\
apt-mark hold initscripts &&\
apt-get -y upgrade &&\
add-apt-repository -y ppa:rwky/redis &&\
add-apt-repository -y ppa:nginx/stable &&\
apt-get install -y curl && curl http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add - &&\
echo "deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main" | \
- tee /etc/apt/sources.list.d/postgres.list &&\
+ tee /etc/apt/sources.list.d/postgres.list &&\
apt-get -y update &&\
apt-get -y install build-essential git curl wget \
libxslt-dev libcurl4-openssl-dev \
postgresql-contrib-9.3 libpq-dev libreadline-dev \
nginx language-pack-en sudo cron \
psmisc rsyslog vim &&\
+ sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf &&\
dpkg-divert --local --rename --add /sbin/initctl &&\
sh -c "test -f /sbin/initctl || ln -s /bin/true /sbin/initctl" &&\
apt-get -y install redis-server haproxy openssh-server &&\
ADD cron /etc/service/cron/run
ADD rsyslog /etc/service/rsyslog/run
-
-RUN sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf
#!/bin/bash
exec 2>&1
cd /
-exec rsyslogd -f
+chgrp syslog /var/log
+chmod g+w /var/log
+exec rsyslogd -n
mkdir /var/www && cd /var/www &&\
git clone https://github.com/discourse/discourse.git &&\
cd discourse &&\
- git remote set-branches --add origin tests-passed &&\
- cd .. &&\
- chown -R discourse:discourse /var/www/discourse &&\
+ git remote set-branches --add origin tests-passed &&\
+ chown -R discourse:discourse /var/www/discourse &&\
cd /var/www/discourse &&\
sudo -u discourse RAILS4=1 bundle install --deployment \
--without test --without development &&\
- cd /var/www/discourse/vendor/bundle &&\
- find . -name tmp -type d | xargs rm -rf
+ find /var/www/discourse/vendor/bundle -name tmp -type d -exec rm -rf {} +
# For a smaller but less flexible image:
-# A container for all things Data, be sure to set a secret password for discourse account, SOME_SECRET is just an example
+# A container for all things Data, be sure to set a secret password for
+# discourse account, SOME_SECRET is just an example
#
+
templates:
- "templates/postgres.template.yml"
- "templates/redis.template.yml"
- "6379:6379"
- "2221:22"
+params:
+ db_default_text_search_config: "pg_catalog.english"
+ ## Set db_shared_buffers to 1/3 of the memory you wish to allocate to postgres
+ ## on 1GB install set to 128MB on a 4GB instance you may raise to 1GB
+ #db_shared_buffers: "256MB"
+
env:
# ensure locale exists in container, you may need to install it
LANG: en_US.UTF-8
-params:
- db_default_text_search_config: "pb_catelog.english"
- ## Set db_shared_buffers to 1/3 of the memory you wish to allocate to postgres
- ## on 1GB install set to 128MB on a 4GB instance you may raise to 1GB
- # db_shared_buffers: "256MB"
-
-# amend SOME_SECRET to a password for the discourse user
-hooks:
- after_postgres:
- - exec:
- stdin: |
- alter user discourse with password 'SOME_SECRET';
- cmd: sudo -u postgres psql discourse
- raise_on_fail: false
-# be sure to set the host location somewhere sane
volumes:
- volume:
host: /var/discourse/shared/data
- volume:
host: /var/discourse/shared/data/log/var-log
guest: /var/log
+
+# TODO: SOME_SECRET to a password for the discourse user
+hooks:
+ after_postgres:
+ - exec:
+ stdin: |
+ alter user discourse with password 'SOME_SECRET';
+ cmd: su - postgres -c 'psql discourse'
+
+ raise_on_fail: false
## After making changes to this file, you MUST rebuild for any changes
## to take effect in your live Discourse instance:
##
-## ./var/docker/launcher rebuild app
+## /var/docker/launcher rebuild app
##
## this is the all-in-one, standalone Discourse Docker container template
- "2222:22" # fwd host port 2222 to container port 22 (ssh)
params:
- db_default_text_search_config: "pb_catelog.english"
- ## Set db_shared_buffers to 1/3 of the memory you wish to allocate to postgres
- ## on 1GB install set to 128MB on a 4GB instance you may raise to 1GB
+ db_default_text_search_config: "pg_catalog.english"
+ ## Set db_shared_buffers to 1/3 of the memory you wish to allocate to postgres
+ ## on 1GB install set to 128MB on a 4GB instance you may raise to 1GB
#db_shared_buffers: "256MB"
#
## Which Git revision should this container use? (default: tests-passed)
env:
LANG: en_US.UTF-8
- ## How many concurrent web requests are supported?
+ ## TODO: How many concurrent web requests are supported?
## With 2GB we recommend 3-4 workers, with 1GB only 2
#UNICORN_WORKERS: 3
##
- ## List of comma delimited emails that will be made admin and developer
+ ## TODO: List of comma delimited emails that will be made admin and developer
## on initial signup example 'user1@example.com, user2@example.com'
DISCOURSE_DEVELOPER_EMAILS: 'me@example.com'
##
- ## The domain name this Discourse instance will respond to
+ ## TODO: The domain name this Discourse instance will respond to
DISCOURSE_HOSTNAME: 'discourse.example.com'
##
- ## The mailserver this Discourse instance will use
+ ## TODO: The mailserver this Discourse instance will use
DISCOURSE_SMTP_ADDRESS: smtp.example.com # (mandatory)
#DISCOURSE_SMTP_PORT: 587 # (optional)
#DISCOURSE_SMTP_USER_NAME: user@example.com # (optional)
- volume:
host: /var/discourse/shared/standalone
guest: /shared
-volumes:
- volume:
host: /var/discourse/shared/standalone/log/var-log
guest: /var/log
# IMPORTANT: SET A SECRET PASSWORD in Postgres for the Discourse User
-# SOME_SECRET in this template
+# TODO: change SOME_SECRET in this template
templates:
- "templates/sshd.template.yml"
- "80:80"
- "2222:22"
-# tests-passed is default
params:
-# version: tests-passed
+ ## Which Git revision should this container use? (default: tests-passed)
+ #version: tests-passed
-# developer emails allow you to fast track account creation on the site
env:
- # add emails here
LANG: en_US.UTF-8
+ ## TODO: How many concurrent web requests are supported?
+ ## With 2GB we recommend 3-4 workers, with 1GB only 2
+ #UNICORN_WORKERS: 3
- DISCOURSE_DEVELOPER_EMAILS: ''
+ ## TODO: configure connectivity to the databases
DISCOURSE_DB_SOCKET: ''
+ #DISCOURSE_DB_USER: discourse
DISCOURSE_DB_PASSWORD: SOME_SECRET
- DISCOURSE_DB_HOST: YOUR_IP_ADDRESS
- DISCOURSE_HOSTNAME: 'www.example.com'
- DISCOURSE_REDIS_HOST: YOUR_IP_ADDRESS
- # don't forget to set mail
- # DISCOURSE_SMTP_ADDRESS: smtp.mandrillapp.com
- # DISCOURSE_SMTP_PORT: 587
- # DISCOURSE_SMTP_USER_NAME: user@example.com
- # DISCOURSE_SMTP_PASSWORD: p@ssword
+ DISCOURSE_DB_HOST: DB_IP_ADDRESS
+ DISCOURSE_REDIS_HOST: REDIS_IP_ADDRESS
+ ##
+ ## TODO: List of comma delimited emails that will be made admin and developer
+ ## on initial signup example 'user1@example.com, user2@example.com'
+ DISCOURSE_DEVELOPER_EMAILS: 'me@example.com'
+ ##
+ ## TODO: The domain name this Discourse instance will respond to
+ DISCOURSE_HOSTNAME: 'discourse.example.com'
+ ##
+ ## TODO: The mailserver this Discourse instance will use
+ DISCOURSE_SMTP_ADDRESS: smtp.example.com # (mandatory)
+ #DISCOURSE_SMTP_PORT: 587 # (optional)
+ #DISCOURSE_SMTP_USER_NAME: user@example.com # (optional)
+ #DISCOURSE_SMTP_PASSWORD: pa$$word # (optional)
+ ##
+ ## The CDN address for this Discourse instance (configured to pull)
+ #DISCOURSE_CDN_URL: //discourse-cdn.example.com
volumes:
- volume:
host: /var/discourse/shared/web-only
guest: /shared
-volumes:
- volume:
host: /var/discourse/shared/web-only/log/var-log
guest: /var/log
-# you may use the docker manager to upgrade and monitor your docker image
-# UI will be visible at http://yoursite.com/admin/docker
+## The docker manager plugin allows you to one-click upgrade Discouse
+## http://discourse.example.com/admin/docker
hooks:
-# you may import your key using launchpad if needed
-#after_sshd:
-# - exec: ssh-import-id some-user
after_code:
- exec:
cd: $home/plugins
cmd:
- mkdir -p plugins
- git clone https://github.com/discourse/docker_manager.git
+
+## Remember, this is YAML syntax - you can only have one block with a name
+run:
+ - exec: echo "Beginning of custom commands"
+
+ ## If you want to configure password login for root, uncomment and change:
+ #- exec: apt-get -y install whois # for mkpasswd
+ ## Use only one of the following lines:
+ #- exec: /usr/sbin/usermod -p 'PASSWORD_HASH' root
+ #- exec: /usr/sbin/usermod -p "$(mkpasswd -m sha-256 'RAW_PASSWORD')" root
+
+ ## If you want to authorized additional users, uncomment and change:
+ #- exec: ssh-import-id username
+ #- exec: ssh-import-id anotherusername
+
+ - exec: echo "End of custom commands"
+ - exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}'
run:
# temporary
+ - exec: apt-get update
- exec: apt-get install -y socat
- exec: mkdir -p /shared/postgres_run
- exec: chown postgres:postgres /shared/postgres_run
contents: |
#!/bin/sh
exec 2>&1
- exec sudo -u postgres /usr/lib/postgresql/9.3/bin/postmaster -D /etc/postgresql/9.3/main
+ exec su - postgres -c '/usr/lib/postgresql/9.3/bin/postmaster -D /etc/postgresql/9.3/main'
- file:
path: /root/upgrade_postgres
chmod: "+x"
- exec:
background: true
- cmd: "sudo -u postgres /usr/lib/postgresql/9.3/bin/postmaster -D /etc/postgresql/9.3/main"
+ cmd: su - postgres -c '/usr/lib/postgresql/9.3/bin/postmaster -D /etc/postgresql/9.3/main'
# give db a few secs to start up
- exec: "sleep 5"
- - exec: sudo -u postgres createdb discourse || exit 0
- - exec:
- stdin: |
- create user discourse;
- cmd: sudo -u postgres psql discourse
- raise_on_fail: false
-
- - exec:
- stdin: |
- grant all privileges on database discourse to discourse;
- cmd: sudo -u postgres psql discourse
- raise_on_fail: false
-
- - exec: /bin/bash -c 'sudo -u postgres psql discourse <<< "alter schema public owner to discourse;"'
- - exec: /bin/bash -c 'sudo -u postgres psql discourse <<< "create extension if not exists hstore;"'
- - exec: /bin/bash -c 'sudo -u postgres psql discourse <<< "create extension if not exists pg_trgm;"'
+ - exec: su postgres -c 'createdb discourse' || true
+ - exec: su postgres -c 'psql discourse -c "create user discourse;"' || true
+ - exec: su postgres -c 'psql discourse -c "grant all privileges on database discourse to discourse;"' || true
+ - exec: su postgres -c 'psql discourse -c "alter schema public owner to discourse;"'
+ - exec: su postgres -c 'psql discourse -c "create extension if not exists hstore;"'
+ - exec: su postgres -c 'psql discourse -c "create extension if not exists pg_trgm;"'
- file:
path: /var/lib/postgresql/take-database-backup
contents: |
# m h dom mon dow command
#MAILTO=?
- 0 */4 * * * /var/lib/postgresql/take-database-backup
+ #0 */4 * * * /var/lib/postgresql/take-database-backup
- exec:
hook: postgres
contents: |
#!/bin/sh
exec 2>&1
- exec sudo -u redis /usr/bin/redis-server /etc/redis/redis.conf
+ exec su - redis -s /bin/bash -c '/usr/bin/redis-server /etc/redis/redis.conf'
- replace:
filename: "/etc/redis/redis.conf"
before_code:
- exec:
background: true
- cmd: "sudo -u redis /usr/bin/redis-server /etc/redis/redis.conf"
+ cmd: su - redis -s /bin/bash -c '/usr/bin/redis-server /etc/redis/redis.conf'
after_code:
- replace:
filename: /etc/service/unicorn/run
# postgres
cd $home
chown -R discourse:www-data /shared/log/rails
- exec sudo -E -u discourse LD_PRELOAD=/usr/lib/libjemalloc.so.1 bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb
+ LD_PRELOAD=/usr/lib/libjemalloc.so.1 exec su discourse -c 'bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb'
- file:
path: /etc/service/nginx/run
- git checkout $version
- mkdir -p tmp/pids
- mkdir -p tmp/sockets
- - mkdir -p /shared/log/rails
- - mkdir -p /shared/uploads
- - mkdir -p /shared/backups
- touch tmp/.gitkeep
- - touch /shared/log/rails/production.log
- - touch /shared/log/rails/production_errors.log
- - touch /shared/log/rails/unicorn.stdout.log
- - touch /shared/log/rails/unicorn.stderr.log
- - ln -s /shared/log/rails/production.log $home/log/production.log
- - ln -s /shared/log/rails/production_errors.log $home/log/production_errors.log
- - ln -s /shared/log/rails/unicorn.stdout.log $home/log/unicorn.stdout.log
- - ln -s /shared/log/rails/unicorn.stderr.log $home/log/unicorn.stderr.log
- - ln -s /shared/uploads $home/public/uploads
- - ln -s /shared/backups $home/public/backups
- - chown -R discourse:www-data /shared/log/rails
- - chown -R discourse:www-data /shared/uploads
- - chown -R discourse:www-data /shared/backups
- - chown -R discourse:www-data $home/log
+ - mkdir -p /shared/log/rails
+ - bash -c "touch /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log"
+ - bash -c "ln -s /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log"
+ - bash -c "mkdir -p /shared/{uploads,backups}"
+ - bash -c "ln -s /shared/{uploads,backups} $home/public"
+ - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups
- exec:
cmd:
# ensure we are on latest bundler
- gem update bundler
- chown -R discourse $home
- - sudo -E -u discourse bundle install --deployment --verbose --without test --without development
- - sudo -E -u discourse bundle exec rake db:migrate
- - sudo -E -u discourse bundle exec rake assets:precompile
+ - su discourse -c 'bundle install --deployment --verbose --without test --without development'
+ - su discourse -c 'bundle exec rake db:migrate'
+ - su discourse -c 'bundle exec rake assets:precompile'
- file:
path: /usr/local/bin/discourse