From: Sam Date: Thu, 15 May 2014 03:34:04 +0000 (+1000) Subject: * re-enable SPDY X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=2d7d1501298d199fe90b397a9e5ee8874e434d86;p=discourse_docker.git * re-enable SPDY * update nginx to 1.6 (remove obsolete comments) * update ruby to 2.0 p481 * update base image to 0.2.1 --- diff --git a/image/base/Dockerfile b/image/base/Dockerfile index f7d1ded..0acc5dc 100644 --- a/image/base/Dockerfile +++ b/image/base/Dockerfile @@ -39,7 +39,7 @@ RUN echo "debconf debconf/frontend select Teletype" | debconf-set-selections &&\ echo 'gem: --no-document' >> /usr/local/etc/gemrc &&\ mkdir /src && cd /src && git clone https://github.com/sstephenson/ruby-build.git &&\ cd /src/ruby-build && ./install.sh &&\ - cd / && rm -rf /src/ruby-build && ruby-build 2.0.0-p451 /usr/local &&\ + cd / && rm -rf /src/ruby-build && ruby-build 2.0.0-p481 /usr/local &&\ gem update --system &&\ gem install bundler &&\ cd / && git clone https://github.com/SamSaffron/pups.git &&\ diff --git a/image/discourse/Dockerfile b/image/discourse/Dockerfile index 7a63c0f..ae9c104 100644 --- a/image/discourse/Dockerfile +++ b/image/discourse/Dockerfile @@ -1,4 +1,4 @@ -FROM samsaffron/discourse_base:0.2.0 +FROM samsaffron/discourse_base:0.2.1 MAINTAINER Sam Saffron "https://twitter.com/samsaffron" diff --git a/launcher b/launcher index 100bcad..cd9ccbd 100755 --- a/launcher +++ b/launcher @@ -13,7 +13,7 @@ config_file=containers/"$config".yml cidfile=cids/"$config".cid cidbootstrap=cids/"$config"_boostrap.cid local_discourse=local_discourse -image=samsaffron/discourse:0.2.0 +image=samsaffron/discourse:0.2.1 docker_path=`which docker.io || which docker` docker_ip=`/sbin/ifconfig | \ @@ -72,15 +72,12 @@ prereqs() { exit 1 fi - # 2. running aufs + # 2. running aufs test=`$docker_path info 2> /dev/null | grep 'Driver: aufs'` if [[ "$test" =~ "aufs" ]] ; then : ; else - echo "Your Docker installation is not using aufs" - echo "Device mapper and other experimental drivers are unstable" - echo - echo "Please ensure your kernel is running linux extras and aufs" - echo "Please follow the installation guide for Docker here: http://docs.docker.io/en/latest/installation/ubuntulinux/" - exit 1 + echo "Your Docker installation is not using aufs, in the past we have had issues with it" + echo "If you are unable to bootstrap your image (or stop it) please report the issue at:" + echo "https://meta.discourse.org/t/discourse-docker-installation-without-aufs/15639" fi # 3. running recommended docker version diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml index 1abe302..f39a613 100644 --- a/templates/web.ssl.template.yml +++ b/templates/web.ssl.template.yml @@ -12,12 +12,9 @@ run: filename: "/etc/nginx/conf.d/discourse.conf" from: /listen 80;\s+gzip on;/m to: | - # No SPDY till nginx 1.4.7 or up (buffer overflow) - listen 443 ssl; - # spdy_keepalive_timeout 300; # up from 180 secs default - + listen 443 ssl spdy; + spdy_keepalive_timeout 300; # up from 180 secs default ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - # courtesy of https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Ciphersuite ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK; ssl_prefer_server_ciphers on; @@ -25,10 +22,10 @@ run: ssl_certificate /shared/ssl/ssl.crt; ssl_certificate_key /shared/ssl/ssl.key; - #ssl_session_tickets off; + ssl_session_tickets off; # enable SPDY header compression - # spdy_headers_comp 6; + spdy_headers_comp 6; # remember the certificate for a year and automatically connect to HTTPS add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';