Rafael dos Santos Silva [Wed, 27 Jan 2021 17:02:57 +0000 (14:02 -0300)]
nginx brotli module bundles libbrotli nowadays
Jay Pfaffman [Sat, 23 Jan 2021 01:24:46 +0000 (17:24 -0800)]
Support maxmind (#512)
* add prompts for maxmind
* can leave key blank
* include message for removing key
* fix maxmind prompts
* cleanup assert_maxmind_license_key
* remove changes to check_port()
* remove trailing whitespace
* do not remove ip match check
* fix indent for chech_IP_match
* remove all trailing whitespace
Rafael dos Santos Silva [Thu, 21 Jan 2021 15:05:26 +0000 (12:05 -0300)]
Expose SMTP_DOMAIN Global Setting in sample file (#515)
This is useful when using some SMTP providers, like Google Apps
https://meta.discourse.org/t/discourse-smtp-sends-ehlo-localhost-instead-of-domain-breaking-google-smtp-relay/176755/6?u=falco
tshenry [Sat, 9 Jan 2021 05:08:05 +0000 (21:08 -0800)]
FEATURE: Add validation to admin email prompt in discourse-setup (#514)
Spencer Imbleau [Fri, 8 Jan 2021 00:15:02 +0000 (19:15 -0500)]
FEATURE: Changed awk config command to be more cross platform (#513)
in Ubuntu 20.04 LTS, pre installed is mawk 1.3.4, which is called when you use awk. In this version, "--field-seperator" is not a valid option, leaving discourse-doctor with many errors.
Described in https://meta.discourse.org/t/discourse-doctor-parsing-smtp-credentials-not-working-admin-registration-email-not-working/174461, this commit aims to use -F as the accepted flag for field separation which is unambiguous across GNU AWK and Ubuntu MAWK.
Rafael dos Santos Silva [Mon, 21 Dec 2020 22:45:38 +0000 (19:45 -0300)]
FEATURE: Bump base image (#511)
Provides new version of ImageMagick
Jeff Atwood [Mon, 21 Dec 2020 20:46:01 +0000 (12:46 -0800)]
Add maxmind geolocation IP key to web template (#510)
Add maxmind geolocation IP key to web only template (commented out)
Jeff Atwood [Mon, 21 Dec 2020 20:17:41 +0000 (12:17 -0800)]
Update standalone.yml (#508)
Rafael dos Santos Silva [Mon, 21 Dec 2020 19:46:50 +0000 (16:46 -0300)]
Revert "Add env var for image version (#507)" (#509)
This reverts commit
35806741fe8934367a010e1fcf4de9b483ce038c.
Rafael dos Santos Silva [Fri, 18 Dec 2020 20:10:18 +0000 (17:10 -0300)]
Add env var for image version (#507)
Rafael dos Santos Silva [Fri, 18 Dec 2020 17:34:54 +0000 (14:34 -0300)]
Adds WEBP support in ImageMagick (#506)
Arpit Jalan [Wed, 16 Dec 2020 18:22:47 +0000 (23:52 +0530)]
FIX: perform bundle install after modifying directory permissions (#504)
Alan Guo Xiang Tan [Tue, 15 Dec 2020 01:11:07 +0000 (09:11 +0800)]
Remove `host_run` from `launcher`. (#498)
This is legacy code that we no longer use and support.
Jeff Wong [Sat, 12 Dec 2020 02:18:42 +0000 (16:18 -1000)]
Remove git pull (#503)
Sam [Fri, 11 Dec 2020 06:29:24 +0000 (17:29 +1100)]
Revert git command changes (#502)
* Revert "FIX: reset takes the full slash path (#501)"
This reverts commit
bf223b05427d432d6ab313eb7740d42caa989c6a.
* Revert "FIX: Run reset and clean after checkout (#500)"
This reverts commit
bc380c73eef970e57195159a654edd2b14fb633b.
* Revert "FIX: remove pull for Discourse core (#499)"
This reverts commit
0ab1da11598467b944182748b8e8c6d363093544.
Jeff Wong [Fri, 11 Dec 2020 02:19:06 +0000 (16:19 -1000)]
FIX: reset takes the full slash path (#501)
Jeff Wong [Fri, 11 Dec 2020 01:53:58 +0000 (15:53 -1000)]
FIX: Run reset and clean after checkout (#500)
shallow fetching and resetting may result in a dirty working tree.
Ensure we have a clean working tree by running the reset and clean after the
fetch.
Previously, we needed the clean and reset before the PULL, to ensure a clean
pull, but since we are using fetch + checkout (which does not result in a
merge if dirty) we might end up with a dirty repo after the checkout, such
as if a clone remote has a different master branch than core.
Jeff Wong [Fri, 11 Dec 2020 01:11:53 +0000 (15:11 -1000)]
FIX: remove pull for Discourse core (#499)
We are already shallow-fetching a few lines below. A pull with a shallow
clone can be dangerous if Discourse is using a different repository
or version, as that potentially results in more data being pulled or a
dirty merge with a different upstream.
Remove the pull and rely only on the fetch and checkout.
Michael Fitz-Payne [Wed, 9 Dec 2020 02:28:04 +0000 (12:28 +1000)]
postgres.10.template: purge postgres-13 rather than 12. (#497)
This purge command was missed and caused issues with the database
starting up correctly in some cases. Postgres-12 is no longer in the
base image so this wouldn't be doing anything.
Rafael dos Santos Silva [Tue, 8 Dec 2020 18:28:31 +0000 (15:28 -0300)]
New image with fix for CVE-2020-1971 (#496)
Rafael dos Santos Silva [Tue, 8 Dec 2020 18:10:16 +0000 (15:10 -0300)]
Fix dev image to work with pg13 (#495)
Régis Hanol [Tue, 8 Dec 2020 11:08:43 +0000 (12:08 +0100)]
FIX: prompt to remove old psql data defaults to 'N'
Michael Fitz-Payne [Mon, 7 Dec 2020 22:50:50 +0000 (08:50 +1000)]
launcher: update base image for postgres 13 update. (#494)
Michael Fitz-Payne [Mon, 7 Dec 2020 22:00:08 +0000 (08:00 +1000)]
Update base image and default to postgres 13. (#493)
FEATURE: update to PostgreSQL 13.
* postgres.template.yml: update to new major version of 13.
This changes the default postgres version to 13 for the postgres
template.
* images/base: bump postgres to version 13.
* postgres.13.template.yml: add postgres 13 template.
* postgres.12.template: add step to remove pg 13 install.
* launcher: increase timeout allowed for docker stop.
With large databases Postgres may take some time to stop gracefully, so
increase the allowed timeout.
* launcher: use temporary pg13 image while build is running.
Note this will be updated once the image change lands in master.
Rafael dos Santos Silva [Thu, 26 Nov 2020 21:04:23 +0000 (18:04 -0300)]
Bump default base image
Michael Brown [Thu, 26 Nov 2020 04:51:48 +0000 (23:51 -0500)]
Handle the case where IPv6 is also used (#480)
* We want web.ssl.template.yml to handle the IPv6 case as well
Rafael dos Santos Silva [Wed, 25 Nov 2020 21:51:01 +0000 (18:51 -0300)]
FEATURE: Use a shallow clone for Discourse core
This reduces final compressed image size in 25%.
Ed Lim [Mon, 23 Nov 2020 23:08:29 +0000 (15:08 -0800)]
Adding sed statement to disable imklog in rsyslog (#489)
Sam Saffron [Fri, 20 Nov 2020 02:31:47 +0000 (13:31 +1100)]
Bump Ruby version to 2.7.2
It is compatible with Discourse and a bit faster than 2.6
We will test this image internally for a few weeks prior to bumping globally.
Sam Saffron [Wed, 18 Nov 2020 08:11:39 +0000 (19:11 +1100)]
DOCS: correct syntax error in readme
Dan Ungureanu [Mon, 16 Nov 2020 13:23:55 +0000 (15:23 +0200)]
FEATURE: Run themes:update before assets:precompile (#484)
Rafael dos Santos Silva [Wed, 11 Nov 2020 15:47:29 +0000 (12:47 -0300)]
Upgrade to Redis 6.0.9 (#487)
This unlocks using the new I/O Threads feature of Redis 6.X.
In order to support it the redis template file now accepts a parameter
allowing an operator to enable it and pick how many threads.
By default sets threads to 1, which disables the feature and acts like
redis 5.
Simon [Mon, 9 Nov 2020 04:59:11 +0000 (05:59 +0100)]
TASK: Improve README and YAML Codeblocks. (#486)
Haoming Wang [Thu, 5 Nov 2020 02:19:34 +0000 (03:19 +0100)]
Remove additional exit command (#485)
jbrw [Wed, 21 Oct 2020 00:18:45 +0000 (20:18 -0400)]
FEATURE: Replace the default ImageMagick policy.xml (#483)
* Replace the default ImageMagick policy.xml
Replace the default ImageMagick policy.xml with a file containing some resource limitiations. The intention is to stop exceptionally oversized images (and/or malformed images) from consuming all resources on a system.
The values provided should provide ample resources for any reasonable image to be processed without hinderance.
Stephen [Sun, 18 Oct 2020 20:01:09 +0000 (13:01 -0700)]
Reflect Discourse default of HTTPS (#482)
Discourse installs HTTPS as standard, so mail-receiver should probably reflect this too.
Sam Saffron [Thu, 8 Oct 2020 04:13:28 +0000 (15:13 +1100)]
Update base image to cover latest security fixes
Image has been tested on internal Discourse servers and is good
Penar Musaraj [Sun, 30 Aug 2020 14:29:32 +0000 (10:29 -0400)]
Install libxss1 for the test image, looks like it is needed by Chrome
See also https://github.com/puppeteer/puppeteer/issues/6192
Sam Saffron [Tue, 25 Aug 2020 07:20:51 +0000 (17:20 +1000)]
FIX: Always remove pids on boot
Previously if unicorn stopped abruptly we could have a situation where
pids were left around
This could lead to Sidekiq not booting
This will ensure that on boot our state is clean
David Taylor [Wed, 5 Aug 2020 16:25:17 +0000 (17:25 +0100)]
DEV: Raise an error when env variable is a YAML hash (#479)
This is never intended, and almost always causes unintended behaviour
Jay Pfaffman [Tue, 4 Aug 2020 22:47:30 +0000 (15:47 -0700)]
FIX: discourse-doctor plugin check too loose (#478)
The non-official plugin check was looking only for `git`, which would match other things in the yml file (e.g., a digital ocean S3 bucket name).
`grep` for `'git clone'` should solve that problem.
Though I did test this edit on a running sitee, I made these edit in the web interface by hand rather than pushing a commit where I tested it. Please look twice to make sure that I didn't do something silly when making the edit here.
Penar Musaraj [Wed, 29 Jul 2020 19:11:16 +0000 (15:11 -0400)]
Update base image
Sam Saffron [Tue, 28 Jul 2020 02:58:09 +0000 (12:58 +1000)]
DEV: overlay2 is the recommended storage engine not aufs
overlay2 is supported in all latest kernels and the default storage engine
for new installs of docker.
Recommend it.
Penar Musaraj [Fri, 24 Jul 2020 13:09:15 +0000 (09:09 -0400)]
Update dependencies: nginx, redis, imagemagick (#475)
- Redis from 5.0.5 to 5.0.9
- Nginx from 1.17.9 to 1.18.0
- ImageMagick from 7.0.10-6 to 7.0.10-24
Guo Xiang Tan [Mon, 20 Jul 2020 06:24:51 +0000 (14:24 +0800)]
Install less by default.
Useful for scanning through log files. Production Rails REPL uses Pry
which depends on less for paging. The default pager is not as user
friendly.
Michael Brown [Wed, 15 Jul 2020 17:29:26 +0000 (13:29 -0400)]
FIX: remove db_max_wal_senders and db_wal_level entirely
* I had previously removed the db_wal_level and db_max_wal_senders but
foolishly assumed there was some sort of default or they would only get
replaced if defined
Michael Brown [Wed, 15 Jul 2020 16:50:35 +0000 (12:50 -0400)]
FIX: re-exec code was broken
* BASH_ARGV is only used in extended debugging mode
Penar Musaraj [Tue, 14 Jul 2020 19:39:45 +0000 (15:39 -0400)]
Build libheif from source for Ubuntu (#474)
Michael Brown [Wed, 15 Jul 2020 15:56:46 +0000 (11:56 -0400)]
Update postgres templates (#472)
* postgres: Allow replication and basebackups to happen
* the overrides for db_wal_level and db_max_wal_senders disallow
replication and basebackups to be taken
* there is no need for us to disable these features, allow the defaults to stay
* postgres: remove out-of-support templates
* taken from https://www.postgresql.org/support/versioning/ :
* postgres 9.2 and 9.3 are no longer supported
* 9.5 will be supported until February 11, 2021:
Penar Musaraj [Fri, 10 Jul 2020 13:20:52 +0000 (09:20 -0400)]
Add HEIF conversion support to ImageMagick (#473)
Sam Saffron [Tue, 7 Jul 2020 00:04:34 +0000 (10:04 +1000)]
improve permissions in tmp directory
previously could be owned by the root group
Jeff Wong [Mon, 6 Jul 2020 23:28:56 +0000 (16:28 -0700)]
Revert "Revert rake call to pull_compatible_all"
This reverts commit
0edf993a55953c9d5ee8856c87825659401c92c3.
Jeff Wong [Mon, 6 Jul 2020 23:23:17 +0000 (16:23 -0700)]
Revert rake call to pull_compatible_all
Jeff Wong [Mon, 6 Jul 2020 23:14:01 +0000 (16:14 -0700)]
FIX: run pull_compatible_all as discourse
Jeff Wong [Mon, 6 Jul 2020 21:48:22 +0000 (11:48 -1000)]
FEATURE: add support for plugin-pinning (#470)
* FEATURE: add support for plugin-pinning
checks out pinned plugin versions, if defined, by way of the rake task
* refactor rake task name
Kane York [Fri, 5 Jun 2020 16:01:40 +0000 (09:01 -0700)]
FIX: Typo in retried image pull
Rafael dos Santos Silva [Wed, 27 May 2020 19:28:43 +0000 (16:28 -0300)]
Handle dangling pg data folders from previous updates
Rafael dos Santos Silva [Tue, 26 May 2020 20:58:01 +0000 (17:58 -0300)]
Simpler instruction in case of pg_upgrade failure
There are many cases (database had bad shutdown, missing locale env)
where the manual export isn't needed, so point the admin to meta so
some easier solutions can be tried first.
Kane York [Tue, 26 May 2020 01:14:12 +0000 (18:14 -0700)]
FIX: Automatically retry image pull once (#468)
Sam Saffron [Mon, 25 May 2020 02:36:39 +0000 (12:36 +1000)]
Bump to optional jemalloc 5.2.1
Rafael dos Santos Silva [Thu, 14 May 2020 16:10:45 +0000 (13:10 -0300)]
Some content on the sshd template so pups don't explodes
Rafael dos Santos Silva [Wed, 13 May 2020 18:41:47 +0000 (15:41 -0300)]
wait a bit more if necessary for container stop
Rafael dos Santos Silva [Wed, 13 May 2020 17:53:55 +0000 (14:53 -0300)]
Remove Vagrant references as they are no longer used
Rafael dos Santos Silva [Wed, 13 May 2020 00:18:55 +0000 (21:18 -0300)]
Remove all pg12 traces so pg_wrapper doesn't get confused
Rafael dos Santos Silva [Tue, 12 May 2020 22:44:11 +0000 (19:44 -0300)]
Teach pg10 template how to install itself for rollbacks
Rafael dos Santos Silva [Tue, 12 May 2020 22:16:00 +0000 (19:16 -0300)]
Fix free disk space calculation take 2
Rafael dos Santos Silva [Tue, 12 May 2020 21:33:43 +0000 (18:33 -0300)]
Fix disk detection units
df was reporting bytes while du was reporting Kilobytes.
Rafael dos Santos Silva [Tue, 12 May 2020 17:46:55 +0000 (14:46 -0300)]
Fix dev image for new pg
Rafael dos Santos Silva [Tue, 12 May 2020 17:41:22 +0000 (14:41 -0300)]
New base image with PostgreSQL 12
Rafael dos Santos Silva [Tue, 12 May 2020 15:25:53 +0000 (12:25 -0300)]
PostgreSQL 12 (#462)
Jay Pfaffman [Mon, 11 May 2020 22:10:24 +0000 (15:10 -0700)]
UI: discourse-setup tweak dns problem message (#460)
Make the "your domain doesn't resolve" message more clear.
Rafael dos Santos Silva [Fri, 8 May 2020 19:06:22 +0000 (16:06 -0300)]
Bump Ruby to 2.6.6
Kane York [Wed, 6 May 2020 18:27:35 +0000 (11:27 -0700)]
FIX: Add a blank sshd.template.yml (#463)
Sam Saffron [Thu, 30 Apr 2020 22:35:23 +0000 (08:35 +1000)]
DEV: remove unused sshd template
No need to carry this template anymore we do not use it.
Michael Brown [Thu, 30 Apr 2020 21:33:02 +0000 (17:33 -0400)]
FIX: sshd template
* sshd template users were unable to rebuild
* the replace command was trying to modify a file from the package before it was installed
Michael Brown [Thu, 30 Apr 2020 03:00:24 +0000 (23:00 -0400)]
Update Discourse base image to 2.0.
20200429-2110
Michael Brown [Wed, 29 Apr 2020 20:24:29 +0000 (16:24 -0400)]
FIX: remove broken symlinks from removed plugins
* if plugins have been removed or renamed, we end up with a dangling symlink in this directory
* this causes the build to fail later during a chown
Michael Brown [Thu, 9 Apr 2020 18:54:01 +0000 (14:54 -0400)]
Revert "Remove nginx-common package"
This reverts commit
30e0c58d1dd851a00bf7decc6182e3948c10a545.
* turns out we do depend on the default nginx.conf and directories provided by the distribution package
* notably /etc/nginx.conf and /etc/nginx/conf.d
Michael Brown [Thu, 9 Apr 2020 17:52:59 +0000 (13:52 -0400)]
Remove nginx-common package
* I don't think we need it at all
Michael Brown [Thu, 9 Apr 2020 17:52:38 +0000 (13:52 -0400)]
Add hash checks to downloaded source files
* we had one in place for redis but nowhere else
Michael Brown [Thu, 9 Apr 2020 17:51:21 +0000 (13:51 -0400)]
Bump ImageMagick and nginx versions
Michael Brown [Thu, 9 Apr 2020 01:47:50 +0000 (21:47 -0400)]
Move openssh-server from the base image to the sshd template
Michael Brown [Thu, 9 Apr 2020 01:47:28 +0000 (21:47 -0400)]
Prevent unused packages from being pulled into the base image
* e.g. X11 libraries, mysql libraries, mailutils, NTLM libraries
Justin DiRose [Wed, 11 Mar 2020 18:55:10 +0000 (13:55 -0500)]
FEATURE: Give option to publish log file publicly (#459)
Mark Vainomaa [Wed, 11 Mar 2020 06:52:51 +0000 (08:52 +0200)]
FEATURE: Don't use fully qualified path for bash in host (#458)
Gerhard Schlager [Mon, 2 Mar 2020 16:08:19 +0000 (17:08 +0100)]
Unfreeze Gemfile in import templates
Co-authored-by: Jay Pfaffman <pfaffman@gmail.com>
Sam Saffron [Thu, 27 Feb 2020 04:53:38 +0000 (15:53 +1100)]
DEV: Bump baseimage
This includes updated dependencies required for the codereview plugin and
additional fixes
Daniel Waterworth [Thu, 20 Feb 2020 17:54:39 +0000 (17:54 +0000)]
Add cmake as a base dependency
Rafael dos Santos Silva [Wed, 19 Feb 2020 19:27:34 +0000 (16:27 -0300)]
Early hostname check (#456)
* Move hostname check to earlier in the process
* Provide instruction on hostname check failure
* Fix instruction in case of hostname failure
Ranjan Purbey [Mon, 20 Jan 2020 20:58:20 +0000 (02:28 +0530)]
Update README.md (#455)
Fix indentation at L56
Rafael dos Santos Silva [Mon, 23 Dec 2019 16:36:38 +0000 (13:36 -0300)]
Bump base image
Rafael dos Santos Silva [Mon, 2 Dec 2019 18:16:45 +0000 (15:16 -0300)]
FEATURE: Default to HTTPS
Blake Erickson [Fri, 15 Nov 2019 14:25:07 +0000 (07:25 -0700)]
update mail-receiver version
Gerhard Schlager [Thu, 31 Oct 2019 20:32:49 +0000 (21:32 +0100)]
Try to force certificate issuance on second try
Todd Sharp [Mon, 28 Oct 2019 01:58:56 +0000 (21:58 -0400)]
Change check for linux memory (#452)
* Change check for linux memory
Some VMs clock in at *just under* 1GB, so checking for 1GB of RAM will miss these. Instead, check for MB, divide by 1000 and round up.
* Refine the check_linux_memory function
Be a little more precise and only make an exception for VMs with >= 990MB RAM
Ruben Homs [Thu, 24 Oct 2019 00:40:36 +0000 (02:40 +0200)]
Make port check optional, add y/n prompt (#448)
romanrizzi [Wed, 16 Oct 2019 18:28:57 +0000 (15:28 -0300)]
Bump base image to update uglifyJS to v3
Roman Rizzi [Thu, 10 Oct 2019 05:17:46 +0000 (02:17 -0300)]
DEV: Bump uglifyjs
We now support uglifyjs version 3 in Discourse core, no need to hold back the upgrade.
Sam Saffron [Thu, 3 Oct 2019 23:59:17 +0000 (09:59 +1000)]
SECURITY: base image updates
- Ruby upgraded from 2.6.4 -> 2.6.5 to address CVEs
- Image Magick from 7.0.8-61 -> 66
- NGINX 1.17.3 -> 4 (bug fixes only)
Daniel Waterworth [Wed, 2 Oct 2019 00:29:19 +0000 (00:29 +0000)]
Check that redis archive matches hash (#450)
Redis is downloaded without TLS