Rafael dos Santos Silva [Tue, 8 Dec 2020 18:28:31 +0000 (15:28 -0300)]
New image with fix for CVE-2020-1971 (#496)
Rafael dos Santos Silva [Tue, 8 Dec 2020 18:10:16 +0000 (15:10 -0300)]
Fix dev image to work with pg13 (#495)
Régis Hanol [Tue, 8 Dec 2020 11:08:43 +0000 (12:08 +0100)]
FIX: prompt to remove old psql data defaults to 'N'
Michael Fitz-Payne [Mon, 7 Dec 2020 22:50:50 +0000 (08:50 +1000)]
launcher: update base image for postgres 13 update. (#494)
Michael Fitz-Payne [Mon, 7 Dec 2020 22:00:08 +0000 (08:00 +1000)]
Update base image and default to postgres 13. (#493)
FEATURE: update to PostgreSQL 13.
* postgres.template.yml: update to new major version of 13.
This changes the default postgres version to 13 for the postgres
template.
* images/base: bump postgres to version 13.
* postgres.13.template.yml: add postgres 13 template.
* postgres.12.template: add step to remove pg 13 install.
* launcher: increase timeout allowed for docker stop.
With large databases Postgres may take some time to stop gracefully, so
increase the allowed timeout.
* launcher: use temporary pg13 image while build is running.
Note this will be updated once the image change lands in master.
Rafael dos Santos Silva [Thu, 26 Nov 2020 21:04:23 +0000 (18:04 -0300)]
Bump default base image
Michael Brown [Thu, 26 Nov 2020 04:51:48 +0000 (23:51 -0500)]
Handle the case where IPv6 is also used (#480)
* We want web.ssl.template.yml to handle the IPv6 case as well
Rafael dos Santos Silva [Wed, 25 Nov 2020 21:51:01 +0000 (18:51 -0300)]
FEATURE: Use a shallow clone for Discourse core
This reduces final compressed image size in 25%.
Ed Lim [Mon, 23 Nov 2020 23:08:29 +0000 (15:08 -0800)]
Adding sed statement to disable imklog in rsyslog (#489)
Sam Saffron [Fri, 20 Nov 2020 02:31:47 +0000 (13:31 +1100)]
Bump Ruby version to 2.7.2
It is compatible with Discourse and a bit faster than 2.6
We will test this image internally for a few weeks prior to bumping globally.
Sam Saffron [Wed, 18 Nov 2020 08:11:39 +0000 (19:11 +1100)]
DOCS: correct syntax error in readme
Dan Ungureanu [Mon, 16 Nov 2020 13:23:55 +0000 (15:23 +0200)]
FEATURE: Run themes:update before assets:precompile (#484)
Rafael dos Santos Silva [Wed, 11 Nov 2020 15:47:29 +0000 (12:47 -0300)]
Upgrade to Redis 6.0.9 (#487)
This unlocks using the new I/O Threads feature of Redis 6.X.
In order to support it the redis template file now accepts a parameter
allowing an operator to enable it and pick how many threads.
By default sets threads to 1, which disables the feature and acts like
redis 5.
Simon [Mon, 9 Nov 2020 04:59:11 +0000 (05:59 +0100)]
TASK: Improve README and YAML Codeblocks. (#486)
Haoming Wang [Thu, 5 Nov 2020 02:19:34 +0000 (03:19 +0100)]
Remove additional exit command (#485)
jbrw [Wed, 21 Oct 2020 00:18:45 +0000 (20:18 -0400)]
FEATURE: Replace the default ImageMagick policy.xml (#483)
* Replace the default ImageMagick policy.xml
Replace the default ImageMagick policy.xml with a file containing some resource limitiations. The intention is to stop exceptionally oversized images (and/or malformed images) from consuming all resources on a system.
The values provided should provide ample resources for any reasonable image to be processed without hinderance.
Stephen [Sun, 18 Oct 2020 20:01:09 +0000 (13:01 -0700)]
Reflect Discourse default of HTTPS (#482)
Discourse installs HTTPS as standard, so mail-receiver should probably reflect this too.
Sam Saffron [Thu, 8 Oct 2020 04:13:28 +0000 (15:13 +1100)]
Update base image to cover latest security fixes
Image has been tested on internal Discourse servers and is good
Penar Musaraj [Sun, 30 Aug 2020 14:29:32 +0000 (10:29 -0400)]
Install libxss1 for the test image, looks like it is needed by Chrome
See also https://github.com/puppeteer/puppeteer/issues/6192
Sam Saffron [Tue, 25 Aug 2020 07:20:51 +0000 (17:20 +1000)]
FIX: Always remove pids on boot
Previously if unicorn stopped abruptly we could have a situation where
pids were left around
This could lead to Sidekiq not booting
This will ensure that on boot our state is clean
David Taylor [Wed, 5 Aug 2020 16:25:17 +0000 (17:25 +0100)]
DEV: Raise an error when env variable is a YAML hash (#479)
This is never intended, and almost always causes unintended behaviour
Jay Pfaffman [Tue, 4 Aug 2020 22:47:30 +0000 (15:47 -0700)]
FIX: discourse-doctor plugin check too loose (#478)
The non-official plugin check was looking only for `git`, which would match other things in the yml file (e.g., a digital ocean S3 bucket name).
`grep` for `'git clone'` should solve that problem.
Though I did test this edit on a running sitee, I made these edit in the web interface by hand rather than pushing a commit where I tested it. Please look twice to make sure that I didn't do something silly when making the edit here.
Penar Musaraj [Wed, 29 Jul 2020 19:11:16 +0000 (15:11 -0400)]
Update base image
Sam Saffron [Tue, 28 Jul 2020 02:58:09 +0000 (12:58 +1000)]
DEV: overlay2 is the recommended storage engine not aufs
overlay2 is supported in all latest kernels and the default storage engine
for new installs of docker.
Recommend it.
Penar Musaraj [Fri, 24 Jul 2020 13:09:15 +0000 (09:09 -0400)]
Update dependencies: nginx, redis, imagemagick (#475)
- Redis from 5.0.5 to 5.0.9
- Nginx from 1.17.9 to 1.18.0
- ImageMagick from 7.0.10-6 to 7.0.10-24
Guo Xiang Tan [Mon, 20 Jul 2020 06:24:51 +0000 (14:24 +0800)]
Install less by default.
Useful for scanning through log files. Production Rails REPL uses Pry
which depends on less for paging. The default pager is not as user
friendly.
Michael Brown [Wed, 15 Jul 2020 17:29:26 +0000 (13:29 -0400)]
FIX: remove db_max_wal_senders and db_wal_level entirely
* I had previously removed the db_wal_level and db_max_wal_senders but
foolishly assumed there was some sort of default or they would only get
replaced if defined
Michael Brown [Wed, 15 Jul 2020 16:50:35 +0000 (12:50 -0400)]
FIX: re-exec code was broken
* BASH_ARGV is only used in extended debugging mode
Penar Musaraj [Tue, 14 Jul 2020 19:39:45 +0000 (15:39 -0400)]
Build libheif from source for Ubuntu (#474)
Michael Brown [Wed, 15 Jul 2020 15:56:46 +0000 (11:56 -0400)]
Update postgres templates (#472)
* postgres: Allow replication and basebackups to happen
* the overrides for db_wal_level and db_max_wal_senders disallow
replication and basebackups to be taken
* there is no need for us to disable these features, allow the defaults to stay
* postgres: remove out-of-support templates
* taken from https://www.postgresql.org/support/versioning/ :
* postgres 9.2 and 9.3 are no longer supported
* 9.5 will be supported until February 11, 2021:
Penar Musaraj [Fri, 10 Jul 2020 13:20:52 +0000 (09:20 -0400)]
Add HEIF conversion support to ImageMagick (#473)
Sam Saffron [Tue, 7 Jul 2020 00:04:34 +0000 (10:04 +1000)]
improve permissions in tmp directory
previously could be owned by the root group
Jeff Wong [Mon, 6 Jul 2020 23:28:56 +0000 (16:28 -0700)]
Revert "Revert rake call to pull_compatible_all"
This reverts commit
0edf993a55953c9d5ee8856c87825659401c92c3.
Jeff Wong [Mon, 6 Jul 2020 23:23:17 +0000 (16:23 -0700)]
Revert rake call to pull_compatible_all
Jeff Wong [Mon, 6 Jul 2020 23:14:01 +0000 (16:14 -0700)]
FIX: run pull_compatible_all as discourse
Jeff Wong [Mon, 6 Jul 2020 21:48:22 +0000 (11:48 -1000)]
FEATURE: add support for plugin-pinning (#470)
* FEATURE: add support for plugin-pinning
checks out pinned plugin versions, if defined, by way of the rake task
* refactor rake task name
Kane York [Fri, 5 Jun 2020 16:01:40 +0000 (09:01 -0700)]
FIX: Typo in retried image pull
Rafael dos Santos Silva [Wed, 27 May 2020 19:28:43 +0000 (16:28 -0300)]
Handle dangling pg data folders from previous updates
Rafael dos Santos Silva [Tue, 26 May 2020 20:58:01 +0000 (17:58 -0300)]
Simpler instruction in case of pg_upgrade failure
There are many cases (database had bad shutdown, missing locale env)
where the manual export isn't needed, so point the admin to meta so
some easier solutions can be tried first.
Kane York [Tue, 26 May 2020 01:14:12 +0000 (18:14 -0700)]
FIX: Automatically retry image pull once (#468)
Sam Saffron [Mon, 25 May 2020 02:36:39 +0000 (12:36 +1000)]
Bump to optional jemalloc 5.2.1
Rafael dos Santos Silva [Thu, 14 May 2020 16:10:45 +0000 (13:10 -0300)]
Some content on the sshd template so pups don't explodes
Rafael dos Santos Silva [Wed, 13 May 2020 18:41:47 +0000 (15:41 -0300)]
wait a bit more if necessary for container stop
Rafael dos Santos Silva [Wed, 13 May 2020 17:53:55 +0000 (14:53 -0300)]
Remove Vagrant references as they are no longer used
Rafael dos Santos Silva [Wed, 13 May 2020 00:18:55 +0000 (21:18 -0300)]
Remove all pg12 traces so pg_wrapper doesn't get confused
Rafael dos Santos Silva [Tue, 12 May 2020 22:44:11 +0000 (19:44 -0300)]
Teach pg10 template how to install itself for rollbacks
Rafael dos Santos Silva [Tue, 12 May 2020 22:16:00 +0000 (19:16 -0300)]
Fix free disk space calculation take 2
Rafael dos Santos Silva [Tue, 12 May 2020 21:33:43 +0000 (18:33 -0300)]
Fix disk detection units
df was reporting bytes while du was reporting Kilobytes.
Rafael dos Santos Silva [Tue, 12 May 2020 17:46:55 +0000 (14:46 -0300)]
Fix dev image for new pg
Rafael dos Santos Silva [Tue, 12 May 2020 17:41:22 +0000 (14:41 -0300)]
New base image with PostgreSQL 12
Rafael dos Santos Silva [Tue, 12 May 2020 15:25:53 +0000 (12:25 -0300)]
PostgreSQL 12 (#462)
Jay Pfaffman [Mon, 11 May 2020 22:10:24 +0000 (15:10 -0700)]
UI: discourse-setup tweak dns problem message (#460)
Make the "your domain doesn't resolve" message more clear.
Rafael dos Santos Silva [Fri, 8 May 2020 19:06:22 +0000 (16:06 -0300)]
Bump Ruby to 2.6.6
Kane York [Wed, 6 May 2020 18:27:35 +0000 (11:27 -0700)]
FIX: Add a blank sshd.template.yml (#463)
Sam Saffron [Thu, 30 Apr 2020 22:35:23 +0000 (08:35 +1000)]
DEV: remove unused sshd template
No need to carry this template anymore we do not use it.
Michael Brown [Thu, 30 Apr 2020 21:33:02 +0000 (17:33 -0400)]
FIX: sshd template
* sshd template users were unable to rebuild
* the replace command was trying to modify a file from the package before it was installed
Michael Brown [Thu, 30 Apr 2020 03:00:24 +0000 (23:00 -0400)]
Update Discourse base image to 2.0.
20200429-2110
Michael Brown [Wed, 29 Apr 2020 20:24:29 +0000 (16:24 -0400)]
FIX: remove broken symlinks from removed plugins
* if plugins have been removed or renamed, we end up with a dangling symlink in this directory
* this causes the build to fail later during a chown
Michael Brown [Thu, 9 Apr 2020 18:54:01 +0000 (14:54 -0400)]
Revert "Remove nginx-common package"
This reverts commit
30e0c58d1dd851a00bf7decc6182e3948c10a545.
* turns out we do depend on the default nginx.conf and directories provided by the distribution package
* notably /etc/nginx.conf and /etc/nginx/conf.d
Michael Brown [Thu, 9 Apr 2020 17:52:59 +0000 (13:52 -0400)]
Remove nginx-common package
* I don't think we need it at all
Michael Brown [Thu, 9 Apr 2020 17:52:38 +0000 (13:52 -0400)]
Add hash checks to downloaded source files
* we had one in place for redis but nowhere else
Michael Brown [Thu, 9 Apr 2020 17:51:21 +0000 (13:51 -0400)]
Bump ImageMagick and nginx versions
Michael Brown [Thu, 9 Apr 2020 01:47:50 +0000 (21:47 -0400)]
Move openssh-server from the base image to the sshd template
Michael Brown [Thu, 9 Apr 2020 01:47:28 +0000 (21:47 -0400)]
Prevent unused packages from being pulled into the base image
* e.g. X11 libraries, mysql libraries, mailutils, NTLM libraries
Justin DiRose [Wed, 11 Mar 2020 18:55:10 +0000 (13:55 -0500)]
FEATURE: Give option to publish log file publicly (#459)
Mark Vainomaa [Wed, 11 Mar 2020 06:52:51 +0000 (08:52 +0200)]
FEATURE: Don't use fully qualified path for bash in host (#458)
Gerhard Schlager [Mon, 2 Mar 2020 16:08:19 +0000 (17:08 +0100)]
Unfreeze Gemfile in import templates
Co-authored-by: Jay Pfaffman <pfaffman@gmail.com>
Sam Saffron [Thu, 27 Feb 2020 04:53:38 +0000 (15:53 +1100)]
DEV: Bump baseimage
This includes updated dependencies required for the codereview plugin and
additional fixes
Daniel Waterworth [Thu, 20 Feb 2020 17:54:39 +0000 (17:54 +0000)]
Add cmake as a base dependency
Rafael dos Santos Silva [Wed, 19 Feb 2020 19:27:34 +0000 (16:27 -0300)]
Early hostname check (#456)
* Move hostname check to earlier in the process
* Provide instruction on hostname check failure
* Fix instruction in case of hostname failure
Ranjan Purbey [Mon, 20 Jan 2020 20:58:20 +0000 (02:28 +0530)]
Update README.md (#455)
Fix indentation at L56
Rafael dos Santos Silva [Mon, 23 Dec 2019 16:36:38 +0000 (13:36 -0300)]
Bump base image
Rafael dos Santos Silva [Mon, 2 Dec 2019 18:16:45 +0000 (15:16 -0300)]
FEATURE: Default to HTTPS
Blake Erickson [Fri, 15 Nov 2019 14:25:07 +0000 (07:25 -0700)]
update mail-receiver version
Gerhard Schlager [Thu, 31 Oct 2019 20:32:49 +0000 (21:32 +0100)]
Try to force certificate issuance on second try
Todd Sharp [Mon, 28 Oct 2019 01:58:56 +0000 (21:58 -0400)]
Change check for linux memory (#452)
* Change check for linux memory
Some VMs clock in at *just under* 1GB, so checking for 1GB of RAM will miss these. Instead, check for MB, divide by 1000 and round up.
* Refine the check_linux_memory function
Be a little more precise and only make an exception for VMs with >= 990MB RAM
Ruben Homs [Thu, 24 Oct 2019 00:40:36 +0000 (02:40 +0200)]
Make port check optional, add y/n prompt (#448)
romanrizzi [Wed, 16 Oct 2019 18:28:57 +0000 (15:28 -0300)]
Bump base image to update uglifyJS to v3
Roman Rizzi [Thu, 10 Oct 2019 05:17:46 +0000 (02:17 -0300)]
DEV: Bump uglifyjs
We now support uglifyjs version 3 in Discourse core, no need to hold back the upgrade.
Sam Saffron [Thu, 3 Oct 2019 23:59:17 +0000 (09:59 +1000)]
SECURITY: base image updates
- Ruby upgraded from 2.6.4 -> 2.6.5 to address CVEs
- Image Magick from 7.0.8-61 -> 66
- NGINX 1.17.3 -> 4 (bug fixes only)
Daniel Waterworth [Wed, 2 Oct 2019 00:29:19 +0000 (00:29 +0000)]
Check that redis archive matches hash (#450)
Redis is downloaded without TLS
Gerhard Schlager [Tue, 1 Oct 2019 14:59:22 +0000 (10:59 -0400)]
Update MySQL privileges when starting phpBB3 import
MySQL isn't running in the init script yet, so updating the privileges doesn't work. Duh!
Follow-up to
3df237a6
Gerhard Schlager [Tue, 1 Oct 2019 00:20:01 +0000 (20:20 -0400)]
Make phpBB3 import template work with latest image (#449)
Saj Goonatilleke [Fri, 20 Sep 2019 07:43:02 +0000 (17:43 +1000)]
FIX: Pass through stdout when running interactively
Follow up to commit
70aaf45.
Saj Goonatilleke [Wed, 18 Sep 2019 17:58:47 +0000 (03:58 +1000)]
FIX: Never prune Docker volumes
`system prune` on older Docker releases will remove volumes. The
accidental removal of container volumes may result in user data loss.
This patch should ensure that any users on Docker CE <17.06.1 benefit
from the same, safer behaviour enjoyed by users on contemporary Docker
releases.
Jay Pfaffman [Wed, 11 Sep 2019 22:16:50 +0000 (15:16 -0700)]
FIX: Install mariadb lib instead of mysql
Gerhard Schlager [Tue, 10 Sep 2019 00:44:52 +0000 (02:44 +0200)]
Correctly install ECDSA certificate
Follow-up to
f6ec21851dcf417c13333179a0f933d1dcc3faa1
Gerhard Schlager [Mon, 9 Sep 2019 23:02:45 +0000 (01:02 +0200)]
FEATURE: Elliptic Curve certificate (#444)
[Mozilla](https://wiki.mozilla.org/Security/Server_Side_TLS) recommends (P-256) as certificate type for intermediate compatibility.
> ECDSA certificates are recommended over RSA certificates, as they allow the use of ECDHE with Windows 7 clients using Internet Explorer 11
Most modern browsers will use cipher suites with the ECDSA certificate. Older browsers will select the RSA certificate and a RSA cipher suite.
Rafael dos Santos Silva [Fri, 6 Sep 2019 17:56:14 +0000 (14:56 -0300)]
Bump base image
Rafael dos Santos Silva [Fri, 6 Sep 2019 04:27:17 +0000 (01:27 -0300)]
FIX: Backup Restore was broken because rsync was missing
Rafael dos Santos Silva [Tue, 3 Sep 2019 19:37:14 +0000 (16:37 -0300)]
Make sshd compatible with Debian image
Rafael dos Santos Silva [Mon, 2 Sep 2019 18:15:01 +0000 (15:15 -0300)]
Bump base image
Rafael dos Santos Silva [Fri, 30 Aug 2019 03:59:50 +0000 (00:59 -0300)]
Update ruby to 2.6.4
Jay Pfaffman [Wed, 1 Aug 2018 08:56:20 +0000 (10:56 +0200)]
FEATURE: launcher suggests discourse-doctor on fail
Jay Pfaffman [Fri, 12 Apr 2019 16:04:24 +0000 (09:04 -0700)]
Add commented sections to enable incoming TLS
Use Let's Encrypt certs from app to enable incoming TLS for mail-receiver.
Andrew Schleifer [Wed, 26 Jun 2019 06:24:46 +0000 (14:24 +0800)]
fallocate swapfile instead of dd
Joffrey JAFFEUX [Thu, 9 Aug 2018 21:09:16 +0000 (23:09 +0200)]
spacing
Jay Pfaffman [Wed, 1 Aug 2018 08:40:36 +0000 (10:40 +0200)]
FEATURE: discourse-doctor restart existing container if possible
Rafael dos Santos Silva [Fri, 16 Aug 2019 19:11:28 +0000 (16:11 -0300)]
Update SSL config using Mozilla SSL Intermediate config
Rafael dos Santos Silva [Thu, 22 Aug 2019 20:05:41 +0000 (17:05 -0300)]
Update dependencies