discourse_docker.git
4 years agoDEV: overlay2 is the recommended storage engine not aufs
Sam Saffron [Tue, 28 Jul 2020 02:58:09 +0000 (12:58 +1000)]
DEV: overlay2 is the recommended storage engine not aufs

overlay2 is supported in all latest kernels and the default storage engine
for new installs of docker.

Recommend it.

4 years agoUpdate dependencies: nginx, redis, imagemagick (#475)
Penar Musaraj [Fri, 24 Jul 2020 13:09:15 +0000 (09:09 -0400)]
Update dependencies: nginx, redis, imagemagick (#475)

- Redis from 5.0.5 to 5.0.9
- Nginx from 1.17.9 to 1.18.0
- ImageMagick from 7.0.10-6 to 7.0.10-24

4 years agoInstall less by default.
Guo Xiang Tan [Mon, 20 Jul 2020 06:24:51 +0000 (14:24 +0800)]
Install less by default.

Useful for scanning through log files. Production Rails REPL uses Pry
which depends on less for paging. The default pager is not as user
friendly.

4 years agoFIX: remove db_max_wal_senders and db_wal_level entirely
Michael Brown [Wed, 15 Jul 2020 17:29:26 +0000 (13:29 -0400)]
FIX: remove db_max_wal_senders and db_wal_level entirely

* I had previously removed the db_wal_level and db_max_wal_senders but
  foolishly assumed there was some sort of default or they would only get
  replaced if defined

4 years agoFIX: re-exec code was broken
Michael Brown [Wed, 15 Jul 2020 16:50:35 +0000 (12:50 -0400)]
FIX: re-exec code was broken

* BASH_ARGV is only used in extended debugging mode

4 years agoBuild libheif from source for Ubuntu (#474)
Penar Musaraj [Tue, 14 Jul 2020 19:39:45 +0000 (15:39 -0400)]
Build libheif from source for Ubuntu (#474)

4 years agoUpdate postgres templates (#472)
Michael Brown [Wed, 15 Jul 2020 15:56:46 +0000 (11:56 -0400)]
Update postgres templates (#472)

* postgres: Allow replication and basebackups to happen

* the overrides for db_wal_level and db_max_wal_senders disallow
  replication and basebackups to be taken
* there is no need for us to disable these features, allow the defaults to stay

* postgres: remove out-of-support templates

* taken from https://www.postgresql.org/support/versioning/ :
  * postgres 9.2 and 9.3 are no longer supported
  * 9.5 will be supported until February 11, 2021:

4 years agoAdd HEIF conversion support to ImageMagick (#473)
Penar Musaraj [Fri, 10 Jul 2020 13:20:52 +0000 (09:20 -0400)]
Add HEIF conversion support to ImageMagick (#473)

4 years agoimprove permissions in tmp directory
Sam Saffron [Tue, 7 Jul 2020 00:04:34 +0000 (10:04 +1000)]
improve permissions in tmp directory

previously could be owned by the root group

4 years agoRevert "Revert rake call to pull_compatible_all"
Jeff Wong [Mon, 6 Jul 2020 23:28:56 +0000 (16:28 -0700)]
Revert "Revert rake call to pull_compatible_all"

This reverts commit 0edf993a55953c9d5ee8856c87825659401c92c3.

4 years agoRevert rake call to pull_compatible_all
Jeff Wong [Mon, 6 Jul 2020 23:23:17 +0000 (16:23 -0700)]
Revert rake call to pull_compatible_all

4 years agoFIX: run pull_compatible_all as discourse
Jeff Wong [Mon, 6 Jul 2020 23:14:01 +0000 (16:14 -0700)]
FIX: run pull_compatible_all as discourse

4 years agoFEATURE: add support for plugin-pinning (#470)
Jeff Wong [Mon, 6 Jul 2020 21:48:22 +0000 (11:48 -1000)]
FEATURE: add support for plugin-pinning (#470)

* FEATURE: add support for plugin-pinning

checks out pinned plugin versions, if defined, by way of the rake task

* refactor rake task name

4 years agoFIX: Typo in retried image pull
Kane York [Fri, 5 Jun 2020 16:01:40 +0000 (09:01 -0700)]
FIX: Typo in retried image pull

4 years agoHandle dangling pg data folders from previous updates
Rafael dos Santos Silva [Wed, 27 May 2020 19:28:43 +0000 (16:28 -0300)]
Handle dangling pg data folders from previous updates

4 years agoSimpler instruction in case of pg_upgrade failure
Rafael dos Santos Silva [Tue, 26 May 2020 20:58:01 +0000 (17:58 -0300)]
Simpler instruction in case of pg_upgrade failure

There are many cases (database had bad shutdown, missing locale env)
where the manual export isn't needed, so point the admin to meta so
some easier solutions can be tried first.

4 years agoFIX: Automatically retry image pull once (#468)
Kane York [Tue, 26 May 2020 01:14:12 +0000 (18:14 -0700)]
FIX: Automatically retry image pull once (#468)

4 years agoBump to optional jemalloc 5.2.1
Sam Saffron [Mon, 25 May 2020 02:36:39 +0000 (12:36 +1000)]
Bump to optional jemalloc 5.2.1

4 years agoSome content on the sshd template so pups don't explodes
Rafael dos Santos Silva [Thu, 14 May 2020 16:10:45 +0000 (13:10 -0300)]
Some content on the sshd template so pups don't explodes

4 years agowait a bit more if necessary for container stop
Rafael dos Santos Silva [Wed, 13 May 2020 18:41:47 +0000 (15:41 -0300)]
wait a bit more if necessary for container stop

4 years agoRemove Vagrant references as they are no longer used
Rafael dos Santos Silva [Wed, 13 May 2020 17:53:55 +0000 (14:53 -0300)]
Remove Vagrant references as they are no longer used

4 years agoRemove all pg12 traces so pg_wrapper doesn't get confused
Rafael dos Santos Silva [Wed, 13 May 2020 00:18:55 +0000 (21:18 -0300)]
Remove all pg12 traces so pg_wrapper doesn't get confused

4 years agoTeach pg10 template how to install itself for rollbacks
Rafael dos Santos Silva [Tue, 12 May 2020 22:44:11 +0000 (19:44 -0300)]
Teach pg10 template how to install itself for rollbacks

4 years agoFix free disk space calculation take 2
Rafael dos Santos Silva [Tue, 12 May 2020 22:16:00 +0000 (19:16 -0300)]
Fix free disk space calculation take 2

4 years agoFix disk detection units
Rafael dos Santos Silva [Tue, 12 May 2020 21:33:43 +0000 (18:33 -0300)]
Fix disk detection units

df was reporting bytes while du was reporting Kilobytes.

4 years agoFix dev image for new pg
Rafael dos Santos Silva [Tue, 12 May 2020 17:46:55 +0000 (14:46 -0300)]
Fix dev image for new pg

4 years agoNew base image with PostgreSQL 12
Rafael dos Santos Silva [Tue, 12 May 2020 17:41:22 +0000 (14:41 -0300)]
New base image with PostgreSQL 12

4 years agoPostgreSQL 12 (#462)
Rafael dos Santos Silva [Tue, 12 May 2020 15:25:53 +0000 (12:25 -0300)]
PostgreSQL 12 (#462)

4 years agoUI: discourse-setup tweak dns problem message (#460)
Jay Pfaffman [Mon, 11 May 2020 22:10:24 +0000 (15:10 -0700)]
UI: discourse-setup tweak dns problem message (#460)

Make the "your domain doesn't resolve" message more clear.

4 years agoBump Ruby to 2.6.6
Rafael dos Santos Silva [Fri, 8 May 2020 19:06:22 +0000 (16:06 -0300)]
Bump Ruby to 2.6.6

4 years agoFIX: Add a blank sshd.template.yml (#463)
Kane York [Wed, 6 May 2020 18:27:35 +0000 (11:27 -0700)]
FIX: Add a blank sshd.template.yml (#463)

4 years agoDEV: remove unused sshd template
Sam Saffron [Thu, 30 Apr 2020 22:35:23 +0000 (08:35 +1000)]
DEV: remove unused sshd template

No need to carry this template anymore we do not use it.

4 years agoFIX: sshd template
Michael Brown [Thu, 30 Apr 2020 21:33:02 +0000 (17:33 -0400)]
FIX: sshd template

* sshd template users were unable to rebuild
* the replace command was trying to modify a file from the package before it was installed

4 years agoUpdate Discourse base image to 2.0.20200429-2110
Michael Brown [Thu, 30 Apr 2020 03:00:24 +0000 (23:00 -0400)]
Update Discourse base image to 2.0.20200429-2110

4 years agoFIX: remove broken symlinks from removed plugins
Michael Brown [Wed, 29 Apr 2020 20:24:29 +0000 (16:24 -0400)]
FIX: remove broken symlinks from removed plugins

* if plugins have been removed or renamed, we end up with a dangling symlink in this directory
* this causes the build to fail later during a chown

4 years agoRevert "Remove nginx-common package"
Michael Brown [Thu, 9 Apr 2020 18:54:01 +0000 (14:54 -0400)]
Revert "Remove nginx-common package"

This reverts commit 30e0c58d1dd851a00bf7decc6182e3948c10a545.

* turns out we do depend on the default nginx.conf and directories provided by the distribution package
* notably /etc/nginx.conf and /etc/nginx/conf.d

4 years agoRemove nginx-common package
Michael Brown [Thu, 9 Apr 2020 17:52:59 +0000 (13:52 -0400)]
Remove nginx-common package

* I don't think we need it at all

4 years agoAdd hash checks to downloaded source files
Michael Brown [Thu, 9 Apr 2020 17:52:38 +0000 (13:52 -0400)]
Add hash checks to downloaded source files

* we had one in place for redis but nowhere else

4 years agoBump ImageMagick and nginx versions
Michael Brown [Thu, 9 Apr 2020 17:51:21 +0000 (13:51 -0400)]
Bump ImageMagick and nginx versions

4 years agoMove openssh-server from the base image to the sshd template
Michael Brown [Thu, 9 Apr 2020 01:47:50 +0000 (21:47 -0400)]
Move openssh-server from the base image to the sshd template

4 years agoPrevent unused packages from being pulled into the base image
Michael Brown [Thu, 9 Apr 2020 01:47:28 +0000 (21:47 -0400)]
Prevent unused packages from being pulled into the base image

* e.g. X11 libraries, mysql libraries, mailutils, NTLM libraries

4 years agoFEATURE: Give option to publish log file publicly (#459)
Justin DiRose [Wed, 11 Mar 2020 18:55:10 +0000 (13:55 -0500)]
FEATURE: Give option to publish log file publicly (#459)

4 years agoFEATURE: Don't use fully qualified path for bash in host (#458)
Mark Vainomaa [Wed, 11 Mar 2020 06:52:51 +0000 (08:52 +0200)]
FEATURE: Don't use fully qualified path for bash in host (#458)

4 years agoUnfreeze Gemfile in import templates
Gerhard Schlager [Mon, 2 Mar 2020 16:08:19 +0000 (17:08 +0100)]
Unfreeze Gemfile in import templates

Co-authored-by: Jay Pfaffman <pfaffman@gmail.com>
4 years agoDEV: Bump baseimage
Sam Saffron [Thu, 27 Feb 2020 04:53:38 +0000 (15:53 +1100)]
DEV: Bump baseimage

This includes updated dependencies required for the codereview plugin and
additional fixes

4 years agoAdd cmake as a base dependency
Daniel Waterworth [Thu, 20 Feb 2020 17:54:39 +0000 (17:54 +0000)]
Add cmake as a base dependency

4 years agoEarly hostname check (#456)
Rafael dos Santos Silva [Wed, 19 Feb 2020 19:27:34 +0000 (16:27 -0300)]
Early hostname check (#456)

* Move hostname check to earlier in the process

* Provide instruction on hostname check failure

* Fix instruction in case of hostname failure

4 years agoUpdate README.md (#455)
Ranjan Purbey [Mon, 20 Jan 2020 20:58:20 +0000 (02:28 +0530)]
Update README.md (#455)

Fix indentation at L56

4 years agoBump base image
Rafael dos Santos Silva [Mon, 23 Dec 2019 16:36:38 +0000 (13:36 -0300)]
Bump base image

5 years agoFEATURE: Default to HTTPS
Rafael dos Santos Silva [Mon, 2 Dec 2019 18:16:45 +0000 (15:16 -0300)]
FEATURE: Default to HTTPS

5 years agoupdate mail-receiver version
Blake Erickson [Fri, 15 Nov 2019 14:25:07 +0000 (07:25 -0700)]
update mail-receiver version

5 years agoTry to force certificate issuance on second try
Gerhard Schlager [Thu, 31 Oct 2019 20:32:49 +0000 (21:32 +0100)]
Try to force certificate issuance on second try

5 years agoChange check for linux memory (#452)
Todd Sharp [Mon, 28 Oct 2019 01:58:56 +0000 (21:58 -0400)]
Change check for linux memory (#452)

* Change check for linux memory

Some VMs clock in at *just under* 1GB, so checking for 1GB of RAM will miss these.  Instead, check for MB, divide by 1000 and round up.

* Refine the check_linux_memory function

Be a little more precise and only make an exception for VMs with >= 990MB RAM

5 years agoMake port check optional, add y/n prompt (#448)
Ruben Homs [Thu, 24 Oct 2019 00:40:36 +0000 (02:40 +0200)]
Make port check optional, add y/n prompt (#448)

5 years agoBump base image to update uglifyJS to v3
romanrizzi [Wed, 16 Oct 2019 18:28:57 +0000 (15:28 -0300)]
Bump base image to update uglifyJS to v3

5 years agoDEV: Bump uglifyjs
Roman Rizzi [Thu, 10 Oct 2019 05:17:46 +0000 (02:17 -0300)]
DEV: Bump uglifyjs

We now support uglifyjs version 3 in Discourse core, no need to hold back the upgrade.

5 years agoSECURITY: base image updates
Sam Saffron [Thu, 3 Oct 2019 23:59:17 +0000 (09:59 +1000)]
SECURITY: base image updates

- Ruby upgraded from 2.6.4 -> 2.6.5 to address CVEs
- Image Magick from 7.0.8-61 -> 66
- NGINX 1.17.3 -> 4 (bug fixes only)

5 years agoCheck that redis archive matches hash (#450)
Daniel Waterworth [Wed, 2 Oct 2019 00:29:19 +0000 (00:29 +0000)]
Check that redis archive matches hash (#450)

Redis is downloaded without TLS

5 years agoUpdate MySQL privileges when starting phpBB3 import
Gerhard Schlager [Tue, 1 Oct 2019 14:59:22 +0000 (10:59 -0400)]
Update MySQL privileges when starting phpBB3 import

MySQL isn't running in the init script yet, so updating the privileges doesn't work. Duh!

Follow-up to 3df237a6

5 years agoMake phpBB3 import template work with latest image (#449)
Gerhard Schlager [Tue, 1 Oct 2019 00:20:01 +0000 (20:20 -0400)]
Make phpBB3 import template work with latest image (#449)

5 years agoFIX: Pass through stdout when running interactively
Saj Goonatilleke [Fri, 20 Sep 2019 07:43:02 +0000 (17:43 +1000)]
FIX: Pass through stdout when running interactively

Follow up to commit 70aaf45.

5 years agoFIX: Never prune Docker volumes
Saj Goonatilleke [Wed, 18 Sep 2019 17:58:47 +0000 (03:58 +1000)]
FIX: Never prune Docker volumes

`system prune` on older Docker releases will remove volumes.  The
accidental removal of container volumes may result in user data loss.

This patch should ensure that any users on Docker CE <17.06.1 benefit
from the same, safer behaviour enjoyed by users on contemporary Docker
releases.

5 years agoFIX: Install mariadb lib instead of mysql
Jay Pfaffman [Wed, 11 Sep 2019 22:16:50 +0000 (15:16 -0700)]
FIX: Install mariadb lib instead of mysql

5 years agoCorrectly install ECDSA certificate
Gerhard Schlager [Tue, 10 Sep 2019 00:44:52 +0000 (02:44 +0200)]
Correctly install ECDSA certificate

Follow-up to f6ec21851dcf417c13333179a0f933d1dcc3faa1

5 years agoFEATURE: Elliptic Curve certificate (#444)
Gerhard Schlager [Mon, 9 Sep 2019 23:02:45 +0000 (01:02 +0200)]
FEATURE: Elliptic Curve certificate (#444)

[Mozilla](https://wiki.mozilla.org/Security/Server_Side_TLS) recommends (P-256) as certificate type for intermediate compatibility.

> ECDSA certificates are recommended over RSA certificates, as they allow the use of ECDHE with Windows 7 clients using Internet Explorer 11

Most modern browsers will use cipher suites with the ECDSA certificate. Older browsers will select the RSA certificate and a RSA cipher suite.

5 years agoBump base image
Rafael dos Santos Silva [Fri, 6 Sep 2019 17:56:14 +0000 (14:56 -0300)]
Bump base image

5 years agoFIX: Backup Restore was broken because rsync was missing
Rafael dos Santos Silva [Fri, 6 Sep 2019 04:27:17 +0000 (01:27 -0300)]
FIX: Backup Restore was broken because rsync was missing

5 years agoMake sshd compatible with Debian image
Rafael dos Santos Silva [Tue, 3 Sep 2019 19:37:14 +0000 (16:37 -0300)]
Make sshd compatible with Debian image

5 years agoBump base image
Rafael dos Santos Silva [Mon, 2 Sep 2019 18:15:01 +0000 (15:15 -0300)]
Bump base image

5 years agoUpdate ruby to 2.6.4
Rafael dos Santos Silva [Fri, 30 Aug 2019 03:59:50 +0000 (00:59 -0300)]
Update ruby to 2.6.4

5 years agoFEATURE: launcher suggests discourse-doctor on fail
Jay Pfaffman [Wed, 1 Aug 2018 08:56:20 +0000 (10:56 +0200)]
FEATURE: launcher suggests discourse-doctor on fail

5 years agoAdd commented sections to enable incoming TLS
Jay Pfaffman [Fri, 12 Apr 2019 16:04:24 +0000 (09:04 -0700)]
Add commented sections to enable incoming TLS

Use Let's Encrypt certs from app to enable incoming TLS for mail-receiver.

5 years agofallocate swapfile instead of dd
Andrew Schleifer [Wed, 26 Jun 2019 06:24:46 +0000 (14:24 +0800)]
fallocate swapfile instead of dd

5 years agospacing
Joffrey JAFFEUX [Thu, 9 Aug 2018 21:09:16 +0000 (23:09 +0200)]
spacing

5 years agoFEATURE: discourse-doctor restart existing container if possible
Jay Pfaffman [Wed, 1 Aug 2018 08:40:36 +0000 (10:40 +0200)]
FEATURE: discourse-doctor restart existing container if possible

5 years agoUpdate SSL config using Mozilla SSL Intermediate config
Rafael dos Santos Silva [Fri, 16 Aug 2019 19:11:28 +0000 (16:11 -0300)]
Update SSL config using Mozilla SSL Intermediate config

5 years agoUpdate dependencies
Rafael dos Santos Silva [Thu, 22 Aug 2019 20:05:41 +0000 (17:05 -0300)]
Update dependencies

5 years agoRemove nginx modules from the package manager
Rafael dos Santos Silva [Mon, 19 Aug 2019 21:34:04 +0000 (18:34 -0300)]
Remove nginx modules from the package manager

5 years agoOn Debian rsyslog is running under root
Rafael dos Santos Silva [Mon, 19 Aug 2019 18:17:28 +0000 (15:17 -0300)]
On Debian rsyslog is running under root

5 years agoRevert "Revert "First pass in moving to debian""
Rafael dos Santos Silva [Mon, 19 Aug 2019 18:17:01 +0000 (15:17 -0300)]
Revert "Revert "First pass in moving to debian""

This reverts commit 29204e415846c121554d41c34f241f2291e7a587.

5 years agoRevert "First pass in moving to debian"
Rafael dos Santos Silva [Fri, 16 Aug 2019 21:03:14 +0000 (18:03 -0300)]
Revert "First pass in moving to debian"

This reverts commit 223b69e775c61a7fb05386262281f7fa2f0e9520.

5 years agoFirst pass in moving to debian
Rafael dos Santos Silva [Tue, 2 Jul 2019 04:40:26 +0000 (01:40 -0300)]
First pass in moving to debian

5 years agoUpdate nginx for HTTP2 related CVEs
Rafael dos Santos Silva [Tue, 13 Aug 2019 21:06:56 +0000 (18:06 -0300)]
Update nginx for HTTP2 related CVEs

5 years agoMake merge_user_args idempotent (#438)
Saj Goonatilleke [Tue, 6 Aug 2019 23:07:36 +0000 (09:07 +1000)]
Make merge_user_args idempotent (#438)

The `merge_user_args` function may be called more than once within a
single `launcher` process.  e.g.: on `launcher rebuild ...`:

```
[main] -> rebuild -> run_bootstrap -> set_template_info -> merge_user_args
[main] -> rebuild -> run_start     -> set_template_info -> merge_user_args
```

If the user had included a `docker_args` map key in their container
YAML, the `user_args` global would be incorrectly populated with
duplicate docker CLI flags.

https://meta.discourse.org/t/-/123696

Fixes a regression introduced in https://meta.discourse.org/t/-/49401/9

5 years agoremove unrelated comment
Andrew Schleifer [Thu, 1 Aug 2019 04:05:00 +0000 (12:05 +0800)]
remove unrelated comment

SSH was long ago moved into a different template

5 years agoBump base image
Gerhard Schlager [Thu, 27 Jun 2019 08:45:16 +0000 (10:45 +0200)]
Bump base image

5 years agoUpdate ImageMagick
Gerhard Schlager [Tue, 25 Jun 2019 08:53:51 +0000 (10:53 +0200)]
Update ImageMagick

5 years agoFIX: Make storage detection compatible with docker 19.x
Rafael dos Santos Silva [Wed, 19 Jun 2019 18:38:47 +0000 (15:38 -0300)]
FIX: Make storage detection compatible with docker 19.x

5 years agoDEV: bump dependencies
Sam Saffron [Tue, 18 Jun 2019 06:14:38 +0000 (16:14 +1000)]
DEV: bump dependencies

- new ImageMagick
- new NGINX moved to stable from mailine
- new Redis
- new PNG Quant
- updated libjemalloc

5 years agoRepo key should be downloaded securely (#432)
Matic Mežnar [Sun, 16 Jun 2019 23:47:03 +0000 (01:47 +0200)]
Repo key should be downloaded securely (#432)

5 years agoInclude official plugins and install their gems in discourse_test (#431)
Penar Musaraj [Fri, 14 Jun 2019 12:40:57 +0000 (08:40 -0400)]
Include official plugins and install their gems in discourse_test (#431)

5 years agoFIX: we cannot prompt for user input if we have no tty
Michael Brown [Mon, 10 Jun 2019 17:24:22 +0000 (13:24 -0400)]
FIX: we cannot prompt for user input if we have no tty

5 years agoUpdate to `discourse/base:2.0.20190505-2322`.
Guo Xiang Tan [Tue, 21 May 2019 05:38:28 +0000 (13:38 +0800)]
Update to `discourse/base:2.0.20190505-2322`.

Old base images carry test gems in the production env.

5 years agoCOPY: remove unsupported storage drivers from warning message
Régis Hanol [Wed, 15 May 2019 20:06:24 +0000 (22:06 +0200)]
COPY: remove unsupported storage drivers from warning message

5 years agoFIX: Correctly match when protocol-less CDN is used
Penar Musaraj [Tue, 14 May 2019 19:37:47 +0000 (15:37 -0400)]
FIX: Correctly match when protocol-less CDN is used

5 years agoremove btrfs and overlay from "safe" storage drivers
Jeff Atwood [Fri, 10 May 2019 21:08:46 +0000 (14:08 -0700)]
remove btrfs and overlay from "safe" storage drivers

5 years agoUpdate bash path (#430)
Stephen [Tue, 7 May 2019 11:45:22 +0000 (04:45 -0700)]
Update bash path (#430)

Call the default bash for the environment.

5 years agoUpdate base image
Gerhard Schlager [Mon, 6 May 2019 12:55:25 +0000 (14:55 +0200)]
Update base image

It updates Ruby, nginx, ImageMagick, libpng, gifsicle and Node.js

5 years agoSet the right RAILS_ENV for other base images.
Guo Xiang Tan [Fri, 3 May 2019 04:52:31 +0000 (12:52 +0800)]
Set the right RAILS_ENV for other base images.

Follow up to c2c7a3d8f3aad26b0b1aea30eb5bf475d910ebc2.

5 years agoSet RAILS_ENV for base image.
Guo Xiang Tan [Fri, 3 May 2019 01:44:09 +0000 (09:44 +0800)]
Set RAILS_ENV for base image.

We can't boot the Rails app if it tries to require development
dependencies.