##// END OF EJS Templates
docs: added expire static files nginx directive for better caching
marcink -
r4061:84a1ac96 default
parent child Browse files
Show More
@@ -1,192 +1,193 b''
1 Nginx Configuration Example
1 Nginx Configuration Example
2 ---------------------------
2 ---------------------------
3
3
4 Use the following example to configure Nginx as a your web server.
4 Use the following example to configure Nginx as a your web server.
5
5
6
6
7 .. code-block:: nginx
7 .. code-block:: nginx
8
8
9 ## Rate limiter for certain pages to prevent brute force attacks
9 ## Rate limiter for certain pages to prevent brute force attacks
10 limit_req_zone $binary_remote_addr zone=req_limit:10m rate=1r/s;
10 limit_req_zone $binary_remote_addr zone=req_limit:10m rate=1r/s;
11
11
12 ## cache zone
12 ## cache zone
13 proxy_cache_path /etc/nginx/nginx_cache levels=1:2 use_temp_path=off keys_zone=cache_zone:10m inactive=720h max_size=10g;
13 proxy_cache_path /etc/nginx/nginx_cache levels=1:2 use_temp_path=off keys_zone=cache_zone:10m inactive=720h max_size=10g;
14
14
15 ## Custom log format
15 ## Custom log format
16 log_format log_custom '$remote_addr - $remote_user [$time_local] '
16 log_format log_custom '$remote_addr - $remote_user [$time_local] '
17 '"$request" $status $body_bytes_sent '
17 '"$request" $status $body_bytes_sent '
18 '"$http_referer" "$http_user_agent" '
18 '"$http_referer" "$http_user_agent" '
19 '$request_time $upstream_response_time $pipe';
19 '$request_time $upstream_response_time $pipe';
20
20
21 ## Define one or more upstreams (local RhodeCode instance) to connect to
21 ## Define one or more upstreams (local RhodeCode instance) to connect to
22 upstream rc {
22 upstream rc {
23 # Url to running RhodeCode instance.
23 # Url to running RhodeCode instance.
24 # This is shown as `- URL: <host>` in output from rccontrol status.
24 # This is shown as `- URL: <host>` in output from rccontrol status.
25 server 127.0.0.1:10002;
25 server 127.0.0.1:10002;
26
26
27 # add more instances for load balancing
27 # add more instances for load balancing
28 # server 127.0.0.1:10003;
28 # server 127.0.0.1:10003;
29 # server 127.0.0.1:10004;
29 # server 127.0.0.1:10004;
30 }
30 }
31
31
32 ## HTTP to HTTPS rewrite
32 ## HTTP to HTTPS rewrite
33 server {
33 server {
34 listen 80;
34 listen 80;
35 server_name rhodecode.myserver.com;
35 server_name rhodecode.myserver.com;
36
36
37 if ($http_host = rhodecode.myserver.com) {
37 if ($http_host = rhodecode.myserver.com) {
38 rewrite (.*) https://rhodecode.myserver.com$1 permanent;
38 rewrite (.*) https://rhodecode.myserver.com$1 permanent;
39 }
39 }
40 }
40 }
41
41
42 ## Optional gist alias server, for serving nicer GIST urls.
42 ## Optional gist alias server, for serving nicer GIST urls.
43 server {
43 server {
44 listen 443;
44 listen 443;
45 server_name gist.myserver.com;
45 server_name gist.myserver.com;
46 access_log /var/log/nginx/gist.access.log log_custom;
46 access_log /var/log/nginx/gist.access.log log_custom;
47 error_log /var/log/nginx/gist.error.log;
47 error_log /var/log/nginx/gist.error.log;
48
48
49 ssl on;
49 ssl on;
50 ssl_certificate gist.rhodecode.myserver.com.crt;
50 ssl_certificate gist.rhodecode.myserver.com.crt;
51 ssl_certificate_key gist.rhodecode.myserver.com.key;
51 ssl_certificate_key gist.rhodecode.myserver.com.key;
52
52
53 ssl_session_timeout 5m;
53 ssl_session_timeout 5m;
54
54
55 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
55 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
56 ssl_prefer_server_ciphers on;
56 ssl_prefer_server_ciphers on;
57 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
57 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
58
58
59 ## Strict http prevents from https -> http downgrade
59 ## Strict http prevents from https -> http downgrade
60 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
60 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
61
61
62 ## Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
62 ## Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
63 #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
63 #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
64
64
65 rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;
65 rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;
66 rewrite (.*) https://rhodecode.myserver.com/_admin/gists;
66 rewrite (.*) https://rhodecode.myserver.com/_admin/gists;
67 }
67 }
68
68
69
69
70 ## MAIN SSL enabled server
70 ## MAIN SSL enabled server
71 server {
71 server {
72 listen 443 ssl http2;
72 listen 443 ssl http2;
73 server_name rhodecode.myserver.com;
73 server_name rhodecode.myserver.com;
74
74
75 access_log /var/log/nginx/rhodecode.access.log log_custom;
75 access_log /var/log/nginx/rhodecode.access.log log_custom;
76 error_log /var/log/nginx/rhodecode.error.log;
76 error_log /var/log/nginx/rhodecode.error.log;
77
77
78 ssl_certificate rhodecode.myserver.com.crt;
78 ssl_certificate rhodecode.myserver.com.crt;
79 ssl_certificate_key rhodecode.myserver.com.key;
79 ssl_certificate_key rhodecode.myserver.com.key;
80
80
81 # enable session resumption to improve https performance
81 # enable session resumption to improve https performance
82 # http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
82 # http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html
83 ssl_session_cache shared:SSL:50m;
83 ssl_session_cache shared:SSL:50m;
84 ssl_session_timeout 5m;
84 ssl_session_timeout 5m;
85
85
86 ## Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
86 ## Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
87 #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
87 #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
88
88
89 # enables server-side protection from BEAST attacks
89 # enables server-side protection from BEAST attacks
90 # http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
90 # http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
91 ssl_prefer_server_ciphers on;
91 ssl_prefer_server_ciphers on;
92
92
93 # disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0
93 # disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0
94 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
94 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
95
95
96 # ciphers chosen for forward secrecy and compatibility
96 # ciphers chosen for forward secrecy and compatibility
97 # http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
97 # http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
98 ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
98 ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
99
99
100 client_body_buffer_size 128k;
100 client_body_buffer_size 128k;
101 # maximum number and size of buffers for large headers to read from client request
101 # maximum number and size of buffers for large headers to read from client request
102 large_client_header_buffers 16 256k;
102 large_client_header_buffers 16 256k;
103
103
104 ## uncomment to serve static files by Nginx, recommended for performance
104 ## uncomment to serve static files by Nginx, recommended for performance
105 # location /_static/rhodecode {
105 # location /_static/rhodecode {
106 # gzip on;
106 # gzip on;
107 # gzip_min_length 500;
107 # gzip_min_length 500;
108 # gzip_proxied any;
108 # gzip_proxied any;
109 # gzip_comp_level 4;
109 # gzip_comp_level 4;
110 # gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
110 # gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
111 # gzip_vary on;
111 # gzip_vary on;
112 # gzip_disable "msie6";
112 # gzip_disable "msie6";
113 # expires 60d;
113 # alias /path/to/.rccontrol/community-1/static;
114 # alias /path/to/.rccontrol/community-1/static;
114 # alias /path/to/.rccontrol/enterprise-1/static;
115 # alias /path/to/.rccontrol/enterprise-1/static;
115 # }
116 # }
116
117
117 ## channelstream location handler, if channelstream live chat and notifications
118 ## channelstream location handler, if channelstream live chat and notifications
118 ## are enable this will proxy the requests to channelstream websocket server
119 ## are enable this will proxy the requests to channelstream websocket server
119 location /_channelstream {
120 location /_channelstream {
120 rewrite /_channelstream/(.*) /$1 break;
121 rewrite /_channelstream/(.*) /$1 break;
121 gzip off;
122 gzip off;
122 tcp_nodelay off;
123 tcp_nodelay off;
123
124
124 proxy_connect_timeout 10;
125 proxy_connect_timeout 10;
125 proxy_send_timeout 10m;
126 proxy_send_timeout 10m;
126 proxy_read_timeout 10m;
127 proxy_read_timeout 10m;
127
128
128 proxy_set_header Host $host;
129 proxy_set_header Host $host;
129 proxy_set_header X-Real-IP $remote_addr;
130 proxy_set_header X-Real-IP $remote_addr;
130 proxy_set_header X-Url-Scheme $scheme;
131 proxy_set_header X-Url-Scheme $scheme;
131 proxy_set_header X-Forwarded-Proto $scheme;
132 proxy_set_header X-Forwarded-Proto $scheme;
132 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
133 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
133
134
134 proxy_http_version 1.1;
135 proxy_http_version 1.1;
135 proxy_set_header Upgrade $http_upgrade;
136 proxy_set_header Upgrade $http_upgrade;
136 proxy_set_header Connection "upgrade";
137 proxy_set_header Connection "upgrade";
137
138
138 proxy_pass http://127.0.0.1:9800;
139 proxy_pass http://127.0.0.1:9800;
139 }
140 }
140
141
141 ## rate limit this endpoint to prevent login page brute-force attacks
142 ## rate limit this endpoint to prevent login page brute-force attacks
142 location /_admin/login {
143 location /_admin/login {
143 limit_req zone=req_limit burst=10 nodelay;
144 limit_req zone=req_limit burst=10 nodelay;
144 try_files $uri @rhodecode_http;
145 try_files $uri @rhodecode_http;
145 }
146 }
146
147
147 ## Special Cache for file store, make sure you enable this intentionally as
148 ## Special Cache for file store, make sure you enable this intentionally as
148 ## it could bypass upload files permissions
149 ## it could bypass upload files permissions
149 # location /_file_store/download {
150 # location /_file_store/download {
150 #
151 #
151 # proxy_cache cache_zone;
152 # proxy_cache cache_zone;
152 # # ignore Set-Cookie
153 # # ignore Set-Cookie
153 # proxy_ignore_headers Set-Cookie;
154 # proxy_ignore_headers Set-Cookie;
154 # proxy_ignore_headers Cookie;
155 # proxy_ignore_headers Cookie;
155 #
156 #
156 # proxy_cache_key $host$uri$is_args$args;
157 # proxy_cache_key $host$uri$is_args$args;
157 # proxy_cache_methods GET;
158 # proxy_cache_methods GET;
158 #
159 #
159 # proxy_cache_bypass $http_cache_control;
160 # proxy_cache_bypass $http_cache_control;
160 # proxy_cache_valid 200 302 720h;
161 # proxy_cache_valid 200 302 720h;
161 #
162 #
162 # proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
163 # proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
163 #
164 #
164 # # returns cache status in headers
165 # # returns cache status in headers
165 # add_header X-Proxy-Cache $upstream_cache_status;
166 # add_header X-Proxy-Cache $upstream_cache_status;
166 # add_header Cache-Control "public";
167 # add_header Cache-Control "public";
167 #
168 #
168 # proxy_cache_lock on;
169 # proxy_cache_lock on;
169 # proxy_cache_lock_age 5m;
170 # proxy_cache_lock_age 5m;
170 #
171 #
171 # proxy_pass http://rc;
172 # proxy_pass http://rc;
172 #
173 #
173 # }
174 # }
174
175
175 location / {
176 location / {
176 try_files $uri @rhodecode_http;
177 try_files $uri @rhodecode_http;
177 }
178 }
178
179
179 location @rhodecode_http {
180 location @rhodecode_http {
180 # example of proxy.conf can be found in our docs.
181 # example of proxy.conf can be found in our docs.
181 include /etc/nginx/proxy.conf;
182 include /etc/nginx/proxy.conf;
182 proxy_pass http://rc;
183 proxy_pass http://rc;
183 }
184 }
184
185
185 ## Custom 502 error page.
186 ## Custom 502 error page.
186 ## Will be displayed while RhodeCode server is turned off
187 ## Will be displayed while RhodeCode server is turned off
187 error_page 502 /502.html;
188 error_page 502 /502.html;
188 location = /502.html {
189 location = /502.html {
189 #root /path/to/.rccontrol/community-1/static;
190 #root /path/to/.rccontrol/community-1/static;
190 root /path/to/.rccontrol/enterprise-1/static;
191 root /path/to/.rccontrol/enterprise-1/static;
191 }
192 }
192 } No newline at end of file
193 }
@@ -1,395 +1,396 b''
1 .. _scale-horizontal-cluster:
1 .. _scale-horizontal-cluster:
2
2
3
3
4 Scale Horizontally / RhodeCode Cluster
4 Scale Horizontally / RhodeCode Cluster
5 --------------------------------------
5 --------------------------------------
6
6
7 |RCE| is built in a way it support horizontal scaling across multiple machines.
7 |RCE| is built in a way it support horizontal scaling across multiple machines.
8 There are three main pre-requisites for that:
8 There are three main pre-requisites for that:
9
9
10 - Shared storage that each machine can access. Using NFS or other shared storage system.
10 - Shared storage that each machine can access. Using NFS or other shared storage system.
11 - Shared DB connection across machines. Using `MySQL`/`PostgreSQL` that each node can access.
11 - Shared DB connection across machines. Using `MySQL`/`PostgreSQL` that each node can access.
12 - |RCE| user sessions and caches need to use a shared storage (e.g `Redis`_/`Memcached`)
12 - |RCE| user sessions and caches need to use a shared storage (e.g `Redis`_/`Memcached`)
13
13
14
14
15 Horizontal scaling means adding more machines or workers into your pool of
15 Horizontal scaling means adding more machines or workers into your pool of
16 resources. Horizontally scaling |RCE| gives a huge performance increase,
16 resources. Horizontally scaling |RCE| gives a huge performance increase,
17 especially under large traffic scenarios with a high number of requests.
17 especially under large traffic scenarios with a high number of requests.
18 This is very beneficial when |RCE| is serving many users simultaneously,
18 This is very beneficial when |RCE| is serving many users simultaneously,
19 or if continuous integration servers are automatically pulling and pushing code.
19 or if continuous integration servers are automatically pulling and pushing code.
20 It also adds High-Availability to your running system.
20 It also adds High-Availability to your running system.
21
21
22
22
23 Cluster Overview
23 Cluster Overview
24 ^^^^^^^^^^^^^^^^
24 ^^^^^^^^^^^^^^^^
25
25
26 Below we'll present a configuration example that will use two separate nodes to serve
26 Below we'll present a configuration example that will use two separate nodes to serve
27 |RCE| in a load-balanced environment. The 3rd node will act as a shared storage/cache
27 |RCE| in a load-balanced environment. The 3rd node will act as a shared storage/cache
28 and handle load-balancing. In addition 3rd node will be used as shared database instance.
28 and handle load-balancing. In addition 3rd node will be used as shared database instance.
29
29
30 This setup can be used both in Docker based configuration or with individual
30 This setup can be used both in Docker based configuration or with individual
31 physical/virtual machines. Using the 3rd node for Storage/Redis/PostgreSQL/Nginx is
31 physical/virtual machines. Using the 3rd node for Storage/Redis/PostgreSQL/Nginx is
32 optional. All those components can be installed on one of the two nodes used for |RCE|.
32 optional. All those components can be installed on one of the two nodes used for |RCE|.
33 We'll use following naming for our nodes:
33 We'll use following naming for our nodes:
34
34
35 - `rc-node-1` (NFS, DB, Cache node)
35 - `rc-node-1` (NFS, DB, Cache node)
36 - `rc-node-2` (Worker node1)
36 - `rc-node-2` (Worker node1)
37 - `rc-node-3` (Worker node2)
37 - `rc-node-3` (Worker node2)
38
38
39 Our shares NFS storage in the example is located on `/home/rcdev/storage` and
39 Our shares NFS storage in the example is located on `/home/rcdev/storage` and
40 it's RW accessible on **each** node.
40 it's RW accessible on **each** node.
41
41
42 In this example we used certain recommended components, however many
42 In this example we used certain recommended components, however many
43 of those can be replaced by other, in case your organization already uses them, for example:
43 of those can be replaced by other, in case your organization already uses them, for example:
44
44
45 - `MySQL`/`PostgreSQL`: Aren't replaceable and are the two only supported databases.
45 - `MySQL`/`PostgreSQL`: Aren't replaceable and are the two only supported databases.
46 - `Nginx`_ on `rc-node-1` can be replaced by: `Hardware Load Balancer (F5)`, `Apache`_, `HA-Proxy` etc.
46 - `Nginx`_ on `rc-node-1` can be replaced by: `Hardware Load Balancer (F5)`, `Apache`_, `HA-Proxy` etc.
47 - `Nginx`_ on rc-node-2/3 acts as a reverse proxy and can be replaced by other HTTP server
47 - `Nginx`_ on rc-node-2/3 acts as a reverse proxy and can be replaced by other HTTP server
48 acting as reverse proxy such as `Apache`_.
48 acting as reverse proxy such as `Apache`_.
49 - `Redis`_ on `rc-node-1` can be replaced by: `Memcached`
49 - `Redis`_ on `rc-node-1` can be replaced by: `Memcached`
50
50
51
51
52 Here's an overview what components should be installed/setup on each server in our example:
52 Here's an overview what components should be installed/setup on each server in our example:
53
53
54 - **rc-node-1**:
54 - **rc-node-1**:
55
55
56 - main storage acting as NFS host.
56 - main storage acting as NFS host.
57 - `nginx` acting as a load-balancer.
57 - `nginx` acting as a load-balancer.
58 - `postgresql-server` used for database and sessions.
58 - `postgresql-server` used for database and sessions.
59 - `redis-server` used for storing shared caches.
59 - `redis-server` used for storing shared caches.
60 - optionally `rabbitmq-server` or `redis` for `Celery` if used.
60 - optionally `rabbitmq-server` or `redis` for `Celery` if used.
61 - optionally if `Celery` is used Enterprise/Community instance + VCSServer.
61 - optionally if `Celery` is used Enterprise/Community instance + VCSServer.
62 - optionally mailserver that can be shared by other instances.
62 - optionally mailserver that can be shared by other instances.
63 - optionally channelstream server to handle live communication for all instances.
63 - optionally channelstream server to handle live communication for all instances.
64
64
65
65
66 - **rc-node-2/3**:
66 - **rc-node-2/3**:
67
67
68 - `nginx` acting as a reverse proxy to handle requests to |RCE|.
68 - `nginx` acting as a reverse proxy to handle requests to |RCE|.
69 - 1x RhodeCode Enterprise/Community instance.
69 - 1x RhodeCode Enterprise/Community instance.
70 - 1x VCSServer instance.
70 - 1x VCSServer instance.
71 - optionally for testing connection: postgresql-client, redis-client (redis-tools).
71 - optionally for testing connection: postgresql-client, redis-client (redis-tools).
72
72
73
73
74 Before we start here are few assumptions that should be fulfilled:
74 Before we start here are few assumptions that should be fulfilled:
75
75
76 - make sure each node can access each other.
76 - make sure each node can access each other.
77 - make sure `Redis`_/`MySQL`/`PostgreSQL`/`RabbitMQ`_ are running on `rc-node-1`
77 - make sure `Redis`_/`MySQL`/`PostgreSQL`/`RabbitMQ`_ are running on `rc-node-1`
78 - make sure both `rc-node-2`/`3` can access NFS storage with RW access
78 - make sure both `rc-node-2`/`3` can access NFS storage with RW access
79 - make sure rc-node-2/3 can access `Redis`_/`PostgreSQL`, `MySQL` database on `rc-node-1`.
79 - make sure rc-node-2/3 can access `Redis`_/`PostgreSQL`, `MySQL` database on `rc-node-1`.
80 - make sure `Redis`_/Database/`RabbitMQ`_ are password protected and accessible only from rc-node-2/3.
80 - make sure `Redis`_/Database/`RabbitMQ`_ are password protected and accessible only from rc-node-2/3.
81
81
82
82
83
83
84 Setup rc-node-2/3
84 Setup rc-node-2/3
85 ^^^^^^^^^^^^^^^^^
85 ^^^^^^^^^^^^^^^^^
86
86
87 Initially before `rc-node-1` we'll configure both nodes 2 and 3 to operate as standalone
87 Initially before `rc-node-1` we'll configure both nodes 2 and 3 to operate as standalone
88 nodes with their own hostnames. Use a default installation settings, and use
88 nodes with their own hostnames. Use a default installation settings, and use
89 the default local addresses (127.0.0.1) to configure VCSServer and Community/Enterprise instances.
89 the default local addresses (127.0.0.1) to configure VCSServer and Community/Enterprise instances.
90 All external connectivity will be handled by the reverse proxy (`Nginx`_ in our example).
90 All external connectivity will be handled by the reverse proxy (`Nginx`_ in our example).
91
91
92 This way we can ensure each individual host works,
92 This way we can ensure each individual host works,
93 accepts connections, or do some operations explicitly on chosen node.
93 accepts connections, or do some operations explicitly on chosen node.
94
94
95 In addition this would allow use to explicitly direct certain traffic to a node, e.g
95 In addition this would allow use to explicitly direct certain traffic to a node, e.g
96 CI server will only call directly `rc-node-3`. This should be done similar to normal
96 CI server will only call directly `rc-node-3`. This should be done similar to normal
97 installation so check out `Nginx`_/`Apache`_ configuration example to configure each host.
97 installation so check out `Nginx`_/`Apache`_ configuration example to configure each host.
98 Each one should already connect to shared database during installation.
98 Each one should already connect to shared database during installation.
99
99
100
100
101 1) Assuming our final url will be http://rc-node-1, Configure `instances_id`, `app.base_url`
101 1) Assuming our final url will be http://rc-node-1, Configure `instances_id`, `app.base_url`
102
102
103 a) On **rc-node-2** find the following settings and edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
103 a) On **rc-node-2** find the following settings and edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
104
104
105 .. code-block:: ini
105 .. code-block:: ini
106
106
107 ## required format is: *NAME-
107 ## required format is: *NAME-
108 instance_id = *rc-node-2-
108 instance_id = *rc-node-2-
109 app.base_url = http://rc-node-1
109 app.base_url = http://rc-node-1
110
110
111
111
112 b) On **rc-node-3** find the following settings and edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
112 b) On **rc-node-3** find the following settings and edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
113
113
114 .. code-block:: ini
114 .. code-block:: ini
115
115
116 ## required format is: *NAME-
116 ## required format is: *NAME-
117 instance_id = *rc-node-3-
117 instance_id = *rc-node-3-
118 app.base_url = http://rc-node-1
118 app.base_url = http://rc-node-1
119
119
120
120
121
121
122 2) Configure `User Session` to use a shared database. Example config that should be
122 2) Configure `User Session` to use a shared database. Example config that should be
123 changed on both **rc-node-2** and **rc-node-3** .
123 changed on both **rc-node-2** and **rc-node-3** .
124 Edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
124 Edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
125
125
126 .. code-block:: ini
126 .. code-block:: ini
127
127
128 ####################################
128 ####################################
129 ### BEAKER SESSION ####
129 ### BEAKER SESSION ####
130 ####################################
130 ####################################
131
131
132 ## Disable the default `file` sessions
132 ## Disable the default `file` sessions
133 #beaker.session.type = file
133 #beaker.session.type = file
134 #beaker.session.data_dir = %(here)s/data/sessions
134 #beaker.session.data_dir = %(here)s/data/sessions
135
135
136 ## use shared db based session, fast, and allows easy management over logged in users
136 ## use shared db based session, fast, and allows easy management over logged in users
137 beaker.session.type = ext:database
137 beaker.session.type = ext:database
138 beaker.session.table_name = db_session
138 beaker.session.table_name = db_session
139 # use our rc-node-1 here
139 # use our rc-node-1 here
140 beaker.session.sa.url = postgresql://postgres:qweqwe@rc-node-1/rhodecode
140 beaker.session.sa.url = postgresql://postgres:qweqwe@rc-node-1/rhodecode
141 beaker.session.sa.pool_recycle = 3600
141 beaker.session.sa.pool_recycle = 3600
142 beaker.session.sa.echo = false
142 beaker.session.sa.echo = false
143
143
144 In addition make sure both instances use the same `session.secret` so users have
144 In addition make sure both instances use the same `session.secret` so users have
145 persistent sessions across nodes. Please generate other one then in this example.
145 persistent sessions across nodes. Please generate other one then in this example.
146
146
147 .. code-block:: ini
147 .. code-block:: ini
148
148
149 # use a unique generated long string
149 # use a unique generated long string
150 beaker.session.secret = 70e116cae2274656ba7265fd860aebbd
150 beaker.session.secret = 70e116cae2274656ba7265fd860aebbd
151
151
152 3) Configure stored cached/archive cache to our shared NFS `rc-node-1`
152 3) Configure stored cached/archive cache to our shared NFS `rc-node-1`
153
153
154 .. code-block:: ini
154 .. code-block:: ini
155
155
156 # note the `_` prefix that allows using a directory without
156 # note the `_` prefix that allows using a directory without
157 # remap and rescan checking for vcs inside it.
157 # remap and rescan checking for vcs inside it.
158 cache_dir = /home/rcdev/storage/_cache_dir/data
158 cache_dir = /home/rcdev/storage/_cache_dir/data
159 # note archive cache dir is disabled by default, however if you enable
159 # note archive cache dir is disabled by default, however if you enable
160 # it also needs to be shared
160 # it also needs to be shared
161 #archive_cache_dir = /home/rcdev/storage/_tarball_cache_dir
161 #archive_cache_dir = /home/rcdev/storage/_tarball_cache_dir
162
162
163
163
164 4) Use shared exception store. Example config that should be
164 4) Use shared exception store. Example config that should be
165 changed on both **rc-node-2** and **rc-node-3**, and also for VCSServer.
165 changed on both **rc-node-2** and **rc-node-3**, and also for VCSServer.
166 Edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` and
166 Edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` and
167 :file:`/home/{user}/.rccontrol/{vcsserver-instance-id}/vcsserver.ini`
167 :file:`/home/{user}/.rccontrol/{vcsserver-instance-id}/vcsserver.ini`
168 and add/change following setting.
168 and add/change following setting.
169
169
170 .. code-block:: ini
170 .. code-block:: ini
171
171
172 exception_tracker.store_path = /home/rcdev/storage/_exception_store_data
172 exception_tracker.store_path = /home/rcdev/storage/_exception_store_data
173
173
174
174
175 5) Change cache backends to use `Redis`_ based caches. Below full example config
175 5) Change cache backends to use `Redis`_ based caches. Below full example config
176 that replaces default file-based cache to shared `Redis`_ with Distributed Lock.
176 that replaces default file-based cache to shared `Redis`_ with Distributed Lock.
177
177
178
178
179 .. code-block:: ini
179 .. code-block:: ini
180
180
181 #####################################
181 #####################################
182 ### DOGPILE CACHE ####
182 ### DOGPILE CACHE ####
183 #####################################
183 #####################################
184
184
185 ## `cache_perms` cache settings for permission tree, auth TTL.
185 ## `cache_perms` cache settings for permission tree, auth TTL.
186 #rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
186 #rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
187 #rc_cache.cache_perms.expiration_time = 300
187 #rc_cache.cache_perms.expiration_time = 300
188
188
189 ## alternative `cache_perms` redis backend with distributed lock
189 ## alternative `cache_perms` redis backend with distributed lock
190 rc_cache.cache_perms.backend = dogpile.cache.rc.redis
190 rc_cache.cache_perms.backend = dogpile.cache.rc.redis
191 rc_cache.cache_perms.expiration_time = 300
191 rc_cache.cache_perms.expiration_time = 300
192 ## redis_expiration_time needs to be greater then expiration_time
192 ## redis_expiration_time needs to be greater then expiration_time
193 rc_cache.cache_perms.arguments.redis_expiration_time = 7200
193 rc_cache.cache_perms.arguments.redis_expiration_time = 7200
194 rc_cache.cache_perms.arguments.socket_timeout = 30
194 rc_cache.cache_perms.arguments.socket_timeout = 30
195 rc_cache.cache_perms.arguments.host = rc-node-1
195 rc_cache.cache_perms.arguments.host = rc-node-1
196 rc_cache.cache_perms.arguments.password = qweqwe
196 rc_cache.cache_perms.arguments.password = qweqwe
197 rc_cache.cache_perms.arguments.port = 6379
197 rc_cache.cache_perms.arguments.port = 6379
198 rc_cache.cache_perms.arguments.db = 0
198 rc_cache.cache_perms.arguments.db = 0
199 rc_cache.cache_perms.arguments.distributed_lock = true
199 rc_cache.cache_perms.arguments.distributed_lock = true
200
200
201 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
201 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
202 #rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
202 #rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
203 #rc_cache.cache_repo.expiration_time = 2592000
203 #rc_cache.cache_repo.expiration_time = 2592000
204
204
205 ## alternative `cache_repo` redis backend with distributed lock
205 ## alternative `cache_repo` redis backend with distributed lock
206 rc_cache.cache_repo.backend = dogpile.cache.rc.redis
206 rc_cache.cache_repo.backend = dogpile.cache.rc.redis
207 rc_cache.cache_repo.expiration_time = 2592000
207 rc_cache.cache_repo.expiration_time = 2592000
208 ## redis_expiration_time needs to be greater then expiration_time
208 ## redis_expiration_time needs to be greater then expiration_time
209 rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
209 rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
210 rc_cache.cache_repo.arguments.socket_timeout = 30
210 rc_cache.cache_repo.arguments.socket_timeout = 30
211 rc_cache.cache_repo.arguments.host = rc-node-1
211 rc_cache.cache_repo.arguments.host = rc-node-1
212 rc_cache.cache_repo.arguments.password = qweqwe
212 rc_cache.cache_repo.arguments.password = qweqwe
213 rc_cache.cache_repo.arguments.port = 6379
213 rc_cache.cache_repo.arguments.port = 6379
214 rc_cache.cache_repo.arguments.db = 1
214 rc_cache.cache_repo.arguments.db = 1
215 rc_cache.cache_repo.arguments.distributed_lock = true
215 rc_cache.cache_repo.arguments.distributed_lock = true
216
216
217 ## cache settings for SQL queries, this needs to use memory type backend
217 ## cache settings for SQL queries, this needs to use memory type backend
218 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
218 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
219 rc_cache.sql_cache_short.expiration_time = 30
219 rc_cache.sql_cache_short.expiration_time = 30
220
220
221 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
221 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
222 ## type backend as the objects kept are not pickle serializable
222 ## type backend as the objects kept are not pickle serializable
223 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
223 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
224 ## by default we use 96H, this is using invalidation on push anyway
224 ## by default we use 96H, this is using invalidation on push anyway
225 rc_cache.cache_repo_longterm.expiration_time = 345600
225 rc_cache.cache_repo_longterm.expiration_time = 345600
226 ## max items in LRU cache, reduce this number to save memory, and expire last used
226 ## max items in LRU cache, reduce this number to save memory, and expire last used
227 ## cached objects
227 ## cached objects
228 rc_cache.cache_repo_longterm.max_size = 10000
228 rc_cache.cache_repo_longterm.max_size = 10000
229
229
230
230
231 6) Configure `Nginx`_ as reverse proxy on `rc-node-2/3`:
231 6) Configure `Nginx`_ as reverse proxy on `rc-node-2/3`:
232 Minimal `Nginx`_ config used:
232 Minimal `Nginx`_ config used:
233
233
234
234
235 .. code-block:: nginx
235 .. code-block:: nginx
236
236
237 ## rate limiter for certain pages to prevent brute force attacks
237 ## rate limiter for certain pages to prevent brute force attacks
238 limit_req_zone $binary_remote_addr zone=req_limit:10m rate=1r/s;
238 limit_req_zone $binary_remote_addr zone=req_limit:10m rate=1r/s;
239
239
240 ## custom log format
240 ## custom log format
241 log_format log_custom '$remote_addr - $remote_user [$time_local] '
241 log_format log_custom '$remote_addr - $remote_user [$time_local] '
242 '"$request" $status $body_bytes_sent '
242 '"$request" $status $body_bytes_sent '
243 '"$http_referer" "$http_user_agent" '
243 '"$http_referer" "$http_user_agent" '
244 '$request_time $upstream_response_time $pipe';
244 '$request_time $upstream_response_time $pipe';
245
245
246 server {
246 server {
247 listen 80;
247 listen 80;
248 server_name rc-node-2;
248 server_name rc-node-2;
249 #server_name rc-node-3;
249 #server_name rc-node-3;
250
250
251 access_log /var/log/nginx/rhodecode.access.log log_custom;
251 access_log /var/log/nginx/rhodecode.access.log log_custom;
252 error_log /var/log/nginx/rhodecode.error.log;
252 error_log /var/log/nginx/rhodecode.error.log;
253
253
254 # example of proxy.conf can be found in our docs.
254 # example of proxy.conf can be found in our docs.
255 include /etc/nginx/proxy.conf;
255 include /etc/nginx/proxy.conf;
256
256
257 ## serve static files by Nginx, recommended for performance
257 ## serve static files by Nginx, recommended for performance
258 location /_static/rhodecode {
258 location /_static/rhodecode {
259 gzip on;
259 gzip on;
260 gzip_min_length 500;
260 gzip_min_length 500;
261 gzip_proxied any;
261 gzip_proxied any;
262 gzip_comp_level 4;
262 gzip_comp_level 4;
263 gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
263 gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
264 gzip_vary on;
264 gzip_vary on;
265 gzip_disable "msie6";
265 gzip_disable "msie6";
266 expires 60d;
266 #alias /home/rcdev/.rccontrol/community-1/static;
267 #alias /home/rcdev/.rccontrol/community-1/static;
267 alias /home/rcdev/.rccontrol/enterprise-1/static;
268 alias /home/rcdev/.rccontrol/enterprise-1/static;
268 }
269 }
269
270
270
271
271 location /_admin/login {
272 location /_admin/login {
272 limit_req zone=req_limit burst=10 nodelay;
273 limit_req zone=req_limit burst=10 nodelay;
273 try_files $uri @rhode;
274 try_files $uri @rhode;
274 }
275 }
275
276
276 location / {
277 location / {
277 try_files $uri @rhode;
278 try_files $uri @rhode;
278 }
279 }
279
280
280 location @rhode {
281 location @rhode {
281 # Url to running RhodeCode instance.
282 # Url to running RhodeCode instance.
282 # This is shown as `- URL: <host>` in output from rccontrol status.
283 # This is shown as `- URL: <host>` in output from rccontrol status.
283 proxy_pass http://127.0.0.1:10020;
284 proxy_pass http://127.0.0.1:10020;
284 }
285 }
285
286
286 ## custom 502 error page. Will be displayed while RhodeCode server
287 ## custom 502 error page. Will be displayed while RhodeCode server
287 ## is turned off
288 ## is turned off
288 error_page 502 /502.html;
289 error_page 502 /502.html;
289 location = /502.html {
290 location = /502.html {
290 #root /home/rcdev/.rccontrol/community-1/static;
291 #root /home/rcdev/.rccontrol/community-1/static;
291 root /home/rcdev/.rccontrol/enterprise-1/static;
292 root /home/rcdev/.rccontrol/enterprise-1/static;
292 }
293 }
293 }
294 }
294
295
295
296
296 7) Optional: Full text search, in case you use `Whoosh` full text search we also need a
297 7) Optional: Full text search, in case you use `Whoosh` full text search we also need a
297 shared storage for the index. In our example our NFS is mounted at `/home/rcdev/storage`
298 shared storage for the index. In our example our NFS is mounted at `/home/rcdev/storage`
298 which represents out storage so we can use the following:
299 which represents out storage so we can use the following:
299
300
300 .. code-block:: ini
301 .. code-block:: ini
301
302
302 # note the `_` prefix that allows using a directory without
303 # note the `_` prefix that allows using a directory without
303 # remap and rescan checking for vcs inside it.
304 # remap and rescan checking for vcs inside it.
304 search.location = /home/rcdev/storage/_index_data/index
305 search.location = /home/rcdev/storage/_index_data/index
305
306
306
307
307 .. note::
308 .. note::
308
309
309 If you use ElasticSearch it's by default shared, and simply running ES node is
310 If you use ElasticSearch it's by default shared, and simply running ES node is
310 by default cluster compatible.
311 by default cluster compatible.
311
312
312
313
313 8) Optional: If you intend to use mailing all instances need to use either a shared
314 8) Optional: If you intend to use mailing all instances need to use either a shared
314 mailing node, or each will use individual local mail agent. Simply put node-1/2/3
315 mailing node, or each will use individual local mail agent. Simply put node-1/2/3
315 needs to use same mailing configuration.
316 needs to use same mailing configuration.
316
317
317
318
318
319
319 Setup rc-node-1
320 Setup rc-node-1
320 ^^^^^^^^^^^^^^^
321 ^^^^^^^^^^^^^^^
321
322
322
323
323 Configure `Nginx`_ as Load Balancer to rc-node-2/3.
324 Configure `Nginx`_ as Load Balancer to rc-node-2/3.
324 Minimal `Nginx`_ example below:
325 Minimal `Nginx`_ example below:
325
326
326 .. code-block:: nginx
327 .. code-block:: nginx
327
328
328 ## define rc-cluster which contains a pool of our instances to connect to
329 ## define rc-cluster which contains a pool of our instances to connect to
329 upstream rc-cluster {
330 upstream rc-cluster {
330 # rc-node-2/3 are stored in /etc/hosts with correct IP addresses
331 # rc-node-2/3 are stored in /etc/hosts with correct IP addresses
331 server rc-node-2:80;
332 server rc-node-2:80;
332 server rc-node-3:80;
333 server rc-node-3:80;
333 }
334 }
334
335
335 server {
336 server {
336 listen 80;
337 listen 80;
337 server_name rc-node-1;
338 server_name rc-node-1;
338
339
339 location / {
340 location / {
340 proxy_pass http://rc-cluster;
341 proxy_pass http://rc-cluster;
341 }
342 }
342 }
343 }
343
344
344
345
345 .. note::
346 .. note::
346
347
347 You should configure your load balancing accordingly. We recommend writing
348 You should configure your load balancing accordingly. We recommend writing
348 load balancing rules that will separate regular user traffic from
349 load balancing rules that will separate regular user traffic from
349 automated process traffic like continuous servers or build bots. Sticky sessions
350 automated process traffic like continuous servers or build bots. Sticky sessions
350 are not required.
351 are not required.
351
352
352
353
353 Show which instance handles a request
354 Show which instance handles a request
354 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
355 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
355
356
356 You can easily check if load-balancing is working as expected. Visit our main node
357 You can easily check if load-balancing is working as expected. Visit our main node
357 `rc-node-1` URL which at that point should already handle incoming requests and balance
358 `rc-node-1` URL which at that point should already handle incoming requests and balance
358 it across node-2/3.
359 it across node-2/3.
359
360
360 Add a special GET param `?showrcid=1` to show current instance handling your request.
361 Add a special GET param `?showrcid=1` to show current instance handling your request.
361
362
362 For example: visiting url `http://rc-node-1/?showrcid=1` will show, in the bottom
363 For example: visiting url `http://rc-node-1/?showrcid=1` will show, in the bottom
363 of the screen` cluster instance info.
364 of the screen` cluster instance info.
364 e.g: `RhodeCode instance id: rc-node-3-rc-node-3-3246`
365 e.g: `RhodeCode instance id: rc-node-3-rc-node-3-3246`
365 which is generated from::
366 which is generated from::
366
367
367 <NODE_HOSTNAME>-<INSTANCE_ID>-<WORKER_PID>
368 <NODE_HOSTNAME>-<INSTANCE_ID>-<WORKER_PID>
368
369
369
370
370 Using Celery with cluster
371 Using Celery with cluster
371 ^^^^^^^^^^^^^^^^^^^^^^^^^
372 ^^^^^^^^^^^^^^^^^^^^^^^^^
372
373
373
374
374 If `Celery` is used we recommend setting also an instance of Enterprise/Community+VCSserver
375 If `Celery` is used we recommend setting also an instance of Enterprise/Community+VCSserver
375 on the node that is running `RabbitMQ`_ or `Redis`_. Those instances will be used to
376 on the node that is running `RabbitMQ`_ or `Redis`_. Those instances will be used to
376 executed async tasks on the `rc-node-1`. This is the most efficient setup.
377 executed async tasks on the `rc-node-1`. This is the most efficient setup.
377 `Celery` usually handles tasks such as sending emails, forking repositories, importing
378 `Celery` usually handles tasks such as sending emails, forking repositories, importing
378 repositories from external location etc. Using workers on instance that has
379 repositories from external location etc. Using workers on instance that has
379 the direct access to disks used by NFS as well as email server gives noticeable
380 the direct access to disks used by NFS as well as email server gives noticeable
380 performance boost. Running local workers to the NFS storage results in faster
381 performance boost. Running local workers to the NFS storage results in faster
381 execution of forking large repositories or sending lots of emails.
382 execution of forking large repositories or sending lots of emails.
382
383
383 Those instances need to be configured in the same way as for other nodes.
384 Those instances need to be configured in the same way as for other nodes.
384 The instance in rc-node-1 can be added to the cluster, but we don't recommend doing it.
385 The instance in rc-node-1 can be added to the cluster, but we don't recommend doing it.
385 For best results let it be isolated to only executing `Celery` tasks in the cluster setup.
386 For best results let it be isolated to only executing `Celery` tasks in the cluster setup.
386
387
387
388
388 .. _Gunicorn: http://gunicorn.org/
389 .. _Gunicorn: http://gunicorn.org/
389 .. _Whoosh: https://pypi.python.org/pypi/Whoosh/
390 .. _Whoosh: https://pypi.python.org/pypi/Whoosh/
390 .. _Elasticsearch: https://www.elastic.co/..
391 .. _Elasticsearch: https://www.elastic.co/..
391 .. _RabbitMQ: http://www.rabbitmq.com/
392 .. _RabbitMQ: http://www.rabbitmq.com/
392 .. _Nginx: http://nginx.io
393 .. _Nginx: http://nginx.io
393 .. _Apache: http://nginx.io
394 .. _Apache: http://nginx.io
394 .. _Redis: http://redis.io
395 .. _Redis: http://redis.io
395
396
General Comments 0
You need to be logged in to leave comments. Login now