Show More
@@ -0,0 +1,50 b'' | |||
|
1 | auth_enabled: false | |
|
2 | ||
|
3 | server: | |
|
4 | http_listen_address: 0.0.0.0 | |
|
5 | grpc_listen_address: 0.0.0.0 | |
|
6 | http_listen_port: 3100 | |
|
7 | grpc_listen_port: 9095 | |
|
8 | log_level: info | |
|
9 | ||
|
10 | common: | |
|
11 | path_prefix: /tmp/loki | |
|
12 | storage: | |
|
13 | filesystem: | |
|
14 | chunks_directory: /tmp/loki/chunks | |
|
15 | rules_directory: /tmp/loki/rules | |
|
16 | replication_factor: 1 | |
|
17 | ring: | |
|
18 | instance_addr: 127.0.0.1 | |
|
19 | kvstore: | |
|
20 | store: inmemory | |
|
21 | ||
|
22 | schema_config: | |
|
23 | configs: | |
|
24 | - from: 2020-10-24 | |
|
25 | store: boltdb-shipper | |
|
26 | object_store: filesystem | |
|
27 | schema: v11 | |
|
28 | index: | |
|
29 | prefix: index_ | |
|
30 | period: 24h | |
|
31 | ||
|
32 | limits_config: | |
|
33 | max_streams_per_user: 100000 | |
|
34 | ||
|
35 | ingestion_burst_size_mb: 64 | |
|
36 | ingestion_rate_mb: 512 | |
|
37 | ||
|
38 | per_stream_rate_limit: 512M | |
|
39 | per_stream_rate_limit_burst: 1024M | |
|
40 | max_entries_limit_per_query: 1000000 | |
|
41 | max_label_value_length: 20480 | |
|
42 | max_label_name_length: 10240 | |
|
43 | ||
|
44 | ruler: | |
|
45 | alertmanager_url: http://localhost:9093 | |
|
46 | ||
|
47 | # If you would like to disable reporting, uncomment the following lines: | |
|
48 | #analytics: | |
|
49 | # reporting_enabled: false | |
|
50 |
@@ -0,0 +1,38 b'' | |||
|
1 | server: | |
|
2 | http_listen_port: 9080 | |
|
3 | grpc_listen_port: 0 | |
|
4 | ||
|
5 | # Describes how to save read file offsets to disk | |
|
6 | positions: | |
|
7 | filename: /tmp/positions.yaml | |
|
8 | ||
|
9 | clients: | |
|
10 | - url: http://loki:3100/loki/api/v1/push | |
|
11 | tenant_id: docker | |
|
12 | ||
|
13 | ## Definition to what to scrape | |
|
14 | scrape_configs: | |
|
15 | ||
|
16 | - job_name: scraping_nginx | |
|
17 | static_configs: | |
|
18 | - targets: | |
|
19 | - localhost | |
|
20 | labels: | |
|
21 | __path__: /var/log_volume/nginx/rhodecode* | |
|
22 | job: nginx | |
|
23 | ||
|
24 | - job_name: scraping_vcsserver | |
|
25 | static_configs: | |
|
26 | - targets: | |
|
27 | - localhost | |
|
28 | labels: | |
|
29 | __path__: /var/log_volume/apps/rhodecode* | |
|
30 | job: rhodecode | |
|
31 | ||
|
32 | - job_name: scraping_rhodecode | |
|
33 | static_configs: | |
|
34 | - targets: | |
|
35 | - localhost | |
|
36 | labels: | |
|
37 | __path__: /var/log_volume/apps/vcsserver* | |
|
38 | job: vcsserver No newline at end of file |
@@ -0,0 +1,31 b'' | |||
|
1 | defaults: | |
|
2 | # metrics expiration | |
|
3 | ttl: 48h | |
|
4 | ||
|
5 | mappings: | |
|
6 | ||
|
7 | - match: "*.histogram" | |
|
8 | name: "${1}" | |
|
9 | observer_type: histogram | |
|
10 | histogram_options: | |
|
11 | buckets: [.1, .25, .5, .75, 1, 1.5, 2, 5, 10] | |
|
12 | ||
|
13 | - match: "*.slow_histogram" | |
|
14 | name: "${1}" | |
|
15 | observer_type: histogram | |
|
16 | histogram_options: | |
|
17 | buckets: [.1, .25, .5, 1, 2, 5, 10, 30, 60] | |
|
18 | ||
|
19 | - match: "*.summary" | |
|
20 | name: "${1}" | |
|
21 | observer_type: summary | |
|
22 | summary_options: | |
|
23 | quantiles: | |
|
24 | - quantile: 0.99 | |
|
25 | error: 0.001 | |
|
26 | - quantile: 0.95 | |
|
27 | error: 0.01 | |
|
28 | - quantile: 0.9 | |
|
29 | error: 0.05 | |
|
30 | - quantile: 0.5 | |
|
31 | error: 0.005 |
|
1 | NO CONTENT: new file 100644 |
@@ -1,10 +1,17 b'' | |||
|
1 | 1 | global: |
|
2 |
scrape_interval: 1 |
|
|
3 |
evaluation_interval: 1 |
|
|
2 | scrape_interval: 15s | |
|
3 | evaluation_interval: 15s | |
|
4 | 4 | |
|
5 | 5 | scrape_configs: |
|
6 | # Scrape statsd exporter | |
|
6 | ||
|
7 | # Scrape statsd exporter from RhodeCode | |
|
7 | 8 | - job_name: "rhodecode_metrics" |
|
8 | 9 | metrics_path: "/metrics" |
|
9 | 10 | static_configs: |
|
10 | 11 | - targets: ["statsd-exporter:9102"] |
|
12 | ||
|
13 | # scrape node exporter | |
|
14 | - job_name: node_metrics | |
|
15 | metrics_path: "/metrics" | |
|
16 | static_configs: | |
|
17 | - targets: ["node-exporter:9100"] |
@@ -1,68 +1,75 b'' | |||
|
1 | 1 | #!/usr/bin/env bash |
|
2 | 2 | set -euo pipefail |
|
3 | 3 | IFS=$'\n\t' |
|
4 | 4 | CURRENT_USER_UID=$(id -u) |
|
5 | 5 | CURRENT_USER_GID=$(id -g) |
|
6 | 6 | USER_UID=${USER_UID:-$CURRENT_USER_UID} |
|
7 | 7 | USER_GID=${USER_GID:-$CURRENT_USER_GID} |
|
8 | 8 | CMD="docker-compose -f docker-compose.yml" |
|
9 | 9 | BUILD_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml" |
|
10 | 10 | DEV_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml -f docker-compose.dev.yaml" |
|
11 | DEV_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml -f docker-compose.dev.yaml" | |
|
12 | METRICS_CMD="docker-compose -f docker-compose-grafana.yaml" | |
|
11 | 13 | |
|
12 | 14 | usage="$(basename "$0") ./dev.sh <COMMAND> -- run docker command |
|
13 | 15 | where <COMMAND>: |
|
14 | 16 | [v]cs -- run bash console for vcsserver |
|
15 | 17 | [r]c -- run bash console for rhodecode-ee |
|
16 | 18 | ce -- run bash console for rhodecode-ce |
|
17 | 19 | [t]est[s] -- run bash console for rhodecode-ce tests |
|
18 | 20 | test-mysql -- run bash console for rhodecode-ce tests with mysql |
|
19 | 21 | test-pgsql -- run bash console for rhodecode-ce tests with postgres |
|
20 | 22 | dev-build -- build rhodecode dev app for use without cache use |
|
21 | 23 | dev-env -- run the dev stack required for development |
|
22 | 24 | redis -- run the redis CLI attached to rc_cluster_redis_1 |
|
23 | 25 | db -- run the db bash attached to rc_cluster_database_1 |
|
26 | [m]etrics -- run the metrics stack | |
|
24 | 27 | run <cmd> -- run <cmd>" |
|
25 | 28 | |
|
26 | 29 | case ${1:-} in |
|
27 | 30 | v|vcs ) |
|
28 |
eval "(docker stop vcsserver |
|
|
31 | eval "(docker stop dev-vcsserver || echo skip-stop ) && ${DEV_CMD} run --service-ports --rm --use-aliases --workdir="/home/rhodecode/rhodecode-vcsserver" --name="dev-vcsserver" vcsserver bash" | |
|
29 | 32 | exit |
|
30 | 33 | ;; |
|
31 | 34 | r|rc ) |
|
32 |
eval "(docker stop enterprise-ee |
|
|
35 | eval "(docker stop dev-enterprise-ee || echo skip-stop ) && ${DEV_CMD} run --publish 8080:8080 --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ee" --name="dev-enterprise-ee" rhodecode bash" | |
|
33 | 36 | exit |
|
34 | 37 | ;; |
|
35 | 38 | ce ) |
|
36 |
eval "(docker stop enterprise-ce |
|
|
39 | eval "(docker stop dev-enterprise-ce || echo skip-stop ) && ${DEV_CMD} run --publish 8081:8080 --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ce" --name="dev-enterprise-ce" rhodecode bash" | |
|
37 | 40 | exit |
|
38 | 41 | ;; |
|
39 | 42 | t|test|tests ) |
|
40 | 43 | eval "${DEV_CMD} run --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ce" --name="enterprise-dev-test" rhodecode bash" |
|
41 | 44 | exit |
|
42 | 45 | ;; |
|
43 | 46 | dev-build ) |
|
44 | 47 | eval "${BUILD_CMD} up --detach database && ${BUILD_CMD} build --no-cache --progress=plain rhodecode" |
|
45 | 48 | exit |
|
46 | 49 | ;; |
|
47 | 50 | dev-env ) |
|
48 | 51 | eval "${BUILD_CMD} up --detach database redis channelstream nginx celery beat elasticsearch" |
|
49 | 52 | exit |
|
50 | 53 | ;; |
|
51 | 54 | redis ) |
|
52 | 55 | eval "docker exec --interactive --tty rc_cluster_redis_1 redis-cli" |
|
53 | 56 | exit |
|
54 | 57 | ;; |
|
55 | 58 | db ) |
|
56 | 59 | eval "docker exec --interactive --tty rc_cluster_database_1 /bin/bash -c 'psql -U $$POSTGRES_USER' " |
|
57 | 60 | exit |
|
58 | 61 | ;; |
|
62 | m|metrics ) | |
|
63 | eval "${METRICS_CMD} up --detach" | |
|
64 | exit | |
|
65 | ;; | |
|
59 | 66 | run ) |
|
60 | 67 | command=${@:2} |
|
61 | 68 | eval "${DEV_CMD} run --rm rhodecode ${command}" |
|
62 | 69 | exit |
|
63 | 70 | ;; |
|
64 | 71 | * ) |
|
65 | 72 | echo "${usage}" |
|
66 | 73 | exit |
|
67 | 74 | ;; |
|
68 | 75 | esac |
@@ -1,58 +1,110 b'' | |||
|
1 | 1 | version: '3.9' |
|
2 | 2 | |
|
3 | 3 | volumes: |
|
4 | 4 | prometheus_data: {} |
|
5 | 5 | grafana_data: {} |
|
6 | logvolume: | |
|
7 | driver: local | |
|
8 | driver_opts: | |
|
9 | type: none | |
|
10 | o: bind | |
|
11 | device: $PWD/logs | |
|
6 | 12 | |
|
7 | 13 | networks: |
|
8 | 14 | rhodecode_network: |
|
9 | 15 | name: rhodecode_network |
|
10 | 16 | |
|
11 | 17 | |
|
12 | 18 | services: |
|
13 | 19 | |
|
14 | 20 | statsd-exporter: |
|
15 | 21 | image: prom/statsd-exporter:v0.22.8 |
|
16 | 22 | restart: unless-stopped |
|
17 | 23 | command: [ |
|
18 |
'--statsd.mapping-config=/statsd/statsd. |
|
|
24 | '--statsd.mapping-config=/statsd/statsd.yaml', | |
|
19 | 25 | '--statsd.listen-udp=:9125', |
|
20 | 26 | '--web.listen-address=:9102' |
|
21 | 27 | ] |
|
22 | 28 | networks: |
|
23 | 29 | - rhodecode_network |
|
24 | 30 | ports: |
|
25 | - "9125:9125/udp" | |
|
26 | - "9102:9102" | |
|
31 | - "127.0.0.1:9125:9125/udp" | |
|
32 | - "127.0.0.1:9102:9102" | |
|
27 | 33 | volumes: |
|
28 |
- ./config/statsd-exporter |
|
|
34 | - ./config/statsd-exporter:/statsd | |
|
35 | ||
|
36 | node-exporter: | |
|
37 | image: prom/node-exporter:v1.4.0 | |
|
38 | command: | |
|
39 | - "--path.procfs=/host/proc" | |
|
40 | - "--path.rootfs=/rootfs" | |
|
41 | - "--path.sysfs=/host/sys" | |
|
42 | - "--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)" | |
|
43 | - "--collector.systemd" | |
|
44 | - "--collector.processes" | |
|
45 | networks: | |
|
46 | - rhodecode_network | |
|
47 | pid: host | |
|
48 | restart: unless-stopped | |
|
49 | ports: | |
|
50 | - "127.0.0.1:9100:9100" | |
|
51 | volumes: | |
|
52 | - "/proc:/host/proc:ro" | |
|
53 | - "/sys:/host/sys:ro" | |
|
54 | - "/:/rootfs:ro" | |
|
29 | 55 | |
|
30 | 56 | prometheus: |
|
31 | 57 | image: prom/prometheus:v2.39.1 |
|
32 | 58 | restart: unless-stopped |
|
33 | 59 | command: |
|
34 | 60 | - "--config.file=/etc/prometheus/prometheus.yml" |
|
35 | 61 | - "--storage.tsdb.path=/prometheus" |
|
36 | 62 | - "--web.console.libraries=/etc/prometheus/console_libraries" |
|
37 | 63 | - "--web.console.templates=/etc/prometheus/consoles" |
|
38 | 64 | - "--storage.tsdb.retention.time=24h" |
|
39 | 65 | - "--web.enable-lifecycle" |
|
40 | 66 | ports: |
|
41 | - "9090:9090" | |
|
67 | - "127.0.0.1:9090:9090" | |
|
42 | 68 | networks: |
|
43 | 69 | - rhodecode_network |
|
44 | 70 | volumes: |
|
45 | 71 | - ./config/prometheus:/etc/prometheus |
|
46 | 72 | - prometheus_data:/prometheus |
|
47 | 73 | |
|
48 | 74 | grafana: |
|
49 |
image: grafana/grafana:9. |
|
|
75 | image: grafana/grafana:9.2.1-ubuntu | |
|
50 | 76 | restart: unless-stopped |
|
51 | 77 | env_file: |
|
52 | 78 | - ./config/grafana/grafana.env |
|
53 | 79 | ports: |
|
54 |
- " |
|
|
80 | - "4000:3000" | |
|
55 | 81 | volumes: |
|
56 | 82 | - grafana_data:/var/lib/grafana |
|
57 | 83 | networks: |
|
58 | 84 | - rhodecode_network |
|
85 | ||
|
86 | loki: | |
|
87 | image: grafana/loki:2.6.1 | |
|
88 | restart: unless-stopped | |
|
89 | ports: | |
|
90 | - "127.0.0.1:3100:3100" | |
|
91 | - "127.0.0.1:9095:9095" | |
|
92 | command: [ | |
|
93 | "-config.file=/etc/loki/loki-config.yaml" | |
|
94 | ] | |
|
95 | networks: | |
|
96 | - rhodecode_network | |
|
97 | volumes: | |
|
98 | - ./config/loki:/etc/loki | |
|
99 | ||
|
100 | promtail: | |
|
101 | image: grafana/promtail:latest | |
|
102 | command: [ | |
|
103 | "-config.file=/etc/promtail/promtail-config.yaml" | |
|
104 | ] | |
|
105 | networks: | |
|
106 | - rhodecode_network | |
|
107 | volumes: | |
|
108 | - /var/log:/var/log | |
|
109 | - logvolume:/var/log_volume | |
|
110 | - ./config/loki:/etc/promtail |
@@ -1,808 +1,808 b'' | |||
|
1 | 1 | # ----------------------------- |
|
2 | 2 | # PostgreSQL configuration file |
|
3 | 3 | # ----------------------------- |
|
4 | 4 | # |
|
5 | 5 | # This file consists of lines of the form: |
|
6 | 6 | # |
|
7 | 7 | # name = value |
|
8 | 8 | # |
|
9 | 9 | # (The "=" is optional.) Whitespace may be used. Comments are introduced with |
|
10 | 10 | # "#" anywhere on a line. The complete list of parameter names and allowed |
|
11 | 11 | # values can be found in the PostgreSQL documentation. |
|
12 | 12 | # |
|
13 | 13 | # The commented-out settings shown in this file represent the default values. |
|
14 | 14 | # Re-commenting a setting is NOT sufficient to revert it to the default value; |
|
15 | 15 | # you need to reload the server. |
|
16 | 16 | # |
|
17 | 17 | # This file is read on server startup and when the server receives a SIGHUP |
|
18 | 18 | # signal. If you edit the file on a running system, you have to SIGHUP the |
|
19 | 19 | # server for the changes to take effect, run "pg_ctl reload", or execute |
|
20 | 20 | # "SELECT pg_reload_conf()". Some parameters, which are marked below, |
|
21 | 21 | # require a server shutdown and restart to take effect. |
|
22 | 22 | # |
|
23 | 23 | # Any parameter can also be given as a command-line option to the server, e.g., |
|
24 | 24 | # "postgres -c log_connections=on". Some parameters can be changed at run time |
|
25 | 25 | # with the "SET" SQL command. |
|
26 | 26 | # |
|
27 | 27 | # Memory units: B = bytes Time units: us = microseconds |
|
28 | 28 | # kB = kilobytes ms = milliseconds |
|
29 | 29 | # MB = megabytes s = seconds |
|
30 | 30 | # GB = gigabytes min = minutes |
|
31 | 31 | # TB = terabytes h = hours |
|
32 | 32 | # d = days |
|
33 | 33 | |
|
34 | 34 | |
|
35 | 35 | #------------------------------------------------------------------------------ |
|
36 | 36 | # FILE LOCATIONS |
|
37 | 37 | #------------------------------------------------------------------------------ |
|
38 | 38 | |
|
39 | 39 | # The default values of these variables are driven from the -D command-line |
|
40 | 40 | # option or PGDATA environment variable, represented here as ConfigDir. |
|
41 | 41 | |
|
42 | 42 | #data_directory = 'ConfigDir' # use data in another directory |
|
43 | 43 | # (change requires restart) |
|
44 | 44 | #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file |
|
45 | 45 | # (change requires restart) |
|
46 | 46 | #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file |
|
47 | 47 | # (change requires restart) |
|
48 | 48 | |
|
49 | 49 | # If external_pid_file is not explicitly set, no extra PID file is written. |
|
50 | 50 | #external_pid_file = '' # write an extra PID file |
|
51 | 51 | # (change requires restart) |
|
52 | 52 | |
|
53 | 53 | |
|
54 | 54 | #------------------------------------------------------------------------------ |
|
55 | 55 | # CONNECTIONS AND AUTHENTICATION |
|
56 | 56 | #------------------------------------------------------------------------------ |
|
57 | 57 | |
|
58 | 58 | # - Connection Settings - |
|
59 | 59 | |
|
60 | 60 | listen_addresses = '*' |
|
61 | 61 | # comma-separated list of addresses; |
|
62 | 62 | # defaults to 'localhost'; use '*' for all |
|
63 | 63 | # (change requires restart) |
|
64 | 64 | #port = 5432 # (change requires restart) |
|
65 | 65 | #max_connections = 100 # (change requires restart) |
|
66 | 66 | #superuser_reserved_connections = 3 # (change requires restart) |
|
67 | 67 | #unix_socket_directories = '/tmp' # comma-separated list of directories |
|
68 | 68 | # (change requires restart) |
|
69 | 69 | #unix_socket_group = '' # (change requires restart) |
|
70 | 70 | #unix_socket_permissions = 0777 # begin with 0 to use octal notation |
|
71 | 71 | # (change requires restart) |
|
72 | 72 | #bonjour = off # advertise server via Bonjour |
|
73 | 73 | # (change requires restart) |
|
74 | 74 | #bonjour_name = '' # defaults to the computer name |
|
75 | 75 | # (change requires restart) |
|
76 | 76 | |
|
77 | 77 | # - TCP settings - |
|
78 | 78 | # see "man tcp" for details |
|
79 | 79 | |
|
80 | 80 | #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; |
|
81 | 81 | # 0 selects the system default |
|
82 | 82 | #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; |
|
83 | 83 | # 0 selects the system default |
|
84 | 84 | #tcp_keepalives_count = 0 # TCP_KEEPCNT; |
|
85 | 85 | # 0 selects the system default |
|
86 | 86 | #tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; |
|
87 | 87 | # 0 selects the system default |
|
88 | 88 | |
|
89 | 89 | #client_connection_check_interval = 0 # time between checks for client |
|
90 | 90 | # disconnection while running queries; |
|
91 | 91 | # 0 for never |
|
92 | 92 | |
|
93 | 93 | # - Authentication - |
|
94 | 94 | |
|
95 | 95 | #authentication_timeout = 1min # 1s-600s |
|
96 | 96 | #password_encryption = scram-sha-256 # scram-sha-256 or md5 |
|
97 | 97 | #db_user_namespace = off |
|
98 | 98 | |
|
99 | 99 | # GSSAPI using Kerberos |
|
100 | 100 | #krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab' |
|
101 | 101 | #krb_caseins_users = off |
|
102 | 102 | |
|
103 | 103 | # - SSL - |
|
104 | 104 | |
|
105 | 105 | #ssl = off |
|
106 | 106 | #ssl_ca_file = '' |
|
107 | 107 | #ssl_cert_file = 'server.crt' |
|
108 | 108 | #ssl_crl_file = '' |
|
109 | 109 | #ssl_crl_dir = '' |
|
110 | 110 | #ssl_key_file = 'server.key' |
|
111 | 111 | #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers |
|
112 | 112 | #ssl_prefer_server_ciphers = on |
|
113 | 113 | #ssl_ecdh_curve = 'prime256v1' |
|
114 | 114 | #ssl_min_protocol_version = 'TLSv1.2' |
|
115 | 115 | #ssl_max_protocol_version = '' |
|
116 | 116 | #ssl_dh_params_file = '' |
|
117 | 117 | #ssl_passphrase_command = '' |
|
118 | 118 | #ssl_passphrase_command_supports_reload = off |
|
119 | 119 | |
|
120 | 120 | |
|
121 | 121 | #------------------------------------------------------------------------------ |
|
122 | 122 | # RESOURCE USAGE (except WAL) |
|
123 | 123 | #------------------------------------------------------------------------------ |
|
124 | 124 | |
|
125 | 125 | # - Memory - |
|
126 | 126 | |
|
127 | 127 | #shared_buffers = 32MB # min 128kB |
|
128 | 128 | # (change requires restart) |
|
129 | 129 | #huge_pages = try # on, off, or try |
|
130 | 130 | # (change requires restart) |
|
131 | 131 | #huge_page_size = 0 # zero for system default |
|
132 | 132 | # (change requires restart) |
|
133 | 133 | #temp_buffers = 8MB # min 800kB |
|
134 | 134 | #max_prepared_transactions = 0 # zero disables the feature |
|
135 | 135 | # (change requires restart) |
|
136 | 136 | # Caution: it is not advisable to set max_prepared_transactions nonzero unless |
|
137 | 137 | # you actively intend to use prepared transactions. |
|
138 | 138 | #work_mem = 4MB # min 64kB |
|
139 | 139 | #hash_mem_multiplier = 1.0 # 1-1000.0 multiplier on hash table work_mem |
|
140 | 140 | #maintenance_work_mem = 64MB # min 1MB |
|
141 | 141 | #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem |
|
142 | 142 | #logical_decoding_work_mem = 64MB # min 64kB |
|
143 | 143 | #max_stack_depth = 2MB # min 100kB |
|
144 | 144 | #shared_memory_type = mmap # the default is the first option |
|
145 | 145 | # supported by the operating system: |
|
146 | 146 | # mmap |
|
147 | 147 | # sysv |
|
148 | 148 | # windows |
|
149 | 149 | # (change requires restart) |
|
150 | 150 | #dynamic_shared_memory_type = posix # the default is the first option |
|
151 | 151 | # supported by the operating system: |
|
152 | 152 | # posix |
|
153 | 153 | # sysv |
|
154 | 154 | # windows |
|
155 | 155 | # mmap |
|
156 | 156 | # (change requires restart) |
|
157 | 157 | #min_dynamic_shared_memory = 0MB # (change requires restart) |
|
158 | 158 | |
|
159 | 159 | # - Disk - |
|
160 | 160 | |
|
161 | 161 | #temp_file_limit = -1 # limits per-process temp file space |
|
162 | 162 | # in kilobytes, or -1 for no limit |
|
163 | 163 | |
|
164 | 164 | # - Kernel Resources - |
|
165 | 165 | |
|
166 | 166 | #max_files_per_process = 1000 # min 64 |
|
167 | 167 | # (change requires restart) |
|
168 | 168 | |
|
169 | 169 | # - Cost-Based Vacuum Delay - |
|
170 | 170 | |
|
171 | 171 | #vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) |
|
172 | 172 | #vacuum_cost_page_hit = 1 # 0-10000 credits |
|
173 | 173 | #vacuum_cost_page_miss = 2 # 0-10000 credits |
|
174 | 174 | #vacuum_cost_page_dirty = 20 # 0-10000 credits |
|
175 | 175 | #vacuum_cost_limit = 200 # 1-10000 credits |
|
176 | 176 | |
|
177 | 177 | # - Background Writer - |
|
178 | 178 | |
|
179 | 179 | #bgwriter_delay = 200ms # 10-10000ms between rounds |
|
180 | 180 | #bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables |
|
181 | 181 | #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round |
|
182 | 182 | #bgwriter_flush_after = 0 # measured in pages, 0 disables |
|
183 | 183 | |
|
184 | 184 | # - Asynchronous Behavior - |
|
185 | 185 | |
|
186 | 186 | #backend_flush_after = 0 # measured in pages, 0 disables |
|
187 | 187 | #effective_io_concurrency = 1 # 1-1000; 0 disables prefetching |
|
188 | 188 | #maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching |
|
189 | 189 | #max_worker_processes = 8 # (change requires restart) |
|
190 | 190 | #max_parallel_workers_per_gather = 2 # taken from max_parallel_workers |
|
191 | 191 | #max_parallel_maintenance_workers = 2 # taken from max_parallel_workers |
|
192 | 192 | #max_parallel_workers = 8 # maximum number of max_worker_processes that |
|
193 | 193 | # can be used in parallel operations |
|
194 | 194 | #parallel_leader_participation = on |
|
195 | 195 | #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate |
|
196 | 196 | # (change requires restart) |
|
197 | 197 | |
|
198 | 198 | |
|
199 | 199 | #------------------------------------------------------------------------------ |
|
200 | 200 | # WRITE-AHEAD LOG |
|
201 | 201 | #------------------------------------------------------------------------------ |
|
202 | 202 | |
|
203 | 203 | # - Settings - |
|
204 | 204 | |
|
205 | 205 | #wal_level = replica # minimal, replica, or logical |
|
206 | 206 | # (change requires restart) |
|
207 | 207 | #fsync = on # flush data to disk for crash safety |
|
208 | 208 | # (turning this off can cause |
|
209 | 209 | # unrecoverable data corruption) |
|
210 | 210 | #synchronous_commit = on # synchronization level; |
|
211 | 211 | # off, local, remote_write, remote_apply, or on |
|
212 | 212 | #wal_sync_method = fsync # the default is the first option |
|
213 | 213 | # supported by the operating system: |
|
214 | 214 | # open_datasync |
|
215 | 215 | # fdatasync (default on Linux and FreeBSD) |
|
216 | 216 | # fsync |
|
217 | 217 | # fsync_writethrough |
|
218 | 218 | # open_sync |
|
219 | 219 | #full_page_writes = on # recover from partial page writes |
|
220 | 220 | #wal_log_hints = off # also do full page writes of non-critical updates |
|
221 | 221 | # (change requires restart) |
|
222 | 222 | #wal_compression = off # enable compression of full-page writes |
|
223 | 223 | #wal_init_zero = on # zero-fill new WAL files |
|
224 | 224 | #wal_recycle = on # recycle WAL files |
|
225 | 225 | #wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers |
|
226 | 226 | # (change requires restart) |
|
227 | 227 | #wal_writer_delay = 200ms # 1-10000 milliseconds |
|
228 | 228 | #wal_writer_flush_after = 1MB # measured in pages, 0 disables |
|
229 | 229 | #wal_skip_threshold = 2MB |
|
230 | 230 | |
|
231 | 231 | #commit_delay = 0 # range 0-100000, in microseconds |
|
232 | 232 | #commit_siblings = 5 # range 1-1000 |
|
233 | 233 | |
|
234 | 234 | # - Checkpoints - |
|
235 | 235 | |
|
236 | 236 | #checkpoint_timeout = 5min # range 30s-1d |
|
237 | 237 | #checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0 |
|
238 | 238 | #checkpoint_flush_after = 0 # measured in pages, 0 disables |
|
239 | 239 | #checkpoint_warning = 30s # 0 disables |
|
240 | 240 | #max_wal_size = 1GB |
|
241 | 241 | #min_wal_size = 80MB |
|
242 | 242 | |
|
243 | 243 | # - Archiving - |
|
244 | 244 | |
|
245 | 245 | #archive_mode = off # enables archiving; off, on, or always |
|
246 | 246 | # (change requires restart) |
|
247 | 247 | #archive_command = '' # command to use to archive a logfile segment |
|
248 | 248 | # placeholders: %p = path of file to archive |
|
249 | 249 | # %f = file name only |
|
250 | 250 | # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' |
|
251 | 251 | #archive_timeout = 0 # force a logfile segment switch after this |
|
252 | 252 | # number of seconds; 0 disables |
|
253 | 253 | |
|
254 | 254 | # - Archive Recovery - |
|
255 | 255 | |
|
256 | 256 | # These are only used in recovery mode. |
|
257 | 257 | |
|
258 | 258 | #restore_command = '' # command to use to restore an archived logfile segment |
|
259 | 259 | # placeholders: %p = path of file to restore |
|
260 | 260 | # %f = file name only |
|
261 | 261 | # e.g. 'cp /mnt/server/archivedir/%f %p' |
|
262 | 262 | #archive_cleanup_command = '' # command to execute at every restartpoint |
|
263 | 263 | #recovery_end_command = '' # command to execute at completion of recovery |
|
264 | 264 | |
|
265 | 265 | # - Recovery Target - |
|
266 | 266 | |
|
267 | 267 | # Set these only when performing a targeted recovery. |
|
268 | 268 | |
|
269 | 269 | #recovery_target = '' # 'immediate' to end recovery as soon as a |
|
270 | 270 | # consistent state is reached |
|
271 | 271 | # (change requires restart) |
|
272 | 272 | #recovery_target_name = '' # the named restore point to which recovery will proceed |
|
273 | 273 | # (change requires restart) |
|
274 | 274 | #recovery_target_time = '' # the time stamp up to which recovery will proceed |
|
275 | 275 | # (change requires restart) |
|
276 | 276 | #recovery_target_xid = '' # the transaction ID up to which recovery will proceed |
|
277 | 277 | # (change requires restart) |
|
278 | 278 | #recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed |
|
279 | 279 | # (change requires restart) |
|
280 | 280 | #recovery_target_inclusive = on # Specifies whether to stop: |
|
281 | 281 | # just after the specified recovery target (on) |
|
282 | 282 | # just before the recovery target (off) |
|
283 | 283 | # (change requires restart) |
|
284 | 284 | #recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID |
|
285 | 285 | # (change requires restart) |
|
286 | 286 | #recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' |
|
287 | 287 | # (change requires restart) |
|
288 | 288 | |
|
289 | 289 | |
|
290 | 290 | #------------------------------------------------------------------------------ |
|
291 | 291 | # REPLICATION |
|
292 | 292 | #------------------------------------------------------------------------------ |
|
293 | 293 | |
|
294 | 294 | # - Sending Servers - |
|
295 | 295 | |
|
296 | 296 | # Set these on the primary and on any standby that will send replication data. |
|
297 | 297 | |
|
298 | 298 | #max_wal_senders = 10 # max number of walsender processes |
|
299 | 299 | # (change requires restart) |
|
300 | 300 | #max_replication_slots = 10 # max number of replication slots |
|
301 | 301 | # (change requires restart) |
|
302 | 302 | #wal_keep_size = 0 # in megabytes; 0 disables |
|
303 | 303 | #max_slot_wal_keep_size = -1 # in megabytes; -1 disables |
|
304 | 304 | #wal_sender_timeout = 60s # in milliseconds; 0 disables |
|
305 | 305 | #track_commit_timestamp = off # collect timestamp of transaction commit |
|
306 | 306 | # (change requires restart) |
|
307 | 307 | |
|
308 | 308 | # - Primary Server - |
|
309 | 309 | |
|
310 | 310 | # These settings are ignored on a standby server. |
|
311 | 311 | |
|
312 | 312 | #synchronous_standby_names = '' # standby servers that provide sync rep |
|
313 | 313 | # method to choose sync standbys, number of sync standbys, |
|
314 | 314 | # and comma-separated list of application_name |
|
315 | 315 | # from standby(s); '*' = all |
|
316 | 316 | #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed |
|
317 | 317 | |
|
318 | 318 | # - Standby Servers - |
|
319 | 319 | |
|
320 | 320 | # These settings are ignored on a primary server. |
|
321 | 321 | |
|
322 | 322 | #primary_conninfo = '' # connection string to sending server |
|
323 | 323 | #primary_slot_name = '' # replication slot on sending server |
|
324 | 324 | #promote_trigger_file = '' # file name whose presence ends recovery |
|
325 | 325 | #hot_standby = on # "off" disallows queries during recovery |
|
326 | 326 | # (change requires restart) |
|
327 | 327 | #max_standby_archive_delay = 30s # max delay before canceling queries |
|
328 | 328 | # when reading WAL from archive; |
|
329 | 329 | # -1 allows indefinite delay |
|
330 | 330 | #max_standby_streaming_delay = 30s # max delay before canceling queries |
|
331 | 331 | # when reading streaming WAL; |
|
332 | 332 | # -1 allows indefinite delay |
|
333 | 333 | #wal_receiver_create_temp_slot = off # create temp slot if primary_slot_name |
|
334 | 334 | # is not set |
|
335 | 335 | #wal_receiver_status_interval = 10s # send replies at least this often |
|
336 | 336 | # 0 disables |
|
337 | 337 | #hot_standby_feedback = off # send info from standby to prevent |
|
338 | 338 | # query conflicts |
|
339 | 339 | #wal_receiver_timeout = 60s # time that receiver waits for |
|
340 | 340 | # communication from primary |
|
341 | 341 | # in milliseconds; 0 disables |
|
342 | 342 | #wal_retrieve_retry_interval = 5s # time to wait before retrying to |
|
343 | 343 | # retrieve WAL after a failed attempt |
|
344 | 344 | #recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery |
|
345 | 345 | |
|
346 | 346 | # - Subscribers - |
|
347 | 347 | |
|
348 | 348 | # These settings are ignored on a publisher. |
|
349 | 349 | |
|
350 | 350 | #max_logical_replication_workers = 4 # taken from max_worker_processes |
|
351 | 351 | # (change requires restart) |
|
352 | 352 | #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers |
|
353 | 353 | |
|
354 | 354 | |
|
355 | 355 | #------------------------------------------------------------------------------ |
|
356 | 356 | # QUERY TUNING |
|
357 | 357 | #------------------------------------------------------------------------------ |
|
358 | 358 | |
|
359 | 359 | # - Planner Method Configuration - |
|
360 | 360 | |
|
361 | 361 | #enable_async_append = on |
|
362 | 362 | #enable_bitmapscan = on |
|
363 | 363 | #enable_gathermerge = on |
|
364 | 364 | #enable_hashagg = on |
|
365 | 365 | #enable_hashjoin = on |
|
366 | 366 | #enable_incremental_sort = on |
|
367 | 367 | #enable_indexscan = on |
|
368 | 368 | #enable_indexonlyscan = on |
|
369 | 369 | #enable_material = on |
|
370 | 370 | #enable_memoize = on |
|
371 | 371 | #enable_mergejoin = on |
|
372 | 372 | #enable_nestloop = on |
|
373 | 373 | #enable_parallel_append = on |
|
374 | 374 | #enable_parallel_hash = on |
|
375 | 375 | #enable_partition_pruning = on |
|
376 | 376 | #enable_partitionwise_join = off |
|
377 | 377 | #enable_partitionwise_aggregate = off |
|
378 | 378 | #enable_seqscan = on |
|
379 | 379 | #enable_sort = on |
|
380 | 380 | #enable_tidscan = on |
|
381 | 381 | |
|
382 | 382 | # - Planner Cost Constants - |
|
383 | 383 | |
|
384 | 384 | #seq_page_cost = 1.0 # measured on an arbitrary scale |
|
385 | 385 | #random_page_cost = 4.0 # same scale as above |
|
386 | 386 | #cpu_tuple_cost = 0.01 # same scale as above |
|
387 | 387 | #cpu_index_tuple_cost = 0.005 # same scale as above |
|
388 | 388 | #cpu_operator_cost = 0.0025 # same scale as above |
|
389 | 389 | #parallel_setup_cost = 1000.0 # same scale as above |
|
390 | 390 | #parallel_tuple_cost = 0.1 # same scale as above |
|
391 | 391 | #min_parallel_table_scan_size = 8MB |
|
392 | 392 | #min_parallel_index_scan_size = 512kB |
|
393 | 393 | #effective_cache_size = 4GB |
|
394 | 394 | |
|
395 | 395 | #jit_above_cost = 100000 # perform JIT compilation if available |
|
396 | 396 | # and query more expensive than this; |
|
397 | 397 | # -1 disables |
|
398 | 398 | #jit_inline_above_cost = 500000 # inline small functions if query is |
|
399 | 399 | # more expensive than this; -1 disables |
|
400 | 400 | #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if |
|
401 | 401 | # query is more expensive than this; |
|
402 | 402 | # -1 disables |
|
403 | 403 | |
|
404 | 404 | # - Genetic Query Optimizer - |
|
405 | 405 | |
|
406 | 406 | #geqo = on |
|
407 | 407 | #geqo_threshold = 12 |
|
408 | 408 | #geqo_effort = 5 # range 1-10 |
|
409 | 409 | #geqo_pool_size = 0 # selects default based on effort |
|
410 | 410 | #geqo_generations = 0 # selects default based on effort |
|
411 | 411 | #geqo_selection_bias = 2.0 # range 1.5-2.0 |
|
412 | 412 | #geqo_seed = 0.0 # range 0.0-1.0 |
|
413 | 413 | |
|
414 | 414 | # - Other Planner Options - |
|
415 | 415 | |
|
416 | 416 | #default_statistics_target = 100 # range 1-10000 |
|
417 | 417 | #constraint_exclusion = partition # on, off, or partition |
|
418 | 418 | #cursor_tuple_fraction = 0.1 # range 0.0-1.0 |
|
419 | 419 | #from_collapse_limit = 8 |
|
420 | 420 | #jit = on # allow JIT compilation |
|
421 | 421 | #join_collapse_limit = 8 # 1 disables collapsing of explicit |
|
422 | 422 | # JOIN clauses |
|
423 | 423 | #plan_cache_mode = auto # auto, force_generic_plan or |
|
424 | 424 | # force_custom_plan |
|
425 | 425 | |
|
426 | 426 | |
|
427 | 427 | #------------------------------------------------------------------------------ |
|
428 | 428 | # REPORTING AND LOGGING |
|
429 | 429 | #------------------------------------------------------------------------------ |
|
430 | 430 | |
|
431 | 431 | # - Where to Log - |
|
432 | 432 | |
|
433 |
|
|
|
433 | log_destination = 'stderr' # Valid values are combinations of | |
|
434 | 434 | # stderr, csvlog, syslog, and eventlog, |
|
435 | 435 | # depending on platform. csvlog |
|
436 | 436 | # requires logging_collector to be on. |
|
437 | 437 | |
|
438 | 438 | # This is used when logging to stderr: |
|
439 |
|
|
|
439 | logging_collector = on # Enable capturing of stderr and csvlog | |
|
440 | 440 | # into log files. Required to be on for |
|
441 | 441 | # csvlogs. |
|
442 | 442 | # (change requires restart) |
|
443 | 443 | |
|
444 | 444 | # These are only used if logging_collector is on: |
|
445 |
|
|
|
445 | log_directory = '/var/log/rhodecode/postgres' # directory where log files are written, | |
|
446 | 446 | # can be absolute or relative to PGDATA |
|
447 |
|
|
|
447 | log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, | |
|
448 | 448 | # can include strftime() escapes |
|
449 | 449 | #log_file_mode = 0600 # creation mode for log files, |
|
450 | 450 | # begin with 0 to use octal notation |
|
451 | 451 | #log_rotation_age = 1d # Automatic rotation of logfiles will |
|
452 | 452 | # happen after that time. 0 disables. |
|
453 |
|
|
|
453 | log_rotation_size = 512MB # Automatic rotation of logfiles will | |
|
454 | 454 | # happen after that much log output. |
|
455 | 455 | # 0 disables. |
|
456 | 456 | #log_truncate_on_rotation = off # If on, an existing log file with the |
|
457 | 457 | # same name as the new log file will be |
|
458 | 458 | # truncated rather than appended to. |
|
459 | 459 | # But such truncation only occurs on |
|
460 | 460 | # time-driven rotation, not on restarts |
|
461 | 461 | # or size-driven rotation. Default is |
|
462 | 462 | # off, meaning append to existing files |
|
463 | 463 | # in all cases. |
|
464 | 464 | |
|
465 | 465 | # These are relevant when logging to syslog: |
|
466 | 466 | #syslog_facility = 'LOCAL0' |
|
467 | 467 | #syslog_ident = 'postgres' |
|
468 | 468 | #syslog_sequence_numbers = on |
|
469 | 469 | #syslog_split_messages = on |
|
470 | 470 | |
|
471 | 471 | # This is only relevant when logging to eventlog (Windows): |
|
472 | 472 | # (change requires restart) |
|
473 | 473 | #event_source = 'PostgreSQL' |
|
474 | 474 | |
|
475 | 475 | # - When to Log - |
|
476 | 476 | |
|
477 | 477 | #log_min_messages = warning # values in order of decreasing detail: |
|
478 | 478 | # debug5 |
|
479 | 479 | # debug4 |
|
480 | 480 | # debug3 |
|
481 | 481 | # debug2 |
|
482 | 482 | # debug1 |
|
483 | 483 | # info |
|
484 | 484 | # notice |
|
485 | 485 | # warning |
|
486 | 486 | # error |
|
487 | 487 | # log |
|
488 | 488 | # fatal |
|
489 | 489 | # panic |
|
490 | 490 | |
|
491 | 491 | #log_min_error_statement = error # values in order of decreasing detail: |
|
492 | 492 | # debug5 |
|
493 | 493 | # debug4 |
|
494 | 494 | # debug3 |
|
495 | 495 | # debug2 |
|
496 | 496 | # debug1 |
|
497 | 497 | # info |
|
498 | 498 | # notice |
|
499 | 499 | # warning |
|
500 | 500 | # error |
|
501 | 501 | # log |
|
502 | 502 | # fatal |
|
503 | 503 | # panic (effectively off) |
|
504 | 504 | |
|
505 |
|
|
|
505 | log_min_duration_statement = 1000 # -1 is disabled, 0 logs all statements | |
|
506 | 506 | # and their durations, > 0 logs only |
|
507 | 507 | # statements running at least this number |
|
508 | 508 | # of milliseconds |
|
509 | 509 | |
|
510 | 510 | #log_min_duration_sample = -1 # -1 is disabled, 0 logs a sample of statements |
|
511 | 511 | # and their durations, > 0 logs only a sample of |
|
512 | 512 | # statements running at least this number |
|
513 | 513 | # of milliseconds; |
|
514 | 514 | # sample fraction is determined by log_statement_sample_rate |
|
515 | 515 | |
|
516 | 516 | #log_statement_sample_rate = 1.0 # fraction of logged statements exceeding |
|
517 | 517 | # log_min_duration_sample to be logged; |
|
518 | 518 | # 1.0 logs all such statements, 0.0 never logs |
|
519 | 519 | |
|
520 | 520 | |
|
521 | 521 | #log_transaction_sample_rate = 0.0 # fraction of transactions whose statements |
|
522 | 522 | # are logged regardless of their duration; 1.0 logs all |
|
523 | 523 | # statements from all transactions, 0.0 never logs |
|
524 | 524 | |
|
525 | 525 | # - What to Log - |
|
526 | 526 | |
|
527 | 527 | #debug_print_parse = off |
|
528 | 528 | #debug_print_rewritten = off |
|
529 | 529 | #debug_print_plan = off |
|
530 | 530 | #debug_pretty_print = on |
|
531 | 531 | #log_autovacuum_min_duration = -1 # log autovacuum activity; |
|
532 | 532 | # -1 disables, 0 logs all actions and |
|
533 | 533 | # their durations, > 0 logs only |
|
534 | 534 | # actions running at least this number |
|
535 | 535 | # of milliseconds. |
|
536 | 536 | #log_checkpoints = off |
|
537 | 537 | #log_connections = off |
|
538 | 538 | #log_disconnections = off |
|
539 | 539 | #log_duration = off |
|
540 | 540 | #log_error_verbosity = default # terse, default, or verbose messages |
|
541 | 541 | #log_hostname = off |
|
542 | 542 | #log_line_prefix = '%m [%p] ' # special values: |
|
543 | 543 | # %a = application name |
|
544 | 544 | # %u = user name |
|
545 | 545 | # %d = database name |
|
546 | 546 | # %r = remote host and port |
|
547 | 547 | # %h = remote host |
|
548 | 548 | # %b = backend type |
|
549 | 549 | # %p = process ID |
|
550 | 550 | # %P = process ID of parallel group leader |
|
551 | 551 | # %t = timestamp without milliseconds |
|
552 | 552 | # %m = timestamp with milliseconds |
|
553 | 553 | # %n = timestamp with milliseconds (as a Unix epoch) |
|
554 | 554 | # %Q = query ID (0 if none or not computed) |
|
555 | 555 | # %i = command tag |
|
556 | 556 | # %e = SQL state |
|
557 | 557 | # %c = session ID |
|
558 | 558 | # %l = session line number |
|
559 | 559 | # %s = session start timestamp |
|
560 | 560 | # %v = virtual transaction ID |
|
561 | 561 | # %x = transaction ID (0 if none) |
|
562 | 562 | # %q = stop here in non-session |
|
563 | 563 | # processes |
|
564 | 564 | # %% = '%' |
|
565 | 565 | # e.g. '<%u%%%d> ' |
|
566 | 566 | #log_lock_waits = off # log lock waits >= deadlock_timeout |
|
567 | 567 | #log_recovery_conflict_waits = off # log standby recovery conflict waits |
|
568 | 568 | # >= deadlock_timeout |
|
569 | 569 | #log_parameter_max_length = -1 # when logging statements, limit logged |
|
570 | 570 | # bind-parameter values to N bytes; |
|
571 | 571 | # -1 means print in full, 0 disables |
|
572 | 572 | #log_parameter_max_length_on_error = 0 # when logging an error, limit logged |
|
573 | 573 | # bind-parameter values to N bytes; |
|
574 | 574 | # -1 means print in full, 0 disables |
|
575 | 575 | #log_statement = 'none' # none, ddl, mod, all |
|
576 | 576 | #log_replication_commands = off |
|
577 | 577 | #log_temp_files = -1 # log temporary files equal or larger |
|
578 | 578 | # than the specified size in kilobytes; |
|
579 | 579 | # -1 disables, 0 logs all temp files |
|
580 | 580 | #log_timezone = 'GMT' |
|
581 | 581 | |
|
582 | 582 | |
|
583 | 583 | #------------------------------------------------------------------------------ |
|
584 | 584 | # PROCESS TITLE |
|
585 | 585 | #------------------------------------------------------------------------------ |
|
586 | 586 | |
|
587 | 587 | #cluster_name = '' # added to process titles if nonempty |
|
588 | 588 | # (change requires restart) |
|
589 | 589 | #update_process_title = on |
|
590 | 590 | |
|
591 | 591 | |
|
592 | 592 | #------------------------------------------------------------------------------ |
|
593 | 593 | # STATISTICS |
|
594 | 594 | #------------------------------------------------------------------------------ |
|
595 | 595 | |
|
596 | 596 | # - Query and Index Statistics Collector - |
|
597 | 597 | |
|
598 | 598 | #track_activities = on |
|
599 | 599 | #track_activity_query_size = 1024 # (change requires restart) |
|
600 | 600 | #track_counts = on |
|
601 | 601 | #track_io_timing = off |
|
602 | 602 | #track_wal_io_timing = off |
|
603 | 603 | #track_functions = none # none, pl, all |
|
604 | 604 | #stats_temp_directory = 'pg_stat_tmp' |
|
605 | 605 | |
|
606 | 606 | |
|
607 | 607 | # - Monitoring - |
|
608 | 608 | |
|
609 | 609 | #compute_query_id = auto |
|
610 | 610 | #log_statement_stats = off |
|
611 | 611 | #log_parser_stats = off |
|
612 | 612 | #log_planner_stats = off |
|
613 | 613 | #log_executor_stats = off |
|
614 | 614 | |
|
615 | 615 | |
|
616 | 616 | #------------------------------------------------------------------------------ |
|
617 | 617 | # AUTOVACUUM |
|
618 | 618 | #------------------------------------------------------------------------------ |
|
619 | 619 | |
|
620 | 620 | #autovacuum = on # Enable autovacuum subprocess? 'on' |
|
621 | 621 | # requires track_counts to also be on. |
|
622 | 622 | #autovacuum_max_workers = 3 # max number of autovacuum subprocesses |
|
623 | 623 | # (change requires restart) |
|
624 | 624 | #autovacuum_naptime = 1min # time between autovacuum runs |
|
625 | 625 | #autovacuum_vacuum_threshold = 50 # min number of row updates before |
|
626 | 626 | # vacuum |
|
627 | 627 | #autovacuum_vacuum_insert_threshold = 1000 # min number of row inserts |
|
628 | 628 | # before vacuum; -1 disables insert |
|
629 | 629 | # vacuums |
|
630 | 630 | #autovacuum_analyze_threshold = 50 # min number of row updates before |
|
631 | 631 | # analyze |
|
632 | 632 | #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum |
|
633 | 633 | #autovacuum_vacuum_insert_scale_factor = 0.2 # fraction of inserts over table |
|
634 | 634 | # size before insert vacuum |
|
635 | 635 | #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze |
|
636 | 636 | #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum |
|
637 | 637 | # (change requires restart) |
|
638 | 638 | #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age |
|
639 | 639 | # before forced vacuum |
|
640 | 640 | # (change requires restart) |
|
641 | 641 | #autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for |
|
642 | 642 | # autovacuum, in milliseconds; |
|
643 | 643 | # -1 means use vacuum_cost_delay |
|
644 | 644 | #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for |
|
645 | 645 | # autovacuum, -1 means use |
|
646 | 646 | # vacuum_cost_limit |
|
647 | 647 | |
|
648 | 648 | |
|
649 | 649 | #------------------------------------------------------------------------------ |
|
650 | 650 | # CLIENT CONNECTION DEFAULTS |
|
651 | 651 | #------------------------------------------------------------------------------ |
|
652 | 652 | |
|
653 | 653 | # - Statement Behavior - |
|
654 | 654 | |
|
655 | 655 | #client_min_messages = notice # values in order of decreasing detail: |
|
656 | 656 | # debug5 |
|
657 | 657 | # debug4 |
|
658 | 658 | # debug3 |
|
659 | 659 | # debug2 |
|
660 | 660 | # debug1 |
|
661 | 661 | # log |
|
662 | 662 | # notice |
|
663 | 663 | # warning |
|
664 | 664 | # error |
|
665 | 665 | #search_path = '"$user", public' # schema names |
|
666 | 666 | #row_security = on |
|
667 | 667 | #default_table_access_method = 'heap' |
|
668 | 668 | #default_tablespace = '' # a tablespace name, '' uses the default |
|
669 | 669 | #default_toast_compression = 'pglz' # 'pglz' or 'lz4' |
|
670 | 670 | #temp_tablespaces = '' # a list of tablespace names, '' uses |
|
671 | 671 | # only default tablespace |
|
672 | 672 | #check_function_bodies = on |
|
673 | 673 | #default_transaction_isolation = 'read committed' |
|
674 | 674 | #default_transaction_read_only = off |
|
675 | 675 | #default_transaction_deferrable = off |
|
676 | 676 | #session_replication_role = 'origin' |
|
677 | 677 | #statement_timeout = 0 # in milliseconds, 0 is disabled |
|
678 | 678 | #lock_timeout = 0 # in milliseconds, 0 is disabled |
|
679 | 679 | #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled |
|
680 | 680 | #idle_session_timeout = 0 # in milliseconds, 0 is disabled |
|
681 | 681 | #vacuum_freeze_table_age = 150000000 |
|
682 | 682 | #vacuum_freeze_min_age = 50000000 |
|
683 | 683 | #vacuum_failsafe_age = 1600000000 |
|
684 | 684 | #vacuum_multixact_freeze_table_age = 150000000 |
|
685 | 685 | #vacuum_multixact_freeze_min_age = 5000000 |
|
686 | 686 | #vacuum_multixact_failsafe_age = 1600000000 |
|
687 | 687 | #bytea_output = 'hex' # hex, escape |
|
688 | 688 | #xmlbinary = 'base64' |
|
689 | 689 | #xmloption = 'content' |
|
690 | 690 | #gin_pending_list_limit = 4MB |
|
691 | 691 | |
|
692 | 692 | # - Locale and Formatting - |
|
693 | 693 | |
|
694 | 694 | #datestyle = 'iso, mdy' |
|
695 | 695 | #intervalstyle = 'postgres' |
|
696 | 696 | #timezone = 'GMT' |
|
697 | 697 | #timezone_abbreviations = 'Default' # Select the set of available time zone |
|
698 | 698 | # abbreviations. Currently, there are |
|
699 | 699 | # Default |
|
700 | 700 | # Australia (historical usage) |
|
701 | 701 | # India |
|
702 | 702 | # You can create your own file in |
|
703 | 703 | # share/timezonesets/. |
|
704 | 704 | #extra_float_digits = 1 # min -15, max 3; any value >0 actually |
|
705 | 705 | # selects precise output mode |
|
706 | 706 | #client_encoding = sql_ascii # actually, defaults to database |
|
707 | 707 | # encoding |
|
708 | 708 | |
|
709 | 709 | # These settings are initialized by initdb, but they can be changed. |
|
710 | 710 | #lc_messages = 'C' # locale for system error message |
|
711 | 711 | # strings |
|
712 | 712 | #lc_monetary = 'C' # locale for monetary formatting |
|
713 | 713 | #lc_numeric = 'C' # locale for number formatting |
|
714 | 714 | #lc_time = 'C' # locale for time formatting |
|
715 | 715 | |
|
716 | 716 | # default configuration for text search |
|
717 | 717 | #default_text_search_config = 'pg_catalog.simple' |
|
718 | 718 | |
|
719 | 719 | # - Shared Library Preloading - |
|
720 | 720 | |
|
721 | 721 | #local_preload_libraries = '' |
|
722 | 722 | #session_preload_libraries = '' |
|
723 | 723 | #shared_preload_libraries = '' # (change requires restart) |
|
724 | 724 | #jit_provider = 'llvmjit' # JIT library to use |
|
725 | 725 | |
|
726 | 726 | # - Other Defaults - |
|
727 | 727 | |
|
728 | 728 | #dynamic_library_path = '$libdir' |
|
729 | 729 | #extension_destdir = '' # prepend path when loading extensions |
|
730 | 730 | # and shared objects (added by Debian) |
|
731 | 731 | #gin_fuzzy_search_limit = 0 |
|
732 | 732 | |
|
733 | 733 | |
|
734 | 734 | #------------------------------------------------------------------------------ |
|
735 | 735 | # LOCK MANAGEMENT |
|
736 | 736 | #------------------------------------------------------------------------------ |
|
737 | 737 | |
|
738 | 738 | #deadlock_timeout = 1s |
|
739 | 739 | #max_locks_per_transaction = 64 # min 10 |
|
740 | 740 | # (change requires restart) |
|
741 | 741 | #max_pred_locks_per_transaction = 64 # min 10 |
|
742 | 742 | # (change requires restart) |
|
743 | 743 | #max_pred_locks_per_relation = -2 # negative values mean |
|
744 | 744 | # (max_pred_locks_per_transaction |
|
745 | 745 | # / -max_pred_locks_per_relation) - 1 |
|
746 | 746 | #max_pred_locks_per_page = 2 # min 0 |
|
747 | 747 | |
|
748 | 748 | |
|
749 | 749 | #------------------------------------------------------------------------------ |
|
750 | 750 | # VERSION AND PLATFORM COMPATIBILITY |
|
751 | 751 | #------------------------------------------------------------------------------ |
|
752 | 752 | |
|
753 | 753 | # - Previous PostgreSQL Versions - |
|
754 | 754 | |
|
755 | 755 | #array_nulls = on |
|
756 | 756 | #backslash_quote = safe_encoding # on, off, or safe_encoding |
|
757 | 757 | #escape_string_warning = on |
|
758 | 758 | #lo_compat_privileges = off |
|
759 | 759 | #quote_all_identifiers = off |
|
760 | 760 | #standard_conforming_strings = on |
|
761 | 761 | #synchronize_seqscans = on |
|
762 | 762 | |
|
763 | 763 | # - Other Platforms and Clients - |
|
764 | 764 | |
|
765 | 765 | #transform_null_equals = off |
|
766 | 766 | |
|
767 | 767 | |
|
768 | 768 | #------------------------------------------------------------------------------ |
|
769 | 769 | # ERROR HANDLING |
|
770 | 770 | #------------------------------------------------------------------------------ |
|
771 | 771 | |
|
772 | 772 | #exit_on_error = off # terminate session on any error? |
|
773 | 773 | #restart_after_crash = on # reinitialize after backend crash? |
|
774 | 774 | #data_sync_retry = off # retry or panic on failure to fsync |
|
775 | 775 | # data? |
|
776 | 776 | # (change requires restart) |
|
777 | 777 | #recovery_init_sync_method = fsync # fsync, syncfs (Linux 5.8+) |
|
778 | 778 | |
|
779 | 779 | |
|
780 | 780 | #------------------------------------------------------------------------------ |
|
781 | 781 | # CONFIG FILE INCLUDES |
|
782 | 782 | #------------------------------------------------------------------------------ |
|
783 | 783 | |
|
784 | 784 | # These options allow settings to be loaded from files other than the |
|
785 | 785 | # default postgresql.conf. Note that these are directives, not variable |
|
786 | 786 | # assignments, so they can usefully be given more than once. |
|
787 | 787 | |
|
788 | 788 | #include_dir = '...' # include files ending in '.conf' from |
|
789 | 789 | # a directory, e.g., 'conf.d' |
|
790 | 790 | #include_if_exists = '...' # include file only if it exists |
|
791 | 791 | #include = '...' # include file |
|
792 | 792 | |
|
793 | 793 | |
|
794 | 794 | #------------------------------------------------------------------------------ |
|
795 | 795 | # CUSTOMIZED OPTIONS |
|
796 | 796 | #------------------------------------------------------------------------------ |
|
797 | 797 | |
|
798 | 798 | # Add settings for extensions here |
|
799 | 799 | |
|
800 | 800 | max_connections = 400 |
|
801 | 801 | shared_buffers = 1GB |
|
802 | 802 | effective_cache_size = 3GB |
|
803 | 803 | work_mem = 2621kB |
|
804 | 804 | maintenance_work_mem = 256MB |
|
805 | 805 | checkpoint_completion_target = 0.9 |
|
806 | 806 | wal_buffers = 16MB |
|
807 | 807 | default_statistics_target = 100 |
|
808 | 808 | password_encryption = md5 |
@@ -1,114 +1,131 b'' | |||
|
1 | 1 | # read more here http://tautt.com/best-nginx-configuration-for-security/ |
|
2 | 2 | |
|
3 | 3 | # config to don't allow the browser to render the page inside an frame or iframe |
|
4 | 4 | # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking |
|
5 | 5 | # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri |
|
6 | 6 | # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options |
|
7 | 7 | #add_header X-Frame-Options SAMEORIGIN; |
|
8 | 8 | |
|
9 | 9 | # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, |
|
10 | 10 | # to disable content-type sniffing on some browsers. |
|
11 | 11 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers |
|
12 | 12 | # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx |
|
13 | 13 | # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx |
|
14 | 14 | # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 |
|
15 | 15 | #add_header X-Content-Type-Options nosniff; |
|
16 | 16 | |
|
17 | 17 | # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. |
|
18 | 18 | # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for |
|
19 | 19 | # this particular website if it was disabled by the user. |
|
20 | 20 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers |
|
21 | 21 | #add_header X-XSS-Protection "1; mode=block"; |
|
22 | 22 | |
|
23 | 23 | # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy), |
|
24 | 24 | # you can tell the browser that it can only download content from the domains you explicitly allow |
|
25 | 25 | # http://www.html5rocks.com/en/tutorials/security/content-security-policy/ |
|
26 | 26 | # https://www.owasp.org/index.php/Content_Security_Policy |
|
27 | 27 | # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval' |
|
28 | 28 | # directives for css and js(if you have inline css or js, you will need to keep it too). |
|
29 | 29 | # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful |
|
30 | 30 | #add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; |
|
31 | 31 | |
|
32 | 32 | ## rate limiter for certain pages to prevent brute force attacks |
|
33 | 33 | limit_req_zone $binary_remote_addr zone=http_req_limit:10m rate=1r/s; |
|
34 | 34 | |
|
35 | 35 | ## custom log format |
|
36 | 36 | log_format http_log_custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time $pipe'; |
|
37 | 37 | |
|
38 | log_format json_log_custom escape=json | |
|
39 | '{' | |
|
40 | '"source":"nginx",' | |
|
41 | '"remote_user":"$remote_user",' | |
|
42 | '"time_local":"$time_local",' | |
|
43 | '"remote_addr":"$remote_addr",' | |
|
44 | '"request":"$request",' | |
|
45 | '"status": "$status",' | |
|
46 | '"request_method": "$request_method",' | |
|
47 | '"body_bytes_sent":"$body_bytes_sent",' | |
|
48 | '"request_time":"$request_time",' | |
|
49 | '"upstream_response_time":"$upstream_response_time",' | |
|
50 | '"http_referrer":"$http_referer",' | |
|
51 | '"http_user_agent":"$http_user_agent"' | |
|
52 | '}'; | |
|
53 | ||
|
54 | ||
|
38 | 55 | server { |
|
39 | 56 | listen 80 default; |
|
40 | 57 | # ensure we get the proper Docker DNS resolver for load balancing. |
|
41 | 58 | resolver 127.0.0.11 ipv6=off; |
|
42 | 59 | server_name localhost 127.0.0.1; |
|
43 |
access_log /var/log/rhodecode/nginx/rhodecode.http.access.log |
|
|
60 | access_log /var/log/rhodecode/nginx/rhodecode.http.access.log json_log_custom; | |
|
44 | 61 | error_log /var/log/rhodecode/nginx/rhodecode.http.error.log; |
|
45 | 62 | |
|
46 | 63 | # uncomment to redirect http traffic to https |
|
47 | 64 | #return 301 https://$host$request_uri; |
|
48 | 65 | |
|
49 | 66 | client_body_buffer_size 128k; |
|
50 | 67 | # maximum number and size of buffers for large headers to read from client request |
|
51 | 68 | large_client_header_buffers 16 256k; |
|
52 | 69 | |
|
53 | 70 | ## serve static files by nginx, recommended |
|
54 | 71 | location /_static/rhodecode { |
|
55 | 72 | gzip on; |
|
56 | 73 | gzip_min_length 500; |
|
57 | 74 | gzip_proxied any; |
|
58 | 75 | gzip_comp_level 4; |
|
59 | 76 | gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; |
|
60 | 77 | gzip_vary on; |
|
61 | 78 | gzip_disable "msie6"; |
|
62 | 79 | expires 60d; |
|
63 | 80 | |
|
64 | 81 | alias /var/opt/rhodecode_data/static; |
|
65 | 82 | } |
|
66 | 83 | |
|
67 | 84 | ## channelstream location handler, if channelstream live chat and notifications |
|
68 | 85 | ## are enable this will proxy the requests to channelstream websocket server |
|
69 | 86 | location /_channelstream { |
|
70 | 87 | rewrite /_channelstream/(.*) /$1 break; |
|
71 | 88 | gzip off; |
|
72 | 89 | tcp_nodelay off; |
|
73 | 90 | |
|
74 | 91 | proxy_connect_timeout 10; |
|
75 | 92 | proxy_send_timeout 10m; |
|
76 | 93 | proxy_read_timeout 10m; |
|
77 | 94 | |
|
78 | 95 | proxy_set_header Host $host; |
|
79 | 96 | proxy_set_header X-Real-IP $remote_addr; |
|
80 | 97 | proxy_set_header X-Url-Scheme $scheme; |
|
81 | 98 | proxy_set_header X-Forwarded-Proto $scheme; |
|
82 | 99 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
83 | 100 | |
|
84 | 101 | proxy_http_version 1.1; |
|
85 | 102 | proxy_set_header Upgrade $http_upgrade; |
|
86 | 103 | proxy_set_header Connection "upgrade"; |
|
87 | 104 | |
|
88 | 105 | proxy_pass http://channelstream:9800; |
|
89 | 106 | } |
|
90 | 107 | |
|
91 | 108 | ## rate limit this endpoint to prevent login page brute-force attacks |
|
92 | 109 | location /_admin/login { |
|
93 | 110 | limit_req zone=http_req_limit burst=10 nodelay; |
|
94 | 111 | try_files $uri @rhodecode_http; |
|
95 | 112 | } |
|
96 | 113 | |
|
97 | 114 | location / { |
|
98 | 115 | include /etc/nginx/proxy.conf; |
|
99 | 116 | try_files $uri @rhodecode_http; |
|
100 | 117 | } |
|
101 | 118 | |
|
102 | 119 | location @rhodecode_http { |
|
103 | 120 | include /etc/nginx/proxy.conf; |
|
104 | 121 | proxy_pass http://rhodecode:10020; |
|
105 | 122 | } |
|
106 | 123 | |
|
107 | 124 | ## Custom 502 error page. |
|
108 | 125 | ## Will be displayed while RhodeCode server is turned off |
|
109 | 126 | error_page 502 /502.html; |
|
110 | 127 | location = /502.html { |
|
111 | 128 | root /var/opt/static; |
|
112 | 129 | } |
|
113 | 130 | |
|
114 | 131 | } |
@@ -1,305 +1,305 b'' | |||
|
1 |
FROM ubuntu: |
|
|
2 |
# Using 2 |
|
|
1 | FROM ubuntu:22.04 | |
|
2 | # Using 22.04 LTS Release | |
|
3 | 3 | MAINTAINER RhodeCode Inc. <support@rhodecode.com> |
|
4 | 4 | |
|
5 | 5 | ARG TZ="UTC" |
|
6 | 6 | ARG LOCALE_TYPE=en_US.UTF-8 |
|
7 | 7 | ARG RHODECODE_TYPE=Enterprise |
|
8 | 8 | # source-install |
|
9 | 9 | ARG RHODECODE_VERSION=4.26.0 |
|
10 | 10 | |
|
11 | 11 | ARG RHODECODE_DB=sqlite |
|
12 | 12 | ARG RHODECODE_USER_NAME=admin |
|
13 | 13 | ARG RHODECODE_USER_PASS=secret4 |
|
14 | 14 | ARG RHODECODE_USER_EMAIL=support@rhodecode.com |
|
15 | 15 | |
|
16 | 16 | # nix ver/channels |
|
17 | 17 | ARG DEV_NIX_VERSION=2.0.4 |
|
18 | 18 | ARG DEV_NIX_CHANNEL=nixos-18.03 |
|
19 | 19 | |
|
20 | 20 | # env are runtime |
|
21 | 21 | ENV \ |
|
22 | 22 | TZ=${TZ} \ |
|
23 | 23 | LOCALE_TYPE=${LOCALE_TYPE} \ |
|
24 | 24 | \ |
|
25 | 25 | ## Define type we build, and the instance we'll create |
|
26 | 26 | RHODECODE_TYPE=${RHODECODE_TYPE} \ |
|
27 | 27 | RC_TYPE_ID=enterprise-1 \ |
|
28 | 28 | \ |
|
29 | 29 | ## SETUP ARGS FOR INSTALLATION ## |
|
30 | 30 | ## set version we build on, get from .env or set default ver |
|
31 | 31 | RHODECODE_VERSION=${RHODECODE_VERSION} \ |
|
32 | 32 | \ |
|
33 | 33 | ## set DB, default sqlite |
|
34 | 34 | RHODECODE_DB=${RHODECODE_DB} \ |
|
35 | 35 | \ |
|
36 | 36 | ## set app bootstrap required data |
|
37 | 37 | RHODECODE_USER_NAME=${RHODECODE_USER_NAME} \ |
|
38 | 38 | RHODECODE_USER_PASS=${RHODECODE_USER_PASS} \ |
|
39 | 39 | RHODECODE_USER_EMAIL=${RHODECODE_USER_EMAIL} \ |
|
40 | 40 | \ |
|
41 | 41 | RC_USER=rhodecode \ |
|
42 | 42 | \ |
|
43 | 43 | # SVN CONFIG |
|
44 | 44 | MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \ |
|
45 | 45 | MOD_DAV_SVN_PORT=8090 \ |
|
46 | 46 | \ |
|
47 | 47 | # SSHD CONFIG |
|
48 | 48 | SSHD_CONF_FILE=/etc/rhodecode/sshd_config \ |
|
49 | 49 | \ |
|
50 | 50 | BUILD_CONF=/etc/rhodecode/conf_build \ |
|
51 | 51 | BUILD_BIN_DIR=/var/opt/rhodecode_bin \ |
|
52 | 52 | RHODECODE_DATA_DIR=/var/opt/rhodecode_data \ |
|
53 | 53 | RHODECODE_REPO_DIR=/var/opt/rhodecode_repo_store \ |
|
54 | 54 | RHODECODE_HTTP_PORT=10020 \ |
|
55 | 55 | RHODECODE_VCS_PORT=10010 \ |
|
56 | 56 | RHODECODE_HOST=0.0.0.0 \ |
|
57 | 57 | RHODECODE_VCS_HOST=127.0.0.1 |
|
58 | 58 | |
|
59 | 59 | ENV \ |
|
60 | 60 | RCCONTROL=/home/$RC_USER/.rccontrol-profile/bin/rccontrol \ |
|
61 | 61 | SUPERVISOR_CONF=/home/$RC_USER/.rccontrol/supervisor/supervisord.ini \ |
|
62 | 62 | # make application scripts visible |
|
63 | 63 | PATH=$PATH:/home/$RC_USER/.rccontrol-profile/bin |
|
64 | 64 | |
|
65 | 65 | ENV SVN_LOCALE_DEPS apache2 apache2-utils libapache2-mod-svn |
|
66 | 66 | ENV SSH_LOCALE_DEPS openssh-server |
|
67 | 67 | ENV PYTHON_DEPS python2 |
|
68 | 68 | ENV EXTRA_DEPS vim |
|
69 | 69 | |
|
70 | 70 | ENV \ |
|
71 | 71 | PATH=$PATH:/nix/var/nix/profiles/per-user/$RC_USER/profile/bin:/home/$RC_USER/rhodecode-enterprise-ee/profile/bin \ |
|
72 | 72 | NIX_BLD_USER=nixbld \ |
|
73 | 73 | NIX_PATH=/nix/var/nix/profiles/per-user/$RC_USER/channels \ |
|
74 | 74 | NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt |
|
75 | 75 | |
|
76 | 76 | |
|
77 | 77 | RUN \ |
|
78 | 78 | echo "** install base packages **" && \ |
|
79 | 79 | set -eux; \ |
|
80 | 80 | \ |
|
81 | 81 | savedAptMark="$(apt-mark showmanual)"; \ |
|
82 | 82 | apt-get update; \ |
|
83 | 83 | DEBIAN_FRONTEND="noninteractive" \ |
|
84 | 84 | apt-get install -y --no-install-recommends \ |
|
85 | 85 | tini \ |
|
86 | 86 | bash \ |
|
87 | 87 | binutils \ |
|
88 | 88 | tzdata \ |
|
89 | 89 | locales \ |
|
90 | 90 | openssl \ |
|
91 | 91 | curl \ |
|
92 | 92 | sudo \ |
|
93 | 93 | gosu \ |
|
94 | 94 | bzip2 \ |
|
95 | 95 | ca-certificates \ |
|
96 | 96 | $PYTHON_DEPS \ |
|
97 | 97 | $SSH_LOCALE_DEPS \ |
|
98 | 98 | $SVN_LOCALE_DEPS \ |
|
99 | 99 | $EXTRA_DEPS \ |
|
100 | 100 | ; \ |
|
101 | 101 | rm -rf /var/lib/apt/lists/*; |
|
102 | 102 | |
|
103 | 103 | RUN \ |
|
104 | 104 | echo "** Configure the python executable for py2/3 compat **" && \ |
|
105 | 105 | ISPY=$(which python3 || which python2) && \ |
|
106 | 106 | if [ -n $ISPY ] ; then ln -s $ISPY /usr/bin/python ; fi |
|
107 | 107 | |
|
108 | 108 | RUN \ |
|
109 | 109 | echo "** Configure the locales **" && \ |
|
110 | 110 | sed -i "s/^# ${LOCALE_TYPE}/${LOCALE_TYPE}/g" /etc/locale.gen && \ |
|
111 | 111 | locale-gen |
|
112 | 112 | |
|
113 | 113 | # locale-archive is a fix for old nix glibc2.26 locales available |
|
114 | 114 | ENV \ |
|
115 | 115 | LOCALE_ARCHIVE=/var/opt/locale-archive \ |
|
116 | 116 | LANG=${LOCALE_TYPE} \ |
|
117 | 117 | LANGUAGE=${LOCALE_TYPE} \ |
|
118 | 118 | LC_ALL=${LOCALE_TYPE} |
|
119 | 119 | |
|
120 | 120 | # configure the system user |
|
121 | 121 | # explicitly set uid/gid to guarantee that it won't change in the future |
|
122 | 122 | # the values 999:999 are identical to the current user/group id assigned |
|
123 | 123 | RUN \ |
|
124 | 124 | echo "** Create system user $RC_USER **" && \ |
|
125 | 125 | groupadd --system --gid 999 $RC_USER && \ |
|
126 | 126 | useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \ |
|
127 | 127 | usermod -G $RC_USER $RC_USER |
|
128 | 128 | |
|
129 | 129 | RUN \ |
|
130 | 130 | echo "** Create nix-build user $NIX_BLD_USER **" && \ |
|
131 | 131 | groupadd --system --gid 1099 $NIX_BLD_USER && \ |
|
132 | 132 | useradd --system --gid $NIX_BLD_USER --uid 1099 --shell /bin/bash $NIX_BLD_USER && \ |
|
133 | 133 | usermod -G $NIX_BLD_USER $NIX_BLD_USER |
|
134 | 134 | |
|
135 | 135 | RUN \ |
|
136 | 136 | echo "** disable nix sandboxing **" && \ |
|
137 | 137 | mkdir /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf |
|
138 | 138 | |
|
139 | 139 | |
|
140 | 140 | # set the defult bash shell |
|
141 | 141 | SHELL ["/bin/bash", "-c"] |
|
142 | 142 | |
|
143 | 143 | # Fix and set a timezone |
|
144 | 144 | RUN \ |
|
145 | 145 | echo "** configure the timezone **" && \ |
|
146 | 146 | rm /etc/localtime && cp /usr/share/zoneinfo/$TZ /etc/localtime && \ |
|
147 | 147 | echo $TZ > /etc/timezone |
|
148 | 148 | |
|
149 | 149 | |
|
150 | 150 | RUN \ |
|
151 | 151 | echo "** prepare rhodecode store and cache **" && \ |
|
152 | 152 | install -d -m 0700 -o $RC_USER -g $RC_USER /nix && \ |
|
153 | 153 | install -d -m 0755 -o $RC_USER -g $RC_USER /opt/rhodecode && \ |
|
154 | 154 | install -d -m 0755 -o $RC_USER -g $RC_USER /var/opt/rhodecode_bin && \ |
|
155 | 155 | install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_REPO_DIR && \ |
|
156 | 156 | install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_DATA_DIR && \ |
|
157 | 157 | install -d -m 0755 -o $RC_USER -g $RC_USER $BUILD_CONF && \ |
|
158 | 158 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-vcsserver && \ |
|
159 | 159 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ce && \ |
|
160 | 160 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ee && \ |
|
161 | 161 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/ && \ |
|
162 | 162 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol && \ |
|
163 | 163 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/cache && \ |
|
164 | 164 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/bootstrap && \ |
|
165 | 165 | install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh |
|
166 | 166 | |
|
167 | 167 | # expose our custom sshd config |
|
168 | 168 | COPY service/sshd/sshd_config $SSHD_CONF_FILE |
|
169 | 169 | |
|
170 | 170 | # Apache SVN setup |
|
171 | 171 | RUN \ |
|
172 | 172 | echo "**** Apache config cleanup ****" && \ |
|
173 | 173 | rm -f /etc/apache2/conf.d/info.conf \ |
|
174 | 174 | /etc/apache2/conf.d/mpm.conf \ |
|
175 | 175 | /etc/apache2/conf.d/userdir.conf && \ |
|
176 | 176 | rm -f /etc/apache2/sites-enabled/* && \ |
|
177 | 177 | rm -f /etc/apache2/sites-available/* |
|
178 | 178 | |
|
179 | 179 | # custom SVN virtualhost |
|
180 | 180 | COPY service/svn/virtualhost.conf /etc/apache2/sites-enabled/ |
|
181 | 181 | |
|
182 | 182 | RUN \ |
|
183 | 183 | echo "**** Apache config ****" && \ |
|
184 | 184 | echo $(strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \ |
|
185 | 185 | mkdir -p /run/apache2 && \ |
|
186 | 186 | mkdir -p /var/opt/www && \ |
|
187 | 187 | echo "unset HOME" > /etc/apache2/envvars && \ |
|
188 | 188 | echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ |
|
189 | 189 | echo "export APACHE_PID_FILE=/var/run/apache2/apache2.pid" >> /etc/apache2/envvars && \ |
|
190 | 190 | echo "export APACHE_RUN_DIR=/var/run/apache2" >> /etc/apache2/envvars && \ |
|
191 | 191 | echo "export APACHE_LOCK_DIR=/var/lock/apache2" >> /etc/apache2/envvars && \ |
|
192 | 192 | echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ |
|
193 | 193 | echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \ |
|
194 | 194 | sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /etc/apache2/ports.conf |
|
195 | 195 | |
|
196 | 196 | |
|
197 | 197 | # Copy artifacts |
|
198 | 198 | COPY --chown=$RC_USER:$RC_USER .source/ /home/$RC_USER/ |
|
199 | 199 | COPY --chown=$RC_USER:$RC_USER .cache/* /home/$RC_USER/.rccontrol/cache/ |
|
200 | 200 | COPY --chown=$RC_USER:$RC_USER config/compose/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/ |
|
201 | 201 | COPY --chown=$RC_USER:$RC_USER service/rhodecode/bootstrap/* /home/$RC_USER/.rccontrol/bootstrap/ |
|
202 | 202 | |
|
203 | 203 | RUN \ |
|
204 | 204 | echo "**** locale-archive path ****" && \ |
|
205 | 205 | mv -v /home/$RC_USER/.rccontrol/cache/locale-archive /var/opt/locale-archive |
|
206 | 206 | |
|
207 | 207 | # change to non-root user for RUN commands |
|
208 | 208 | USER $RC_USER |
|
209 | 209 | WORKDIR /home/$RC_USER |
|
210 | 210 | |
|
211 | 211 | |
|
212 | 212 | RUN \ |
|
213 | 213 | echo "** download and install nix ** from $DEV_NIX_VERSION/install" && \ |
|
214 | 214 | curl -L https://releases.nixos.org/nix/nix-$DEV_NIX_VERSION/install | USER=$RC_USER /bin/bash |
|
215 | 215 | |
|
216 | 216 | RUN \ |
|
217 | 217 | echo "** update nix package database and set channel to $DEV_NIX_CHANNEL **" && \ |
|
218 | 218 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ |
|
219 | 219 | nix-channel --add https://channels.nixos.org/$DEV_NIX_CHANNEL nixpkgs && \ |
|
220 | 220 | nix-channel --update |
|
221 | 221 | |
|
222 | 222 | |
|
223 | 223 | RUN \ |
|
224 | 224 | echo "** save nix config **" && \ |
|
225 | 225 | touch /home/$RC_USER/.rhoderc && \ |
|
226 | 226 | mkdir -p /home/$RC_USER/.nixpkgs && touch /home/$RC_USER/.nixpkgs/config.nix && \ |
|
227 | 227 | printf '{\n rc = {\n sources = {\n rhodecode-vcsserver = "/home/'$RC_USER'/rhodecode-vcsserver";\n rhodecode-enterprise-ce = "/home/'$RC_USER'/rhodecode-enterprise-ce";\n rhodecode-enterprise-ee = "/home/'$RC_USER'/rhodecode-enterprise-ee";\n };\n };\n}\n' > /home/$RC_USER/.nixpkgs/config.nix |
|
228 | 228 | |
|
229 | 229 | |
|
230 | 230 | RUN \ |
|
231 | 231 | echo "** install rhodecode control **" && \ |
|
232 | 232 | # cd /home/$RC_USER/.rccontrol/cache && \ |
|
233 | 233 | # INSTALLER=$(ls -Art /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* | tail -n 1) && \ |
|
234 | 234 | # chmod +x ${INSTALLER} && \ |
|
235 | 235 | # ${INSTALLER} --accept-license && \ |
|
236 | 236 | # ${RCCONTROL} self-init && \ |
|
237 | 237 | # cp -v /home/$RC_USER/.rccontrol-profile/etc/ca-bundle.crt $BUILD_CONF/ && \ |
|
238 | 238 | echo "Done" |
|
239 | 239 | |
|
240 | 240 | RUN \ |
|
241 | 241 | echo "** install build vcsserver ${RHODECODE_VERSION} **" && \ |
|
242 | 242 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ |
|
243 | 243 | nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link rhodecode-vcsserver/result rhodecode-vcsserver/default.nix && \ |
|
244 | 244 | nix-shell --command 'echo ok' rhodecode-vcsserver/default.nix && \ |
|
245 | 245 | VCSSERVER_PATH=/home/$RC_USER/rhodecode-vcsserver && \ |
|
246 | 246 | rm -rf $BUILD_BIN_DIR/vcs_bin && ln -s ${VCSSERVER_PATH}/result/bin $BUILD_BIN_DIR/vcs_bin && \ |
|
247 | 247 | cp -v ${VCSSERVER_PATH}/configs/production.ini $BUILD_CONF/vcsserver.ini |
|
248 | 248 | |
|
249 | 249 | RUN \ |
|
250 | 250 | echo "** install build Community ${RHODECODE_VERSION} **" && \ |
|
251 | 251 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ |
|
252 | 252 | echo "done" |
|
253 | 253 | |
|
254 | 254 | RUN \ |
|
255 | 255 | echo "** install build Enterprise ${RHODECODE_VERSION} **" && \ |
|
256 | 256 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ |
|
257 | 257 | nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link rhodecode-enterprise-ee/result rhodecode-enterprise-ee/default.nix && \ |
|
258 | 258 | nix-shell --command 'echo ok' rhodecode-enterprise-ee/default.nix && \ |
|
259 | 259 | RHODECODE_PATH=/home/$RC_USER/rhodecode-enterprise-ee && \ |
|
260 | 260 | rm -rf $BUILD_BIN_DIR/bin && ln -s ${RHODECODE_PATH}/result/bin $BUILD_BIN_DIR/ && \ |
|
261 | 261 | cp -v ${RHODECODE_PATH}/configs/production.ini $BUILD_CONF/rhodecode.ini && \ |
|
262 | 262 | cp -v ${RHODECODE_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf.py && \ |
|
263 | 263 | mkdir -p $RHODECODE_DATA_DIR/static && cp -r ${RHODECODE_PATH}/result/etc/static/* $RHODECODE_DATA_DIR/static/ |
|
264 | 264 | |
|
265 | 265 | |
|
266 | 266 | RUN \ |
|
267 | 267 | echo "** configure supervisord **" && \ |
|
268 | 268 | #cp -v ${SUPERVISOR_CONF} $BUILD_CONF/ && \ |
|
269 | 269 | #sed -i "s/self_managed_supervisor = False/self_managed_supervisor = True/g" /home/$RC_USER/.rccontrol.ini && \ |
|
270 | 270 | echo "done" |
|
271 | 271 | |
|
272 | 272 | USER root |
|
273 | 273 | |
|
274 | 274 | |
|
275 | 275 | RUN \ |
|
276 | 276 | echo "**** cleanup ****" && \ |
|
277 | 277 | apt-get remove -y $PYTHON_DEPS && \ |
|
278 | 278 | apt-get autoclean -y && \ |
|
279 | 279 | rm -f /tmp/* && \ |
|
280 | 280 | rm -f /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* && \ |
|
281 | 281 | rm -f /home/$RC_USER/.rccontrol/cache/*.bz2 && \ |
|
282 | 282 | rm -rf /var/lib/apt/lists/* \ |
|
283 | 283 | rm -rf /var/cache/apk/* \ |
|
284 | 284 | rm ${SUPERVISOR_CONF} |
|
285 | 285 | |
|
286 | 286 | # copy entrypoints |
|
287 | 287 | COPY entrypoints.d/entrypoint.sh /opt/entrypoints.d/entrypoint.sh |
|
288 | 288 | RUN chmod +x /opt/entrypoints.d/entrypoint.sh |
|
289 | 289 | |
|
290 | 290 | # config volume |
|
291 | 291 | VOLUME /etc/rhodecode/conf |
|
292 | 292 | |
|
293 | 293 | # repo store volume |
|
294 | 294 | VOLUME /var/opt/rhodecode_repo_store |
|
295 | 295 | |
|
296 | 296 | # data volume |
|
297 | 297 | VOLUME /var/opt/rhodecode_data |
|
298 | 298 | |
|
299 | 299 | # logs volume |
|
300 | 300 | VOLUME /var/log/rhodecode |
|
301 | 301 | |
|
302 | 302 | ENTRYPOINT ["/opt/entrypoints.d/entrypoint.sh"] |
|
303 | 303 | |
|
304 | 304 | # compose can override this |
|
305 | 305 | CMD ["supervisord", "--nodaemon", "-c", "/etc/rhodecode/conf/supervisord.ini"] |
@@ -1,70 +1,72 b'' | |||
|
1 | FROM debian:buster | |
|
1 | FROM ubuntu:22.04 | |
|
2 | # Using 22.04 LTS Release | |
|
2 | 3 | MAINTAINER RhodeCode Inc. <support@rhodecode.com> |
|
3 | 4 | |
|
5 | ||
|
4 | 6 | ENV \ |
|
5 | 7 | RC_USER=rhodecode \ |
|
6 | 8 | MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf |
|
7 | 9 | |
|
8 | 10 | RUN \ |
|
9 | 11 | echo "** install base svn packages **" && \ |
|
10 |
ap |
|
|
11 |
ap |
|
|
12 | apt-get update && \ | |
|
13 | apt-get install --no-cache \ | |
|
12 | 14 | tini \ |
|
13 | 15 | bash \ |
|
14 | 16 | curl \ |
|
15 | 17 | apache2 \ |
|
16 | 18 | apache2-utils \ |
|
17 | 19 | apache2-webdav \ |
|
18 | 20 | mod_dav_svn \ |
|
19 | 21 | subversion |
|
20 | 22 | |
|
21 | 23 | # configure the system user |
|
22 | 24 | # explicitly set uid/gid to guarantee that it won't change in the future |
|
23 | 25 | # the values 999:999 are identical to the current user/group id assigned |
|
24 | 26 | RUN \ |
|
25 | 27 | echo "** Create system user $RC_USER **" && \ |
|
26 | 28 | groupadd --system --gid 999 $RC_USER && \ |
|
27 | 29 | useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER |
|
28 | 30 | |
|
29 | 31 | |
|
30 | 32 | RUN \ |
|
31 | 33 | echo "**** cleanup ****" && \ |
|
32 |
ap |
|
|
34 | apt-get purge tzdata python2 && \ | |
|
33 | 35 | rm -f /tmp/* && \ |
|
34 | 36 | rm -rf /var/lib/apt/lists/* \ |
|
35 | 37 | rm -rf /var/cache/apk/* |
|
36 | 38 | |
|
37 | 39 | RUN \ |
|
38 | 40 | echo "**** Apache config cleanup ****" && \ |
|
39 | 41 | rm -f /etc/apache2/conf.d/info.conf \ |
|
40 | 42 | /etc/apache2/conf.d/mpm.conf \ |
|
41 | 43 | /etc/apache2/conf.d/userdir.conf |
|
42 | 44 | |
|
43 | 45 | |
|
44 | 46 | COPY svn/virtualhost.conf /etc/apache2/conf.d/ |
|
45 | 47 | |
|
46 | 48 | # copy entrypoints |
|
47 | 49 | COPY entrypoints.d/svn-entrypoint.sh /opt/entrypoints.d/svn-entrypoint.sh |
|
48 | 50 | RUN chmod +x /opt/entrypoints.d/svn-entrypoint.sh |
|
49 | 51 | |
|
50 | 52 | RUN \ |
|
51 | 53 | echo $(strings /usr/lib/apache2/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \ |
|
52 | 54 | mkdir -p /run/apache2 && \ |
|
53 | 55 | mkdir -p /var/opt/www && \ |
|
54 | 56 | echo "export APACHE_RUN_USER=${RC_USER}" > /etc/apache2/envvars && \ |
|
55 | 57 | echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \ |
|
56 | 58 | sed -i "s/User apache/User ${RC_USER}/g" /etc/apache2/httpd.conf && \ |
|
57 | 59 | sed -i "s/Group apache/Group ${RC_USER}/g" /etc/apache2/httpd.conf |
|
58 | 60 | |
|
59 | 61 | # repo store volume |
|
60 | 62 | VOLUME /var/opt/rhodecode_repo_store |
|
61 | 63 | |
|
62 | 64 | # config volume |
|
63 | 65 | VOLUME /etc/rhodecode/conf |
|
64 | 66 | |
|
65 | 67 | # logs volume |
|
66 | 68 | VOLUME /var/log/rhodecode |
|
67 | 69 | |
|
68 | 70 | ENTRYPOINT ["/opt/entrypoints.d/svn-entrypoint.sh"] |
|
69 | 71 | |
|
70 | 72 | CMD ["apachectl", "-D", "FOREGROUND"] |
General Comments 0
You need to be logged in to leave comments.
Login now