##// END OF EJS Templates
rhodecode-enterprise-docker
RSS
stack: updated loki/grafana stacks...
super-admin -
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,50 b''
1 auth_enabled: false
2
3 server:
4 http_listen_address: 0.0.0.0
5 grpc_listen_address: 0.0.0.0
6 http_listen_port: 3100
7 grpc_listen_port: 9095
8 log_level: info
9
10 common:
11 path_prefix: /tmp/loki
12 storage:
13 filesystem:
14 chunks_directory: /tmp/loki/chunks
15 rules_directory: /tmp/loki/rules
16 replication_factor: 1
17 ring:
18 instance_addr: 127.0.0.1
19 kvstore:
20 store: inmemory
21
22 schema_config:
23 configs:
24 - from: 2020-10-24
25 store: boltdb-shipper
26 object_store: filesystem
27 schema: v11
28 index:
29 prefix: index_
30 period: 24h
31
32 limits_config:
33 max_streams_per_user: 100000
34
35 ingestion_burst_size_mb: 64
36 ingestion_rate_mb: 512
37
38 per_stream_rate_limit: 512M
39 per_stream_rate_limit_burst: 1024M
40 max_entries_limit_per_query: 1000000
41 max_label_value_length: 20480
42 max_label_name_length: 10240
43
44 ruler:
45 alertmanager_url: http://localhost:9093
46
47 # If you would like to disable reporting, uncomment the following lines:
48 #analytics:
49 # reporting_enabled: false
50
Show file before | Show file after | Hide comments
@@ -0,0 +1,38 b''
1 server:
2 http_listen_port: 9080
3 grpc_listen_port: 0
4
5 # Describes how to save read file offsets to disk
6 positions:
7 filename: /tmp/positions.yaml
8
9 clients:
10 - url: http://loki:3100/loki/api/v1/push
11 tenant_id: docker
12
13 ## Definition to what to scrape
14 scrape_configs:
15
16 - job_name: scraping_nginx
17 static_configs:
18 - targets:
19 - localhost
20 labels:
21 __path__: /var/log_volume/nginx/rhodecode*
22 job: nginx
23
24 - job_name: scraping_vcsserver
25 static_configs:
26 - targets:
27 - localhost
28 labels:
29 __path__: /var/log_volume/apps/rhodecode*
30 job: rhodecode
31
32 - job_name: scraping_rhodecode
33 static_configs:
34 - targets:
35 - localhost
36 labels:
37 __path__: /var/log_volume/apps/vcsserver*
38 job: vcsserver No newline at end of file
Show file before | Show file after | Hide comments
@@ -0,0 +1,31 b''
1 defaults:
2 # metrics expiration
3 ttl: 48h
4
5 mappings:
6
7 - match: "*.histogram"
8 name: "${1}"
9 observer_type: histogram
10 histogram_options:
11 buckets: [.1, .25, .5, .75, 1, 1.5, 2, 5, 10]
12
13 - match: "*.slow_histogram"
14 name: "${1}"
15 observer_type: histogram
16 histogram_options:
17 buckets: [.1, .25, .5, 1, 2, 5, 10, 30, 60]
18
19 - match: "*.summary"
20 name: "${1}"
21 observer_type: summary
22 summary_options:
23 quantiles:
24 - quantile: 0.99
25 error: 0.001
26 - quantile: 0.95
27 error: 0.01
28 - quantile: 0.9
29 error: 0.05
30 - quantile: 0.5
31 error: 0.005
Show file before | Show file after | Hide comments
1 NO CONTENT: new file 100644
Show file before | Show file after | Hide comments
@@ -1,10 +1,17 b''
1 1 global:
2 scrape_interval: 10s
3 evaluation_interval: 10s
2 scrape_interval: 15s
3 evaluation_interval: 15s
4 4
5 5 scrape_configs:
6 # Scrape statsd exporter
6
7 # Scrape statsd exporter from RhodeCode
7 8 - job_name: "rhodecode_metrics"
8 9 metrics_path: "/metrics"
9 10 static_configs:
10 11 - targets: ["statsd-exporter:9102"]
12
13 # scrape node exporter
14 - job_name: node_metrics
15 metrics_path: "/metrics"
16 static_configs:
17 - targets: ["node-exporter:9100"]
Show file before | Show file after | Hide comments
@@ -1,68 +1,75 b''
1 1 #!/usr/bin/env bash
2 2 set -euo pipefail
3 3 IFS=$'\n\t'
4 4 CURRENT_USER_UID=$(id -u)
5 5 CURRENT_USER_GID=$(id -g)
6 6 USER_UID=${USER_UID:-$CURRENT_USER_UID}
7 7 USER_GID=${USER_GID:-$CURRENT_USER_GID}
8 8 CMD="docker-compose -f docker-compose.yml"
9 9 BUILD_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml"
10 10 DEV_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml -f docker-compose.dev.yaml"
11 DEV_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml -f docker-compose.dev.yaml"
12 METRICS_CMD="docker-compose -f docker-compose-grafana.yaml"
11 13
12 14 usage="$(basename "$0") ./dev.sh <COMMAND> -- run docker command
13 15 where <COMMAND>:
14 16 [v]cs -- run bash console for vcsserver
15 17 [r]c -- run bash console for rhodecode-ee
16 18 ce -- run bash console for rhodecode-ce
17 19 [t]est[s] -- run bash console for rhodecode-ce tests
18 20 test-mysql -- run bash console for rhodecode-ce tests with mysql
19 21 test-pgsql -- run bash console for rhodecode-ce tests with postgres
20 22 dev-build -- build rhodecode dev app for use without cache use
21 23 dev-env -- run the dev stack required for development
22 24 redis -- run the redis CLI attached to rc_cluster_redis_1
23 25 db -- run the db bash attached to rc_cluster_database_1
26 [m]etrics -- run the metrics stack
24 27 run <cmd> -- run <cmd>"
25 28
26 29 case ${1:-} in
27 30 v|vcs )
28 eval "(docker stop vcsserver-dev || echo skip-stop ) && ${DEV_CMD} run --service-ports --rm --use-aliases --workdir="/home/rhodecode/rhodecode-vcsserver" --name="vcsserver-dev" vcsserver bash"
31 eval "(docker stop dev-vcsserver || echo skip-stop ) && ${DEV_CMD} run --service-ports --rm --use-aliases --workdir="/home/rhodecode/rhodecode-vcsserver" --name="dev-vcsserver" vcsserver bash"
29 32 exit
30 33 ;;
31 34 r|rc )
32 eval "(docker stop enterprise-ee-dev || echo skip-stop ) && ${DEV_CMD} run --publish 8080:8080 --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ee" --name="enterprise-ee-dev" rhodecode bash"
35 eval "(docker stop dev-enterprise-ee || echo skip-stop ) && ${DEV_CMD} run --publish 8080:8080 --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ee" --name="dev-enterprise-ee" rhodecode bash"
33 36 exit
34 37 ;;
35 38 ce )
36 eval "(docker stop enterprise-ce-dev || echo skip-stop ) && ${DEV_CMD} run --publish 8081:8080 --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ce" --name="enterprise-ce-dev" rhodecode bash"
39 eval "(docker stop dev-enterprise-ce || echo skip-stop ) && ${DEV_CMD} run --publish 8081:8080 --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ce" --name="dev-enterprise-ce" rhodecode bash"
37 40 exit
38 41 ;;
39 42 t|test|tests )
40 43 eval "${DEV_CMD} run --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ce" --name="enterprise-dev-test" rhodecode bash"
41 44 exit
42 45 ;;
43 46 dev-build )
44 47 eval "${BUILD_CMD} up --detach database && ${BUILD_CMD} build --no-cache --progress=plain rhodecode"
45 48 exit
46 49 ;;
47 50 dev-env )
48 51 eval "${BUILD_CMD} up --detach database redis channelstream nginx celery beat elasticsearch"
49 52 exit
50 53 ;;
51 54 redis )
52 55 eval "docker exec --interactive --tty rc_cluster_redis_1 redis-cli"
53 56 exit
54 57 ;;
55 58 db )
56 59 eval "docker exec --interactive --tty rc_cluster_database_1 /bin/bash -c 'psql -U $$POSTGRES_USER' "
57 60 exit
58 61 ;;
62 m|metrics )
63 eval "${METRICS_CMD} up --detach"
64 exit
65 ;;
59 66 run )
60 67 command=${@:2}
61 68 eval "${DEV_CMD} run --rm rhodecode ${command}"
62 69 exit
63 70 ;;
64 71 * )
65 72 echo "${usage}"
66 73 exit
67 74 ;;
68 75 esac
Show file before | Show file after | Hide comments
@@ -1,58 +1,110 b''
1 1 version: '3.9'
2 2
3 3 volumes:
4 4 prometheus_data: {}
5 5 grafana_data: {}
6 logvolume:
7 driver: local
8 driver_opts:
9 type: none
10 o: bind
11 device: $PWD/logs
6 12
7 13 networks:
8 14 rhodecode_network:
9 15 name: rhodecode_network
10 16
11 17
12 18 services:
13 19
14 20 statsd-exporter:
15 21 image: prom/statsd-exporter:v0.22.8
16 22 restart: unless-stopped
17 23 command: [
18 '--statsd.mapping-config=/statsd/statsd.conf',
24 '--statsd.mapping-config=/statsd/statsd.yaml',
19 25 '--statsd.listen-udp=:9125',
20 26 '--web.listen-address=:9102'
21 27 ]
22 28 networks:
23 29 - rhodecode_network
24 30 ports:
25 - "9125:9125/udp"
26 - "9102:9102"
31 - "127.0.0.1:9125:9125/udp"
32 - "127.0.0.1:9102:9102"
27 33 volumes:
28 - ./config/statsd-exporter/statsd.conf:/statsd/statsd.conf
34 - ./config/statsd-exporter:/statsd
35
36 node-exporter:
37 image: prom/node-exporter:v1.4.0
38 command:
39 - "--path.procfs=/host/proc"
40 - "--path.rootfs=/rootfs"
41 - "--path.sysfs=/host/sys"
42 - "--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)"
43 - "--collector.systemd"
44 - "--collector.processes"
45 networks:
46 - rhodecode_network
47 pid: host
48 restart: unless-stopped
49 ports:
50 - "127.0.0.1:9100:9100"
51 volumes:
52 - "/proc:/host/proc:ro"
53 - "/sys:/host/sys:ro"
54 - "/:/rootfs:ro"
29 55
30 56 prometheus:
31 57 image: prom/prometheus:v2.39.1
32 58 restart: unless-stopped
33 59 command:
34 60 - "--config.file=/etc/prometheus/prometheus.yml"
35 61 - "--storage.tsdb.path=/prometheus"
36 62 - "--web.console.libraries=/etc/prometheus/console_libraries"
37 63 - "--web.console.templates=/etc/prometheus/consoles"
38 64 - "--storage.tsdb.retention.time=24h"
39 65 - "--web.enable-lifecycle"
40 66 ports:
41 - "9090:9090"
67 - "127.0.0.1:9090:9090"
42 68 networks:
43 69 - rhodecode_network
44 70 volumes:
45 71 - ./config/prometheus:/etc/prometheus
46 72 - prometheus_data:/prometheus
47 73
48 74 grafana:
49 image: grafana/grafana:9.1.8-ubuntu
75 image: grafana/grafana:9.2.1-ubuntu
50 76 restart: unless-stopped
51 77 env_file:
52 78 - ./config/grafana/grafana.env
53 79 ports:
54 - "3000:3000"
80 - "4000:3000"
55 81 volumes:
56 82 - grafana_data:/var/lib/grafana
57 83 networks:
58 84 - rhodecode_network
85
86 loki:
87 image: grafana/loki:2.6.1
88 restart: unless-stopped
89 ports:
90 - "127.0.0.1:3100:3100"
91 - "127.0.0.1:9095:9095"
92 command: [
93 "-config.file=/etc/loki/loki-config.yaml"
94 ]
95 networks:
96 - rhodecode_network
97 volumes:
98 - ./config/loki:/etc/loki
99
100 promtail:
101 image: grafana/promtail:latest
102 command: [
103 "-config.file=/etc/promtail/promtail-config.yaml"
104 ]
105 networks:
106 - rhodecode_network
107 volumes:
108 - /var/log:/var/log
109 - logvolume:/var/log_volume
110 - ./config/loki:/etc/promtail
Show file before | Show file after | Hide comments
@@ -1,808 +1,808 b''
1 1 # -----------------------------
2 2 # PostgreSQL configuration file
3 3 # -----------------------------
4 4 #
5 5 # This file consists of lines of the form:
6 6 #
7 7 # name = value
8 8 #
9 9 # (The "=" is optional.) Whitespace may be used. Comments are introduced with
10 10 # "#" anywhere on a line. The complete list of parameter names and allowed
11 11 # values can be found in the PostgreSQL documentation.
12 12 #
13 13 # The commented-out settings shown in this file represent the default values.
14 14 # Re-commenting a setting is NOT sufficient to revert it to the default value;
15 15 # you need to reload the server.
16 16 #
17 17 # This file is read on server startup and when the server receives a SIGHUP
18 18 # signal. If you edit the file on a running system, you have to SIGHUP the
19 19 # server for the changes to take effect, run "pg_ctl reload", or execute
20 20 # "SELECT pg_reload_conf()". Some parameters, which are marked below,
21 21 # require a server shutdown and restart to take effect.
22 22 #
23 23 # Any parameter can also be given as a command-line option to the server, e.g.,
24 24 # "postgres -c log_connections=on". Some parameters can be changed at run time
25 25 # with the "SET" SQL command.
26 26 #
27 27 # Memory units: B = bytes Time units: us = microseconds
28 28 # kB = kilobytes ms = milliseconds
29 29 # MB = megabytes s = seconds
30 30 # GB = gigabytes min = minutes
31 31 # TB = terabytes h = hours
32 32 # d = days
33 33
34 34
35 35 #------------------------------------------------------------------------------
36 36 # FILE LOCATIONS
37 37 #------------------------------------------------------------------------------
38 38
39 39 # The default values of these variables are driven from the -D command-line
40 40 # option or PGDATA environment variable, represented here as ConfigDir.
41 41
42 42 #data_directory = 'ConfigDir' # use data in another directory
43 43 # (change requires restart)
44 44 #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file
45 45 # (change requires restart)
46 46 #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file
47 47 # (change requires restart)
48 48
49 49 # If external_pid_file is not explicitly set, no extra PID file is written.
50 50 #external_pid_file = '' # write an extra PID file
51 51 # (change requires restart)
52 52
53 53
54 54 #------------------------------------------------------------------------------
55 55 # CONNECTIONS AND AUTHENTICATION
56 56 #------------------------------------------------------------------------------
57 57
58 58 # - Connection Settings -
59 59
60 60 listen_addresses = '*'
61 61 # comma-separated list of addresses;
62 62 # defaults to 'localhost'; use '*' for all
63 63 # (change requires restart)
64 64 #port = 5432 # (change requires restart)
65 65 #max_connections = 100 # (change requires restart)
66 66 #superuser_reserved_connections = 3 # (change requires restart)
67 67 #unix_socket_directories = '/tmp' # comma-separated list of directories
68 68 # (change requires restart)
69 69 #unix_socket_group = '' # (change requires restart)
70 70 #unix_socket_permissions = 0777 # begin with 0 to use octal notation
71 71 # (change requires restart)
72 72 #bonjour = off # advertise server via Bonjour
73 73 # (change requires restart)
74 74 #bonjour_name = '' # defaults to the computer name
75 75 # (change requires restart)
76 76
77 77 # - TCP settings -
78 78 # see "man tcp" for details
79 79
80 80 #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
81 81 # 0 selects the system default
82 82 #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
83 83 # 0 selects the system default
84 84 #tcp_keepalives_count = 0 # TCP_KEEPCNT;
85 85 # 0 selects the system default
86 86 #tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds;
87 87 # 0 selects the system default
88 88
89 89 #client_connection_check_interval = 0 # time between checks for client
90 90 # disconnection while running queries;
91 91 # 0 for never
92 92
93 93 # - Authentication -
94 94
95 95 #authentication_timeout = 1min # 1s-600s
96 96 #password_encryption = scram-sha-256 # scram-sha-256 or md5
97 97 #db_user_namespace = off
98 98
99 99 # GSSAPI using Kerberos
100 100 #krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab'
101 101 #krb_caseins_users = off
102 102
103 103 # - SSL -
104 104
105 105 #ssl = off
106 106 #ssl_ca_file = ''
107 107 #ssl_cert_file = 'server.crt'
108 108 #ssl_crl_file = ''
109 109 #ssl_crl_dir = ''
110 110 #ssl_key_file = 'server.key'
111 111 #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
112 112 #ssl_prefer_server_ciphers = on
113 113 #ssl_ecdh_curve = 'prime256v1'
114 114 #ssl_min_protocol_version = 'TLSv1.2'
115 115 #ssl_max_protocol_version = ''
116 116 #ssl_dh_params_file = ''
117 117 #ssl_passphrase_command = ''
118 118 #ssl_passphrase_command_supports_reload = off
119 119
120 120
121 121 #------------------------------------------------------------------------------
122 122 # RESOURCE USAGE (except WAL)
123 123 #------------------------------------------------------------------------------
124 124
125 125 # - Memory -
126 126
127 127 #shared_buffers = 32MB # min 128kB
128 128 # (change requires restart)
129 129 #huge_pages = try # on, off, or try
130 130 # (change requires restart)
131 131 #huge_page_size = 0 # zero for system default
132 132 # (change requires restart)
133 133 #temp_buffers = 8MB # min 800kB
134 134 #max_prepared_transactions = 0 # zero disables the feature
135 135 # (change requires restart)
136 136 # Caution: it is not advisable to set max_prepared_transactions nonzero unless
137 137 # you actively intend to use prepared transactions.
138 138 #work_mem = 4MB # min 64kB
139 139 #hash_mem_multiplier = 1.0 # 1-1000.0 multiplier on hash table work_mem
140 140 #maintenance_work_mem = 64MB # min 1MB
141 141 #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
142 142 #logical_decoding_work_mem = 64MB # min 64kB
143 143 #max_stack_depth = 2MB # min 100kB
144 144 #shared_memory_type = mmap # the default is the first option
145 145 # supported by the operating system:
146 146 # mmap
147 147 # sysv
148 148 # windows
149 149 # (change requires restart)
150 150 #dynamic_shared_memory_type = posix # the default is the first option
151 151 # supported by the operating system:
152 152 # posix
153 153 # sysv
154 154 # windows
155 155 # mmap
156 156 # (change requires restart)
157 157 #min_dynamic_shared_memory = 0MB # (change requires restart)
158 158
159 159 # - Disk -
160 160
161 161 #temp_file_limit = -1 # limits per-process temp file space
162 162 # in kilobytes, or -1 for no limit
163 163
164 164 # - Kernel Resources -
165 165
166 166 #max_files_per_process = 1000 # min 64
167 167 # (change requires restart)
168 168
169 169 # - Cost-Based Vacuum Delay -
170 170
171 171 #vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables)
172 172 #vacuum_cost_page_hit = 1 # 0-10000 credits
173 173 #vacuum_cost_page_miss = 2 # 0-10000 credits
174 174 #vacuum_cost_page_dirty = 20 # 0-10000 credits
175 175 #vacuum_cost_limit = 200 # 1-10000 credits
176 176
177 177 # - Background Writer -
178 178
179 179 #bgwriter_delay = 200ms # 10-10000ms between rounds
180 180 #bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables
181 181 #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round
182 182 #bgwriter_flush_after = 0 # measured in pages, 0 disables
183 183
184 184 # - Asynchronous Behavior -
185 185
186 186 #backend_flush_after = 0 # measured in pages, 0 disables
187 187 #effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
188 188 #maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching
189 189 #max_worker_processes = 8 # (change requires restart)
190 190 #max_parallel_workers_per_gather = 2 # taken from max_parallel_workers
191 191 #max_parallel_maintenance_workers = 2 # taken from max_parallel_workers
192 192 #max_parallel_workers = 8 # maximum number of max_worker_processes that
193 193 # can be used in parallel operations
194 194 #parallel_leader_participation = on
195 195 #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate
196 196 # (change requires restart)
197 197
198 198
199 199 #------------------------------------------------------------------------------
200 200 # WRITE-AHEAD LOG
201 201 #------------------------------------------------------------------------------
202 202
203 203 # - Settings -
204 204
205 205 #wal_level = replica # minimal, replica, or logical
206 206 # (change requires restart)
207 207 #fsync = on # flush data to disk for crash safety
208 208 # (turning this off can cause
209 209 # unrecoverable data corruption)
210 210 #synchronous_commit = on # synchronization level;
211 211 # off, local, remote_write, remote_apply, or on
212 212 #wal_sync_method = fsync # the default is the first option
213 213 # supported by the operating system:
214 214 # open_datasync
215 215 # fdatasync (default on Linux and FreeBSD)
216 216 # fsync
217 217 # fsync_writethrough
218 218 # open_sync
219 219 #full_page_writes = on # recover from partial page writes
220 220 #wal_log_hints = off # also do full page writes of non-critical updates
221 221 # (change requires restart)
222 222 #wal_compression = off # enable compression of full-page writes
223 223 #wal_init_zero = on # zero-fill new WAL files
224 224 #wal_recycle = on # recycle WAL files
225 225 #wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
226 226 # (change requires restart)
227 227 #wal_writer_delay = 200ms # 1-10000 milliseconds
228 228 #wal_writer_flush_after = 1MB # measured in pages, 0 disables
229 229 #wal_skip_threshold = 2MB
230 230
231 231 #commit_delay = 0 # range 0-100000, in microseconds
232 232 #commit_siblings = 5 # range 1-1000
233 233
234 234 # - Checkpoints -
235 235
236 236 #checkpoint_timeout = 5min # range 30s-1d
237 237 #checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0
238 238 #checkpoint_flush_after = 0 # measured in pages, 0 disables
239 239 #checkpoint_warning = 30s # 0 disables
240 240 #max_wal_size = 1GB
241 241 #min_wal_size = 80MB
242 242
243 243 # - Archiving -
244 244
245 245 #archive_mode = off # enables archiving; off, on, or always
246 246 # (change requires restart)
247 247 #archive_command = '' # command to use to archive a logfile segment
248 248 # placeholders: %p = path of file to archive
249 249 # %f = file name only
250 250 # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
251 251 #archive_timeout = 0 # force a logfile segment switch after this
252 252 # number of seconds; 0 disables
253 253
254 254 # - Archive Recovery -
255 255
256 256 # These are only used in recovery mode.
257 257
258 258 #restore_command = '' # command to use to restore an archived logfile segment
259 259 # placeholders: %p = path of file to restore
260 260 # %f = file name only
261 261 # e.g. 'cp /mnt/server/archivedir/%f %p'
262 262 #archive_cleanup_command = '' # command to execute at every restartpoint
263 263 #recovery_end_command = '' # command to execute at completion of recovery
264 264
265 265 # - Recovery Target -
266 266
267 267 # Set these only when performing a targeted recovery.
268 268
269 269 #recovery_target = '' # 'immediate' to end recovery as soon as a
270 270 # consistent state is reached
271 271 # (change requires restart)
272 272 #recovery_target_name = '' # the named restore point to which recovery will proceed
273 273 # (change requires restart)
274 274 #recovery_target_time = '' # the time stamp up to which recovery will proceed
275 275 # (change requires restart)
276 276 #recovery_target_xid = '' # the transaction ID up to which recovery will proceed
277 277 # (change requires restart)
278 278 #recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed
279 279 # (change requires restart)
280 280 #recovery_target_inclusive = on # Specifies whether to stop:
281 281 # just after the specified recovery target (on)
282 282 # just before the recovery target (off)
283 283 # (change requires restart)
284 284 #recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID
285 285 # (change requires restart)
286 286 #recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown'
287 287 # (change requires restart)
288 288
289 289
290 290 #------------------------------------------------------------------------------
291 291 # REPLICATION
292 292 #------------------------------------------------------------------------------
293 293
294 294 # - Sending Servers -
295 295
296 296 # Set these on the primary and on any standby that will send replication data.
297 297
298 298 #max_wal_senders = 10 # max number of walsender processes
299 299 # (change requires restart)
300 300 #max_replication_slots = 10 # max number of replication slots
301 301 # (change requires restart)
302 302 #wal_keep_size = 0 # in megabytes; 0 disables
303 303 #max_slot_wal_keep_size = -1 # in megabytes; -1 disables
304 304 #wal_sender_timeout = 60s # in milliseconds; 0 disables
305 305 #track_commit_timestamp = off # collect timestamp of transaction commit
306 306 # (change requires restart)
307 307
308 308 # - Primary Server -
309 309
310 310 # These settings are ignored on a standby server.
311 311
312 312 #synchronous_standby_names = '' # standby servers that provide sync rep
313 313 # method to choose sync standbys, number of sync standbys,
314 314 # and comma-separated list of application_name
315 315 # from standby(s); '*' = all
316 316 #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
317 317
318 318 # - Standby Servers -
319 319
320 320 # These settings are ignored on a primary server.
321 321
322 322 #primary_conninfo = '' # connection string to sending server
323 323 #primary_slot_name = '' # replication slot on sending server
324 324 #promote_trigger_file = '' # file name whose presence ends recovery
325 325 #hot_standby = on # "off" disallows queries during recovery
326 326 # (change requires restart)
327 327 #max_standby_archive_delay = 30s # max delay before canceling queries
328 328 # when reading WAL from archive;
329 329 # -1 allows indefinite delay
330 330 #max_standby_streaming_delay = 30s # max delay before canceling queries
331 331 # when reading streaming WAL;
332 332 # -1 allows indefinite delay
333 333 #wal_receiver_create_temp_slot = off # create temp slot if primary_slot_name
334 334 # is not set
335 335 #wal_receiver_status_interval = 10s # send replies at least this often
336 336 # 0 disables
337 337 #hot_standby_feedback = off # send info from standby to prevent
338 338 # query conflicts
339 339 #wal_receiver_timeout = 60s # time that receiver waits for
340 340 # communication from primary
341 341 # in milliseconds; 0 disables
342 342 #wal_retrieve_retry_interval = 5s # time to wait before retrying to
343 343 # retrieve WAL after a failed attempt
344 344 #recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery
345 345
346 346 # - Subscribers -
347 347
348 348 # These settings are ignored on a publisher.
349 349
350 350 #max_logical_replication_workers = 4 # taken from max_worker_processes
351 351 # (change requires restart)
352 352 #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers
353 353
354 354
355 355 #------------------------------------------------------------------------------
356 356 # QUERY TUNING
357 357 #------------------------------------------------------------------------------
358 358
359 359 # - Planner Method Configuration -
360 360
361 361 #enable_async_append = on
362 362 #enable_bitmapscan = on
363 363 #enable_gathermerge = on
364 364 #enable_hashagg = on
365 365 #enable_hashjoin = on
366 366 #enable_incremental_sort = on
367 367 #enable_indexscan = on
368 368 #enable_indexonlyscan = on
369 369 #enable_material = on
370 370 #enable_memoize = on
371 371 #enable_mergejoin = on
372 372 #enable_nestloop = on
373 373 #enable_parallel_append = on
374 374 #enable_parallel_hash = on
375 375 #enable_partition_pruning = on
376 376 #enable_partitionwise_join = off
377 377 #enable_partitionwise_aggregate = off
378 378 #enable_seqscan = on
379 379 #enable_sort = on
380 380 #enable_tidscan = on
381 381
382 382 # - Planner Cost Constants -
383 383
384 384 #seq_page_cost = 1.0 # measured on an arbitrary scale
385 385 #random_page_cost = 4.0 # same scale as above
386 386 #cpu_tuple_cost = 0.01 # same scale as above
387 387 #cpu_index_tuple_cost = 0.005 # same scale as above
388 388 #cpu_operator_cost = 0.0025 # same scale as above
389 389 #parallel_setup_cost = 1000.0 # same scale as above
390 390 #parallel_tuple_cost = 0.1 # same scale as above
391 391 #min_parallel_table_scan_size = 8MB
392 392 #min_parallel_index_scan_size = 512kB
393 393 #effective_cache_size = 4GB
394 394
395 395 #jit_above_cost = 100000 # perform JIT compilation if available
396 396 # and query more expensive than this;
397 397 # -1 disables
398 398 #jit_inline_above_cost = 500000 # inline small functions if query is
399 399 # more expensive than this; -1 disables
400 400 #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if
401 401 # query is more expensive than this;
402 402 # -1 disables
403 403
404 404 # - Genetic Query Optimizer -
405 405
406 406 #geqo = on
407 407 #geqo_threshold = 12
408 408 #geqo_effort = 5 # range 1-10
409 409 #geqo_pool_size = 0 # selects default based on effort
410 410 #geqo_generations = 0 # selects default based on effort
411 411 #geqo_selection_bias = 2.0 # range 1.5-2.0
412 412 #geqo_seed = 0.0 # range 0.0-1.0
413 413
414 414 # - Other Planner Options -
415 415
416 416 #default_statistics_target = 100 # range 1-10000
417 417 #constraint_exclusion = partition # on, off, or partition
418 418 #cursor_tuple_fraction = 0.1 # range 0.0-1.0
419 419 #from_collapse_limit = 8
420 420 #jit = on # allow JIT compilation
421 421 #join_collapse_limit = 8 # 1 disables collapsing of explicit
422 422 # JOIN clauses
423 423 #plan_cache_mode = auto # auto, force_generic_plan or
424 424 # force_custom_plan
425 425
426 426
427 427 #------------------------------------------------------------------------------
428 428 # REPORTING AND LOGGING
429 429 #------------------------------------------------------------------------------
430 430
431 431 # - Where to Log -
432 432
433 #log_destination = 'stderr' # Valid values are combinations of
433 log_destination = 'stderr' # Valid values are combinations of
434 434 # stderr, csvlog, syslog, and eventlog,
435 435 # depending on platform. csvlog
436 436 # requires logging_collector to be on.
437 437
438 438 # This is used when logging to stderr:
439 #logging_collector = off # Enable capturing of stderr and csvlog
439 logging_collector = on # Enable capturing of stderr and csvlog
440 440 # into log files. Required to be on for
441 441 # csvlogs.
442 442 # (change requires restart)
443 443
444 444 # These are only used if logging_collector is on:
445 #log_directory = 'log' # directory where log files are written,
445 log_directory = '/var/log/rhodecode/postgres' # directory where log files are written,
446 446 # can be absolute or relative to PGDATA
447 #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
447 log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
448 448 # can include strftime() escapes
449 449 #log_file_mode = 0600 # creation mode for log files,
450 450 # begin with 0 to use octal notation
451 451 #log_rotation_age = 1d # Automatic rotation of logfiles will
452 452 # happen after that time. 0 disables.
453 #log_rotation_size = 10MB # Automatic rotation of logfiles will
453 log_rotation_size = 512MB # Automatic rotation of logfiles will
454 454 # happen after that much log output.
455 455 # 0 disables.
456 456 #log_truncate_on_rotation = off # If on, an existing log file with the
457 457 # same name as the new log file will be
458 458 # truncated rather than appended to.
459 459 # But such truncation only occurs on
460 460 # time-driven rotation, not on restarts
461 461 # or size-driven rotation. Default is
462 462 # off, meaning append to existing files
463 463 # in all cases.
464 464
465 465 # These are relevant when logging to syslog:
466 466 #syslog_facility = 'LOCAL0'
467 467 #syslog_ident = 'postgres'
468 468 #syslog_sequence_numbers = on
469 469 #syslog_split_messages = on
470 470
471 471 # This is only relevant when logging to eventlog (Windows):
472 472 # (change requires restart)
473 473 #event_source = 'PostgreSQL'
474 474
475 475 # - When to Log -
476 476
477 477 #log_min_messages = warning # values in order of decreasing detail:
478 478 # debug5
479 479 # debug4
480 480 # debug3
481 481 # debug2
482 482 # debug1
483 483 # info
484 484 # notice
485 485 # warning
486 486 # error
487 487 # log
488 488 # fatal
489 489 # panic
490 490
491 491 #log_min_error_statement = error # values in order of decreasing detail:
492 492 # debug5
493 493 # debug4
494 494 # debug3
495 495 # debug2
496 496 # debug1
497 497 # info
498 498 # notice
499 499 # warning
500 500 # error
501 501 # log
502 502 # fatal
503 503 # panic (effectively off)
504 504
505 #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
505 log_min_duration_statement = 1000 # -1 is disabled, 0 logs all statements
506 506 # and their durations, > 0 logs only
507 507 # statements running at least this number
508 508 # of milliseconds
509 509
510 510 #log_min_duration_sample = -1 # -1 is disabled, 0 logs a sample of statements
511 511 # and their durations, > 0 logs only a sample of
512 512 # statements running at least this number
513 513 # of milliseconds;
514 514 # sample fraction is determined by log_statement_sample_rate
515 515
516 516 #log_statement_sample_rate = 1.0 # fraction of logged statements exceeding
517 517 # log_min_duration_sample to be logged;
518 518 # 1.0 logs all such statements, 0.0 never logs
519 519
520 520
521 521 #log_transaction_sample_rate = 0.0 # fraction of transactions whose statements
522 522 # are logged regardless of their duration; 1.0 logs all
523 523 # statements from all transactions, 0.0 never logs
524 524
525 525 # - What to Log -
526 526
527 527 #debug_print_parse = off
528 528 #debug_print_rewritten = off
529 529 #debug_print_plan = off
530 530 #debug_pretty_print = on
531 531 #log_autovacuum_min_duration = -1 # log autovacuum activity;
532 532 # -1 disables, 0 logs all actions and
533 533 # their durations, > 0 logs only
534 534 # actions running at least this number
535 535 # of milliseconds.
536 536 #log_checkpoints = off
537 537 #log_connections = off
538 538 #log_disconnections = off
539 539 #log_duration = off
540 540 #log_error_verbosity = default # terse, default, or verbose messages
541 541 #log_hostname = off
542 542 #log_line_prefix = '%m [%p] ' # special values:
543 543 # %a = application name
544 544 # %u = user name
545 545 # %d = database name
546 546 # %r = remote host and port
547 547 # %h = remote host
548 548 # %b = backend type
549 549 # %p = process ID
550 550 # %P = process ID of parallel group leader
551 551 # %t = timestamp without milliseconds
552 552 # %m = timestamp with milliseconds
553 553 # %n = timestamp with milliseconds (as a Unix epoch)
554 554 # %Q = query ID (0 if none or not computed)
555 555 # %i = command tag
556 556 # %e = SQL state
557 557 # %c = session ID
558 558 # %l = session line number
559 559 # %s = session start timestamp
560 560 # %v = virtual transaction ID
561 561 # %x = transaction ID (0 if none)
562 562 # %q = stop here in non-session
563 563 # processes
564 564 # %% = '%'
565 565 # e.g. '<%u%%%d> '
566 566 #log_lock_waits = off # log lock waits >= deadlock_timeout
567 567 #log_recovery_conflict_waits = off # log standby recovery conflict waits
568 568 # >= deadlock_timeout
569 569 #log_parameter_max_length = -1 # when logging statements, limit logged
570 570 # bind-parameter values to N bytes;
571 571 # -1 means print in full, 0 disables
572 572 #log_parameter_max_length_on_error = 0 # when logging an error, limit logged
573 573 # bind-parameter values to N bytes;
574 574 # -1 means print in full, 0 disables
575 575 #log_statement = 'none' # none, ddl, mod, all
576 576 #log_replication_commands = off
577 577 #log_temp_files = -1 # log temporary files equal or larger
578 578 # than the specified size in kilobytes;
579 579 # -1 disables, 0 logs all temp files
580 580 #log_timezone = 'GMT'
581 581
582 582
583 583 #------------------------------------------------------------------------------
584 584 # PROCESS TITLE
585 585 #------------------------------------------------------------------------------
586 586
587 587 #cluster_name = '' # added to process titles if nonempty
588 588 # (change requires restart)
589 589 #update_process_title = on
590 590
591 591
592 592 #------------------------------------------------------------------------------
593 593 # STATISTICS
594 594 #------------------------------------------------------------------------------
595 595
596 596 # - Query and Index Statistics Collector -
597 597
598 598 #track_activities = on
599 599 #track_activity_query_size = 1024 # (change requires restart)
600 600 #track_counts = on
601 601 #track_io_timing = off
602 602 #track_wal_io_timing = off
603 603 #track_functions = none # none, pl, all
604 604 #stats_temp_directory = 'pg_stat_tmp'
605 605
606 606
607 607 # - Monitoring -
608 608
609 609 #compute_query_id = auto
610 610 #log_statement_stats = off
611 611 #log_parser_stats = off
612 612 #log_planner_stats = off
613 613 #log_executor_stats = off
614 614
615 615
616 616 #------------------------------------------------------------------------------
617 617 # AUTOVACUUM
618 618 #------------------------------------------------------------------------------
619 619
620 620 #autovacuum = on # Enable autovacuum subprocess? 'on'
621 621 # requires track_counts to also be on.
622 622 #autovacuum_max_workers = 3 # max number of autovacuum subprocesses
623 623 # (change requires restart)
624 624 #autovacuum_naptime = 1min # time between autovacuum runs
625 625 #autovacuum_vacuum_threshold = 50 # min number of row updates before
626 626 # vacuum
627 627 #autovacuum_vacuum_insert_threshold = 1000 # min number of row inserts
628 628 # before vacuum; -1 disables insert
629 629 # vacuums
630 630 #autovacuum_analyze_threshold = 50 # min number of row updates before
631 631 # analyze
632 632 #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
633 633 #autovacuum_vacuum_insert_scale_factor = 0.2 # fraction of inserts over table
634 634 # size before insert vacuum
635 635 #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
636 636 #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
637 637 # (change requires restart)
638 638 #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
639 639 # before forced vacuum
640 640 # (change requires restart)
641 641 #autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for
642 642 # autovacuum, in milliseconds;
643 643 # -1 means use vacuum_cost_delay
644 644 #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
645 645 # autovacuum, -1 means use
646 646 # vacuum_cost_limit
647 647
648 648
649 649 #------------------------------------------------------------------------------
650 650 # CLIENT CONNECTION DEFAULTS
651 651 #------------------------------------------------------------------------------
652 652
653 653 # - Statement Behavior -
654 654
655 655 #client_min_messages = notice # values in order of decreasing detail:
656 656 # debug5
657 657 # debug4
658 658 # debug3
659 659 # debug2
660 660 # debug1
661 661 # log
662 662 # notice
663 663 # warning
664 664 # error
665 665 #search_path = '"$user", public' # schema names
666 666 #row_security = on
667 667 #default_table_access_method = 'heap'
668 668 #default_tablespace = '' # a tablespace name, '' uses the default
669 669 #default_toast_compression = 'pglz' # 'pglz' or 'lz4'
670 670 #temp_tablespaces = '' # a list of tablespace names, '' uses
671 671 # only default tablespace
672 672 #check_function_bodies = on
673 673 #default_transaction_isolation = 'read committed'
674 674 #default_transaction_read_only = off
675 675 #default_transaction_deferrable = off
676 676 #session_replication_role = 'origin'
677 677 #statement_timeout = 0 # in milliseconds, 0 is disabled
678 678 #lock_timeout = 0 # in milliseconds, 0 is disabled
679 679 #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
680 680 #idle_session_timeout = 0 # in milliseconds, 0 is disabled
681 681 #vacuum_freeze_table_age = 150000000
682 682 #vacuum_freeze_min_age = 50000000
683 683 #vacuum_failsafe_age = 1600000000
684 684 #vacuum_multixact_freeze_table_age = 150000000
685 685 #vacuum_multixact_freeze_min_age = 5000000
686 686 #vacuum_multixact_failsafe_age = 1600000000
687 687 #bytea_output = 'hex' # hex, escape
688 688 #xmlbinary = 'base64'
689 689 #xmloption = 'content'
690 690 #gin_pending_list_limit = 4MB
691 691
692 692 # - Locale and Formatting -
693 693
694 694 #datestyle = 'iso, mdy'
695 695 #intervalstyle = 'postgres'
696 696 #timezone = 'GMT'
697 697 #timezone_abbreviations = 'Default' # Select the set of available time zone
698 698 # abbreviations. Currently, there are
699 699 # Default
700 700 # Australia (historical usage)
701 701 # India
702 702 # You can create your own file in
703 703 # share/timezonesets/.
704 704 #extra_float_digits = 1 # min -15, max 3; any value >0 actually
705 705 # selects precise output mode
706 706 #client_encoding = sql_ascii # actually, defaults to database
707 707 # encoding
708 708
709 709 # These settings are initialized by initdb, but they can be changed.
710 710 #lc_messages = 'C' # locale for system error message
711 711 # strings
712 712 #lc_monetary = 'C' # locale for monetary formatting
713 713 #lc_numeric = 'C' # locale for number formatting
714 714 #lc_time = 'C' # locale for time formatting
715 715
716 716 # default configuration for text search
717 717 #default_text_search_config = 'pg_catalog.simple'
718 718
719 719 # - Shared Library Preloading -
720 720
721 721 #local_preload_libraries = ''
722 722 #session_preload_libraries = ''
723 723 #shared_preload_libraries = '' # (change requires restart)
724 724 #jit_provider = 'llvmjit' # JIT library to use
725 725
726 726 # - Other Defaults -
727 727
728 728 #dynamic_library_path = '$libdir'
729 729 #extension_destdir = '' # prepend path when loading extensions
730 730 # and shared objects (added by Debian)
731 731 #gin_fuzzy_search_limit = 0
732 732
733 733
734 734 #------------------------------------------------------------------------------
735 735 # LOCK MANAGEMENT
736 736 #------------------------------------------------------------------------------
737 737
738 738 #deadlock_timeout = 1s
739 739 #max_locks_per_transaction = 64 # min 10
740 740 # (change requires restart)
741 741 #max_pred_locks_per_transaction = 64 # min 10
742 742 # (change requires restart)
743 743 #max_pred_locks_per_relation = -2 # negative values mean
744 744 # (max_pred_locks_per_transaction
745 745 # / -max_pred_locks_per_relation) - 1
746 746 #max_pred_locks_per_page = 2 # min 0
747 747
748 748
749 749 #------------------------------------------------------------------------------
750 750 # VERSION AND PLATFORM COMPATIBILITY
751 751 #------------------------------------------------------------------------------
752 752
753 753 # - Previous PostgreSQL Versions -
754 754
755 755 #array_nulls = on
756 756 #backslash_quote = safe_encoding # on, off, or safe_encoding
757 757 #escape_string_warning = on
758 758 #lo_compat_privileges = off
759 759 #quote_all_identifiers = off
760 760 #standard_conforming_strings = on
761 761 #synchronize_seqscans = on
762 762
763 763 # - Other Platforms and Clients -
764 764
765 765 #transform_null_equals = off
766 766
767 767
768 768 #------------------------------------------------------------------------------
769 769 # ERROR HANDLING
770 770 #------------------------------------------------------------------------------
771 771
772 772 #exit_on_error = off # terminate session on any error?
773 773 #restart_after_crash = on # reinitialize after backend crash?
774 774 #data_sync_retry = off # retry or panic on failure to fsync
775 775 # data?
776 776 # (change requires restart)
777 777 #recovery_init_sync_method = fsync # fsync, syncfs (Linux 5.8+)
778 778
779 779
780 780 #------------------------------------------------------------------------------
781 781 # CONFIG FILE INCLUDES
782 782 #------------------------------------------------------------------------------
783 783
784 784 # These options allow settings to be loaded from files other than the
785 785 # default postgresql.conf. Note that these are directives, not variable
786 786 # assignments, so they can usefully be given more than once.
787 787
788 788 #include_dir = '...' # include files ending in '.conf' from
789 789 # a directory, e.g., 'conf.d'
790 790 #include_if_exists = '...' # include file only if it exists
791 791 #include = '...' # include file
792 792
793 793
794 794 #------------------------------------------------------------------------------
795 795 # CUSTOMIZED OPTIONS
796 796 #------------------------------------------------------------------------------
797 797
798 798 # Add settings for extensions here
799 799
800 800 max_connections = 400
801 801 shared_buffers = 1GB
802 802 effective_cache_size = 3GB
803 803 work_mem = 2621kB
804 804 maintenance_work_mem = 256MB
805 805 checkpoint_completion_target = 0.9
806 806 wal_buffers = 16MB
807 807 default_statistics_target = 100
808 808 password_encryption = md5
Show file before | Show file after | Hide comments
@@ -1,114 +1,131 b''
1 1 # read more here http://tautt.com/best-nginx-configuration-for-security/
2 2
3 3 # config to don't allow the browser to render the page inside an frame or iframe
4 4 # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
5 5 # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
6 6 # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
7 7 #add_header X-Frame-Options SAMEORIGIN;
8 8
9 9 # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
10 10 # to disable content-type sniffing on some browsers.
11 11 # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
12 12 # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
13 13 # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
14 14 # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
15 15 #add_header X-Content-Type-Options nosniff;
16 16
17 17 # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
18 18 # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
19 19 # this particular website if it was disabled by the user.
20 20 # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
21 21 #add_header X-XSS-Protection "1; mode=block";
22 22
23 23 # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy),
24 24 # you can tell the browser that it can only download content from the domains you explicitly allow
25 25 # http://www.html5rocks.com/en/tutorials/security/content-security-policy/
26 26 # https://www.owasp.org/index.php/Content_Security_Policy
27 27 # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
28 28 # directives for css and js(if you have inline css or js, you will need to keep it too).
29 29 # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
30 30 #add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";
31 31
32 32 ## rate limiter for certain pages to prevent brute force attacks
33 33 limit_req_zone $binary_remote_addr zone=http_req_limit:10m rate=1r/s;
34 34
35 35 ## custom log format
36 36 log_format http_log_custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time $pipe';
37 37
38 log_format json_log_custom escape=json
39 '{'
40 '"source":"nginx",'
41 '"remote_user":"$remote_user",'
42 '"time_local":"$time_local",'
43 '"remote_addr":"$remote_addr",'
44 '"request":"$request",'
45 '"status": "$status",'
46 '"request_method": "$request_method",'
47 '"body_bytes_sent":"$body_bytes_sent",'
48 '"request_time":"$request_time",'
49 '"upstream_response_time":"$upstream_response_time",'
50 '"http_referrer":"$http_referer",'
51 '"http_user_agent":"$http_user_agent"'
52 '}';
53
54
38 55 server {
39 56 listen 80 default;
40 57 # ensure we get the proper Docker DNS resolver for load balancing.
41 58 resolver 127.0.0.11 ipv6=off;
42 59 server_name localhost 127.0.0.1;
43 access_log /var/log/rhodecode/nginx/rhodecode.http.access.log http_log_custom;
60 access_log /var/log/rhodecode/nginx/rhodecode.http.access.log json_log_custom;
44 61 error_log /var/log/rhodecode/nginx/rhodecode.http.error.log;
45 62
46 63 # uncomment to redirect http traffic to https
47 64 #return 301 https://$host$request_uri;
48 65
49 66 client_body_buffer_size 128k;
50 67 # maximum number and size of buffers for large headers to read from client request
51 68 large_client_header_buffers 16 256k;
52 69
53 70 ## serve static files by nginx, recommended
54 71 location /_static/rhodecode {
55 72 gzip on;
56 73 gzip_min_length 500;
57 74 gzip_proxied any;
58 75 gzip_comp_level 4;
59 76 gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
60 77 gzip_vary on;
61 78 gzip_disable "msie6";
62 79 expires 60d;
63 80
64 81 alias /var/opt/rhodecode_data/static;
65 82 }
66 83
67 84 ## channelstream location handler, if channelstream live chat and notifications
68 85 ## are enable this will proxy the requests to channelstream websocket server
69 86 location /_channelstream {
70 87 rewrite /_channelstream/(.*) /$1 break;
71 88 gzip off;
72 89 tcp_nodelay off;
73 90
74 91 proxy_connect_timeout 10;
75 92 proxy_send_timeout 10m;
76 93 proxy_read_timeout 10m;
77 94
78 95 proxy_set_header Host $host;
79 96 proxy_set_header X-Real-IP $remote_addr;
80 97 proxy_set_header X-Url-Scheme $scheme;
81 98 proxy_set_header X-Forwarded-Proto $scheme;
82 99 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
83 100
84 101 proxy_http_version 1.1;
85 102 proxy_set_header Upgrade $http_upgrade;
86 103 proxy_set_header Connection "upgrade";
87 104
88 105 proxy_pass http://channelstream:9800;
89 106 }
90 107
91 108 ## rate limit this endpoint to prevent login page brute-force attacks
92 109 location /_admin/login {
93 110 limit_req zone=http_req_limit burst=10 nodelay;
94 111 try_files $uri @rhodecode_http;
95 112 }
96 113
97 114 location / {
98 115 include /etc/nginx/proxy.conf;
99 116 try_files $uri @rhodecode_http;
100 117 }
101 118
102 119 location @rhodecode_http {
103 120 include /etc/nginx/proxy.conf;
104 121 proxy_pass http://rhodecode:10020;
105 122 }
106 123
107 124 ## Custom 502 error page.
108 125 ## Will be displayed while RhodeCode server is turned off
109 126 error_page 502 /502.html;
110 127 location = /502.html {
111 128 root /var/opt/static;
112 129 }
113 130
114 131 }
Show file before | Show file after | Hide comments
@@ -1,305 +1,305 b''
1 FROM ubuntu:latest
2 # Using 20.04 LTS Release
1 FROM ubuntu:22.04
2 # Using 22.04 LTS Release
3 3 MAINTAINER RhodeCode Inc. <support@rhodecode.com>
4 4
5 5 ARG TZ="UTC"
6 6 ARG LOCALE_TYPE=en_US.UTF-8
7 7 ARG RHODECODE_TYPE=Enterprise
8 8 # source-install
9 9 ARG RHODECODE_VERSION=4.26.0
10 10
11 11 ARG RHODECODE_DB=sqlite
12 12 ARG RHODECODE_USER_NAME=admin
13 13 ARG RHODECODE_USER_PASS=secret4
14 14 ARG RHODECODE_USER_EMAIL=support@rhodecode.com
15 15
16 16 # nix ver/channels
17 17 ARG DEV_NIX_VERSION=2.0.4
18 18 ARG DEV_NIX_CHANNEL=nixos-18.03
19 19
20 20 # env are runtime
21 21 ENV \
22 22 TZ=${TZ} \
23 23 LOCALE_TYPE=${LOCALE_TYPE} \
24 24 \
25 25 ## Define type we build, and the instance we'll create
26 26 RHODECODE_TYPE=${RHODECODE_TYPE} \
27 27 RC_TYPE_ID=enterprise-1 \
28 28 \
29 29 ## SETUP ARGS FOR INSTALLATION ##
30 30 ## set version we build on, get from .env or set default ver
31 31 RHODECODE_VERSION=${RHODECODE_VERSION} \
32 32 \
33 33 ## set DB, default sqlite
34 34 RHODECODE_DB=${RHODECODE_DB} \
35 35 \
36 36 ## set app bootstrap required data
37 37 RHODECODE_USER_NAME=${RHODECODE_USER_NAME} \
38 38 RHODECODE_USER_PASS=${RHODECODE_USER_PASS} \
39 39 RHODECODE_USER_EMAIL=${RHODECODE_USER_EMAIL} \
40 40 \
41 41 RC_USER=rhodecode \
42 42 \
43 43 # SVN CONFIG
44 44 MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \
45 45 MOD_DAV_SVN_PORT=8090 \
46 46 \
47 47 # SSHD CONFIG
48 48 SSHD_CONF_FILE=/etc/rhodecode/sshd_config \
49 49 \
50 50 BUILD_CONF=/etc/rhodecode/conf_build \
51 51 BUILD_BIN_DIR=/var/opt/rhodecode_bin \
52 52 RHODECODE_DATA_DIR=/var/opt/rhodecode_data \
53 53 RHODECODE_REPO_DIR=/var/opt/rhodecode_repo_store \
54 54 RHODECODE_HTTP_PORT=10020 \
55 55 RHODECODE_VCS_PORT=10010 \
56 56 RHODECODE_HOST=0.0.0.0 \
57 57 RHODECODE_VCS_HOST=127.0.0.1
58 58
59 59 ENV \
60 60 RCCONTROL=/home/$RC_USER/.rccontrol-profile/bin/rccontrol \
61 61 SUPERVISOR_CONF=/home/$RC_USER/.rccontrol/supervisor/supervisord.ini \
62 62 # make application scripts visible
63 63 PATH=$PATH:/home/$RC_USER/.rccontrol-profile/bin
64 64
65 65 ENV SVN_LOCALE_DEPS apache2 apache2-utils libapache2-mod-svn
66 66 ENV SSH_LOCALE_DEPS openssh-server
67 67 ENV PYTHON_DEPS python2
68 68 ENV EXTRA_DEPS vim
69 69
70 70 ENV \
71 71 PATH=$PATH:/nix/var/nix/profiles/per-user/$RC_USER/profile/bin:/home/$RC_USER/rhodecode-enterprise-ee/profile/bin \
72 72 NIX_BLD_USER=nixbld \
73 73 NIX_PATH=/nix/var/nix/profiles/per-user/$RC_USER/channels \
74 74 NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
75 75
76 76
77 77 RUN \
78 78 echo "** install base packages **" && \
79 79 set -eux; \
80 80 \
81 81 savedAptMark="$(apt-mark showmanual)"; \
82 82 apt-get update; \
83 83 DEBIAN_FRONTEND="noninteractive" \
84 84 apt-get install -y --no-install-recommends \
85 85 tini \
86 86 bash \
87 87 binutils \
88 88 tzdata \
89 89 locales \
90 90 openssl \
91 91 curl \
92 92 sudo \
93 93 gosu \
94 94 bzip2 \
95 95 ca-certificates \
96 96 $PYTHON_DEPS \
97 97 $SSH_LOCALE_DEPS \
98 98 $SVN_LOCALE_DEPS \
99 99 $EXTRA_DEPS \
100 100 ; \
101 101 rm -rf /var/lib/apt/lists/*;
102 102
103 103 RUN \
104 104 echo "** Configure the python executable for py2/3 compat **" && \
105 105 ISPY=$(which python3 || which python2) && \
106 106 if [ -n $ISPY ] ; then ln -s $ISPY /usr/bin/python ; fi
107 107
108 108 RUN \
109 109 echo "** Configure the locales **" && \
110 110 sed -i "s/^# ${LOCALE_TYPE}/${LOCALE_TYPE}/g" /etc/locale.gen && \
111 111 locale-gen
112 112
113 113 # locale-archive is a fix for old nix glibc2.26 locales available
114 114 ENV \
115 115 LOCALE_ARCHIVE=/var/opt/locale-archive \
116 116 LANG=${LOCALE_TYPE} \
117 117 LANGUAGE=${LOCALE_TYPE} \
118 118 LC_ALL=${LOCALE_TYPE}
119 119
120 120 # configure the system user
121 121 # explicitly set uid/gid to guarantee that it won't change in the future
122 122 # the values 999:999 are identical to the current user/group id assigned
123 123 RUN \
124 124 echo "** Create system user $RC_USER **" && \
125 125 groupadd --system --gid 999 $RC_USER && \
126 126 useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \
127 127 usermod -G $RC_USER $RC_USER
128 128
129 129 RUN \
130 130 echo "** Create nix-build user $NIX_BLD_USER **" && \
131 131 groupadd --system --gid 1099 $NIX_BLD_USER && \
132 132 useradd --system --gid $NIX_BLD_USER --uid 1099 --shell /bin/bash $NIX_BLD_USER && \
133 133 usermod -G $NIX_BLD_USER $NIX_BLD_USER
134 134
135 135 RUN \
136 136 echo "** disable nix sandboxing **" && \
137 137 mkdir /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf
138 138
139 139
140 140 # set the defult bash shell
141 141 SHELL ["/bin/bash", "-c"]
142 142
143 143 # Fix and set a timezone
144 144 RUN \
145 145 echo "** configure the timezone **" && \
146 146 rm /etc/localtime && cp /usr/share/zoneinfo/$TZ /etc/localtime && \
147 147 echo $TZ > /etc/timezone
148 148
149 149
150 150 RUN \
151 151 echo "** prepare rhodecode store and cache **" && \
152 152 install -d -m 0700 -o $RC_USER -g $RC_USER /nix && \
153 153 install -d -m 0755 -o $RC_USER -g $RC_USER /opt/rhodecode && \
154 154 install -d -m 0755 -o $RC_USER -g $RC_USER /var/opt/rhodecode_bin && \
155 155 install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_REPO_DIR && \
156 156 install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_DATA_DIR && \
157 157 install -d -m 0755 -o $RC_USER -g $RC_USER $BUILD_CONF && \
158 158 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-vcsserver && \
159 159 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ce && \
160 160 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ee && \
161 161 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/ && \
162 162 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol && \
163 163 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/cache && \
164 164 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/bootstrap && \
165 165 install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh
166 166
167 167 # expose our custom sshd config
168 168 COPY service/sshd/sshd_config $SSHD_CONF_FILE
169 169
170 170 # Apache SVN setup
171 171 RUN \
172 172 echo "**** Apache config cleanup ****" && \
173 173 rm -f /etc/apache2/conf.d/info.conf \
174 174 /etc/apache2/conf.d/mpm.conf \
175 175 /etc/apache2/conf.d/userdir.conf && \
176 176 rm -f /etc/apache2/sites-enabled/* && \
177 177 rm -f /etc/apache2/sites-available/*
178 178
179 179 # custom SVN virtualhost
180 180 COPY service/svn/virtualhost.conf /etc/apache2/sites-enabled/
181 181
182 182 RUN \
183 183 echo "**** Apache config ****" && \
184 184 echo $(strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \
185 185 mkdir -p /run/apache2 && \
186 186 mkdir -p /var/opt/www && \
187 187 echo "unset HOME" > /etc/apache2/envvars && \
188 188 echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \
189 189 echo "export APACHE_PID_FILE=/var/run/apache2/apache2.pid" >> /etc/apache2/envvars && \
190 190 echo "export APACHE_RUN_DIR=/var/run/apache2" >> /etc/apache2/envvars && \
191 191 echo "export APACHE_LOCK_DIR=/var/lock/apache2" >> /etc/apache2/envvars && \
192 192 echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \
193 193 echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \
194 194 sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /etc/apache2/ports.conf
195 195
196 196
197 197 # Copy artifacts
198 198 COPY --chown=$RC_USER:$RC_USER .source/ /home/$RC_USER/
199 199 COPY --chown=$RC_USER:$RC_USER .cache/* /home/$RC_USER/.rccontrol/cache/
200 200 COPY --chown=$RC_USER:$RC_USER config/compose/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/
201 201 COPY --chown=$RC_USER:$RC_USER service/rhodecode/bootstrap/* /home/$RC_USER/.rccontrol/bootstrap/
202 202
203 203 RUN \
204 204 echo "**** locale-archive path ****" && \
205 205 mv -v /home/$RC_USER/.rccontrol/cache/locale-archive /var/opt/locale-archive
206 206
207 207 # change to non-root user for RUN commands
208 208 USER $RC_USER
209 209 WORKDIR /home/$RC_USER
210 210
211 211
212 212 RUN \
213 213 echo "** download and install nix ** from $DEV_NIX_VERSION/install" && \
214 214 curl -L https://releases.nixos.org/nix/nix-$DEV_NIX_VERSION/install | USER=$RC_USER /bin/bash
215 215
216 216 RUN \
217 217 echo "** update nix package database and set channel to $DEV_NIX_CHANNEL **" && \
218 218 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
219 219 nix-channel --add https://channels.nixos.org/$DEV_NIX_CHANNEL nixpkgs && \
220 220 nix-channel --update
221 221
222 222
223 223 RUN \
224 224 echo "** save nix config **" && \
225 225 touch /home/$RC_USER/.rhoderc && \
226 226 mkdir -p /home/$RC_USER/.nixpkgs && touch /home/$RC_USER/.nixpkgs/config.nix && \
227 227 printf '{\n rc = {\n sources = {\n rhodecode-vcsserver = "/home/'$RC_USER'/rhodecode-vcsserver";\n rhodecode-enterprise-ce = "/home/'$RC_USER'/rhodecode-enterprise-ce";\n rhodecode-enterprise-ee = "/home/'$RC_USER'/rhodecode-enterprise-ee";\n };\n };\n}\n' > /home/$RC_USER/.nixpkgs/config.nix
228 228
229 229
230 230 RUN \
231 231 echo "** install rhodecode control **" && \
232 232 # cd /home/$RC_USER/.rccontrol/cache && \
233 233 # INSTALLER=$(ls -Art /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* | tail -n 1) && \
234 234 # chmod +x ${INSTALLER} && \
235 235 # ${INSTALLER} --accept-license && \
236 236 # ${RCCONTROL} self-init && \
237 237 # cp -v /home/$RC_USER/.rccontrol-profile/etc/ca-bundle.crt $BUILD_CONF/ && \
238 238 echo "Done"
239 239
240 240 RUN \
241 241 echo "** install build vcsserver ${RHODECODE_VERSION} **" && \
242 242 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
243 243 nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link rhodecode-vcsserver/result rhodecode-vcsserver/default.nix && \
244 244 nix-shell --command 'echo ok' rhodecode-vcsserver/default.nix && \
245 245 VCSSERVER_PATH=/home/$RC_USER/rhodecode-vcsserver && \
246 246 rm -rf $BUILD_BIN_DIR/vcs_bin && ln -s ${VCSSERVER_PATH}/result/bin $BUILD_BIN_DIR/vcs_bin && \
247 247 cp -v ${VCSSERVER_PATH}/configs/production.ini $BUILD_CONF/vcsserver.ini
248 248
249 249 RUN \
250 250 echo "** install build Community ${RHODECODE_VERSION} **" && \
251 251 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
252 252 echo "done"
253 253
254 254 RUN \
255 255 echo "** install build Enterprise ${RHODECODE_VERSION} **" && \
256 256 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
257 257 nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link rhodecode-enterprise-ee/result rhodecode-enterprise-ee/default.nix && \
258 258 nix-shell --command 'echo ok' rhodecode-enterprise-ee/default.nix && \
259 259 RHODECODE_PATH=/home/$RC_USER/rhodecode-enterprise-ee && \
260 260 rm -rf $BUILD_BIN_DIR/bin && ln -s ${RHODECODE_PATH}/result/bin $BUILD_BIN_DIR/ && \
261 261 cp -v ${RHODECODE_PATH}/configs/production.ini $BUILD_CONF/rhodecode.ini && \
262 262 cp -v ${RHODECODE_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf.py && \
263 263 mkdir -p $RHODECODE_DATA_DIR/static && cp -r ${RHODECODE_PATH}/result/etc/static/* $RHODECODE_DATA_DIR/static/
264 264
265 265
266 266 RUN \
267 267 echo "** configure supervisord **" && \
268 268 #cp -v ${SUPERVISOR_CONF} $BUILD_CONF/ && \
269 269 #sed -i "s/self_managed_supervisor = False/self_managed_supervisor = True/g" /home/$RC_USER/.rccontrol.ini && \
270 270 echo "done"
271 271
272 272 USER root
273 273
274 274
275 275 RUN \
276 276 echo "**** cleanup ****" && \
277 277 apt-get remove -y $PYTHON_DEPS && \
278 278 apt-get autoclean -y && \
279 279 rm -f /tmp/* && \
280 280 rm -f /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* && \
281 281 rm -f /home/$RC_USER/.rccontrol/cache/*.bz2 && \
282 282 rm -rf /var/lib/apt/lists/* \
283 283 rm -rf /var/cache/apk/* \
284 284 rm ${SUPERVISOR_CONF}
285 285
286 286 # copy entrypoints
287 287 COPY entrypoints.d/entrypoint.sh /opt/entrypoints.d/entrypoint.sh
288 288 RUN chmod +x /opt/entrypoints.d/entrypoint.sh
289 289
290 290 # config volume
291 291 VOLUME /etc/rhodecode/conf
292 292
293 293 # repo store volume
294 294 VOLUME /var/opt/rhodecode_repo_store
295 295
296 296 # data volume
297 297 VOLUME /var/opt/rhodecode_data
298 298
299 299 # logs volume
300 300 VOLUME /var/log/rhodecode
301 301
302 302 ENTRYPOINT ["/opt/entrypoints.d/entrypoint.sh"]
303 303
304 304 # compose can override this
305 305 CMD ["supervisord", "--nodaemon", "-c", "/etc/rhodecode/conf/supervisord.ini"]
Show file before | Show file after | Hide comments
@@ -1,70 +1,72 b''
1 FROM debian:buster
1 FROM ubuntu:22.04
2 # Using 22.04 LTS Release
2 3 MAINTAINER RhodeCode Inc. <support@rhodecode.com>
3 4
5
4 6 ENV \
5 7 RC_USER=rhodecode \
6 8 MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf
7 9
8 10 RUN \
9 11 echo "** install base svn packages **" && \
10 apk update && \
11 apk add --no-cache \
12 apt-get update && \
13 apt-get install --no-cache \
12 14 tini \
13 15 bash \
14 16 curl \
15 17 apache2 \
16 18 apache2-utils \
17 19 apache2-webdav \
18 20 mod_dav_svn \
19 21 subversion
20 22
21 23 # configure the system user
22 24 # explicitly set uid/gid to guarantee that it won't change in the future
23 25 # the values 999:999 are identical to the current user/group id assigned
24 26 RUN \
25 27 echo "** Create system user $RC_USER **" && \
26 28 groupadd --system --gid 999 $RC_USER && \
27 29 useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER
28 30
29 31
30 32 RUN \
31 33 echo "**** cleanup ****" && \
32 apk del tzdata python2 && \
34 apt-get purge tzdata python2 && \
33 35 rm -f /tmp/* && \
34 36 rm -rf /var/lib/apt/lists/* \
35 37 rm -rf /var/cache/apk/*
36 38
37 39 RUN \
38 40 echo "**** Apache config cleanup ****" && \
39 41 rm -f /etc/apache2/conf.d/info.conf \
40 42 /etc/apache2/conf.d/mpm.conf \
41 43 /etc/apache2/conf.d/userdir.conf
42 44
43 45
44 46 COPY svn/virtualhost.conf /etc/apache2/conf.d/
45 47
46 48 # copy entrypoints
47 49 COPY entrypoints.d/svn-entrypoint.sh /opt/entrypoints.d/svn-entrypoint.sh
48 50 RUN chmod +x /opt/entrypoints.d/svn-entrypoint.sh
49 51
50 52 RUN \
51 53 echo $(strings /usr/lib/apache2/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \
52 54 mkdir -p /run/apache2 && \
53 55 mkdir -p /var/opt/www && \
54 56 echo "export APACHE_RUN_USER=${RC_USER}" > /etc/apache2/envvars && \
55 57 echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \
56 58 sed -i "s/User apache/User ${RC_USER}/g" /etc/apache2/httpd.conf && \
57 59 sed -i "s/Group apache/Group ${RC_USER}/g" /etc/apache2/httpd.conf
58 60
59 61 # repo store volume
60 62 VOLUME /var/opt/rhodecode_repo_store
61 63
62 64 # config volume
63 65 VOLUME /etc/rhodecode/conf
64 66
65 67 # logs volume
66 68 VOLUME /var/log/rhodecode
67 69
68 70 ENTRYPOINT ["/opt/entrypoints.d/svn-entrypoint.sh"]
69 71
70 72 CMD ["apachectl", "-D", "FOREGROUND"]
General Comments 0
You need to be logged in to leave comments. Login now