Show More
@@ -0,0 +1,50 b'' | |||||
|
1 | auth_enabled: false | |||
|
2 | ||||
|
3 | server: | |||
|
4 | http_listen_address: 0.0.0.0 | |||
|
5 | grpc_listen_address: 0.0.0.0 | |||
|
6 | http_listen_port: 3100 | |||
|
7 | grpc_listen_port: 9095 | |||
|
8 | log_level: info | |||
|
9 | ||||
|
10 | common: | |||
|
11 | path_prefix: /tmp/loki | |||
|
12 | storage: | |||
|
13 | filesystem: | |||
|
14 | chunks_directory: /tmp/loki/chunks | |||
|
15 | rules_directory: /tmp/loki/rules | |||
|
16 | replication_factor: 1 | |||
|
17 | ring: | |||
|
18 | instance_addr: 127.0.0.1 | |||
|
19 | kvstore: | |||
|
20 | store: inmemory | |||
|
21 | ||||
|
22 | schema_config: | |||
|
23 | configs: | |||
|
24 | - from: 2020-10-24 | |||
|
25 | store: boltdb-shipper | |||
|
26 | object_store: filesystem | |||
|
27 | schema: v11 | |||
|
28 | index: | |||
|
29 | prefix: index_ | |||
|
30 | period: 24h | |||
|
31 | ||||
|
32 | limits_config: | |||
|
33 | max_streams_per_user: 100000 | |||
|
34 | ||||
|
35 | ingestion_burst_size_mb: 64 | |||
|
36 | ingestion_rate_mb: 512 | |||
|
37 | ||||
|
38 | per_stream_rate_limit: 512M | |||
|
39 | per_stream_rate_limit_burst: 1024M | |||
|
40 | max_entries_limit_per_query: 1000000 | |||
|
41 | max_label_value_length: 20480 | |||
|
42 | max_label_name_length: 10240 | |||
|
43 | ||||
|
44 | ruler: | |||
|
45 | alertmanager_url: http://localhost:9093 | |||
|
46 | ||||
|
47 | # If you would like to disable reporting, uncomment the following lines: | |||
|
48 | #analytics: | |||
|
49 | # reporting_enabled: false | |||
|
50 |
@@ -0,0 +1,38 b'' | |||||
|
1 | server: | |||
|
2 | http_listen_port: 9080 | |||
|
3 | grpc_listen_port: 0 | |||
|
4 | ||||
|
5 | # Describes how to save read file offsets to disk | |||
|
6 | positions: | |||
|
7 | filename: /tmp/positions.yaml | |||
|
8 | ||||
|
9 | clients: | |||
|
10 | - url: http://loki:3100/loki/api/v1/push | |||
|
11 | tenant_id: docker | |||
|
12 | ||||
|
13 | ## Definition to what to scrape | |||
|
14 | scrape_configs: | |||
|
15 | ||||
|
16 | - job_name: scraping_nginx | |||
|
17 | static_configs: | |||
|
18 | - targets: | |||
|
19 | - localhost | |||
|
20 | labels: | |||
|
21 | __path__: /var/log_volume/nginx/rhodecode* | |||
|
22 | job: nginx | |||
|
23 | ||||
|
24 | - job_name: scraping_vcsserver | |||
|
25 | static_configs: | |||
|
26 | - targets: | |||
|
27 | - localhost | |||
|
28 | labels: | |||
|
29 | __path__: /var/log_volume/apps/rhodecode* | |||
|
30 | job: rhodecode | |||
|
31 | ||||
|
32 | - job_name: scraping_rhodecode | |||
|
33 | static_configs: | |||
|
34 | - targets: | |||
|
35 | - localhost | |||
|
36 | labels: | |||
|
37 | __path__: /var/log_volume/apps/vcsserver* | |||
|
38 | job: vcsserver No newline at end of file |
@@ -0,0 +1,31 b'' | |||||
|
1 | defaults: | |||
|
2 | # metrics expiration | |||
|
3 | ttl: 48h | |||
|
4 | ||||
|
5 | mappings: | |||
|
6 | ||||
|
7 | - match: "*.histogram" | |||
|
8 | name: "${1}" | |||
|
9 | observer_type: histogram | |||
|
10 | histogram_options: | |||
|
11 | buckets: [.1, .25, .5, .75, 1, 1.5, 2, 5, 10] | |||
|
12 | ||||
|
13 | - match: "*.slow_histogram" | |||
|
14 | name: "${1}" | |||
|
15 | observer_type: histogram | |||
|
16 | histogram_options: | |||
|
17 | buckets: [.1, .25, .5, 1, 2, 5, 10, 30, 60] | |||
|
18 | ||||
|
19 | - match: "*.summary" | |||
|
20 | name: "${1}" | |||
|
21 | observer_type: summary | |||
|
22 | summary_options: | |||
|
23 | quantiles: | |||
|
24 | - quantile: 0.99 | |||
|
25 | error: 0.001 | |||
|
26 | - quantile: 0.95 | |||
|
27 | error: 0.01 | |||
|
28 | - quantile: 0.9 | |||
|
29 | error: 0.05 | |||
|
30 | - quantile: 0.5 | |||
|
31 | error: 0.005 |
1 | NO CONTENT: new file 100644 |
|
NO CONTENT: new file 100644 |
@@ -1,10 +1,17 b'' | |||||
1 | global: |
|
1 | global: | |
2 |
scrape_interval: 1 |
|
2 | scrape_interval: 15s | |
3 |
evaluation_interval: 1 |
|
3 | evaluation_interval: 15s | |
4 |
|
4 | |||
5 | scrape_configs: |
|
5 | scrape_configs: | |
6 | # Scrape statsd exporter |
|
6 | ||
|
7 | # Scrape statsd exporter from RhodeCode | |||
7 | - job_name: "rhodecode_metrics" |
|
8 | - job_name: "rhodecode_metrics" | |
8 | metrics_path: "/metrics" |
|
9 | metrics_path: "/metrics" | |
9 | static_configs: |
|
10 | static_configs: | |
10 | - targets: ["statsd-exporter:9102"] |
|
11 | - targets: ["statsd-exporter:9102"] | |
|
12 | ||||
|
13 | # scrape node exporter | |||
|
14 | - job_name: node_metrics | |||
|
15 | metrics_path: "/metrics" | |||
|
16 | static_configs: | |||
|
17 | - targets: ["node-exporter:9100"] |
@@ -1,68 +1,75 b'' | |||||
1 | #!/usr/bin/env bash |
|
1 | #!/usr/bin/env bash | |
2 | set -euo pipefail |
|
2 | set -euo pipefail | |
3 | IFS=$'\n\t' |
|
3 | IFS=$'\n\t' | |
4 | CURRENT_USER_UID=$(id -u) |
|
4 | CURRENT_USER_UID=$(id -u) | |
5 | CURRENT_USER_GID=$(id -g) |
|
5 | CURRENT_USER_GID=$(id -g) | |
6 | USER_UID=${USER_UID:-$CURRENT_USER_UID} |
|
6 | USER_UID=${USER_UID:-$CURRENT_USER_UID} | |
7 | USER_GID=${USER_GID:-$CURRENT_USER_GID} |
|
7 | USER_GID=${USER_GID:-$CURRENT_USER_GID} | |
8 | CMD="docker-compose -f docker-compose.yml" |
|
8 | CMD="docker-compose -f docker-compose.yml" | |
9 | BUILD_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml" |
|
9 | BUILD_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml" | |
10 | DEV_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml -f docker-compose.dev.yaml" |
|
10 | DEV_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml -f docker-compose.dev.yaml" | |
|
11 | DEV_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml -f docker-compose.dev.yaml" | |||
|
12 | METRICS_CMD="docker-compose -f docker-compose-grafana.yaml" | |||
11 |
|
13 | |||
12 | usage="$(basename "$0") ./dev.sh <COMMAND> -- run docker command |
|
14 | usage="$(basename "$0") ./dev.sh <COMMAND> -- run docker command | |
13 | where <COMMAND>: |
|
15 | where <COMMAND>: | |
14 | [v]cs -- run bash console for vcsserver |
|
16 | [v]cs -- run bash console for vcsserver | |
15 | [r]c -- run bash console for rhodecode-ee |
|
17 | [r]c -- run bash console for rhodecode-ee | |
16 | ce -- run bash console for rhodecode-ce |
|
18 | ce -- run bash console for rhodecode-ce | |
17 | [t]est[s] -- run bash console for rhodecode-ce tests |
|
19 | [t]est[s] -- run bash console for rhodecode-ce tests | |
18 | test-mysql -- run bash console for rhodecode-ce tests with mysql |
|
20 | test-mysql -- run bash console for rhodecode-ce tests with mysql | |
19 | test-pgsql -- run bash console for rhodecode-ce tests with postgres |
|
21 | test-pgsql -- run bash console for rhodecode-ce tests with postgres | |
20 | dev-build -- build rhodecode dev app for use without cache use |
|
22 | dev-build -- build rhodecode dev app for use without cache use | |
21 | dev-env -- run the dev stack required for development |
|
23 | dev-env -- run the dev stack required for development | |
22 | redis -- run the redis CLI attached to rc_cluster_redis_1 |
|
24 | redis -- run the redis CLI attached to rc_cluster_redis_1 | |
23 | db -- run the db bash attached to rc_cluster_database_1 |
|
25 | db -- run the db bash attached to rc_cluster_database_1 | |
|
26 | [m]etrics -- run the metrics stack | |||
24 | run <cmd> -- run <cmd>" |
|
27 | run <cmd> -- run <cmd>" | |
25 |
|
28 | |||
26 | case ${1:-} in |
|
29 | case ${1:-} in | |
27 | v|vcs ) |
|
30 | v|vcs ) | |
28 |
eval "(docker stop vcsserver |
|
31 | eval "(docker stop dev-vcsserver || echo skip-stop ) && ${DEV_CMD} run --service-ports --rm --use-aliases --workdir="/home/rhodecode/rhodecode-vcsserver" --name="dev-vcsserver" vcsserver bash" | |
29 | exit |
|
32 | exit | |
30 | ;; |
|
33 | ;; | |
31 | r|rc ) |
|
34 | r|rc ) | |
32 |
eval "(docker stop enterprise-ee |
|
35 | eval "(docker stop dev-enterprise-ee || echo skip-stop ) && ${DEV_CMD} run --publish 8080:8080 --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ee" --name="dev-enterprise-ee" rhodecode bash" | |
33 | exit |
|
36 | exit | |
34 | ;; |
|
37 | ;; | |
35 | ce ) |
|
38 | ce ) | |
36 |
eval "(docker stop enterprise-ce |
|
39 | eval "(docker stop dev-enterprise-ce || echo skip-stop ) && ${DEV_CMD} run --publish 8081:8080 --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ce" --name="dev-enterprise-ce" rhodecode bash" | |
37 | exit |
|
40 | exit | |
38 | ;; |
|
41 | ;; | |
39 | t|test|tests ) |
|
42 | t|test|tests ) | |
40 | eval "${DEV_CMD} run --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ce" --name="enterprise-dev-test" rhodecode bash" |
|
43 | eval "${DEV_CMD} run --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ce" --name="enterprise-dev-test" rhodecode bash" | |
41 | exit |
|
44 | exit | |
42 | ;; |
|
45 | ;; | |
43 | dev-build ) |
|
46 | dev-build ) | |
44 | eval "${BUILD_CMD} up --detach database && ${BUILD_CMD} build --no-cache --progress=plain rhodecode" |
|
47 | eval "${BUILD_CMD} up --detach database && ${BUILD_CMD} build --no-cache --progress=plain rhodecode" | |
45 | exit |
|
48 | exit | |
46 | ;; |
|
49 | ;; | |
47 | dev-env ) |
|
50 | dev-env ) | |
48 | eval "${BUILD_CMD} up --detach database redis channelstream nginx celery beat elasticsearch" |
|
51 | eval "${BUILD_CMD} up --detach database redis channelstream nginx celery beat elasticsearch" | |
49 | exit |
|
52 | exit | |
50 | ;; |
|
53 | ;; | |
51 | redis ) |
|
54 | redis ) | |
52 | eval "docker exec --interactive --tty rc_cluster_redis_1 redis-cli" |
|
55 | eval "docker exec --interactive --tty rc_cluster_redis_1 redis-cli" | |
53 | exit |
|
56 | exit | |
54 | ;; |
|
57 | ;; | |
55 | db ) |
|
58 | db ) | |
56 | eval "docker exec --interactive --tty rc_cluster_database_1 /bin/bash -c 'psql -U $$POSTGRES_USER' " |
|
59 | eval "docker exec --interactive --tty rc_cluster_database_1 /bin/bash -c 'psql -U $$POSTGRES_USER' " | |
57 | exit |
|
60 | exit | |
58 | ;; |
|
61 | ;; | |
|
62 | m|metrics ) | |||
|
63 | eval "${METRICS_CMD} up --detach" | |||
|
64 | exit | |||
|
65 | ;; | |||
59 | run ) |
|
66 | run ) | |
60 | command=${@:2} |
|
67 | command=${@:2} | |
61 | eval "${DEV_CMD} run --rm rhodecode ${command}" |
|
68 | eval "${DEV_CMD} run --rm rhodecode ${command}" | |
62 | exit |
|
69 | exit | |
63 | ;; |
|
70 | ;; | |
64 | * ) |
|
71 | * ) | |
65 | echo "${usage}" |
|
72 | echo "${usage}" | |
66 | exit |
|
73 | exit | |
67 | ;; |
|
74 | ;; | |
68 | esac |
|
75 | esac |
@@ -1,58 +1,110 b'' | |||||
1 | version: '3.9' |
|
1 | version: '3.9' | |
2 |
|
2 | |||
3 | volumes: |
|
3 | volumes: | |
4 | prometheus_data: {} |
|
4 | prometheus_data: {} | |
5 | grafana_data: {} |
|
5 | grafana_data: {} | |
|
6 | logvolume: | |||
|
7 | driver: local | |||
|
8 | driver_opts: | |||
|
9 | type: none | |||
|
10 | o: bind | |||
|
11 | device: $PWD/logs | |||
6 |
|
12 | |||
7 | networks: |
|
13 | networks: | |
8 | rhodecode_network: |
|
14 | rhodecode_network: | |
9 | name: rhodecode_network |
|
15 | name: rhodecode_network | |
10 |
|
16 | |||
11 |
|
17 | |||
12 | services: |
|
18 | services: | |
13 |
|
19 | |||
14 | statsd-exporter: |
|
20 | statsd-exporter: | |
15 | image: prom/statsd-exporter:v0.22.8 |
|
21 | image: prom/statsd-exporter:v0.22.8 | |
16 | restart: unless-stopped |
|
22 | restart: unless-stopped | |
17 | command: [ |
|
23 | command: [ | |
18 |
'--statsd.mapping-config=/statsd/statsd. |
|
24 | '--statsd.mapping-config=/statsd/statsd.yaml', | |
19 | '--statsd.listen-udp=:9125', |
|
25 | '--statsd.listen-udp=:9125', | |
20 | '--web.listen-address=:9102' |
|
26 | '--web.listen-address=:9102' | |
21 | ] |
|
27 | ] | |
22 | networks: |
|
28 | networks: | |
23 | - rhodecode_network |
|
29 | - rhodecode_network | |
24 | ports: |
|
30 | ports: | |
25 | - "9125:9125/udp" |
|
31 | - "127.0.0.1:9125:9125/udp" | |
26 | - "9102:9102" |
|
32 | - "127.0.0.1:9102:9102" | |
27 | volumes: |
|
33 | volumes: | |
28 |
- ./config/statsd-exporter |
|
34 | - ./config/statsd-exporter:/statsd | |
|
35 | ||||
|
36 | node-exporter: | |||
|
37 | image: prom/node-exporter:v1.4.0 | |||
|
38 | command: | |||
|
39 | - "--path.procfs=/host/proc" | |||
|
40 | - "--path.rootfs=/rootfs" | |||
|
41 | - "--path.sysfs=/host/sys" | |||
|
42 | - "--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)" | |||
|
43 | - "--collector.systemd" | |||
|
44 | - "--collector.processes" | |||
|
45 | networks: | |||
|
46 | - rhodecode_network | |||
|
47 | pid: host | |||
|
48 | restart: unless-stopped | |||
|
49 | ports: | |||
|
50 | - "127.0.0.1:9100:9100" | |||
|
51 | volumes: | |||
|
52 | - "/proc:/host/proc:ro" | |||
|
53 | - "/sys:/host/sys:ro" | |||
|
54 | - "/:/rootfs:ro" | |||
29 |
|
55 | |||
30 | prometheus: |
|
56 | prometheus: | |
31 | image: prom/prometheus:v2.39.1 |
|
57 | image: prom/prometheus:v2.39.1 | |
32 | restart: unless-stopped |
|
58 | restart: unless-stopped | |
33 | command: |
|
59 | command: | |
34 | - "--config.file=/etc/prometheus/prometheus.yml" |
|
60 | - "--config.file=/etc/prometheus/prometheus.yml" | |
35 | - "--storage.tsdb.path=/prometheus" |
|
61 | - "--storage.tsdb.path=/prometheus" | |
36 | - "--web.console.libraries=/etc/prometheus/console_libraries" |
|
62 | - "--web.console.libraries=/etc/prometheus/console_libraries" | |
37 | - "--web.console.templates=/etc/prometheus/consoles" |
|
63 | - "--web.console.templates=/etc/prometheus/consoles" | |
38 | - "--storage.tsdb.retention.time=24h" |
|
64 | - "--storage.tsdb.retention.time=24h" | |
39 | - "--web.enable-lifecycle" |
|
65 | - "--web.enable-lifecycle" | |
40 | ports: |
|
66 | ports: | |
41 | - "9090:9090" |
|
67 | - "127.0.0.1:9090:9090" | |
42 | networks: |
|
68 | networks: | |
43 | - rhodecode_network |
|
69 | - rhodecode_network | |
44 | volumes: |
|
70 | volumes: | |
45 | - ./config/prometheus:/etc/prometheus |
|
71 | - ./config/prometheus:/etc/prometheus | |
46 | - prometheus_data:/prometheus |
|
72 | - prometheus_data:/prometheus | |
47 |
|
73 | |||
48 | grafana: |
|
74 | grafana: | |
49 |
image: grafana/grafana:9. |
|
75 | image: grafana/grafana:9.2.1-ubuntu | |
50 | restart: unless-stopped |
|
76 | restart: unless-stopped | |
51 | env_file: |
|
77 | env_file: | |
52 | - ./config/grafana/grafana.env |
|
78 | - ./config/grafana/grafana.env | |
53 | ports: |
|
79 | ports: | |
54 |
- " |
|
80 | - "4000:3000" | |
55 | volumes: |
|
81 | volumes: | |
56 | - grafana_data:/var/lib/grafana |
|
82 | - grafana_data:/var/lib/grafana | |
57 | networks: |
|
83 | networks: | |
58 | - rhodecode_network |
|
84 | - rhodecode_network | |
|
85 | ||||
|
86 | loki: | |||
|
87 | image: grafana/loki:2.6.1 | |||
|
88 | restart: unless-stopped | |||
|
89 | ports: | |||
|
90 | - "127.0.0.1:3100:3100" | |||
|
91 | - "127.0.0.1:9095:9095" | |||
|
92 | command: [ | |||
|
93 | "-config.file=/etc/loki/loki-config.yaml" | |||
|
94 | ] | |||
|
95 | networks: | |||
|
96 | - rhodecode_network | |||
|
97 | volumes: | |||
|
98 | - ./config/loki:/etc/loki | |||
|
99 | ||||
|
100 | promtail: | |||
|
101 | image: grafana/promtail:latest | |||
|
102 | command: [ | |||
|
103 | "-config.file=/etc/promtail/promtail-config.yaml" | |||
|
104 | ] | |||
|
105 | networks: | |||
|
106 | - rhodecode_network | |||
|
107 | volumes: | |||
|
108 | - /var/log:/var/log | |||
|
109 | - logvolume:/var/log_volume | |||
|
110 | - ./config/loki:/etc/promtail |
@@ -1,808 +1,808 b'' | |||||
1 | # ----------------------------- |
|
1 | # ----------------------------- | |
2 | # PostgreSQL configuration file |
|
2 | # PostgreSQL configuration file | |
3 | # ----------------------------- |
|
3 | # ----------------------------- | |
4 | # |
|
4 | # | |
5 | # This file consists of lines of the form: |
|
5 | # This file consists of lines of the form: | |
6 | # |
|
6 | # | |
7 | # name = value |
|
7 | # name = value | |
8 | # |
|
8 | # | |
9 | # (The "=" is optional.) Whitespace may be used. Comments are introduced with |
|
9 | # (The "=" is optional.) Whitespace may be used. Comments are introduced with | |
10 | # "#" anywhere on a line. The complete list of parameter names and allowed |
|
10 | # "#" anywhere on a line. The complete list of parameter names and allowed | |
11 | # values can be found in the PostgreSQL documentation. |
|
11 | # values can be found in the PostgreSQL documentation. | |
12 | # |
|
12 | # | |
13 | # The commented-out settings shown in this file represent the default values. |
|
13 | # The commented-out settings shown in this file represent the default values. | |
14 | # Re-commenting a setting is NOT sufficient to revert it to the default value; |
|
14 | # Re-commenting a setting is NOT sufficient to revert it to the default value; | |
15 | # you need to reload the server. |
|
15 | # you need to reload the server. | |
16 | # |
|
16 | # | |
17 | # This file is read on server startup and when the server receives a SIGHUP |
|
17 | # This file is read on server startup and when the server receives a SIGHUP | |
18 | # signal. If you edit the file on a running system, you have to SIGHUP the |
|
18 | # signal. If you edit the file on a running system, you have to SIGHUP the | |
19 | # server for the changes to take effect, run "pg_ctl reload", or execute |
|
19 | # server for the changes to take effect, run "pg_ctl reload", or execute | |
20 | # "SELECT pg_reload_conf()". Some parameters, which are marked below, |
|
20 | # "SELECT pg_reload_conf()". Some parameters, which are marked below, | |
21 | # require a server shutdown and restart to take effect. |
|
21 | # require a server shutdown and restart to take effect. | |
22 | # |
|
22 | # | |
23 | # Any parameter can also be given as a command-line option to the server, e.g., |
|
23 | # Any parameter can also be given as a command-line option to the server, e.g., | |
24 | # "postgres -c log_connections=on". Some parameters can be changed at run time |
|
24 | # "postgres -c log_connections=on". Some parameters can be changed at run time | |
25 | # with the "SET" SQL command. |
|
25 | # with the "SET" SQL command. | |
26 | # |
|
26 | # | |
27 | # Memory units: B = bytes Time units: us = microseconds |
|
27 | # Memory units: B = bytes Time units: us = microseconds | |
28 | # kB = kilobytes ms = milliseconds |
|
28 | # kB = kilobytes ms = milliseconds | |
29 | # MB = megabytes s = seconds |
|
29 | # MB = megabytes s = seconds | |
30 | # GB = gigabytes min = minutes |
|
30 | # GB = gigabytes min = minutes | |
31 | # TB = terabytes h = hours |
|
31 | # TB = terabytes h = hours | |
32 | # d = days |
|
32 | # d = days | |
33 |
|
33 | |||
34 |
|
34 | |||
35 | #------------------------------------------------------------------------------ |
|
35 | #------------------------------------------------------------------------------ | |
36 | # FILE LOCATIONS |
|
36 | # FILE LOCATIONS | |
37 | #------------------------------------------------------------------------------ |
|
37 | #------------------------------------------------------------------------------ | |
38 |
|
38 | |||
39 | # The default values of these variables are driven from the -D command-line |
|
39 | # The default values of these variables are driven from the -D command-line | |
40 | # option or PGDATA environment variable, represented here as ConfigDir. |
|
40 | # option or PGDATA environment variable, represented here as ConfigDir. | |
41 |
|
41 | |||
42 | #data_directory = 'ConfigDir' # use data in another directory |
|
42 | #data_directory = 'ConfigDir' # use data in another directory | |
43 | # (change requires restart) |
|
43 | # (change requires restart) | |
44 | #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file |
|
44 | #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file | |
45 | # (change requires restart) |
|
45 | # (change requires restart) | |
46 | #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file |
|
46 | #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file | |
47 | # (change requires restart) |
|
47 | # (change requires restart) | |
48 |
|
48 | |||
49 | # If external_pid_file is not explicitly set, no extra PID file is written. |
|
49 | # If external_pid_file is not explicitly set, no extra PID file is written. | |
50 | #external_pid_file = '' # write an extra PID file |
|
50 | #external_pid_file = '' # write an extra PID file | |
51 | # (change requires restart) |
|
51 | # (change requires restart) | |
52 |
|
52 | |||
53 |
|
53 | |||
54 | #------------------------------------------------------------------------------ |
|
54 | #------------------------------------------------------------------------------ | |
55 | # CONNECTIONS AND AUTHENTICATION |
|
55 | # CONNECTIONS AND AUTHENTICATION | |
56 | #------------------------------------------------------------------------------ |
|
56 | #------------------------------------------------------------------------------ | |
57 |
|
57 | |||
58 | # - Connection Settings - |
|
58 | # - Connection Settings - | |
59 |
|
59 | |||
60 | listen_addresses = '*' |
|
60 | listen_addresses = '*' | |
61 | # comma-separated list of addresses; |
|
61 | # comma-separated list of addresses; | |
62 | # defaults to 'localhost'; use '*' for all |
|
62 | # defaults to 'localhost'; use '*' for all | |
63 | # (change requires restart) |
|
63 | # (change requires restart) | |
64 | #port = 5432 # (change requires restart) |
|
64 | #port = 5432 # (change requires restart) | |
65 | #max_connections = 100 # (change requires restart) |
|
65 | #max_connections = 100 # (change requires restart) | |
66 | #superuser_reserved_connections = 3 # (change requires restart) |
|
66 | #superuser_reserved_connections = 3 # (change requires restart) | |
67 | #unix_socket_directories = '/tmp' # comma-separated list of directories |
|
67 | #unix_socket_directories = '/tmp' # comma-separated list of directories | |
68 | # (change requires restart) |
|
68 | # (change requires restart) | |
69 | #unix_socket_group = '' # (change requires restart) |
|
69 | #unix_socket_group = '' # (change requires restart) | |
70 | #unix_socket_permissions = 0777 # begin with 0 to use octal notation |
|
70 | #unix_socket_permissions = 0777 # begin with 0 to use octal notation | |
71 | # (change requires restart) |
|
71 | # (change requires restart) | |
72 | #bonjour = off # advertise server via Bonjour |
|
72 | #bonjour = off # advertise server via Bonjour | |
73 | # (change requires restart) |
|
73 | # (change requires restart) | |
74 | #bonjour_name = '' # defaults to the computer name |
|
74 | #bonjour_name = '' # defaults to the computer name | |
75 | # (change requires restart) |
|
75 | # (change requires restart) | |
76 |
|
76 | |||
77 | # - TCP settings - |
|
77 | # - TCP settings - | |
78 | # see "man tcp" for details |
|
78 | # see "man tcp" for details | |
79 |
|
79 | |||
80 | #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; |
|
80 | #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; | |
81 | # 0 selects the system default |
|
81 | # 0 selects the system default | |
82 | #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; |
|
82 | #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; | |
83 | # 0 selects the system default |
|
83 | # 0 selects the system default | |
84 | #tcp_keepalives_count = 0 # TCP_KEEPCNT; |
|
84 | #tcp_keepalives_count = 0 # TCP_KEEPCNT; | |
85 | # 0 selects the system default |
|
85 | # 0 selects the system default | |
86 | #tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; |
|
86 | #tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; | |
87 | # 0 selects the system default |
|
87 | # 0 selects the system default | |
88 |
|
88 | |||
89 | #client_connection_check_interval = 0 # time between checks for client |
|
89 | #client_connection_check_interval = 0 # time between checks for client | |
90 | # disconnection while running queries; |
|
90 | # disconnection while running queries; | |
91 | # 0 for never |
|
91 | # 0 for never | |
92 |
|
92 | |||
93 | # - Authentication - |
|
93 | # - Authentication - | |
94 |
|
94 | |||
95 | #authentication_timeout = 1min # 1s-600s |
|
95 | #authentication_timeout = 1min # 1s-600s | |
96 | #password_encryption = scram-sha-256 # scram-sha-256 or md5 |
|
96 | #password_encryption = scram-sha-256 # scram-sha-256 or md5 | |
97 | #db_user_namespace = off |
|
97 | #db_user_namespace = off | |
98 |
|
98 | |||
99 | # GSSAPI using Kerberos |
|
99 | # GSSAPI using Kerberos | |
100 | #krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab' |
|
100 | #krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab' | |
101 | #krb_caseins_users = off |
|
101 | #krb_caseins_users = off | |
102 |
|
102 | |||
103 | # - SSL - |
|
103 | # - SSL - | |
104 |
|
104 | |||
105 | #ssl = off |
|
105 | #ssl = off | |
106 | #ssl_ca_file = '' |
|
106 | #ssl_ca_file = '' | |
107 | #ssl_cert_file = 'server.crt' |
|
107 | #ssl_cert_file = 'server.crt' | |
108 | #ssl_crl_file = '' |
|
108 | #ssl_crl_file = '' | |
109 | #ssl_crl_dir = '' |
|
109 | #ssl_crl_dir = '' | |
110 | #ssl_key_file = 'server.key' |
|
110 | #ssl_key_file = 'server.key' | |
111 | #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers |
|
111 | #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers | |
112 | #ssl_prefer_server_ciphers = on |
|
112 | #ssl_prefer_server_ciphers = on | |
113 | #ssl_ecdh_curve = 'prime256v1' |
|
113 | #ssl_ecdh_curve = 'prime256v1' | |
114 | #ssl_min_protocol_version = 'TLSv1.2' |
|
114 | #ssl_min_protocol_version = 'TLSv1.2' | |
115 | #ssl_max_protocol_version = '' |
|
115 | #ssl_max_protocol_version = '' | |
116 | #ssl_dh_params_file = '' |
|
116 | #ssl_dh_params_file = '' | |
117 | #ssl_passphrase_command = '' |
|
117 | #ssl_passphrase_command = '' | |
118 | #ssl_passphrase_command_supports_reload = off |
|
118 | #ssl_passphrase_command_supports_reload = off | |
119 |
|
119 | |||
120 |
|
120 | |||
121 | #------------------------------------------------------------------------------ |
|
121 | #------------------------------------------------------------------------------ | |
122 | # RESOURCE USAGE (except WAL) |
|
122 | # RESOURCE USAGE (except WAL) | |
123 | #------------------------------------------------------------------------------ |
|
123 | #------------------------------------------------------------------------------ | |
124 |
|
124 | |||
125 | # - Memory - |
|
125 | # - Memory - | |
126 |
|
126 | |||
127 | #shared_buffers = 32MB # min 128kB |
|
127 | #shared_buffers = 32MB # min 128kB | |
128 | # (change requires restart) |
|
128 | # (change requires restart) | |
129 | #huge_pages = try # on, off, or try |
|
129 | #huge_pages = try # on, off, or try | |
130 | # (change requires restart) |
|
130 | # (change requires restart) | |
131 | #huge_page_size = 0 # zero for system default |
|
131 | #huge_page_size = 0 # zero for system default | |
132 | # (change requires restart) |
|
132 | # (change requires restart) | |
133 | #temp_buffers = 8MB # min 800kB |
|
133 | #temp_buffers = 8MB # min 800kB | |
134 | #max_prepared_transactions = 0 # zero disables the feature |
|
134 | #max_prepared_transactions = 0 # zero disables the feature | |
135 | # (change requires restart) |
|
135 | # (change requires restart) | |
136 | # Caution: it is not advisable to set max_prepared_transactions nonzero unless |
|
136 | # Caution: it is not advisable to set max_prepared_transactions nonzero unless | |
137 | # you actively intend to use prepared transactions. |
|
137 | # you actively intend to use prepared transactions. | |
138 | #work_mem = 4MB # min 64kB |
|
138 | #work_mem = 4MB # min 64kB | |
139 | #hash_mem_multiplier = 1.0 # 1-1000.0 multiplier on hash table work_mem |
|
139 | #hash_mem_multiplier = 1.0 # 1-1000.0 multiplier on hash table work_mem | |
140 | #maintenance_work_mem = 64MB # min 1MB |
|
140 | #maintenance_work_mem = 64MB # min 1MB | |
141 | #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem |
|
141 | #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem | |
142 | #logical_decoding_work_mem = 64MB # min 64kB |
|
142 | #logical_decoding_work_mem = 64MB # min 64kB | |
143 | #max_stack_depth = 2MB # min 100kB |
|
143 | #max_stack_depth = 2MB # min 100kB | |
144 | #shared_memory_type = mmap # the default is the first option |
|
144 | #shared_memory_type = mmap # the default is the first option | |
145 | # supported by the operating system: |
|
145 | # supported by the operating system: | |
146 | # mmap |
|
146 | # mmap | |
147 | # sysv |
|
147 | # sysv | |
148 | # windows |
|
148 | # windows | |
149 | # (change requires restart) |
|
149 | # (change requires restart) | |
150 | #dynamic_shared_memory_type = posix # the default is the first option |
|
150 | #dynamic_shared_memory_type = posix # the default is the first option | |
151 | # supported by the operating system: |
|
151 | # supported by the operating system: | |
152 | # posix |
|
152 | # posix | |
153 | # sysv |
|
153 | # sysv | |
154 | # windows |
|
154 | # windows | |
155 | # mmap |
|
155 | # mmap | |
156 | # (change requires restart) |
|
156 | # (change requires restart) | |
157 | #min_dynamic_shared_memory = 0MB # (change requires restart) |
|
157 | #min_dynamic_shared_memory = 0MB # (change requires restart) | |
158 |
|
158 | |||
159 | # - Disk - |
|
159 | # - Disk - | |
160 |
|
160 | |||
161 | #temp_file_limit = -1 # limits per-process temp file space |
|
161 | #temp_file_limit = -1 # limits per-process temp file space | |
162 | # in kilobytes, or -1 for no limit |
|
162 | # in kilobytes, or -1 for no limit | |
163 |
|
163 | |||
164 | # - Kernel Resources - |
|
164 | # - Kernel Resources - | |
165 |
|
165 | |||
166 | #max_files_per_process = 1000 # min 64 |
|
166 | #max_files_per_process = 1000 # min 64 | |
167 | # (change requires restart) |
|
167 | # (change requires restart) | |
168 |
|
168 | |||
169 | # - Cost-Based Vacuum Delay - |
|
169 | # - Cost-Based Vacuum Delay - | |
170 |
|
170 | |||
171 | #vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) |
|
171 | #vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) | |
172 | #vacuum_cost_page_hit = 1 # 0-10000 credits |
|
172 | #vacuum_cost_page_hit = 1 # 0-10000 credits | |
173 | #vacuum_cost_page_miss = 2 # 0-10000 credits |
|
173 | #vacuum_cost_page_miss = 2 # 0-10000 credits | |
174 | #vacuum_cost_page_dirty = 20 # 0-10000 credits |
|
174 | #vacuum_cost_page_dirty = 20 # 0-10000 credits | |
175 | #vacuum_cost_limit = 200 # 1-10000 credits |
|
175 | #vacuum_cost_limit = 200 # 1-10000 credits | |
176 |
|
176 | |||
177 | # - Background Writer - |
|
177 | # - Background Writer - | |
178 |
|
178 | |||
179 | #bgwriter_delay = 200ms # 10-10000ms between rounds |
|
179 | #bgwriter_delay = 200ms # 10-10000ms between rounds | |
180 | #bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables |
|
180 | #bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables | |
181 | #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round |
|
181 | #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round | |
182 | #bgwriter_flush_after = 0 # measured in pages, 0 disables |
|
182 | #bgwriter_flush_after = 0 # measured in pages, 0 disables | |
183 |
|
183 | |||
184 | # - Asynchronous Behavior - |
|
184 | # - Asynchronous Behavior - | |
185 |
|
185 | |||
186 | #backend_flush_after = 0 # measured in pages, 0 disables |
|
186 | #backend_flush_after = 0 # measured in pages, 0 disables | |
187 | #effective_io_concurrency = 1 # 1-1000; 0 disables prefetching |
|
187 | #effective_io_concurrency = 1 # 1-1000; 0 disables prefetching | |
188 | #maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching |
|
188 | #maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching | |
189 | #max_worker_processes = 8 # (change requires restart) |
|
189 | #max_worker_processes = 8 # (change requires restart) | |
190 | #max_parallel_workers_per_gather = 2 # taken from max_parallel_workers |
|
190 | #max_parallel_workers_per_gather = 2 # taken from max_parallel_workers | |
191 | #max_parallel_maintenance_workers = 2 # taken from max_parallel_workers |
|
191 | #max_parallel_maintenance_workers = 2 # taken from max_parallel_workers | |
192 | #max_parallel_workers = 8 # maximum number of max_worker_processes that |
|
192 | #max_parallel_workers = 8 # maximum number of max_worker_processes that | |
193 | # can be used in parallel operations |
|
193 | # can be used in parallel operations | |
194 | #parallel_leader_participation = on |
|
194 | #parallel_leader_participation = on | |
195 | #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate |
|
195 | #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate | |
196 | # (change requires restart) |
|
196 | # (change requires restart) | |
197 |
|
197 | |||
198 |
|
198 | |||
199 | #------------------------------------------------------------------------------ |
|
199 | #------------------------------------------------------------------------------ | |
200 | # WRITE-AHEAD LOG |
|
200 | # WRITE-AHEAD LOG | |
201 | #------------------------------------------------------------------------------ |
|
201 | #------------------------------------------------------------------------------ | |
202 |
|
202 | |||
203 | # - Settings - |
|
203 | # - Settings - | |
204 |
|
204 | |||
205 | #wal_level = replica # minimal, replica, or logical |
|
205 | #wal_level = replica # minimal, replica, or logical | |
206 | # (change requires restart) |
|
206 | # (change requires restart) | |
207 | #fsync = on # flush data to disk for crash safety |
|
207 | #fsync = on # flush data to disk for crash safety | |
208 | # (turning this off can cause |
|
208 | # (turning this off can cause | |
209 | # unrecoverable data corruption) |
|
209 | # unrecoverable data corruption) | |
210 | #synchronous_commit = on # synchronization level; |
|
210 | #synchronous_commit = on # synchronization level; | |
211 | # off, local, remote_write, remote_apply, or on |
|
211 | # off, local, remote_write, remote_apply, or on | |
212 | #wal_sync_method = fsync # the default is the first option |
|
212 | #wal_sync_method = fsync # the default is the first option | |
213 | # supported by the operating system: |
|
213 | # supported by the operating system: | |
214 | # open_datasync |
|
214 | # open_datasync | |
215 | # fdatasync (default on Linux and FreeBSD) |
|
215 | # fdatasync (default on Linux and FreeBSD) | |
216 | # fsync |
|
216 | # fsync | |
217 | # fsync_writethrough |
|
217 | # fsync_writethrough | |
218 | # open_sync |
|
218 | # open_sync | |
219 | #full_page_writes = on # recover from partial page writes |
|
219 | #full_page_writes = on # recover from partial page writes | |
220 | #wal_log_hints = off # also do full page writes of non-critical updates |
|
220 | #wal_log_hints = off # also do full page writes of non-critical updates | |
221 | # (change requires restart) |
|
221 | # (change requires restart) | |
222 | #wal_compression = off # enable compression of full-page writes |
|
222 | #wal_compression = off # enable compression of full-page writes | |
223 | #wal_init_zero = on # zero-fill new WAL files |
|
223 | #wal_init_zero = on # zero-fill new WAL files | |
224 | #wal_recycle = on # recycle WAL files |
|
224 | #wal_recycle = on # recycle WAL files | |
225 | #wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers |
|
225 | #wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers | |
226 | # (change requires restart) |
|
226 | # (change requires restart) | |
227 | #wal_writer_delay = 200ms # 1-10000 milliseconds |
|
227 | #wal_writer_delay = 200ms # 1-10000 milliseconds | |
228 | #wal_writer_flush_after = 1MB # measured in pages, 0 disables |
|
228 | #wal_writer_flush_after = 1MB # measured in pages, 0 disables | |
229 | #wal_skip_threshold = 2MB |
|
229 | #wal_skip_threshold = 2MB | |
230 |
|
230 | |||
231 | #commit_delay = 0 # range 0-100000, in microseconds |
|
231 | #commit_delay = 0 # range 0-100000, in microseconds | |
232 | #commit_siblings = 5 # range 1-1000 |
|
232 | #commit_siblings = 5 # range 1-1000 | |
233 |
|
233 | |||
234 | # - Checkpoints - |
|
234 | # - Checkpoints - | |
235 |
|
235 | |||
236 | #checkpoint_timeout = 5min # range 30s-1d |
|
236 | #checkpoint_timeout = 5min # range 30s-1d | |
237 | #checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0 |
|
237 | #checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0 | |
238 | #checkpoint_flush_after = 0 # measured in pages, 0 disables |
|
238 | #checkpoint_flush_after = 0 # measured in pages, 0 disables | |
239 | #checkpoint_warning = 30s # 0 disables |
|
239 | #checkpoint_warning = 30s # 0 disables | |
240 | #max_wal_size = 1GB |
|
240 | #max_wal_size = 1GB | |
241 | #min_wal_size = 80MB |
|
241 | #min_wal_size = 80MB | |
242 |
|
242 | |||
243 | # - Archiving - |
|
243 | # - Archiving - | |
244 |
|
244 | |||
245 | #archive_mode = off # enables archiving; off, on, or always |
|
245 | #archive_mode = off # enables archiving; off, on, or always | |
246 | # (change requires restart) |
|
246 | # (change requires restart) | |
247 | #archive_command = '' # command to use to archive a logfile segment |
|
247 | #archive_command = '' # command to use to archive a logfile segment | |
248 | # placeholders: %p = path of file to archive |
|
248 | # placeholders: %p = path of file to archive | |
249 | # %f = file name only |
|
249 | # %f = file name only | |
250 | # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' |
|
250 | # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' | |
251 | #archive_timeout = 0 # force a logfile segment switch after this |
|
251 | #archive_timeout = 0 # force a logfile segment switch after this | |
252 | # number of seconds; 0 disables |
|
252 | # number of seconds; 0 disables | |
253 |
|
253 | |||
254 | # - Archive Recovery - |
|
254 | # - Archive Recovery - | |
255 |
|
255 | |||
256 | # These are only used in recovery mode. |
|
256 | # These are only used in recovery mode. | |
257 |
|
257 | |||
258 | #restore_command = '' # command to use to restore an archived logfile segment |
|
258 | #restore_command = '' # command to use to restore an archived logfile segment | |
259 | # placeholders: %p = path of file to restore |
|
259 | # placeholders: %p = path of file to restore | |
260 | # %f = file name only |
|
260 | # %f = file name only | |
261 | # e.g. 'cp /mnt/server/archivedir/%f %p' |
|
261 | # e.g. 'cp /mnt/server/archivedir/%f %p' | |
262 | #archive_cleanup_command = '' # command to execute at every restartpoint |
|
262 | #archive_cleanup_command = '' # command to execute at every restartpoint | |
263 | #recovery_end_command = '' # command to execute at completion of recovery |
|
263 | #recovery_end_command = '' # command to execute at completion of recovery | |
264 |
|
264 | |||
265 | # - Recovery Target - |
|
265 | # - Recovery Target - | |
266 |
|
266 | |||
267 | # Set these only when performing a targeted recovery. |
|
267 | # Set these only when performing a targeted recovery. | |
268 |
|
268 | |||
269 | #recovery_target = '' # 'immediate' to end recovery as soon as a |
|
269 | #recovery_target = '' # 'immediate' to end recovery as soon as a | |
270 | # consistent state is reached |
|
270 | # consistent state is reached | |
271 | # (change requires restart) |
|
271 | # (change requires restart) | |
272 | #recovery_target_name = '' # the named restore point to which recovery will proceed |
|
272 | #recovery_target_name = '' # the named restore point to which recovery will proceed | |
273 | # (change requires restart) |
|
273 | # (change requires restart) | |
274 | #recovery_target_time = '' # the time stamp up to which recovery will proceed |
|
274 | #recovery_target_time = '' # the time stamp up to which recovery will proceed | |
275 | # (change requires restart) |
|
275 | # (change requires restart) | |
276 | #recovery_target_xid = '' # the transaction ID up to which recovery will proceed |
|
276 | #recovery_target_xid = '' # the transaction ID up to which recovery will proceed | |
277 | # (change requires restart) |
|
277 | # (change requires restart) | |
278 | #recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed |
|
278 | #recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed | |
279 | # (change requires restart) |
|
279 | # (change requires restart) | |
280 | #recovery_target_inclusive = on # Specifies whether to stop: |
|
280 | #recovery_target_inclusive = on # Specifies whether to stop: | |
281 | # just after the specified recovery target (on) |
|
281 | # just after the specified recovery target (on) | |
282 | # just before the recovery target (off) |
|
282 | # just before the recovery target (off) | |
283 | # (change requires restart) |
|
283 | # (change requires restart) | |
284 | #recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID |
|
284 | #recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID | |
285 | # (change requires restart) |
|
285 | # (change requires restart) | |
286 | #recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' |
|
286 | #recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' | |
287 | # (change requires restart) |
|
287 | # (change requires restart) | |
288 |
|
288 | |||
289 |
|
289 | |||
290 | #------------------------------------------------------------------------------ |
|
290 | #------------------------------------------------------------------------------ | |
291 | # REPLICATION |
|
291 | # REPLICATION | |
292 | #------------------------------------------------------------------------------ |
|
292 | #------------------------------------------------------------------------------ | |
293 |
|
293 | |||
294 | # - Sending Servers - |
|
294 | # - Sending Servers - | |
295 |
|
295 | |||
296 | # Set these on the primary and on any standby that will send replication data. |
|
296 | # Set these on the primary and on any standby that will send replication data. | |
297 |
|
297 | |||
298 | #max_wal_senders = 10 # max number of walsender processes |
|
298 | #max_wal_senders = 10 # max number of walsender processes | |
299 | # (change requires restart) |
|
299 | # (change requires restart) | |
300 | #max_replication_slots = 10 # max number of replication slots |
|
300 | #max_replication_slots = 10 # max number of replication slots | |
301 | # (change requires restart) |
|
301 | # (change requires restart) | |
302 | #wal_keep_size = 0 # in megabytes; 0 disables |
|
302 | #wal_keep_size = 0 # in megabytes; 0 disables | |
303 | #max_slot_wal_keep_size = -1 # in megabytes; -1 disables |
|
303 | #max_slot_wal_keep_size = -1 # in megabytes; -1 disables | |
304 | #wal_sender_timeout = 60s # in milliseconds; 0 disables |
|
304 | #wal_sender_timeout = 60s # in milliseconds; 0 disables | |
305 | #track_commit_timestamp = off # collect timestamp of transaction commit |
|
305 | #track_commit_timestamp = off # collect timestamp of transaction commit | |
306 | # (change requires restart) |
|
306 | # (change requires restart) | |
307 |
|
307 | |||
308 | # - Primary Server - |
|
308 | # - Primary Server - | |
309 |
|
309 | |||
310 | # These settings are ignored on a standby server. |
|
310 | # These settings are ignored on a standby server. | |
311 |
|
311 | |||
312 | #synchronous_standby_names = '' # standby servers that provide sync rep |
|
312 | #synchronous_standby_names = '' # standby servers that provide sync rep | |
313 | # method to choose sync standbys, number of sync standbys, |
|
313 | # method to choose sync standbys, number of sync standbys, | |
314 | # and comma-separated list of application_name |
|
314 | # and comma-separated list of application_name | |
315 | # from standby(s); '*' = all |
|
315 | # from standby(s); '*' = all | |
316 | #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed |
|
316 | #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed | |
317 |
|
317 | |||
318 | # - Standby Servers - |
|
318 | # - Standby Servers - | |
319 |
|
319 | |||
320 | # These settings are ignored on a primary server. |
|
320 | # These settings are ignored on a primary server. | |
321 |
|
321 | |||
322 | #primary_conninfo = '' # connection string to sending server |
|
322 | #primary_conninfo = '' # connection string to sending server | |
323 | #primary_slot_name = '' # replication slot on sending server |
|
323 | #primary_slot_name = '' # replication slot on sending server | |
324 | #promote_trigger_file = '' # file name whose presence ends recovery |
|
324 | #promote_trigger_file = '' # file name whose presence ends recovery | |
325 | #hot_standby = on # "off" disallows queries during recovery |
|
325 | #hot_standby = on # "off" disallows queries during recovery | |
326 | # (change requires restart) |
|
326 | # (change requires restart) | |
327 | #max_standby_archive_delay = 30s # max delay before canceling queries |
|
327 | #max_standby_archive_delay = 30s # max delay before canceling queries | |
328 | # when reading WAL from archive; |
|
328 | # when reading WAL from archive; | |
329 | # -1 allows indefinite delay |
|
329 | # -1 allows indefinite delay | |
330 | #max_standby_streaming_delay = 30s # max delay before canceling queries |
|
330 | #max_standby_streaming_delay = 30s # max delay before canceling queries | |
331 | # when reading streaming WAL; |
|
331 | # when reading streaming WAL; | |
332 | # -1 allows indefinite delay |
|
332 | # -1 allows indefinite delay | |
333 | #wal_receiver_create_temp_slot = off # create temp slot if primary_slot_name |
|
333 | #wal_receiver_create_temp_slot = off # create temp slot if primary_slot_name | |
334 | # is not set |
|
334 | # is not set | |
335 | #wal_receiver_status_interval = 10s # send replies at least this often |
|
335 | #wal_receiver_status_interval = 10s # send replies at least this often | |
336 | # 0 disables |
|
336 | # 0 disables | |
337 | #hot_standby_feedback = off # send info from standby to prevent |
|
337 | #hot_standby_feedback = off # send info from standby to prevent | |
338 | # query conflicts |
|
338 | # query conflicts | |
339 | #wal_receiver_timeout = 60s # time that receiver waits for |
|
339 | #wal_receiver_timeout = 60s # time that receiver waits for | |
340 | # communication from primary |
|
340 | # communication from primary | |
341 | # in milliseconds; 0 disables |
|
341 | # in milliseconds; 0 disables | |
342 | #wal_retrieve_retry_interval = 5s # time to wait before retrying to |
|
342 | #wal_retrieve_retry_interval = 5s # time to wait before retrying to | |
343 | # retrieve WAL after a failed attempt |
|
343 | # retrieve WAL after a failed attempt | |
344 | #recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery |
|
344 | #recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery | |
345 |
|
345 | |||
346 | # - Subscribers - |
|
346 | # - Subscribers - | |
347 |
|
347 | |||
348 | # These settings are ignored on a publisher. |
|
348 | # These settings are ignored on a publisher. | |
349 |
|
349 | |||
350 | #max_logical_replication_workers = 4 # taken from max_worker_processes |
|
350 | #max_logical_replication_workers = 4 # taken from max_worker_processes | |
351 | # (change requires restart) |
|
351 | # (change requires restart) | |
352 | #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers |
|
352 | #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers | |
353 |
|
353 | |||
354 |
|
354 | |||
355 | #------------------------------------------------------------------------------ |
|
355 | #------------------------------------------------------------------------------ | |
356 | # QUERY TUNING |
|
356 | # QUERY TUNING | |
357 | #------------------------------------------------------------------------------ |
|
357 | #------------------------------------------------------------------------------ | |
358 |
|
358 | |||
359 | # - Planner Method Configuration - |
|
359 | # - Planner Method Configuration - | |
360 |
|
360 | |||
361 | #enable_async_append = on |
|
361 | #enable_async_append = on | |
362 | #enable_bitmapscan = on |
|
362 | #enable_bitmapscan = on | |
363 | #enable_gathermerge = on |
|
363 | #enable_gathermerge = on | |
364 | #enable_hashagg = on |
|
364 | #enable_hashagg = on | |
365 | #enable_hashjoin = on |
|
365 | #enable_hashjoin = on | |
366 | #enable_incremental_sort = on |
|
366 | #enable_incremental_sort = on | |
367 | #enable_indexscan = on |
|
367 | #enable_indexscan = on | |
368 | #enable_indexonlyscan = on |
|
368 | #enable_indexonlyscan = on | |
369 | #enable_material = on |
|
369 | #enable_material = on | |
370 | #enable_memoize = on |
|
370 | #enable_memoize = on | |
371 | #enable_mergejoin = on |
|
371 | #enable_mergejoin = on | |
372 | #enable_nestloop = on |
|
372 | #enable_nestloop = on | |
373 | #enable_parallel_append = on |
|
373 | #enable_parallel_append = on | |
374 | #enable_parallel_hash = on |
|
374 | #enable_parallel_hash = on | |
375 | #enable_partition_pruning = on |
|
375 | #enable_partition_pruning = on | |
376 | #enable_partitionwise_join = off |
|
376 | #enable_partitionwise_join = off | |
377 | #enable_partitionwise_aggregate = off |
|
377 | #enable_partitionwise_aggregate = off | |
378 | #enable_seqscan = on |
|
378 | #enable_seqscan = on | |
379 | #enable_sort = on |
|
379 | #enable_sort = on | |
380 | #enable_tidscan = on |
|
380 | #enable_tidscan = on | |
381 |
|
381 | |||
382 | # - Planner Cost Constants - |
|
382 | # - Planner Cost Constants - | |
383 |
|
383 | |||
384 | #seq_page_cost = 1.0 # measured on an arbitrary scale |
|
384 | #seq_page_cost = 1.0 # measured on an arbitrary scale | |
385 | #random_page_cost = 4.0 # same scale as above |
|
385 | #random_page_cost = 4.0 # same scale as above | |
386 | #cpu_tuple_cost = 0.01 # same scale as above |
|
386 | #cpu_tuple_cost = 0.01 # same scale as above | |
387 | #cpu_index_tuple_cost = 0.005 # same scale as above |
|
387 | #cpu_index_tuple_cost = 0.005 # same scale as above | |
388 | #cpu_operator_cost = 0.0025 # same scale as above |
|
388 | #cpu_operator_cost = 0.0025 # same scale as above | |
389 | #parallel_setup_cost = 1000.0 # same scale as above |
|
389 | #parallel_setup_cost = 1000.0 # same scale as above | |
390 | #parallel_tuple_cost = 0.1 # same scale as above |
|
390 | #parallel_tuple_cost = 0.1 # same scale as above | |
391 | #min_parallel_table_scan_size = 8MB |
|
391 | #min_parallel_table_scan_size = 8MB | |
392 | #min_parallel_index_scan_size = 512kB |
|
392 | #min_parallel_index_scan_size = 512kB | |
393 | #effective_cache_size = 4GB |
|
393 | #effective_cache_size = 4GB | |
394 |
|
394 | |||
395 | #jit_above_cost = 100000 # perform JIT compilation if available |
|
395 | #jit_above_cost = 100000 # perform JIT compilation if available | |
396 | # and query more expensive than this; |
|
396 | # and query more expensive than this; | |
397 | # -1 disables |
|
397 | # -1 disables | |
398 | #jit_inline_above_cost = 500000 # inline small functions if query is |
|
398 | #jit_inline_above_cost = 500000 # inline small functions if query is | |
399 | # more expensive than this; -1 disables |
|
399 | # more expensive than this; -1 disables | |
400 | #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if |
|
400 | #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if | |
401 | # query is more expensive than this; |
|
401 | # query is more expensive than this; | |
402 | # -1 disables |
|
402 | # -1 disables | |
403 |
|
403 | |||
404 | # - Genetic Query Optimizer - |
|
404 | # - Genetic Query Optimizer - | |
405 |
|
405 | |||
406 | #geqo = on |
|
406 | #geqo = on | |
407 | #geqo_threshold = 12 |
|
407 | #geqo_threshold = 12 | |
408 | #geqo_effort = 5 # range 1-10 |
|
408 | #geqo_effort = 5 # range 1-10 | |
409 | #geqo_pool_size = 0 # selects default based on effort |
|
409 | #geqo_pool_size = 0 # selects default based on effort | |
410 | #geqo_generations = 0 # selects default based on effort |
|
410 | #geqo_generations = 0 # selects default based on effort | |
411 | #geqo_selection_bias = 2.0 # range 1.5-2.0 |
|
411 | #geqo_selection_bias = 2.0 # range 1.5-2.0 | |
412 | #geqo_seed = 0.0 # range 0.0-1.0 |
|
412 | #geqo_seed = 0.0 # range 0.0-1.0 | |
413 |
|
413 | |||
414 | # - Other Planner Options - |
|
414 | # - Other Planner Options - | |
415 |
|
415 | |||
416 | #default_statistics_target = 100 # range 1-10000 |
|
416 | #default_statistics_target = 100 # range 1-10000 | |
417 | #constraint_exclusion = partition # on, off, or partition |
|
417 | #constraint_exclusion = partition # on, off, or partition | |
418 | #cursor_tuple_fraction = 0.1 # range 0.0-1.0 |
|
418 | #cursor_tuple_fraction = 0.1 # range 0.0-1.0 | |
419 | #from_collapse_limit = 8 |
|
419 | #from_collapse_limit = 8 | |
420 | #jit = on # allow JIT compilation |
|
420 | #jit = on # allow JIT compilation | |
421 | #join_collapse_limit = 8 # 1 disables collapsing of explicit |
|
421 | #join_collapse_limit = 8 # 1 disables collapsing of explicit | |
422 | # JOIN clauses |
|
422 | # JOIN clauses | |
423 | #plan_cache_mode = auto # auto, force_generic_plan or |
|
423 | #plan_cache_mode = auto # auto, force_generic_plan or | |
424 | # force_custom_plan |
|
424 | # force_custom_plan | |
425 |
|
425 | |||
426 |
|
426 | |||
427 | #------------------------------------------------------------------------------ |
|
427 | #------------------------------------------------------------------------------ | |
428 | # REPORTING AND LOGGING |
|
428 | # REPORTING AND LOGGING | |
429 | #------------------------------------------------------------------------------ |
|
429 | #------------------------------------------------------------------------------ | |
430 |
|
430 | |||
431 | # - Where to Log - |
|
431 | # - Where to Log - | |
432 |
|
432 | |||
433 |
|
|
433 | log_destination = 'stderr' # Valid values are combinations of | |
434 | # stderr, csvlog, syslog, and eventlog, |
|
434 | # stderr, csvlog, syslog, and eventlog, | |
435 | # depending on platform. csvlog |
|
435 | # depending on platform. csvlog | |
436 | # requires logging_collector to be on. |
|
436 | # requires logging_collector to be on. | |
437 |
|
437 | |||
438 | # This is used when logging to stderr: |
|
438 | # This is used when logging to stderr: | |
439 |
|
|
439 | logging_collector = on # Enable capturing of stderr and csvlog | |
440 | # into log files. Required to be on for |
|
440 | # into log files. Required to be on for | |
441 | # csvlogs. |
|
441 | # csvlogs. | |
442 | # (change requires restart) |
|
442 | # (change requires restart) | |
443 |
|
443 | |||
444 | # These are only used if logging_collector is on: |
|
444 | # These are only used if logging_collector is on: | |
445 |
|
|
445 | log_directory = '/var/log/rhodecode/postgres' # directory where log files are written, | |
446 | # can be absolute or relative to PGDATA |
|
446 | # can be absolute or relative to PGDATA | |
447 |
|
|
447 | log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, | |
448 | # can include strftime() escapes |
|
448 | # can include strftime() escapes | |
449 | #log_file_mode = 0600 # creation mode for log files, |
|
449 | #log_file_mode = 0600 # creation mode for log files, | |
450 | # begin with 0 to use octal notation |
|
450 | # begin with 0 to use octal notation | |
451 | #log_rotation_age = 1d # Automatic rotation of logfiles will |
|
451 | #log_rotation_age = 1d # Automatic rotation of logfiles will | |
452 | # happen after that time. 0 disables. |
|
452 | # happen after that time. 0 disables. | |
453 |
|
|
453 | log_rotation_size = 512MB # Automatic rotation of logfiles will | |
454 | # happen after that much log output. |
|
454 | # happen after that much log output. | |
455 | # 0 disables. |
|
455 | # 0 disables. | |
456 | #log_truncate_on_rotation = off # If on, an existing log file with the |
|
456 | #log_truncate_on_rotation = off # If on, an existing log file with the | |
457 | # same name as the new log file will be |
|
457 | # same name as the new log file will be | |
458 | # truncated rather than appended to. |
|
458 | # truncated rather than appended to. | |
459 | # But such truncation only occurs on |
|
459 | # But such truncation only occurs on | |
460 | # time-driven rotation, not on restarts |
|
460 | # time-driven rotation, not on restarts | |
461 | # or size-driven rotation. Default is |
|
461 | # or size-driven rotation. Default is | |
462 | # off, meaning append to existing files |
|
462 | # off, meaning append to existing files | |
463 | # in all cases. |
|
463 | # in all cases. | |
464 |
|
464 | |||
465 | # These are relevant when logging to syslog: |
|
465 | # These are relevant when logging to syslog: | |
466 | #syslog_facility = 'LOCAL0' |
|
466 | #syslog_facility = 'LOCAL0' | |
467 | #syslog_ident = 'postgres' |
|
467 | #syslog_ident = 'postgres' | |
468 | #syslog_sequence_numbers = on |
|
468 | #syslog_sequence_numbers = on | |
469 | #syslog_split_messages = on |
|
469 | #syslog_split_messages = on | |
470 |
|
470 | |||
471 | # This is only relevant when logging to eventlog (Windows): |
|
471 | # This is only relevant when logging to eventlog (Windows): | |
472 | # (change requires restart) |
|
472 | # (change requires restart) | |
473 | #event_source = 'PostgreSQL' |
|
473 | #event_source = 'PostgreSQL' | |
474 |
|
474 | |||
475 | # - When to Log - |
|
475 | # - When to Log - | |
476 |
|
476 | |||
477 | #log_min_messages = warning # values in order of decreasing detail: |
|
477 | #log_min_messages = warning # values in order of decreasing detail: | |
478 | # debug5 |
|
478 | # debug5 | |
479 | # debug4 |
|
479 | # debug4 | |
480 | # debug3 |
|
480 | # debug3 | |
481 | # debug2 |
|
481 | # debug2 | |
482 | # debug1 |
|
482 | # debug1 | |
483 | # info |
|
483 | # info | |
484 | # notice |
|
484 | # notice | |
485 | # warning |
|
485 | # warning | |
486 | # error |
|
486 | # error | |
487 | # log |
|
487 | # log | |
488 | # fatal |
|
488 | # fatal | |
489 | # panic |
|
489 | # panic | |
490 |
|
490 | |||
491 | #log_min_error_statement = error # values in order of decreasing detail: |
|
491 | #log_min_error_statement = error # values in order of decreasing detail: | |
492 | # debug5 |
|
492 | # debug5 | |
493 | # debug4 |
|
493 | # debug4 | |
494 | # debug3 |
|
494 | # debug3 | |
495 | # debug2 |
|
495 | # debug2 | |
496 | # debug1 |
|
496 | # debug1 | |
497 | # info |
|
497 | # info | |
498 | # notice |
|
498 | # notice | |
499 | # warning |
|
499 | # warning | |
500 | # error |
|
500 | # error | |
501 | # log |
|
501 | # log | |
502 | # fatal |
|
502 | # fatal | |
503 | # panic (effectively off) |
|
503 | # panic (effectively off) | |
504 |
|
504 | |||
505 |
|
|
505 | log_min_duration_statement = 1000 # -1 is disabled, 0 logs all statements | |
506 | # and their durations, > 0 logs only |
|
506 | # and their durations, > 0 logs only | |
507 | # statements running at least this number |
|
507 | # statements running at least this number | |
508 | # of milliseconds |
|
508 | # of milliseconds | |
509 |
|
509 | |||
510 | #log_min_duration_sample = -1 # -1 is disabled, 0 logs a sample of statements |
|
510 | #log_min_duration_sample = -1 # -1 is disabled, 0 logs a sample of statements | |
511 | # and their durations, > 0 logs only a sample of |
|
511 | # and their durations, > 0 logs only a sample of | |
512 | # statements running at least this number |
|
512 | # statements running at least this number | |
513 | # of milliseconds; |
|
513 | # of milliseconds; | |
514 | # sample fraction is determined by log_statement_sample_rate |
|
514 | # sample fraction is determined by log_statement_sample_rate | |
515 |
|
515 | |||
516 | #log_statement_sample_rate = 1.0 # fraction of logged statements exceeding |
|
516 | #log_statement_sample_rate = 1.0 # fraction of logged statements exceeding | |
517 | # log_min_duration_sample to be logged; |
|
517 | # log_min_duration_sample to be logged; | |
518 | # 1.0 logs all such statements, 0.0 never logs |
|
518 | # 1.0 logs all such statements, 0.0 never logs | |
519 |
|
519 | |||
520 |
|
520 | |||
521 | #log_transaction_sample_rate = 0.0 # fraction of transactions whose statements |
|
521 | #log_transaction_sample_rate = 0.0 # fraction of transactions whose statements | |
522 | # are logged regardless of their duration; 1.0 logs all |
|
522 | # are logged regardless of their duration; 1.0 logs all | |
523 | # statements from all transactions, 0.0 never logs |
|
523 | # statements from all transactions, 0.0 never logs | |
524 |
|
524 | |||
525 | # - What to Log - |
|
525 | # - What to Log - | |
526 |
|
526 | |||
527 | #debug_print_parse = off |
|
527 | #debug_print_parse = off | |
528 | #debug_print_rewritten = off |
|
528 | #debug_print_rewritten = off | |
529 | #debug_print_plan = off |
|
529 | #debug_print_plan = off | |
530 | #debug_pretty_print = on |
|
530 | #debug_pretty_print = on | |
531 | #log_autovacuum_min_duration = -1 # log autovacuum activity; |
|
531 | #log_autovacuum_min_duration = -1 # log autovacuum activity; | |
532 | # -1 disables, 0 logs all actions and |
|
532 | # -1 disables, 0 logs all actions and | |
533 | # their durations, > 0 logs only |
|
533 | # their durations, > 0 logs only | |
534 | # actions running at least this number |
|
534 | # actions running at least this number | |
535 | # of milliseconds. |
|
535 | # of milliseconds. | |
536 | #log_checkpoints = off |
|
536 | #log_checkpoints = off | |
537 | #log_connections = off |
|
537 | #log_connections = off | |
538 | #log_disconnections = off |
|
538 | #log_disconnections = off | |
539 | #log_duration = off |
|
539 | #log_duration = off | |
540 | #log_error_verbosity = default # terse, default, or verbose messages |
|
540 | #log_error_verbosity = default # terse, default, or verbose messages | |
541 | #log_hostname = off |
|
541 | #log_hostname = off | |
542 | #log_line_prefix = '%m [%p] ' # special values: |
|
542 | #log_line_prefix = '%m [%p] ' # special values: | |
543 | # %a = application name |
|
543 | # %a = application name | |
544 | # %u = user name |
|
544 | # %u = user name | |
545 | # %d = database name |
|
545 | # %d = database name | |
546 | # %r = remote host and port |
|
546 | # %r = remote host and port | |
547 | # %h = remote host |
|
547 | # %h = remote host | |
548 | # %b = backend type |
|
548 | # %b = backend type | |
549 | # %p = process ID |
|
549 | # %p = process ID | |
550 | # %P = process ID of parallel group leader |
|
550 | # %P = process ID of parallel group leader | |
551 | # %t = timestamp without milliseconds |
|
551 | # %t = timestamp without milliseconds | |
552 | # %m = timestamp with milliseconds |
|
552 | # %m = timestamp with milliseconds | |
553 | # %n = timestamp with milliseconds (as a Unix epoch) |
|
553 | # %n = timestamp with milliseconds (as a Unix epoch) | |
554 | # %Q = query ID (0 if none or not computed) |
|
554 | # %Q = query ID (0 if none or not computed) | |
555 | # %i = command tag |
|
555 | # %i = command tag | |
556 | # %e = SQL state |
|
556 | # %e = SQL state | |
557 | # %c = session ID |
|
557 | # %c = session ID | |
558 | # %l = session line number |
|
558 | # %l = session line number | |
559 | # %s = session start timestamp |
|
559 | # %s = session start timestamp | |
560 | # %v = virtual transaction ID |
|
560 | # %v = virtual transaction ID | |
561 | # %x = transaction ID (0 if none) |
|
561 | # %x = transaction ID (0 if none) | |
562 | # %q = stop here in non-session |
|
562 | # %q = stop here in non-session | |
563 | # processes |
|
563 | # processes | |
564 | # %% = '%' |
|
564 | # %% = '%' | |
565 | # e.g. '<%u%%%d> ' |
|
565 | # e.g. '<%u%%%d> ' | |
566 | #log_lock_waits = off # log lock waits >= deadlock_timeout |
|
566 | #log_lock_waits = off # log lock waits >= deadlock_timeout | |
567 | #log_recovery_conflict_waits = off # log standby recovery conflict waits |
|
567 | #log_recovery_conflict_waits = off # log standby recovery conflict waits | |
568 | # >= deadlock_timeout |
|
568 | # >= deadlock_timeout | |
569 | #log_parameter_max_length = -1 # when logging statements, limit logged |
|
569 | #log_parameter_max_length = -1 # when logging statements, limit logged | |
570 | # bind-parameter values to N bytes; |
|
570 | # bind-parameter values to N bytes; | |
571 | # -1 means print in full, 0 disables |
|
571 | # -1 means print in full, 0 disables | |
572 | #log_parameter_max_length_on_error = 0 # when logging an error, limit logged |
|
572 | #log_parameter_max_length_on_error = 0 # when logging an error, limit logged | |
573 | # bind-parameter values to N bytes; |
|
573 | # bind-parameter values to N bytes; | |
574 | # -1 means print in full, 0 disables |
|
574 | # -1 means print in full, 0 disables | |
575 | #log_statement = 'none' # none, ddl, mod, all |
|
575 | #log_statement = 'none' # none, ddl, mod, all | |
576 | #log_replication_commands = off |
|
576 | #log_replication_commands = off | |
577 | #log_temp_files = -1 # log temporary files equal or larger |
|
577 | #log_temp_files = -1 # log temporary files equal or larger | |
578 | # than the specified size in kilobytes; |
|
578 | # than the specified size in kilobytes; | |
579 | # -1 disables, 0 logs all temp files |
|
579 | # -1 disables, 0 logs all temp files | |
580 | #log_timezone = 'GMT' |
|
580 | #log_timezone = 'GMT' | |
581 |
|
581 | |||
582 |
|
582 | |||
583 | #------------------------------------------------------------------------------ |
|
583 | #------------------------------------------------------------------------------ | |
584 | # PROCESS TITLE |
|
584 | # PROCESS TITLE | |
585 | #------------------------------------------------------------------------------ |
|
585 | #------------------------------------------------------------------------------ | |
586 |
|
586 | |||
587 | #cluster_name = '' # added to process titles if nonempty |
|
587 | #cluster_name = '' # added to process titles if nonempty | |
588 | # (change requires restart) |
|
588 | # (change requires restart) | |
589 | #update_process_title = on |
|
589 | #update_process_title = on | |
590 |
|
590 | |||
591 |
|
591 | |||
592 | #------------------------------------------------------------------------------ |
|
592 | #------------------------------------------------------------------------------ | |
593 | # STATISTICS |
|
593 | # STATISTICS | |
594 | #------------------------------------------------------------------------------ |
|
594 | #------------------------------------------------------------------------------ | |
595 |
|
595 | |||
596 | # - Query and Index Statistics Collector - |
|
596 | # - Query and Index Statistics Collector - | |
597 |
|
597 | |||
598 | #track_activities = on |
|
598 | #track_activities = on | |
599 | #track_activity_query_size = 1024 # (change requires restart) |
|
599 | #track_activity_query_size = 1024 # (change requires restart) | |
600 | #track_counts = on |
|
600 | #track_counts = on | |
601 | #track_io_timing = off |
|
601 | #track_io_timing = off | |
602 | #track_wal_io_timing = off |
|
602 | #track_wal_io_timing = off | |
603 | #track_functions = none # none, pl, all |
|
603 | #track_functions = none # none, pl, all | |
604 | #stats_temp_directory = 'pg_stat_tmp' |
|
604 | #stats_temp_directory = 'pg_stat_tmp' | |
605 |
|
605 | |||
606 |
|
606 | |||
607 | # - Monitoring - |
|
607 | # - Monitoring - | |
608 |
|
608 | |||
609 | #compute_query_id = auto |
|
609 | #compute_query_id = auto | |
610 | #log_statement_stats = off |
|
610 | #log_statement_stats = off | |
611 | #log_parser_stats = off |
|
611 | #log_parser_stats = off | |
612 | #log_planner_stats = off |
|
612 | #log_planner_stats = off | |
613 | #log_executor_stats = off |
|
613 | #log_executor_stats = off | |
614 |
|
614 | |||
615 |
|
615 | |||
616 | #------------------------------------------------------------------------------ |
|
616 | #------------------------------------------------------------------------------ | |
617 | # AUTOVACUUM |
|
617 | # AUTOVACUUM | |
618 | #------------------------------------------------------------------------------ |
|
618 | #------------------------------------------------------------------------------ | |
619 |
|
619 | |||
620 | #autovacuum = on # Enable autovacuum subprocess? 'on' |
|
620 | #autovacuum = on # Enable autovacuum subprocess? 'on' | |
621 | # requires track_counts to also be on. |
|
621 | # requires track_counts to also be on. | |
622 | #autovacuum_max_workers = 3 # max number of autovacuum subprocesses |
|
622 | #autovacuum_max_workers = 3 # max number of autovacuum subprocesses | |
623 | # (change requires restart) |
|
623 | # (change requires restart) | |
624 | #autovacuum_naptime = 1min # time between autovacuum runs |
|
624 | #autovacuum_naptime = 1min # time between autovacuum runs | |
625 | #autovacuum_vacuum_threshold = 50 # min number of row updates before |
|
625 | #autovacuum_vacuum_threshold = 50 # min number of row updates before | |
626 | # vacuum |
|
626 | # vacuum | |
627 | #autovacuum_vacuum_insert_threshold = 1000 # min number of row inserts |
|
627 | #autovacuum_vacuum_insert_threshold = 1000 # min number of row inserts | |
628 | # before vacuum; -1 disables insert |
|
628 | # before vacuum; -1 disables insert | |
629 | # vacuums |
|
629 | # vacuums | |
630 | #autovacuum_analyze_threshold = 50 # min number of row updates before |
|
630 | #autovacuum_analyze_threshold = 50 # min number of row updates before | |
631 | # analyze |
|
631 | # analyze | |
632 | #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum |
|
632 | #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum | |
633 | #autovacuum_vacuum_insert_scale_factor = 0.2 # fraction of inserts over table |
|
633 | #autovacuum_vacuum_insert_scale_factor = 0.2 # fraction of inserts over table | |
634 | # size before insert vacuum |
|
634 | # size before insert vacuum | |
635 | #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze |
|
635 | #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze | |
636 | #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum |
|
636 | #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum | |
637 | # (change requires restart) |
|
637 | # (change requires restart) | |
638 | #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age |
|
638 | #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age | |
639 | # before forced vacuum |
|
639 | # before forced vacuum | |
640 | # (change requires restart) |
|
640 | # (change requires restart) | |
641 | #autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for |
|
641 | #autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for | |
642 | # autovacuum, in milliseconds; |
|
642 | # autovacuum, in milliseconds; | |
643 | # -1 means use vacuum_cost_delay |
|
643 | # -1 means use vacuum_cost_delay | |
644 | #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for |
|
644 | #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for | |
645 | # autovacuum, -1 means use |
|
645 | # autovacuum, -1 means use | |
646 | # vacuum_cost_limit |
|
646 | # vacuum_cost_limit | |
647 |
|
647 | |||
648 |
|
648 | |||
649 | #------------------------------------------------------------------------------ |
|
649 | #------------------------------------------------------------------------------ | |
650 | # CLIENT CONNECTION DEFAULTS |
|
650 | # CLIENT CONNECTION DEFAULTS | |
651 | #------------------------------------------------------------------------------ |
|
651 | #------------------------------------------------------------------------------ | |
652 |
|
652 | |||
653 | # - Statement Behavior - |
|
653 | # - Statement Behavior - | |
654 |
|
654 | |||
655 | #client_min_messages = notice # values in order of decreasing detail: |
|
655 | #client_min_messages = notice # values in order of decreasing detail: | |
656 | # debug5 |
|
656 | # debug5 | |
657 | # debug4 |
|
657 | # debug4 | |
658 | # debug3 |
|
658 | # debug3 | |
659 | # debug2 |
|
659 | # debug2 | |
660 | # debug1 |
|
660 | # debug1 | |
661 | # log |
|
661 | # log | |
662 | # notice |
|
662 | # notice | |
663 | # warning |
|
663 | # warning | |
664 | # error |
|
664 | # error | |
665 | #search_path = '"$user", public' # schema names |
|
665 | #search_path = '"$user", public' # schema names | |
666 | #row_security = on |
|
666 | #row_security = on | |
667 | #default_table_access_method = 'heap' |
|
667 | #default_table_access_method = 'heap' | |
668 | #default_tablespace = '' # a tablespace name, '' uses the default |
|
668 | #default_tablespace = '' # a tablespace name, '' uses the default | |
669 | #default_toast_compression = 'pglz' # 'pglz' or 'lz4' |
|
669 | #default_toast_compression = 'pglz' # 'pglz' or 'lz4' | |
670 | #temp_tablespaces = '' # a list of tablespace names, '' uses |
|
670 | #temp_tablespaces = '' # a list of tablespace names, '' uses | |
671 | # only default tablespace |
|
671 | # only default tablespace | |
672 | #check_function_bodies = on |
|
672 | #check_function_bodies = on | |
673 | #default_transaction_isolation = 'read committed' |
|
673 | #default_transaction_isolation = 'read committed' | |
674 | #default_transaction_read_only = off |
|
674 | #default_transaction_read_only = off | |
675 | #default_transaction_deferrable = off |
|
675 | #default_transaction_deferrable = off | |
676 | #session_replication_role = 'origin' |
|
676 | #session_replication_role = 'origin' | |
677 | #statement_timeout = 0 # in milliseconds, 0 is disabled |
|
677 | #statement_timeout = 0 # in milliseconds, 0 is disabled | |
678 | #lock_timeout = 0 # in milliseconds, 0 is disabled |
|
678 | #lock_timeout = 0 # in milliseconds, 0 is disabled | |
679 | #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled |
|
679 | #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled | |
680 | #idle_session_timeout = 0 # in milliseconds, 0 is disabled |
|
680 | #idle_session_timeout = 0 # in milliseconds, 0 is disabled | |
681 | #vacuum_freeze_table_age = 150000000 |
|
681 | #vacuum_freeze_table_age = 150000000 | |
682 | #vacuum_freeze_min_age = 50000000 |
|
682 | #vacuum_freeze_min_age = 50000000 | |
683 | #vacuum_failsafe_age = 1600000000 |
|
683 | #vacuum_failsafe_age = 1600000000 | |
684 | #vacuum_multixact_freeze_table_age = 150000000 |
|
684 | #vacuum_multixact_freeze_table_age = 150000000 | |
685 | #vacuum_multixact_freeze_min_age = 5000000 |
|
685 | #vacuum_multixact_freeze_min_age = 5000000 | |
686 | #vacuum_multixact_failsafe_age = 1600000000 |
|
686 | #vacuum_multixact_failsafe_age = 1600000000 | |
687 | #bytea_output = 'hex' # hex, escape |
|
687 | #bytea_output = 'hex' # hex, escape | |
688 | #xmlbinary = 'base64' |
|
688 | #xmlbinary = 'base64' | |
689 | #xmloption = 'content' |
|
689 | #xmloption = 'content' | |
690 | #gin_pending_list_limit = 4MB |
|
690 | #gin_pending_list_limit = 4MB | |
691 |
|
691 | |||
692 | # - Locale and Formatting - |
|
692 | # - Locale and Formatting - | |
693 |
|
693 | |||
694 | #datestyle = 'iso, mdy' |
|
694 | #datestyle = 'iso, mdy' | |
695 | #intervalstyle = 'postgres' |
|
695 | #intervalstyle = 'postgres' | |
696 | #timezone = 'GMT' |
|
696 | #timezone = 'GMT' | |
697 | #timezone_abbreviations = 'Default' # Select the set of available time zone |
|
697 | #timezone_abbreviations = 'Default' # Select the set of available time zone | |
698 | # abbreviations. Currently, there are |
|
698 | # abbreviations. Currently, there are | |
699 | # Default |
|
699 | # Default | |
700 | # Australia (historical usage) |
|
700 | # Australia (historical usage) | |
701 | # India |
|
701 | # India | |
702 | # You can create your own file in |
|
702 | # You can create your own file in | |
703 | # share/timezonesets/. |
|
703 | # share/timezonesets/. | |
704 | #extra_float_digits = 1 # min -15, max 3; any value >0 actually |
|
704 | #extra_float_digits = 1 # min -15, max 3; any value >0 actually | |
705 | # selects precise output mode |
|
705 | # selects precise output mode | |
706 | #client_encoding = sql_ascii # actually, defaults to database |
|
706 | #client_encoding = sql_ascii # actually, defaults to database | |
707 | # encoding |
|
707 | # encoding | |
708 |
|
708 | |||
709 | # These settings are initialized by initdb, but they can be changed. |
|
709 | # These settings are initialized by initdb, but they can be changed. | |
710 | #lc_messages = 'C' # locale for system error message |
|
710 | #lc_messages = 'C' # locale for system error message | |
711 | # strings |
|
711 | # strings | |
712 | #lc_monetary = 'C' # locale for monetary formatting |
|
712 | #lc_monetary = 'C' # locale for monetary formatting | |
713 | #lc_numeric = 'C' # locale for number formatting |
|
713 | #lc_numeric = 'C' # locale for number formatting | |
714 | #lc_time = 'C' # locale for time formatting |
|
714 | #lc_time = 'C' # locale for time formatting | |
715 |
|
715 | |||
716 | # default configuration for text search |
|
716 | # default configuration for text search | |
717 | #default_text_search_config = 'pg_catalog.simple' |
|
717 | #default_text_search_config = 'pg_catalog.simple' | |
718 |
|
718 | |||
719 | # - Shared Library Preloading - |
|
719 | # - Shared Library Preloading - | |
720 |
|
720 | |||
721 | #local_preload_libraries = '' |
|
721 | #local_preload_libraries = '' | |
722 | #session_preload_libraries = '' |
|
722 | #session_preload_libraries = '' | |
723 | #shared_preload_libraries = '' # (change requires restart) |
|
723 | #shared_preload_libraries = '' # (change requires restart) | |
724 | #jit_provider = 'llvmjit' # JIT library to use |
|
724 | #jit_provider = 'llvmjit' # JIT library to use | |
725 |
|
725 | |||
726 | # - Other Defaults - |
|
726 | # - Other Defaults - | |
727 |
|
727 | |||
728 | #dynamic_library_path = '$libdir' |
|
728 | #dynamic_library_path = '$libdir' | |
729 | #extension_destdir = '' # prepend path when loading extensions |
|
729 | #extension_destdir = '' # prepend path when loading extensions | |
730 | # and shared objects (added by Debian) |
|
730 | # and shared objects (added by Debian) | |
731 | #gin_fuzzy_search_limit = 0 |
|
731 | #gin_fuzzy_search_limit = 0 | |
732 |
|
732 | |||
733 |
|
733 | |||
734 | #------------------------------------------------------------------------------ |
|
734 | #------------------------------------------------------------------------------ | |
735 | # LOCK MANAGEMENT |
|
735 | # LOCK MANAGEMENT | |
736 | #------------------------------------------------------------------------------ |
|
736 | #------------------------------------------------------------------------------ | |
737 |
|
737 | |||
738 | #deadlock_timeout = 1s |
|
738 | #deadlock_timeout = 1s | |
739 | #max_locks_per_transaction = 64 # min 10 |
|
739 | #max_locks_per_transaction = 64 # min 10 | |
740 | # (change requires restart) |
|
740 | # (change requires restart) | |
741 | #max_pred_locks_per_transaction = 64 # min 10 |
|
741 | #max_pred_locks_per_transaction = 64 # min 10 | |
742 | # (change requires restart) |
|
742 | # (change requires restart) | |
743 | #max_pred_locks_per_relation = -2 # negative values mean |
|
743 | #max_pred_locks_per_relation = -2 # negative values mean | |
744 | # (max_pred_locks_per_transaction |
|
744 | # (max_pred_locks_per_transaction | |
745 | # / -max_pred_locks_per_relation) - 1 |
|
745 | # / -max_pred_locks_per_relation) - 1 | |
746 | #max_pred_locks_per_page = 2 # min 0 |
|
746 | #max_pred_locks_per_page = 2 # min 0 | |
747 |
|
747 | |||
748 |
|
748 | |||
749 | #------------------------------------------------------------------------------ |
|
749 | #------------------------------------------------------------------------------ | |
750 | # VERSION AND PLATFORM COMPATIBILITY |
|
750 | # VERSION AND PLATFORM COMPATIBILITY | |
751 | #------------------------------------------------------------------------------ |
|
751 | #------------------------------------------------------------------------------ | |
752 |
|
752 | |||
753 | # - Previous PostgreSQL Versions - |
|
753 | # - Previous PostgreSQL Versions - | |
754 |
|
754 | |||
755 | #array_nulls = on |
|
755 | #array_nulls = on | |
756 | #backslash_quote = safe_encoding # on, off, or safe_encoding |
|
756 | #backslash_quote = safe_encoding # on, off, or safe_encoding | |
757 | #escape_string_warning = on |
|
757 | #escape_string_warning = on | |
758 | #lo_compat_privileges = off |
|
758 | #lo_compat_privileges = off | |
759 | #quote_all_identifiers = off |
|
759 | #quote_all_identifiers = off | |
760 | #standard_conforming_strings = on |
|
760 | #standard_conforming_strings = on | |
761 | #synchronize_seqscans = on |
|
761 | #synchronize_seqscans = on | |
762 |
|
762 | |||
763 | # - Other Platforms and Clients - |
|
763 | # - Other Platforms and Clients - | |
764 |
|
764 | |||
765 | #transform_null_equals = off |
|
765 | #transform_null_equals = off | |
766 |
|
766 | |||
767 |
|
767 | |||
768 | #------------------------------------------------------------------------------ |
|
768 | #------------------------------------------------------------------------------ | |
769 | # ERROR HANDLING |
|
769 | # ERROR HANDLING | |
770 | #------------------------------------------------------------------------------ |
|
770 | #------------------------------------------------------------------------------ | |
771 |
|
771 | |||
772 | #exit_on_error = off # terminate session on any error? |
|
772 | #exit_on_error = off # terminate session on any error? | |
773 | #restart_after_crash = on # reinitialize after backend crash? |
|
773 | #restart_after_crash = on # reinitialize after backend crash? | |
774 | #data_sync_retry = off # retry or panic on failure to fsync |
|
774 | #data_sync_retry = off # retry or panic on failure to fsync | |
775 | # data? |
|
775 | # data? | |
776 | # (change requires restart) |
|
776 | # (change requires restart) | |
777 | #recovery_init_sync_method = fsync # fsync, syncfs (Linux 5.8+) |
|
777 | #recovery_init_sync_method = fsync # fsync, syncfs (Linux 5.8+) | |
778 |
|
778 | |||
779 |
|
779 | |||
780 | #------------------------------------------------------------------------------ |
|
780 | #------------------------------------------------------------------------------ | |
781 | # CONFIG FILE INCLUDES |
|
781 | # CONFIG FILE INCLUDES | |
782 | #------------------------------------------------------------------------------ |
|
782 | #------------------------------------------------------------------------------ | |
783 |
|
783 | |||
784 | # These options allow settings to be loaded from files other than the |
|
784 | # These options allow settings to be loaded from files other than the | |
785 | # default postgresql.conf. Note that these are directives, not variable |
|
785 | # default postgresql.conf. Note that these are directives, not variable | |
786 | # assignments, so they can usefully be given more than once. |
|
786 | # assignments, so they can usefully be given more than once. | |
787 |
|
787 | |||
788 | #include_dir = '...' # include files ending in '.conf' from |
|
788 | #include_dir = '...' # include files ending in '.conf' from | |
789 | # a directory, e.g., 'conf.d' |
|
789 | # a directory, e.g., 'conf.d' | |
790 | #include_if_exists = '...' # include file only if it exists |
|
790 | #include_if_exists = '...' # include file only if it exists | |
791 | #include = '...' # include file |
|
791 | #include = '...' # include file | |
792 |
|
792 | |||
793 |
|
793 | |||
794 | #------------------------------------------------------------------------------ |
|
794 | #------------------------------------------------------------------------------ | |
795 | # CUSTOMIZED OPTIONS |
|
795 | # CUSTOMIZED OPTIONS | |
796 | #------------------------------------------------------------------------------ |
|
796 | #------------------------------------------------------------------------------ | |
797 |
|
797 | |||
798 | # Add settings for extensions here |
|
798 | # Add settings for extensions here | |
799 |
|
799 | |||
800 | max_connections = 400 |
|
800 | max_connections = 400 | |
801 | shared_buffers = 1GB |
|
801 | shared_buffers = 1GB | |
802 | effective_cache_size = 3GB |
|
802 | effective_cache_size = 3GB | |
803 | work_mem = 2621kB |
|
803 | work_mem = 2621kB | |
804 | maintenance_work_mem = 256MB |
|
804 | maintenance_work_mem = 256MB | |
805 | checkpoint_completion_target = 0.9 |
|
805 | checkpoint_completion_target = 0.9 | |
806 | wal_buffers = 16MB |
|
806 | wal_buffers = 16MB | |
807 | default_statistics_target = 100 |
|
807 | default_statistics_target = 100 | |
808 | password_encryption = md5 |
|
808 | password_encryption = md5 |
@@ -1,114 +1,131 b'' | |||||
1 | # read more here http://tautt.com/best-nginx-configuration-for-security/ |
|
1 | # read more here http://tautt.com/best-nginx-configuration-for-security/ | |
2 |
|
2 | |||
3 | # config to don't allow the browser to render the page inside an frame or iframe |
|
3 | # config to don't allow the browser to render the page inside an frame or iframe | |
4 | # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking |
|
4 | # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking | |
5 | # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri |
|
5 | # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri | |
6 | # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options |
|
6 | # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options | |
7 | #add_header X-Frame-Options SAMEORIGIN; |
|
7 | #add_header X-Frame-Options SAMEORIGIN; | |
8 |
|
8 | |||
9 | # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, |
|
9 | # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, | |
10 | # to disable content-type sniffing on some browsers. |
|
10 | # to disable content-type sniffing on some browsers. | |
11 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers |
|
11 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers | |
12 | # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx |
|
12 | # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx | |
13 | # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx |
|
13 | # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx | |
14 | # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 |
|
14 | # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 | |
15 | #add_header X-Content-Type-Options nosniff; |
|
15 | #add_header X-Content-Type-Options nosniff; | |
16 |
|
16 | |||
17 | # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. |
|
17 | # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. | |
18 | # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for |
|
18 | # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for | |
19 | # this particular website if it was disabled by the user. |
|
19 | # this particular website if it was disabled by the user. | |
20 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers |
|
20 | # https://www.owasp.org/index.php/List_of_useful_HTTP_headers | |
21 | #add_header X-XSS-Protection "1; mode=block"; |
|
21 | #add_header X-XSS-Protection "1; mode=block"; | |
22 |
|
22 | |||
23 | # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy), |
|
23 | # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy), | |
24 | # you can tell the browser that it can only download content from the domains you explicitly allow |
|
24 | # you can tell the browser that it can only download content from the domains you explicitly allow | |
25 | # http://www.html5rocks.com/en/tutorials/security/content-security-policy/ |
|
25 | # http://www.html5rocks.com/en/tutorials/security/content-security-policy/ | |
26 | # https://www.owasp.org/index.php/Content_Security_Policy |
|
26 | # https://www.owasp.org/index.php/Content_Security_Policy | |
27 | # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval' |
|
27 | # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval' | |
28 | # directives for css and js(if you have inline css or js, you will need to keep it too). |
|
28 | # directives for css and js(if you have inline css or js, you will need to keep it too). | |
29 | # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful |
|
29 | # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful | |
30 | #add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; |
|
30 | #add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; | |
31 |
|
31 | |||
32 | ## rate limiter for certain pages to prevent brute force attacks |
|
32 | ## rate limiter for certain pages to prevent brute force attacks | |
33 | limit_req_zone $binary_remote_addr zone=http_req_limit:10m rate=1r/s; |
|
33 | limit_req_zone $binary_remote_addr zone=http_req_limit:10m rate=1r/s; | |
34 |
|
34 | |||
35 | ## custom log format |
|
35 | ## custom log format | |
36 | log_format http_log_custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time $pipe'; |
|
36 | log_format http_log_custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time $pipe'; | |
37 |
|
37 | |||
|
38 | log_format json_log_custom escape=json | |||
|
39 | '{' | |||
|
40 | '"source":"nginx",' | |||
|
41 | '"remote_user":"$remote_user",' | |||
|
42 | '"time_local":"$time_local",' | |||
|
43 | '"remote_addr":"$remote_addr",' | |||
|
44 | '"request":"$request",' | |||
|
45 | '"status": "$status",' | |||
|
46 | '"request_method": "$request_method",' | |||
|
47 | '"body_bytes_sent":"$body_bytes_sent",' | |||
|
48 | '"request_time":"$request_time",' | |||
|
49 | '"upstream_response_time":"$upstream_response_time",' | |||
|
50 | '"http_referrer":"$http_referer",' | |||
|
51 | '"http_user_agent":"$http_user_agent"' | |||
|
52 | '}'; | |||
|
53 | ||||
|
54 | ||||
38 | server { |
|
55 | server { | |
39 | listen 80 default; |
|
56 | listen 80 default; | |
40 | # ensure we get the proper Docker DNS resolver for load balancing. |
|
57 | # ensure we get the proper Docker DNS resolver for load balancing. | |
41 | resolver 127.0.0.11 ipv6=off; |
|
58 | resolver 127.0.0.11 ipv6=off; | |
42 | server_name localhost 127.0.0.1; |
|
59 | server_name localhost 127.0.0.1; | |
43 |
access_log /var/log/rhodecode/nginx/rhodecode.http.access.log |
|
60 | access_log /var/log/rhodecode/nginx/rhodecode.http.access.log json_log_custom; | |
44 | error_log /var/log/rhodecode/nginx/rhodecode.http.error.log; |
|
61 | error_log /var/log/rhodecode/nginx/rhodecode.http.error.log; | |
45 |
|
62 | |||
46 | # uncomment to redirect http traffic to https |
|
63 | # uncomment to redirect http traffic to https | |
47 | #return 301 https://$host$request_uri; |
|
64 | #return 301 https://$host$request_uri; | |
48 |
|
65 | |||
49 | client_body_buffer_size 128k; |
|
66 | client_body_buffer_size 128k; | |
50 | # maximum number and size of buffers for large headers to read from client request |
|
67 | # maximum number and size of buffers for large headers to read from client request | |
51 | large_client_header_buffers 16 256k; |
|
68 | large_client_header_buffers 16 256k; | |
52 |
|
69 | |||
53 | ## serve static files by nginx, recommended |
|
70 | ## serve static files by nginx, recommended | |
54 | location /_static/rhodecode { |
|
71 | location /_static/rhodecode { | |
55 | gzip on; |
|
72 | gzip on; | |
56 | gzip_min_length 500; |
|
73 | gzip_min_length 500; | |
57 | gzip_proxied any; |
|
74 | gzip_proxied any; | |
58 | gzip_comp_level 4; |
|
75 | gzip_comp_level 4; | |
59 | gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; |
|
76 | gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; | |
60 | gzip_vary on; |
|
77 | gzip_vary on; | |
61 | gzip_disable "msie6"; |
|
78 | gzip_disable "msie6"; | |
62 | expires 60d; |
|
79 | expires 60d; | |
63 |
|
80 | |||
64 | alias /var/opt/rhodecode_data/static; |
|
81 | alias /var/opt/rhodecode_data/static; | |
65 | } |
|
82 | } | |
66 |
|
83 | |||
67 | ## channelstream location handler, if channelstream live chat and notifications |
|
84 | ## channelstream location handler, if channelstream live chat and notifications | |
68 | ## are enable this will proxy the requests to channelstream websocket server |
|
85 | ## are enable this will proxy the requests to channelstream websocket server | |
69 | location /_channelstream { |
|
86 | location /_channelstream { | |
70 | rewrite /_channelstream/(.*) /$1 break; |
|
87 | rewrite /_channelstream/(.*) /$1 break; | |
71 | gzip off; |
|
88 | gzip off; | |
72 | tcp_nodelay off; |
|
89 | tcp_nodelay off; | |
73 |
|
90 | |||
74 | proxy_connect_timeout 10; |
|
91 | proxy_connect_timeout 10; | |
75 | proxy_send_timeout 10m; |
|
92 | proxy_send_timeout 10m; | |
76 | proxy_read_timeout 10m; |
|
93 | proxy_read_timeout 10m; | |
77 |
|
94 | |||
78 | proxy_set_header Host $host; |
|
95 | proxy_set_header Host $host; | |
79 | proxy_set_header X-Real-IP $remote_addr; |
|
96 | proxy_set_header X-Real-IP $remote_addr; | |
80 | proxy_set_header X-Url-Scheme $scheme; |
|
97 | proxy_set_header X-Url-Scheme $scheme; | |
81 | proxy_set_header X-Forwarded-Proto $scheme; |
|
98 | proxy_set_header X-Forwarded-Proto $scheme; | |
82 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
99 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
83 |
|
100 | |||
84 | proxy_http_version 1.1; |
|
101 | proxy_http_version 1.1; | |
85 | proxy_set_header Upgrade $http_upgrade; |
|
102 | proxy_set_header Upgrade $http_upgrade; | |
86 | proxy_set_header Connection "upgrade"; |
|
103 | proxy_set_header Connection "upgrade"; | |
87 |
|
104 | |||
88 | proxy_pass http://channelstream:9800; |
|
105 | proxy_pass http://channelstream:9800; | |
89 | } |
|
106 | } | |
90 |
|
107 | |||
91 | ## rate limit this endpoint to prevent login page brute-force attacks |
|
108 | ## rate limit this endpoint to prevent login page brute-force attacks | |
92 | location /_admin/login { |
|
109 | location /_admin/login { | |
93 | limit_req zone=http_req_limit burst=10 nodelay; |
|
110 | limit_req zone=http_req_limit burst=10 nodelay; | |
94 | try_files $uri @rhodecode_http; |
|
111 | try_files $uri @rhodecode_http; | |
95 | } |
|
112 | } | |
96 |
|
113 | |||
97 | location / { |
|
114 | location / { | |
98 | include /etc/nginx/proxy.conf; |
|
115 | include /etc/nginx/proxy.conf; | |
99 | try_files $uri @rhodecode_http; |
|
116 | try_files $uri @rhodecode_http; | |
100 | } |
|
117 | } | |
101 |
|
118 | |||
102 | location @rhodecode_http { |
|
119 | location @rhodecode_http { | |
103 | include /etc/nginx/proxy.conf; |
|
120 | include /etc/nginx/proxy.conf; | |
104 | proxy_pass http://rhodecode:10020; |
|
121 | proxy_pass http://rhodecode:10020; | |
105 | } |
|
122 | } | |
106 |
|
123 | |||
107 | ## Custom 502 error page. |
|
124 | ## Custom 502 error page. | |
108 | ## Will be displayed while RhodeCode server is turned off |
|
125 | ## Will be displayed while RhodeCode server is turned off | |
109 | error_page 502 /502.html; |
|
126 | error_page 502 /502.html; | |
110 | location = /502.html { |
|
127 | location = /502.html { | |
111 | root /var/opt/static; |
|
128 | root /var/opt/static; | |
112 | } |
|
129 | } | |
113 |
|
130 | |||
114 | } |
|
131 | } |
@@ -1,305 +1,305 b'' | |||||
1 |
FROM ubuntu: |
|
1 | FROM ubuntu:22.04 | |
2 |
# Using 2 |
|
2 | # Using 22.04 LTS Release | |
3 | MAINTAINER RhodeCode Inc. <support@rhodecode.com> |
|
3 | MAINTAINER RhodeCode Inc. <support@rhodecode.com> | |
4 |
|
4 | |||
5 | ARG TZ="UTC" |
|
5 | ARG TZ="UTC" | |
6 | ARG LOCALE_TYPE=en_US.UTF-8 |
|
6 | ARG LOCALE_TYPE=en_US.UTF-8 | |
7 | ARG RHODECODE_TYPE=Enterprise |
|
7 | ARG RHODECODE_TYPE=Enterprise | |
8 | # source-install |
|
8 | # source-install | |
9 | ARG RHODECODE_VERSION=4.26.0 |
|
9 | ARG RHODECODE_VERSION=4.26.0 | |
10 |
|
10 | |||
11 | ARG RHODECODE_DB=sqlite |
|
11 | ARG RHODECODE_DB=sqlite | |
12 | ARG RHODECODE_USER_NAME=admin |
|
12 | ARG RHODECODE_USER_NAME=admin | |
13 | ARG RHODECODE_USER_PASS=secret4 |
|
13 | ARG RHODECODE_USER_PASS=secret4 | |
14 | ARG RHODECODE_USER_EMAIL=support@rhodecode.com |
|
14 | ARG RHODECODE_USER_EMAIL=support@rhodecode.com | |
15 |
|
15 | |||
16 | # nix ver/channels |
|
16 | # nix ver/channels | |
17 | ARG DEV_NIX_VERSION=2.0.4 |
|
17 | ARG DEV_NIX_VERSION=2.0.4 | |
18 | ARG DEV_NIX_CHANNEL=nixos-18.03 |
|
18 | ARG DEV_NIX_CHANNEL=nixos-18.03 | |
19 |
|
19 | |||
20 | # env are runtime |
|
20 | # env are runtime | |
21 | ENV \ |
|
21 | ENV \ | |
22 | TZ=${TZ} \ |
|
22 | TZ=${TZ} \ | |
23 | LOCALE_TYPE=${LOCALE_TYPE} \ |
|
23 | LOCALE_TYPE=${LOCALE_TYPE} \ | |
24 | \ |
|
24 | \ | |
25 | ## Define type we build, and the instance we'll create |
|
25 | ## Define type we build, and the instance we'll create | |
26 | RHODECODE_TYPE=${RHODECODE_TYPE} \ |
|
26 | RHODECODE_TYPE=${RHODECODE_TYPE} \ | |
27 | RC_TYPE_ID=enterprise-1 \ |
|
27 | RC_TYPE_ID=enterprise-1 \ | |
28 | \ |
|
28 | \ | |
29 | ## SETUP ARGS FOR INSTALLATION ## |
|
29 | ## SETUP ARGS FOR INSTALLATION ## | |
30 | ## set version we build on, get from .env or set default ver |
|
30 | ## set version we build on, get from .env or set default ver | |
31 | RHODECODE_VERSION=${RHODECODE_VERSION} \ |
|
31 | RHODECODE_VERSION=${RHODECODE_VERSION} \ | |
32 | \ |
|
32 | \ | |
33 | ## set DB, default sqlite |
|
33 | ## set DB, default sqlite | |
34 | RHODECODE_DB=${RHODECODE_DB} \ |
|
34 | RHODECODE_DB=${RHODECODE_DB} \ | |
35 | \ |
|
35 | \ | |
36 | ## set app bootstrap required data |
|
36 | ## set app bootstrap required data | |
37 | RHODECODE_USER_NAME=${RHODECODE_USER_NAME} \ |
|
37 | RHODECODE_USER_NAME=${RHODECODE_USER_NAME} \ | |
38 | RHODECODE_USER_PASS=${RHODECODE_USER_PASS} \ |
|
38 | RHODECODE_USER_PASS=${RHODECODE_USER_PASS} \ | |
39 | RHODECODE_USER_EMAIL=${RHODECODE_USER_EMAIL} \ |
|
39 | RHODECODE_USER_EMAIL=${RHODECODE_USER_EMAIL} \ | |
40 | \ |
|
40 | \ | |
41 | RC_USER=rhodecode \ |
|
41 | RC_USER=rhodecode \ | |
42 | \ |
|
42 | \ | |
43 | # SVN CONFIG |
|
43 | # SVN CONFIG | |
44 | MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \ |
|
44 | MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \ | |
45 | MOD_DAV_SVN_PORT=8090 \ |
|
45 | MOD_DAV_SVN_PORT=8090 \ | |
46 | \ |
|
46 | \ | |
47 | # SSHD CONFIG |
|
47 | # SSHD CONFIG | |
48 | SSHD_CONF_FILE=/etc/rhodecode/sshd_config \ |
|
48 | SSHD_CONF_FILE=/etc/rhodecode/sshd_config \ | |
49 | \ |
|
49 | \ | |
50 | BUILD_CONF=/etc/rhodecode/conf_build \ |
|
50 | BUILD_CONF=/etc/rhodecode/conf_build \ | |
51 | BUILD_BIN_DIR=/var/opt/rhodecode_bin \ |
|
51 | BUILD_BIN_DIR=/var/opt/rhodecode_bin \ | |
52 | RHODECODE_DATA_DIR=/var/opt/rhodecode_data \ |
|
52 | RHODECODE_DATA_DIR=/var/opt/rhodecode_data \ | |
53 | RHODECODE_REPO_DIR=/var/opt/rhodecode_repo_store \ |
|
53 | RHODECODE_REPO_DIR=/var/opt/rhodecode_repo_store \ | |
54 | RHODECODE_HTTP_PORT=10020 \ |
|
54 | RHODECODE_HTTP_PORT=10020 \ | |
55 | RHODECODE_VCS_PORT=10010 \ |
|
55 | RHODECODE_VCS_PORT=10010 \ | |
56 | RHODECODE_HOST=0.0.0.0 \ |
|
56 | RHODECODE_HOST=0.0.0.0 \ | |
57 | RHODECODE_VCS_HOST=127.0.0.1 |
|
57 | RHODECODE_VCS_HOST=127.0.0.1 | |
58 |
|
58 | |||
59 | ENV \ |
|
59 | ENV \ | |
60 | RCCONTROL=/home/$RC_USER/.rccontrol-profile/bin/rccontrol \ |
|
60 | RCCONTROL=/home/$RC_USER/.rccontrol-profile/bin/rccontrol \ | |
61 | SUPERVISOR_CONF=/home/$RC_USER/.rccontrol/supervisor/supervisord.ini \ |
|
61 | SUPERVISOR_CONF=/home/$RC_USER/.rccontrol/supervisor/supervisord.ini \ | |
62 | # make application scripts visible |
|
62 | # make application scripts visible | |
63 | PATH=$PATH:/home/$RC_USER/.rccontrol-profile/bin |
|
63 | PATH=$PATH:/home/$RC_USER/.rccontrol-profile/bin | |
64 |
|
64 | |||
65 | ENV SVN_LOCALE_DEPS apache2 apache2-utils libapache2-mod-svn |
|
65 | ENV SVN_LOCALE_DEPS apache2 apache2-utils libapache2-mod-svn | |
66 | ENV SSH_LOCALE_DEPS openssh-server |
|
66 | ENV SSH_LOCALE_DEPS openssh-server | |
67 | ENV PYTHON_DEPS python2 |
|
67 | ENV PYTHON_DEPS python2 | |
68 | ENV EXTRA_DEPS vim |
|
68 | ENV EXTRA_DEPS vim | |
69 |
|
69 | |||
70 | ENV \ |
|
70 | ENV \ | |
71 | PATH=$PATH:/nix/var/nix/profiles/per-user/$RC_USER/profile/bin:/home/$RC_USER/rhodecode-enterprise-ee/profile/bin \ |
|
71 | PATH=$PATH:/nix/var/nix/profiles/per-user/$RC_USER/profile/bin:/home/$RC_USER/rhodecode-enterprise-ee/profile/bin \ | |
72 | NIX_BLD_USER=nixbld \ |
|
72 | NIX_BLD_USER=nixbld \ | |
73 | NIX_PATH=/nix/var/nix/profiles/per-user/$RC_USER/channels \ |
|
73 | NIX_PATH=/nix/var/nix/profiles/per-user/$RC_USER/channels \ | |
74 | NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt |
|
74 | NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt | |
75 |
|
75 | |||
76 |
|
76 | |||
77 | RUN \ |
|
77 | RUN \ | |
78 | echo "** install base packages **" && \ |
|
78 | echo "** install base packages **" && \ | |
79 | set -eux; \ |
|
79 | set -eux; \ | |
80 | \ |
|
80 | \ | |
81 | savedAptMark="$(apt-mark showmanual)"; \ |
|
81 | savedAptMark="$(apt-mark showmanual)"; \ | |
82 | apt-get update; \ |
|
82 | apt-get update; \ | |
83 | DEBIAN_FRONTEND="noninteractive" \ |
|
83 | DEBIAN_FRONTEND="noninteractive" \ | |
84 | apt-get install -y --no-install-recommends \ |
|
84 | apt-get install -y --no-install-recommends \ | |
85 | tini \ |
|
85 | tini \ | |
86 | bash \ |
|
86 | bash \ | |
87 | binutils \ |
|
87 | binutils \ | |
88 | tzdata \ |
|
88 | tzdata \ | |
89 | locales \ |
|
89 | locales \ | |
90 | openssl \ |
|
90 | openssl \ | |
91 | curl \ |
|
91 | curl \ | |
92 | sudo \ |
|
92 | sudo \ | |
93 | gosu \ |
|
93 | gosu \ | |
94 | bzip2 \ |
|
94 | bzip2 \ | |
95 | ca-certificates \ |
|
95 | ca-certificates \ | |
96 | $PYTHON_DEPS \ |
|
96 | $PYTHON_DEPS \ | |
97 | $SSH_LOCALE_DEPS \ |
|
97 | $SSH_LOCALE_DEPS \ | |
98 | $SVN_LOCALE_DEPS \ |
|
98 | $SVN_LOCALE_DEPS \ | |
99 | $EXTRA_DEPS \ |
|
99 | $EXTRA_DEPS \ | |
100 | ; \ |
|
100 | ; \ | |
101 | rm -rf /var/lib/apt/lists/*; |
|
101 | rm -rf /var/lib/apt/lists/*; | |
102 |
|
102 | |||
103 | RUN \ |
|
103 | RUN \ | |
104 | echo "** Configure the python executable for py2/3 compat **" && \ |
|
104 | echo "** Configure the python executable for py2/3 compat **" && \ | |
105 | ISPY=$(which python3 || which python2) && \ |
|
105 | ISPY=$(which python3 || which python2) && \ | |
106 | if [ -n $ISPY ] ; then ln -s $ISPY /usr/bin/python ; fi |
|
106 | if [ -n $ISPY ] ; then ln -s $ISPY /usr/bin/python ; fi | |
107 |
|
107 | |||
108 | RUN \ |
|
108 | RUN \ | |
109 | echo "** Configure the locales **" && \ |
|
109 | echo "** Configure the locales **" && \ | |
110 | sed -i "s/^# ${LOCALE_TYPE}/${LOCALE_TYPE}/g" /etc/locale.gen && \ |
|
110 | sed -i "s/^# ${LOCALE_TYPE}/${LOCALE_TYPE}/g" /etc/locale.gen && \ | |
111 | locale-gen |
|
111 | locale-gen | |
112 |
|
112 | |||
113 | # locale-archive is a fix for old nix glibc2.26 locales available |
|
113 | # locale-archive is a fix for old nix glibc2.26 locales available | |
114 | ENV \ |
|
114 | ENV \ | |
115 | LOCALE_ARCHIVE=/var/opt/locale-archive \ |
|
115 | LOCALE_ARCHIVE=/var/opt/locale-archive \ | |
116 | LANG=${LOCALE_TYPE} \ |
|
116 | LANG=${LOCALE_TYPE} \ | |
117 | LANGUAGE=${LOCALE_TYPE} \ |
|
117 | LANGUAGE=${LOCALE_TYPE} \ | |
118 | LC_ALL=${LOCALE_TYPE} |
|
118 | LC_ALL=${LOCALE_TYPE} | |
119 |
|
119 | |||
120 | # configure the system user |
|
120 | # configure the system user | |
121 | # explicitly set uid/gid to guarantee that it won't change in the future |
|
121 | # explicitly set uid/gid to guarantee that it won't change in the future | |
122 | # the values 999:999 are identical to the current user/group id assigned |
|
122 | # the values 999:999 are identical to the current user/group id assigned | |
123 | RUN \ |
|
123 | RUN \ | |
124 | echo "** Create system user $RC_USER **" && \ |
|
124 | echo "** Create system user $RC_USER **" && \ | |
125 | groupadd --system --gid 999 $RC_USER && \ |
|
125 | groupadd --system --gid 999 $RC_USER && \ | |
126 | useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \ |
|
126 | useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \ | |
127 | usermod -G $RC_USER $RC_USER |
|
127 | usermod -G $RC_USER $RC_USER | |
128 |
|
128 | |||
129 | RUN \ |
|
129 | RUN \ | |
130 | echo "** Create nix-build user $NIX_BLD_USER **" && \ |
|
130 | echo "** Create nix-build user $NIX_BLD_USER **" && \ | |
131 | groupadd --system --gid 1099 $NIX_BLD_USER && \ |
|
131 | groupadd --system --gid 1099 $NIX_BLD_USER && \ | |
132 | useradd --system --gid $NIX_BLD_USER --uid 1099 --shell /bin/bash $NIX_BLD_USER && \ |
|
132 | useradd --system --gid $NIX_BLD_USER --uid 1099 --shell /bin/bash $NIX_BLD_USER && \ | |
133 | usermod -G $NIX_BLD_USER $NIX_BLD_USER |
|
133 | usermod -G $NIX_BLD_USER $NIX_BLD_USER | |
134 |
|
134 | |||
135 | RUN \ |
|
135 | RUN \ | |
136 | echo "** disable nix sandboxing **" && \ |
|
136 | echo "** disable nix sandboxing **" && \ | |
137 | mkdir /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf |
|
137 | mkdir /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf | |
138 |
|
138 | |||
139 |
|
139 | |||
140 | # set the defult bash shell |
|
140 | # set the defult bash shell | |
141 | SHELL ["/bin/bash", "-c"] |
|
141 | SHELL ["/bin/bash", "-c"] | |
142 |
|
142 | |||
143 | # Fix and set a timezone |
|
143 | # Fix and set a timezone | |
144 | RUN \ |
|
144 | RUN \ | |
145 | echo "** configure the timezone **" && \ |
|
145 | echo "** configure the timezone **" && \ | |
146 | rm /etc/localtime && cp /usr/share/zoneinfo/$TZ /etc/localtime && \ |
|
146 | rm /etc/localtime && cp /usr/share/zoneinfo/$TZ /etc/localtime && \ | |
147 | echo $TZ > /etc/timezone |
|
147 | echo $TZ > /etc/timezone | |
148 |
|
148 | |||
149 |
|
149 | |||
150 | RUN \ |
|
150 | RUN \ | |
151 | echo "** prepare rhodecode store and cache **" && \ |
|
151 | echo "** prepare rhodecode store and cache **" && \ | |
152 | install -d -m 0700 -o $RC_USER -g $RC_USER /nix && \ |
|
152 | install -d -m 0700 -o $RC_USER -g $RC_USER /nix && \ | |
153 | install -d -m 0755 -o $RC_USER -g $RC_USER /opt/rhodecode && \ |
|
153 | install -d -m 0755 -o $RC_USER -g $RC_USER /opt/rhodecode && \ | |
154 | install -d -m 0755 -o $RC_USER -g $RC_USER /var/opt/rhodecode_bin && \ |
|
154 | install -d -m 0755 -o $RC_USER -g $RC_USER /var/opt/rhodecode_bin && \ | |
155 | install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_REPO_DIR && \ |
|
155 | install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_REPO_DIR && \ | |
156 | install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_DATA_DIR && \ |
|
156 | install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_DATA_DIR && \ | |
157 | install -d -m 0755 -o $RC_USER -g $RC_USER $BUILD_CONF && \ |
|
157 | install -d -m 0755 -o $RC_USER -g $RC_USER $BUILD_CONF && \ | |
158 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-vcsserver && \ |
|
158 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-vcsserver && \ | |
159 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ce && \ |
|
159 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ce && \ | |
160 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ee && \ |
|
160 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ee && \ | |
161 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/ && \ |
|
161 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/ && \ | |
162 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol && \ |
|
162 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol && \ | |
163 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/cache && \ |
|
163 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/cache && \ | |
164 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/bootstrap && \ |
|
164 | install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/bootstrap && \ | |
165 | install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh |
|
165 | install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh | |
166 |
|
166 | |||
167 | # expose our custom sshd config |
|
167 | # expose our custom sshd config | |
168 | COPY service/sshd/sshd_config $SSHD_CONF_FILE |
|
168 | COPY service/sshd/sshd_config $SSHD_CONF_FILE | |
169 |
|
169 | |||
170 | # Apache SVN setup |
|
170 | # Apache SVN setup | |
171 | RUN \ |
|
171 | RUN \ | |
172 | echo "**** Apache config cleanup ****" && \ |
|
172 | echo "**** Apache config cleanup ****" && \ | |
173 | rm -f /etc/apache2/conf.d/info.conf \ |
|
173 | rm -f /etc/apache2/conf.d/info.conf \ | |
174 | /etc/apache2/conf.d/mpm.conf \ |
|
174 | /etc/apache2/conf.d/mpm.conf \ | |
175 | /etc/apache2/conf.d/userdir.conf && \ |
|
175 | /etc/apache2/conf.d/userdir.conf && \ | |
176 | rm -f /etc/apache2/sites-enabled/* && \ |
|
176 | rm -f /etc/apache2/sites-enabled/* && \ | |
177 | rm -f /etc/apache2/sites-available/* |
|
177 | rm -f /etc/apache2/sites-available/* | |
178 |
|
178 | |||
179 | # custom SVN virtualhost |
|
179 | # custom SVN virtualhost | |
180 | COPY service/svn/virtualhost.conf /etc/apache2/sites-enabled/ |
|
180 | COPY service/svn/virtualhost.conf /etc/apache2/sites-enabled/ | |
181 |
|
181 | |||
182 | RUN \ |
|
182 | RUN \ | |
183 | echo "**** Apache config ****" && \ |
|
183 | echo "**** Apache config ****" && \ | |
184 | echo $(strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \ |
|
184 | echo $(strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \ | |
185 | mkdir -p /run/apache2 && \ |
|
185 | mkdir -p /run/apache2 && \ | |
186 | mkdir -p /var/opt/www && \ |
|
186 | mkdir -p /var/opt/www && \ | |
187 | echo "unset HOME" > /etc/apache2/envvars && \ |
|
187 | echo "unset HOME" > /etc/apache2/envvars && \ | |
188 | echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ |
|
188 | echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ | |
189 | echo "export APACHE_PID_FILE=/var/run/apache2/apache2.pid" >> /etc/apache2/envvars && \ |
|
189 | echo "export APACHE_PID_FILE=/var/run/apache2/apache2.pid" >> /etc/apache2/envvars && \ | |
190 | echo "export APACHE_RUN_DIR=/var/run/apache2" >> /etc/apache2/envvars && \ |
|
190 | echo "export APACHE_RUN_DIR=/var/run/apache2" >> /etc/apache2/envvars && \ | |
191 | echo "export APACHE_LOCK_DIR=/var/lock/apache2" >> /etc/apache2/envvars && \ |
|
191 | echo "export APACHE_LOCK_DIR=/var/lock/apache2" >> /etc/apache2/envvars && \ | |
192 | echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ |
|
192 | echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \ | |
193 | echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \ |
|
193 | echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \ | |
194 | sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /etc/apache2/ports.conf |
|
194 | sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /etc/apache2/ports.conf | |
195 |
|
195 | |||
196 |
|
196 | |||
197 | # Copy artifacts |
|
197 | # Copy artifacts | |
198 | COPY --chown=$RC_USER:$RC_USER .source/ /home/$RC_USER/ |
|
198 | COPY --chown=$RC_USER:$RC_USER .source/ /home/$RC_USER/ | |
199 | COPY --chown=$RC_USER:$RC_USER .cache/* /home/$RC_USER/.rccontrol/cache/ |
|
199 | COPY --chown=$RC_USER:$RC_USER .cache/* /home/$RC_USER/.rccontrol/cache/ | |
200 | COPY --chown=$RC_USER:$RC_USER config/compose/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/ |
|
200 | COPY --chown=$RC_USER:$RC_USER config/compose/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/ | |
201 | COPY --chown=$RC_USER:$RC_USER service/rhodecode/bootstrap/* /home/$RC_USER/.rccontrol/bootstrap/ |
|
201 | COPY --chown=$RC_USER:$RC_USER service/rhodecode/bootstrap/* /home/$RC_USER/.rccontrol/bootstrap/ | |
202 |
|
202 | |||
203 | RUN \ |
|
203 | RUN \ | |
204 | echo "**** locale-archive path ****" && \ |
|
204 | echo "**** locale-archive path ****" && \ | |
205 | mv -v /home/$RC_USER/.rccontrol/cache/locale-archive /var/opt/locale-archive |
|
205 | mv -v /home/$RC_USER/.rccontrol/cache/locale-archive /var/opt/locale-archive | |
206 |
|
206 | |||
207 | # change to non-root user for RUN commands |
|
207 | # change to non-root user for RUN commands | |
208 | USER $RC_USER |
|
208 | USER $RC_USER | |
209 | WORKDIR /home/$RC_USER |
|
209 | WORKDIR /home/$RC_USER | |
210 |
|
210 | |||
211 |
|
211 | |||
212 | RUN \ |
|
212 | RUN \ | |
213 | echo "** download and install nix ** from $DEV_NIX_VERSION/install" && \ |
|
213 | echo "** download and install nix ** from $DEV_NIX_VERSION/install" && \ | |
214 | curl -L https://releases.nixos.org/nix/nix-$DEV_NIX_VERSION/install | USER=$RC_USER /bin/bash |
|
214 | curl -L https://releases.nixos.org/nix/nix-$DEV_NIX_VERSION/install | USER=$RC_USER /bin/bash | |
215 |
|
215 | |||
216 | RUN \ |
|
216 | RUN \ | |
217 | echo "** update nix package database and set channel to $DEV_NIX_CHANNEL **" && \ |
|
217 | echo "** update nix package database and set channel to $DEV_NIX_CHANNEL **" && \ | |
218 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ |
|
218 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ | |
219 | nix-channel --add https://channels.nixos.org/$DEV_NIX_CHANNEL nixpkgs && \ |
|
219 | nix-channel --add https://channels.nixos.org/$DEV_NIX_CHANNEL nixpkgs && \ | |
220 | nix-channel --update |
|
220 | nix-channel --update | |
221 |
|
221 | |||
222 |
|
222 | |||
223 | RUN \ |
|
223 | RUN \ | |
224 | echo "** save nix config **" && \ |
|
224 | echo "** save nix config **" && \ | |
225 | touch /home/$RC_USER/.rhoderc && \ |
|
225 | touch /home/$RC_USER/.rhoderc && \ | |
226 | mkdir -p /home/$RC_USER/.nixpkgs && touch /home/$RC_USER/.nixpkgs/config.nix && \ |
|
226 | mkdir -p /home/$RC_USER/.nixpkgs && touch /home/$RC_USER/.nixpkgs/config.nix && \ | |
227 | printf '{\n rc = {\n sources = {\n rhodecode-vcsserver = "/home/'$RC_USER'/rhodecode-vcsserver";\n rhodecode-enterprise-ce = "/home/'$RC_USER'/rhodecode-enterprise-ce";\n rhodecode-enterprise-ee = "/home/'$RC_USER'/rhodecode-enterprise-ee";\n };\n };\n}\n' > /home/$RC_USER/.nixpkgs/config.nix |
|
227 | printf '{\n rc = {\n sources = {\n rhodecode-vcsserver = "/home/'$RC_USER'/rhodecode-vcsserver";\n rhodecode-enterprise-ce = "/home/'$RC_USER'/rhodecode-enterprise-ce";\n rhodecode-enterprise-ee = "/home/'$RC_USER'/rhodecode-enterprise-ee";\n };\n };\n}\n' > /home/$RC_USER/.nixpkgs/config.nix | |
228 |
|
228 | |||
229 |
|
229 | |||
230 | RUN \ |
|
230 | RUN \ | |
231 | echo "** install rhodecode control **" && \ |
|
231 | echo "** install rhodecode control **" && \ | |
232 | # cd /home/$RC_USER/.rccontrol/cache && \ |
|
232 | # cd /home/$RC_USER/.rccontrol/cache && \ | |
233 | # INSTALLER=$(ls -Art /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* | tail -n 1) && \ |
|
233 | # INSTALLER=$(ls -Art /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* | tail -n 1) && \ | |
234 | # chmod +x ${INSTALLER} && \ |
|
234 | # chmod +x ${INSTALLER} && \ | |
235 | # ${INSTALLER} --accept-license && \ |
|
235 | # ${INSTALLER} --accept-license && \ | |
236 | # ${RCCONTROL} self-init && \ |
|
236 | # ${RCCONTROL} self-init && \ | |
237 | # cp -v /home/$RC_USER/.rccontrol-profile/etc/ca-bundle.crt $BUILD_CONF/ && \ |
|
237 | # cp -v /home/$RC_USER/.rccontrol-profile/etc/ca-bundle.crt $BUILD_CONF/ && \ | |
238 | echo "Done" |
|
238 | echo "Done" | |
239 |
|
239 | |||
240 | RUN \ |
|
240 | RUN \ | |
241 | echo "** install build vcsserver ${RHODECODE_VERSION} **" && \ |
|
241 | echo "** install build vcsserver ${RHODECODE_VERSION} **" && \ | |
242 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ |
|
242 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ | |
243 | nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link rhodecode-vcsserver/result rhodecode-vcsserver/default.nix && \ |
|
243 | nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link rhodecode-vcsserver/result rhodecode-vcsserver/default.nix && \ | |
244 | nix-shell --command 'echo ok' rhodecode-vcsserver/default.nix && \ |
|
244 | nix-shell --command 'echo ok' rhodecode-vcsserver/default.nix && \ | |
245 | VCSSERVER_PATH=/home/$RC_USER/rhodecode-vcsserver && \ |
|
245 | VCSSERVER_PATH=/home/$RC_USER/rhodecode-vcsserver && \ | |
246 | rm -rf $BUILD_BIN_DIR/vcs_bin && ln -s ${VCSSERVER_PATH}/result/bin $BUILD_BIN_DIR/vcs_bin && \ |
|
246 | rm -rf $BUILD_BIN_DIR/vcs_bin && ln -s ${VCSSERVER_PATH}/result/bin $BUILD_BIN_DIR/vcs_bin && \ | |
247 | cp -v ${VCSSERVER_PATH}/configs/production.ini $BUILD_CONF/vcsserver.ini |
|
247 | cp -v ${VCSSERVER_PATH}/configs/production.ini $BUILD_CONF/vcsserver.ini | |
248 |
|
248 | |||
249 | RUN \ |
|
249 | RUN \ | |
250 | echo "** install build Community ${RHODECODE_VERSION} **" && \ |
|
250 | echo "** install build Community ${RHODECODE_VERSION} **" && \ | |
251 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ |
|
251 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ | |
252 | echo "done" |
|
252 | echo "done" | |
253 |
|
253 | |||
254 | RUN \ |
|
254 | RUN \ | |
255 | echo "** install build Enterprise ${RHODECODE_VERSION} **" && \ |
|
255 | echo "** install build Enterprise ${RHODECODE_VERSION} **" && \ | |
256 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ |
|
256 | . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \ | |
257 | nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link rhodecode-enterprise-ee/result rhodecode-enterprise-ee/default.nix && \ |
|
257 | nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link rhodecode-enterprise-ee/result rhodecode-enterprise-ee/default.nix && \ | |
258 | nix-shell --command 'echo ok' rhodecode-enterprise-ee/default.nix && \ |
|
258 | nix-shell --command 'echo ok' rhodecode-enterprise-ee/default.nix && \ | |
259 | RHODECODE_PATH=/home/$RC_USER/rhodecode-enterprise-ee && \ |
|
259 | RHODECODE_PATH=/home/$RC_USER/rhodecode-enterprise-ee && \ | |
260 | rm -rf $BUILD_BIN_DIR/bin && ln -s ${RHODECODE_PATH}/result/bin $BUILD_BIN_DIR/ && \ |
|
260 | rm -rf $BUILD_BIN_DIR/bin && ln -s ${RHODECODE_PATH}/result/bin $BUILD_BIN_DIR/ && \ | |
261 | cp -v ${RHODECODE_PATH}/configs/production.ini $BUILD_CONF/rhodecode.ini && \ |
|
261 | cp -v ${RHODECODE_PATH}/configs/production.ini $BUILD_CONF/rhodecode.ini && \ | |
262 | cp -v ${RHODECODE_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf.py && \ |
|
262 | cp -v ${RHODECODE_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf.py && \ | |
263 | mkdir -p $RHODECODE_DATA_DIR/static && cp -r ${RHODECODE_PATH}/result/etc/static/* $RHODECODE_DATA_DIR/static/ |
|
263 | mkdir -p $RHODECODE_DATA_DIR/static && cp -r ${RHODECODE_PATH}/result/etc/static/* $RHODECODE_DATA_DIR/static/ | |
264 |
|
264 | |||
265 |
|
265 | |||
266 | RUN \ |
|
266 | RUN \ | |
267 | echo "** configure supervisord **" && \ |
|
267 | echo "** configure supervisord **" && \ | |
268 | #cp -v ${SUPERVISOR_CONF} $BUILD_CONF/ && \ |
|
268 | #cp -v ${SUPERVISOR_CONF} $BUILD_CONF/ && \ | |
269 | #sed -i "s/self_managed_supervisor = False/self_managed_supervisor = True/g" /home/$RC_USER/.rccontrol.ini && \ |
|
269 | #sed -i "s/self_managed_supervisor = False/self_managed_supervisor = True/g" /home/$RC_USER/.rccontrol.ini && \ | |
270 | echo "done" |
|
270 | echo "done" | |
271 |
|
271 | |||
272 | USER root |
|
272 | USER root | |
273 |
|
273 | |||
274 |
|
274 | |||
275 | RUN \ |
|
275 | RUN \ | |
276 | echo "**** cleanup ****" && \ |
|
276 | echo "**** cleanup ****" && \ | |
277 | apt-get remove -y $PYTHON_DEPS && \ |
|
277 | apt-get remove -y $PYTHON_DEPS && \ | |
278 | apt-get autoclean -y && \ |
|
278 | apt-get autoclean -y && \ | |
279 | rm -f /tmp/* && \ |
|
279 | rm -f /tmp/* && \ | |
280 | rm -f /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* && \ |
|
280 | rm -f /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* && \ | |
281 | rm -f /home/$RC_USER/.rccontrol/cache/*.bz2 && \ |
|
281 | rm -f /home/$RC_USER/.rccontrol/cache/*.bz2 && \ | |
282 | rm -rf /var/lib/apt/lists/* \ |
|
282 | rm -rf /var/lib/apt/lists/* \ | |
283 | rm -rf /var/cache/apk/* \ |
|
283 | rm -rf /var/cache/apk/* \ | |
284 | rm ${SUPERVISOR_CONF} |
|
284 | rm ${SUPERVISOR_CONF} | |
285 |
|
285 | |||
286 | # copy entrypoints |
|
286 | # copy entrypoints | |
287 | COPY entrypoints.d/entrypoint.sh /opt/entrypoints.d/entrypoint.sh |
|
287 | COPY entrypoints.d/entrypoint.sh /opt/entrypoints.d/entrypoint.sh | |
288 | RUN chmod +x /opt/entrypoints.d/entrypoint.sh |
|
288 | RUN chmod +x /opt/entrypoints.d/entrypoint.sh | |
289 |
|
289 | |||
290 | # config volume |
|
290 | # config volume | |
291 | VOLUME /etc/rhodecode/conf |
|
291 | VOLUME /etc/rhodecode/conf | |
292 |
|
292 | |||
293 | # repo store volume |
|
293 | # repo store volume | |
294 | VOLUME /var/opt/rhodecode_repo_store |
|
294 | VOLUME /var/opt/rhodecode_repo_store | |
295 |
|
295 | |||
296 | # data volume |
|
296 | # data volume | |
297 | VOLUME /var/opt/rhodecode_data |
|
297 | VOLUME /var/opt/rhodecode_data | |
298 |
|
298 | |||
299 | # logs volume |
|
299 | # logs volume | |
300 | VOLUME /var/log/rhodecode |
|
300 | VOLUME /var/log/rhodecode | |
301 |
|
301 | |||
302 | ENTRYPOINT ["/opt/entrypoints.d/entrypoint.sh"] |
|
302 | ENTRYPOINT ["/opt/entrypoints.d/entrypoint.sh"] | |
303 |
|
303 | |||
304 | # compose can override this |
|
304 | # compose can override this | |
305 | CMD ["supervisord", "--nodaemon", "-c", "/etc/rhodecode/conf/supervisord.ini"] |
|
305 | CMD ["supervisord", "--nodaemon", "-c", "/etc/rhodecode/conf/supervisord.ini"] |
@@ -1,70 +1,72 b'' | |||||
1 | FROM debian:buster |
|
1 | FROM ubuntu:22.04 | |
|
2 | # Using 22.04 LTS Release | |||
2 | MAINTAINER RhodeCode Inc. <support@rhodecode.com> |
|
3 | MAINTAINER RhodeCode Inc. <support@rhodecode.com> | |
3 |
|
4 | |||
|
5 | ||||
4 | ENV \ |
|
6 | ENV \ | |
5 | RC_USER=rhodecode \ |
|
7 | RC_USER=rhodecode \ | |
6 | MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf |
|
8 | MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf | |
7 |
|
9 | |||
8 | RUN \ |
|
10 | RUN \ | |
9 | echo "** install base svn packages **" && \ |
|
11 | echo "** install base svn packages **" && \ | |
10 |
ap |
|
12 | apt-get update && \ | |
11 |
ap |
|
13 | apt-get install --no-cache \ | |
12 | tini \ |
|
14 | tini \ | |
13 | bash \ |
|
15 | bash \ | |
14 | curl \ |
|
16 | curl \ | |
15 | apache2 \ |
|
17 | apache2 \ | |
16 | apache2-utils \ |
|
18 | apache2-utils \ | |
17 | apache2-webdav \ |
|
19 | apache2-webdav \ | |
18 | mod_dav_svn \ |
|
20 | mod_dav_svn \ | |
19 | subversion |
|
21 | subversion | |
20 |
|
22 | |||
21 | # configure the system user |
|
23 | # configure the system user | |
22 | # explicitly set uid/gid to guarantee that it won't change in the future |
|
24 | # explicitly set uid/gid to guarantee that it won't change in the future | |
23 | # the values 999:999 are identical to the current user/group id assigned |
|
25 | # the values 999:999 are identical to the current user/group id assigned | |
24 | RUN \ |
|
26 | RUN \ | |
25 | echo "** Create system user $RC_USER **" && \ |
|
27 | echo "** Create system user $RC_USER **" && \ | |
26 | groupadd --system --gid 999 $RC_USER && \ |
|
28 | groupadd --system --gid 999 $RC_USER && \ | |
27 | useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER |
|
29 | useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER | |
28 |
|
30 | |||
29 |
|
31 | |||
30 | RUN \ |
|
32 | RUN \ | |
31 | echo "**** cleanup ****" && \ |
|
33 | echo "**** cleanup ****" && \ | |
32 |
ap |
|
34 | apt-get purge tzdata python2 && \ | |
33 | rm -f /tmp/* && \ |
|
35 | rm -f /tmp/* && \ | |
34 | rm -rf /var/lib/apt/lists/* \ |
|
36 | rm -rf /var/lib/apt/lists/* \ | |
35 | rm -rf /var/cache/apk/* |
|
37 | rm -rf /var/cache/apk/* | |
36 |
|
38 | |||
37 | RUN \ |
|
39 | RUN \ | |
38 | echo "**** Apache config cleanup ****" && \ |
|
40 | echo "**** Apache config cleanup ****" && \ | |
39 | rm -f /etc/apache2/conf.d/info.conf \ |
|
41 | rm -f /etc/apache2/conf.d/info.conf \ | |
40 | /etc/apache2/conf.d/mpm.conf \ |
|
42 | /etc/apache2/conf.d/mpm.conf \ | |
41 | /etc/apache2/conf.d/userdir.conf |
|
43 | /etc/apache2/conf.d/userdir.conf | |
42 |
|
44 | |||
43 |
|
45 | |||
44 | COPY svn/virtualhost.conf /etc/apache2/conf.d/ |
|
46 | COPY svn/virtualhost.conf /etc/apache2/conf.d/ | |
45 |
|
47 | |||
46 | # copy entrypoints |
|
48 | # copy entrypoints | |
47 | COPY entrypoints.d/svn-entrypoint.sh /opt/entrypoints.d/svn-entrypoint.sh |
|
49 | COPY entrypoints.d/svn-entrypoint.sh /opt/entrypoints.d/svn-entrypoint.sh | |
48 | RUN chmod +x /opt/entrypoints.d/svn-entrypoint.sh |
|
50 | RUN chmod +x /opt/entrypoints.d/svn-entrypoint.sh | |
49 |
|
51 | |||
50 | RUN \ |
|
52 | RUN \ | |
51 | echo $(strings /usr/lib/apache2/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \ |
|
53 | echo $(strings /usr/lib/apache2/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \ | |
52 | mkdir -p /run/apache2 && \ |
|
54 | mkdir -p /run/apache2 && \ | |
53 | mkdir -p /var/opt/www && \ |
|
55 | mkdir -p /var/opt/www && \ | |
54 | echo "export APACHE_RUN_USER=${RC_USER}" > /etc/apache2/envvars && \ |
|
56 | echo "export APACHE_RUN_USER=${RC_USER}" > /etc/apache2/envvars && \ | |
55 | echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \ |
|
57 | echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \ | |
56 | sed -i "s/User apache/User ${RC_USER}/g" /etc/apache2/httpd.conf && \ |
|
58 | sed -i "s/User apache/User ${RC_USER}/g" /etc/apache2/httpd.conf && \ | |
57 | sed -i "s/Group apache/Group ${RC_USER}/g" /etc/apache2/httpd.conf |
|
59 | sed -i "s/Group apache/Group ${RC_USER}/g" /etc/apache2/httpd.conf | |
58 |
|
60 | |||
59 | # repo store volume |
|
61 | # repo store volume | |
60 | VOLUME /var/opt/rhodecode_repo_store |
|
62 | VOLUME /var/opt/rhodecode_repo_store | |
61 |
|
63 | |||
62 | # config volume |
|
64 | # config volume | |
63 | VOLUME /etc/rhodecode/conf |
|
65 | VOLUME /etc/rhodecode/conf | |
64 |
|
66 | |||
65 | # logs volume |
|
67 | # logs volume | |
66 | VOLUME /var/log/rhodecode |
|
68 | VOLUME /var/log/rhodecode | |
67 |
|
69 | |||
68 | ENTRYPOINT ["/opt/entrypoints.d/svn-entrypoint.sh"] |
|
70 | ENTRYPOINT ["/opt/entrypoints.d/svn-entrypoint.sh"] | |
69 |
|
71 | |||
70 | CMD ["apachectl", "-D", "FOREGROUND"] |
|
72 | CMD ["apachectl", "-D", "FOREGROUND"] |
General Comments 0
You need to be logged in to leave comments.
Login now