##// END OF EJS Templates
stack: updated loki/grafana stacks...
super-admin -
Show More
@@ -0,0 +1,50 b''
1 auth_enabled: false
2
3 server:
4 http_listen_address: 0.0.0.0
5 grpc_listen_address: 0.0.0.0
6 http_listen_port: 3100
7 grpc_listen_port: 9095
8 log_level: info
9
10 common:
11 path_prefix: /tmp/loki
12 storage:
13 filesystem:
14 chunks_directory: /tmp/loki/chunks
15 rules_directory: /tmp/loki/rules
16 replication_factor: 1
17 ring:
18 instance_addr: 127.0.0.1
19 kvstore:
20 store: inmemory
21
22 schema_config:
23 configs:
24 - from: 2020-10-24
25 store: boltdb-shipper
26 object_store: filesystem
27 schema: v11
28 index:
29 prefix: index_
30 period: 24h
31
32 limits_config:
33 max_streams_per_user: 100000
34
35 ingestion_burst_size_mb: 64
36 ingestion_rate_mb: 512
37
38 per_stream_rate_limit: 512M
39 per_stream_rate_limit_burst: 1024M
40 max_entries_limit_per_query: 1000000
41 max_label_value_length: 20480
42 max_label_name_length: 10240
43
44 ruler:
45 alertmanager_url: http://localhost:9093
46
47 # If you would like to disable reporting, uncomment the following lines:
48 #analytics:
49 # reporting_enabled: false
50
@@ -0,0 +1,38 b''
1 server:
2 http_listen_port: 9080
3 grpc_listen_port: 0
4
5 # Describes how to save read file offsets to disk
6 positions:
7 filename: /tmp/positions.yaml
8
9 clients:
10 - url: http://loki:3100/loki/api/v1/push
11 tenant_id: docker
12
13 ## Definition to what to scrape
14 scrape_configs:
15
16 - job_name: scraping_nginx
17 static_configs:
18 - targets:
19 - localhost
20 labels:
21 __path__: /var/log_volume/nginx/rhodecode*
22 job: nginx
23
24 - job_name: scraping_vcsserver
25 static_configs:
26 - targets:
27 - localhost
28 labels:
29 __path__: /var/log_volume/apps/rhodecode*
30 job: rhodecode
31
32 - job_name: scraping_rhodecode
33 static_configs:
34 - targets:
35 - localhost
36 labels:
37 __path__: /var/log_volume/apps/vcsserver*
38 job: vcsserver No newline at end of file
@@ -0,0 +1,31 b''
1 defaults:
2 # metrics expiration
3 ttl: 48h
4
5 mappings:
6
7 - match: "*.histogram"
8 name: "${1}"
9 observer_type: histogram
10 histogram_options:
11 buckets: [.1, .25, .5, .75, 1, 1.5, 2, 5, 10]
12
13 - match: "*.slow_histogram"
14 name: "${1}"
15 observer_type: histogram
16 histogram_options:
17 buckets: [.1, .25, .5, 1, 2, 5, 10, 30, 60]
18
19 - match: "*.summary"
20 name: "${1}"
21 observer_type: summary
22 summary_options:
23 quantiles:
24 - quantile: 0.99
25 error: 0.001
26 - quantile: 0.95
27 error: 0.01
28 - quantile: 0.9
29 error: 0.05
30 - quantile: 0.5
31 error: 0.005
1 NO CONTENT: new file 100644
NO CONTENT: new file 100644
@@ -1,10 +1,17 b''
1 global:
1 global:
2 scrape_interval: 10s
2 scrape_interval: 15s
3 evaluation_interval: 10s
3 evaluation_interval: 15s
4
4
5 scrape_configs:
5 scrape_configs:
6 # Scrape statsd exporter
6
7 # Scrape statsd exporter from RhodeCode
7 - job_name: "rhodecode_metrics"
8 - job_name: "rhodecode_metrics"
8 metrics_path: "/metrics"
9 metrics_path: "/metrics"
9 static_configs:
10 static_configs:
10 - targets: ["statsd-exporter:9102"]
11 - targets: ["statsd-exporter:9102"]
12
13 # scrape node exporter
14 - job_name: node_metrics
15 metrics_path: "/metrics"
16 static_configs:
17 - targets: ["node-exporter:9100"]
@@ -1,68 +1,75 b''
1 #!/usr/bin/env bash
1 #!/usr/bin/env bash
2 set -euo pipefail
2 set -euo pipefail
3 IFS=$'\n\t'
3 IFS=$'\n\t'
4 CURRENT_USER_UID=$(id -u)
4 CURRENT_USER_UID=$(id -u)
5 CURRENT_USER_GID=$(id -g)
5 CURRENT_USER_GID=$(id -g)
6 USER_UID=${USER_UID:-$CURRENT_USER_UID}
6 USER_UID=${USER_UID:-$CURRENT_USER_UID}
7 USER_GID=${USER_GID:-$CURRENT_USER_GID}
7 USER_GID=${USER_GID:-$CURRENT_USER_GID}
8 CMD="docker-compose -f docker-compose.yml"
8 CMD="docker-compose -f docker-compose.yml"
9 BUILD_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml"
9 BUILD_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml"
10 DEV_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml -f docker-compose.dev.yaml"
10 DEV_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml -f docker-compose.dev.yaml"
11 DEV_CMD="docker-compose -f docker-compose.yaml -f docker-compose.source.yaml -f docker-compose.dev.yaml"
12 METRICS_CMD="docker-compose -f docker-compose-grafana.yaml"
11
13
12 usage="$(basename "$0") ./dev.sh <COMMAND> -- run docker command
14 usage="$(basename "$0") ./dev.sh <COMMAND> -- run docker command
13 where <COMMAND>:
15 where <COMMAND>:
14 [v]cs -- run bash console for vcsserver
16 [v]cs -- run bash console for vcsserver
15 [r]c -- run bash console for rhodecode-ee
17 [r]c -- run bash console for rhodecode-ee
16 ce -- run bash console for rhodecode-ce
18 ce -- run bash console for rhodecode-ce
17 [t]est[s] -- run bash console for rhodecode-ce tests
19 [t]est[s] -- run bash console for rhodecode-ce tests
18 test-mysql -- run bash console for rhodecode-ce tests with mysql
20 test-mysql -- run bash console for rhodecode-ce tests with mysql
19 test-pgsql -- run bash console for rhodecode-ce tests with postgres
21 test-pgsql -- run bash console for rhodecode-ce tests with postgres
20 dev-build -- build rhodecode dev app for use without cache use
22 dev-build -- build rhodecode dev app for use without cache use
21 dev-env -- run the dev stack required for development
23 dev-env -- run the dev stack required for development
22 redis -- run the redis CLI attached to rc_cluster_redis_1
24 redis -- run the redis CLI attached to rc_cluster_redis_1
23 db -- run the db bash attached to rc_cluster_database_1
25 db -- run the db bash attached to rc_cluster_database_1
26 [m]etrics -- run the metrics stack
24 run <cmd> -- run <cmd>"
27 run <cmd> -- run <cmd>"
25
28
26 case ${1:-} in
29 case ${1:-} in
27 v|vcs )
30 v|vcs )
28 eval "(docker stop vcsserver-dev || echo skip-stop ) && ${DEV_CMD} run --service-ports --rm --use-aliases --workdir="/home/rhodecode/rhodecode-vcsserver" --name="vcsserver-dev" vcsserver bash"
31 eval "(docker stop dev-vcsserver || echo skip-stop ) && ${DEV_CMD} run --service-ports --rm --use-aliases --workdir="/home/rhodecode/rhodecode-vcsserver" --name="dev-vcsserver" vcsserver bash"
29 exit
32 exit
30 ;;
33 ;;
31 r|rc )
34 r|rc )
32 eval "(docker stop enterprise-ee-dev || echo skip-stop ) && ${DEV_CMD} run --publish 8080:8080 --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ee" --name="enterprise-ee-dev" rhodecode bash"
35 eval "(docker stop dev-enterprise-ee || echo skip-stop ) && ${DEV_CMD} run --publish 8080:8080 --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ee" --name="dev-enterprise-ee" rhodecode bash"
33 exit
36 exit
34 ;;
37 ;;
35 ce )
38 ce )
36 eval "(docker stop enterprise-ce-dev || echo skip-stop ) && ${DEV_CMD} run --publish 8081:8080 --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ce" --name="enterprise-ce-dev" rhodecode bash"
39 eval "(docker stop dev-enterprise-ce || echo skip-stop ) && ${DEV_CMD} run --publish 8081:8080 --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ce" --name="dev-enterprise-ce" rhodecode bash"
37 exit
40 exit
38 ;;
41 ;;
39 t|test|tests )
42 t|test|tests )
40 eval "${DEV_CMD} run --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ce" --name="enterprise-dev-test" rhodecode bash"
43 eval "${DEV_CMD} run --rm --use-aliases --workdir="/home/rhodecode/rhodecode-enterprise-ce" --name="enterprise-dev-test" rhodecode bash"
41 exit
44 exit
42 ;;
45 ;;
43 dev-build )
46 dev-build )
44 eval "${BUILD_CMD} up --detach database && ${BUILD_CMD} build --no-cache --progress=plain rhodecode"
47 eval "${BUILD_CMD} up --detach database && ${BUILD_CMD} build --no-cache --progress=plain rhodecode"
45 exit
48 exit
46 ;;
49 ;;
47 dev-env )
50 dev-env )
48 eval "${BUILD_CMD} up --detach database redis channelstream nginx celery beat elasticsearch"
51 eval "${BUILD_CMD} up --detach database redis channelstream nginx celery beat elasticsearch"
49 exit
52 exit
50 ;;
53 ;;
51 redis )
54 redis )
52 eval "docker exec --interactive --tty rc_cluster_redis_1 redis-cli"
55 eval "docker exec --interactive --tty rc_cluster_redis_1 redis-cli"
53 exit
56 exit
54 ;;
57 ;;
55 db )
58 db )
56 eval "docker exec --interactive --tty rc_cluster_database_1 /bin/bash -c 'psql -U $$POSTGRES_USER' "
59 eval "docker exec --interactive --tty rc_cluster_database_1 /bin/bash -c 'psql -U $$POSTGRES_USER' "
57 exit
60 exit
58 ;;
61 ;;
62 m|metrics )
63 eval "${METRICS_CMD} up --detach"
64 exit
65 ;;
59 run )
66 run )
60 command=${@:2}
67 command=${@:2}
61 eval "${DEV_CMD} run --rm rhodecode ${command}"
68 eval "${DEV_CMD} run --rm rhodecode ${command}"
62 exit
69 exit
63 ;;
70 ;;
64 * )
71 * )
65 echo "${usage}"
72 echo "${usage}"
66 exit
73 exit
67 ;;
74 ;;
68 esac
75 esac
@@ -1,58 +1,110 b''
1 version: '3.9'
1 version: '3.9'
2
2
3 volumes:
3 volumes:
4 prometheus_data: {}
4 prometheus_data: {}
5 grafana_data: {}
5 grafana_data: {}
6 logvolume:
7 driver: local
8 driver_opts:
9 type: none
10 o: bind
11 device: $PWD/logs
6
12
7 networks:
13 networks:
8 rhodecode_network:
14 rhodecode_network:
9 name: rhodecode_network
15 name: rhodecode_network
10
16
11
17
12 services:
18 services:
13
19
14 statsd-exporter:
20 statsd-exporter:
15 image: prom/statsd-exporter:v0.22.8
21 image: prom/statsd-exporter:v0.22.8
16 restart: unless-stopped
22 restart: unless-stopped
17 command: [
23 command: [
18 '--statsd.mapping-config=/statsd/statsd.conf',
24 '--statsd.mapping-config=/statsd/statsd.yaml',
19 '--statsd.listen-udp=:9125',
25 '--statsd.listen-udp=:9125',
20 '--web.listen-address=:9102'
26 '--web.listen-address=:9102'
21 ]
27 ]
22 networks:
28 networks:
23 - rhodecode_network
29 - rhodecode_network
24 ports:
30 ports:
25 - "9125:9125/udp"
31 - "127.0.0.1:9125:9125/udp"
26 - "9102:9102"
32 - "127.0.0.1:9102:9102"
27 volumes:
33 volumes:
28 - ./config/statsd-exporter/statsd.conf:/statsd/statsd.conf
34 - ./config/statsd-exporter:/statsd
35
36 node-exporter:
37 image: prom/node-exporter:v1.4.0
38 command:
39 - "--path.procfs=/host/proc"
40 - "--path.rootfs=/rootfs"
41 - "--path.sysfs=/host/sys"
42 - "--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)"
43 - "--collector.systemd"
44 - "--collector.processes"
45 networks:
46 - rhodecode_network
47 pid: host
48 restart: unless-stopped
49 ports:
50 - "127.0.0.1:9100:9100"
51 volumes:
52 - "/proc:/host/proc:ro"
53 - "/sys:/host/sys:ro"
54 - "/:/rootfs:ro"
29
55
30 prometheus:
56 prometheus:
31 image: prom/prometheus:v2.39.1
57 image: prom/prometheus:v2.39.1
32 restart: unless-stopped
58 restart: unless-stopped
33 command:
59 command:
34 - "--config.file=/etc/prometheus/prometheus.yml"
60 - "--config.file=/etc/prometheus/prometheus.yml"
35 - "--storage.tsdb.path=/prometheus"
61 - "--storage.tsdb.path=/prometheus"
36 - "--web.console.libraries=/etc/prometheus/console_libraries"
62 - "--web.console.libraries=/etc/prometheus/console_libraries"
37 - "--web.console.templates=/etc/prometheus/consoles"
63 - "--web.console.templates=/etc/prometheus/consoles"
38 - "--storage.tsdb.retention.time=24h"
64 - "--storage.tsdb.retention.time=24h"
39 - "--web.enable-lifecycle"
65 - "--web.enable-lifecycle"
40 ports:
66 ports:
41 - "9090:9090"
67 - "127.0.0.1:9090:9090"
42 networks:
68 networks:
43 - rhodecode_network
69 - rhodecode_network
44 volumes:
70 volumes:
45 - ./config/prometheus:/etc/prometheus
71 - ./config/prometheus:/etc/prometheus
46 - prometheus_data:/prometheus
72 - prometheus_data:/prometheus
47
73
48 grafana:
74 grafana:
49 image: grafana/grafana:9.1.8-ubuntu
75 image: grafana/grafana:9.2.1-ubuntu
50 restart: unless-stopped
76 restart: unless-stopped
51 env_file:
77 env_file:
52 - ./config/grafana/grafana.env
78 - ./config/grafana/grafana.env
53 ports:
79 ports:
54 - "3000:3000"
80 - "4000:3000"
55 volumes:
81 volumes:
56 - grafana_data:/var/lib/grafana
82 - grafana_data:/var/lib/grafana
57 networks:
83 networks:
58 - rhodecode_network
84 - rhodecode_network
85
86 loki:
87 image: grafana/loki:2.6.1
88 restart: unless-stopped
89 ports:
90 - "127.0.0.1:3100:3100"
91 - "127.0.0.1:9095:9095"
92 command: [
93 "-config.file=/etc/loki/loki-config.yaml"
94 ]
95 networks:
96 - rhodecode_network
97 volumes:
98 - ./config/loki:/etc/loki
99
100 promtail:
101 image: grafana/promtail:latest
102 command: [
103 "-config.file=/etc/promtail/promtail-config.yaml"
104 ]
105 networks:
106 - rhodecode_network
107 volumes:
108 - /var/log:/var/log
109 - logvolume:/var/log_volume
110 - ./config/loki:/etc/promtail
@@ -1,808 +1,808 b''
1 # -----------------------------
1 # -----------------------------
2 # PostgreSQL configuration file
2 # PostgreSQL configuration file
3 # -----------------------------
3 # -----------------------------
4 #
4 #
5 # This file consists of lines of the form:
5 # This file consists of lines of the form:
6 #
6 #
7 # name = value
7 # name = value
8 #
8 #
9 # (The "=" is optional.) Whitespace may be used. Comments are introduced with
9 # (The "=" is optional.) Whitespace may be used. Comments are introduced with
10 # "#" anywhere on a line. The complete list of parameter names and allowed
10 # "#" anywhere on a line. The complete list of parameter names and allowed
11 # values can be found in the PostgreSQL documentation.
11 # values can be found in the PostgreSQL documentation.
12 #
12 #
13 # The commented-out settings shown in this file represent the default values.
13 # The commented-out settings shown in this file represent the default values.
14 # Re-commenting a setting is NOT sufficient to revert it to the default value;
14 # Re-commenting a setting is NOT sufficient to revert it to the default value;
15 # you need to reload the server.
15 # you need to reload the server.
16 #
16 #
17 # This file is read on server startup and when the server receives a SIGHUP
17 # This file is read on server startup and when the server receives a SIGHUP
18 # signal. If you edit the file on a running system, you have to SIGHUP the
18 # signal. If you edit the file on a running system, you have to SIGHUP the
19 # server for the changes to take effect, run "pg_ctl reload", or execute
19 # server for the changes to take effect, run "pg_ctl reload", or execute
20 # "SELECT pg_reload_conf()". Some parameters, which are marked below,
20 # "SELECT pg_reload_conf()". Some parameters, which are marked below,
21 # require a server shutdown and restart to take effect.
21 # require a server shutdown and restart to take effect.
22 #
22 #
23 # Any parameter can also be given as a command-line option to the server, e.g.,
23 # Any parameter can also be given as a command-line option to the server, e.g.,
24 # "postgres -c log_connections=on". Some parameters can be changed at run time
24 # "postgres -c log_connections=on". Some parameters can be changed at run time
25 # with the "SET" SQL command.
25 # with the "SET" SQL command.
26 #
26 #
27 # Memory units: B = bytes Time units: us = microseconds
27 # Memory units: B = bytes Time units: us = microseconds
28 # kB = kilobytes ms = milliseconds
28 # kB = kilobytes ms = milliseconds
29 # MB = megabytes s = seconds
29 # MB = megabytes s = seconds
30 # GB = gigabytes min = minutes
30 # GB = gigabytes min = minutes
31 # TB = terabytes h = hours
31 # TB = terabytes h = hours
32 # d = days
32 # d = days
33
33
34
34
35 #------------------------------------------------------------------------------
35 #------------------------------------------------------------------------------
36 # FILE LOCATIONS
36 # FILE LOCATIONS
37 #------------------------------------------------------------------------------
37 #------------------------------------------------------------------------------
38
38
39 # The default values of these variables are driven from the -D command-line
39 # The default values of these variables are driven from the -D command-line
40 # option or PGDATA environment variable, represented here as ConfigDir.
40 # option or PGDATA environment variable, represented here as ConfigDir.
41
41
42 #data_directory = 'ConfigDir' # use data in another directory
42 #data_directory = 'ConfigDir' # use data in another directory
43 # (change requires restart)
43 # (change requires restart)
44 #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file
44 #hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file
45 # (change requires restart)
45 # (change requires restart)
46 #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file
46 #ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file
47 # (change requires restart)
47 # (change requires restart)
48
48
49 # If external_pid_file is not explicitly set, no extra PID file is written.
49 # If external_pid_file is not explicitly set, no extra PID file is written.
50 #external_pid_file = '' # write an extra PID file
50 #external_pid_file = '' # write an extra PID file
51 # (change requires restart)
51 # (change requires restart)
52
52
53
53
54 #------------------------------------------------------------------------------
54 #------------------------------------------------------------------------------
55 # CONNECTIONS AND AUTHENTICATION
55 # CONNECTIONS AND AUTHENTICATION
56 #------------------------------------------------------------------------------
56 #------------------------------------------------------------------------------
57
57
58 # - Connection Settings -
58 # - Connection Settings -
59
59
60 listen_addresses = '*'
60 listen_addresses = '*'
61 # comma-separated list of addresses;
61 # comma-separated list of addresses;
62 # defaults to 'localhost'; use '*' for all
62 # defaults to 'localhost'; use '*' for all
63 # (change requires restart)
63 # (change requires restart)
64 #port = 5432 # (change requires restart)
64 #port = 5432 # (change requires restart)
65 #max_connections = 100 # (change requires restart)
65 #max_connections = 100 # (change requires restart)
66 #superuser_reserved_connections = 3 # (change requires restart)
66 #superuser_reserved_connections = 3 # (change requires restart)
67 #unix_socket_directories = '/tmp' # comma-separated list of directories
67 #unix_socket_directories = '/tmp' # comma-separated list of directories
68 # (change requires restart)
68 # (change requires restart)
69 #unix_socket_group = '' # (change requires restart)
69 #unix_socket_group = '' # (change requires restart)
70 #unix_socket_permissions = 0777 # begin with 0 to use octal notation
70 #unix_socket_permissions = 0777 # begin with 0 to use octal notation
71 # (change requires restart)
71 # (change requires restart)
72 #bonjour = off # advertise server via Bonjour
72 #bonjour = off # advertise server via Bonjour
73 # (change requires restart)
73 # (change requires restart)
74 #bonjour_name = '' # defaults to the computer name
74 #bonjour_name = '' # defaults to the computer name
75 # (change requires restart)
75 # (change requires restart)
76
76
77 # - TCP settings -
77 # - TCP settings -
78 # see "man tcp" for details
78 # see "man tcp" for details
79
79
80 #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
80 #tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
81 # 0 selects the system default
81 # 0 selects the system default
82 #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
82 #tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
83 # 0 selects the system default
83 # 0 selects the system default
84 #tcp_keepalives_count = 0 # TCP_KEEPCNT;
84 #tcp_keepalives_count = 0 # TCP_KEEPCNT;
85 # 0 selects the system default
85 # 0 selects the system default
86 #tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds;
86 #tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds;
87 # 0 selects the system default
87 # 0 selects the system default
88
88
89 #client_connection_check_interval = 0 # time between checks for client
89 #client_connection_check_interval = 0 # time between checks for client
90 # disconnection while running queries;
90 # disconnection while running queries;
91 # 0 for never
91 # 0 for never
92
92
93 # - Authentication -
93 # - Authentication -
94
94
95 #authentication_timeout = 1min # 1s-600s
95 #authentication_timeout = 1min # 1s-600s
96 #password_encryption = scram-sha-256 # scram-sha-256 or md5
96 #password_encryption = scram-sha-256 # scram-sha-256 or md5
97 #db_user_namespace = off
97 #db_user_namespace = off
98
98
99 # GSSAPI using Kerberos
99 # GSSAPI using Kerberos
100 #krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab'
100 #krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab'
101 #krb_caseins_users = off
101 #krb_caseins_users = off
102
102
103 # - SSL -
103 # - SSL -
104
104
105 #ssl = off
105 #ssl = off
106 #ssl_ca_file = ''
106 #ssl_ca_file = ''
107 #ssl_cert_file = 'server.crt'
107 #ssl_cert_file = 'server.crt'
108 #ssl_crl_file = ''
108 #ssl_crl_file = ''
109 #ssl_crl_dir = ''
109 #ssl_crl_dir = ''
110 #ssl_key_file = 'server.key'
110 #ssl_key_file = 'server.key'
111 #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
111 #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
112 #ssl_prefer_server_ciphers = on
112 #ssl_prefer_server_ciphers = on
113 #ssl_ecdh_curve = 'prime256v1'
113 #ssl_ecdh_curve = 'prime256v1'
114 #ssl_min_protocol_version = 'TLSv1.2'
114 #ssl_min_protocol_version = 'TLSv1.2'
115 #ssl_max_protocol_version = ''
115 #ssl_max_protocol_version = ''
116 #ssl_dh_params_file = ''
116 #ssl_dh_params_file = ''
117 #ssl_passphrase_command = ''
117 #ssl_passphrase_command = ''
118 #ssl_passphrase_command_supports_reload = off
118 #ssl_passphrase_command_supports_reload = off
119
119
120
120
121 #------------------------------------------------------------------------------
121 #------------------------------------------------------------------------------
122 # RESOURCE USAGE (except WAL)
122 # RESOURCE USAGE (except WAL)
123 #------------------------------------------------------------------------------
123 #------------------------------------------------------------------------------
124
124
125 # - Memory -
125 # - Memory -
126
126
127 #shared_buffers = 32MB # min 128kB
127 #shared_buffers = 32MB # min 128kB
128 # (change requires restart)
128 # (change requires restart)
129 #huge_pages = try # on, off, or try
129 #huge_pages = try # on, off, or try
130 # (change requires restart)
130 # (change requires restart)
131 #huge_page_size = 0 # zero for system default
131 #huge_page_size = 0 # zero for system default
132 # (change requires restart)
132 # (change requires restart)
133 #temp_buffers = 8MB # min 800kB
133 #temp_buffers = 8MB # min 800kB
134 #max_prepared_transactions = 0 # zero disables the feature
134 #max_prepared_transactions = 0 # zero disables the feature
135 # (change requires restart)
135 # (change requires restart)
136 # Caution: it is not advisable to set max_prepared_transactions nonzero unless
136 # Caution: it is not advisable to set max_prepared_transactions nonzero unless
137 # you actively intend to use prepared transactions.
137 # you actively intend to use prepared transactions.
138 #work_mem = 4MB # min 64kB
138 #work_mem = 4MB # min 64kB
139 #hash_mem_multiplier = 1.0 # 1-1000.0 multiplier on hash table work_mem
139 #hash_mem_multiplier = 1.0 # 1-1000.0 multiplier on hash table work_mem
140 #maintenance_work_mem = 64MB # min 1MB
140 #maintenance_work_mem = 64MB # min 1MB
141 #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
141 #autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
142 #logical_decoding_work_mem = 64MB # min 64kB
142 #logical_decoding_work_mem = 64MB # min 64kB
143 #max_stack_depth = 2MB # min 100kB
143 #max_stack_depth = 2MB # min 100kB
144 #shared_memory_type = mmap # the default is the first option
144 #shared_memory_type = mmap # the default is the first option
145 # supported by the operating system:
145 # supported by the operating system:
146 # mmap
146 # mmap
147 # sysv
147 # sysv
148 # windows
148 # windows
149 # (change requires restart)
149 # (change requires restart)
150 #dynamic_shared_memory_type = posix # the default is the first option
150 #dynamic_shared_memory_type = posix # the default is the first option
151 # supported by the operating system:
151 # supported by the operating system:
152 # posix
152 # posix
153 # sysv
153 # sysv
154 # windows
154 # windows
155 # mmap
155 # mmap
156 # (change requires restart)
156 # (change requires restart)
157 #min_dynamic_shared_memory = 0MB # (change requires restart)
157 #min_dynamic_shared_memory = 0MB # (change requires restart)
158
158
159 # - Disk -
159 # - Disk -
160
160
161 #temp_file_limit = -1 # limits per-process temp file space
161 #temp_file_limit = -1 # limits per-process temp file space
162 # in kilobytes, or -1 for no limit
162 # in kilobytes, or -1 for no limit
163
163
164 # - Kernel Resources -
164 # - Kernel Resources -
165
165
166 #max_files_per_process = 1000 # min 64
166 #max_files_per_process = 1000 # min 64
167 # (change requires restart)
167 # (change requires restart)
168
168
169 # - Cost-Based Vacuum Delay -
169 # - Cost-Based Vacuum Delay -
170
170
171 #vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables)
171 #vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables)
172 #vacuum_cost_page_hit = 1 # 0-10000 credits
172 #vacuum_cost_page_hit = 1 # 0-10000 credits
173 #vacuum_cost_page_miss = 2 # 0-10000 credits
173 #vacuum_cost_page_miss = 2 # 0-10000 credits
174 #vacuum_cost_page_dirty = 20 # 0-10000 credits
174 #vacuum_cost_page_dirty = 20 # 0-10000 credits
175 #vacuum_cost_limit = 200 # 1-10000 credits
175 #vacuum_cost_limit = 200 # 1-10000 credits
176
176
177 # - Background Writer -
177 # - Background Writer -
178
178
179 #bgwriter_delay = 200ms # 10-10000ms between rounds
179 #bgwriter_delay = 200ms # 10-10000ms between rounds
180 #bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables
180 #bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables
181 #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round
181 #bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round
182 #bgwriter_flush_after = 0 # measured in pages, 0 disables
182 #bgwriter_flush_after = 0 # measured in pages, 0 disables
183
183
184 # - Asynchronous Behavior -
184 # - Asynchronous Behavior -
185
185
186 #backend_flush_after = 0 # measured in pages, 0 disables
186 #backend_flush_after = 0 # measured in pages, 0 disables
187 #effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
187 #effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
188 #maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching
188 #maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching
189 #max_worker_processes = 8 # (change requires restart)
189 #max_worker_processes = 8 # (change requires restart)
190 #max_parallel_workers_per_gather = 2 # taken from max_parallel_workers
190 #max_parallel_workers_per_gather = 2 # taken from max_parallel_workers
191 #max_parallel_maintenance_workers = 2 # taken from max_parallel_workers
191 #max_parallel_maintenance_workers = 2 # taken from max_parallel_workers
192 #max_parallel_workers = 8 # maximum number of max_worker_processes that
192 #max_parallel_workers = 8 # maximum number of max_worker_processes that
193 # can be used in parallel operations
193 # can be used in parallel operations
194 #parallel_leader_participation = on
194 #parallel_leader_participation = on
195 #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate
195 #old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate
196 # (change requires restart)
196 # (change requires restart)
197
197
198
198
199 #------------------------------------------------------------------------------
199 #------------------------------------------------------------------------------
200 # WRITE-AHEAD LOG
200 # WRITE-AHEAD LOG
201 #------------------------------------------------------------------------------
201 #------------------------------------------------------------------------------
202
202
203 # - Settings -
203 # - Settings -
204
204
205 #wal_level = replica # minimal, replica, or logical
205 #wal_level = replica # minimal, replica, or logical
206 # (change requires restart)
206 # (change requires restart)
207 #fsync = on # flush data to disk for crash safety
207 #fsync = on # flush data to disk for crash safety
208 # (turning this off can cause
208 # (turning this off can cause
209 # unrecoverable data corruption)
209 # unrecoverable data corruption)
210 #synchronous_commit = on # synchronization level;
210 #synchronous_commit = on # synchronization level;
211 # off, local, remote_write, remote_apply, or on
211 # off, local, remote_write, remote_apply, or on
212 #wal_sync_method = fsync # the default is the first option
212 #wal_sync_method = fsync # the default is the first option
213 # supported by the operating system:
213 # supported by the operating system:
214 # open_datasync
214 # open_datasync
215 # fdatasync (default on Linux and FreeBSD)
215 # fdatasync (default on Linux and FreeBSD)
216 # fsync
216 # fsync
217 # fsync_writethrough
217 # fsync_writethrough
218 # open_sync
218 # open_sync
219 #full_page_writes = on # recover from partial page writes
219 #full_page_writes = on # recover from partial page writes
220 #wal_log_hints = off # also do full page writes of non-critical updates
220 #wal_log_hints = off # also do full page writes of non-critical updates
221 # (change requires restart)
221 # (change requires restart)
222 #wal_compression = off # enable compression of full-page writes
222 #wal_compression = off # enable compression of full-page writes
223 #wal_init_zero = on # zero-fill new WAL files
223 #wal_init_zero = on # zero-fill new WAL files
224 #wal_recycle = on # recycle WAL files
224 #wal_recycle = on # recycle WAL files
225 #wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
225 #wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers
226 # (change requires restart)
226 # (change requires restart)
227 #wal_writer_delay = 200ms # 1-10000 milliseconds
227 #wal_writer_delay = 200ms # 1-10000 milliseconds
228 #wal_writer_flush_after = 1MB # measured in pages, 0 disables
228 #wal_writer_flush_after = 1MB # measured in pages, 0 disables
229 #wal_skip_threshold = 2MB
229 #wal_skip_threshold = 2MB
230
230
231 #commit_delay = 0 # range 0-100000, in microseconds
231 #commit_delay = 0 # range 0-100000, in microseconds
232 #commit_siblings = 5 # range 1-1000
232 #commit_siblings = 5 # range 1-1000
233
233
234 # - Checkpoints -
234 # - Checkpoints -
235
235
236 #checkpoint_timeout = 5min # range 30s-1d
236 #checkpoint_timeout = 5min # range 30s-1d
237 #checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0
237 #checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0
238 #checkpoint_flush_after = 0 # measured in pages, 0 disables
238 #checkpoint_flush_after = 0 # measured in pages, 0 disables
239 #checkpoint_warning = 30s # 0 disables
239 #checkpoint_warning = 30s # 0 disables
240 #max_wal_size = 1GB
240 #max_wal_size = 1GB
241 #min_wal_size = 80MB
241 #min_wal_size = 80MB
242
242
243 # - Archiving -
243 # - Archiving -
244
244
245 #archive_mode = off # enables archiving; off, on, or always
245 #archive_mode = off # enables archiving; off, on, or always
246 # (change requires restart)
246 # (change requires restart)
247 #archive_command = '' # command to use to archive a logfile segment
247 #archive_command = '' # command to use to archive a logfile segment
248 # placeholders: %p = path of file to archive
248 # placeholders: %p = path of file to archive
249 # %f = file name only
249 # %f = file name only
250 # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
250 # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
251 #archive_timeout = 0 # force a logfile segment switch after this
251 #archive_timeout = 0 # force a logfile segment switch after this
252 # number of seconds; 0 disables
252 # number of seconds; 0 disables
253
253
254 # - Archive Recovery -
254 # - Archive Recovery -
255
255
256 # These are only used in recovery mode.
256 # These are only used in recovery mode.
257
257
258 #restore_command = '' # command to use to restore an archived logfile segment
258 #restore_command = '' # command to use to restore an archived logfile segment
259 # placeholders: %p = path of file to restore
259 # placeholders: %p = path of file to restore
260 # %f = file name only
260 # %f = file name only
261 # e.g. 'cp /mnt/server/archivedir/%f %p'
261 # e.g. 'cp /mnt/server/archivedir/%f %p'
262 #archive_cleanup_command = '' # command to execute at every restartpoint
262 #archive_cleanup_command = '' # command to execute at every restartpoint
263 #recovery_end_command = '' # command to execute at completion of recovery
263 #recovery_end_command = '' # command to execute at completion of recovery
264
264
265 # - Recovery Target -
265 # - Recovery Target -
266
266
267 # Set these only when performing a targeted recovery.
267 # Set these only when performing a targeted recovery.
268
268
269 #recovery_target = '' # 'immediate' to end recovery as soon as a
269 #recovery_target = '' # 'immediate' to end recovery as soon as a
270 # consistent state is reached
270 # consistent state is reached
271 # (change requires restart)
271 # (change requires restart)
272 #recovery_target_name = '' # the named restore point to which recovery will proceed
272 #recovery_target_name = '' # the named restore point to which recovery will proceed
273 # (change requires restart)
273 # (change requires restart)
274 #recovery_target_time = '' # the time stamp up to which recovery will proceed
274 #recovery_target_time = '' # the time stamp up to which recovery will proceed
275 # (change requires restart)
275 # (change requires restart)
276 #recovery_target_xid = '' # the transaction ID up to which recovery will proceed
276 #recovery_target_xid = '' # the transaction ID up to which recovery will proceed
277 # (change requires restart)
277 # (change requires restart)
278 #recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed
278 #recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed
279 # (change requires restart)
279 # (change requires restart)
280 #recovery_target_inclusive = on # Specifies whether to stop:
280 #recovery_target_inclusive = on # Specifies whether to stop:
281 # just after the specified recovery target (on)
281 # just after the specified recovery target (on)
282 # just before the recovery target (off)
282 # just before the recovery target (off)
283 # (change requires restart)
283 # (change requires restart)
284 #recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID
284 #recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID
285 # (change requires restart)
285 # (change requires restart)
286 #recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown'
286 #recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown'
287 # (change requires restart)
287 # (change requires restart)
288
288
289
289
290 #------------------------------------------------------------------------------
290 #------------------------------------------------------------------------------
291 # REPLICATION
291 # REPLICATION
292 #------------------------------------------------------------------------------
292 #------------------------------------------------------------------------------
293
293
294 # - Sending Servers -
294 # - Sending Servers -
295
295
296 # Set these on the primary and on any standby that will send replication data.
296 # Set these on the primary and on any standby that will send replication data.
297
297
298 #max_wal_senders = 10 # max number of walsender processes
298 #max_wal_senders = 10 # max number of walsender processes
299 # (change requires restart)
299 # (change requires restart)
300 #max_replication_slots = 10 # max number of replication slots
300 #max_replication_slots = 10 # max number of replication slots
301 # (change requires restart)
301 # (change requires restart)
302 #wal_keep_size = 0 # in megabytes; 0 disables
302 #wal_keep_size = 0 # in megabytes; 0 disables
303 #max_slot_wal_keep_size = -1 # in megabytes; -1 disables
303 #max_slot_wal_keep_size = -1 # in megabytes; -1 disables
304 #wal_sender_timeout = 60s # in milliseconds; 0 disables
304 #wal_sender_timeout = 60s # in milliseconds; 0 disables
305 #track_commit_timestamp = off # collect timestamp of transaction commit
305 #track_commit_timestamp = off # collect timestamp of transaction commit
306 # (change requires restart)
306 # (change requires restart)
307
307
308 # - Primary Server -
308 # - Primary Server -
309
309
310 # These settings are ignored on a standby server.
310 # These settings are ignored on a standby server.
311
311
312 #synchronous_standby_names = '' # standby servers that provide sync rep
312 #synchronous_standby_names = '' # standby servers that provide sync rep
313 # method to choose sync standbys, number of sync standbys,
313 # method to choose sync standbys, number of sync standbys,
314 # and comma-separated list of application_name
314 # and comma-separated list of application_name
315 # from standby(s); '*' = all
315 # from standby(s); '*' = all
316 #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
316 #vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
317
317
318 # - Standby Servers -
318 # - Standby Servers -
319
319
320 # These settings are ignored on a primary server.
320 # These settings are ignored on a primary server.
321
321
322 #primary_conninfo = '' # connection string to sending server
322 #primary_conninfo = '' # connection string to sending server
323 #primary_slot_name = '' # replication slot on sending server
323 #primary_slot_name = '' # replication slot on sending server
324 #promote_trigger_file = '' # file name whose presence ends recovery
324 #promote_trigger_file = '' # file name whose presence ends recovery
325 #hot_standby = on # "off" disallows queries during recovery
325 #hot_standby = on # "off" disallows queries during recovery
326 # (change requires restart)
326 # (change requires restart)
327 #max_standby_archive_delay = 30s # max delay before canceling queries
327 #max_standby_archive_delay = 30s # max delay before canceling queries
328 # when reading WAL from archive;
328 # when reading WAL from archive;
329 # -1 allows indefinite delay
329 # -1 allows indefinite delay
330 #max_standby_streaming_delay = 30s # max delay before canceling queries
330 #max_standby_streaming_delay = 30s # max delay before canceling queries
331 # when reading streaming WAL;
331 # when reading streaming WAL;
332 # -1 allows indefinite delay
332 # -1 allows indefinite delay
333 #wal_receiver_create_temp_slot = off # create temp slot if primary_slot_name
333 #wal_receiver_create_temp_slot = off # create temp slot if primary_slot_name
334 # is not set
334 # is not set
335 #wal_receiver_status_interval = 10s # send replies at least this often
335 #wal_receiver_status_interval = 10s # send replies at least this often
336 # 0 disables
336 # 0 disables
337 #hot_standby_feedback = off # send info from standby to prevent
337 #hot_standby_feedback = off # send info from standby to prevent
338 # query conflicts
338 # query conflicts
339 #wal_receiver_timeout = 60s # time that receiver waits for
339 #wal_receiver_timeout = 60s # time that receiver waits for
340 # communication from primary
340 # communication from primary
341 # in milliseconds; 0 disables
341 # in milliseconds; 0 disables
342 #wal_retrieve_retry_interval = 5s # time to wait before retrying to
342 #wal_retrieve_retry_interval = 5s # time to wait before retrying to
343 # retrieve WAL after a failed attempt
343 # retrieve WAL after a failed attempt
344 #recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery
344 #recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery
345
345
346 # - Subscribers -
346 # - Subscribers -
347
347
348 # These settings are ignored on a publisher.
348 # These settings are ignored on a publisher.
349
349
350 #max_logical_replication_workers = 4 # taken from max_worker_processes
350 #max_logical_replication_workers = 4 # taken from max_worker_processes
351 # (change requires restart)
351 # (change requires restart)
352 #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers
352 #max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers
353
353
354
354
355 #------------------------------------------------------------------------------
355 #------------------------------------------------------------------------------
356 # QUERY TUNING
356 # QUERY TUNING
357 #------------------------------------------------------------------------------
357 #------------------------------------------------------------------------------
358
358
359 # - Planner Method Configuration -
359 # - Planner Method Configuration -
360
360
361 #enable_async_append = on
361 #enable_async_append = on
362 #enable_bitmapscan = on
362 #enable_bitmapscan = on
363 #enable_gathermerge = on
363 #enable_gathermerge = on
364 #enable_hashagg = on
364 #enable_hashagg = on
365 #enable_hashjoin = on
365 #enable_hashjoin = on
366 #enable_incremental_sort = on
366 #enable_incremental_sort = on
367 #enable_indexscan = on
367 #enable_indexscan = on
368 #enable_indexonlyscan = on
368 #enable_indexonlyscan = on
369 #enable_material = on
369 #enable_material = on
370 #enable_memoize = on
370 #enable_memoize = on
371 #enable_mergejoin = on
371 #enable_mergejoin = on
372 #enable_nestloop = on
372 #enable_nestloop = on
373 #enable_parallel_append = on
373 #enable_parallel_append = on
374 #enable_parallel_hash = on
374 #enable_parallel_hash = on
375 #enable_partition_pruning = on
375 #enable_partition_pruning = on
376 #enable_partitionwise_join = off
376 #enable_partitionwise_join = off
377 #enable_partitionwise_aggregate = off
377 #enable_partitionwise_aggregate = off
378 #enable_seqscan = on
378 #enable_seqscan = on
379 #enable_sort = on
379 #enable_sort = on
380 #enable_tidscan = on
380 #enable_tidscan = on
381
381
382 # - Planner Cost Constants -
382 # - Planner Cost Constants -
383
383
384 #seq_page_cost = 1.0 # measured on an arbitrary scale
384 #seq_page_cost = 1.0 # measured on an arbitrary scale
385 #random_page_cost = 4.0 # same scale as above
385 #random_page_cost = 4.0 # same scale as above
386 #cpu_tuple_cost = 0.01 # same scale as above
386 #cpu_tuple_cost = 0.01 # same scale as above
387 #cpu_index_tuple_cost = 0.005 # same scale as above
387 #cpu_index_tuple_cost = 0.005 # same scale as above
388 #cpu_operator_cost = 0.0025 # same scale as above
388 #cpu_operator_cost = 0.0025 # same scale as above
389 #parallel_setup_cost = 1000.0 # same scale as above
389 #parallel_setup_cost = 1000.0 # same scale as above
390 #parallel_tuple_cost = 0.1 # same scale as above
390 #parallel_tuple_cost = 0.1 # same scale as above
391 #min_parallel_table_scan_size = 8MB
391 #min_parallel_table_scan_size = 8MB
392 #min_parallel_index_scan_size = 512kB
392 #min_parallel_index_scan_size = 512kB
393 #effective_cache_size = 4GB
393 #effective_cache_size = 4GB
394
394
395 #jit_above_cost = 100000 # perform JIT compilation if available
395 #jit_above_cost = 100000 # perform JIT compilation if available
396 # and query more expensive than this;
396 # and query more expensive than this;
397 # -1 disables
397 # -1 disables
398 #jit_inline_above_cost = 500000 # inline small functions if query is
398 #jit_inline_above_cost = 500000 # inline small functions if query is
399 # more expensive than this; -1 disables
399 # more expensive than this; -1 disables
400 #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if
400 #jit_optimize_above_cost = 500000 # use expensive JIT optimizations if
401 # query is more expensive than this;
401 # query is more expensive than this;
402 # -1 disables
402 # -1 disables
403
403
404 # - Genetic Query Optimizer -
404 # - Genetic Query Optimizer -
405
405
406 #geqo = on
406 #geqo = on
407 #geqo_threshold = 12
407 #geqo_threshold = 12
408 #geqo_effort = 5 # range 1-10
408 #geqo_effort = 5 # range 1-10
409 #geqo_pool_size = 0 # selects default based on effort
409 #geqo_pool_size = 0 # selects default based on effort
410 #geqo_generations = 0 # selects default based on effort
410 #geqo_generations = 0 # selects default based on effort
411 #geqo_selection_bias = 2.0 # range 1.5-2.0
411 #geqo_selection_bias = 2.0 # range 1.5-2.0
412 #geqo_seed = 0.0 # range 0.0-1.0
412 #geqo_seed = 0.0 # range 0.0-1.0
413
413
414 # - Other Planner Options -
414 # - Other Planner Options -
415
415
416 #default_statistics_target = 100 # range 1-10000
416 #default_statistics_target = 100 # range 1-10000
417 #constraint_exclusion = partition # on, off, or partition
417 #constraint_exclusion = partition # on, off, or partition
418 #cursor_tuple_fraction = 0.1 # range 0.0-1.0
418 #cursor_tuple_fraction = 0.1 # range 0.0-1.0
419 #from_collapse_limit = 8
419 #from_collapse_limit = 8
420 #jit = on # allow JIT compilation
420 #jit = on # allow JIT compilation
421 #join_collapse_limit = 8 # 1 disables collapsing of explicit
421 #join_collapse_limit = 8 # 1 disables collapsing of explicit
422 # JOIN clauses
422 # JOIN clauses
423 #plan_cache_mode = auto # auto, force_generic_plan or
423 #plan_cache_mode = auto # auto, force_generic_plan or
424 # force_custom_plan
424 # force_custom_plan
425
425
426
426
427 #------------------------------------------------------------------------------
427 #------------------------------------------------------------------------------
428 # REPORTING AND LOGGING
428 # REPORTING AND LOGGING
429 #------------------------------------------------------------------------------
429 #------------------------------------------------------------------------------
430
430
431 # - Where to Log -
431 # - Where to Log -
432
432
433 #log_destination = 'stderr' # Valid values are combinations of
433 log_destination = 'stderr' # Valid values are combinations of
434 # stderr, csvlog, syslog, and eventlog,
434 # stderr, csvlog, syslog, and eventlog,
435 # depending on platform. csvlog
435 # depending on platform. csvlog
436 # requires logging_collector to be on.
436 # requires logging_collector to be on.
437
437
438 # This is used when logging to stderr:
438 # This is used when logging to stderr:
439 #logging_collector = off # Enable capturing of stderr and csvlog
439 logging_collector = on # Enable capturing of stderr and csvlog
440 # into log files. Required to be on for
440 # into log files. Required to be on for
441 # csvlogs.
441 # csvlogs.
442 # (change requires restart)
442 # (change requires restart)
443
443
444 # These are only used if logging_collector is on:
444 # These are only used if logging_collector is on:
445 #log_directory = 'log' # directory where log files are written,
445 log_directory = '/var/log/rhodecode/postgres' # directory where log files are written,
446 # can be absolute or relative to PGDATA
446 # can be absolute or relative to PGDATA
447 #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
447 log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
448 # can include strftime() escapes
448 # can include strftime() escapes
449 #log_file_mode = 0600 # creation mode for log files,
449 #log_file_mode = 0600 # creation mode for log files,
450 # begin with 0 to use octal notation
450 # begin with 0 to use octal notation
451 #log_rotation_age = 1d # Automatic rotation of logfiles will
451 #log_rotation_age = 1d # Automatic rotation of logfiles will
452 # happen after that time. 0 disables.
452 # happen after that time. 0 disables.
453 #log_rotation_size = 10MB # Automatic rotation of logfiles will
453 log_rotation_size = 512MB # Automatic rotation of logfiles will
454 # happen after that much log output.
454 # happen after that much log output.
455 # 0 disables.
455 # 0 disables.
456 #log_truncate_on_rotation = off # If on, an existing log file with the
456 #log_truncate_on_rotation = off # If on, an existing log file with the
457 # same name as the new log file will be
457 # same name as the new log file will be
458 # truncated rather than appended to.
458 # truncated rather than appended to.
459 # But such truncation only occurs on
459 # But such truncation only occurs on
460 # time-driven rotation, not on restarts
460 # time-driven rotation, not on restarts
461 # or size-driven rotation. Default is
461 # or size-driven rotation. Default is
462 # off, meaning append to existing files
462 # off, meaning append to existing files
463 # in all cases.
463 # in all cases.
464
464
465 # These are relevant when logging to syslog:
465 # These are relevant when logging to syslog:
466 #syslog_facility = 'LOCAL0'
466 #syslog_facility = 'LOCAL0'
467 #syslog_ident = 'postgres'
467 #syslog_ident = 'postgres'
468 #syslog_sequence_numbers = on
468 #syslog_sequence_numbers = on
469 #syslog_split_messages = on
469 #syslog_split_messages = on
470
470
471 # This is only relevant when logging to eventlog (Windows):
471 # This is only relevant when logging to eventlog (Windows):
472 # (change requires restart)
472 # (change requires restart)
473 #event_source = 'PostgreSQL'
473 #event_source = 'PostgreSQL'
474
474
475 # - When to Log -
475 # - When to Log -
476
476
477 #log_min_messages = warning # values in order of decreasing detail:
477 #log_min_messages = warning # values in order of decreasing detail:
478 # debug5
478 # debug5
479 # debug4
479 # debug4
480 # debug3
480 # debug3
481 # debug2
481 # debug2
482 # debug1
482 # debug1
483 # info
483 # info
484 # notice
484 # notice
485 # warning
485 # warning
486 # error
486 # error
487 # log
487 # log
488 # fatal
488 # fatal
489 # panic
489 # panic
490
490
491 #log_min_error_statement = error # values in order of decreasing detail:
491 #log_min_error_statement = error # values in order of decreasing detail:
492 # debug5
492 # debug5
493 # debug4
493 # debug4
494 # debug3
494 # debug3
495 # debug2
495 # debug2
496 # debug1
496 # debug1
497 # info
497 # info
498 # notice
498 # notice
499 # warning
499 # warning
500 # error
500 # error
501 # log
501 # log
502 # fatal
502 # fatal
503 # panic (effectively off)
503 # panic (effectively off)
504
504
505 #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements
505 log_min_duration_statement = 1000 # -1 is disabled, 0 logs all statements
506 # and their durations, > 0 logs only
506 # and their durations, > 0 logs only
507 # statements running at least this number
507 # statements running at least this number
508 # of milliseconds
508 # of milliseconds
509
509
510 #log_min_duration_sample = -1 # -1 is disabled, 0 logs a sample of statements
510 #log_min_duration_sample = -1 # -1 is disabled, 0 logs a sample of statements
511 # and their durations, > 0 logs only a sample of
511 # and their durations, > 0 logs only a sample of
512 # statements running at least this number
512 # statements running at least this number
513 # of milliseconds;
513 # of milliseconds;
514 # sample fraction is determined by log_statement_sample_rate
514 # sample fraction is determined by log_statement_sample_rate
515
515
516 #log_statement_sample_rate = 1.0 # fraction of logged statements exceeding
516 #log_statement_sample_rate = 1.0 # fraction of logged statements exceeding
517 # log_min_duration_sample to be logged;
517 # log_min_duration_sample to be logged;
518 # 1.0 logs all such statements, 0.0 never logs
518 # 1.0 logs all such statements, 0.0 never logs
519
519
520
520
521 #log_transaction_sample_rate = 0.0 # fraction of transactions whose statements
521 #log_transaction_sample_rate = 0.0 # fraction of transactions whose statements
522 # are logged regardless of their duration; 1.0 logs all
522 # are logged regardless of their duration; 1.0 logs all
523 # statements from all transactions, 0.0 never logs
523 # statements from all transactions, 0.0 never logs
524
524
525 # - What to Log -
525 # - What to Log -
526
526
527 #debug_print_parse = off
527 #debug_print_parse = off
528 #debug_print_rewritten = off
528 #debug_print_rewritten = off
529 #debug_print_plan = off
529 #debug_print_plan = off
530 #debug_pretty_print = on
530 #debug_pretty_print = on
531 #log_autovacuum_min_duration = -1 # log autovacuum activity;
531 #log_autovacuum_min_duration = -1 # log autovacuum activity;
532 # -1 disables, 0 logs all actions and
532 # -1 disables, 0 logs all actions and
533 # their durations, > 0 logs only
533 # their durations, > 0 logs only
534 # actions running at least this number
534 # actions running at least this number
535 # of milliseconds.
535 # of milliseconds.
536 #log_checkpoints = off
536 #log_checkpoints = off
537 #log_connections = off
537 #log_connections = off
538 #log_disconnections = off
538 #log_disconnections = off
539 #log_duration = off
539 #log_duration = off
540 #log_error_verbosity = default # terse, default, or verbose messages
540 #log_error_verbosity = default # terse, default, or verbose messages
541 #log_hostname = off
541 #log_hostname = off
542 #log_line_prefix = '%m [%p] ' # special values:
542 #log_line_prefix = '%m [%p] ' # special values:
543 # %a = application name
543 # %a = application name
544 # %u = user name
544 # %u = user name
545 # %d = database name
545 # %d = database name
546 # %r = remote host and port
546 # %r = remote host and port
547 # %h = remote host
547 # %h = remote host
548 # %b = backend type
548 # %b = backend type
549 # %p = process ID
549 # %p = process ID
550 # %P = process ID of parallel group leader
550 # %P = process ID of parallel group leader
551 # %t = timestamp without milliseconds
551 # %t = timestamp without milliseconds
552 # %m = timestamp with milliseconds
552 # %m = timestamp with milliseconds
553 # %n = timestamp with milliseconds (as a Unix epoch)
553 # %n = timestamp with milliseconds (as a Unix epoch)
554 # %Q = query ID (0 if none or not computed)
554 # %Q = query ID (0 if none or not computed)
555 # %i = command tag
555 # %i = command tag
556 # %e = SQL state
556 # %e = SQL state
557 # %c = session ID
557 # %c = session ID
558 # %l = session line number
558 # %l = session line number
559 # %s = session start timestamp
559 # %s = session start timestamp
560 # %v = virtual transaction ID
560 # %v = virtual transaction ID
561 # %x = transaction ID (0 if none)
561 # %x = transaction ID (0 if none)
562 # %q = stop here in non-session
562 # %q = stop here in non-session
563 # processes
563 # processes
564 # %% = '%'
564 # %% = '%'
565 # e.g. '<%u%%%d> '
565 # e.g. '<%u%%%d> '
566 #log_lock_waits = off # log lock waits >= deadlock_timeout
566 #log_lock_waits = off # log lock waits >= deadlock_timeout
567 #log_recovery_conflict_waits = off # log standby recovery conflict waits
567 #log_recovery_conflict_waits = off # log standby recovery conflict waits
568 # >= deadlock_timeout
568 # >= deadlock_timeout
569 #log_parameter_max_length = -1 # when logging statements, limit logged
569 #log_parameter_max_length = -1 # when logging statements, limit logged
570 # bind-parameter values to N bytes;
570 # bind-parameter values to N bytes;
571 # -1 means print in full, 0 disables
571 # -1 means print in full, 0 disables
572 #log_parameter_max_length_on_error = 0 # when logging an error, limit logged
572 #log_parameter_max_length_on_error = 0 # when logging an error, limit logged
573 # bind-parameter values to N bytes;
573 # bind-parameter values to N bytes;
574 # -1 means print in full, 0 disables
574 # -1 means print in full, 0 disables
575 #log_statement = 'none' # none, ddl, mod, all
575 #log_statement = 'none' # none, ddl, mod, all
576 #log_replication_commands = off
576 #log_replication_commands = off
577 #log_temp_files = -1 # log temporary files equal or larger
577 #log_temp_files = -1 # log temporary files equal or larger
578 # than the specified size in kilobytes;
578 # than the specified size in kilobytes;
579 # -1 disables, 0 logs all temp files
579 # -1 disables, 0 logs all temp files
580 #log_timezone = 'GMT'
580 #log_timezone = 'GMT'
581
581
582
582
583 #------------------------------------------------------------------------------
583 #------------------------------------------------------------------------------
584 # PROCESS TITLE
584 # PROCESS TITLE
585 #------------------------------------------------------------------------------
585 #------------------------------------------------------------------------------
586
586
587 #cluster_name = '' # added to process titles if nonempty
587 #cluster_name = '' # added to process titles if nonempty
588 # (change requires restart)
588 # (change requires restart)
589 #update_process_title = on
589 #update_process_title = on
590
590
591
591
592 #------------------------------------------------------------------------------
592 #------------------------------------------------------------------------------
593 # STATISTICS
593 # STATISTICS
594 #------------------------------------------------------------------------------
594 #------------------------------------------------------------------------------
595
595
596 # - Query and Index Statistics Collector -
596 # - Query and Index Statistics Collector -
597
597
598 #track_activities = on
598 #track_activities = on
599 #track_activity_query_size = 1024 # (change requires restart)
599 #track_activity_query_size = 1024 # (change requires restart)
600 #track_counts = on
600 #track_counts = on
601 #track_io_timing = off
601 #track_io_timing = off
602 #track_wal_io_timing = off
602 #track_wal_io_timing = off
603 #track_functions = none # none, pl, all
603 #track_functions = none # none, pl, all
604 #stats_temp_directory = 'pg_stat_tmp'
604 #stats_temp_directory = 'pg_stat_tmp'
605
605
606
606
607 # - Monitoring -
607 # - Monitoring -
608
608
609 #compute_query_id = auto
609 #compute_query_id = auto
610 #log_statement_stats = off
610 #log_statement_stats = off
611 #log_parser_stats = off
611 #log_parser_stats = off
612 #log_planner_stats = off
612 #log_planner_stats = off
613 #log_executor_stats = off
613 #log_executor_stats = off
614
614
615
615
616 #------------------------------------------------------------------------------
616 #------------------------------------------------------------------------------
617 # AUTOVACUUM
617 # AUTOVACUUM
618 #------------------------------------------------------------------------------
618 #------------------------------------------------------------------------------
619
619
620 #autovacuum = on # Enable autovacuum subprocess? 'on'
620 #autovacuum = on # Enable autovacuum subprocess? 'on'
621 # requires track_counts to also be on.
621 # requires track_counts to also be on.
622 #autovacuum_max_workers = 3 # max number of autovacuum subprocesses
622 #autovacuum_max_workers = 3 # max number of autovacuum subprocesses
623 # (change requires restart)
623 # (change requires restart)
624 #autovacuum_naptime = 1min # time between autovacuum runs
624 #autovacuum_naptime = 1min # time between autovacuum runs
625 #autovacuum_vacuum_threshold = 50 # min number of row updates before
625 #autovacuum_vacuum_threshold = 50 # min number of row updates before
626 # vacuum
626 # vacuum
627 #autovacuum_vacuum_insert_threshold = 1000 # min number of row inserts
627 #autovacuum_vacuum_insert_threshold = 1000 # min number of row inserts
628 # before vacuum; -1 disables insert
628 # before vacuum; -1 disables insert
629 # vacuums
629 # vacuums
630 #autovacuum_analyze_threshold = 50 # min number of row updates before
630 #autovacuum_analyze_threshold = 50 # min number of row updates before
631 # analyze
631 # analyze
632 #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
632 #autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
633 #autovacuum_vacuum_insert_scale_factor = 0.2 # fraction of inserts over table
633 #autovacuum_vacuum_insert_scale_factor = 0.2 # fraction of inserts over table
634 # size before insert vacuum
634 # size before insert vacuum
635 #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
635 #autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
636 #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
636 #autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
637 # (change requires restart)
637 # (change requires restart)
638 #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
638 #autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
639 # before forced vacuum
639 # before forced vacuum
640 # (change requires restart)
640 # (change requires restart)
641 #autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for
641 #autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for
642 # autovacuum, in milliseconds;
642 # autovacuum, in milliseconds;
643 # -1 means use vacuum_cost_delay
643 # -1 means use vacuum_cost_delay
644 #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
644 #autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for
645 # autovacuum, -1 means use
645 # autovacuum, -1 means use
646 # vacuum_cost_limit
646 # vacuum_cost_limit
647
647
648
648
649 #------------------------------------------------------------------------------
649 #------------------------------------------------------------------------------
650 # CLIENT CONNECTION DEFAULTS
650 # CLIENT CONNECTION DEFAULTS
651 #------------------------------------------------------------------------------
651 #------------------------------------------------------------------------------
652
652
653 # - Statement Behavior -
653 # - Statement Behavior -
654
654
655 #client_min_messages = notice # values in order of decreasing detail:
655 #client_min_messages = notice # values in order of decreasing detail:
656 # debug5
656 # debug5
657 # debug4
657 # debug4
658 # debug3
658 # debug3
659 # debug2
659 # debug2
660 # debug1
660 # debug1
661 # log
661 # log
662 # notice
662 # notice
663 # warning
663 # warning
664 # error
664 # error
665 #search_path = '"$user", public' # schema names
665 #search_path = '"$user", public' # schema names
666 #row_security = on
666 #row_security = on
667 #default_table_access_method = 'heap'
667 #default_table_access_method = 'heap'
668 #default_tablespace = '' # a tablespace name, '' uses the default
668 #default_tablespace = '' # a tablespace name, '' uses the default
669 #default_toast_compression = 'pglz' # 'pglz' or 'lz4'
669 #default_toast_compression = 'pglz' # 'pglz' or 'lz4'
670 #temp_tablespaces = '' # a list of tablespace names, '' uses
670 #temp_tablespaces = '' # a list of tablespace names, '' uses
671 # only default tablespace
671 # only default tablespace
672 #check_function_bodies = on
672 #check_function_bodies = on
673 #default_transaction_isolation = 'read committed'
673 #default_transaction_isolation = 'read committed'
674 #default_transaction_read_only = off
674 #default_transaction_read_only = off
675 #default_transaction_deferrable = off
675 #default_transaction_deferrable = off
676 #session_replication_role = 'origin'
676 #session_replication_role = 'origin'
677 #statement_timeout = 0 # in milliseconds, 0 is disabled
677 #statement_timeout = 0 # in milliseconds, 0 is disabled
678 #lock_timeout = 0 # in milliseconds, 0 is disabled
678 #lock_timeout = 0 # in milliseconds, 0 is disabled
679 #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
679 #idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
680 #idle_session_timeout = 0 # in milliseconds, 0 is disabled
680 #idle_session_timeout = 0 # in milliseconds, 0 is disabled
681 #vacuum_freeze_table_age = 150000000
681 #vacuum_freeze_table_age = 150000000
682 #vacuum_freeze_min_age = 50000000
682 #vacuum_freeze_min_age = 50000000
683 #vacuum_failsafe_age = 1600000000
683 #vacuum_failsafe_age = 1600000000
684 #vacuum_multixact_freeze_table_age = 150000000
684 #vacuum_multixact_freeze_table_age = 150000000
685 #vacuum_multixact_freeze_min_age = 5000000
685 #vacuum_multixact_freeze_min_age = 5000000
686 #vacuum_multixact_failsafe_age = 1600000000
686 #vacuum_multixact_failsafe_age = 1600000000
687 #bytea_output = 'hex' # hex, escape
687 #bytea_output = 'hex' # hex, escape
688 #xmlbinary = 'base64'
688 #xmlbinary = 'base64'
689 #xmloption = 'content'
689 #xmloption = 'content'
690 #gin_pending_list_limit = 4MB
690 #gin_pending_list_limit = 4MB
691
691
692 # - Locale and Formatting -
692 # - Locale and Formatting -
693
693
694 #datestyle = 'iso, mdy'
694 #datestyle = 'iso, mdy'
695 #intervalstyle = 'postgres'
695 #intervalstyle = 'postgres'
696 #timezone = 'GMT'
696 #timezone = 'GMT'
697 #timezone_abbreviations = 'Default' # Select the set of available time zone
697 #timezone_abbreviations = 'Default' # Select the set of available time zone
698 # abbreviations. Currently, there are
698 # abbreviations. Currently, there are
699 # Default
699 # Default
700 # Australia (historical usage)
700 # Australia (historical usage)
701 # India
701 # India
702 # You can create your own file in
702 # You can create your own file in
703 # share/timezonesets/.
703 # share/timezonesets/.
704 #extra_float_digits = 1 # min -15, max 3; any value >0 actually
704 #extra_float_digits = 1 # min -15, max 3; any value >0 actually
705 # selects precise output mode
705 # selects precise output mode
706 #client_encoding = sql_ascii # actually, defaults to database
706 #client_encoding = sql_ascii # actually, defaults to database
707 # encoding
707 # encoding
708
708
709 # These settings are initialized by initdb, but they can be changed.
709 # These settings are initialized by initdb, but they can be changed.
710 #lc_messages = 'C' # locale for system error message
710 #lc_messages = 'C' # locale for system error message
711 # strings
711 # strings
712 #lc_monetary = 'C' # locale for monetary formatting
712 #lc_monetary = 'C' # locale for monetary formatting
713 #lc_numeric = 'C' # locale for number formatting
713 #lc_numeric = 'C' # locale for number formatting
714 #lc_time = 'C' # locale for time formatting
714 #lc_time = 'C' # locale for time formatting
715
715
716 # default configuration for text search
716 # default configuration for text search
717 #default_text_search_config = 'pg_catalog.simple'
717 #default_text_search_config = 'pg_catalog.simple'
718
718
719 # - Shared Library Preloading -
719 # - Shared Library Preloading -
720
720
721 #local_preload_libraries = ''
721 #local_preload_libraries = ''
722 #session_preload_libraries = ''
722 #session_preload_libraries = ''
723 #shared_preload_libraries = '' # (change requires restart)
723 #shared_preload_libraries = '' # (change requires restart)
724 #jit_provider = 'llvmjit' # JIT library to use
724 #jit_provider = 'llvmjit' # JIT library to use
725
725
726 # - Other Defaults -
726 # - Other Defaults -
727
727
728 #dynamic_library_path = '$libdir'
728 #dynamic_library_path = '$libdir'
729 #extension_destdir = '' # prepend path when loading extensions
729 #extension_destdir = '' # prepend path when loading extensions
730 # and shared objects (added by Debian)
730 # and shared objects (added by Debian)
731 #gin_fuzzy_search_limit = 0
731 #gin_fuzzy_search_limit = 0
732
732
733
733
734 #------------------------------------------------------------------------------
734 #------------------------------------------------------------------------------
735 # LOCK MANAGEMENT
735 # LOCK MANAGEMENT
736 #------------------------------------------------------------------------------
736 #------------------------------------------------------------------------------
737
737
738 #deadlock_timeout = 1s
738 #deadlock_timeout = 1s
739 #max_locks_per_transaction = 64 # min 10
739 #max_locks_per_transaction = 64 # min 10
740 # (change requires restart)
740 # (change requires restart)
741 #max_pred_locks_per_transaction = 64 # min 10
741 #max_pred_locks_per_transaction = 64 # min 10
742 # (change requires restart)
742 # (change requires restart)
743 #max_pred_locks_per_relation = -2 # negative values mean
743 #max_pred_locks_per_relation = -2 # negative values mean
744 # (max_pred_locks_per_transaction
744 # (max_pred_locks_per_transaction
745 # / -max_pred_locks_per_relation) - 1
745 # / -max_pred_locks_per_relation) - 1
746 #max_pred_locks_per_page = 2 # min 0
746 #max_pred_locks_per_page = 2 # min 0
747
747
748
748
749 #------------------------------------------------------------------------------
749 #------------------------------------------------------------------------------
750 # VERSION AND PLATFORM COMPATIBILITY
750 # VERSION AND PLATFORM COMPATIBILITY
751 #------------------------------------------------------------------------------
751 #------------------------------------------------------------------------------
752
752
753 # - Previous PostgreSQL Versions -
753 # - Previous PostgreSQL Versions -
754
754
755 #array_nulls = on
755 #array_nulls = on
756 #backslash_quote = safe_encoding # on, off, or safe_encoding
756 #backslash_quote = safe_encoding # on, off, or safe_encoding
757 #escape_string_warning = on
757 #escape_string_warning = on
758 #lo_compat_privileges = off
758 #lo_compat_privileges = off
759 #quote_all_identifiers = off
759 #quote_all_identifiers = off
760 #standard_conforming_strings = on
760 #standard_conforming_strings = on
761 #synchronize_seqscans = on
761 #synchronize_seqscans = on
762
762
763 # - Other Platforms and Clients -
763 # - Other Platforms and Clients -
764
764
765 #transform_null_equals = off
765 #transform_null_equals = off
766
766
767
767
768 #------------------------------------------------------------------------------
768 #------------------------------------------------------------------------------
769 # ERROR HANDLING
769 # ERROR HANDLING
770 #------------------------------------------------------------------------------
770 #------------------------------------------------------------------------------
771
771
772 #exit_on_error = off # terminate session on any error?
772 #exit_on_error = off # terminate session on any error?
773 #restart_after_crash = on # reinitialize after backend crash?
773 #restart_after_crash = on # reinitialize after backend crash?
774 #data_sync_retry = off # retry or panic on failure to fsync
774 #data_sync_retry = off # retry or panic on failure to fsync
775 # data?
775 # data?
776 # (change requires restart)
776 # (change requires restart)
777 #recovery_init_sync_method = fsync # fsync, syncfs (Linux 5.8+)
777 #recovery_init_sync_method = fsync # fsync, syncfs (Linux 5.8+)
778
778
779
779
780 #------------------------------------------------------------------------------
780 #------------------------------------------------------------------------------
781 # CONFIG FILE INCLUDES
781 # CONFIG FILE INCLUDES
782 #------------------------------------------------------------------------------
782 #------------------------------------------------------------------------------
783
783
784 # These options allow settings to be loaded from files other than the
784 # These options allow settings to be loaded from files other than the
785 # default postgresql.conf. Note that these are directives, not variable
785 # default postgresql.conf. Note that these are directives, not variable
786 # assignments, so they can usefully be given more than once.
786 # assignments, so they can usefully be given more than once.
787
787
788 #include_dir = '...' # include files ending in '.conf' from
788 #include_dir = '...' # include files ending in '.conf' from
789 # a directory, e.g., 'conf.d'
789 # a directory, e.g., 'conf.d'
790 #include_if_exists = '...' # include file only if it exists
790 #include_if_exists = '...' # include file only if it exists
791 #include = '...' # include file
791 #include = '...' # include file
792
792
793
793
794 #------------------------------------------------------------------------------
794 #------------------------------------------------------------------------------
795 # CUSTOMIZED OPTIONS
795 # CUSTOMIZED OPTIONS
796 #------------------------------------------------------------------------------
796 #------------------------------------------------------------------------------
797
797
798 # Add settings for extensions here
798 # Add settings for extensions here
799
799
800 max_connections = 400
800 max_connections = 400
801 shared_buffers = 1GB
801 shared_buffers = 1GB
802 effective_cache_size = 3GB
802 effective_cache_size = 3GB
803 work_mem = 2621kB
803 work_mem = 2621kB
804 maintenance_work_mem = 256MB
804 maintenance_work_mem = 256MB
805 checkpoint_completion_target = 0.9
805 checkpoint_completion_target = 0.9
806 wal_buffers = 16MB
806 wal_buffers = 16MB
807 default_statistics_target = 100
807 default_statistics_target = 100
808 password_encryption = md5
808 password_encryption = md5
@@ -1,114 +1,131 b''
1 # read more here http://tautt.com/best-nginx-configuration-for-security/
1 # read more here http://tautt.com/best-nginx-configuration-for-security/
2
2
3 # config to don't allow the browser to render the page inside an frame or iframe
3 # config to don't allow the browser to render the page inside an frame or iframe
4 # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
4 # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
5 # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
5 # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
6 # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
6 # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
7 #add_header X-Frame-Options SAMEORIGIN;
7 #add_header X-Frame-Options SAMEORIGIN;
8
8
9 # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
9 # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
10 # to disable content-type sniffing on some browsers.
10 # to disable content-type sniffing on some browsers.
11 # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
11 # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
12 # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
12 # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
13 # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
13 # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
14 # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
14 # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
15 #add_header X-Content-Type-Options nosniff;
15 #add_header X-Content-Type-Options nosniff;
16
16
17 # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
17 # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
18 # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
18 # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
19 # this particular website if it was disabled by the user.
19 # this particular website if it was disabled by the user.
20 # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
20 # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
21 #add_header X-XSS-Protection "1; mode=block";
21 #add_header X-XSS-Protection "1; mode=block";
22
22
23 # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy),
23 # with Content Security Policy (CSP) enabled(and a browser that supports it(http://caniuse.com/#feat=contentsecuritypolicy),
24 # you can tell the browser that it can only download content from the domains you explicitly allow
24 # you can tell the browser that it can only download content from the domains you explicitly allow
25 # http://www.html5rocks.com/en/tutorials/security/content-security-policy/
25 # http://www.html5rocks.com/en/tutorials/security/content-security-policy/
26 # https://www.owasp.org/index.php/Content_Security_Policy
26 # https://www.owasp.org/index.php/Content_Security_Policy
27 # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
27 # I need to change our application code so we can increase security by disabling 'unsafe-inline' 'unsafe-eval'
28 # directives for css and js(if you have inline css or js, you will need to keep it too).
28 # directives for css and js(if you have inline css or js, you will need to keep it too).
29 # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
29 # more: http://www.html5rocks.com/en/tutorials/security/content-security-policy/#inline-code-considered-harmful
30 #add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";
30 #add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";
31
31
32 ## rate limiter for certain pages to prevent brute force attacks
32 ## rate limiter for certain pages to prevent brute force attacks
33 limit_req_zone $binary_remote_addr zone=http_req_limit:10m rate=1r/s;
33 limit_req_zone $binary_remote_addr zone=http_req_limit:10m rate=1r/s;
34
34
35 ## custom log format
35 ## custom log format
36 log_format http_log_custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time $pipe';
36 log_format http_log_custom '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time $pipe';
37
37
38 log_format json_log_custom escape=json
39 '{'
40 '"source":"nginx",'
41 '"remote_user":"$remote_user",'
42 '"time_local":"$time_local",'
43 '"remote_addr":"$remote_addr",'
44 '"request":"$request",'
45 '"status": "$status",'
46 '"request_method": "$request_method",'
47 '"body_bytes_sent":"$body_bytes_sent",'
48 '"request_time":"$request_time",'
49 '"upstream_response_time":"$upstream_response_time",'
50 '"http_referrer":"$http_referer",'
51 '"http_user_agent":"$http_user_agent"'
52 '}';
53
54
38 server {
55 server {
39 listen 80 default;
56 listen 80 default;
40 # ensure we get the proper Docker DNS resolver for load balancing.
57 # ensure we get the proper Docker DNS resolver for load balancing.
41 resolver 127.0.0.11 ipv6=off;
58 resolver 127.0.0.11 ipv6=off;
42 server_name localhost 127.0.0.1;
59 server_name localhost 127.0.0.1;
43 access_log /var/log/rhodecode/nginx/rhodecode.http.access.log http_log_custom;
60 access_log /var/log/rhodecode/nginx/rhodecode.http.access.log json_log_custom;
44 error_log /var/log/rhodecode/nginx/rhodecode.http.error.log;
61 error_log /var/log/rhodecode/nginx/rhodecode.http.error.log;
45
62
46 # uncomment to redirect http traffic to https
63 # uncomment to redirect http traffic to https
47 #return 301 https://$host$request_uri;
64 #return 301 https://$host$request_uri;
48
65
49 client_body_buffer_size 128k;
66 client_body_buffer_size 128k;
50 # maximum number and size of buffers for large headers to read from client request
67 # maximum number and size of buffers for large headers to read from client request
51 large_client_header_buffers 16 256k;
68 large_client_header_buffers 16 256k;
52
69
53 ## serve static files by nginx, recommended
70 ## serve static files by nginx, recommended
54 location /_static/rhodecode {
71 location /_static/rhodecode {
55 gzip on;
72 gzip on;
56 gzip_min_length 500;
73 gzip_min_length 500;
57 gzip_proxied any;
74 gzip_proxied any;
58 gzip_comp_level 4;
75 gzip_comp_level 4;
59 gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
76 gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
60 gzip_vary on;
77 gzip_vary on;
61 gzip_disable "msie6";
78 gzip_disable "msie6";
62 expires 60d;
79 expires 60d;
63
80
64 alias /var/opt/rhodecode_data/static;
81 alias /var/opt/rhodecode_data/static;
65 }
82 }
66
83
67 ## channelstream location handler, if channelstream live chat and notifications
84 ## channelstream location handler, if channelstream live chat and notifications
68 ## are enable this will proxy the requests to channelstream websocket server
85 ## are enable this will proxy the requests to channelstream websocket server
69 location /_channelstream {
86 location /_channelstream {
70 rewrite /_channelstream/(.*) /$1 break;
87 rewrite /_channelstream/(.*) /$1 break;
71 gzip off;
88 gzip off;
72 tcp_nodelay off;
89 tcp_nodelay off;
73
90
74 proxy_connect_timeout 10;
91 proxy_connect_timeout 10;
75 proxy_send_timeout 10m;
92 proxy_send_timeout 10m;
76 proxy_read_timeout 10m;
93 proxy_read_timeout 10m;
77
94
78 proxy_set_header Host $host;
95 proxy_set_header Host $host;
79 proxy_set_header X-Real-IP $remote_addr;
96 proxy_set_header X-Real-IP $remote_addr;
80 proxy_set_header X-Url-Scheme $scheme;
97 proxy_set_header X-Url-Scheme $scheme;
81 proxy_set_header X-Forwarded-Proto $scheme;
98 proxy_set_header X-Forwarded-Proto $scheme;
82 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
99 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
83
100
84 proxy_http_version 1.1;
101 proxy_http_version 1.1;
85 proxy_set_header Upgrade $http_upgrade;
102 proxy_set_header Upgrade $http_upgrade;
86 proxy_set_header Connection "upgrade";
103 proxy_set_header Connection "upgrade";
87
104
88 proxy_pass http://channelstream:9800;
105 proxy_pass http://channelstream:9800;
89 }
106 }
90
107
91 ## rate limit this endpoint to prevent login page brute-force attacks
108 ## rate limit this endpoint to prevent login page brute-force attacks
92 location /_admin/login {
109 location /_admin/login {
93 limit_req zone=http_req_limit burst=10 nodelay;
110 limit_req zone=http_req_limit burst=10 nodelay;
94 try_files $uri @rhodecode_http;
111 try_files $uri @rhodecode_http;
95 }
112 }
96
113
97 location / {
114 location / {
98 include /etc/nginx/proxy.conf;
115 include /etc/nginx/proxy.conf;
99 try_files $uri @rhodecode_http;
116 try_files $uri @rhodecode_http;
100 }
117 }
101
118
102 location @rhodecode_http {
119 location @rhodecode_http {
103 include /etc/nginx/proxy.conf;
120 include /etc/nginx/proxy.conf;
104 proxy_pass http://rhodecode:10020;
121 proxy_pass http://rhodecode:10020;
105 }
122 }
106
123
107 ## Custom 502 error page.
124 ## Custom 502 error page.
108 ## Will be displayed while RhodeCode server is turned off
125 ## Will be displayed while RhodeCode server is turned off
109 error_page 502 /502.html;
126 error_page 502 /502.html;
110 location = /502.html {
127 location = /502.html {
111 root /var/opt/static;
128 root /var/opt/static;
112 }
129 }
113
130
114 }
131 }
@@ -1,305 +1,305 b''
1 FROM ubuntu:latest
1 FROM ubuntu:22.04
2 # Using 20.04 LTS Release
2 # Using 22.04 LTS Release
3 MAINTAINER RhodeCode Inc. <support@rhodecode.com>
3 MAINTAINER RhodeCode Inc. <support@rhodecode.com>
4
4
5 ARG TZ="UTC"
5 ARG TZ="UTC"
6 ARG LOCALE_TYPE=en_US.UTF-8
6 ARG LOCALE_TYPE=en_US.UTF-8
7 ARG RHODECODE_TYPE=Enterprise
7 ARG RHODECODE_TYPE=Enterprise
8 # source-install
8 # source-install
9 ARG RHODECODE_VERSION=4.26.0
9 ARG RHODECODE_VERSION=4.26.0
10
10
11 ARG RHODECODE_DB=sqlite
11 ARG RHODECODE_DB=sqlite
12 ARG RHODECODE_USER_NAME=admin
12 ARG RHODECODE_USER_NAME=admin
13 ARG RHODECODE_USER_PASS=secret4
13 ARG RHODECODE_USER_PASS=secret4
14 ARG RHODECODE_USER_EMAIL=support@rhodecode.com
14 ARG RHODECODE_USER_EMAIL=support@rhodecode.com
15
15
16 # nix ver/channels
16 # nix ver/channels
17 ARG DEV_NIX_VERSION=2.0.4
17 ARG DEV_NIX_VERSION=2.0.4
18 ARG DEV_NIX_CHANNEL=nixos-18.03
18 ARG DEV_NIX_CHANNEL=nixos-18.03
19
19
20 # env are runtime
20 # env are runtime
21 ENV \
21 ENV \
22 TZ=${TZ} \
22 TZ=${TZ} \
23 LOCALE_TYPE=${LOCALE_TYPE} \
23 LOCALE_TYPE=${LOCALE_TYPE} \
24 \
24 \
25 ## Define type we build, and the instance we'll create
25 ## Define type we build, and the instance we'll create
26 RHODECODE_TYPE=${RHODECODE_TYPE} \
26 RHODECODE_TYPE=${RHODECODE_TYPE} \
27 RC_TYPE_ID=enterprise-1 \
27 RC_TYPE_ID=enterprise-1 \
28 \
28 \
29 ## SETUP ARGS FOR INSTALLATION ##
29 ## SETUP ARGS FOR INSTALLATION ##
30 ## set version we build on, get from .env or set default ver
30 ## set version we build on, get from .env or set default ver
31 RHODECODE_VERSION=${RHODECODE_VERSION} \
31 RHODECODE_VERSION=${RHODECODE_VERSION} \
32 \
32 \
33 ## set DB, default sqlite
33 ## set DB, default sqlite
34 RHODECODE_DB=${RHODECODE_DB} \
34 RHODECODE_DB=${RHODECODE_DB} \
35 \
35 \
36 ## set app bootstrap required data
36 ## set app bootstrap required data
37 RHODECODE_USER_NAME=${RHODECODE_USER_NAME} \
37 RHODECODE_USER_NAME=${RHODECODE_USER_NAME} \
38 RHODECODE_USER_PASS=${RHODECODE_USER_PASS} \
38 RHODECODE_USER_PASS=${RHODECODE_USER_PASS} \
39 RHODECODE_USER_EMAIL=${RHODECODE_USER_EMAIL} \
39 RHODECODE_USER_EMAIL=${RHODECODE_USER_EMAIL} \
40 \
40 \
41 RC_USER=rhodecode \
41 RC_USER=rhodecode \
42 \
42 \
43 # SVN CONFIG
43 # SVN CONFIG
44 MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \
44 MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf \
45 MOD_DAV_SVN_PORT=8090 \
45 MOD_DAV_SVN_PORT=8090 \
46 \
46 \
47 # SSHD CONFIG
47 # SSHD CONFIG
48 SSHD_CONF_FILE=/etc/rhodecode/sshd_config \
48 SSHD_CONF_FILE=/etc/rhodecode/sshd_config \
49 \
49 \
50 BUILD_CONF=/etc/rhodecode/conf_build \
50 BUILD_CONF=/etc/rhodecode/conf_build \
51 BUILD_BIN_DIR=/var/opt/rhodecode_bin \
51 BUILD_BIN_DIR=/var/opt/rhodecode_bin \
52 RHODECODE_DATA_DIR=/var/opt/rhodecode_data \
52 RHODECODE_DATA_DIR=/var/opt/rhodecode_data \
53 RHODECODE_REPO_DIR=/var/opt/rhodecode_repo_store \
53 RHODECODE_REPO_DIR=/var/opt/rhodecode_repo_store \
54 RHODECODE_HTTP_PORT=10020 \
54 RHODECODE_HTTP_PORT=10020 \
55 RHODECODE_VCS_PORT=10010 \
55 RHODECODE_VCS_PORT=10010 \
56 RHODECODE_HOST=0.0.0.0 \
56 RHODECODE_HOST=0.0.0.0 \
57 RHODECODE_VCS_HOST=127.0.0.1
57 RHODECODE_VCS_HOST=127.0.0.1
58
58
59 ENV \
59 ENV \
60 RCCONTROL=/home/$RC_USER/.rccontrol-profile/bin/rccontrol \
60 RCCONTROL=/home/$RC_USER/.rccontrol-profile/bin/rccontrol \
61 SUPERVISOR_CONF=/home/$RC_USER/.rccontrol/supervisor/supervisord.ini \
61 SUPERVISOR_CONF=/home/$RC_USER/.rccontrol/supervisor/supervisord.ini \
62 # make application scripts visible
62 # make application scripts visible
63 PATH=$PATH:/home/$RC_USER/.rccontrol-profile/bin
63 PATH=$PATH:/home/$RC_USER/.rccontrol-profile/bin
64
64
65 ENV SVN_LOCALE_DEPS apache2 apache2-utils libapache2-mod-svn
65 ENV SVN_LOCALE_DEPS apache2 apache2-utils libapache2-mod-svn
66 ENV SSH_LOCALE_DEPS openssh-server
66 ENV SSH_LOCALE_DEPS openssh-server
67 ENV PYTHON_DEPS python2
67 ENV PYTHON_DEPS python2
68 ENV EXTRA_DEPS vim
68 ENV EXTRA_DEPS vim
69
69
70 ENV \
70 ENV \
71 PATH=$PATH:/nix/var/nix/profiles/per-user/$RC_USER/profile/bin:/home/$RC_USER/rhodecode-enterprise-ee/profile/bin \
71 PATH=$PATH:/nix/var/nix/profiles/per-user/$RC_USER/profile/bin:/home/$RC_USER/rhodecode-enterprise-ee/profile/bin \
72 NIX_BLD_USER=nixbld \
72 NIX_BLD_USER=nixbld \
73 NIX_PATH=/nix/var/nix/profiles/per-user/$RC_USER/channels \
73 NIX_PATH=/nix/var/nix/profiles/per-user/$RC_USER/channels \
74 NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
74 NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
75
75
76
76
77 RUN \
77 RUN \
78 echo "** install base packages **" && \
78 echo "** install base packages **" && \
79 set -eux; \
79 set -eux; \
80 \
80 \
81 savedAptMark="$(apt-mark showmanual)"; \
81 savedAptMark="$(apt-mark showmanual)"; \
82 apt-get update; \
82 apt-get update; \
83 DEBIAN_FRONTEND="noninteractive" \
83 DEBIAN_FRONTEND="noninteractive" \
84 apt-get install -y --no-install-recommends \
84 apt-get install -y --no-install-recommends \
85 tini \
85 tini \
86 bash \
86 bash \
87 binutils \
87 binutils \
88 tzdata \
88 tzdata \
89 locales \
89 locales \
90 openssl \
90 openssl \
91 curl \
91 curl \
92 sudo \
92 sudo \
93 gosu \
93 gosu \
94 bzip2 \
94 bzip2 \
95 ca-certificates \
95 ca-certificates \
96 $PYTHON_DEPS \
96 $PYTHON_DEPS \
97 $SSH_LOCALE_DEPS \
97 $SSH_LOCALE_DEPS \
98 $SVN_LOCALE_DEPS \
98 $SVN_LOCALE_DEPS \
99 $EXTRA_DEPS \
99 $EXTRA_DEPS \
100 ; \
100 ; \
101 rm -rf /var/lib/apt/lists/*;
101 rm -rf /var/lib/apt/lists/*;
102
102
103 RUN \
103 RUN \
104 echo "** Configure the python executable for py2/3 compat **" && \
104 echo "** Configure the python executable for py2/3 compat **" && \
105 ISPY=$(which python3 || which python2) && \
105 ISPY=$(which python3 || which python2) && \
106 if [ -n $ISPY ] ; then ln -s $ISPY /usr/bin/python ; fi
106 if [ -n $ISPY ] ; then ln -s $ISPY /usr/bin/python ; fi
107
107
108 RUN \
108 RUN \
109 echo "** Configure the locales **" && \
109 echo "** Configure the locales **" && \
110 sed -i "s/^# ${LOCALE_TYPE}/${LOCALE_TYPE}/g" /etc/locale.gen && \
110 sed -i "s/^# ${LOCALE_TYPE}/${LOCALE_TYPE}/g" /etc/locale.gen && \
111 locale-gen
111 locale-gen
112
112
113 # locale-archive is a fix for old nix glibc2.26 locales available
113 # locale-archive is a fix for old nix glibc2.26 locales available
114 ENV \
114 ENV \
115 LOCALE_ARCHIVE=/var/opt/locale-archive \
115 LOCALE_ARCHIVE=/var/opt/locale-archive \
116 LANG=${LOCALE_TYPE} \
116 LANG=${LOCALE_TYPE} \
117 LANGUAGE=${LOCALE_TYPE} \
117 LANGUAGE=${LOCALE_TYPE} \
118 LC_ALL=${LOCALE_TYPE}
118 LC_ALL=${LOCALE_TYPE}
119
119
120 # configure the system user
120 # configure the system user
121 # explicitly set uid/gid to guarantee that it won't change in the future
121 # explicitly set uid/gid to guarantee that it won't change in the future
122 # the values 999:999 are identical to the current user/group id assigned
122 # the values 999:999 are identical to the current user/group id assigned
123 RUN \
123 RUN \
124 echo "** Create system user $RC_USER **" && \
124 echo "** Create system user $RC_USER **" && \
125 groupadd --system --gid 999 $RC_USER && \
125 groupadd --system --gid 999 $RC_USER && \
126 useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \
126 useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER && \
127 usermod -G $RC_USER $RC_USER
127 usermod -G $RC_USER $RC_USER
128
128
129 RUN \
129 RUN \
130 echo "** Create nix-build user $NIX_BLD_USER **" && \
130 echo "** Create nix-build user $NIX_BLD_USER **" && \
131 groupadd --system --gid 1099 $NIX_BLD_USER && \
131 groupadd --system --gid 1099 $NIX_BLD_USER && \
132 useradd --system --gid $NIX_BLD_USER --uid 1099 --shell /bin/bash $NIX_BLD_USER && \
132 useradd --system --gid $NIX_BLD_USER --uid 1099 --shell /bin/bash $NIX_BLD_USER && \
133 usermod -G $NIX_BLD_USER $NIX_BLD_USER
133 usermod -G $NIX_BLD_USER $NIX_BLD_USER
134
134
135 RUN \
135 RUN \
136 echo "** disable nix sandboxing **" && \
136 echo "** disable nix sandboxing **" && \
137 mkdir /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf
137 mkdir /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf
138
138
139
139
140 # set the defult bash shell
140 # set the defult bash shell
141 SHELL ["/bin/bash", "-c"]
141 SHELL ["/bin/bash", "-c"]
142
142
143 # Fix and set a timezone
143 # Fix and set a timezone
144 RUN \
144 RUN \
145 echo "** configure the timezone **" && \
145 echo "** configure the timezone **" && \
146 rm /etc/localtime && cp /usr/share/zoneinfo/$TZ /etc/localtime && \
146 rm /etc/localtime && cp /usr/share/zoneinfo/$TZ /etc/localtime && \
147 echo $TZ > /etc/timezone
147 echo $TZ > /etc/timezone
148
148
149
149
150 RUN \
150 RUN \
151 echo "** prepare rhodecode store and cache **" && \
151 echo "** prepare rhodecode store and cache **" && \
152 install -d -m 0700 -o $RC_USER -g $RC_USER /nix && \
152 install -d -m 0700 -o $RC_USER -g $RC_USER /nix && \
153 install -d -m 0755 -o $RC_USER -g $RC_USER /opt/rhodecode && \
153 install -d -m 0755 -o $RC_USER -g $RC_USER /opt/rhodecode && \
154 install -d -m 0755 -o $RC_USER -g $RC_USER /var/opt/rhodecode_bin && \
154 install -d -m 0755 -o $RC_USER -g $RC_USER /var/opt/rhodecode_bin && \
155 install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_REPO_DIR && \
155 install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_REPO_DIR && \
156 install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_DATA_DIR && \
156 install -d -m 0755 -o $RC_USER -g $RC_USER $RHODECODE_DATA_DIR && \
157 install -d -m 0755 -o $RC_USER -g $RC_USER $BUILD_CONF && \
157 install -d -m 0755 -o $RC_USER -g $RC_USER $BUILD_CONF && \
158 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-vcsserver && \
158 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-vcsserver && \
159 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ce && \
159 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ce && \
160 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ee && \
160 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/rhodecode-enterprise-ee && \
161 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/ && \
161 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/ && \
162 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol && \
162 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol && \
163 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/cache && \
163 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/cache && \
164 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/bootstrap && \
164 install -d -m 0755 -o $RC_USER -g $RC_USER /home/$RC_USER/.rccontrol/bootstrap && \
165 install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh
165 install -d -m 0700 -o $RC_USER -g $RC_USER /home/$RC_USER/.ssh
166
166
167 # expose our custom sshd config
167 # expose our custom sshd config
168 COPY service/sshd/sshd_config $SSHD_CONF_FILE
168 COPY service/sshd/sshd_config $SSHD_CONF_FILE
169
169
170 # Apache SVN setup
170 # Apache SVN setup
171 RUN \
171 RUN \
172 echo "**** Apache config cleanup ****" && \
172 echo "**** Apache config cleanup ****" && \
173 rm -f /etc/apache2/conf.d/info.conf \
173 rm -f /etc/apache2/conf.d/info.conf \
174 /etc/apache2/conf.d/mpm.conf \
174 /etc/apache2/conf.d/mpm.conf \
175 /etc/apache2/conf.d/userdir.conf && \
175 /etc/apache2/conf.d/userdir.conf && \
176 rm -f /etc/apache2/sites-enabled/* && \
176 rm -f /etc/apache2/sites-enabled/* && \
177 rm -f /etc/apache2/sites-available/*
177 rm -f /etc/apache2/sites-available/*
178
178
179 # custom SVN virtualhost
179 # custom SVN virtualhost
180 COPY service/svn/virtualhost.conf /etc/apache2/sites-enabled/
180 COPY service/svn/virtualhost.conf /etc/apache2/sites-enabled/
181
181
182 RUN \
182 RUN \
183 echo "**** Apache config ****" && \
183 echo "**** Apache config ****" && \
184 echo $(strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \
184 echo $(strings /usr/lib/apache2/modules/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \
185 mkdir -p /run/apache2 && \
185 mkdir -p /run/apache2 && \
186 mkdir -p /var/opt/www && \
186 mkdir -p /var/opt/www && \
187 echo "unset HOME" > /etc/apache2/envvars && \
187 echo "unset HOME" > /etc/apache2/envvars && \
188 echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \
188 echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \
189 echo "export APACHE_PID_FILE=/var/run/apache2/apache2.pid" >> /etc/apache2/envvars && \
189 echo "export APACHE_PID_FILE=/var/run/apache2/apache2.pid" >> /etc/apache2/envvars && \
190 echo "export APACHE_RUN_DIR=/var/run/apache2" >> /etc/apache2/envvars && \
190 echo "export APACHE_RUN_DIR=/var/run/apache2" >> /etc/apache2/envvars && \
191 echo "export APACHE_LOCK_DIR=/var/lock/apache2" >> /etc/apache2/envvars && \
191 echo "export APACHE_LOCK_DIR=/var/lock/apache2" >> /etc/apache2/envvars && \
192 echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \
192 echo "export APACHE_RUN_USER=${RC_USER}" >> /etc/apache2/envvars && \
193 echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \
193 echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \
194 sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /etc/apache2/ports.conf
194 sed -i "s/Listen 80/Listen ${MOD_DAV_SVN_PORT}/g" /etc/apache2/ports.conf
195
195
196
196
197 # Copy artifacts
197 # Copy artifacts
198 COPY --chown=$RC_USER:$RC_USER .source/ /home/$RC_USER/
198 COPY --chown=$RC_USER:$RC_USER .source/ /home/$RC_USER/
199 COPY --chown=$RC_USER:$RC_USER .cache/* /home/$RC_USER/.rccontrol/cache/
199 COPY --chown=$RC_USER:$RC_USER .cache/* /home/$RC_USER/.rccontrol/cache/
200 COPY --chown=$RC_USER:$RC_USER config/compose/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/
200 COPY --chown=$RC_USER:$RC_USER config/compose/rhodecode_enterprise.license /home/$RC_USER/.rccontrol/bootstrap/
201 COPY --chown=$RC_USER:$RC_USER service/rhodecode/bootstrap/* /home/$RC_USER/.rccontrol/bootstrap/
201 COPY --chown=$RC_USER:$RC_USER service/rhodecode/bootstrap/* /home/$RC_USER/.rccontrol/bootstrap/
202
202
203 RUN \
203 RUN \
204 echo "**** locale-archive path ****" && \
204 echo "**** locale-archive path ****" && \
205 mv -v /home/$RC_USER/.rccontrol/cache/locale-archive /var/opt/locale-archive
205 mv -v /home/$RC_USER/.rccontrol/cache/locale-archive /var/opt/locale-archive
206
206
207 # change to non-root user for RUN commands
207 # change to non-root user for RUN commands
208 USER $RC_USER
208 USER $RC_USER
209 WORKDIR /home/$RC_USER
209 WORKDIR /home/$RC_USER
210
210
211
211
212 RUN \
212 RUN \
213 echo "** download and install nix ** from $DEV_NIX_VERSION/install" && \
213 echo "** download and install nix ** from $DEV_NIX_VERSION/install" && \
214 curl -L https://releases.nixos.org/nix/nix-$DEV_NIX_VERSION/install | USER=$RC_USER /bin/bash
214 curl -L https://releases.nixos.org/nix/nix-$DEV_NIX_VERSION/install | USER=$RC_USER /bin/bash
215
215
216 RUN \
216 RUN \
217 echo "** update nix package database and set channel to $DEV_NIX_CHANNEL **" && \
217 echo "** update nix package database and set channel to $DEV_NIX_CHANNEL **" && \
218 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
218 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
219 nix-channel --add https://channels.nixos.org/$DEV_NIX_CHANNEL nixpkgs && \
219 nix-channel --add https://channels.nixos.org/$DEV_NIX_CHANNEL nixpkgs && \
220 nix-channel --update
220 nix-channel --update
221
221
222
222
223 RUN \
223 RUN \
224 echo "** save nix config **" && \
224 echo "** save nix config **" && \
225 touch /home/$RC_USER/.rhoderc && \
225 touch /home/$RC_USER/.rhoderc && \
226 mkdir -p /home/$RC_USER/.nixpkgs && touch /home/$RC_USER/.nixpkgs/config.nix && \
226 mkdir -p /home/$RC_USER/.nixpkgs && touch /home/$RC_USER/.nixpkgs/config.nix && \
227 printf '{\n rc = {\n sources = {\n rhodecode-vcsserver = "/home/'$RC_USER'/rhodecode-vcsserver";\n rhodecode-enterprise-ce = "/home/'$RC_USER'/rhodecode-enterprise-ce";\n rhodecode-enterprise-ee = "/home/'$RC_USER'/rhodecode-enterprise-ee";\n };\n };\n}\n' > /home/$RC_USER/.nixpkgs/config.nix
227 printf '{\n rc = {\n sources = {\n rhodecode-vcsserver = "/home/'$RC_USER'/rhodecode-vcsserver";\n rhodecode-enterprise-ce = "/home/'$RC_USER'/rhodecode-enterprise-ce";\n rhodecode-enterprise-ee = "/home/'$RC_USER'/rhodecode-enterprise-ee";\n };\n };\n}\n' > /home/$RC_USER/.nixpkgs/config.nix
228
228
229
229
230 RUN \
230 RUN \
231 echo "** install rhodecode control **" && \
231 echo "** install rhodecode control **" && \
232 # cd /home/$RC_USER/.rccontrol/cache && \
232 # cd /home/$RC_USER/.rccontrol/cache && \
233 # INSTALLER=$(ls -Art /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* | tail -n 1) && \
233 # INSTALLER=$(ls -Art /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* | tail -n 1) && \
234 # chmod +x ${INSTALLER} && \
234 # chmod +x ${INSTALLER} && \
235 # ${INSTALLER} --accept-license && \
235 # ${INSTALLER} --accept-license && \
236 # ${RCCONTROL} self-init && \
236 # ${RCCONTROL} self-init && \
237 # cp -v /home/$RC_USER/.rccontrol-profile/etc/ca-bundle.crt $BUILD_CONF/ && \
237 # cp -v /home/$RC_USER/.rccontrol-profile/etc/ca-bundle.crt $BUILD_CONF/ && \
238 echo "Done"
238 echo "Done"
239
239
240 RUN \
240 RUN \
241 echo "** install build vcsserver ${RHODECODE_VERSION} **" && \
241 echo "** install build vcsserver ${RHODECODE_VERSION} **" && \
242 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
242 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
243 nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link rhodecode-vcsserver/result rhodecode-vcsserver/default.nix && \
243 nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link rhodecode-vcsserver/result rhodecode-vcsserver/default.nix && \
244 nix-shell --command 'echo ok' rhodecode-vcsserver/default.nix && \
244 nix-shell --command 'echo ok' rhodecode-vcsserver/default.nix && \
245 VCSSERVER_PATH=/home/$RC_USER/rhodecode-vcsserver && \
245 VCSSERVER_PATH=/home/$RC_USER/rhodecode-vcsserver && \
246 rm -rf $BUILD_BIN_DIR/vcs_bin && ln -s ${VCSSERVER_PATH}/result/bin $BUILD_BIN_DIR/vcs_bin && \
246 rm -rf $BUILD_BIN_DIR/vcs_bin && ln -s ${VCSSERVER_PATH}/result/bin $BUILD_BIN_DIR/vcs_bin && \
247 cp -v ${VCSSERVER_PATH}/configs/production.ini $BUILD_CONF/vcsserver.ini
247 cp -v ${VCSSERVER_PATH}/configs/production.ini $BUILD_CONF/vcsserver.ini
248
248
249 RUN \
249 RUN \
250 echo "** install build Community ${RHODECODE_VERSION} **" && \
250 echo "** install build Community ${RHODECODE_VERSION} **" && \
251 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
251 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
252 echo "done"
252 echo "done"
253
253
254 RUN \
254 RUN \
255 echo "** install build Enterprise ${RHODECODE_VERSION} **" && \
255 echo "** install build Enterprise ${RHODECODE_VERSION} **" && \
256 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
256 . /home/rhodecode/.nix-profile/etc/profile.d/nix.sh && \
257 nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link rhodecode-enterprise-ee/result rhodecode-enterprise-ee/default.nix && \
257 nix-build --show-trace --cores 0 --max-jobs 4 --no-build-output --out-link rhodecode-enterprise-ee/result rhodecode-enterprise-ee/default.nix && \
258 nix-shell --command 'echo ok' rhodecode-enterprise-ee/default.nix && \
258 nix-shell --command 'echo ok' rhodecode-enterprise-ee/default.nix && \
259 RHODECODE_PATH=/home/$RC_USER/rhodecode-enterprise-ee && \
259 RHODECODE_PATH=/home/$RC_USER/rhodecode-enterprise-ee && \
260 rm -rf $BUILD_BIN_DIR/bin && ln -s ${RHODECODE_PATH}/result/bin $BUILD_BIN_DIR/ && \
260 rm -rf $BUILD_BIN_DIR/bin && ln -s ${RHODECODE_PATH}/result/bin $BUILD_BIN_DIR/ && \
261 cp -v ${RHODECODE_PATH}/configs/production.ini $BUILD_CONF/rhodecode.ini && \
261 cp -v ${RHODECODE_PATH}/configs/production.ini $BUILD_CONF/rhodecode.ini && \
262 cp -v ${RHODECODE_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf.py && \
262 cp -v ${RHODECODE_PATH}/configs/gunicorn_config.py $BUILD_CONF/gunicorn_conf.py && \
263 mkdir -p $RHODECODE_DATA_DIR/static && cp -r ${RHODECODE_PATH}/result/etc/static/* $RHODECODE_DATA_DIR/static/
263 mkdir -p $RHODECODE_DATA_DIR/static && cp -r ${RHODECODE_PATH}/result/etc/static/* $RHODECODE_DATA_DIR/static/
264
264
265
265
266 RUN \
266 RUN \
267 echo "** configure supervisord **" && \
267 echo "** configure supervisord **" && \
268 #cp -v ${SUPERVISOR_CONF} $BUILD_CONF/ && \
268 #cp -v ${SUPERVISOR_CONF} $BUILD_CONF/ && \
269 #sed -i "s/self_managed_supervisor = False/self_managed_supervisor = True/g" /home/$RC_USER/.rccontrol.ini && \
269 #sed -i "s/self_managed_supervisor = False/self_managed_supervisor = True/g" /home/$RC_USER/.rccontrol.ini && \
270 echo "done"
270 echo "done"
271
271
272 USER root
272 USER root
273
273
274
274
275 RUN \
275 RUN \
276 echo "**** cleanup ****" && \
276 echo "**** cleanup ****" && \
277 apt-get remove -y $PYTHON_DEPS && \
277 apt-get remove -y $PYTHON_DEPS && \
278 apt-get autoclean -y && \
278 apt-get autoclean -y && \
279 rm -f /tmp/* && \
279 rm -f /tmp/* && \
280 rm -f /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* && \
280 rm -f /home/$RC_USER/.rccontrol/cache/RhodeCode-installer-* && \
281 rm -f /home/$RC_USER/.rccontrol/cache/*.bz2 && \
281 rm -f /home/$RC_USER/.rccontrol/cache/*.bz2 && \
282 rm -rf /var/lib/apt/lists/* \
282 rm -rf /var/lib/apt/lists/* \
283 rm -rf /var/cache/apk/* \
283 rm -rf /var/cache/apk/* \
284 rm ${SUPERVISOR_CONF}
284 rm ${SUPERVISOR_CONF}
285
285
286 # copy entrypoints
286 # copy entrypoints
287 COPY entrypoints.d/entrypoint.sh /opt/entrypoints.d/entrypoint.sh
287 COPY entrypoints.d/entrypoint.sh /opt/entrypoints.d/entrypoint.sh
288 RUN chmod +x /opt/entrypoints.d/entrypoint.sh
288 RUN chmod +x /opt/entrypoints.d/entrypoint.sh
289
289
290 # config volume
290 # config volume
291 VOLUME /etc/rhodecode/conf
291 VOLUME /etc/rhodecode/conf
292
292
293 # repo store volume
293 # repo store volume
294 VOLUME /var/opt/rhodecode_repo_store
294 VOLUME /var/opt/rhodecode_repo_store
295
295
296 # data volume
296 # data volume
297 VOLUME /var/opt/rhodecode_data
297 VOLUME /var/opt/rhodecode_data
298
298
299 # logs volume
299 # logs volume
300 VOLUME /var/log/rhodecode
300 VOLUME /var/log/rhodecode
301
301
302 ENTRYPOINT ["/opt/entrypoints.d/entrypoint.sh"]
302 ENTRYPOINT ["/opt/entrypoints.d/entrypoint.sh"]
303
303
304 # compose can override this
304 # compose can override this
305 CMD ["supervisord", "--nodaemon", "-c", "/etc/rhodecode/conf/supervisord.ini"]
305 CMD ["supervisord", "--nodaemon", "-c", "/etc/rhodecode/conf/supervisord.ini"]
@@ -1,70 +1,72 b''
1 FROM debian:buster
1 FROM ubuntu:22.04
2 # Using 22.04 LTS Release
2 MAINTAINER RhodeCode Inc. <support@rhodecode.com>
3 MAINTAINER RhodeCode Inc. <support@rhodecode.com>
3
4
5
4 ENV \
6 ENV \
5 RC_USER=rhodecode \
7 RC_USER=rhodecode \
6 MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf
8 MOD_DAV_SVN_CONF_FILE=/etc/rhodecode/conf/svn/mod_dav_svn.conf
7
9
8 RUN \
10 RUN \
9 echo "** install base svn packages **" && \
11 echo "** install base svn packages **" && \
10 apk update && \
12 apt-get update && \
11 apk add --no-cache \
13 apt-get install --no-cache \
12 tini \
14 tini \
13 bash \
15 bash \
14 curl \
16 curl \
15 apache2 \
17 apache2 \
16 apache2-utils \
18 apache2-utils \
17 apache2-webdav \
19 apache2-webdav \
18 mod_dav_svn \
20 mod_dav_svn \
19 subversion
21 subversion
20
22
21 # configure the system user
23 # configure the system user
22 # explicitly set uid/gid to guarantee that it won't change in the future
24 # explicitly set uid/gid to guarantee that it won't change in the future
23 # the values 999:999 are identical to the current user/group id assigned
25 # the values 999:999 are identical to the current user/group id assigned
24 RUN \
26 RUN \
25 echo "** Create system user $RC_USER **" && \
27 echo "** Create system user $RC_USER **" && \
26 groupadd --system --gid 999 $RC_USER && \
28 groupadd --system --gid 999 $RC_USER && \
27 useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER
29 useradd --system --gid $RC_USER --uid 999 --shell /bin/bash $RC_USER
28
30
29
31
30 RUN \
32 RUN \
31 echo "**** cleanup ****" && \
33 echo "**** cleanup ****" && \
32 apk del tzdata python2 && \
34 apt-get purge tzdata python2 && \
33 rm -f /tmp/* && \
35 rm -f /tmp/* && \
34 rm -rf /var/lib/apt/lists/* \
36 rm -rf /var/lib/apt/lists/* \
35 rm -rf /var/cache/apk/*
37 rm -rf /var/cache/apk/*
36
38
37 RUN \
39 RUN \
38 echo "**** Apache config cleanup ****" && \
40 echo "**** Apache config cleanup ****" && \
39 rm -f /etc/apache2/conf.d/info.conf \
41 rm -f /etc/apache2/conf.d/info.conf \
40 /etc/apache2/conf.d/mpm.conf \
42 /etc/apache2/conf.d/mpm.conf \
41 /etc/apache2/conf.d/userdir.conf
43 /etc/apache2/conf.d/userdir.conf
42
44
43
45
44 COPY svn/virtualhost.conf /etc/apache2/conf.d/
46 COPY svn/virtualhost.conf /etc/apache2/conf.d/
45
47
46 # copy entrypoints
48 # copy entrypoints
47 COPY entrypoints.d/svn-entrypoint.sh /opt/entrypoints.d/svn-entrypoint.sh
49 COPY entrypoints.d/svn-entrypoint.sh /opt/entrypoints.d/svn-entrypoint.sh
48 RUN chmod +x /opt/entrypoints.d/svn-entrypoint.sh
50 RUN chmod +x /opt/entrypoints.d/svn-entrypoint.sh
49
51
50 RUN \
52 RUN \
51 echo $(strings /usr/lib/apache2/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \
53 echo $(strings /usr/lib/apache2/mod_dav_svn.so | grep 'Powered by') > /var/opt/dav.version && \
52 mkdir -p /run/apache2 && \
54 mkdir -p /run/apache2 && \
53 mkdir -p /var/opt/www && \
55 mkdir -p /var/opt/www && \
54 echo "export APACHE_RUN_USER=${RC_USER}" > /etc/apache2/envvars && \
56 echo "export APACHE_RUN_USER=${RC_USER}" > /etc/apache2/envvars && \
55 echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \
57 echo "export APACHE_RUN_GROUP=${RC_USER}" >> /etc/apache2/envvars && \
56 sed -i "s/User apache/User ${RC_USER}/g" /etc/apache2/httpd.conf && \
58 sed -i "s/User apache/User ${RC_USER}/g" /etc/apache2/httpd.conf && \
57 sed -i "s/Group apache/Group ${RC_USER}/g" /etc/apache2/httpd.conf
59 sed -i "s/Group apache/Group ${RC_USER}/g" /etc/apache2/httpd.conf
58
60
59 # repo store volume
61 # repo store volume
60 VOLUME /var/opt/rhodecode_repo_store
62 VOLUME /var/opt/rhodecode_repo_store
61
63
62 # config volume
64 # config volume
63 VOLUME /etc/rhodecode/conf
65 VOLUME /etc/rhodecode/conf
64
66
65 # logs volume
67 # logs volume
66 VOLUME /var/log/rhodecode
68 VOLUME /var/log/rhodecode
67
69
68 ENTRYPOINT ["/opt/entrypoints.d/svn-entrypoint.sh"]
70 ENTRYPOINT ["/opt/entrypoints.d/svn-entrypoint.sh"]
69
71
70 CMD ["apachectl", "-D", "FOREGROUND"]
72 CMD ["apachectl", "-D", "FOREGROUND"]
General Comments 0
You need to be logged in to leave comments. Login now