From 7b4fbf51c60f283765261bf831c095de15f8098f Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Fri, 2 Dec 2022 17:16:37 +0800 Subject: [PATCH 01/94] initial configuration --- .gitignore | 2 +- containers/web_only.yml | 121 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 122 insertions(+), 1 deletion(-) create mode 100644 containers/web_only.yml diff --git a/.gitignore b/.gitignore index a6280f981..4020adbea 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ shared/* *.swp *~ \#*\# -containers/* +# containers/* cids/* bin/* image/.build.out diff --git a/containers/web_only.yml b/containers/web_only.yml new file mode 100644 index 000000000..b98f0e3c4 --- /dev/null +++ b/containers/web_only.yml @@ -0,0 +1,121 @@ +# IMPORTANT: SET A SECRET PASSWORD in Postgres for the Discourse User +# TODO: change SOME_SECRET in this template + +templates: + - "templates/web.template.yml" + - "templates/web.ratelimited.template.yml" +## Uncomment these two lines if you wish to add Lets Encrypt (https) + #- "templates/web.ssl.template.yml" + #- "templates/web.letsencrypt.ssl.template.yml" + +## which TCP/IP ports should this container expose? +## If you want Discourse to share a port with another webserver like Apache or nginx, +## see https://meta.discourse.org/t/17247 for details +# expose: +# - "80:80" # http +# - "443:443" # https + +# Use 'links' key to link containers together, aka use Docker --link flag. +# links: +# - link: +# name: data +# alias: data + +# any extra arguments for Docker? +# docker_args: + +params: + ## Which Git revision should this container use? (default: tests-passed) + #version: tests-passed + +env: + # LC_ALL: en_US.UTF-8 + LANG: en_US.UTF-8 + # LANGUAGE: en_US.UTF-8 + # DISCOURSE_DEFAULT_LOCALE: en + + ## How many concurrent web requests are supported? Depends on memory and CPU cores. + ## will be set automatically by bootstrap based on detected CPUs, or you can override + UNICORN_WORKERS: + + ## TODO: The domain name this Discourse instance will respond to + DISCOURSE_HOSTNAME: + + ## Uncomment if you want the container to be started with the same + ## hostname (-h option) as specified above (default "$hostname-$config") + #DOCKER_USE_HOSTNAME: true + + ## TODO: List of comma delimited emails that will be made admin and developer + ## on initial signup example 'user1@example.com,user2@example.com' + DISCOURSE_DEVELOPER_EMAILS: + + ## TODO: The SMTP mail server used to validate new accounts and send notifications + # SMTP ADDRESS, username, and password are required + # WARNING the char '#' in SMTP password can cause problems! + # DISCOURSE_SMTP_ADDRESS: smtp.example.com + #DISCOURSE_SMTP_PORT: 587 + # DISCOURSE_SMTP_USER_NAME: user@example.com + # DISCOURSE_SMTP_PASSWORD: pa$$word + #DISCOURSE_SMTP_ENABLE_START_TLS: true # (optional, default true) + #DISCOURSE_SMTP_DOMAIN: discourse.example.com # (required by some providers) + #DISCOURSE_NOTIFICATION_EMAIL: noreply@discourse.example.com # (address to send notifications from) + + ## If you added the Lets Encrypt template, uncomment below to get a free SSL certificate + #LETSENCRYPT_ACCOUNT_EMAIL: me@example.com + + ## TODO: configure connectivity to the databases + # DISCOURSE_DB_SOCKET: '' + DISCOURSE_DB_USERNAME: + DISCOURSE_DB_PASSWORD: + DISCOURSE_DB_HOST: + DISCOURSE_REDIS_HOST: + + ## The http or https CDN address for this Discourse instance (configured to pull) + ## see https://meta.discourse.org/t/14857 for details + #DISCOURSE_CDN_URL: https://discourse-cdn.example.com + + ## The maxmind geolocation IP address key for IP address lookup + ## see https://meta.discourse.org/t/-/137387/23 for details + #DISCOURSE_MAXMIND_LICENSE_KEY: 1234567890123456 + +# volumes: +# - volume: +# host: /var/discourse/shared/web-only +# guest: /shared +# - volume: +# host: /var/discourse/shared/web-only/log/var-log +# guest: /var/log + +## Plugins go here +## see https://meta.discourse.org/t/19157 for details +hooks: + after_code: + - exec: + cd: $home/plugins + cmd: + - mkdir -p plugins + - git clone https://github.com/discourse/docker_manager.git + - git clone https://gitee.com/opensourceway/EaseCheck.git + - git clone https://github.com/hiddenvillage/discourse-oauth2-basic.git + +## Remember, this is YAML syntax - you can only have one block with a name +run: + # - exec: echo "Beginning of custom commands" + + ## If you want to configure password login for root, uncomment and change: + ## Use only one of the following lines: + #- exec: /usr/sbin/usermod -p 'PASSWORD_HASH' root + #- exec: /usr/sbin/usermod -p "$(mkpasswd -m sha-256 'RAW_PASSWORD')" root + + ## If you want to authorized additional users, uncomment and change: + #- exec: ssh-import-id username + #- exec: ssh-import-id anotherusername + - exec: + cd: /var/www/discourse + cmd: + - sed -i 's/GlobalSetting.serve_static_assets/true/' config/environments/production.rb + - bash -c "touch -a /shared/log/rails/{sidekiq,puma.err,puma}.log" + - bash -c "ln -sf /shared/log/rails/{sidekiq,puma.err,puma}.log log/" + - sed -i 's/default \$scheme;/default https;/' /etc/nginx/conf.d/discourse.conf + # - exec: echo "End of custom commands" + # - exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}' From cc8c03e382f0c288f448640f684ef97fcaeced61 Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Fri, 9 Dec 2022 15:40:35 +0800 Subject: [PATCH 02/94] Correct discourse version. --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index b98f0e3c4..c6630ca8d 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -26,7 +26,7 @@ templates: params: ## Which Git revision should this container use? (default: tests-passed) - #version: tests-passed + version: main env: # LC_ALL: en_US.UTF-8 From 9eb4060466b1658c7f2d9e2c9e1067dd1d20f5be Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Wed, 18 Jan 2023 11:49:25 +0800 Subject: [PATCH 03/94] add formatting toolbar --- containers/web_only.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/web_only.yml b/containers/web_only.yml index c6630ca8d..fb82b7c83 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -97,6 +97,7 @@ hooks: - git clone https://github.com/discourse/docker_manager.git - git clone https://gitee.com/opensourceway/EaseCheck.git - git clone https://github.com/hiddenvillage/discourse-oauth2-basic.git + - git clone https://github.com/mondiscourse/discourse-formatting-toolbar.git ## Remember, this is YAML syntax - you can only have one block with a name run: From acfe5bbe67f253f580c7a50dfea456278b4ddfb3 Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Sun, 29 Jan 2023 15:54:25 +0800 Subject: [PATCH 04/94] Change code version. --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index fb82b7c83..b7ae44ee1 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -26,7 +26,7 @@ templates: params: ## Which Git revision should this container use? (default: tests-passed) - version: main + version: tests-passed env: # LC_ALL: en_US.UTF-8 From a775e2dc3b75c1a8f0cf1635cd987fdc77ce3c3a Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Mon, 30 Jan 2023 16:59:49 +0800 Subject: [PATCH 05/94] Skip git security check. --- templates/web.template.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/templates/web.template.yml b/templates/web.template.yml index 3bd3c8c2f..ff3d0fe0f 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -86,6 +86,10 @@ run: cd: $home hook: code cmd: + - echo "Operating user and folder owner info:" + - echo "$USER" + - ls -l /var/www + - git config --global --add safe.directory /var/www/discourse - git reset --hard - git clean -f - git remote set-branches --add origin main From 39ac981279a0a8a73174e73cd563d32666e01e5a Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Tue, 31 Jan 2023 17:30:38 +0800 Subject: [PATCH 06/94] Change branch. --- containers/web_only.yml | 4 ++-- templates/web.template.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index b7ae44ee1..e64e32d5d 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -26,7 +26,7 @@ templates: params: ## Which Git revision should this container use? (default: tests-passed) - version: tests-passed + version: main env: # LC_ALL: en_US.UTF-8 @@ -36,7 +36,7 @@ env: ## How many concurrent web requests are supported? Depends on memory and CPU cores. ## will be set automatically by bootstrap based on detected CPUs, or you can override - UNICORN_WORKERS: + # UNICORN_WORKERS: ## TODO: The domain name this Discourse instance will respond to DISCOURSE_HOSTNAME: diff --git a/templates/web.template.yml b/templates/web.template.yml index ff3d0fe0f..b88dad1a3 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -87,7 +87,7 @@ run: hook: code cmd: - echo "Operating user and folder owner info:" - - echo "$USER" + - whoami - ls -l /var/www - git config --global --add safe.directory /var/www/discourse - git reset --hard From 8eb3ee5d7d2c189ceab9b865f421a953ab8661a5 Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Wed, 1 Feb 2023 15:04:04 +0800 Subject: [PATCH 07/94] Add translator. --- containers/web_only.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index e64e32d5d..97e46972b 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -36,7 +36,7 @@ env: ## How many concurrent web requests are supported? Depends on memory and CPU cores. ## will be set automatically by bootstrap based on detected CPUs, or you can override - # UNICORN_WORKERS: + UNICORN_WORKERS: ## TODO: The domain name this Discourse instance will respond to DISCOURSE_HOSTNAME: @@ -98,6 +98,7 @@ hooks: - git clone https://gitee.com/opensourceway/EaseCheck.git - git clone https://github.com/hiddenvillage/discourse-oauth2-basic.git - git clone https://github.com/mondiscourse/discourse-formatting-toolbar.git + - git clone https://github.com/hiddenvillage/discourse-translator.git ## Remember, this is YAML syntax - you can only have one block with a name run: From c74730a2c7742db98981541c809bd6424bb1cbf2 Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Wed, 1 Feb 2023 16:23:03 +0800 Subject: [PATCH 08/94] Cancel ratelimit strategies. --- containers/web_only.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 97e46972b..22147d76f 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -3,7 +3,7 @@ templates: - "templates/web.template.yml" - - "templates/web.ratelimited.template.yml" + # - "templates/web.ratelimited.template.yml" ## Uncomment these two lines if you wish to add Lets Encrypt (https) #- "templates/web.ssl.template.yml" #- "templates/web.letsencrypt.ssl.template.yml" @@ -37,7 +37,8 @@ env: ## How many concurrent web requests are supported? Depends on memory and CPU cores. ## will be set automatically by bootstrap based on detected CPUs, or you can override UNICORN_WORKERS: - + UNICORN_SIDEKIQS: + ## TODO: The domain name this Discourse instance will respond to DISCOURSE_HOSTNAME: From e05ab7ea07bced30d2773c65fa2521154552e440 Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Fri, 3 Feb 2023 17:22:39 +0800 Subject: [PATCH 09/94] Change git repo to opensourceways. --- containers/web_only.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 22147d76f..f04b208b0 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -3,7 +3,7 @@ templates: - "templates/web.template.yml" - # - "templates/web.ratelimited.template.yml" + - "templates/web.ratelimited.template.yml" ## Uncomment these two lines if you wish to add Lets Encrypt (https) #- "templates/web.ssl.template.yml" #- "templates/web.letsencrypt.ssl.template.yml" @@ -97,9 +97,9 @@ hooks: - mkdir -p plugins - git clone https://github.com/discourse/docker_manager.git - git clone https://gitee.com/opensourceway/EaseCheck.git - - git clone https://github.com/hiddenvillage/discourse-oauth2-basic.git - - git clone https://github.com/mondiscourse/discourse-formatting-toolbar.git - - git clone https://github.com/hiddenvillage/discourse-translator.git + - git clone https://github.com/opensourceways/discourse-oauth2-basic.git + - git clone https://github.com/opensourceways/discourse-formatting-toolbar.git + - git clone https://github.com/opensourceways/discourse-translator.git ## Remember, this is YAML syntax - you can only have one block with a name run: From 68048a2edd9e84cbc7285c4367d0ecf5a2114ead Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Tue, 7 Feb 2023 10:35:10 +0800 Subject: [PATCH 10/94] Add MaxMind license and Increase sidekiq rss. --- containers/web_only.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/containers/web_only.yml b/containers/web_only.yml index f04b208b0..fca6e475e 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -38,10 +38,14 @@ env: ## will be set automatically by bootstrap based on detected CPUs, or you can override UNICORN_WORKERS: UNICORN_SIDEKIQS: + UNICORN_SIDEKIQ_MAX_RSS: 1000 ## TODO: The domain name this Discourse instance will respond to DISCOURSE_HOSTNAME: + ## MaxMind license key + DISCOURSE_MAXMIND_LICENSE_KEY: + ## Uncomment if you want the container to be started with the same ## hostname (-h option) as specified above (default "$hostname-$config") #DOCKER_USE_HOSTNAME: true From a5444a9ee28e6395e350ae96992f37fc34459acd Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Mon, 20 Feb 2023 15:13:27 +0800 Subject: [PATCH 11/94] Add "discourse-solved" plugin. --- containers/web_only.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/web_only.yml b/containers/web_only.yml index fca6e475e..a8d25ba80 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -104,6 +104,7 @@ hooks: - git clone https://github.com/opensourceways/discourse-oauth2-basic.git - git clone https://github.com/opensourceways/discourse-formatting-toolbar.git - git clone https://github.com/opensourceways/discourse-translator.git + - git clone https://github.com/discourse/discourse-solved.git ## Remember, this is YAML syntax - you can only have one block with a name run: From 8928036054affbfa5fe943097df46c105f5bc154 Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Fri, 28 Jul 2023 09:56:00 +0800 Subject: [PATCH 12/94] Update yaml --- containers/web_only.yml | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index a8d25ba80..017f7aa42 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -26,22 +26,22 @@ templates: params: ## Which Git revision should this container use? (default: tests-passed) - version: main + version: env: - # LC_ALL: en_US.UTF-8 + LC_ALL: en_US.UTF-8 LANG: en_US.UTF-8 - # LANGUAGE: en_US.UTF-8 + LANGUAGE: en_US.UTF-8 # DISCOURSE_DEFAULT_LOCALE: en ## How many concurrent web requests are supported? Depends on memory and CPU cores. ## will be set automatically by bootstrap based on detected CPUs, or you can override - UNICORN_WORKERS: + # UNICORN_WORKERS: UNICORN_SIDEKIQS: - UNICORN_SIDEKIQ_MAX_RSS: 1000 + UNICORN_SIDEKIQ_MAX_RSS: ## TODO: The domain name this Discourse instance will respond to - DISCOURSE_HOSTNAME: + DISCOURSE_HOSTNAME: ## MaxMind license key DISCOURSE_MAXMIND_LICENSE_KEY: @@ -52,7 +52,7 @@ env: ## TODO: List of comma delimited emails that will be made admin and developer ## on initial signup example 'user1@example.com,user2@example.com' - DISCOURSE_DEVELOPER_EMAILS: + DISCOURSE_DEVELOPER_EMAILS: ## TODO: The SMTP mail server used to validate new accounts and send notifications # SMTP ADDRESS, username, and password are required @@ -70,10 +70,10 @@ env: ## TODO: configure connectivity to the databases # DISCOURSE_DB_SOCKET: '' - DISCOURSE_DB_USERNAME: - DISCOURSE_DB_PASSWORD: - DISCOURSE_DB_HOST: - DISCOURSE_REDIS_HOST: + DISCOURSE_DB_USERNAME: + DISCOURSE_DB_PASSWORD: + DISCOURSE_DB_HOST: + DISCOURSE_REDIS_HOST: ## The http or https CDN address for this Discourse instance (configured to pull) ## see https://meta.discourse.org/t/14857 for details @@ -118,12 +118,6 @@ run: ## If you want to authorized additional users, uncomment and change: #- exec: ssh-import-id username #- exec: ssh-import-id anotherusername - - exec: - cd: /var/www/discourse - cmd: - - sed -i 's/GlobalSetting.serve_static_assets/true/' config/environments/production.rb - - bash -c "touch -a /shared/log/rails/{sidekiq,puma.err,puma}.log" - - bash -c "ln -sf /shared/log/rails/{sidekiq,puma.err,puma}.log log/" - - sed -i 's/default \$scheme;/default https;/' /etc/nginx/conf.d/discourse.conf + # - exec: echo "End of custom commands" # - exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}' From 1295eeb39f432c0ef97702afee282cf3a16c749c Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Sat, 29 Jul 2023 17:29:00 +0800 Subject: [PATCH 13/94] Add gamification plugin --- containers/web_only.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/web_only.yml b/containers/web_only.yml index 017f7aa42..7953605ca 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -105,6 +105,7 @@ hooks: - git clone https://github.com/opensourceways/discourse-formatting-toolbar.git - git clone https://github.com/opensourceways/discourse-translator.git - git clone https://github.com/discourse/discourse-solved.git + - git clone https://github.com/discourse/discourse-gamification.git ## Remember, this is YAML syntax - you can only have one block with a name run: From effdbf22e07b8dca4041f3414eb4e2e80f5d5c6e Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Mon, 31 Jul 2023 20:07:13 +0800 Subject: [PATCH 14/94] Add maxminddb_get --- templates/web.template.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/templates/web.template.yml b/templates/web.template.yml index 12ba93565..fb178cff0 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -196,6 +196,13 @@ run: hook: db_migrate cmd: - su discourse -c 'bundle exec rake db:migrate' + + - exec: + cd: $home + hook: maxminddb_get + cmd: + - su discourse -c 'bundle exec rake maxminddb:get' + - exec: cd: $home hook: assets_precompile From b014da3fcf0becc395a2ccf9db3918361c7d4676 Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Thu, 3 Aug 2023 10:31:54 +0800 Subject: [PATCH 15/94] Add plugins --- containers/web_only.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 7953605ca..2022cfcb0 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -37,8 +37,8 @@ env: ## How many concurrent web requests are supported? Depends on memory and CPU cores. ## will be set automatically by bootstrap based on detected CPUs, or you can override # UNICORN_WORKERS: - UNICORN_SIDEKIQS: - UNICORN_SIDEKIQ_MAX_RSS: + # UNICORN_SIDEKIQS: + # UNICORN_SIDEKIQ_MAX_RSS: ## TODO: The domain name this Discourse instance will respond to DISCOURSE_HOSTNAME: @@ -106,6 +106,11 @@ hooks: - git clone https://github.com/opensourceways/discourse-translator.git - git clone https://github.com/discourse/discourse-solved.git - git clone https://github.com/discourse/discourse-gamification.git + - git clone https://github.com/discourse/discourse-automation.git + - git clone https://github.com/paviliondev/discourse-multilingual.git + - git clone https://github.com/discourse/discourse-signatures.git + - git clone https://github.com/discourse/discourse-reactions.git + - git clone https://github.com/discourse/discourse-staff-alias.git ## Remember, this is YAML syntax - you can only have one block with a name run: From dec4986ad0fce481a6617a97b5e797c974d4f170 Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Fri, 4 Aug 2023 14:25:26 +0800 Subject: [PATCH 16/94] Update web_only --- containers/web_only.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 2022cfcb0..d12649eb2 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -106,11 +106,7 @@ hooks: - git clone https://github.com/opensourceways/discourse-translator.git - git clone https://github.com/discourse/discourse-solved.git - git clone https://github.com/discourse/discourse-gamification.git - - git clone https://github.com/discourse/discourse-automation.git - - git clone https://github.com/paviliondev/discourse-multilingual.git - - git clone https://github.com/discourse/discourse-signatures.git - git clone https://github.com/discourse/discourse-reactions.git - - git clone https://github.com/discourse/discourse-staff-alias.git ## Remember, this is YAML syntax - you can only have one block with a name run: @@ -124,6 +120,12 @@ run: ## If you want to authorized additional users, uncomment and change: #- exec: ssh-import-id username #- exec: ssh-import-id anotherusername - + - exec: + cd: /var/www/discourse + cmd: + - sed -i 's/GlobalSetting.serve_static_assets/true/' config/environments/production.rb + - bash -c "touch -a /shared/log/rails/{sidekiq,puma.err,puma}.log" + - bash -c "ln -sf /shared/log/rails/{sidekiq,puma.err,puma}.log log/" + - sed -i 's/default \$scheme;/default https;/' /etc/nginx/conf.d/discourse.conf # - exec: echo "End of custom commands" # - exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}' From e088749528c58f9425c361a15e66a27234aee8ca Mon Sep 17 00:00:00 2001 From: wangweifeng Date: Thu, 21 Sep 2023 10:31:54 +0800 Subject: [PATCH 17/94] Rename repo of easecheck --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index d12649eb2..a2ffbe8c7 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -100,7 +100,7 @@ hooks: cmd: - mkdir -p plugins - git clone https://github.com/discourse/docker_manager.git - - git clone https://gitee.com/opensourceway/EaseCheck.git + - git clone https://gitee.com/opensourceway/discourse-easecheck.git - git clone https://github.com/opensourceways/discourse-oauth2-basic.git - git clone https://github.com/opensourceways/discourse-formatting-toolbar.git - git clone https://github.com/opensourceways/discourse-translator.git From da026c9535c3e244fa5b5949e57eaa7c13fa230a Mon Sep 17 00:00:00 2001 From: fuxinji9527 <1992666531@qq.com> Date: Wed, 26 Jun 2024 16:10:23 +0800 Subject: [PATCH 18/94] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=A4=9A=E8=AF=AD?= =?UTF-8?q?=E8=A8=80=E7=AE=A1=E7=90=86=E6=8F=92=E4=BB=B6=EF=BC=8C=E4=BF=AE?= =?UTF-8?q?=E6=94=B9discourse=20unicorn=E9=BB=98=E8=AE=A4=E8=B6=85?= =?UTF-8?q?=E6=97=B6=E6=97=B6=E9=97=B4=E4=B8=BA60=E7=A7=92?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- containers/web_only.yml | 1 + templates/web.template.yml | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/containers/web_only.yml b/containers/web_only.yml index a2ffbe8c7..09b3d22f4 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -107,6 +107,7 @@ hooks: - git clone https://github.com/discourse/discourse-solved.git - git clone https://github.com/discourse/discourse-gamification.git - git clone https://github.com/discourse/discourse-reactions.git + - git clone https://github.com/paviliondev/discourse-multilingual.git ## Remember, this is YAML syntax - you can only have one block with a name run: diff --git a/templates/web.template.yml b/templates/web.template.yml index fb178cff0..9fb801d40 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -209,6 +209,12 @@ run: cmd: - su discourse -c 'bundle exec rake themes:update assets:precompile' + - exec: + cd: $home + cmd: + - su discourse -c 'sed -i "s/timeout 30/timeout 60/" config/unicorn.conf.rb' + - echo "Unicorn timeout changed to 60 seconds" + - file: path: /usr/local/bin/discourse chmod: +x From 8609dad3f6f0c1038b179f84860859e03491b8ce Mon Sep 17 00:00:00 2001 From: jlcoo Date: Mon, 28 Oct 2024 19:31:09 +0800 Subject: [PATCH 19/94] add discourse ai plugin --- containers/web_only.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 09b3d22f4..b78061b13 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -100,7 +100,7 @@ hooks: cmd: - mkdir -p plugins - git clone https://github.com/discourse/docker_manager.git - - git clone https://gitee.com/opensourceway/discourse-easecheck.git + - git clone https://github.com/opensourceways/discourse-easecheck.git - git clone https://github.com/opensourceways/discourse-oauth2-basic.git - git clone https://github.com/opensourceways/discourse-formatting-toolbar.git - git clone https://github.com/opensourceways/discourse-translator.git @@ -108,6 +108,7 @@ hooks: - git clone https://github.com/discourse/discourse-gamification.git - git clone https://github.com/discourse/discourse-reactions.git - git clone https://github.com/paviliondev/discourse-multilingual.git + - git clone https://github.com/discourse/discourse-ai.git ## Remember, this is YAML syntax - you can only have one block with a name run: From ce62386afff7ae22d91ba16416b72952b4fe7099 Mon Sep 17 00:00:00 2001 From: jlcoo Date: Fri, 1 Nov 2024 11:15:04 +0800 Subject: [PATCH 20/94] change github plugin --- containers/web_only.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index b78061b13..10d5c2441 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -108,7 +108,6 @@ hooks: - git clone https://github.com/discourse/discourse-gamification.git - git clone https://github.com/discourse/discourse-reactions.git - git clone https://github.com/paviliondev/discourse-multilingual.git - - git clone https://github.com/discourse/discourse-ai.git ## Remember, this is YAML syntax - you can only have one block with a name run: From 3768297b23c8a9b4027f8cc88e8529c04b83f06d Mon Sep 17 00:00:00 2001 From: fuxinji9527 <1992666531@qq.com> Date: Fri, 1 Nov 2024 16:15:28 +0800 Subject: [PATCH 21/94] =?UTF-8?q?=E5=90=8C=E6=AD=A5=E6=9C=80=E6=96=B0disco?= =?UTF-8?q?urse=5Fdocker=E4=BB=A3=E7=A0=81=E4=BB=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- discourse-doctor | 17 +-- discourse-setup | 108 +++++++++++----- image/auto_build.rb | 112 ++++++++++++++-- image/base/install-imagemagick | 22 ++-- image/base/install-jemalloc | 53 +++++--- image/base/install-nginx | 11 +- image/base/install-oxipng | 33 ++--- image/base/install-redis | 7 +- image/base/install-ruby | 16 --- image/base/install-rust | 2 +- image/base/release.Dockerfile | 15 --- image/base/slim.Dockerfile | 121 ------------------ image/discourse_bench/Dockerfile | 2 +- image/discourse_bench/run_bench.sh | 2 +- image/discourse_dev/Dockerfile | 48 +++++-- image/discourse_dev/postgres_dev.template.yml | 31 +---- image/discourse_fast_switch/create_switch.rb | 13 +- image/discourse_test/Dockerfile | 17 +-- launcher | 8 +- samples/mail-receiver.yml | 10 +- samples/standalone.yml | 7 +- samples/web_only.yml | 7 +- scripts/mk_swapfile | 51 -------- templates/import/mbox.template.yml | 2 +- templates/import/mssql-dep.template.yml | 2 +- templates/import/mysql-dep.template.yml | 2 +- templates/import/phpbb3.template.yml | 2 +- templates/import/vanilla.template.yml | 30 +++-- templates/postgres.13.template.yml | 3 +- templates/postgres.template.yml | 116 ++++++++++------- templates/redis.template.yml | 16 ++- templates/web.china.template.yml | 18 ++- templates/web.ssl.template.yml | 8 +- templates/web.template.yml | 57 ++++++--- 34 files changed, 500 insertions(+), 469 deletions(-) delete mode 100755 image/base/install-ruby delete mode 100644 image/base/release.Dockerfile delete mode 100644 image/base/slim.Dockerfile delete mode 100755 scripts/mk_swapfile diff --git a/discourse-doctor b/discourse-doctor index 0c7ea1881..9f892361b 100755 --- a/discourse-doctor +++ b/discourse-doctor @@ -209,7 +209,7 @@ dump_yaml() { ## read a variable from the config file and stick it in read_config_result ## read_config() { - config_line=$(egrep "^ #?$1:" $web_file) + config_line=$(grep -E "^ #?$1:" $web_file) read_config_result=$(echo $config_line | awk -F ":" '{print $2}') read_config_result=$(echo $read_config_result | sed "s/^\([\"']\)\(.*\)\1\$/\2/g") } @@ -314,18 +314,19 @@ print_done() { log "==================== DONE! ====================" DOCTOR_FILE=$(date +%s | sha256sum | base64 | head -c 20).txt - if [ $app_name == 'app' ] && [ "$NO_CONTAINER" != 'y' ] - then - read -p "Would you like to serve a publicly available version of this file? (Y/n)" serve - if [ $serve == 'Y' ] - then + if [ $app_name == 'app' ] && [ "$NO_CONTAINER" != 'y' ]; then + read -p "Would you like to serve a publicly available version of this file? (Y/n) " serve + case "${serve:-Y}" in + y*|Y*) cp $LOG_FILE shared/standalone/log/var-log/$DOCTOR_FILE sudo docker exec -w /var/www/discourse -i $app_name cp /var/log/$DOCTOR_FILE public log "The output of this program may be available at http://$DISCOURSE_HOSTNAME/$DOCTOR_FILE" log "You should inspect that file carefully before sharing the URL." - else + ;; + *) log "Publicly available log not generated." - fi + ;; + esac fi # The following is not in the web log file since it was copied above, which seems correct log diff --git a/discourse-setup b/discourse-setup index 0daafcbe6..209c622f1 100755 --- a/discourse-setup +++ b/discourse-setup @@ -257,7 +257,8 @@ scale_ram_and_cpu() { avail_cores=`sysctl hw.ncpu | awk '/hw.ncpu:/ {print $2}'` else avail_gb=$(check_linux_memory) - avail_cores=$((`awk '/cpu cores/ {print $4;exit}' /proc/cpuinfo`*`sort /proc/cpuinfo | uniq | grep -c "physical id"`)) + threads_per_core=$(lscpu | awk 'BEGIN {FS=":"} /Thread\(s\) per core/ {print $2}') + avail_cores=$((`lscpu | awk '/^CPU\(s\)/ {print $2}'`*${threads_per_core})) fi echo "Found ${avail_gb}GB of memory and $avail_cores physical CPU cores" @@ -343,32 +344,40 @@ check_port() { ## read a variable from the config file ## read_config() { - config_line=`egrep "^ #?$1:" $web_file` + config_line=`grep -E "^ #?$1:" $web_file` read_config_result=`echo $config_line | awk -F":" '{print $2}'` read_config_result=`echo $read_config_result | sed "s/^\([\"']\)\(.*\)\1\$/\2/g"` } read_default() { - config_line=`egrep "^ #?$1:" samples/standalone.yml` + config_line=`grep -E "^ #?$1:" samples/standalone.yml` read_default_result=`echo $config_line | awk -F":" '{print $2}'` read_default_result=`echo $read_config_result | sed "s/^\([\"']\)\(.*\)\1\$/\2/g"` } -assert_maxmind_license_key() { +assert_maxmind_envs() { if ! grep DISCOURSE_MAXMIND_LICENSE_KEY $web_file >/dev/null 2>&1 then - echo "Adding MAXMIND placeholder to $web_file" + echo "Adding MAXMIND_LICENSE_KEY placeholder to $web_file" sed -i '/^.*LETSENCRYPT_ACCOUNT_EMAIL.*/a \ \ #DISCOURSE_MAXMIND_LICENSE_KEY: 1234567890123456' $web_file fi - if ! grep DISCOURSE_MAXMIND_LICENSE_KEY $web_file >/dev/null 2>&1 + + if ! grep DISCOURSE_MAXMIND_ACCOUNT_ID $web_file >/dev/null 2>&1 + then + echo "Adding MAXMIND_ACCOUNT_ID placeholder to $web_file" + sed -i '/^.*LETSENCRYPT_ACCOUNT_EMAIL.*/a \ \ #DISCOURSE_MAXMIND_ACCOUNT_ID: 123456' $web_file + fi + + + if ! grep -e DISCOURSE_MAXMIND_LICENSE_KEY -e DISCOURSE_MAXMIND_ACCOUNT_ID $web_file >/dev/null 2>&1 then cat < discourse_dev/postgres.template.yml") + run( + "sed -e 's/\(db_name: discourse\)/\1_development/' ../templates/postgres.template.yml > discourse_dev/postgres.template.yml", + ) run("cp ../templates/redis.template.yml discourse_dev/redis.template.yml") + run("cp base/install-rust discourse_dev/install-rust") end -if ARGV.length != 1 +if ARGV.length == 0 puts <<~TEXT Usage: ruby auto_build.rb IMAGE @@ -57,7 +143,7 @@ def dev_deps() end puts "Building #{images[image]}" - dev_deps() if image == :discourse_dev + dev_deps() if image == :discourse_dev_amd64 || image == :discourse_dev_arm64 - build(images[image]) + build(images[image], ARGV[1..-1].join(" ")) end diff --git a/image/base/install-imagemagick b/image/base/install-imagemagick index 911e719e6..44dbea43a 100755 --- a/image/base/install-imagemagick +++ b/image/base/install-imagemagick @@ -9,7 +9,7 @@ IMAGE_MAGICK_HASH="d282117bc6d0e91ad1ad685d096623b96ed8e229f911c891d83277b350ef8 LIBJPEGTURBO=$(cat /etc/issue | grep -qi Debian && echo 'libjpeg62-turbo libjpeg62-turbo-dev' || echo 'libjpeg-turbo8 libjpeg-turbo8-dev') # Ubuntu 22.04/22.10 doesn't have libwebp6 -LIBWEBP=$(cat /etc/issue | grep -qi 'Ubuntu 22' && echo 'libwebp7' || echo 'libwebp6') +LIBWEBP=$(cat /etc/issue | grep -qiE 'Debian GNU/Linux 12|Ubuntu 22' && echo 'libwebp7' || echo 'libwebp6') PREFIX=/usr/local WDIR=/tmp/imagemagick @@ -17,17 +17,17 @@ WDIR=/tmp/imagemagick # Install build deps apt -y -q remove imagemagick apt -y -q install git make gcc pkg-config autoconf curl g++ yasm cmake \ - libde265-0 libde265-dev ${LIBJPEGTURBO} x265 libx265-dev libtool \ - libpng16-16 libpng-dev ${LIBJPEGTURBO} ${LIBWEBP} libwebp-dev libgomp1 \ + libde265-0 libde265-dev ${LIBJPEGTURBO} ${LIBWEBP} x265 libx265-dev libtool \ + libpng16-16 libpng-dev libwebp-dev libgomp1 \ libwebpmux3 libwebpdemux2 ghostscript libxml2-dev libxml2-utils librsvg2-dev \ - libltdl7-dev libbz2-dev gsfonts libtiff-dev libfreetype6-dev libjpeg-dev + libltdl7-dev libbz2-dev gsfonts libtiff-dev libfreetype6-dev libjpeg-dev libheif1 libheif-dev -# Ubuntu doesn't like `bullseye-backports` -if cat /etc/issue | grep -qi 'Ubuntu 22'; then - apt -y install libheif1 libaom-dev libheif-dev +# Ubuntu doesn't like backports +if cat /etc/issue | grep -qiE 'Debian GNU/Linux 12|Ubuntu 22'; then + apt -y install libaom-dev else # Use backports instead of compiling it - apt -y -q install -t bullseye-backports libheif1 libaom-dev libheif-dev + apt -y -q install -t bullseye-backports libaom-dev fi mkdir -p $WDIR @@ -40,7 +40,7 @@ echo "$IMAGE_MAGICK_HASH $WDIR/ImageMagick.tar.gz" | sha256sum -c IMDIR=$WDIR/$(tar tzf $WDIR/ImageMagick.tar.gz --wildcards "ImageMagick-*/configure" |cut -d/ -f1) tar zxf $WDIR/ImageMagick.tar.gz -C $WDIR cd $IMDIR -PKG_CONF_LIBDIR=$PREFIX/lib LDFLAGS=-L$PREFIX/lib CFLAGS=-I$PREFIX/include ./configure \ +PKG_CONF_LIBDIR=$PREFIX/lib LDFLAGS=-L$PREFIX/lib CFLAGS='-O2 -I$PREFIX/include' ./configure \ --prefix=$PREFIX \ --enable-static \ --enable-bounds-checking \ @@ -62,11 +62,11 @@ PKG_CONF_LIBDIR=$PREFIX/lib LDFLAGS=-L$PREFIX/lib CFLAGS=-I$PREFIX/include ./con --with-heic \ --with-rsvg \ --with-webp -make all && make install +make all -j"$(nproc)" && make install cd $HOME rm -rf $WDIR ldconfig /usr/local/lib # Validate ImageMagick install -test $(convert -version | grep -o -e png -e tiff -e jpeg -e freetype -e heic -e webp | wc -l) -eq 6 +test $(magick -version | grep -o -e png -e tiff -e jpeg -e freetype -e heic -e webp | wc -l) -eq 6 diff --git a/image/base/install-jemalloc b/image/base/install-jemalloc index b07597874..311c96905 100755 --- a/image/base/install-jemalloc +++ b/image/base/install-jemalloc @@ -3,24 +3,41 @@ set -e # version check: https://github.com/jemalloc/jemalloc/releases -# jemalloc stable -mkdir /jemalloc-stable -cd /jemalloc-stable +# Newer aarch64 platforms, like Raspberry Pi 5 with Debian Bookworm, are +# shipping with PAGESIZE=16K. Setting it here is retrocompatible with older +# systems, so it's safe to set it unconditionally for arm. +# This means aarch64 will use the latest jemalloc, where we can configure the +# page size, while x64 will keep using our pinned 3.6.0 jemalloc +if uname -m | grep -qi 'aarch64'; then + mkdir /jemalloc-new + cd /jemalloc-new -wget -q https://github.com/jemalloc/jemalloc/releases/download/3.6.0/jemalloc-3.6.0.tar.bz2 -sha256sum jemalloc-3.6.0.tar.bz2 -echo "e16c2159dd3c81ca2dc3b5c9ef0d43e1f2f45b04548f42db12e7c12d7bdf84fe jemalloc-3.6.0.tar.bz2" | sha256sum -c -tar --strip-components=1 -xjf jemalloc-3.6.0.tar.bz2 -./configure --prefix=/usr && make && make install -cd / && rm -rf /jemalloc-stable + wget -q https://github.com/jemalloc/jemalloc/releases/download/5.3.0/jemalloc-5.3.0.tar.bz2 + sha256sum jemalloc-5.3.0.tar.bz2 + echo "2db82d1e7119df3e71b7640219b6dfe84789bc0537983c3b7ac4f7189aecfeaa jemalloc-5.3.0.tar.bz2" | sha256sum -c + tar --strip-components=1 -xjf jemalloc-5.3.0.tar.bz2 + ./configure --prefix=/usr --with-lg-page=16 && make build_lib -j"$(nproc)" && make install_lib + cd / && rm -rf /jemalloc-new +else + # jemalloc stable + mkdir /jemalloc-stable + cd /jemalloc-stable -# jemalloc new -mkdir /jemalloc-new -cd /jemalloc-new + wget -q https://github.com/jemalloc/jemalloc/releases/download/3.6.0/jemalloc-3.6.0.tar.bz2 + sha256sum jemalloc-3.6.0.tar.bz2 + echo "e16c2159dd3c81ca2dc3b5c9ef0d43e1f2f45b04548f42db12e7c12d7bdf84fe jemalloc-3.6.0.tar.bz2" | sha256sum -c + tar --strip-components=1 -xjf jemalloc-3.6.0.tar.bz2 + ./configure --prefix=/usr $EXTRA_CONF && make -j"$(nproc)" && make install + cd / && rm -rf /jemalloc-stable -wget -q https://github.com/jemalloc/jemalloc/releases/download/5.3.0/jemalloc-5.3.0.tar.bz2 -sha256sum jemalloc-5.3.0.tar.bz2 -echo "2db82d1e7119df3e71b7640219b6dfe84789bc0537983c3b7ac4f7189aecfeaa jemalloc-5.3.0.tar.bz2" | sha256sum -c -tar --strip-components=1 -xjf jemalloc-5.3.0.tar.bz2 -./configure --prefix=/usr --with-install-suffix=5.3.0 && make build_lib && make install_lib -cd / && rm -rf /jemalloc-new + # jemalloc new + mkdir /jemalloc-new + cd /jemalloc-new + + wget -q https://github.com/jemalloc/jemalloc/releases/download/5.3.0/jemalloc-5.3.0.tar.bz2 + sha256sum jemalloc-5.3.0.tar.bz2 + echo "2db82d1e7119df3e71b7640219b6dfe84789bc0537983c3b7ac4f7189aecfeaa jemalloc-5.3.0.tar.bz2" | sha256sum -c + tar --strip-components=1 -xjf jemalloc-5.3.0.tar.bz2 + ./configure --prefix=/usr --with-install-suffix=5.3.0 && make build_lib -j"$(nproc)" && make install_lib + cd / && rm -rf /jemalloc-new +fi diff --git a/image/base/install-nginx b/image/base/install-nginx index aa24338c0..7abe2b6fb 100755 --- a/image/base/install-nginx +++ b/image/base/install-nginx @@ -2,13 +2,12 @@ set -e # version check: https://nginx.org/en/download.html -VERSION=1.23.3 -HASH="75cb5787dbb9fae18b14810f91cc4343f64ce4c24e27302136fb52498042ba54" +VERSION=1.26.1 cd /tmp wget -q https://nginx.org/download/nginx-$VERSION.tar.gz -sha256sum nginx-$VERSION.tar.gz -echo "$HASH nginx-$VERSION.tar.gz" | sha256sum -c +wget -q https://nginx.org/download/nginx-$VERSION.tar.gz.asc +gpg --verify nginx-$VERSION.tar.gz.asc nginx-$VERSION.tar.gz tar zxf nginx-$VERSION.tar.gz cd nginx-$VERSION @@ -31,7 +30,9 @@ make install mv /usr/share/nginx/sbin/nginx /usr/sbin cd / -rm -fr /tmp/nginx +rm -fr /tmp/nginx-$VERSION +rm -f /tmp/nginx-$VERSION.tar.gz +rm -f /tmp/nginx-$VERSION.tar.gz.asc rm -fr /tmp/libbrotli rm -fr /tmp/ngx_brotli rm -fr /etc/nginx/modules-enabled/* diff --git a/image/base/install-oxipng b/image/base/install-oxipng index a6933ab6d..63cad97ff 100755 --- a/image/base/install-oxipng +++ b/image/base/install-oxipng @@ -2,23 +2,24 @@ set -e # version check: https://github.com/shssoichiro/oxipng/releases -OXIPNG_VERSION="8.0.0" -OXIPNG_HASH="ef96d6340e70900de0a38ace8f5f20878f6c256b18b0c59cd87f2b515437b87b" -OXIPNG_ARCHIVE="v${OXIPNG_VERSION}.tar.gz" -OXIPNG_DIR="oxipng-${OXIPNG_VERSION}" +OXIPNG_VERSION="9.1.2" +dpkgArch="$(dpkg --print-architecture)" -# Install other deps -apt-get -y install advancecomp jhead jpegoptim libjpeg-turbo-progs optipng - -cd /tmp -wget -q https://github.com/shssoichiro/oxipng/archive/refs/tags/${OXIPNG_ARCHIVE} -sha256sum ${OXIPNG_ARCHIVE} -echo "${OXIPNG_HASH} ${OXIPNG_ARCHIVE}" | sha256sum -c +case "${dpkgArch##*-}" in + amd64) OXIPNG_FILE="oxipng-${OXIPNG_VERSION}-x86_64-unknown-linux-musl.tar.gz"; OXIPNG_HASH='211d53f3781be4a71566fbaad6611a3da018ac9b22d500651b091c2b42ebe318' ;; + arm64) OXIPNG_FILE="oxipng-${OXIPNG_VERSION}-aarch64-unknown-linux-musl.tar.gz"; OXIPNG_HASH='818d47d7195e1e0c4d58a9f3b6fd84aa3cd21770c60c876e73e2e6a17ca69b52' ;; + *) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;; +esac -tar -zxf ${OXIPNG_ARCHIVE} -cd ${OXIPNG_DIR} +# Install other deps +apt -y -q install advancecomp jhead jpegoptim libjpeg-turbo-progs optipng -CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse /usr/local/cargo/bin/cargo build --release -cp target/release/oxipng /usr/local/bin +mkdir /oxipng-install +cd /oxipng-install -cd / && rm -fr /tmp/${OXIPNG_DIR} +wget -q https://github.com/shssoichiro/oxipng/releases/download/v${OXIPNG_VERSION}/${OXIPNG_FILE} +sha256sum ${OXIPNG_FILE} +echo "${OXIPNG_HASH} ${OXIPNG_FILE}" | sha256sum -c +tar --strip-components=1 -xzf $OXIPNG_FILE +cp -v ./oxipng /usr/local/bin +cd / && rm -fr /oxipng-install \ No newline at end of file diff --git a/image/base/install-redis b/image/base/install-redis index 690b2640e..4a0d6fdd4 100755 --- a/image/base/install-redis +++ b/image/base/install-redis @@ -14,8 +14,13 @@ echo "$REDIS_HASH redis-$REDIS_VERSION.tar.gz" | sha256sum -c tar zxf redis-$REDIS_VERSION.tar.gz cd redis-$REDIS_VERSION +# aarch64 compatibility +if uname -m | grep -qi 'aarch64'; then + export JEMALLOC_CONFIGURE_OPTS="--with-lg-page=16" +fi + # Building and installing binaries. -make BUILD_TLS=yes && make install PREFIX=/usr +make -j"$(nproc)" BUILD_TLS=yes && make install PREFIX=/usr # Add `redis` user and group. adduser --system --home /var/lib/redis --quiet --group redis || true diff --git a/image/base/install-ruby b/image/base/install-ruby deleted file mode 100755 index 4be5a5f1f..000000000 --- a/image/base/install-ruby +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -set -e - -RUBY_VERSION="3.2.2" -export CONFIGURE_OPTS="--enable-yjit" - -apt-get -y install --no-install-recommends ruby bison libffi-dev - -mkdir /src -git -C /src clone https://github.com/rbenv/ruby-build.git -cd /src/ruby-build && ./install.sh -cd / && rm -fr /src - -ruby-build ${RUBY_VERSION} /usr/local - -apt-get -y purge ruby diff --git a/image/base/install-rust b/image/base/install-rust index b45263781..968899a97 100755 --- a/image/base/install-rust +++ b/image/base/install-rust @@ -5,7 +5,7 @@ set -e export RUSTUP_HOME=/usr/local/rustup export CARGO_HOME=/usr/local/cargo export PATH=/usr/local/cargo/bin:$PATH -export RUST_VERSION=1.68.0 +export RUST_VERSION=1.75.0 export RUSTUP_VERSION=1.25.2 dpkgArch="$(dpkg --print-architecture)" diff --git a/image/base/release.Dockerfile b/image/base/release.Dockerfile deleted file mode 100644 index 95c0c9c81..000000000 --- a/image/base/release.Dockerfile +++ /dev/null @@ -1,15 +0,0 @@ -ARG from=discourse/base -ARG tag=build_slim - -FROM $from:$tag - -ENV RAILS_ENV=production - -RUN cd /var/www/discourse &&\ - sudo -u discourse bundle config --local deployment true &&\ - sudo -u discourse bundle config --local path ./vendor/bundle &&\ - sudo -u discourse bundle config --local without test development &&\ - sudo -u discourse bundle install --jobs 4 &&\ - sudo -u discourse yarn install --frozen-lockfile &&\ - sudo -u discourse yarn cache clean &&\ - find /var/www/discourse/vendor/bundle -name tmp -type d -exec rm -rf {} + diff --git a/image/base/slim.Dockerfile b/image/base/slim.Dockerfile deleted file mode 100644 index f36c5937b..000000000 --- a/image/base/slim.Dockerfile +++ /dev/null @@ -1,121 +0,0 @@ -# NAME: discourse/base -# VERSION: release -FROM debian:bullseye-slim - -ENV PG_MAJOR=13 \ - RUBY_ALLOCATOR=/usr/lib/libjemalloc.so.1 \ - RUSTUP_HOME=/usr/local/rustup \ - CARGO_HOME=/usr/local/cargo \ - PATH=/usr/local/cargo/bin:$PATH \ - LEFTHOOK=0 - -#LABEL maintainer="Sam Saffron \"https://twitter.com/samsaffron\"" - -RUN echo 2.0.`date +%Y%m%d` > /VERSION - -RUN echo 'deb http://deb.debian.org/debian bullseye-backports main' > /etc/apt/sources.list.d/bullseye-backports.list -RUN echo "debconf debconf/frontend select Teletype" | debconf-set-selections -RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install gnupg sudo curl fping -RUN sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://proxy:3128\";}; };' > /etc/apt/apt.conf.d/40proxy && apt-get update || true" -RUN apt-mark hold initscripts -RUN apt-get -y upgrade - -RUN DEBIAN_FRONTEND=noninteractive apt-get install -y locales locales-all -ENV LC_ALL en_US.UTF-8 -ENV LANG en_US.UTF-8 -ENV LANGUAGE en_US.UTF-8 - -RUN curl https://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add - -RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ bullseye-pgdg main" | \ - tee /etc/apt/sources.list.d/postgres.list -RUN curl --silent --location https://deb.nodesource.com/setup_18.x | sudo bash - -RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - -RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list -RUN apt-get -y update -# install these without recommends to avoid pulling in e.g. -# X11 libraries, mailutils -RUN DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends git rsyslog logrotate cron ssh-client less -RUN DEBIAN_FRONTEND=noninteractive apt-get -y install autoconf build-essential ca-certificates rsync \ - libxslt-dev libcurl4-openssl-dev \ - libssl-dev libyaml-dev libtool \ - libpcre3 libpcre3-dev zlib1g zlib1g-dev \ - libxml2-dev gawk parallel \ - postgresql-${PG_MAJOR} postgresql-client-${PG_MAJOR} \ - postgresql-contrib-${PG_MAJOR} libpq-dev postgresql-${PG_MAJOR}-pgvector \ - libreadline-dev anacron wget \ - psmisc whois brotli libunwind-dev \ - libtcmalloc-minimal4 cmake \ - pngcrush pngquant -RUN sed -i -e 's/start -q anacron/anacron -s/' /etc/cron.d/anacron -RUN sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf -RUN sed -i.bak 's/module(load="imklog")/#module(load="imklog")/' /etc/rsyslog.conf -RUN dpkg-divert --local --rename --add /sbin/initctl -RUN sh -c "test -f /sbin/initctl || ln -s /bin/true /sbin/initctl" -RUN cd / &&\ - DEBIAN_FRONTEND=noninteractive apt-get -y install runit socat &&\ - mkdir -p /etc/runit/1.d &&\ - apt-get clean &&\ - rm -f /etc/apt/apt.conf.d/40proxy &&\ - locale-gen en_US &&\ - DEBIAN_FRONTEND=noninteractive apt-get install -y nodejs yarn &&\ - npm install -g terser uglify-js pnpm - -ADD install-imagemagick /tmp/install-imagemagick -RUN /tmp/install-imagemagick - -ADD install-jemalloc /tmp/install-jemalloc -RUN /tmp/install-jemalloc - -ADD install-nginx /tmp/install-nginx -RUN /tmp/install-nginx - -ADD install-redis /tmp/install-redis -RUN /tmp/install-redis - -ADD install-rust /tmp/install-rust -ADD install-ruby /tmp/install-ruby -ADD install-oxipng /tmp/install-oxipng -RUN /tmp/install-rust && /tmp/install-ruby && /tmp/install-oxipng && rustup self uninstall -y - -RUN echo 'gem: --no-document' >> /usr/local/etc/gemrc &&\ - gem update --system - -RUN gem install bundler pups --force &&\ - mkdir -p /pups/bin/ &&\ - ln -s /usr/local/bin/pups /pups/bin/pups - -# This tool allows us to disable huge page support for our current process -# since the flag is preserved through forks and execs it can be used on any -# process -ADD thpoff.c /src/thpoff.c -RUN gcc -o /usr/local/sbin/thpoff /src/thpoff.c && rm /src/thpoff.c - -# clean up for docker squash -RUN rm -fr /usr/share/man &&\ - rm -fr /usr/share/doc &&\ - rm -fr /usr/share/vim/vim74/doc &&\ - rm -fr /usr/share/vim/vim74/lang &&\ - rm -fr /usr/share/vim/vim74/spell/en* &&\ - rm -fr /usr/share/vim/vim74/tutor &&\ - rm -fr /usr/local/share/doc &&\ - rm -fr /usr/local/share/ri &&\ - rm -fr /usr/local/share/ruby-build &&\ - rm -fr /var/lib/apt/lists/* &&\ - rm -fr /root/.gem &&\ - rm -fr /root/.npm &&\ - rm -fr /tmp/* - -# this can probably be done, but I worry that people changing PG locales will have issues -# cd /usr/share/locale && rm -fr `ls -d */ | grep -v en` - -# this is required for aarch64 which uses buildx -# see https://github.com/docker/buildx/issues/150 -RUN rm -f /etc/service - -COPY etc/ /etc -COPY sbin/ /sbin - -# Discourse specific bits -RUN useradd discourse -s /bin/bash -m -U &&\ - install -dm 0755 -o discourse -g discourse /var/www/discourse &&\ - sudo -u discourse git clone --filter=tree:0 https://github.com/discourse/discourse.git /var/www/discourse diff --git a/image/discourse_bench/Dockerfile b/image/discourse_bench/Dockerfile index 5b5d50e9c..8dd9ef7af 100644 --- a/image/discourse_bench/Dockerfile +++ b/image/discourse_bench/Dockerfile @@ -13,7 +13,7 @@ RUN git config --global user.email "you@example.com" &&\ git config --global user.name "Your Name" RUN git pull &&\ - sudo -u discourse bundle install --standalone + sudo -u discourse bundle install --jobs $(($(nproc) - 1)) --standalone RUN gem install facter &&\ gem install mailcatcher diff --git a/image/discourse_bench/run_bench.sh b/image/discourse_bench/run_bench.sh index d1f9c6a1d..a9a90f6fb 100644 --- a/image/discourse_bench/run_bench.sh +++ b/image/discourse_bench/run_bench.sh @@ -10,7 +10,7 @@ redis-server /etc/redis/redis.conf git pull # install needed gems -sudo -E -u discourse bundle install +sudo -E -u discourse bundle install --jobs $(($(nproc) - 1)) # start mailcatcher mailcatcher --http-ip 0.0.0.0 diff --git a/image/discourse_dev/Dockerfile b/image/discourse_dev/Dockerfile index 4bbd9e4c9..57545f3bc 100644 --- a/image/discourse_dev/Dockerfile +++ b/image/discourse_dev/Dockerfile @@ -1,6 +1,15 @@ # NAME: discourse/discourse_dev # VERSION: release -FROM discourse/base:slim + +ARG from_tag=slim + +FROM discourse/base:$from_tag AS repo-fetcher +WORKDIR /repo +RUN chown discourse . +USER discourse +RUN git clone https://github.com/discourse/discourse . --depth 1 + +FROM discourse/base:$from_tag #LABEL maintainer="Sam Saffron \"https://twitter.com/samsaffron\"" @@ -12,14 +21,20 @@ ADD sudoers.discourse /etc/sudoers.d/discourse RUN sudo -u discourse bundle config set --global path /home/discourse/.bundle/gems +# Add user-install ruby gems to PATH +RUN echo 'PATH="$(ruby -r rubygems -e "puts Gem.user_dir")/bin:$PATH"' >> /home/discourse/.profile + # get redis going ADD redis.template.yml /pups/redis.yml RUN /pups/bin/pups /pups/redis.yml RUN locale-gen en_US.UTF-8 -ENV LANG en_US.UTF-8 -ENV LANGUAGE en_US:en -ENV LC_ALL en_US.UTF-8 +ENV LANG=en_US.UTF-8 \ + LANGUAGE=en_US:en \ + LC_ALL=en_US.UTF-8 \ + RUSTUP_HOME=/usr/local/rustup \ + CARGO_HOME=/usr/local/cargo \ + PATH=/usr/local/cargo/bin:$PATH # get postgres going ADD postgres.template.yml /pups/postgres.yml @@ -36,13 +51,28 @@ RUN mv /shared/postgres_data /shared/postgres_data_orig # invocations when used with a mounted volume) ADD ensure-database /etc/runit/1.d/ensure-database -RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add - &&\ - echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list &&\ - apt update &&\ - apt install -y google-chrome-stable firefox-esr +ADD install-rust /tmp/install-rust +ADD install-selenium /tmp/install-selenium +RUN /tmp/install-selenium # Install & Configure MailHog (https://github.com/mailhog/MailHog) RUN wget -qO /tmp/mailhog https://github.com/mailhog/MailHog/releases/download/v1.0.1/MailHog_linux_amd64\ && echo "e2ed634ded49929f089b20045581955ed217672078fd86082dd7a6c67c5d09c7 /tmp/mailhog" | sha256sum -c -\ && mv /tmp/mailhog /usr/local/bin/mailhog\ - && chmod +x /usr/local/bin/mailhog + && chmod +x /usr/local/bin/mailhog\ + && rm -rf /tmp/* + +USER discourse + +# Warm global bundle cache, then delete the compressed `cache/` versions (`/gem/` are enough) +RUN --mount=type=bind,src=/repo,from=repo-fetcher,target=/tmp/discourse-clone,readwrite \ + cd /tmp/discourse-clone \ + && bundle install --deployment \ + && rm -rf /home/discourse/.bundle/gems/ruby/*/cache/* + +# Warm global yarn cache +RUN --mount=type=bind,src=/repo,from=repo-fetcher,target=/tmp/discourse-clone,readwrite \ + cd /tmp/discourse-clone \ + && (if [ -f yarn.lock ]; then yarn install; else CI=1 pnpm install; fi) + +USER root diff --git a/image/discourse_dev/postgres_dev.template.yml b/image/discourse_dev/postgres_dev.template.yml index fd257f277..6c84045fa 100644 --- a/image/discourse_dev/postgres_dev.template.yml +++ b/image/discourse_dev/postgres_dev.template.yml @@ -23,33 +23,4 @@ run: # give db a few secs to start up - exec: "sleep 5" - - exec: su postgres -c 'createdb discourse_development' || true - - exec: su postgres -c 'psql discourse_development -c "grant all privileges on database discourse_development to discourse;"' || true - - exec: su postgres -c 'psql discourse_development -c "alter schema public owner to discourse;"' - - exec: su postgres -c 'psql discourse_development -c "create extension if not exists hstore;"' - - exec: su postgres -c 'psql discourse_development -c "create extension if not exists pg_trgm;"' - - exec: su postgres -c 'psql discourse_development -c "create extension if not exists vector;"' - - - exec: su postgres -c 'createdb discourse_test' || true - - exec: su postgres -c 'psql discourse_test -c "grant all privileges on database discourse_test to discourse;"' || true - - exec: su postgres -c 'psql discourse_test -c "alter schema public owner to discourse;"' - - exec: su postgres -c 'psql discourse_test -c "create extension if not exists hstore;"' - - exec: su postgres -c 'psql discourse_test -c "create extension if not exists pg_trgm;"' - - exec: su postgres -c 'psql discourse_test -c "create extension if not exists vector;"' - - - exec: su postgres -c 'createdb discourse_test_multisite' || true - - exec: su postgres -c 'psql discourse_test_multisite -c "grant all privileges on database discourse_test_multisite to discourse;"' || true - - exec: su postgres -c 'psql discourse_test_multisite -c "alter schema public owner to discourse;"' - - exec: su postgres -c 'psql discourse_test_multisite -c "create extension if not exists hstore;"' - - exec: su postgres -c 'psql discourse_test_multisite -c "create extension if not exists pg_trgm;"' - - exec: su postgres -c 'psql discourse_test_multisite -c "create extension if not exists vector;"' - - - exec: cd tmp && git clone https://github.com/discourse/discourse.git --depth=1 - - exec: chown -R discourse /tmp/discourse - - exec: cd /tmp/discourse && sudo -u discourse bundle config --local path ./vendor/bundle - - exec: cd /tmp/discourse && sudo -u discourse bundle install - - exec: cd /tmp/discourse && sudo -u discourse yarn install - - exec: cd /tmp/discourse && sudo -u discourse yarn cache clean - - exec: cd /tmp/discourse && sudo -u discourse bundle exec rake db:migrate - - exec: cd /tmp/discourse && sudo -u discourse RAILS_ENV=test bundle exec rake db:migrate - - exec: rm -fr /tmp/discourse + - exec: su postgres -c 'psql -c "ALTER USER discourse WITH SUPERUSER;"' diff --git a/image/discourse_fast_switch/create_switch.rb b/image/discourse_fast_switch/create_switch.rb index 24006d3b6..294fb7815 100644 --- a/image/discourse_fast_switch/create_switch.rb +++ b/image/discourse_fast_switch/create_switch.rb @@ -1,13 +1,13 @@ -require 'fileutils' +require "fileutils" -puts "-"*100,"creating switch","-"*100 +puts "-" * 100, "creating switch", "-" * 100 system("cd /var/www/discourse && git pull") -['24', '25'].each do |v| +%w[24 25].each do |v| bin = "/usr/local/bin/use_#{v}" -File.write(bin, <> /etc/apt/sources.list.d/google.list &&\ +ENV TESTEM_DEFAULT_BROWSER Chrome +ADD install-chrome /tmp/install-chrome +RUN /tmp/install-chrome &&\ apt update &&\ - apt install -y libgconf-2-4 libxss1 google-chrome-stable firefox-esr &&\ + apt install -y libgconf-2-4 libxss1 firefox-esr &&\ cd /tmp && wget -q "https://download.mozilla.org/?product=firefox-latest-ssl&os=linux64&lang=en-US" -O firefox.tar.bz2 &&\ tar xjvf firefox.tar.bz2 && mv /tmp/firefox /opt/firefox-evergreen &&\ apt clean @@ -28,11 +29,11 @@ RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo ap FROM with_browsers AS release RUN cd /var/www/discourse &&\ - sudo -u discourse bundle install --jobs=4 &&\ - sudo -E -u discourse -H yarn install &&\ - sudo -u discourse yarn cache clean + sudo -u discourse bundle install --jobs $(($(nproc) - 1)) &&\ + sudo -E -u discourse -H /bin/bash -c 'if [ -f yarn.lock ]; then (yarn install && yarn cache clean); else CI=1 pnpm install; fi' RUN cd /var/www/discourse && sudo -E -u discourse -H bundle exec rake plugin:install_all_official &&\ - sudo -E -u discourse -H bundle exec rake plugin:install_all_gems + LOAD_PLUGINS=1 sudo -E -u discourse -H bundle exec rake plugin:install_all_gems &&\ + sudo -E -u discourse -H bundle exec ruby script/install_minio_binaries.rb -ENTRYPOINT sudo -E -u discourse -H ruby script/docker_test.rb +ENTRYPOINT ["sudo", "-E", "-u", "discourse", "-H", "ruby", "script/docker_test.rb"] diff --git a/launcher b/launcher index ec6298373..3a4f21a46 100755 --- a/launcher +++ b/launcher @@ -83,8 +83,8 @@ fi cd "$(dirname "$0")" pups_version='v1.0.3' -docker_min_version='17.03.1' -docker_rec_version='17.06.2' +docker_min_version='20.10.0' +docker_rec_version='24.0.7' git_min_version='1.8.0' git_rec_version='1.8.0' kernel_min_version='4.4.0' @@ -92,7 +92,7 @@ kernel_min_version='4.4.0' config_file=containers/"$config".yml cidbootstrap=cids/"$config"_bootstrap.cid local_discourse=local_discourse -image="discourse/base:2.0.20230711-0100" +image="discourse/base:2.0.20240825-0027" docker_path=`which docker.io 2> /dev/null || which docker` git_path=`which git` @@ -173,7 +173,7 @@ check_prereqs() { fi # 2. running an approved storage driver? - if ! $docker_path info 2> /dev/null | egrep -q 'Storage Driver: (btrfs|aufs|zfs|overlay2)$'; then + if ! $docker_path info 2> /dev/null | grep -E -q 'Storage Driver: (btrfs|aufs|zfs|overlay2)$'; then echo "Your Docker installation is not using a supported storage driver. If we were to proceed you may have a broken install." echo "overlay2 is the recommended storage driver, although zfs and aufs may work as well." echo "Other storage drivers are known to be problematic." diff --git a/samples/mail-receiver.yml b/samples/mail-receiver.yml index df5e3cd60..1828f76e3 100644 --- a/samples/mail-receiver.yml +++ b/samples/mail-receiver.yml @@ -27,11 +27,11 @@ env: # POSTCONF_smtpd_tls_security_level: may - ## The URL of the mail processing endpoint of your Discourse forum. - ## This is simply your forum's base URL, with `/admin/email/handle_mail` - ## appended. Be careful if you're running a subfolder setup -- in that case, - ## the URL needs to have the subfolder included! - DISCOURSE_MAIL_ENDPOINT: 'https://discourse.example.com/admin/email/handle_mail' + ## The base URL for this Discourse instance. + ## This will be whatever your Discourse site URL is. For example, + ## https://discourse.example.com. If you're running a subfolder setup, + ## be sure to account for that (ie https://example.com/forum). + DISCOURSE_BASE_URL: 'https://discourse.example.com' ## The master API key of your Discourse forum. You can get this from ## the "API" tab of your admin panel. diff --git a/samples/standalone.yml b/samples/standalone.yml index 2ba6d15e6..e6d946f03 100644 --- a/samples/standalone.yml +++ b/samples/standalone.yml @@ -77,9 +77,10 @@ env: ## The http or https CDN address for this Discourse instance (configured to pull) ## see https://meta.discourse.org/t/14857 for details #DISCOURSE_CDN_URL: https://discourse-cdn.example.com - - ## The maxmind geolocation IP address key for IP address lookup - ## see https://meta.discourse.org/t/-/137387/23 for details + + ## The maxmind geolocation IP account ID and license key for IP address lookups + ## see https://meta.discourse.org/t/-/173941 for details + #DISCOURSE_MAXMIND_ACCOUNT_ID: 123456 #DISCOURSE_MAXMIND_LICENSE_KEY: 1234567890123456 ## The Docker container is stateless; all data is stored in /shared diff --git a/samples/web_only.yml b/samples/web_only.yml index ea830937d..c4753dde0 100644 --- a/samples/web_only.yml +++ b/samples/web_only.yml @@ -75,9 +75,10 @@ env: ## The http or https CDN address for this Discourse instance (configured to pull) ## see https://meta.discourse.org/t/14857 for details #DISCOURSE_CDN_URL: https://discourse-cdn.example.com - - ## The maxmind geolocation IP address key for IP address lookup - ## see https://meta.discourse.org/t/-/137387/23 for details + + ## The maxmind geolocation IP account ID and license key for IP address lookups + ## see https://meta.discourse.org/t/-/173941 for details + #DISCOURSE_MAXMIND_ACCOUNT_ID: 123456 #DISCOURSE_MAXMIND_LICENSE_KEY: 1234567890123456 volumes: diff --git a/scripts/mk_swapfile b/scripts/mk_swapfile deleted file mode 100755 index 3240b4476..000000000 --- a/scripts/mk_swapfile +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash -e -# This script adds a 1GB swapfile to the system - -function do_err() { - code=$? - echo "Command failed with code $code: $BASH_COMMAND" - exit $code - -} -trap do_err ERR - - -function set_swappiness() { - if ! grep -q '^vm.swappiness' /etc/sysctl.conf; then - echo -n 'Setting ' - sysctl -w vm.swappiness=10 - echo vm.swappiness = 10 >> /etc/sysctl.conf - fi -} - -function get_new_swapfile() { - for i in `seq 0 99`; do - if [ ! -e /swapfile.$i ]; then - echo /swapfile.$i - return - fi - done - # Seriously? 100 swapfiles already exist? - echo "too many swapfiles" - exit 1 -} - -[ `id -u` -eq 0 ] || { echo "You must be root to run this script"; exit 1; } - -# how big? default 1GB -declare -i num_gb -num_gb="${1-1}" -[ $num_gb -lt 1 ] && { echo "Please specify an integer >= 1"; exit 1; } -echo "Creating a ${num_gb}GB swapfile..." - -set_swappiness - -SWAPFILE=$(get_new_swapfile) - -umask 077 -dd if=/dev/zero of=$SWAPFILE bs=1k count=$(($num_gb * 1024 * 1024)) conv=excl -mkswap $SWAPFILE -swapon $SWAPFILE -echo "$SWAPFILE swap swap auto 0 0" >> /etc/fstab - -echo 1GiB swapfile successfully added diff --git a/templates/import/mbox.template.yml b/templates/import/mbox.template.yml index ff6580fd9..c96055ce6 100644 --- a/templates/import/mbox.template.yml +++ b/templates/import/mbox.template.yml @@ -34,4 +34,4 @@ hooks: - apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y libsqlite3-dev - echo "gem 'sqlite3'" >> Gemfile - su discourse -c 'bundle config unset deployment' - - su discourse -c 'bundle install --no-deployment --path vendor/bundle --jobs 4 --without test development' + - su discourse -c 'bundle install --no-deployment --path vendor/bundle --jobs $(($(nproc) - 1)) --without test development' diff --git a/templates/import/mssql-dep.template.yml b/templates/import/mssql-dep.template.yml index 8df6890e4..f65785555 100644 --- a/templates/import/mssql-dep.template.yml +++ b/templates/import/mssql-dep.template.yml @@ -22,4 +22,4 @@ hooks: cmd: - echo "gem 'tiny_tds'" >> Gemfile - su discourse -c 'bundle config unset deployment' - - su discourse -c 'bundle install --no-deployment --path vendor/bundle --jobs 4 --without test development' + - su discourse -c 'bundle install --no-deployment --path vendor/bundle --jobs $(($(nproc) - 1)) --without test development' diff --git a/templates/import/mysql-dep.template.yml b/templates/import/mysql-dep.template.yml index 27b394dad..5c9b4c189 100644 --- a/templates/import/mysql-dep.template.yml +++ b/templates/import/mysql-dep.template.yml @@ -11,4 +11,4 @@ hooks: - echo "gem 'mysql2'" >> Gemfile - apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y libmariadb-dev - su discourse -c 'bundle config unset deployment' - - su discourse -c 'bundle install --no-deployment --path vendor/bundle --jobs 4 --without test development' + - su discourse -c 'bundle install --no-deployment --path vendor/bundle --jobs $(($(nproc) - 1)) --without test development' diff --git a/templates/import/phpbb3.template.yml b/templates/import/phpbb3.template.yml index 9a3024f40..3b70cf421 100644 --- a/templates/import/phpbb3.template.yml +++ b/templates/import/phpbb3.template.yml @@ -114,4 +114,4 @@ hooks: - echo "gem 'mysql2'" >> Gemfile - echo "gem 'ruby-bbcode-to-md', :github => 'nlalonde/ruby-bbcode-to-md'" >> Gemfile - su discourse -c 'bundle config unset deployment' - - su discourse -c 'bundle install --no-deployment --path vendor/bundle --jobs 4 --without test development' + - su discourse -c 'bundle install --no-deployment --path vendor/bundle --jobs $(($(nproc) - 1)) --without test development' diff --git a/templates/import/vanilla.template.yml b/templates/import/vanilla.template.yml index 78802a250..753ce405e 100644 --- a/templates/import/vanilla.template.yml +++ b/templates/import/vanilla.template.yml @@ -1,17 +1,13 @@ # This template installs MariaDB and all dependencies needed for importing from vanilla. +env: + UNICORN_SIDEKIQS: 0 + params: home: /var/www/discourse hooks: after_web_config: - - exec: - cd: /etc/service - cmd: - - rm -R unicorn - - rm -R nginx - - rm -R cron - - exec: cd: /etc/runit/3.d cmd: @@ -36,7 +32,7 @@ hooks: - exec: cmd: - mkdir -p /shared/import/mysql/data - - apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y nano libmariadbclient-dev mariadb-server + - apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y nano libmariadb-dev mariadb-server - sed -Ei 's/^log/#&/' /etc/mysql/my.cnf - file: @@ -95,10 +91,7 @@ hooks: sv stop mysql fi - cd $home - echo "The Vanilla import is starting..." - echo - su discourse -c 'bundle exec ruby script/import_scripts/vanilla.rb' + echo "import_vanilla.sh completed" - exec: cd: $home @@ -106,11 +99,22 @@ hooks: - mkdir -p /shared/import/data - chown discourse -R /shared/import + before_code: + - exec: + cd: $home + cmd: + # Add your discourse core fork and pull custom code + - su discourse -c 'git remote set-url origin https://github.com/{github_username}/discourse.git' + after_bundle_exec: - exec: cd: $home cmd: + # Add the gems used in the script - echo "gem 'mysql2'" >> Gemfile - echo "gem 'ruby-bbcode-to-md', :github => 'nlalonde/ruby-bbcode-to-md'" >> Gemfile - su discourse -c 'bundle config unset deployment' - - su discourse -c 'bundle install --no-deployment --path vendor/bundle --jobs 4 --without test development' + - su discourse -c 'bundle install --no-deployment --path vendor/bundle --jobs $(($(nproc) - 1)) --without test development' + - service mariadb start + # imports the DB into mysql + - sh /usr/local/bin/import_flarum_test.sh diff --git a/templates/postgres.13.template.yml b/templates/postgres.13.template.yml index bb2c0a232..c5d0814c0 100644 --- a/templates/postgres.13.template.yml +++ b/templates/postgres.13.template.yml @@ -17,7 +17,8 @@ hooks: to: sv start postgres || exit 1 run: - - exec: locale-gen $LANG && update-locale + - exec: sed -i "s/^# $LANG/$LANG/" /etc/locale.gen + - exec: locale-gen && update-locale - exec: mkdir -p /shared/postgres_run - exec: chown postgres:postgres /shared/postgres_run - exec: chmod 775 /shared/postgres_run diff --git a/templates/postgres.template.yml b/templates/postgres.template.yml index bb2c0a232..95001a0f1 100644 --- a/templates/postgres.template.yml +++ b/templates/postgres.template.yml @@ -14,20 +14,14 @@ hooks: - replace: filename: /etc/service/unicorn/run from: "# postgres" - to: sv start postgres || exit 1 + to: | + if [ -f /root/install_postgres ]; then + /root/install_postgres + rm /root/install_postgres + fi + sv start postgres || exit 1 run: - - exec: locale-gen $LANG && update-locale - - exec: mkdir -p /shared/postgres_run - - exec: chown postgres:postgres /shared/postgres_run - - exec: chmod 775 /shared/postgres_run - - exec: rm -fr /var/run/postgresql - - exec: ln -s /shared/postgres_run /var/run/postgresql - - exec: socat /dev/null UNIX-CONNECT:/shared/postgres_run/.s.PGSQL.5432 || exit 0 && echo postgres already running stop container ; exit 1 - - exec: rm -fr /shared/postgres_run/.s* - - exec: rm -fr /shared/postgres_run/*.pid - - exec: mkdir -p /shared/postgres_run/13-main.pg_stat_tmp - - exec: chown postgres:postgres /shared/postgres_run/13-main.pg_stat_tmp - file: path: /etc/service/postgres/run chmod: "+x" @@ -51,6 +45,36 @@ run: #!/bin/bash sv stop postgres + - file: + path: /root/install_postgres + chmod: "+x" + contents: | + #!/bin/bash + sed -i "s/^# $LANG/$LANG/" /etc/locale.gen + locale-gen && update-locale + mkdir -p /shared/postgres_run + chown postgres:postgres /shared/postgres_run + chmod 775 /shared/postgres_run + rm -fr /var/run/postgresql + ln -s /shared/postgres_run /var/run/postgresql + if [ -e /shared/postgres_run/.s.PGSQL.5432 ]; then + socat /dev/null UNIX-CONNECT:/shared/postgres_run/.s.PGSQL.5432 || exit 0 && echo postgres already running stop container ; exit 1 + fi + rm -fr /shared/postgres_run/.s* + rm -fr /shared/postgres_run/*.pid + mkdir -p /shared/postgres_run/13-main.pg_stat_tmp + chown postgres:postgres /shared/postgres_run/13-main.pg_stat_tmp + chown -R root /var/lib/postgresql/13/main + [ ! -e /shared/postgres_data ] && install -d -m 0755 -o postgres -g postgres /shared/postgres_data && sudo -E -u postgres /usr/lib/postgresql/13/bin/initdb -D /shared/postgres_data || exit 0 + chown -R postgres:postgres /shared/postgres_data + chown -R postgres:postgres /var/run/postgresql + if [ -f /root/upgrade_postgres ]; then + /root/upgrade_postgres + rm /root/upgrade_postgres + fi + # Necessary to enable backups + install -d -m 0755 -o postgres -g postgres /shared/postgres_backup + - file: path: /root/upgrade_postgres chmod: "+x" @@ -116,16 +140,6 @@ run: exit 77 fi - - exec: - cmd: - - chown -R root /var/lib/postgresql/13/main - - "[ ! -e /shared/postgres_data ] && install -d -m 0755 -o postgres -g postgres /shared/postgres_data && sudo -E -u postgres /usr/lib/postgresql/13/bin/initdb -D /shared/postgres_data || exit 0" - - chown -R postgres:postgres /shared/postgres_data - - chown -R postgres:postgres /var/run/postgresql - - - exec: /root/upgrade_postgres - - exec: rm /root/upgrade_postgres - - replace: filename: "/etc/postgresql/13/main/postgresql.conf" from: "data_directory = '/var/lib/postgresql/13/main'" @@ -161,11 +175,6 @@ run: from: /#?default_text_search_config *=.*/ to: "default_text_search_config = '$db_default_text_search_config'" - # Necessary to enable backups - - exec: - cmd: - - install -d -m 0755 -o postgres -g postgres /shared/postgres_backup - - replace: filename: "/etc/postgresql/13/main/postgresql.conf" from: /#?checkpoint_segments *=.*/ @@ -199,29 +208,39 @@ run: to: "host all all ::/0 md5" - exec: + tag: db + cmd: | + if [ -f /root/install_postgres ]; then + /root/install_postgres && rm -f /root/install_postgres + elif [ -e /shared/postgres_run/.s.PGSQL.5432 ]; then + socat /dev/null UNIX-CONNECT:/shared/postgres_run/.s.PGSQL.5432 || exit 0 && echo postgres already running stop container ; exit 1 + fi + + - exec: + tag: db background: true # use fast shutdown for pg stop_signal: INT cmd: HOME=/var/lib/postgresql USER=postgres exec chpst -u postgres:postgres:ssl-cert -U postgres:postgres:ssl-cert /usr/lib/postgresql/13/bin/postmaster -D /etc/postgresql/13/main - # give db a few secs to start up - - exec: "sleep 5" - - - exec: su postgres -c 'createdb $db_name' || true - - exec: su postgres -c 'psql $db_name -c "create user $db_user;"' || true - - exec: su postgres -c 'psql $db_name -c "grant all privileges on database $db_name to $db_user;"' || true - - exec: su postgres -c 'psql $db_name -c "alter schema public owner to $db_user;"' - - exec: su postgres -c 'psql template1 -c "create extension if not exists hstore;"' - - exec: su postgres -c 'psql template1 -c "create extension if not exists pg_trgm;"' - - exec: su postgres -c 'psql template1 -c "create extension if not exists vector;"' - - exec: su postgres -c 'psql $db_name -c "create extension if not exists hstore;"' - - exec: su postgres -c 'psql $db_name -c "create extension if not exists pg_trgm;"' - - exec: su postgres -c 'psql $db_name -c "create extension if not exists vector;"' - - exec: - stdin: | - update pg_database set encoding = pg_char_to_encoding('UTF8') where datname = '$db_name' AND encoding = pg_char_to_encoding('SQL_ASCII'); - cmd: sudo -u postgres psql $db_name - raise_on_fail: false + - file: + path: /usr/local/bin/create_db + chmod: +x + contents: | + #!/bin/bash + su postgres -c 'createdb $db_name' || true + su postgres -c 'psql $db_name -c "create user $db_user;"' || true + su postgres -c 'psql $db_name -c "grant all privileges on database $db_name to $db_user;"' || true + su postgres -c 'psql $db_name -c "alter schema public owner to $db_user;"' + su postgres -c 'psql template1 -c "create extension if not exists hstore;"' + su postgres -c 'psql template1 -c "create extension if not exists pg_trgm;"' + su postgres -c 'psql template1 -c "create extension if not exists vector;"' + su postgres -c 'psql template1 -c "alter extension vector update;"' || true + su postgres -c 'psql $db_name -c "create extension if not exists hstore;"' + su postgres -c 'psql $db_name -c "create extension if not exists pg_trgm;"' + su postgres -c 'psql $db_name -c "create extension if not exists vector;"' + su postgres -c 'psql $db_name -c "alter extension vector update;"' || true + sudo -u postgres psql $db_name <<< "update pg_database set encoding = pg_char_to_encoding('UTF8') where datname = '$db_name' AND encoding = pg_char_to_encoding('SQL_ASCII');" || true - file: path: /var/lib/postgresql/take-database-backup @@ -242,5 +261,10 @@ run: #0 */4 * * * /var/lib/postgresql/take-database-backup - exec: + tag: db hook: postgres - cmd: "echo postgres installed!" + cmd: + # give db a few secs to start up + - "sleep 5" + - /usr/local/bin/create_db + - "echo postgres installed!" diff --git a/templates/redis.template.yml b/templates/redis.template.yml index b5d2a2b10..9044869ee 100644 --- a/templates/redis.template.yml +++ b/templates/redis.template.yml @@ -33,6 +33,7 @@ run: to: "" - exec: + tag: db cmd: - install -d -m 0755 -o redis -g redis /shared/redis_data @@ -68,18 +69,25 @@ run: - exec: background: true + tag: db cmd: exec chpst -u redis -U redis /usr/bin/redis-server /etc/redis/redis.conf - - - exec: sleep 10 + - exec: + tag: db + cmd: sleep 10 # we can not migrate without redis, launch it if needed hooks: - before_code: + before_db_migrate: - exec: background: true cmd: exec chpst -u redis -U redis /usr/bin/redis-server /etc/redis/redis.conf + - exec: sleep 10 after_code: - replace: filename: /etc/service/unicorn/run from: "# redis" - to: sv start redis || exit 1 + to: | + if [ ! -d /shared/redis_data ]; then + install -d -m 0755 -o redis -g redis /shared/redis_data + fi + sv start redis || exit 1 diff --git a/templates/web.china.template.yml b/templates/web.china.template.yml index 973647f1f..fc95a0d10 100644 --- a/templates/web.china.template.yml +++ b/templates/web.china.template.yml @@ -1,10 +1,20 @@ hooks: + before_code: + - exec: + cmd: + - su discourse -c 'git config --global url."https://mirror.ghproxy.com/https://github.com/".insteadOf "https://github.com/"' + before_web: - exec: - cmd: - - gem sources --add https://gems.ruby-china.com/ --remove https://rubygems.org/ + cmd: + - su discourse -c 'gem sources --add https://mirrors.tuna.tsinghua.edu.cn/rubygems/ --remove https://rubygems.org/' + + before_yarn: + - exec: + cmd: + - su discourse -c 'pnpm config set registry https://registry.npmmirror.com --global' before_bundle_exec: - exec: - cmd: - - su discourse -c 'bundle config mirror.https://rubygems.org https://gems.ruby-china.com/' + cmd: + - su discourse -c 'bundle config mirror.https://rubygems.org https://mirrors.tuna.tsinghua.edu.cn/rubygems' diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml index cefd1aa57..cc6a66fe0 100644 --- a/templates/web.ssl.template.yml +++ b/templates/web.ssl.template.yml @@ -15,14 +15,16 @@ run: filename: "/etc/nginx/conf.d/discourse.conf" from: /listen 80;\s+gzip on;/m to: | - listen 443 ssl http2; + listen 443 ssl; + http2 on; SSL_TEMPLATE_SSL_BLOCK - replace: filename: "/etc/nginx/conf.d/discourse.conf" from: /listen 80;\s+listen \[::\]:80;\s+gzip on;/m to: | - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl; + listen [::]:443 ssl; + http2 on; SSL_TEMPLATE_SSL_BLOCK - replace: hook: ssl diff --git a/templates/web.template.yml b/templates/web.template.yml index 9fb801d40..a30ac028c 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -12,19 +12,20 @@ env: DISCOURSE_DB_HOST: DISCOURSE_DB_PORT: - params: version: tests-passed - home: /var/www/discourse upload_size: 10m nginx_worker_connections: 4000 run: - exec: thpoff echo "thpoff is installed!" - - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end' - - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end' - - exec: /usr/local/bin/ruby -e 'if (ENV["DISCOURSE_CDN_URL"] || "")[0..1] == "//"; puts "Aborting! CDN must have a protocol specified. Once fixed you should rebake your posts now to correct all posts."; exit 1; end' + - exec: + tag: precompile + cmd: + - /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end' + - /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end' + - /usr/local/bin/ruby -e 'if (ENV["DISCOURSE_CDN_URL"] || "")[0..1] == "//"; puts "Aborting! CDN must have a protocol specified. Once fixed you should rebake your posts now to correct all posts."; exit 1; end' # TODO: move to base image (anacron can not be fired up using rc.d) - exec: rm -f /etc/cron.d/anacron - file: @@ -55,6 +56,13 @@ run: # postgres cd $home chown -R discourse:www-data /shared/log/rails + # before precompile + if [[ -z "$PRECOMPILE_ON_BOOT" ]]; then + PRECOMPILE_ON_BOOT=1 + fi + if [ -f /usr/local/bin/create_db ] && [ "$CREATE_DB_ON_BOOT" = "1" ]; then /usr/local/bin/create_db; fi; + if [ "$MIGRATE_ON_BOOT" = "1" ]; then su discourse -c 'bundle exec rake db:migrate'; fi + if [ "$PRECOMPILE_ON_BOOT" = "1" ]; then SKIP_EMBER_CLI_COMPILE=1 su discourse -c 'bundle exec rake assets:precompile'; fi LD_PRELOAD=$RUBY_ALLOCATOR HOME=/home/discourse USER=discourse exec thpoff chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb - file: @@ -170,29 +178,35 @@ run: - exec: cd: $home + hook: yarn cmd: - |- - if [ "$version" != "tests-passed" ]; then - rm -rf app/assets/javascripts/node_modules + if [ -f yarn.lock ]; then + if [ -d node_modules/.pnpm ]; then + echo "This version of Discourse uses yarn, but pnpm node_modules are preset. Cleaning up..." + find ./node_modules ./app/assets/javascripts/*/node_modules -mindepth 1 -maxdepth 1 -exec rm -rf {} + + fi + su discourse -c 'yarn install --frozen-lockfile && yarn cache clean' + else + su discourse -c 'CI=1 pnpm install --frozen-lockfile' fi - - su discourse -c 'yarn install --frozen-lockfile && yarn cache clean' - exec: cd: $home hook: bundle_exec cmd: - - su discourse -c 'bundle config --local deployment true' - - su discourse -c 'bundle config --local without "development test"' - - su discourse -c 'bundle install --retry 3 --jobs 4' + - su discourse -c 'bundle install --jobs $(($(nproc) - 1)) --retry 3' - exec: cd: $home cmd: - su discourse -c 'LOAD_PLUGINS=0 bundle exec rake plugin:pull_compatible_all' + hook: plugin_compatibility raise_on_fail: false - exec: cd: $home + tag: migrate hook: db_migrate cmd: - su discourse -c 'bundle exec rake db:migrate' @@ -202,18 +216,24 @@ run: hook: maxminddb_get cmd: - su discourse -c 'bundle exec rake maxminddb:get' - + - exec: cd: $home - hook: assets_precompile + tag: build + hook: assets_precompile_build cmd: - - su discourse -c 'bundle exec rake themes:update assets:precompile' - + - su discourse -c 'bundle exec rake assets:precompile:build' - exec: cd: $home + tag: precompile + hook: assets_precompile cmd: - - su discourse -c 'sed -i "s/timeout 30/timeout 60/" config/unicorn.conf.rb' - - echo "Unicorn timeout changed to 60 seconds" + - su discourse -c 'SKIP_EMBER_CLI_COMPILE=1 bundle exec rake themes:update assets:precompile' + - replace: + tag: precompile + filename: /etc/service/unicorn/run + from: "# before precompile" + to: "PRECOMPILE_ON_BOOT=0" - file: path: /usr/local/bin/discourse @@ -276,6 +296,7 @@ run: missingok delaycompress compress + sharedscripts postrotate sv 1 unicorn endscript @@ -420,7 +441,7 @@ run: - + From a9c3ff7432505cc5e9317c475f2cb2476d48efb8 Mon Sep 17 00:00:00 2001 From: Hourunze1997 <1043170898@qq.com> Date: Wed, 15 Jan 2025 15:02:50 +0800 Subject: [PATCH 22/94] Add .github folder structure --- .github/script/codearts_check.sh | 79 +++++++++++++++++++++++ .github/script/scan_image.sh | 84 +++++++++++++++++++++++++ .github/workflows/check-label-owner.yml | 40 ++++++++++++ .github/workflows/gate-check.yml | 43 +++++++++++++ .github/workflows/label-check.yml | 19 ++++++ .github/workflows/pr-branch-check.yml | 36 +++++++++++ 6 files changed, 301 insertions(+) create mode 100644 .github/script/codearts_check.sh create mode 100644 .github/script/scan_image.sh create mode 100644 .github/workflows/check-label-owner.yml create mode 100644 .github/workflows/gate-check.yml create mode 100644 .github/workflows/label-check.yml create mode 100644 .github/workflows/pr-branch-check.yml diff --git a/.github/script/codearts_check.sh b/.github/script/codearts_check.sh new file mode 100644 index 000000000..b0b84e245 --- /dev/null +++ b/.github/script/codearts_check.sh @@ -0,0 +1,79 @@ + +IAM_DATA=$(cat < label.name); + if (!labels.includes(requiredLabel)) { + throw new Error(`PR 必须包含标签: ${requiredLabel}`); + } diff --git a/.github/workflows/pr-branch-check.yml b/.github/workflows/pr-branch-check.yml new file mode 100644 index 000000000..0f144eb2f --- /dev/null +++ b/.github/workflows/pr-branch-check.yml @@ -0,0 +1,36 @@ +name: Check Branch Naming for PRs + +on: + pull_request: + types: [opened, synchronize, reopened] + +jobs: + check-branch-naming: + runs-on: self-hosted + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Check PR source branch against target branch + run: | + # 获取目标分支和源分支 + TARGET_BRANCH="${{ github.base_ref }}" + SOURCE_BRANCH="${{ github.head_ref }}" + + echo "Target branch: $TARGET_BRANCH" + echo "Source branch: $SOURCE_BRANCH" + + # 检查目标分支是否是 default 分支 (main/master) + if [[ "$TARGET_BRANCH" == "${{ github.event.repository.default_branch }}" ]]; then + if [[ ! "$SOURCE_BRANCH" =~ ^release/.* ]]; then + echo "Error: The source branch must be of the form 'release/*' when merging into the default branch." + exit 1 + fi + # 检查目标分支是否是 release/* + elif [[ "$TARGET_BRANCH" =~ ^release/.* ]]; then + if [[ ! "$SOURCE_BRANCH" =~ ^(feature|bugfix)/.* ]]; then + echo "Error: The source branch must be of the form 'feature/*' or 'bugfix/*' when merging into 'release/*'." + exit 1 + fi + fi From 45de8a76280b47f51352a7612acba9d025ccb34b Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 25 Feb 2025 15:59:34 +0800 Subject: [PATCH 23/94] Add username and password credentials (#28) --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 10d5c2441..6aeb26a9e 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -100,7 +100,7 @@ hooks: cmd: - mkdir -p plugins - git clone https://github.com/discourse/docker_manager.git - - git clone https://github.com/opensourceways/discourse-easecheck.git + - git clone https://GIT_USERNAME:GIT_PASSWORD@github.com/opensourceways/discourse-easecheck.git - git clone https://github.com/opensourceways/discourse-oauth2-basic.git - git clone https://github.com/opensourceways/discourse-formatting-toolbar.git - git clone https://github.com/opensourceways/discourse-translator.git From 82ca97b24865938d0dbf8a928050e93a8eae52b4 Mon Sep 17 00:00:00 2001 From: Hourunze1997 <1043170898@qq.com> Date: Fri, 14 Mar 2025 16:26:08 +0800 Subject: [PATCH 24/94] Add .github folder structure --- .github/script/codearts_check.sh | 4 +-- .github/script/scan_image.sh | 2 +- .github/workflows/gate-check.yml | 28 ++++++++++----------- .github/workflows/label-check.yml | 41 ++++++++++++++++++++++--------- .github/workflows/scan-image.yml | 33 +++++++++++++++++++++++++ 5 files changed, 79 insertions(+), 29 deletions(-) create mode 100644 .github/workflows/scan-image.yml diff --git a/.github/script/codearts_check.sh b/.github/script/codearts_check.sh index b0b84e245..2dabcdb66 100644 --- a/.github/script/codearts_check.sh +++ b/.github/script/codearts_check.sh @@ -1,4 +1,4 @@ - +#!/bin/bash IAM_DATA=$(cat < label.name); - if (!labels.includes(requiredLabel)) { - throw new Error(`PR 必须包含标签: ${requiredLabel}`); - } + - name: Checkout code + uses: actions/checkout@v2 + + - name: Check PR source branch against target branch + run: | + # 获取目标分支和源分支 + TARGET_BRANCH="${{ github.base_ref }}" + SOURCE_BRANCH="${{ github.head_ref }}" + + echo "Target branch: $TARGET_BRANCH" + echo "Source branch: $SOURCE_BRANCH" + + # 检查目标分支是否是 default 分支 (main/master) + if [[ "$TARGET_BRANCH" == "${{ github.event.repository.default_branch }}" ]]; then + if [[ ! "$SOURCE_BRANCH" =~ ^release/.* ]]; then + echo "Error: The source branch must be of the form 'release/*' when merging into the default branch." + exit 1 + fi + # 检查目标分支是否是 release/* + elif [[ "$TARGET_BRANCH" =~ ^release/.* ]]; then + if [[ ! "$SOURCE_BRANCH" =~ ^(feature|bugfix)/.* ]]; then + echo "Error: The source branch must be of the form 'feature/*' or 'bugfix/*' when merging into 'release/*'." + exit 1 + fi + fi \ No newline at end of file diff --git a/.github/workflows/scan-image.yml b/.github/workflows/scan-image.yml new file mode 100644 index 000000000..9253cde35 --- /dev/null +++ b/.github/workflows/scan-image.yml @@ -0,0 +1,33 @@ +name: Process PR Comment and Run Script + +on: + issue_comment: + types: [created] # 仅当评论被创建时触发 + +jobs: + process_comment: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Make script executable + run: chmod +x ./.github/script/scan_image.sh + + - name: Check if comment has the specified prefix and run script + run: | + # 获取评论内容 + COMMENT_BODY="${{ github.event.comment.body }}" + PREFIX="扫描镜像:" + + # 判断评论是否包含指定的前缀 + if [[ "$COMMENT_BODY" == "$PREFIX"* ]]; then + # 去掉前缀并提取后面的内容 + IMAGE_URL="${COMMENT_BODY#$PREFIX}" + echo "main" ${{ github.event.issue.number }} ${{ secrets.CODEARTS_PASSWORD }} ${{ secrets.CODEARTS_SCAN_IMAGE_PIPELINE }} ${{ secrets.CODEARTS_ENDPOINT_ID }} "https://github.com/${GITHUB_REPOSITORY}.git" ${GITHUB_REPOSITORY%/*} ${GITHUB_REPOSITORY##*/} "$IMAGE_URL" + + ./.github/script/scan_image.sh "main" ${{ github.event.issue.number }} ${{ secrets.CODEARTS_PASSWORD }} ${{ secrets.CODEARTS_SCAN_IMAGE_PIPELINE }} ${{ secrets.CODEARTS_ENDPOINT_ID }} "https://github.com/${GITHUB_REPOSITORY}.git" ${GITHUB_REPOSITORY%/*} ${GITHUB_REPOSITORY##*/} "$IMAGE_URL" + else + echo "Comment does not match the prefix, skipping the script execution." + fi From bd8e06abfe109dde90c11e0f8e4ef07224f35035 Mon Sep 17 00:00:00 2001 From: Jiang Long Date: Mon, 17 Mar 2025 10:29:39 +0800 Subject: [PATCH 25/94] multilingual (#32) --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 6aeb26a9e..c325e2095 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -107,7 +107,7 @@ hooks: - git clone https://github.com/discourse/discourse-solved.git - git clone https://github.com/discourse/discourse-gamification.git - git clone https://github.com/discourse/discourse-reactions.git - - git clone https://github.com/paviliondev/discourse-multilingual.git + - git clone https://github.com/opensourceways/discourse-multilingual.git ## Remember, this is YAML syntax - you can only have one block with a name run: From fcc9632d2d4fe99f6f9664a698ea6ee998f02e59 Mon Sep 17 00:00:00 2001 From: Hourunze1997 <1043170898@qq.com> Date: Wed, 26 Mar 2025 11:28:25 +0800 Subject: [PATCH 26/94] Add .github folder structure --- .github/script/codearts_check.sh | 2 +- .github/workflows/label-check.yml | 41 +++++++++---------------------- 2 files changed, 13 insertions(+), 30 deletions(-) diff --git a/.github/script/codearts_check.sh b/.github/script/codearts_check.sh index 2dabcdb66..a84fc0a7b 100644 --- a/.github/script/codearts_check.sh +++ b/.github/script/codearts_check.sh @@ -41,7 +41,7 @@ DATA=$(cat < label.name); + if (!labels.includes(requiredLabel)) { + throw new Error(`PR 必须包含标签: ${requiredLabel}`); + } From 91af2fd5a1fafe0151d7c2fed57ce5de3e4db9a0 Mon Sep 17 00:00:00 2001 From: Hourunze1997 <1043170898@qq.com> Date: Thu, 27 Mar 2025 10:14:24 +0800 Subject: [PATCH 27/94] Add .github folder structure --- .github/script/codearts_check.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/script/codearts_check.sh b/.github/script/codearts_check.sh index a84fc0a7b..2dabcdb66 100644 --- a/.github/script/codearts_check.sh +++ b/.github/script/codearts_check.sh @@ -41,7 +41,7 @@ DATA=$(cat < Date: Fri, 11 Apr 2025 16:30:12 +0800 Subject: [PATCH 28/94] update branch --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index c325e2095..961bc974e 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -100,7 +100,7 @@ hooks: cmd: - mkdir -p plugins - git clone https://github.com/discourse/docker_manager.git - - git clone https://GIT_USERNAME:GIT_PASSWORD@github.com/opensourceways/discourse-easecheck.git + - git clone -b service https://GIT_USERNAME:GIT_PASSWORD@github.com/opensourceways/discourse-easecheck.git - git clone https://github.com/opensourceways/discourse-oauth2-basic.git - git clone https://github.com/opensourceways/discourse-formatting-toolbar.git - git clone https://github.com/opensourceways/discourse-translator.git From eb440abaff07bf7aec2f38af90744af7fc24a3e1 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 17 Apr 2025 17:26:57 +0800 Subject: [PATCH 29/94] switch branch --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 961bc974e..56b0b3eb8 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -100,7 +100,7 @@ hooks: cmd: - mkdir -p plugins - git clone https://github.com/discourse/docker_manager.git - - git clone -b service https://GIT_USERNAME:GIT_PASSWORD@github.com/opensourceways/discourse-easecheck.git + - git clone -b release/euler https://GIT_USERNAME:GIT_PASSWORD@github.com/opensourceways/discourse-easecheck.git - git clone https://github.com/opensourceways/discourse-oauth2-basic.git - git clone https://github.com/opensourceways/discourse-formatting-toolbar.git - git clone https://github.com/opensourceways/discourse-translator.git From ee45c5f8315c1992b8e035549f4e0ccf49cc9758 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Wed, 23 Apr 2025 10:18:12 +0800 Subject: [PATCH 30/94] update test branch --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 56b0b3eb8..023fb6937 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -100,7 +100,7 @@ hooks: cmd: - mkdir -p plugins - git clone https://github.com/discourse/docker_manager.git - - git clone -b release/euler https://GIT_USERNAME:GIT_PASSWORD@github.com/opensourceways/discourse-easecheck.git + - git clone -b service://GIT_USERNAME:GIT_PASSWORD@github.com/opensourceways/discourse-easecheck.git - git clone https://github.com/opensourceways/discourse-oauth2-basic.git - git clone https://github.com/opensourceways/discourse-formatting-toolbar.git - git clone https://github.com/opensourceways/discourse-translator.git From 11013bcf4ae0d48ad9aeb7091fe44b7745ea2bca Mon Sep 17 00:00:00 2001 From: evie-tao Date: Wed, 23 Apr 2025 11:12:36 +0800 Subject: [PATCH 31/94] fix branch --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 023fb6937..961bc974e 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -100,7 +100,7 @@ hooks: cmd: - mkdir -p plugins - git clone https://github.com/discourse/docker_manager.git - - git clone -b service://GIT_USERNAME:GIT_PASSWORD@github.com/opensourceways/discourse-easecheck.git + - git clone -b service https://GIT_USERNAME:GIT_PASSWORD@github.com/opensourceways/discourse-easecheck.git - git clone https://github.com/opensourceways/discourse-oauth2-basic.git - git clone https://github.com/opensourceways/discourse-formatting-toolbar.git - git clone https://github.com/opensourceways/discourse-translator.git From b22492a37e3a1e95464f2c1ed8c86f1d543731e6 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 6 May 2025 10:54:46 +0800 Subject: [PATCH 32/94] Recover Multilingual Plugin URL --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 961bc974e..6c08757aa 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -107,7 +107,7 @@ hooks: - git clone https://github.com/discourse/discourse-solved.git - git clone https://github.com/discourse/discourse-gamification.git - git clone https://github.com/discourse/discourse-reactions.git - - git clone https://github.com/opensourceways/discourse-multilingual.git + - git clone https://github.com/paviliondev/discourse-multilingual.git ## Remember, this is YAML syntax - you can only have one block with a name run: From 91f3bc2bf58532e8556bac207ef4a2c7279c9ee7 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 6 May 2025 14:24:29 +0800 Subject: [PATCH 33/94] update mutilingual plugin --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 6c08757aa..961bc974e 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -107,7 +107,7 @@ hooks: - git clone https://github.com/discourse/discourse-solved.git - git clone https://github.com/discourse/discourse-gamification.git - git clone https://github.com/discourse/discourse-reactions.git - - git clone https://github.com/paviliondev/discourse-multilingual.git + - git clone https://github.com/opensourceways/discourse-multilingual.git ## Remember, this is YAML syntax - you can only have one block with a name run: From d98ef427837e749b4c473f18050c3f8a357534a1 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 6 May 2025 15:32:21 +0800 Subject: [PATCH 34/94] specified version --- containers/web_only.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 961bc974e..e744cf84c 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -26,8 +26,8 @@ templates: params: ## Which Git revision should this container use? (default: tests-passed) - version: - + version: 4e760f7b7957d135fdb4458c30af99e92be4cc70 + env: LC_ALL: en_US.UTF-8 LANG: en_US.UTF-8 From 9b26b0506497e4719ca8cdc3f80c7cb0e90d2d7e Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 6 May 2025 16:42:57 +0800 Subject: [PATCH 35/94] huifu --- containers/web_only.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index e744cf84c..8638328fd 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -26,8 +26,8 @@ templates: params: ## Which Git revision should this container use? (default: tests-passed) - version: 4e760f7b7957d135fdb4458c30af99e92be4cc70 - + version: b056f9538b30bc4d8dce735f631afe31f99ddc57 + env: LC_ALL: en_US.UTF-8 LANG: en_US.UTF-8 From cefbd3d2b5de3ebaa4a7ceaee531d6388a93ce50 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 6 May 2025 19:29:35 +0800 Subject: [PATCH 36/94] try another base --- containers/web_only.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 8638328fd..fcf392e45 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -26,7 +26,8 @@ templates: params: ## Which Git revision should this container use? (default: tests-passed) - version: b056f9538b30bc4d8dce735f631afe31f99ddc57 + version: cde16697cd96a3765179b97518c4976f9817f734 + # b056f9538b30bc4d8dce735f631afe31f99ddc57 env: LC_ALL: en_US.UTF-8 From e06e9cbaeb9a17d68c71e95d0518c753f59cdb97 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 6 May 2025 20:04:49 +0800 Subject: [PATCH 37/94] multilingual plugin and base tag --- containers/web_only.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index fcf392e45..75e65cd0a 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -26,8 +26,7 @@ templates: params: ## Which Git revision should this container use? (default: tests-passed) - version: cde16697cd96a3765179b97518c4976f9817f734 - # b056f9538b30bc4d8dce735f631afe31f99ddc57 + version: b056f9538b30bc4d8dce735f631afe31f99ddc57 env: LC_ALL: en_US.UTF-8 @@ -108,7 +107,7 @@ hooks: - git clone https://github.com/discourse/discourse-solved.git - git clone https://github.com/discourse/discourse-gamification.git - git clone https://github.com/discourse/discourse-reactions.git - - git clone https://github.com/opensourceways/discourse-multilingual.git + - git clone https://github.com/paviliondev/discourse-multilingual.git ## Remember, this is YAML syntax - you can only have one block with a name run: From eac1870e03a736e3efddfef62ec515afbe7ed2da Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 6 May 2025 20:22:43 +0800 Subject: [PATCH 38/94] huifu --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 75e65cd0a..8638328fd 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -107,7 +107,7 @@ hooks: - git clone https://github.com/discourse/discourse-solved.git - git clone https://github.com/discourse/discourse-gamification.git - git clone https://github.com/discourse/discourse-reactions.git - - git clone https://github.com/paviliondev/discourse-multilingual.git + - git clone https://github.com/opensourceways/discourse-multilingual.git ## Remember, this is YAML syntax - you can only have one block with a name run: From 71dfc50515d67c5dbb12d684c5089306d38e0639 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Fri, 16 May 2025 16:19:36 +0800 Subject: [PATCH 39/94] try new commit --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 8638328fd..ec232ffe3 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -26,7 +26,7 @@ templates: params: ## Which Git revision should this container use? (default: tests-passed) - version: b056f9538b30bc4d8dce735f631afe31f99ddc57 + version: e0132d1bafbd5b69a6a2f7d595d54afd292c5fc5 env: LC_ALL: en_US.UTF-8 From 2a4a01fecee57774213fcb362bc9c2e106921447 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Mon, 19 May 2025 14:26:24 +0800 Subject: [PATCH 40/94] test multilingual repo --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index ec232ffe3..f7af2b693 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -107,7 +107,7 @@ hooks: - git clone https://github.com/discourse/discourse-solved.git - git clone https://github.com/discourse/discourse-gamification.git - git clone https://github.com/discourse/discourse-reactions.git - - git clone https://github.com/opensourceways/discourse-multilingual.git + - git clone https://github.com/paviliondev/discourse-multilingual.git ## Remember, this is YAML syntax - you can only have one block with a name run: From f6bd461b89b8cb89542b3ab7bdcf1493a9ab5b29 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 22 May 2025 17:10:09 +0800 Subject: [PATCH 41/94] update version --- containers/web_only.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index f7af2b693..6c08757aa 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -26,7 +26,7 @@ templates: params: ## Which Git revision should this container use? (default: tests-passed) - version: e0132d1bafbd5b69a6a2f7d595d54afd292c5fc5 + version: env: LC_ALL: en_US.UTF-8 From 68a09f0982e585639d0c1f0aabdb9f9606c6230c Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 29 May 2025 10:49:45 +0800 Subject: [PATCH 42/94] add redis password --- containers/web_only.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/web_only.yml b/containers/web_only.yml index 6c08757aa..e0c68a42e 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -74,6 +74,7 @@ env: DISCOURSE_DB_PASSWORD: DISCOURSE_DB_HOST: DISCOURSE_REDIS_HOST: + DISCOURSE_REDIS_PASSWORD: ## The http or https CDN address for this Discourse instance (configured to pull) ## see https://meta.discourse.org/t/14857 for details From e99d59ee34bc4cadfbc654e8159a01a8b134e246 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 29 May 2025 15:44:13 +0800 Subject: [PATCH 43/94] reduced user privileges --- containers/web_only.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index e0c68a42e..1d634710b 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -23,10 +23,11 @@ templates: # any extra arguments for Docker? # docker_args: +docker_args: "--user 1000:1000 --cap-drop=ALL --cap-add=CHOWN --cap-add=SETGID --cap-add=SETUID --cap-add=NET_BIND_SERVICE" params: ## Which Git revision should this container use? (default: tests-passed) - version: + version: b056f9538b30bc4d8dce735f631afe31f99ddc57 env: LC_ALL: en_US.UTF-8 @@ -112,6 +113,13 @@ hooks: ## Remember, this is YAML syntax - you can only have one block with a name run: + cap_drop: + - ALL + cap_add: + - CHOWN + - SETGID + - SETUID + - NET_BIND_SERVICE # - exec: echo "Beginning of custom commands" ## If you want to configure password login for root, uncomment and change: @@ -129,5 +137,10 @@ run: - bash -c "touch -a /shared/log/rails/{sidekiq,puma.err,puma}.log" - bash -c "ln -sf /shared/log/rails/{sidekiq,puma.err,puma}.log log/" - sed -i 's/default \$scheme;/default https;/' /etc/nginx/conf.d/discourse.conf + + - chown -R 1000:1000 /var/www/discourse + - chown -R 1000:1000 /shared + - chmod -R 755 /var/www/discourse + - chmod -R 755 /shared # - exec: echo "End of custom commands" # - exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}' From 299a2ffdd6dbd82f5d5da25f2cd97582cbd1c13a Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 29 May 2025 16:22:05 +0800 Subject: [PATCH 44/94] fix format --- containers/web_only.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 1d634710b..ce515c4b6 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -130,7 +130,7 @@ run: ## If you want to authorized additional users, uncomment and change: #- exec: ssh-import-id username #- exec: ssh-import-id anotherusername - - exec: + - exec: cd: /var/www/discourse cmd: - sed -i 's/GlobalSetting.serve_static_assets/true/' config/environments/production.rb @@ -144,3 +144,4 @@ run: - chmod -R 755 /shared # - exec: echo "End of custom commands" # - exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}' + \ No newline at end of file From 7301d16b178fff5ab15459719c8fc503c45e2dc3 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 29 May 2025 18:18:27 +0800 Subject: [PATCH 45/94] retry --- containers/web_only.yml | 24 +++++------------------- 1 file changed, 5 insertions(+), 19 deletions(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index ce515c4b6..b7fa75846 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -23,7 +23,7 @@ templates: # any extra arguments for Docker? # docker_args: -docker_args: "--user 1000:1000 --cap-drop=ALL --cap-add=CHOWN --cap-add=SETGID --cap-add=SETUID --cap-add=NET_BIND_SERVICE" +docker_args: "--user 1000:1000" params: ## Which Git revision should this container use? (default: tests-passed) @@ -75,7 +75,6 @@ env: DISCOURSE_DB_PASSWORD: DISCOURSE_DB_HOST: DISCOURSE_REDIS_HOST: - DISCOURSE_REDIS_PASSWORD: ## The http or https CDN address for this Discourse instance (configured to pull) ## see https://meta.discourse.org/t/14857 for details @@ -102,24 +101,17 @@ hooks: cmd: - mkdir -p plugins - git clone https://github.com/discourse/docker_manager.git - - git clone -b service https://GIT_USERNAME:GIT_PASSWORD@github.com/opensourceways/discourse-easecheck.git + - git clone https://GIT_USERNAME:GIT_PASSWORD@github.com/opensourceways/discourse-easecheck.git - git clone https://github.com/opensourceways/discourse-oauth2-basic.git - git clone https://github.com/opensourceways/discourse-formatting-toolbar.git - git clone https://github.com/opensourceways/discourse-translator.git - git clone https://github.com/discourse/discourse-solved.git - git clone https://github.com/discourse/discourse-gamification.git - git clone https://github.com/discourse/discourse-reactions.git - - git clone https://github.com/paviliondev/discourse-multilingual.git + - git clone https://github.com/opensourceways/discourse-multilingual.git ## Remember, this is YAML syntax - you can only have one block with a name run: - cap_drop: - - ALL - cap_add: - - CHOWN - - SETGID - - SETUID - - NET_BIND_SERVICE # - exec: echo "Beginning of custom commands" ## If you want to configure password login for root, uncomment and change: @@ -130,18 +122,12 @@ run: ## If you want to authorized additional users, uncomment and change: #- exec: ssh-import-id username #- exec: ssh-import-id anotherusername - - exec: + - exec: cd: /var/www/discourse cmd: - sed -i 's/GlobalSetting.serve_static_assets/true/' config/environments/production.rb - bash -c "touch -a /shared/log/rails/{sidekiq,puma.err,puma}.log" - bash -c "ln -sf /shared/log/rails/{sidekiq,puma.err,puma}.log log/" - sed -i 's/default \$scheme;/default https;/' /etc/nginx/conf.d/discourse.conf - - - chown -R 1000:1000 /var/www/discourse - - chown -R 1000:1000 /shared - - chmod -R 755 /var/www/discourse - - chmod -R 755 /shared # - exec: echo "End of custom commands" - # - exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}' - \ No newline at end of file + # - exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}' \ No newline at end of file From 1bd63bc3726c9f983841269e062f85af8ca2480c Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 29 May 2025 18:33:09 +0800 Subject: [PATCH 46/94] add before_bundle --- containers/web_only.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/containers/web_only.yml b/containers/web_only.yml index b7fa75846..c4ab662f6 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -110,6 +110,11 @@ hooks: - git clone https://github.com/discourse/discourse-reactions.git - git clone https://github.com/opensourceways/discourse-multilingual.git + before_bundle_exec: + - exec: + cmd: + - sed -i '/rm -f \/etc\/cron.d\/anacron/d' /pups/templates/web.template.yml + ## Remember, this is YAML syntax - you can only have one block with a name run: # - exec: echo "Beginning of custom commands" From 947fa62631c9a499cdcf8db64762878e406a5eac Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 29 May 2025 18:48:46 +0800 Subject: [PATCH 47/94] update before --- containers/web_only.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index c4ab662f6..3423dece6 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -113,7 +113,8 @@ hooks: before_bundle_exec: - exec: cmd: - - sed -i '/rm -f \/etc\/cron.d\/anacron/d' /pups/templates/web.template.yml + - find /pups/templates -type f -name '*.yml' -exec sed -i '/rm -f \/etc\/cron.d\/anacron/d' {} \; + ## Remember, this is YAML syntax - you can only have one block with a name run: From 138e33ea6d1270332893388ca8a6c81f48fcce31 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 29 May 2025 19:31:02 +0800 Subject: [PATCH 48/94] change web.template --- templates/web.template.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/web.template.yml b/templates/web.template.yml index a30ac028c..672b1ba2f 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -27,7 +27,7 @@ run: - /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end' - /usr/local/bin/ruby -e 'if (ENV["DISCOURSE_CDN_URL"] || "")[0..1] == "//"; puts "Aborting! CDN must have a protocol specified. Once fixed you should rebake your posts now to correct all posts."; exit 1; end' # TODO: move to base image (anacron can not be fired up using rc.d) - - exec: rm -f /etc/cron.d/anacron + # - exec: rm -f /etc/cron.d/anacron - file: path: /etc/cron.d/anacron contents: | From 0b951fc76a10afbbbd812acd496dd424dbba23e9 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 29 May 2025 19:36:48 +0800 Subject: [PATCH 49/94] remove anacron in web.template file --- templates/web.template.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/templates/web.template.yml b/templates/web.template.yml index 672b1ba2f..66d128da4 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -27,14 +27,7 @@ run: - /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end' - /usr/local/bin/ruby -e 'if (ENV["DISCOURSE_CDN_URL"] || "")[0..1] == "//"; puts "Aborting! CDN must have a protocol specified. Once fixed you should rebake your posts now to correct all posts."; exit 1; end' # TODO: move to base image (anacron can not be fired up using rc.d) - # - exec: rm -f /etc/cron.d/anacron - - file: - path: /etc/cron.d/anacron - contents: | - SHELL=/bin/sh - PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin - 30 7 * * * root /usr/sbin/anacron -s >/dev/null - file: path: /etc/runit/1.d/copy-env chmod: "+x" From dbd9fafc08989844f6d9793aef18b0dbe7188b28 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 29 May 2025 22:12:57 +0800 Subject: [PATCH 50/94] recover origin --- containers/web_only.yml | 7 ------- templates/web.template.yml | 9 ++++++++- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 3423dece6..467c2cd88 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -23,7 +23,6 @@ templates: # any extra arguments for Docker? # docker_args: -docker_args: "--user 1000:1000" params: ## Which Git revision should this container use? (default: tests-passed) @@ -110,12 +109,6 @@ hooks: - git clone https://github.com/discourse/discourse-reactions.git - git clone https://github.com/opensourceways/discourse-multilingual.git - before_bundle_exec: - - exec: - cmd: - - find /pups/templates -type f -name '*.yml' -exec sed -i '/rm -f \/etc\/cron.d\/anacron/d' {} \; - - ## Remember, this is YAML syntax - you can only have one block with a name run: # - exec: echo "Beginning of custom commands" diff --git a/templates/web.template.yml b/templates/web.template.yml index 66d128da4..10b672443 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -27,7 +27,14 @@ run: - /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end' - /usr/local/bin/ruby -e 'if (ENV["DISCOURSE_CDN_URL"] || "")[0..1] == "//"; puts "Aborting! CDN must have a protocol specified. Once fixed you should rebake your posts now to correct all posts."; exit 1; end' # TODO: move to base image (anacron can not be fired up using rc.d) + - exec: rm -f /etc/cron.d/anacron + - file: + path: /etc/cron.d/anacron + contents: | + SHELL=/bin/sh + PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + 30 7 * * * root /usr/sbin/anacron -s >/dev/null - file: path: /etc/runit/1.d/copy-env chmod: "+x" @@ -440,4 +447,4 @@ run: - + \ No newline at end of file From 524280183f8ae7e134545b796cb1e90cbf0964d5 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 29 May 2025 22:29:46 +0800 Subject: [PATCH 51/94] update webonly --- containers/web_only.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/containers/web_only.yml b/containers/web_only.yml index 467c2cd88..76f70d3ff 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -128,5 +128,10 @@ run: - bash -c "touch -a /shared/log/rails/{sidekiq,puma.err,puma}.log" - bash -c "ln -sf /shared/log/rails/{sidekiq,puma.err,puma}.log log/" - sed -i 's/default \$scheme;/default https;/' /etc/nginx/conf.d/discourse.conf + - exec: useradd -m -s /bin/bash discourse + - exec: chown -R discourse:discourse /var/www + - exec: chmod -R 755 /var/www + +boot_command: "su - discourse -c '/sbin/boot'" # - exec: echo "End of custom commands" # - exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}' \ No newline at end of file From b5b583ef9941704c6c78e9e5ed5d4a2500a017e4 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 29 May 2025 22:37:01 +0800 Subject: [PATCH 52/94] update1 --- containers/web_only.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/web_only.yml b/containers/web_only.yml index 76f70d3ff..78de0d492 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -128,7 +128,6 @@ run: - bash -c "touch -a /shared/log/rails/{sidekiq,puma.err,puma}.log" - bash -c "ln -sf /shared/log/rails/{sidekiq,puma.err,puma}.log log/" - sed -i 's/default \$scheme;/default https;/' /etc/nginx/conf.d/discourse.conf - - exec: useradd -m -s /bin/bash discourse - exec: chown -R discourse:discourse /var/www - exec: chmod -R 755 /var/www From 7f6e279f3dcd8c3474077270755aef3f67433908 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 29 May 2025 23:37:29 +0800 Subject: [PATCH 53/94] add dockerfile --- Dockerfile.runtime | 15 +++++++++++++++ containers/web_only.yml | 5 +---- 2 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 Dockerfile.runtime diff --git a/Dockerfile.runtime b/Dockerfile.runtime new file mode 100644 index 000000000..e2f06dfc9 --- /dev/null +++ b/Dockerfile.runtime @@ -0,0 +1,15 @@ +FROM swr.cn-north-4.myhuaweicloud.com/opensourceway/common/discourse:v1.8.0 + +# 设置目录权限 +RUN chown -R discourse:discourse /var/www/discourse && \ + chown -R discourse:discourse /shared && \ + chown -R discourse:discourse /var/log && \ + chown -R discourse:discourse /var/lib && \ + chown -R discourse:discourse /var/spool + + +# 切换到非root用户 +USER discourse + +# 保留原有的ENTRYPOINT和CMD +ENTRYPOINT ["/sbin/boot"] \ No newline at end of file diff --git a/containers/web_only.yml b/containers/web_only.yml index 78de0d492..0ac0baf27 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -74,6 +74,7 @@ env: DISCOURSE_DB_PASSWORD: DISCOURSE_DB_HOST: DISCOURSE_REDIS_HOST: + DISCOURSE_REDIS_PASSWORD: ## The http or https CDN address for this Discourse instance (configured to pull) ## see https://meta.discourse.org/t/14857 for details @@ -128,9 +129,5 @@ run: - bash -c "touch -a /shared/log/rails/{sidekiq,puma.err,puma}.log" - bash -c "ln -sf /shared/log/rails/{sidekiq,puma.err,puma}.log log/" - sed -i 's/default \$scheme;/default https;/' /etc/nginx/conf.d/discourse.conf - - exec: chown -R discourse:discourse /var/www - - exec: chmod -R 755 /var/www - -boot_command: "su - discourse -c '/sbin/boot'" # - exec: echo "End of custom commands" # - exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}' \ No newline at end of file From 474977155f4362b8f865efea700f40500eaa17af Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 29 May 2025 23:57:16 +0800 Subject: [PATCH 54/94] add env --- containers/web_only.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/containers/web_only.yml b/containers/web_only.yml index 0ac0baf27..ab63e83c0 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -32,6 +32,8 @@ env: LC_ALL: en_US.UTF-8 LANG: en_US.UTF-8 LANGUAGE: en_US.UTF-8 + DISCOURSE_RUN_AS_ROOT: + DISCOURSE_USE_PRECOMPILED_ASSETS: # DISCOURSE_DEFAULT_LOCALE: en ## How many concurrent web requests are supported? Depends on memory and CPU cores. From 9e72fcb50dda096dda6112716663c0ffd4234b47 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Fri, 30 May 2025 10:25:37 +0800 Subject: [PATCH 55/94] delete webtemplate --- templates/web.template.yml | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/templates/web.template.yml b/templates/web.template.yml index 10b672443..f59ddf8c2 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -323,37 +323,6 @@ run: # later move this snipped into an initialization script # we also ensure all the symlinks we need to /shared are in place in the correct structure # this allows us to bootstrap on one machine and then run on another - - file: - path: /etc/runit/1.d/00-ensure-links - chmod: +x - contents: | - #!/bin/bash - if [[ ! -L /var/lib/logrotate ]]; then - rm -fr /var/lib/logrotate - mkdir -p /shared/state/logrotate - ln -s /shared/state/logrotate /var/lib/logrotate - fi - if [[ ! -L /var/spool/anacron ]]; then - rm -fr /var/spool/anacron - mkdir -p /shared/state/anacron-spool - ln -s /shared/state/anacron-spool /var/spool/anacron - fi - if [[ ! -d /shared/log/rails ]]; then - mkdir -p /shared/log/rails - chown -R discourse:www-data /shared/log/rails - fi - if [[ ! -d /shared/uploads ]]; then - mkdir -p /shared/uploads - chown -R discourse:www-data /shared/uploads - fi - if [[ ! -d /shared/backups ]]; then - mkdir -p /shared/backups - chown -R discourse:www-data /shared/backups - fi - - rm -rf /shared/tmp/{backups,restores} - mkdir -p /shared/tmp/{backups,restores} - chown -R discourse:www-data /shared/tmp/{backups,restores} - file: path: /etc/runit/1.d/01-cleanup-web-pids chmod: +x From ef0ed637d2e270765562345ee38d5a788cbc1033 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Fri, 30 May 2025 11:24:04 +0800 Subject: [PATCH 56/94] delete image file --- Dockerfile.runtime | 23 +++++++++++++++++------ image/base/etc/runit/1.d/00-fix-var-logs | 8 -------- 2 files changed, 17 insertions(+), 14 deletions(-) delete mode 100755 image/base/etc/runit/1.d/00-fix-var-logs diff --git a/Dockerfile.runtime b/Dockerfile.runtime index e2f06dfc9..4eb8d4ccc 100644 --- a/Dockerfile.runtime +++ b/Dockerfile.runtime @@ -1,12 +1,23 @@ -FROM swr.cn-north-4.myhuaweicloud.com/opensourceway/common/discourse:v1.8.0 +FROM swr.cn-north-4.myhuaweicloud.com/opensourceway/common/discourse:v1.8.2.test # 设置目录权限 -RUN chown -R discourse:discourse /var/www/discourse && \ - chown -R discourse:discourse /shared && \ - chown -R discourse:discourse /var/log && \ - chown -R discourse:discourse /var/lib && \ - chown -R discourse:discourse /var/spool +RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/logrotate && \ + mkdir -p /shared/state/anacron-spool && ln -s /shared/state/anacron-spool /var/spool/anacron && \ + mkdir -p /shared/log/rails && mkdir -p /shared/uploads && mkdir -p /shared/backups && \ + rm -rf /shared/tmp/{backups,restores} && mkdir -p /shared/tmp/{backups,restores} && \ + mkdir -p /var/log/nginx && \ + chown -R www-data:www-data /var/log/nginx && \ + chmod -R 644 /var/log/nginx && \ + chmod 755 /var/log/nginx && \ + touch /var/log/syslog && chown -f discourse:www-data /var/log/syslog* && \ + touch /var/log/auth.log && chown -f discourse:www-data /var/log/auth.log* && \ + touch /var/log/kern.log && chown -f discourse:www-data /var/log/kern.log* && \ + chown -R discourse:www-data /var/www/discourse && \ + chown -R discourse:www-data /shared && \ + chown -R discourse:www-data /var/log && \ + chown -R discourse:www-data /var/lib && \ + chown -R discourse:www-data /var/spool # 切换到非root用户 USER discourse diff --git a/image/base/etc/runit/1.d/00-fix-var-logs b/image/base/etc/runit/1.d/00-fix-var-logs deleted file mode 100755 index c12065f38..000000000 --- a/image/base/etc/runit/1.d/00-fix-var-logs +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -mkdir -p /var/log/nginx -chown -R www-data:www-data /var/log/nginx -chmod -R 644 /var/log/nginx -chmod 755 /var/log/nginx -touch /var/log/syslog && chown -f root:adm /var/log/syslog* -touch /var/log/auth.log && chown -f root:adm /var/log/auth.log* -touch /var/log/kern.log && chown -f root:adm /var/log/kern.log* From 441d089e351a63177fc3297ba722a9e9697deb09 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Fri, 30 May 2025 11:44:32 +0800 Subject: [PATCH 57/94] delete image file1 --- Dockerfile.runtime | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile.runtime b/Dockerfile.runtime index 4eb8d4ccc..f0aca8bcf 100644 --- a/Dockerfile.runtime +++ b/Dockerfile.runtime @@ -12,7 +12,6 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l touch /var/log/syslog && chown -f discourse:www-data /var/log/syslog* && \ touch /var/log/auth.log && chown -f discourse:www-data /var/log/auth.log* && \ touch /var/log/kern.log && chown -f discourse:www-data /var/log/kern.log* && \ - chown -R discourse:www-data /var/www/discourse && \ chown -R discourse:www-data /shared && \ chown -R discourse:www-data /var/log && \ From fde8cec7151c70609894a80a50301c8d7bd86bc8 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Fri, 30 May 2025 15:14:03 +0800 Subject: [PATCH 58/94] update dockerfile --- Dockerfile.runtime | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile.runtime b/Dockerfile.runtime index f0aca8bcf..ea5182112 100644 --- a/Dockerfile.runtime +++ b/Dockerfile.runtime @@ -5,6 +5,7 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l mkdir -p /shared/state/anacron-spool && ln -s /shared/state/anacron-spool /var/spool/anacron && \ mkdir -p /shared/log/rails && mkdir -p /shared/uploads && mkdir -p /shared/backups && \ rm -rf /shared/tmp/{backups,restores} && mkdir -p /shared/tmp/{backups,restores} && \ + rm -f /etc/runit/1.d/00-fix-var-logs.txt && \ mkdir -p /var/log/nginx && \ chown -R www-data:www-data /var/log/nginx && \ chmod -R 644 /var/log/nginx && \ From 2a5f0f30c52c059959ba895705c8d006f722ec82 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Fri, 30 May 2025 15:16:21 +0800 Subject: [PATCH 59/94] update dockerfile onec --- Dockerfile.runtime | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.runtime b/Dockerfile.runtime index ea5182112..b7041274c 100644 --- a/Dockerfile.runtime +++ b/Dockerfile.runtime @@ -5,7 +5,7 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l mkdir -p /shared/state/anacron-spool && ln -s /shared/state/anacron-spool /var/spool/anacron && \ mkdir -p /shared/log/rails && mkdir -p /shared/uploads && mkdir -p /shared/backups && \ rm -rf /shared/tmp/{backups,restores} && mkdir -p /shared/tmp/{backups,restores} && \ - rm -f /etc/runit/1.d/00-fix-var-logs.txt && \ + rm -f /etc/runit/1.d/00-fix-var-logs && \ mkdir -p /var/log/nginx && \ chown -R www-data:www-data /var/log/nginx && \ chmod -R 644 /var/log/nginx && \ From 43c7678026afd0697363e75f8d60dd8f4877f4c5 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Fri, 30 May 2025 16:16:22 +0800 Subject: [PATCH 60/94] update dockerfilea --- Dockerfile.runtime | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile.runtime b/Dockerfile.runtime index b7041274c..570c489b8 100644 --- a/Dockerfile.runtime +++ b/Dockerfile.runtime @@ -5,6 +5,7 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l mkdir -p /shared/state/anacron-spool && ln -s /shared/state/anacron-spool /var/spool/anacron && \ mkdir -p /shared/log/rails && mkdir -p /shared/uploads && mkdir -p /shared/backups && \ rm -rf /shared/tmp/{backups,restores} && mkdir -p /shared/tmp/{backups,restores} && \ + chown -R discourse:www-data /etc/runit/1.d && \ rm -f /etc/runit/1.d/00-fix-var-logs && \ mkdir -p /var/log/nginx && \ chown -R www-data:www-data /var/log/nginx && \ From 852e28473836e8f5a78d513e9f056117ef67f9e1 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 3 Jun 2025 10:12:07 +0800 Subject: [PATCH 61/94] update dockfile etcservice --- Dockerfile.runtime | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile.runtime b/Dockerfile.runtime index 570c489b8..5766b9956 100644 --- a/Dockerfile.runtime +++ b/Dockerfile.runtime @@ -6,6 +6,8 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l mkdir -p /shared/log/rails && mkdir -p /shared/uploads && mkdir -p /shared/backups && \ rm -rf /shared/tmp/{backups,restores} && mkdir -p /shared/tmp/{backups,restores} && \ chown -R discourse:www-data /etc/runit/1.d && \ + chown -R discourse:www-data /etc/service && \ + chmod -R 755 discourse:www-data /etc/service && \ rm -f /etc/runit/1.d/00-fix-var-logs && \ mkdir -p /var/log/nginx && \ chown -R www-data:www-data /var/log/nginx && \ From e1c499c6d773be2f6d3faf284c0f7fc8ebc66c22 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 3 Jun 2025 10:41:26 +0800 Subject: [PATCH 62/94] update dockfile etc --- Dockerfile.runtime | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.runtime b/Dockerfile.runtime index 5766b9956..d47795e5a 100644 --- a/Dockerfile.runtime +++ b/Dockerfile.runtime @@ -7,7 +7,7 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l rm -rf /shared/tmp/{backups,restores} && mkdir -p /shared/tmp/{backups,restores} && \ chown -R discourse:www-data /etc/runit/1.d && \ chown -R discourse:www-data /etc/service && \ - chmod -R 755 discourse:www-data /etc/service && \ + chmod -R 755 /etc/service && \ rm -f /etc/runit/1.d/00-fix-var-logs && \ mkdir -p /var/log/nginx && \ chown -R www-data:www-data /var/log/nginx && \ From c7909c875b313bab3040d8f6f8560ff0f072045b Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 3 Jun 2025 16:25:47 +0800 Subject: [PATCH 63/94] update dockfile three --- Dockerfile.runtime | 2 + image/base/etc/service/rsyslog/run | 2 - templates/web.template.yml | 59 ++++++++++++++---------------- 3 files changed, 30 insertions(+), 33 deletions(-) diff --git a/Dockerfile.runtime b/Dockerfile.runtime index d47795e5a..50a2727c1 100644 --- a/Dockerfile.runtime +++ b/Dockerfile.runtime @@ -20,6 +20,8 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l chown -R discourse:www-data /shared && \ chown -R discourse:www-data /var/log && \ chown -R discourse:www-data /var/lib && \ + chown -R discourse:www-data /tmp && \ + chown -R discourse:www-data /dev && \ chown -R discourse:www-data /var/spool # 切换到非root用户 diff --git a/image/base/etc/service/rsyslog/run b/image/base/etc/service/rsyslog/run index 3262e9de1..a700532a3 100755 --- a/image/base/etc/service/rsyslog/run +++ b/image/base/etc/service/rsyslog/run @@ -1,7 +1,5 @@ #!/bin/bash exec 2>&1 cd / -chgrp adm /var/log -chmod g+w /var/log rm -f /var/run/rsyslogd.pid exec rsyslogd -n diff --git a/templates/web.template.yml b/templates/web.template.yml index f59ddf8c2..b718cdf76 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -54,16 +54,14 @@ run: exec 2>&1 # redis # postgres - cd $home - chown -R discourse:www-data /shared/log/rails # before precompile if [[ -z "$PRECOMPILE_ON_BOOT" ]]; then PRECOMPILE_ON_BOOT=1 fi if [ -f /usr/local/bin/create_db ] && [ "$CREATE_DB_ON_BOOT" = "1" ]; then /usr/local/bin/create_db; fi; - if [ "$MIGRATE_ON_BOOT" = "1" ]; then su discourse -c 'bundle exec rake db:migrate'; fi - if [ "$PRECOMPILE_ON_BOOT" = "1" ]; then SKIP_EMBER_CLI_COMPILE=1 su discourse -c 'bundle exec rake assets:precompile'; fi - LD_PRELOAD=$RUBY_ALLOCATOR HOME=/home/discourse USER=discourse exec thpoff chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb + if [ "$MIGRATE_ON_BOOT" = "1" ]; then bundle exec rake db:migrate; fi + if [ "$PRECOMPILE_ON_BOOT" = "1" ]; then SKIP_EMBER_CLI_COMPILE=1 bundle exec rake assets:precompile; fi + exec bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb - file: path: /etc/service/nginx/run @@ -91,32 +89,28 @@ run: cd: $home hook: code cmd: - - sudo -H -E -u discourse git reset --hard - - sudo -H -E -u discourse git clean -f + - git reset --hard + - git clean -f # TODO Remove the special handling of shallow clones when everyone uses images without that clone type - - |- - sudo -H -E -u discourse bash -c ' - set -o errexit - if [ $(git rev-parse --is-shallow-repository) == "true" ]; then - git remote set-branches --add origin main - git remote set-branches origin $version - git fetch --depth 1 origin $version - else - git fetch --tags --prune-tags --prune --force origin - fi - ' - - |- - sudo -H -E -u discourse bash -c ' - set -o errexit - if [[ $(git symbolic-ref --short HEAD) == $version ]] ; then - git pull - else - git -c advice.detachedHead=false checkout $version + - | + set -o errexit + if [ $(git rev-parse --is-shallow-repository) == "true" ]; then + git remote set-branches --add origin main + git remote set-branches origin $version + git fetch --depth 1 origin $version + else + git fetch --tags --prune-tags --prune --force origin + fi + - | + set -o errexit + if [[ $(git symbolic-ref --short HEAD) == $version ]] ; then + git pull + else + git -c advice.detachedHead=false checkout $version fi - ' - - sudo -H -E -u discourse git config user.discourse-version $version + + - git config user.discourse-version $version - mkdir -p tmp - - chown discourse:www-data tmp - mkdir -p tmp/pids - mkdir -p tmp/sockets - touch tmp/.gitkeep @@ -127,9 +121,6 @@ run: - bash -c "ln -s /shared/{uploads,backups} $home/public" - bash -c "mkdir -p /shared/tmp/{backups,restores}" - bash -c "ln -s /shared/tmp/{backups,restores} $home/tmp" - - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups /shared/tmp - # scrub broken symlinks from plugins that have been removed - - "[ ! -d public/plugins ] || find public/plugins/ -maxdepth 1 -xtype l -delete" - exec: cmd: @@ -163,6 +154,12 @@ run: filename: "/etc/nginx/nginx.conf" from: /worker_connections.+$/ to: worker_connections $nginx_worker_connections ; + + - replace: + filename: "/etc/nginx/conf.d/discourse.conf" + from: /listen\s+80;/ + to: "listen 8080;" + - exec: cmd: echo "done configuring web" From f2107205383faddc9171e84fd7680511c187a602 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 3 Jun 2025 16:42:32 +0800 Subject: [PATCH 64/94] add webtemplate --- templates/web.template.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/web.template.yml b/templates/web.template.yml index b718cdf76..cbfa3cab5 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -89,6 +89,7 @@ run: cd: $home hook: code cmd: + - git config --global --add safe.directory $home - git reset --hard - git clean -f # TODO Remove the special handling of shallow clones when everyone uses images without that clone type From 730558e5aa6bce270edfc7c2e0b07a5d969736ca Mon Sep 17 00:00:00 2001 From: evie-tao Date: Wed, 4 Jun 2025 10:29:56 +0800 Subject: [PATCH 65/94] add webtemplate1 --- Dockerfile.runtime | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Dockerfile.runtime b/Dockerfile.runtime index 50a2727c1..99d40ce8e 100644 --- a/Dockerfile.runtime +++ b/Dockerfile.runtime @@ -20,9 +20,16 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l chown -R discourse:www-data /shared && \ chown -R discourse:www-data /var/log && \ chown -R discourse:www-data /var/lib && \ + chown -R discourse:www-data /var/run && \ + chown -R discourse:www-data /run && \ chown -R discourse:www-data /tmp && \ - chown -R discourse:www-data /dev && \ - chown -R discourse:www-data /var/spool + chown -R discourse:www-data /dev/log && \ + chown -R discourse:www-data /var/spool && \ + sed -i "s|root|discourse|g" /etc/rsyslog.conf && \ + sed -i "s|adm|www-data|g" /etc/rsyslog.conf && \ + sed -i "s|chgrp|#chgrp|g" /etc/service/rsyslog/run && \ + sed -i "s|chmod|#chmod|g" /etc/service/rsyslog/run + # 切换到非root用户 USER discourse From 568a321221edb030f21b433f87ab6750dc949e6e Mon Sep 17 00:00:00 2001 From: evie-tao Date: Wed, 4 Jun 2025 10:41:23 +0800 Subject: [PATCH 66/94] add webtemplate2 --- Dockerfile.runtime | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.runtime b/Dockerfile.runtime index 99d40ce8e..d888978cd 100644 --- a/Dockerfile.runtime +++ b/Dockerfile.runtime @@ -23,7 +23,7 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l chown -R discourse:www-data /var/run && \ chown -R discourse:www-data /run && \ chown -R discourse:www-data /tmp && \ - chown -R discourse:www-data /dev/log && \ + chown -R discourse:www-data /dev && \ chown -R discourse:www-data /var/spool && \ sed -i "s|root|discourse|g" /etc/rsyslog.conf && \ sed -i "s|adm|www-data|g" /etc/rsyslog.conf && \ From 7ec3845d4a2e36b9fed359fc1e49495e9d6fadd7 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Wed, 4 Jun 2025 11:11:49 +0800 Subject: [PATCH 67/94] add webtemplate3 --- Dockerfile.runtime | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile.runtime b/Dockerfile.runtime index d888978cd..de8ac037f 100644 --- a/Dockerfile.runtime +++ b/Dockerfile.runtime @@ -9,10 +9,10 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l chown -R discourse:www-data /etc/service && \ chmod -R 755 /etc/service && \ rm -f /etc/runit/1.d/00-fix-var-logs && \ + rm -rf /etc/service/rsyslog &&\ mkdir -p /var/log/nginx && \ chown -R www-data:www-data /var/log/nginx && \ - chmod -R 644 /var/log/nginx && \ - chmod 755 /var/log/nginx && \ + chmod -R 755 /var/log/nginx && \ touch /var/log/syslog && chown -f discourse:www-data /var/log/syslog* && \ touch /var/log/auth.log && chown -f discourse:www-data /var/log/auth.log* && \ touch /var/log/kern.log && chown -f discourse:www-data /var/log/kern.log* && \ @@ -27,8 +27,8 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l chown -R discourse:www-data /var/spool && \ sed -i "s|root|discourse|g" /etc/rsyslog.conf && \ sed -i "s|adm|www-data|g" /etc/rsyslog.conf && \ - sed -i "s|chgrp|#chgrp|g" /etc/service/rsyslog/run && \ - sed -i "s|chmod|#chmod|g" /etc/service/rsyslog/run + # sed -i "s|chgrp|#chgrp|g" /etc/service/rsyslog/run && \ + # sed -i "s|chmod|#chmod|g" /etc/service/rsyslog/run # 切换到非root用户 From 18682ad148424d1a36ccc38a74df8fad18eafad1 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Wed, 4 Jun 2025 11:22:06 +0800 Subject: [PATCH 68/94] add webtemplate4 --- Dockerfile.runtime | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile.runtime b/Dockerfile.runtime index de8ac037f..f36db7e24 100644 --- a/Dockerfile.runtime +++ b/Dockerfile.runtime @@ -26,11 +26,9 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l chown -R discourse:www-data /dev && \ chown -R discourse:www-data /var/spool && \ sed -i "s|root|discourse|g" /etc/rsyslog.conf && \ - sed -i "s|adm|www-data|g" /etc/rsyslog.conf && \ + sed -i "s|adm|www-data|g" /etc/rsyslog.conf # sed -i "s|chgrp|#chgrp|g" /etc/service/rsyslog/run && \ # sed -i "s|chmod|#chmod|g" /etc/service/rsyslog/run - - # 切换到非root用户 USER discourse From 2da5f2c701bc21025b50e76f13518039d5ff7d4c Mon Sep 17 00:00:00 2001 From: evie-tao Date: Wed, 4 Jun 2025 11:59:04 +0800 Subject: [PATCH 69/94] add webtemplate5 --- Dockerfile.runtime | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile.runtime b/Dockerfile.runtime index f36db7e24..20cd67706 100644 --- a/Dockerfile.runtime +++ b/Dockerfile.runtime @@ -9,7 +9,7 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l chown -R discourse:www-data /etc/service && \ chmod -R 755 /etc/service && \ rm -f /etc/runit/1.d/00-fix-var-logs && \ - rm -rf /etc/service/rsyslog &&\ + rm -rf /etc/service/rsyslog /etc/service/cron /etc/service/anacron &&\ mkdir -p /var/log/nginx && \ chown -R www-data:www-data /var/log/nginx && \ chmod -R 755 /var/log/nginx && \ @@ -26,7 +26,9 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l chown -R discourse:www-data /dev && \ chown -R discourse:www-data /var/spool && \ sed -i "s|root|discourse|g" /etc/rsyslog.conf && \ - sed -i "s|adm|www-data|g" /etc/rsyslog.conf + sed -i "s|adm|www-data|g" /etc/rsyslog.conf && \ + sed -i '1i cd /var/www/discourse' /etc/service/unicorn/run && \ + sed -i "s|www-data|discourse|g" /etc/nginx/nginx.conf # sed -i "s|chgrp|#chgrp|g" /etc/service/rsyslog/run && \ # sed -i "s|chmod|#chmod|g" /etc/service/rsyslog/run # 切换到非root用户 From 85c6a13e61a94657bb3adccd84d1bd537cea94f7 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Wed, 4 Jun 2025 14:53:30 +0800 Subject: [PATCH 70/94] add webtemplate6 --- Dockerfile.runtime | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.runtime b/Dockerfile.runtime index 20cd67706..4921c321f 100644 --- a/Dockerfile.runtime +++ b/Dockerfile.runtime @@ -27,7 +27,7 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l chown -R discourse:www-data /var/spool && \ sed -i "s|root|discourse|g" /etc/rsyslog.conf && \ sed -i "s|adm|www-data|g" /etc/rsyslog.conf && \ - sed -i '1i cd /var/www/discourse' /etc/service/unicorn/run && \ + sed -i '2i cd /var/www/discourse' /etc/service/unicorn/run && \ sed -i "s|www-data|discourse|g" /etc/nginx/nginx.conf # sed -i "s|chgrp|#chgrp|g" /etc/service/rsyslog/run && \ # sed -i "s|chmod|#chmod|g" /etc/service/rsyslog/run From c9ae624eda499aeff6e3822fde149dde81b91758 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 5 Jun 2025 11:08:36 +0800 Subject: [PATCH 71/94] add webtemplate7 --- Dockerfile.runtime => Dockerfile | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) rename Dockerfile.runtime => Dockerfile (79%) diff --git a/Dockerfile.runtime b/Dockerfile similarity index 79% rename from Dockerfile.runtime rename to Dockerfile index 4921c321f..86fa31995 100644 --- a/Dockerfile.runtime +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM swr.cn-north-4.myhuaweicloud.com/opensourceway/common/discourse:v1.8.2.test +FROM local_discourse/web_only:latest # 设置目录权限 RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/logrotate && \ @@ -28,9 +28,16 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l sed -i "s|root|discourse|g" /etc/rsyslog.conf && \ sed -i "s|adm|www-data|g" /etc/rsyslog.conf && \ sed -i '2i cd /var/www/discourse' /etc/service/unicorn/run && \ - sed -i "s|www-data|discourse|g" /etc/nginx/nginx.conf - # sed -i "s|chgrp|#chgrp|g" /etc/service/rsyslog/run && \ - # sed -i "s|chmod|#chmod|g" /etc/service/rsyslog/run + sed -i "s|www-data|discourse|g" /etc/nginx/nginx.conf && \ + echo "umask0027" >> /etc/bashrc && \ + echo "set +o history" >> /etc/bashrc && \ + sed -i "s|HISTSIZE=1000|HISTSIZE=0|" /etc/profile && \ + chage --maxdays 30 nginx && \ + passwd -| $NGINX_USER && \ + usermod -s /sbin/nologin sync && \ + usermod -s /sbin/nologin shutdown && \ + usermod -S /sbin/nologin halt + # 切换到非root用户 USER discourse From d1c1f7f9f5a0054e770fb32e2467a1df4c6e58d5 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 5 Jun 2025 11:51:01 +0800 Subject: [PATCH 72/94] add webtemplate8 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 86fa31995..608395daa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,7 +32,7 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l echo "umask0027" >> /etc/bashrc && \ echo "set +o history" >> /etc/bashrc && \ sed -i "s|HISTSIZE=1000|HISTSIZE=0|" /etc/profile && \ - chage --maxdays 30 nginx && \ + chage --maxdays 30 discourse && \ passwd -| $NGINX_USER && \ usermod -s /sbin/nologin sync && \ usermod -s /sbin/nologin shutdown && \ From 2ac021c9425981339c1018b856a95788e93e2dd2 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 5 Jun 2025 11:52:34 +0800 Subject: [PATCH 73/94] add webtemplate9 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 608395daa..564f5501a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,7 +33,7 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l echo "set +o history" >> /etc/bashrc && \ sed -i "s|HISTSIZE=1000|HISTSIZE=0|" /etc/profile && \ chage --maxdays 30 discourse && \ - passwd -| $NGINX_USER && \ + passwd -| discourse && \ usermod -s /sbin/nologin sync && \ usermod -s /sbin/nologin shutdown && \ usermod -S /sbin/nologin halt From 6316f09b2bbe271f6881d2fa98dee08170e156e2 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 5 Jun 2025 14:17:44 +0800 Subject: [PATCH 74/94] add webtemplate10 --- Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 564f5501a..a173bbd96 100644 --- a/Dockerfile +++ b/Dockerfile @@ -34,9 +34,7 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l sed -i "s|HISTSIZE=1000|HISTSIZE=0|" /etc/profile && \ chage --maxdays 30 discourse && \ passwd -| discourse && \ - usermod -s /sbin/nologin sync && \ - usermod -s /sbin/nologin shutdown && \ - usermod -S /sbin/nologin halt + usermod -s /sbin/nologin sync # 切换到非root用户 USER discourse From 785eafb32bbfdde6a9b7383e49078cb2e8b1427e Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 24 Jun 2025 22:12:40 +0800 Subject: [PATCH 75/94] address the issue of plaintext data being written to disk --- Dockerfile | 2 +- containers/web_only.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a173bbd96..f2d31b9b3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,7 +29,7 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l sed -i "s|adm|www-data|g" /etc/rsyslog.conf && \ sed -i '2i cd /var/www/discourse' /etc/service/unicorn/run && \ sed -i "s|www-data|discourse|g" /etc/nginx/nginx.conf && \ - echo "umask0027" >> /etc/bashrc && \ + echo "umask 0027" >> /etc/bashrc && \ echo "set +o history" >> /etc/bashrc && \ sed -i "s|HISTSIZE=1000|HISTSIZE=0|" /etc/profile && \ chage --maxdays 30 discourse && \ diff --git a/containers/web_only.yml b/containers/web_only.yml index ab63e83c0..cd1432315 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -105,6 +105,7 @@ hooks: - git clone https://github.com/discourse/docker_manager.git - git clone https://GIT_USERNAME:GIT_PASSWORD@github.com/opensourceways/discourse-easecheck.git - git clone https://github.com/opensourceways/discourse-oauth2-basic.git + # - git clone https://github.com/opensourceways/discourse-formatting-toolbar.git - git clone https://github.com/opensourceways/discourse-formatting-toolbar.git - git clone https://github.com/opensourceways/discourse-translator.git - git clone https://github.com/discourse/discourse-solved.git From 0bc7cbbebb5192612d3088a8533cafe074b713b4 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 26 Jun 2025 16:40:37 +0800 Subject: [PATCH 76/94] test0 --- Dockerfile | 122 ++++++++++++++++++++++++++++++++++++++++ containers/web_only.yml | 4 +- 2 files changed, 124 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index f2d31b9b3..a188c48d4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,63 @@ FROM local_discourse/web_only:latest +# 切换为root用户卸载安装调试工具 +# USER root +ENV DEBIAN_FRONTEND=noninteractive + +RUN update-ca-certificates +ENV PGSSLMODE=require \ + PGSSLROOTCERT=/etc/ssl/certs/pg-server-ca.crt + +RUN update-ca-certificates +ENV REDIS_PORT=6379 \ + REDIS_SSL=true + +# 卸载 sudo +RUN apt-get update +# RUN apt-get remove -y sudo +RUN apt-get autoremove -y +RUN apt-get clean +RUN rm -rf /var/lib/apt/lists/* + +# 卸载安装工具 +RUN apt-get update \ + && apt-get purge -y --auto-remove \ + tcpdump \ + nmap \ + wireshark-common \ + netcat-openbsd \ + gdb \ + strace \ + binutils \ + build-essential \ + cmake \ + flex \ + libtool \ + openjdk-11-jdk-headless \ + php-cli \ + python3-dbg \ + python3-pdb \ + && rm -f \ + /usr/bin/tcpdump \ + /usr/bin/nmap \ + /usr/bin/wireshark* \ + /usr/bin/netcat \ + /usr/bin/gdb \ + /usr/bin/strace \ + /usr/bin/readelf \ + /usr/bin/cpp \ + /usr/bin/gcc \ + /usr/bin/make \ + /usr/bin/objdump \ + /usr/bin/ar \ + /usr/bin/ld \ + /usr/bin/flex \ + /usr/bin/lex \ + /usr/bin/rpcgen \ + /usr/bin/cmake \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + # 设置目录权限 RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/logrotate && \ mkdir -p /shared/state/anacron-spool && ln -s /shared/state/anacron-spool /var/spool/anacron && \ @@ -36,6 +94,70 @@ RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/l passwd -| discourse && \ usermod -s /sbin/nologin sync +# 修正 /etc/nginx 下所有目录和文件的属主与权限 +RUN \ + chown -R discourse:www-data /etc/nginx && \ + # 所有目录:550(dr-xr-x---) + find /etc/nginx -type d -exec chmod 550 {} \; && \ + # 所有 .conf 文件:640(-rw-r-----) + find /etc/nginx -type f -name '*.conf' -exec chmod 640 {} \; && \ + chmod 440 /etc/nginx/geoip/* /etc/nginx/modules/* && \ + find /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets -type f -exec chmod 640 {} \; + +# 对 /var 下目录做按需属主和权限调整 +RUN \ + # 需要写入的目录:discourse:www-data, 750 + chown discourse:www-data /var/backups /var/log /var/nginx /var/www/discourse \ + && chmod 750 /var/backups /var/log /var/nginx /var/www/discourse \ + \ + # 不需要写入的系统目录:root:root, 550 + chmod 550 /var/cache /var/lib /var/local /var/spool /var/mail /var/opt \ + \ + # /var/tmp 保持 1777 + chmod 1777 /var/tmp \ + \ + # 写入目录下的文件设为 600 + find /var/backups /var/log /var/nginx /var/www/discourse -type f -exec chmod 600 {} \; \ + \ + # 非写入目录下的文件设为 440 + find /var/cache /var/lib /var/local /var/spool /var/mail /var/opt -type f -exec chmod 440 {} \; + +# 修复 /var/local、/var/mail、/var/www/html 下残余 root 属主 +RUN \ + chown -R discourse:www-data /var/local /var/mail /var/www/html && \ + find /var/local /var/mail /var/www/html -type d -exec chmod 750 {} \; && \ + find /var/local /var/mail /var/www/html -type f -exec chmod 640 {} \; + +# 删除任何已有的 history 文件 +RUN rm -f /root/.bash_history /home/discourse/.bash_history +RUN { \ + echo ''; \ + echo '# Disable Bash history for security'; \ + echo 'set +o history'; \ + echo 'export HISTFILE=/dev/null'; \ + echo 'export HISTSIZE=0'; \ + echo 'export HISTFILESIZE=0'; \ + } >> /etc/profile + +# 确保 Discourse 用户也读取到 +RUN chown root:root /etc/profile && chmod 644 /etc/profile + +# 插入证书路径 +RUN \ + sed -i 's|listen\s\+80;|listen 0.0.0.0:8080; listen 0.0.0.0:443 ssl http2;|' /etc/nginx/nginx.conf && \ + sed -i '/listen\s\+8080;/d' /etc/nginx/conf.d/discourse.conf && \ + sed -i 's|listen\s\+80;|listen 0.0.0.0:8080;|' /etc/nginx/conf.d/discourse.conf && \ + sed -i '/server_name _;/a \ + ssl_certificate /etc/nginx/certs/discourse.crt; \ + ssl_certificate_key /etc/nginx/certs/discourse.key; \ + ssl_protocols TLSv1.2 TLSv1.3; \ + ssl_prefer_server_ciphers on; \ + ssl_ciphers HIGH:!aNULL:!MD5; \ + ' /etc/nginx/conf.d/discourse.conf && \ + rm -f /etc/nginx/sites-enabled/default + +EXPOSE 8080 443 + # 切换到非root用户 USER discourse diff --git a/containers/web_only.yml b/containers/web_only.yml index cd1432315..354724563 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -26,7 +26,7 @@ templates: params: ## Which Git revision should this container use? (default: tests-passed) - version: b056f9538b30bc4d8dce735f631afe31f99ddc57 + version: v3.5.0.beta7 env: LC_ALL: en_US.UTF-8 @@ -111,7 +111,7 @@ hooks: - git clone https://github.com/discourse/discourse-solved.git - git clone https://github.com/discourse/discourse-gamification.git - git clone https://github.com/discourse/discourse-reactions.git - - git clone https://github.com/opensourceways/discourse-multilingual.git + # - git clone https://github.com/opensourceways/discourse-multilingual.git ## Remember, this is YAML syntax - you can only have one block with a name run: From e0921531dac4f3f470bffa0b02eb46833a2d227e Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 26 Jun 2025 16:43:05 +0800 Subject: [PATCH 77/94] test1 --- Dockerfile | 8 -------- 1 file changed, 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index a188c48d4..ad5194a6e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,14 +4,6 @@ FROM local_discourse/web_only:latest # USER root ENV DEBIAN_FRONTEND=noninteractive -RUN update-ca-certificates -ENV PGSSLMODE=require \ - PGSSLROOTCERT=/etc/ssl/certs/pg-server-ca.crt - -RUN update-ca-certificates -ENV REDIS_PORT=6379 \ - REDIS_SSL=true - # 卸载 sudo RUN apt-get update # RUN apt-get remove -y sudo From 8a75d0810633be3cbbd99ad36491f99821af8118 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 26 Jun 2025 17:06:35 +0800 Subject: [PATCH 78/94] test2 --- Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ad5194a6e..b920cef15 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,10 +25,8 @@ RUN apt-get update \ cmake \ flex \ libtool \ - openjdk-11-jdk-headless \ php-cli \ python3-dbg \ - python3-pdb \ && rm -f \ /usr/bin/tcpdump \ /usr/bin/nmap \ From 6a880a7485fbe953b399e8f1efe31add7d02fdbd Mon Sep 17 00:00:00 2001 From: evie-tao Date: Thu, 26 Jun 2025 17:22:10 +0800 Subject: [PATCH 79/94] test3 --- Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b920cef15..c52c77afe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -91,7 +91,6 @@ RUN \ find /etc/nginx -type d -exec chmod 550 {} \; && \ # 所有 .conf 文件:640(-rw-r-----) find /etc/nginx -type f -name '*.conf' -exec chmod 640 {} \; && \ - chmod 440 /etc/nginx/geoip/* /etc/nginx/modules/* && \ find /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets -type f -exec chmod 640 {} \; # 对 /var 下目录做按需属主和权限调整 From 4807f82cd5bd979fa4106f85f89ee6fea8acdd38 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Fri, 27 Jun 2025 10:26:40 +0800 Subject: [PATCH 80/94] test4 --- Dockerfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index c52c77afe..e2f2934cd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -102,9 +102,6 @@ RUN \ # 不需要写入的系统目录:root:root, 550 chmod 550 /var/cache /var/lib /var/local /var/spool /var/mail /var/opt \ \ - # /var/tmp 保持 1777 - chmod 1777 /var/tmp \ - \ # 写入目录下的文件设为 600 find /var/backups /var/log /var/nginx /var/www/discourse -type f -exec chmod 600 {} \; \ \ From 1eb809574efb217b64a2a23c51b09114f982daad Mon Sep 17 00:00:00 2001 From: evie-tao Date: Fri, 27 Jun 2025 11:04:07 +0800 Subject: [PATCH 81/94] test5 --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index e2f2934cd..54f71bc8b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -100,13 +100,13 @@ RUN \ && chmod 750 /var/backups /var/log /var/nginx /var/www/discourse \ \ # 不需要写入的系统目录:root:root, 550 - chmod 550 /var/cache /var/lib /var/local /var/spool /var/mail /var/opt \ + && chmod 550 /var/cache /var/lib /var/local /var/spool /var/mail /var/opt \ \ # 写入目录下的文件设为 600 - find /var/backups /var/log /var/nginx /var/www/discourse -type f -exec chmod 600 {} \; \ + && find /var/backups /var/log /var/nginx /var/www/discourse -type f -exec chmod 600 {} \; \ \ # 非写入目录下的文件设为 440 - find /var/cache /var/lib /var/local /var/spool /var/mail /var/opt -type f -exec chmod 440 {} \; + && find /var/cache /var/lib /var/local /var/spool /var/mail /var/opt -type f -exec chmod 440 {} \; # 修复 /var/local、/var/mail、/var/www/html 下残余 root 属主 RUN \ From d2d098f54558ca2ad04ff266f152c849aca426e0 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Fri, 27 Jun 2025 11:23:44 +0800 Subject: [PATCH 82/94] test5 --- Dockerfile | 329 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 205 insertions(+), 124 deletions(-) diff --git a/Dockerfile b/Dockerfile index 54f71bc8b..b5042f4a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,144 +4,225 @@ FROM local_discourse/web_only:latest # USER root ENV DEBIAN_FRONTEND=noninteractive -# 卸载 sudo -RUN apt-get update -# RUN apt-get remove -y sudo -RUN apt-get autoremove -y -RUN apt-get clean -RUN rm -rf /var/lib/apt/lists/* - -# 卸载安装工具 -RUN apt-get update \ - && apt-get purge -y --auto-remove \ - tcpdump \ - nmap \ - wireshark-common \ - netcat-openbsd \ - gdb \ - strace \ - binutils \ - build-essential \ - cmake \ - flex \ - libtool \ - php-cli \ - python3-dbg \ - && rm -f \ - /usr/bin/tcpdump \ - /usr/bin/nmap \ - /usr/bin/wireshark* \ - /usr/bin/netcat \ - /usr/bin/gdb \ - /usr/bin/strace \ - /usr/bin/readelf \ - /usr/bin/cpp \ - /usr/bin/gcc \ - /usr/bin/make \ - /usr/bin/objdump \ - /usr/bin/ar \ - /usr/bin/ld \ - /usr/bin/flex \ - /usr/bin/lex \ - /usr/bin/rpcgen \ - /usr/bin/cmake \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* +# # 卸载 sudo +# RUN apt-get update +# RUN apt-get autoremove -y +# RUN apt-get clean +# RUN rm -rf /var/lib/apt/lists/* -# 设置目录权限 -RUN mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/logrotate && \ - mkdir -p /shared/state/anacron-spool && ln -s /shared/state/anacron-spool /var/spool/anacron && \ - mkdir -p /shared/log/rails && mkdir -p /shared/uploads && mkdir -p /shared/backups && \ - rm -rf /shared/tmp/{backups,restores} && mkdir -p /shared/tmp/{backups,restores} && \ - chown -R discourse:www-data /etc/runit/1.d && \ - chown -R discourse:www-data /etc/service && \ - chmod -R 755 /etc/service && \ - rm -f /etc/runit/1.d/00-fix-var-logs && \ - rm -rf /etc/service/rsyslog /etc/service/cron /etc/service/anacron &&\ - mkdir -p /var/log/nginx && \ - chown -R www-data:www-data /var/log/nginx && \ - chmod -R 755 /var/log/nginx && \ - touch /var/log/syslog && chown -f discourse:www-data /var/log/syslog* && \ - touch /var/log/auth.log && chown -f discourse:www-data /var/log/auth.log* && \ - touch /var/log/kern.log && chown -f discourse:www-data /var/log/kern.log* && \ - chown -R discourse:www-data /var/www/discourse && \ - chown -R discourse:www-data /shared && \ - chown -R discourse:www-data /var/log && \ - chown -R discourse:www-data /var/lib && \ - chown -R discourse:www-data /var/run && \ - chown -R discourse:www-data /run && \ - chown -R discourse:www-data /tmp && \ - chown -R discourse:www-data /dev && \ - chown -R discourse:www-data /var/spool && \ - sed -i "s|root|discourse|g" /etc/rsyslog.conf && \ - sed -i "s|adm|www-data|g" /etc/rsyslog.conf && \ - sed -i '2i cd /var/www/discourse' /etc/service/unicorn/run && \ - sed -i "s|www-data|discourse|g" /etc/nginx/nginx.conf && \ - echo "umask 0027" >> /etc/bashrc && \ - echo "set +o history" >> /etc/bashrc && \ - sed -i "s|HISTSIZE=1000|HISTSIZE=0|" /etc/profile && \ - chage --maxdays 30 discourse && \ - passwd -| discourse && \ - usermod -s /sbin/nologin sync +# # 卸载安装工具 +# RUN apt-get update \ +# && apt-get purge -y --auto-remove \ +# tcpdump \ +# nmap \ +# wireshark-common \ +# netcat-openbsd \ +# gdb \ +# strace \ +# binutils \ +# build-essential \ +# cmake \ +# flex \ +# libtool \ +# php-cli \ +# python3-dbg \ +# && rm -f \ +# /usr/bin/tcpdump \ +# /usr/bin/nmap \ +# /usr/bin/wireshark* \ +# /usr/bin/netcat \ +# /usr/bin/gdb \ +# /usr/bin/strace \ +# /usr/bin/readelf \ +# /usr/bin/cpp \ +# /usr/bin/gcc \ +# /usr/bin/make \ +# /usr/bin/objdump \ +# /usr/bin/ar \ +# /usr/bin/ld \ +# /usr/bin/flex \ +# /usr/bin/lex \ +# /usr/bin/rpcgen \ +# /usr/bin/cmake \ +# && apt-get clean \ +# && rm -rf /var/lib/apt/lists/* -# 修正 /etc/nginx 下所有目录和文件的属主与权限 -RUN \ +# 卸载 sudo +RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* && \ + # 卸载安装工具 + apt-get update \ + && apt-get purge -y --auto-remove \ + tcpdump \ + nmap \ + wireshark-common \ + netcat-openbsd \ + gdb \ + strace \ + binutils \ + build-essential \ + cmake \ + flex \ + libtool \ + php-cli \ + python3-dbg \ + && rm -f \ + /usr/bin/tcpdump \ + /usr/bin/nmap \ + /usr/bin/wireshark* \ + /usr/bin/netcat \ + /usr/bin/gdb \ + /usr/bin/strace \ + /usr/bin/readelf \ + /usr/bin/cpp \ + /usr/bin/gcc \ + /usr/bin/make \ + /usr/bin/objdump \ + /usr/bin/ar \ + /usr/bin/ld \ + /usr/bin/flex \ + /usr/bin/lex \ + /usr/bin/rpcgen \ + /usr/bin/cmake \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* &&\ + # 设置目录权限 + mkdir -p /shared/state/logrotate && ln -s /shared/state/logrotate /var/lib/logrotate && \ + mkdir -p /shared/state/anacron-spool && ln -s /shared/state/anacron-spool /var/spool/anacron && \ + mkdir -p /shared/log/rails && mkdir -p /shared/uploads && mkdir -p /shared/backups && \ + rm -rf /shared/tmp/{backups,restores} && mkdir -p /shared/tmp/{backups,restores} && \ + chown -R discourse:www-data /etc/runit/1.d && \ + chown -R discourse:www-data /etc/service && \ + chmod -R 755 /etc/service && \ + rm -f /etc/runit/1.d/00-fix-var-logs && \ + rm -rf /etc/service/rsyslog /etc/service/cron /etc/service/anacron &&\ + mkdir -p /var/log/nginx && \ + chown -R www-data:www-data /var/log/nginx && \ + chmod -R 755 /var/log/nginx && \ + touch /var/log/syslog && chown -f discourse:www-data /var/log/syslog* && \ + touch /var/log/auth.log && chown -f discourse:www-data /var/log/auth.log* && \ + touch /var/log/kern.log && chown -f discourse:www-data /var/log/kern.log* && \ + chown -R discourse:www-data /var/www/discourse && \ + chown -R discourse:www-data /shared && \ + chown -R discourse:www-data /var/log && \ + chown -R discourse:www-data /var/lib && \ + chown -R discourse:www-data /var/run && \ + chown -R discourse:www-data /run && \ + chown -R discourse:www-data /tmp && \ + chown -R discourse:www-data /dev && \ + chown -R discourse:www-data /var/spool && \ + sed -i "s|root|discourse|g" /etc/rsyslog.conf && \ + sed -i "s|adm|www-data|g" /etc/rsyslog.conf && \ + sed -i '2i cd /var/www/discourse' /etc/service/unicorn/run && \ + sed -i "s|www-data|discourse|g" /etc/nginx/nginx.conf && \ + echo "umask 0027" >> /etc/bashrc && \ + echo "set +o history" >> /etc/bashrc && \ + sed -i "s|HISTSIZE=1000|HISTSIZE=0|" /etc/profile && \ + chage --maxdays 30 discourse && \ + passwd -| discourse && \ + usermod -s /sbin/nologin sync && \ + # 修正 /etc/nginx 下所有目录和文件的属主与权限 chown -R discourse:www-data /etc/nginx && \ - # 所有目录:550(dr-xr-x---) find /etc/nginx -type d -exec chmod 550 {} \; && \ - # 所有 .conf 文件:640(-rw-r-----) find /etc/nginx -type f -name '*.conf' -exec chmod 640 {} \; && \ - find /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets -type f -exec chmod 640 {} \; - -# 对 /var 下目录做按需属主和权限调整 -RUN \ - # 需要写入的目录:discourse:www-data, 750 - chown discourse:www-data /var/backups /var/log /var/nginx /var/www/discourse \ - && chmod 750 /var/backups /var/log /var/nginx /var/www/discourse \ - \ - # 不需要写入的系统目录:root:root, 550 - && chmod 550 /var/cache /var/lib /var/local /var/spool /var/mail /var/opt \ - \ - # 写入目录下的文件设为 600 - && find /var/backups /var/log /var/nginx /var/www/discourse -type f -exec chmod 600 {} \; \ - \ - # 非写入目录下的文件设为 440 - && find /var/cache /var/lib /var/local /var/spool /var/mail /var/opt -type f -exec chmod 440 {} \; - -# 修复 /var/local、/var/mail、/var/www/html 下残余 root 属主 -RUN \ + find /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets -type f -exec chmod 640 {} \; && \ + # 对 /var 下目录做按需属主和权限调整 + chown discourse:www-data /var/backups /var/log /var/nginx /var/www/discourse \ + && chmod 750 /var/backups /var/log /var/nginx /var/www/discourse \ + \ + && chmod 550 /var/cache /var/lib /var/local /var/spool /var/mail /var/opt \ + \ + && find /var/backups /var/log /var/nginx /var/www/discourse -type f -exec chmod 600 {} \; \ + \ + && find /var/cache /var/lib /var/local /var/spool /var/mail /var/opt -type f -exec chmod 440 {} \; && \ + # 修复 /var/local、/var/mail、/var/www/html 下残余 root 属主 chown -R discourse:www-data /var/local /var/mail /var/www/html && \ find /var/local /var/mail /var/www/html -type d -exec chmod 750 {} \; && \ - find /var/local /var/mail /var/www/html -type f -exec chmod 640 {} \; - -# 删除任何已有的 history 文件 -RUN rm -f /root/.bash_history /home/discourse/.bash_history -RUN { \ - echo ''; \ - echo '# Disable Bash history for security'; \ - echo 'set +o history'; \ - echo 'export HISTFILE=/dev/null'; \ - echo 'export HISTSIZE=0'; \ - echo 'export HISTFILESIZE=0'; \ - } >> /etc/profile - -# 确保 Discourse 用户也读取到 -RUN chown root:root /etc/profile && chmod 644 /etc/profile - -# 插入证书路径 -RUN \ + find /var/local /var/mail /var/www/html -type f -exec chmod 640 {} \; && \ + # 删除任何已有的 history 文件 + rm -f /root/.bash_history /home/discourse/.bash_history && \ + { \ + echo ''; \ + echo '# Disable Bash history for security'; \ + echo 'set +o history'; \ + echo 'export HISTFILE=/dev/null'; \ + echo 'export HISTSIZE=0'; \ + echo 'export HISTFILESIZE=0'; \ + } >> /etc/profile && \ + # 确保 Discourse 用户也读取到 + chown root:root /etc/profile && chmod 644 /etc/profile && \ + # 插入证书路径 sed -i 's|listen\s\+80;|listen 0.0.0.0:8080; listen 0.0.0.0:443 ssl http2;|' /etc/nginx/nginx.conf && \ sed -i '/listen\s\+8080;/d' /etc/nginx/conf.d/discourse.conf && \ sed -i 's|listen\s\+80;|listen 0.0.0.0:8080;|' /etc/nginx/conf.d/discourse.conf && \ sed -i '/server_name _;/a \ - ssl_certificate /etc/nginx/certs/discourse.crt; \ - ssl_certificate_key /etc/nginx/certs/discourse.key; \ - ssl_protocols TLSv1.2 TLSv1.3; \ - ssl_prefer_server_ciphers on; \ - ssl_ciphers HIGH:!aNULL:!MD5; \ + ssl_certificate /etc/nginx/certs/discourse.crt; \ + ssl_certificate_key /etc/nginx/certs/discourse.key; \ + ssl_protocols TLSv1.2 TLSv1.3; \ + ssl_prefer_server_ciphers on; \ + ssl_ciphers HIGH:!aNULL:!MD5; \ ' /etc/nginx/conf.d/discourse.conf && \ rm -f /etc/nginx/sites-enabled/default + + +# # 修正 /etc/nginx 下所有目录和文件的属主与权限 +# RUN \ +# chown -R discourse:www-data /etc/nginx && \ +# # 所有目录:550(dr-xr-x---) +# find /etc/nginx -type d -exec chmod 550 {} \; && \ +# # 所有 .conf 文件:640(-rw-r-----) +# find /etc/nginx -type f -name '*.conf' -exec chmod 640 {} \; && \ +# find /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets -type f -exec chmod 640 {} \; + +# # 对 /var 下目录做按需属主和权限调整 +# RUN \ +# # 需要写入的目录:discourse:www-data, 750 +# chown discourse:www-data /var/backups /var/log /var/nginx /var/www/discourse \ +# && chmod 750 /var/backups /var/log /var/nginx /var/www/discourse \ +# \ +# # 不需要写入的系统目录:root:root, 550 +# && chmod 550 /var/cache /var/lib /var/local /var/spool /var/mail /var/opt \ +# \ +# # 写入目录下的文件设为 600 +# && find /var/backups /var/log /var/nginx /var/www/discourse -type f -exec chmod 600 {} \; \ +# \ +# # 非写入目录下的文件设为 440 +# && find /var/cache /var/lib /var/local /var/spool /var/mail /var/opt -type f -exec chmod 440 {} \; + +# # 修复 /var/local、/var/mail、/var/www/html 下残余 root 属主 +# RUN \ +# chown -R discourse:www-data /var/local /var/mail /var/www/html && \ +# find /var/local /var/mail /var/www/html -type d -exec chmod 750 {} \; && \ +# find /var/local /var/mail /var/www/html -type f -exec chmod 640 {} \; + +# # 删除任何已有的 history 文件 +# RUN rm -f /root/.bash_history /home/discourse/.bash_history +# RUN { \ +# echo ''; \ +# echo '# Disable Bash history for security'; \ +# echo 'set +o history'; \ +# echo 'export HISTFILE=/dev/null'; \ +# echo 'export HISTSIZE=0'; \ +# echo 'export HISTFILESIZE=0'; \ +# } >> /etc/profile + +# # 确保 Discourse 用户也读取到 +# RUN chown root:root /etc/profile && chmod 644 /etc/profile + +# # 插入证书路径 +# RUN \ +# sed -i 's|listen\s\+80;|listen 0.0.0.0:8080; listen 0.0.0.0:443 ssl http2;|' /etc/nginx/nginx.conf && \ +# sed -i '/listen\s\+8080;/d' /etc/nginx/conf.d/discourse.conf && \ +# sed -i 's|listen\s\+80;|listen 0.0.0.0:8080;|' /etc/nginx/conf.d/discourse.conf && \ +# sed -i '/server_name _;/a \ +# ssl_certificate /etc/nginx/certs/discourse.crt; \ +# ssl_certificate_key /etc/nginx/certs/discourse.key; \ +# ssl_protocols TLSv1.2 TLSv1.3; \ +# ssl_prefer_server_ciphers on; \ +# ssl_ciphers HIGH:!aNULL:!MD5; \ +# ' /etc/nginx/conf.d/discourse.conf && \ +# rm -f /etc/nginx/sites-enabled/default + EXPOSE 8080 443 # 切换到非root用户 From cbcae6fc4e7ded4f6cbabd33ec51aea60fb0d82c Mon Sep 17 00:00:00 2001 From: evie-tao Date: Fri, 27 Jun 2025 14:47:15 +0800 Subject: [PATCH 83/94] test6 --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b5042f4a8..84c6b202b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -131,7 +131,9 @@ RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/ \ && chmod 550 /var/cache /var/lib /var/local /var/spool /var/mail /var/opt \ \ - && find /var/backups /var/log /var/nginx /var/www/discourse -type f -exec chmod 600 {} \; \ + && find /var/www/discourse /var/backups /var/log /var/nginx -type f -exec chmod 600 {} \; \ + \ + && find /var/www/discourse -type d -exec chmod 755 {} \; && chmod 755 /var/www/discourse/config/unicorn_launcher\ \ && find /var/cache /var/lib /var/local /var/spool /var/mail /var/opt -type f -exec chmod 440 {} \; && \ # 修复 /var/local、/var/mail、/var/www/html 下残余 root 属主 From 7c01ef7bfe0740d5947169134d616cc6295b8eea Mon Sep 17 00:00:00 2001 From: evie-tao Date: Fri, 27 Jun 2025 15:19:55 +0800 Subject: [PATCH 84/94] test7 --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 84c6b202b..fa4630cdb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -131,7 +131,9 @@ RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/ \ && chmod 550 /var/cache /var/lib /var/local /var/spool /var/mail /var/opt \ \ - && find /var/www/discourse /var/backups /var/log /var/nginx -type f -exec chmod 600 {} \; \ + && find /var/www/discourse /var/backups /var/log /var/nginx -type f -exec chmod 640 {} \; \ + \ + && find /var/www/discourse/vendor/bundle/ruby/3.3.0/bin -type f -exec chmod 755 {} \; \ \ && find /var/www/discourse -type d -exec chmod 755 {} \; && chmod 755 /var/www/discourse/config/unicorn_launcher\ \ From bb904fcb59aaa52c56c6e33ad441dd75134f1f11 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Fri, 27 Jun 2025 15:50:42 +0800 Subject: [PATCH 85/94] test8 --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index fa4630cdb..97214cc57 100644 --- a/Dockerfile +++ b/Dockerfile @@ -140,6 +140,7 @@ RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/ && find /var/cache /var/lib /var/local /var/spool /var/mail /var/opt -type f -exec chmod 440 {} \; && \ # 修复 /var/local、/var/mail、/var/www/html 下残余 root 属主 chown -R discourse:www-data /var/local /var/mail /var/www/html && \ + chown -R discourse:www-data /etc/ssl/certs && \ find /var/local /var/mail /var/www/html -type d -exec chmod 750 {} \; && \ find /var/local /var/mail /var/www/html -type f -exec chmod 640 {} \; && \ # 删除任何已有的 history 文件 From bcff8a26e61c4b9cb9b89cd0787e6d47926ecb57 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Mon, 30 Jun 2025 17:15:34 +0800 Subject: [PATCH 86/94] =?UTF-8?q?=E6=9A=82=E5=AD=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 2 -- templates/web.template.yml | 1 - 2 files changed, 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 97214cc57..e702345ec 100644 --- a/Dockerfile +++ b/Dockerfile @@ -168,8 +168,6 @@ RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/ ' /etc/nginx/conf.d/discourse.conf && \ rm -f /etc/nginx/sites-enabled/default - - # # 修正 /etc/nginx 下所有目录和文件的属主与权限 # RUN \ # chown -R discourse:www-data /etc/nginx && \ diff --git a/templates/web.template.yml b/templates/web.template.yml index cbfa3cab5..c28587c45 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -42,7 +42,6 @@ run: #!/bin/bash env > ~/boot_env conf=/var/www/discourse/config/discourse.conf - # find DISCOURSE_ env vars, strip the leader, lowercase the key /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = '\''#{v}'\''" if k =~ /^DISCOURSE_(.*)/}' > $conf From 990206e14c0a3e7866a4ffe77c43e768e06661e2 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 1 Jul 2025 17:19:58 +0800 Subject: [PATCH 87/94] test0 --- Dockerfile | 65 ++------------------------------------ templates/web.template.yml | 2 +- 2 files changed, 4 insertions(+), 63 deletions(-) diff --git a/Dockerfile b/Dockerfile index e702345ec..036fc08d3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -156,9 +156,8 @@ RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/ # 确保 Discourse 用户也读取到 chown root:root /etc/profile && chmod 644 /etc/profile && \ # 插入证书路径 - sed -i 's|listen\s\+80;|listen 0.0.0.0:8080; listen 0.0.0.0:443 ssl http2;|' /etc/nginx/nginx.conf && \ - sed -i '/listen\s\+8080;/d' /etc/nginx/conf.d/discourse.conf && \ - sed -i 's|listen\s\+80;|listen 0.0.0.0:8080;|' /etc/nginx/conf.d/discourse.conf && \ + # sed -i 's|listen\s\+80;|listen 0.0.0.0:8080; listen 0.0.0.0:443 ssl http2;|' /etc/nginx/nginx.conf && \ + # sed -i 's|listen\s\+80;|listen 0.0.0.0:8080;|' /etc/nginx/conf.d/discourse.conf && \ sed -i '/server_name _;/a \ ssl_certificate /etc/nginx/certs/discourse.crt; \ ssl_certificate_key /etc/nginx/certs/discourse.key; \ @@ -168,65 +167,7 @@ RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/ ' /etc/nginx/conf.d/discourse.conf && \ rm -f /etc/nginx/sites-enabled/default -# # 修正 /etc/nginx 下所有目录和文件的属主与权限 -# RUN \ -# chown -R discourse:www-data /etc/nginx && \ -# # 所有目录:550(dr-xr-x---) -# find /etc/nginx -type d -exec chmod 550 {} \; && \ -# # 所有 .conf 文件:640(-rw-r-----) -# find /etc/nginx -type f -name '*.conf' -exec chmod 640 {} \; && \ -# find /etc/nginx/sites-available /etc/nginx/sites-enabled /etc/nginx/snippets -type f -exec chmod 640 {} \; - -# # 对 /var 下目录做按需属主和权限调整 -# RUN \ -# # 需要写入的目录:discourse:www-data, 750 -# chown discourse:www-data /var/backups /var/log /var/nginx /var/www/discourse \ -# && chmod 750 /var/backups /var/log /var/nginx /var/www/discourse \ -# \ -# # 不需要写入的系统目录:root:root, 550 -# && chmod 550 /var/cache /var/lib /var/local /var/spool /var/mail /var/opt \ -# \ -# # 写入目录下的文件设为 600 -# && find /var/backups /var/log /var/nginx /var/www/discourse -type f -exec chmod 600 {} \; \ -# \ -# # 非写入目录下的文件设为 440 -# && find /var/cache /var/lib /var/local /var/spool /var/mail /var/opt -type f -exec chmod 440 {} \; - -# # 修复 /var/local、/var/mail、/var/www/html 下残余 root 属主 -# RUN \ -# chown -R discourse:www-data /var/local /var/mail /var/www/html && \ -# find /var/local /var/mail /var/www/html -type d -exec chmod 750 {} \; && \ -# find /var/local /var/mail /var/www/html -type f -exec chmod 640 {} \; - -# # 删除任何已有的 history 文件 -# RUN rm -f /root/.bash_history /home/discourse/.bash_history -# RUN { \ -# echo ''; \ -# echo '# Disable Bash history for security'; \ -# echo 'set +o history'; \ -# echo 'export HISTFILE=/dev/null'; \ -# echo 'export HISTSIZE=0'; \ -# echo 'export HISTFILESIZE=0'; \ -# } >> /etc/profile - -# # 确保 Discourse 用户也读取到 -# RUN chown root:root /etc/profile && chmod 644 /etc/profile - -# # 插入证书路径 -# RUN \ -# sed -i 's|listen\s\+80;|listen 0.0.0.0:8080; listen 0.0.0.0:443 ssl http2;|' /etc/nginx/nginx.conf && \ -# sed -i '/listen\s\+8080;/d' /etc/nginx/conf.d/discourse.conf && \ -# sed -i 's|listen\s\+80;|listen 0.0.0.0:8080;|' /etc/nginx/conf.d/discourse.conf && \ -# sed -i '/server_name _;/a \ -# ssl_certificate /etc/nginx/certs/discourse.crt; \ -# ssl_certificate_key /etc/nginx/certs/discourse.key; \ -# ssl_protocols TLSv1.2 TLSv1.3; \ -# ssl_prefer_server_ciphers on; \ -# ssl_ciphers HIGH:!aNULL:!MD5; \ -# ' /etc/nginx/conf.d/discourse.conf && \ -# rm -f /etc/nginx/sites-enabled/default - -EXPOSE 8080 443 +EXPOSE 8080 # 切换到非root用户 USER discourse diff --git a/templates/web.template.yml b/templates/web.template.yml index c28587c45..ea68d1874 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -158,7 +158,7 @@ run: - replace: filename: "/etc/nginx/conf.d/discourse.conf" from: /listen\s+80;/ - to: "listen 8080;" + to: "listen 8080 ssl;" - exec: From 6beb50b8e929fc25b08d832177053100f7bc5bf8 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 1 Jul 2025 18:46:54 +0800 Subject: [PATCH 88/94] test1 --- Dockerfile | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 036fc08d3..d93c56a33 100644 --- a/Dockerfile +++ b/Dockerfile @@ -120,6 +120,14 @@ RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/ chage --maxdays 30 discourse && \ passwd -| discourse && \ usermod -s /sbin/nologin sync && \ + # 插入证书路径 + sed -i '/server_name _;/a \ + ssl_certificate /etc/nginx/certs/discourse.crt; \ + ssl_certificate_key /etc/nginx/certs/discourse.key; \ + ssl_protocols TLSv1.2; \ + ssl_prefer_server_ciphers on; \ + ssl_ciphers HIGH:!aNULL:!MD5; \ + ' /etc/nginx/conf.d/discourse.conf && \ # 修正 /etc/nginx 下所有目录和文件的属主与权限 chown -R discourse:www-data /etc/nginx && \ find /etc/nginx -type d -exec chmod 550 {} \; && \ @@ -155,16 +163,6 @@ RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/ } >> /etc/profile && \ # 确保 Discourse 用户也读取到 chown root:root /etc/profile && chmod 644 /etc/profile && \ - # 插入证书路径 - # sed -i 's|listen\s\+80;|listen 0.0.0.0:8080; listen 0.0.0.0:443 ssl http2;|' /etc/nginx/nginx.conf && \ - # sed -i 's|listen\s\+80;|listen 0.0.0.0:8080;|' /etc/nginx/conf.d/discourse.conf && \ - sed -i '/server_name _;/a \ - ssl_certificate /etc/nginx/certs/discourse.crt; \ - ssl_certificate_key /etc/nginx/certs/discourse.key; \ - ssl_protocols TLSv1.2 TLSv1.3; \ - ssl_prefer_server_ciphers on; \ - ssl_ciphers HIGH:!aNULL:!MD5; \ - ' /etc/nginx/conf.d/discourse.conf && \ rm -f /etc/nginx/sites-enabled/default EXPOSE 8080 From 36003017a7100a0d18662847a00226edacf4ec14 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 1 Jul 2025 19:29:09 +0800 Subject: [PATCH 89/94] test2 --- Dockerfile | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index d93c56a33..05b208ea4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -121,13 +121,15 @@ RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/ passwd -| discourse && \ usermod -s /sbin/nologin sync && \ # 插入证书路径 - sed -i '/server_name _;/a \ - ssl_certificate /etc/nginx/certs/discourse.crt; \ - ssl_certificate_key /etc/nginx/certs/discourse.key; \ - ssl_protocols TLSv1.2; \ - ssl_prefer_server_ciphers on; \ - ssl_ciphers HIGH:!aNULL:!MD5; \ - ' /etc/nginx/conf.d/discourse.conf && \ + sed -i 's/server {/server {\ + listen 8080;\ + listen 443 ssl http2;\ + ssl_certificate \/etc\/nginx\/certs\/discourse.crt;\ + ssl_certificate_key \/etc\/nginx\/certs\/discourse.key;\ + ssl_protocols TLSv1.2;\ + ssl_prefer_server_ciphers on;\ + ssl_ciphers HIGH:!aNULL:!MD5;/' \ + /etc/nginx/conf.d/discourse.conf && \ # 修正 /etc/nginx 下所有目录和文件的属主与权限 chown -R discourse:www-data /etc/nginx && \ find /etc/nginx -type d -exec chmod 550 {} \; && \ From 53b788b4820332414674e1979ea3cbd5d53425cf Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 1 Jul 2025 19:30:55 +0800 Subject: [PATCH 90/94] test3 --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 05b208ea4..b54b645e8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -130,6 +130,7 @@ RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/ ssl_prefer_server_ciphers on;\ ssl_ciphers HIGH:!aNULL:!MD5;/' \ /etc/nginx/conf.d/discourse.conf && \ + cat /etc/nginx/conf.d/discourse.conf && \ # 修正 /etc/nginx 下所有目录和文件的属主与权限 chown -R discourse:www-data /etc/nginx && \ find /etc/nginx -type d -exec chmod 550 {} \; && \ From 1e8ada88036e3c54c3cb09f8b82ba81fdc9ee0be Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 1 Jul 2025 20:02:26 +0800 Subject: [PATCH 91/94] test4 --- Dockerfile | 11 ----------- templates/web.template.yml | 12 +++++++++++- 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index b54b645e8..3f2e762c6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -120,17 +120,6 @@ RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/ chage --maxdays 30 discourse && \ passwd -| discourse && \ usermod -s /sbin/nologin sync && \ - # 插入证书路径 - sed -i 's/server {/server {\ - listen 8080;\ - listen 443 ssl http2;\ - ssl_certificate \/etc\/nginx\/certs\/discourse.crt;\ - ssl_certificate_key \/etc\/nginx\/certs\/discourse.key;\ - ssl_protocols TLSv1.2;\ - ssl_prefer_server_ciphers on;\ - ssl_ciphers HIGH:!aNULL:!MD5;/' \ - /etc/nginx/conf.d/discourse.conf && \ - cat /etc/nginx/conf.d/discourse.conf && \ # 修正 /etc/nginx 下所有目录和文件的属主与权限 chown -R discourse:www-data /etc/nginx && \ find /etc/nginx -type d -exec chmod 550 {} \; && \ diff --git a/templates/web.template.yml b/templates/web.template.yml index ea68d1874..2c4a734a3 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -159,7 +159,17 @@ run: filename: "/etc/nginx/conf.d/discourse.conf" from: /listen\s+80;/ to: "listen 8080 ssl;" - + + - replace: + filename: "/etc/nginx/conf.d/discourse.conf" + from: '^server \{' + to: | + server { + ssl_certificate /etc/nginx/certs/discourse.crt; + ssl_certificate_key /etc/nginx/certs/discourse.key; + ssl_protocols TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers HIGH:!aNULL:!MD5; - exec: cmd: echo "done configuring web" From ebd7446c45855ee9523513703e11e2052feb23e0 Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 1 Jul 2025 20:36:01 +0800 Subject: [PATCH 92/94] test5 --- Dockerfile | 10 ++++++++++ templates/web.template.yml | 13 +------------ 2 files changed, 11 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3f2e762c6..c3c4d0567 100644 --- a/Dockerfile +++ b/Dockerfile @@ -120,6 +120,16 @@ RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/ chage --maxdays 30 discourse && \ passwd -| discourse && \ usermod -s /sbin/nologin sync && \ + # 插入证书路径 + sed -i 's/server {/server {\ + listen 443 ssl http2;\ + ssl_certificate \/etc\/nginx\/certs\/discourse.crt;\ + ssl_certificate_key \/etc\/nginx\/certs\/discourse.key;\ + ssl_protocols TLSv1.2;\ + ssl_prefer_server_ciphers on;\ + ssl_ciphers HIGH:!aNULL:!MD5;/' \ + /etc/nginx/conf.d/discourse.conf && \ + cat /etc/nginx/conf.d/discourse.conf && \ # 修正 /etc/nginx 下所有目录和文件的属主与权限 chown -R discourse:www-data /etc/nginx && \ find /etc/nginx -type d -exec chmod 550 {} \; && \ diff --git a/templates/web.template.yml b/templates/web.template.yml index 2c4a734a3..7d827c68b 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -158,18 +158,7 @@ run: - replace: filename: "/etc/nginx/conf.d/discourse.conf" from: /listen\s+80;/ - to: "listen 8080 ssl;" - - - replace: - filename: "/etc/nginx/conf.d/discourse.conf" - from: '^server \{' - to: | - server { - ssl_certificate /etc/nginx/certs/discourse.crt; - ssl_certificate_key /etc/nginx/certs/discourse.key; - ssl_protocols TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers HIGH:!aNULL:!MD5; + to: "listen 8080;" - exec: cmd: echo "done configuring web" From 070a2ee78a67288fec90b51fd24dec4023dae15f Mon Sep 17 00:00:00 2001 From: evie-tao Date: Tue, 1 Jul 2025 21:03:16 +0800 Subject: [PATCH 93/94] test6 --- Dockerfile | 1 - templates/web.template.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index c3c4d0567..d04445b0f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -122,7 +122,6 @@ RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/ usermod -s /sbin/nologin sync && \ # 插入证书路径 sed -i 's/server {/server {\ - listen 443 ssl http2;\ ssl_certificate \/etc\/nginx\/certs\/discourse.crt;\ ssl_certificate_key \/etc\/nginx\/certs\/discourse.key;\ ssl_protocols TLSv1.2;\ diff --git a/templates/web.template.yml b/templates/web.template.yml index 7d827c68b..5af63ab1c 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -158,7 +158,7 @@ run: - replace: filename: "/etc/nginx/conf.d/discourse.conf" from: /listen\s+80;/ - to: "listen 8080;" + to: "listen 8080 ssl;" - exec: cmd: echo "done configuring web" From 2c3e160bb3d295e9603619fe1c7d2085bf089fba Mon Sep 17 00:00:00 2001 From: evie-tao Date: Wed, 2 Jul 2025 10:42:28 +0800 Subject: [PATCH 94/94] test7 --- Dockerfile | 43 ----------------------------------------- containers/web_only.yml | 4 ++-- 2 files changed, 2 insertions(+), 45 deletions(-) diff --git a/Dockerfile b/Dockerfile index d04445b0f..cd60cf446 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,49 +4,6 @@ FROM local_discourse/web_only:latest # USER root ENV DEBIAN_FRONTEND=noninteractive -# # 卸载 sudo -# RUN apt-get update -# RUN apt-get autoremove -y -# RUN apt-get clean -# RUN rm -rf /var/lib/apt/lists/* - -# # 卸载安装工具 -# RUN apt-get update \ -# && apt-get purge -y --auto-remove \ -# tcpdump \ -# nmap \ -# wireshark-common \ -# netcat-openbsd \ -# gdb \ -# strace \ -# binutils \ -# build-essential \ -# cmake \ -# flex \ -# libtool \ -# php-cli \ -# python3-dbg \ -# && rm -f \ -# /usr/bin/tcpdump \ -# /usr/bin/nmap \ -# /usr/bin/wireshark* \ -# /usr/bin/netcat \ -# /usr/bin/gdb \ -# /usr/bin/strace \ -# /usr/bin/readelf \ -# /usr/bin/cpp \ -# /usr/bin/gcc \ -# /usr/bin/make \ -# /usr/bin/objdump \ -# /usr/bin/ar \ -# /usr/bin/ld \ -# /usr/bin/flex \ -# /usr/bin/lex \ -# /usr/bin/rpcgen \ -# /usr/bin/cmake \ -# && apt-get clean \ -# && rm -rf /var/lib/apt/lists/* - # 卸载 sudo RUN apt-get update && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* && \ # 卸载安装工具 diff --git a/containers/web_only.yml b/containers/web_only.yml index 354724563..f623c951f 100644 --- a/containers/web_only.yml +++ b/containers/web_only.yml @@ -25,8 +25,8 @@ templates: # docker_args: params: - ## Which Git revision should this container use? (default: tests-passed) - version: v3.5.0.beta7 + ## Which Git revision should this container use? (default: tests-passed)v3.5.0.beta7 + version: env: LC_ALL: en_US.UTF-8