Creates a new caddy.template.yml template that replaces nginx with the Caddy web server. Benefits include:
- Automatic HTTPS with Let's Encrypt certificate management
- Basic rate limiting support
- IPv6 dual-stack support (enabled by default in Caddy)
- Advanced compression with zstd preferred over gzip
- Comprehensive security headers
- Modern protocol support (HTTP/2, HTTP/3)
- Simplified configuration with sensible defaults
This implementation uses standard Caddy with all its built-in features without requiring custom modules.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Using `pry` as the default runtime console in the production environment
is forcing us to account for it in Discourse core's codebase. In order
to avoid the additional complexity in Discourse core's codebase, we have
decided to drop `pry` as the default runtime console and rely on IRB
which is just as good these days. We will however be keeping the
dependency on `pry` around so those that would like to use it can start
it manually.
* Removing unicorn service from phpbb template broke the build
https://meta.discourse.org/t/migrate-a-phpbb3-forum-to-discourse/30810/786?u=pfaffman
* Prevent Sidekiq from running
Usually we don't want Sidekiq to run during an import because it might mess things up while there's incomplete or inconsistent data.
---------
Co-authored-by: Gerhard Schlager <gerhard.schlager@discourse.org>
649505d869 added some new content between `listen 80;` and `gzip on;`, which broke these replacements.
This commit reorders & updates the replacements so that they should work reliably with versions of core before and after that change.
This updates the default PostgreSQL version to 15.
* image/base: update default postgres version to 15
* launcher: bump base image to include postgres 15
* postgres.template.yml: update default version to 15
* postgres.15.template.yml: current version template
Legacy version templates:
* postgres.13.template.yml
* postgres.12.template.yml
* postgres.10.template.yml
* postgres.9.5.template.yml
After 7d548ad4ae, the replacement pattern in web.socketed.template.yml no longer matches, making nginx.https.sock not exist.
As such, remove the `http2` field from the `listen` directive to match aforementioned commit.
The most recent build timed out at 30 minutes. Bump timeout temporarily
to get a gauge on how long self-hosted builds take (push to Dockerhub
looks to be slower than Github-hosted runners).
We can use our self-hosted action/runner machines to build the amd64
Docker images, falling back to the Github action/runner machines for the
arm64 builds.
Additionally, simplify the expression for how arm runners are selected.
The cost savings from switching to self-hosted runners dwarfs the
increase in 8core vs 2core arm runners.
This commit moves the Nginx config from discourse/discourse repository
and updates it with several 'include' statements that serve as extension
outlets.
This change was made to place the config closer to where it is used and
implements an alternative to the "find & replace" hacks.
It is unused at this moment, but all templates and samples will be
updated in a future commit.
This commit updates the build workflow to build and push an extra base Docker
image with PG 15 installed. The tag is not meant to be permanent and is
just meant to help us update our postgres templates to support PG 15
within the same commit.
The tag will be removed once our `discourse/base:release` ships with PG
15 by default.
1. `monitor` uses a 9 year old base image
2. `discourse_fast_switch` uses a 6 year old base image and references ruby 2.4 and 2.5
3. `discourse_bench` uses an 8 year old base image and references postgres 9.5
The nginx config file used to be copied from the discourse/discourse
repository, but it has been now moved in this project, closer to the
place where it is used.
The config has several 'include' statements that implement support for
outlets that templates can then use to extend the default configuration
for various features. This is an alternative to the "find & replace"
hacks.
I noticed that use running `git reset --hard` results in ~133MB being
added to the final layer generated by `launcher bootstrap`. However, I
can not figure out why we would need to run `git reset --hard` at all.
Even if there is a reason to run `git reset --hard`, it should not be
the default. If someone for whatever reason needs to run `git reset
--hard`, they should do so using the `before_code` hook.
To replicate the problem, one can run the following steps:
1. In the `discourse_docker` repository, create a file named `containers/test.yml` with the following contents:
```
base_image: discourse/base:2.0.20241223-0016
run:
- exec: sudo -H -E -u discourse bash -c "cd /var/www/discourse && git reset --hard"
```
2. Run `./launcher bootstrap test`
3. Run `docker history local_discourse/test` and see that the new layer created by `./launcher bootstrap` is roughly 133MB.
```
IMAGE CREATED CREATED BY SIZE COMMENT
012471f3c5e4 2 minutes ago /bin/bash -c /usr/local/bin/pups --stdin 133MB
```
pnpm packages and bundle gems can add significant size to the Docker
image. Ensure that we clean up those unused files to ensure we don't
add extra diskspace to the final layer when bootstrapping.
Using e.g. `proxy_pass http://discourse` resets the Host header on the upstream
request to `discourse`.
This would break multisites, so we don't want that; the most effetive way to
ensure it's set properly is to `set_header` in the upstream block.
This adds an additional layer of 20mb for no reason. We don't need to be
running the latest version of rubygems all the time.
Even if we need to update rubygems, it should be updated in https://github.com/discourse/docker-ruby
compiles to a single portable binary
Create a base builder package with compile time dependencies. Create an
imagemagick_builder to build imagemagick.
The base builder can be extended for other builders.
Add imagemagick runtime dependencies to discourse_dependencies image
avoid -dev libs
Statically compile as much as possible with --disable-shared and
--enable-delegate-build flags.
References:
https://stackoverflow.com/questions/47031789/imagemagick-100-static-build-for-linuxhttps://www.imagemagick.org/discourse-server/viewtopic.php?t=14259
Add fonts-urw-base35 for NimbusSans-Regular, needed for letter avatar generation
Copy over the resulting magick bin, as well as etc and share files from the
compilation. etc is needed for magick to run, share is not, but contains
translations for errors which Discourse tests are dependent on reading from.
Create symlinks for other magick tooling - imagemagick creates symlink tool
names that Discourse uses. These *could* be dropped if Discourse decided to use
`magick {toolname}` rather than `{toolname}`.
Add nginx compile dependency - building nginx still needs libfreetype6
This was implicitly installed previously. Removing the imagemagick build from
base broke the next nginx build. Add this dependency back in. This dependency
can be removed once we build nginx separately as well.
This is to resolve an error we are seeing in our arm64 dev builds
```
24 49.46 error: package `apple-xar v0.20.0` cannot be built because it requires rustc 1.81 or newer, while the currently active rustc version is 1.75.0
24 49.46 Either upgrade to rustc 1.81 or newer, or use
```
Rafael Silva
Alan Guo Xiang Tan
Ella E.
Jay Pfaffman
Jarek Radosz
SouthpawKB
David Taylor
Gary Pendergast
mwaniki-wairungu
nta~
Mwaniki Wairungu
Michael Fitz-Payne
Bianca Nenciu
Jeff Wong
Michael Brown
Gullumluvl