diff --git a/backend/src/app/config.clj b/backend/src/app/config.clj index fee93ccd9..42a7929fa 100644 --- a/backend/src/app/config.clj +++ b/backend/src/app/config.clj @@ -34,8 +34,6 @@ :storage-fs-uri "http://localhost:3449/internal/assets/" :storage-s3-region :eu-central-1 - :storage-s3-bucket "serenoxyztestbucket" - :image-process-max-threads 2 :smtp-enabled false @@ -76,6 +74,7 @@ (s/def ::database-uri ::us/string) (s/def ::redis-uri ::us/string) +(s/def ::storage-backend ::us/keyword) (s/def ::storage-fs-directory ::us/string) (s/def ::storage-fs-uri ::us/string) (s/def ::storage-s3-region ::us/keyword) @@ -136,59 +135,60 @@ (s/def ::config - (s/keys :opt-un [::http-server-cors - ::http-server-debug - ::http-server-port - ::google-client-id - ::google-client-secret - ::gitlab-client-id - ::gitlab-client-secret + (s/keys :opt-un [::allow-demo-users + ::asserts-enabled + ::database-password + ::database-uri + ::database-username + ::debug + ::error-report-webhook ::github-client-id ::github-client-secret ::gitlab-base-uri - ::asserts-enabled - ::redis-uri + ::gitlab-client-id + ::gitlab-client-secret + ::google-client-id + ::google-client-secret + ::host + ::http-server-debug + ::http-server-port + ::http-server-cors + ::image-process-max-threads + ::ldap-auth-avatar-attribute + ::ldap-auth-base-dn + ::ldap-auth-email-attribute + ::ldap-auth-fullname-attribute + ::ldap-auth-host + ::ldap-auth-port + ::ldap-auth-ssl + ::ldap-auth-starttls + ::ldap-auth-user-query + ::ldap-auth-username-attribute + ::ldap-bind-dn + ::ldap-bind-password ::public-uri - ::database-username - ::database-password - ::database-uri - ::storage-fs-directory - ::storage-fs-uri - ::storage-s3-bucket - ::storage-s3-region - ::error-report-webhook + ::redis-uri + ::registration-domain-whitelist + ::registration-enabled ::secret-key ::smtp-default-from ::smtp-default-reply-to ::smtp-enabled ::smtp-host - ::smtp-port - ::smtp-username ::smtp-password - ::smtp-tls + ::smtp-port ::smtp-ssl - ::host + ::smtp-tls + ::smtp-username + ::storage-backend + ::storage-fs-directory + ::storage-fs-uri + ::storage-s3-bucket + ::storage-s3-region ::telemetry-enabled ::telemetry-server-enabled - ::telemetry-uri ::telemetry-server-port - ::debug - ::allow-demo-users - ::registration-enabled - ::registration-domain-whitelist - ::image-process-max-threads - ::ldap-auth-host - ::ldap-auth-port - ::ldap-bind-dn - ::ldap-bind-password - ::ldap-auth-ssl - ::ldap-auth-starttls - ::ldap-auth-base-dn - ::ldap-auth-user-query - ::ldap-auth-username-attribute - ::ldap-auth-email-attribute - ::ldap-auth-fullname-attribute - ::ldap-auth-avatar-attribute])) + ::telemetry-uri])) (defn- env->config [env] diff --git a/backend/src/app/main.clj b/backend/src/app/main.clj index fa3ddec9f..919796fe3 100644 --- a/backend/src/app/main.clj +++ b/backend/src/app/main.clj @@ -258,7 +258,7 @@ :app.storage.db/backend {:pool (ig/ref :app.db/pool)}} - (let [backend (:storage-default-backend cfg/config :fs)] + (let [backend (:storage-backend cfg/config :fs)] {:app.storage/storage {:backend backend}}) (when (:telemetry-server-enabled cfg/config) diff --git a/docker/images/docker-compose.yaml b/docker/images/docker-compose.yaml index 689b13f09..af542f3b0 100644 --- a/docker/images/docker-compose.yaml +++ b/docker/images/docker-compose.yaml @@ -1,13 +1,8 @@ --- -version: "3" +version: "3.0" networks: - default: - driver: bridge - ipam: - driver: default - config: - - subnet: 172.177.99.0/24 + penpot: volumes: postgres_data: @@ -26,6 +21,8 @@ services: depends_on: - penpot-backend - penpot-exporter + networks: + - penpot penpot-backend: image: "penpotapp/backend:develop" @@ -37,17 +34,37 @@ services: - penpot-redis environment: - - APP_DATABASE_URI=postgresql://penpot-postgres/penpot - - APP_DATABASE_USERNAME=penpot - - APP_DATABASE_PASSWORD=penpot - - APP_SMTP_ENABLED=false - - APP_REDIS_URI=redis://penpot-redis/0 - - APP_MEDIA_DIRECTORY=/opt/data/media + - PENPOT_ASSERTS_ENABLED=false + - PENPOT_DEBUG=false + - PENPOT_HOST=example.penpot + - PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot + - PENPOT_DATABASE_USERNAME=penpot + - PENPOT_DATABASE_PASSWORD=penpot + - PENPOT_REDIS_URI=redis://penpot-redis/0 + - PENPOT_STORAGE_FS_DIRECTORY_=/opt/data/assets + - PENPOT_STORAGE_FS_URI=http://penpot-frontend/internal/assets + - PENPOT_STORAGE_BACKEND=fs + - PENPOT_SMTP_ENABLED=false + - PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com + - PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com + - PENPOT_SECRET_KEY=provide-here-a-secret-random-key + # - PENPOT_SMTP_HOST=... + # - PENPOT_SMTP_PORT=... + # - PENPOT_SMTP_USERNAME=... + # - PENPOT_SMTP_PASSWORD=... + # - PENPOT_SMTP_TLS=true + # - PENPOT_SMTP_SSL=false + # - PENPOT_GOOGLE_CLIENT_ID=... + # - PENPOT_GOOGLE_CLIENT_SECRET=... + networks: + - penpot penpot-exporter: image: "penpotapp/exporter:develop" environment: - - APP_PUBLIC_URI=http://penpot-frontend + - PENPOT_PUBLIC_URI=http://penpot-frontend + networks: + - penpot penpot-postgres: image: "postgres:13" @@ -63,6 +80,11 @@ services: volumes: - postgres_data:/var/lib/postgresql/data + networks: + - penpot + penpot-redis: image: redis:6 restart: always + networks: + - penpot diff --git a/docker/images/files/nginx.conf b/docker/images/files/nginx.conf index c8ceca0f1..4cdf7577b 100644 --- a/docker/images/files/nginx.conf +++ b/docker/images/files/nginx.conf @@ -4,7 +4,7 @@ pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { - worker_connections 768; + worker_connections 2048; # multi_accept on; } @@ -14,10 +14,15 @@ http { tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; - # server_tokens off; - # server_names_hash_bucket_size 64; - # server_name_in_redirect off; + keepalive_requests 30; + keepalive_timeout 30s; + + server_tokens off; + + reset_timedout_connection on; + client_body_timeout 20s; + client_header_timeout 20s; include /etc/nginx/mime.types; default_type application/octet-stream; @@ -37,14 +42,14 @@ http { map $http_upgrade $connection_upgrade { default upgrade; - '' close; + '' close; } server { listen 80 default_server; server_name _; - client_max_body_size 5M; + client_max_body_size 6M; charset utf-8; proxy_http_version 1.1; @@ -55,18 +60,14 @@ http { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; etag off; + root /var/www/app/; - location / { - root /var/www/app/; - try_files $uri /index.html; + location ~* \.(js|css).*$ { + add_header Cache-Control "max-age=86400" always; # 24 hours + } - location ~* \.(js|css).*$ { - add_header Cache-Control "max-age=86400" always; # 24 hours - } - - location = /index.html { - add_header Cache-Control "no-cache, max-age=0"; - } + location ~* \.(html).*$ { + add_header Cache-Control "no-cache, max-age=0" always; } location /api { @@ -83,8 +84,37 @@ http { proxy_pass http://penpot-backend:6060/ws/notifications; } - location /media { - alias /opt/data/media; + location @handle_redirect { + set $redirect_uri "$upstream_http_location"; + set $redirect_host "$upstream_http_x_host"; + set $redirect_cache_control "$upstream_http_cache_control"; + + proxy_buffering off; + + proxy_set_header Host "$redirect_host"; + proxy_hide_header etag; + proxy_hide_header x-amz-id-2; + proxy_hide_header x-amz-request-id; + proxy_hide_header x-amz-meta-server-side-encryption; + proxy_hide_header x-amz-server-side-encryption; + proxy_pass $redirect_uri; + + add_header x-internal-redirect "$redirect_uri"; + add_header x-cache-control "$redirect_cache_control"; + add_header cache-control "$redirect_cache_control"; + } + + location /assets { + proxy_pass http://127.0.0.1:6060/assets; + recursive_error_pages on; + proxy_intercept_errors on; + error_page 301 302 307 = @handle_redirect; + } + + location /internal/assets { + internal; + alias /var/www/assets; + add_header x-internal-redirect "$upstream_http_x_accel_redirect"; } } } diff --git a/manage.sh b/manage.sh index e7336296a..c83d6f506 100755 --- a/manage.sh +++ b/manage.sh @@ -9,6 +9,7 @@ export CURRENT_USER_ID=$(id -u); export CURRENT_VERSION=$(git describe --tags); export CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD); export CURRENT_HASH=$(git rev-parse --short HEAD); +export CURRENT_BUILD=$(date '+%Y%m%d%H%M'); function build-devenv { echo "Building development image $DEVENV_IMGNAME:latest..." @@ -97,12 +98,10 @@ function build-bundle { mv ./exporter/target ./bundle/exporter local version="$CURRENT_VERSION"; - local name="penpot-$CURRENT_VERSION"; + local name="penpot-$CURRENT_BRANCH"; if [ $CURRENT_BRANCH != "main" ]; then - local ncommits=$(git rev-list --count HEAD); - version="$CURRENT_BRANCH-$ncommits-$CURRENT_HASH"; - name="penpot-$CURRENT_BRANCH"; + version="$CURRENT_BRANCH-$CURRENT_VERSION"; fi; echo $version > ./bundle/version.txt @@ -126,23 +125,25 @@ function build-bundle { function build-image { local image=$1; - local version=$2; + local tag=$2; + local version=$3; local docker_image="$ORGANIZATION/$image"; set -x pushd ./docker/images; - docker buildx build --platform linux/amd64 -t $docker_image:$version -f Dockerfile.$image .; + docker buildx build --platform linux/amd64 -t $docker_image:$tag -f Dockerfile.$image .; + docker tag $docker_image:$tag $docker_image:$version; + # docker buildx build --platform linux/arm64 -t $docker_image:$version-arm64 .; popd; } function build-images { local version="$CURRENT_VERSION"; - local bundle_file="penpot-$CURRENT_VERSION.tar.xz"; + local bundle_file="penpot-$CURRENT_BRANCH-$CURRENT_VERSION.tar.xz"; if [ $CURRENT_BRANCH != "main" ]; then - version="$CURRENT_BRANCH"; - bundle_file="penpot-$CURRENT_BRANCH.tar.xz"; + version="$CURRENT_BRANCH-$CURRENT_VERSION"; fi; if [ ! -f $bundle_file ]; then @@ -160,9 +161,9 @@ function build-images { tar xvf $bundle_file_path; popd - build-image "backend" $version; - build-image "frontend" $version; - build-image "exporter" $version; + build-image "backend" $CURRENT_BRANCH $version; + build-image "frontend" $CURRENT_BRANCH $version; + build-image "exporter" $CURRENT_BRANCH $version; } function publish-latest-images {