Penpot/penpot
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-01-22 14:39:45 -05:00
Code Issues Activity

Minor improvements on docker images and compose file.

Browse source
This commit is contained in:
Andrey Antukh 2021-01-11 14:29:38 +01:00
parent 031123b2ca
commit 9043d2574b
5 changed files with 139 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
backend/src/app/config.clj
View file

@ -34,8 +34,6 @@
:storage-fs-uri "http://localhost:3449/internal/assets/" :storage-fs-uri "http://localhost:3449/internal/assets/"
:storage-s3-region :eu-central-1 :storage-s3-region :eu-central-1
:storage-s3-bucket "serenoxyztestbucket"
:image-process-max-threads 2 :image-process-max-threads 2
:smtp-enabled false :smtp-enabled false
@ -76,6 +74,7 @@
(s/def ::database-uri ::us/string) (s/def ::database-uri ::us/string)
(s/def ::redis-uri ::us/string) (s/def ::redis-uri ::us/string)
(s/def ::storage-backend ::us/keyword)
(s/def ::storage-fs-directory ::us/string) (s/def ::storage-fs-directory ::us/string)
(s/def ::storage-fs-uri ::us/string) (s/def ::storage-fs-uri ::us/string)
(s/def ::storage-s3-region ::us/keyword) (s/def ::storage-s3-region ::us/keyword)
@ -136,59 +135,60 @@
(s/def ::config (s/def ::config
(s/keys :opt-un [::http-server-cors (s/keys :opt-un [::allow-demo-users
::http-server-debug ::asserts-enabled
::http-server-port ::database-password
::google-client-id ::database-uri
::google-client-secret ::database-username
::gitlab-client-id ::debug
::gitlab-client-secret ::error-report-webhook
::github-client-id ::github-client-id
::github-client-secret ::github-client-secret
::gitlab-base-uri ::gitlab-base-uri
::asserts-enabled ::gitlab-client-id
::redis-uri ::gitlab-client-secret
::google-client-id
::google-client-secret
::host
::http-server-debug
::http-server-port
::http-server-cors
::image-process-max-threads
::ldap-auth-avatar-attribute
::ldap-auth-base-dn
::ldap-auth-email-attribute
::ldap-auth-fullname-attribute
::ldap-auth-host
::ldap-auth-port
::ldap-auth-ssl
::ldap-auth-starttls
::ldap-auth-user-query
::ldap-auth-username-attribute
::ldap-bind-dn
::ldap-bind-password
::public-uri ::public-uri
::database-username ::redis-uri
::database-password ::registration-domain-whitelist
::database-uri ::registration-enabled
::storage-fs-directory
::storage-fs-uri
::storage-s3-bucket
::storage-s3-region
::error-report-webhook
::secret-key ::secret-key
::smtp-default-from ::smtp-default-from
::smtp-default-reply-to ::smtp-default-reply-to
::smtp-enabled ::smtp-enabled
::smtp-host ::smtp-host
::smtp-port
::smtp-username
::smtp-password ::smtp-password
::smtp-tls ::smtp-port
::smtp-ssl ::smtp-ssl
::host ::smtp-tls
::smtp-username
::storage-backend
::storage-fs-directory
::storage-fs-uri
::storage-s3-bucket
::storage-s3-region
::telemetry-enabled ::telemetry-enabled
::telemetry-server-enabled ::telemetry-server-enabled
::telemetry-uri
::telemetry-server-port ::telemetry-server-port
::debug ::telemetry-uri]))
::allow-demo-users
::registration-enabled
::registration-domain-whitelist
::image-process-max-threads
::ldap-auth-host
::ldap-auth-port
::ldap-bind-dn
::ldap-bind-password
::ldap-auth-ssl
::ldap-auth-starttls
::ldap-auth-base-dn
::ldap-auth-user-query
::ldap-auth-username-attribute
::ldap-auth-email-attribute
::ldap-auth-fullname-attribute
::ldap-auth-avatar-attribute]))
(defn- env->config (defn- env->config
[env] [env]

2
backend/src/app/main.clj
View file

@ -258,7 +258,7 @@
:app.storage.db/backend :app.storage.db/backend
{:pool (ig/ref :app.db/pool)}} {:pool (ig/ref :app.db/pool)}}
(let [backend (:storage-default-backend cfg/config :fs)] (let [backend (:storage-backend cfg/config :fs)]
{:app.storage/storage {:backend backend}}) {:app.storage/storage {:backend backend}})
(when (:telemetry-server-enabled cfg/config) (when (:telemetry-server-enabled cfg/config)

50
docker/images/docker-compose.yaml
View file

@ -1,13 +1,8 @@
--- ---
version: "3" version: "3.0"
networks: networks:
default: penpot:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.177.99.0/24
volumes: volumes:
postgres_data: postgres_data:
@ -26,6 +21,8 @@ services:
depends_on: depends_on:
- penpot-backend - penpot-backend
- penpot-exporter - penpot-exporter
networks:
- penpot
penpot-backend: penpot-backend:
image: "penpotapp/backend:develop" image: "penpotapp/backend:develop"
@ -37,17 +34,37 @@ services:
- penpot-redis - penpot-redis
environment: environment:
- APP_DATABASE_URI=postgresql://penpot-postgres/penpot - PENPOT_ASSERTS_ENABLED=false
- APP_DATABASE_USERNAME=penpot - PENPOT_DEBUG=false
- APP_DATABASE_PASSWORD=penpot - PENPOT_HOST=example.penpot
- APP_SMTP_ENABLED=false - PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
- APP_REDIS_URI=redis://penpot-redis/0 - PENPOT_DATABASE_USERNAME=penpot
- APP_MEDIA_DIRECTORY=/opt/data/media - PENPOT_DATABASE_PASSWORD=penpot
- PENPOT_REDIS_URI=redis://penpot-redis/0
- PENPOT_STORAGE_FS_DIRECTORY_=/opt/data/assets
- PENPOT_STORAGE_FS_URI=http://penpot-frontend/internal/assets
- PENPOT_STORAGE_BACKEND=fs
- PENPOT_SMTP_ENABLED=false
- PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com
- PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com
- PENPOT_SECRET_KEY=provide-here-a-secret-random-key
# - PENPOT_SMTP_HOST=...
# - PENPOT_SMTP_PORT=...
# - PENPOT_SMTP_USERNAME=...
# - PENPOT_SMTP_PASSWORD=...
# - PENPOT_SMTP_TLS=true
# - PENPOT_SMTP_SSL=false
# - PENPOT_GOOGLE_CLIENT_ID=...
# - PENPOT_GOOGLE_CLIENT_SECRET=...
networks:
- penpot
penpot-exporter: penpot-exporter:
image: "penpotapp/exporter:develop" image: "penpotapp/exporter:develop"
environment: environment:
- APP_PUBLIC_URI=http://penpot-frontend - PENPOT_PUBLIC_URI=http://penpot-frontend
networks:
- penpot
penpot-postgres: penpot-postgres:
image: "postgres:13" image: "postgres:13"
@ -63,6 +80,11 @@ services:
volumes: volumes:
- postgres_data:/var/lib/postgresql/data - postgres_data:/var/lib/postgresql/data
networks:
- penpot
penpot-redis: penpot-redis:
image: redis:6 image: redis:6
restart: always restart: always
networks:
- penpot

66
docker/images/files/nginx.conf
View file

@ -4,7 +4,7 @@ pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf; include /etc/nginx/modules-enabled/*.conf;
events { events {
worker_connections 768; worker_connections 2048;
# multi_accept on; # multi_accept on;
} }
@ -14,10 +14,15 @@ http {
tcp_nodelay on; tcp_nodelay on;
keepalive_timeout 65; keepalive_timeout 65;
types_hash_max_size 2048; types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64; keepalive_requests 30;
# server_name_in_redirect off; keepalive_timeout 30s;
server_tokens off;
reset_timedout_connection on;
client_body_timeout 20s;
client_header_timeout 20s;
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
@ -37,14 +42,14 @@ http {
map $http_upgrade $connection_upgrade { map $http_upgrade $connection_upgrade {
default upgrade; default upgrade;
'' close; '' close;
} }
server { server {
listen 80 default_server; listen 80 default_server;
server_name _; server_name _;
client_max_body_size 5M; client_max_body_size 6M;
charset utf-8; charset utf-8;
proxy_http_version 1.1; proxy_http_version 1.1;
@ -55,18 +60,14 @@ http {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
etag off; etag off;
root /var/www/app/;
location / { location ~* \.(js|css).*$ {
root /var/www/app/; add_header Cache-Control "max-age=86400" always; # 24 hours
try_files $uri /index.html; }
location ~* \.(js|css).*$ { location ~* \.(html).*$ {
add_header Cache-Control "max-age=86400" always; # 24 hours add_header Cache-Control "no-cache, max-age=0" always;
}
location = /index.html {
add_header Cache-Control "no-cache, max-age=0";
}
} }
location /api { location /api {
@ -83,8 +84,37 @@ http {
proxy_pass http://penpot-backend:6060/ws/notifications; proxy_pass http://penpot-backend:6060/ws/notifications;
} }
location /media { location @handle_redirect {
alias /opt/data/media; set $redirect_uri "$upstream_http_location";
set $redirect_host "$upstream_http_x_host";
set $redirect_cache_control "$upstream_http_cache_control";
proxy_buffering off;
proxy_set_header Host "$redirect_host";
proxy_hide_header etag;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header x-amz-meta-server-side-encryption;
proxy_hide_header x-amz-server-side-encryption;
proxy_pass $redirect_uri;
add_header x-internal-redirect "$redirect_uri";
add_header x-cache-control "$redirect_cache_control";
add_header cache-control "$redirect_cache_control";
}
location /assets {
proxy_pass http://127.0.0.1:6060/assets;
recursive_error_pages on;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_redirect;
}
location /internal/assets {
internal;
alias /var/www/assets;
add_header x-internal-redirect "$upstream_http_x_accel_redirect";
} }
} }
} }

25
manage.sh
View file

@ -9,6 +9,7 @@ export CURRENT_USER_ID=$(id -u);
export CURRENT_VERSION=$(git describe --tags); export CURRENT_VERSION=$(git describe --tags);
export CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD); export CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD);
export CURRENT_HASH=$(git rev-parse --short HEAD); export CURRENT_HASH=$(git rev-parse --short HEAD);
export CURRENT_BUILD=$(date '+%Y%m%d%H%M');
function build-devenv { function build-devenv {
echo "Building development image $DEVENV_IMGNAME:latest..." echo "Building development image $DEVENV_IMGNAME:latest..."
@ -97,12 +98,10 @@ function build-bundle {
mv ./exporter/target ./bundle/exporter mv ./exporter/target ./bundle/exporter
local version="$CURRENT_VERSION"; local version="$CURRENT_VERSION";
local name="penpot-$CURRENT_VERSION"; local name="penpot-$CURRENT_BRANCH";
if [ $CURRENT_BRANCH != "main" ]; then if [ $CURRENT_BRANCH != "main" ]; then
local ncommits=$(git rev-list --count HEAD); version="$CURRENT_BRANCH-$CURRENT_VERSION";
version="$CURRENT_BRANCH-$ncommits-$CURRENT_HASH";
name="penpot-$CURRENT_BRANCH";
fi; fi;
echo $version > ./bundle/version.txt echo $version > ./bundle/version.txt
@ -126,23 +125,25 @@ function build-bundle {
function build-image { function build-image {
local image=$1; local image=$1;
local version=$2; local tag=$2;
local version=$3;
local docker_image="$ORGANIZATION/$image"; local docker_image="$ORGANIZATION/$image";
set -x set -x
pushd ./docker/images; pushd ./docker/images;
docker buildx build --platform linux/amd64 -t $docker_image:$version -f Dockerfile.$image .; docker buildx build --platform linux/amd64 -t $docker_image:$tag -f Dockerfile.$image .;
docker tag $docker_image:$tag $docker_image:$version;
# docker buildx build --platform linux/arm64 -t $docker_image:$version-arm64 .; # docker buildx build --platform linux/arm64 -t $docker_image:$version-arm64 .;
popd; popd;
} }
function build-images { function build-images {
local version="$CURRENT_VERSION"; local version="$CURRENT_VERSION";
local bundle_file="penpot-$CURRENT_VERSION.tar.xz"; local bundle_file="penpot-$CURRENT_BRANCH-$CURRENT_VERSION.tar.xz";
if [ $CURRENT_BRANCH != "main" ]; then if [ $CURRENT_BRANCH != "main" ]; then
version="$CURRENT_BRANCH"; version="$CURRENT_BRANCH-$CURRENT_VERSION";
bundle_file="penpot-$CURRENT_BRANCH.tar.xz";
fi; fi;
if [ ! -f $bundle_file ]; then if [ ! -f $bundle_file ]; then
@ -160,9 +161,9 @@ function build-images {
tar xvf $bundle_file_path; tar xvf $bundle_file_path;
popd popd
build-image "backend" $version; build-image "backend" $CURRENT_BRANCH $version;
build-image "frontend" $version; build-image "frontend" $CURRENT_BRANCH $version;
build-image "exporter" $version; build-image "exporter" $CURRENT_BRANCH $version;
} }
function publish-latest-images { function publish-latest-images {