0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-01-22 14:39:45 -05:00

Minor improvements on docker images and compose file.

This commit is contained in:
Andrey Antukh 2021-01-11 14:29:38 +01:00
parent 031123b2ca
commit 9043d2574b
5 changed files with 139 additions and 86 deletions

View file

@ -34,8 +34,6 @@
:storage-fs-uri "http://localhost:3449/internal/assets/"
:storage-s3-region :eu-central-1
:storage-s3-bucket "serenoxyztestbucket"
:image-process-max-threads 2
:smtp-enabled false
@ -76,6 +74,7 @@
(s/def ::database-uri ::us/string)
(s/def ::redis-uri ::us/string)
(s/def ::storage-backend ::us/keyword)
(s/def ::storage-fs-directory ::us/string)
(s/def ::storage-fs-uri ::us/string)
(s/def ::storage-s3-region ::us/keyword)
@ -136,59 +135,60 @@
(s/def ::config
(s/keys :opt-un [::http-server-cors
::http-server-debug
::http-server-port
::google-client-id
::google-client-secret
::gitlab-client-id
::gitlab-client-secret
(s/keys :opt-un [::allow-demo-users
::asserts-enabled
::database-password
::database-uri
::database-username
::debug
::error-report-webhook
::github-client-id
::github-client-secret
::gitlab-base-uri
::asserts-enabled
::redis-uri
::gitlab-client-id
::gitlab-client-secret
::google-client-id
::google-client-secret
::host
::http-server-debug
::http-server-port
::http-server-cors
::image-process-max-threads
::ldap-auth-avatar-attribute
::ldap-auth-base-dn
::ldap-auth-email-attribute
::ldap-auth-fullname-attribute
::ldap-auth-host
::ldap-auth-port
::ldap-auth-ssl
::ldap-auth-starttls
::ldap-auth-user-query
::ldap-auth-username-attribute
::ldap-bind-dn
::ldap-bind-password
::public-uri
::database-username
::database-password
::database-uri
::storage-fs-directory
::storage-fs-uri
::storage-s3-bucket
::storage-s3-region
::error-report-webhook
::redis-uri
::registration-domain-whitelist
::registration-enabled
::secret-key
::smtp-default-from
::smtp-default-reply-to
::smtp-enabled
::smtp-host
::smtp-port
::smtp-username
::smtp-password
::smtp-tls
::smtp-port
::smtp-ssl
::host
::smtp-tls
::smtp-username
::storage-backend
::storage-fs-directory
::storage-fs-uri
::storage-s3-bucket
::storage-s3-region
::telemetry-enabled
::telemetry-server-enabled
::telemetry-uri
::telemetry-server-port
::debug
::allow-demo-users
::registration-enabled
::registration-domain-whitelist
::image-process-max-threads
::ldap-auth-host
::ldap-auth-port
::ldap-bind-dn
::ldap-bind-password
::ldap-auth-ssl
::ldap-auth-starttls
::ldap-auth-base-dn
::ldap-auth-user-query
::ldap-auth-username-attribute
::ldap-auth-email-attribute
::ldap-auth-fullname-attribute
::ldap-auth-avatar-attribute]))
::telemetry-uri]))
(defn- env->config
[env]

View file

@ -258,7 +258,7 @@
:app.storage.db/backend
{:pool (ig/ref :app.db/pool)}}
(let [backend (:storage-default-backend cfg/config :fs)]
(let [backend (:storage-backend cfg/config :fs)]
{:app.storage/storage {:backend backend}})
(when (:telemetry-server-enabled cfg/config)

View file

@ -1,13 +1,8 @@
---
version: "3"
version: "3.0"
networks:
default:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.177.99.0/24
penpot:
volumes:
postgres_data:
@ -26,6 +21,8 @@ services:
depends_on:
- penpot-backend
- penpot-exporter
networks:
- penpot
penpot-backend:
image: "penpotapp/backend:develop"
@ -37,17 +34,37 @@ services:
- penpot-redis
environment:
- APP_DATABASE_URI=postgresql://penpot-postgres/penpot
- APP_DATABASE_USERNAME=penpot
- APP_DATABASE_PASSWORD=penpot
- APP_SMTP_ENABLED=false
- APP_REDIS_URI=redis://penpot-redis/0
- APP_MEDIA_DIRECTORY=/opt/data/media
- PENPOT_ASSERTS_ENABLED=false
- PENPOT_DEBUG=false
- PENPOT_HOST=example.penpot
- PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
- PENPOT_DATABASE_USERNAME=penpot
- PENPOT_DATABASE_PASSWORD=penpot
- PENPOT_REDIS_URI=redis://penpot-redis/0
- PENPOT_STORAGE_FS_DIRECTORY_=/opt/data/assets
- PENPOT_STORAGE_FS_URI=http://penpot-frontend/internal/assets
- PENPOT_STORAGE_BACKEND=fs
- PENPOT_SMTP_ENABLED=false
- PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com
- PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com
- PENPOT_SECRET_KEY=provide-here-a-secret-random-key
# - PENPOT_SMTP_HOST=...
# - PENPOT_SMTP_PORT=...
# - PENPOT_SMTP_USERNAME=...
# - PENPOT_SMTP_PASSWORD=...
# - PENPOT_SMTP_TLS=true
# - PENPOT_SMTP_SSL=false
# - PENPOT_GOOGLE_CLIENT_ID=...
# - PENPOT_GOOGLE_CLIENT_SECRET=...
networks:
- penpot
penpot-exporter:
image: "penpotapp/exporter:develop"
environment:
- APP_PUBLIC_URI=http://penpot-frontend
- PENPOT_PUBLIC_URI=http://penpot-frontend
networks:
- penpot
penpot-postgres:
image: "postgres:13"
@ -63,6 +80,11 @@ services:
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- penpot
penpot-redis:
image: redis:6
restart: always
networks:
- penpot

View file

@ -4,7 +4,7 @@ pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
worker_connections 2048;
# multi_accept on;
}
@ -14,10 +14,15 @@ http {
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
keepalive_requests 30;
keepalive_timeout 30s;
server_tokens off;
reset_timedout_connection on;
client_body_timeout 20s;
client_header_timeout 20s;
include /etc/nginx/mime.types;
default_type application/octet-stream;
@ -37,14 +42,14 @@ http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
'' close;
}
server {
listen 80 default_server;
server_name _;
client_max_body_size 5M;
client_max_body_size 6M;
charset utf-8;
proxy_http_version 1.1;
@ -55,18 +60,14 @@ http {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
etag off;
root /var/www/app/;
location / {
root /var/www/app/;
try_files $uri /index.html;
location ~* \.(js|css).*$ {
add_header Cache-Control "max-age=86400" always; # 24 hours
}
location ~* \.(js|css).*$ {
add_header Cache-Control "max-age=86400" always; # 24 hours
}
location = /index.html {
add_header Cache-Control "no-cache, max-age=0";
}
location ~* \.(html).*$ {
add_header Cache-Control "no-cache, max-age=0" always;
}
location /api {
@ -83,8 +84,37 @@ http {
proxy_pass http://penpot-backend:6060/ws/notifications;
}
location /media {
alias /opt/data/media;
location @handle_redirect {
set $redirect_uri "$upstream_http_location";
set $redirect_host "$upstream_http_x_host";
set $redirect_cache_control "$upstream_http_cache_control";
proxy_buffering off;
proxy_set_header Host "$redirect_host";
proxy_hide_header etag;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header x-amz-meta-server-side-encryption;
proxy_hide_header x-amz-server-side-encryption;
proxy_pass $redirect_uri;
add_header x-internal-redirect "$redirect_uri";
add_header x-cache-control "$redirect_cache_control";
add_header cache-control "$redirect_cache_control";
}
location /assets {
proxy_pass http://127.0.0.1:6060/assets;
recursive_error_pages on;
proxy_intercept_errors on;
error_page 301 302 307 = @handle_redirect;
}
location /internal/assets {
internal;
alias /var/www/assets;
add_header x-internal-redirect "$upstream_http_x_accel_redirect";
}
}
}

View file

@ -9,6 +9,7 @@ export CURRENT_USER_ID=$(id -u);
export CURRENT_VERSION=$(git describe --tags);
export CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD);
export CURRENT_HASH=$(git rev-parse --short HEAD);
export CURRENT_BUILD=$(date '+%Y%m%d%H%M');
function build-devenv {
echo "Building development image $DEVENV_IMGNAME:latest..."
@ -97,12 +98,10 @@ function build-bundle {
mv ./exporter/target ./bundle/exporter
local version="$CURRENT_VERSION";
local name="penpot-$CURRENT_VERSION";
local name="penpot-$CURRENT_BRANCH";
if [ $CURRENT_BRANCH != "main" ]; then
local ncommits=$(git rev-list --count HEAD);
version="$CURRENT_BRANCH-$ncommits-$CURRENT_HASH";
name="penpot-$CURRENT_BRANCH";
version="$CURRENT_BRANCH-$CURRENT_VERSION";
fi;
echo $version > ./bundle/version.txt
@ -126,23 +125,25 @@ function build-bundle {
function build-image {
local image=$1;
local version=$2;
local tag=$2;
local version=$3;
local docker_image="$ORGANIZATION/$image";
set -x
pushd ./docker/images;
docker buildx build --platform linux/amd64 -t $docker_image:$version -f Dockerfile.$image .;
docker buildx build --platform linux/amd64 -t $docker_image:$tag -f Dockerfile.$image .;
docker tag $docker_image:$tag $docker_image:$version;
# docker buildx build --platform linux/arm64 -t $docker_image:$version-arm64 .;
popd;
}
function build-images {
local version="$CURRENT_VERSION";
local bundle_file="penpot-$CURRENT_VERSION.tar.xz";
local bundle_file="penpot-$CURRENT_BRANCH-$CURRENT_VERSION.tar.xz";
if [ $CURRENT_BRANCH != "main" ]; then
version="$CURRENT_BRANCH";
bundle_file="penpot-$CURRENT_BRANCH.tar.xz";
version="$CURRENT_BRANCH-$CURRENT_VERSION";
fi;
if [ ! -f $bundle_file ]; then
@ -160,9 +161,9 @@ function build-images {
tar xvf $bundle_file_path;
popd
build-image "backend" $version;
build-image "frontend" $version;
build-image "exporter" $version;
build-image "backend" $CURRENT_BRANCH $version;
build-image "frontend" $CURRENT_BRANCH $version;
build-image "exporter" $CURRENT_BRANCH $version;
}
function publish-latest-images {