Skip to content

Commit

Permalink
add rails health check, update deploy.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
@robguthrie
robguthrie committed Apr 26, 2023
1 parent ec812bb commit 95181f1
Show file tree
Hide file tree
Showing 3 changed files with 131 additions and 62 deletions.
1 change: 1 addition & 0 deletions config/crontab
View file
@@ -0,0 +1 @@
0 * * * * /snap/bin/docker exec loomio-worker bundle exec rake loomio:hourly_tasks > ~/rake.log 2>&1
190 changes: 128 additions & 62 deletions config/deploy.yml
View file
@@ -1,78 +1,144 @@
# Name of your application. Used to uniquely configure containers.
service: loomio
image: loomio/loomio_com

# Name of the container image.
image: loomio/latest

# Deploy to these servers.
servers:
- 192.168.0.1
web:
- 165.227.76.125
job:
hosts:
- 159.89.42.168
cmd: bundle exec sidekiq

# Credentials for your image host.
registry:
# Specify the registry server, if you're not using Docker Hub
# server: registry.digitalocean.com / ghcr.io / ...
username: my-user
# cron:
# hosts:
# - 159.89.42.168
# cmd:
# bash -c "cat config/crontab | crontab - && cron -f"

# Always use an access token rather than real password when possible.
registry:
server: ghcr.io
username: robguthrie
password:
- MRSK_REGISTRY_PASSWORD
- GH_PAT

# Inject ENV variables into containers (secrets come from .env).
# env:
# clear:
# DB_HOST: 192.168.0.2
# secret:
# - RAILS_MASTER_KEY
env:
# secret:
# - RAILS_MASTER_KEY
clear:
CANONICAL_HOST: loomiotest.org
SITE_NAME: Loomio-next
REPLY_HOSTNAME: reply.loomiotest.org
CHANNELS_URI: wss://channels.loomiotest.org
SMTP_DOMAIN: loomiotest.org
SMTP_SERVER: email-smtp.us-west-2.amazonaws.com
SMTP_PORT: 587
SMTP_USERNAME: AKIA2UKBBQNLQ3ED2W6B
SMTP_PASSWORD: BHuTeHNhHLLE07aWAunV6PLGXUy6r+rZ6OhuW4S1jliU
PUMA_WORKERS: 2
MIN_THREADS: 12
MAX_THREADS: 12
FORCE_SSL: 1
USE_RACK_ATTACK: 1
RACK_ATTACK_RATE_MULTPLIER: 5
RACK_ATTACK_TIME_MULTPLIER: 1
DATABASE_URL: postgresql://doadmin:AVNS_y-OdAEIPfReTSpRtNgK@db-loomio-com-do-user-727646-0.b.db.ondigitalocean.com:25060/defaultdb?sslmode=require
REDIS_URL: redis://redis:6379/0
ACTIVE_STORAGE_SERVICE: digitalocean
DO_ENDPOINT: https://syd1.digitaloceanspaces.com
DO_ACCESS_KEY_ID: DO00RQPRGZPUW3PAHD9P
DO_SECRET_ACCESS_KEY: CMJ8meE6E4awHuoqi4e5yjtZYNF2ifAu6Mz29jHx7/8
DO_BUCKET: loomiotest
SENTRY_PUBLIC_DSN: https://ecf9c5d9879d4fc5a72cfb60ebd075f5@bugs.loomio.io/7
ALLOW_ROBOTS: 1
CHARGIFY_API_KEY: zpd8P5LU57DjGWXwgk3p
CHARGIFY_APP_NAME: loomio
CHARGIFY_SITE_KEY: dP5UcDX5LTPyq98LSpv
DEVISE_SECRET: jei9dkfrus12k111222333ee4r4r4r44poocarrot
ERROR_PAGE_URL: https://help.loomio.com/en/error
MAINTENANCE_PAGE_URL: https://help.loomio.com/en/maintenance
EXPLORE_MIN_MEMBERS: 4
EXPLORE_MIN_THREADS: 2
EXPLORE_REQUIRE_SUBSCRIPTION: 1
FB_APP_ID_META: 457851034283863
FEATURES_DEMO_GROUPS: 1
FEATURES_SHOW_CONTACT: 1
FEATURES_SHOW_CONTACT_CONSENT: 1
FEATURES_SUBSCRIPTIONS: 1
FEATURES_TRIALS: 1
GOOGLE_APP_KEY: 354171176268.apps.googleusercontent.com
GOOGLE_APP_SECRET: 2LTFjpPqYnGcE-xE0k3ISsau
GOOGLE_CLOUD_KEY: AIzaSyCXXwWrKlB6GY6w0mpFJRrlyG3ayj_556k
HELPER_BOT_EMAIL: contact@loomio.com
NEWSLETTER_ENABLED: 1
OLD_REPLY_HOSTNAME: reply.loomio.org
PAID_INVITATIONS_RATE_LIMIT: 50000
PRIVACY_URL: https://help.loomio.com/en/policy/privacy
RACK_ATTACK_RATE_MULTPLIER: 3
RACK_TIMEOUT_SERVICE_TIMEOUT: 40
RAILS_ENV: production
RECAPTCHA_APP_KEY: 6Lff0VoUAAAAAO7_jvINGkPucgNYRlZ72SdFQOSe
RECAPTCHA_SECRET_KEY: 6Lff0VoUAAAAAMk4c2HsfXAZIwMOFILoxWPoRLZr
REDIRECT_TO_CANONICAL_HOST: 1
REDIS_CACHE_URL: redis://default:8iyjoJy0AUt1ByKmVsiJ70VQewZDoeo3@redis-14929.c10.us-east-1-2.ec2.cloud.redislabs.com:14929
REDIS_QUEUE_URL: redis://default:PdeKf5tkvxRlrFRUmAWrLv1BwIFRpl9b@redis-11380.c74.us-east-1-4.ec2.cloud.redislabs.com:11380
REPLY_HOSTNAME: reply.loomio.com
SECRET_COOKIE_TOKEN: e25c9a6592be3bacf55e36fa818a891ce6d46170e72677b062e21252e35c39c873fcb5721ac184e8837944fe7cfdab7570dc5f8ff0a5fb12ce7f20c85bbdb708
SECRET_KEY_BASE: e25c9a6592be3bacf55e36fa818a891ce6d46170e72677b062e21252e35c39c873fcb5721ac184e8837944fe7cfdab7570dc5f8ff0a5fb12ce7f20c85bbdb708
SENTRY_PUBLIC_DSN: https://69a6622bed364b8199f20d64863b1537@bugs.loomio.io/2
SENTRY_SAMPLE_RATE: 0.1
SPAM_REGEX: (flipssl\.com|zoofood\.org|w3boats\.com|revutap\.com|slowimo\.com|relumyx\.com|fineoak\.org|diide\.com|gusronk\.com|appnox\.com|akxpert\.com|patmui\.com|xhypm\.com|5y5u\.com|boldhut\.com|botfed\.com|fineloans\.org|netjook\.com|aramidth\.com|kindbest\.com|bsmitao\.com|astarmax\.com|irahada\.com|naymeo\.com|ichkoch\.com|onzmail\.com|seacob\.com|fineloans\.org|bombaya\.com|astarmax\.com|asfalio\.com|wifimaple\.com|whyflkj\.com|ddwfzp\.com|sejkt\.com)
SUPPORT_EMAIL: contact@loomio.com
TERMS_URL: https://help.loomio.com/en/policy/terms
TRANSLATE_CREDENTIALS: { "type": "service_account", "project_id": "loomio-production", "private_key_id": "936b16190c74966245409e828c9f7d1baa262279", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCn9ahzeFUF1Oo1\nUvjWBwWvaHDroGM+KYdM5Ab8zyPAB3pJmBVoaRoJmbKQb2Sz+3bhGdBWeDH8b8WA\nAqkGWPybu3JmwqTOT7zegAoIGjJqI3DelaGYBH+Y4aDYIuQY4J4DuT71c0/OlG3B\nuZAuyC0mgqQ0+X1AN4IWChzIzIwZDCMyr9kSB8IjXQU7WAdEm32L5CB+icTYKni7\nc25qpmDjMJF5xbkrYu+GnUc+zcQNV9bWbbgIwtQipQcQ3tC8DlhFu+0HDn6YzVkO\nNYUc/fDb6YV6aM50LPeu8ZAaTUqaGc4rAXL0/4aOOkyfiYqNcsiQytbkEktaM0ED\nvCHbXw69AgMBAAECggEADrn1I0FdjGLZhtkNCfsDTm4PrzaDV8EdZKpToIPq7wcu\nJi4S+8dx/yh+Ow1r8h9DZ5jd/E7n7GnCZ9G+jy4V4UkDTquUoVA6z57ArRWFmRUd\nbC6zb0LptcuxUMdnt3SuS3Dzv7f0uzimvPHFCLeyxGnM9aYbC2/dKeCIxeRas5wJ\nR69rtFskeb69ZxOlZyMBdAT/xXW4Skuxldgszl/OA1DpqpVuWSoLGPAGO04L/Vtz\nIBDOIkRjLMLxj/X1q41VLU3HdNPr8YsmJcSL++MJp6mHB/K6YfpWUYHJGWqVS81a\nxnlvqQyrTLWYORoVa1dui7MC0C+trlL+1oNC8AxVowKBgQDWN9z83yVJzu4ZOmoA\nkemu84u6yvNZNDXQ7IAfbWnFt5qRzcW8Ryn6JbYEO7rJ11dOio0oASeok9VlM7HP\nhryP5sSBJpKZoOxXecL0vxdvnDlfpzKBS3zJTdGC7TjBbZEaQGjK+ce0XIyOWk1g\nwSJZQVVMiM+uI7GghYCdzXKIgwKBgQDIuA3s6Hfhe9CI8bpoJEZtNkKPwKJVkmsB\nGF/b3bgV4b7HZ0/oo3yVV2D4AJ5q7ixKRc5zdEQiUleRCuoPcwm15fd76wabqvi6\njcGSdrMinNRf0x5v0XYnkeltOjjhXl93jKSLn/3hl4zeBuEISK3Cn4fIoW/AKdS+\nyadVIL/nvwKBgQDA3gj0DwBmhI1wX1xi6PxJTPMoGWOhk9VEJjpwkTTjE5xx259F\nFZlgo6VOCGzzHxN3Hl1agDexmnBNro5PtxJ8SRvw38ar1OwVEgaKDqZOEYzCZymc\nqVdPcuXICEbKOBilVwpCfULlS1ItNHZoP1rqm1zuDFtXgMGDMc+LxBZzewKBgQCN\n8WsXoIY2lSKx1ZBnWU/cp8SGeEnUjgjR63TOvYsTHmOWDD98WzEdQ3+1omplYC0+\nEQOgrhYI14ZJchh3+HhjhE9x+JDhwRTIiLrdYsfnsFSXt2sM1GnkLdGPht72sZB9\nsJ4kh244/L2HvgGhpBQNUFfr0A6BLJPgoCaPkutjbQKBgExY4+7L3pzf/smMBCm2\nwlz7YJQprkKgaxnvj+NTQ3mCeF3o2p2uDgKLlcGEUUeVo4GbeA8844fMZaHut1a8\nbneY5jAyrU9iHKyUTFuOiNFZYmvhQYRCm1iWJgoBLhMsrgxi4bkreaWLhCZjygfI\n8vH7y/L0bEkjXmy3syUgZQ2r\n-----END PRIVATE KEY-----\n", "client_email": "loomio-production@appspot.gserviceaccount.com", "client_id": "", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/loomio-production%40appspot.gserviceaccount.com" }
TRIAL_DAYS: 7
TRIAL_INVITATIONS_RATE_LIMIT: 150
USE_RACK_ATTACK: 1
# PLAUSIBLE_SITE: loomio.org,all.loomio.com
# PLAUSIBLE_SRC: https://measure.loomio.com/js/script.js
# SENTRY_SECRET_DSN: https://69a6622bed364b8199f20d64863b1537:b2152e7a55654e1db615e9dffc5ef631@bugs.loomio.io/2
# SMTP_AUTH: plain
# SMTP_DOMAIN: loomio.com
# SMTP_PASSWORD: BI3j4JuFO0UizZ1Rv/gmXpCyn2ioGXXDA+SoidH6UXxJ
# SMTP_PORT: 587
# SMTP_SERVER: email-smtp.us-east-1.amazonaws.com
# SMTP_USERNAME: AKIA2UKBBQNL7NECRC7E
# AWS_ACCESS_KEY_ID: AKIAJG73WYGWOUHX4B7A
# AWS_BUCKET: loomio-uploads
# AWS_REGION: us-east-1
# AWS_SECRET_ACCESS_KEY: C31u8hGQ3CHzSgvhaHvE/udEPiartGul+9dxVP7b
# CANONICAL_HOST: www.loomio.com
# CHANNELS_URI: wss://channels.loomio.com
# PUMA_WORKERS: 12
# MAX_THREADS: 30
# MIN_THREADS: 30

# Call a broadcast command on deploys.
# audit_broadcast_cmd:
# bin/broadcast_to_bc
accessories:
# websockets:
# image: loomio/loomio_channel_server
# host: 165.22.32.232
# env:
# APP_URL: https://www.loomiotest.org

# Use a different ssh user than root
# ssh:
# user: app
# redis-cache:
# image: redis:5.0
# host: 10.132.53.193
# port: 6379
# directories:
# - data:/data
# cmd:
# redis-server --save 60 1 --loglevel warning --maxmemory-policy allkeys-lru --maxmemory 512mb --protected-mode no

# Configure builder setup.
# builder:
# args:
# RUBY_VERSION: 3.2.0
# secrets:
# - GITHUB_TOKEN
# remote:
# arch: amd64
# host: ssh://app@192.168.0.1

# Use accessory services (secrets come from .env).
# accessories:
# db:
# image: mysql:8.0
# host: 192.168.0.2
# port: 3306
# env:
# clear:
# MYSQL_ROOT_HOST: '%'
# secret:
# - MYSQL_ROOT_PASSWORD
# files:
# - config/mysql/production.cnf:/etc/mysql/my.cnf
# - db/production.sql.erb:/docker-entrypoint-initdb.d/setup.sql
# directories:
# - data:/var/lib/mysql
# redis:
# image: redis:7.0
# host: 192.168.0.2
# port: 6379
# directories:
# - data:/data
# redis-queue:
# image: redis:5.0
# host: 104.236.65.131
# port: 6379
# directories:
# - data:/data
# cmd:
# redis-server --save 60 1 --loglevel warning --maxmemory-policy allkeys-lru --maxmemory 512mb --protected-mode no

# Configure custom arguments for Traefik
# traefik:
# args:
# accesslog: true
# accesslog.format: json

# Configure a custom healthcheck (default is /up on port 3000)
# healthcheck:
# path: /healthz
# port: 4000
2 changes: 2 additions & 0 deletions config/routes.rb
View file
Expand Up @@ -11,6 +11,8 @@ def dev_routes_for(namespace)
require 'sidekiq/web'

Rails.application.routes.draw do
get "/up", to: proc { [200, {}, ["ok"]] }, as: :rails_health_check

authenticate :user, lambda { |u| u.is_admin? } do
mount Sidekiq::Web => '/admin/sidekiq'
mount Blazer::Engine, at: "/admin/blazer"
Expand Down

0 comments on commit 95181f1

Please sign in to comment.