diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 15802bec..d5ce1336 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -38,33 +38,6 @@ jobs:
if: ${{ github.event.pull_request.merged && github.ref == 'refs/heads/master' }}
run: make release_customizable
- build-ruby27:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout code
- uses: actions/checkout@v3
-
- - name: Purge containers
- run: 'docker kill $(docker ps -q) || exit 0'
-
- - name: Enable docker multiarch
- run: 'docker run --privileged --rm tonistiigi/binfmt --install all'
-
- - name: Run make build_ruby27
- run: make build_ruby27
-
- - name: Log in to the Container registry
- if: ${{ github.event.pull_request.merged && github.ref == 'refs/heads/master' }}
- uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
- with:
- registry: ghcr.io
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Push to github container registry
- if: ${{ github.event.pull_request.merged && github.ref == 'refs/heads/master' }}
- run: make release_ruby27
-
build-ruby30:
runs-on: ubuntu-latest
steps:
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c20d3eb9..cd8a345c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,15 @@
## not released
+ * Switched image base to phusion/baseimage:jammy-1.0.1
+ * Upgraded to Ubuntu 22.04 LTS (Jammy)
+ * Default Python version is now 3.10, and Python 2.7 is no longer installed by default
+ * Updated Python install script to be able to install any supported version from base or the Deadsnakes PPA
+ * Updated Node.js install script to be able to install any supported version from Nodesource; default version is still 18
+ * Created yarn and related executables whenever installing Node.js
+ * Removed Ruby 2.7 (EOL 2023-03-31)
* Compile all CRuby versions from source to ensure uniformity and YJIT capability in versions 3.1+
* Use Ruby 3.2.x by default
- * Upgraded to JRuby 9.3.10.0
- * Upgraded to JRuby 9.4.3.0
+ * Upgraded to JRuby 9.3.11.0 (from 9.3.9.0)
+ * Upgraded to JRuby 9.4.3.0 (from 9.4.0.0)
## 2.5.1 (release date: 2023-06-14)
* Upgraded to Phusion Passenger 6.0.18 (from 6.0.17).
diff --git a/Makefile b/Makefile
index 6e855a55..a9a1e932 100644
--- a/Makefile
+++ b/Makefile
@@ -11,7 +11,7 @@ VERSION = 2.5.1
# Example: `export EXTRA_BUILD_FLAGS=--no-cache; make build_all`
EXTRA_BUILD_FLAGS?=
-.PHONY: all build_all release clean clean_images labels tag_latest push build_customizable build_ruby27 build_ruby30 build_ruby31 build_ruby32 build_jruby93 build_jruby94 build_nodejs build_full
+.PHONY: all build_all release clean clean_images labels tag_latest push build_customizable build_ruby30 build_ruby31 build_ruby32 build_jruby93 build_jruby94 build_nodejs build_full
all: build_all
@@ -22,7 +22,6 @@ build_all: \
build_jruby93 \
build_jruby94 \
build_nodejs \
- build_ruby27 \
build_ruby30 \
build_ruby31 \
build_ruby32 \
@@ -32,8 +31,6 @@ build_all: \
labels:
@echo $(NAME)-customizable:$(VERSION)-amd64 $(NAME)-customizable:latest-amd64
@echo $(NAME)-customizable:$(VERSION)-arm64 $(NAME)-customizable:latest-arm64
- @echo $(NAME)-ruby27:$(VERSION)-amd64 $(NAME)-ruby27:latest-amd64
- @echo $(NAME)-ruby27:$(VERSION)-arm64 $(NAME)-ruby27:latest-arm64
@echo $(NAME)-ruby30:$(VERSION)-amd64 $(NAME)-ruby30:latest-amd64
@echo $(NAME)-ruby30:$(VERSION)-arm64 $(NAME)-ruby30:latest-arm64
@echo $(NAME)-ruby31:$(VERSION)-amd64 $(NAME)-ruby31:latest-amd64
@@ -52,8 +49,6 @@ labels:
pull:
docker pull $(NAME)-customizable:$(VERSION)-amd64
docker pull $(NAME)-customizable:$(VERSION)-arm64
- docker pull $(NAME)-ruby27:$(VERSION)-amd64
- docker pull $(NAME)-ruby27:$(VERSION)-arm64
docker pull $(NAME)-ruby30:$(VERSION)-amd64
docker pull $(NAME)-ruby30:$(VERSION)-arm64
docker pull $(NAME)-ruby31:$(VERSION)-amd64
@@ -87,14 +82,6 @@ build_customizable: build_base
docker buildx build --progress=plain --platform linux/amd64 $(EXTRA_BUILD_FLAGS) --build-arg REGISTRY=$(REGISTRY) --build-arg ARCH=amd64 -t $(NAME)-customizable:$(VERSION)-amd64 --rm customizable_image
docker buildx build --progress=plain --platform linux/arm64 $(EXTRA_BUILD_FLAGS) --build-arg REGISTRY=$(REGISTRY) --build-arg ARCH=arm64 -t $(NAME)-customizable:$(VERSION)-arm64 --rm customizable_image
-build_ruby27: build_base
- rm -rf ruby27_image
- cp -pR image ruby27_image
- echo ruby27=1 >> ruby27_image/buildconfig
- echo final=1 >> ruby27_image/buildconfig
- docker buildx build --progress=plain --platform linux/amd64 $(EXTRA_BUILD_FLAGS) --build-arg REGISTRY=$(REGISTRY) --build-arg ARCH=amd64 -t $(NAME)-ruby27:$(VERSION)-amd64 --rm ruby27_image
- docker buildx build --progress=plain --platform linux/arm64 $(EXTRA_BUILD_FLAGS) --build-arg REGISTRY=$(REGISTRY) --build-arg ARCH=arm64 -t $(NAME)-ruby27:$(VERSION)-arm64 --rm ruby27_image
-
build_ruby30: build_base
rm -rf ruby30_image
cp -pR image ruby30_image
@@ -146,7 +133,6 @@ build_nodejs: build_base
build_full: build_base
rm -rf full_image
cp -pR image full_image
- echo ruby27=1 >> full_image/buildconfig
echo ruby30=1 >> full_image/buildconfig
echo ruby31=1 >> full_image/buildconfig
echo ruby32=1 >> full_image/buildconfig
@@ -160,13 +146,11 @@ build_full: build_base
docker buildx build --progress=plain --platform linux/amd64 $(EXTRA_BUILD_FLAGS) --build-arg REGISTRY=$(REGISTRY) --build-arg ARCH=amd64 -t $(NAME)-full:$(VERSION)-amd64 --rm full_image
docker buildx build --progress=plain --platform linux/arm64 $(EXTRA_BUILD_FLAGS) --build-arg REGISTRY=$(REGISTRY) --build-arg ARCH=arm64 -t $(NAME)-full:$(VERSION)-arm64 --rm full_image
-tag_latest: tag_latest_customizable tag_latest_ruby27 tag_latest_ruby30 tag_latest_ruby31 tag_latest_ruby32 tag_latest_jruby93 tag_latest_jruby94 tag_latest_nodejs tag_latest_full
+tag_latest: tag_latest_customizable tag_latest_ruby30 tag_latest_ruby31 tag_latest_ruby32 tag_latest_jruby93 tag_latest_jruby94 tag_latest_nodejs tag_latest_full
cross_tag:
docker tag ghcr.io/phusion/passenger-customizable:$(VERSION)-amd64 $(NAME)-customizable:$(VERSION)-amd64
docker tag ghcr.io/phusion/passenger-customizable:$(VERSION)-arm64 $(NAME)-customizable:$(VERSION)-arm64
- docker tag ghcr.io/phusion/passenger-ruby27:$(VERSION)-amd64 $(NAME)-ruby27:$(VERSION)-amd64
- docker tag ghcr.io/phusion/passenger-ruby27:$(VERSION)-arm64 $(NAME)-ruby27:$(VERSION)-arm64
docker tag ghcr.io/phusion/passenger-ruby30:$(VERSION)-amd64 $(NAME)-ruby30:$(VERSION)-amd64
docker tag ghcr.io/phusion/passenger-ruby30:$(VERSION)-arm64 $(NAME)-ruby30:$(VERSION)-arm64
docker tag ghcr.io/phusion/passenger-ruby31:$(VERSION)-amd64 $(NAME)-ruby31:$(VERSION)-amd64
@@ -186,10 +170,6 @@ tag_latest_customizable:
docker tag $(NAME)-customizable:$(VERSION)-amd64 $(NAME)-customizable:latest-amd64
docker tag $(NAME)-customizable:$(VERSION)-arm64 $(NAME)-customizable:latest-arm64
-tag_latest_ruby27:
- docker tag $(NAME)-ruby27:$(VERSION)-amd64 $(NAME)-ruby27:latest-amd64
- docker tag $(NAME)-ruby27:$(VERSION)-arm64 $(NAME)-ruby27:latest-arm64
-
tag_latest_ruby30:
docker tag $(NAME)-ruby30:$(VERSION)-amd64 $(NAME)-ruby30:latest-amd64
docker tag $(NAME)-ruby30:$(VERSION)-arm64 $(NAME)-ruby30:latest-arm64
@@ -218,7 +198,7 @@ tag_latest_full:
docker tag $(NAME)-full:$(VERSION)-amd64 $(NAME)-full:latest-amd64
docker tag $(NAME)-full:$(VERSION)-arm64 $(NAME)-full:latest-arm64
-push: push_customizable push_ruby27 push_ruby30 push_ruby31 push_ruby32 push_jruby93 push_jruby94 push_nodejs push_full
+push: push_customizable push_ruby30 push_ruby31 push_ruby32 push_jruby93 push_jruby94 push_nodejs push_full
push_customizable: tag_latest_customizable
docker push $(NAME)-customizable:latest-amd64
@@ -226,12 +206,6 @@ push_customizable: tag_latest_customizable
docker push $(NAME)-customizable:$(VERSION)-amd64
docker push $(NAME)-customizable:$(VERSION)-arm64
-push_ruby27: tag_latest_ruby27
- docker push $(NAME)-ruby27:latest-amd64
- docker push $(NAME)-ruby27:latest-arm64
- docker push $(NAME)-ruby27:$(VERSION)-amd64
- docker push $(NAME)-ruby27:$(VERSION)-arm64
-
push_ruby30: tag_latest_ruby30
docker push $(NAME)-ruby30:latest-amd64
docker push $(NAME)-ruby30:latest-arm64
@@ -274,7 +248,7 @@ push_full: tag_latest_full
docker push $(NAME)-full:$(VERSION)-amd64
docker push $(NAME)-full:$(VERSION)-arm64
-release: release_full release_customizable release_jruby93 release_jruby94 release_nodejs release_ruby32 release_ruby31 release_ruby30 release_ruby27
+release: release_full release_customizable release_jruby93 release_jruby94 release_nodejs release_ruby32 release_ruby31 release_ruby30
test -z "$$(git status --porcelain)" && git commit -am "$(VERSION)" && git tag "rel-$(VERSION)" && git push origin "rel-$(VERSION)"
release_full: push_full
@@ -333,17 +307,9 @@ release_ruby30: push_ruby30
docker manifest push $(NAME)-ruby30:$(VERSION)
docker manifest push $(NAME)-ruby30:latest
-release_ruby27: push_ruby27
- docker manifest rm $(NAME)-ruby27:latest || true
- docker manifest create $(NAME)-ruby27:$(VERSION) $(NAME)-ruby27:$(VERSION)-amd64 $(NAME)-ruby27:$(VERSION)-arm64
- docker manifest create $(NAME)-ruby27:latest $(NAME)-ruby27:latest-amd64 $(NAME)-ruby27:latest-arm64
- docker manifest push $(NAME)-ruby27:$(VERSION)
- docker manifest push $(NAME)-ruby27:latest
-
clean:
rm -rf base_image
rm -rf customizable_image
- rm -rf ruby27_image
rm -rf ruby30_image
rm -rf ruby31_image
rm -rf ruby32_image
@@ -355,10 +321,6 @@ clean:
clean_images:
docker rmi $(NAME)-customizable:latest-amd64 $(NAME)-customizable:$(VERSION)-amd64 || true
docker rmi $(NAME)-customizable:latest-arm64 $(NAME)-customizable:$(VERSION)-arm64 || true
- docker rmi $(NAME)-ruby26:latest-amd64 $(NAME)-ruby26:$(VERSION)-amd64 || true
- docker rmi $(NAME)-ruby26:latest-arm64 $(NAME)-ruby26:$(VERSION)-arm64 || true
- docker rmi $(NAME)-ruby27:latest-amd64 $(NAME)-ruby27:$(VERSION)-amd64 || true
- docker rmi $(NAME)-ruby27:latest-arm64 $(NAME)-ruby27:$(VERSION)-arm64 || true
docker rmi $(NAME)-ruby30:latest-amd64 $(NAME)-ruby30:$(VERSION)-amd64 || true
docker rmi $(NAME)-ruby30:latest-arm64 $(NAME)-ruby30:$(VERSION)-arm64 || true
docker rmi $(NAME)-ruby31:latest-amd64 $(NAME)-ruby31:$(VERSION)-amd64 || true
diff --git a/README.md b/README.md
index e952ae9c..dd78dd87 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@ Why is this image called "passenger"? It's to represent the ease: you just have
[Github](https://github.com/phusion/passenger-docker) |
[Docker registry](https://registry.hub.docker.com/r/phusion/passenger-full/) |
[Discussion forum](https://groups.google.com/d/forum/passenger-docker) |
- [Twitter](https://twitter.com/phusion_nl) |
+ [Twitter/X](https://twitter.com/phusion_nl) |
[Blog](http://blog.phusion.nl/)
---------------------------------------
@@ -85,7 +85,7 @@ Why use passenger-docker instead of doing everything yourself in Dockerfile?
Basics (learn more at [baseimage-docker](http://phusion.github.io/baseimage-docker/)):
- * Ubuntu 20.04 LTS as base system.
+ * Ubuntu 22.04 LTS as base system.
* A **correct** init process ([learn more](http://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/)).
* Fixes APT incompatibilities with Docker.
* syslog-ng.
@@ -94,13 +94,13 @@ Basics (learn more at [baseimage-docker](http://phusion.github.io/baseimage-dock
Language support:
- * Ruby 2.7.8, 3.0.6, 3.1.4, 3.2.2 and JRuby 9.3.10.0 and 9.4.3.0.
+ * Ruby 3.0.6, 3.1.4, 3.2.2 and JRuby 9.3.11.0 and 9.4.3.0.
* RVM is used to manage Ruby versions. [Why RVM?](#why_rvm)
* 3.2.2 is configured as the default.
* JRuby is installed from source, but we register an APT entry for it.
* JRuby uses OpenJDK 17.
- * Python 2.7 and Python 3.8.
- * Node.js 18.
+ * Python 2.7 or 3.10, or any version provided by the Deadsnakes PPA (currently 3.7, 3.8, 3.9, 3.11, and 3.12; see https://launchpad.net/~deadsnakes/+archive/ubuntu/ppa).
+ * Node.js 18 by default, or any version provided by Nodesource (currently 16, 18, 20, 21; see https://github.com/nodesource/distributions).
* A build system, git, and development headers for many popular libraries, so that the most popular Ruby, Python and Node.js native extensions can be compiled without problems.
Web server and application server:
@@ -114,7 +114,7 @@ Web server and application server:
Auxiliary services and tools:
- * Redis 5.0. Not installed by default.
+ * Redis 6.0. Not installed by default.
* Memcached. Not installed by default.
@@ -129,7 +129,6 @@ Passenger-docker consists of several images, each one tailor made for a specific
**Ruby images**
- * `phusion/passenger-ruby27` - Ruby 2.7.
* `phusion/passenger-ruby30` - Ruby 3.0.
* `phusion/passenger-ruby31` - Ruby 3.1.
* `phusion/passenger-ruby32` - Ruby 3.2.
@@ -143,7 +142,7 @@ Passenger-docker consists of several images, each one tailor made for a specific
**Other images**
* `phusion/passenger-full` - Contains everything in the above images. Ruby, Python, Node.js, all in a single image for your convenience.
- * `phusion/passenger-customizable` - Contains only the base system, as described in ["What's included?"](#whats_included). Specific Ruby, Python, and Node.js versions are not preinstalled beyond what is needed for the image to run, or which are inherited from the baseimage. This image is meant to be further customized through your Dockerfile. For example, using this image you can create a custom image that contains Ruby 2.7, Ruby 3.1 and Node.js.
+ * `phusion/passenger-customizable` - Contains only the base system, as described in ["What's included?"](#whats_included). Specific Ruby, Python, and Node.js versions are not preinstalled beyond what is needed for the image to run, or which are inherited from the baseimage. This image is meant to be further customized through your Dockerfile. For example, using this image you can create a custom image that contains Ruby 3.2 and Node.js.
In the rest of this document we're going to assume that the reader will be using `phusion/passenger-full`, unless otherwise stated. Simply substitute the name if you wish to use another image.
@@ -162,7 +161,7 @@ You don't have to download anything manually. The above command will automatical
### Getting started
-There are several images, e.g. `phusion/passenger-ruby27` and `phusion/passenger-nodejs`. Choose the one you want. See [Image variants](#image_variants).
+There are several images, e.g. `phusion/passenger-ruby32` and `phusion/passenger-nodejs`. Choose the one you want. See [Image variants](#image_variants).
So put the following in your Dockerfile:
@@ -173,7 +172,6 @@ So put the following in your Dockerfile:
# a list of version numbers.
FROM phusion/passenger-full:
# Or, instead of the 'full' variant, use one of these:
-#FROM phusion/passenger-ruby27:
#FROM phusion/passenger-ruby30:
#FROM phusion/passenger-ruby31:
#FROM phusion/passenger-ruby32:
@@ -197,18 +195,18 @@ CMD ["/sbin/my_init"]
#
# Uncomment the features you want:
#
+# Node.js and Meteor standalone support (not needed if you will also be installing Ruby, unless you need a version other than the default)
+#RUN /pd_build/nodejs.sh 18
+#
# Ruby support
-#RUN /pd_build/ruby-2.7.*.sh
#RUN /pd_build/ruby-3.0.*.sh
#RUN /pd_build/ruby-3.1.*.sh
#RUN /pd_build/ruby-3.2.*.sh
#RUN /pd_build/jruby-9.3.*.sh
#RUN /pd_build/jruby-9.4.*.sh
-# Python support.
-#RUN /pd_build/python.sh
-# Node.js and Meteor standalone support.
-# (not needed if you already have the above Ruby support)
-#RUN /pd_build/nodejs.sh
+#
+# Python support
+#RUN /pd_build/python.sh 3.10
# ...put your own build instructions here...
@@ -266,8 +264,14 @@ server {
passenger_ruby /usr/bin/ruby3.1;
# For Ruby 3.0
passenger_ruby /usr/bin/ruby3.0;
- # For Ruby 2.7
- passenger_ruby /usr/bin/ruby2.7;
+
+ # For Python ie. Django
+ passenger_app_type wsgi;
+ passenger_startup_file passenger_wsgi.py; (contents example: https://gist.github.com/ajhodgson/96c51dba349697e5c7e46027cc530434)
+
+ # For Node.js
+ passenger_app_type node;
+ passenger_startup_file app.js;
# Nginx has a default limit of 1 MB for request bodies, which also applies
# to file uploads. The following line enables uploads of up to 50 MB:
@@ -430,16 +434,14 @@ We use [RVM](https://rvm.io/) to install and to manage Ruby interpreters. Becaus
The default Ruby (what the `/usr/bin/ruby` command executes) is the latest Ruby version that you've chosen to install. You can use RVM select a different version as default.
```dockerfile
-# Ruby 2.7.8
-RUN bash -lc 'rvm --default use ruby-2.7.8'
# Ruby 3.0.6
RUN bash -lc 'rvm --default use ruby-3.0.6'
# Ruby 3.1.4
RUN bash -lc 'rvm --default use ruby-3.1.4'
# Ruby 3.2.2
RUN bash -lc 'rvm --default use ruby-3.2.2'
-# JRuby 9.3.10.0
-RUN bash -lc 'rvm --default use jruby-9.3.10.0'
+# JRuby 9.3.11.0
+RUN bash -lc 'rvm --default use jruby-9.3.11.0'
# JRuby 9.4.3.0
RUN bash -lc 'rvm --default use jruby-9.4.3.0'
```
@@ -452,10 +454,6 @@ Learn more: [RVM: Setting the default Ruby](https://rvm.io/rubies/default).
You can run any command with a specific Ruby version by prefixing it with `rvm-exec `. For example:
```bash
-$ rvm-exec 2.7.8 ruby -v
-Using /usr/local/rvm/gems/ruby-2.7.8
-ruby 2.7.8p225 (2023-03-30 revision 1f4d455848) [x86_64-linux]
-
$ rvm-exec 3.1.4 ruby -v
Using /usr/local/rvm/gems/ruby-3.1.4
ruby 3.1.4p223 (2023-03-30 revision 957bb7cb81) [x86_64-linux]
@@ -464,9 +462,6 @@ ruby 3.1.4p223 (2023-03-30 revision 957bb7cb81) [x86_64-linux]
More examples, but with Bundler instead:
```bash
-# This runs 'bundle install' using Ruby 2.7.8
-rvm-exec 2.7.8 bundle install
-
# This runs 'bundle install' using Ruby 3.1.4
rvm-exec 3.1.4 bundle install
```
@@ -828,7 +823,6 @@ Start a virtual machine with Docker in it. You can use the Vagrantfile that we'v
Build one of the images:
- make build_ruby27
make build_ruby30
make build_ruby31
make build_ruby32
diff --git a/image/Dockerfile b/image/Dockerfile
index 0f5734b1..1d213730 100644
--- a/image/Dockerfile
+++ b/image/Dockerfile
@@ -7,7 +7,7 @@ MAINTAINER Phusion
ADD . /pd_build
ARG ARCH
-RUN --mount=type=cache,target=/rvm_cache \
+RUN --mount=type=cache,target=/build_cache \
/usr/bin/nice /pd_build/install_image.sh
CMD ["/sbin/my_init"]
diff --git a/image/Dockerfile.base b/image/Dockerfile.base
index 1f8b9adf..a399f413 100644
--- a/image/Dockerfile.base
+++ b/image/Dockerfile.base
@@ -1,11 +1,11 @@
# syntax=docker/dockerfile:1.2
-FROM phusion/baseimage:master
+FROM phusion/baseimage:jammy-1.0.1
MAINTAINER Phusion
ADD . /pd_build
ARG ARCH
-RUN --mount=type=cache,target=/rvm_cache \
- rm -rf "/rvm_cache/${ARCH}" && \
+RUN --mount=type=cache,target=/build_cache \
+ rm -rf "/build_cache/${ARCH}" && \
/usr/bin/nice /pd_build/install_base.sh && \
rm -rf /pd_build
diff --git a/image/buildconfig b/image/buildconfig
index 7e74cd6d..ab6fc02d 100644
--- a/image/buildconfig
+++ b/image/buildconfig
@@ -28,6 +28,12 @@ function minimal_apt_get_install()
apt-get install -y --no-install-recommends "$@"
}
+function apt_add_ppa()
+{
+ add-apt-repository -y $1
+ apt-get update
+}
+
function cleanup_apt()
{
run apt-get -y clean
@@ -52,6 +58,9 @@ function create_rvm_wrapper_script()
local name="$1"
local rvm_id="$2"
local command="$3"
+
+ rm -f "/usr/bin/$name"
+
echo "+ Creating /usr/bin/$name"
echo '#!/bin/sh' >> "/usr/bin/$name"
echo exec "/usr/local/rvm/wrappers/$rvm_id/$command" '"$@"' >> "/usr/bin/$name"
diff --git a/image/config/nginx.conf b/image/config/nginx.conf
index 0e1dbfa5..99ba59c1 100644
--- a/image/config/nginx.conf
+++ b/image/config/nginx.conf
@@ -34,7 +34,7 @@ http {
# SSL Settings
##
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+ ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
##
diff --git a/image/config/redis.conf b/image/config/redis.conf
index 42ee641d..86505db2 100644
--- a/image/config/redis.conf
+++ b/image/config/redis.conf
@@ -24,7 +24,7 @@
# to customize a few per-server settings. Include files can include
# other files, so use this wisely.
#
-# Notice option "include" won't be rewritten by command "CONFIG REWRITE"
+# Note that option "include" won't be rewritten by command "CONFIG REWRITE"
# from admin or Redis Sentinel. Since Redis always uses the last processed
# line as value of a configuration directive, you'd better put includes
# at the beginning of this file to avoid overwriting config change at runtime.
@@ -46,7 +46,7 @@
################################## NETWORK #####################################
# By default, if no "bind" configuration directive is specified, Redis listens
-# for connections from all the network interfaces available on the server.
+# for connections from all available network interfaces on the host machine.
# It is possible to listen to just one or multiple selected interfaces using
# the "bind" configuration directive, followed by one or more IP addresses.
#
@@ -58,13 +58,12 @@
# ~~~ WARNING ~~~ If the computer running Redis is directly exposed to the
# internet, binding to all the interfaces is dangerous and will expose the
# instance to everybody on the internet. So by default we uncomment the
-# following bind directive, that will force Redis to listen only into
-# the IPv4 lookback interface address (this means Redis will be able to
-# accept connections only from clients running into the same computer it
-# is running).
+# following bind directive, that will force Redis to listen only on the
+# IPv4 loopback interface address (this means Redis will only be able to
+# accept client connections from the same host that it is running on).
#
# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
-# JUST COMMENT THE FOLLOWING LINE.
+# JUST COMMENT OUT THE FOLLOWING LINE.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bind 127.0.0.1 ::1
@@ -93,8 +92,8 @@ port 6379
# TCP listen() backlog.
#
-# In high requests-per-second environments you need an high backlog in order
-# to avoid slow clients connections issues. Note that the Linux kernel
+# In high requests-per-second environments you need a high backlog in order
+# to avoid slow clients connection issues. Note that the Linux kernel
# will silently truncate it to the value of /proc/sys/net/core/somaxconn so
# make sure to raise both the value of somaxconn and tcp_max_syn_backlog
# in order to get the desired effect.
@@ -118,8 +117,8 @@ timeout 0
# of communication. This is useful for two reasons:
#
# 1) Detect dead peers.
-# 2) Take the connection alive from the point of view of network
-# equipment in the middle.
+# 2) Force network equipment in the middle to consider the connection to be
+# alive.
#
# On Linux, the specified value (in seconds) is the period used to send ACKs.
# Note that to close the connection the double of the time is needed.
@@ -129,6 +128,95 @@ timeout 0
# Redis default starting with Redis 3.2.1.
tcp-keepalive 300
+################################# TLS/SSL #####################################
+
+# By default, TLS/SSL is disabled. To enable it, the "tls-port" configuration
+# directive can be used to define TLS-listening ports. To enable TLS on the
+# default port, use:
+#
+# port 0
+# tls-port 6379
+
+# Configure a X.509 certificate and private key to use for authenticating the
+# server to connected clients, masters or cluster peers. These files should be
+# PEM formatted.
+#
+# tls-cert-file redis.crt
+# tls-key-file redis.key
+
+# Configure a DH parameters file to enable Diffie-Hellman (DH) key exchange:
+#
+# tls-dh-params-file redis.dh
+
+# Configure a CA certificate(s) bundle or directory to authenticate TLS/SSL
+# clients and peers. Redis requires an explicit configuration of at least one
+# of these, and will not implicitly use the system wide configuration.
+#
+# tls-ca-cert-file ca.crt
+# tls-ca-cert-dir /etc/ssl/certs
+
+# By default, clients (including replica servers) on a TLS port are required
+# to authenticate using valid client side certificates.
+#
+# If "no" is specified, client certificates are not required and not accepted.
+# If "optional" is specified, client certificates are accepted and must be
+# valid if provided, but are not required.
+#
+# tls-auth-clients no
+# tls-auth-clients optional
+
+# By default, a Redis replica does not attempt to establish a TLS connection
+# with its master.
+#
+# Use the following directive to enable TLS on replication links.
+#
+# tls-replication yes
+
+# By default, the Redis Cluster bus uses a plain TCP connection. To enable
+# TLS for the bus protocol, use the following directive:
+#
+# tls-cluster yes
+
+# Explicitly specify TLS versions to support. Allowed values are case insensitive
+# and include "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3" (OpenSSL >= 1.1.1) or
+# any combination. To enable only TLSv1.2 and TLSv1.3, use:
+#
+# tls-protocols "TLSv1.2 TLSv1.3"
+
+# Configure allowed ciphers. See the ciphers(1ssl) manpage for more information
+# about the syntax of this string.
+#
+# Note: this configuration applies only to <= TLSv1.2.
+#
+# tls-ciphers DEFAULT:!MEDIUM
+
+# Configure allowed TLSv1.3 ciphersuites. See the ciphers(1ssl) manpage for more
+# information about the syntax of this string, and specifically for TLSv1.3
+# ciphersuites.
+#
+# tls-ciphersuites TLS_CHACHA20_POLY1305_SHA256
+
+# When choosing a cipher, use the server's preference instead of the client
+# preference. By default, the server follows the client's preference.
+#
+# tls-prefer-server-ciphers yes
+
+# By default, TLS session caching is enabled to allow faster and less expensive
+# reconnections by clients that support it. Use the following directive to disable
+# caching.
+#
+# tls-session-caching no
+
+# Change the default number of TLS sessions cached. A zero value sets the cache
+# to unlimited size. The default size is 20480.
+#
+# tls-session-cache-size 5000
+
+# Change the default timeout of cached TLS sessions. The default timeout is 300
+# seconds.
+#
+# tls-session-cache-timeout 60
+
################################# GENERAL #####################################
# By default Redis does not run as a daemon. Use 'yes' if you need it.
@@ -139,11 +227,12 @@ daemonize no
# supervision tree. Options:
# supervised no - no supervision interaction
# supervised upstart - signal upstart by putting Redis into SIGSTOP mode
+# requires "expect stop" in your upstart job config
# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
# supervised auto - detect upstart or systemd method based on
# UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
-# They do not enable continuous liveness pings back to your supervisor.
+# They do not enable continuous pings back to your supervisor.
supervised no
# If a pid file is specified, Redis writes it where specified at startup
@@ -202,7 +291,7 @@ always-show-logo yes
# Will save the DB if both the given number of seconds and the given
# number of write operations against the DB occurred.
#
-# In the example below the behaviour will be to save:
+# In the example below the behavior will be to save:
# after 900 sec (15 min) if at least 1 key changed
# after 300 sec (5 min) if at least 10 keys changed
# after 60 sec if at least 10000 keys changed
@@ -235,7 +324,7 @@ save 60 10000
stop-writes-on-bgsave-error yes
# Compress string objects using LZF when dump .rdb databases?
-# For default that's set to 'yes' as it's almost always a win.
+# By default compression is enabled as it's almost always a win.
# If you want to save some CPU in the saving child set it to 'no' but
# the dataset will likely be bigger if you have compressible values or keys.
rdbcompression yes
@@ -252,6 +341,19 @@ rdbchecksum yes
# The filename where to dump the DB
dbfilename dump.rdb
+# Remove RDB files used by replication in instances without persistence
+# enabled. By default this option is disabled, however there are environments
+# where for regulations or other security concerns, RDB files persisted on
+# disk by masters in order to feed replicas, or stored on disk by replicas
+# in order to load them for the initial synchronization, should be deleted
+# ASAP. Note that this option ONLY WORKS in instances that have both AOF
+# and RDB persistence disabled, otherwise is completely ignored.
+#
+# An alternative (and sometimes better) way to obtain the same effect is
+# to use diskless replication on both master and replicas instances. However
+# in the case of replicas, diskless is not always an option.
+rdb-del-sync-files no
+
# The working directory.
#
# The DB will be written inside this directory, with the filename specified
@@ -264,84 +366,100 @@ dir /var/lib/redis
################################# REPLICATION #################################
-# Master-Slave replication. Use slaveof to make a Redis instance a copy of
+# Master-Replica replication. Use replicaof to make a Redis instance a copy of
# another Redis server. A few things to understand ASAP about Redis replication.
#
+# +------------------+ +---------------+
+# | Master | ---> | Replica |
+# | (receive writes) | | (exact copy) |
+# +------------------+ +---------------+
+#
# 1) Redis replication is asynchronous, but you can configure a master to
# stop accepting writes if it appears to be not connected with at least
-# a given number of slaves.
-# 2) Redis slaves are able to perform a partial resynchronization with the
+# a given number of replicas.
+# 2) Redis replicas are able to perform a partial resynchronization with the
# master if the replication link is lost for a relatively small amount of
# time. You may want to configure the replication backlog size (see the next
# sections of this file) with a sensible value depending on your needs.
# 3) Replication is automatic and does not need user intervention. After a
-# network partition slaves automatically try to reconnect to masters
+# network partition replicas automatically try to reconnect to masters
# and resynchronize with them.
#
-# slaveof
+# replicaof
# If the master is password protected (using the "requirepass" configuration
-# directive below) it is possible to tell the slave to authenticate before
+# directive below) it is possible to tell the replica to authenticate before
# starting the replication synchronization process, otherwise the master will
-# refuse the slave request.
+# refuse the replica request.
#
# masterauth
+#
+# However this is not enough if you are using Redis ACLs (for Redis version
+# 6 or greater), and the default user is not capable of running the PSYNC
+# command and/or other commands needed for replication. In this case it's
+# better to configure a special user to use with replication, and specify the
+# masteruser configuration as such:
+#
+# masteruser
+#
+# When masteruser is specified, the replica will authenticate against its
+# master using the new AUTH form: AUTH .
-# When a slave loses its connection with the master, or when the replication
-# is still in progress, the slave can act in two different ways:
+# When a replica loses its connection with the master, or when the replication
+# is still in progress, the replica can act in two different ways:
#
-# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will
+# 1) if replica-serve-stale-data is set to 'yes' (the default) the replica will
# still reply to client requests, possibly with out of date data, or the
# data set may just be empty if this is the first synchronization.
#
-# 2) if slave-serve-stale-data is set to 'no' the slave will reply with
-# an error "SYNC with master in progress" to all the kind of commands
-# but to INFO and SLAVEOF.
+# 2) If replica-serve-stale-data is set to 'no' the replica will reply with
+# an error "SYNC with master in progress" to all commands except:
+# INFO, REPLICAOF, AUTH, PING, SHUTDOWN, REPLCONF, ROLE, CONFIG, SUBSCRIBE,
+# UNSUBSCRIBE, PSUBSCRIBE, PUNSUBSCRIBE, PUBLISH, PUBSUB, COMMAND, POST,
+# HOST and LATENCY.
#
-slave-serve-stale-data yes
+replica-serve-stale-data yes
-# You can configure a slave instance to accept writes or not. Writing against
-# a slave instance may be useful to store some ephemeral data (because data
-# written on a slave will be easily deleted after resync with the master) but
+# You can configure a replica instance to accept writes or not. Writing against
+# a replica instance may be useful to store some ephemeral data (because data
+# written on a replica will be easily deleted after resync with the master) but
# may also cause problems if clients are writing to it because of a
# misconfiguration.
#
-# Since Redis 2.6 by default slaves are read-only.
+# Since Redis 2.6 by default replicas are read-only.
#
-# Note: read only slaves are not designed to be exposed to untrusted clients
+# Note: read only replicas are not designed to be exposed to untrusted clients
# on the internet. It's just a protection layer against misuse of the instance.
-# Still a read only slave exports by default all the administrative commands
+# Still a read only replica exports by default all the administrative commands
# such as CONFIG, DEBUG, and so forth. To a limited extent you can improve
-# security of read only slaves using 'rename-command' to shadow all the
+# security of read only replicas using 'rename-command' to shadow all the
# administrative / dangerous commands.
-slave-read-only yes
+replica-read-only yes
# Replication SYNC strategy: disk or socket.
#
-# -------------------------------------------------------
-# WARNING: DISKLESS REPLICATION IS EXPERIMENTAL CURRENTLY
-# -------------------------------------------------------
+# New replicas and reconnecting replicas that are not able to continue the
+# replication process just receiving differences, need to do what is called a
+# "full synchronization". An RDB file is transmitted from the master to the
+# replicas.
#
-# New slaves and reconnecting slaves that are not able to continue the replication
-# process just receiving differences, need to do what is called a "full
-# synchronization". An RDB file is transmitted from the master to the slaves.
# The transmission can happen in two different ways:
#
# 1) Disk-backed: The Redis master creates a new process that writes the RDB
# file on disk. Later the file is transferred by the parent
-# process to the slaves incrementally.
+# process to the replicas incrementally.
# 2) Diskless: The Redis master creates a new process that directly writes the
-# RDB file to slave sockets, without touching the disk at all.
+# RDB file to replica sockets, without touching the disk at all.
#
-# With disk-backed replication, while the RDB file is generated, more slaves
-# can be queued and served with the RDB file as soon as the current child producing
-# the RDB file finishes its work. With diskless replication instead once
-# the transfer starts, new slaves arriving will be queued and a new transfer
-# will start when the current one terminates.
+# With disk-backed replication, while the RDB file is generated, more replicas
+# can be queued and served with the RDB file as soon as the current child
+# producing the RDB file finishes its work. With diskless replication instead
+# once the transfer starts, new replicas arriving will be queued and a new
+# transfer will start when the current one terminates.
#
# When diskless replication is used, the master waits a configurable amount of
-# time (in seconds) before starting the transfer in the hope that multiple slaves
-# will arrive and the transfer can be parallelized.
+# time (in seconds) before starting the transfer in the hope that multiple
+# replicas will arrive and the transfer can be parallelized.
#
# With slow disks and fast (large bandwidth) networks, diskless replication
# works better.
@@ -349,157 +467,335 @@ repl-diskless-sync no
# When diskless replication is enabled, it is possible to configure the delay
# the server waits in order to spawn the child that transfers the RDB via socket
-# to the slaves.
+# to the replicas.
#
# This is important since once the transfer starts, it is not possible to serve
-# new slaves arriving, that will be queued for the next RDB transfer, so the server
-# waits a delay in order to let more slaves arrive.
+# new replicas arriving, that will be queued for the next RDB transfer, so the
+# server waits a delay in order to let more replicas arrive.
#
# The delay is specified in seconds, and by default is 5 seconds. To disable
# it entirely just set it to 0 seconds and the transfer will start ASAP.
repl-diskless-sync-delay 5
-# Slaves send PINGs to server in a predefined interval. It's possible to change
-# this interval with the repl_ping_slave_period option. The default value is 10
-# seconds.
-#
-# repl-ping-slave-period 10
+# -----------------------------------------------------------------------------
+# WARNING: RDB diskless load is experimental. Since in this setup the replica
+# does not immediately store an RDB on disk, it may cause data loss during
+# failovers. RDB diskless load + Redis modules not handling I/O reads may also
+# cause Redis to abort in case of I/O errors during the initial synchronization
+# stage with the master. Use only if your do what you are doing.
+# -----------------------------------------------------------------------------
+#
+# Replica can load the RDB it reads from the replication link directly from the
+# socket, or store the RDB to a file and read that file after it was completely
+# received from the master.
+#
+# In many cases the disk is slower than the network, and storing and loading
+# the RDB file may increase replication time (and even increase the master's
+# Copy on Write memory and salve buffers).
+# However, parsing the RDB file directly from the socket may mean that we have
+# to flush the contents of the current database before the full rdb was
+# received. For this reason we have the following options:
+#
+# "disabled" - Don't use diskless load (store the rdb file to the disk first)
+# "on-empty-db" - Use diskless load only when it is completely safe.
+# "swapdb" - Keep a copy of the current db contents in RAM while parsing
+# the data directly from the socket. note that this requires
+# sufficient memory, if you don't have it, you risk an OOM kill.
+repl-diskless-load disabled
+
+# Replicas send PINGs to server in a predefined interval. It's possible to
+# change this interval with the repl_ping_replica_period option. The default
+# value is 10 seconds.
+#
+# repl-ping-replica-period 10
# The following option sets the replication timeout for:
#
-# 1) Bulk transfer I/O during SYNC, from the point of view of slave.
-# 2) Master timeout from the point of view of slaves (data, pings).
-# 3) Slave timeout from the point of view of masters (REPLCONF ACK pings).
+# 1) Bulk transfer I/O during SYNC, from the point of view of replica.
+# 2) Master timeout from the point of view of replicas (data, pings).
+# 3) Replica timeout from the point of view of masters (REPLCONF ACK pings).
#
# It is important to make sure that this value is greater than the value
-# specified for repl-ping-slave-period otherwise a timeout will be detected
-# every time there is low traffic between the master and the slave.
+# specified for repl-ping-replica-period otherwise a timeout will be detected
+# every time there is low traffic between the master and the replica. The default
+# value is 60 seconds.
#
# repl-timeout 60
-# Disable TCP_NODELAY on the slave socket after SYNC?
+# Disable TCP_NODELAY on the replica socket after SYNC?
#
# If you select "yes" Redis will use a smaller number of TCP packets and
-# less bandwidth to send data to slaves. But this can add a delay for
-# the data to appear on the slave side, up to 40 milliseconds with
+# less bandwidth to send data to replicas. But this can add a delay for
+# the data to appear on the replica side, up to 40 milliseconds with
# Linux kernels using a default configuration.
#
-# If you select "no" the delay for data to appear on the slave side will
+# If you select "no" the delay for data to appear on the replica side will
# be reduced but more bandwidth will be used for replication.
#
# By default we optimize for low latency, but in very high traffic conditions
-# or when the master and slaves are many hops away, turning this to "yes" may
+# or when the master and replicas are many hops away, turning this to "yes" may
# be a good idea.
repl-disable-tcp-nodelay no
# Set the replication backlog size. The backlog is a buffer that accumulates
-# slave data when slaves are disconnected for some time, so that when a slave
-# wants to reconnect again, often a full resync is not needed, but a partial
-# resync is enough, just passing the portion of data the slave missed while
-# disconnected.
+# replica data when replicas are disconnected for some time, so that when a
+# replica wants to reconnect again, often a full resync is not needed, but a
+# partial resync is enough, just passing the portion of data the replica
+# missed while disconnected.
#
-# The bigger the replication backlog, the longer the time the slave can be
-# disconnected and later be able to perform a partial resynchronization.
+# The bigger the replication backlog, the longer the replica can endure the
+# disconnect and later be able to perform a partial resynchronization.
#
-# The backlog is only allocated once there is at least a slave connected.
+# The backlog is only allocated if there is at least one replica connected.
#
# repl-backlog-size 1mb
-# After a master has no longer connected slaves for some time, the backlog
-# will be freed. The following option configures the amount of seconds that
-# need to elapse, starting from the time the last slave disconnected, for
-# the backlog buffer to be freed.
+# After a master has no connected replicas for some time, the backlog will be
+# freed. The following option configures the amount of seconds that need to
+# elapse, starting from the time the last replica disconnected, for the backlog
+# buffer to be freed.
#
-# Note that slaves never free the backlog for timeout, since they may be
+# Note that replicas never free the backlog for timeout, since they may be
# promoted to masters later, and should be able to correctly "partially
-# resynchronize" with the slaves: hence they should always accumulate backlog.
+# resynchronize" with other replicas: hence they should always accumulate backlog.
#
# A value of 0 means to never release the backlog.
#
# repl-backlog-ttl 3600
-# The slave priority is an integer number published by Redis in the INFO output.
-# It is used by Redis Sentinel in order to select a slave to promote into a
-# master if the master is no longer working correctly.
+# The replica priority is an integer number published by Redis in the INFO
+# output. It is used by Redis Sentinel in order to select a replica to promote
+# into a master if the master is no longer working correctly.
#
-# A slave with a low priority number is considered better for promotion, so
-# for instance if there are three slaves with priority 10, 100, 25 Sentinel will
-# pick the one with priority 10, that is the lowest.
+# A replica with a low priority number is considered better for promotion, so
+# for instance if there are three replicas with priority 10, 100, 25 Sentinel
+# will pick the one with priority 10, that is the lowest.
#
-# However a special priority of 0 marks the slave as not able to perform the
-# role of master, so a slave with priority of 0 will never be selected by
+# However a special priority of 0 marks the replica as not able to perform the
+# role of master, so a replica with priority of 0 will never be selected by
# Redis Sentinel for promotion.
#
# By default the priority is 100.
-slave-priority 100
+replica-priority 100
# It is possible for a master to stop accepting writes if there are less than
-# N slaves connected, having a lag less or equal than M seconds.
+# N replicas connected, having a lag less or equal than M seconds.
#
-# The N slaves need to be in "online" state.
+# The N replicas need to be in "online" state.
#
# The lag in seconds, that must be <= the specified value, is calculated from
-# the last ping received from the slave, that is usually sent every second.
+# the last ping received from the replica, that is usually sent every second.
#
# This option does not GUARANTEE that N replicas will accept the write, but
-# will limit the window of exposure for lost writes in case not enough slaves
+# will limit the window of exposure for lost writes in case not enough replicas
# are available, to the specified number of seconds.
#
-# For example to require at least 3 slaves with a lag <= 10 seconds use:
+# For example to require at least 3 replicas with a lag <= 10 seconds use:
#
-# min-slaves-to-write 3
-# min-slaves-max-lag 10
+# min-replicas-to-write 3
+# min-replicas-max-lag 10
#
# Setting one or the other to 0 disables the feature.
#
-# By default min-slaves-to-write is set to 0 (feature disabled) and
-# min-slaves-max-lag is set to 10.
+# By default min-replicas-to-write is set to 0 (feature disabled) and
+# min-replicas-max-lag is set to 10.
# A Redis master is able to list the address and port of the attached
-# slaves in different ways. For example the "INFO replication" section
+# replicas in different ways. For example the "INFO replication" section
# offers this information, which is used, among other tools, by
-# Redis Sentinel in order to discover slave instances.
+# Redis Sentinel in order to discover replica instances.
# Another place where this info is available is in the output of the
# "ROLE" command of a master.
#
-# The listed IP and address normally reported by a slave is obtained
-# in the following way:
+# The listed IP address and port normally reported by a replica is
+# obtained in the following way:
#
# IP: The address is auto detected by checking the peer address
-# of the socket used by the slave to connect with the master.
+# of the socket used by the replica to connect with the master.
#
-# Port: The port is communicated by the slave during the replication
-# handshake, and is normally the port that the slave is using to
-# list for connections.
+# Port: The port is communicated by the replica during the replication
+# handshake, and is normally the port that the replica is using to
+# listen for connections.
#
# However when port forwarding or Network Address Translation (NAT) is
-# used, the slave may be actually reachable via different IP and port
-# pairs. The following two options can be used by a slave in order to
+# used, the replica may actually be reachable via different IP and port
+# pairs. The following two options can be used by a replica in order to
# report to its master a specific set of IP and port, so that both INFO
# and ROLE will report those values.
#
# There is no need to use both the options if you need to override just
# the port or the IP address.
#
-# slave-announce-ip 5.5.5.5
-# slave-announce-port 1234
+# replica-announce-ip 5.5.5.5
+# replica-announce-port 1234
-################################## SECURITY ###################################
+############################### KEYS TRACKING #################################
-# Require clients to issue AUTH before processing any other
-# commands. This might be useful in environments in which you do not trust
-# others with access to the host running redis-server.
+# Redis implements server assisted support for client side caching of values.
+# This is implemented using an invalidation table that remembers, using
+# 16 millions of slots, what clients may have certain subsets of keys. In turn
+# this is used in order to send invalidation messages to clients. Please
+# check this page to understand more about the feature:
+#
+# https://redis.io/topics/client-side-caching
+#
+# When tracking is enabled for a client, all the read only queries are assumed
+# to be cached: this will force Redis to store information in the invalidation
+# table. When keys are modified, such information is flushed away, and
+# invalidation messages are sent to the clients. However if the workload is
+# heavily dominated by reads, Redis could use more and more memory in order
+# to track the keys fetched by many clients.
+#
+# For this reason it is possible to configure a maximum fill value for the
+# invalidation table. By default it is set to 1M of keys, and once this limit
+# is reached, Redis will start to evict keys in the invalidation table
+# even if they were not modified, just to reclaim memory: this will in turn
+# force the clients to invalidate the cached values. Basically the table
+# maximum size is a trade off between the memory you want to spend server
+# side to track information about who cached what, and the ability of clients
+# to retain cached objects in memory.
#
-# This should stay commented out for backward compatibility and because most
-# people do not need auth (e.g. they run their own servers).
+# If you set the value to 0, it means there are no limits, and Redis will
+# retain as many keys as needed in the invalidation table.
+# In the "stats" INFO section, you can find information about the number of
+# keys in the invalidation table at every given moment.
#
-# Warning: since Redis is pretty fast an outside user can try up to
-# 150k passwords per second against a good box. This means that you should
-# use a very strong password otherwise it will be very easy to break.
+# Note: when key tracking is used in broadcasting mode, no memory is used
+# in the server side so this setting is useless.
+#
+# tracking-table-max-keys 1000000
+
+################################## SECURITY ###################################
+
+# Warning: since Redis is pretty fast, an outside user can try up to
+# 1 million passwords per second against a modern box. This means that you
+# should use very strong passwords, otherwise they will be very easy to break.
+# Note that because the password is really a shared secret between the client
+# and the server, and should not be memorized by any human, the password
+# can be easily a long string from /dev/urandom or whatever, so by using a
+# long and unguessable password no brute force attack will be possible.
+
+# Redis ACL users are defined in the following format:
+#
+# user ... acl rules ...
+#
+# For example:
+#
+# user worker +@list +@connection ~jobs:* on >ffa9203c493aa99
+#
+# The special username "default" is used for new connections. If this user
+# has the "nopass" rule, then new connections will be immediately authenticated
+# as the "default" user without the need of any password provided via the
+# AUTH command. Otherwise if the "default" user is not flagged with "nopass"
+# the connections will start in not authenticated state, and will require
+# AUTH (or the HELLO command AUTH option) in order to be authenticated and
+# start to work.
+#
+# The ACL rules that describe what a user can do are the following:
+#
+# on Enable the user: it is possible to authenticate as this user.
+# off Disable the user: it's no longer possible to authenticate
+# with this user, however the already authenticated connections
+# will still work.
+# + Allow the execution of that command
+# - Disallow the execution of that command
+# +@ Allow the execution of all the commands in such category
+# with valid categories are like @admin, @set, @sortedset, ...
+# and so forth, see the full list in the server.c file where
+# the Redis command table is described and defined.
+# The special category @all means all the commands, but currently
+# present in the server, and that will be loaded in the future
+# via modules.
+# +|subcommand Allow a specific subcommand of an otherwise
+# disabled command. Note that this form is not
+# allowed as negative like -DEBUG|SEGFAULT, but
+# only additive starting with "+".
+# allcommands Alias for +@all. Note that it implies the ability to execute
+# all the future commands loaded via the modules system.
+# nocommands Alias for -@all.
+# ~ Add a pattern of keys that can be mentioned as part of
+# commands. For instance ~* allows all the keys. The pattern
+# is a glob-style pattern like the one of KEYS.
+# It is possible to specify multiple patterns.
+# allkeys Alias for ~*
+# resetkeys Flush the list of allowed keys patterns.
+# > Add this password to the list of valid password for the user.
+# For example >mypass will add "mypass" to the list.
+# This directive clears the "nopass" flag (see later).
+# < Remove this password from the list of valid passwords.
+# nopass All the set passwords of the user are removed, and the user
+# is flagged as requiring no password: it means that every
+# password will work against this user. If this directive is
+# used for the default user, every new connection will be
+# immediately authenticated with the default user without
+# any explicit AUTH command required. Note that the "resetpass"
+# directive will clear this condition.
+# resetpass Flush the list of allowed passwords. Moreover removes the
+# "nopass" status. After "resetpass" the user has no associated
+# passwords and there is no way to authenticate without adding
+# some password (or setting it as "nopass" later).
+# reset Performs the following actions: resetpass, resetkeys, off,
+# -@all. The user returns to the same state it has immediately
+# after its creation.
+#
+# ACL rules can be specified in any order: for instance you can start with
+# passwords, then flags, or key patterns. However note that the additive
+# and subtractive rules will CHANGE MEANING depending on the ordering.
+# For instance see the following example:
+#
+# user alice on +@all -DEBUG ~* >somepassword
+#
+# This will allow "alice" to use all the commands with the exception of the
+# DEBUG command, since +@all added all the commands to the set of the commands
+# alice can use, and later DEBUG was removed. However if we invert the order
+# of two ACL rules the result will be different:
+#
+# user alice on -DEBUG +@all ~* >somepassword
+#
+# Now DEBUG was removed when alice had yet no commands in the set of allowed
+# commands, later all the commands are added, so the user will be able to
+# execute everything.
+#
+# Basically ACL rules are processed left-to-right.
+#
+# For more information about ACL configuration please refer to
+# the Redis web site at https://redis.io/topics/acl
+
+# ACL LOG
+#
+# The ACL Log tracks failed commands and authentication events associated
+# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked
+# by ACLs. The ACL Log is stored in memory. You can reclaim memory with
+# ACL LOG RESET. Define the maximum entry length of the ACL Log below.
+acllog-max-len 128
+
+# Using an external ACL file
+#
+# Instead of configuring users here in this file, it is possible to use
+# a stand-alone file just listing users. The two methods cannot be mixed:
+# if you configure users here and at the same time you activate the external
+# ACL file, the server will refuse to start.
+#
+# The format of the external ACL user file is exactly the same as the
+# format that is used inside redis.conf to describe users.
+#
+# aclfile /etc/redis/users.acl
+
+# IMPORTANT NOTE: starting with Redis 6 "requirepass" is just a compatibility
+# layer on top of the new ACL system. The option effect will be just setting
+# the password for the default user. Clients will still authenticate using
+# AUTH as usually, or more explicitly with AUTH default
+# if they follow the new protocol: both will work.
#
# requirepass foobared
-# Command renaming.
+# Command renaming (DEPRECATED).
+#
+# ------------------------------------------------------------------------
+# WARNING: avoid using this option if possible. Instead use ACLs to remove
+# commands from the default user, and put them only in some admin user you
+# create for administrative purposes.
+# ------------------------------------------------------------------------
#
# It is possible to change the name of dangerous commands in a shared
# environment. For instance the CONFIG command may be renamed into something
@@ -516,7 +812,7 @@ slave-priority 100
# rename-command CONFIG ""
#
# Please note that changing the name of commands that are logged into the
-# AOF file or transmitted to slaves may cause problems.
+# AOF file or transmitted to replicas may cause problems.
################################### CLIENTS ####################################
@@ -529,6 +825,11 @@ slave-priority 100
# Once the limit is reached Redis will close all the new connections sending
# an error 'max number of clients reached'.
#
+# IMPORTANT: When Redis Cluster is used, the max number of connections is also
+# shared with the cluster bus: every node in the cluster will use two
+# connections, one incoming and another outgoing. It is important to size the
+# limit accordingly in case of very large clusters.
+#
# maxclients 10000
############################## MEMORY MANAGEMENT ################################
@@ -545,27 +846,27 @@ slave-priority 100
# This option is usually useful when using Redis as an LRU or LFU cache, or to
# set a hard memory limit for an instance (using the 'noeviction' policy).
#
-# WARNING: If you have slaves attached to an instance with maxmemory on,
-# the size of the output buffers needed to feed the slaves are subtracted
+# WARNING: If you have replicas attached to an instance with maxmemory on,
+# the size of the output buffers needed to feed the replicas are subtracted
# from the used memory count, so that network problems / resyncs will
# not trigger a loop where keys are evicted, and in turn the output
-# buffer of slaves is full with DELs of keys evicted triggering the deletion
+# buffer of replicas is full with DELs of keys evicted triggering the deletion
# of more keys, and so forth until the database is completely emptied.
#
-# In short... if you have slaves attached it is suggested that you set a lower
-# limit for maxmemory so that there is some free RAM on the system for slave
+# In short... if you have replicas attached it is suggested that you set a lower
+# limit for maxmemory so that there is some free RAM on the system for replica
# output buffers (but this is not needed if the policy is 'noeviction').
#
# maxmemory
# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
-# is reached. You can select among five behaviors:
+# is reached. You can select one from the following behaviors:
#
-# volatile-lru -> Evict using approximated LRU among the keys with an expire set.
+# volatile-lru -> Evict using approximated LRU, only keys with an expire set.
# allkeys-lru -> Evict any key using approximated LRU.
-# volatile-lfu -> Evict using approximated LFU among the keys with an expire set.
+# volatile-lfu -> Evict using approximated LFU, only keys with an expire set.
# allkeys-lfu -> Evict any key using approximated LFU.
-# volatile-random -> Remove a random key among the ones with an expire set.
+# volatile-random -> Remove a random key having an expire set.
# allkeys-random -> Remove a random key, any key.
# volatile-ttl -> Remove the key with the nearest expire time (minor TTL)
# noeviction -> Don't evict anything, just return an error on write operations.
@@ -591,8 +892,8 @@ slave-priority 100
# LRU, LFU and minimal TTL algorithms are not precise algorithms but approximated
# algorithms (in order to save memory), so you can tune it for speed or
-# accuracy. For default Redis will check five keys and pick the one that was
-# used less recently, you can change the sample size using the following
+# accuracy. By default Redis will check five keys and pick the one that was
+# used least recently, you can change the sample size using the following
# configuration directive.
#
# The default of 5 produces good enough results. 10 Approximates very closely
@@ -600,6 +901,43 @@ slave-priority 100
#
# maxmemory-samples 5
+# Starting from Redis 5, by default a replica will ignore its maxmemory setting
+# (unless it is promoted to master after a failover or manually). It means
+# that the eviction of keys will be just handled by the master, sending the
+# DEL commands to the replica as keys evict in the master side.
+#
+# This behavior ensures that masters and replicas stay consistent, and is usually
+# what you want, however if your replica is writable, or you want the replica
+# to have a different memory setting, and you are sure all the writes performed
+# to the replica are idempotent, then you may change this default (but be sure
+# to understand what you are doing).
+#
+# Note that since the replica by default does not evict, it may end using more
+# memory than the one set via maxmemory (there are certain buffers that may
+# be larger on the replica, or data structures may sometimes take more memory
+# and so forth). So make sure you monitor your replicas and make sure they
+# have enough memory to never hit a real out-of-memory condition before the
+# master hits the configured maxmemory setting.
+#
+# replica-ignore-maxmemory yes
+
+# Redis reclaims expired keys in two ways: upon access when those keys are
+# found to be expired, and also in background, in what is called the
+# "active expire key". The key space is slowly and interactively scanned
+# looking for expired keys to reclaim, so that it is possible to free memory
+# of keys that are expired and will never be accessed again in a short time.
+#
+# The default effort of the expire cycle will try to avoid having more than
+# ten percent of expired keys still in memory, and will try to avoid consuming
+# more than 25% of total memory and to add latency to the system. However
+# it is possible to increase the expire "effort" that is normally set to
+# "1", to a greater value, up to the value "10". At its maximum value the
+# system will use more CPU, longer cycles (and technically may introduce
+# more latency), and will tolerate less already expired keys still present
+# in the system. It's a tradeoff between memory, CPU and latency.
+#
+# active-expire-effort 1
+
############################# LAZY FREEING ####################################
# Redis has two primitives to delete keys. One is called DEL and is a blocking
@@ -635,19 +973,103 @@ slave-priority 100
# or SORT with STORE option may delete existing keys. The SET command
# itself removes any old content of the specified key in order to replace
# it with the specified string.
-# 4) During replication, when a slave performs a full resynchronization with
+# 4) During replication, when a replica performs a full resynchronization with
# its master, the content of the whole database is removed in order to
-# load the RDB file just transfered.
+# load the RDB file just transferred.
#
# In all the above cases the default is to delete objects in a blocking way,
# like if DEL was called. However you can configure each case specifically
# in order to instead release memory in a non-blocking way like if UNLINK
-# was called, using the following configuration directives:
+# was called, using the following configuration directives.
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
-slave-lazy-flush no
+replica-lazy-flush no
+
+# It is also possible, for the case when to replace the user code DEL calls
+# with UNLINK calls is not easy, to modify the default behavior of the DEL
+# command to act exactly like UNLINK, using the following configuration
+# directive:
+
+lazyfree-lazy-user-del no
+
+################################ THREADED I/O #################################
+
+# Redis is mostly single threaded, however there are certain threaded
+# operations such as UNLINK, slow I/O accesses and other things that are
+# performed on side threads.
+#
+# Now it is also possible to handle Redis clients socket reads and writes
+# in different I/O threads. Since especially writing is so slow, normally
+# Redis users use pipelining in order to speed up the Redis performances per
+# core, and spawn multiple instances in order to scale more. Using I/O
+# threads it is possible to easily speedup two times Redis without resorting
+# to pipelining nor sharding of the instance.
+#
+# By default threading is disabled, we suggest enabling it only in machines
+# that have at least 4 or more cores, leaving at least one spare core.
+# Using more than 8 threads is unlikely to help much. We also recommend using
+# threaded I/O only if you actually have performance problems, with Redis
+# instances being able to use a quite big percentage of CPU time, otherwise
+# there is no point in using this feature.
+#
+# So for instance if you have a four cores boxes, try to use 2 or 3 I/O
+# threads, if you have a 8 cores, try to use 6 threads. In order to
+# enable I/O threads use the following configuration directive:
+#
+# io-threads 4
+#
+# Setting io-threads to 1 will just use the main thread as usual.
+# When I/O threads are enabled, we only use threads for writes, that is
+# to thread the write(2) syscall and transfer the client buffers to the
+# socket. However it is also possible to enable threading of reads and
+# protocol parsing using the following configuration directive, by setting
+# it to yes:
+#
+# io-threads-do-reads no
+#
+# Usually threading reads doesn't help much.
+#
+# NOTE 1: This configuration directive cannot be changed at runtime via
+# CONFIG SET. Aso this feature currently does not work when SSL is
+# enabled.
+#
+# NOTE 2: If you want to test the Redis speedup using redis-benchmark, make
+# sure you also run the benchmark itself in threaded mode, using the
+# --threads option to match the number of Redis threads, otherwise you'll not
+# be able to notice the improvements.
+
+############################ KERNEL OOM CONTROL ##############################
+
+# On Linux, it is possible to hint the kernel OOM killer on what processes
+# should be killed first when out of memory.
+#
+# Enabling this feature makes Redis actively control the oom_score_adj value
+# for all its processes, depending on their role. The default scores will
+# attempt to have background child processes killed before all others, and
+# replicas killed before masters.
+#
+# Redis supports three options:
+#
+# no: Don't make changes to oom-score-adj (default).
+# yes: Alias to "relative" see below.
+# absolute: Values in oom-score-adj-values are written as is to the kernel.
+# relative: Values are used relative to the initial value of oom_score_adj when
+# the server starts and are then clamped to a range of -1000 to 1000.
+# Because typically the initial value is 0, they will often match the
+# absolute values.
+oom-score-adj no
+
+# When oom-score-adj is used, this directive controls the specific values used
+# for master, replica and background child processes. Values range -2000 to
+# 2000 (higher means more likely to be killed).
+#
+# Unprivileged processes (not root, and without CAP_SYS_RESOURCE capabilities)
+# can freely increase their value, but not decrease it below its initial
+# settings. This means that setting oom-score-adj to "relative" and setting the
+# oom-score-adj-values to positive values will always succeed.
+oom-score-adj-values 0 200 800
############################## APPEND ONLY MODE ###############################
@@ -773,13 +1195,10 @@ aof-load-truncated yes
#
# [RDB file][AOF tail]
#
-# When loading Redis recognizes that the AOF file starts with the "REDIS"
-# string and loads the prefixed RDB file, and continues loading the AOF
+# When loading, Redis recognizes that the AOF file starts with the "REDIS"
+# string and loads the prefixed RDB file, then continues loading the AOF
# tail.
-#
-# This is currently turned off by default in order to avoid the surprise
-# of a format change, but will at some point be used as the default.
-aof-use-rdb-preamble no
+aof-use-rdb-preamble yes
################################ LUA SCRIPTING ###############################
@@ -791,7 +1210,7 @@ aof-use-rdb-preamble no
#
# When a long running script exceeds the maximum execution time only the
# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
-# used to stop a script that did not yet called write commands. The second
+# used to stop a script that did not yet call any write commands. The second
# is the only way to shut down the server in the case a write command was
# already issued by the script but the user doesn't want to wait for the natural
# termination of the script.
@@ -800,13 +1219,7 @@ aof-use-rdb-preamble no
lua-time-limit 5000
################################ REDIS CLUSTER ###############################
-#
-# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-# WARNING EXPERIMENTAL: Redis Cluster is considered to be stable code, however
-# in order to mark it as "mature" we need to wait for a non trivial percentage
-# of users to deploy it in production.
-# ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-#
+
# Normal Redis instances can't be part of a Redis Cluster; only nodes that are
# started as cluster nodes can. In order to start a Redis instance as a
# cluster node enable the cluster support uncommenting the following:
@@ -823,46 +1236,46 @@ lua-time-limit 5000
# Cluster node timeout is the amount of milliseconds a node must be unreachable
# for it to be considered in failure state.
-# Most other internal time limits are multiple of the node timeout.
+# Most other internal time limits are a multiple of the node timeout.
#
# cluster-node-timeout 15000
-# A slave of a failing master will avoid to start a failover if its data
+# A replica of a failing master will avoid to start a failover if its data
# looks too old.
#
-# There is no simple way for a slave to actually have an exact measure of
+# There is no simple way for a replica to actually have an exact measure of
# its "data age", so the following two checks are performed:
#
-# 1) If there are multiple slaves able to failover, they exchange messages
-# in order to try to give an advantage to the slave with the best
+# 1) If there are multiple replicas able to failover, they exchange messages
+# in order to try to give an advantage to the replica with the best
# replication offset (more data from the master processed).
-# Slaves will try to get their rank by offset, and apply to the start
+# Replicas will try to get their rank by offset, and apply to the start
# of the failover a delay proportional to their rank.
#
-# 2) Every single slave computes the time of the last interaction with
+# 2) Every single replica computes the time of the last interaction with
# its master. This can be the last ping or command received (if the master
# is still in the "connected" state), or the time that elapsed since the
# disconnection with the master (if the replication link is currently down).
-# If the last interaction is too old, the slave will not try to failover
+# If the last interaction is too old, the replica will not try to failover
# at all.
#
-# The point "2" can be tuned by user. Specifically a slave will not perform
+# The point "2" can be tuned by user. Specifically a replica will not perform
# the failover if, since the last interaction with the master, the time
# elapsed is greater than:
#
-# (node-timeout * slave-validity-factor) + repl-ping-slave-period
+# (node-timeout * cluster-replica-validity-factor) + repl-ping-replica-period
#
-# So for example if node-timeout is 30 seconds, and the slave-validity-factor
-# is 10, and assuming a default repl-ping-slave-period of 10 seconds, the
-# slave will not try to failover if it was not able to talk with the master
+# So for example if node-timeout is 30 seconds, and the cluster-replica-validity-factor
+# is 10, and assuming a default repl-ping-replica-period of 10 seconds, the
+# replica will not try to failover if it was not able to talk with the master
# for longer than 310 seconds.
#
-# A large slave-validity-factor may allow slaves with too old data to failover
+# A large cluster-replica-validity-factor may allow replicas with too old data to failover
# a master, while a too small value may prevent the cluster from being able to
-# elect a slave at all.
+# elect a replica at all.
#
-# For maximum availability, it is possible to set the slave-validity-factor
-# to a value of 0, which means, that slaves will always try to failover the
+# For maximum availability, it is possible to set the cluster-replica-validity-factor
+# to a value of 0, which means, that replicas will always try to failover the
# master regardless of the last time they interacted with the master.
# (However they'll always try to apply a delay proportional to their
# offset rank).
@@ -870,29 +1283,29 @@ lua-time-limit 5000
# Zero is the only value able to guarantee that when all the partitions heal
# the cluster will always be able to continue.
#
-# cluster-slave-validity-factor 10
+# cluster-replica-validity-factor 10
-# Cluster slaves are able to migrate to orphaned masters, that are masters
-# that are left without working slaves. This improves the cluster ability
+# Cluster replicas are able to migrate to orphaned masters, that are masters
+# that are left without working replicas. This improves the cluster ability
# to resist to failures as otherwise an orphaned master can't be failed over
-# in case of failure if it has no working slaves.
+# in case of failure if it has no working replicas.
#
-# Slaves migrate to orphaned masters only if there are still at least a
-# given number of other working slaves for their old master. This number
-# is the "migration barrier". A migration barrier of 1 means that a slave
-# will migrate only if there is at least 1 other working slave for its master
-# and so forth. It usually reflects the number of slaves you want for every
+# Replicas migrate to orphaned masters only if there are still at least a
+# given number of other working replicas for their old master. This number
+# is the "migration barrier". A migration barrier of 1 means that a replica
+# will migrate only if there is at least 1 other working replica for its master
+# and so forth. It usually reflects the number of replicas you want for every
# master in your cluster.
#
-# Default is 1 (slaves migrate only if their masters remain with at least
-# one slave). To disable migration just set it to a very large value.
+# Default is 1 (replicas migrate only if their masters remain with at least
+# one replica). To disable migration just set it to a very large value.
# A value of 0 can be set but is useful only for debugging and dangerous
# in production.
#
# cluster-migration-barrier 1
# By default Redis Cluster nodes stop accepting queries if they detect there
-# is at least an hash slot uncovered (no available node is serving it).
+# is at least a hash slot uncovered (no available node is serving it).
# This way if the cluster is partially down (for example a range of hash slots
# are no longer covered) all the cluster becomes, eventually, unavailable.
# It automatically returns available as soon as all the slots are covered again.
@@ -904,7 +1317,7 @@ lua-time-limit 5000
#
# cluster-require-full-coverage yes
-# This option, when set to yes, prevents slaves from trying to failover its
+# This option, when set to yes, prevents replicas from trying to failover its
# master during master failures. However the master can still perform a
# manual failover, if forced to do so.
#
@@ -912,7 +1325,23 @@ lua-time-limit 5000
# data center operations, where we want one side to never be promoted if not
# in the case of a total DC failure.
#
-# cluster-slave-no-failover no
+# cluster-replica-no-failover no
+
+# This option, when set to yes, allows nodes to serve read traffic while the
+# the cluster is in a down state, as long as it believes it owns the slots.
+#
+# This is useful for two cases. The first case is for when an application
+# doesn't require consistency of data during node failures or network partitions.
+# One example of this is a cache, where as long as the node has the data it
+# should be able to serve it.
+#
+# The second use case is for configurations that don't meet the recommended
+# three shards but want to enable cluster mode and scale later. A
+# master outage in a 1 or 2 shard configuration causes a read/write outage to the
+# entire cluster without this option set, with it set there is only a write outage.
+# Without a quorum of masters, slot ownership will not change automatically.
+#
+# cluster-allow-reads-when-down no
# In order to setup your cluster make sure to read the documentation
# available at http://redis.io web site.
@@ -931,7 +1360,7 @@ lua-time-limit 5000
# * cluster-announce-port
# * cluster-announce-bus-port
#
-# Each instruct the node about its address, client port, and cluster message
+# Each instructs the node about its address, client port, and cluster message
# bus port. The information is then published in the header of the bus packets
# so that other nodes will be able to correctly map the address of the node
# publishing the information.
@@ -942,7 +1371,7 @@ lua-time-limit 5000
# Note that when remapped, the bus port may not be at the fixed offset of
# clients port + 10000, so you can specify any port and bus-port depending
# on how they get remapped. If the bus-port is not set, a fixed offset of
-# 10000 will be used as usually.
+# 10000 will be used as usual.
#
# Example:
#
@@ -1020,7 +1449,11 @@ latency-monitor-threshold 0
# z Sorted set commands
# x Expired events (events generated every time a key expires)
# e Evicted events (events generated when a key is evicted for maxmemory)
-# A Alias for g$lshzxe, so that the "AKE" string means all the events.
+# t Stream commands
+# m Key-miss events (Note: It is not included in the 'A' class)
+# A Alias for g$lshzxet, so that the "AKE" string means all the events
+# (Except key-miss events which are excluded from 'A' due to their
+# unique nature).
#
# The "notify-keyspace-events" takes as argument a string that is composed
# of zero or multiple characters. The empty string means that notifications
@@ -1041,6 +1474,64 @@ latency-monitor-threshold 0
# specify at least one of K or E, no events will be delivered.
notify-keyspace-events ""
+############################### GOPHER SERVER #################################
+
+# Redis contains an implementation of the Gopher protocol, as specified in
+# the RFC 1436 (https://www.ietf.org/rfc/rfc1436.txt).
+#
+# The Gopher protocol was very popular in the late '90s. It is an alternative
+# to the web, and the implementation both server and client side is so simple
+# that the Redis server has just 100 lines of code in order to implement this
+# support.
+#
+# What do you do with Gopher nowadays? Well Gopher never *really* died, and
+# lately there is a movement in order for the Gopher more hierarchical content
+# composed of just plain text documents to be resurrected. Some want a simpler
+# internet, others believe that the mainstream internet became too much
+# controlled, and it's cool to create an alternative space for people that
+# want a bit of fresh air.
+#
+# Anyway for the 10nth birthday of the Redis, we gave it the Gopher protocol
+# as a gift.
+#
+# --- HOW IT WORKS? ---
+#
+# The Redis Gopher support uses the inline protocol of Redis, and specifically
+# two kind of inline requests that were anyway illegal: an empty request
+# or any request that starts with "/" (there are no Redis commands starting
+# with such a slash). Normal RESP2/RESP3 requests are completely out of the
+# path of the Gopher protocol implementation and are served as usual as well.
+#
+# If you open a connection to Redis when Gopher is enabled and send it
+# a string like "/foo", if there is a key named "/foo" it is served via the
+# Gopher protocol.
+#
+# In order to create a real Gopher "hole" (the name of a Gopher site in Gopher
+# talking), you likely need a script like the following:
+#
+# https://github.com/antirez/gopher2redis
+#
+# --- SECURITY WARNING ---
+#
+# If you plan to put Redis on the internet in a publicly accessible address
+# to server Gopher pages MAKE SURE TO SET A PASSWORD to the instance.
+# Once a password is set:
+#
+# 1. The Gopher server (when enabled, not by default) will still serve
+# content via Gopher.
+# 2. However other commands cannot be called before the client will
+# authenticate.
+#
+# So use the 'requirepass' option to protect your instance.
+#
+# Note that Gopher is not currently supported when 'io-threads-do-reads'
+# is enabled.
+#
+# To enable Gopher support, uncomment the following line and set the option
+# from no (the default) to yes.
+#
+# gopher-enabled no
+
############################### ADVANCED CONFIG ###############################
# Hashes are encoded using a memory efficient data structure when they have a
@@ -1107,6 +1598,17 @@ zset-max-ziplist-value 64
# composed of many HyperLogLogs with cardinality in the 0 - 15000 range.
hll-sparse-max-bytes 3000
+# Streams macro node max size / items. The stream data structure is a radix
+# tree of big nodes that encode multiple items inside. Using this configuration
+# it is possible to configure how big a single node can be in bytes, and the
+# maximum number of items it may contain before switching to a new node when
+# appending new stream entries. If any of the following settings are set to
+# zero, the limit is ignored, so for instance it is possible to set just a
+# max entires limit by setting max-bytes to 0 and max-entries to the desired
+# value.
+stream-node-max-bytes 4096
+stream-node-max-entries 100
+
# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
# order to help rehashing the main Redis hash table (the one mapping top-level
# keys to values). The hash table implementation Redis uses (see dict.c)
@@ -1135,7 +1637,7 @@ activerehashing yes
# The limit can be set differently for the three different classes of clients:
#
# normal -> normal clients including MONITOR clients
-# slave -> slave clients
+# replica -> replica clients
# pubsub -> clients subscribed to at least one pubsub channel or pattern
#
# The syntax of every client-output-buffer-limit directive is the following:
@@ -1156,12 +1658,12 @@ activerehashing yes
# asynchronous clients may create a scenario where data is requested faster
# than it can read.
#
-# Instead there is a default limit for pubsub and slave clients, since
-# subscribers and slaves receive data in a push fashion.
+# Instead there is a default limit for pubsub and replica clients, since
+# subscribers and replicas receive data in a push fashion.
#
# Both the hard or the soft limit can be disabled by setting them to zero.
client-output-buffer-limit normal 0 0 0
-client-output-buffer-limit slave 256mb 64mb 60
+client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
# Client query buffers accumulate new commands. They are limited to a fixed
@@ -1173,8 +1675,8 @@ client-output-buffer-limit pubsub 32mb 8mb 60
# client-query-buffer-limit 1gb
# In the Redis protocol, bulk requests, that are, elements representing single
-# strings, are normally limited ot 512 mb. However you can change this limit
-# here.
+# strings, are normally limited to 512 mb. However you can change this limit
+# here, but must be 1mb or greater
#
# proto-max-bulk-len 512mb
@@ -1195,12 +1697,34 @@ client-output-buffer-limit pubsub 32mb 8mb 60
# 100 only in environments where very low latency is required.
hz 10
+# Normally it is useful to have an HZ value which is proportional to the
+# number of clients connected. This is useful in order, for instance, to
+# avoid too many clients are processed for each background task invocation
+# in order to avoid latency spikes.
+#
+# Since the default HZ value by default is conservatively set to 10, Redis
+# offers, and enables by default, the ability to use an adaptive HZ value
+# which will temporarily raise when there are many connected clients.
+#
+# When dynamic HZ is enabled, the actual configured HZ will be used
+# as a baseline, but multiples of the configured HZ value will be actually
+# used as needed once more clients are connected. In this way an idle
+# instance will use very little CPU time while a busy instance will be
+# more responsive.
+dynamic-hz yes
+
# When a child rewrites the AOF file, if the following option is enabled
# the file will be fsync-ed every 32 MB of data generated. This is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
aof-rewrite-incremental-fsync yes
+# When redis saves RDB file, if the following option is enabled
+# the file will be fsync-ed every 32 MB of data generated. This is useful
+# in order to commit the file to the disk more incrementally and avoid
+# big latency spikes.
+rdb-save-incremental-fsync yes
+
# Redis LFU eviction (see maxmemory setting) can be tuned. However it is a good
# idea to start with the default settings and only change them after investigating
# how to improve the performances and how the keys LFU change over time, which
@@ -1247,7 +1771,7 @@ aof-rewrite-incremental-fsync yes
# for the key counter to be divided by two (or decremented if it has a value
# less <= 10).
#
-# The default value for the lfu-decay-time is 1. A Special value of 0 means to
+# The default value for the lfu-decay-time is 1. A special value of 0 means to
# decay the counter every time it happens to be scanned.
#
# lfu-log-factor 10
@@ -1255,10 +1779,6 @@ aof-rewrite-incremental-fsync yes
########################### ACTIVE DEFRAGMENTATION #######################
#
-# WARNING THIS FEATURE IS EXPERIMENTAL. However it was stress tested
-# even in production and manually tested by multiple engineers for some
-# time.
-#
# What is active defragmentation?
# -------------------------------
#
@@ -1271,7 +1791,7 @@ aof-rewrite-incremental-fsync yes
# restart is needed in order to lower the fragmentation, or at least to flush
# away all the data and create it again. However thanks to this feature
# implemented by Oran Agra for Redis 4.0 this process can happen at runtime
-# in an "hot" way, while the server is running.
+# in a "hot" way, while the server is running.
#
# Basically when the fragmentation is over a certain level (see the
# configuration options below) Redis will start to create new copies of the
@@ -1298,7 +1818,10 @@ aof-rewrite-incremental-fsync yes
# a good idea to leave the defaults untouched.
# Enabled active defragmentation
-# activedefrag yes
+# NOTE: This feature is not available in the stock Debian packages as they use
+# the distribution-wide jemalloc allocator that does not have support for active
+# defragmentation. See #967970 for more information.
+# activedefrag no
# Minimum amount of fragmentation waste to start active defrag
# active-defrag-ignore-bytes 100mb
@@ -1309,8 +1832,49 @@ aof-rewrite-incremental-fsync yes
# Maximum percentage of fragmentation at which we use maximum effort
# active-defrag-threshold-upper 100
-# Minimal effort for defrag in CPU percentage
-# active-defrag-cycle-min 25
+# Minimal effort for defrag in CPU percentage, to be used when the lower
+# threshold is reached
+# active-defrag-cycle-min 1
+
+# Maximal effort for defrag in CPU percentage, to be used when the upper
+# threshold is reached
+# active-defrag-cycle-max 25
+
+# Maximum number of set/hash/zset/list fields that will be processed from
+# the main dictionary scan
+# active-defrag-max-scan-fields 1000
+
+# Jemalloc background thread for purging will be enabled by default
+jemalloc-bg-thread yes
+
+# It is possible to pin different threads and processes of Redis to specific
+# CPUs in your system, in order to maximize the performances of the server.
+# This is useful both in order to pin different Redis threads in different
+# CPUs, but also in order to make sure that multiple Redis instances running
+# in the same host will be pinned to different CPUs.
+#
+# Normally you can do this using the "taskset" command, however it is also
+# possible to this via Redis configuration directly, both in Linux and FreeBSD.
+#
+# You can pin the server/IO threads, bio threads, aof rewrite child process, and
+# the bgsave child process. The syntax to specify the cpu list is the same as
+# the taskset command:
+#
+# Set redis server/io threads to cpu affinity 0,2,4,6:
+# server_cpulist 0-7:2
+#
+# Set bio threads to cpu affinity 1,3:
+# bio_cpulist 1,3
+#
+# Set aof rewrite child process to cpu affinity 8,9,10,11:
+# aof_rewrite_cpulist 8-11
+#
+# Set bgsave child process to cpu affinity 1,10,11
+# bgsave_cpulist 1,10-11
-# Maximal effort for defrag in CPU percentage
-# active-defrag-cycle-max 75
+# In some cases redis will emit warnings and even refuse to start if it detects
+# that the system is in bad state, it is possible to suppress these warnings
+# by setting the following config which takes a space delimited list of warnings
+# to suppress
+#
+# ignore-warnings ARM64-COW-BUG
diff --git a/image/finalize.sh b/image/finalize.sh
index b89e0a4b..5e8a7f74 100755
--- a/image/finalize.sh
+++ b/image/finalize.sh
@@ -14,6 +14,7 @@ run apt-get autoremove -y
if [[ "$final" = 1 ]]; then
run rm -rf /pd_build
else
- run rm -f /pd_build/{install,enable_repos,prepare,nginx-passenger,finalize}.sh
- run rm -f /pd_build/{Dockerfile,insecure_key*}
+ run rm -f /pd_build/{install,enable_repos,prepare,nginx-passenger,finalize,install_base,install_image,update_baseimage,utilities}.sh
+ run rm -f /pd_build/{Dockerfile,Dockerfile.base,insecure_key*}
fi
+rm -rf /bd_build
diff --git a/image/install_image.sh b/image/install_image.sh
index ce15e448..8882dbe3 100755
--- a/image/install_image.sh
+++ b/image/install_image.sh
@@ -5,7 +5,6 @@ source /pd_build/buildconfig
# base cleans up apt before here now
run apt-get update
-if [[ "$ruby27" = 1 ]]; then run /pd_build/ruby-2.7.*.sh; fi
if [[ "$ruby30" = 1 ]]; then run /pd_build/ruby-3.0.*.sh; fi
if [[ "$ruby31" = 1 ]]; then run /pd_build/ruby-3.1.*.sh; fi
if [[ "$ruby32" = 1 ]]; then run /pd_build/ruby-3.2.*.sh; fi
diff --git a/image/install_openssl1.1.sh b/image/install_openssl1.1.sh
new file mode 100755
index 00000000..97e94412
--- /dev/null
+++ b/image/install_openssl1.1.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+
+if [[ ! -d /usr/local/ssl ]]; then
+ PWD=$(pwd)
+ cd /usr/local/src/
+ git clone https://github.com/openssl/openssl.git -b OpenSSL_1_1_1-stable openssl-1.1.1m
+ cd openssl-1.1.1m
+ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
+ make -j$(nproc)
+ make install_sw
+ ln -s /etc/ssl/certs /usr/local/ssl/certs
+
+ cd "${PWD}"
+ rm -rf /usr/local/src/openssl*
+fi
diff --git a/image/jruby-9.3.10.0.sh b/image/jruby-9.3.11.0.sh
similarity index 100%
rename from image/jruby-9.3.10.0.sh
rename to image/jruby-9.3.11.0.sh
diff --git a/image/memcached.sh b/image/memcached.sh
index ec85237e..d80065a0 100755
--- a/image/memcached.sh
+++ b/image/memcached.sh
@@ -4,6 +4,7 @@ source /pd_build/buildconfig
header "Installing memcached..."
+run apt-get update
run apt-get install -y memcached
run mkdir /etc/service/memcached
run cp /pd_build/runit/memcached /etc/service/memcached/run
diff --git a/image/nginx-passenger.sh b/image/nginx-passenger.sh
index 4fce2da8..ca881586 100755
--- a/image/nginx-passenger.sh
+++ b/image/nginx-passenger.sh
@@ -11,15 +11,15 @@ header "Installing Phusion Passenger..."
if [[ ! -e /usr/bin/ruby ]]; then
RVM_ID="ruby-3.2.2"
- run mkdir -p "/rvm_cache/${ARCH}"
- if [[ -e "/rvm_cache/${ARCH}/${RVM_ID}.tar.bz2" ]]; then
+ run mkdir -p "/build_cache/${ARCH}"
+ if [[ -e "/build_cache/${ARCH}/${RVM_ID}.tar.bz2" ]]; then
# use cached ruby if present
- run /usr/local/rvm/bin/rvm mount "/rvm_cache/${ARCH}/${RVM_ID}.tar.bz2"
+ run /usr/local/rvm/bin/rvm mount "/build_cache/${ARCH}/${RVM_ID}.tar.bz2"
else
# otherwise build one
run minimal_apt_get_install rustc # For compiling Ruby with YJIT
MAKEFLAGS=-j$(nproc) run /usr/local/rvm/bin/rvm install $RVM_ID --disable-cache || ( cat /usr/local/rvm/log/*${RVM_ID}*/*.log && false )
- run cd "/rvm_cache/${ARCH}"
+ run cd "/build_cache/${ARCH}"
run /usr/local/rvm/bin/rvm prepare "${RVM_ID}"
run cd /
fi
@@ -66,10 +66,6 @@ if [[ -e /usr/bin/ruby3.0 ]]; then
run ruby3.0 -S passenger-config build-native-support
run setuser app ruby3.0 -S passenger-config build-native-support
fi
-if [[ -e /usr/bin/ruby2.7 ]]; then
- run ruby2.7 -S passenger-config build-native-support
- run setuser app ruby2.7 -S passenger-config build-native-support
-fi
if [[ -e /usr/bin/jruby9.4 ]]; then
run jruby9.4 --dev -S passenger-config build-native-support
run setuser app jruby9.4 -S passenger-config build-native-support
diff --git a/image/nodejs.sh b/image/nodejs.sh
index 89dd1636..e4c5093d 100755
--- a/image/nodejs.sh
+++ b/image/nodejs.sh
@@ -3,14 +3,25 @@ set -e
source /pd_build/buildconfig
set -x
-echo "+ Enabling Node Source APT repo"
-curl -sL https://deb.nodesource.com/setup_18.x | bash -
-apt-get update
+VERSION=${1:-18}
+if ( ! egrep -q nodesource.gpg /etc/apt/sources.list.d/nodesource.list ); then
+ ## Install Node.js (also needed for Rails asset compilation)
-## Install Node.js (also needed for Rails asset compilation)
-minimal_apt_get_install nodejs
-echo "+ Updating npm"
-run npm update npm -g || ( cat /root/.npm/_logs/*-debug.log && false )
-if [[ ! -e /usr/bin/node ]]; then
- ln -s /usr/bin/nodejs /usr/bin/node
+ header "Installing NodeJS ${VERSION}"
+
+ mkdir -p /etc/apt/keyrings
+ curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --batch --dearmor -o /etc/apt/keyrings/nodesource.gpg
+ echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$VERSION.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
+ apt-get update
+
+ minimal_apt_get_install nodejs
+
+ echo "+ Updating npm"
+ run npm update npm -g || ( cat /root/.npm/_logs/*-debug.log && false )
+ if [[ ! -e /usr/bin/node ]]; then
+ ln -s /usr/bin/nodejs /usr/bin/node
+ fi
+
+ ## create corepack command symlinks (yarn, etc)
+ corepack enable
fi
diff --git a/image/prepare.sh b/image/prepare.sh
index ce6f638f..74275de8 100755
--- a/image/prepare.sh
+++ b/image/prepare.sh
@@ -15,3 +15,9 @@ run usermod -L app
run mkdir -p /home/app/.ssh
run chmod 700 /home/app/.ssh
run chown app:app /home/app/.ssh
+
+## Fix home dir permissions so nginx can enter it by default
+run chmod 755 /home/app
+
+## Create a /usr/bin/python for safety
+ln -s /usr/bin/python3.10 /usr/bin/python
diff --git a/image/python.sh b/image/python.sh
index 7ad61f25..d845f27a 100755
--- a/image/python.sh
+++ b/image/python.sh
@@ -2,7 +2,21 @@
set -e
source /pd_build/buildconfig
-header "Installing Python..."
+VERSION=${1:-3.10}
+
+header "Installing Python ${VERSION}...."
## Install Python.
-minimal_apt_get_install python python2 python3
+rm -f /usr/bin/python
+if [[ ${VERSION} == "2.7" ]]; then
+ # Jammy still builds 2.7, so install from normal repo
+ minimal_apt_get_install python2.7 python2.7-dev
+elif [[ ${VERSION} == "3.10" ]]; then
+ # baseimage already has 3.10, so just install dev support
+ minimal_apt_get_install python3-venv python3-dev
+else
+ # otherwise install the deadsnakes PPA and install from there
+ apt_add_ppa ppa:deadsnakes/ppa
+ minimal_apt_get_install "python${VERSION}" "python${VERSION}-dev" "python${VERSION}-venv"
+fi
+ln -s "/usr/bin/python${VERSION}" /usr/bin/python
diff --git a/image/redis.sh b/image/redis.sh
index 1e6a9852..abb87c27 100755
--- a/image/redis.sh
+++ b/image/redis.sh
@@ -5,6 +5,7 @@ source /pd_build/buildconfig
header "Installing Redis..."
## Install Redis.
+run apt-get update
run apt-get install -y redis-server libhiredis-dev
run mkdir /etc/service/redis
run cp /pd_build/runit/redis /etc/service/redis/run
diff --git a/image/ruby-2.7.8.sh b/image/ruby-2.7.8.sh
deleted file mode 100755
index b9eedc70..00000000
--- a/image/ruby-2.7.8.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-set -e
-source /pd_build/buildconfig
-
-RVM_ID=$(basename "$0" | sed 's/.sh$//')
-
-header "Installing $RVM_ID"
-
-run mkdir -p "/rvm_cache/${ARCH}"
-if [[ -e "/rvm_cache/${ARCH}/${RVM_ID}.tar.bz2" ]]; then
- # use cached ruby if present
- run /usr/local/rvm/bin/rvm mount "/rvm_cache/${ARCH}/${RVM_ID}.tar.bz2"
-else
- # otherwise build one
- MAKEFLAGS=-j$(nproc) run /usr/local/rvm/bin/rvm install $RVM_ID --disable-cache || ( cat /usr/local/rvm/log/*${RVM_ID}*/*.log && false )
- run cd "/rvm_cache/${ARCH}"
- run /usr/local/rvm/bin/rvm prepare "${RVM_ID}"
- run cd /
-fi
-
-run /usr/local/rvm/bin/rvm-exec $RVM_ID@global gem install $DEFAULT_RUBY_GEMS --no-document
-# Make passenger_system_ruby work.
-run create_rvm_wrapper_script ruby2.7 $RVM_ID ruby
-run /pd_build/ruby_support/install_ruby_utils.sh
-run /pd_build/ruby_support/finalize.sh
diff --git a/image/ruby-3.0.6.sh b/image/ruby-3.0.6.sh
index 45427f0e..1719796d 100755
--- a/image/ruby-3.0.6.sh
+++ b/image/ruby-3.0.6.sh
@@ -4,16 +4,30 @@ source /pd_build/buildconfig
RVM_ID=$(basename "$0" | sed 's/.sh$//')
-header "Installing $RVM_ID"
+run mkdir -p "/build_cache/${ARCH}"
-run mkdir -p "/rvm_cache/${ARCH}"
-if [[ -e "/rvm_cache/${ARCH}/${RVM_ID}.tar.bz2" ]]; then
+# Ruby 3.0 does not support OpenSSL 3.0, so we need to install 1.1 ourselves
+header "Installing OpenSSL 1.1"
+run minimal_apt_get_install zlib1g-dev
+if [[ -f /build_cache/${ARCH}/openssl1.1.tar.gz ]]; then
+ cd /usr/local
+ tar -xvf /build_cache/${ARCH}/openssl1.1.tar.gz
+ cd
+else
+ run /pd_build/install_openssl1.1.sh
+ cd /usr/local
+ tar -czvf /build_cache/${ARCH}/openssl1.1.tar.gz ssl
+ cd
+fi
+
+header "Installing $RVM_ID"
+if [[ -e "/build_cache/${ARCH}/${RVM_ID}.tar.bz2" ]]; then
# use cached ruby if present
- run /usr/local/rvm/bin/rvm mount "/rvm_cache/${ARCH}/${RVM_ID}.tar.bz2"
+ run /usr/local/rvm/bin/rvm mount "/build_cache/${ARCH}/${RVM_ID}.tar.bz2"
else
# otherwise build one
- MAKEFLAGS=-j$(nproc) run /usr/local/rvm/bin/rvm install $RVM_ID --disable-cache || ( cat /usr/local/rvm/log/*${RVM_ID}*/*.log && false )
- run cd "/rvm_cache/${ARCH}"
+ MAKEFLAGS=-j$(nproc) run /usr/local/rvm/bin/rvm install $RVM_ID --with-openssl-dir=/usr/local/ssl --disable-cache || ( cat /usr/local/rvm/log/*${RVM_ID}*/*.log && false )
+ run cd "/build_cache/${ARCH}"
run /usr/local/rvm/bin/rvm prepare "${RVM_ID}"
run cd /
fi
diff --git a/image/ruby-3.1.4.sh b/image/ruby-3.1.4.sh
index ac52e80d..bf06244e 100755
--- a/image/ruby-3.1.4.sh
+++ b/image/ruby-3.1.4.sh
@@ -6,15 +6,15 @@ RVM_ID=$(basename "$0" | sed 's/.sh$//')
header "Installing $RVM_ID"
-run mkdir -p "/rvm_cache/${ARCH}"
-if [[ -e "/rvm_cache/${ARCH}/${RVM_ID}.tar.bz2" ]]; then
+run mkdir -p "/build_cache/${ARCH}"
+if [[ -e "/build_cache/${ARCH}/${RVM_ID}.tar.bz2" ]]; then
# use cached ruby if present
- run /usr/local/rvm/bin/rvm mount "/rvm_cache/${ARCH}/${RVM_ID}.tar.bz2"
+ run /usr/local/rvm/bin/rvm mount "/build_cache/${ARCH}/${RVM_ID}.tar.bz2"
else
# otherwise build one
run minimal_apt_get_install rustc # For compiling Ruby with YJIT
MAKEFLAGS=-j$(nproc) run /usr/local/rvm/bin/rvm install $RVM_ID --disable-cache || ( cat /usr/local/rvm/log/*${RVM_ID}*/*.log && false )
- run cd "/rvm_cache/${ARCH}"
+ run cd "/build_cache/${ARCH}"
run /usr/local/rvm/bin/rvm prepare "${RVM_ID}"
run cd /
fi
diff --git a/image/ruby-3.2.2.sh b/image/ruby-3.2.2.sh
index d0c6f98c..9d7eb611 100755
--- a/image/ruby-3.2.2.sh
+++ b/image/ruby-3.2.2.sh
@@ -6,15 +6,15 @@ RVM_ID=$(basename "$0" | sed 's/.sh$//')
header "Installing $RVM_ID"
-run mkdir -p "/rvm_cache/${ARCH}"
-if [[ -e "/rvm_cache/${ARCH}/${RVM_ID}.tar.bz2" ]]; then
+run mkdir -p "/build_cache/${ARCH}"
+if [[ -e "/build_cache/${ARCH}/${RVM_ID}.tar.bz2" ]]; then
# use cached ruby if present
- run /usr/local/rvm/bin/rvm mount "/rvm_cache/${ARCH}/${RVM_ID}.tar.bz2"
+ run /usr/local/rvm/bin/rvm mount "/build_cache/${ARCH}/${RVM_ID}.tar.bz2"
else
# otherwise build one
run minimal_apt_get_install rustc # For compiling Ruby with YJIT
MAKEFLAGS=-j$(nproc) run /usr/local/rvm/bin/rvm install $RVM_ID --disable-cache || ( cat /usr/local/rvm/log/*${RVM_ID}*/*.log && false )
- run cd "/rvm_cache/${ARCH}"
+ run cd "/build_cache/${ARCH}"
run /usr/local/rvm/bin/rvm prepare "${RVM_ID}"
run cd /
fi
diff --git a/image/ruby_support/finalize.sh b/image/ruby_support/finalize.sh
index e940e23b..8bea5ba8 100755
--- a/image/ruby_support/finalize.sh
+++ b/image/ruby_support/finalize.sh
@@ -24,8 +24,6 @@ elif [[ "$known_rubies" =~ ruby-3\.1 ]]; then
set_rvm_default ruby-3\.1
elif [[ "$known_rubies" =~ ruby-3\.0 ]]; then
set_rvm_default ruby-3\.0
-elif [[ "$known_rubies" =~ ruby-2\.7 ]]; then
- set_rvm_default ruby-2\.7
elif [[ "$known_rubies" =~ jruby ]]; then
set_rvm_default jruby
fi
diff --git a/image/runit/memcached b/image/runit/memcached
index 18b4d556..ffb8f2a7 100755
--- a/image/runit/memcached
+++ b/image/runit/memcached
@@ -1,4 +1,5 @@
#!/bin/sh
set -e
. /etc/memcached.conf
+echo "*** Running /usr/bin/memcached $MEMCACHED_OPTS"
exec chpst -u memcache /usr/bin/memcached $MEMCACHED_OPTS >>/var/log/memcached.log 2>&1
diff --git a/image/runit/nginx b/image/runit/nginx
index e9fde25e..3b5d6590 100755
--- a/image/runit/nginx
+++ b/image/runit/nginx
@@ -2,4 +2,5 @@
set -e
# We ensure nginx-log-forwarder is running first so it catches the first log-lines
sv restart /etc/service/nginx-log-forwarder
+echo "*** Running /usr/sbin/nginx"
exec /usr/sbin/nginx
diff --git a/image/runit/nginx-log-forwarder b/image/runit/nginx-log-forwarder
index 5aefe60b..04125233 100755
--- a/image/runit/nginx-log-forwarder
+++ b/image/runit/nginx-log-forwarder
@@ -4,4 +4,5 @@ set -e
if [[ ! -e /var/log/nginx/error.log ]]; then
touch /var/log/nginx/error.log
fi
+echo "*** Running tail -F /var/log/nginx/error.log"
exec tail -F /var/log/nginx/error.log
diff --git a/image/runit/redis b/image/runit/redis
index d1af5d23..c356eeaf 100755
--- a/image/runit/redis
+++ b/image/runit/redis
@@ -9,4 +9,5 @@ touch $PIDFILE
chown redis:redis $RUNDIR $PIDFILE
chmod 755 $RUNDIR
+echo "*** Running /usr/bin/redis-server /etc/redis/redis.conf"
exec chpst -u redis /usr/bin/redis-server /etc/redis/redis.conf
diff --git a/image/utilities.sh b/image/utilities.sh
index ac00f6df..ea302f88 100755
--- a/image/utilities.sh
+++ b/image/utilities.sh
@@ -8,3 +8,5 @@ run minimal_apt_get_install build-essential
run minimal_apt_get_install git
## JRuby94 at least requires netbase, and other client stuff must.
run minimal_apt_get_install netbase
+## utilities needed to add apt ppas
+run minimal_apt_get_install curl gnupg ca-certificates