diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index 90144f7656220..3fbf56e680640 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -241,3 +241,17 @@ jobs:
run: make livecheck || ( tail -n 300 logs/apache2/*error*log; docker compose logs; false )
- name: test clean
run: make hdown
+
+ test_deployment:
+ name: š¦¾ Some test of deployment tools
+ runs-on: ubuntu-latest
+ if: github.event_name == 'pull_request'
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ fetch-depth: 1
+ - name: verify apache2 envvars is correct
+ run: |
+ env/setenv.sh off;
+ sh -c ". conf/apache-2.4/off-envvars"
+ sh -c "APACHE_CONFDIR=/etc/apache2-priority; . conf/apache-2.4/off-envvars"
\ No newline at end of file
diff --git a/conf/apache-2.4/modperl.conf b/conf/apache-2.4/modperl.conf
index 486c211c80dc2..215c967924c15 100644
--- a/conf/apache-2.4/modperl.conf
+++ b/conf/apache-2.4/modperl.conf
@@ -21,6 +21,7 @@ PerlPassEnv CROWDIN_PROJECT_KEY
PerlPassEnv GEOLITE2_PATH
PerlPassEnv POSTGRES_USER
PerlPassEnv POSTGRES_PASSWORD
+PerlPassEnv LOG4PERL_CONF
PerlPassEnv LOG_LEVEL_ROOT
PerlPassEnv LOG_LEVEL_MONGODB
PerlPassEnv LOG_LEVEL_RATE_LIMITER
@@ -31,4 +32,4 @@ PerlPassEnv RATE_LIMITER_BLOCKING_ENABLED
PerlPassEnv ODOO_CRM_URL
PerlPassEnv ODOO_CRM_DB
PerlPassEnv ODOO_CRM_USER
-PerlPassEnv ODOO_CRM_PASSWORD
\ No newline at end of file
+PerlPassEnv ODOO_CRM_PASSWORD
diff --git a/conf/apache-2.4/mpm_prefork.conf b/conf/apache-2.4/mpm_prefork.conf
new file mode 100644
index 0000000000000..09601ecec512e
--- /dev/null
+++ b/conf/apache-2.4/mpm_prefork.conf
@@ -0,0 +1,12 @@
+# prefork MPM
+
+
+ StartServers ${APACHE_MPM_START_SERVERS}
+ MinSpareServers ${APACHE_MPM_MIN_SPARSE_SERVERS}
+ MaxSpareServers ${APACHE_MPM_MAX_SPARSE_SERVERS}
+ MaxRequestWorkers ${APACHE_MPM_MAX_REQUEST_WORKERS}
+ ServerLimit ${APACHE_MPM_SERVER_LIMIT}
+ MaxConnectionsPerChild ${APACHE_MPM_MAX_CONN_PER_CHILD}
+
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/conf/apache-2.4/off-envvars b/conf/apache-2.4/off-envvars
new file mode 100644
index 0000000000000..db2343b8b7dc4
--- /dev/null
+++ b/conf/apache-2.4/off-envvars
@@ -0,0 +1,75 @@
+# This file override the envvars of apache2
+# It is an important place to tweak apache2 through environment variables
+# and put some logic in them
+
+# It will use variables
+# that are set in env.
+# And also the instance name
+
+# SUFFIX can be used to tweak settings according to the instance name
+if [ "${APACHE_CONFDIR##/etc/apache2-}" != "${APACHE_CONFDIR}" ] ; then
+ SUFFIX="-${APACHE_CONFDIR##/etc/apache2-}"
+ APACHE_INSTANCE=${APACHE_CONFDIR##/etc/apache2-}
+else
+ SUFFIX=
+ APACHE_INSTANCE=
+fi
+
+# we will first source the standard envvars file (if it exists)
+if [ -f /etc/apache2${SUFFIX}/envvars ];
+then
+ . /etc/apache2/envvars
+fi
+
+# now we can set our specific settings
+
+# we use off user instead of www-data
+export APACHE_RUN_USER=off
+export APACHE_RUN_GROUP=off
+
+# port - standard or priority
+export APACHE2_PORT=8001
+if [ "$APACHE_INSTANCE" = "priority" ]
+then
+ export APACHE2_PORT=8002
+fi
+
+APP_DIR=/srv/$PRODUCT_OPENER_FLAVOR_SHORT
+
+LOG4PERL_CONF=$APP_DIR/conf/$PRODUCT_OPENER_FLAVOR_SHORT-log.conf
+if [ -n "$APACHE_INSTANCE" ]
+then
+ export LOG4PERL_CONF=$APP_DIR/conf/$PRODUCT_OPENER_FLAVOR_SHORT-$APACHE_INSTANCE-log.conf
+fi
+
+# MPM settings -----------
+
+# StartServers: number of server processes to start
+export APACHE_MPM_START_SERVERS=2
+# MaxRequestWorkers: maximum number of server processes allowed to start
+export APACHE_MPM_MAX_REQUEST_WORKERS=20
+# MaxConnectionsPerChild: maximum number of requests a server process serves
+# keep this a bit low to avoid memory issues
+export APACHE_MPM_MAX_CONN_PER_CHILD=100
+# specific MPM settings
+if [ "$PRODUCT_OPENER_FLAVOR_SHORT" = "off" ]
+then
+ export APACHE_MPM_START_SERVERS=5
+ export APACHE_MPM_MAX_REQUEST_WORKERS=25
+ if [ "$INSTANCE_NAME" = "priority" ]
+ then
+ export APACHE_MPM_MAX_REQUEST_WORKERS=50
+ fi
+fi
+if [ "$PRODUCT_OPENER_FLAVOR_SHORT" = "off-pro" ]
+then
+ export APACHE_MPM_MAX_REQUEST_WORKERS=10
+fi
+# MinSpareServers: minimum number of server processes which are kept spare
+# we use StartServers value
+export APACHE_MPM_MIN_SPARSE_SERVERS=${APACHE_MPM_START_SERVERS}
+# MaxSpareServers: maximum number of server processes which are kept spare
+# we use MinSpareServers * 2
+export APACHE_MPM_MAX_SPARSE_SERVERS=$((APACHE_MPM_MIN_SPARSE_SERVERS * 2))
+# corresponds to max request workers + sparse servers
+export APACHE_MPM_SERVER_LIMIT=$((APACHE_MPM_MAX_REQUEST_WORKERS + APACHE_MPM_MAX_SPARSE_SERVERS))
diff --git a/conf/apache-2.4/off-mpm_prefork.conf b/conf/apache-2.4/off-mpm_prefork.conf
deleted file mode 100644
index 77b1e22c15cf8..0000000000000
--- a/conf/apache-2.4/off-mpm_prefork.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-# prefork MPM
-# StartServers: number of server processes to start
-# MinSpareServers: minimum number of server processes which are kept spare
-# MaxSpareServers: maximum number of server processes which are kept spare
-# MaxRequestWorkers: maximum number of server processes allowed to start
-# MaxConnectionsPerChild: maximum number of requests a server process serves
-
-
- StartServers 5
- MinSpareServers 5
- MaxSpareServers 10
- MaxRequestWorkers 50
- ServerLimit 55
- MaxConnectionsPerChild 100
-
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/conf/apache-2.4/off-ports.conf b/conf/apache-2.4/off-ports.conf
deleted file mode 100644
index b3116f1893ab5..0000000000000
--- a/conf/apache-2.4/off-ports.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# If you just change the port or add more ports here, you will likely also
-# have to change the VirtualHost statement in
-# /etc/apache2/sites-enabled/000-default.conf
-
-Listen 8004
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/conf/apache-2.4/off-pro-mpm_prefork.conf b/conf/apache-2.4/off-pro-mpm_prefork.conf
deleted file mode 100644
index 58645cbbf9dfe..0000000000000
--- a/conf/apache-2.4/off-pro-mpm_prefork.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-# prefork MPM
-# StartServers: number of server processes to start
-# MinSpareServers: minimum number of server processes which are kept spare
-# MaxSpareServers: maximum number of server processes which are kept spare
-# MaxRequestWorkers: maximum number of server processes allowed to start
-# MaxConnectionsPerChild: maximum number of requests a server process serves
-
-
- StartServers 2
- MinSpareServers 2
- MaxSpareServers 2
- MaxRequestWorkers 10
- MaxConnectionsPerChild 100
-
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/conf/apache-2.4/off-pro-ports.conf b/conf/apache-2.4/off-pro-ports.conf
deleted file mode 100644
index 65c945369d3e4..0000000000000
--- a/conf/apache-2.4/off-pro-ports.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# If you just change the port or add more ports here, you will likely also
-# have to change the VirtualHost statement in
-# /etc/apache2/sites-enabled/000-default.conf
-
-Listen 8014
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/conf/apache-2.4/opf-ports.conf b/conf/apache-2.4/opf-ports.conf
deleted file mode 100644
index 870783962f41d..0000000000000
--- a/conf/apache-2.4/opf-ports.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# If you just change the port or add more ports here, you will likely also
-# have to change the VirtualHost statement in
-# /etc/apache2/sites-enabled/000-default.conf
-
-Listen 8003
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/conf/apache-2.4/opff-ports.conf b/conf/apache-2.4/opff-ports.conf
deleted file mode 100644
index 76cb071281dd0..0000000000000
--- a/conf/apache-2.4/opff-ports.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# If you just change the port or add more ports here, you will likely also
-# have to change the VirtualHost statement in
-# /etc/apache2/sites-enabled/000-default.conf
-
-Listen 8001
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/conf/apache-2.4/obf-ports.conf b/conf/apache-2.4/ports.conf
similarity index 64%
rename from conf/apache-2.4/obf-ports.conf
rename to conf/apache-2.4/ports.conf
index ab80878b05fbe..bebf257596d8d 100644
--- a/conf/apache-2.4/obf-ports.conf
+++ b/conf/apache-2.4/ports.conf
@@ -2,6 +2,7 @@
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
-Listen 8002
+# APACHE2_PORT has to be passed using -D directive in systemd/apache2.service.d/override.conf
+Listen ${APACHE2_PORT}
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/conf/apache-2.4/sites-available/obf.conf b/conf/apache-2.4/sites-available/obf.conf
index cc954de8fafd6..00a2a897de1d0 100644
--- a/conf/apache-2.4/sites-available/obf.conf
+++ b/conf/apache-2.4/sites-available/obf.conf
@@ -25,8 +25,8 @@ Require all granted
DocumentRoot /srv/obf/html
ServerName openbeautyfacts.org
-ErrorLog /srv/obf/logs/error_log
-CustomLog /srv/obf/logs/access_log proxy
+ErrorLog /srv/obf/logs/error_log_${APACHE2_PORT}
+CustomLog /srv/obf/logs/access_log_${APACHE2_PORT} proxy
LogLevel warn
ScriptAlias /cgi/ "/srv/obf/cgi/"
diff --git a/conf/apache-2.4/sites-available/off-pro.conf b/conf/apache-2.4/sites-available/off-pro.conf
index ab71c48fd95af..a58b3d4b1e133 100644
--- a/conf/apache-2.4/sites-available/off-pro.conf
+++ b/conf/apache-2.4/sites-available/off-pro.conf
@@ -26,8 +26,8 @@ Require all granted
DocumentRoot /srv/off-pro/html
ServerName pro.openfoodfacts.org
-ErrorLog /srv/off-pro/logs/error_log
-CustomLog /srv/off-pro/logs/access_log proxy
+ErrorLog /srv/off-pro/logs/error_log_${APACHE2_PORT}
+CustomLog /srv/off-pro/logs/access_log_${APACHE2_PORT} proxy
LogLevel warn
ScriptAlias /cgi/ "/srv/off-pro/cgi/"
diff --git a/conf/apache-2.4/sites-available/off.conf b/conf/apache-2.4/sites-available/off.conf
index 8ab062d608efc..593dbd4ec7bb3 100644
--- a/conf/apache-2.4/sites-available/off.conf
+++ b/conf/apache-2.4/sites-available/off.conf
@@ -26,8 +26,8 @@ Require all granted
DocumentRoot /srv/off/html
ServerName openfoodfacts.org
-ErrorLog /srv/off/logs/error_log
-CustomLog /srv/off/logs/access_log proxy
+ErrorLog /srv/off/logs/error_log_${APACHE2_PORT}
+CustomLog /srv/off/logs/access_log_${APACHE2_PORT} proxy
LogLevel warn
ScriptAlias /cgi/ "/srv/off/cgi/"
diff --git a/conf/apache-2.4/sites-available/opf.conf b/conf/apache-2.4/sites-available/opf.conf
index 8d758a679cac7..de2d13651c507 100644
--- a/conf/apache-2.4/sites-available/opf.conf
+++ b/conf/apache-2.4/sites-available/opf.conf
@@ -25,8 +25,8 @@ Require all granted
DocumentRoot /srv/opf/html
ServerName openproductsfacts.org
-ErrorLog /srv/opf/logs/error_log
-CustomLog /srv/opf/logs/access_log proxy
+ErrorLog /srv/opf/logs/error_log_${APACHE2_PORT}
+CustomLog /srv/opf/logs/access_log_${APACHE2_PORT} proxy
LogLevel warn
ScriptAlias /cgi/ "/srv/opf/cgi/"
diff --git a/conf/apache-2.4/sites-available/opff.conf b/conf/apache-2.4/sites-available/opff.conf
index 9bc061fc1619c..8a020414eb380 100644
--- a/conf/apache-2.4/sites-available/opff.conf
+++ b/conf/apache-2.4/sites-available/opff.conf
@@ -26,8 +26,8 @@ Require all granted
DocumentRoot /srv/opff/html
ServerName openpetfoodfacts.org
-ErrorLog /srv/opff/logs/error_log
-CustomLog /srv/opff/logs/access_log combined
+ErrorLog /srv/opff/logs/error_log_${APACHE2_PORT}
+CustomLog /srv/opff/logs/access_log_${APACHE2_PORT} combined
LogLevel warn
ScriptAlias /cgi/ "/srv/opff/cgi/"
diff --git a/conf/etc-default/prometheus-apache-exporter b/conf/etc-default/prometheus-apache-exporter
index 40c4e38a79068..2428bb1d85dd3 100644
--- a/conf/etc-default/prometheus-apache-exporter
+++ b/conf/etc-default/prometheus-apache-exporter
@@ -1,5 +1,5 @@
# Set the command-line arguments to pass to the server.
-ARGS='-scrape_uri http://127.0.0.1:8004/server-status/?auto'
+ARGS='-scrape_uri http://127.0.0.1:8001/server-status/?auto'
#Usage of prometheus-apache-exporter:
# -host_override string
diff --git a/conf/etc-default/prometheus-apache-priority-exporter b/conf/etc-default/prometheus-apache-priority-exporter
new file mode 100644
index 0000000000000..d9d0471ca60a6
--- /dev/null
+++ b/conf/etc-default/prometheus-apache-priority-exporter
@@ -0,0 +1,16 @@
+# Set the command-line arguments to pass to the server.
+# we use a different port than the standard exporter
+ARGS='-telemetry.address :9118 -scrape_uri http://127.0.0.1:8002/server-status/?auto'
+
+#Usage of prometheus-apache-exporter:
+# -host_override string
+# Override for HTTP Host header; empty string for no override.
+# -insecure
+# Ignore server certificate if using https.
+# -scrape_uri string
+# URI to apache stub status page. (default
+# "http://localhost/server-status/?auto")
+# -telemetry.address string
+# Address on which to expose metrics. (default ":9117")
+# -telemetry.endpoint string
+# Path under which to expose metrics. (default "/metrics")
diff --git a/conf/nginx/sites-available/howmuchsugar b/conf/nginx/sites-available/howmuchsugar
index e6c7c1645ea7c..991c474cf40cf 100644
--- a/conf/nginx/sites-available/howmuchsugar
+++ b/conf/nginx/sites-available/howmuchsugar
@@ -76,6 +76,6 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Site-Name $howmuchsugar_name;
proxy_set_header X-Site-Lang $howmuchsugar_lang;
- proxy_pass http://127.0.0.1:8004;
+ proxy_pass http://127.0.0.1:8001;
}
}
diff --git a/conf/nginx/sites-available/obf b/conf/nginx/sites-available/obf
index a4f2c577b680b..07df904f86041 100644
--- a/conf/nginx/sites-available/obf
+++ b/conf/nginx/sites-available/obf
@@ -126,7 +126,7 @@ server {
access_log /var/log/nginx/proxy-obf-access.log proxied_requests buffer=256K flush=1s;
error_log /var/log/nginx/proxy-obf-error.log;
- proxy_pass http://127.0.0.1:8002/cgi/display.pl?;
+ proxy_pass http://127.0.0.1:8001/cgi/display.pl?;
}
location /cgi/ {
@@ -137,7 +137,7 @@ server {
access_log /var/log/nginx/proxy-obf-access.log proxied_requests buffer=256K flush=1s;
error_log /var/log/nginx/proxy-obf-error.log;
- proxy_pass http://127.0.0.1:8002;
+ proxy_pass http://127.0.0.1:8001;
}
}
diff --git a/conf/nginx/sites-available/off b/conf/nginx/sites-available/off
index b2fcfb3565f5f..9bd879ff40795 100644
--- a/conf/nginx/sites-available/off
+++ b/conf/nginx/sites-available/off
@@ -13,6 +13,19 @@ server {
}
}
+# map to decide if we go to the priority (8002) or standard service (8001)
+map $uri $apache_port {
+ default 8001;
+
+ # home pages
+ "~*/$" 8002;
+ # product read / write (note that nginx does not support direct utf-8)
+ "~*/(mountaj|m\xc9\x99hsul|\xd0\xbf\xd1\x80\xd0\xbe\xd0\xb4\xd1\x83\xd0\xba\xd1\x82|gynnyrch|produkt|product|product|product|produkto|producto|toode|produkto|produit|produto|term\xc3\xa9k|produk|\xe8\xa3\xbd\xe5\x93\x81|afaris|\xd3\xa9\xd0\xbd\xd1\x96\xd0\xbc|\xec\x83\x9d\xec\x84\xb1\xeb\xac\xbc|berhem|\xe0\xa4\x89\xe0\xa4\xa4\xe0\xa5\x8d\xe0\xa4\xaa\xe0\xa4\xbe\xe0\xa4\xa6\xe0\xa4\xa8|produk|produkt|\xe0\xa4\x89\xe0\xa4\xa4\xe0\xa5\x8d\xe0\xa4\xaa\xe0\xa4\xbe\xe0\xa4\xa6\xe0\xa4\xa8|product|product|product|produkt|produkt|produit|produto|produto|produto|\xd0\xbf\xd1\x80\xd0\xbe\xd0\xb4\xd1\x83\xd0\xba\xd1\x82|product|proizvod|produkto|\xc3\xbcr\xc3\xbcn|\xd0\xbf\xd1\x80\xd0\xbe\xd0\xb4\xd1\x83\xd0\xba\xd1\x82|\xe4\xba\xa7\xe5\x93\x81|\xe7\x94\xa2\xe5\x93\x81|\xe7\x94\xa2\xe5\x93\x81)/" 8002;
+ "~*/cgi/product.pl" 8002;
+ # product API read / write
+ "~*/api/v./product/" 8002;
+}
+
# variables definitions for expiry headers are loaded from /etc/nginx/conf.d/expires-no-json-xml.conf
server {
@@ -148,7 +161,7 @@ server {
access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s;
error_log /var/log/nginx/proxy-off-error.log;
- proxy_pass http://127.0.0.1:8004/cgi/display.pl?;
+ proxy_pass http://127.0.0.1:$apache_port/cgi/display.pl?;
}
location /cgi/ {
@@ -159,7 +172,7 @@ server {
access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s;
error_log /var/log/nginx/proxy-off-error.log;
- proxy_pass http://127.0.0.1:8004;
+ proxy_pass http://127.0.0.1:$apache_port;
}
}
diff --git a/conf/nginx/sites-available/off-pro b/conf/nginx/sites-available/off-pro
index 2d4bc0b3dba9c..4e46ea15e8737 100644
--- a/conf/nginx/sites-available/off-pro
+++ b/conf/nginx/sites-available/off-pro
@@ -94,7 +94,7 @@ server {
access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s;
error_log /var/log/nginx/proxy-off-error.log;
- proxy_pass http://127.0.0.1:8014/cgi/display.pl?;
+ proxy_pass http://127.0.0.1:8001/cgi/display.pl?;
}
location /cgi/ {
@@ -105,7 +105,7 @@ server {
access_log /var/log/nginx/proxy-off-access.log proxied_requests buffer=256K flush=1s;
error_log /var/log/nginx/proxy-off-error.log;
- proxy_pass http://127.0.0.1:8014;
+ proxy_pass http://127.0.0.1:8001;
}
}
diff --git a/conf/nginx/sites-available/opf b/conf/nginx/sites-available/opf
index 933ef77bce433..5e6e69ec7e595 100644
--- a/conf/nginx/sites-available/opf
+++ b/conf/nginx/sites-available/opf
@@ -125,7 +125,7 @@ server {
access_log /var/log/nginx/proxy-opf-access.log proxied_requests buffer=256K flush=1s;
error_log /var/log/nginx/proxy-opf-error.log;
- proxy_pass http://127.0.0.1:8003/cgi/display.pl?;
+ proxy_pass http://127.0.0.1:8001/cgi/display.pl?;
}
location /cgi/ {
@@ -136,7 +136,7 @@ server {
access_log /var/log/nginx/proxy-opf-access.log proxied_requests buffer=256K flush=1s;
error_log /var/log/nginx/proxy-opf-error.log;
- proxy_pass http://127.0.0.1:8003;
+ proxy_pass http://127.0.0.1:8001;
}
}
diff --git a/conf/off-priority-log.conf b/conf/off-priority-log.conf
new file mode 100644
index 0000000000000..0dd4c1a822beb
--- /dev/null
+++ b/conf/off-priority-log.conf
@@ -0,0 +1,36 @@
+log4perl.rootLogger=ERROR, LOGFILE
+log4perl.logger.mongodb=INFO, MONGODB_LOGFILE
+log4perl.logger.ratelimiter=INFO, RATELIMITER_LOGFILE
+log4perl.logger.requeststats=INFO, REQUESTSTATS_LOGFILE
+
+log4perl.PatternLayout.cspec.S = sub { my $context = Log::Log4perl::MDC->get_context; use Data::Dumper (); local $Data::Dumper::Indent = 0; local $Data::Dumper::Terse = 1; local $Data::Dumper::Sortkeys = 1; local $Data::Dumper::Quotekeys = 0; local $Data::Dumper::Deparse = 1; my $str = Data::Dumper::Dumper($context); $str =~ s/[\n\r]/ /g; return $str; }
+log4perl.PatternLayout.cspec.J = sub { my $context = Log::Log4perl::MDC->get_context; use JSON::MaybeXS; my $json_utf8 = JSON::MaybeXS->new->utf8(1)->allow_nonref->canonical; my $str = $json_utf8->encode($context); return $str; }
+
+log4perl.appender.LOGFILE=Log::Log4perl::Appender::File
+log4perl.appender.LOGFILE.filename=/srv/off/logs/log4perl-2.log
+log4perl.appender.LOGFILE.mode=append
+# note: autoflush=0 results in multiple log entries being mixed (probably because there are several Apache processes writing to the same file)
+log4perl.appender.LOGFILE.autoflush=1
+log4perl.appender.LOGFILE.layout=PatternLayout
+log4perl.appender.LOGFILE.layout.ConversionPattern=[%d] %F %L %c %S %m{chomp}%n
+
+log4perl.appender.MONGODB_LOGFILE=Log::Log4perl::Appender::File
+log4perl.appender.MONGODB_LOGFILE.filename=/srv/off/logs/mongodb_log4perl-2.log
+log4perl.appender.MONGODB_LOGFILE.mode=append
+log4perl.appender.MONGODB_LOGFILE.autoflush=1
+log4perl.appender.MONGODB_LOGFILE.layout=PatternLayout
+log4perl.appender.MONGODB_LOGFILE.layout.ConversionPattern=[%d] %F %L %c %S %m{chomp}%n
+
+log4perl.appender.RATELIMITER_LOGFILE=Log::Log4perl::Appender::File
+log4perl.appender.RATELIMITER_LOGFILE.filename=/srv/off/logs/ratelimiter_log4perl-2.log
+log4perl.appender.RATELIMITER_LOGFILE.mode=append
+log4perl.appender.RATELIMITER_LOGFILE.autoflush=1
+log4perl.appender.RATELIMITER_LOGFILE.layout=PatternLayout
+log4perl.appender.RATELIMITER_LOGFILE.layout.ConversionPattern=[%d] %F %L %c %S %m{chomp}%n
+
+log4perl.appender.REQUESTSTATS_LOGFILE=Log::Log4perl::Appender::File
+log4perl.appender.REQUESTSTATS_LOGFILE.filename=/srv/off/logs/requeststats_log4perl-2.log
+log4perl.appender.REQUESTSTATS_LOGFILE.mode=append
+log4perl.appender.REQUESTSTATS_LOGFILE.autoflush=1
+log4perl.appender.REQUESTSTATS_LOGFILE.layout=PatternLayout
+log4perl.appender.REQUESTSTATS_LOGFILE.layout.ConversionPattern=%J %n
diff --git a/conf/systemd/apache2.service.d/override.conf b/conf/systemd/apache2.service.d/override.conf
index 1df951a9b21a4..99bd3e5d8df02 100644
--- a/conf/systemd/apache2.service.d/override.conf
+++ b/conf/systemd/apache2.service.d/override.conf
@@ -1,5 +1,5 @@
[Unit]
-OnFailure=email-failures@apache2-%l.service
+OnFailure=email-failures@apache2.service
# we need time to reboot apache because we load a lot of thingsā¦
JobTimeoutSec=600
JobRunningTimeoutSec=600
@@ -7,6 +7,8 @@ JobRunningTimeoutSec=600
[Service]
# Apache needs some environment variables like PRODUCT_OPENER_FLAVOR_SHORT
# %l is the short host name (e.g. off, obf, off-pro)
+# NOTE: if the hostname does not match the instance type,
+# there might be a specific directory for env matching the hostname
EnvironmentFile=/srv/%l/env/env.%l
TimeoutStartSec=600
Restart=always
diff --git a/conf/systemd/apache2@.service.d/override.conf b/conf/systemd/apache2@.service.d/override.conf
new file mode 100644
index 0000000000000..2be79a89cdae1
--- /dev/null
+++ b/conf/systemd/apache2@.service.d/override.conf
@@ -0,0 +1,15 @@
+[Unit]
+OnFailure=email-failures@apache2-%i.service
+# we need time to reboot apache because we load a lot of thingsā¦
+JobTimeoutSec=600
+JobRunningTimeoutSec=600
+
+[Service]
+# Apache needs some environment variables like PRODUCT_OPENER_FLAVOR_SHORT
+# %l is the short host name (e.g. off, obf, off-pro)
+# NOTE: if the hostname does not match the instance type,
+# there might be a specific directory for env matching the hostname
+EnvironmentFile=/srv/%l/env/env.%l
+
+TimeoutStartSec=600
+Restart=always
diff --git a/conf/systemd/nginx.service.d/override.conf b/conf/systemd/nginx.service.d/override.conf
index c26e5bd57aa79..668dc02308138 100644
--- a/conf/systemd/nginx.service.d/override.conf
+++ b/conf/systemd/nginx.service.d/override.conf
@@ -1,7 +1,7 @@
+[Unit]
+OnFailure=email-failures@nginx.service
+
[Service]
# let nginx decide on that
LimitNOFILE=65535
-
-[Unit]
-OnFailure=email-failures@nginx.service
Restart=always
diff --git a/conf/systemd/prometheus-apache-exporter@.service b/conf/systemd/prometheus-apache-exporter@.service
new file mode 100644
index 0000000000000..5331d067262ec
--- /dev/null
+++ b/conf/systemd/prometheus-apache-exporter@.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Prometheus exporter for Apache %i
+Documentation=https://github.com/Lusitaniae/apache_exporter/
+
+[Service]
+Restart=on-failure
+User=prometheus
+# ARGS are define in environment file
+EnvironmentFile=/etc/default/prometheus-apache-%i-exporter
+ExecStart=/usr/bin/prometheus-apache-exporter $ARGS
+
+[Install]
+WantedBy=multi-user.target
diff --git a/env/env.obf b/env/env.obf
index 4e43a8e03ecb5..02601ccc0648d 100644
--- a/env/env.obf
+++ b/env/env.obf
@@ -1,8 +1,13 @@
# NOTE: this is an addition to .env file, not a standalone file !
# It should be loaded with: source env/setenv.sh
+# docker compose configuration
COMPOSE_PROJECT_NAME=po_obf
+# containers specific configurations
+APACHE_ENVVARS=/etc/apache2/off-envvars
+
+# app configuration
PRODUCT_OPENER_FLAVOR=openbeautyfacts
PRODUCT_OPENER_FLAVOR_SHORT=obf
ROBOTOFF_URL=https://robotoff.openfoodfacts.org
diff --git a/env/env.off b/env/env.off
index 049c5d157cb45..554bfd445b76a 100644
--- a/env/env.off
+++ b/env/env.off
@@ -1,8 +1,13 @@
# NOTE: this is an addition to .env file, not a standalone file !
# It should be loaded with: source env/setenv.sh
+# docker compose configuration
COMPOSE_PROJECT_NAME=po_off
+# containers specific configurations
+APACHE_ENVVARS=/etc/apache2/off-envvars
+
+# app configuration
PRODUCT_OPENER_FLAVOR=openfoodfacts
PRODUCT_OPENER_FLAVOR_SHORT=off
diff --git a/env/env.opf b/env/env.opf
index 679340860fb0d..be138d740ba64 100644
--- a/env/env.opf
+++ b/env/env.opf
@@ -1,9 +1,13 @@
# NOTE: this is an addition to .env file, not a standalone file !
# It should be loaded with: source env/setenv.sh
+# docker compose configuration
COMPOSE_PROJECT_NAME=po_opf
+# containers specific configurations
+APACHE_ENVVARS=/etc/apache2/off-envvars
+
+# app configuration
PRODUCT_OPENER_FLAVOR=openproductfacts
PRODUCT_OPENER_FLAVOR_SHORT=opf
-
NUTRIPATROL_URL=https://nutripatrol.openfoodfacts.org/
\ No newline at end of file
diff --git a/env/env.opff b/env/env.opff
index a4da1805e07e8..ddf14b03b5de9 100644
--- a/env/env.opff
+++ b/env/env.opff
@@ -1,9 +1,14 @@
# NOTE: this is an addition to .env file, not a standalone file !
# It should be loaded with: source env/setenv.sh
+# docker compose configuration
COMPOSE_PROJECT_NAME=po_opff
+
+# containers specific configurations
+APACHE_ENVVARS=/etc/apache2/off-envvars
+
+# app configuration
PRODUCT_OPENER_FLAVOR=openpetfoodfacts
PRODUCT_OPENER_FLAVOR_SHORT=opff
-
NUTRIPATROL_URL=https://nutripatrol.openfoodfacts.org/
\ No newline at end of file
diff --git a/lib/startup_apache2.pl b/lib/startup_apache2.pl
index 178b57796e2bf..c4430377baf56 100755
--- a/lib/startup_apache2.pl
+++ b/lib/startup_apache2.pl
@@ -63,7 +63,8 @@
use Log::Any qw($log);
use Log::Log4perl;
-Log::Log4perl->init("$conf_root/log.conf"); # Init log4perl from a config file.
+# Init log4perl from a config file
+Log::Log4perl->init($ENV{LOG4PERL_CONF} // "$conf_root/log.conf");
use Log::Any::Adapter;
Log::Any::Adapter->set('Log4perl'); # Send all logs to Log::Log4perl
diff --git a/scripts/deploy/verify-deployment.sh b/scripts/deploy/verify-deployment.sh
old mode 100644
new mode 100755
index 1b673849a0091..7aeae1b471fb0
--- a/scripts/deploy/verify-deployment.sh
+++ b/scripts/deploy/verify-deployment.sh
@@ -79,16 +79,25 @@ function check_args {
function compute_services {
# systemd services to check for symlinks
- SYSTEMD_LINKS+=( email-failures@.service nginx.service.d apache2.service.d cloud_vision_ocr@.service )
+ SYSTEMD_LINKS+=( email-failures@.service nginx.service.d apache2.service apache2@.service.d prometheus@.service.d cloud_vision_ocr@.service )
# units that must be active (and enabled)
SYSTEMD_UNITS_ACTIVE=( nginx.service apache2.service cloud_vision_ocr@$SERVICE.service )
+ # units that must be enabled
SYSTEMD_UNITS_ENABLED=( )
+ # priority request on off
+ if [[ $SERVICE = "off" ]]
+ then
+ SYSTEMD_LINKS+=( prometheus-apache-exporter@.service )
+ SYSTEMD_UNITS_ACTIVE+=( apache2@priority.service prometheus-apache-exporter.service prometheus-apache-exporter@priority.service )
+ fi
if [[ -z $IS_PRO ]]
then
- SYSTEMD_LINKS+=( gen_feeds{,_daily}@.{service,timer} )
- SYSTEMD_UNITS_ACTIVE+=( gen_feeds@$SERVICE.timer gen_feeds_daily@$SERVICE.timer )
- SYSTEMD_UNITS_ENABLED+=( gen_feeds@$SERVICE.service gen_feeds_daily@$SERVICE.service )
+ # non pro
+ SYSTEMD_LINKS+=( gen_feeds_daily@.{service,timer} )
+ SYSTEMD_UNITS_ACTIVE+=( gen_feeds_daily@$SERVICE.timer )
+ SYSTEMD_UNITS_ENABLED+=( gen_feeds_daily@$SERVICE.service )
else
+ # pro
SYSTEMD_LINKS+=( producers_import@.{service,timer} )
SYSTEMD_UNITS_ACTIVE+=( producers_import@$SERVICE.timer )
SYSTEMD_UNITS_ENABLED+=( producers_import@$SERVICE.service )
@@ -190,9 +199,17 @@ function compute_expected_links {
fi
# apache2 links
- EXPECTED_LINKS["/etc/apache2/ports.conf"]="$REPO_PATH/conf/apache-2.4/$SERVICE-ports.conf"
- EXPECTED_LINKS["/etc/apache2/mods-available/mpm_prefork.conf"]="$REPO_PATH/conf/apache-2.4/$SERVICE-mpm_prefork.conf"
+ EXPECTED_LINKS["/etc/apache2/ports.conf"]="$REPO_PATH/conf/apache-2.4/ports.conf"
+ EXPECTED_LINKS["/etc/apache2/off-envvars"]="$REPO_PATH/conf/apache-2.4/off-envvars"
+ EXPECTED_LINKS["/etc/apache2/mods-available/mpm_prefork.conf"]="$REPO_PATH/conf/apache-2.4/mpm_prefork.conf"
EXPECTED_LINKS["/etc/apache2/sites-enabled/$SERVICE.conf"]="$REPO_PATH/conf/apache-2.4/sites-available/$SERVICE.conf"
+ EXPECTED_LINKS["/etc/apache2-standard"]="/etc/apache-2"
+ EXPECTED_LINKS["/var/log/apache2-standard"]="/var/log/apache-2"
+ if [[ $SERVICE = "off" ]]
+ then
+ EXPECTED_LINKS["/etc/apache2-priority"]="/etc/apache-2"
+ EXPECTED_LINKS["/var/log/apache2-standard"]="/var/log/apache-2"
+ fi
for systemd_unit in {apache2,nginx}.service.d ${SYSTEMD_LINKS[@]}
do
@@ -201,6 +218,14 @@ function compute_expected_links {
# log rotate config
EXPECTED_LINKS["/etc/logrotate.d/apache2"]="$REPO_PATH/conf/logrotate/apache2"
+ EXPECTED_LINKS["/etc/logrotate.d/nginx"]="$REPO_PATH/conf/logrotate/nginx"
+
+ # prometheus configs
+ if [[ $SERVICE = "off" ]]
+ then
+ EXPECTED_LINKS["/etc/default/prometheus-apache-exporter"]="$REPO_PATH/conf/etc-default/prometheus-apache-exporter"
+ EXPECTED_LINKS["/etc/default/prometheus-apache-priority-exporter"]="$REPO_PATH/conf/etc-default/prometheus-apache-priority-exporter"
+ fi
# Note: other link on old versions:
# /srv/$SERVICE/users_emails.sto -> /srv/$SERVICE/users/users_emails.sto
@@ -240,6 +265,7 @@ function check_systemd_units {
do
if ! ( systemctl -q is-enabled $unit )
then
+ GOT_ERROR=1
>&2 echo "ERROR: $unit unit must be enabled"
else
[[ -n "$VERBOSE" ]] && echo " OK: $unit unit enabled"
@@ -249,9 +275,10 @@ function check_systemd_units {
do
if ! ( systemctl -q is-active $unit )
then
- >&2 echo "ERROR: $unit unit must be enabled"
+ GOT_ERROR=1
+ >&2 echo "ERROR: $unit unit must be active"
else
- [[ -n "$VERBOSE" ]] && echo " OK: $unit unit enabled"
+ [[ -n "$VERBOSE" ]] && echo " OK: $unit unit active"
fi
done
@@ -259,17 +286,18 @@ function check_systemd_units {
function other_checks {
- # apache2 must run with off user and group
- for variable in USER GROUP
- do
- if ! ( grep -q "^export APACHE_RUN_$variable=off" /etc/apache2/envvars )
- then
- GOT_ERROR=1
- >&2 echo "ERROR: $variable for apache2 should be off instead off" $(grep "^export APACHE_RUN_$variable=.*" /etc/apache2/envvars)
- else
- [[ -n "$VERBOSE" ]] && echo " OK APACHE_RUN_$variable for apache2"
- fi
- done
+ # a common pitfall is to have log rotate not working
+ # because conf file must be owned by root
+ [[ -n "$VERBOSE" ]] && echo "Checking other things..."
+ # we need -follow because our confs are symlinked
+ NON_ROOT_LOGROTATE_CONF=$(find /etc/logrotate.d/ -follow -type f -not -user root)
+ if [[ -n "$NON_ROOT_LOGROTATE_CONF" ]]
+ then
+ GOT_ERROR=1
+ >&2 echo "ERROR: logrotate config files $NON_ROOT_LOGROTATE_CONF must be owned by root"
+ else
+ [[ -n "$VERBOSE" ]] && echo " OK: logrotate config files are owned by root"
+ fi
}