From 1900178e19580061850d1b84ff12a31d6e2f52d7 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Mon, 14 Jul 2025 21:05:39 -0400 Subject: [PATCH 01/48] stash --- .../app-reference/settings/_index.md | 9 + .../app-reference/settings/relationships.md | 190 ++++++++++++++++++ .../app-reference/single-runtime-image.md | 3 +- 3 files changed, 200 insertions(+), 2 deletions(-) create mode 100644 sites/platform/src/create-apps/app-reference/settings/_index.md create mode 100644 sites/platform/src/create-apps/app-reference/settings/relationships.md diff --git a/sites/platform/src/create-apps/app-reference/settings/_index.md b/sites/platform/src/create-apps/app-reference/settings/_index.md new file mode 100644 index 0000000000..6663e596d9 --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/settings/_index.md @@ -0,0 +1,9 @@ +--- +title: "Config file properties" +linktitle: "Properties" +weight: 6 +description: Configure your app and control how it's built and deployed on {{% vendor/name %}}. +layout: single +--- + +Use the topics below to learn more about each property in the config.yaml file. diff --git a/sites/platform/src/create-apps/app-reference/settings/relationships.md b/sites/platform/src/create-apps/app-reference/settings/relationships.md new file mode 100644 index 0000000000..3f65a5e969 --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/settings/relationships.md @@ -0,0 +1,190 @@ +--- +title: "`relationships`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +keywords: + - sleepy crons + - sleepy_crons +--- + +{{% description %}} + +## Define relationships + +To allow containers in your project to communicate with one another, +you need to define relationships between them. +You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). + + +The quickest way to define a relationship between your app and a service +is to use the service's default endpoint.
+However, some services allow you to define multiple databases, cores, and/or permissions. +In these cases, you can't rely on default endpoints. +Instead, you can explicitly define multiple endpoints when setting up your relationships. + +{{< note >}} +App containers don't have a default endpoint like services. +To connect your app to another app in your project, +you need to explicitly define the `http` endpoint as the endpoint to connect both apps.
+For more information, see how to [define relationships between your apps](/create-apps/multi-app/relationships.md). +{{< /note >}} + +{{< note title="Availability" theme="info">}} + +New syntax (default and explicit endpoints) described below is supported by most, but not all, image types +(`Relationship 'SERVICE_NAME' of application 'myapp' ... targets a service without a valid default endpoint configuration.`). +This syntax is currently being rolled out for all images. +If you encounter this error, use the "legacy" {{% vendor/name %}} configuration noted at the bottom of this section. + +{{< /note >}} + +To define a relationship between your app and a service: + +{{< codetabs >}} + ++++ +title=Using default endpoints ++++ + +Use the following configuration: + +```yaml {configFile="app"} +relationships: + {{% variable "SERVICE_NAME" %}}: +``` + +The `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). +It is used as the relationship name, and associated with a `null` value. +This instructs {{% vendor/name %}} to use the service's default endpoint to connect your app to the service. + +For example, if you define the following configuration: + +```yaml {configFile="app"} +relationships: + mariadb: +``` + +{{% vendor/name %}} looks for a service named `mariadb` in your `{{% vendor/configfile "services" %}}` file, +and connects your app to it through the service's default endpoint. + +For reference, the equivalent configuration using explicit endpoints would be the following: + +```yaml {configFile="app"} +relationships: + mariadb: + service: mariadb + endpoint: mysql +``` + +You can define any number of relationships in this way: + +```yaml {configFile="app"} +relationships: + mariadb: + redis: + elasticsearch: +``` + +{{< note title="Tip" theme="info" >}} + +An even quicker way to define many relationships is to use the following single-line configuration: + +```yaml {configFile="app"} +relationships: {{{< variable "SERVICE_NAME_A" >}}, {{< variable "SERVICE_NAME_B" >}}, {{< variable "SERVICE_NAME_C" >}}} +``` + +where + +```yaml {configFile="services"} +{{< variable "SERVICE_NAME_A" >}}: + type: mariadb:{{% latest "mariadb" %}} + disk: 256 +{{< variable "SERVICE_NAME_B" >}}: + type: redis:{{% latest "redis" %}} + disk: 256 +{{< variable "SERVICE_NAME_C" >}}: + type: elasticsearch:{{% latest "elasticsearch" %}} + disk: 256 +``` + +{{< /note >}} + +<---> + ++++ +title=Using explicit endpoints ++++ + +Use the following configuration: + +```yaml {configFile="app"} +relationships: + {{% variable "RELATIONSHIP_NAME" %}}: + service: {{% variable "SERVICE_NAME" %}} + endpoint: {{% variable "ENDPOINT_NAME" %}} +``` + +- `RELATIONSHIP_NAME` is the name you want to give to the relationship. +- `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). +- `ENDPOINT_NAME` is the endpoint your app will use to connect to the service (refer to the service reference to know which value to use). + +For example, to define a relationship named `database` that connects your app to a service called `mariadb` through the `db1` endpoint, +use the following configuration: + +```yaml {configFile="app"} +relationships: + database: # The name of the relationship. + service: mariadb + endpoint: db1 +``` + +For more information on how to handle multiple databases, multiple cores, +and/or different permissions with services that support such features, +see each service's dedicated page: + + - [MariaDB/MySQL](/add-services/mysql/_index.md#multiple-databases) (multiple databases and permissions) + - [PostgreSQL](/add-services/postgresql/_index.md#multiple-databases) (multiple databases and permissions) + - [Redis](/add-services/redis/_index.md#multiple-databases) (multiple databases) + - [Solr](add-services/solr/_index.md#solr-6-and-later) (multiple cores) + - [Vault KMS](add-services/vault.md#multiple-endpoints-configuration) (multiple permissions) + + You can add as many relationships as you want to your app configuration, + using both default and explicit endpoints according to your needs: + +```yaml {configFile="app"} +relationships: + database1: + service: mariadb + endpoint: admin + database2: + service: mariadb + endpoint: legacy + cache: + service: redis + search: + service: elasticsearch +``` + +{{< /codetabs >}} + +{{< note theme="info" title="Legacy" >}} + +The following legacy syntax for specifying relationships is still supported by {{% vendor/name %}}: + +```yaml {configFile="app"} +relationships: + : ":" +``` + +For example: + +```yaml {configFile="app"} +relationships: + database: "mariadb:mysql" +``` + +Feel free to use this until the default and explicit endpoint syntax is supported on all images. + +{{< /note >}} + + diff --git a/sites/platform/src/create-apps/app-reference/single-runtime-image.md b/sites/platform/src/create-apps/app-reference/single-runtime-image.md index 47dfeac12a..ea0ce1ae12 100644 --- a/sites/platform/src/create-apps/app-reference/single-runtime-image.md +++ b/sites/platform/src/create-apps/app-reference/single-runtime-image.md @@ -46,7 +46,6 @@ To override any part of a property, you have to provide the entire property. | `runtime` | A [runtime dictionary](#runtime) | | No | Customizations to your PHP runtime. | | `additional_hosts` | An [additional hosts dictionary](#additional-hosts) | | Yes | Maps of hostnames to IP addresses. | | `operations` | A [dictionary of Runtime operations](/create-apps/runtime-operations.md) | | No | Runtime operations for the application. | - ## Root directory Some of the properties you can define are relative to your app's root directory. @@ -57,7 +56,7 @@ That is, if a custom value for `source.root` is not provided in your configurati To specify another directory, for example for a [multi-app project](/create-apps/multi-app/_index.md), use the [`source.root` property](#source). -## Types +## `type` {#types} {{% note theme="info" %}} You can now use the {{% vendor/name %}} composable image (BETA) to install runtimes and tools in your application container. From 9939a6d0c99b9e761a11e50eb7996d9ddf6df426 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sat, 19 Jul 2025 03:07:08 -0400 Subject: [PATCH 02/48] Initial commit of new files containing common content --- .../src/create-apps/app-reference/access.md | 22 ++ .../app-reference/additional-hosts.md | 21 ++ .../src/create-apps/app-reference/crons.md | 327 ++++++++++++++++++ .../src/create-apps/app-reference/disk.md | 30 ++ .../src/create-apps/app-reference/firewall.md | 105 ++++++ .../src/create-apps/app-reference/hooks.md | 77 +++++ .../src/create-apps/app-reference/mounts.md | 150 ++++++++ .../app-reference/relationships.md | 187 ++++++++++ .../src/create-apps/app-reference/size.md | 117 +++++++ .../src/create-apps/app-reference/source.md | 13 + .../create-apps/app-reference/variables.md | 33 ++ .../src/create-apps/app-reference/web.md | 161 +++++++++ .../src/create-apps/app-reference/workers.md | 35 ++ 13 files changed, 1278 insertions(+) create mode 100644 sites/platform/src/create-apps/app-reference/access.md create mode 100644 sites/platform/src/create-apps/app-reference/additional-hosts.md create mode 100644 sites/platform/src/create-apps/app-reference/crons.md create mode 100644 sites/platform/src/create-apps/app-reference/disk.md create mode 100644 sites/platform/src/create-apps/app-reference/firewall.md create mode 100644 sites/platform/src/create-apps/app-reference/hooks.md create mode 100644 sites/platform/src/create-apps/app-reference/mounts.md create mode 100644 sites/platform/src/create-apps/app-reference/relationships.md create mode 100644 sites/platform/src/create-apps/app-reference/size.md create mode 100644 sites/platform/src/create-apps/app-reference/source.md create mode 100644 sites/platform/src/create-apps/app-reference/variables.md create mode 100644 sites/platform/src/create-apps/app-reference/web.md create mode 100644 sites/platform/src/create-apps/app-reference/workers.md diff --git a/sites/platform/src/create-apps/app-reference/access.md b/sites/platform/src/create-apps/app-reference/access.md new file mode 100644 index 0000000000..a898380c8e --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/access.md @@ -0,0 +1,22 @@ +--- +title: "`access`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. The `access` dictionary has one allowed key: + +| Name | Allowed values | Default | Description | +| ----- | ----------------------------------- | ------------- | ----------- | +| `ssh` | `admin`, `contributor`, or `viewer` | `contributor` | Defines the minimum role required to access app environments via SSH. | + +In the following example, only users with `admin` permissions for the given [environment type](/administration/users.md#environment-type-roles) +can access the deployed environment via SSH: + +```yaml {configFile="app"} +access: + ssh: admin +``` + + + diff --git a/sites/platform/src/create-apps/app-reference/additional-hosts.md b/sites/platform/src/create-apps/app-reference/additional-hosts.md new file mode 100644 index 0000000000..f0bffa7941 --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/additional-hosts.md @@ -0,0 +1,21 @@ +--- +title: "`additional-hosts`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. If you're using a private network with specific IP addresses you need to connect to, +you might want to map those addresses to hostnames to better remember and organize them. +In such cases, you can add a map of those IP addresses to whatever hostnames you like. +Then when your app tries to access the hostname, it's sent to the proper IP address. + +So in the following example, if your app tries to access `api.example.com`, it's sent to `192.0.2.23`. + +```yaml {configFile="app"} +additional_hosts: + api.example.com: "192.0.2.23" + web.example.com: "203.0.113.42" +``` + +This is equivalent to adding the mapping to the `/etc/hosts` file for the container. + diff --git a/sites/platform/src/create-apps/app-reference/crons.md b/sites/platform/src/create-apps/app-reference/crons.md new file mode 100644 index 0000000000..41e65fb690 --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/crons.md @@ -0,0 +1,327 @@ +--- +title: "`crons`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. The keys of the `crons` definition are the names of the cron jobs. +The names must be unique. + +If an application defines both a `web` instance and `worker` instances, cron jobs run only on the `web` instance. + +See how to [get cron logs](/increase-observability/logs/access-logs.md#container-logs). + +The following table shows the properties for each job: + +| Name | Type | Required | Description | +| ------------------ | -------------------------------------------- | -------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, on **Grid or {{% names/dedicated-gen-3 %}}** projects use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time. **Single-runtime image**: The `H` syntax is available only on **Grid** projects, and not on **{{% names/dedicated-gen-2 %}} projects.** | +| `commands` | A [cron commands dictionary](#cron-commands) | Yes | A definition of what commands to run when starting and stopping the cron job. | +| `shutdown_timeout` | `integer` | No | When a cron is canceled, this represents the number of seconds after which a `SIGKILL` signal is sent to the process to force terminate it. The default is `10` seconds. | +| `timeout` | `integer` | No | The maximum amount of time a cron can run before it's terminated. Defaults to the maximum allowed value of `86400` seconds (24 hours). + +Note that you can [cancel pending or running crons](/environments/cancel-activity.md). + +{{< note >}} + +The use of the `cmd` key is now deprecated in favor of the `commands`key.
+Make sure you set your new cron jobs using the `commands` key, +and update your existing cron jobs to ensure continuity. + +{{< /note >}} + +### Cron commands + +| Name | Type | Required | Description | +| ------------------ | --------- | -------- | ----------- | +| `start` | `string` | Yes | The command that's run. It's run in [Dash](https://en.wikipedia.org/wiki/Almquist_shell). | +| `stop` | `string` | No | The command that's issued to give the cron command a chance to shutdown gracefully, such as to finish an active item in a list of tasks. Issued when a cron task is interrupted by a user through the CLI or Console. If not specified, a `SIGTERM` signal is sent to the process. | + +```yaml {configFile="app"} +crons: + mycommand: + spec: 'H * * * *' + commands: + start: sleep 60 && echo sleep-60-finished && date + stop: killall sleep + shutdown_timeout: 18 +``` +In this example configuration, the [cron specification](#crons) uses the `H` syntax. + +Note that this syntax is only supported on Grid and {{% names/dedicated-gen-3 %}} projects. +On {{% names/dedicated-gen-2 %}} projects, use the [standard cron syntax](https://en.wikipedia.org/wiki/Cron#Cron_expression). + +### Single-runtime image: Example cron jobs + + +{{< codetabs >}} + ++++ +title=Drupal ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'php:{{% latest "php" %}}' +crons: + # Run Drupal's cron tasks every 19 minutes. + drupal: + spec: '*/19 * * * *' + commands: + start: 'cd web ; drush core-cron' + # But also run pending queue tasks every 7 minutes. + # Use an odd number to avoid running at the same time as the `drupal` cron. + drush-queue: + spec: '*/7 * * * *' + commands: + start: 'cd web ; drush queue-run aggregator_feeds' +{{< /snippet >}} +``` + +<---> + ++++ +title=Ruby on Rails ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'ruby:{{% latest "ruby" %}}' +crons: + # Execute a rake script every 19 minutes. + ruby: + spec: '*/19 * * * *' + commands: + start: 'bundle exec rake some:task' +{{< /snippet >}} +``` + +<---> + ++++ +title=Laravel ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'php:{{% latest "php" %}}' +crons: + # Run Laravel's scheduler every 5 minutes. + scheduler: + spec: '*/5 * * * *' + commands: + start: 'php artisan schedule:run' +{{< /snippet >}} +``` + +<---> + ++++ +title=Symfony ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'php:{{% latest "php" %}}' +crons: + # Take a backup of the environment every day at 5:00 AM. + snapshot: + spec: 0 5 * * * + commands: + start: | + # Only run for the production environment, aka main branch + if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then + croncape symfony ... + fi +{{< /snippet >}} +``` + +{{< /codetabs >}} + + +### Composable image: Example cron jobs + + +{{< codetabs >}} + ++++ +title=Drupal ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "php@{{% latest php %}}" ] +crons: + # Run Drupal's cron tasks every 19 minutes. + drupal: + spec: '*/19 * * * *' + commands: + start: 'cd web ; drush core-cron' + # But also run pending queue tasks every 7 minutes. + # Use an odd number to avoid running at the same time as the `drupal` cron. + drush-queue: + spec: '*/7 * * * *' + commands: + start: 'cd web ; drush queue-run aggregator_feeds' +{{< /snippet >}} +``` + +<---> + ++++ +title=Ruby on Rails ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "ruby@{{% latest ruby %}}" ] +crons: + # Execute a rake script every 19 minutes. + ruby: + spec: '*/19 * * * *' + commands: + start: 'bundle exec rake some:task' +{{< /snippet >}} +``` + +<---> + ++++ +title=Laravel ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "php@{{% latest php %}}" ] +crons: + # Run Laravel's scheduler every 5 minutes. + scheduler: + spec: '*/5 * * * *' + commands: + start: 'php artisan schedule:run' +{{< /snippet >}} +``` + +<---> + ++++ +title=Symfony ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "php@{{% latest php %}}" ] +crons: + # Take a backup of the environment every day at 5:00 AM. + snapshot: + spec: 0 5 * * * + commands: + start: | + # Only run for the production environment, aka main branch + if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then + croncape symfony ... + fi +{{< /snippet >}} +``` + +{{< /codetabs >}} + + +### Conditional crons + +If you want to set up customized cron schedules depending on the environment type, +define conditional crons. +To do so, use a configuration similar to the following: + +```yaml {configFile="app"} +crons: + update: + spec: '0 0 * * *' + commands: + start: | + if [ "$PLATFORM_ENVIRONMENT_TYPE" = production ]; then + {{% vendor/cli %}} backup:create --yes --no-wait + {{% vendor/cli %}} source-operation:run update --no-wait --yes + fi +``` +### Cron job timing + +Minimum time between cron jobs being triggered: + +| Plan | Time | +|-------------------- | --------- | +| Professional | 5 minutes | +| Elite or Enterprise | 1 minute | + +For each app container, only one cron job can run at a time. +If a new job is triggered while another is running, the new job is paused until the other completes. + +To minimize conflicts, a random offset is applied to all triggers. +The offset is a random number of seconds up to 20 minutes or the cron frequency, whichever is smaller. + +Crons are also paused while activities such as [backups](/environments/backup.md) are running. +The crons are queued to run after the other activity finishes. + +To run cron jobs in a timezone other than UTC, set the `timezone` property ([single-runtime image](/create-apps/app-reference/single-runtime-image.md#top-level-properties), +[composable image](/create-apps/app-reference/composable-image.md#top-level-properties)). + +### Paused crons + +[Preview environments](/glossary/_index.md#preview-environment) are often used for a limited time and then abandoned. +While it's useful for environments under active development to have scheduled tasks, +unused environments don't need to run cron jobs. +To minimize unnecessary resource use, +crons on environments with no deployments are paused. + +This affects all environments that aren't live environments. +This means all environments on Development plans +and all preview environments on higher plans. + +Such environments with deployments within 14 days have crons with the status `running`. +If there haven't been any deployments within 14 days, the status is `paused`. + +You can see the status in the Console +or using the CLI by running `{{% vendor/cli %}} environment:info` and looking under `deployment_state`. + +#### Restarting paused crons + +If the crons on your preview environment are paused but you're still using them, +you can push changes to the environment or redeploy it. + +To restart crons without changing anything: + +{{< codetabs >}} + ++++ +title=In the Console ++++ + +1. In the Console, navigate to your project. +1. Open the environment where you'd like the crons to run. +1. Click `Redeploy` next to the cron status of `Paused`. + +<---> + ++++ +title=Using the CLI ++++ + +Run the following command: + +```bash +{{% vendor/cli %}} redeploy +``` + +{{< /codetabs >}} + +### Composable image only: Sizing hints + +The following table shows the properties that can be set in `sizing_hints`: + +| Name | Type | Default | Minimum | Description | +|-------------------|-----------|---------|---------|------------------------------------------------| +| `request_memory` | `integer` | 45 | 10 | The average memory consumed per request in MB. | +| `reserved_memory` | `integer` | 70 | 70 | The amount of memory reserved in MB. | + +See more about [PHP-FPM workers and sizing](/languages/php/fpm.md). + diff --git a/sites/platform/src/create-apps/app-reference/disk.md b/sites/platform/src/create-apps/app-reference/disk.md new file mode 100644 index 0000000000..0c4abe80ab --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/disk.md @@ -0,0 +1,30 @@ +--- +title: "`disk`" +weight: 4 +description: Defines the disk space allocated to an app. +--- + +Optional. Defines the disk space allocated to an individual app. + +The maximum total space available to all apps and services is set by the storage in your plan settings. +When deploying your project, the sum of all `disk` keys defined in app and service configurations +must be *equal or less* than the plan storage size. + +So if your *plan storage size* is 5 GB, you can, for example, assign it in one of the following ways: + +- 2 GB to your app, 3 GB to your database +- 1 GB to your app, 4 GB to your database +- 1 GB to your app, 1 GB to your database, 3 GB to your OpenSearch service + +If you exceed the total space available, you receive an error on pushing your code. +You need to either increase your plan's storage or decrease the `disk` values you've assigned. + +You configure the disk size in [MB](/glossary/_index.md#mb). Your actual available disk space is slightly smaller with some space used for formatting and the filesystem journal. When checking available space, note whether it’s reported in MB or MiB. + +### Altering `disk` values + +It's a best practice to [back up your environment](/environments/backup.md) **before and after** you increase **or** decrease the `disk` value (the amount of allocated storage space) of an app or service. + +You can decrease the size of an existing disk for an app. If you do so, be aware that: +- Downsizing fails if the amount of data exceeds the configured `disk` value. +- Backups completed before the downsizing a disk are incompatible and can no longer be used to restore applications. You need to [create new backups](/environments/backup.md). diff --git a/sites/platform/src/create-apps/app-reference/firewall.md b/sites/platform/src/create-apps/app-reference/firewall.md new file mode 100644 index 0000000000..78de66512a --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/firewall.md @@ -0,0 +1,105 @@ +--- +title: "`firewall`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +{{< premium-features/tiered "Elite and Enterprise" >}} + +Optional. Set limits in outbound traffic from your app with no impact on inbound requests. + +The `outbound` key is required and contains one or more rules. +The rules define what traffic is allowed; anything unspecified is blocked. + +Each rule has the following properties where at least one is required and `ips` and `domains` can't be specified together: + +| Name | Type | Default | Description | +| --------- |---------------------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `ips` | Array of `string`s | `["0.0.0.0/0"]` | IP addresses in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). See a [CIDR format converter](https://www.ipaddressguide.com/cidr). | +| `domains` | Array of `string`s | | [Fully qualified domain names](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) to specify specific destinations by hostname. | +| `ports` | Array of `integer`s | | Ports from 1 to 65535 that are allowed. If any ports are specified, all unspecified ports are blocked. If no ports are specified, all ports are allowed. Port `25`, the SMTP port for sending email, is always blocked. | + +The default settings would look like this: + +```yaml {configFile="app"} +firewall: + outbound: + - ips: ["0.0.0.0/0"] +``` + +### Support for rules + +Where outbound rules for firewalls are supported in all environments. +For {{% names/dedicated-gen-2 %}} projects, contact support for configuration. + +### Multiple rules + +Multiple firewall rules can be specified. +In such cases, a given outbound request is allowed if it matches _any_ of the defined rules. + +So in the following example requests to any IP on port 80 are allowed +and requests to 1.2.3.4 on either port 80 or 443 are allowed: + +```yaml {configFile="app"} +firewall: + outbound: + - ips: ["1.2.3.4/32"] + ports: [443] + - ports: [80] +``` + +### Outbound traffic to CDNs + +Be aware that many services are behind a content delivery network (CDN). +For most CDNs, routing is done via domain name, not IP address, +so thousands of domain names may share the same public IP addresses at the CDN. +If you allow the IP address of a CDN, you are usually allowing many or all of the other customers hosted behind that +CDN. + +### Outbound traffic by domain + +You can filter outbound traffic by domain. +Using domains in your rules rather than IP addresses is generally more specific and secure. +For example, if you use an IP address for a service with a CDN, +you have to allow the IP address for the CDN. +This means that you allow potentially hundreds or thousands of other servers also using the CDN. + +An example rule filtering by domain: + +```yaml {configFile="app"} +firewall: + outbound: + - protocol: tcp + domains: ["api.stripe.com", "api.twilio.com"] + ports: [80, 443] + - protocol: tcp + ips: ["1.2.3.4/29","2.3.4.5"] + ports: [22] +``` +#### Determine which domains to allow + +To determine which domains to include in your filtering rules, +find the domains your site has requested the DNS to resolve. +Run the following command to parse your server’s `dns.log` file +and display all Fully Qualified Domain Names that have been requested: + +```bash +awk '/query\[[^P]\]/ { print $6 | "sort -u" }' /var/log/dns.log +``` + +The output includes all DNS requests that were made, including those blocked by your filtering rules. +It doesn't include any requests made using an IP address. + +Example output: + +```bash +facebook.com +fastly.com +platform.sh +www.google.com +www.platform.sh +``` + + + + diff --git a/sites/platform/src/create-apps/app-reference/hooks.md b/sites/platform/src/create-apps/app-reference/hooks.md new file mode 100644 index 0000000000..53f79b3b5f --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/hooks.md @@ -0,0 +1,77 @@ +--- +title: "`hooks`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +keywords: + - hooks + - hooks +--- + +Optional. There are three different hooks that run as part of the process of building and deploying your app. +These are places where you can run custom scripts. +They are: the `build` hook, the `deploy` hook, and the `post_deploy` hook. +Only the `build` hook is run for [worker instances](/create-apps/app-reference/workers.md), while [web instances](/create-apps/app-reference/web.md) run all three. + +For, the process is ordered as: + +1. Variables accessible at build time become available. +1. **Single-runtime image only**: [Build flavor](/create-apps/app-reference/single-runtime-image.md#build) runs if applicable. +1. **Single-runtime image only**: Any [dependencies](/create-apps/app-reference/single-runtime-image.md##dependencies) are installed. +1. The `build` hook is run. +1. The file system is changed to read only, except for any [mounts](/create-apps/app-reference/mounts.md). +1. The app container starts. Variables accessible at runtime and services become available. +1. The `deploy` hook is run. +1. The app container begins accepting requests. +1. The `post_deploy` hook is run. + +Note that if an environment changes by no code changes, only the last step is run. +If you want the entire process to run, see how +to [manually trigger builds](/development/troubleshoot.md#manually-trigger-builds). + +### Writable directories during build + +During the `build` hook, there are three writeable directories: + +- `PLATFORM_APP_DIR`: + Where your code is checked out and the working directory when the `build` hook starts. + Becomes the app that gets deployed. +- `PLATFORM_CACHE_DIR`: + Persists between builds, but isn't deployed. + Shared by all builds on all branches. +- `/tmp`: + Isn't deployed and is wiped between each build. + Note that `PLATFORM_CACHE_DIR` is mapped to `/tmp` + and together they offer about 8GB of free space. + +### Hook failure + +Each hook is executed as a single script, so they're considered to have failed only if the final command in them fails. +To cause them to fail on the first failed command, add `set -e` to the beginning of the hook. + +If a `build` hook fails for any reason, the build is aborted and the deploy doesn't happen. +Note that this only works for `build` hooks -- +if other hooks fail, the app is still deployed. + +#### Automated testing + +It’s preferable that you set up and run automated tests in a dedicated CI/CD tool. +Relying on {{% vendor/name %}} hooks for such tasks can prove difficult. + +During the `build` hook, you can halt the deployment on a test failure but the following limitations apply: + +- Access to services such as databases, Redis, Vault KMS, and even writable mounts is disabled. + So any testing that relies on it is sure to fail. +- If you haven’t made changes to your app, an existing build image is reused and the build hook isn’t run. +- Test results are written into your app container, so they might get exposed to a third party. + +During the `deploy` hook, you can access services but **you can’t halt the deployment based on a test failure**. +Note that there are other downsides: + +- Your app container is read-only during the deploy hook, + so if your tests need to write reports and other information, you need to create a file mount for them. +- Your app can only be deployed once the deploy hook has been completed. + Therefore, running automated testing via the deploy hook generates slower deployments. +- Your environment isn’t available externally during the deploy hook. + Unit and integration testing might work without the environment being available, + but you can’t typically perform end-to-end testing until after the environment is up and available. + diff --git a/sites/platform/src/create-apps/app-reference/mounts.md b/sites/platform/src/create-apps/app-reference/mounts.md new file mode 100644 index 0000000000..f7a7ae543b --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/mounts.md @@ -0,0 +1,150 @@ +--- +title: "`mounts`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. After your app is built, its file system is read-only. +To make changes to your app's code, you need to use Git. + +For enhanced flexibility, {{% vendor/name %}} allows you to define and use writable directories called "mounts". +Mounts give you write access to files generated by your app (such as cache and log files) +and uploaded files without going through Git. + +When you define a mount, you are mounting an external directory to your app container, +much like you would plug a hard drive into your computer to transfer data. + +{{% note %}} + +- Mounts aren't available during the build +- When you [back up an environment](/environments/backup.md), the mounts on that environment are backed up too + +{{% /note %}} + +### Define a mount + +To define a mount, use the following configuration: + +```yaml {configFile="app"} +mounts: + '{{< variable "MOUNT_PATH" >}}': + source: {{< variable "MOUNT_TYPE" >}} + source_path: {{< variable "SOURCE_PATH_LOCATION" >}} +``` + +{{< variable "MOUNT_PATH" >}} is the path to your mount **within the app container** (relative to the app's root). +If you already have a directory with that name, you get a warning that it isn't accessible after the build. +See how to [troubleshoot the warning](/create-apps/troubleshoot-mounts.md#overlapping-folders). + +| Name | Type | Required | Description | +| ------------- |-------------------------------| -------- |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `source` | `local`, `service`, or `tmp` | Yes | Specifies the type of the mount:

- `local` mounts are unique to your app. They can be useful to store files that remain local to the app instance, such as application logs.
`local` mounts require disk space. To successfully set up a local mount, set the `disk` key in your app configuration.

- `service` mounts point to [Network Storage](/add-services/network-storage.md) services that can be shared between several apps.

- `tmp` mounts are local ephemeral mounts, where an external directory is mounted to the `/tmp` directory of your app.
The content of a `tmp` mount **may be removed during infrastructure maintenance operations**. Therefore, `tmp` mounts allow you to **store files that you’re not afraid to lose**, such as your application cache that can be seamlessly rebuilt.
Note that the `/tmp` directory has **a maximum allocation of 8 GB**. | +| `source_path` | `string` | No | Specifies where the mount points **inside the [external directory](#mounts)**.

- If you explicitly set a `source_path`, your mount points to a specific subdirectory in the external directory.

- If the `source_path` is an empty string (`""`), your mount points to the entire external directory.

- If you don't define a `source_path`, {{% vendor/name %}} uses the {{< variable "MOUNT_PATH" >}} as default value, without leading or trailing slashes.
For example, if your mount lives in the `/web/uploads/` directory in your app container, it will point to a directory named `web/uploads` in the external directory.

**WARNING:** Changing the name of your mount affects the `source_path` when it's undefined. See [how to ensure continuity](#ensure-continuity-when-changing-the-name-of-your-mount) and maintain access to your files. | +| `service` | `string` | | Only for `service` mounts: the name of the [Network Storage service](/add-services/network-storage.md). | + + +The accessibility to the web of a mounted directory depends on the [`web.locations` configuration](#web). +Files can be all public, all private, or with different rules for different paths and file types. + +Note that when you remove a `local` mount from your `{{< vendor/configfile "app" >}}` file, +the mounted directory isn't deleted. +The files still exist on disk until manually removed +(or until the app container is moved to another host during a maintenance operation in the case of a `tmp` mount). + +### Example configuration + +```yaml {configFile="app"} +mounts: + 'web/uploads': + source: local + source_path: uploads + '/.tmp_platformsh': + source: tmp + source_path: files/.tmp_platformsh + '/build': + source: local + source_path: files/build + '/.cache': + source: tmp + source_path: files/.cache + '/node_modules/.cache': + source: tmp + source_path: files/node_modules/.cache +``` + +For examples of how to set up a `service` mount, see the dedicated [Network Storage page](/add-services/network-storage.md). + +### Ensure continuity when changing the name of your mount + +Changing the name of your mount affects the default `source_path`. + +Say you have a `/my/cache/` mount with an undefined `source_path`: + +```yaml {configFile="app"} +mounts: + '/my/cache/': + source: tmp +``` + +If you rename the mount to `/cache/files/`, it will point to a new, empty `/cache/files/` directory. + +To ensure continuity, you need to explicitly define the `source_path` as the previous name of the mount, without leading or trailing slashes: + + ```yaml {configFile="app"} +mounts: + '/cache/files/': + source: tmp + source_path: my/cache +``` + +The `/cache/files/` mount will point to the original `/my/cache/` directory, maintaining access to all your existing files in that directory. + +### Overlapping mounts + +The locations of mounts as they are visible to application containers can overlap somewhat. +For example: + +```yaml {configFile="apps"} +applications: + myapp: + # ... + mounts: + 'var/cache_a': + source: service + service: ns_service + source_path: cacheA + 'var/cache_b': + source: tmp + source_path: cacheB + 'var/cache_c': + source: local + source_path: cacheC +``` + +In this case, it does not matter that each mount is of a different `source` type. +Each mount is restricted to a subfolder within `var`, and all is well. + +The following, however, is not allowed and will result in a failure: + +```yaml {configFile="apps"} +applications: + myapp: + # ... + mounts: + 'var/': + source: service + service: ns_service + source_path: cacheA + 'var/cache_b': + source: tmp + source_path: cacheB + 'var/cache_c': + source: local + source_path: cacheC +``` + +The `service` mount type specifically exists to share data between instances of the same application, whereas `tmp` and `instance` are meant to restrict data to build time and runtime of a single application instance, respectively. +These allowances are not compatible, and will result in an error if pushed. + + + diff --git a/sites/platform/src/create-apps/app-reference/relationships.md b/sites/platform/src/create-apps/app-reference/relationships.md new file mode 100644 index 0000000000..322eb20af8 --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/relationships.md @@ -0,0 +1,187 @@ +--- +title: "`relationships`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. The following information applies to configuring either single runtime images or composable in {{% vendor/name %}}. + +## Relationships + +To allow containers in your project to communicate with one another, +you need to define relationships between them. +You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). + +The quickest way to define a relationship between your app and a service +is to use the service's default endpoint.
+However, some services allow you to define multiple databases, cores, and/or permissions. +In these cases, you can't rely on default endpoints. +Instead, you can explicitly define multiple endpoints when setting up your relationships. + +{{< note >}} +App containers don't have a default endpoint like services. +To connect your app to another app in your project, +you need to explicitly define the `http` endpoint as the endpoint to connect both apps.
+For more information, see how to [define relationships between your apps](/create-apps/multi-app/relationships.md). +{{< /note >}} + +{{< note title="Availability" theme="info">}} + +New syntax (default and explicit endpoints) described below is supported by most, but not all, image types +(`Relationship 'SERVICE_NAME' of application 'myapp' ... targets a service without a valid default endpoint configuration.`). +This syntax is currently being rolled out for all images. +If you encounter this error, use the "legacy" {{% vendor/name %}} configuration noted at the bottom of this section. + +{{< /note >}} + +To define a relationship between your app and a service: + +{{< codetabs >}} + ++++ +title=Using default endpoints ++++ + +Use the following configuration: + +```yaml {configFile="app"} +relationships: + {{% variable "SERVICE_NAME" %}}: +``` + +The `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). +It is used as the relationship name, and associated with a `null` value. +This instructs {{% vendor/name %}} to use the service's default endpoint to connect your app to the service. + +For example, if you define the following configuration: + +```yaml {configFile="app"} +relationships: + mariadb: +``` + +{{% vendor/name %}} looks for a service named `mariadb` in your `{{% vendor/configfile "services" %}}` file, +and connects your app to it through the service's default endpoint. + +For reference, the equivalent configuration using explicit endpoints would be the following: + +```yaml {configFile="app"} +relationships: + mariadb: + service: mariadb + endpoint: mysql +``` + +You can define any number of relationships in this way: + +```yaml {configFile="app"} +relationships: + mariadb: + redis: + elasticsearch: +``` + +{{< note title="Tip" theme="info" >}} + +An even quicker way to define many relationships is to use the following single-line configuration: + +```yaml {configFile="app"} +relationships: {{{< variable "SERVICE_NAME_A" >}}, {{< variable "SERVICE_NAME_B" >}}, {{< variable "SERVICE_NAME_C" >}}} +``` + +where + +```yaml {configFile="services"} +{{< variable "SERVICE_NAME_A" >}}: + type: mariadb:{{% latest "mariadb" %}} + disk: 256 +{{< variable "SERVICE_NAME_B" >}}: + type: redis:{{% latest "redis" %}} + disk: 256 +{{< variable "SERVICE_NAME_C" >}}: + type: elasticsearch:{{% latest "elasticsearch" %}} + disk: 256 +``` + +{{< /note >}} + +<---> + ++++ +title=Using explicit endpoints ++++ + +Use the following configuration: + +```yaml {configFile="app"} +relationships: + {{% variable "RELATIONSHIP_NAME" %}}: + service: {{% variable "SERVICE_NAME" %}} + endpoint: {{% variable "ENDPOINT_NAME" %}} +``` + +- `RELATIONSHIP_NAME` is the name you want to give to the relationship. +- `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). +- `ENDPOINT_NAME` is the endpoint your app will use to connect to the service (refer to the service reference to know which value to use). + +For example, to define a relationship named `database` that connects your app to a service called `mariadb` through the `db1` endpoint, +use the following configuration: + +```yaml {configFile="app"} +relationships: + database: # The name of the relationship. + service: mariadb + endpoint: db1 +``` + +For more information on how to handle multiple databases, multiple cores, +and/or different permissions with services that support such features, +see each service's dedicated page: + + - [MariaDB/MySQL](/add-services/mysql/_index.md#multiple-databases) (multiple databases and permissions) + - [PostgreSQL](/add-services/postgresql/_index.md#multiple-databases) (multiple databases and permissions) + - [Redis](/add-services/redis/_index.md#multiple-databases) (multiple databases) + - [Solr](add-services/solr/_index.md#solr-6-and-later) (multiple cores) + - [Vault KMS](add-services/vault.md#multiple-endpoints-configuration) (multiple permissions) + + You can add as many relationships as you want to your app configuration, + using both default and explicit endpoints according to your needs: + +```yaml {configFile="app"} +relationships: + database1: + service: mariadb + endpoint: admin + database2: + service: mariadb + endpoint: legacy + cache: + service: redis + search: + service: elasticsearch +``` + +{{< /codetabs >}} + +{{< note theme="info" title="Legacy" >}} + +The following legacy syntax for specifying relationships is still supported by {{% vendor/name %}}: + +```yaml {configFile="app"} +relationships: + : ":" +``` + +For example: + +```yaml {configFile="app"} +relationships: + database: "mariadb:mysql" +``` + +Feel free to use this until the default and explicit endpoint syntax is supported on all images. + +{{< /note >}} + + + diff --git a/sites/platform/src/create-apps/app-reference/size.md b/sites/platform/src/create-apps/app-reference/size.md new file mode 100644 index 0000000000..ebec39d033 --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/size.md @@ -0,0 +1,117 @@ +--- +title: "`size`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +keywords: + - resource sizing +--- + +Optional. Resources are distributed across all containers in an environment from the total available from your [plan size](/administration/pricing/_index.md). +So if you have more than just a single app, it doesn't get all of the resources available. +Each environment has its own resources and there are different [sizing rules for preview environments](#sizes-in-preview-environments). + +By default, resource sizes (CPU and memory) are chosen automatically for an app +based on the plan size and the number of other containers in the cluster. +Most of the time, this automatic sizing is enough. + +You can set sizing suggestions for production environments when you know a given container has specific needs. +Such as a worker that doesn't need much and can free up resources for other apps. +To do so, set `size` to one of the following values: + +- `S` +- `M` +- `L` +- `XL` +- `2XL` +- `4XL` + +The total resources allocated across all apps and services can't exceed what's in your plan. + +### Container profiles: CPU and memory + +By default, {{% vendor/name %}} allocates a container profile to each app and service depending on: + +- The range of resources it’s expected to need +- Your [plan size](/administration/pricing/_index.md), as resources are distributed across containers. + Ideally you want to give databases the biggest part of your memory, and apps the biggest part of your CPU. + +The container profile and the [size of the container](#sizes) determine +how much CPU and memory (in [MB](/glossary/_index.md#mb)) the container gets. + +There are three container profiles available: ``HIGH_CPU``, ``BALANCED``, and ``HIGH_MEMORY``. + +#### ``HIGH_CPU`` container profile + +| Size | CPU | MEMORY | +| ---- | ----- | -------- | +| S | 0.40 | 128 MB | +| M | 0.40 | 128 MB | +| L | 1.20 | 256 MB | +| XL | 2.50 | 384 MB | +| 2XL | 5.00 | 768 MB | +| 4XL | 10.00 | 1536 MB | + +#### `BALANCED` container profile + +| Size | CPU | MEMORY | +| ---- | ---- | -------- | +| S | 0.05 | 32 MB | +| M | 0.05 | 64 MB | +| L | 0.08 | 256 MB | +| XL | 0.10 | 512 MB | +| 2XL | 0.20 | 1024 MB | +| 4XL | 0.40 | 2048 MB | + +#### `HIGH_MEMORY` container profile + +| Size | CPU | MEMORY | +| ---- | ---- | --------- | +| S | 0.25 | 128 MB | +| M | 0.25 | 288 MB | +| L | 0.40 | 1280 MB | +| XL | 0.75 | 2624 MB | +| 2XL | 1.50 | 5248 MB | +| 4XL | 3.00 | 10496 MB | + +#### Container profile reference + +The following table shows which container profiles {{% vendor/name %}} applies when deploying your project. + +| Container | Profile | +|-----------------------|-------------| +| Chrome Headless | HIGH_CPU | +| .NET | HIGH_CPU | +| Elasticsearch | HIGH_MEMORY | +| Elasticsearch Premium | HIGH_MEMORY | +| Elixir | HIGH_CPU | +| Go | HIGH_CPU | +| Gotenberg | HIGH_MEMORY | +| InfluxDB | HIGH_MEMORY | +| Java | HIGH_MEMORY | +| Kafka | HIGH_MEMORY | +| MariaDB | HIGH_MEMORY | +| Memcached | BALANCED | +| MongoDB | HIGH_MEMORY | +| MongoDB Premium | HIGH_MEMORY | +| Network Storage | HIGH_MEMORY | +| Node.js | HIGH_CPU | +| OpenSearch | HIGH_MEMORY | +| Oracle MySQL | HIGH_MEMORY | +| PHP | HIGH_CPU | +| PostgreSQL | HIGH_MEMORY | +| Python | HIGH_CPU | +| RabbitMQ | HIGH_MEMORY | +| Redis ephemeral | BALANCED | +| Redis persistent | BALANCED | +| Ruby | HIGH_CPU | +| Rust | HIGH_CPU | +| Solr | HIGH_MEMORY | +| Varnish | HIGH_MEMORY | +| Vault KMS | HIGH_MEMORY | + +### Sizes in preview environments + +Containers in preview environments don't follow the `size` specification. +Application containers are set based on the plan's setting for **Environments application size**. +The default is size **S**, but you can increase it by editing your plan. +(Service containers in preview environments are always set to size **S**.) diff --git a/sites/platform/src/create-apps/app-reference/source.md b/sites/platform/src/create-apps/app-reference/source.md new file mode 100644 index 0000000000..93dbf28e3f --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/source.md @@ -0,0 +1,13 @@ +--- +title: "`source`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. The following table shows the properties that can be set in `source`: + + +| Name | Type | Required | Description | +| ------------ | ------------------------ | -------- |------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `operations` | An operations dictionary | | Operations that can be applied to the source code. See [source operations](/create-apps/source-operations.md). | +| `root` | `string` | | The path where the app code lives. Useful for [multi-app setups](/create-apps/multi-app/_index.md). **Single-runtime image**: Defaults to the directory of the `{{< vendor/configfile "app" >}}` file. **Composable image**: Defaults to the root project directory. | diff --git a/sites/platform/src/create-apps/app-reference/variables.md b/sites/platform/src/create-apps/app-reference/variables.md new file mode 100644 index 0000000000..5c65ee0ba3 --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/variables.md @@ -0,0 +1,33 @@ +--- +title: "`variables`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. {{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). +Variables set in your app configuration have the lowest precedence, +meaning they're overridden by any conflicting values provided elsewhere. + +All variables set in your app configuration must have a prefix. +Some [prefixes have specific meanings](/development/variables/_index.md#variable-prefixes). + +Variables with the prefix `env` are available as a separate environment variable. +All other variables are available in the [`PLATFORM_VARIABLES` environment variable](/development/variables/use-variables.md#use-provided-variables). + +The following example sets two variables: + +- A variable named `env:AUTHOR` with the value `Juan` that's available in the environment as `AUTHOR` +- A variable named `d8config:system.site:name` with the value `My site rocks` + that's available in the `PLATFORM_VARIABLES` environment variable + +```yaml {configFile="app"} +variables: + env: + AUTHOR: 'Juan' + d8config: + "system.site:name": 'My site rocks' +``` + +You can also define and access more [complex values](/development/variables/use-variables.md#access-complex-values). + + diff --git a/sites/platform/src/create-apps/app-reference/web.md b/sites/platform/src/create-apps/app-reference/web.md new file mode 100644 index 0000000000..09912dddd2 --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/web.md @@ -0,0 +1,161 @@ +--- +title: "`web`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. Use the `web` key to configure the web server running in front of your app. +Defaults may vary with a different [image `type`](#types). + +| Name | Type | Required | Description | +|-------------|--------------------------------------------|-------------------------------|------------------------------------------------------| +| `commands` | A [web commands dictionary](#web-commands) | See [note](#required-command) | The command to launch your app. | +| `upstream` | An [upstream dictionary](#upstream) | | How the front server connects to your app. | +| `locations` | A [locations dictionary](#locations) | | How the app container responds to incoming requests. | + +See some [examples of how to configure what's served](/create-apps/web/_index.md). + +### Web commands + + +| Name | Type | Required | Description | +|--------------|----------|-------------------------------|-----------------------------------------------------------------------------------------------------| +| `pre_start` | `string` | | Command run just prior to `start`, which can be useful when you need to run _per-instance_ actions. | +| `start` | `string` | See [note](#required-command) | The command to launch your app. If it terminates, it's restarted immediately. | +| `post_start` | `string` | | Command runs **before** adding the container to the router and **after** the `start` command. | + +{{< note theme="info" >}} +The `post_start` feature is _experimental_ and may change. Please share your feedback in the +[{{% vendor/name %}} discord](https://discord.gg/platformsh). +{{< /note >}} + + +Example: + +```yaml {configFile="app"} +web: + commands: + start: 'uwsgi --ini conf/server.ini' +``` + +This command runs every time your app is restarted, regardless of whether or not new code is deployed. + +{{< note >}} + +Never "background" a start process using `&`. +That's interpreted as the command terminating and the supervisor process starts a second copy, +creating an infinite loop until the container crashes. +Just run it as normal and allow the {{% vendor/name %}} supervisor to manage it. + +{{< /note >}} + +#### Required command + +On all containers other than PHP, the value for `start` should be treated as required. + +On PHP containers, it's optional and defaults to starting PHP-FPM (`/usr/bin/start-php-app`). +It can also be set explicitly on a PHP container to run a dedicated process, +such as [React PHP](https://github.com/platformsh-examples/platformsh-example-reactphp) +or [Amp](https://github.com/platformsh-examples/platformsh-example-amphp). +See how to set up [alternate start commands on PHP](/languages/php/_index.md#alternate-start-commands). + +### Upstream + +| Name | Type | Required | Description | Default | +| --------------- |---------------------| -------- |-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| +| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | **Single-runtime image**: Defaults to `tcp` for all [image types](/create-apps/app-reference/single-runtime-image.md#types) except PHP; for PHP image types the default is `unix`. **Composable image**: Defaults to `tcp` for all [primary runtimes](/create-apps/app-reference/composable-image.md#primary-runtime) except PHP; for PHP the default is `unix`.| +| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | **Single-runtime image**: Default varies based on [image `type`](/create-apps/app-reference/single-runtime-image.md#types). **Composable image**: Default varies based on the [primary runtimes](/create-apps/app-reference/composable-image.md#primary-runtime). | + +For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. +For all other containers, the default for `protocol` is `http`. + +The following example is the default on non-PHP containers: + +```yaml {configFile="app"} +web: + upstream: + socket_family: tcp + protocol: http +``` +#### Where to listen + +Where to listen depends on your setting for `web.upstream.socket_family` (defaults to `tcp`). + +| `socket_family` | Where to listen | +|------------------|---------------------------------------------------------------------------------------------------------------------------------------| +| `tcp` | The port specified by the [`PORT` environment variable](/development/variables/use-variables.md#use-provided-variables) | +| `unix` | The Unix socket file specified by the [`SOCKET` environment variable](/development/variables/use-variables.md#use-provided-variables) | + +If your application isn't listening at the same place that the runtime is sending requests, +you see `502 Bad Gateway` errors when you try to connect to your website. + +### Locations + +Each key in the `locations` dictionary is a path on your site with a leading `/`. +For `example.com`, a `/` matches `example.com/` and `/admin` matches `example.com/admin`. +When multiple keys match an incoming request, the most-specific applies. + +The following table presents possible properties for each location: + +| Name | Type | Default | Description | +| ------------------- | ---------------------------------------------------- |------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `root` | `string` | | The directory to serve static assets for this location relative to the app's root directory ([single-runtime image](/create-apps/app-reference/single-runtime-image.md#root-directory); [composable image](/create-apps/app-reference/composable-image.md#primary-runtime)). Must be an actual directory inside the root directory. | +| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | +| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | +| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. **Also, for single-runtime image only:** If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a the header. | +| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | +| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | +| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | +| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | +| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | + +#### Rules + +The rules dictionary can override most other keys according to a regular expression. +The key of each item is a regular expression to match paths exactly. +If an incoming request matches the rule, it's handled by the properties under the rule, +overriding any conflicting rules from the rest of the `locations` dictionary. + +Under `rules`, you can set all the other possible [`locations` properties](#locations) +except `root`, `index`, `rules` and `request_buffering`. + +In the following example, the `allow` key disallows requests for static files anywhere in the site. +This is overridden by a rule that explicitly allows common image file formats. + +```yaml {configFile="app"} +web: + locations: + '/': + # Handle dynamic requests + root: 'public' + passthru: '/index.php' + # Disallow static files + allow: false + rules: + # Allow common image files only. + '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': + allow: true +``` +#### Request buffering + +Request buffering is enabled by default to handle chunked requests as most app servers don't support them. +The following table shows the keys in the `request_buffering` dictionary: + +| Name | Type | Required | Default | Description | +| ------------------ | --------- |----------| ------- |-------------------------------------------| +| `enabled` | `boolean` | Yes | `true` | Whether request buffering is enabled. | +| `max_request_size` | `string` | | `250m` | The maximum size to allow in one request. | + +The default configuration would look like this: + +```yaml {configFile="app"} +web: + locations: + '/': + passthru: true + request_buffering: + enabled: true + max_request_size: 250m +``` + + diff --git a/sites/platform/src/create-apps/app-reference/workers.md b/sites/platform/src/create-apps/app-reference/workers.md new file mode 100644 index 0000000000..8c22ea80b0 --- /dev/null +++ b/sites/platform/src/create-apps/app-reference/workers.md @@ -0,0 +1,35 @@ +--- +title: "`workers`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](/create-apps/app-reference/hooks.md). +They use the same container image. + +Workers can't accept public requests and so are suitable only for background tasks. +If they exit, they're automatically restarted. + +The keys of the `workers` definition are the names of the workers. +You can then define how each worker differs from the `web` instance using +the top-level properties (see details for [single-runtime image](/create-apps/app-reference/single-runtime-image.md#top-level-properties) or [composable image](/create-apps/app-reference/composable-image.md#top-level-properties) top-level properties). + +Each worker can differ from the `web` instance in all properties _except_ for: + +- `build` and `dependencies` properties, which must be the same +- `crons` as cron jobs don't run on workers +- `hooks` as the `build` hook must be the same + and the `deploy` and `post_deploy` hooks don't run on workers. + +A worker named `queue` that was small and had a different start command could look like this: + +```yaml {configFile="app"} +workers: + queue: + size: S + commands: + start: | + ./worker.sh +``` + +For resource allocation, using workers in your project requires a [{{< partial "plans/multiapp-plan-name" >}} plan or larger](https://platform.sh/pricing/). From b3f594039e6a697ad84550a1f9e77f4d6e29c5ad Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sat, 19 Jul 2025 03:27:01 -0400 Subject: [PATCH 03/48] Remove common content that has been moved into individual settings files --- .../app-reference/single-runtime-image.md | 1105 ----------------- 1 file changed, 1105 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/single-runtime-image.md b/sites/platform/src/create-apps/app-reference/single-runtime-image.md index ea0ce1ae12..59de685bb0 100644 --- a/sites/platform/src/create-apps/app-reference/single-runtime-image.md +++ b/sites/platform/src/create-apps/app-reference/single-runtime-image.md @@ -81,791 +81,6 @@ These are used in the format `runtime:version`: type: 'php:{{% latest "php" %}}' ``` -## Sizes - -Resources are distributed across all containers in an environment from the total available from your [plan size](/administration/pricing/_index.md). -So if you have more than just a single app, it doesn't get all of the resources available. -Each environment has its own resources and there are different [sizing rules for preview environments](#sizes-in-preview-environments). - -By default, resource sizes (CPU and memory) are chosen automatically for an app -based on the plan size and the number of other containers in the cluster. -Most of the time, this automatic sizing is enough. - -You can set sizing suggestions for production environments when you know a given container has specific needs. -Such as a worker that doesn't need much and can free up resources for other apps. -To do so, set `size` to one of the following values: - -- `S` -- `M` -- `L` -- `XL` -- `2XL` -- `4XL` - -The total resources allocated across all apps and services can't exceed what's in your plan. - -### Container profiles: CPU and memory - -By default, {{% vendor/name %}} allocates a container profile to each app and service depending on: - -- The range of resources it’s expected to need -- Your [plan size](/administration/pricing/_index.md), as resources are distributed across containers. - Ideally you want to give databases the biggest part of your memory, and apps the biggest part of your CPU. - -The container profile and the [size of the container](#sizes) determine -how much CPU and memory (in [MB](/glossary/_index.md#mb)) the container gets. - -There are three container profiles available: ``HIGH_CPU``, ``BALANCED``, and ``HIGH_MEMORY``. - -#### ``HIGH_CPU`` container profile - -| Size | CPU | MEMORY | -| ---- | ----- | -------- | -| S | 0.40 | 128 MB | -| M | 0.40 | 128 MB | -| L | 1.20 | 256 MB | -| XL | 2.50 | 384 MB | -| 2XL | 5.00 | 768 MB | -| 4XL | 10.00 | 1536 MB | - -#### `BALANCED` container profile - -| Size | CPU | MEMORY | -| ---- | ---- | -------- | -| S | 0.05 | 32 MB | -| M | 0.05 | 64 MB | -| L | 0.08 | 256 MB | -| XL | 0.10 | 512 MB | -| 2XL | 0.20 | 1024 MB | -| 4XL | 0.40 | 2048 MB | - -#### `HIGH_MEMORY` container profile - -| Size | CPU | MEMORY | -| ---- | ---- | --------- | -| S | 0.25 | 128 MB | -| M | 0.25 | 288 MB | -| L | 0.40 | 1280 MB | -| XL | 0.75 | 2624 MB | -| 2XL | 1.50 | 5248 MB | -| 4XL | 3.00 | 10496 MB | - -#### Container profile reference - -The following table shows which container profiles {{% vendor/name %}} applies when deploying your project. - -| Container | Profile | -|-----------------------|-------------| -| Chrome Headless | HIGH_CPU | -| .NET | HIGH_CPU | -| Elasticsearch | HIGH_MEMORY | -| Elasticsearch Premium | HIGH_MEMORY | -| Elixir | HIGH_CPU | -| Go | HIGH_CPU | -| Gotenberg | HIGH_MEMORY | -| InfluxDB | HIGH_MEMORY | -| Java | HIGH_MEMORY | -| Kafka | HIGH_MEMORY | -| MariaDB | HIGH_MEMORY | -| Memcached | BALANCED | -| MongoDB | HIGH_MEMORY | -| MongoDB Premium | HIGH_MEMORY | -| Network Storage | HIGH_MEMORY | -| Node.js | HIGH_CPU | -| OpenSearch | HIGH_MEMORY | -| Oracle MySQL | HIGH_MEMORY | -| PHP | HIGH_CPU | -| PostgreSQL | HIGH_MEMORY | -| Python | HIGH_CPU | -| RabbitMQ | HIGH_MEMORY | -| Redis ephemeral | BALANCED | -| Redis persistent | BALANCED | -| Ruby | HIGH_CPU | -| Rust | HIGH_CPU | -| Solr | HIGH_MEMORY | -| Varnish | HIGH_MEMORY | -| Vault KMS | HIGH_MEMORY | - -### Sizes in preview environments - -Containers in preview environments don't follow the `size` specification. -Application containers are set based on the plan's setting for **Environments application size**. -The default is size **S**, but you can increase it by editing your plan. -(Service containers in preview environments are always set to size **S**.) - -## Relationships - -To allow containers in your project to communicate with one another, -you need to define relationships between them. -You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). - -The quickest way to define a relationship between your app and a service -is to use the service's default endpoint.
-However, some services allow you to define multiple databases, cores, and/or permissions. -In these cases, you can't rely on default endpoints. -Instead, you can explicitly define multiple endpoints when setting up your relationships. - -{{< note >}} -App containers don't have a default endpoint like services. -To connect your app to another app in your project, -you need to explicitly define the `http` endpoint as the endpoint to connect both apps.
-For more information, see how to [define relationships between your apps](/create-apps/multi-app/relationships.md). -{{< /note >}} - -{{< note title="Availability" theme="info">}} - -New syntax (default and explicit endpoints) described below is supported by most, but not all, image types -(`Relationship 'SERVICE_NAME' of application 'myapp' ... targets a service without a valid default endpoint configuration.`). -This syntax is currently being rolled out for all images. -If you encounter this error, use the "legacy" {{% vendor/name %}} configuration noted at the bottom of this section. - -{{< /note >}} - -To define a relationship between your app and a service: - -{{< codetabs >}} - -+++ -title=Using default endpoints -+++ - -Use the following configuration: - -```yaml {configFile="app"} -relationships: - {{% variable "SERVICE_NAME" %}}: -``` - -The `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). -It is used as the relationship name, and associated with a `null` value. -This instructs {{% vendor/name %}} to use the service's default endpoint to connect your app to the service. - -For example, if you define the following configuration: - -```yaml {configFile="app"} -relationships: - mariadb: -``` - -{{% vendor/name %}} looks for a service named `mariadb` in your `{{% vendor/configfile "services" %}}` file, -and connects your app to it through the service's default endpoint. - -For reference, the equivalent configuration using explicit endpoints would be the following: - -```yaml {configFile="app"} -relationships: - mariadb: - service: mariadb - endpoint: mysql -``` - -You can define any number of relationships in this way: - -```yaml {configFile="app"} -relationships: - mariadb: - redis: - elasticsearch: -``` - -{{< note title="Tip" theme="info" >}} - -An even quicker way to define many relationships is to use the following single-line configuration: - -```yaml {configFile="app"} -relationships: {{{< variable "SERVICE_NAME_A" >}}, {{< variable "SERVICE_NAME_B" >}}, {{< variable "SERVICE_NAME_C" >}}} -``` - -where - -```yaml {configFile="services"} -{{< variable "SERVICE_NAME_A" >}}: - type: mariadb:{{% latest "mariadb" %}} - disk: 256 -{{< variable "SERVICE_NAME_B" >}}: - type: redis:{{% latest "redis" %}} - disk: 256 -{{< variable "SERVICE_NAME_C" >}}: - type: elasticsearch:{{% latest "elasticsearch" %}} - disk: 256 -``` - -{{< /note >}} - -<---> - -+++ -title=Using explicit endpoints -+++ - -Use the following configuration: - -```yaml {configFile="app"} -relationships: - {{% variable "RELATIONSHIP_NAME" %}}: - service: {{% variable "SERVICE_NAME" %}} - endpoint: {{% variable "ENDPOINT_NAME" %}} -``` - -- `RELATIONSHIP_NAME` is the name you want to give to the relationship. -- `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). -- `ENDPOINT_NAME` is the endpoint your app will use to connect to the service (refer to the service reference to know which value to use). - -For example, to define a relationship named `database` that connects your app to a service called `mariadb` through the `db1` endpoint, -use the following configuration: - -```yaml {configFile="app"} -relationships: - database: # The name of the relationship. - service: mariadb - endpoint: db1 -``` - -For more information on how to handle multiple databases, multiple cores, -and/or different permissions with services that support such features, -see each service's dedicated page: - - - [MariaDB/MySQL](/add-services/mysql/_index.md#multiple-databases) (multiple databases and permissions) - - [PostgreSQL](/add-services/postgresql/_index.md#multiple-databases) (multiple databases and permissions) - - [Redis](/add-services/redis/_index.md#multiple-databases) (multiple databases) - - [Solr](add-services/solr/_index.md#solr-6-and-later) (multiple cores) - - [Vault KMS](add-services/vault.md#multiple-endpoints-configuration) (multiple permissions) - - You can add as many relationships as you want to your app configuration, - using both default and explicit endpoints according to your needs: - -```yaml {configFile="app"} -relationships: - database1: - service: mariadb - endpoint: admin - database2: - service: mariadb - endpoint: legacy - cache: - service: redis - search: - service: elasticsearch -``` - -{{< /codetabs >}} - -{{< note theme="info" title="Legacy" >}} - -The following legacy syntax for specifying relationships is still supported by {{% vendor/name %}}: - -```yaml {configFile="app"} -relationships: - : ":" -``` - -For example: - -```yaml {configFile="app"} -relationships: - database: "mariadb:mysql" -``` - -Feel free to use this until the default and explicit endpoint syntax is supported on all images. - -{{< /note >}} - -## Available disk space - -The maximum total space available to all apps and services is set by the storage in your plan settings. -When deploying your project, the sum of all `disk` keys defined in app and service configurations -must be *equal or less* than the plan storage size. - -So if your *plan storage size* is 5 GB, you can, for example, assign it in one of the following ways: - -- 2 GB to your app, 3 GB to your database -- 1 GB to your app, 4 GB to your database -- 1 GB to your app, 1 GB to your database, 3 GB to your OpenSearch service - -If you exceed the total space available, you receive an error on pushing your code. -You need to either increase your plan's storage or decrease the `disk` values you've assigned. - -You configure the disk size in [MB](/glossary/_index.md#mb). Your actual available disk space is slightly smaller with some space used for formatting and the filesystem journal. When checking available space, note whether it’s reported in MB or MiB. - -### Downsize a disk - -You can decrease the size of an existing disk for an app. If you do so, be aware that: - -- Backups from before the downsize are incompatible and can no longer be used. You need to [create new backups](/environments/backup.md). -- The downsize fails if there’s more data on the disk than the desired size. - -## Mounts - -After your app is built, its file system is read-only. -To make changes to your app's code, you need to use Git. - -For enhanced flexibility, {{% vendor/name %}} allows you to define and use writable directories called "mounts". -Mounts give you write access to files generated by your app (such as cache and log files) -and uploaded files without going through Git. - -When you define a mount, you are mounting an external directory to your app container, -much like you would plug a hard drive into your computer to transfer data. - -{{% note %}} - -- Mounts aren't available during the build -- When you [back up an environment](/environments/backup.md), the mounts on that environment are backed up too - -{{% /note %}} - -### Define a mount - -To define a mount, use the following configuration: - -```yaml {configFile="app"} -mounts: - '{{< variable "MOUNT_PATH" >}}': - source: {{< variable "MOUNT_TYPE" >}} - source_path: {{< variable "SOURCE_PATH_LOCATION" >}} -``` - -{{< variable "MOUNT_PATH" >}} is the path to your mount **within the app container** (relative to the app's root). -If you already have a directory with that name, you get a warning that it isn't accessible after the build. -See how to [troubleshoot the warning](/create-apps/troubleshoot-mounts.md#overlapping-folders). - -| Name | Type | Required | Description | -| ------------- |-------------------------------| -------- |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `source` | `local`, `service`, or `tmp` | Yes | Specifies the type of the mount:

- `local` mounts are unique to your app. They can be useful to store files that remain local to the app instance, such as application logs.
`local` mounts require disk space. To successfully set up a local mount, set the `disk` key in your app configuration.

- `service` mounts point to [Network Storage](/add-services/network-storage.md) services that can be shared between several apps.

- `tmp` mounts are local ephemeral mounts, where an external directory is mounted to the `/tmp` directory of your app.
The content of a `tmp` mount **may be removed during infrastructure maintenance operations**. Therefore, `tmp` mounts allow you to **store files that you’re not afraid to lose**, such as your application cache that can be seamlessly rebuilt.
Note that the `/tmp` directory has **a maximum allocation of 8 GB**. | -| `source_path` | `string` | No | Specifies where the mount points **inside the [external directory](#mounts)**.

- If you explicitly set a `source_path`, your mount points to a specific subdirectory in the external directory.

- If the `source_path` is an empty string (`""`), your mount points to the entire external directory.

- If you don't define a `source_path`, {{% vendor/name %}} uses the {{< variable "MOUNT_PATH" >}} as default value, without leading or trailing slashes.
For example, if your mount lives in the `/web/uploads/` directory in your app container, it will point to a directory named `web/uploads` in the external directory.

**WARNING:** Changing the name of your mount affects the `source_path` when it's undefined. See [how to ensure continuity](#ensure-continuity-when-changing-the-name-of-your-mount) and maintain access to your files. | -| `service` | `string` | | Only for `service` mounts: the name of the [Network Storage service](/add-services/network-storage.md). | - - -The accessibility to the web of a mounted directory depends on the [`web.locations` configuration](#web). -Files can be all public, all private, or with different rules for different paths and file types. - -Note that when you remove a `local` mount from your `{{< vendor/configfile "app" >}}` file, -the mounted directory isn't deleted. -The files still exist on disk until manually removed -(or until the app container is moved to another host during a maintenance operation in the case of a `tmp` mount). - -### Example configuration - -```yaml {configFile="app"} -mounts: - 'web/uploads': - source: local - source_path: uploads - '/.tmp_platformsh': - source: tmp - source_path: files/.tmp_platformsh - '/build': - source: local - source_path: files/build - '/.cache': - source: tmp - source_path: files/.cache - '/node_modules/.cache': - source: tmp - source_path: files/node_modules/.cache -``` - -For examples of how to set up a `service` mount, see the dedicated [Network Storage page](/add-services/network-storage.md). - -### Ensure continuity when changing the name of your mount - -Changing the name of your mount affects the default `source_path`. - -Say you have a `/my/cache/` mount with an undefined `source_path`: - -```yaml {configFile="app"} -mounts: - '/my/cache/': - source: tmp -``` - -If you rename the mount to `/cache/files/`, it will point to a new, empty `/cache/files/` directory. - -To ensure continuity, you need to explicitly define the `source_path` as the previous name of the mount, without leading or trailing slashes: - - ```yaml {configFile="app"} -mounts: - '/cache/files/': - source: tmp - source_path: my/cache -``` - -The `/cache/files/` mount will point to the original `/my/cache/` directory, maintaining access to all your existing files in that directory. - -### Overlapping mounts - -The locations of mounts as they are visible to application containers can overlap somewhat. -For example: - -```yaml {configFile="apps"} -applications: - myapp: - # ... - mounts: - 'var/cache_a': - source: service - service: ns_service - source_path: cacheA - 'var/cache_b': - source: tmp - source_path: cacheB - 'var/cache_c': - source: local - source_path: cacheC -``` - -In this case, it does not matter that each mount is of a different `source` type. -Each mount is restricted to a subfolder within `var`, and all is well. - -The following, however, is not allowed and will result in a failure: - -```yaml {configFile="apps"} -applications: - myapp: - # ... - mounts: - 'var/': - source: service - service: ns_service - source_path: cacheA - 'var/cache_b': - source: tmp - source_path: cacheB - 'var/cache_c': - source: local - source_path: cacheC -``` - -The `service` mount type specifically exists to share data between instances of the same application, whereas `tmp` and `instance` are meant to restrict data to build time and runtime of a single application instance, respectively. -These allowances are not compatible, and will result in an error if pushed. - -## Web - -Use the `web` key to configure the web server running in front of your app. -Defaults may vary with a different [image `type`](#types). - -| Name | Type | Required | Description | -|-------------|--------------------------------------------|-------------------------------|------------------------------------------------------| -| `commands` | A [web commands dictionary](#web-commands) | See [note](#required-command) | The command to launch your app. | -| `upstream` | An [upstream dictionary](#upstream) | | How the front server connects to your app. | -| `locations` | A [locations dictionary](#locations) | | How the app container responds to incoming requests. | - -See some [examples of how to configure what's served](/create-apps/web/_index.md). - -### Web commands - - -| Name | Type | Required | Description | -|--------------|----------|-------------------------------|-----------------------------------------------------------------------------------------------------| -| `pre_start` | `string` | | Command run just prior to `start`, which can be useful when you need to run _per-instance_ actions. | -| `start` | `string` | See [note](#required-command) | The command to launch your app. If it terminates, it's restarted immediately. | -| `post_start` | `string` | | Command runs **before** adding the container to the router and **after** the `start` command. | - -{{< note theme="info" >}} -The `post_start` feature is _experimental_ and may change. Please share your feedback in the -[{{% vendor/name %}} discord](https://discord.gg/platformsh). -{{< /note >}} - - -Example: - -```yaml {configFile="app"} -web: - commands: - start: 'uwsgi --ini conf/server.ini' -``` - -This command runs every time your app is restarted, regardless of whether or not new code is deployed. - -{{< note >}} - -Never "background" a start process using `&`. -That's interpreted as the command terminating and the supervisor process starts a second copy, -creating an infinite loop until the container crashes. -Just run it as normal and allow the {{% vendor/name %}} supervisor to manage it. - -{{< /note >}} - -#### Required command - -On all containers other than PHP, the value for `start` should be treated as required. - -On PHP containers, it's optional and defaults to starting PHP-FPM (`/usr/bin/start-php-app`). -It can also be set explicitly on a PHP container to run a dedicated process, -such as [React PHP](https://github.com/platformsh-examples/platformsh-example-reactphp) -or [Amp](https://github.com/platformsh-examples/platformsh-example-amphp). -See how to set up [alternate start commands on PHP](/languages/php/_index.md#alternate-start-commands). - -### Upstream - -| Name | Type | Required | Description | Default | -| --------------- |---------------------| -------- |-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| -| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | Defaults to `tcp` for all [image types](#types) except PHP; for PHP image types the default is `unix`. | -| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | Default varies based on [image `type`](#types). | - -For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. -For all other containers, the default for `protocol` is `http`. - -The following example is the default on non-PHP containers: - -```yaml {configFile="app"} -web: - upstream: - socket_family: tcp - protocol: http -``` -#### Where to listen - -Where to listen depends on your setting for `web.upstream.socket_family` (defaults to `tcp`). - -| `socket_family` | Where to listen | -|------------------|---------------------------------------------------------------------------------------------------------------------------------------| -| `tcp` | The port specified by the [`PORT` environment variable](/development/variables/use-variables.md#use-provided-variables) | -| `unix` | The Unix socket file specified by the [`SOCKET` environment variable](/development/variables/use-variables.md#use-provided-variables) | - -If your application isn't listening at the same place that the runtime is sending requests, -you see `502 Bad Gateway` errors when you try to connect to your website. - -### Locations - -Each key in the `locations` dictionary is a path on your site with a leading `/`. -For `example.com`, a `/` matches `example.com/` and `/admin` matches `example.com/admin`. -When multiple keys match an incoming request, the most-specific applies. - -The following table presents possible properties for each location: - -| Name | Type | Default | Description | -| ------------------- | ---------------------------------------------------- |------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `root` | `string` | | The directory to serve static assets for this location relative to the [app's root directory](#root-directory). Must be an actual directory inside the root directory. | -| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | -| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | -| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a the header. | -| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | -| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | -| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | -| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | -| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | - -#### Rules - -The rules dictionary can override most other keys according to a regular expression. -The key of each item is a regular expression to match paths exactly. -If an incoming request matches the rule, it's handled by the properties under the rule, -overriding any conflicting rules from the rest of the `locations` dictionary. - -Under `rules`, you can set all the other possible [`locations` properties](#locations) -except `root`, `index`, `rules` and `request_buffering`. - -In the following example, the `allow` key disallows requests for static files anywhere in the site. -This is overridden by a rule that explicitly allows common image file formats. - -```yaml {configFile="app"} -web: - locations: - '/': - # Handle dynamic requests - root: 'public' - passthru: '/index.php' - # Disallow static files - allow: false - rules: - # Allow common image files only. - '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': - allow: true -``` -#### Request buffering - -Request buffering is enabled by default to handle chunked requests as most app servers don't support them. -The following table shows the keys in the `request_buffering` dictionary: - -| Name | Type | Required | Default | Description | -| ------------------ | --------- |----------| ------- |-------------------------------------------| -| `enabled` | `boolean` | Yes | `true` | Whether request buffering is enabled. | -| `max_request_size` | `string` | | `250m` | The maximum size to allow in one request. | - -The default configuration would look like this: - -```yaml {configFile="app"} -web: - locations: - '/': - passthru: true - request_buffering: - enabled: true - max_request_size: 250m -``` -## Workers - -Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](#hooks). -They use the same container image. - -Workers can't accept public requests and so are suitable only for background tasks. -If they exit, they're automatically restarted. - -The keys of the `workers` definition are the names of the workers. -You can then define how each worker differs from the `web` instance using -the [top-level properties](#top-level-properties). - -Each worker can differ from the `web` instance in all properties _except_ for: - -- `build` and `dependencies` properties, which must be the same -- `crons` as cron jobs don't run on workers -- `hooks` as the `build` hook must be the same - and the `deploy` and `post_deploy` hooks don't run on workers. - -A worker named `queue` that was small and had a different start command could look like this: - -```yaml {configFile="app"} -workers: - queue: - size: S - commands: - start: | - ./worker.sh -``` - -For resource allocation, using workers in your project requires a [{{< partial "plans/multiapp-plan-name" >}} plan or larger](https://platform.sh/pricing/). - -## Access - -The `access` dictionary has one allowed key: - -| Name | Allowed values | Default | Description | -| ----- | ----------------------------------- | ------------- | ----------- | -| `ssh` | `admin`, `contributor`, or `viewer` | `contributor` | Defines the minimum role required to access app environments via SSH. | - -In the following example, only users with `admin` permissions for the given [environment type](/administration/users.md#environment-type-roles) -can access the deployed environment via SSH: - -```yaml {configFile="app"} -access: - ssh: admin -``` -## Variables - -{{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). -Variables set in your app configuration have the lowest precedence, -meaning they're overridden by any conflicting values provided elsewhere. - -All variables set in your app configuration must have a prefix. -Some [prefixes have specific meanings](/development/variables/_index.md#variable-prefixes). - -Variables with the prefix `env` are available as a separate environment variable. -All other variables are available in the [`PLATFORM_VARIABLES` environment variable](/development/variables/use-variables.md#use-provided-variables). - -The following example sets two variables: - -- A variable named `env:AUTHOR` with the value `Juan` that's available in the environment as `AUTHOR` -- A variable named `d8config:system.site:name` with the value `My site rocks` - that's available in the `PLATFORM_VARIABLES` environment variable - -```yaml {configFile="app"} -variables: - env: - AUTHOR: 'Juan' - d8config: - "system.site:name": 'My site rocks' -``` - -You can also define and access more [complex values](/development/variables/use-variables.md#access-complex-values). - -## Firewall - -{{< premium-features/tiered "Elite and Enterprise" >}} - -Set limits in outbound traffic from your app with no impact on inbound requests. - -The `outbound` key is required and contains one or more rules. -The rules define what traffic is allowed; anything unspecified is blocked. - -Each rule has the following properties where at least one is required and `ips` and `domains` can't be specified together: - -| Name | Type | Default | Description | -| --------- |---------------------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `ips` | Array of `string`s | `["0.0.0.0/0"]` | IP addresses in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). See a [CIDR format converter](https://www.ipaddressguide.com/cidr). | -| `domains` | Array of `string`s | | [Fully qualified domain names](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) to specify specific destinations by hostname. | -| `ports` | Array of `integer`s | | Ports from 1 to 65535 that are allowed. If any ports are specified, all unspecified ports are blocked. If no ports are specified, all ports are allowed. Port `25`, the SMTP port for sending email, is always blocked. | - -The default settings would look like this: - -```yaml {configFile="app"} -firewall: - outbound: - - ips: ["0.0.0.0/0"] -``` - -### Support for rules - -Where outbound rules for firewalls are supported in all environments. -For {{% names/dedicated-gen-2 %}} projects, contact support for configuration. - -### Multiple rules - -Multiple firewall rules can be specified. -In such cases, a given outbound request is allowed if it matches _any_ of the defined rules. - -So in the following example requests to any IP on port 80 are allowed -and requests to 1.2.3.4 on either port 80 or 443 are allowed: - -```yaml {configFile="app"} -firewall: - outbound: - - ips: ["1.2.3.4/32"] - ports: [443] - - ports: [80] -``` - -### Outbound traffic to CDNs - -Be aware that many services are behind a content delivery network (CDN). -For most CDNs, routing is done via domain name, not IP address, -so thousands of domain names may share the same public IP addresses at the CDN. -If you allow the IP address of a CDN, you are usually allowing many or all of the other customers hosted behind that -CDN. - -### Outbound traffic by domain - -You can filter outbound traffic by domain. -Using domains in your rules rather than IP addresses is generally more specific and secure. -For example, if you use an IP address for a service with a CDN, -you have to allow the IP address for the CDN. -This means that you allow potentially hundreds or thousands of other servers also using the CDN. - -An example rule filtering by domain: - -```yaml {configFile="app"} -firewall: - outbound: - - protocol: tcp - domains: ["api.stripe.com", "api.twilio.com"] - ports: [80, 443] - - protocol: tcp - ips: ["1.2.3.4/29","2.3.4.5"] - ports: [22] -``` -#### Determine which domains to allow - -To determine which domains to include in your filtering rules, -find the domains your site has requested the DNS to resolve. -Run the following command to parse your server’s `dns.log` file -and display all Fully Qualified Domain Names that have been requested: - -```bash -awk '/query\[[^P]\]/ { print $6 | "sort -u" }' /var/log/dns.log -``` - -The output includes all DNS requests that were made, including those blocked by your filtering rules. -It doesn't include any requests made using an IP address. - -Example output: - -```bash -facebook.com -fastly.com -platform.sh -www.google.com -www.platform.sh -``` - ## Build The only property of the `build` dictionary is `flavor`, which specifies a default set of build tasks to run. @@ -919,299 +134,6 @@ dependencies: pm2: '^4.5.0' ``` -## Hooks - -There are three different hooks that run as part of the process of building and deploying your app. -These are places where you can run custom scripts. -They are: the `build` hook, the `deploy` hook, and the `post_deploy` hook. -Only the `build` hook is run for [worker instances](#workers), while [web instances](#web) run all three. - -The process is ordered as: - -1. Variables accessible at build time become available. -1. [Build flavor](#build) runs if applicable. -1. Any [dependencies](#dependencies) are installed. -1. The `build` hook is run. -1. The file system is changed to read only (except for any [mounts](#mounts)). -1. The app container starts. Variables accessible at runtime and services become available. -1. The `deploy` hook is run. -1. The app container begins accepting requests. -1. The `post_deploy` hook is run. - -Note that if an environment changes by no code changes, only the last step is run. -If you want the entire process to run, see how -to [manually trigger builds](/development/troubleshoot.md#manually-trigger-builds). - -### Writable directories during build - -During the `build` hook, there are three writeable directories: - -- `PLATFORM_APP_DIR`: - Where your code is checked out and the working directory when the `build` hook starts. - Becomes the app that gets deployed. -- `PLATFORM_CACHE_DIR`: - Persists between builds, but isn't deployed. - Shared by all builds on all branches. -- `/tmp`: - Isn't deployed and is wiped between each build. - Note that `PLATFORM_CACHE_DIR` is mapped to `/tmp` - and together they offer about 8GB of free space. - -### Hook failure - -Each hook is executed as a single script, so they're considered to have failed only if the final command in them fails. -To cause them to fail on the first failed command, add `set -e` to the beginning of the hook. - -If a `build` hook fails for any reason, the build is aborted and the deploy doesn't happen. -Note that this only works for `build` hooks -- -if other hooks fail, the app is still deployed. - -#### Automated testing - -It’s preferable that you set up and run automated tests in a dedicated CI/CD tool. -Relying on {{% vendor/name %}} hooks for such tasks can prove difficult. - -During the `build` hook, you can halt the deployment on a test failure but the following limitations apply: - -- Access to services such as databases, Redis, Vault KMS, and even writable mounts is disabled. - So any testing that relies on it is sure to fail. -- If you haven’t made changes to your app, an existing build image is reused and the build hook isn’t run. -- Test results are written into your app container, so they might get exposed to a third party. - -During the `deploy` hook, you can access services but **you can’t halt the deployment based on a test failure**. -Note that there are other downsides: - -- Your app container is read-only during the deploy hook, - so if your tests need to write reports and other information, you need to create a file mount for them. -- Your app can only be deployed once the deploy hook has been completed. - Therefore, running automated testing via the deploy hook generates slower deployments. -- Your environment isn’t available externally during the deploy hook. - Unit and integration testing might work without the environment being available, - but you can’t typically perform end-to-end testing until after the environment is up and available. - -## Crons - -The keys of the `crons` definition are the names of the cron jobs. -The names must be unique. - -If an application defines both a `web` instance and `worker` instances, cron jobs run only on the `web` instance. - -See how to [get cron logs](/increase-observability/logs/access-logs.md#container-logs). - -The following table shows the properties for each job: - -| Name | Type | Required | Description | -| ------------------ | -------------------------------------------- | -------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, on **Grid or {{% names/dedicated-gen-3 %}}** projects use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time. **The `H` syntax isn't available on {{% names/dedicated-gen-2 %}} projects.** | -| `commands` | A [cron commands dictionary](#cron-commands) | Yes | A definition of what commands to run when starting and stopping the cron job. | -| `shutdown_timeout` | `integer` | No | When a cron is canceled, this represents the number of seconds after which a `SIGKILL` signal is sent to the process to force terminate it. The default is `10` seconds. | -| `timeout` | `integer` | No | The maximum amount of time a cron can run before it's terminated. Defaults to the maximum allowed value of `86400` seconds (24 hours). - -Note that you can [cancel pending or running crons](/environments/cancel-activity.md). - -{{< note >}} - -The use of the `cmd` key is now deprecated in favor of the `commands`key.
-Make sure you set your new cron jobs using the `commands` key, -and update your existing cron jobs to ensure continuity. - -{{< /note >}} - -### Cron commands - -| Name | Type | Required | Description | -| ------------------ | --------- | -------- | ----------- | -| `start` | `string` | Yes | The command that's run. It's run in [Dash](https://en.wikipedia.org/wiki/Almquist_shell). | -| `stop` | `string` | No | The command that's issued to give the cron command a chance to shutdown gracefully, such as to finish an active item in a list of tasks. Issued when a cron task is interrupted by a user through the CLI or Console. If not specified, a `SIGTERM` signal is sent to the process. | - -```yaml {configFile="app"} -crons: - mycommand: - spec: 'H * * * *' - commands: - start: sleep 60 && echo sleep-60-finished && date - stop: killall sleep - shutdown_timeout: 18 -``` -In this example configuration, the [cron specification](#crons) uses the `H` syntax. - -Note that this syntax is only supported on Grid and {{% names/dedicated-gen-3 %}} projects. -On {{% names/dedicated-gen-2 %}} projects, use the [standard cron syntax](https://en.wikipedia.org/wiki/Cron#Cron_expression). - -### Example cron jobs - - -{{< codetabs >}} - -+++ -title=Drupal -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'php:{{% latest "php" %}}' -crons: - # Run Drupal's cron tasks every 19 minutes. - drupal: - spec: '*/19 * * * *' - commands: - start: 'cd web ; drush core-cron' - # But also run pending queue tasks every 7 minutes. - # Use an odd number to avoid running at the same time as the `drupal` cron. - drush-queue: - spec: '*/7 * * * *' - commands: - start: 'cd web ; drush queue-run aggregator_feeds' -{{< /snippet >}} -``` - -<---> - -+++ -title=Ruby on Rails -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'ruby:{{% latest "ruby" %}}' -crons: - # Execute a rake script every 19 minutes. - ruby: - spec: '*/19 * * * *' - commands: - start: 'bundle exec rake some:task' -{{< /snippet >}} -``` - -<---> - -+++ -title=Laravel -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'php:{{% latest "php" %}}' -crons: - # Run Laravel's scheduler every 5 minutes. - scheduler: - spec: '*/5 * * * *' - commands: - start: 'php artisan schedule:run' -{{< /snippet >}} -``` - -<---> - -+++ -title=Symfony -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'php:{{% latest "php" %}}' -crons: - # Take a backup of the environment every day at 5:00 AM. - snapshot: - spec: 0 5 * * * - commands: - start: | - # Only run for the production environment, aka main branch - if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then - croncape symfony ... - fi -{{< /snippet >}} -``` - -{{< /codetabs >}} - - -### Conditional crons - -If you want to set up customized cron schedules depending on the environment type, -define conditional crons. -To do so, use a configuration similar to the following: - -```yaml {configFile="app"} -crons: - update: - spec: '0 0 * * *' - commands: - start: | - if [ "$PLATFORM_ENVIRONMENT_TYPE" = production ]; then - {{% vendor/cli %}} backup:create --yes --no-wait - {{% vendor/cli %}} source-operation:run update --no-wait --yes - fi -``` -### Cron job timing - -Minimum time between cron jobs being triggered: - -| Plan | Time | -|-------------------- | --------- | -| Professional | 5 minutes | -| Elite or Enterprise | 1 minute | - -For each app container, only one cron job can run at a time. -If a new job is triggered while another is running, the new job is paused until the other completes. - -To minimize conflicts, a random offset is applied to all triggers. -The offset is a random number of seconds up to 20 minutes or the cron frequency, whichever is smaller. - -Crons are also paused while activities such as [backups](/environments/backup.md) are running. -The crons are queued to run after the other activity finishes. - -To run cron jobs in a timezone other than UTC, set the [timezone property](#top-level-properties). - -### Paused crons - -[Preview environments](/glossary/_index.md#preview-environment) are often used for a limited time and then abandoned. -While it's useful for environments under active development to have scheduled tasks, -unused environments don't need to run cron jobs. -To minimize unnecessary resource use, -crons on environments with no deployments are paused. - -This affects all environments that aren't live environments. -This means all environments on Development plans -and all preview environments on higher plans. - -Such environments with deployments within 14 days have crons with the status `running`. -If there haven't been any deployments within 14 days, the status is `paused`. - -You can see the status in the Console -or using the CLI by running `{{% vendor/cli %}} environment:info` and looking under `deployment_state`. - -#### Restarting paused crons - -If the crons on your preview environment are paused but you're still using them, -you can push changes to the environment or redeploy it. - -To restart crons without changing anything: - -{{< codetabs >}} - -+++ -title=In the Console -+++ - -1. In the Console, navigate to your project. -1. Open the environment where you'd like the crons to run. -1. Click `Redeploy` next to the cron status of `Paused`. - -<---> - -+++ -title=Using the CLI -+++ - -Run the following command: - -```bash -{{% vendor/cli %}} redeploy -``` - -{{< /codetabs >}} - ## Runtime The following table presents the various possible modifications to your PHP runtime: @@ -1267,30 +189,3 @@ The following table shows the properties that can be set in `sizing_hints`: | `reserved_memory` | `integer` | 70 | 70 | The amount of memory reserved in MB. | See more about [PHP-FPM workers and sizing](/languages/php/fpm.md). - -## Source - -The following table shows the properties that can be set in `source`: - - -| Name | Type | Required | Description | -| ------------ | ------------------------ | -------- |------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `operations` | An operations dictionary | | Operations that can be applied to the source code. See [source operations](/create-apps/source-operations.md) | -| `root` | `string` | | The path where the app code lives. Defaults to the directory of the `{{< vendor/configfile "app" >}}` file. Useful for [multi-app setups](/create-apps/multi-app/_index.md). | - -## Additional hosts - -If you're using a private network with specific IP addresses you need to connect to, -you might want to map those addresses to hostnames to better remember and organize them. -In such cases, you can add a map of those IP addresses to whatever hostnames you like. -Then when your app tries to access the hostname, it's sent to the proper IP address. - -So in the following example, if your app tries to access `api.example.com`, it's sent to `192.0.2.23`. - -```yaml {configFile="app"} -additional_hosts: - api.example.com: "192.0.2.23" - web.example.com: "203.0.113.42" -``` - -This is equivalent to adding the mapping to the `/etc/hosts` file for the container. From 862e72f9e5a1aac4476102a4e842d22a45e911ec Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sat, 19 Jul 2025 03:36:05 -0400 Subject: [PATCH 04/48] Composable image: Remove common content that has been moved into individual settings files --- .../app-reference/composable-image.md | 1120 ----------------- 1 file changed, 1120 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/composable-image.md b/sites/platform/src/create-apps/app-reference/composable-image.md index 7fa05900f4..accee9628a 100644 --- a/sites/platform/src/create-apps/app-reference/composable-image.md +++ b/sites/platform/src/create-apps/app-reference/composable-image.md @@ -282,1123 +282,3 @@ and visit the documentation page dedicated to your language. If you use PHP, note that PHP-FPM is only started automatically if PHP is defined as the primary runtime. {{% /note %}} - -## Sizes - -Resources are distributed across all containers in an environment from the total available from your [plan size](/administration/pricing/_index.md). -So if you have more than just a single app, it doesn't get all of the resources available. -Each environment has its own resources and there are different [sizing rules for preview environments](#sizes-in-preview-environments). - -By default, resource sizes (CPU and memory) are chosen automatically for an app -based on the plan size and the number of other containers in the cluster. -Most of the time, this automatic sizing is enough. - -You can set sizing suggestions for production environments when you know a given container has specific needs. -Such as a worker that doesn't need much and can free up resources for other apps. -To do so, set `size` to one of the following values: - -- `S` -- `M` -- `L` -- `XL` -- `2XL` -- `4XL` - -The total resources allocated across all apps and services can't exceed what's in your plan. - -### Container profiles: CPU and memory - -By default, {{% vendor/name %}} allocates a container profile to each app and service depending on: - -- The range of resources it’s expected to need -- Your [plan size](/administration/pricing/_index.md), as resources are distributed across containers. - Ideally you want to give databases the biggest part of your memory, and apps the biggest part of your CPU. - -The container profile and the [size of the container](#sizes) determine -how much CPU and memory (in [MB](/glossary/_index.md#mb)) the container gets. - -There are three container profiles available: ``HIGH_CPU``, ``BALANCED``, and ``HIGH_MEMORY``. - -#### ``HIGH_CPU`` container profile - -| Size | CPU | MEMORY | -| ---- | ----- | -------- | -| S | 0.40 | 128 MB | -| M | 0.40 | 128 MB | -| L | 1.20 | 256 MB | -| XL | 2.50 | 384 MB | -| 2XL | 5.00 | 768 MB | -| 4XL | 10.00 | 1536 MB | - -#### `BALANCED` container profile - -| Size | CPU | MEMORY | -| ---- | ---- | -------- | -| S | 0.05 | 32 MB | -| M | 0.05 | 64 MB | -| L | 0.08 | 256 MB | -| XL | 0.10 | 512 MB | -| 2XL | 0.20 | 1024 MB | -| 4XL | 0.40 | 2048 MB | - -#### `HIGH_MEMORY` container profile - -| Size | CPU | MEMORY | -| ---- | ---- | --------- | -| S | 0.25 | 128 MB | -| M | 0.25 | 288 MB | -| L | 0.40 | 1280 MB | -| XL | 0.75 | 2624 MB | -| 2XL | 1.50 | 5248 MB | -| 4XL | 3.00 | 10496 MB | - -#### Container profile reference - -The following table shows which container profiles {{% vendor/name %}} applies when deploying your project. - -| Container | Profile | -|-------------------------|---------------| -| Chrome Headless | HIGH_CPU | -| .NET | HIGH_CPU | -| Elasticsearch | HIGH_MEMORY | -| Elasticsearch Premium | HIGH_MEMORY | -| Elixir | HIGH_CPU | -| Go | HIGH_CPU | -| Gotenberg | HIGH_MEMORY | -| InfluxDB | HIGH_MEMORY | -| Java | HIGH_MEMORY | -| Kafka | HIGH_MEMORY | -| Lisp | HIGH_CPU | -| MariaDB | HIGH_MEMORY | -| Memcached | BALANCED | -| MongoDB | HIGH_MEMORY | -| MongoDB Premium | HIGH_MEMORY | -| Network Storage | HIGH_MEMORY | -| Node.js | HIGH_CPU | -| OpenSearch | HIGH_MEMORY | -| Oracle MySQL | HIGH_MEMORY | -| PHP | HIGH_CPU | -| PostgreSQL | HIGH_MEMORY | -| Python | HIGH_CPU | -| RabbitMQ | HIGH_MEMORY | -| Redis ephemeral | BALANCED | -| Redis persistent | BALANCED | -| Ruby | HIGH_CPU | -| Rust | HIGH_CPU | -| Solr | HIGH_MEMORY | -| Varnish | HIGH_MEMORY | -| Vault KMS | HIGH_MEMORY | - -### Sizes in preview environments - -Containers in preview environments don't follow the `size` specification. -Application containers are set based on the plan's setting for **Environments application size**. -The default is size **S**, but you can increase it by editing your plan. -(Service containers in preview environments are always set to size **S**.) - -## Relationships - -To allow containers in your project to communicate with one another, -you need to define relationships between them. -You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). - -The quickest way to define a relationship between your app and a service -is to use the service's default endpoint.
-However, some services allow you to define multiple databases, cores, and/or permissions. -In these cases, you can't rely on default endpoints. -Instead, you can explicitly define multiple endpoints when setting up your relationships. - -{{< note >}} -App containers don't have a default endpoint like services. -To connect your app to another app in your project, -you need to explicitly define the `http` endpoint as the endpoint to connect both apps.
-For more information, see how to [define relationships between your apps](/create-apps/multi-app/relationships.md). -{{< /note >}} - -{{< note title="Availability" theme="info">}} - -New syntax (default and explicit endpoints) described below is supported by most, but not all, image types -(`Relationship 'SERVICE_NAME' of application 'myapp' ... targets a service without a valid default endpoint configuration.`). -This syntax is currently being rolled out for all images. -If you encounter this error, use the "legacy" {{% vendor/name %}} configuration noted at the bottom of this section. - -{{< /note >}} - -To define a relationship between your app and a service: - -{{< codetabs >}} - -+++ -title=Using default endpoints -+++ - -Use the following configuration: - -```yaml {configFile="app"} -relationships: - {{% variable "SERVICE_NAME" %}}: -``` - -The `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). -It is used as the relationship name, and associated with a `null` value. -This instructs {{% vendor/name %}} to use the service's default endpoint to connect your app to the service. - -For example, if you define the following configuration: - -```yaml {configFile="app"} -relationships: - mariadb: -``` - -{{% vendor/name %}} looks for a service named `mariadb` in your `{{% vendor/configfile "services" %}}` file, -and connects your app to it through the service's default endpoint. - -For reference, the equivalent configuration using explicit endpoints would be the following: - -```yaml {configFile="app"} -relationships: - mariadb: - service: mariadb - endpoint: mysql -``` - -You can define any number of relationships in this way: - -```yaml {configFile="app"} -relationships: - mariadb: - redis: - elasticsearch: -``` - -{{< note title="Tip" theme="info" >}} - -An even quicker way to define many relationships is to use the following single-line configuration: - -```yaml {configFile="app"} -relationships: {{{< variable "SERVICE_NAME_A" >}}, {{< variable "SERVICE_NAME_B" >}}, {{< variable "SERVICE_NAME_C" >}}} -``` - -where - -```yaml {configFile="services"} -{{< variable "SERVICE_NAME_A" >}}: - type: mariadb:{{% latest "mariadb" %}} - disk: 256 -{{< variable "SERVICE_NAME_B" >}}: - type: redis:{{% latest "redis" %}} - disk: 256 -{{< variable "SERVICE_NAME_C" >}}: - type: elasticsearch:{{% latest "elasticsearch" %}} - disk: 256 -``` - -{{< /note >}} - -<---> - -+++ -title=Using explicit endpoints -+++ - -Use the following configuration: - -```yaml {configFile="app"} -relationships: - {{% variable "RELATIONSHIP_NAME" %}}: - service: {{% variable "SERVICE_NAME" %}} - endpoint: {{% variable "ENDPOINT_NAME" %}} -``` - -- `RELATIONSHIP_NAME` is the name you want to give to the relationship. -- `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). -- `ENDPOINT_NAME` is the endpoint your app will use to connect to the service (refer to the service reference to know which value to use). - -For example, to define a relationship named `database` that connects your app to a service called `mariadb` through the `db1` endpoint, -use the following configuration: - -```yaml {configFile="app"} -relationships: - database: # The name of the relationship. - service: mariadb - endpoint: db1 -``` - -For more information on how to handle multiple databases, multiple cores, -and/or different permissions with services that support such features, -see each service's dedicated page: - - - [MariaDB/MySQL](/add-services/mysql/_index.md#multiple-databases) (multiple databases and permissions) - - [PostgreSQL](/add-services/postgresql/_index.md#multiple-databases) (multiple databases and permissions) - - [Redis](/add-services/redis/_index.md#multiple-databases) (multiple databases) - - [Solr](add-services/solr/_index.md#solr-6-and-later) (multiple cores) - - [Vault KMS](add-services/vault.md#multiple-endpoints-configuration) (multiple permissions) - - You can add as many relationships as you want to your app configuration, - using both default and explicit endpoints according to your needs: - -```yaml {configFile="app"} -relationships: - database1: - service: mariadb - endpoint: admin - database2: - service: mariadb - endpoint: legacy - cache: - service: redis - search: - service: elasticsearch -``` - -{{< /codetabs >}} - -{{< note theme="info" title="Legacy" >}} - -The following legacy syntax for specifying relationships is still supported by {{% vendor/name %}}: - -```yaml {configFile="app"} -relationships: - : ":" -``` - -For example: - -```yaml {configFile="app"} -relationships: - database: "mariadb:mysql" -``` - -Feel free to use this until the default and explicit endpoint syntax is supported on all images. - -{{< /note >}} - -## Available disk space - -The maximum total space available to all apps and services is set by the storage in your plan settings. -When deploying your project, the sum of all `disk` keys defined in app and service configurations -must be *equal or less* than the plan storage size. - -So if your *plan storage size* is 5 GB, you can, for example, assign it in one of the following ways: - -- 2 GB to your app, 3 GB to your database -- 1 GB to your app, 4 GB to your database -- 1 GB to your app, 1 GB to your database, 3 GB to your OpenSearch service - -If you exceed the total space available, you receive an error on pushing your code. -You need to either increase your plan's storage or decrease the `disk` values you've assigned. - -You configure the disk size in [MB](/glossary/_index.md#mb). Your actual available disk space is slightly smaller with some space used for formatting and the filesystem journal. When checking available space, note whether it’s reported in MB or MiB. - -### Downsize a disk - -You can decrease the size of an existing disk for an app. If you do so, be aware that: - -- The downsize fails if there's more data on the disk than the desired size. -- Backups from before the downsize can still be restored. - -## Mounts - -After your app is built, its file system is read-only. -To make changes to your app's code, you need to use Git. - -For enhanced flexibility, {{% vendor/name %}} allows you to define and use writable directories called "mounts". -Mounts give you write access to files generated by your app (such as cache and log files) -and uploaded files without going through Git. - -When you define a mount, you are mounting an external directory to your app container, -much like you would plug a hard drive into your computer to transfer data. - -{{% note %}} - -- Mounts aren't available during the build -- When you [back up an environment](/environments/backup.md), the mounts on that environment are backed up too - -{{% /note %}} - -### Define a mount - -To define a mount, use the following configuration: - -```yaml {configFile="app"} -mounts: - '{{< variable "MOUNT_PATH" >}}': - source: {{< variable "MOUNT_TYPE" >}} - source_path: {{< variable "SOURCE_PATH_LOCATION" >}} -``` - -{{< variable "MOUNT_PATH" >}} is the path to your mount **within the app container** (relative to the app's root). -If you already have a directory with that name, you get a warning that it isn't accessible after the build. -See how to [troubleshoot the warning](/create-apps/troubleshoot-mounts.md#overlapping-folders). - -| Name | Type | Required | Description | -| ------------- |-------------------------------|----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `source` | `local`, `service`, or `tmp` | Yes | Specifies the type of the mount:

- `local` mounts are unique to your app. They can be useful to store files that remain local to the app instance, such as application logs.
`local` mounts require disk space. To successfully set up a local mount, set the `disk` key in your app configuration.

- `service` mounts point to [Network Storage](/add-services/network-storage.md) services that can be shared between several apps.

- `tmp` mounts are local ephemeral mounts, where an external directory is mounted to the `/tmp` directory of your app.
The content of a `tmp` mount **may be removed during infrastructure maintenance operations**. Therefore, `tmp` mounts allow you to **store files that you’re not afraid to lose**, such as your application cache that can be seamlessly rebuilt.
Note that the `/tmp` directory has **a maximum allocation of 8 GB**. | -| `source_path` | `string` | No | Specifies where the mount points **inside the [external directory](#mounts)**.

- If you explicitly set a `source_path`, your mount points to a specific subdirectory in the external directory.

- If the `source_path` is an empty string (`""`), your mount points to the entire external directory.

- If you don't define a `source_path`, {{% vendor/name %}} uses the {{< variable "MOUNT_PATH" >}} as default value, without leading or trailing slashes.
For example, if your mount lives in the `/web/uploads/` directory in your app container, it will point to a directory named `web/uploads` in the external directory.

**WARNING:** Changing the name of your mount affects the `source_path` when it's undefined. See [how to ensure continuity](#ensure-continuity-when-changing-the-name-of-your-mount) and maintain access to your files. | -| `service` | `string` | | Only for `service` mounts: the name of the [Network Storage service](/add-services/network-storage.md). | - - -The accessibility to the web of a mounted directory depends on the [`web.locations` configuration](#web). -Files can be all public, all private, or with different rules for different paths and file types. - -Note that when you remove a `local` mount from your `{{< vendor/configfile "app" >}}` file, -the mounted directory isn't deleted. -The files still exist on disk until manually removed -(or until the app container is moved to another host during a maintenance operation in the case of a `tmp` mount). - -### Example configuration - -```yaml {configFile="app"} -mounts: - 'web/uploads': - source: local - source_path: uploads - '/.tmp_platformsh': - source: tmp - source_path: files/.tmp_platformsh - '/build': - source: local - source_path: files/build - '/.cache': - source: tmp - source_path: files/.cache - '/node_modules/.cache': - source: tmp - source_path: files/node_modules/.cache -``` - -For examples of how to set up a `service` mount, see the dedicated [Network Storage page](/add-services/network-storage.md). - -### Ensure continuity when changing the name of your mount - -Changing the name of your mount affects the default `source_path`. - -Say you have a `/my/cache/` mount with an undefined `source_path`: - -```yaml {configFile="app"} -mounts: - '/my/cache/': - source: tmp -``` - -If you rename the mount to `/cache/files/`, it will point to a new, empty `/cache/files/` directory. - -To ensure continuity, you need to explicitly define the `source_path` as the previous name of the mount, without leading or trailing slashes: - - ```yaml {configFile="app"} -mounts: - '/cache/files/': - source: tmp - source_path: my/cache -``` - -The `/cache/files/` mount will point to the original `/my/cache/` directory, maintaining access to all your existing files in that directory. - -### Overlapping mounts - -The locations of mounts as they are visible to application containers can overlap somewhat. -For example: - -```yaml {configFile="apps"} -applications: - myapp: - # ... - mounts: - 'var/cache_a': - source: service - service: ns_service - source_path: cacheA - 'var/cache_b': - source: tmp - source_path: cacheB - 'var/cache_c': - source: local - source_path: cacheC -``` - -In this case, it does not matter that each mount is of a different `source` type. -Each mount is restricted to a subfolder within `var`, and all is well. - -The following, however, is not allowed and will result in a failure: - -```yaml {configFile="apps"} -applications: - myapp: - # ... - mounts: - 'var/': - source: service - service: ns_service - source_path: cacheA - 'var/cache_b': - source: tmp - source_path: cacheB - 'var/cache_c': - source: local - source_path: cacheC -``` - -The `service` mount type specifically exists to share data between instances of the same application, whereas `tmp` and `instance` are meant to restrict data to build time and runtime of a single application instance, respectively. -These allowances are not compatible, and will result in an error if pushed. - -## Web - -Use the `web` key to configure the web server running in front of your app. - -| Name | Type | Required | Description | -|-------------|--------------------------------------------|-------------------------------|------------------------------------------------------| -| `commands` | A [web commands dictionary](#web-commands) | See [note](#required-command) | The command to launch your app. | -| `upstream` | An [upstream dictionary](#upstream) | | How the front server connects to your app. | -| `locations` | A [locations dictionary](#locations) | | How the app container responds to incoming requests. | - -See some [examples of how to configure what's served](/create-apps/web/_index.md). - -### Web commands - -| Name | Type | Required | Description | -|--------------|----------|-------------------------------|------------------------------------------------------------------------------------------------------| -| `pre_start` | `string` | | Command runs just prior to `start`, which can be useful when you need to run _per-instance_ actions. | -| `start` | `string` | See [note](#required-command) | The command to launch your app. If it terminates, it's restarted immediately. | -| `post_start` | `string` | | Command runs **before** adding the container to the router and **after** the `start` command. | - -{{< note theme="info" >}} -The `post_start` feature is _experimental_ and may change. Please share your feedback in the -[{{% vendor/name %}} discord](https://discord.gg/platformsh). -{{< /note >}} - - -Example: - -```yaml {configFile="app"} -web: - commands: - start: 'uwsgi --ini conf/server.ini' -``` - -This command runs every time your app is restarted, regardless of whether or not new code is deployed. - -{{< note >}} - -Never "background" a start process using `&`. -That's interpreted as the command terminating and the supervisor process starts a second copy, -creating an infinite loop until the container crashes. -Just run it as normal and allow the {{% vendor/name %}} supervisor to manage it. - -{{< /note >}} - -#### Required command - -On all containers other than PHP, the value for `start` should be treated as required. - -On PHP containers, it's optional and defaults to starting PHP-FPM (`/usr/bin/start-php-app`). -It can also be set explicitly on a PHP container to run a dedicated process, -such as [React PHP](https://github.com/platformsh-examples/platformsh-example-reactphp) -or [Amp](https://github.com/platformsh-examples/platformsh-example-amphp). -See how to set up [alternate start commands on PHP](/languages/php/_index.md#alternate-start-commands). - -### Upstream - -| Name | Type | Required | Description | Default | -|-----------------|---------------------|----------|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| -| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | Defaults to `tcp` for all [primary runtimes](#primary-runtime) except PHP; for PHP the default is `unix`. | -| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | Default varies based on the [primary runtimes](#primary-runtime). | - -For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. -For all other containers, the default for `protocol` is `http`. - -The following example is the default on non-PHP containers: - -```yaml {configFile="app"} -web: - upstream: - socket_family: tcp - protocol: http -``` - -#### Where to listen - -Where to listen depends on your setting for `web.upstream.socket_family` (defaults to `tcp`). - -| `socket_family` | Where to listen | -|-----------------|---------------------------------------------------------------------------------------------------------------------------------------| -| `tcp` | The port specified by the [`PORT` environment variable](/development/variables/use-variables.md#use-provided-variables) | -| `unix` | The Unix socket file specified by the [`SOCKET` environment variable](/development/variables/use-variables.md#use-provided-variables) | - -If your application isn't listening at the same place that the runtime is sending requests, -you see `502 Bad Gateway` errors when you try to connect to your website. - -### Locations - -Each key in the `locations` dictionary is a path on your site with a leading `/`. -For `example.com`, a `/` matches `example.com/` and `/admin` matches `example.com/admin`. -When multiple keys match an incoming request, the most-specific applies. - -The following table presents possible properties for each location: - -| Name | Type | Default | Description | -|---------------------|------------------------------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `root` | `string` | | The directory to serve static assets for this location relative to the app's root directory ([see `source.root`](#source)). Must be an actual directory inside the root directory. | -| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | -| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | -| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. | -| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | -| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | -| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | -| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | -| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | - -#### Rules - -The rules dictionary can override most other keys according to a regular expression. -The key of each item is a regular expression to match paths exactly. -If an incoming request matches the rule, it's handled by the properties under the rule, -overriding any conflicting rules from the rest of the `locations` dictionary. - -Under `rules`, you can set all the other possible [`locations` properties](#locations) -except `root`, `index`, `rules` and `request_buffering`. - -In the following example, the `allow` key disallows requests for static files anywhere in the site. -This is overridden by a rule that explicitly allows common image file formats. - -```yaml {configFile="app"} -web: - locations: - '/': - # Handle dynamic requests - root: 'public' - passthru: '/index.php' - # Disallow static files - allow: false - rules: - # Allow common image files only. - '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': - allow: true -``` - -#### Request buffering - -Request buffering is enabled by default to handle chunked requests as most app servers don't support them. -The following table shows the keys in the `request_buffering` dictionary: - -| Name | Type | Required | Default | Description | -|--------------------|-----------|----------|---------|-------------------------------------------| -| `enabled` | `boolean` | Yes | `true` | Whether request buffering is enabled. | -| `max_request_size` | `string` | | `250m` | The maximum size to allow in one request. | - -The default configuration would look like this: - -```yaml {configFile="app"} -web: - locations: - '/': - passthru: true - request_buffering: - enabled: true - max_request_size: 250m -``` - -## Workers - -Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](#hooks). -They use the same container image. - -Workers can't accept public requests and so are suitable only for background tasks. -If they exit, they're automatically restarted. - -The keys of the `workers` definition are the names of the workers. -You can then define how each worker differs from the `web` instance using -the [top-level properties](#top-level-properties). - -Each worker can differ from the `web` instance in all properties _except_ for: - -- `crons` as cron jobs don't run on workers -- `hooks` as the `build` hook must be the same - and the `deploy` and `post_deploy` hooks don't run on workers. - -A worker named `queue` that was small and had a different start command could look like this: - -```yaml {configFile="app"} -workers: - queue: - size: S - commands: - start: | - ./worker.sh -``` - -For resource allocation, using workers in your project requires a [{{< partial "plans/multiapp-plan-name" >}} plan or larger](https://platform.sh/pricing/). - -## Access - -The `access` dictionary has one allowed key: - -| Name | Allowed values | Default | Description | -|-------|-------------------------------------|---------------|-----------------------------------------------------------------------| -| `ssh` | `admin`, `contributor`, or `viewer` | `contributor` | Defines the minimum role required to access app environments via SSH. | - -In the following example, only users with `admin` permissions for the -given [environment type](/administration/users.md#environment-type-roles) -can access the deployed environment via SSH: - -```yaml {configFile="app"} -access: - ssh: admin -``` - -## Variables - -{{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). -Variables set in your app configuration have the lowest precedence, -meaning they're overridden by any conflicting values provided elsewhere. - -All variables set in your app configuration must have a prefix. -Some [prefixes have specific meanings](/development/variables/_index.md#variable-prefixes). - -Variables with the prefix `env` are available as a separate environment variable. -All other variables are available in -the [`PLATFORM_VARIABLES` environment variable](/development/variables/use-variables.md#use-provided-variables). - -The following example sets two variables: - -- A variable named `env:AUTHOR` with the value `Juan` that's available in the environment as `AUTHOR` -- A variable named `d8config:system.site:name` with the value `My site rocks` - that's available in the `PLATFORM_VARIABLES` environment variable - -```yaml {configFile="app"} -variables: - env: - AUTHOR: 'Juan' - d8config: - "system.site:name": 'My site rocks' -``` - -You can also define and access more [complex values](/development/variables/use-variables.md#access-complex-values). - -## Firewall - -{{< premium-features/tiered "Elite and Enterprise" >}} - -Set limits in outbound traffic from your app with no impact on inbound requests. - -The `outbound` key is required and contains one or more rules. -The rules define what traffic is allowed; anything unspecified is blocked. - -Each rule has the following properties where at least one is required and `ips` and `domains` can't be specified -together: - -| Name | Type | Default | Description | -|-----------|---------------------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `ips` | Array of `string`s | `["0.0.0.0/0"]` | IP addresses in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). See a [CIDR format converter](https://www.ipaddressguide.com/cidr). | -| `domains` | Array of `string`s | | [Fully qualified domain names](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) to specify specific destinations by hostname. | -| `ports` | Array of `integer`s | | Ports from 1 to 65535 that are allowed. If any ports are specified, all unspecified ports are blocked. If no ports are specified, all ports are allowed. Port `25`, the SMTP port for sending email, is always blocked. | - -The default settings would look like this: - -```yaml {configFile="app"} -firewall: - outbound: - - ips: [ "0.0.0.0/0" ] -``` - -### Support for rules - -Where outbound rules for firewalls are supported in all environments. -For {{% names/dedicated-gen-2 %}} projects, contact support for configuration. - -### Multiple rules - -Multiple firewall rules can be specified. -In such cases, a given outbound request is allowed if it matches _any_ of the defined rules. - -So in the following example requests to any IP on port 80 are allowed -and requests to 1.2.3.4 on either port 80 or 443 are allowed: - -```yaml {configFile="app"} -firewall: - outbound: - - ips: [ "1.2.3.4/32" ] - ports: [ 443 ] - - ports: [ 80 ] -``` - -### Outbound traffic to CDNs - -Be aware that many services are behind a content delivery network (CDN). -For most CDNs, routing is done via domain name, not IP address, -so thousands of domain names may share the same public IP addresses at the CDN. -If you allow the IP address of a CDN, you are usually allowing many or all of the other customers hosted behind that -CDN. - -### Outbound traffic by domain - -You can filter outbound traffic by domain. -Using domains in your rules rather than IP addresses is generally more specific and secure. -For example, if you use an IP address for a service with a CDN, -you have to allow the IP address for the CDN. -This means that you allow potentially hundreds or thousands of other servers also using the CDN. - -An example rule filtering by domain: - -```yaml {configFile="app"} -firewall: - outbound: - - protocol: tcp - domains: ["api.stripe.com", "api.twilio.com"] - ports: [80, 443] - - protocol: tcp - ips: ["1.2.3.4/29","2.3.4.5"] - ports: [22] -``` - -#### Determine which domains to allow - -To determine which domains to include in your filtering rules, -find the domains your site has requested the DNS to resolve. -Run the following command to parse your server’s `dns.log` file -and display all Fully Qualified Domain Names that have been requested: - -```bash -awk '/query\[[^P]\]/ { print $6 | "sort -u" }' /var/log/dns.log -``` - -The output includes all DNS requests that were made, including those blocked by your filtering rules. -It doesn't include any requests made using an IP address. - -Example output: - -```bash -facebook.com -fastly.com -platform.sh -www.google.com -www.platform.sh -``` - -## Hooks - -There are three different hooks that run as part of the process of building and deploying your app. -These are places where you can run custom scripts. -They are: the `build` hook, the `deploy` hook, and the `post_deploy` hook. -Only the `build` hook is run for [worker instances](#workers), while [web instances](#web) run all three. - -The process is ordered as: - -1. Variables accessible at build time become available. -1. The `build` hook is run. -1. The file system is changed to read only (except for any [mounts](#mounts)). -1. The app container starts. Variables accessible at runtime and services become available. -1. The `deploy` hook is run. -1. The app container begins accepting requests. -1. The `post_deploy` hook is run. - -Note that if an environment changes by no code changes, only the last step is run. -If you want the entire process to run, see how to [manually trigger builds](/development/troubleshoot.md#manually-trigger-builds). - -### Writable directories during build - -During the `build` hook, there are three writeable directories: - -- `PLATFORM_APP_DIR`: - Where your code is checked out and the working directory when the `build` hook starts. - Becomes the app that gets deployed. -- `PLATFORM_CACHE_DIR`: - Persists between builds, but isn't deployed. - Shared by all builds on all branches. -- `/tmp`: - Isn't deployed and is wiped between each build. - Note that `PLATFORM_CACHE_DIR` is mapped to `/tmp` - and together they offer about 8GB of free space. - -### Hook failure - -Each hook is executed as a single script, so they're considered to have failed only if the final command in them fails. -To cause them to fail on the first failed command, add `set -e` to the beginning of the hook. - -If a `build` hook fails for any reason, the build is aborted and the deploy doesn't happen. -Note that this only works for `build` hooks -- -if other hooks fail, the app is still deployed. - -#### Automated testing - -It’s preferable that you set up and run automated tests in a dedicated CI/CD tool. -Relying on {{% vendor/name %}} hooks for such tasks can prove difficult. - -During the `build` hook, you can halt the deployment on a test failure but the following limitations apply: - -- Access to services such as databases, Redis, Vault KMS, and even writable mounts is disabled. - So any testing that relies on it is sure to fail. -- If you haven’t made changes to your app, an existing build image is reused and the build hook isn’t run. -- Test results are written into your app container, so they might get exposed to a third party. - -During the `deploy` hook, you can access services but **you can’t halt the deployment based on a test failure**. -Note that there are other downsides: - -- Your app container is read-only during the deploy hook, - so if your tests need to write reports and other information, you need to create a file mount for them. -- Your app can only be deployed once the deploy hook has been completed. - Therefore, running automated testing via the deploy hook generates slower deployments. -- Your environment isn’t available externally during the deploy hook. - Unit and integration testing might work without the environment being available, - but you can’t typically perform end-to-end testing until after the environment is up and available. - -## Crons - -The keys of the `crons` definition are the names of the cron jobs. -The names must be unique. - -If an application defines both a `web` instance and `worker` instances, cron jobs run only on the `web` instance. - -See how to [get cron logs](/increase-observability/logs/access-logs.md#container-logs). - -The following table shows the properties for each job: - -| Name | Type | Required | Description | -|--------------------|----------------------------------------------|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time. | -| `commands` | A [cron commands dictionary](#cron-commands) | Yes | A definition of what commands to run when starting and stopping the cron job. | -| `shutdown_timeout` | `integer` | No | When a cron is canceled, this represents the number of seconds after which a `SIGKILL` signal is sent to the process to force terminate it. The default is `10` seconds. | -| `timeout` | `integer` | No | The maximum amount of time a cron can run before it's terminated. Defaults to the maximum allowed value of `86400` seconds (24 hours). | - -Note that you can [cancel pending or running crons](/environments/cancel-activity.md). - -{{< note >}} - -The use of the `cmd` key is now deprecated in favor of the `commands`key.
-Make sure you set your new cron jobs using the `commands` key, -and update your existing cron jobs to ensure continuity. - -{{< /note >}} - -### Cron commands - -| Name | Type | Required | Description | -|---------|----------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `start` | `string` | Yes | The command that's run. It's run in [Dash](https://en.wikipedia.org/wiki/Almquist_shell). | -| `stop` | `string` | No | The command that's issued to give the cron command a chance to shutdown gracefully, such as to finish an active item in a list of tasks. Issued when a cron task is interrupted by a user through the CLI or Console. If not specified, a `SIGTERM` signal is sent to the process. | - -```yaml {configFile="app"} -crons: - mycommand: - spec: 'H * * * *' - commands: - start: sleep 60 && echo sleep-60-finished && date - stop: killall sleep - shutdown_timeout: 18 -``` - -In this example configuration, the [cron specification](#crons) uses the `H` syntax. - -Note that this syntax is only supported on Grid and {{% names/dedicated-gen-3 %}} projects. -On {{% names/dedicated-gen-2 %}} projects, use the [standard cron syntax](https://en.wikipedia.org/wiki/Cron#Cron_expression). - -### Example cron jobs - - -{{< codetabs >}} - -+++ -title=Drupal -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "php@{{% latest php %}}" ] -crons: - # Run Drupal's cron tasks every 19 minutes. - drupal: - spec: '*/19 * * * *' - commands: - start: 'cd web ; drush core-cron' - # But also run pending queue tasks every 7 minutes. - # Use an odd number to avoid running at the same time as the `drupal` cron. - drush-queue: - spec: '*/7 * * * *' - commands: - start: 'cd web ; drush queue-run aggregator_feeds' -{{< /snippet >}} -``` - -<---> - -+++ -title=Ruby on Rails -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "ruby@{{% latest ruby %}}" ] -crons: - # Execute a rake script every 19 minutes. - ruby: - spec: '*/19 * * * *' - commands: - start: 'bundle exec rake some:task' -{{< /snippet >}} -``` - -<---> - -+++ -title=Laravel -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "php@{{% latest php %}}" ] -crons: - # Run Laravel's scheduler every 5 minutes. - scheduler: - spec: '*/5 * * * *' - commands: - start: 'php artisan schedule:run' -{{< /snippet >}} -``` - -<---> - -+++ -title=Symfony -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "php@{{% latest php %}}" ] -crons: - # Take a backup of the environment every day at 5:00 AM. - snapshot: - spec: 0 5 * * * - commands: - start: | - # Only run for the production environment, aka main branch - if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then - croncape symfony ... - fi -{{< /snippet >}} -``` - -{{< /codetabs >}} - - -### Conditional crons - -If you want to set up customized cron schedules depending on the environment type, -define conditional crons. -To do so, use a configuration similar to the following: - -```yaml {configFile="app"} -crons: - update: - spec: '0 0 * * *' - commands: - start: | - if [ "$PLATFORM_ENVIRONMENT_TYPE" = production ]; then - {{% vendor/cli %}} backup:create --yes --no-wait - {{% vendor/cli %}} source-operation:run update --no-wait --yes - fi -``` - -### Cron job timing - -Minimum time between cron jobs being triggered: - -| Plan | Time | -|-------------------- | --------- | -| Professional | 5 minutes | -| Elite or Enterprise | 1 minute | - -For each app container, only one cron job can run at a time. -If a new job is triggered while another is running, the new job is paused until the other completes. - -To minimize conflicts, a random offset is applied to all triggers. -The offset is a random number of seconds up to 20 minutes or the cron frequency, whichever is smaller. - -Crons are also paused while activities such as [backups](/environments/backup.md) are running. -The crons are queued to run after the other activity finishes. - -To run cron jobs in a timezone other than UTC, set the [timezone property](#top-level-properties). - -### Paused crons - -[Preview environments](/glossary/_index.md#preview-environment) are often used for a limited time and then abandoned. -While it's useful for environments under active development to have scheduled tasks, -unused environments don't need to run cron jobs. -To minimize unnecessary resource use, -crons on environments with no deployments are paused. - -This affects all environments that aren't live environments. -This means all environments on Development plans -and all preview environments on higher plans. - -Such environments with deployments within 14 days have crons with the status `running`. -If there haven't been any deployments within 14 days, the status is `paused`. - -You can see the status in the Console -or using the CLI by running `{{% vendor/cli %}} environment:info` and looking under `deployment_state`. - -#### Restarting paused crons - -If the crons on your preview environment are paused but you're still using them, -you can push changes to the environment or redeploy it. - -To restart crons without changing anything: - -{{< codetabs >}} - -+++ -title=In the Console -+++ - -1. In the Console, navigate to your project. -1. Open the environment where you'd like the crons to run. -1. Click `Redeploy` next to the cron status of `Paused`. - -<---> - -+++ -title=Using the CLI -+++ - -Run the following command: - -```bash -{{% vendor/cli %}} redeploy -``` - -{{< /codetabs >}} - -### Sizing hints - -The following table shows the properties that can be set in `sizing_hints`: - -| Name | Type | Default | Minimum | Description | -|-------------------|-----------|---------|---------|------------------------------------------------| -| `request_memory` | `integer` | 45 | 10 | The average memory consumed per request in MB. | -| `reserved_memory` | `integer` | 70 | 70 | The amount of memory reserved in MB. | - -See more about [PHP-FPM workers and sizing](/languages/php/fpm.md). - -## Source - -The following table shows the properties that can be set in `source`: - -| Name | Type | Required | Description | -|--------------|--------------------------|----------|---------------------------------------------------------------------------------------------------------------------------------| -| `operations` | An operations dictionary | | Operations that can be applied to the source code. See [source operations](/create-apps/source-operations.md) | -| `root` | `string` | | The path where the app code lives. Defaults to the root project directory. Useful for [multi-app setups](/create-apps/multi-app/_index.md). | - -## Additional hosts - -If you're using a private network with specific IP addresses you need to connect to, -you might want to map those addresses to hostnames to better remember and organize them. -In such cases, you can add a map of those IP addresses to whatever hostnames you like. -Then when your app tries to access the hostname, it's sent to the proper IP address. - -So in the following example, if your app tries to access `api.example.com`, it's sent to `192.0.2.23`. - -```yaml {configFile="app"} -additional_hosts: - api.example.com: "192.0.2.23" - web.example.com: "203.0.113.42" -``` - -This is equivalent to adding the mapping to the `/etc/hosts` file for the container. From c1cfdc89cdafc3bb4b2589b0b9ce495402bd6f90 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sat, 19 Jul 2025 04:07:19 -0400 Subject: [PATCH 05/48] settings/_index.md initial draft --- .../create-apps/app-reference/settings/_index.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/settings/_index.md b/sites/platform/src/create-apps/app-reference/settings/_index.md index 6663e596d9..bf86edfaa3 100644 --- a/sites/platform/src/create-apps/app-reference/settings/_index.md +++ b/sites/platform/src/create-apps/app-reference/settings/_index.md @@ -1,9 +1,14 @@ --- -title: "Config file properties" -linktitle: "Properties" +title: "Image properties" +sidebarTitle: "Image properties" weight: 6 -description: Configure your app and control how it's built and deployed on {{% vendor/name %}}. +description: Details about image properties in the {{% vendor/name %}} config.yaml file layout: single --- -Use the topics below to learn more about each property in the config.yaml file. +Learn about the image properties you can define in the an application configuration file. + +The properties below are used to configure both a single-runtime image and a composable image. + +For settings that are unique to each image, refer to the [Single-runtime image](/create-apps/app-reference/single-runtime-image.md#) and [Composable image](/create-apps/app-reference/composable-image.md#) topics. + From bf799952b163745240be783fbb8bde35adb3803f Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sat, 19 Jul 2025 04:38:25 -0400 Subject: [PATCH 06/48] Rename settings to image-properties --- .../{settings => image-properties}/_index.md | 0 .../{settings => image-properties}/relationships.md | 10 ++++------ 2 files changed, 4 insertions(+), 6 deletions(-) rename sites/platform/src/create-apps/app-reference/{settings => image-properties}/_index.md (100%) rename sites/platform/src/create-apps/app-reference/{settings => image-properties}/relationships.md (96%) diff --git a/sites/platform/src/create-apps/app-reference/settings/_index.md b/sites/platform/src/create-apps/app-reference/image-properties/_index.md similarity index 100% rename from sites/platform/src/create-apps/app-reference/settings/_index.md rename to sites/platform/src/create-apps/app-reference/image-properties/_index.md diff --git a/sites/platform/src/create-apps/app-reference/settings/relationships.md b/sites/platform/src/create-apps/app-reference/image-properties/relationships.md similarity index 96% rename from sites/platform/src/create-apps/app-reference/settings/relationships.md rename to sites/platform/src/create-apps/app-reference/image-properties/relationships.md index 3f65a5e969..ea5702a299 100644 --- a/sites/platform/src/create-apps/app-reference/settings/relationships.md +++ b/sites/platform/src/create-apps/app-reference/image-properties/relationships.md @@ -1,20 +1,17 @@ --- title: "`relationships`" +sidebarTitle: "relationships" weight: 4 description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. -keywords: - - sleepy crons - - sleepy_crons --- -{{% description %}} +The following information applies to configuring either single runtime images or composable in {{% vendor/name %}}. -## Define relationships +## Relationships To allow containers in your project to communicate with one another, you need to define relationships between them. You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). - The quickest way to define a relationship between your app and a service is to use the service's default endpoint.
@@ -188,3 +185,4 @@ Feel free to use this until the default and explicit endpoint syntax is supporte {{< /note >}} + From 8a90ba13a41e722cf434baf594bae36070735164 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sat, 19 Jul 2025 20:26:10 -0400 Subject: [PATCH 07/48] image-properties tweaks --- .../src/create-apps/app-reference/image-properties/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/image-properties/_index.md b/sites/platform/src/create-apps/app-reference/image-properties/_index.md index bf86edfaa3..85ea0542f5 100644 --- a/sites/platform/src/create-apps/app-reference/image-properties/_index.md +++ b/sites/platform/src/create-apps/app-reference/image-properties/_index.md @@ -8,7 +8,7 @@ layout: single Learn about the image properties you can define in the an application configuration file. -The properties below are used to configure both a single-runtime image and a composable image. +The image properties below are used to configure both single-runtime images and composable images. Although thethe images use many of the same property names, the details or syntax differ depending on the context. These differences are noted within the topic. -For settings that are unique to each image, refer to the [Single-runtime image](/create-apps/app-reference/single-runtime-image.md#) and [Composable image](/create-apps/app-reference/composable-image.md#) topics. +For details about the properties that are unique to each image type, refer to the [Single-runtime image](/create-apps/app-reference/single-runtime-image.md#) and [Composable image](/create-apps/app-reference/composable-image.md#) topics. From 6f1584205979bc9541668811c506f446c8d49491 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sun, 20 Jul 2025 02:12:53 -0400 Subject: [PATCH 08/48] Platform hooks.md - use codetabs --- .../src/create-apps/app-reference/hooks.md | 28 +++++++++++++++++-- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/hooks.md b/sites/platform/src/create-apps/app-reference/hooks.md index 53f79b3b5f..8e5300d904 100644 --- a/sites/platform/src/create-apps/app-reference/hooks.md +++ b/sites/platform/src/create-apps/app-reference/hooks.md @@ -12,11 +12,17 @@ These are places where you can run custom scripts. They are: the `build` hook, the `deploy` hook, and the `post_deploy` hook. Only the `build` hook is run for [worker instances](/create-apps/app-reference/workers.md), while [web instances](/create-apps/app-reference/web.md) run all three. -For, the process is ordered as: +The process is ordered as: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ 1. Variables accessible at build time become available. -1. **Single-runtime image only**: [Build flavor](/create-apps/app-reference/single-runtime-image.md#build) runs if applicable. -1. **Single-runtime image only**: Any [dependencies](/create-apps/app-reference/single-runtime-image.md##dependencies) are installed. +1. [Build flavor](/create-apps/app-reference/single-runtime-image.md#build) runs if applicable. +1. Any [dependencies](/create-apps/app-reference/single-runtime-image.md##dependencies) are installed. 1. The `build` hook is run. 1. The file system is changed to read only, except for any [mounts](/create-apps/app-reference/mounts.md). 1. The app container starts. Variables accessible at runtime and services become available. @@ -24,6 +30,22 @@ For, the process is ordered as: 1. The app container begins accepting requests. 1. The `post_deploy` hook is run. +<---> + ++++ +title=Composable image ++++ + +1. Variables accessible at build time become available. +1. The `build` hook is run. +1. The file system is changed to read only, except for any [mounts](/create-apps/app-reference/mounts.md). +1. The app container starts. Variables accessible at runtime and services become available. +1. The `deploy` hook is run. +1. The app container begins accepting requests. +1. The `post_deploy` hook is run. + +{{< /codetabs >}} + Note that if an environment changes by no code changes, only the last step is run. If you want the entire process to run, see how to [manually trigger builds](/development/troubleshoot.md#manually-trigger-builds). From 8471043380898127f8b71ac1db5cec16c923719f Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sun, 20 Jul 2025 03:01:12 -0400 Subject: [PATCH 09/48] platform web.md - update and fix link in intro --- sites/platform/src/create-apps/app-reference/web.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sites/platform/src/create-apps/app-reference/web.md b/sites/platform/src/create-apps/app-reference/web.md index 09912dddd2..455a3e5d85 100644 --- a/sites/platform/src/create-apps/app-reference/web.md +++ b/sites/platform/src/create-apps/app-reference/web.md @@ -5,7 +5,7 @@ description: See all of the options for controlling your apps and how they're bu --- Optional. Use the `web` key to configure the web server running in front of your app. -Defaults may vary with a different [image `type`](#types). +In single-runtime images, defaults may vary with a different [image `type`](/create-apps/app-reference/single-runtime-image.md#types). | Name | Type | Required | Description | |-------------|--------------------------------------------|-------------------------------|------------------------------------------------------| From 61f6df4192ec74dc6e7ffe7b6c17d2d4ddc34e11 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sun, 20 Jul 2025 03:57:44 -0400 Subject: [PATCH 10/48] Platform crons: change link title to avoid confusion with wiki page destination --- sites/platform/src/create-apps/app-reference/crons.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sites/platform/src/create-apps/app-reference/crons.md b/sites/platform/src/create-apps/app-reference/crons.md index 41e65fb690..d9d3d26f9b 100644 --- a/sites/platform/src/create-apps/app-reference/crons.md +++ b/sites/platform/src/create-apps/app-reference/crons.md @@ -46,7 +46,7 @@ crons: stop: killall sleep shutdown_timeout: 18 ``` -In this example configuration, the [cron specification](#crons) uses the `H` syntax. +In this example configuration, the crons [`spec`](#crons) uses the `H` syntax. Note that this syntax is only supported on Grid and {{% names/dedicated-gen-3 %}} projects. On {{% names/dedicated-gen-2 %}} projects, use the [standard cron syntax](https://en.wikipedia.org/wiki/Cron#Cron_expression). From f07b94fea32dd2d609bef3389dd5fa7daae54735 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sun, 20 Jul 2025 04:49:44 -0400 Subject: [PATCH 11/48] Platform crons.md - edit --- sites/platform/src/create-apps/app-reference/crons.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sites/platform/src/create-apps/app-reference/crons.md b/sites/platform/src/create-apps/app-reference/crons.md index d9d3d26f9b..9933826561 100644 --- a/sites/platform/src/create-apps/app-reference/crons.md +++ b/sites/platform/src/create-apps/app-reference/crons.md @@ -262,7 +262,7 @@ The offset is a random number of seconds up to 20 minutes or the cron frequency, Crons are also paused while activities such as [backups](/environments/backup.md) are running. The crons are queued to run after the other activity finishes. -To run cron jobs in a timezone other than UTC, set the `timezone` property ([single-runtime image](/create-apps/app-reference/single-runtime-image.md#top-level-properties), +To run cron jobs in a timezone other than UTC, set the `timezone` property as described for the image type ([single-runtime image](/create-apps/app-reference/single-runtime-image.md#top-level-properties) or [composable image](/create-apps/app-reference/composable-image.md#top-level-properties)). ### Paused crons From 1aea5091884394aa85021d4b2cc2c56aa6975128 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sun, 20 Jul 2025 06:12:11 -0400 Subject: [PATCH 12/48] Platform file to additional_hosts --- .../app-reference/{additional-hosts.md => additional_hosts.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename sites/platform/src/create-apps/app-reference/{additional-hosts.md => additional_hosts.md} (96%) diff --git a/sites/platform/src/create-apps/app-reference/additional-hosts.md b/sites/platform/src/create-apps/app-reference/additional_hosts.md similarity index 96% rename from sites/platform/src/create-apps/app-reference/additional-hosts.md rename to sites/platform/src/create-apps/app-reference/additional_hosts.md index f0bffa7941..dd9b4438fa 100644 --- a/sites/platform/src/create-apps/app-reference/additional-hosts.md +++ b/sites/platform/src/create-apps/app-reference/additional_hosts.md @@ -1,5 +1,5 @@ --- -title: "`additional-hosts`" +title: "`additional_hosts`" weight: 4 description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. --- From 13d41e3ff1da9b47c51b8d7e969f15f1169329a9 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sun, 20 Jul 2025 06:13:05 -0400 Subject: [PATCH 13/48] Platform image files - update link to additional_hosts info --- .../platform/src/create-apps/app-reference/composable-image.md | 2 +- .../src/create-apps/app-reference/single-runtime-image.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/composable-image.md b/sites/platform/src/create-apps/app-reference/composable-image.md index bc8689470b..a594e09746 100644 --- a/sites/platform/src/create-apps/app-reference/composable-image.md +++ b/sites/platform/src/create-apps/app-reference/composable-image.md @@ -55,7 +55,7 @@ To override any part of a property, you have to provide the entire property. | `hooks` | A [hooks dictionary](#hooks) | | No | What commands run at different stages in the build and deploy process. | | `crons` | A [cron dictionary](#crons) | | No | Scheduled tasks for the app. | | `source` | A [source dictionary](#source) | | No | Information on the app's source code and operations that can be run on it. | -| `additional_hosts` | An [additional hosts dictionary](#additional-hosts) | | Yes | Maps of hostnames to IP addresses. | +| `additional_hosts` | An [additional hosts dictionary](/create-apps/app-reference/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | | `operations` | A [dictionary of Runtime operations](/create-apps/runtime-operations.md) | | No | Runtime operations for the application. | {{% note %}} diff --git a/sites/platform/src/create-apps/app-reference/single-runtime-image.md b/sites/platform/src/create-apps/app-reference/single-runtime-image.md index 59de685bb0..24df68fab3 100644 --- a/sites/platform/src/create-apps/app-reference/single-runtime-image.md +++ b/sites/platform/src/create-apps/app-reference/single-runtime-image.md @@ -44,7 +44,7 @@ To override any part of a property, you have to provide the entire property. | `crons` | A [cron dictionary](#crons) | | No | Scheduled tasks for the app. | | `source` | A [source dictionary](#source) | | No | Information on the app's source code and operations that can be run on it. | | `runtime` | A [runtime dictionary](#runtime) | | No | Customizations to your PHP runtime. | -| `additional_hosts` | An [additional hosts dictionary](#additional-hosts) | | Yes | Maps of hostnames to IP addresses. | +| `additional_hosts` | An [additional hosts dictionary](/create-apps/app-reference/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | | `operations` | A [dictionary of Runtime operations](/create-apps/runtime-operations.md) | | No | Runtime operations for the application. | ## Root directory From 0d5c4b32f9031f960addc56c0849c751b624a27b Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sun, 20 Jul 2025 07:56:33 -0400 Subject: [PATCH 14/48] Upsun composable image - link update for testing --- sites/upsun/src/create-apps/app-reference/composable-image.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sites/upsun/src/create-apps/app-reference/composable-image.md b/sites/upsun/src/create-apps/app-reference/composable-image.md index d1522d9798..f9aca1580e 100644 --- a/sites/upsun/src/create-apps/app-reference/composable-image.md +++ b/sites/upsun/src/create-apps/app-reference/composable-image.md @@ -74,7 +74,7 @@ To override any part of a property, you have to provide the entire property. | `hooks` | A [hooks dictionary](#hooks) | | No | What commands run at different stages in the build and deploy process. | | `crons` | A [cron dictionary](#crons) | | No | Scheduled tasks for the app. | | `source` | A [source dictionary](#source) | | No | Information on the app's source code and operations that can be run on it. | -| `additional_hosts` | An [additional hosts dictionary](#additional-hosts) | | Yes | Maps of hostnames to IP addresses. | +| `additional_hosts` | An [additional hosts dictionary](/create-apps/app-reference/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | | `operations` | A [dictionary of Runtime operations](/create-apps/runtime-operations.md) | | No | Runtime operations for the application. | From 2d88e72fa9493c016ce444b4d7297489abbe1da6 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sun, 20 Jul 2025 07:57:44 -0400 Subject: [PATCH 15/48] Upsun single-runtime: Assorted minor additions to track merging content --- .../app-reference/single-runtime-image.md | 50 ++++++++++++------- 1 file changed, 31 insertions(+), 19 deletions(-) diff --git a/sites/upsun/src/create-apps/app-reference/single-runtime-image.md b/sites/upsun/src/create-apps/app-reference/single-runtime-image.md index fa91f86b8c..b092250f60 100644 --- a/sites/upsun/src/create-apps/app-reference/single-runtime-image.md +++ b/sites/upsun/src/create-apps/app-reference/single-runtime-image.md @@ -41,8 +41,8 @@ To override any part of a property, you have to provide the entire property. |---------------------|--------------------------------------------------------------------------------------------|----------|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `type` | A [type](#types) | Yes | No | The base image to use with a specific app language. Format: `runtime:version`. | | `container_profile` | A [container profile](/manage-resources/adjust-resources.md#advanced-container-profiles) | | Yes | Container profile of the application. | -| `relationships` | A dictionary of [relationships](#relationships) | | Yes | Connections to other services and apps. | -| `mounts` | A dictionary of [mounts](#mounts) | | Yes | Directories that are writable even after the app is built. Allocated disk for mounts is defined with a separate resource configuration call using `{{% vendor/cli %}} resources:set`. | +| `relationships` | A dictionary of [relationships](/create-apps/app-reference/relationships.md) | | Yes | Connections to other services and apps. | +| `mounts` | A dictionary of [mounts](/create-apps/app-reference/mounts.md) | | Yes | Directories that are writable even after the app is built. Allocated disk for mounts is defined with a separate resource configuration call using `{{% vendor/cli %}} resources:set`. | | `web` | A [web instance](#web) | | N/A | How the web application is served. | | `workers` | A [worker instance](#workers) | | N/A | Alternate copies of the application to run as background processes. | | `timezone` | `string` | | No | The timezone for crons to run. Format: a [TZ database name](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). Defaults to `UTC`, which is the timezone used for all logs no matter the value here. See also [app runtime timezones](../timezone.md) | @@ -55,7 +55,7 @@ To override any part of a property, you have to provide the entire property. | `crons` | A [cron dictionary](#crons) | | No | Scheduled tasks for the app. | | `source` | A [source dictionary](#source) | | No | Information on the app's source code and operations that can be run on it. | | `runtime` | A [runtime dictionary](#runtime) | | No | Customizations to your PHP runtime. | -| `additional_hosts` | An [additional hosts dictionary](#additional-hosts) | | Yes | Maps of hostnames to IP addresses. | +| `additional_hosts` | An [additional hosts dictionary](/create-apps/app-reference/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | | `operations` | A [dictionary of Runtime operations](/create-apps/runtime-operations.md) | | No | Runtime operations for the application. | ## Root directory @@ -126,14 +126,15 @@ applications: - "python@3.12" - "python312Packages.yq" # python package specific ``` - + ## Resources Resources for application containers are not committed to YAML files, but instead managed over the API using either the Console or the `{{% vendor/cli %}} resources:set` command. For more information, see how to [manage resources](/manage-resources.md). - + + ## Relationships To allow containers in your project to communicate with one another, @@ -342,7 +343,8 @@ services: Feel free to use this until the default and explicit endpoint syntax is supported on all images. {{< /note >}} - + + ## Available disk space Disk for application containers are not committed to YAML files, but instead managed over the API using either the @@ -356,7 +358,8 @@ You can decrease the size of an existing disk for an app. If you do so, be aware - Backups from before the downsize are incompatible and can no longer be used. You need to [create new backups](/environments/backup.md). - The downsize fails if there’s more data on the disk than the desired size. - + + ## Mounts After your app is built, its file system is read-only. @@ -601,7 +604,8 @@ applications: The `storage` mount type specifically exists to share data between instances of the same application, whereas `tmp` and `instance` are meant to restrict data to build time and runtime of a single application instance, respectively. These allowances are not compatible, and will result in an error if pushed. - + + ## Web Use the `web` key to configure the web server running in front of your app. @@ -777,7 +781,8 @@ applications: enabled: true max_request_size: 250m ``` - + + ## Workers Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](#hooks). @@ -814,7 +819,8 @@ applications: Workers require resource definition using `{{% vendor/cli %}} resources:set`, same as application containers. For more information, see how to [manage resources](/manage-resources.md). - + + ## Access The `access` dictionary has one allowed key: @@ -836,7 +842,8 @@ applications: access: ssh: admin ``` - + + ## Variables {{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). @@ -870,7 +877,8 @@ applications: ``` You can also define and access more [complex values](/development/variables/use-variables.md#access-complex-values). - + + ## Firewall {{< premium-features/tiered "Elite and Enterprise" >}} @@ -984,7 +992,7 @@ upsun.com www.google.com www.upsun.com ``` - + ## Build The only property of the `build` dictionary is `flavor`, which specifies a default set of build tasks to run. @@ -1048,7 +1056,7 @@ applications: nodejs: # Specify one NPM package per line. pm2: '^4.5.0' ``` - + ## Hooks There are three different hooks that run as part of the process of building and deploying your app. @@ -1118,7 +1126,8 @@ Note that there are other downsides: - Your environment isn’t available externally during the deploy hook. Unit and integration testing might work without the environment being available, but you can’t typically perform end-to-end testing until after the environment is up and available. - + + ## Crons The keys of the `crons` definition are the names of the cron jobs. @@ -1335,7 +1344,7 @@ Run the following command: ``` {{< /codetabs >}} - + ## Runtime The following table presents the various possible modifications to your PHP runtime: @@ -1401,7 +1410,7 @@ The following table shows the properties that can be set in `sizing_hints`: | `reserved_memory` | `integer` | 70 | 70 | The amount of memory reserved in MB. | See more about [PHP-FPM workers and sizing](/languages/php/fpm.md). - + ## Source The following table shows the properties that can be set in `source`: @@ -1410,7 +1419,8 @@ The following table shows the properties that can be set in `source`: |--------------|--------------------------|----------|-----------------------------------------------------------------------------------------------------------------------------------| | `operations` | An operations dictionary | | Operations that can be applied to the source code. See [source operations](../source-operations.md) | | `root` | `string` | | The path where the app code lives. Defaults to the root project directory. Useful for [multi-app setups](../multi-app/_index.md). | - + + ## Container profile By default, {{% vendor/name %}} allocates a container profile to each app and service depending on the range of resources it’s @@ -1423,7 +1433,8 @@ Using the {{% vendor/name %}} CLI or Console, you can then pick a CPU and RAM co - [Default container profiles](/manage-resources/adjust-resources.md#default-container-profiles) for runtime and service containers - [Customize resources using the `container_profile` key](/manage-resources/adjust-resources.md#adjust-a-container-profile) - + + ## Additional hosts If you're using a private network with specific IP addresses you need to connect to, @@ -1445,3 +1456,4 @@ applications: ``` This is equivalent to adding the mapping to the `/etc/hosts` file for the container. + \ No newline at end of file From 5a60377eea26e59feafeba591048e9980b592a60 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sun, 20 Jul 2025 07:58:47 -0400 Subject: [PATCH 16/48] Upsun: commit new image property files that contain merged content --- .../src/create-apps/app-reference/access.md | 50 ++ .../app-reference/additional_hosts.md | 349 ++++++++++++++ .../app-reference/container_profile.md | 16 + .../src/create-apps/app-reference/crons.md | 354 +++++++++++++++ .../src/create-apps/app-reference/disk.md | 19 + .../src/create-apps/app-reference/firewall.md | 206 +++++++++ .../src/create-apps/app-reference/hooks.md | 99 ++++ .../src/create-apps/app-reference/mounts.md | 428 ++++++++++++++++++ .../app-reference/relationships.md | 216 +++++++++ .../create-apps/app-reference/resources.md | 24 + .../src/create-apps/app-reference/source.md | 12 + .../create-apps/app-reference/variables.md | 66 +++ .../src/create-apps/app-reference/web.md | 349 ++++++++++++++ .../src/create-apps/app-reference/workers.md | 91 ++++ 14 files changed, 2279 insertions(+) create mode 100644 sites/upsun/src/create-apps/app-reference/access.md create mode 100644 sites/upsun/src/create-apps/app-reference/additional_hosts.md create mode 100644 sites/upsun/src/create-apps/app-reference/container_profile.md create mode 100644 sites/upsun/src/create-apps/app-reference/crons.md create mode 100644 sites/upsun/src/create-apps/app-reference/disk.md create mode 100644 sites/upsun/src/create-apps/app-reference/firewall.md create mode 100644 sites/upsun/src/create-apps/app-reference/hooks.md create mode 100644 sites/upsun/src/create-apps/app-reference/mounts.md create mode 100644 sites/upsun/src/create-apps/app-reference/relationships.md create mode 100644 sites/upsun/src/create-apps/app-reference/resources.md create mode 100644 sites/upsun/src/create-apps/app-reference/source.md create mode 100644 sites/upsun/src/create-apps/app-reference/variables.md create mode 100644 sites/upsun/src/create-apps/app-reference/web.md create mode 100644 sites/upsun/src/create-apps/app-reference/workers.md diff --git a/sites/upsun/src/create-apps/app-reference/access.md b/sites/upsun/src/create-apps/app-reference/access.md new file mode 100644 index 0000000000..a7226a5407 --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/access.md @@ -0,0 +1,50 @@ +--- +title: "`access`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. The `access` dictionary has one allowed key: + +| Name | Allowed values | Default | Description | +|-------|-------------------------------------|---------------|-----------------------------------------------------------------------| +| `ssh` | `admin`, `contributor`, or `viewer` | `contributor` | Defines the minimum role required to access app environments via SSH. | + +In the following example, only users with `admin` permissions for the +given [environment type](/administration/users.md#environment-type-roles) +can access the deployed environment via SSH: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + access: + ssh: admin +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + access: + ssh: admin +``` + +{{< /codetabs >}} + diff --git a/sites/upsun/src/create-apps/app-reference/additional_hosts.md b/sites/upsun/src/create-apps/app-reference/additional_hosts.md new file mode 100644 index 0000000000..a8a5618ff5 --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/additional_hosts.md @@ -0,0 +1,349 @@ +--- +title: "`additional_hosts`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. Use the `web` key to configure the web server running in front of your app. +In single-runtime images, defaults may vary with a different [image `type`](/create-apps/app-reference/single-runtime-image.md#types). + +| Name | Type | Required | Description | +|-------------|--------------------------------------------|-------------------------------|------------------------------------------------------| +| `commands` | A [web commands dictionary](#web-commands) | See [note](#required-command) | The command to launch your app. | +| `upstream` | An [upstream dictionary](#upstream) | | How the front server connects to your app. | +| `locations` | A [locations dictionary](#locations) | | How the app container responds to incoming requests. | + +See some [examples of how to configure what's served](../web/_index.md). + +### Web commands + +| Name | Type | Required | Description | +|--------------|----------|-------------------------------|-----------------------------------------------------------------------------------------------------| +| `pre_start` | `string` | | Command run just prior to `start`, which can be useful when you need to run _per-instance_ actions. | +| `start` | `string` | See [note](#required-command) | The command to launch your app. If it terminates, it's restarted immediately. | +| `post_start` | `string` | | Command runs **before** adding the container to the router and **after** the `start` command. | + +{{< note theme="info" >}} +The `post_start` feature is _experimental_ and may change. Please share your feedback in the +[{{% vendor/name %}} discord](https://discord.gg/platformsh). +{{< /note >}} + +Example: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + web: + commands: + start: 'uwsgi --ini conf/server.ini' +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + web: + commands: + start: 'uwsgi --ini conf/server.ini' +``` + +{{< /codetabs >}} + + +This command runs every time your app is restarted, regardless of whether or not new code is deployed. + +{{< note >}} + +Never "background" a start process using `&`. +That's interpreted as the command terminating and the supervisor process starts a second copy, +creating an infinite loop until the container crashes. +Just run it as normal and allow the {{% vendor/name %}} supervisor to manage it. + +{{< /note >}} + +#### Required command + +On all containers other than PHP, the value for `start` should be treated as required. + +On PHP containers, it's optional and defaults to starting PHP-FPM (`/usr/bin/start-php-app`). +It can also be set explicitly on a PHP container to run a dedicated process, +such as [React PHP](https://github.com/platformsh-examples/platformsh-example-reactphp) +or [Amp](https://github.com/platformsh-examples/platformsh-example-amphp). +See how to set up [alternate start commands on PHP](/languages/php/_index.md#alternate-start-commands). + +### Upstream + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + + +| Name | Type | Required | Description | Default | +|-----------------|---------------------|----------|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| +| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | Defaults to `tcp` for all [image types](#types) except PHP; for PHP image types the default is `unix`. | +| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | Default varies based on [image `type`](#types). | + +For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. +For all other containers, the default for `protocol` is `http`. + +The following example is the default on non-PHP containers: + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + web: + upstream: + socket_family: tcp + protocol: http +``` + +<---> + ++++ +title=Composable image ++++ + +| Name | Type | Required | Description | Default | +|-----------------|---------------------|----------|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| +| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | Defaults to `tcp` for all [primary runtimes](#primary-runtime) except PHP; for PHP the default is `unix`. | +| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | Default varies based on the [primary runtimes](#primary-runtime). | + +For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. +For all other containers, the default for `protocol` is `http`. + +The following example is the default on non-PHP containers: + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + web: + upstream: + socket_family: tcp + protocol: http +``` + +{{< /codetabs >}} + + + + +#### Where to listen + +Where to listen depends on your setting for `web.upstream.socket_family` (defaults to `tcp`). + +| `socket_family` | Where to listen | +|-----------------|---------------------------------------------------------------------------------------------------------------------------------------| +| `tcp` | The port specified by the [`PORT` environment variable](/development/variables/use-variables.md#use-provided-variables) | +| `unix` | The Unix socket file specified by the [`SOCKET` environment variable](/development/variables/use-variables.md#use-provided-variables) | + +If your application isn't listening at the same place that the runtime is sending requests, +you see `502 Bad Gateway` errors when you try to connect to your website. + +### Locations + +Each key in the `locations` dictionary is a path on your site with a leading `/`. +For `example.com`, a `/` matches `example.com/` and `/admin` matches `example.com/admin`. +When multiple keys match an incoming request, the most-specific applies. + +The following table presents possible properties for each location: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +| Name | Type | Default | Description | +|---------------------|------------------------------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `root` | `string` | | The directory to serve static assets for this location relative to the [app's root directory](/create-apps/app-reference/single-runtime-image.md#root-directory). Must be an actual directory inside the root directory. | +| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | +| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | +| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a the header. | +| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | +| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | +| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | +| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | +| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | + +<---> + ++++ +title=Composable image ++++ + +| Name | Type | Default | Description | +|---------------------|------------------------------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `root` | `string` | | The directory to serve static assets for this location relative to the app's root directory ([see `source.root`](/create-apps/app-reference/source.md)). Must be an actual directory inside the root directory. | +| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | +| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | +| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. | +| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | +| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | +| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | +| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | +| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | + +{{< /codetabs>}} + +#### Rules + +The rules dictionary can override most other keys according to a regular expression. +The key of each item is a regular expression to match paths exactly. +If an incoming request matches the rule, it's handled by the properties under the rule, +overriding any conflicting rules from the rest of the `locations` dictionary. + +Under `rules`, you can set all the other possible [`locations` properties](#locations) +except `root`, `index`, `rules` and `request_buffering`. + +In the following example, the `allow` key disallows requests for static files anywhere in the site. +This is overridden by a rule that explicitly allows common image file formats. + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + web: + locations: + '/': + # Handle dynamic requests + root: 'public' + passthru: '/index.php' + # Disallow static files + allow: false + rules: + # Allow common image files only. + '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': + allow: true +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + web: + locations: + '/': + # Handle dynamic requests + root: 'public' + passthru: '/index.php' + # Disallow static files + allow: false + rules: + # Allow common image files only. + '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': + allow: true +``` + +{{< /codetabs >}} + + +#### Request buffering + +Request buffering is enabled by default to handle chunked requests as most app servers don't support them. +The following table shows the keys in the `request_buffering` dictionary: + +| Name | Type | Required | Default | Description | +|--------------------|-----------|----------|---------|-------------------------------------------| +| `enabled` | `boolean` | Yes | `true` | Whether request buffering is enabled. | +| `max_request_size` | `string` | | `250m` | The maximum size to allow in one request. | + +The default configuration would look like this: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + web: + locations: + '/': + passthru: true + request_buffering: + enabled: true + max_request_size: 250m +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + web: + locations: + '/': + passthru: true + request_buffering: + enabled: true + max_request_size: 250m +``` + +{{< /codetabs >}} + diff --git a/sites/upsun/src/create-apps/app-reference/container_profile.md b/sites/upsun/src/create-apps/app-reference/container_profile.md new file mode 100644 index 0000000000..057c067830 --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/container_profile.md @@ -0,0 +1,16 @@ +--- +title: "`container_profile`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. By default, {{% vendor/name %}} allocates a container profile to each app and service depending on the range of resources it’s +expected to need. + +Each container profile gives you access to a specific list of CPU and RAM combinations. +Using the {{% vendor/name %}} CLI or Console, you can then pick a CPU and RAM combination for each of your apps and services. + +- [Container profile types and resources](/manage-resources/adjust-resources.md#advanced-container-profiles) +- [Default container profiles](/manage-resources/adjust-resources.md#default-container-profiles) for runtime and service + containers +- [Customize resources using the `container_profile` key](/manage-resources/adjust-resources.md#adjust-a-container-profile) \ No newline at end of file diff --git a/sites/upsun/src/create-apps/app-reference/crons.md b/sites/upsun/src/create-apps/app-reference/crons.md new file mode 100644 index 0000000000..c7082f2074 --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/crons.md @@ -0,0 +1,354 @@ +--- +title: "`crons`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. The keys of the `crons` definition are the names of the cron jobs. +The names must be unique. + +If an application defines both a `web` instance and `worker` instances, cron jobs run only on the `web` instance. + +See how to [get cron logs](/increase-observability/logs/access-logs.md#container-logs). + +The following table shows the properties for each job: + +| Name | Type | Required | Description | +|--------------------|----------------------------------------------|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time. | +| `commands` | A [cron commands dictionary](#cron-commands) | Yes | A definition of what commands to run when starting and stopping the cron job. | +| `shutdown_timeout` | `integer` | No | When a cron is canceled, this represents the number of seconds after which a `SIGKILL` signal is sent to the process to force terminate it. The default is `10` seconds. | +| `timeout` | `integer` | No | The maximum amount of time a cron can run before it's terminated. Defaults to the maximum allowed value of `86400` seconds (24 hours). | + +Note that you can [cancel pending or running crons](/environments/cancel-activity.md). + +### Cron commands + +| Name | Type | Required | Description | +|---------|----------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `start` | `string` | Yes | The command that's run. It's run in [Dash](https://en.wikipedia.org/wiki/Almquist_shell). | +| `stop` | `string` | No | The command that's issued to give the cron command a chance to shutdown gracefully, such as to finish an active item in a list of tasks. Issued when a cron task is interrupted by a user through the CLI or Console. If not specified, a `SIGTERM` signal is sent to the process. | + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'nodejs:{{% latest "nodejs" %}}' + crons: + mycommand: + spec: 'H * * * *' + commands: + start: sleep 60 && echo sleep-60-finished && date + stop: killall sleep + shutdown_timeout: 18 +``` + +In this example configuration, the [cron specification](#crons) uses the `H` syntax. + +### Single-runtime image: Example cron jobs + + +{{< codetabs >}} + ++++ +title=Drupal ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'php:{{% latest "php" %}}' +crons: + # Run Drupal's cron tasks every 19 minutes. + drupal: + spec: '*/19 * * * *' + commands: + start: 'cd web ; drush core-cron' + # But also run pending queue tasks every 7 minutes. + # Use an odd number to avoid running at the same time as the `drupal` cron. + drush-queue: + spec: '*/7 * * * *' + commands: + start: 'cd web ; drush queue-run aggregator_feeds' + {{< /snippet >}} +``` + +<---> + ++++ +title=Ruby on Rails ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'ruby:{{% latest "ruby" %}}' +crons: + # Execute a rake script every 19 minutes. + ruby: + spec: '*/19 * * * *' + commands: + start: 'bundle exec rake some:task' + {{< /snippet >}} +``` + +<---> + ++++ +title=Laravel ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'php:{{% latest "php" %}}' +crons: + # Run Laravel's scheduler every 5 minutes. + scheduler: + spec: '*/5 * * * *' + commands: + start: 'php artisan schedule:run' + {{< /snippet >}} +``` + +<---> + ++++ +title=Symfony ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'php:{{% latest "php" %}}' +crons: + # Take a backup of the environment every day at 5:00 AM. + snapshot: + spec: 0 5 * * * + commands: + start: | + # Only run for the production environment, aka main branch + if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then + croncape symfony ... + fi + {{< /snippet >}} +``` + +{{< /codetabs >}} + + +### Composable image: Example cron jobs + + +{{< codetabs >}} + ++++ +title=Drupal ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "php@{{% latest php %}}" ] +crons: + # Run Drupal's cron tasks every 19 minutes. + drupal: + spec: '*/19 * * * *' + commands: + start: 'cd web ; drush core-cron' + # But also run pending queue tasks every 7 minutes. + # Use an odd number to avoid running at the same time as the `drupal` cron. + drush-queue: + spec: '*/7 * * * *' + commands: + start: 'cd web ; drush queue-run aggregator_feeds' +{{< /snippet >}} +``` + +<---> + ++++ +title=Ruby on Rails ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "ruby@{{% latest ruby %}}" ] +crons: + # Execute a rake script every 19 minutes. + ruby: + spec: '*/19 * * * *' + commands: + start: 'bundle exec rake some:task' +{{< /snippet >}} +``` + +<---> + ++++ +title=Laravel ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "php@{{% latest php %}}" ] +crons: + # Run Laravel's scheduler every 5 minutes. + scheduler: + spec: '*/5 * * * *' + commands: + start: 'php artisan schedule:run' +{{< /snippet >}} +``` + +<---> + ++++ +title=Symfony ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "php@{{% latest php %}}" ] +crons: + # Take a backup of the environment every day at 5:00 AM. + snapshot: + spec: 0 5 * * * + commands: + start: | + # Only run for the production environment, aka main branch + if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then + croncape symfony ... + fi +{{< /snippet >}} +``` + +{{< /codetabs >}} + + +### Conditional crons + +If you want to set up customized cron schedules depending on the environment type, +define conditional crons. +To do so, use a configuration similar to the following: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'php:{{% latest "php" %}}' + crons: + update: + spec: '0 0 * * *' + commands: + start: | + if [ "$PLATFORM_ENVIRONMENT_TYPE" = production ]; then + {{% vendor/cli %}} backup:create --yes --no-wait + {{% vendor/cli %}} source-operation:run update --no-wait --yes + fi +``` +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "php@{{% latest php %}}" ] + crons: + update: + spec: '0 0 * * *' + commands: + start: | + if [ "$PLATFORM_ENVIRONMENT_TYPE" = production ]; then + {{% vendor/cli %}} backup:create --yes --no-wait + {{% vendor/cli %}} source-operation:run update --no-wait --yes + fi +``` + +{{< /codetabs >}} + + + +### Cron job timing + +The minimum time between cron jobs being triggered is 5 minutes. + +For each app container, only one cron job can run at a time. +If a new job is triggered while another is running, the new job is paused until the other completes. + +To minimize conflicts, a random offset is applied to all triggers. +The offset is a random number of seconds up to 20 minutes or the cron frequency, whichever is smaller. + +Crons are also paused while activities such as [backups](/environments/backup.md) are running. +The crons are queued to run after the other activity finishes. + +To run cron jobs in a timezone other than UTC, set the `timezone` property property as described for the image type ([single-runtime image](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) or +[composable image](/create-apps/app-reference/composable-image.md#primary-application-properties)). + +To run cron jobs in a timezone other than UTC, set the [timezone property](#primary-application-properties). + +### Paused crons + +[Preview environments](/glossary.md#preview-environment) are often used for a limited time and then abandoned. +While it's useful for environments under active development to have scheduled tasks, +unused environments don't need to run cron jobs. +To minimize unnecessary resource use, +crons on environments with no deployments are paused. + +This affects all preview environments, _and_ production environment that do not yet have a domain attached to them. + +Such environments with deployments within 14 days have crons with the status `running`. +If there haven't been any deployments within 14 days, the status is `paused`. + +You can see the status in the Console +or using the CLI by running `{{% vendor/cli %}} environment:info` and looking under `deployment_state`. + +#### Restarting paused crons + +If the crons on your preview environment are paused but you're still using them, +you can push changes to the environment or redeploy it. + +To restart crons without changing anything: + +{{< codetabs >}} + ++++ +title=In the Console ++++ + +1. In the Console, navigate to your project. +1. Open the environment where you'd like the crons to run. +1. Click `Redeploy` next to the cron status of `Paused`. + +<---> + ++++ +title=Using the CLI ++++ + +Run the following command: + +```bash +{{% vendor/cli %}} redeploy +``` + +{{< /codetabs >}} + +### Composable image only: Sizing hints + +The following table shows the properties that can be set in `sizing_hints`: + +| Name | Type | Default | Minimum | Description | +|-------------------|-----------|---------|---------|------------------------------------------------| +| `request_memory` | `integer` | 45 | 10 | The average memory consumed per request in MB. | +| `reserved_memory` | `integer` | 70 | 70 | The amount of memory reserved in MB. | + +See more about [PHP-FPM workers and sizing](/languages/php/fpm.md). diff --git a/sites/upsun/src/create-apps/app-reference/disk.md b/sites/upsun/src/create-apps/app-reference/disk.md new file mode 100644 index 0000000000..38258ff7ce --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/disk.md @@ -0,0 +1,19 @@ +--- +title: "`disk`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. Disk for application containers are not committed to YAML files, but instead managed over the API using either the +Console or the `{{% vendor/cli %}} resources:set` command. + +For more information, see how to [manage resources](/manage-resources.md). + +### Downsize a disk + +It's a best practice to [back up your environment](/environments/backup.md) **before and after** you increase **or** decrease the `disk` value (the amount of allocated storage space) of an app or service. + +You can decrease the size of an existing disk for an app. If you do so, be aware that: +- Downsizing fails if the amount of data exceeds the configured `disk` value. +- Backups completed before the downsizing a disk are incompatible and can no longer be used to restore applications. You need to [create new backups](/environments/backup.md). + diff --git a/sites/upsun/src/create-apps/app-reference/firewall.md b/sites/upsun/src/create-apps/app-reference/firewall.md new file mode 100644 index 0000000000..5e0ced6ed0 --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/firewall.md @@ -0,0 +1,206 @@ +--- +title: "`firewall`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +{{< premium-features/tiered "Elite and Enterprise" >}} + +Set limits in outbound traffic from your app with no impact on inbound requests. + +The `outbound` key is required and contains one or more rules. +The rules define what traffic is allowed; anything unspecified is blocked. + +Each rule has the following properties where at least one is required and `ips` and `domains` can't be specified +together: + +| Name | Type | Default | Description | +|-----------|---------------------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `ips` | Array of `string`s | `["0.0.0.0/0"]` | IP addresses in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). See a [CIDR format converter](https://www.ipaddressguide.com/cidr). | +| `domains` | Array of `string`s | | [Fully qualified domain names](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) to specify specific destinations by hostname. | +| `ports` | Array of `integer`s | | Ports from 1 to 65535 that are allowed. If any ports are specified, all unspecified ports are blocked. If no ports are specified, all ports are allowed. Port `25`, the SMTP port for sending email, is always blocked. | + +The default settings would look like this: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + firewall: + outbound: + - ips: [ "0.0.0.0/0" ] +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + firewall: + outbound: + - ips: [ "0.0.0.0/0" ] +``` + +{{< /codetabs >}} + + + +### Support for rules + +Where outbound rules for firewalls are supported in all environments. + +### Multiple rules + +Multiple firewall rules can be specified. +In such cases, a given outbound request is allowed if it matches _any_ of the defined rules. + +So in the following example requests to any IP on port 80 are allowed +and requests to 1.2.3.4 on either port 80 or 443 are allowed: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + firewall: + outbound: + - ips: [ "1.2.3.4/32" ] + ports: [ 443 ] + - ports: [ 80 ] +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + firewall: + outbound: + - ips: [ "1.2.3.4/32" ] + ports: [ 443 ] + - ports: [ 80 ] +``` + +{{< /codetabs >}} + + +### Outbound traffic to CDNs + +Be aware that many services are behind a content delivery network (CDN). +For most CDNs, routing is done via domain name, not IP address, +so thousands of domain names may share the same public IP addresses at the CDN. +If you allow the IP address of a CDN, you are usually allowing many or all of the other customers hosted behind that +CDN. + +### Outbound traffic by domain + +You can filter outbound traffic by domain. +Using domains in your rules rather than IP addresses is generally more specific and secure. +For example, if you use an IP address for a service with a CDN, +you have to allow the IP address for the CDN. +This means that you allow potentially hundreds or thousands of other servers also using the CDN. + +An example rule filtering by domain: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + firewall: + outbound: + - protocol: tcp + domains: [ "api.stripe.com", "api.twilio.com" ] + ports: [ 80, 443 ] + - protocol: tcp + ips: [ "1.2.3.4/29","2.3.4.5" ] + ports: [ 22 ] +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + firewall: + outbound: + - protocol: tcp + domains: [ "api.stripe.com", "api.twilio.com" ] + ports: [ 80, 443 ] + - protocol: tcp + ips: [ "1.2.3.4/29","2.3.4.5" ] + ports: [ 22 ] +``` + +{{< /codetabs >}} + + +#### Determine which domains to allow + +To determine which domains to include in your filtering rules, +find the domains your site has requested the DNS to resolve. +Run the following command to parse your server’s `dns.log` file +and display all Fully Qualified Domain Names that have been requested: + +```bash +awk '/query\[[^P]\]/ { print $6 | "sort -u" }' /var/log/dns.log +``` + +The output includes all DNS requests that were made, including those blocked by your filtering rules. +It doesn't include any requests made using an IP address. + +Example output: + +```bash +facebook.com +fastly.com +upsun.com +www.google.com +www.upsun.com +``` + + + diff --git a/sites/upsun/src/create-apps/app-reference/hooks.md b/sites/upsun/src/create-apps/app-reference/hooks.md new file mode 100644 index 0000000000..da69913061 --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/hooks.md @@ -0,0 +1,99 @@ +--- +title: "`hooks`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +keywords: + - hooks + - hooks +--- + +Optional. There are three different hooks that run as part of the process of building and deploying your app. +These are places where you can run custom scripts. +They are: the `build` hook, the `deploy` hook, and the `post_deploy` hook. +Only the `build` hook is run for [worker instances](/create-apps/app-reference/workers.md), while [web instances](/create-apps/app-reference/web.md) run all three. + +The process is ordered as: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +1. Variables accessible at build time become available. +1. [Build flavor](/create-apps/app-reference/single-runtime-image.md#build) runs if applicable. +1. Any [dependencies](/create-apps/app-reference/single-runtime-image.md##dependencies) are installed. +1. The `build` hook is run. +1. The file system is changed to read only, except for any [mounts]. +1. The app container starts. Variables accessible at runtime and services become available. +1. The `deploy` hook is run. +1. The app container begins accepting requests. +1. The `post_deploy` hook is run. + +<---> + ++++ +title=Composable image ++++ + +1. Variables accessible at build time become available. +1. The `build` hook is run. +1. The file system is changed to read only, except for any [mounts]. +1. The app container starts. Variables accessible at runtime and services become available. +1. The `deploy` hook is run. +1. The app container begins accepting requests. +1. The `post_deploy` hook is run. + +{{< /codetabs >}} + +Note that if an environment changes by no code changes, only the last step is run. +If you want the entire process to run, see how +to [manually trigger builds](/development/troubleshoot.md#manually-trigger-builds). + +### Writable directories during build + +During the `build` hook, there are three writeable directories: + +- `PLATFORM_APP_DIR`: + Where your code is checked out and the working directory when the `build` hook starts. + Becomes the app that gets deployed. +- `PLATFORM_CACHE_DIR`: + Persists between builds, but isn't deployed. + Shared by all builds on all branches. +- `/tmp`: + Isn't deployed and is wiped between each build. + Note that `PLATFORM_CACHE_DIR` is mapped to `/tmp` + and together they offer about 8GB of free space. + +### Hook failure + +Each hook is executed as a single script, so they're considered to have failed only if the final command in them fails. +To cause them to fail on the first failed command, add `set -e` to the beginning of the hook. + +If a `build` hook fails for any reason, the build is aborted and the deploy doesn't happen. +Note that this only works for `build` hooks -- +if other hooks fail, the app is still deployed. + +#### Automated testing + +It’s preferable that you set up and run automated tests in a dedicated CI/CD tool. +Relying on {{% vendor/name %}} hooks for such tasks can prove difficult. + +During the `build` hook, you can halt the deployment on a test failure but the following limitations apply: + +- Access to services such as databases, Redis, Vault KMS, and even writable mounts is disabled. + So any testing that relies on it is sure to fail. +- If you haven’t made changes to your app, an existing build image is reused and the build hook isn’t run. +- Test results are written into your app container, so they might get exposed to a third party. + +During the `deploy` hook, you can access services but **you can’t halt the deployment based on a test failure**. +Note that there are other downsides: + +- Your app container is read-only during the deploy hook, + so if your tests need to write reports and other information, you need to create a file mount for them. +- Your app can only be deployed once the deploy hook has been completed. + Therefore, running automated testing via the deploy hook generates slower deployments. +- Your environment isn’t available externally during the deploy hook. + Unit and integration testing might work without the environment being available, + but you can’t typically perform end-to-end testing until after the environment is up and available. + diff --git a/sites/upsun/src/create-apps/app-reference/mounts.md b/sites/upsun/src/create-apps/app-reference/mounts.md new file mode 100644 index 0000000000..8f80136805 --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/mounts.md @@ -0,0 +1,428 @@ +--- +title: "`mounts`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. After your app is built, its file system is read-only. +To make changes to your app's code, you need to use Git. + +For enhanced flexibility, {{% vendor/name %}} allows you to define and use writable directories called "mounts". +Mounts give you write access to files generated by your app (such as cache and log files) +and uploaded files without going through Git. + +When you define a mount, you are mounting an external directory to your app container, +much like you would plug a hard drive into your computer to transfer data. + +{{% note %}} + +- Mounts aren't available during the build +- When you [back up an environment](/environments/backup.md), the mounts on that environment are backed up too + +{{% /note %}} + +### Define a mount + +To define a mount, use the following configuration: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: nodejs:{{% latest "nodejs" %}} + mounts: + '{{< variable "MOUNT_PATH" >}}': + source: {{< variable "MOUNT_TYPE" >}} + source_path: {{< variable "SOURCE_PATH_LOCATION" >}} +``` + +{{< variable "MOUNT_PATH" >}} is the path to your mount **within the app container** (relative to the app's root). +If you already have a directory with that name, you get a warning that it isn't accessible after the build. +See how to [troubleshoot the warning](../troubleshoot-mounts.md#overlapping-folders). + +| Name | Type | Required | Description | +| ------------- | -------------------- | -------- | ----------- | +| `source` | `storage`, `instance`, `tmp` (also called `temporary`), or `service` | Yes | Specifies the type of the mount:

- By design, `storage` mounts can be shared between instances of the same app. You can also configure them so they are [shared between different apps](#share-a-mount-between-several-apps).

-`instance` mounts are local mounts. Unique to your app, they are useful to store files that remain local to the app instance, such as application logs.

- `tmp` (or `temporary`) mounts are local ephemeral mounts, where an external directory is mounted to the `/tmp` directory of your app.
The content of a `tmp` mount **may be removed during infrastructure maintenance operations**. Therefore, `tmp` mounts allow you to **store files that you’re not afraid to lose**, such as your application cache that can be seamlessly rebuilt.
Note that the `/tmp` directory has **a maximum allocation of 8 GB**.

- `service` mounts can be useful if you want to explicitly define and use a [Network Storage](/add-services/network-storage.md) service to share data between different apps (instead of using a `storage` mount).| +| `source_path` | `string` | No | Specifies where the mount points **inside the [external directory](#mounts)**.

- If you explicitly set a `source_path`, your mount points to a specific subdirectory in the external directory.

- If the `source_path` is an empty string (`""`), your mount points to the entire external directory.

- If you don't define a `source_path`, {{% vendor/name %}} uses the {{< variable "MOUNT_PATH" >}} as default value, without leading or trailing slashes.
For example, if your mount lives in the `/web/uploads/` directory in your app container, it will point to a directory named `web/uploads` in the external directory.

**WARNING:** Changing the name of your mount affects the `source_path` when it's undefined. See [how to ensure continuity](#ensure-continuity-when-changing-the-name-of-your-mount) and maintain access to your files. | +| `service` | `string` | | The purpose of the `service` key depends on your use case.

In a multi-app context where a `storage` mount is shared between apps, `service` is required. Its value is the name of the app whose mount you want to share. See how to [share a mount between several apps](#share-a-mount-between-several-apps).

In a multi-app context where a [Network Storage service](/add-services/network-storage.md) (`service` mount) is shared between apps, `service` is required and specifies the name of that Network Storage. | +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "nodejs@{{% latest nodejs %}}" ] + mounts: + '{{< variable "MOUNT_PATH" >}}': + source: {{< variable "MOUNT_TYPE" >}} + source_path: {{< variable "SOURCE_PATH_LOCATION" >}} +``` + +{{< variable "MOUNT_PATH" >}} is the path to your mount **within the app container** (relative to the app's root). +If you already have a directory with that name, you get a warning that it isn't accessible after the build. +See how to [troubleshoot the warning](../troubleshoot-mounts.md#overlapping-folders). + +| Name | Type | Required | Description | +|---------------|--------------------------------|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `source` | `storage`, `tmp`, or `service` | Yes | Specifies the type of the mount:

- By design, `storage` mounts can be shared between instances of the same app. You can also configure them so they are [shared between different apps](#share-a-mount-between-several-apps).

-`instance` mounts are local mounts. Unique to your app, they are useful to store files that remain local to the app instance, such as application logs.

- `tmp` mounts are local ephemeral mounts, where an external directory is mounted to the `/tmp` directory of your app.
The content of a `tmp` mount **may be removed during infrastructure maintenance operations**. Therefore, `tmp` mounts allow you to **store files that you’re not afraid to lose**, such as your application cache that can be seamlessly rebuilt.
Note that the `/tmp` directory has **a maximum allocation of 8 GB**.

- `service` mounts can be useful if you want to explicitly define and use a [Network Storage](/add-services/network-storage.md) service to share data between different apps (instead of using a `storage` mount). | +| `source_path` | `string` | No | Specifies where the mount points **inside the [external directory](#mounts)**.

- If you explicitly set a `source_path`, your mount points to a specific subdirectory in the external directory.

- If the `source_path` is an empty string (`""`), your mount points to the entire external directory.

- If you don't define a `source_path`, {{% vendor/name %}} uses the {{< variable "MOUNT_PATH" >}} as default value, without leading or trailing slashes.
For example, if your mount lives in the `/web/uploads/` directory in your app container, it will point to a directory named `web/uploads` in the external directory.

**WARNING:** Changing the name of your mount affects the `source_path` when it's undefined. See [how to ensure continuity](#ensure-continuity-when-changing-the-name-of-your-mount) and maintain access to your files. | +| `service` | `string` | | The purpose of the `service` key depends on your use case.

In a multi-app context where a `storage` mount is shared between apps, `service` is required. Its value is the name of the app whose mount you want to share. See how to [share a mount between several apps](#share-a-mount-between-several-apps).

In a multi-app context where a [Network Storage service](/add-services/network-storage.md) (`service` mount) is shared between apps, `service` is required and specifies the name of that Network Storage. | + +{{< /codetabs >}} + +The accessibility to the web of a mounted directory depends on the [`web.locations` configuration](#web). +Files can be all public, all private, or with different rules for different paths and file types. + +Note that when you remove a `tmp` mount from your `{{< vendor/configfile "app" >}}` file, +the mounted directory isn't deleted. +The files still exist on disk until manually removed, +or until the app container is moved to another host during a maintenance operation. + +### Example configuration + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: nodejs:20 + mounts: + 'web/uploads': + source: storage + source_path: uploads + '/.tmp_platformsh': + source: tmp + source_path: files/.tmp_platformsh + '/build': + source: storage + source_path: files/build + '/.cache': + source: tmp + source_path: files/.cache + '/node_modules/.cache': + source: tmp + source_path: files/node_modules/.cache +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "nodejs@{{% latest nodejs %}}" ] + mounts: + 'web/uploads': + source: storage + source_path: uploads + '/.tmp_platformsh': + source: tmp + source_path: files/.tmp_platformsh + '/build': + source: storage + source_path: files/build + '/.cache': + source: tmp + source_path: files/.cache + '/node_modules/.cache': + source: tmp + source_path: files/node_modules/.cache +``` + +{{< /codetabs >}} + +### Ensure continuity when changing the name of your mount + +Changing the name of your mount affects the default `source_path`. + +Say you have a `/my/cache/` mount with an undefined `source_path`: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + mounts: + '/my/cache/': + source: tmp +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +mounts: + '/my/cache/': + source: tmp +``` + +{{< /codetabs >}} + +If you rename the mount to `/cache/files/`, it will point to a new, empty `/cache/files/` directory. + +To ensure continuity, you need to explicitly define the `source_path` as the previous name of the mount, without leading +or trailing slashes: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + mounts: + '/cache/files/': + source: tmp + source_path: my/cache +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +mounts: + '/cache/files/': + source: tmp + source_path: my/cache +``` + +{{< /codetabs >}} + +The `/cache/files/` mount will point to the original `/my/cache/` directory, maintaining access to all your existing +files in that directory. + +### Share a mount between several apps + +By design, [`storage` mounts](#mounts) are shared **between different instances of the same app**, +which enables [horizontal scaling](/manage-resources/_index.md). + +In a [multi-application context](/create-apps/multi-app/_index.md), +you can even share a `storage` mount **between different applications** in the same project. + +To do so, you need to define a `storage` mount in each of your app containers, +and point each of those mounts to the same shared external network directory. + +Use the following configuration: + +```yaml {configFile="app"} +applications: + app1: + mounts: + '{{< variable "MOUNT_PATH_1" >}}': + source: storage + source_path: {{< variable "SOURCE_PATH_LOCATION" >}} + + app2: + mounts: + '{{< variable "MOUNT_PATH_2" >}}': + source: storage + service: app1 + source_path: {{< variable "SOURCE_PATH_LOCATION" >}} +``` + +- {{< variable "MOUNT_PATH_1" >}} and {{< variable "MOUNT_PATH_2" >}} are the paths to each mount **within their + respective app container** (relative to the app's root). +- When configuring the first `storage` mount, you don't need to include the `service` key. + The first mount implicitly points to an external network directory. + The `service` key is required for subsequent mounts, to ensure they use the same external network directory as the + first mount. +- The `source_path` allows you to point each mount to the same subdirectory **within the shared external network + directory**. + + +{{% note title = "Single-runtime image: Example" %}} + +You have a `backend` app and a `frontend` app. +You want both apps to share data from the same mount.
+Follow these steps: + +1. In your `backend` app configuration, define a `storage` mount: + + ```yaml {configFile="app"} + applications: + backend: + mounts: + var/uploads: #The path to your mount within the backend app container. + source: storage + source_path: backend/uploads #The path to the source of the mount within the external network directory. + ``` + + This creates a `storage` mount named `var/uploads` in the `backend` app container. + The mount points to the `backend/uploads` directory within an external network directory. + +2. In your `frontend` app configuration, define another `storage` mount: + + ```yaml {configFile="app"} + applications: + applications: + backend: + mounts: + var/uploads: + source: storage + source_path: backend/uploads + + frontend: + mounts: + web/uploads: #The path to your mount within the frontend app container. + source: storage + service: backend #The name of the other app, so the mount can point to the same external network directory as that other app's mount. + source_path: backend/uploads #The path to the source of the mount within the shared external network directory. + ``` + + This creates another `storage` mount named `web/uploads` in the `frontend` app container. + + The `service` key allows you to specify that the `web/uploads` mount should use the same external network directory + as the mount previously defined in the `backend` app container. + + The `source_path` key specifies which subdirectory within the external network directory both mounts should share ( + here, the `backend/uploads` directory). + +{{% /note %}} + +{{% note title = "Composable image: Example" %}} + +You have a `backend` app and a `frontend` app. +You want both apps to share data from the same mount.
+Follow these steps: + +1. In your `backend` app configuration, define a `storage` mount: + + ```yaml {configFile="app"} + applications: + backend: + mounts: + var/uploads: #The path to your mount within the backend app container. + source: storage + source_path: backend/uploads #The path to the source of the mount within the external network directory. + ``` + + This creates a `storage` mount named `var/uploads` in the `backend` app container. + The mount points to the `backend/uploads` directory within an external network directory. + +2. In your `frontend` app configuration, define another `storage` mount: + + ```yaml {configFile="app"} + applications: + backend: + mounts: + var/uploads: + source: storage + source_path: backend/uploads + + frontend: + mounts: + web/uploads: #The path to your mount within the frontend app container. + source: storage + service: backend #The name of the other app, so the mount can point to the same external network directory as that other app's mount. + source_path: backend/uploads #The path to the source of the mount within the shared external network directory. + ``` + + This creates another `storage` mount named `web/uploads` in the `frontend` app container. + + The `service` key allows you to specify that the `web/uploads` mount should use the same external network directory + as the mount previously defined in the `backend` app container. + + The `source_path` key specifies which subdirectory within the external network directory both mounts should share ( + here, the `backend/uploads` directory). + +{{% /note %}} + + +Note that another way to share data between apps through a mount is by +explicitly [defining a Network Storage service](/add-services/network-storage.md). + +### Composable image only: Local mounts + +If you need a local mount (i.e. unique per container), +{{% vendor/name %}} allows you to mount a directory within the `/tmp` directory of your app. +However, the following limitations apply: + +- Content from `tmp` mounts is removed when your app container is moved to another host during an infrastructure + maintenance operation +- The `/tmp` directory has a [maximum allocation of 8 GB](/create-apps/troubleshoot-disks.md#no-space-left-on-device) + +Therefore, `tmp` mounts are ideal to store non-critical data, such as your application cache which can be seamlessly +rebuilt, +but aren't suitable for storing files that are necessary for your app to run smoothly. + +Note that {{% vendor/name %}} will provide new local mounts in the near future. + +### Overlapping mounts + +The locations of mounts as they are visible to application containers can overlap somewhat. +For example: + +```yaml {configFile="app"} +applications: + myapp: + # ... + mounts: + 'var/cache_a': + source: storage + source_path: cacheA + 'var/cache_b': + source: tmp + source_path: cacheB + 'var/cache_c': + source: instance + source_path: cacheC +``` + +In this case, it does not matter that each mount is of a different `source` type. +Each mount is restricted to a subfolder within `var`, and all is well. + +The following, however, is not allowed and will result in a failure: + +```yaml {configFile="app"} +applications: + myapp: + # ... + mounts: + 'var/': + source: storage + source_path: cacheA + 'var/cache_b': + source: tmp + source_path: cacheB + 'var/cache_c': + source: instance + source_path: cacheC +``` + +The `storage` mount type specifically exists to share data between instances of the same application, whereas `tmp` and `instance` are meant to restrict data to build time and runtime of a single application instance, respectively. +These allowances are not compatible, and will result in an error if pushed. \ No newline at end of file diff --git a/sites/upsun/src/create-apps/app-reference/relationships.md b/sites/upsun/src/create-apps/app-reference/relationships.md new file mode 100644 index 0000000000..f5b628475b --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/relationships.md @@ -0,0 +1,216 @@ +--- +title: "`relationships`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. The following information applies to configuring either single runtime images or composable in {{% vendor/name %}}. + +## Relationships + +To allow containers in your project to communicate with one another, +you need to define relationships between them. +You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). + +The quickest way to define a relationship between your app and a service +is to use the service's default endpoint.
+However, some services allow you to define multiple databases, cores, and/or permissions. +In these cases, you can't rely on default endpoints. +Instead, you can explicitly define multiple endpoints when setting up your relationships. + +{{< note >}} +App containers don't have a default endpoint like services. +To connect your app to another app in your project, +you need to explicitly define the `http` endpoint as the endpoint to connect both apps.
+For more information, see how to [define relationships between your apps](/create-apps/multi-app/relationships.md). +{{< /note >}} + +{{< note title="Availability" theme="info">}} + +New syntax (default and explicit endpoints) described below is supported by most, but not all, image types +(`Relationship 'SERVICE_NAME' of application 'app' ... targets a service without a valid default endpoint configuration.`). +This syntax is currently being rolled out for all images. +If you encounter this error, use the "legacy" {{% vendor/name %}} configuration noted at the bottom of this section. + +{{< /note >}} + +To define a relationship between your app and a service: + +{{< codetabs >}} + ++++ +title=Using default endpoints ++++ + +Use the following configuration: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + {{% variable "SERVICE_NAME" %}}: +``` + +The `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). +It is used as the relationship name, and associated with a `null` value. +This instructs {{% vendor/name %}} to use the service's default endpoint to connect your app to the service. + +For example, if you define the following configuration: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + mariadb: +``` + +{{% vendor/name %}} looks for a service named `mariadb` in your `{{% vendor/configfile "services" %}}` file, +and connects your app to it through the service's default endpoint. + +For reference, the equivalent configuration using explicit endpoints would be the following: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + mariadb: + service: mariadb + endpoint: mysql +``` + +You can define any number of relationships in this way: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + mariadb: + redis: + elasticsearch: +``` + +{{< note title="Tip" theme="info" >}} + +An even quicker way to define many relationships is to use the following single-line configuration: + +```yaml {configFile="services"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: {{{< variable "SERVICE_NAME_A" >}}, {{< variable "SERVICE_NAME_B" >}}, {{< variable "SERVICE_NAME_C" >}}} + +services: + {{< variable "SERVICE_NAME_A" >}}: + type: mariadb:{{% latest "mariadb" %}} + {{< variable "SERVICE_NAME_B" >}}: + type: redis:{{% latest "redis" %}} + {{< variable "SERVICE_NAME_C" >}}: + type: elasticsearch:{{% latest "elasticsearch" %}} +``` + +{{< /note >}} + +<---> + ++++ +title=Using explicit endpoints ++++ + +Use the following configuration: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + {{% variable "RELATIONSHIP_NAME" %}}: + service: {{% variable "SERVICE_NAME" %}} + endpoint: {{% variable "ENDPOINT_NAME" %}} +``` + +- `RELATIONSHIP_NAME` is the name you want to give to the relationship. +- `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). +- `ENDPOINT_NAME` is the endpoint your app will use to connect to the service (refer to the service reference to know which value to use). + +For example, to define a relationship named `database` that connects your app to a service called `mariadb` through the `db1` endpoint, +use the following configuration: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + database: # The name of the relationship. + service: mariadb + endpoint: db1 +``` + +For more information on how to handle multiple databases, multiple cores, +and/or different permissions with services that support such features, +see each service's dedicated page: + + - [MariaDB/MySQL](/add-services/mysql/_index.md#multiple-databases) (multiple databases and permissions) + - [PostgreSQL](/add-services/postgresql/_index.md#multiple-databases) (multiple databases and permissions) + - [Redis](/add-services/redis/_index.md#multiple-databases) (multiple databases) + - [Solr](add-services/solr/_index.md#solr-6-and-later) (multiple cores) + - [Vault KMS](add-services/vault.md#multiple-endpoints-example) (multiple permissions) + + You can add as many relationships as you want to your app configuration, + using both default and explicit endpoints according to your needs: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + database1: + service: mariadb + endpoint: admin + database2: + service: mariadb + endpoint: legacy + cache: + service: redis + search: + service: elasticsearch +``` + +{{< /codetabs >}} + +{{< note theme="info" title="Legacy" >}} + +The following legacy syntax for specifying relationships is still supported by {{% vendor/name %}}: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + : ":" + +services: + SERVICE_NAME_A: + type: mariadb:{{% latest "mariadb" %}} +``` + +For example: + +```yaml +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + database: "db:mysql" + +services: + db: + type: mariadb:{{% latest "mariadb" %}} +``` + +Feel free to use this until the default and explicit endpoint syntax is supported on all images. + +{{< /note >}} diff --git a/sites/upsun/src/create-apps/app-reference/resources.md b/sites/upsun/src/create-apps/app-reference/resources.md new file mode 100644 index 0000000000..3446142e07 --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/resources.md @@ -0,0 +1,24 @@ +--- +title: "`resources`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Resources for application containers are not committed to YAML files, but instead managed over the API using either the +Console or the `{{% vendor/cli %}} resources:set` command. + +For more information, see how to [manage resources](/manage-resources.md). + +{{% note title="Composable image" theme="info" %}} +Composable image container profile defaults to ``HIGH_CPU``. +
If multiple runtimes are added to your stack, +you would need to change +the [default container_profile](/manage-resources/adjust-resources.md#advanced-container-profiles) +
or change [default CPU and RAM ratio](/manage-resources/resource-init.md) on first deployment using the following +commands: + +```bash +{{% vendor/cli %}} push --resources-init=manual +``` + +{{% /note %}} \ No newline at end of file diff --git a/sites/upsun/src/create-apps/app-reference/source.md b/sites/upsun/src/create-apps/app-reference/source.md new file mode 100644 index 0000000000..a5a2fa0ef4 --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/source.md @@ -0,0 +1,12 @@ +--- +title: "`source`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. The following table shows the properties that can be set in `source`: + +| Name | Type | Required | Description | +|--------------|--------------------------|----------|-----------------------------------------------------------------------------------------------------------------------------------| +| `operations` | An operations dictionary | | Operations that can be applied to the source code. See [source operations](../source-operations.md) | +| `root` | `string` | | The path where the app code lives. Defaults to the root project directory. Useful for [multi-app setups](../multi-app/_index.md). | \ No newline at end of file diff --git a/sites/upsun/src/create-apps/app-reference/variables.md b/sites/upsun/src/create-apps/app-reference/variables.md new file mode 100644 index 0000000000..4384321169 --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/variables.md @@ -0,0 +1,66 @@ +--- +title: "`variables`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. {{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). +Variables set in your app configuration have the lowest precedence, +meaning they're overridden by any conflicting values provided elsewhere. + +All variables set in your app configuration must have a prefix. +Some [prefixes have specific meanings](/development/variables/_index.md#variable-prefixes). + +Variables with the prefix `env` are available as a separate environment variable. +All other variables are available in +the [`PLATFORM_VARIABLES` environment variable](/development/variables/use-variables.md#use-provided-variables). + +The following example sets two variables: + +- A variable named `env:AUTHOR` with the value `Juan` that's available in the environment as `AUTHOR` +- A variable named `d8config:system.site:name` with the value `My site rocks` + that's available in the `PLATFORM_VARIABLES` environment variable + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + variables: + env: + AUTHOR: 'Juan' + d8config: + "system.site:name": 'My site rocks' +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + variables: + env: + AUTHOR: 'Juan' + d8config: + "system.site:name": 'My site rocks' +``` + +{{< /codetabs >}} + + +You can also define and access more [complex values](/development/variables/use-variables.md#access-complex-values). + diff --git a/sites/upsun/src/create-apps/app-reference/web.md b/sites/upsun/src/create-apps/app-reference/web.md new file mode 100644 index 0000000000..52530dc341 --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/web.md @@ -0,0 +1,349 @@ +--- +title: "`web`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. Use the `web` key to configure the web server running in front of your app. +In single-runtime images, defaults may vary with a different [image `type`](/create-apps/app-reference/single-runtime-image.md#types). + +| Name | Type | Required | Description | +|-------------|--------------------------------------------|-------------------------------|------------------------------------------------------| +| `commands` | A [web commands dictionary](#web-commands) | See [note](#required-command) | The command to launch your app. | +| `upstream` | An [upstream dictionary](#upstream) | | How the front server connects to your app. | +| `locations` | A [locations dictionary](#locations) | | How the app container responds to incoming requests. | + +See some [examples of how to configure what's served](../web/_index.md). + +### Web commands + +| Name | Type | Required | Description | +|--------------|----------|-------------------------------|-----------------------------------------------------------------------------------------------------| +| `pre_start` | `string` | | Command run just prior to `start`, which can be useful when you need to run _per-instance_ actions. | +| `start` | `string` | See [note](#required-command) | The command to launch your app. If it terminates, it's restarted immediately. | +| `post_start` | `string` | | Command runs **before** adding the container to the router and **after** the `start` command. | + +{{< note theme="info" >}} +The `post_start` feature is _experimental_ and may change. Please share your feedback in the +[{{% vendor/name %}} discord](https://discord.gg/platformsh). +{{< /note >}} + +Example: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + web: + commands: + start: 'uwsgi --ini conf/server.ini' +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + web: + commands: + start: 'uwsgi --ini conf/server.ini' +``` + +{{< /codetabs >}} + + +This command runs every time your app is restarted, regardless of whether or not new code is deployed. + +{{< note >}} + +Never "background" a start process using `&`. +That's interpreted as the command terminating and the supervisor process starts a second copy, +creating an infinite loop until the container crashes. +Just run it as normal and allow the {{% vendor/name %}} supervisor to manage it. + +{{< /note >}} + +#### Required command + +On all containers other than PHP, the value for `start` should be treated as required. + +On PHP containers, it's optional and defaults to starting PHP-FPM (`/usr/bin/start-php-app`). +It can also be set explicitly on a PHP container to run a dedicated process, +such as [React PHP](https://github.com/platformsh-examples/platformsh-example-reactphp) +or [Amp](https://github.com/platformsh-examples/platformsh-example-amphp). +See how to set up [alternate start commands on PHP](/languages/php/_index.md#alternate-start-commands). + +### Upstream + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + + +| Name | Type | Required | Description | Default | +|-----------------|---------------------|----------|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| +| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | Defaults to `tcp` for all [image types](#types) except PHP; for PHP image types the default is `unix`. | +| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | Default varies based on [image `type`](#types). | + +For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. +For all other containers, the default for `protocol` is `http`. + +The following example is the default on non-PHP containers: + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + web: + upstream: + socket_family: tcp + protocol: http +``` + +<---> + ++++ +title=Composable image ++++ + +| Name | Type | Required | Description | Default | +|-----------------|---------------------|----------|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| +| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | Defaults to `tcp` for all [primary runtimes](#primary-runtime) except PHP; for PHP the default is `unix`. | +| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | Default varies based on the [primary runtimes](#primary-runtime). | + +For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. +For all other containers, the default for `protocol` is `http`. + +The following example is the default on non-PHP containers: + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + web: + upstream: + socket_family: tcp + protocol: http +``` + +{{< /codetabs >}} + + + + +#### Where to listen + +Where to listen depends on your setting for `web.upstream.socket_family` (defaults to `tcp`). + +| `socket_family` | Where to listen | +|-----------------|---------------------------------------------------------------------------------------------------------------------------------------| +| `tcp` | The port specified by the [`PORT` environment variable](/development/variables/use-variables.md#use-provided-variables) | +| `unix` | The Unix socket file specified by the [`SOCKET` environment variable](/development/variables/use-variables.md#use-provided-variables) | + +If your application isn't listening at the same place that the runtime is sending requests, +you see `502 Bad Gateway` errors when you try to connect to your website. + +### Locations + +Each key in the `locations` dictionary is a path on your site with a leading `/`. +For `example.com`, a `/` matches `example.com/` and `/admin` matches `example.com/admin`. +When multiple keys match an incoming request, the most-specific applies. + +The following table presents possible properties for each location: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +| Name | Type | Default | Description | +|---------------------|------------------------------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `root` | `string` | | The directory to serve static assets for this location relative to the [app's root directory](/create-apps/app-reference/single-runtime-image.md#root-directory). Must be an actual directory inside the root directory. | +| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | +| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | +| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a the header. | +| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | +| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | +| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | +| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | +| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | + +<---> + ++++ +title=Composable image ++++ + +| Name | Type | Default | Description | +|---------------------|------------------------------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `root` | `string` | | The directory to serve static assets for this location relative to the app's root directory ([see `source.root`](/create-apps/app-reference/source.md)). Must be an actual directory inside the root directory. | +| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | +| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | +| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. | +| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | +| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | +| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | +| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | +| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | + +{{< /codetabs>}} + +#### Rules + +The rules dictionary can override most other keys according to a regular expression. +The key of each item is a regular expression to match paths exactly. +If an incoming request matches the rule, it's handled by the properties under the rule, +overriding any conflicting rules from the rest of the `locations` dictionary. + +Under `rules`, you can set all the other possible [`locations` properties](#locations) +except `root`, `index`, `rules` and `request_buffering`. + +In the following example, the `allow` key disallows requests for static files anywhere in the site. +This is overridden by a rule that explicitly allows common image file formats. + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + web: + locations: + '/': + # Handle dynamic requests + root: 'public' + passthru: '/index.php' + # Disallow static files + allow: false + rules: + # Allow common image files only. + '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': + allow: true +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + web: + locations: + '/': + # Handle dynamic requests + root: 'public' + passthru: '/index.php' + # Disallow static files + allow: false + rules: + # Allow common image files only. + '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': + allow: true +``` + +{{< /codetabs >}} + + +#### Request buffering + +Request buffering is enabled by default to handle chunked requests as most app servers don't support them. +The following table shows the keys in the `request_buffering` dictionary: + +| Name | Type | Required | Default | Description | +|--------------------|-----------|----------|---------|-------------------------------------------| +| `enabled` | `boolean` | Yes | `true` | Whether request buffering is enabled. | +| `max_request_size` | `string` | | `250m` | The maximum size to allow in one request. | + +The default configuration would look like this: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + web: + locations: + '/': + passthru: true + request_buffering: + enabled: true + max_request_size: 250m +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + web: + locations: + '/': + passthru: true + request_buffering: + enabled: true + max_request_size: 250m +``` + +{{< /codetabs >}} + diff --git a/sites/upsun/src/create-apps/app-reference/workers.md b/sites/upsun/src/create-apps/app-reference/workers.md new file mode 100644 index 0000000000..9489ad59b0 --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/workers.md @@ -0,0 +1,91 @@ +--- +title: "`workers`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional. + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](/create-apps/app-reference/hooks.md). +They use the same container image. + +Workers can't accept public requests and so are suitable only for background tasks. +If they exit, they're automatically restarted. + +The keys of the `workers` definition are the names of the workers. +You can then define how each worker differs from the `web` instance using +the [top-level properties](/create-apps/app-reference/single-runtime-image.md#primary-application-properties). + +Each worker can differ from the `web` instance in all properties _except_ for: + +- `build` and `dependencies` properties, which must be the same +- `crons` as cron jobs don't run on workers +- `hooks` as the `build` hook must be the same + and the `deploy` and `post_deploy` hooks don't run on workers. + +A worker named `queue` that was small and had a different start command could look like this: + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + workers: + queue: + commands: + start: | + ./worker.sh +``` + +Workers require resource definition using `{{% vendor/cli %}} resources:set`, same as application containers. +For more information, see how to [manage resources](/manage-resources.md). + + +<---> + ++++ +title=Composable image ++++ + +Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](#hooks). +They use the same container image. + +Workers can't accept public requests and so are suitable only for background tasks. +If they exit, they're automatically restarted. + +The keys of the `workers` definition are the names of the workers. +You can then define how each worker differs from the `web` instance using +the [top-level properties](#primary-application-properties). + +Each worker can differ from the `web` instance in all properties _except_ for: + +- `crons` as cron jobs don't run on workers +- `hooks` as the `build` hook must be the same + and the `deploy` and `post_deploy` hooks don't run on workers. + +A worker named `queue` that was small and had a different start command could look like this: + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + workers: + queue: + commands: + start: | + ./worker.sh +``` + +Workers require resource definition using `{{% vendor/cli %}} resources:set`, same as application containers. +For more information, see how to [manage resources](/manage-resources.md). + +{{< /codetabs >}} From a97ca41481020a8419bcb2a9f6641bde3b2874cb Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Sun, 20 Jul 2025 08:01:47 -0400 Subject: [PATCH 17/48] Upsun: tmp image-properties/_index.md file for testing subcategory --- .../app-reference/image-properties/_index.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 sites/upsun/src/create-apps/app-reference/image-properties/_index.md diff --git a/sites/upsun/src/create-apps/app-reference/image-properties/_index.md b/sites/upsun/src/create-apps/app-reference/image-properties/_index.md new file mode 100644 index 0000000000..85ea0542f5 --- /dev/null +++ b/sites/upsun/src/create-apps/app-reference/image-properties/_index.md @@ -0,0 +1,14 @@ +--- +title: "Image properties" +sidebarTitle: "Image properties" +weight: 6 +description: Details about image properties in the {{% vendor/name %}} config.yaml file +layout: single +--- + +Learn about the image properties you can define in the an application configuration file. + +The image properties below are used to configure both single-runtime images and composable images. Although thethe images use many of the same property names, the details or syntax differ depending on the context. These differences are noted within the topic. + +For details about the properties that are unique to each image type, refer to the [Single-runtime image](/create-apps/app-reference/single-runtime-image.md#) and [Composable image](/create-apps/app-reference/composable-image.md#) topics. + From 245beb2f33246aa00ffa5e3d369b4cf1f0ac62ed Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Wed, 30 Jul 2025 21:52:54 -0400 Subject: [PATCH 18/48] app-reference: change topic title to "Choose image type" --- .../src/create-apps/app-reference/_index.md | 51 +++++++++++++++++-- 1 file changed, 47 insertions(+), 4 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/_index.md b/sites/platform/src/create-apps/app-reference/_index.md index c76a52b910..e340d13e21 100644 --- a/sites/platform/src/create-apps/app-reference/_index.md +++ b/sites/platform/src/create-apps/app-reference/_index.md @@ -1,10 +1,48 @@ --- -title: "App reference" -weight: 4 +title: "Choose an image type" +weight: -19 description: Configure your app and control how it's built and deployed on {{% vendor/name %}}. layout: single --- + + +An _image_ represents the configuration for the container that contains the application (or service) that you want to deploy. + +When + +Single-runtime image type: +- Can contain only a single runtime +- Requires more manual configuration the composable images, but are more flexible +- Initial build takes +- `type` defines your image version (for example, `php:8.4`) +- You can move to a composable image later, if your application needs change + +Composable image type has these characteristics: +- Can contain multiple runtimes +- Requires less manual configuration than single-runtime images and offers more flexibility in other ways +- Initial build and rebuilds and can take a long time, but caching increases the speed +- `type` defines your Nix channel +- Can be used for applications only, not services + + + + + To define your app, you can either use one of {{% vendor/name %}}'s [single-runtime image](/create-apps/app-reference/single-runtime-image.md) or its [composable image (BETA)](/create-apps/app-reference/composable-image.md). @@ -15,8 +53,13 @@ See [all of the options you can use](/create-apps/app-reference/single-runtime-i ## Composable image (BETA) -The {{% vendor/name %}} composable image provides more flexibility than single-runtime images. -When using a composable image, you can define a stack (or group of packages) for your application container to use. +The {{% vendor/name %}} composable image provides more flexibility than single-runtime images. This image type enables you to define or "compose" the stack (or group of packages) to include in the container that runs your application. + +Composable images can be used for applications only, not for services. This image type enables you to install multiple runtimes (such as PHP, Ruby, and so on) as well aXXX in your application container. + + There are over 80,000 packages available from the [Nix Packages collection](https://search.nixos.org/) that you can add to your stack. You can add as many packages to your application container as you need. From d9eb5f6853bdf889dda1011cc355e964de74808d Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Wed, 30 Jul 2025 21:53:37 -0400 Subject: [PATCH 19/48] platform: composable-image topic updates --- .../app-reference/composable-image.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/composable-image.md b/sites/platform/src/create-apps/app-reference/composable-image.md index a594e09746..2252126fe1 100644 --- a/sites/platform/src/create-apps/app-reference/composable-image.md +++ b/sites/platform/src/create-apps/app-reference/composable-image.md @@ -1,6 +1,6 @@ --- title: "Composable image" -weight: 5 +weight: 3 description: Use {{% vendor/name %}}'s composable image to build and deploy your app. keywords: - sleepy crons @@ -42,20 +42,20 @@ To override any part of a property, you have to provide the entire property. | `name` | `string` | Yes | No | A unique name for the app. Must be lowercase alphanumeric characters. Changing the name destroys data associated with the app. | | `type` | A type | Yes | No | [Defines the version of the Nix channel](#supported-nix-channels). Example: `type: "composable:25.05"` | | `stack` | An array of [Nix packages](#stack) | Yes | No | A list of packages from the {{% vendor/name %}} collection of [supported runtimes](#supported-nix-packages) and/or from [Nixpkgs](https://search.nixos.org/packages). | -| `size` | A [size](#sizes) | | Yes | How much resources to devote to the app. Defaults to `AUTO` in production environments. | -| `relationships` | A dictionary of [relationships](#relationships) | | Yes | Connections to other services and apps. | -| `disk` | `integer` or `null` | | Yes | The size of the disk space for the app in [MB](/glossary/_index.md#mb). Minimum value is `128`. Defaults to `null`, meaning no disk is available. See [note on available space](#available-disk-space). | -| `mounts` | A dictionary of [mounts](#mounts) | | Yes | Directories that are writable even after the app is built. If set as a local source, `disk` is required. | -| `web` | A [web instance](#web) | | N/A | How the web application is served. | -| `workers` | A [worker instance](#workers) | | N/A | Alternate copies of the application to run as background processes. | +| `size` | A [size](/create-apps/image-properties/size.md) | | Yes | How much resources to devote to the app. Defaults to `AUTO` in production environments. | +| `relationships` | A dictionary of [relationships](/create-apps/image-properties/relationships.md) | | Yes | Connections to other services and apps. | +| `disk` | `integer` or `null` | | Yes | The size of the disk space for the app in [MB](/glossary/_index.md#mb). Minimum value is `128`. Defaults to `null`, meaning no disk is available. See [`disk`](/create-apps/image-properties/disk.md) details. | +| `mounts` | A dictionary of [mounts](/create-apps/image-properties/mounts.md) | | Yes | Directories that are writable even after the app is built. If set as a local source, `disk` is required. | +| `web` | A [web instance](/create-apps/image-properties/web.md) | | N/A | How the web application is served. | +| `workers` | A [worker instance](/create-apps/image-properties/workers.md) | | N/A | Alternate copies of the application to run as background processes. | | `timezone` | `string` | | No | The timezone for crons to run. Format: a [TZ database name](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). Defaults to `UTC`, which is the timezone used for all logs no matter the value here. See also [app runtime timezones](/create-apps/timezone.md). | -| `access` | An [access dictionary](#access) | | Yes | Access control for roles accessing app environments. | -| `variables` | A [variables dictionary](#variables) | | Yes | Variables to control the environment. | -| `firewall` | A [firewall dictionary](#firewall) | | Yes | Outbound firewall rules for the application. | -| `hooks` | A [hooks dictionary](#hooks) | | No | What commands run at different stages in the build and deploy process. | -| `crons` | A [cron dictionary](#crons) | | No | Scheduled tasks for the app. | -| `source` | A [source dictionary](#source) | | No | Information on the app's source code and operations that can be run on it. | -| `additional_hosts` | An [additional hosts dictionary](/create-apps/app-reference/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | +| `access` | An [access dictionary](/create-apps/image-properties/access.md) | | Yes | Access control for roles accessing app environments. | +| `variables` | A [variables dictionary](/create-apps/image-properties/variables.md) | | Yes | Variables to control the environment. | +| `firewall` | A [firewall dictionary](/create-apps/image-properties/firewall.md) | | Yes | Outbound firewall rules for the application. | +| `hooks` | A [hooks dictionary](/create-apps/image-properties/hooks.md) | | No | What commands run at different stages in the build and deploy process. | +| `crons` | A [cron dictionary](/create-apps/image-properties/crons.md) | | No | Scheduled tasks for the app. | +| `source` | A [source dictionary](/create-apps/image-properties/source.md) | | No | Information on the app's source code and operations that can be run on it. | +| `additional_hosts` | An [additional hosts dictionary](/create-apps/image-properties/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | | `operations` | A [dictionary of Runtime operations](/create-apps/runtime-operations.md) | | No | Runtime operations for the application. | {{% note %}} From d2031704f2cb0a19c2e9461cd3799d64392e48b4 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Wed, 30 Jul 2025 21:54:08 -0400 Subject: [PATCH 20/48] platform: single-runtime image topic updates --- .../app-reference/single-runtime-image.md | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/single-runtime-image.md b/sites/platform/src/create-apps/app-reference/single-runtime-image.md index 753444a166..49e51e3dc6 100644 --- a/sites/platform/src/create-apps/app-reference/single-runtime-image.md +++ b/sites/platform/src/create-apps/app-reference/single-runtime-image.md @@ -1,6 +1,6 @@ --- title: "Single-runtime image" -weight: 4 +weight: 2 description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. keywords: - sleepy crons @@ -28,23 +28,23 @@ To override any part of a property, you have to provide the entire property. |--------------------|--------------------------------------------------------------------------|----------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `name` | `string` | Yes | No | A unique name for the app. Must be lowercase alphanumeric characters. Changing the name destroys data associated with the app. | | `type` | A [type](#types) | Yes | No | The base image to use with a specific app language. Format: `runtime:version`. | -| `size` | A [size](#sizes) | | Yes | How much resources to devote to the app. Defaults to `AUTO` in production environments. | -| `relationships` | A dictionary of [relationships](#relationships) | | Yes | Connections to other services and apps. | -| `disk` | `integer` or `null` | | Yes | The size of the disk space for the app in [MB](/glossary/_index.md#mb). Minimum value is `128`. Defaults to `null`, meaning no disk is available. See [note on available space](#available-disk-space) | -| `mounts` | A dictionary of [mounts](#mounts) | | Yes | Directories that are writable even after the app is built. If set as a local source, `disk` is required. | -| `web` | A [web instance](#web) | | N/A | How the web application is served. | -| `workers` | A [worker instance](#workers) | | N/A | Alternate copies of the application to run as background processes. | +| `size` | A [size](/create-apps/image-properties/size.md) | | Yes | How much resources to devote to the app. Defaults to `AUTO` in production environments. | +| `relationships` | A dictionary of [relationships](/create-apps/image-properties/relationships.md) | | Yes | Connections to other services and apps. | +| [`disk`](/create-apps/image-properties/disk.md) | `integer` or `null` | | Yes | The size of the disk space for the app in [MB](/glossary/_index.md#mb). Minimum value is `128`. Defaults to `null`, meaning no disk is available. See [`disk`](/create-apps/image-properties/disk.md) details. | +| `mounts` | A dictionary of [mounts](/create-apps/image-properties/mounts.md) | | Yes | Directories that are writable even after the app is built. If set as a local source, `disk` is required. | +| `web` | A [web instance](/create-apps/image-properties/web.md) | | N/A | How the web application is served. | +| `workers` | A [worker instance](/create-apps/image-properties/workers.md) | | N/A | Alternate copies of the application to run as background processes. | | `timezone` | `string` | | No | The timezone for crons to run. Format: a [TZ database name](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). Defaults to `UTC`, which is the timezone used for all logs no matter the value here. See also [app runtime timezones](/create-apps/timezone.md) | -| `access` | An [access dictionary](#access) | | Yes | Access control for roles accessing app environments. | -| `variables` | A [variables dictionary](#variables) | | Yes | Variables to control the environment. | -| `firewall` | A [firewall dictionary](#firewall) | | Yes | Outbound firewall rules for the application. | +| `access` | An [access dictionary](/create-apps/image-properties/access.md) | | Yes | Access control for roles accessing app environments. | +| `variables` | A [variables dictionary](/create-apps/image-properties/variables.md) | | Yes | Variables to control the environment. | +| `firewall` | A [firewall dictionary](/create-apps/image-properties/firewall.md) | | Yes | Outbound firewall rules for the application. | | `build` | A [build dictionary](#build) | | No | What happens when the app is built. | | `dependencies` | A [dependencies dictionary](#dependencies) | | No | What global dependencies to install before the `build` hook is run. | -| `hooks` | A [hooks dictionary](#hooks) | | No | What commands run at different stages in the build and deploy process. | -| `crons` | A [cron dictionary](#crons) | | No | Scheduled tasks for the app. | -| `source` | A [source dictionary](#source) | | No | Information on the app's source code and operations that can be run on it. | +| `hooks` | A [hooks dictionary](/create-apps/image-properties/hooks.md) | | No | What commands run at different stages in the build and deploy process. | +| `crons` | A [cron dictionary](/create-apps/image-properties/crons.md) | | No | Scheduled tasks for the app. | +| `source` | A [source dictionary](/create-apps/image-properties/source.md) | | No | Information on the app's source code and operations that can be run on it. | | `runtime` | A [runtime dictionary](#runtime) | | No | Customizations to your PHP runtime. | -| `additional_hosts` | An [additional hosts dictionary](/create-apps/app-reference/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | +| `additional_hosts` | An [additional hosts dictionary](/create-apps/image-properties/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | | `operations` | A [dictionary of Runtime operations](/create-apps/runtime-operations.md) | | No | Runtime operations for the application. | ## Root directory @@ -81,7 +81,7 @@ These are used in the format `runtime:version`: type: 'php:{{% latest "php" %}}' ``` -## Build +## `build` {#build} The only property of the `build` dictionary is `flavor`, which specifies a default set of build tasks to run. Flavors are language-specific. @@ -98,7 +98,7 @@ In all languages, you can also specify a flavor of `none` to take no action at a build: flavor: none ``` -## Dependencies +## `dependencies` {#dependencies} Installs global dependencies as part of the build process. They're independent of your app's dependencies @@ -133,7 +133,7 @@ dependencies: pm2: '^4.5.0' ``` -## Runtime +## `runtime` {#runtime} The following table presents the various possible modifications to your PHP runtime: From 66ff12602e01f02f4e5b87926a9300777936dacf Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Wed, 30 Jul 2025 21:55:15 -0400 Subject: [PATCH 21/48] platform: add image-properties parent topic and child topics --- .../create-apps/image-properties/_index.md | 8 + .../create-apps/image-properties/access.md | 27 ++ .../image-properties/additional_hosts.md | 23 ++ .../src/create-apps/image-properties/crons.md | 329 ++++++++++++++++++ .../src/create-apps/image-properties/disk.md | 32 ++ .../create-apps/image-properties/firewall.md | 107 ++++++ .../src/create-apps/image-properties/hooks.md | 101 ++++++ .../create-apps/image-properties/mounts.md | 152 ++++++++ .../image-properties/relationships.md | 187 ++++++++++ .../src/create-apps/image-properties/size.md | 119 +++++++ .../create-apps/image-properties/source.md | 15 + .../create-apps/image-properties/variables.md | 35 ++ .../src/create-apps/image-properties/web.md | 163 +++++++++ .../create-apps/image-properties/workers.md | 37 ++ 14 files changed, 1335 insertions(+) create mode 100644 sites/platform/src/create-apps/image-properties/_index.md create mode 100644 sites/platform/src/create-apps/image-properties/access.md create mode 100644 sites/platform/src/create-apps/image-properties/additional_hosts.md create mode 100644 sites/platform/src/create-apps/image-properties/crons.md create mode 100644 sites/platform/src/create-apps/image-properties/disk.md create mode 100644 sites/platform/src/create-apps/image-properties/firewall.md create mode 100644 sites/platform/src/create-apps/image-properties/hooks.md create mode 100644 sites/platform/src/create-apps/image-properties/mounts.md create mode 100644 sites/platform/src/create-apps/image-properties/relationships.md create mode 100644 sites/platform/src/create-apps/image-properties/size.md create mode 100644 sites/platform/src/create-apps/image-properties/source.md create mode 100644 sites/platform/src/create-apps/image-properties/variables.md create mode 100644 sites/platform/src/create-apps/image-properties/web.md create mode 100644 sites/platform/src/create-apps/image-properties/workers.md diff --git a/sites/platform/src/create-apps/image-properties/_index.md b/sites/platform/src/create-apps/image-properties/_index.md new file mode 100644 index 0000000000..01762dd04a --- /dev/null +++ b/sites/platform/src/create-apps/image-properties/_index.md @@ -0,0 +1,8 @@ +--- +title: "Image properties" +weight: 4 +description: Configure your app and control how it's built and deployed on {{% vendor/name %}}. +# layout: single +--- + +doesn't need much, maybe just a sentence. \ No newline at end of file diff --git a/sites/platform/src/create-apps/image-properties/access.md b/sites/platform/src/create-apps/image-properties/access.md new file mode 100644 index 0000000000..e126582605 --- /dev/null +++ b/sites/platform/src/create-apps/image-properties/access.md @@ -0,0 +1,27 @@ +--- +title: "`access`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + +The `access` dictionary has one allowed key: + +| Name | Allowed values | Default | Description | +| ----- | ----------------------------------- | ------------- | ----------- | +| `ssh` | `admin`, `contributor`, or `viewer` | `contributor` | Defines the minimum role required to access app environments via SSH. | + +In the following example, only users with `admin` permissions for the given [environment type](/administration/users.md#environment-type-roles) +can access the deployed environment via SSH: + +```yaml {configFile="app"} +access: + ssh: admin +``` + + \ No newline at end of file diff --git a/sites/platform/src/create-apps/image-properties/additional_hosts.md b/sites/platform/src/create-apps/image-properties/additional_hosts.md new file mode 100644 index 0000000000..bca907eb8c --- /dev/null +++ b/sites/platform/src/create-apps/image-properties/additional_hosts.md @@ -0,0 +1,23 @@ +--- +title: "`additional_hosts`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + +If you're using a private network with specific IP addresses you need to connect to, +you might want to map those addresses to hostnames to better remember and organize them. +In such cases, you can add a map of those IP addresses to whatever hostnames you like. +Then when your app tries to access the hostname, it's sent to the proper IP address. + +So in the following example, if your app tries to access `api.example.com`, it's sent to `192.0.2.23`. + +```yaml {configFile="app"} +additional_hosts: + api.example.com: "192.0.2.23" + web.example.com: "203.0.113.42" +``` + +This is equivalent to adding the mapping to the `/etc/hosts` file for the container. + diff --git a/sites/platform/src/create-apps/image-properties/crons.md b/sites/platform/src/create-apps/image-properties/crons.md new file mode 100644 index 0000000000..630cd8939b --- /dev/null +++ b/sites/platform/src/create-apps/image-properties/crons.md @@ -0,0 +1,329 @@ +--- +title: "`crons`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + +The keys of the `crons` definition are the names of the cron jobs. +The names must be unique. + +If an application defines both a `web` instance and `worker` instances, cron jobs run only on the `web` instance. + +See how to [get cron logs](/increase-observability/logs/access-logs.md#container-logs). + +The following table shows the properties for each job: + +| Name | Type | Required | Description | +| ------------------ | -------------------------------------------- | -------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, on **Grid or {{% names/dedicated-gen-3 %}}** projects use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time. **Single-runtime image**: The `H` syntax is available only on **Grid** projects, and not on **{{% names/dedicated-gen-2 %}} projects.** | +| `commands` | A [cron commands dictionary](#cron-commands) | Yes | A definition of what commands to run when starting and stopping the cron job. | +| `shutdown_timeout` | `integer` | No | When a cron is canceled, this represents the number of seconds after which a `SIGKILL` signal is sent to the process to force terminate it. The default is `10` seconds. | +| `timeout` | `integer` | No | The maximum amount of time a cron can run before it's terminated. Defaults to the maximum allowed value of `86400` seconds (24 hours). + +Note that you can [cancel pending or running crons](/environments/cancel-activity.md). + +{{< note >}} + +The use of the `cmd` key is now deprecated in favor of the `commands`key.
+Make sure you set your new cron jobs using the `commands` key, +and update your existing cron jobs to ensure continuity. + +{{< /note >}} + +### Cron commands + +| Name | Type | Required | Description | +| ------------------ | --------- | -------- | ----------- | +| `start` | `string` | Yes | The command that's run. It's run in [Dash](https://en.wikipedia.org/wiki/Almquist_shell). | +| `stop` | `string` | No | The command that's issued to give the cron command a chance to shutdown gracefully, such as to finish an active item in a list of tasks. Issued when a cron task is interrupted by a user through the CLI or Console. If not specified, a `SIGTERM` signal is sent to the process. | + +```yaml {configFile="app"} +crons: + mycommand: + spec: 'H * * * *' + commands: + start: sleep 60 && echo sleep-60-finished && date + stop: killall sleep + shutdown_timeout: 18 +``` +In this example configuration, the crons [`spec`](#crons) uses the `H` syntax. + +Note that this syntax is only supported on Grid and {{% names/dedicated-gen-3 %}} projects. +On {{% names/dedicated-gen-2 %}} projects, use the [standard cron syntax](https://en.wikipedia.org/wiki/Cron#Cron_expression). + +### Single-runtime image: Example cron jobs + + +{{< codetabs >}} + ++++ +title=Drupal ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'php:{{% latest "php" %}}' +crons: + # Run Drupal's cron tasks every 19 minutes. + drupal: + spec: '*/19 * * * *' + commands: + start: 'cd web ; drush core-cron' + # But also run pending queue tasks every 7 minutes. + # Use an odd number to avoid running at the same time as the `drupal` cron. + drush-queue: + spec: '*/7 * * * *' + commands: + start: 'cd web ; drush queue-run aggregator_feeds' +{{< /snippet >}} +``` + +<---> + ++++ +title=Ruby on Rails ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'ruby:{{% latest "ruby" %}}' +crons: + # Execute a rake script every 19 minutes. + ruby: + spec: '*/19 * * * *' + commands: + start: 'bundle exec rake some:task' +{{< /snippet >}} +``` + +<---> + ++++ +title=Laravel ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'php:{{% latest "php" %}}' +crons: + # Run Laravel's scheduler every 5 minutes. + scheduler: + spec: '*/5 * * * *' + commands: + start: 'php artisan schedule:run' +{{< /snippet >}} +``` + +<---> + ++++ +title=Symfony ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'php:{{% latest "php" %}}' +crons: + # Take a backup of the environment every day at 5:00 AM. + snapshot: + spec: 0 5 * * * + commands: + start: | + # Only run for the production environment, aka main branch + if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then + croncape symfony ... + fi +{{< /snippet >}} +``` + +{{< /codetabs >}} + + +### Composable image: Example cron jobs + + +{{< codetabs >}} + ++++ +title=Drupal ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "php@{{% latest php %}}" ] +crons: + # Run Drupal's cron tasks every 19 minutes. + drupal: + spec: '*/19 * * * *' + commands: + start: 'cd web ; drush core-cron' + # But also run pending queue tasks every 7 minutes. + # Use an odd number to avoid running at the same time as the `drupal` cron. + drush-queue: + spec: '*/7 * * * *' + commands: + start: 'cd web ; drush queue-run aggregator_feeds' +{{< /snippet >}} +``` + +<---> + ++++ +title=Ruby on Rails ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "ruby@{{% latest ruby %}}" ] +crons: + # Execute a rake script every 19 minutes. + ruby: + spec: '*/19 * * * *' + commands: + start: 'bundle exec rake some:task' +{{< /snippet >}} +``` + +<---> + ++++ +title=Laravel ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "php@{{% latest php %}}" ] +crons: + # Run Laravel's scheduler every 5 minutes. + scheduler: + spec: '*/5 * * * *' + commands: + start: 'php artisan schedule:run' +{{< /snippet >}} +``` + +<---> + ++++ +title=Symfony ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "php@{{% latest php %}}" ] +crons: + # Take a backup of the environment every day at 5:00 AM. + snapshot: + spec: 0 5 * * * + commands: + start: | + # Only run for the production environment, aka main branch + if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then + croncape symfony ... + fi +{{< /snippet >}} +``` + +{{< /codetabs >}} + + +### Conditional crons + +If you want to set up customized cron schedules depending on the environment type, +define conditional crons. +To do so, use a configuration similar to the following: + +```yaml {configFile="app"} +crons: + update: + spec: '0 0 * * *' + commands: + start: | + if [ "$PLATFORM_ENVIRONMENT_TYPE" = production ]; then + {{% vendor/cli %}} backup:create --yes --no-wait + {{% vendor/cli %}} source-operation:run update --no-wait --yes + fi +``` +### Cron job timing + +Minimum time between cron jobs being triggered: + +| Plan | Time | +|-------------------- | --------- | +| Professional | 5 minutes | +| Elite or Enterprise | 1 minute | + +For each app container, only one cron job can run at a time. +If a new job is triggered while another is running, the new job is paused until the other completes. + +To minimize conflicts, a random offset is applied to all triggers. +The offset is a random number of seconds up to 20 minutes or the cron frequency, whichever is smaller. + +Crons are also paused while activities such as [backups](/environments/backup.md) are running. +The crons are queued to run after the other activity finishes. + +To run cron jobs in a timezone other than UTC, set the `timezone` property as described for the image type ([single-runtime image](/create-apps/app-reference/single-runtime-image.md#top-level-properties) or +[composable image](/create-apps/app-reference/composable-image.md#top-level-properties)). + +### Paused crons + +[Preview environments](/glossary/_index.md#preview-environment) are often used for a limited time and then abandoned. +While it's useful for environments under active development to have scheduled tasks, +unused environments don't need to run cron jobs. +To minimize unnecessary resource use, +crons on environments with no deployments are paused. + +This affects all environments that aren't live environments. +This means all environments on Development plans +and all preview environments on higher plans. + +Such environments with deployments within 14 days have crons with the status `running`. +If there haven't been any deployments within 14 days, the status is `paused`. + +You can see the status in the Console +or using the CLI by running `{{% vendor/cli %}} environment:info` and looking under `deployment_state`. + +#### Restarting paused crons + +If the crons on your preview environment are paused but you're still using them, +you can push changes to the environment or redeploy it. + +To restart crons without changing anything: + +{{< codetabs >}} + ++++ +title=In the Console ++++ + +1. In the Console, navigate to your project. +1. Open the environment where you'd like the crons to run. +1. Click `Redeploy` next to the cron status of `Paused`. + +<---> + ++++ +title=Using the CLI ++++ + +Run the following command: + +```bash +{{% vendor/cli %}} redeploy +``` + +{{< /codetabs >}} + +### Composable image only: Sizing hints + +The following table shows the properties that can be set in `sizing_hints`: + +| Name | Type | Default | Minimum | Description | +|-------------------|-----------|---------|---------|------------------------------------------------| +| `request_memory` | `integer` | 45 | 10 | The average memory consumed per request in MB. | +| `reserved_memory` | `integer` | 70 | 70 | The amount of memory reserved in MB. | + +See more about [PHP-FPM workers and sizing](/languages/php/fpm.md). + diff --git a/sites/platform/src/create-apps/image-properties/disk.md b/sites/platform/src/create-apps/image-properties/disk.md new file mode 100644 index 0000000000..6dc92bc4db --- /dev/null +++ b/sites/platform/src/create-apps/image-properties/disk.md @@ -0,0 +1,32 @@ +--- +title: "`disk`" +weight: 4 +description: Defines the disk space allocated to an app. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + +Defines the disk space allocated to an individual app. + +The maximum total space available to all apps and services is set by the storage in your plan settings. +When deploying your project, the sum of all `disk` keys defined in app and service configurations +must be *equal or less* than the plan storage size. + +So if your *plan storage size* is 5 GB, you can, for example, assign it in one of the following ways: + +- 2 GB to your app, 3 GB to your database +- 1 GB to your app, 4 GB to your database +- 1 GB to your app, 1 GB to your database, 3 GB to your OpenSearch service + +If you exceed the total space available, you receive an error on pushing your code. +You need to either increase your plan's storage or decrease the `disk` values you've assigned. + +You configure the disk size in [MB](/glossary/_index.md#mb). Your actual available disk space is slightly smaller with some space used for formatting and the filesystem journal. When checking available space, note whether it’s reported in MB or MiB. + +### Altering `disk` values + +It's a best practice to [back up your environment](/environments/backup.md) **before and after** you increase **or** decrease the `disk` value (the amount of allocated storage space) of an app or service. + +You can decrease the size of an existing disk for an app. If you do so, be aware that: +- Downsizing fails if the amount of data exceeds the configured `disk` value. +- Backups completed before the downsizing a disk are incompatible and can no longer be used to restore applications. You need to [create new backups](/environments/backup.md). diff --git a/sites/platform/src/create-apps/image-properties/firewall.md b/sites/platform/src/create-apps/image-properties/firewall.md new file mode 100644 index 0000000000..9540cfcfab --- /dev/null +++ b/sites/platform/src/create-apps/image-properties/firewall.md @@ -0,0 +1,107 @@ +--- +title: "`firewall`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +{{< premium-features/tiered "Elite and Enterprise" >}} + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + +Sets limits in outbound traffic from your app with no impact on inbound requests. + +The `outbound` key is required and contains one or more rules. +The rules define what traffic is allowed; anything unspecified is blocked. + +Each rule has the following properties where at least one is required and `ips` and `domains` can't be specified together: + +| Name | Type | Default | Description | +| --------- |---------------------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `ips` | Array of `string`s | `["0.0.0.0/0"]` | IP addresses in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). See a [CIDR format converter](https://www.ipaddressguide.com/cidr). | +| `domains` | Array of `string`s | | [Fully qualified domain names](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) to specify specific destinations by hostname. | +| `ports` | Array of `integer`s | | Ports from 1 to 65535 that are allowed. If any ports are specified, all unspecified ports are blocked. If no ports are specified, all ports are allowed. Port `25`, the SMTP port for sending email, is always blocked. | + +The default settings would look like this: + +```yaml {configFile="app"} +firewall: + outbound: + - ips: ["0.0.0.0/0"] +``` + +### Support for rules + +Where outbound rules for firewalls are supported in all environments. +For {{% names/dedicated-gen-2 %}} projects, contact support for configuration. + +### Multiple rules + +Multiple firewall rules can be specified. +In such cases, a given outbound request is allowed if it matches _any_ of the defined rules. + +So in the following example requests to any IP on port 80 are allowed +and requests to 1.2.3.4 on either port 80 or 443 are allowed: + +```yaml {configFile="app"} +firewall: + outbound: + - ips: ["1.2.3.4/32"] + ports: [443] + - ports: [80] +``` + +### Outbound traffic to CDNs + +Be aware that many services are behind a content delivery network (CDN). +For most CDNs, routing is done via domain name, not IP address, +so thousands of domain names may share the same public IP addresses at the CDN. +If you allow the IP address of a CDN, you are usually allowing many or all of the other customers hosted behind that +CDN. + +### Outbound traffic by domain + +You can filter outbound traffic by domain. +Using domains in your rules rather than IP addresses is generally more specific and secure. +For example, if you use an IP address for a service with a CDN, +you have to allow the IP address for the CDN. +This means that you allow potentially hundreds or thousands of other servers also using the CDN. + +An example rule filtering by domain: + +```yaml {configFile="app"} +firewall: + outbound: + - protocol: tcp + domains: ["api.stripe.com", "api.twilio.com"] + ports: [80, 443] + - protocol: tcp + ips: ["1.2.3.4/29","2.3.4.5"] + ports: [22] +``` +#### Determine which domains to allow + +To determine which domains to include in your filtering rules, +find the domains your site has requested the DNS to resolve. +Run the following command to parse your server’s `dns.log` file +and display all Fully Qualified Domain Names that have been requested: + +```bash +awk '/query\[[^P]\]/ { print $6 | "sort -u" }' /var/log/dns.log +``` + +The output includes all DNS requests that were made, including those blocked by your filtering rules. +It doesn't include any requests made using an IP address. + +Example output: + +```bash +facebook.com +fastly.com +platform.sh +www.google.com +www.platform.sh +``` + + + + diff --git a/sites/platform/src/create-apps/image-properties/hooks.md b/sites/platform/src/create-apps/image-properties/hooks.md new file mode 100644 index 0000000000..69644f6d37 --- /dev/null +++ b/sites/platform/src/create-apps/image-properties/hooks.md @@ -0,0 +1,101 @@ +--- +title: "`hooks`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +keywords: + - hooks + - hooks +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + +There are three different hooks that run as part of the process of building and deploying your app. +These are places where you can run custom scripts. +They are: the `build` hook, the `deploy` hook, and the `post_deploy` hook. +Only the `build` hook is run for [worker instances](/create-apps/image-properties/workers.md), while [web instances](/create-apps/image-properties/web.md) run all three. + +The process is ordered as: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +1. Variables accessible at build time become available. +1. [Build flavor](/create-apps/app-reference/single-runtime-image.md#build) runs if applicable. +1. Any [dependencies](/create-apps/app-reference/single-runtime-image.md#dependencies) are installed. +1. The `build` hook is run. +1. The file system is changed to read only, except for any [mounts](/create-apps/image-properties/mounts.md). +1. The app container starts. Variables accessible at runtime and services become available. +1. The `deploy` hook is run. +1. The app container begins accepting requests. +1. The `post_deploy` hook is run. + +<---> + ++++ +title=Composable image ++++ + +1. Variables accessible at build time become available. +1. The `build` hook is run. +1. The file system is changed to read only, except for any [mounts](/create-apps/image-properties/mounts.md). +1. The app container starts. Variables accessible at runtime and services become available. +1. The `deploy` hook is run. +1. The app container begins accepting requests. +1. The `post_deploy` hook is run. + +{{< /codetabs >}} + +Note that if an environment changes by no code changes, only the last step is run. +If you want the entire process to run, see how +to [manually trigger builds](/development/troubleshoot.md#manually-trigger-builds). + +### Writable directories during build + +During the `build` hook, there are three writeable directories: + +- `PLATFORM_APP_DIR`: + Where your code is checked out and the working directory when the `build` hook starts. + Becomes the app that gets deployed. +- `PLATFORM_CACHE_DIR`: + Persists between builds, but isn't deployed. + Shared by all builds on all branches. +- `/tmp`: + Isn't deployed and is wiped between each build. + Note that `PLATFORM_CACHE_DIR` is mapped to `/tmp` + and together they offer about 8GB of free space. + +### Hook failure + +Each hook is executed as a single script, so they're considered to have failed only if the final command in them fails. +To cause them to fail on the first failed command, add `set -e` to the beginning of the hook. + +If a `build` hook fails for any reason, the build is aborted and the deploy doesn't happen. +Note that this only works for `build` hooks -- +if other hooks fail, the app is still deployed. + +#### Automated testing + +It’s preferable that you set up and run automated tests in a dedicated CI/CD tool. +Relying on {{% vendor/name %}} hooks for such tasks can prove difficult. + +During the `build` hook, you can halt the deployment on a test failure but the following limitations apply: + +- Access to services such as databases, Redis, Vault KMS, and even writable mounts is disabled. + So any testing that relies on it is sure to fail. +- If you haven’t made changes to your app, an existing build image is reused and the build hook isn’t run. +- Test results are written into your app container, so they might get exposed to a third party. + +During the `deploy` hook, you can access services but **you can’t halt the deployment based on a test failure**. +Note that there are other downsides: + +- Your app container is read-only during the deploy hook, + so if your tests need to write reports and other information, you need to create a file mount for them. +- Your app can only be deployed once the deploy hook has been completed. + Therefore, running automated testing via the deploy hook generates slower deployments. +- Your environment isn’t available externally during the deploy hook. + Unit and integration testing might work without the environment being available, + but you can’t typically perform end-to-end testing until after the environment is up and available. + diff --git a/sites/platform/src/create-apps/image-properties/mounts.md b/sites/platform/src/create-apps/image-properties/mounts.md new file mode 100644 index 0000000000..e03b5638d8 --- /dev/null +++ b/sites/platform/src/create-apps/image-properties/mounts.md @@ -0,0 +1,152 @@ +--- +title: "`mounts`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + + After your app is built, its file system is read-only. +To make changes to your app's code, you need to use Git. + +For enhanced flexibility, {{% vendor/name %}} allows you to define and use writable directories called "mounts". +Mounts give you write access to files generated by your app (such as cache and log files) +and uploaded files without going through Git. + +When you define a mount, you are mounting an external directory to your app container, +much like you would plug a hard drive into your computer to transfer data. + +{{% note %}} + +- Mounts aren't available during the build +- When you [back up an environment](/environments/backup.md), the mounts on that environment are backed up too + +{{% /note %}} + +### Define a mount + +To define a mount, use the following configuration: + +```yaml {configFile="app"} +mounts: + '{{< variable "MOUNT_PATH" >}}': + source: {{< variable "MOUNT_TYPE" >}} + source_path: {{< variable "SOURCE_PATH_LOCATION" >}} +``` + +{{< variable "MOUNT_PATH" >}} is the path to your mount **within the app container** (relative to the app's root). +If you already have a directory with that name, you get a warning that it isn't accessible after the build. +See how to [troubleshoot the warning](/create-apps/troubleshoot-mounts.md#overlapping-folders). + +| Name | Type | Required | Description | +| ------------- |-------------------------------| -------- |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `source` | `local`, `service`, or `tmp` | Yes | Specifies the type of the mount:

- `local` mounts are unique to your app. They can be useful to store files that remain local to the app instance, such as application logs.
`local` mounts require disk space. To successfully set up a local mount, set the `disk` key in your app configuration.

- `service` mounts point to [Network Storage](/add-services/network-storage.md) services that can be shared between several apps.

- `tmp` mounts are local ephemeral mounts, where an external directory is mounted to the `/tmp` directory of your app.
The content of a `tmp` mount **may be removed during infrastructure maintenance operations**. Therefore, `tmp` mounts allow you to **store files that you’re not afraid to lose**, such as your application cache that can be seamlessly rebuilt.
Note that the `/tmp` directory has **a maximum allocation of 8 GB**. | +| `source_path` | `string` | No | Specifies where the mount points **inside the [external directory](#mounts)**.

- If you explicitly set a `source_path`, your mount points to a specific subdirectory in the external directory.

- If the `source_path` is an empty string (`""`), your mount points to the entire external directory.

- If you don't define a `source_path`, {{% vendor/name %}} uses the {{< variable "MOUNT_PATH" >}} as default value, without leading or trailing slashes.
For example, if your mount lives in the `/web/uploads/` directory in your app container, it will point to a directory named `web/uploads` in the external directory.

**WARNING:** Changing the name of your mount affects the `source_path` when it's undefined. See [how to ensure continuity](#ensure-continuity-when-changing-the-name-of-your-mount) and maintain access to your files. | +| `service` | `string` | | Only for `service` mounts: the name of the [Network Storage service](/add-services/network-storage.md). | + + +The accessibility to the web of a mounted directory depends on the [`web.locations` configuration](#web). +Files can be all public, all private, or with different rules for different paths and file types. + +Note that when you remove a `local` mount from your `{{< vendor/configfile "app" >}}` file, +the mounted directory isn't deleted. +The files still exist on disk until manually removed +(or until the app container is moved to another host during a maintenance operation in the case of a `tmp` mount). + +### Example configuration + +```yaml {configFile="app"} +mounts: + 'web/uploads': + source: local + source_path: uploads + '/.tmp_platformsh': + source: tmp + source_path: files/.tmp_platformsh + '/build': + source: local + source_path: files/build + '/.cache': + source: tmp + source_path: files/.cache + '/node_modules/.cache': + source: tmp + source_path: files/node_modules/.cache +``` + +For examples of how to set up a `service` mount, see the dedicated [Network Storage page](/add-services/network-storage.md). + +### Ensure continuity when changing the name of your mount + +Changing the name of your mount affects the default `source_path`. + +Say you have a `/my/cache/` mount with an undefined `source_path`: + +```yaml {configFile="app"} +mounts: + '/my/cache/': + source: tmp +``` + +If you rename the mount to `/cache/files/`, it will point to a new, empty `/cache/files/` directory. + +To ensure continuity, you need to explicitly define the `source_path` as the previous name of the mount, without leading or trailing slashes: + + ```yaml {configFile="app"} +mounts: + '/cache/files/': + source: tmp + source_path: my/cache +``` + +The `/cache/files/` mount will point to the original `/my/cache/` directory, maintaining access to all your existing files in that directory. + +### Overlapping mounts + +The locations of mounts as they are visible to application containers can overlap somewhat. +For example: + +```yaml {configFile="apps"} +applications: + myapp: + # ... + mounts: + 'var/cache_a': + source: service + service: ns_service + source_path: cacheA + 'var/cache_b': + source: tmp + source_path: cacheB + 'var/cache_c': + source: local + source_path: cacheC +``` + +In this case, it does not matter that each mount is of a different `source` type. +Each mount is restricted to a subfolder within `var`, and all is well. + +The following, however, is not allowed and will result in a failure: + +```yaml {configFile="apps"} +applications: + myapp: + # ... + mounts: + 'var/': + source: service + service: ns_service + source_path: cacheA + 'var/cache_b': + source: tmp + source_path: cacheB + 'var/cache_c': + source: local + source_path: cacheC +``` + +The `service` mount type specifically exists to share data between instances of the same application, whereas `tmp` and `instance` are meant to restrict data to build time and runtime of a single application instance, respectively. +These allowances are not compatible, and will result in an error if pushed. + + + diff --git a/sites/platform/src/create-apps/image-properties/relationships.md b/sites/platform/src/create-apps/image-properties/relationships.md new file mode 100644 index 0000000000..47db2c8234 --- /dev/null +++ b/sites/platform/src/create-apps/image-properties/relationships.md @@ -0,0 +1,187 @@ +--- +title: "`relationships`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images in {{% vendor/name %}}. + +## Relationships + +To allow containers in your project to communicate with one another, +you need to define relationships between them. +You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). + +The quickest way to define a relationship between your app and a service +is to use the service's default endpoint.
+However, some services allow you to define multiple databases, cores, and/or permissions. +In these cases, you can't rely on default endpoints. +Instead, you can explicitly define multiple endpoints when setting up your relationships. + +{{< note >}} +App containers don't have a default endpoint like services. +To connect your app to another app in your project, +you need to explicitly define the `http` endpoint as the endpoint to connect both apps.
+For more information, see how to [define relationships between your apps](/create-apps/multi-app/relationships.md). +{{< /note >}} + +{{< note title="Availability" theme="info">}} + +New syntax (default and explicit endpoints) described below is supported by most, but not all, image types +(`Relationship 'SERVICE_NAME' of application 'myapp' ... targets a service without a valid default endpoint configuration.`). +This syntax is currently being rolled out for all images. +If you encounter this error, use the "legacy" {{% vendor/name %}} configuration noted at the bottom of this section. + +{{< /note >}} + +To define a relationship between your app and a service: + +{{< codetabs >}} + ++++ +title=Using default endpoints ++++ + +Use the following configuration: + +```yaml {configFile="app"} +relationships: + {{% variable "SERVICE_NAME" %}}: +``` + +The `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). +It is used as the relationship name, and associated with a `null` value. +This instructs {{% vendor/name %}} to use the service's default endpoint to connect your app to the service. + +For example, if you define the following configuration: + +```yaml {configFile="app"} +relationships: + mariadb: +``` + +{{% vendor/name %}} looks for a service named `mariadb` in your `{{% vendor/configfile "services" %}}` file, +and connects your app to it through the service's default endpoint. + +For reference, the equivalent configuration using explicit endpoints would be the following: + +```yaml {configFile="app"} +relationships: + mariadb: + service: mariadb + endpoint: mysql +``` + +You can define any number of relationships in this way: + +```yaml {configFile="app"} +relationships: + mariadb: + redis: + elasticsearch: +``` + +{{< note title="Tip" theme="info" >}} + +An even quicker way to define many relationships is to use the following single-line configuration: + +```yaml {configFile="app"} +relationships: {{{< variable "SERVICE_NAME_A" >}}, {{< variable "SERVICE_NAME_B" >}}, {{< variable "SERVICE_NAME_C" >}}} +``` + +where + +```yaml {configFile="services"} +{{< variable "SERVICE_NAME_A" >}}: + type: mariadb:{{% latest "mariadb" %}} + disk: 256 +{{< variable "SERVICE_NAME_B" >}}: + type: redis:{{% latest "redis" %}} + disk: 256 +{{< variable "SERVICE_NAME_C" >}}: + type: elasticsearch:{{% latest "elasticsearch" %}} + disk: 256 +``` + +{{< /note >}} + +<---> + ++++ +title=Using explicit endpoints ++++ + +Use the following configuration: + +```yaml {configFile="app"} +relationships: + {{% variable "RELATIONSHIP_NAME" %}}: + service: {{% variable "SERVICE_NAME" %}} + endpoint: {{% variable "ENDPOINT_NAME" %}} +``` + +- `RELATIONSHIP_NAME` is the name you want to give to the relationship. +- `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). +- `ENDPOINT_NAME` is the endpoint your app will use to connect to the service (refer to the service reference to know which value to use). + +For example, to define a relationship named `database` that connects your app to a service called `mariadb` through the `db1` endpoint, +use the following configuration: + +```yaml {configFile="app"} +relationships: + database: # The name of the relationship. + service: mariadb + endpoint: db1 +``` + +For more information on how to handle multiple databases, multiple cores, +and/or different permissions with services that support such features, +see each service's dedicated page: + + - [MariaDB/MySQL](/add-services/mysql/_index.md#multiple-databases) (multiple databases and permissions) + - [PostgreSQL](/add-services/postgresql/_index.md#multiple-databases) (multiple databases and permissions) + - [Redis](/add-services/redis/_index.md#multiple-databases) (multiple databases) + - [Solr](add-services/solr/_index.md#solr-6-and-later) (multiple cores) + - [Vault KMS](add-services/vault.md#multiple-endpoints-configuration) (multiple permissions) + + You can add as many relationships as you want to your app configuration, + using both default and explicit endpoints according to your needs: + +```yaml {configFile="app"} +relationships: + database1: + service: mariadb + endpoint: admin + database2: + service: mariadb + endpoint: legacy + cache: + service: redis + search: + service: elasticsearch +``` + +{{< /codetabs >}} + +{{< note theme="info" title="Legacy" >}} + +The following legacy syntax for specifying relationships is still supported by {{% vendor/name %}}: + +```yaml {configFile="app"} +relationships: + : ":" +``` + +For example: + +```yaml {configFile="app"} +relationships: + database: "mariadb:mysql" +``` + +Feel free to use this until the default and explicit endpoint syntax is supported on all images. + +{{< /note >}} + + + diff --git a/sites/platform/src/create-apps/image-properties/size.md b/sites/platform/src/create-apps/image-properties/size.md new file mode 100644 index 0000000000..1295a15d07 --- /dev/null +++ b/sites/platform/src/create-apps/image-properties/size.md @@ -0,0 +1,119 @@ +--- +title: "`size`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +keywords: + - resource sizing +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + +Resources are distributed across all containers in an environment from the total available from your [plan size](/administration/pricing/_index.md). +So if you have more than just a single app, it doesn't get all of the resources available. +Each environment has its own resources and there are different [sizing rules for preview environments](#sizes-in-preview-environments). + +By default, resource sizes (CPU and memory) are chosen automatically for an app +based on the plan size and the number of other containers in the cluster. +Most of the time, this automatic sizing is enough. + +You can set sizing suggestions for production environments when you know a given container has specific needs. +Such as a worker that doesn't need much and can free up resources for other apps. +To do so, set `size` to one of the following values: + +- `S` +- `M` +- `L` +- `XL` +- `2XL` +- `4XL` + +The total resources allocated across all apps and services can't exceed what's in your plan. + +### Container profiles: CPU and memory + +By default, {{% vendor/name %}} allocates a container profile to each app and service depending on: + +- The range of resources it’s expected to need +- Your [plan size](/administration/pricing/_index.md), as resources are distributed across containers. + Ideally you want to give databases the biggest part of your memory, and apps the biggest part of your CPU. + +The container profile and the [size of the container](#sizes) determine +how much CPU and memory (in [MB](/glossary/_index.md#mb)) the container gets. + +There are three container profiles available: ``HIGH_CPU``, ``BALANCED``, and ``HIGH_MEMORY``. + +#### ``HIGH_CPU`` container profile + +| Size | CPU | MEMORY | +| ---- | ----- | -------- | +| S | 0.40 | 128 MB | +| M | 0.40 | 128 MB | +| L | 1.20 | 256 MB | +| XL | 2.50 | 384 MB | +| 2XL | 5.00 | 768 MB | +| 4XL | 10.00 | 1536 MB | + +#### `BALANCED` container profile + +| Size | CPU | MEMORY | +| ---- | ---- | -------- | +| S | 0.05 | 32 MB | +| M | 0.05 | 64 MB | +| L | 0.08 | 256 MB | +| XL | 0.10 | 512 MB | +| 2XL | 0.20 | 1024 MB | +| 4XL | 0.40 | 2048 MB | + +#### `HIGH_MEMORY` container profile + +| Size | CPU | MEMORY | +| ---- | ---- | --------- | +| S | 0.25 | 128 MB | +| M | 0.25 | 288 MB | +| L | 0.40 | 1280 MB | +| XL | 0.75 | 2624 MB | +| 2XL | 1.50 | 5248 MB | +| 4XL | 3.00 | 10496 MB | + +#### Container profile reference + +The following table shows which container profiles {{% vendor/name %}} applies when deploying your project. + +| Container | Profile | +|-----------------------|-------------| +| Chrome Headless | HIGH_CPU | +| .NET | HIGH_CPU | +| Elasticsearch | HIGH_MEMORY | +| Elasticsearch Premium | HIGH_MEMORY | +| Elixir | HIGH_CPU | +| Go | HIGH_CPU | +| Gotenberg | HIGH_MEMORY | +| InfluxDB | HIGH_MEMORY | +| Java | HIGH_MEMORY | +| Kafka | HIGH_MEMORY | +| MariaDB | HIGH_MEMORY | +| Memcached | BALANCED | +| MongoDB | HIGH_MEMORY | +| MongoDB Premium | HIGH_MEMORY | +| Network Storage | HIGH_MEMORY | +| Node.js | HIGH_CPU | +| OpenSearch | HIGH_MEMORY | +| Oracle MySQL | HIGH_MEMORY | +| PHP | HIGH_CPU | +| PostgreSQL | HIGH_MEMORY | +| Python | HIGH_CPU | +| RabbitMQ | HIGH_MEMORY | +| Redis ephemeral | BALANCED | +| Redis persistent | BALANCED | +| Ruby | HIGH_CPU | +| Rust | HIGH_CPU | +| Solr | HIGH_MEMORY | +| Varnish | HIGH_MEMORY | +| Vault KMS | HIGH_MEMORY | + +### Sizes in preview environments + +Containers in preview environments don't follow the `size` specification. +Application containers are set based on the plan's setting for **Environments application size**. +The default is size **S**, but you can increase it by editing your plan. +(Service containers in preview environments are always set to size **S**.) diff --git a/sites/platform/src/create-apps/image-properties/source.md b/sites/platform/src/create-apps/image-properties/source.md new file mode 100644 index 0000000000..9fd3192984 --- /dev/null +++ b/sites/platform/src/create-apps/image-properties/source.md @@ -0,0 +1,15 @@ +--- +title: "`source`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + +The following table shows the properties that can be set in `source`: + + +| Name | Type | Required | Description | +| ------------ | ------------------------ | -------- |------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `operations` | An operations dictionary | | Operations that can be applied to the source code. See [source operations](/create-apps/source-operations.md). | +| `root` | `string` | | The path where the app code lives. Useful for [multi-app setups](/create-apps/multi-app/_index.md). **Single-runtime image**: Defaults to the directory of the `{{< vendor/configfile "app" >}}` file. **Composable image**: Defaults to the root project directory. | diff --git a/sites/platform/src/create-apps/image-properties/variables.md b/sites/platform/src/create-apps/image-properties/variables.md new file mode 100644 index 0000000000..f5200f5745 --- /dev/null +++ b/sites/platform/src/create-apps/image-properties/variables.md @@ -0,0 +1,35 @@ +--- +title: "`variables`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + +{{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). +Variables set in your app configuration have the lowest precedence, +meaning they're overridden by any conflicting values provided elsewhere. + +All variables set in your app configuration must have a prefix. +Some [prefixes have specific meanings](/development/variables/_index.md#variable-prefixes). + +Variables with the prefix `env` are available as a separate environment variable. +All other variables are available in the [`PLATFORM_VARIABLES` environment variable](/development/variables/use-variables.md#use-provided-variables). + +The following example sets two variables: + +- A variable named `env:AUTHOR` with the value `Juan` that's available in the environment as `AUTHOR` +- A variable named `d8config:system.site:name` with the value `My site rocks` + that's available in the `PLATFORM_VARIABLES` environment variable + +```yaml {configFile="app"} +variables: + env: + AUTHOR: 'Juan' + d8config: + "system.site:name": 'My site rocks' +``` + +You can also define and access more [complex values](/development/variables/use-variables.md#access-complex-values). + + diff --git a/sites/platform/src/create-apps/image-properties/web.md b/sites/platform/src/create-apps/image-properties/web.md new file mode 100644 index 0000000000..ee023cb6a9 --- /dev/null +++ b/sites/platform/src/create-apps/image-properties/web.md @@ -0,0 +1,163 @@ +--- +title: "`web`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + +Use the `web` key to configure the web server running in front of your app. +In single-runtime images, defaults may vary with a different [image `type`](/create-apps/app-reference/single-runtime-image.md#types). + +| Name | Type | Required | Description | +|-------------|--------------------------------------------|-------------------------------|------------------------------------------------------| +| `commands` | A [web commands dictionary](#web-commands) | See [note](#required-command) | The command to launch your app. | +| `upstream` | An [upstream dictionary](#upstream) | | How the front server connects to your app. | +| `locations` | A [locations dictionary](#locations) | | How the app container responds to incoming requests. | + +See some [examples of how to configure what's served](/create-apps/web/_index.md). + +### Web commands + + +| Name | Type | Required | Description | +|--------------|----------|-------------------------------|-----------------------------------------------------------------------------------------------------| +| `pre_start` | `string` | | Command run just prior to `start`, which can be useful when you need to run _per-instance_ actions. | +| `start` | `string` | See [note](#required-command) | The command to launch your app. If it terminates, it's restarted immediately. | +| `post_start` | `string` | | Command runs **before** adding the container to the router and **after** the `start` command. | + +{{< note theme="info" >}} +The `post_start` feature is _experimental_ and may change. Please share your feedback in the +[{{% vendor/name %}} discord](https://discord.gg/platformsh). +{{< /note >}} + + +Example: + +```yaml {configFile="app"} +web: + commands: + start: 'uwsgi --ini conf/server.ini' +``` + +This command runs every time your app is restarted, regardless of whether or not new code is deployed. + +{{< note >}} + +Never "background" a start process using `&`. +That's interpreted as the command terminating and the supervisor process starts a second copy, +creating an infinite loop until the container crashes. +Just run it as normal and allow the {{% vendor/name %}} supervisor to manage it. + +{{< /note >}} + +#### Required command + +On all containers other than PHP, the value for `start` should be treated as required. + +On PHP containers, it's optional and defaults to starting PHP-FPM (`/usr/bin/start-php-app`). +It can also be set explicitly on a PHP container to run a dedicated process, +such as [React PHP](https://github.com/platformsh-examples/platformsh-example-reactphp) +or [Amp](https://github.com/platformsh-examples/platformsh-example-amphp). +See how to set up [alternate start commands on PHP](/languages/php/_index.md#alternate-start-commands). + +### Upstream + +| Name | Type | Required | Description | Default | +| --------------- |---------------------| -------- |-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| +| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | **Single-runtime image**: Defaults to `tcp` for all [image types](/create-apps/app-reference/single-runtime-image.md#types) except PHP; for PHP image types the default is `unix`. **Composable image**: Defaults to `tcp` for all [primary runtimes](/create-apps/app-reference/composable-image.md#primary-runtime) except PHP; for PHP the default is `unix`.| +| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | **Single-runtime image**: Default varies based on [image `type`](/create-apps/app-reference/single-runtime-image.md#types). **Composable image**: Default varies based on the [primary runtimes](/create-apps/app-reference/composable-image.md#primary-runtime). | + +For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. +For all other containers, the default for `protocol` is `http`. + +The following example is the default on non-PHP containers: + +```yaml {configFile="app"} +web: + upstream: + socket_family: tcp + protocol: http +``` +#### Where to listen + +Where to listen depends on your setting for `web.upstream.socket_family` (defaults to `tcp`). + +| `socket_family` | Where to listen | +|------------------|---------------------------------------------------------------------------------------------------------------------------------------| +| `tcp` | The port specified by the [`PORT` environment variable](/development/variables/use-variables.md#use-provided-variables) | +| `unix` | The Unix socket file specified by the [`SOCKET` environment variable](/development/variables/use-variables.md#use-provided-variables) | + +If your application isn't listening at the same place that the runtime is sending requests, +you see `502 Bad Gateway` errors when you try to connect to your website. + +### Locations + +Each key in the `locations` dictionary is a path on your site with a leading `/`. +For `example.com`, a `/` matches `example.com/` and `/admin` matches `example.com/admin`. +When multiple keys match an incoming request, the most-specific applies. + +The following table presents possible properties for each location: + +| Name | Type | Default | Description | +| ------------------- | ---------------------------------------------------- |------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `root` | `string` | | The directory to serve static assets for this location relative to the app's root directory ([single-runtime image](/create-apps/app-reference/single-runtime-image.md#root-directory); [composable image](/create-apps/app-reference/composable-image.md#primary-runtime)). Must be an actual directory inside the root directory. | +| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | +| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | +| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. **Also, for single-runtime image only:** If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a the header. | +| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | +| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | +| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | +| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | +| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | + +#### Rules + +The rules dictionary can override most other keys according to a regular expression. +The key of each item is a regular expression to match paths exactly. +If an incoming request matches the rule, it's handled by the properties under the rule, +overriding any conflicting rules from the rest of the `locations` dictionary. + +Under `rules`, you can set all the other possible [`locations` properties](#locations) +except `root`, `index`, `rules` and `request_buffering`. + +In the following example, the `allow` key disallows requests for static files anywhere in the site. +This is overridden by a rule that explicitly allows common image file formats. + +```yaml {configFile="app"} +web: + locations: + '/': + # Handle dynamic requests + root: 'public' + passthru: '/index.php' + # Disallow static files + allow: false + rules: + # Allow common image files only. + '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': + allow: true +``` +#### Request buffering + +Request buffering is enabled by default to handle chunked requests as most app servers don't support them. +The following table shows the keys in the `request_buffering` dictionary: + +| Name | Type | Required | Default | Description | +| ------------------ | --------- |----------| ------- |-------------------------------------------| +| `enabled` | `boolean` | Yes | `true` | Whether request buffering is enabled. | +| `max_request_size` | `string` | | `250m` | The maximum size to allow in one request. | + +The default configuration would look like this: + +```yaml {configFile="app"} +web: + locations: + '/': + passthru: true + request_buffering: + enabled: true + max_request_size: 250m +``` + + diff --git a/sites/platform/src/create-apps/image-properties/workers.md b/sites/platform/src/create-apps/image-properties/workers.md new file mode 100644 index 0000000000..bd6ba8ed79 --- /dev/null +++ b/sites/platform/src/create-apps/image-properties/workers.md @@ -0,0 +1,37 @@ +--- +title: "`workers`" +weight: 4 +description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + +Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](/create-apps/image-properties/hooks.md). +They use the same container image. + +Workers can't accept public requests and so are suitable only for background tasks. +If they exit, they're automatically restarted. + +The keys of the `workers` definition are the names of the workers. +You can then define how each worker differs from the `web` instance using +the top-level properties (see details for [single-runtime image](/create-apps/app-reference/single-runtime-image.md#top-level-properties) or [composable image](/create-apps/app-reference/composable-image.md#top-level-properties) top-level properties). + +Each worker can differ from the `web` instance in all properties _except_ for: + +- `build` and `dependencies` properties, which must be the same +- `crons` as cron jobs don't run on workers +- `hooks` as the `build` hook must be the same + and the `deploy` and `post_deploy` hooks don't run on workers. + +A worker named `queue` that was small and had a different start command could look like this: + +```yaml {configFile="app"} +workers: + queue: + size: S + commands: + start: | + ./worker.sh +``` + +For resource allocation, using workers in your project requires a [{{< partial "plans/multiapp-plan-name" >}} plan or larger](https://platform.sh/pricing/). From f26d6feb8cfcc30e452db10aa9568e5f25d700fc Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Wed, 30 Jul 2025 21:57:29 -0400 Subject: [PATCH 22/48] platform: deletions as a result of moving files --- .../src/create-apps/app-reference/access.md | 22 -- .../app-reference/additional_hosts.md | 21 -- .../src/create-apps/app-reference/crons.md | 327 ------------------ .../src/create-apps/app-reference/disk.md | 30 -- .../src/create-apps/app-reference/firewall.md | 105 ------ .../src/create-apps/app-reference/hooks.md | 99 ------ .../app-reference/image-properties/_index.md | 14 - .../image-properties/relationships.md | 188 ---------- .../src/create-apps/app-reference/mounts.md | 150 -------- .../app-reference/relationships.md | 187 ---------- .../src/create-apps/app-reference/size.md | 117 ------- .../src/create-apps/app-reference/source.md | 13 - .../create-apps/app-reference/variables.md | 33 -- .../src/create-apps/app-reference/web.md | 161 --------- .../src/create-apps/app-reference/workers.md | 35 -- 15 files changed, 1502 deletions(-) delete mode 100644 sites/platform/src/create-apps/app-reference/access.md delete mode 100644 sites/platform/src/create-apps/app-reference/additional_hosts.md delete mode 100644 sites/platform/src/create-apps/app-reference/crons.md delete mode 100644 sites/platform/src/create-apps/app-reference/disk.md delete mode 100644 sites/platform/src/create-apps/app-reference/firewall.md delete mode 100644 sites/platform/src/create-apps/app-reference/hooks.md delete mode 100644 sites/platform/src/create-apps/app-reference/image-properties/_index.md delete mode 100644 sites/platform/src/create-apps/app-reference/image-properties/relationships.md delete mode 100644 sites/platform/src/create-apps/app-reference/mounts.md delete mode 100644 sites/platform/src/create-apps/app-reference/relationships.md delete mode 100644 sites/platform/src/create-apps/app-reference/size.md delete mode 100644 sites/platform/src/create-apps/app-reference/source.md delete mode 100644 sites/platform/src/create-apps/app-reference/variables.md delete mode 100644 sites/platform/src/create-apps/app-reference/web.md delete mode 100644 sites/platform/src/create-apps/app-reference/workers.md diff --git a/sites/platform/src/create-apps/app-reference/access.md b/sites/platform/src/create-apps/app-reference/access.md deleted file mode 100644 index a898380c8e..0000000000 --- a/sites/platform/src/create-apps/app-reference/access.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -title: "`access`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. The `access` dictionary has one allowed key: - -| Name | Allowed values | Default | Description | -| ----- | ----------------------------------- | ------------- | ----------- | -| `ssh` | `admin`, `contributor`, or `viewer` | `contributor` | Defines the minimum role required to access app environments via SSH. | - -In the following example, only users with `admin` permissions for the given [environment type](/administration/users.md#environment-type-roles) -can access the deployed environment via SSH: - -```yaml {configFile="app"} -access: - ssh: admin -``` - - - diff --git a/sites/platform/src/create-apps/app-reference/additional_hosts.md b/sites/platform/src/create-apps/app-reference/additional_hosts.md deleted file mode 100644 index dd9b4438fa..0000000000 --- a/sites/platform/src/create-apps/app-reference/additional_hosts.md +++ /dev/null @@ -1,21 +0,0 @@ ---- -title: "`additional_hosts`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. If you're using a private network with specific IP addresses you need to connect to, -you might want to map those addresses to hostnames to better remember and organize them. -In such cases, you can add a map of those IP addresses to whatever hostnames you like. -Then when your app tries to access the hostname, it's sent to the proper IP address. - -So in the following example, if your app tries to access `api.example.com`, it's sent to `192.0.2.23`. - -```yaml {configFile="app"} -additional_hosts: - api.example.com: "192.0.2.23" - web.example.com: "203.0.113.42" -``` - -This is equivalent to adding the mapping to the `/etc/hosts` file for the container. - diff --git a/sites/platform/src/create-apps/app-reference/crons.md b/sites/platform/src/create-apps/app-reference/crons.md deleted file mode 100644 index 9933826561..0000000000 --- a/sites/platform/src/create-apps/app-reference/crons.md +++ /dev/null @@ -1,327 +0,0 @@ ---- -title: "`crons`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. The keys of the `crons` definition are the names of the cron jobs. -The names must be unique. - -If an application defines both a `web` instance and `worker` instances, cron jobs run only on the `web` instance. - -See how to [get cron logs](/increase-observability/logs/access-logs.md#container-logs). - -The following table shows the properties for each job: - -| Name | Type | Required | Description | -| ------------------ | -------------------------------------------- | -------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, on **Grid or {{% names/dedicated-gen-3 %}}** projects use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time. **Single-runtime image**: The `H` syntax is available only on **Grid** projects, and not on **{{% names/dedicated-gen-2 %}} projects.** | -| `commands` | A [cron commands dictionary](#cron-commands) | Yes | A definition of what commands to run when starting and stopping the cron job. | -| `shutdown_timeout` | `integer` | No | When a cron is canceled, this represents the number of seconds after which a `SIGKILL` signal is sent to the process to force terminate it. The default is `10` seconds. | -| `timeout` | `integer` | No | The maximum amount of time a cron can run before it's terminated. Defaults to the maximum allowed value of `86400` seconds (24 hours). - -Note that you can [cancel pending or running crons](/environments/cancel-activity.md). - -{{< note >}} - -The use of the `cmd` key is now deprecated in favor of the `commands`key.
-Make sure you set your new cron jobs using the `commands` key, -and update your existing cron jobs to ensure continuity. - -{{< /note >}} - -### Cron commands - -| Name | Type | Required | Description | -| ------------------ | --------- | -------- | ----------- | -| `start` | `string` | Yes | The command that's run. It's run in [Dash](https://en.wikipedia.org/wiki/Almquist_shell). | -| `stop` | `string` | No | The command that's issued to give the cron command a chance to shutdown gracefully, such as to finish an active item in a list of tasks. Issued when a cron task is interrupted by a user through the CLI or Console. If not specified, a `SIGTERM` signal is sent to the process. | - -```yaml {configFile="app"} -crons: - mycommand: - spec: 'H * * * *' - commands: - start: sleep 60 && echo sleep-60-finished && date - stop: killall sleep - shutdown_timeout: 18 -``` -In this example configuration, the crons [`spec`](#crons) uses the `H` syntax. - -Note that this syntax is only supported on Grid and {{% names/dedicated-gen-3 %}} projects. -On {{% names/dedicated-gen-2 %}} projects, use the [standard cron syntax](https://en.wikipedia.org/wiki/Cron#Cron_expression). - -### Single-runtime image: Example cron jobs - - -{{< codetabs >}} - -+++ -title=Drupal -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'php:{{% latest "php" %}}' -crons: - # Run Drupal's cron tasks every 19 minutes. - drupal: - spec: '*/19 * * * *' - commands: - start: 'cd web ; drush core-cron' - # But also run pending queue tasks every 7 minutes. - # Use an odd number to avoid running at the same time as the `drupal` cron. - drush-queue: - spec: '*/7 * * * *' - commands: - start: 'cd web ; drush queue-run aggregator_feeds' -{{< /snippet >}} -``` - -<---> - -+++ -title=Ruby on Rails -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'ruby:{{% latest "ruby" %}}' -crons: - # Execute a rake script every 19 minutes. - ruby: - spec: '*/19 * * * *' - commands: - start: 'bundle exec rake some:task' -{{< /snippet >}} -``` - -<---> - -+++ -title=Laravel -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'php:{{% latest "php" %}}' -crons: - # Run Laravel's scheduler every 5 minutes. - scheduler: - spec: '*/5 * * * *' - commands: - start: 'php artisan schedule:run' -{{< /snippet >}} -``` - -<---> - -+++ -title=Symfony -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'php:{{% latest "php" %}}' -crons: - # Take a backup of the environment every day at 5:00 AM. - snapshot: - spec: 0 5 * * * - commands: - start: | - # Only run for the production environment, aka main branch - if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then - croncape symfony ... - fi -{{< /snippet >}} -``` - -{{< /codetabs >}} - - -### Composable image: Example cron jobs - - -{{< codetabs >}} - -+++ -title=Drupal -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "php@{{% latest php %}}" ] -crons: - # Run Drupal's cron tasks every 19 minutes. - drupal: - spec: '*/19 * * * *' - commands: - start: 'cd web ; drush core-cron' - # But also run pending queue tasks every 7 minutes. - # Use an odd number to avoid running at the same time as the `drupal` cron. - drush-queue: - spec: '*/7 * * * *' - commands: - start: 'cd web ; drush queue-run aggregator_feeds' -{{< /snippet >}} -``` - -<---> - -+++ -title=Ruby on Rails -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "ruby@{{% latest ruby %}}" ] -crons: - # Execute a rake script every 19 minutes. - ruby: - spec: '*/19 * * * *' - commands: - start: 'bundle exec rake some:task' -{{< /snippet >}} -``` - -<---> - -+++ -title=Laravel -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "php@{{% latest php %}}" ] -crons: - # Run Laravel's scheduler every 5 minutes. - scheduler: - spec: '*/5 * * * *' - commands: - start: 'php artisan schedule:run' -{{< /snippet >}} -``` - -<---> - -+++ -title=Symfony -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "php@{{% latest php %}}" ] -crons: - # Take a backup of the environment every day at 5:00 AM. - snapshot: - spec: 0 5 * * * - commands: - start: | - # Only run for the production environment, aka main branch - if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then - croncape symfony ... - fi -{{< /snippet >}} -``` - -{{< /codetabs >}} - - -### Conditional crons - -If you want to set up customized cron schedules depending on the environment type, -define conditional crons. -To do so, use a configuration similar to the following: - -```yaml {configFile="app"} -crons: - update: - spec: '0 0 * * *' - commands: - start: | - if [ "$PLATFORM_ENVIRONMENT_TYPE" = production ]; then - {{% vendor/cli %}} backup:create --yes --no-wait - {{% vendor/cli %}} source-operation:run update --no-wait --yes - fi -``` -### Cron job timing - -Minimum time between cron jobs being triggered: - -| Plan | Time | -|-------------------- | --------- | -| Professional | 5 minutes | -| Elite or Enterprise | 1 minute | - -For each app container, only one cron job can run at a time. -If a new job is triggered while another is running, the new job is paused until the other completes. - -To minimize conflicts, a random offset is applied to all triggers. -The offset is a random number of seconds up to 20 minutes or the cron frequency, whichever is smaller. - -Crons are also paused while activities such as [backups](/environments/backup.md) are running. -The crons are queued to run after the other activity finishes. - -To run cron jobs in a timezone other than UTC, set the `timezone` property as described for the image type ([single-runtime image](/create-apps/app-reference/single-runtime-image.md#top-level-properties) or -[composable image](/create-apps/app-reference/composable-image.md#top-level-properties)). - -### Paused crons - -[Preview environments](/glossary/_index.md#preview-environment) are often used for a limited time and then abandoned. -While it's useful for environments under active development to have scheduled tasks, -unused environments don't need to run cron jobs. -To minimize unnecessary resource use, -crons on environments with no deployments are paused. - -This affects all environments that aren't live environments. -This means all environments on Development plans -and all preview environments on higher plans. - -Such environments with deployments within 14 days have crons with the status `running`. -If there haven't been any deployments within 14 days, the status is `paused`. - -You can see the status in the Console -or using the CLI by running `{{% vendor/cli %}} environment:info` and looking under `deployment_state`. - -#### Restarting paused crons - -If the crons on your preview environment are paused but you're still using them, -you can push changes to the environment or redeploy it. - -To restart crons without changing anything: - -{{< codetabs >}} - -+++ -title=In the Console -+++ - -1. In the Console, navigate to your project. -1. Open the environment where you'd like the crons to run. -1. Click `Redeploy` next to the cron status of `Paused`. - -<---> - -+++ -title=Using the CLI -+++ - -Run the following command: - -```bash -{{% vendor/cli %}} redeploy -``` - -{{< /codetabs >}} - -### Composable image only: Sizing hints - -The following table shows the properties that can be set in `sizing_hints`: - -| Name | Type | Default | Minimum | Description | -|-------------------|-----------|---------|---------|------------------------------------------------| -| `request_memory` | `integer` | 45 | 10 | The average memory consumed per request in MB. | -| `reserved_memory` | `integer` | 70 | 70 | The amount of memory reserved in MB. | - -See more about [PHP-FPM workers and sizing](/languages/php/fpm.md). - diff --git a/sites/platform/src/create-apps/app-reference/disk.md b/sites/platform/src/create-apps/app-reference/disk.md deleted file mode 100644 index 0c4abe80ab..0000000000 --- a/sites/platform/src/create-apps/app-reference/disk.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -title: "`disk`" -weight: 4 -description: Defines the disk space allocated to an app. ---- - -Optional. Defines the disk space allocated to an individual app. - -The maximum total space available to all apps and services is set by the storage in your plan settings. -When deploying your project, the sum of all `disk` keys defined in app and service configurations -must be *equal or less* than the plan storage size. - -So if your *plan storage size* is 5 GB, you can, for example, assign it in one of the following ways: - -- 2 GB to your app, 3 GB to your database -- 1 GB to your app, 4 GB to your database -- 1 GB to your app, 1 GB to your database, 3 GB to your OpenSearch service - -If you exceed the total space available, you receive an error on pushing your code. -You need to either increase your plan's storage or decrease the `disk` values you've assigned. - -You configure the disk size in [MB](/glossary/_index.md#mb). Your actual available disk space is slightly smaller with some space used for formatting and the filesystem journal. When checking available space, note whether it’s reported in MB or MiB. - -### Altering `disk` values - -It's a best practice to [back up your environment](/environments/backup.md) **before and after** you increase **or** decrease the `disk` value (the amount of allocated storage space) of an app or service. - -You can decrease the size of an existing disk for an app. If you do so, be aware that: -- Downsizing fails if the amount of data exceeds the configured `disk` value. -- Backups completed before the downsizing a disk are incompatible and can no longer be used to restore applications. You need to [create new backups](/environments/backup.md). diff --git a/sites/platform/src/create-apps/app-reference/firewall.md b/sites/platform/src/create-apps/app-reference/firewall.md deleted file mode 100644 index 78de66512a..0000000000 --- a/sites/platform/src/create-apps/app-reference/firewall.md +++ /dev/null @@ -1,105 +0,0 @@ ---- -title: "`firewall`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -{{< premium-features/tiered "Elite and Enterprise" >}} - -Optional. Set limits in outbound traffic from your app with no impact on inbound requests. - -The `outbound` key is required and contains one or more rules. -The rules define what traffic is allowed; anything unspecified is blocked. - -Each rule has the following properties where at least one is required and `ips` and `domains` can't be specified together: - -| Name | Type | Default | Description | -| --------- |---------------------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `ips` | Array of `string`s | `["0.0.0.0/0"]` | IP addresses in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). See a [CIDR format converter](https://www.ipaddressguide.com/cidr). | -| `domains` | Array of `string`s | | [Fully qualified domain names](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) to specify specific destinations by hostname. | -| `ports` | Array of `integer`s | | Ports from 1 to 65535 that are allowed. If any ports are specified, all unspecified ports are blocked. If no ports are specified, all ports are allowed. Port `25`, the SMTP port for sending email, is always blocked. | - -The default settings would look like this: - -```yaml {configFile="app"} -firewall: - outbound: - - ips: ["0.0.0.0/0"] -``` - -### Support for rules - -Where outbound rules for firewalls are supported in all environments. -For {{% names/dedicated-gen-2 %}} projects, contact support for configuration. - -### Multiple rules - -Multiple firewall rules can be specified. -In such cases, a given outbound request is allowed if it matches _any_ of the defined rules. - -So in the following example requests to any IP on port 80 are allowed -and requests to 1.2.3.4 on either port 80 or 443 are allowed: - -```yaml {configFile="app"} -firewall: - outbound: - - ips: ["1.2.3.4/32"] - ports: [443] - - ports: [80] -``` - -### Outbound traffic to CDNs - -Be aware that many services are behind a content delivery network (CDN). -For most CDNs, routing is done via domain name, not IP address, -so thousands of domain names may share the same public IP addresses at the CDN. -If you allow the IP address of a CDN, you are usually allowing many or all of the other customers hosted behind that -CDN. - -### Outbound traffic by domain - -You can filter outbound traffic by domain. -Using domains in your rules rather than IP addresses is generally more specific and secure. -For example, if you use an IP address for a service with a CDN, -you have to allow the IP address for the CDN. -This means that you allow potentially hundreds or thousands of other servers also using the CDN. - -An example rule filtering by domain: - -```yaml {configFile="app"} -firewall: - outbound: - - protocol: tcp - domains: ["api.stripe.com", "api.twilio.com"] - ports: [80, 443] - - protocol: tcp - ips: ["1.2.3.4/29","2.3.4.5"] - ports: [22] -``` -#### Determine which domains to allow - -To determine which domains to include in your filtering rules, -find the domains your site has requested the DNS to resolve. -Run the following command to parse your server’s `dns.log` file -and display all Fully Qualified Domain Names that have been requested: - -```bash -awk '/query\[[^P]\]/ { print $6 | "sort -u" }' /var/log/dns.log -``` - -The output includes all DNS requests that were made, including those blocked by your filtering rules. -It doesn't include any requests made using an IP address. - -Example output: - -```bash -facebook.com -fastly.com -platform.sh -www.google.com -www.platform.sh -``` - - - - diff --git a/sites/platform/src/create-apps/app-reference/hooks.md b/sites/platform/src/create-apps/app-reference/hooks.md deleted file mode 100644 index 8e5300d904..0000000000 --- a/sites/platform/src/create-apps/app-reference/hooks.md +++ /dev/null @@ -1,99 +0,0 @@ ---- -title: "`hooks`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. -keywords: - - hooks - - hooks ---- - -Optional. There are three different hooks that run as part of the process of building and deploying your app. -These are places where you can run custom scripts. -They are: the `build` hook, the `deploy` hook, and the `post_deploy` hook. -Only the `build` hook is run for [worker instances](/create-apps/app-reference/workers.md), while [web instances](/create-apps/app-reference/web.md) run all three. - -The process is ordered as: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -1. Variables accessible at build time become available. -1. [Build flavor](/create-apps/app-reference/single-runtime-image.md#build) runs if applicable. -1. Any [dependencies](/create-apps/app-reference/single-runtime-image.md##dependencies) are installed. -1. The `build` hook is run. -1. The file system is changed to read only, except for any [mounts](/create-apps/app-reference/mounts.md). -1. The app container starts. Variables accessible at runtime and services become available. -1. The `deploy` hook is run. -1. The app container begins accepting requests. -1. The `post_deploy` hook is run. - -<---> - -+++ -title=Composable image -+++ - -1. Variables accessible at build time become available. -1. The `build` hook is run. -1. The file system is changed to read only, except for any [mounts](/create-apps/app-reference/mounts.md). -1. The app container starts. Variables accessible at runtime and services become available. -1. The `deploy` hook is run. -1. The app container begins accepting requests. -1. The `post_deploy` hook is run. - -{{< /codetabs >}} - -Note that if an environment changes by no code changes, only the last step is run. -If you want the entire process to run, see how -to [manually trigger builds](/development/troubleshoot.md#manually-trigger-builds). - -### Writable directories during build - -During the `build` hook, there are three writeable directories: - -- `PLATFORM_APP_DIR`: - Where your code is checked out and the working directory when the `build` hook starts. - Becomes the app that gets deployed. -- `PLATFORM_CACHE_DIR`: - Persists between builds, but isn't deployed. - Shared by all builds on all branches. -- `/tmp`: - Isn't deployed and is wiped between each build. - Note that `PLATFORM_CACHE_DIR` is mapped to `/tmp` - and together they offer about 8GB of free space. - -### Hook failure - -Each hook is executed as a single script, so they're considered to have failed only if the final command in them fails. -To cause them to fail on the first failed command, add `set -e` to the beginning of the hook. - -If a `build` hook fails for any reason, the build is aborted and the deploy doesn't happen. -Note that this only works for `build` hooks -- -if other hooks fail, the app is still deployed. - -#### Automated testing - -It’s preferable that you set up and run automated tests in a dedicated CI/CD tool. -Relying on {{% vendor/name %}} hooks for such tasks can prove difficult. - -During the `build` hook, you can halt the deployment on a test failure but the following limitations apply: - -- Access to services such as databases, Redis, Vault KMS, and even writable mounts is disabled. - So any testing that relies on it is sure to fail. -- If you haven’t made changes to your app, an existing build image is reused and the build hook isn’t run. -- Test results are written into your app container, so they might get exposed to a third party. - -During the `deploy` hook, you can access services but **you can’t halt the deployment based on a test failure**. -Note that there are other downsides: - -- Your app container is read-only during the deploy hook, - so if your tests need to write reports and other information, you need to create a file mount for them. -- Your app can only be deployed once the deploy hook has been completed. - Therefore, running automated testing via the deploy hook generates slower deployments. -- Your environment isn’t available externally during the deploy hook. - Unit and integration testing might work without the environment being available, - but you can’t typically perform end-to-end testing until after the environment is up and available. - diff --git a/sites/platform/src/create-apps/app-reference/image-properties/_index.md b/sites/platform/src/create-apps/app-reference/image-properties/_index.md deleted file mode 100644 index 85ea0542f5..0000000000 --- a/sites/platform/src/create-apps/app-reference/image-properties/_index.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: "Image properties" -sidebarTitle: "Image properties" -weight: 6 -description: Details about image properties in the {{% vendor/name %}} config.yaml file -layout: single ---- - -Learn about the image properties you can define in the an application configuration file. - -The image properties below are used to configure both single-runtime images and composable images. Although thethe images use many of the same property names, the details or syntax differ depending on the context. These differences are noted within the topic. - -For details about the properties that are unique to each image type, refer to the [Single-runtime image](/create-apps/app-reference/single-runtime-image.md#) and [Composable image](/create-apps/app-reference/composable-image.md#) topics. - diff --git a/sites/platform/src/create-apps/app-reference/image-properties/relationships.md b/sites/platform/src/create-apps/app-reference/image-properties/relationships.md deleted file mode 100644 index ea5702a299..0000000000 --- a/sites/platform/src/create-apps/app-reference/image-properties/relationships.md +++ /dev/null @@ -1,188 +0,0 @@ ---- -title: "`relationships`" -sidebarTitle: "relationships" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -The following information applies to configuring either single runtime images or composable in {{% vendor/name %}}. - -## Relationships - -To allow containers in your project to communicate with one another, -you need to define relationships between them. -You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). - -The quickest way to define a relationship between your app and a service -is to use the service's default endpoint.
-However, some services allow you to define multiple databases, cores, and/or permissions. -In these cases, you can't rely on default endpoints. -Instead, you can explicitly define multiple endpoints when setting up your relationships. - -{{< note >}} -App containers don't have a default endpoint like services. -To connect your app to another app in your project, -you need to explicitly define the `http` endpoint as the endpoint to connect both apps.
-For more information, see how to [define relationships between your apps](/create-apps/multi-app/relationships.md). -{{< /note >}} - -{{< note title="Availability" theme="info">}} - -New syntax (default and explicit endpoints) described below is supported by most, but not all, image types -(`Relationship 'SERVICE_NAME' of application 'myapp' ... targets a service without a valid default endpoint configuration.`). -This syntax is currently being rolled out for all images. -If you encounter this error, use the "legacy" {{% vendor/name %}} configuration noted at the bottom of this section. - -{{< /note >}} - -To define a relationship between your app and a service: - -{{< codetabs >}} - -+++ -title=Using default endpoints -+++ - -Use the following configuration: - -```yaml {configFile="app"} -relationships: - {{% variable "SERVICE_NAME" %}}: -``` - -The `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). -It is used as the relationship name, and associated with a `null` value. -This instructs {{% vendor/name %}} to use the service's default endpoint to connect your app to the service. - -For example, if you define the following configuration: - -```yaml {configFile="app"} -relationships: - mariadb: -``` - -{{% vendor/name %}} looks for a service named `mariadb` in your `{{% vendor/configfile "services" %}}` file, -and connects your app to it through the service's default endpoint. - -For reference, the equivalent configuration using explicit endpoints would be the following: - -```yaml {configFile="app"} -relationships: - mariadb: - service: mariadb - endpoint: mysql -``` - -You can define any number of relationships in this way: - -```yaml {configFile="app"} -relationships: - mariadb: - redis: - elasticsearch: -``` - -{{< note title="Tip" theme="info" >}} - -An even quicker way to define many relationships is to use the following single-line configuration: - -```yaml {configFile="app"} -relationships: {{{< variable "SERVICE_NAME_A" >}}, {{< variable "SERVICE_NAME_B" >}}, {{< variable "SERVICE_NAME_C" >}}} -``` - -where - -```yaml {configFile="services"} -{{< variable "SERVICE_NAME_A" >}}: - type: mariadb:{{% latest "mariadb" %}} - disk: 256 -{{< variable "SERVICE_NAME_B" >}}: - type: redis:{{% latest "redis" %}} - disk: 256 -{{< variable "SERVICE_NAME_C" >}}: - type: elasticsearch:{{% latest "elasticsearch" %}} - disk: 256 -``` - -{{< /note >}} - -<---> - -+++ -title=Using explicit endpoints -+++ - -Use the following configuration: - -```yaml {configFile="app"} -relationships: - {{% variable "RELATIONSHIP_NAME" %}}: - service: {{% variable "SERVICE_NAME" %}} - endpoint: {{% variable "ENDPOINT_NAME" %}} -``` - -- `RELATIONSHIP_NAME` is the name you want to give to the relationship. -- `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). -- `ENDPOINT_NAME` is the endpoint your app will use to connect to the service (refer to the service reference to know which value to use). - -For example, to define a relationship named `database` that connects your app to a service called `mariadb` through the `db1` endpoint, -use the following configuration: - -```yaml {configFile="app"} -relationships: - database: # The name of the relationship. - service: mariadb - endpoint: db1 -``` - -For more information on how to handle multiple databases, multiple cores, -and/or different permissions with services that support such features, -see each service's dedicated page: - - - [MariaDB/MySQL](/add-services/mysql/_index.md#multiple-databases) (multiple databases and permissions) - - [PostgreSQL](/add-services/postgresql/_index.md#multiple-databases) (multiple databases and permissions) - - [Redis](/add-services/redis/_index.md#multiple-databases) (multiple databases) - - [Solr](add-services/solr/_index.md#solr-6-and-later) (multiple cores) - - [Vault KMS](add-services/vault.md#multiple-endpoints-configuration) (multiple permissions) - - You can add as many relationships as you want to your app configuration, - using both default and explicit endpoints according to your needs: - -```yaml {configFile="app"} -relationships: - database1: - service: mariadb - endpoint: admin - database2: - service: mariadb - endpoint: legacy - cache: - service: redis - search: - service: elasticsearch -``` - -{{< /codetabs >}} - -{{< note theme="info" title="Legacy" >}} - -The following legacy syntax for specifying relationships is still supported by {{% vendor/name %}}: - -```yaml {configFile="app"} -relationships: - : ":" -``` - -For example: - -```yaml {configFile="app"} -relationships: - database: "mariadb:mysql" -``` - -Feel free to use this until the default and explicit endpoint syntax is supported on all images. - -{{< /note >}} - - - diff --git a/sites/platform/src/create-apps/app-reference/mounts.md b/sites/platform/src/create-apps/app-reference/mounts.md deleted file mode 100644 index f7a7ae543b..0000000000 --- a/sites/platform/src/create-apps/app-reference/mounts.md +++ /dev/null @@ -1,150 +0,0 @@ ---- -title: "`mounts`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. After your app is built, its file system is read-only. -To make changes to your app's code, you need to use Git. - -For enhanced flexibility, {{% vendor/name %}} allows you to define and use writable directories called "mounts". -Mounts give you write access to files generated by your app (such as cache and log files) -and uploaded files without going through Git. - -When you define a mount, you are mounting an external directory to your app container, -much like you would plug a hard drive into your computer to transfer data. - -{{% note %}} - -- Mounts aren't available during the build -- When you [back up an environment](/environments/backup.md), the mounts on that environment are backed up too - -{{% /note %}} - -### Define a mount - -To define a mount, use the following configuration: - -```yaml {configFile="app"} -mounts: - '{{< variable "MOUNT_PATH" >}}': - source: {{< variable "MOUNT_TYPE" >}} - source_path: {{< variable "SOURCE_PATH_LOCATION" >}} -``` - -{{< variable "MOUNT_PATH" >}} is the path to your mount **within the app container** (relative to the app's root). -If you already have a directory with that name, you get a warning that it isn't accessible after the build. -See how to [troubleshoot the warning](/create-apps/troubleshoot-mounts.md#overlapping-folders). - -| Name | Type | Required | Description | -| ------------- |-------------------------------| -------- |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `source` | `local`, `service`, or `tmp` | Yes | Specifies the type of the mount:

- `local` mounts are unique to your app. They can be useful to store files that remain local to the app instance, such as application logs.
`local` mounts require disk space. To successfully set up a local mount, set the `disk` key in your app configuration.

- `service` mounts point to [Network Storage](/add-services/network-storage.md) services that can be shared between several apps.

- `tmp` mounts are local ephemeral mounts, where an external directory is mounted to the `/tmp` directory of your app.
The content of a `tmp` mount **may be removed during infrastructure maintenance operations**. Therefore, `tmp` mounts allow you to **store files that you’re not afraid to lose**, such as your application cache that can be seamlessly rebuilt.
Note that the `/tmp` directory has **a maximum allocation of 8 GB**. | -| `source_path` | `string` | No | Specifies where the mount points **inside the [external directory](#mounts)**.

- If you explicitly set a `source_path`, your mount points to a specific subdirectory in the external directory.

- If the `source_path` is an empty string (`""`), your mount points to the entire external directory.

- If you don't define a `source_path`, {{% vendor/name %}} uses the {{< variable "MOUNT_PATH" >}} as default value, without leading or trailing slashes.
For example, if your mount lives in the `/web/uploads/` directory in your app container, it will point to a directory named `web/uploads` in the external directory.

**WARNING:** Changing the name of your mount affects the `source_path` when it's undefined. See [how to ensure continuity](#ensure-continuity-when-changing-the-name-of-your-mount) and maintain access to your files. | -| `service` | `string` | | Only for `service` mounts: the name of the [Network Storage service](/add-services/network-storage.md). | - - -The accessibility to the web of a mounted directory depends on the [`web.locations` configuration](#web). -Files can be all public, all private, or with different rules for different paths and file types. - -Note that when you remove a `local` mount from your `{{< vendor/configfile "app" >}}` file, -the mounted directory isn't deleted. -The files still exist on disk until manually removed -(or until the app container is moved to another host during a maintenance operation in the case of a `tmp` mount). - -### Example configuration - -```yaml {configFile="app"} -mounts: - 'web/uploads': - source: local - source_path: uploads - '/.tmp_platformsh': - source: tmp - source_path: files/.tmp_platformsh - '/build': - source: local - source_path: files/build - '/.cache': - source: tmp - source_path: files/.cache - '/node_modules/.cache': - source: tmp - source_path: files/node_modules/.cache -``` - -For examples of how to set up a `service` mount, see the dedicated [Network Storage page](/add-services/network-storage.md). - -### Ensure continuity when changing the name of your mount - -Changing the name of your mount affects the default `source_path`. - -Say you have a `/my/cache/` mount with an undefined `source_path`: - -```yaml {configFile="app"} -mounts: - '/my/cache/': - source: tmp -``` - -If you rename the mount to `/cache/files/`, it will point to a new, empty `/cache/files/` directory. - -To ensure continuity, you need to explicitly define the `source_path` as the previous name of the mount, without leading or trailing slashes: - - ```yaml {configFile="app"} -mounts: - '/cache/files/': - source: tmp - source_path: my/cache -``` - -The `/cache/files/` mount will point to the original `/my/cache/` directory, maintaining access to all your existing files in that directory. - -### Overlapping mounts - -The locations of mounts as they are visible to application containers can overlap somewhat. -For example: - -```yaml {configFile="apps"} -applications: - myapp: - # ... - mounts: - 'var/cache_a': - source: service - service: ns_service - source_path: cacheA - 'var/cache_b': - source: tmp - source_path: cacheB - 'var/cache_c': - source: local - source_path: cacheC -``` - -In this case, it does not matter that each mount is of a different `source` type. -Each mount is restricted to a subfolder within `var`, and all is well. - -The following, however, is not allowed and will result in a failure: - -```yaml {configFile="apps"} -applications: - myapp: - # ... - mounts: - 'var/': - source: service - service: ns_service - source_path: cacheA - 'var/cache_b': - source: tmp - source_path: cacheB - 'var/cache_c': - source: local - source_path: cacheC -``` - -The `service` mount type specifically exists to share data between instances of the same application, whereas `tmp` and `instance` are meant to restrict data to build time and runtime of a single application instance, respectively. -These allowances are not compatible, and will result in an error if pushed. - - - diff --git a/sites/platform/src/create-apps/app-reference/relationships.md b/sites/platform/src/create-apps/app-reference/relationships.md deleted file mode 100644 index 322eb20af8..0000000000 --- a/sites/platform/src/create-apps/app-reference/relationships.md +++ /dev/null @@ -1,187 +0,0 @@ ---- -title: "`relationships`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. The following information applies to configuring either single runtime images or composable in {{% vendor/name %}}. - -## Relationships - -To allow containers in your project to communicate with one another, -you need to define relationships between them. -You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). - -The quickest way to define a relationship between your app and a service -is to use the service's default endpoint.
-However, some services allow you to define multiple databases, cores, and/or permissions. -In these cases, you can't rely on default endpoints. -Instead, you can explicitly define multiple endpoints when setting up your relationships. - -{{< note >}} -App containers don't have a default endpoint like services. -To connect your app to another app in your project, -you need to explicitly define the `http` endpoint as the endpoint to connect both apps.
-For more information, see how to [define relationships between your apps](/create-apps/multi-app/relationships.md). -{{< /note >}} - -{{< note title="Availability" theme="info">}} - -New syntax (default and explicit endpoints) described below is supported by most, but not all, image types -(`Relationship 'SERVICE_NAME' of application 'myapp' ... targets a service without a valid default endpoint configuration.`). -This syntax is currently being rolled out for all images. -If you encounter this error, use the "legacy" {{% vendor/name %}} configuration noted at the bottom of this section. - -{{< /note >}} - -To define a relationship between your app and a service: - -{{< codetabs >}} - -+++ -title=Using default endpoints -+++ - -Use the following configuration: - -```yaml {configFile="app"} -relationships: - {{% variable "SERVICE_NAME" %}}: -``` - -The `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). -It is used as the relationship name, and associated with a `null` value. -This instructs {{% vendor/name %}} to use the service's default endpoint to connect your app to the service. - -For example, if you define the following configuration: - -```yaml {configFile="app"} -relationships: - mariadb: -``` - -{{% vendor/name %}} looks for a service named `mariadb` in your `{{% vendor/configfile "services" %}}` file, -and connects your app to it through the service's default endpoint. - -For reference, the equivalent configuration using explicit endpoints would be the following: - -```yaml {configFile="app"} -relationships: - mariadb: - service: mariadb - endpoint: mysql -``` - -You can define any number of relationships in this way: - -```yaml {configFile="app"} -relationships: - mariadb: - redis: - elasticsearch: -``` - -{{< note title="Tip" theme="info" >}} - -An even quicker way to define many relationships is to use the following single-line configuration: - -```yaml {configFile="app"} -relationships: {{{< variable "SERVICE_NAME_A" >}}, {{< variable "SERVICE_NAME_B" >}}, {{< variable "SERVICE_NAME_C" >}}} -``` - -where - -```yaml {configFile="services"} -{{< variable "SERVICE_NAME_A" >}}: - type: mariadb:{{% latest "mariadb" %}} - disk: 256 -{{< variable "SERVICE_NAME_B" >}}: - type: redis:{{% latest "redis" %}} - disk: 256 -{{< variable "SERVICE_NAME_C" >}}: - type: elasticsearch:{{% latest "elasticsearch" %}} - disk: 256 -``` - -{{< /note >}} - -<---> - -+++ -title=Using explicit endpoints -+++ - -Use the following configuration: - -```yaml {configFile="app"} -relationships: - {{% variable "RELATIONSHIP_NAME" %}}: - service: {{% variable "SERVICE_NAME" %}} - endpoint: {{% variable "ENDPOINT_NAME" %}} -``` - -- `RELATIONSHIP_NAME` is the name you want to give to the relationship. -- `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). -- `ENDPOINT_NAME` is the endpoint your app will use to connect to the service (refer to the service reference to know which value to use). - -For example, to define a relationship named `database` that connects your app to a service called `mariadb` through the `db1` endpoint, -use the following configuration: - -```yaml {configFile="app"} -relationships: - database: # The name of the relationship. - service: mariadb - endpoint: db1 -``` - -For more information on how to handle multiple databases, multiple cores, -and/or different permissions with services that support such features, -see each service's dedicated page: - - - [MariaDB/MySQL](/add-services/mysql/_index.md#multiple-databases) (multiple databases and permissions) - - [PostgreSQL](/add-services/postgresql/_index.md#multiple-databases) (multiple databases and permissions) - - [Redis](/add-services/redis/_index.md#multiple-databases) (multiple databases) - - [Solr](add-services/solr/_index.md#solr-6-and-later) (multiple cores) - - [Vault KMS](add-services/vault.md#multiple-endpoints-configuration) (multiple permissions) - - You can add as many relationships as you want to your app configuration, - using both default and explicit endpoints according to your needs: - -```yaml {configFile="app"} -relationships: - database1: - service: mariadb - endpoint: admin - database2: - service: mariadb - endpoint: legacy - cache: - service: redis - search: - service: elasticsearch -``` - -{{< /codetabs >}} - -{{< note theme="info" title="Legacy" >}} - -The following legacy syntax for specifying relationships is still supported by {{% vendor/name %}}: - -```yaml {configFile="app"} -relationships: - : ":" -``` - -For example: - -```yaml {configFile="app"} -relationships: - database: "mariadb:mysql" -``` - -Feel free to use this until the default and explicit endpoint syntax is supported on all images. - -{{< /note >}} - - - diff --git a/sites/platform/src/create-apps/app-reference/size.md b/sites/platform/src/create-apps/app-reference/size.md deleted file mode 100644 index ebec39d033..0000000000 --- a/sites/platform/src/create-apps/app-reference/size.md +++ /dev/null @@ -1,117 +0,0 @@ ---- -title: "`size`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. -keywords: - - resource sizing ---- - -Optional. Resources are distributed across all containers in an environment from the total available from your [plan size](/administration/pricing/_index.md). -So if you have more than just a single app, it doesn't get all of the resources available. -Each environment has its own resources and there are different [sizing rules for preview environments](#sizes-in-preview-environments). - -By default, resource sizes (CPU and memory) are chosen automatically for an app -based on the plan size and the number of other containers in the cluster. -Most of the time, this automatic sizing is enough. - -You can set sizing suggestions for production environments when you know a given container has specific needs. -Such as a worker that doesn't need much and can free up resources for other apps. -To do so, set `size` to one of the following values: - -- `S` -- `M` -- `L` -- `XL` -- `2XL` -- `4XL` - -The total resources allocated across all apps and services can't exceed what's in your plan. - -### Container profiles: CPU and memory - -By default, {{% vendor/name %}} allocates a container profile to each app and service depending on: - -- The range of resources it’s expected to need -- Your [plan size](/administration/pricing/_index.md), as resources are distributed across containers. - Ideally you want to give databases the biggest part of your memory, and apps the biggest part of your CPU. - -The container profile and the [size of the container](#sizes) determine -how much CPU and memory (in [MB](/glossary/_index.md#mb)) the container gets. - -There are three container profiles available: ``HIGH_CPU``, ``BALANCED``, and ``HIGH_MEMORY``. - -#### ``HIGH_CPU`` container profile - -| Size | CPU | MEMORY | -| ---- | ----- | -------- | -| S | 0.40 | 128 MB | -| M | 0.40 | 128 MB | -| L | 1.20 | 256 MB | -| XL | 2.50 | 384 MB | -| 2XL | 5.00 | 768 MB | -| 4XL | 10.00 | 1536 MB | - -#### `BALANCED` container profile - -| Size | CPU | MEMORY | -| ---- | ---- | -------- | -| S | 0.05 | 32 MB | -| M | 0.05 | 64 MB | -| L | 0.08 | 256 MB | -| XL | 0.10 | 512 MB | -| 2XL | 0.20 | 1024 MB | -| 4XL | 0.40 | 2048 MB | - -#### `HIGH_MEMORY` container profile - -| Size | CPU | MEMORY | -| ---- | ---- | --------- | -| S | 0.25 | 128 MB | -| M | 0.25 | 288 MB | -| L | 0.40 | 1280 MB | -| XL | 0.75 | 2624 MB | -| 2XL | 1.50 | 5248 MB | -| 4XL | 3.00 | 10496 MB | - -#### Container profile reference - -The following table shows which container profiles {{% vendor/name %}} applies when deploying your project. - -| Container | Profile | -|-----------------------|-------------| -| Chrome Headless | HIGH_CPU | -| .NET | HIGH_CPU | -| Elasticsearch | HIGH_MEMORY | -| Elasticsearch Premium | HIGH_MEMORY | -| Elixir | HIGH_CPU | -| Go | HIGH_CPU | -| Gotenberg | HIGH_MEMORY | -| InfluxDB | HIGH_MEMORY | -| Java | HIGH_MEMORY | -| Kafka | HIGH_MEMORY | -| MariaDB | HIGH_MEMORY | -| Memcached | BALANCED | -| MongoDB | HIGH_MEMORY | -| MongoDB Premium | HIGH_MEMORY | -| Network Storage | HIGH_MEMORY | -| Node.js | HIGH_CPU | -| OpenSearch | HIGH_MEMORY | -| Oracle MySQL | HIGH_MEMORY | -| PHP | HIGH_CPU | -| PostgreSQL | HIGH_MEMORY | -| Python | HIGH_CPU | -| RabbitMQ | HIGH_MEMORY | -| Redis ephemeral | BALANCED | -| Redis persistent | BALANCED | -| Ruby | HIGH_CPU | -| Rust | HIGH_CPU | -| Solr | HIGH_MEMORY | -| Varnish | HIGH_MEMORY | -| Vault KMS | HIGH_MEMORY | - -### Sizes in preview environments - -Containers in preview environments don't follow the `size` specification. -Application containers are set based on the plan's setting for **Environments application size**. -The default is size **S**, but you can increase it by editing your plan. -(Service containers in preview environments are always set to size **S**.) diff --git a/sites/platform/src/create-apps/app-reference/source.md b/sites/platform/src/create-apps/app-reference/source.md deleted file mode 100644 index 93dbf28e3f..0000000000 --- a/sites/platform/src/create-apps/app-reference/source.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -title: "`source`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. The following table shows the properties that can be set in `source`: - - -| Name | Type | Required | Description | -| ------------ | ------------------------ | -------- |------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `operations` | An operations dictionary | | Operations that can be applied to the source code. See [source operations](/create-apps/source-operations.md). | -| `root` | `string` | | The path where the app code lives. Useful for [multi-app setups](/create-apps/multi-app/_index.md). **Single-runtime image**: Defaults to the directory of the `{{< vendor/configfile "app" >}}` file. **Composable image**: Defaults to the root project directory. | diff --git a/sites/platform/src/create-apps/app-reference/variables.md b/sites/platform/src/create-apps/app-reference/variables.md deleted file mode 100644 index 5c65ee0ba3..0000000000 --- a/sites/platform/src/create-apps/app-reference/variables.md +++ /dev/null @@ -1,33 +0,0 @@ ---- -title: "`variables`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. {{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). -Variables set in your app configuration have the lowest precedence, -meaning they're overridden by any conflicting values provided elsewhere. - -All variables set in your app configuration must have a prefix. -Some [prefixes have specific meanings](/development/variables/_index.md#variable-prefixes). - -Variables with the prefix `env` are available as a separate environment variable. -All other variables are available in the [`PLATFORM_VARIABLES` environment variable](/development/variables/use-variables.md#use-provided-variables). - -The following example sets two variables: - -- A variable named `env:AUTHOR` with the value `Juan` that's available in the environment as `AUTHOR` -- A variable named `d8config:system.site:name` with the value `My site rocks` - that's available in the `PLATFORM_VARIABLES` environment variable - -```yaml {configFile="app"} -variables: - env: - AUTHOR: 'Juan' - d8config: - "system.site:name": 'My site rocks' -``` - -You can also define and access more [complex values](/development/variables/use-variables.md#access-complex-values). - - diff --git a/sites/platform/src/create-apps/app-reference/web.md b/sites/platform/src/create-apps/app-reference/web.md deleted file mode 100644 index 455a3e5d85..0000000000 --- a/sites/platform/src/create-apps/app-reference/web.md +++ /dev/null @@ -1,161 +0,0 @@ ---- -title: "`web`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. Use the `web` key to configure the web server running in front of your app. -In single-runtime images, defaults may vary with a different [image `type`](/create-apps/app-reference/single-runtime-image.md#types). - -| Name | Type | Required | Description | -|-------------|--------------------------------------------|-------------------------------|------------------------------------------------------| -| `commands` | A [web commands dictionary](#web-commands) | See [note](#required-command) | The command to launch your app. | -| `upstream` | An [upstream dictionary](#upstream) | | How the front server connects to your app. | -| `locations` | A [locations dictionary](#locations) | | How the app container responds to incoming requests. | - -See some [examples of how to configure what's served](/create-apps/web/_index.md). - -### Web commands - - -| Name | Type | Required | Description | -|--------------|----------|-------------------------------|-----------------------------------------------------------------------------------------------------| -| `pre_start` | `string` | | Command run just prior to `start`, which can be useful when you need to run _per-instance_ actions. | -| `start` | `string` | See [note](#required-command) | The command to launch your app. If it terminates, it's restarted immediately. | -| `post_start` | `string` | | Command runs **before** adding the container to the router and **after** the `start` command. | - -{{< note theme="info" >}} -The `post_start` feature is _experimental_ and may change. Please share your feedback in the -[{{% vendor/name %}} discord](https://discord.gg/platformsh). -{{< /note >}} - - -Example: - -```yaml {configFile="app"} -web: - commands: - start: 'uwsgi --ini conf/server.ini' -``` - -This command runs every time your app is restarted, regardless of whether or not new code is deployed. - -{{< note >}} - -Never "background" a start process using `&`. -That's interpreted as the command terminating and the supervisor process starts a second copy, -creating an infinite loop until the container crashes. -Just run it as normal and allow the {{% vendor/name %}} supervisor to manage it. - -{{< /note >}} - -#### Required command - -On all containers other than PHP, the value for `start` should be treated as required. - -On PHP containers, it's optional and defaults to starting PHP-FPM (`/usr/bin/start-php-app`). -It can also be set explicitly on a PHP container to run a dedicated process, -such as [React PHP](https://github.com/platformsh-examples/platformsh-example-reactphp) -or [Amp](https://github.com/platformsh-examples/platformsh-example-amphp). -See how to set up [alternate start commands on PHP](/languages/php/_index.md#alternate-start-commands). - -### Upstream - -| Name | Type | Required | Description | Default | -| --------------- |---------------------| -------- |-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| -| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | **Single-runtime image**: Defaults to `tcp` for all [image types](/create-apps/app-reference/single-runtime-image.md#types) except PHP; for PHP image types the default is `unix`. **Composable image**: Defaults to `tcp` for all [primary runtimes](/create-apps/app-reference/composable-image.md#primary-runtime) except PHP; for PHP the default is `unix`.| -| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | **Single-runtime image**: Default varies based on [image `type`](/create-apps/app-reference/single-runtime-image.md#types). **Composable image**: Default varies based on the [primary runtimes](/create-apps/app-reference/composable-image.md#primary-runtime). | - -For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. -For all other containers, the default for `protocol` is `http`. - -The following example is the default on non-PHP containers: - -```yaml {configFile="app"} -web: - upstream: - socket_family: tcp - protocol: http -``` -#### Where to listen - -Where to listen depends on your setting for `web.upstream.socket_family` (defaults to `tcp`). - -| `socket_family` | Where to listen | -|------------------|---------------------------------------------------------------------------------------------------------------------------------------| -| `tcp` | The port specified by the [`PORT` environment variable](/development/variables/use-variables.md#use-provided-variables) | -| `unix` | The Unix socket file specified by the [`SOCKET` environment variable](/development/variables/use-variables.md#use-provided-variables) | - -If your application isn't listening at the same place that the runtime is sending requests, -you see `502 Bad Gateway` errors when you try to connect to your website. - -### Locations - -Each key in the `locations` dictionary is a path on your site with a leading `/`. -For `example.com`, a `/` matches `example.com/` and `/admin` matches `example.com/admin`. -When multiple keys match an incoming request, the most-specific applies. - -The following table presents possible properties for each location: - -| Name | Type | Default | Description | -| ------------------- | ---------------------------------------------------- |------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `root` | `string` | | The directory to serve static assets for this location relative to the app's root directory ([single-runtime image](/create-apps/app-reference/single-runtime-image.md#root-directory); [composable image](/create-apps/app-reference/composable-image.md#primary-runtime)). Must be an actual directory inside the root directory. | -| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | -| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | -| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. **Also, for single-runtime image only:** If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a the header. | -| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | -| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | -| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | -| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | -| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | - -#### Rules - -The rules dictionary can override most other keys according to a regular expression. -The key of each item is a regular expression to match paths exactly. -If an incoming request matches the rule, it's handled by the properties under the rule, -overriding any conflicting rules from the rest of the `locations` dictionary. - -Under `rules`, you can set all the other possible [`locations` properties](#locations) -except `root`, `index`, `rules` and `request_buffering`. - -In the following example, the `allow` key disallows requests for static files anywhere in the site. -This is overridden by a rule that explicitly allows common image file formats. - -```yaml {configFile="app"} -web: - locations: - '/': - # Handle dynamic requests - root: 'public' - passthru: '/index.php' - # Disallow static files - allow: false - rules: - # Allow common image files only. - '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': - allow: true -``` -#### Request buffering - -Request buffering is enabled by default to handle chunked requests as most app servers don't support them. -The following table shows the keys in the `request_buffering` dictionary: - -| Name | Type | Required | Default | Description | -| ------------------ | --------- |----------| ------- |-------------------------------------------| -| `enabled` | `boolean` | Yes | `true` | Whether request buffering is enabled. | -| `max_request_size` | `string` | | `250m` | The maximum size to allow in one request. | - -The default configuration would look like this: - -```yaml {configFile="app"} -web: - locations: - '/': - passthru: true - request_buffering: - enabled: true - max_request_size: 250m -``` - - diff --git a/sites/platform/src/create-apps/app-reference/workers.md b/sites/platform/src/create-apps/app-reference/workers.md deleted file mode 100644 index 8c22ea80b0..0000000000 --- a/sites/platform/src/create-apps/app-reference/workers.md +++ /dev/null @@ -1,35 +0,0 @@ ---- -title: "`workers`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](/create-apps/app-reference/hooks.md). -They use the same container image. - -Workers can't accept public requests and so are suitable only for background tasks. -If they exit, they're automatically restarted. - -The keys of the `workers` definition are the names of the workers. -You can then define how each worker differs from the `web` instance using -the top-level properties (see details for [single-runtime image](/create-apps/app-reference/single-runtime-image.md#top-level-properties) or [composable image](/create-apps/app-reference/composable-image.md#top-level-properties) top-level properties). - -Each worker can differ from the `web` instance in all properties _except_ for: - -- `build` and `dependencies` properties, which must be the same -- `crons` as cron jobs don't run on workers -- `hooks` as the `build` hook must be the same - and the `deploy` and `post_deploy` hooks don't run on workers. - -A worker named `queue` that was small and had a different start command could look like this: - -```yaml {configFile="app"} -workers: - queue: - size: S - commands: - start: | - ./worker.sh -``` - -For resource allocation, using workers in your project requires a [{{< partial "plans/multiapp-plan-name" >}} plan or larger](https://platform.sh/pricing/). From fa12a4b95cc9929837875954ca3e783bc1cd8377 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Wed, 30 Jul 2025 22:36:28 -0400 Subject: [PATCH 23/48] platform/upsun: app-reference - update nix packages to 120,000 --- sites/platform/src/create-apps/app-reference/_index.md | 2 +- sites/upsun/src/create-apps/app-reference/_index.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/_index.md b/sites/platform/src/create-apps/app-reference/_index.md index e340d13e21..c3814f5e45 100644 --- a/sites/platform/src/create-apps/app-reference/_index.md +++ b/sites/platform/src/create-apps/app-reference/_index.md @@ -61,7 +61,7 @@ Composable images can be used for applications only, not for services. This imag When using a composable image, you can define a stack (or group of packages) for your application container to use. --> -There are over 80,000 packages available from the [Nix Packages collection](https://search.nixos.org/) that you can add to your stack. +There are over 120,000 packages available from the [Nix Packages collection](https://search.nixos.org/) that you can add to your stack. You can add as many packages to your application container as you need. {{% note %}} diff --git a/sites/upsun/src/create-apps/app-reference/_index.md b/sites/upsun/src/create-apps/app-reference/_index.md index c76a52b910..c3707742a7 100644 --- a/sites/upsun/src/create-apps/app-reference/_index.md +++ b/sites/upsun/src/create-apps/app-reference/_index.md @@ -18,7 +18,7 @@ See [all of the options you can use](/create-apps/app-reference/single-runtime-i The {{% vendor/name %}} composable image provides more flexibility than single-runtime images. When using a composable image, you can define a stack (or group of packages) for your application container to use. -There are over 80,000 packages available from the [Nix Packages collection](https://search.nixos.org/) that you can add to your stack. +There are over 120,000 packages available from the [Nix Packages collection](https://search.nixos.org/) that you can add to your stack. You can add as many packages to your application container as you need. {{% note %}} From ae6d037ba00653e210ee5d9ea2fa880769b1fc7c Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Wed, 30 Jul 2025 22:54:26 -0400 Subject: [PATCH 24/48] platform: single-runtime/composable topics: minor edits --- .../src/create-apps/app-reference/composable-image.md | 4 ++-- .../src/create-apps/app-reference/single-runtime-image.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/composable-image.md b/sites/platform/src/create-apps/app-reference/composable-image.md index 2252126fe1..6a23798dba 100644 --- a/sites/platform/src/create-apps/app-reference/composable-image.md +++ b/sites/platform/src/create-apps/app-reference/composable-image.md @@ -44,7 +44,7 @@ To override any part of a property, you have to provide the entire property. | `stack` | An array of [Nix packages](#stack) | Yes | No | A list of packages from the {{% vendor/name %}} collection of [supported runtimes](#supported-nix-packages) and/or from [Nixpkgs](https://search.nixos.org/packages). | | `size` | A [size](/create-apps/image-properties/size.md) | | Yes | How much resources to devote to the app. Defaults to `AUTO` in production environments. | | `relationships` | A dictionary of [relationships](/create-apps/image-properties/relationships.md) | | Yes | Connections to other services and apps. | -| `disk` | `integer` or `null` | | Yes | The size of the disk space for the app in [MB](/glossary/_index.md#mb). Minimum value is `128`. Defaults to `null`, meaning no disk is available. See [`disk`](/create-apps/image-properties/disk.md) details. | +| `disk` | `integer` or `null` | | Yes | The size of the disk space for the app in [MB](/glossary/_index.md#mb). Minimum value is `128`. Defaults to `null`, meaning no disk is available. See the [`disk`](/create-apps/image-properties/disk.md) property details. | | `mounts` | A dictionary of [mounts](/create-apps/image-properties/mounts.md) | | Yes | Directories that are writable even after the app is built. If set as a local source, `disk` is required. | | `web` | A [web instance](/create-apps/image-properties/web.md) | | N/A | How the web application is served. | | `workers` | A [worker instance](/create-apps/image-properties/workers.md) | | N/A | Alternate copies of the application to run as background processes. | @@ -65,7 +65,7 @@ They are replaced by the `stack` key. {{% /note %}} -## Stack +## `stack` {#stack} Use the ``stack`` key to define which runtimes and binaries you want to install in your application container. Define them as a YAML array as follows: diff --git a/sites/platform/src/create-apps/app-reference/single-runtime-image.md b/sites/platform/src/create-apps/app-reference/single-runtime-image.md index 49e51e3dc6..8064a07aca 100644 --- a/sites/platform/src/create-apps/app-reference/single-runtime-image.md +++ b/sites/platform/src/create-apps/app-reference/single-runtime-image.md @@ -30,7 +30,7 @@ To override any part of a property, you have to provide the entire property. | `type` | A [type](#types) | Yes | No | The base image to use with a specific app language. Format: `runtime:version`. | | `size` | A [size](/create-apps/image-properties/size.md) | | Yes | How much resources to devote to the app. Defaults to `AUTO` in production environments. | | `relationships` | A dictionary of [relationships](/create-apps/image-properties/relationships.md) | | Yes | Connections to other services and apps. | -| [`disk`](/create-apps/image-properties/disk.md) | `integer` or `null` | | Yes | The size of the disk space for the app in [MB](/glossary/_index.md#mb). Minimum value is `128`. Defaults to `null`, meaning no disk is available. See [`disk`](/create-apps/image-properties/disk.md) details. | +| [`disk`](/create-apps/image-properties/disk.md) | `integer` or `null` | | Yes | The size of the disk space for the app in [MB](/glossary/_index.md#mb). Minimum value is `128`. Defaults to `null`, meaning no disk is available. See the [`disk`](/create-apps/image-properties/disk.md) property details. | | `mounts` | A dictionary of [mounts](/create-apps/image-properties/mounts.md) | | Yes | Directories that are writable even after the app is built. If set as a local source, `disk` is required. | | `web` | A [web instance](/create-apps/image-properties/web.md) | | N/A | How the web application is served. | | `workers` | A [worker instance](/create-apps/image-properties/workers.md) | | N/A | Alternate copies of the application to run as background processes. | From 997794238483b92aa5598076e55f79fbc71959a9 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 00:16:02 -0400 Subject: [PATCH 25/48] platform: update frontmatter description for each property file --- sites/platform/src/create-apps/image-properties/access.md | 4 +++- .../src/create-apps/image-properties/additional_hosts.md | 4 +++- sites/platform/src/create-apps/image-properties/crons.md | 4 +++- sites/platform/src/create-apps/image-properties/disk.md | 4 ++-- sites/platform/src/create-apps/image-properties/firewall.md | 6 ++++-- sites/platform/src/create-apps/image-properties/hooks.md | 4 +++- sites/platform/src/create-apps/image-properties/mounts.md | 6 ++++-- .../src/create-apps/image-properties/relationships.md | 4 ++-- sites/platform/src/create-apps/image-properties/size.md | 4 +++- sites/platform/src/create-apps/image-properties/source.md | 4 +++- .../platform/src/create-apps/image-properties/variables.md | 4 +++- sites/platform/src/create-apps/image-properties/web.md | 4 +++- sites/platform/src/create-apps/image-properties/workers.md | 4 +++- 13 files changed, 39 insertions(+), 17 deletions(-) diff --git a/sites/platform/src/create-apps/image-properties/access.md b/sites/platform/src/create-apps/image-properties/access.md index e126582605..5aec6f8e54 100644 --- a/sites/platform/src/create-apps/image-properties/access.md +++ b/sites/platform/src/create-apps/image-properties/access.md @@ -1,11 +1,13 @@ --- title: "`access`" weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +description: An access dictionary that defines the access control for roles accessing app environments. --- Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. +An access dictionary that defines the access control for roles accessing app environments. + The `access` dictionary has one allowed key: | Name | Allowed values | Default | Description | diff --git a/sites/platform/src/create-apps/image-properties/additional_hosts.md b/sites/platform/src/create-apps/image-properties/additional_hosts.md index bca907eb8c..053c59f3c2 100644 --- a/sites/platform/src/create-apps/image-properties/additional_hosts.md +++ b/sites/platform/src/create-apps/image-properties/additional_hosts.md @@ -1,11 +1,13 @@ --- title: "`additional_hosts`" weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +description: An additional hosts dictionary that maps hostnames to IP addresses. --- Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. +An additional hosts dictionary that maps hostnames to IP addresses. + If you're using a private network with specific IP addresses you need to connect to, you might want to map those addresses to hostnames to better remember and organize them. In such cases, you can add a map of those IP addresses to whatever hostnames you like. diff --git a/sites/platform/src/create-apps/image-properties/crons.md b/sites/platform/src/create-apps/image-properties/crons.md index 630cd8939b..3d90445cf6 100644 --- a/sites/platform/src/create-apps/image-properties/crons.md +++ b/sites/platform/src/create-apps/image-properties/crons.md @@ -1,11 +1,13 @@ --- title: "`crons`" weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +description: A cron dictionary that defines scheduled tasks for the app. --- Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. +A cron dictionary that defines scheduled tasks for the app. + The keys of the `crons` definition are the names of the cron jobs. The names must be unique. diff --git a/sites/platform/src/create-apps/image-properties/disk.md b/sites/platform/src/create-apps/image-properties/disk.md index 6dc92bc4db..fcdc52319e 100644 --- a/sites/platform/src/create-apps/image-properties/disk.md +++ b/sites/platform/src/create-apps/image-properties/disk.md @@ -1,12 +1,12 @@ --- title: "`disk`" weight: 4 -description: Defines the disk space allocated to an app. +description: An `integer` (or `null`) that defines the disk space allocated (in MB) to an app. --- Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -Defines the disk space allocated to an individual app. +An `integer` (or `null`) that defines the disk space allocated (in MB) to an app. The maximum total space available to all apps and services is set by the storage in your plan settings. When deploying your project, the sum of all `disk` keys defined in app and service configurations diff --git a/sites/platform/src/create-apps/image-properties/firewall.md b/sites/platform/src/create-apps/image-properties/firewall.md index 9540cfcfab..82fb8a9ab5 100644 --- a/sites/platform/src/create-apps/image-properties/firewall.md +++ b/sites/platform/src/create-apps/image-properties/firewall.md @@ -1,14 +1,16 @@ --- title: "`firewall`" weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +description: A firewall dictionary that defines the outbound firewall rules for the application. --- {{< premium-features/tiered "Elite and Enterprise" >}} Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -Sets limits in outbound traffic from your app with no impact on inbound requests. +A firewall dictionary that defines the outbound firewall rules for the application. + +This value sets limits in outbound traffic from your app with no impact on inbound requests. The `outbound` key is required and contains one or more rules. The rules define what traffic is allowed; anything unspecified is blocked. diff --git a/sites/platform/src/create-apps/image-properties/hooks.md b/sites/platform/src/create-apps/image-properties/hooks.md index 69644f6d37..aa63d932ee 100644 --- a/sites/platform/src/create-apps/image-properties/hooks.md +++ b/sites/platform/src/create-apps/image-properties/hooks.md @@ -1,7 +1,7 @@ --- title: "`hooks`" weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +description: A hooks dictionary that defines which commands run at different stages in the build and deploy process. keywords: - hooks - hooks @@ -9,6 +9,8 @@ keywords: Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. +A hooks dictionary that defines which commands run at different stages in the build and deploy process. + There are three different hooks that run as part of the process of building and deploying your app. These are places where you can run custom scripts. They are: the `build` hook, the `deploy` hook, and the `post_deploy` hook. diff --git a/sites/platform/src/create-apps/image-properties/mounts.md b/sites/platform/src/create-apps/image-properties/mounts.md index e03b5638d8..d34b0ae7b0 100644 --- a/sites/platform/src/create-apps/image-properties/mounts.md +++ b/sites/platform/src/create-apps/image-properties/mounts.md @@ -1,12 +1,14 @@ --- title: "`mounts`" weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +description: Defines the directories that are writable even after the app is built. --- Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. - After your app is built, its file system is read-only. +Defines the directories that are writable even after the app is built. If set as a local source, disk is required. + +After your app is built, its file system is read-only. To make changes to your app's code, you need to use Git. For enhanced flexibility, {{% vendor/name %}} allows you to define and use writable directories called "mounts". diff --git a/sites/platform/src/create-apps/image-properties/relationships.md b/sites/platform/src/create-apps/image-properties/relationships.md index 47db2c8234..eba17962eb 100644 --- a/sites/platform/src/create-apps/image-properties/relationships.md +++ b/sites/platform/src/create-apps/image-properties/relationships.md @@ -1,12 +1,12 @@ --- title: "`relationships`" weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +description: A dictionary of relationships that defines the connections to other services and apps. --- Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images in {{% vendor/name %}}. -## Relationships +A dictionary of relationships that defines the connections to other services and apps. To allow containers in your project to communicate with one another, you need to define relationships between them. diff --git a/sites/platform/src/create-apps/image-properties/size.md b/sites/platform/src/create-apps/image-properties/size.md index 1295a15d07..263800067d 100644 --- a/sites/platform/src/create-apps/image-properties/size.md +++ b/sites/platform/src/create-apps/image-properties/size.md @@ -1,13 +1,15 @@ --- title: "`size`" weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +description: Defines the amount of resources to dedicate to the app. keywords: - resource sizing --- Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. +Defines the amount of resources to dedicate to the app. Defaults to `AUTO` in production environments. + Resources are distributed across all containers in an environment from the total available from your [plan size](/administration/pricing/_index.md). So if you have more than just a single app, it doesn't get all of the resources available. Each environment has its own resources and there are different [sizing rules for preview environments](#sizes-in-preview-environments). diff --git a/sites/platform/src/create-apps/image-properties/source.md b/sites/platform/src/create-apps/image-properties/source.md index 9fd3192984..073443d0c9 100644 --- a/sites/platform/src/create-apps/image-properties/source.md +++ b/sites/platform/src/create-apps/image-properties/source.md @@ -1,11 +1,13 @@ --- title: "`source`" weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +description: Contains information about the app’s source code and operations that can be run on it. --- Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. +Contains information about the app’s source code and operations that can be run on it. + The following table shows the properties that can be set in `source`: diff --git a/sites/platform/src/create-apps/image-properties/variables.md b/sites/platform/src/create-apps/image-properties/variables.md index f5200f5745..83ebd11524 100644 --- a/sites/platform/src/create-apps/image-properties/variables.md +++ b/sites/platform/src/create-apps/image-properties/variables.md @@ -1,11 +1,13 @@ --- title: "`variables`" weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +description: A variables dictionary that defines variables to control the environment. --- Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. +A variables dictionary that defines variables to control the environment. + {{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). Variables set in your app configuration have the lowest precedence, meaning they're overridden by any conflicting values provided elsewhere. diff --git a/sites/platform/src/create-apps/image-properties/web.md b/sites/platform/src/create-apps/image-properties/web.md index ee023cb6a9..c721f02253 100644 --- a/sites/platform/src/create-apps/image-properties/web.md +++ b/sites/platform/src/create-apps/image-properties/web.md @@ -1,11 +1,13 @@ --- title: "`web`" weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +description: A web instance that defines how the web application is served. --- Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. +A web instance that defines how the web application is served. + Use the `web` key to configure the web server running in front of your app. In single-runtime images, defaults may vary with a different [image `type`](/create-apps/app-reference/single-runtime-image.md#types). diff --git a/sites/platform/src/create-apps/image-properties/workers.md b/sites/platform/src/create-apps/image-properties/workers.md index bd6ba8ed79..63df726121 100644 --- a/sites/platform/src/create-apps/image-properties/workers.md +++ b/sites/platform/src/create-apps/image-properties/workers.md @@ -1,11 +1,13 @@ --- title: "`workers`" weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. +description: Defines the list of work names that are alternate copies of the application to run as background processes. --- Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. +Defines the list of worker names that are alternate copies of the application to run as background processes. + Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](/create-apps/image-properties/hooks.md). They use the same container image. From a643a9f03e447d72cdd5619be3ae4e1c299517d4 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 00:16:38 -0400 Subject: [PATCH 26/48] platform: Add text to image properties landing page --- sites/platform/src/create-apps/image-properties/_index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sites/platform/src/create-apps/image-properties/_index.md b/sites/platform/src/create-apps/image-properties/_index.md index 01762dd04a..8e98f3ae95 100644 --- a/sites/platform/src/create-apps/image-properties/_index.md +++ b/sites/platform/src/create-apps/image-properties/_index.md @@ -5,4 +5,6 @@ description: Configure your app and control how it's built and deployed on {{% v # layout: single --- -doesn't need much, maybe just a sentence. \ No newline at end of file +The following properties are common to both the [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) image type and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) image type. + +For most of these properties, the syntax and details are the same for both image types. Differences in meaning and syntax are noted where needed. \ No newline at end of file From 90f976c2f0b819939b838974cdc4a33fe3d8dd1a Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 00:20:51 -0400 Subject: [PATCH 27/48] platform: edits to create-app/app-reference/_index.md --- .../platform/src/create-apps/app-reference/_index.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/_index.md b/sites/platform/src/create-apps/app-reference/_index.md index c3814f5e45..b9a8580a1b 100644 --- a/sites/platform/src/create-apps/app-reference/_index.md +++ b/sites/platform/src/create-apps/app-reference/_index.md @@ -16,16 +16,18 @@ The point of this topic is to help the user to decide which type to choose An _image_ represents the configuration for the container that contains the application (or service) that you want to deploy. -When + +To define your app, you can either use one of {{% vendor/name %}}'s [single-runtime image](/create-apps/app-reference/single-runtime-image.md) +or its [composable image (BETA)](/create-apps/app-reference/composable-image.md). -Single-runtime image type: +The single-runtime image type has the following characteristics: - Can contain only a single runtime - Requires more manual configuration the composable images, but are more flexible - Initial build takes - `type` defines your image version (for example, `php:8.4`) - You can move to a composable image later, if your application needs change -Composable image type has these characteristics: +The composable image type has the following characteristics: - Can contain multiple runtimes - Requires less manual configuration than single-runtime images and offers more flexibility in other ways - Initial build and rebuilds and can take a long time, but caching increases the speed @@ -42,10 +44,6 @@ Composable image type has these characteristics: --> - -To define your app, you can either use one of {{% vendor/name %}}'s [single-runtime image](/create-apps/app-reference/single-runtime-image.md) -or its [composable image (BETA)](/create-apps/app-reference/composable-image.md). - ## Single-runtime image {{% vendor/name %}} provides and maintains a list of single-runtime images you can use for each of your application containers.
From 9c95e2b3db6bd0109da0d439db6cc4aef041b7eb Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 00:33:14 -0400 Subject: [PATCH 28/48] platform: single-runtime-image - draft note text about properties residing in separate files --- .../src/create-apps/app-reference/single-runtime-image.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sites/platform/src/create-apps/app-reference/single-runtime-image.md b/sites/platform/src/create-apps/app-reference/single-runtime-image.md index 8064a07aca..511fd3b00e 100644 --- a/sites/platform/src/create-apps/app-reference/single-runtime-image.md +++ b/sites/platform/src/create-apps/app-reference/single-runtime-image.md @@ -24,6 +24,10 @@ The following table presents all properties available at the top level of the YA The column _Set in instance?_ defines whether the given property can be overridden within a `web` or `workers` instance. To override any part of a property, you have to provide the entire property. + + | Name | Type | Required | Set in instance? | Description | |--------------------|--------------------------------------------------------------------------|----------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `name` | `string` | Yes | No | A unique name for the app. Must be lowercase alphanumeric characters. Changing the name destroys data associated with the app. | From cdcdef0cb855474915ba3b9c7fd0de4b30683c0a Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 01:48:22 -0400 Subject: [PATCH 29/48] platform: image-properties/_index.md edits --- sites/platform/src/create-apps/image-properties/_index.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/sites/platform/src/create-apps/image-properties/_index.md b/sites/platform/src/create-apps/image-properties/_index.md index 8e98f3ae95..de4b132190 100644 --- a/sites/platform/src/create-apps/image-properties/_index.md +++ b/sites/platform/src/create-apps/image-properties/_index.md @@ -1,10 +1,12 @@ --- title: "Image properties" weight: 4 -description: Configure your app and control how it's built and deployed on {{% vendor/name %}}. +description: Details about image properties in the {{% vendor/name %}} config.yaml file # layout: single --- -The following properties are common to both the [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) image type and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) image type. +The image properties below are used to configure both single-runtime images and composable images. -For most of these properties, the syntax and details are the same for both image types. Differences in meaning and syntax are noted where needed. \ No newline at end of file +For most of these properties, the syntax and details are the same for both image types. Differences in meaning and syntax are noted as needed in the property details. + +To learn about the properties that are unique to each image type, refer to the [single-runtime image](/create-apps/app-reference/single-runtime-image.md#) and [composable image](/create-apps/app-reference/composable-image.md#) topics. From 5d6f8ab2768be12dd09c38d5fa3021d96f66679d Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 01:49:14 -0400 Subject: [PATCH 30/48] platform: /image-properties files - add {{% description %}} --- sites/platform/src/create-apps/image-properties/access.md | 2 +- .../src/create-apps/image-properties/additional_hosts.md | 2 +- sites/platform/src/create-apps/image-properties/crons.md | 2 +- sites/platform/src/create-apps/image-properties/disk.md | 2 +- sites/platform/src/create-apps/image-properties/firewall.md | 2 +- sites/platform/src/create-apps/image-properties/hooks.md | 2 +- sites/platform/src/create-apps/image-properties/mounts.md | 2 +- .../platform/src/create-apps/image-properties/relationships.md | 2 +- sites/platform/src/create-apps/image-properties/source.md | 2 +- sites/platform/src/create-apps/image-properties/variables.md | 2 +- sites/platform/src/create-apps/image-properties/web.md | 2 +- sites/platform/src/create-apps/image-properties/workers.md | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/sites/platform/src/create-apps/image-properties/access.md b/sites/platform/src/create-apps/image-properties/access.md index 5aec6f8e54..d2b0e943a1 100644 --- a/sites/platform/src/create-apps/image-properties/access.md +++ b/sites/platform/src/create-apps/image-properties/access.md @@ -6,7 +6,7 @@ description: An access dictionary that defines the access control for roles acce Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -An access dictionary that defines the access control for roles accessing app environments. +{{% description %}} The `access` dictionary has one allowed key: diff --git a/sites/platform/src/create-apps/image-properties/additional_hosts.md b/sites/platform/src/create-apps/image-properties/additional_hosts.md index 053c59f3c2..9f03e5d01f 100644 --- a/sites/platform/src/create-apps/image-properties/additional_hosts.md +++ b/sites/platform/src/create-apps/image-properties/additional_hosts.md @@ -6,7 +6,7 @@ description: An additional hosts dictionary that maps hostnames to IP addresses. Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -An additional hosts dictionary that maps hostnames to IP addresses. +{{% description %}} If you're using a private network with specific IP addresses you need to connect to, you might want to map those addresses to hostnames to better remember and organize them. diff --git a/sites/platform/src/create-apps/image-properties/crons.md b/sites/platform/src/create-apps/image-properties/crons.md index 3d90445cf6..6ff1d93da1 100644 --- a/sites/platform/src/create-apps/image-properties/crons.md +++ b/sites/platform/src/create-apps/image-properties/crons.md @@ -6,7 +6,7 @@ description: A cron dictionary that defines scheduled tasks for the app. Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -A cron dictionary that defines scheduled tasks for the app. +{{% description %}} The keys of the `crons` definition are the names of the cron jobs. The names must be unique. diff --git a/sites/platform/src/create-apps/image-properties/disk.md b/sites/platform/src/create-apps/image-properties/disk.md index fcdc52319e..bb3a84d9c5 100644 --- a/sites/platform/src/create-apps/image-properties/disk.md +++ b/sites/platform/src/create-apps/image-properties/disk.md @@ -6,7 +6,7 @@ description: An `integer` (or `null`) that defines the disk space allocated (in Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -An `integer` (or `null`) that defines the disk space allocated (in MB) to an app. +{{% description %}} The maximum total space available to all apps and services is set by the storage in your plan settings. When deploying your project, the sum of all `disk` keys defined in app and service configurations diff --git a/sites/platform/src/create-apps/image-properties/firewall.md b/sites/platform/src/create-apps/image-properties/firewall.md index 82fb8a9ab5..cac4de37c0 100644 --- a/sites/platform/src/create-apps/image-properties/firewall.md +++ b/sites/platform/src/create-apps/image-properties/firewall.md @@ -8,7 +8,7 @@ description: A firewall dictionary that defines the outbound firewall rules for Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -A firewall dictionary that defines the outbound firewall rules for the application. +{{% description %}} This value sets limits in outbound traffic from your app with no impact on inbound requests. diff --git a/sites/platform/src/create-apps/image-properties/hooks.md b/sites/platform/src/create-apps/image-properties/hooks.md index aa63d932ee..183cbff9a9 100644 --- a/sites/platform/src/create-apps/image-properties/hooks.md +++ b/sites/platform/src/create-apps/image-properties/hooks.md @@ -9,7 +9,7 @@ keywords: Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -A hooks dictionary that defines which commands run at different stages in the build and deploy process. +{{% description %}} There are three different hooks that run as part of the process of building and deploying your app. These are places where you can run custom scripts. diff --git a/sites/platform/src/create-apps/image-properties/mounts.md b/sites/platform/src/create-apps/image-properties/mounts.md index d34b0ae7b0..26c04ca7d6 100644 --- a/sites/platform/src/create-apps/image-properties/mounts.md +++ b/sites/platform/src/create-apps/image-properties/mounts.md @@ -6,7 +6,7 @@ description: Defines the directories that are writable even after the app is bui Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -Defines the directories that are writable even after the app is built. If set as a local source, disk is required. +{{% description %}} If set as a local source, disk is required. After your app is built, its file system is read-only. To make changes to your app's code, you need to use Git. diff --git a/sites/platform/src/create-apps/image-properties/relationships.md b/sites/platform/src/create-apps/image-properties/relationships.md index eba17962eb..31ed01b64d 100644 --- a/sites/platform/src/create-apps/image-properties/relationships.md +++ b/sites/platform/src/create-apps/image-properties/relationships.md @@ -6,7 +6,7 @@ description: A dictionary of relationships that defines the connections to other Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images in {{% vendor/name %}}. -A dictionary of relationships that defines the connections to other services and apps. +{{% description %}} To allow containers in your project to communicate with one another, you need to define relationships between them. diff --git a/sites/platform/src/create-apps/image-properties/source.md b/sites/platform/src/create-apps/image-properties/source.md index 073443d0c9..0fb5ee9d23 100644 --- a/sites/platform/src/create-apps/image-properties/source.md +++ b/sites/platform/src/create-apps/image-properties/source.md @@ -6,7 +6,7 @@ description: Contains information about the app’s source code and operations t Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -Contains information about the app’s source code and operations that can be run on it. +{{% description %}} The following table shows the properties that can be set in `source`: diff --git a/sites/platform/src/create-apps/image-properties/variables.md b/sites/platform/src/create-apps/image-properties/variables.md index 83ebd11524..0c33d5740a 100644 --- a/sites/platform/src/create-apps/image-properties/variables.md +++ b/sites/platform/src/create-apps/image-properties/variables.md @@ -6,7 +6,7 @@ description: A variables dictionary that defines variables to control the enviro Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -A variables dictionary that defines variables to control the environment. +{{% description %}} {{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). Variables set in your app configuration have the lowest precedence, diff --git a/sites/platform/src/create-apps/image-properties/web.md b/sites/platform/src/create-apps/image-properties/web.md index c721f02253..e9df885a68 100644 --- a/sites/platform/src/create-apps/image-properties/web.md +++ b/sites/platform/src/create-apps/image-properties/web.md @@ -6,7 +6,7 @@ description: A web instance that defines how the web application is served. Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -A web instance that defines how the web application is served. +{{% description %}} Use the `web` key to configure the web server running in front of your app. In single-runtime images, defaults may vary with a different [image `type`](/create-apps/app-reference/single-runtime-image.md#types). diff --git a/sites/platform/src/create-apps/image-properties/workers.md b/sites/platform/src/create-apps/image-properties/workers.md index 63df726121..0ddc45158d 100644 --- a/sites/platform/src/create-apps/image-properties/workers.md +++ b/sites/platform/src/create-apps/image-properties/workers.md @@ -6,7 +6,7 @@ description: Defines the list of work names that are alternate copies of the app Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -Defines the list of worker names that are alternate copies of the application to run as background processes. +{{% description %}} Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](/create-apps/image-properties/hooks.md). They use the same container image. From ac28e6f9c33f336ac6dd9537a2dd453b12449e29 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 03:21:58 -0400 Subject: [PATCH 31/48] platform: fix links to web.md --- sites/platform/src/create-apps/image-properties/mounts.md | 2 +- sites/platform/src/create-apps/image-properties/web.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sites/platform/src/create-apps/image-properties/mounts.md b/sites/platform/src/create-apps/image-properties/mounts.md index 26c04ca7d6..e54eb247d6 100644 --- a/sites/platform/src/create-apps/image-properties/mounts.md +++ b/sites/platform/src/create-apps/image-properties/mounts.md @@ -47,7 +47,7 @@ See how to [troubleshoot the warning](/create-apps/troubleshoot-mounts.md#overla | `service` | `string` | | Only for `service` mounts: the name of the [Network Storage service](/add-services/network-storage.md). | -The accessibility to the web of a mounted directory depends on the [`web.locations` configuration](#web). +The accessibility to the web of a mounted directory depends on the [`web.locations` configuration](/create-apps/image-properties/web.md). Files can be all public, all private, or with different rules for different paths and file types. Note that when you remove a `local` mount from your `{{< vendor/configfile "app" >}}` file, diff --git a/sites/platform/src/create-apps/image-properties/web.md b/sites/platform/src/create-apps/image-properties/web.md index e9df885a68..b56ad28a74 100644 --- a/sites/platform/src/create-apps/image-properties/web.md +++ b/sites/platform/src/create-apps/image-properties/web.md @@ -13,7 +13,7 @@ In single-runtime images, defaults may vary with a different [image `type`](/cre | Name | Type | Required | Description | |-------------|--------------------------------------------|-------------------------------|------------------------------------------------------| -| `commands` | A [web commands dictionary](#web-commands) | See [note](#required-command) | The command to launch your app. | +| `commands` | A [web commands dictionary](/create-apps/image-properties/web.md#web-commands) | See [note](#required-command) | The command to launch your app. | | `upstream` | An [upstream dictionary](#upstream) | | How the front server connects to your app. | | `locations` | A [locations dictionary](#locations) | | How the app container responds to incoming requests. | From 3ee23d8b2dcfe87a9d7feb97e560e854a3eed3ea Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 06:08:46 -0400 Subject: [PATCH 32/48] upsun: add image properties files --- .../create-apps/image-properties/_index.md | 12 + .../create-apps/image-properties/access.md | 54 +++ .../image-properties/additional_hosts.md | 46 ++ .../image-properties/container_profile.md | 19 + .../src/create-apps/image-properties/crons.md | 358 ++++++++++++++ .../create-apps/image-properties/firewall.md | 208 ++++++++ .../src/create-apps/image-properties/hooks.md | 103 ++++ .../create-apps/image-properties/mounts.md | 446 ++++++++++++++++++ .../image-properties/relationships.md | 216 +++++++++ .../create-apps/image-properties/source.md | 16 + .../create-apps/image-properties/variables.md | 70 +++ .../src/create-apps/image-properties/web.md | 354 ++++++++++++++ .../create-apps/image-properties/workers.md | 93 ++++ 13 files changed, 1995 insertions(+) create mode 100644 sites/upsun/src/create-apps/image-properties/_index.md create mode 100644 sites/upsun/src/create-apps/image-properties/access.md create mode 100644 sites/upsun/src/create-apps/image-properties/additional_hosts.md create mode 100644 sites/upsun/src/create-apps/image-properties/container_profile.md create mode 100644 sites/upsun/src/create-apps/image-properties/crons.md create mode 100644 sites/upsun/src/create-apps/image-properties/firewall.md create mode 100644 sites/upsun/src/create-apps/image-properties/hooks.md create mode 100644 sites/upsun/src/create-apps/image-properties/mounts.md create mode 100644 sites/upsun/src/create-apps/image-properties/relationships.md create mode 100644 sites/upsun/src/create-apps/image-properties/source.md create mode 100644 sites/upsun/src/create-apps/image-properties/variables.md create mode 100644 sites/upsun/src/create-apps/image-properties/web.md create mode 100644 sites/upsun/src/create-apps/image-properties/workers.md diff --git a/sites/upsun/src/create-apps/image-properties/_index.md b/sites/upsun/src/create-apps/image-properties/_index.md new file mode 100644 index 0000000000..5ae422d8cc --- /dev/null +++ b/sites/upsun/src/create-apps/image-properties/_index.md @@ -0,0 +1,12 @@ +--- +title: "Image properties" +sidebarTitle: "Image properties" +weight: 4 +description: Details about image properties in the {{% vendor/name %}} config.yaml file +# layout: single +--- + +**Note:** The properties below are available in both single-runtime and composable images. +For most of these properties, the syntax and details are the same for both image types. Differences in meaning and syntax are noted as needed in the property details. + +To learn about the properties that are **unique to each image type**, refer to the [single-runtime image](/create-apps/app-reference/single-runtime-image.md#) and [composable image](/create-apps/app-reference/composable-image.md#) topics. diff --git a/sites/upsun/src/create-apps/image-properties/access.md b/sites/upsun/src/create-apps/image-properties/access.md new file mode 100644 index 0000000000..d1404c07ef --- /dev/null +++ b/sites/upsun/src/create-apps/image-properties/access.md @@ -0,0 +1,54 @@ +--- +title: "`access`" +weight: 4 +description: An access dictionary that defines the access control for roles accessing app environments. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + +{{% description %}} + +The `access` dictionary has one allowed key: + +| Name | Allowed values | Default | Description | +|-------|-------------------------------------|---------------|-----------------------------------------------------------------------| +| `ssh` | `admin`, `contributor`, or `viewer` | `contributor` | Defines the minimum role required to access app environments via SSH. | + +In the following example, only users with `admin` permissions for the +given [environment type](/administration/users.md#environment-type-roles) +can access the deployed environment via SSH: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + access: + ssh: admin +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + access: + ssh: admin +``` + +{{< /codetabs >}} + diff --git a/sites/upsun/src/create-apps/image-properties/additional_hosts.md b/sites/upsun/src/create-apps/image-properties/additional_hosts.md new file mode 100644 index 0000000000..72398a17ee --- /dev/null +++ b/sites/upsun/src/create-apps/image-properties/additional_hosts.md @@ -0,0 +1,46 @@ +--- +title: "`additional_hosts`" +weight: 4 +description: An additional hosts dictionary that maps hostnames to IP addresses. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + +{{% description %}} + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'php:{{% latest "php" %}}' + additional_hosts: + api.example.com: "192.0.2.23" + web.example.com: "203.0.113.42" +``` +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "php@{{% latest php %}}" ] + additional_hosts: + api.example.com: "192.0.2.23" + web.example.com: "203.0.113.42" +``` + +{{< /codetabs >}} + +This is equivalent to adding the mapping to the `/etc/hosts` file for the container. diff --git a/sites/upsun/src/create-apps/image-properties/container_profile.md b/sites/upsun/src/create-apps/image-properties/container_profile.md new file mode 100644 index 0000000000..cfc3bbbd83 --- /dev/null +++ b/sites/upsun/src/create-apps/image-properties/container_profile.md @@ -0,0 +1,19 @@ +--- +title: "`container_profile`" +weight: 4 +description: Defines the container profile of the application. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + +{{% description %}} + +By default, {{% vendor/name %}} allocates a container profile to each app and service depending on the range of resources it’s +expected to need. + +Each container profile gives you access to a specific list of CPU and RAM combinations. +Using the {{% vendor/name %}} CLI or Console, you can then pick a CPU and RAM combination for each of your apps and services. + +- [Default container profiles](/manage-resources/adjust-resources.md#default-container-profiles) for runtime and service containers +- [Advanced: Container profile types and resources](/manage-resources/adjust-resources.md#advanced-container-profiles) +- [Customize resources using the `container_profile` key](/manage-resources/adjust-resources.md#adjust-a-container-profile) \ No newline at end of file diff --git a/sites/upsun/src/create-apps/image-properties/crons.md b/sites/upsun/src/create-apps/image-properties/crons.md new file mode 100644 index 0000000000..2f8f20863d --- /dev/null +++ b/sites/upsun/src/create-apps/image-properties/crons.md @@ -0,0 +1,358 @@ +--- +title: "`crons`" +weight: 4 +description: A cron dictionary that defines scheduled tasks for the app. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + +{{% description %}} + +The keys of the `crons` definition are the names of the cron jobs. +The names must be unique. + +If an application defines both a `web` instance and `worker` instances, cron jobs run only on the `web` instance. + +See how to [get cron logs](/increase-observability/logs/access-logs.md#container-logs). + +The following table shows the properties for each job: + +| Name | Type | Required | Description | +|--------------------|----------------------------------------------|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time. | +| `commands` | A [cron commands dictionary](#cron-commands) | Yes | A definition of what commands to run when starting and stopping the cron job. | +| `shutdown_timeout` | `integer` | No | When a cron is canceled, this represents the number of seconds after which a `SIGKILL` signal is sent to the process to force terminate it. The default is `10` seconds. | +| `timeout` | `integer` | No | The maximum amount of time a cron can run before it's terminated. Defaults to the maximum allowed value of `86400` seconds (24 hours). | + +Note that you can [cancel pending or running crons](/environments/cancel-activity.md). + +### Cron commands + +| Name | Type | Required | Description | +|---------|----------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `start` | `string` | Yes | The command that's run. It's run in [Dash](https://en.wikipedia.org/wiki/Almquist_shell). | +| `stop` | `string` | No | The command that's issued to give the cron command a chance to shutdown gracefully, such as to finish an active item in a list of tasks. Issued when a cron task is interrupted by a user through the CLI or Console. If not specified, a `SIGTERM` signal is sent to the process. | + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'nodejs:{{% latest "nodejs" %}}' + crons: + mycommand: + spec: 'H * * * *' + commands: + start: sleep 60 && echo sleep-60-finished && date + stop: killall sleep + shutdown_timeout: 18 +``` + +In this example configuration, the [cron specification](#crons) uses the `H` syntax. + +### Single-runtime image: Example cron jobs + + +{{< codetabs >}} + ++++ +title=Drupal ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'php:{{% latest "php" %}}' +crons: + # Run Drupal's cron tasks every 19 minutes. + drupal: + spec: '*/19 * * * *' + commands: + start: 'cd web ; drush core-cron' + # But also run pending queue tasks every 7 minutes. + # Use an odd number to avoid running at the same time as the `drupal` cron. + drush-queue: + spec: '*/7 * * * *' + commands: + start: 'cd web ; drush queue-run aggregator_feeds' + {{< /snippet >}} +``` + +<---> + ++++ +title=Ruby on Rails ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'ruby:{{% latest "ruby" %}}' +crons: + # Execute a rake script every 19 minutes. + ruby: + spec: '*/19 * * * *' + commands: + start: 'bundle exec rake some:task' + {{< /snippet >}} +``` + +<---> + ++++ +title=Laravel ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'php:{{% latest "php" %}}' +crons: + # Run Laravel's scheduler every 5 minutes. + scheduler: + spec: '*/5 * * * *' + commands: + start: 'php artisan schedule:run' + {{< /snippet >}} +``` + +<---> + ++++ +title=Symfony ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +type: 'php:{{% latest "php" %}}' +crons: + # Take a backup of the environment every day at 5:00 AM. + snapshot: + spec: 0 5 * * * + commands: + start: | + # Only run for the production environment, aka main branch + if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then + croncape symfony ... + fi + {{< /snippet >}} +``` + +{{< /codetabs >}} + + +### Composable image: Example cron jobs + + +{{< codetabs >}} + ++++ +title=Drupal ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "php@{{% latest php %}}" ] +crons: + # Run Drupal's cron tasks every 19 minutes. + drupal: + spec: '*/19 * * * *' + commands: + start: 'cd web ; drush core-cron' + # But also run pending queue tasks every 7 minutes. + # Use an odd number to avoid running at the same time as the `drupal` cron. + drush-queue: + spec: '*/7 * * * *' + commands: + start: 'cd web ; drush queue-run aggregator_feeds' +{{< /snippet >}} +``` + +<---> + ++++ +title=Ruby on Rails ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "ruby@{{% latest ruby %}}" ] +crons: + # Execute a rake script every 19 minutes. + ruby: + spec: '*/19 * * * *' + commands: + start: 'bundle exec rake some:task' +{{< /snippet >}} +``` + +<---> + ++++ +title=Laravel ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "php@{{% latest php %}}" ] +crons: + # Run Laravel's scheduler every 5 minutes. + scheduler: + spec: '*/5 * * * *' + commands: + start: 'php artisan schedule:run' +{{< /snippet >}} +``` + +<---> + ++++ +title=Symfony ++++ + +```yaml {configFile="app"} +{{< snippet name="myapp" config="app" root="/" >}} +stack: [ "php@{{% latest php %}}" ] +crons: + # Take a backup of the environment every day at 5:00 AM. + snapshot: + spec: 0 5 * * * + commands: + start: | + # Only run for the production environment, aka main branch + if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then + croncape symfony ... + fi +{{< /snippet >}} +``` + +{{< /codetabs >}} + + +### Conditional crons + +If you want to set up customized cron schedules depending on the environment type, +define conditional crons. +To do so, use a configuration similar to the following: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'php:{{% latest "php" %}}' + crons: + update: + spec: '0 0 * * *' + commands: + start: | + if [ "$PLATFORM_ENVIRONMENT_TYPE" = production ]; then + {{% vendor/cli %}} backup:create --yes --no-wait + {{% vendor/cli %}} source-operation:run update --no-wait --yes + fi +``` +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "php@{{% latest php %}}" ] + crons: + update: + spec: '0 0 * * *' + commands: + start: | + if [ "$PLATFORM_ENVIRONMENT_TYPE" = production ]; then + {{% vendor/cli %}} backup:create --yes --no-wait + {{% vendor/cli %}} source-operation:run update --no-wait --yes + fi +``` + +{{< /codetabs >}} + + + +### Cron job timing + +The minimum time between cron jobs being triggered is 5 minutes. + +For each app container, only one cron job can run at a time. +If a new job is triggered while another is running, the new job is paused until the other completes. + +To minimize conflicts, a random offset is applied to all triggers. +The offset is a random number of seconds up to 20 minutes or the cron frequency, whichever is smaller. + +Crons are also paused while activities such as [backups](/environments/backup.md) are running. +The crons are queued to run after the other activity finishes. + +To run cron jobs in a timezone other than UTC, set the `timezone` property property as described for the image type ([single-runtime image](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) or +[composable image](/create-apps/app-reference/composable-image.md#primary-application-properties)). + +To run cron jobs in a timezone other than UTC, set the [timezone property](#primary-application-properties). + +### Paused crons + +[Preview environments](/glossary.md#preview-environment) are often used for a limited time and then abandoned. +While it's useful for environments under active development to have scheduled tasks, +unused environments don't need to run cron jobs. +To minimize unnecessary resource use, +crons on environments with no deployments are paused. + +This affects all preview environments, _and_ production environment that do not yet have a domain attached to them. + +Such environments with deployments within 14 days have crons with the status `running`. +If there haven't been any deployments within 14 days, the status is `paused`. + +You can see the status in the Console +or using the CLI by running `{{% vendor/cli %}} environment:info` and looking under `deployment_state`. + +#### Restarting paused crons + +If the crons on your preview environment are paused but you're still using them, +you can push changes to the environment or redeploy it. + +To restart crons without changing anything: + +{{< codetabs >}} + ++++ +title=In the Console ++++ + +1. In the Console, navigate to your project. +1. Open the environment where you'd like the crons to run. +1. Click `Redeploy` next to the cron status of `Paused`. + +<---> + ++++ +title=Using the CLI ++++ + +Run the following command: + +```bash +{{% vendor/cli %}} redeploy +``` + +{{< /codetabs >}} + +### Composable image only: Sizing hints + +The following table shows the properties that can be set in `sizing_hints`: + +| Name | Type | Default | Minimum | Description | +|-------------------|-----------|---------|---------|------------------------------------------------| +| `request_memory` | `integer` | 45 | 10 | The average memory consumed per request in MB. | +| `reserved_memory` | `integer` | 70 | 70 | The amount of memory reserved in MB. | + +See more about [PHP-FPM workers and sizing](/languages/php/fpm.md). diff --git a/sites/upsun/src/create-apps/image-properties/firewall.md b/sites/upsun/src/create-apps/image-properties/firewall.md new file mode 100644 index 0000000000..dba20b8e57 --- /dev/null +++ b/sites/upsun/src/create-apps/image-properties/firewall.md @@ -0,0 +1,208 @@ +--- +title: "`firewall`" +weight: 4 +description: A firewall dictionary that defines the outbound firewall rules for the application. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + +{{% description %}} + +This property enables you to set limits in outbound traffic from your app with no impact on inbound requests. + +The `outbound` key is required and contains one or more rules. +The rules define what traffic is allowed; anything unspecified is blocked. + +Each rule has the following properties where at least one is required and `ips` and `domains` can't be specified +together: + +| Name | Type | Default | Description | +|-----------|---------------------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `ips` | Array of `string`s | `["0.0.0.0/0"]` | IP addresses in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). See a [CIDR format converter](https://www.ipaddressguide.com/cidr). | +| `domains` | Array of `string`s | | [Fully qualified domain names](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) to specify specific destinations by hostname. | +| `ports` | Array of `integer`s | | Ports from 1 to 65535 that are allowed. If any ports are specified, all unspecified ports are blocked. If no ports are specified, all ports are allowed. Port `25`, the SMTP port for sending email, is always blocked. | + +The default settings would look like this: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + firewall: + outbound: + - ips: [ "0.0.0.0/0" ] +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + firewall: + outbound: + - ips: [ "0.0.0.0/0" ] +``` + +{{< /codetabs >}} + + + +### Support for rules + +Where outbound rules for firewalls are supported in all environments. + +### Multiple rules + +Multiple firewall rules can be specified. +In such cases, a given outbound request is allowed if it matches _any_ of the defined rules. + +So in the following example requests to any IP on port 80 are allowed +and requests to 1.2.3.4 on either port 80 or 443 are allowed: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + firewall: + outbound: + - ips: [ "1.2.3.4/32" ] + ports: [ 443 ] + - ports: [ 80 ] +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + firewall: + outbound: + - ips: [ "1.2.3.4/32" ] + ports: [ 443 ] + - ports: [ 80 ] +``` + +{{< /codetabs >}} + + +### Outbound traffic to CDNs + +Be aware that many services are behind a content delivery network (CDN). +For most CDNs, routing is done via domain name, not IP address, +so thousands of domain names may share the same public IP addresses at the CDN. +If you allow the IP address of a CDN, you are usually allowing many or all of the other customers hosted behind that +CDN. + +### Outbound traffic by domain + +You can filter outbound traffic by domain. +Using domains in your rules rather than IP addresses is generally more specific and secure. +For example, if you use an IP address for a service with a CDN, +you have to allow the IP address for the CDN. +This means that you allow potentially hundreds or thousands of other servers also using the CDN. + +An example rule filtering by domain: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + firewall: + outbound: + - protocol: tcp + domains: [ "api.stripe.com", "api.twilio.com" ] + ports: [ 80, 443 ] + - protocol: tcp + ips: [ "1.2.3.4/29","2.3.4.5" ] + ports: [ 22 ] +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + firewall: + outbound: + - protocol: tcp + domains: [ "api.stripe.com", "api.twilio.com" ] + ports: [ 80, 443 ] + - protocol: tcp + ips: [ "1.2.3.4/29","2.3.4.5" ] + ports: [ 22 ] +``` + +{{< /codetabs >}} + + +#### Determine which domains to allow + +To determine which domains to include in your filtering rules, +find the domains your site has requested the DNS to resolve. +Run the following command to parse your server’s `dns.log` file +and display all Fully Qualified Domain Names that have been requested: + +```bash +awk '/query\[[^P]\]/ { print $6 | "sort -u" }' /var/log/dns.log +``` + +The output includes all DNS requests that were made, including those blocked by your filtering rules. +It doesn't include any requests made using an IP address. + +Example output: + +```bash +facebook.com +fastly.com +upsun.com +www.google.com +www.upsun.com +``` + + + diff --git a/sites/upsun/src/create-apps/image-properties/hooks.md b/sites/upsun/src/create-apps/image-properties/hooks.md new file mode 100644 index 0000000000..dd9cbfae46 --- /dev/null +++ b/sites/upsun/src/create-apps/image-properties/hooks.md @@ -0,0 +1,103 @@ +--- +title: "`hooks`" +weight: 4 +description: A hooks dictionary that defines which commands run at different stages in the build and deploy process. +keywords: + - hooks + - hooks +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + +{{% description %}} + +There are three different hooks that run as part of the process of building and deploying your app. +These are places where you can run custom scripts. +They are: the `build` hook, the `deploy` hook, and the `post_deploy` hook. +Only the `build` hook is run for [worker instances](/create-apps/image-properties/workers.md), while [web instances](/create-apps/image-properties/web.md) run all three. + +The process is ordered as: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +1. Variables accessible at build time become available. +1. [Build flavor](/create-apps/app-reference/single-runtime-image.md#build) runs if applicable. +1. Any [dependencies](/create-apps/app-reference/single-runtime-image.md##dependencies) are installed. +1. The `build` hook is run. +1. The file system is changed to read only, except for any [mounts](/create-apps/image-properties/mounts.md). +1. The app container starts. Variables accessible at runtime and services become available. +1. The `deploy` hook is run. +1. The app container begins accepting requests. +1. The `post_deploy` hook is run. + +<---> + ++++ +title=Composable image ++++ + +1. Variables accessible at build time become available. +1. The `build` hook is run. +1. The file system is changed to read only, except for any [mounts](/create-apps/image-properties/mounts.md). +1. The app container starts. Variables accessible at runtime and services become available. +1. The `deploy` hook is run. +1. The app container begins accepting requests. +1. The `post_deploy` hook is run. + +{{< /codetabs >}} + +Note that if an environment changes by no code changes, only the last step is run. +If you want the entire process to run, see how +to [manually trigger builds](/development/troubleshoot.md#manually-trigger-builds). + +### Writable directories during build + +During the `build` hook, there are three writeable directories: + +- `PLATFORM_APP_DIR`: + Where your code is checked out and the working directory when the `build` hook starts. + Becomes the app that gets deployed. +- `PLATFORM_CACHE_DIR`: + Persists between builds, but isn't deployed. + Shared by all builds on all branches. +- `/tmp`: + Isn't deployed and is wiped between each build. + Note that `PLATFORM_CACHE_DIR` is mapped to `/tmp` + and together they offer about 8GB of free space. + +### Hook failure + +Each hook is executed as a single script, so they're considered to have failed only if the final command in them fails. +To cause them to fail on the first failed command, add `set -e` to the beginning of the hook. + +If a `build` hook fails for any reason, the build is aborted and the deploy doesn't happen. +Note that this only works for `build` hooks -- +if other hooks fail, the app is still deployed. + +#### Automated testing + +It’s preferable that you set up and run automated tests in a dedicated CI/CD tool. +Relying on {{% vendor/name %}} hooks for such tasks can prove difficult. + +During the `build` hook, you can halt the deployment on a test failure but the following limitations apply: + +- Access to services such as databases, Redis, Vault KMS, and even writable mounts is disabled. + So any testing that relies on it is sure to fail. +- If you haven’t made changes to your app, an existing build image is reused and the build hook isn’t run. +- Test results are written into your app container, so they might get exposed to a third party. + +During the `deploy` hook, you can access services but **you can’t halt the deployment based on a test failure**. +Note that there are other downsides: + +- Your app container is read-only during the deploy hook, + so if your tests need to write reports and other information, you need to create a file mount for them. +- Your app can only be deployed once the deploy hook has been completed. + Therefore, running automated testing via the deploy hook generates slower deployments. +- Your environment isn’t available externally during the deploy hook. + Unit and integration testing might work without the environment being available, + but you can’t typically perform end-to-end testing until after the environment is up and available. + diff --git a/sites/upsun/src/create-apps/image-properties/mounts.md b/sites/upsun/src/create-apps/image-properties/mounts.md new file mode 100644 index 0000000000..fedcfc7c0b --- /dev/null +++ b/sites/upsun/src/create-apps/image-properties/mounts.md @@ -0,0 +1,446 @@ +--- +title: "`mounts`" +weight: 4 +description: Directories that are writable even after the app is built. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + +Directories that are writable even after the app is built. Allocated disk for mounts is defined with a separate resource configuration call using `{{% vendor/cli %}} resources:set`. + +After your app is built, its file system is read-only. +To make changes to your app's code, you need to use Git. + +For enhanced flexibility, {{% vendor/name %}} allows you to define and use writable directories called "mounts". +Mounts give you write access to files generated by your app (such as cache and log files) +and uploaded files without going through Git. + +When you define a mount, you are mounting an external directory to your app container, +much like you would plug a hard drive into your computer to transfer data. + +{{% note %}} + +- Mounts aren't available during the build +- When you [back up an environment](/environments/backup.md), the mounts on that environment are backed up too + +{{% /note %}} + +### Define a mount + +To define a mount, use the following configuration: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: nodejs:{{% latest "nodejs" %}} + mounts: + '{{< variable "MOUNT_PATH" >}}': + source: {{< variable "MOUNT_TYPE" >}} + source_path: {{< variable "SOURCE_PATH_LOCATION" >}} +``` + +{{< variable "MOUNT_PATH" >}} is the path to your mount **within the app container** (relative to the app's root). +If you already have a directory with that name, you get a warning that it isn't accessible after the build. +See how to [troubleshoot the warning](../troubleshoot-mounts.md#overlapping-folders). + +| Name | Type | Required | Description | +| ------------- | -------------------- | -------- | ----------- | +| `source` | `storage`, `instance`, `tmp` (also called `temporary`), or `service` | Yes | Specifies the type of the mount:

- By design, `storage` mounts can be shared between instances of the same app. You can also configure them so they are [shared between different apps](#share-a-mount-between-several-apps).

-`instance` mounts are local mounts. Unique to your app, they are useful to store files that remain local to the app instance, such as application logs.

- `tmp` (or `temporary`) mounts are local ephemeral mounts, where an external directory is mounted to the `/tmp` directory of your app.
The content of a `tmp` mount **may be removed during infrastructure maintenance operations**. Therefore, `tmp` mounts allow you to **store files that you’re not afraid to lose**, such as your application cache that can be seamlessly rebuilt.
Note that the `/tmp` directory has **a maximum allocation of 8 GB**.

- `service` mounts can be useful if you want to explicitly define and use a [Network Storage](/add-services/network-storage.md) service to share data between different apps (instead of using a `storage` mount).| +| `source_path` | `string` | No | Specifies where the mount points **inside the [external directory](#mounts)**.

- If you explicitly set a `source_path`, your mount points to a specific subdirectory in the external directory.

- If the `source_path` is an empty string (`""`), your mount points to the entire external directory.

- If you don't define a `source_path`, {{% vendor/name %}} uses the {{< variable "MOUNT_PATH" >}} as default value, without leading or trailing slashes.
For example, if your mount lives in the `/web/uploads/` directory in your app container, it will point to a directory named `web/uploads` in the external directory.

**WARNING:** Changing the name of your mount affects the `source_path` when it's undefined. See [how to ensure continuity](#ensure-continuity-when-changing-the-name-of-your-mount) and maintain access to your files. | +| `service` | `string` | | The purpose of the `service` key depends on your use case.

In a multi-app context where a `storage` mount is shared between apps, `service` is required. Its value is the name of the app whose mount you want to share. See how to [share a mount between several apps](#share-a-mount-between-several-apps).

In a multi-app context where a [Network Storage service](/add-services/network-storage.md) (`service` mount) is shared between apps, `service` is required and specifies the name of that Network Storage. | +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "nodejs@{{% latest nodejs %}}" ] + mounts: + '{{< variable "MOUNT_PATH" >}}': + source: {{< variable "MOUNT_TYPE" >}} + source_path: {{< variable "SOURCE_PATH_LOCATION" >}} +``` + +{{< variable "MOUNT_PATH" >}} is the path to your mount **within the app container** (relative to the app's root). +If you already have a directory with that name, you get a warning that it isn't accessible after the build. +See how to [troubleshoot the warning](../troubleshoot-mounts.md#overlapping-folders). + +| Name | Type | Required | Description | +|---------------|--------------------------------|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `source` | `storage`, `tmp`, or `service` | Yes | Specifies the type of the mount:

- By design, `storage` mounts can be shared between instances of the same app. You can also configure them so they are [shared between different apps](#share-a-mount-between-several-apps).

-`instance` mounts are local mounts. Unique to your app, they are useful to store files that remain local to the app instance, such as application logs.

- `tmp` mounts are local ephemeral mounts, where an external directory is mounted to the `/tmp` directory of your app.
The content of a `tmp` mount **may be removed during infrastructure maintenance operations**. Therefore, `tmp` mounts allow you to **store files that you’re not afraid to lose**, such as your application cache that can be seamlessly rebuilt.
Note that the `/tmp` directory has **a maximum allocation of 8 GB**.

- `service` mounts can be useful if you want to explicitly define and use a [Network Storage](/add-services/network-storage.md) service to share data between different apps (instead of using a `storage` mount). | +| `source_path` | `string` | No | Specifies where the mount points **inside the [external directory](#mounts)**.

- If you explicitly set a `source_path`, your mount points to a specific subdirectory in the external directory.

- If the `source_path` is an empty string (`""`), your mount points to the entire external directory.

- If you don't define a `source_path`, {{% vendor/name %}} uses the {{< variable "MOUNT_PATH" >}} as default value, without leading or trailing slashes.
For example, if your mount lives in the `/web/uploads/` directory in your app container, it will point to a directory named `web/uploads` in the external directory.

**WARNING:** Changing the name of your mount affects the `source_path` when it's undefined. See [how to ensure continuity](#ensure-continuity-when-changing-the-name-of-your-mount) and maintain access to your files. | +| `service` | `string` | | The purpose of the `service` key depends on your use case.

In a multi-app context where a `storage` mount is shared between apps, `service` is required. Its value is the name of the app whose mount you want to share. See how to [share a mount between several apps](#share-a-mount-between-several-apps).

In a multi-app context where a [Network Storage service](/add-services/network-storage.md) (`service` mount) is shared between apps, `service` is required and specifies the name of that Network Storage. | + +{{< /codetabs >}} + +The accessibility to the web of a mounted directory depends on the [`web.locations` configuration](#web). +Files can be all public, all private, or with different rules for different paths and file types. + +Note that when you remove a `tmp` mount from your `{{< vendor/configfile "app" >}}` file, +the mounted directory isn't deleted. +The files still exist on disk until manually removed, +or until the app container is moved to another host during a maintenance operation. + +### Example configuration + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: nodejs:20 + mounts: + 'web/uploads': + source: storage + source_path: uploads + '/.tmp_platformsh': + source: tmp + source_path: files/.tmp_platformsh + '/build': + source: storage + source_path: files/build + '/.cache': + source: tmp + source_path: files/.cache + '/node_modules/.cache': + source: tmp + source_path: files/node_modules/.cache +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "nodejs@{{% latest nodejs %}}" ] + mounts: + 'web/uploads': + source: storage + source_path: uploads + '/.tmp_platformsh': + source: tmp + source_path: files/.tmp_platformsh + '/build': + source: storage + source_path: files/build + '/.cache': + source: tmp + source_path: files/.cache + '/node_modules/.cache': + source: tmp + source_path: files/node_modules/.cache +``` + +{{< /codetabs >}} + +### Ensure continuity when changing the name of your mount + +Changing the name of your mount affects the default `source_path`. + +Say you have a `/my/cache/` mount with an undefined `source_path`: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + mounts: + '/my/cache/': + source: tmp +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +mounts: + '/my/cache/': + source: tmp +``` + +{{< /codetabs >}} + +If you rename the mount to `/cache/files/`, it will point to a new, empty `/cache/files/` directory. + +To ensure continuity, you need to explicitly define the `source_path` as the previous name of the mount, without leading +or trailing slashes: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + mounts: + '/cache/files/': + source: tmp + source_path: my/cache +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +mounts: + '/cache/files/': + source: tmp + source_path: my/cache +``` + +{{< /codetabs >}} + +The `/cache/files/` mount will point to the original `/my/cache/` directory, maintaining access to all your existing +files in that directory. + +### Share a mount between several apps + +By design, [`storage` mounts](#mounts) are shared **between different instances of the same app**, +which enables [horizontal scaling](/manage-resources/_index.md). + +In a [multi-application context](/create-apps/multi-app/_index.md), +you can even share a `storage` mount **between different applications** in the same project. + +To do so, you need to define a `storage` mount in each of your app containers, +and point each of those mounts to the same shared external network directory. + +Use the following configuration: + +```yaml {configFile="app"} +applications: + app1: + mounts: + '{{< variable "MOUNT_PATH_1" >}}': + source: storage + source_path: {{< variable "SOURCE_PATH_LOCATION" >}} + + app2: + mounts: + '{{< variable "MOUNT_PATH_2" >}}': + source: storage + service: app1 + source_path: {{< variable "SOURCE_PATH_LOCATION" >}} +``` + +- {{< variable "MOUNT_PATH_1" >}} and {{< variable "MOUNT_PATH_2" >}} are the paths to each mount **within their + respective app container** (relative to the app's root). +- When configuring the first `storage` mount, you don't need to include the `service` key. + The first mount implicitly points to an external network directory. + The `service` key is required for subsequent mounts, to ensure they use the same external network directory as the + first mount. +- The `source_path` allows you to point each mount to the same subdirectory **within the shared external network + directory**. + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +{{% note title = "Single-runtime image: Example" %}} + +You have a `backend` app and a `frontend` app. +You want both apps to share data from the same mount.
+Follow these steps: + +1. In your `backend` app configuration, define a `storage` mount: + + ```yaml {configFile="app"} + applications: + backend: + mounts: + var/uploads: #The path to your mount within the backend app container. + source: storage + source_path: backend/uploads #The path to the source of the mount within the external network directory. + ``` + + This creates a `storage` mount named `var/uploads` in the `backend` app container. + The mount points to the `backend/uploads` directory within an external network directory. + +2. In your `frontend` app configuration, define another `storage` mount: + + ```yaml {configFile="app"} + applications: + applications: + backend: + mounts: + var/uploads: + source: storage + source_path: backend/uploads + + frontend: + mounts: + web/uploads: #The path to your mount within the frontend app container. + source: storage + service: backend #The name of the other app, so the mount can point to the same external network directory as that other app's mount. + source_path: backend/uploads #The path to the source of the mount within the shared external network directory. + ``` + + This creates another `storage` mount named `web/uploads` in the `frontend` app container. + + The `service` key allows you to specify that the `web/uploads` mount should use the same external network directory + as the mount previously defined in the `backend` app container. + + The `source_path` key specifies which subdirectory within the external network directory both mounts should share ( + here, the `backend/uploads` directory). + +{{% /note %}} + +<---> + ++++ +title=Composable image ++++ + +{{% note title = "Composable image: Example" %}} + +You have a `backend` app and a `frontend` app. +You want both apps to share data from the same mount.
+Follow these steps: + +1. In your `backend` app configuration, define a `storage` mount: + + ```yaml {configFile="app"} + applications: + backend: + mounts: + var/uploads: #The path to your mount within the backend app container. + source: storage + source_path: backend/uploads #The path to the source of the mount within the external network directory. + ``` + + This creates a `storage` mount named `var/uploads` in the `backend` app container. + The mount points to the `backend/uploads` directory within an external network directory. + +2. In your `frontend` app configuration, define another `storage` mount: + + ```yaml {configFile="app"} + applications: + backend: + mounts: + var/uploads: + source: storage + source_path: backend/uploads + + frontend: + mounts: + web/uploads: #The path to your mount within the frontend app container. + source: storage + service: backend #The name of the other app, so the mount can point to the same external network directory as that other app's mount. + source_path: backend/uploads #The path to the source of the mount within the shared external network directory. + ``` + + This creates another `storage` mount named `web/uploads` in the `frontend` app container. + + The `service` key allows you to specify that the `web/uploads` mount should use the same external network directory + as the mount previously defined in the `backend` app container. + + The `source_path` key specifies which subdirectory within the external network directory both mounts should share ( + here, the `backend/uploads` directory). + +{{% /note %}} + + +Note that another way to share data between apps through a mount is by +explicitly [defining a Network Storage service](/add-services/network-storage.md). + +{{< /codetabs >}} + + +### Composable image only: Local mounts + +If you need a local mount (i.e. unique per container), +{{% vendor/name %}} allows you to mount a directory within the `/tmp` directory of your app. +However, the following limitations apply: + +- Content from `tmp` mounts is removed when your app container is moved to another host during an infrastructure + maintenance operation +- The `/tmp` directory has a [maximum allocation of 8 GB](/create-apps/troubleshoot-disks.md#no-space-left-on-device) + +Therefore, `tmp` mounts are ideal to store non-critical data, such as your application cache which can be seamlessly +rebuilt, +but aren't suitable for storing files that are necessary for your app to run smoothly. + +Note that {{% vendor/name %}} will provide new local mounts in the near future. + +### Overlapping mounts + +The locations of mounts as they are visible to application containers can overlap somewhat. +For example: + +```yaml {configFile="app"} +applications: + myapp: + # ... + mounts: + 'var/cache_a': + source: storage + source_path: cacheA + 'var/cache_b': + source: tmp + source_path: cacheB + 'var/cache_c': + source: instance + source_path: cacheC +``` + +In this case, it does not matter that each mount is of a different `source` type. +Each mount is restricted to a subfolder within `var`, and all is well. + +The following, however, is not allowed and will result in a failure: + +```yaml {configFile="app"} +applications: + myapp: + # ... + mounts: + 'var/': + source: storage + source_path: cacheA + 'var/cache_b': + source: tmp + source_path: cacheB + 'var/cache_c': + source: instance + source_path: cacheC +``` + +The `storage` mount type specifically exists to share data between instances of the same application, whereas `tmp` and `instance` are meant to restrict data to build time and runtime of a single application instance, respectively. +These allowances are not compatible, and will result in an error if pushed. \ No newline at end of file diff --git a/sites/upsun/src/create-apps/image-properties/relationships.md b/sites/upsun/src/create-apps/image-properties/relationships.md new file mode 100644 index 0000000000..315f6a3351 --- /dev/null +++ b/sites/upsun/src/create-apps/image-properties/relationships.md @@ -0,0 +1,216 @@ +--- +title: "`relationships`" +weight: 4 +description: A dictionary of relationships that defines the connections to other services and apps. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images in {{% vendor/name %}}. + +{{% description %}} + +To allow containers in your project to communicate with one another, +you need to define relationships between them. +You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). + +The quickest way to define a relationship between your app and a service +is to use the service's default endpoint.
+However, some services allow you to define multiple databases, cores, and/or permissions. +In these cases, you can't rely on default endpoints. +Instead, you can explicitly define multiple endpoints when setting up your relationships. + +{{< note >}} +App containers don't have a default endpoint like services. +To connect your app to another app in your project, +you need to explicitly define the `http` endpoint as the endpoint to connect both apps.
+For more information, see how to [define relationships between your apps](/create-apps/multi-app/relationships.md). +{{< /note >}} + +{{< note title="Availability" theme="info">}} + +New syntax (default and explicit endpoints) described below is supported by most, but not all, image types +(`Relationship 'SERVICE_NAME' of application 'app' ... targets a service without a valid default endpoint configuration.`). +This syntax is currently being rolled out for all images. +If you encounter this error, use the "legacy" {{% vendor/name %}} configuration noted at the bottom of this section. + +{{< /note >}} + +To define a relationship between your app and a service: + +{{< codetabs >}} + ++++ +title=Using default endpoints ++++ + +Use the following configuration: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + {{% variable "SERVICE_NAME" %}}: +``` + +The `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). +It is used as the relationship name, and associated with a `null` value. +This instructs {{% vendor/name %}} to use the service's default endpoint to connect your app to the service. + +For example, if you define the following configuration: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + mariadb: +``` + +{{% vendor/name %}} looks for a service named `mariadb` in your `{{% vendor/configfile "services" %}}` file, +and connects your app to it through the service's default endpoint. + +For reference, the equivalent configuration using explicit endpoints would be the following: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + mariadb: + service: mariadb + endpoint: mysql +``` + +You can define any number of relationships in this way: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + mariadb: + redis: + elasticsearch: +``` + +{{< note title="Tip" theme="info" >}} + +An even quicker way to define many relationships is to use the following single-line configuration: + +```yaml {configFile="services"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: {{{< variable "SERVICE_NAME_A" >}}, {{< variable "SERVICE_NAME_B" >}}, {{< variable "SERVICE_NAME_C" >}}} + +services: + {{< variable "SERVICE_NAME_A" >}}: + type: mariadb:{{% latest "mariadb" %}} + {{< variable "SERVICE_NAME_B" >}}: + type: redis:{{% latest "redis" %}} + {{< variable "SERVICE_NAME_C" >}}: + type: elasticsearch:{{% latest "elasticsearch" %}} +``` + +{{< /note >}} + +<---> + ++++ +title=Using explicit endpoints ++++ + +Use the following configuration: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + {{% variable "RELATIONSHIP_NAME" %}}: + service: {{% variable "SERVICE_NAME" %}} + endpoint: {{% variable "ENDPOINT_NAME" %}} +``` + +- `RELATIONSHIP_NAME` is the name you want to give to the relationship. +- `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). +- `ENDPOINT_NAME` is the endpoint your app will use to connect to the service (refer to the service reference to know which value to use). + +For example, to define a relationship named `database` that connects your app to a service called `mariadb` through the `db1` endpoint, +use the following configuration: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + database: # The name of the relationship. + service: mariadb + endpoint: db1 +``` + +For more information on how to handle multiple databases, multiple cores, +and/or different permissions with services that support such features, +see each service's dedicated page: + + - [MariaDB/MySQL](/add-services/mysql/_index.md#multiple-databases) (multiple databases and permissions) + - [PostgreSQL](/add-services/postgresql/_index.md#multiple-databases) (multiple databases and permissions) + - [Redis](/add-services/redis/_index.md#multiple-databases) (multiple databases) + - [Solr](add-services/solr/_index.md#solr-6-and-later) (multiple cores) + - [Vault KMS](add-services/vault.md#multiple-endpoints-example) (multiple permissions) + + You can add as many relationships as you want to your app configuration, + using both default and explicit endpoints according to your needs: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + database1: + service: mariadb + endpoint: admin + database2: + service: mariadb + endpoint: legacy + cache: + service: redis + search: + service: elasticsearch +``` + +{{< /codetabs >}} + +{{< note theme="info" title="Legacy" >}} + +The following legacy syntax for specifying relationships is still supported by {{% vendor/name %}}: + +```yaml {configFile="app"} +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + : ":" + +services: + SERVICE_NAME_A: + type: mariadb:{{% latest "mariadb" %}} +``` + +For example: + +```yaml +applications: + {{% variable "APP_NAME" %}}: + # ... + relationships: + database: "db:mysql" + +services: + db: + type: mariadb:{{% latest "mariadb" %}} +``` + +Feel free to use this until the default and explicit endpoint syntax is supported on all images. + +{{< /note >}} diff --git a/sites/upsun/src/create-apps/image-properties/source.md b/sites/upsun/src/create-apps/image-properties/source.md new file mode 100644 index 0000000000..46794b70df --- /dev/null +++ b/sites/upsun/src/create-apps/image-properties/source.md @@ -0,0 +1,16 @@ +--- +title: "`source`" +weight: 4 +description: Contains information about the app’s source code and operations that can be run on it. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + +{{% description %}} + +The following table shows the properties that can be set in `source`: + +| Name | Type | Required | Description | +|--------------|--------------------------|----------|-----------------------------------------------------------------------------------------------------------------------------------| +| `operations` | An operations dictionary | | Operations that can be applied to the source code. See [source operations](../source-operations.md) | +| `root` | `string` | | The path where the app code lives. Defaults to the root project directory. Useful for [multi-app setups](../multi-app/_index.md). | \ No newline at end of file diff --git a/sites/upsun/src/create-apps/image-properties/variables.md b/sites/upsun/src/create-apps/image-properties/variables.md new file mode 100644 index 0000000000..8e1260aa90 --- /dev/null +++ b/sites/upsun/src/create-apps/image-properties/variables.md @@ -0,0 +1,70 @@ +--- +title: "`variables`" +weight: 4 +description: A variables dictionary that defines variables to control the environment. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images in {{% vendor/name %}}. + +{{% description %}} + +{{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). +Variables set in your app configuration have the lowest precedence, +meaning they're overridden by any conflicting values provided elsewhere. + +All variables set in your app configuration must have a prefix. +Some [prefixes have specific meanings](/development/variables/_index.md#variable-prefixes). + +Variables with the prefix `env` are available as a separate environment variable. +All other variables are available in +the [`PLATFORM_VARIABLES` environment variable](/development/variables/use-variables.md#use-provided-variables). + +The following example sets two variables: + +- A variable named `env:AUTHOR` with the value `Juan` that's available in the environment as `AUTHOR` +- A variable named `d8config:system.site:name` with the value `My site rocks` + that's available in the `PLATFORM_VARIABLES` environment variable + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + variables: + env: + AUTHOR: 'Juan' + d8config: + "system.site:name": 'My site rocks' +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + variables: + env: + AUTHOR: 'Juan' + d8config: + "system.site:name": 'My site rocks' +``` + +{{< /codetabs >}} + + +You can also define and access more [complex values](/development/variables/use-variables.md#access-complex-values). + diff --git a/sites/upsun/src/create-apps/image-properties/web.md b/sites/upsun/src/create-apps/image-properties/web.md new file mode 100644 index 0000000000..23b1a4e642 --- /dev/null +++ b/sites/upsun/src/create-apps/image-properties/web.md @@ -0,0 +1,354 @@ +--- +title: "`web`" +weight: 4 +description: A web instance that defines how the web application is served. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images in {{% vendor/name %}}. + +{{% description %}} + +Use the `web` key to configure the web server running in front of your app. + +In **single-runtime images**, defaults may vary with a different [image `type`](/create-apps/app-reference/single-runtime-image.md#types). + +| Name | Type | Required | Description | +|-------------|--------------------------------------------|-------------------------------|------------------------------------------------------| +| `commands` | A [web commands dictionary](#web-commands) | See [note](#required-command) | The command to launch your app. | +| `upstream` | An [upstream dictionary](#upstream) | | How the front server connects to your app. | +| `locations` | A [locations dictionary](#locations) | | How the app container responds to incoming requests. | + +See some [examples of how to configure what's served](../web/_index.md). + +### Web commands + +| Name | Type | Required | Description | +|--------------|----------|-------------------------------|-----------------------------------------------------------------------------------------------------| +| `pre_start` | `string` | | Command run just prior to `start`, which can be useful when you need to run _per-instance_ actions. | +| `start` | `string` | See [note](#required-command) | The command to launch your app. If it terminates, it's restarted immediately. | +| `post_start` | `string` | | Command runs **before** adding the container to the router and **after** the `start` command. | + +{{< note theme="info" >}} +The `post_start` feature is _experimental_ and may change. Please share your feedback in the +[{{% vendor/name %}} discord](https://discord.gg/platformsh). +{{< /note >}} + +Example: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + web: + commands: + start: 'uwsgi --ini conf/server.ini' +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + web: + commands: + start: 'uwsgi --ini conf/server.ini' +``` + +{{< /codetabs >}} + + +This command runs every time your app is restarted, regardless of whether or not new code is deployed. + +{{< note >}} + +Never "background" a start process using `&`. +That's interpreted as the command terminating and the supervisor process starts a second copy, +creating an infinite loop until the container crashes. +Just run it as normal and allow the {{% vendor/name %}} supervisor to manage it. + +{{< /note >}} + +#### Required command + +On all containers other than PHP, the value for `start` should be treated as required. + +On PHP containers, it's optional and defaults to starting PHP-FPM (`/usr/bin/start-php-app`). +It can also be set explicitly on a PHP container to run a dedicated process, +such as [React PHP](https://github.com/platformsh-examples/platformsh-example-reactphp) +or [Amp](https://github.com/platformsh-examples/platformsh-example-amphp). +See how to set up [alternate start commands on PHP](/languages/php/_index.md#alternate-start-commands). + +### Upstream + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + + +| Name | Type | Required | Description | Default | +|-----------------|---------------------|----------|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| +| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | Defaults to `tcp` for all [image types](/create-apps/app-reference/single-runtime-image.html#types) except PHP; for PHP image types the default is `unix`. | +| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | Default varies based on [image `type`](/create-apps/app-reference/single-runtime-image.html#types). | + +For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. +For all other containers, the default for `protocol` is `http`. + +The following example is the default on non-PHP containers: + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + web: + upstream: + socket_family: tcp + protocol: http +``` + +<---> + ++++ +title=Composable image ++++ + +| Name | Type | Required | Description | Default | +|-----------------|---------------------|----------|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| +| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | Defaults to `tcp` for all [primary runtimes](/create-apps/app-reference/composable-image.html#primary-runtime) except PHP; for PHP the default is `unix`. | +| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | Default varies based on the [primary runtimes](/create-apps/app-reference/composable-image.html#primary-runtime). | + +For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. +For all other containers, the default for `protocol` is `http`. + +The following example is the default on non-PHP containers: + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + web: + upstream: + socket_family: tcp + protocol: http +``` + +{{< /codetabs >}} + + + + +#### Where to listen + +Where to listen depends on your setting for `web.upstream.socket_family` (defaults to `tcp`). + +| `socket_family` | Where to listen | +|-----------------|---------------------------------------------------------------------------------------------------------------------------------------| +| `tcp` | The port specified by the [`PORT` environment variable](/development/variables/use-variables.md#use-provided-variables) | +| `unix` | The Unix socket file specified by the [`SOCKET` environment variable](/development/variables/use-variables.md#use-provided-variables) | + +If your application isn't listening at the same place that the runtime is sending requests, +you see `502 Bad Gateway` errors when you try to connect to your website. + +### Locations + +Each key in the `locations` dictionary is a path on your site with a leading `/`. +For `example.com`, a `/` matches `example.com/` and `/admin` matches `example.com/admin`. +When multiple keys match an incoming request, the most-specific applies. + +The following table presents possible properties for each location: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +| Name | Type | Default | Description | +|---------------------|------------------------------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `root` | `string` | | The directory to serve static assets for this location relative to the [app's root directory](/create-apps/app-reference/single-runtime-image.md#root-directory). Must be an actual directory inside the root directory. | +| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | +| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | +| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a the header. | +| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | +| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | +| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | +| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | +| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | + +<---> + ++++ +title=Composable image ++++ + +| Name | Type | Default | Description | +|---------------------|------------------------------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `root` | `string` | | The directory to serve static assets for this location relative to the app's root directory ([see `source.root`](/create-apps/image-properties/source.md)). Must be an actual directory inside the root directory. | +| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | +| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | +| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. | +| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | +| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | +| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | +| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | +| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | + +{{< /codetabs>}} + +#### Rules + +The rules dictionary can override most other keys according to a regular expression. +The key of each item is a regular expression to match paths exactly. +If an incoming request matches the rule, it's handled by the properties under the rule, +overriding any conflicting rules from the rest of the `locations` dictionary. + +Under `rules`, you can set all the other possible [`locations` properties](#locations) +except `root`, `index`, `rules` and `request_buffering`. + +In the following example, the `allow` key disallows requests for static files anywhere in the site. +This is overridden by a rule that explicitly allows common image file formats. + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + web: + locations: + '/': + # Handle dynamic requests + root: 'public' + passthru: '/index.php' + # Disallow static files + allow: false + rules: + # Allow common image files only. + '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': + allow: true +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + web: + locations: + '/': + # Handle dynamic requests + root: 'public' + passthru: '/index.php' + # Disallow static files + allow: false + rules: + # Allow common image files only. + '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': + allow: true +``` + +{{< /codetabs >}} + + +#### Request buffering + +Request buffering is enabled by default to handle chunked requests as most app servers don't support them. +The following table shows the keys in the `request_buffering` dictionary: + +| Name | Type | Required | Default | Description | +|--------------------|-----------|----------|---------|-------------------------------------------| +| `enabled` | `boolean` | Yes | `true` | Whether request buffering is enabled. | +| `max_request_size` | `string` | | `250m` | The maximum size to allow in one request. | + +The default configuration would look like this: + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + web: + locations: + '/': + passthru: true + request_buffering: + enabled: true + max_request_size: 250m +``` + +<---> + ++++ +title=Composable image ++++ + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + web: + locations: + '/': + passthru: true + request_buffering: + enabled: true + max_request_size: 250m +``` + +{{< /codetabs >}} + diff --git a/sites/upsun/src/create-apps/image-properties/workers.md b/sites/upsun/src/create-apps/image-properties/workers.md new file mode 100644 index 0000000000..34500881f8 --- /dev/null +++ b/sites/upsun/src/create-apps/image-properties/workers.md @@ -0,0 +1,93 @@ +--- +title: "`workers`" +weight: 4 +description: Defines the list of worker names, which are alternate copies of the application to run as background processes. +--- + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images in {{% vendor/name %}}. + +{{% description %}} + +{{< codetabs >}} + ++++ +title=Single-runtime image ++++ + +Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](/create-apps/image-properties/hooks.md). +They use the same container image. + +Workers can't accept public requests and so are suitable only for background tasks. +If they exit, they're automatically restarted. + +The keys of the `workers` definition are the names of the workers. +You can then define how each worker differs from the `web` instance using +the [top-level properties](/create-apps/app-reference/single-runtime-image.md#primary-application-properties). + +Each worker can differ from the `web` instance in all properties _except_ for: + +- `build` and `dependencies` properties, which must be the same +- `crons` as cron jobs don't run on workers +- `hooks` as the `build` hook must be the same + and the `deploy` and `post_deploy` hooks don't run on workers. + +A worker named `queue` that was small and had a different start command could look like this: + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + type: 'python:{{% latest "python" %}}' + workers: + queue: + commands: + start: | + ./worker.sh +``` + +Workers require resource definition using `{{% vendor/cli %}} resources:set`, same as application containers. +For more information, see how to [manage resources](/manage-resources.md). + + +<---> + ++++ +title=Composable image ++++ + +Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](/create-apps/image-properties/hooks.md). +They use the same container image. + +Workers can't accept public requests and so are suitable only for background tasks. +If they exit, they're automatically restarted. + +The keys of the `workers` definition are the names of the workers. +You can then define how each worker differs from the `web` instance using +the [top-level properties](#primary-application-properties). + +Each worker can differ from the `web` instance in all properties _except_ for: + +- `crons` as cron jobs don't run on workers +- `hooks` as the `build` hook must be the same + and the `deploy` and `post_deploy` hooks don't run on workers. + +A worker named `queue` that was small and had a different start command could look like this: + +```yaml {configFile="app"} +applications: + myapp: + source: + root: "/" + stack: [ "python@{{% latest python %}}" ] + workers: + queue: + commands: + start: | + ./worker.sh +``` + +Workers require resource definition using `{{% vendor/cli %}} resources:set`, same as application containers. +For more information, see how to [manage resources](/manage-resources.md). + +{{< /codetabs >}} From f8bb843ac324bef19626f56c69e6adbd9cf41350 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 06:10:03 -0400 Subject: [PATCH 33/48] upsun: move image properties files --- .../src/create-apps/app-reference/access.md | 50 -- .../app-reference/additional_hosts.md | 349 -------------- .../app-reference/container_profile.md | 16 - .../src/create-apps/app-reference/crons.md | 354 --------------- .../src/create-apps/app-reference/disk.md | 19 - .../src/create-apps/app-reference/firewall.md | 206 --------- .../src/create-apps/app-reference/hooks.md | 99 ---- .../app-reference/image-properties/_index.md | 14 - .../src/create-apps/app-reference/mounts.md | 428 ------------------ .../app-reference/relationships.md | 216 --------- .../create-apps/app-reference/resources.md | 24 - .../src/create-apps/app-reference/source.md | 12 - .../create-apps/app-reference/variables.md | 66 --- .../src/create-apps/app-reference/web.md | 349 -------------- .../src/create-apps/app-reference/workers.md | 91 ---- 15 files changed, 2293 deletions(-) delete mode 100644 sites/upsun/src/create-apps/app-reference/access.md delete mode 100644 sites/upsun/src/create-apps/app-reference/additional_hosts.md delete mode 100644 sites/upsun/src/create-apps/app-reference/container_profile.md delete mode 100644 sites/upsun/src/create-apps/app-reference/crons.md delete mode 100644 sites/upsun/src/create-apps/app-reference/disk.md delete mode 100644 sites/upsun/src/create-apps/app-reference/firewall.md delete mode 100644 sites/upsun/src/create-apps/app-reference/hooks.md delete mode 100644 sites/upsun/src/create-apps/app-reference/image-properties/_index.md delete mode 100644 sites/upsun/src/create-apps/app-reference/mounts.md delete mode 100644 sites/upsun/src/create-apps/app-reference/relationships.md delete mode 100644 sites/upsun/src/create-apps/app-reference/resources.md delete mode 100644 sites/upsun/src/create-apps/app-reference/source.md delete mode 100644 sites/upsun/src/create-apps/app-reference/variables.md delete mode 100644 sites/upsun/src/create-apps/app-reference/web.md delete mode 100644 sites/upsun/src/create-apps/app-reference/workers.md diff --git a/sites/upsun/src/create-apps/app-reference/access.md b/sites/upsun/src/create-apps/app-reference/access.md deleted file mode 100644 index a7226a5407..0000000000 --- a/sites/upsun/src/create-apps/app-reference/access.md +++ /dev/null @@ -1,50 +0,0 @@ ---- -title: "`access`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. The `access` dictionary has one allowed key: - -| Name | Allowed values | Default | Description | -|-------|-------------------------------------|---------------|-----------------------------------------------------------------------| -| `ssh` | `admin`, `contributor`, or `viewer` | `contributor` | Defines the minimum role required to access app environments via SSH. | - -In the following example, only users with `admin` permissions for the -given [environment type](/administration/users.md#environment-type-roles) -can access the deployed environment via SSH: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - access: - ssh: admin -``` - -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - access: - ssh: admin -``` - -{{< /codetabs >}} - diff --git a/sites/upsun/src/create-apps/app-reference/additional_hosts.md b/sites/upsun/src/create-apps/app-reference/additional_hosts.md deleted file mode 100644 index a8a5618ff5..0000000000 --- a/sites/upsun/src/create-apps/app-reference/additional_hosts.md +++ /dev/null @@ -1,349 +0,0 @@ ---- -title: "`additional_hosts`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. Use the `web` key to configure the web server running in front of your app. -In single-runtime images, defaults may vary with a different [image `type`](/create-apps/app-reference/single-runtime-image.md#types). - -| Name | Type | Required | Description | -|-------------|--------------------------------------------|-------------------------------|------------------------------------------------------| -| `commands` | A [web commands dictionary](#web-commands) | See [note](#required-command) | The command to launch your app. | -| `upstream` | An [upstream dictionary](#upstream) | | How the front server connects to your app. | -| `locations` | A [locations dictionary](#locations) | | How the app container responds to incoming requests. | - -See some [examples of how to configure what's served](../web/_index.md). - -### Web commands - -| Name | Type | Required | Description | -|--------------|----------|-------------------------------|-----------------------------------------------------------------------------------------------------| -| `pre_start` | `string` | | Command run just prior to `start`, which can be useful when you need to run _per-instance_ actions. | -| `start` | `string` | See [note](#required-command) | The command to launch your app. If it terminates, it's restarted immediately. | -| `post_start` | `string` | | Command runs **before** adding the container to the router and **after** the `start` command. | - -{{< note theme="info" >}} -The `post_start` feature is _experimental_ and may change. Please share your feedback in the -[{{% vendor/name %}} discord](https://discord.gg/platformsh). -{{< /note >}} - -Example: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - web: - commands: - start: 'uwsgi --ini conf/server.ini' -``` - -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - web: - commands: - start: 'uwsgi --ini conf/server.ini' -``` - -{{< /codetabs >}} - - -This command runs every time your app is restarted, regardless of whether or not new code is deployed. - -{{< note >}} - -Never "background" a start process using `&`. -That's interpreted as the command terminating and the supervisor process starts a second copy, -creating an infinite loop until the container crashes. -Just run it as normal and allow the {{% vendor/name %}} supervisor to manage it. - -{{< /note >}} - -#### Required command - -On all containers other than PHP, the value for `start` should be treated as required. - -On PHP containers, it's optional and defaults to starting PHP-FPM (`/usr/bin/start-php-app`). -It can also be set explicitly on a PHP container to run a dedicated process, -such as [React PHP](https://github.com/platformsh-examples/platformsh-example-reactphp) -or [Amp](https://github.com/platformsh-examples/platformsh-example-amphp). -See how to set up [alternate start commands on PHP](/languages/php/_index.md#alternate-start-commands). - -### Upstream - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - - -| Name | Type | Required | Description | Default | -|-----------------|---------------------|----------|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| -| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | Defaults to `tcp` for all [image types](#types) except PHP; for PHP image types the default is `unix`. | -| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | Default varies based on [image `type`](#types). | - -For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. -For all other containers, the default for `protocol` is `http`. - -The following example is the default on non-PHP containers: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - web: - upstream: - socket_family: tcp - protocol: http -``` - -<---> - -+++ -title=Composable image -+++ - -| Name | Type | Required | Description | Default | -|-----------------|---------------------|----------|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| -| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | Defaults to `tcp` for all [primary runtimes](#primary-runtime) except PHP; for PHP the default is `unix`. | -| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | Default varies based on the [primary runtimes](#primary-runtime). | - -For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. -For all other containers, the default for `protocol` is `http`. - -The following example is the default on non-PHP containers: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - web: - upstream: - socket_family: tcp - protocol: http -``` - -{{< /codetabs >}} - - - - -#### Where to listen - -Where to listen depends on your setting for `web.upstream.socket_family` (defaults to `tcp`). - -| `socket_family` | Where to listen | -|-----------------|---------------------------------------------------------------------------------------------------------------------------------------| -| `tcp` | The port specified by the [`PORT` environment variable](/development/variables/use-variables.md#use-provided-variables) | -| `unix` | The Unix socket file specified by the [`SOCKET` environment variable](/development/variables/use-variables.md#use-provided-variables) | - -If your application isn't listening at the same place that the runtime is sending requests, -you see `502 Bad Gateway` errors when you try to connect to your website. - -### Locations - -Each key in the `locations` dictionary is a path on your site with a leading `/`. -For `example.com`, a `/` matches `example.com/` and `/admin` matches `example.com/admin`. -When multiple keys match an incoming request, the most-specific applies. - -The following table presents possible properties for each location: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -| Name | Type | Default | Description | -|---------------------|------------------------------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `root` | `string` | | The directory to serve static assets for this location relative to the [app's root directory](/create-apps/app-reference/single-runtime-image.md#root-directory). Must be an actual directory inside the root directory. | -| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | -| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | -| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a the header. | -| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | -| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | -| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | -| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | -| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | - -<---> - -+++ -title=Composable image -+++ - -| Name | Type | Default | Description | -|---------------------|------------------------------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `root` | `string` | | The directory to serve static assets for this location relative to the app's root directory ([see `source.root`](/create-apps/app-reference/source.md)). Must be an actual directory inside the root directory. | -| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | -| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | -| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. | -| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | -| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | -| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | -| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | -| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | - -{{< /codetabs>}} - -#### Rules - -The rules dictionary can override most other keys according to a regular expression. -The key of each item is a regular expression to match paths exactly. -If an incoming request matches the rule, it's handled by the properties under the rule, -overriding any conflicting rules from the rest of the `locations` dictionary. - -Under `rules`, you can set all the other possible [`locations` properties](#locations) -except `root`, `index`, `rules` and `request_buffering`. - -In the following example, the `allow` key disallows requests for static files anywhere in the site. -This is overridden by a rule that explicitly allows common image file formats. - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - web: - locations: - '/': - # Handle dynamic requests - root: 'public' - passthru: '/index.php' - # Disallow static files - allow: false - rules: - # Allow common image files only. - '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': - allow: true -``` - -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - web: - locations: - '/': - # Handle dynamic requests - root: 'public' - passthru: '/index.php' - # Disallow static files - allow: false - rules: - # Allow common image files only. - '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': - allow: true -``` - -{{< /codetabs >}} - - -#### Request buffering - -Request buffering is enabled by default to handle chunked requests as most app servers don't support them. -The following table shows the keys in the `request_buffering` dictionary: - -| Name | Type | Required | Default | Description | -|--------------------|-----------|----------|---------|-------------------------------------------| -| `enabled` | `boolean` | Yes | `true` | Whether request buffering is enabled. | -| `max_request_size` | `string` | | `250m` | The maximum size to allow in one request. | - -The default configuration would look like this: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - web: - locations: - '/': - passthru: true - request_buffering: - enabled: true - max_request_size: 250m -``` - -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - web: - locations: - '/': - passthru: true - request_buffering: - enabled: true - max_request_size: 250m -``` - -{{< /codetabs >}} - diff --git a/sites/upsun/src/create-apps/app-reference/container_profile.md b/sites/upsun/src/create-apps/app-reference/container_profile.md deleted file mode 100644 index 057c067830..0000000000 --- a/sites/upsun/src/create-apps/app-reference/container_profile.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: "`container_profile`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. By default, {{% vendor/name %}} allocates a container profile to each app and service depending on the range of resources it’s -expected to need. - -Each container profile gives you access to a specific list of CPU and RAM combinations. -Using the {{% vendor/name %}} CLI or Console, you can then pick a CPU and RAM combination for each of your apps and services. - -- [Container profile types and resources](/manage-resources/adjust-resources.md#advanced-container-profiles) -- [Default container profiles](/manage-resources/adjust-resources.md#default-container-profiles) for runtime and service - containers -- [Customize resources using the `container_profile` key](/manage-resources/adjust-resources.md#adjust-a-container-profile) \ No newline at end of file diff --git a/sites/upsun/src/create-apps/app-reference/crons.md b/sites/upsun/src/create-apps/app-reference/crons.md deleted file mode 100644 index c7082f2074..0000000000 --- a/sites/upsun/src/create-apps/app-reference/crons.md +++ /dev/null @@ -1,354 +0,0 @@ ---- -title: "`crons`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. The keys of the `crons` definition are the names of the cron jobs. -The names must be unique. - -If an application defines both a `web` instance and `worker` instances, cron jobs run only on the `web` instance. - -See how to [get cron logs](/increase-observability/logs/access-logs.md#container-logs). - -The following table shows the properties for each job: - -| Name | Type | Required | Description | -|--------------------|----------------------------------------------|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time. | -| `commands` | A [cron commands dictionary](#cron-commands) | Yes | A definition of what commands to run when starting and stopping the cron job. | -| `shutdown_timeout` | `integer` | No | When a cron is canceled, this represents the number of seconds after which a `SIGKILL` signal is sent to the process to force terminate it. The default is `10` seconds. | -| `timeout` | `integer` | No | The maximum amount of time a cron can run before it's terminated. Defaults to the maximum allowed value of `86400` seconds (24 hours). | - -Note that you can [cancel pending or running crons](/environments/cancel-activity.md). - -### Cron commands - -| Name | Type | Required | Description | -|---------|----------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `start` | `string` | Yes | The command that's run. It's run in [Dash](https://en.wikipedia.org/wiki/Almquist_shell). | -| `stop` | `string` | No | The command that's issued to give the cron command a chance to shutdown gracefully, such as to finish an active item in a list of tasks. Issued when a cron task is interrupted by a user through the CLI or Console. If not specified, a `SIGTERM` signal is sent to the process. | - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'nodejs:{{% latest "nodejs" %}}' - crons: - mycommand: - spec: 'H * * * *' - commands: - start: sleep 60 && echo sleep-60-finished && date - stop: killall sleep - shutdown_timeout: 18 -``` - -In this example configuration, the [cron specification](#crons) uses the `H` syntax. - -### Single-runtime image: Example cron jobs - - -{{< codetabs >}} - -+++ -title=Drupal -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'php:{{% latest "php" %}}' -crons: - # Run Drupal's cron tasks every 19 minutes. - drupal: - spec: '*/19 * * * *' - commands: - start: 'cd web ; drush core-cron' - # But also run pending queue tasks every 7 minutes. - # Use an odd number to avoid running at the same time as the `drupal` cron. - drush-queue: - spec: '*/7 * * * *' - commands: - start: 'cd web ; drush queue-run aggregator_feeds' - {{< /snippet >}} -``` - -<---> - -+++ -title=Ruby on Rails -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'ruby:{{% latest "ruby" %}}' -crons: - # Execute a rake script every 19 minutes. - ruby: - spec: '*/19 * * * *' - commands: - start: 'bundle exec rake some:task' - {{< /snippet >}} -``` - -<---> - -+++ -title=Laravel -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'php:{{% latest "php" %}}' -crons: - # Run Laravel's scheduler every 5 minutes. - scheduler: - spec: '*/5 * * * *' - commands: - start: 'php artisan schedule:run' - {{< /snippet >}} -``` - -<---> - -+++ -title=Symfony -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'php:{{% latest "php" %}}' -crons: - # Take a backup of the environment every day at 5:00 AM. - snapshot: - spec: 0 5 * * * - commands: - start: | - # Only run for the production environment, aka main branch - if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then - croncape symfony ... - fi - {{< /snippet >}} -``` - -{{< /codetabs >}} - - -### Composable image: Example cron jobs - - -{{< codetabs >}} - -+++ -title=Drupal -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "php@{{% latest php %}}" ] -crons: - # Run Drupal's cron tasks every 19 minutes. - drupal: - spec: '*/19 * * * *' - commands: - start: 'cd web ; drush core-cron' - # But also run pending queue tasks every 7 minutes. - # Use an odd number to avoid running at the same time as the `drupal` cron. - drush-queue: - spec: '*/7 * * * *' - commands: - start: 'cd web ; drush queue-run aggregator_feeds' -{{< /snippet >}} -``` - -<---> - -+++ -title=Ruby on Rails -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "ruby@{{% latest ruby %}}" ] -crons: - # Execute a rake script every 19 minutes. - ruby: - spec: '*/19 * * * *' - commands: - start: 'bundle exec rake some:task' -{{< /snippet >}} -``` - -<---> - -+++ -title=Laravel -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "php@{{% latest php %}}" ] -crons: - # Run Laravel's scheduler every 5 minutes. - scheduler: - spec: '*/5 * * * *' - commands: - start: 'php artisan schedule:run' -{{< /snippet >}} -``` - -<---> - -+++ -title=Symfony -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "php@{{% latest php %}}" ] -crons: - # Take a backup of the environment every day at 5:00 AM. - snapshot: - spec: 0 5 * * * - commands: - start: | - # Only run for the production environment, aka main branch - if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then - croncape symfony ... - fi -{{< /snippet >}} -``` - -{{< /codetabs >}} - - -### Conditional crons - -If you want to set up customized cron schedules depending on the environment type, -define conditional crons. -To do so, use a configuration similar to the following: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'php:{{% latest "php" %}}' - crons: - update: - spec: '0 0 * * *' - commands: - start: | - if [ "$PLATFORM_ENVIRONMENT_TYPE" = production ]; then - {{% vendor/cli %}} backup:create --yes --no-wait - {{% vendor/cli %}} source-operation:run update --no-wait --yes - fi -``` -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "php@{{% latest php %}}" ] - crons: - update: - spec: '0 0 * * *' - commands: - start: | - if [ "$PLATFORM_ENVIRONMENT_TYPE" = production ]; then - {{% vendor/cli %}} backup:create --yes --no-wait - {{% vendor/cli %}} source-operation:run update --no-wait --yes - fi -``` - -{{< /codetabs >}} - - - -### Cron job timing - -The minimum time between cron jobs being triggered is 5 minutes. - -For each app container, only one cron job can run at a time. -If a new job is triggered while another is running, the new job is paused until the other completes. - -To minimize conflicts, a random offset is applied to all triggers. -The offset is a random number of seconds up to 20 minutes or the cron frequency, whichever is smaller. - -Crons are also paused while activities such as [backups](/environments/backup.md) are running. -The crons are queued to run after the other activity finishes. - -To run cron jobs in a timezone other than UTC, set the `timezone` property property as described for the image type ([single-runtime image](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) or -[composable image](/create-apps/app-reference/composable-image.md#primary-application-properties)). - -To run cron jobs in a timezone other than UTC, set the [timezone property](#primary-application-properties). - -### Paused crons - -[Preview environments](/glossary.md#preview-environment) are often used for a limited time and then abandoned. -While it's useful for environments under active development to have scheduled tasks, -unused environments don't need to run cron jobs. -To minimize unnecessary resource use, -crons on environments with no deployments are paused. - -This affects all preview environments, _and_ production environment that do not yet have a domain attached to them. - -Such environments with deployments within 14 days have crons with the status `running`. -If there haven't been any deployments within 14 days, the status is `paused`. - -You can see the status in the Console -or using the CLI by running `{{% vendor/cli %}} environment:info` and looking under `deployment_state`. - -#### Restarting paused crons - -If the crons on your preview environment are paused but you're still using them, -you can push changes to the environment or redeploy it. - -To restart crons without changing anything: - -{{< codetabs >}} - -+++ -title=In the Console -+++ - -1. In the Console, navigate to your project. -1. Open the environment where you'd like the crons to run. -1. Click `Redeploy` next to the cron status of `Paused`. - -<---> - -+++ -title=Using the CLI -+++ - -Run the following command: - -```bash -{{% vendor/cli %}} redeploy -``` - -{{< /codetabs >}} - -### Composable image only: Sizing hints - -The following table shows the properties that can be set in `sizing_hints`: - -| Name | Type | Default | Minimum | Description | -|-------------------|-----------|---------|---------|------------------------------------------------| -| `request_memory` | `integer` | 45 | 10 | The average memory consumed per request in MB. | -| `reserved_memory` | `integer` | 70 | 70 | The amount of memory reserved in MB. | - -See more about [PHP-FPM workers and sizing](/languages/php/fpm.md). diff --git a/sites/upsun/src/create-apps/app-reference/disk.md b/sites/upsun/src/create-apps/app-reference/disk.md deleted file mode 100644 index 38258ff7ce..0000000000 --- a/sites/upsun/src/create-apps/app-reference/disk.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: "`disk`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. Disk for application containers are not committed to YAML files, but instead managed over the API using either the -Console or the `{{% vendor/cli %}} resources:set` command. - -For more information, see how to [manage resources](/manage-resources.md). - -### Downsize a disk - -It's a best practice to [back up your environment](/environments/backup.md) **before and after** you increase **or** decrease the `disk` value (the amount of allocated storage space) of an app or service. - -You can decrease the size of an existing disk for an app. If you do so, be aware that: -- Downsizing fails if the amount of data exceeds the configured `disk` value. -- Backups completed before the downsizing a disk are incompatible and can no longer be used to restore applications. You need to [create new backups](/environments/backup.md). - diff --git a/sites/upsun/src/create-apps/app-reference/firewall.md b/sites/upsun/src/create-apps/app-reference/firewall.md deleted file mode 100644 index 5e0ced6ed0..0000000000 --- a/sites/upsun/src/create-apps/app-reference/firewall.md +++ /dev/null @@ -1,206 +0,0 @@ ---- -title: "`firewall`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -{{< premium-features/tiered "Elite and Enterprise" >}} - -Set limits in outbound traffic from your app with no impact on inbound requests. - -The `outbound` key is required and contains one or more rules. -The rules define what traffic is allowed; anything unspecified is blocked. - -Each rule has the following properties where at least one is required and `ips` and `domains` can't be specified -together: - -| Name | Type | Default | Description | -|-----------|---------------------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `ips` | Array of `string`s | `["0.0.0.0/0"]` | IP addresses in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). See a [CIDR format converter](https://www.ipaddressguide.com/cidr). | -| `domains` | Array of `string`s | | [Fully qualified domain names](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) to specify specific destinations by hostname. | -| `ports` | Array of `integer`s | | Ports from 1 to 65535 that are allowed. If any ports are specified, all unspecified ports are blocked. If no ports are specified, all ports are allowed. Port `25`, the SMTP port for sending email, is always blocked. | - -The default settings would look like this: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - firewall: - outbound: - - ips: [ "0.0.0.0/0" ] -``` - -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - firewall: - outbound: - - ips: [ "0.0.0.0/0" ] -``` - -{{< /codetabs >}} - - - -### Support for rules - -Where outbound rules for firewalls are supported in all environments. - -### Multiple rules - -Multiple firewall rules can be specified. -In such cases, a given outbound request is allowed if it matches _any_ of the defined rules. - -So in the following example requests to any IP on port 80 are allowed -and requests to 1.2.3.4 on either port 80 or 443 are allowed: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - firewall: - outbound: - - ips: [ "1.2.3.4/32" ] - ports: [ 443 ] - - ports: [ 80 ] -``` - -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - firewall: - outbound: - - ips: [ "1.2.3.4/32" ] - ports: [ 443 ] - - ports: [ 80 ] -``` - -{{< /codetabs >}} - - -### Outbound traffic to CDNs - -Be aware that many services are behind a content delivery network (CDN). -For most CDNs, routing is done via domain name, not IP address, -so thousands of domain names may share the same public IP addresses at the CDN. -If you allow the IP address of a CDN, you are usually allowing many or all of the other customers hosted behind that -CDN. - -### Outbound traffic by domain - -You can filter outbound traffic by domain. -Using domains in your rules rather than IP addresses is generally more specific and secure. -For example, if you use an IP address for a service with a CDN, -you have to allow the IP address for the CDN. -This means that you allow potentially hundreds or thousands of other servers also using the CDN. - -An example rule filtering by domain: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - firewall: - outbound: - - protocol: tcp - domains: [ "api.stripe.com", "api.twilio.com" ] - ports: [ 80, 443 ] - - protocol: tcp - ips: [ "1.2.3.4/29","2.3.4.5" ] - ports: [ 22 ] -``` - -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - firewall: - outbound: - - protocol: tcp - domains: [ "api.stripe.com", "api.twilio.com" ] - ports: [ 80, 443 ] - - protocol: tcp - ips: [ "1.2.3.4/29","2.3.4.5" ] - ports: [ 22 ] -``` - -{{< /codetabs >}} - - -#### Determine which domains to allow - -To determine which domains to include in your filtering rules, -find the domains your site has requested the DNS to resolve. -Run the following command to parse your server’s `dns.log` file -and display all Fully Qualified Domain Names that have been requested: - -```bash -awk '/query\[[^P]\]/ { print $6 | "sort -u" }' /var/log/dns.log -``` - -The output includes all DNS requests that were made, including those blocked by your filtering rules. -It doesn't include any requests made using an IP address. - -Example output: - -```bash -facebook.com -fastly.com -upsun.com -www.google.com -www.upsun.com -``` - - - diff --git a/sites/upsun/src/create-apps/app-reference/hooks.md b/sites/upsun/src/create-apps/app-reference/hooks.md deleted file mode 100644 index da69913061..0000000000 --- a/sites/upsun/src/create-apps/app-reference/hooks.md +++ /dev/null @@ -1,99 +0,0 @@ ---- -title: "`hooks`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. -keywords: - - hooks - - hooks ---- - -Optional. There are three different hooks that run as part of the process of building and deploying your app. -These are places where you can run custom scripts. -They are: the `build` hook, the `deploy` hook, and the `post_deploy` hook. -Only the `build` hook is run for [worker instances](/create-apps/app-reference/workers.md), while [web instances](/create-apps/app-reference/web.md) run all three. - -The process is ordered as: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -1. Variables accessible at build time become available. -1. [Build flavor](/create-apps/app-reference/single-runtime-image.md#build) runs if applicable. -1. Any [dependencies](/create-apps/app-reference/single-runtime-image.md##dependencies) are installed. -1. The `build` hook is run. -1. The file system is changed to read only, except for any [mounts]. -1. The app container starts. Variables accessible at runtime and services become available. -1. The `deploy` hook is run. -1. The app container begins accepting requests. -1. The `post_deploy` hook is run. - -<---> - -+++ -title=Composable image -+++ - -1. Variables accessible at build time become available. -1. The `build` hook is run. -1. The file system is changed to read only, except for any [mounts]. -1. The app container starts. Variables accessible at runtime and services become available. -1. The `deploy` hook is run. -1. The app container begins accepting requests. -1. The `post_deploy` hook is run. - -{{< /codetabs >}} - -Note that if an environment changes by no code changes, only the last step is run. -If you want the entire process to run, see how -to [manually trigger builds](/development/troubleshoot.md#manually-trigger-builds). - -### Writable directories during build - -During the `build` hook, there are three writeable directories: - -- `PLATFORM_APP_DIR`: - Where your code is checked out and the working directory when the `build` hook starts. - Becomes the app that gets deployed. -- `PLATFORM_CACHE_DIR`: - Persists between builds, but isn't deployed. - Shared by all builds on all branches. -- `/tmp`: - Isn't deployed and is wiped between each build. - Note that `PLATFORM_CACHE_DIR` is mapped to `/tmp` - and together they offer about 8GB of free space. - -### Hook failure - -Each hook is executed as a single script, so they're considered to have failed only if the final command in them fails. -To cause them to fail on the first failed command, add `set -e` to the beginning of the hook. - -If a `build` hook fails for any reason, the build is aborted and the deploy doesn't happen. -Note that this only works for `build` hooks -- -if other hooks fail, the app is still deployed. - -#### Automated testing - -It’s preferable that you set up and run automated tests in a dedicated CI/CD tool. -Relying on {{% vendor/name %}} hooks for such tasks can prove difficult. - -During the `build` hook, you can halt the deployment on a test failure but the following limitations apply: - -- Access to services such as databases, Redis, Vault KMS, and even writable mounts is disabled. - So any testing that relies on it is sure to fail. -- If you haven’t made changes to your app, an existing build image is reused and the build hook isn’t run. -- Test results are written into your app container, so they might get exposed to a third party. - -During the `deploy` hook, you can access services but **you can’t halt the deployment based on a test failure**. -Note that there are other downsides: - -- Your app container is read-only during the deploy hook, - so if your tests need to write reports and other information, you need to create a file mount for them. -- Your app can only be deployed once the deploy hook has been completed. - Therefore, running automated testing via the deploy hook generates slower deployments. -- Your environment isn’t available externally during the deploy hook. - Unit and integration testing might work without the environment being available, - but you can’t typically perform end-to-end testing until after the environment is up and available. - diff --git a/sites/upsun/src/create-apps/app-reference/image-properties/_index.md b/sites/upsun/src/create-apps/app-reference/image-properties/_index.md deleted file mode 100644 index 85ea0542f5..0000000000 --- a/sites/upsun/src/create-apps/app-reference/image-properties/_index.md +++ /dev/null @@ -1,14 +0,0 @@ ---- -title: "Image properties" -sidebarTitle: "Image properties" -weight: 6 -description: Details about image properties in the {{% vendor/name %}} config.yaml file -layout: single ---- - -Learn about the image properties you can define in the an application configuration file. - -The image properties below are used to configure both single-runtime images and composable images. Although thethe images use many of the same property names, the details or syntax differ depending on the context. These differences are noted within the topic. - -For details about the properties that are unique to each image type, refer to the [Single-runtime image](/create-apps/app-reference/single-runtime-image.md#) and [Composable image](/create-apps/app-reference/composable-image.md#) topics. - diff --git a/sites/upsun/src/create-apps/app-reference/mounts.md b/sites/upsun/src/create-apps/app-reference/mounts.md deleted file mode 100644 index 8f80136805..0000000000 --- a/sites/upsun/src/create-apps/app-reference/mounts.md +++ /dev/null @@ -1,428 +0,0 @@ ---- -title: "`mounts`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. After your app is built, its file system is read-only. -To make changes to your app's code, you need to use Git. - -For enhanced flexibility, {{% vendor/name %}} allows you to define and use writable directories called "mounts". -Mounts give you write access to files generated by your app (such as cache and log files) -and uploaded files without going through Git. - -When you define a mount, you are mounting an external directory to your app container, -much like you would plug a hard drive into your computer to transfer data. - -{{% note %}} - -- Mounts aren't available during the build -- When you [back up an environment](/environments/backup.md), the mounts on that environment are backed up too - -{{% /note %}} - -### Define a mount - -To define a mount, use the following configuration: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: nodejs:{{% latest "nodejs" %}} - mounts: - '{{< variable "MOUNT_PATH" >}}': - source: {{< variable "MOUNT_TYPE" >}} - source_path: {{< variable "SOURCE_PATH_LOCATION" >}} -``` - -{{< variable "MOUNT_PATH" >}} is the path to your mount **within the app container** (relative to the app's root). -If you already have a directory with that name, you get a warning that it isn't accessible after the build. -See how to [troubleshoot the warning](../troubleshoot-mounts.md#overlapping-folders). - -| Name | Type | Required | Description | -| ------------- | -------------------- | -------- | ----------- | -| `source` | `storage`, `instance`, `tmp` (also called `temporary`), or `service` | Yes | Specifies the type of the mount:

- By design, `storage` mounts can be shared between instances of the same app. You can also configure them so they are [shared between different apps](#share-a-mount-between-several-apps).

-`instance` mounts are local mounts. Unique to your app, they are useful to store files that remain local to the app instance, such as application logs.

- `tmp` (or `temporary`) mounts are local ephemeral mounts, where an external directory is mounted to the `/tmp` directory of your app.
The content of a `tmp` mount **may be removed during infrastructure maintenance operations**. Therefore, `tmp` mounts allow you to **store files that you’re not afraid to lose**, such as your application cache that can be seamlessly rebuilt.
Note that the `/tmp` directory has **a maximum allocation of 8 GB**.

- `service` mounts can be useful if you want to explicitly define and use a [Network Storage](/add-services/network-storage.md) service to share data between different apps (instead of using a `storage` mount).| -| `source_path` | `string` | No | Specifies where the mount points **inside the [external directory](#mounts)**.

- If you explicitly set a `source_path`, your mount points to a specific subdirectory in the external directory.

- If the `source_path` is an empty string (`""`), your mount points to the entire external directory.

- If you don't define a `source_path`, {{% vendor/name %}} uses the {{< variable "MOUNT_PATH" >}} as default value, without leading or trailing slashes.
For example, if your mount lives in the `/web/uploads/` directory in your app container, it will point to a directory named `web/uploads` in the external directory.

**WARNING:** Changing the name of your mount affects the `source_path` when it's undefined. See [how to ensure continuity](#ensure-continuity-when-changing-the-name-of-your-mount) and maintain access to your files. | -| `service` | `string` | | The purpose of the `service` key depends on your use case.

In a multi-app context where a `storage` mount is shared between apps, `service` is required. Its value is the name of the app whose mount you want to share. See how to [share a mount between several apps](#share-a-mount-between-several-apps).

In a multi-app context where a [Network Storage service](/add-services/network-storage.md) (`service` mount) is shared between apps, `service` is required and specifies the name of that Network Storage. | -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "nodejs@{{% latest nodejs %}}" ] - mounts: - '{{< variable "MOUNT_PATH" >}}': - source: {{< variable "MOUNT_TYPE" >}} - source_path: {{< variable "SOURCE_PATH_LOCATION" >}} -``` - -{{< variable "MOUNT_PATH" >}} is the path to your mount **within the app container** (relative to the app's root). -If you already have a directory with that name, you get a warning that it isn't accessible after the build. -See how to [troubleshoot the warning](../troubleshoot-mounts.md#overlapping-folders). - -| Name | Type | Required | Description | -|---------------|--------------------------------|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `source` | `storage`, `tmp`, or `service` | Yes | Specifies the type of the mount:

- By design, `storage` mounts can be shared between instances of the same app. You can also configure them so they are [shared between different apps](#share-a-mount-between-several-apps).

-`instance` mounts are local mounts. Unique to your app, they are useful to store files that remain local to the app instance, such as application logs.

- `tmp` mounts are local ephemeral mounts, where an external directory is mounted to the `/tmp` directory of your app.
The content of a `tmp` mount **may be removed during infrastructure maintenance operations**. Therefore, `tmp` mounts allow you to **store files that you’re not afraid to lose**, such as your application cache that can be seamlessly rebuilt.
Note that the `/tmp` directory has **a maximum allocation of 8 GB**.

- `service` mounts can be useful if you want to explicitly define and use a [Network Storage](/add-services/network-storage.md) service to share data between different apps (instead of using a `storage` mount). | -| `source_path` | `string` | No | Specifies where the mount points **inside the [external directory](#mounts)**.

- If you explicitly set a `source_path`, your mount points to a specific subdirectory in the external directory.

- If the `source_path` is an empty string (`""`), your mount points to the entire external directory.

- If you don't define a `source_path`, {{% vendor/name %}} uses the {{< variable "MOUNT_PATH" >}} as default value, without leading or trailing slashes.
For example, if your mount lives in the `/web/uploads/` directory in your app container, it will point to a directory named `web/uploads` in the external directory.

**WARNING:** Changing the name of your mount affects the `source_path` when it's undefined. See [how to ensure continuity](#ensure-continuity-when-changing-the-name-of-your-mount) and maintain access to your files. | -| `service` | `string` | | The purpose of the `service` key depends on your use case.

In a multi-app context where a `storage` mount is shared between apps, `service` is required. Its value is the name of the app whose mount you want to share. See how to [share a mount between several apps](#share-a-mount-between-several-apps).

In a multi-app context where a [Network Storage service](/add-services/network-storage.md) (`service` mount) is shared between apps, `service` is required and specifies the name of that Network Storage. | - -{{< /codetabs >}} - -The accessibility to the web of a mounted directory depends on the [`web.locations` configuration](#web). -Files can be all public, all private, or with different rules for different paths and file types. - -Note that when you remove a `tmp` mount from your `{{< vendor/configfile "app" >}}` file, -the mounted directory isn't deleted. -The files still exist on disk until manually removed, -or until the app container is moved to another host during a maintenance operation. - -### Example configuration - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: nodejs:20 - mounts: - 'web/uploads': - source: storage - source_path: uploads - '/.tmp_platformsh': - source: tmp - source_path: files/.tmp_platformsh - '/build': - source: storage - source_path: files/build - '/.cache': - source: tmp - source_path: files/.cache - '/node_modules/.cache': - source: tmp - source_path: files/node_modules/.cache -``` - -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "nodejs@{{% latest nodejs %}}" ] - mounts: - 'web/uploads': - source: storage - source_path: uploads - '/.tmp_platformsh': - source: tmp - source_path: files/.tmp_platformsh - '/build': - source: storage - source_path: files/build - '/.cache': - source: tmp - source_path: files/.cache - '/node_modules/.cache': - source: tmp - source_path: files/node_modules/.cache -``` - -{{< /codetabs >}} - -### Ensure continuity when changing the name of your mount - -Changing the name of your mount affects the default `source_path`. - -Say you have a `/my/cache/` mount with an undefined `source_path`: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - mounts: - '/my/cache/': - source: tmp -``` - -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -mounts: - '/my/cache/': - source: tmp -``` - -{{< /codetabs >}} - -If you rename the mount to `/cache/files/`, it will point to a new, empty `/cache/files/` directory. - -To ensure continuity, you need to explicitly define the `source_path` as the previous name of the mount, without leading -or trailing slashes: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - mounts: - '/cache/files/': - source: tmp - source_path: my/cache -``` - -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -mounts: - '/cache/files/': - source: tmp - source_path: my/cache -``` - -{{< /codetabs >}} - -The `/cache/files/` mount will point to the original `/my/cache/` directory, maintaining access to all your existing -files in that directory. - -### Share a mount between several apps - -By design, [`storage` mounts](#mounts) are shared **between different instances of the same app**, -which enables [horizontal scaling](/manage-resources/_index.md). - -In a [multi-application context](/create-apps/multi-app/_index.md), -you can even share a `storage` mount **between different applications** in the same project. - -To do so, you need to define a `storage` mount in each of your app containers, -and point each of those mounts to the same shared external network directory. - -Use the following configuration: - -```yaml {configFile="app"} -applications: - app1: - mounts: - '{{< variable "MOUNT_PATH_1" >}}': - source: storage - source_path: {{< variable "SOURCE_PATH_LOCATION" >}} - - app2: - mounts: - '{{< variable "MOUNT_PATH_2" >}}': - source: storage - service: app1 - source_path: {{< variable "SOURCE_PATH_LOCATION" >}} -``` - -- {{< variable "MOUNT_PATH_1" >}} and {{< variable "MOUNT_PATH_2" >}} are the paths to each mount **within their - respective app container** (relative to the app's root). -- When configuring the first `storage` mount, you don't need to include the `service` key. - The first mount implicitly points to an external network directory. - The `service` key is required for subsequent mounts, to ensure they use the same external network directory as the - first mount. -- The `source_path` allows you to point each mount to the same subdirectory **within the shared external network - directory**. - - -{{% note title = "Single-runtime image: Example" %}} - -You have a `backend` app and a `frontend` app. -You want both apps to share data from the same mount.
-Follow these steps: - -1. In your `backend` app configuration, define a `storage` mount: - - ```yaml {configFile="app"} - applications: - backend: - mounts: - var/uploads: #The path to your mount within the backend app container. - source: storage - source_path: backend/uploads #The path to the source of the mount within the external network directory. - ``` - - This creates a `storage` mount named `var/uploads` in the `backend` app container. - The mount points to the `backend/uploads` directory within an external network directory. - -2. In your `frontend` app configuration, define another `storage` mount: - - ```yaml {configFile="app"} - applications: - applications: - backend: - mounts: - var/uploads: - source: storage - source_path: backend/uploads - - frontend: - mounts: - web/uploads: #The path to your mount within the frontend app container. - source: storage - service: backend #The name of the other app, so the mount can point to the same external network directory as that other app's mount. - source_path: backend/uploads #The path to the source of the mount within the shared external network directory. - ``` - - This creates another `storage` mount named `web/uploads` in the `frontend` app container. - - The `service` key allows you to specify that the `web/uploads` mount should use the same external network directory - as the mount previously defined in the `backend` app container. - - The `source_path` key specifies which subdirectory within the external network directory both mounts should share ( - here, the `backend/uploads` directory). - -{{% /note %}} - -{{% note title = "Composable image: Example" %}} - -You have a `backend` app and a `frontend` app. -You want both apps to share data from the same mount.
-Follow these steps: - -1. In your `backend` app configuration, define a `storage` mount: - - ```yaml {configFile="app"} - applications: - backend: - mounts: - var/uploads: #The path to your mount within the backend app container. - source: storage - source_path: backend/uploads #The path to the source of the mount within the external network directory. - ``` - - This creates a `storage` mount named `var/uploads` in the `backend` app container. - The mount points to the `backend/uploads` directory within an external network directory. - -2. In your `frontend` app configuration, define another `storage` mount: - - ```yaml {configFile="app"} - applications: - backend: - mounts: - var/uploads: - source: storage - source_path: backend/uploads - - frontend: - mounts: - web/uploads: #The path to your mount within the frontend app container. - source: storage - service: backend #The name of the other app, so the mount can point to the same external network directory as that other app's mount. - source_path: backend/uploads #The path to the source of the mount within the shared external network directory. - ``` - - This creates another `storage` mount named `web/uploads` in the `frontend` app container. - - The `service` key allows you to specify that the `web/uploads` mount should use the same external network directory - as the mount previously defined in the `backend` app container. - - The `source_path` key specifies which subdirectory within the external network directory both mounts should share ( - here, the `backend/uploads` directory). - -{{% /note %}} - - -Note that another way to share data between apps through a mount is by -explicitly [defining a Network Storage service](/add-services/network-storage.md). - -### Composable image only: Local mounts - -If you need a local mount (i.e. unique per container), -{{% vendor/name %}} allows you to mount a directory within the `/tmp` directory of your app. -However, the following limitations apply: - -- Content from `tmp` mounts is removed when your app container is moved to another host during an infrastructure - maintenance operation -- The `/tmp` directory has a [maximum allocation of 8 GB](/create-apps/troubleshoot-disks.md#no-space-left-on-device) - -Therefore, `tmp` mounts are ideal to store non-critical data, such as your application cache which can be seamlessly -rebuilt, -but aren't suitable for storing files that are necessary for your app to run smoothly. - -Note that {{% vendor/name %}} will provide new local mounts in the near future. - -### Overlapping mounts - -The locations of mounts as they are visible to application containers can overlap somewhat. -For example: - -```yaml {configFile="app"} -applications: - myapp: - # ... - mounts: - 'var/cache_a': - source: storage - source_path: cacheA - 'var/cache_b': - source: tmp - source_path: cacheB - 'var/cache_c': - source: instance - source_path: cacheC -``` - -In this case, it does not matter that each mount is of a different `source` type. -Each mount is restricted to a subfolder within `var`, and all is well. - -The following, however, is not allowed and will result in a failure: - -```yaml {configFile="app"} -applications: - myapp: - # ... - mounts: - 'var/': - source: storage - source_path: cacheA - 'var/cache_b': - source: tmp - source_path: cacheB - 'var/cache_c': - source: instance - source_path: cacheC -``` - -The `storage` mount type specifically exists to share data between instances of the same application, whereas `tmp` and `instance` are meant to restrict data to build time and runtime of a single application instance, respectively. -These allowances are not compatible, and will result in an error if pushed. \ No newline at end of file diff --git a/sites/upsun/src/create-apps/app-reference/relationships.md b/sites/upsun/src/create-apps/app-reference/relationships.md deleted file mode 100644 index f5b628475b..0000000000 --- a/sites/upsun/src/create-apps/app-reference/relationships.md +++ /dev/null @@ -1,216 +0,0 @@ ---- -title: "`relationships`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. The following information applies to configuring either single runtime images or composable in {{% vendor/name %}}. - -## Relationships - -To allow containers in your project to communicate with one another, -you need to define relationships between them. -You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). - -The quickest way to define a relationship between your app and a service -is to use the service's default endpoint.
-However, some services allow you to define multiple databases, cores, and/or permissions. -In these cases, you can't rely on default endpoints. -Instead, you can explicitly define multiple endpoints when setting up your relationships. - -{{< note >}} -App containers don't have a default endpoint like services. -To connect your app to another app in your project, -you need to explicitly define the `http` endpoint as the endpoint to connect both apps.
-For more information, see how to [define relationships between your apps](/create-apps/multi-app/relationships.md). -{{< /note >}} - -{{< note title="Availability" theme="info">}} - -New syntax (default and explicit endpoints) described below is supported by most, but not all, image types -(`Relationship 'SERVICE_NAME' of application 'app' ... targets a service without a valid default endpoint configuration.`). -This syntax is currently being rolled out for all images. -If you encounter this error, use the "legacy" {{% vendor/name %}} configuration noted at the bottom of this section. - -{{< /note >}} - -To define a relationship between your app and a service: - -{{< codetabs >}} - -+++ -title=Using default endpoints -+++ - -Use the following configuration: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - {{% variable "SERVICE_NAME" %}}: -``` - -The `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). -It is used as the relationship name, and associated with a `null` value. -This instructs {{% vendor/name %}} to use the service's default endpoint to connect your app to the service. - -For example, if you define the following configuration: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - mariadb: -``` - -{{% vendor/name %}} looks for a service named `mariadb` in your `{{% vendor/configfile "services" %}}` file, -and connects your app to it through the service's default endpoint. - -For reference, the equivalent configuration using explicit endpoints would be the following: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - mariadb: - service: mariadb - endpoint: mysql -``` - -You can define any number of relationships in this way: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - mariadb: - redis: - elasticsearch: -``` - -{{< note title="Tip" theme="info" >}} - -An even quicker way to define many relationships is to use the following single-line configuration: - -```yaml {configFile="services"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: {{{< variable "SERVICE_NAME_A" >}}, {{< variable "SERVICE_NAME_B" >}}, {{< variable "SERVICE_NAME_C" >}}} - -services: - {{< variable "SERVICE_NAME_A" >}}: - type: mariadb:{{% latest "mariadb" %}} - {{< variable "SERVICE_NAME_B" >}}: - type: redis:{{% latest "redis" %}} - {{< variable "SERVICE_NAME_C" >}}: - type: elasticsearch:{{% latest "elasticsearch" %}} -``` - -{{< /note >}} - -<---> - -+++ -title=Using explicit endpoints -+++ - -Use the following configuration: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - {{% variable "RELATIONSHIP_NAME" %}}: - service: {{% variable "SERVICE_NAME" %}} - endpoint: {{% variable "ENDPOINT_NAME" %}} -``` - -- `RELATIONSHIP_NAME` is the name you want to give to the relationship. -- `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). -- `ENDPOINT_NAME` is the endpoint your app will use to connect to the service (refer to the service reference to know which value to use). - -For example, to define a relationship named `database` that connects your app to a service called `mariadb` through the `db1` endpoint, -use the following configuration: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - database: # The name of the relationship. - service: mariadb - endpoint: db1 -``` - -For more information on how to handle multiple databases, multiple cores, -and/or different permissions with services that support such features, -see each service's dedicated page: - - - [MariaDB/MySQL](/add-services/mysql/_index.md#multiple-databases) (multiple databases and permissions) - - [PostgreSQL](/add-services/postgresql/_index.md#multiple-databases) (multiple databases and permissions) - - [Redis](/add-services/redis/_index.md#multiple-databases) (multiple databases) - - [Solr](add-services/solr/_index.md#solr-6-and-later) (multiple cores) - - [Vault KMS](add-services/vault.md#multiple-endpoints-example) (multiple permissions) - - You can add as many relationships as you want to your app configuration, - using both default and explicit endpoints according to your needs: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - database1: - service: mariadb - endpoint: admin - database2: - service: mariadb - endpoint: legacy - cache: - service: redis - search: - service: elasticsearch -``` - -{{< /codetabs >}} - -{{< note theme="info" title="Legacy" >}} - -The following legacy syntax for specifying relationships is still supported by {{% vendor/name %}}: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - : ":" - -services: - SERVICE_NAME_A: - type: mariadb:{{% latest "mariadb" %}} -``` - -For example: - -```yaml -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - database: "db:mysql" - -services: - db: - type: mariadb:{{% latest "mariadb" %}} -``` - -Feel free to use this until the default and explicit endpoint syntax is supported on all images. - -{{< /note >}} diff --git a/sites/upsun/src/create-apps/app-reference/resources.md b/sites/upsun/src/create-apps/app-reference/resources.md deleted file mode 100644 index 3446142e07..0000000000 --- a/sites/upsun/src/create-apps/app-reference/resources.md +++ /dev/null @@ -1,24 +0,0 @@ ---- -title: "`resources`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Resources for application containers are not committed to YAML files, but instead managed over the API using either the -Console or the `{{% vendor/cli %}} resources:set` command. - -For more information, see how to [manage resources](/manage-resources.md). - -{{% note title="Composable image" theme="info" %}} -Composable image container profile defaults to ``HIGH_CPU``. -
If multiple runtimes are added to your stack, -you would need to change -the [default container_profile](/manage-resources/adjust-resources.md#advanced-container-profiles) -
or change [default CPU and RAM ratio](/manage-resources/resource-init.md) on first deployment using the following -commands: - -```bash -{{% vendor/cli %}} push --resources-init=manual -``` - -{{% /note %}} \ No newline at end of file diff --git a/sites/upsun/src/create-apps/app-reference/source.md b/sites/upsun/src/create-apps/app-reference/source.md deleted file mode 100644 index a5a2fa0ef4..0000000000 --- a/sites/upsun/src/create-apps/app-reference/source.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -title: "`source`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. The following table shows the properties that can be set in `source`: - -| Name | Type | Required | Description | -|--------------|--------------------------|----------|-----------------------------------------------------------------------------------------------------------------------------------| -| `operations` | An operations dictionary | | Operations that can be applied to the source code. See [source operations](../source-operations.md) | -| `root` | `string` | | The path where the app code lives. Defaults to the root project directory. Useful for [multi-app setups](../multi-app/_index.md). | \ No newline at end of file diff --git a/sites/upsun/src/create-apps/app-reference/variables.md b/sites/upsun/src/create-apps/app-reference/variables.md deleted file mode 100644 index 4384321169..0000000000 --- a/sites/upsun/src/create-apps/app-reference/variables.md +++ /dev/null @@ -1,66 +0,0 @@ ---- -title: "`variables`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. {{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). -Variables set in your app configuration have the lowest precedence, -meaning they're overridden by any conflicting values provided elsewhere. - -All variables set in your app configuration must have a prefix. -Some [prefixes have specific meanings](/development/variables/_index.md#variable-prefixes). - -Variables with the prefix `env` are available as a separate environment variable. -All other variables are available in -the [`PLATFORM_VARIABLES` environment variable](/development/variables/use-variables.md#use-provided-variables). - -The following example sets two variables: - -- A variable named `env:AUTHOR` with the value `Juan` that's available in the environment as `AUTHOR` -- A variable named `d8config:system.site:name` with the value `My site rocks` - that's available in the `PLATFORM_VARIABLES` environment variable - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - variables: - env: - AUTHOR: 'Juan' - d8config: - "system.site:name": 'My site rocks' -``` - -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - variables: - env: - AUTHOR: 'Juan' - d8config: - "system.site:name": 'My site rocks' -``` - -{{< /codetabs >}} - - -You can also define and access more [complex values](/development/variables/use-variables.md#access-complex-values). - diff --git a/sites/upsun/src/create-apps/app-reference/web.md b/sites/upsun/src/create-apps/app-reference/web.md deleted file mode 100644 index 52530dc341..0000000000 --- a/sites/upsun/src/create-apps/app-reference/web.md +++ /dev/null @@ -1,349 +0,0 @@ ---- -title: "`web`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. Use the `web` key to configure the web server running in front of your app. -In single-runtime images, defaults may vary with a different [image `type`](/create-apps/app-reference/single-runtime-image.md#types). - -| Name | Type | Required | Description | -|-------------|--------------------------------------------|-------------------------------|------------------------------------------------------| -| `commands` | A [web commands dictionary](#web-commands) | See [note](#required-command) | The command to launch your app. | -| `upstream` | An [upstream dictionary](#upstream) | | How the front server connects to your app. | -| `locations` | A [locations dictionary](#locations) | | How the app container responds to incoming requests. | - -See some [examples of how to configure what's served](../web/_index.md). - -### Web commands - -| Name | Type | Required | Description | -|--------------|----------|-------------------------------|-----------------------------------------------------------------------------------------------------| -| `pre_start` | `string` | | Command run just prior to `start`, which can be useful when you need to run _per-instance_ actions. | -| `start` | `string` | See [note](#required-command) | The command to launch your app. If it terminates, it's restarted immediately. | -| `post_start` | `string` | | Command runs **before** adding the container to the router and **after** the `start` command. | - -{{< note theme="info" >}} -The `post_start` feature is _experimental_ and may change. Please share your feedback in the -[{{% vendor/name %}} discord](https://discord.gg/platformsh). -{{< /note >}} - -Example: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - web: - commands: - start: 'uwsgi --ini conf/server.ini' -``` - -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - web: - commands: - start: 'uwsgi --ini conf/server.ini' -``` - -{{< /codetabs >}} - - -This command runs every time your app is restarted, regardless of whether or not new code is deployed. - -{{< note >}} - -Never "background" a start process using `&`. -That's interpreted as the command terminating and the supervisor process starts a second copy, -creating an infinite loop until the container crashes. -Just run it as normal and allow the {{% vendor/name %}} supervisor to manage it. - -{{< /note >}} - -#### Required command - -On all containers other than PHP, the value for `start` should be treated as required. - -On PHP containers, it's optional and defaults to starting PHP-FPM (`/usr/bin/start-php-app`). -It can also be set explicitly on a PHP container to run a dedicated process, -such as [React PHP](https://github.com/platformsh-examples/platformsh-example-reactphp) -or [Amp](https://github.com/platformsh-examples/platformsh-example-amphp). -See how to set up [alternate start commands on PHP](/languages/php/_index.md#alternate-start-commands). - -### Upstream - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - - -| Name | Type | Required | Description | Default | -|-----------------|---------------------|----------|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| -| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | Defaults to `tcp` for all [image types](#types) except PHP; for PHP image types the default is `unix`. | -| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | Default varies based on [image `type`](#types). | - -For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. -For all other containers, the default for `protocol` is `http`. - -The following example is the default on non-PHP containers: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - web: - upstream: - socket_family: tcp - protocol: http -``` - -<---> - -+++ -title=Composable image -+++ - -| Name | Type | Required | Description | Default | -|-----------------|---------------------|----------|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| -| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | Defaults to `tcp` for all [primary runtimes](#primary-runtime) except PHP; for PHP the default is `unix`. | -| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | Default varies based on the [primary runtimes](#primary-runtime). | - -For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. -For all other containers, the default for `protocol` is `http`. - -The following example is the default on non-PHP containers: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - web: - upstream: - socket_family: tcp - protocol: http -``` - -{{< /codetabs >}} - - - - -#### Where to listen - -Where to listen depends on your setting for `web.upstream.socket_family` (defaults to `tcp`). - -| `socket_family` | Where to listen | -|-----------------|---------------------------------------------------------------------------------------------------------------------------------------| -| `tcp` | The port specified by the [`PORT` environment variable](/development/variables/use-variables.md#use-provided-variables) | -| `unix` | The Unix socket file specified by the [`SOCKET` environment variable](/development/variables/use-variables.md#use-provided-variables) | - -If your application isn't listening at the same place that the runtime is sending requests, -you see `502 Bad Gateway` errors when you try to connect to your website. - -### Locations - -Each key in the `locations` dictionary is a path on your site with a leading `/`. -For `example.com`, a `/` matches `example.com/` and `/admin` matches `example.com/admin`. -When multiple keys match an incoming request, the most-specific applies. - -The following table presents possible properties for each location: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -| Name | Type | Default | Description | -|---------------------|------------------------------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `root` | `string` | | The directory to serve static assets for this location relative to the [app's root directory](/create-apps/app-reference/single-runtime-image.md#root-directory). Must be an actual directory inside the root directory. | -| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | -| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | -| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a the header. | -| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | -| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | -| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | -| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | -| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | - -<---> - -+++ -title=Composable image -+++ - -| Name | Type | Default | Description | -|---------------------|------------------------------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `root` | `string` | | The directory to serve static assets for this location relative to the app's root directory ([see `source.root`](/create-apps/app-reference/source.md)). Must be an actual directory inside the root directory. | -| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | -| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | -| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. | -| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | -| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | -| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | -| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | -| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | - -{{< /codetabs>}} - -#### Rules - -The rules dictionary can override most other keys according to a regular expression. -The key of each item is a regular expression to match paths exactly. -If an incoming request matches the rule, it's handled by the properties under the rule, -overriding any conflicting rules from the rest of the `locations` dictionary. - -Under `rules`, you can set all the other possible [`locations` properties](#locations) -except `root`, `index`, `rules` and `request_buffering`. - -In the following example, the `allow` key disallows requests for static files anywhere in the site. -This is overridden by a rule that explicitly allows common image file formats. - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - web: - locations: - '/': - # Handle dynamic requests - root: 'public' - passthru: '/index.php' - # Disallow static files - allow: false - rules: - # Allow common image files only. - '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': - allow: true -``` - -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - web: - locations: - '/': - # Handle dynamic requests - root: 'public' - passthru: '/index.php' - # Disallow static files - allow: false - rules: - # Allow common image files only. - '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': - allow: true -``` - -{{< /codetabs >}} - - -#### Request buffering - -Request buffering is enabled by default to handle chunked requests as most app servers don't support them. -The following table shows the keys in the `request_buffering` dictionary: - -| Name | Type | Required | Default | Description | -|--------------------|-----------|----------|---------|-------------------------------------------| -| `enabled` | `boolean` | Yes | `true` | Whether request buffering is enabled. | -| `max_request_size` | `string` | | `250m` | The maximum size to allow in one request. | - -The default configuration would look like this: - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - web: - locations: - '/': - passthru: true - request_buffering: - enabled: true - max_request_size: 250m -``` - -<---> - -+++ -title=Composable image -+++ - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - web: - locations: - '/': - passthru: true - request_buffering: - enabled: true - max_request_size: 250m -``` - -{{< /codetabs >}} - diff --git a/sites/upsun/src/create-apps/app-reference/workers.md b/sites/upsun/src/create-apps/app-reference/workers.md deleted file mode 100644 index 9489ad59b0..0000000000 --- a/sites/upsun/src/create-apps/app-reference/workers.md +++ /dev/null @@ -1,91 +0,0 @@ ---- -title: "`workers`" -weight: 4 -description: See all of the options for controlling your apps and how they're built and deployed on {{% vendor/name %}}. ---- - -Optional. - -{{< codetabs >}} - -+++ -title=Single-runtime image -+++ - -Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](/create-apps/app-reference/hooks.md). -They use the same container image. - -Workers can't accept public requests and so are suitable only for background tasks. -If they exit, they're automatically restarted. - -The keys of the `workers` definition are the names of the workers. -You can then define how each worker differs from the `web` instance using -the [top-level properties](/create-apps/app-reference/single-runtime-image.md#primary-application-properties). - -Each worker can differ from the `web` instance in all properties _except_ for: - -- `build` and `dependencies` properties, which must be the same -- `crons` as cron jobs don't run on workers -- `hooks` as the `build` hook must be the same - and the `deploy` and `post_deploy` hooks don't run on workers. - -A worker named `queue` that was small and had a different start command could look like this: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - workers: - queue: - commands: - start: | - ./worker.sh -``` - -Workers require resource definition using `{{% vendor/cli %}} resources:set`, same as application containers. -For more information, see how to [manage resources](/manage-resources.md). - - -<---> - -+++ -title=Composable image -+++ - -Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](#hooks). -They use the same container image. - -Workers can't accept public requests and so are suitable only for background tasks. -If they exit, they're automatically restarted. - -The keys of the `workers` definition are the names of the workers. -You can then define how each worker differs from the `web` instance using -the [top-level properties](#primary-application-properties). - -Each worker can differ from the `web` instance in all properties _except_ for: - -- `crons` as cron jobs don't run on workers -- `hooks` as the `build` hook must be the same - and the `deploy` and `post_deploy` hooks don't run on workers. - -A worker named `queue` that was small and had a different start command could look like this: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - workers: - queue: - commands: - start: | - ./worker.sh -``` - -Workers require resource definition using `{{% vendor/cli %}} resources:set`, same as application containers. -For more information, see how to [manage resources](/manage-resources.md). - -{{< /codetabs >}} From 1cfa9df014eac365d87619905ce90343af7f99c7 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 06:11:25 -0400 Subject: [PATCH 34/48] platform: update links to point to new properties files --- sites/platform/src/create-apps/runtime-operations.md | 2 +- sites/platform/src/create-apps/source-operations.md | 2 +- sites/platform/src/create-apps/upgrading.md | 2 +- sites/platform/src/create-apps/workers.md | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/sites/platform/src/create-apps/runtime-operations.md b/sites/platform/src/create-apps/runtime-operations.md index baa57c787d..c5c166ce6b 100644 --- a/sites/platform/src/create-apps/runtime-operations.md +++ b/sites/platform/src/create-apps/runtime-operations.md @@ -5,7 +5,7 @@ weight: 6 --- Runtime operations allow you to trigger one-off commands or scripts on your project. -Similar to [crons](/create-apps/app-reference/single-runtime-image.md#crons), they run in the app container but not on a specific schedule. +Similar to [crons](/create-apps/image-properties/crons.md), they run in the app container but not on a specific schedule. You can [define runtime operations](#define-a-runtime-operation) in your [app configuration](/create-apps/app-reference/single-runtime-image.md) and [trigger them](#run-a-runtime-operation) at any time through the {{% vendor/name %}} CLI. diff --git a/sites/platform/src/create-apps/source-operations.md b/sites/platform/src/create-apps/source-operations.md index 71a99cfdb8..0feed0d03b 100644 --- a/sites/platform/src/create-apps/source-operations.md +++ b/sites/platform/src/create-apps/source-operations.md @@ -21,7 +21,7 @@ or [revert to the last commit](#revert-to-the-last-commit) pushed to your Git re To run your source operations, you can use the [{{% vendor/name %}} CLI](/administration/cli/_index.md) or the [Console](https://console.platform.sh). If you want to run your source operations and update your code automatically, -you can also define [cron jobs](/create-apps/app-reference/single-runtime-image.md#crons). +you can also define [cron jobs](/create-apps/image-properties/crons.md). ## How source operations work diff --git a/sites/platform/src/create-apps/upgrading.md b/sites/platform/src/create-apps/upgrading.md index 52ca84f7a3..b2dc63059b 100644 --- a/sites/platform/src/create-apps/upgrading.md +++ b/sites/platform/src/create-apps/upgrading.md @@ -26,7 +26,7 @@ weight: 12 ``` The new syntax offers greater flexibility and configuration. - For more details, see the [full specification for cron jobs](/create-apps/app-reference/single-runtime-image.md#crons). + For more details, see the [full specification for cron jobs](/create-apps/image-properties/crons.md). ## Changes in version 2019.05 diff --git a/sites/platform/src/create-apps/workers.md b/sites/platform/src/create-apps/workers.md index c5e9664df4..640e7e09b5 100644 --- a/sites/platform/src/create-apps/workers.md +++ b/sites/platform/src/create-apps/workers.md @@ -73,13 +73,13 @@ The `start` key specifies the command to use to launch your worker application. It may be any valid shell command, although most often it runs a command in your application in the language of your application. If the command specified by the `start` key terminates, it's restarted automatically. -Note that [`deploy` and `post_deploy` hooks](/create-apps/hooks/_index.md) as well as [`cron` commands](/create-apps/app-reference/single-runtime-image.md#crons) +Note that [`deploy` and `post_deploy` hooks](/create-apps/hooks/_index.md) as well as [`cron` commands](/create-apps/image-properties/crons.md) run only on the [`web`](/create-apps/app-reference/single-runtime-image.md#web) container, not on workers. ## Inheritance -Any top-level definitions for [`size`](/create-apps/app-reference/single-runtime-image.md#sizes), [`relationships`](/create-apps/app-reference/single-runtime-image.md#relationships), -[`access`](/create-apps/app-reference/single-runtime-image.md#access), [`disk`](/create-apps/app-reference/single-runtime-image.md), [`mount`](/create-apps/app-reference/single-runtime-image.md#mounts), and [`variables`](/create-apps/app-reference/single-runtime-image.md#variables) +Any top-level definitions for [`size`](/create-apps/image-properties/size.md), [`relationships`](/create-apps/image-properties/relationships.md), +[`access`](/create-apps/image-properties/access.md), [`disk`](/create-apps/image-properties/disk.md), [`mount`](/create-apps/image-properties/mounts.md), and [`variables`](/create-apps/image-properties/variables.md) are inherited by every worker, unless overridden explicitly. That means, for example, that the following two `{{< vendor/configfile "app" >}}` definitions produce identical workers. From 9364b24cc0d5b35a15b030adb17f3f3b9517b245 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 06:12:38 -0400 Subject: [PATCH 35/48] platform: more link updates to new properties files --- sites/platform/src/administration/users.md | 2 +- sites/platform/src/create-apps/image-properties/_index.md | 3 +-- sites/platform/src/create-apps/image-properties/firewall.md | 2 +- sites/platform/src/create-apps/image-properties/workers.md | 2 +- .../dedicated-gen-2/environment-differences.md | 2 +- sites/platform/src/development/troubleshoot.md | 2 +- sites/platform/src/environments/backup.md | 2 +- sites/platform/src/increase-observability/logs/access-logs.md | 2 +- sites/platform/src/integrations/activity/reference.md | 4 ++-- sites/platform/src/languages/php/_index.md | 2 +- sites/platform/src/projects/change-project-timezone.md | 2 +- 11 files changed, 12 insertions(+), 13 deletions(-) diff --git a/sites/platform/src/administration/users.md b/sites/platform/src/administration/users.md index 2d744eb678..776dafa7de 100644 --- a/sites/platform/src/administration/users.md +++ b/sites/platform/src/administration/users.md @@ -42,7 +42,7 @@ A user can have one of the following roles on an environment type which grants t | Contributor | Yes | No | Yes | Yes | Yes | No | No | | Viewer | Yes | No | No | Yes | No | No | No | -To customize which roles can use SSH, set [`access` in your app configuration](/create-apps/app-reference/single-runtime-image.md#access). +To customize which roles can use SSH, set [`access` in your app configuration](/create-apps/image-properties/access.md). ### View a user's permissions across all of the projects in your organization diff --git a/sites/platform/src/create-apps/image-properties/_index.md b/sites/platform/src/create-apps/image-properties/_index.md index de4b132190..f3e471612c 100644 --- a/sites/platform/src/create-apps/image-properties/_index.md +++ b/sites/platform/src/create-apps/image-properties/_index.md @@ -5,8 +5,7 @@ description: Details about image properties in the {{% vendor/name %}} config.ya # layout: single --- -The image properties below are used to configure both single-runtime images and composable images. - +**Note:** The properties below are available in both single-runtime and composable images. For most of these properties, the syntax and details are the same for both image types. Differences in meaning and syntax are noted as needed in the property details. To learn about the properties that are unique to each image type, refer to the [single-runtime image](/create-apps/app-reference/single-runtime-image.md#) and [composable image](/create-apps/app-reference/composable-image.md#) topics. diff --git a/sites/platform/src/create-apps/image-properties/firewall.md b/sites/platform/src/create-apps/image-properties/firewall.md index cac4de37c0..64be24f113 100644 --- a/sites/platform/src/create-apps/image-properties/firewall.md +++ b/sites/platform/src/create-apps/image-properties/firewall.md @@ -10,7 +10,7 @@ Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md# {{% description %}} -This value sets limits in outbound traffic from your app with no impact on inbound requests. +This property enables you to set limits in outbound traffic from your app with no impact on inbound requests. The `outbound` key is required and contains one or more rules. The rules define what traffic is allowed; anything unspecified is blocked. diff --git a/sites/platform/src/create-apps/image-properties/workers.md b/sites/platform/src/create-apps/image-properties/workers.md index 0ddc45158d..b24852e89d 100644 --- a/sites/platform/src/create-apps/image-properties/workers.md +++ b/sites/platform/src/create-apps/image-properties/workers.md @@ -1,7 +1,7 @@ --- title: "`workers`" weight: 4 -description: Defines the list of work names that are alternate copies of the application to run as background processes. +description: Defines the list of worker names, which are alternate copies of the application to run as background processes. --- Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. diff --git a/sites/platform/src/dedicated-environments/dedicated-gen-2/environment-differences.md b/sites/platform/src/dedicated-environments/dedicated-gen-2/environment-differences.md index dd67b7485d..28671902f6 100644 --- a/sites/platform/src/dedicated-environments/dedicated-gen-2/environment-differences.md +++ b/sites/platform/src/dedicated-environments/dedicated-gen-2/environment-differences.md @@ -76,7 +76,7 @@ On {{% names/dedicated-gen-2 %}} Environments, it runs as [SolrCloud](https://so ## Cron tasks interrupted by deploys -How [cron tasks](/create-apps/app-reference/single-runtime-image.md#crons) interact with deploys changes based on the environment. +How [cron tasks](/create-apps/image-properties/crons.md) interact with deploys changes based on the environment. On Grid environments, a running cron task blocks a deploy until the cron is complete. On {{% names/dedicated-gen-2 %}} environments, a deploy terminates a running cron task. diff --git a/sites/platform/src/development/troubleshoot.md b/sites/platform/src/development/troubleshoot.md index bd65b3fdf8..00ba05a6ac 100644 --- a/sites/platform/src/development/troubleshoot.md +++ b/sites/platform/src/development/troubleshoot.md @@ -291,7 +291,7 @@ strace -T {{< variable "YOUR_HOOK_COMMAND" >}} # Print a system call report ### Cron jobs -Containers can't be shutdown while long-running [cron jobs and scheduled tasks](/create-apps/app-reference/single-runtime-image.md#crons) are active. +Containers can't be shutdown while long-running [cron jobs and scheduled tasks](/create-apps/image-properties/crons.md) are active. That means long-running cron jobs block a container from being shut down to make way for a new deploy. Make sure your custom cron jobs run quickly and properly. diff --git a/sites/platform/src/environments/backup.md b/sites/platform/src/environments/backup.md index ddf51a09ac..37aaee0267 100644 --- a/sites/platform/src/environments/backup.md +++ b/sites/platform/src/environments/backup.md @@ -180,7 +180,7 @@ title=In the Console ### Automate manual backups -You can also automate the process of creating manual backups through [cron jobs](/create-apps/app-reference/single-runtime-image.md#crons). +You can also automate the process of creating manual backups through [cron jobs](/create-apps/image-properties/crons.md). The cron job uses the CLI command to back up the environment. It requires you to [set up the CLI on the environment with an API token](/administration/cli/api-tokens.md#authenticate-in-an-environment). diff --git a/sites/platform/src/increase-observability/logs/access-logs.md b/sites/platform/src/increase-observability/logs/access-logs.md index 6a11e86238..202d77c035 100644 --- a/sites/platform/src/increase-observability/logs/access-logs.md +++ b/sites/platform/src/increase-observability/logs/access-logs.md @@ -120,7 +120,7 @@ title=Using SSH directly {{< /codetabs >}} All log files are trimmed to 100 MB automatically. -If you need larger logs, set up a [cron job](/create-apps/app-reference/single-runtime-image.md#crons) to upload them to third-party storage. +If you need larger logs, set up a [cron job](/create-apps/image-properties/crons.md) to upload them to third-party storage. See an example of [uploading logs to Amazon S3](https://gitlab.com/contextualcode/platformsh-store-logs-at-s3) from Contextual Code. ### Types of container logs diff --git a/sites/platform/src/integrations/activity/reference.md b/sites/platform/src/integrations/activity/reference.md index f949679dd6..d48c318d4c 100644 --- a/sites/platform/src/integrations/activity/reference.md +++ b/sites/platform/src/integrations/activity/reference.md @@ -123,7 +123,7 @@ The following table presents the possible activity types: | `environment.backup.delete` | A user deleted a [backup](/environments/backup.md). | | `environment.branch` | A [new branch](/environments.md#create-environments) has been created via the CLI, Console, or API. A branch created via Git shows up as `environment.push`. | | `environment.certificate.renewal` | An environment's SSL certificate has been [renewed](/define-routes/https.md#certificate-renewals). | -| `environment.cron` | A [cron job](/create-apps/app-reference/single-runtime-image.md#crons) has completed. | +| `environment.cron` | A [cron job](/create-apps/image-properties/crons.md) has completed. | | `environment.deactivate` | An environment has been made [inactive](/glossary/_index.md#inactive-environment). | | `environment.delete` | An environment's code was deleted through Git. | | `environment.domain.create` | A new [domain](administration/web/configure-project.md#domains) has been associated with the environment. | @@ -330,7 +330,7 @@ To test responses, [set up a webhook](/integrations/activity/webhooks.md#setup). ### Cron -When a cron job is triggered, the activity contains all the [job's information](/create-apps/app-reference/single-runtime-image.md#crons). +When a cron job is triggered, the activity contains all the [job's information](/create-apps/image-properties/crons.md). The following example response was triggered by a setting where the cron is scheduled to run every five minutes (`5 * * * *`) with the command `sleep 60 && echo sleep-60-finished && date` and times out after 86,400 seconds. diff --git a/sites/platform/src/languages/php/_index.md b/sites/platform/src/languages/php/_index.md index 760dc5ca24..435475a644 100644 --- a/sites/platform/src/languages/php/_index.md +++ b/sites/platform/src/languages/php/_index.md @@ -482,7 +482,7 @@ Common functions to disable include: PHP has two execution modes you can choose from: - The command line interface mode (PHP-CLI) is the mode used for command line scripts and standalone apps. - This is the mode used when you're logged into your container via SSH, for [crons](/create-apps/app-reference/single-runtime-image.md#crons), + This is the mode used when you're logged into your container via SSH, for [crons](/create-apps/image-properties/crons.md), and usually also for [alternate start commands](#alternate-start-commands). To use PHP-CLI, run your script with `php {{}}`, where {{}} is a file path relative to the [app root](/create-apps/app-reference/single-runtime-image.md#root-directory). diff --git a/sites/platform/src/projects/change-project-timezone.md b/sites/platform/src/projects/change-project-timezone.md index 4e7dfd8445..a8716061a3 100644 --- a/sites/platform/src/projects/change-project-timezone.md +++ b/sites/platform/src/projects/change-project-timezone.md @@ -8,7 +8,7 @@ The project timezone affects [automated backups](/environments/backup.md). The project timezone doesn't affect: - [App runtime](/create-apps/timezone.md). -- [Cron jobs](/create-apps/app-reference/single-runtime-image.md#crons). +- [Cron jobs](/create-apps/image-properties/crons.md). - [System logs](/increase-observability/logs/_index.md). UTC is the default timezone for all logs. To change the timezone for a project, follow these steps: From ae193f65ec95a60c2c14bf5439d40c022114c45a Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 06:13:21 -0400 Subject: [PATCH 36/48] platform: add note about common properties above the properties table --- .../src/create-apps/app-reference/composable-image.md | 6 +++++- .../src/create-apps/app-reference/single-runtime-image.md | 8 ++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/composable-image.md b/sites/platform/src/create-apps/app-reference/composable-image.md index 6a23798dba..755d053e74 100644 --- a/sites/platform/src/create-apps/app-reference/composable-image.md +++ b/sites/platform/src/create-apps/app-reference/composable-image.md @@ -32,11 +32,15 @@ If you're pressed for time, jump to this comprehensive [configuration example](/ ## Top-level properties -The following table presents all the properties you can use at the top level of your app's YAML configuration file. +The following table lists all the properties you can use at the top level of your app's YAML configuration file. The column _Set in instance?_ defines whether the given property can be overridden within a `web` or `workers` instance. To override any part of a property, you have to provide the entire property. + +- **Note:** Several properties (for example, `size`, `relationships`, `mounts`) are available in both single-runtime and composable images. Clicking the link for their details leads to a separate topic for that property. Properties that are unique to this image type are described in this topic. + + | Name | Type | Required | Set in instance? | Description | |--------------------|--------------------------------------------------------------------------|----------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `name` | `string` | Yes | No | A unique name for the app. Must be lowercase alphanumeric characters. Changing the name destroys data associated with the app. | diff --git a/sites/platform/src/create-apps/app-reference/single-runtime-image.md b/sites/platform/src/create-apps/app-reference/single-runtime-image.md index 511fd3b00e..d83b69844a 100644 --- a/sites/platform/src/create-apps/app-reference/single-runtime-image.md +++ b/sites/platform/src/create-apps/app-reference/single-runtime-image.md @@ -19,14 +19,14 @@ For reference, see a [log of changes to app configuration](/create-apps/upgradin ## Top-level properties -The following table presents all properties available at the top level of the YAML for the app. +The following table lists all properties available at the top level of the YAML for the app. The column _Set in instance?_ defines whether the given property can be overridden within a `web` or `workers` instance. To override any part of a property, you have to provide the entire property. - + +- **Note:** Several properties (for example, `size`, `relationships`, `mounts`) are available in both single-runtime and composable images. Clicking the link for their details leads to a separate topic for that property. Properties that are unique to this image type are described in this topic. + | Name | Type | Required | Set in instance? | Description | |--------------------|--------------------------------------------------------------------------|----------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| From 92e35dae734a424059b4c18d4b6942bbc6d179bc Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 06:14:05 -0400 Subject: [PATCH 37/48] upsun: update links to point to new properties files; add note about common properties above the properties table --- .../app-reference/composable-image.md | 1222 +---------------- .../app-reference/single-runtime-image.md | 1215 +--------------- 2 files changed, 40 insertions(+), 2397 deletions(-) diff --git a/sites/upsun/src/create-apps/app-reference/composable-image.md b/sites/upsun/src/create-apps/app-reference/composable-image.md index f9aca1580e..3d02cca750 100644 --- a/sites/upsun/src/create-apps/app-reference/composable-image.md +++ b/sites/upsun/src/create-apps/app-reference/composable-image.md @@ -58,23 +58,27 @@ above). The column _Set in instance?_ defines whether the given property can be overridden within a `web` or `workers` instance. To override any part of a property, you have to provide the entire property. + +- **Note:** Several properties (for example, `size`, `relationships`, `mounts`) are available in both single-runtime and composable images. Clicking the link for their details leads to a separate topic for that property. Properties that are unique to this image type are described in this topic. + + | Name | Type | Required | Set in instance? | Description | |----------------------|------------------------------------------------------------------------------------------|----------|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `type` | A type | Yes | No | [Defines the version of the Nix channel](#supported-nix-channels). Example: `type: "composable:25.05"` | | `stack` | An array of [Nix packages](#stack) | Yes | No | A list of packages from the {{% vendor/name %}} collection of [supported runtimes](#supported-nix-packages) and/or from [NixPkgs](https://search.nixos.org/packages). | -| `container_profile` | A [container profile](/manage-resources/adjust-resources.md#advanced-container-profiles) | | Yes | Container profile of the application. | -| `relationships` | A dictionary of [relationships](#relationships) | | Yes | Connections to other services and apps. | -| `mounts` | A dictionary of [mounts](#mounts) | | Yes | Directories that are writable even after the app is built. Allocated disk for mounts is defined with a separate resource configuration call using `{{% vendor/cli %}} resources:set`. | -| `web` | A [web instance](#web) | | N/A | How the web application is served. | -| `workers` | A [worker instance](#workers) | | N/A | Alternate copies of the application to run as background processes. | +| `container_profile` | A [container profile](/create-apps/image-properties/container_profile.md) | | Yes | Container profile of the application. | +| `relationships` | A dictionary of [relationships](/create-apps/image-properties/relationships.md) | | Yes | Connections to other services and apps. | +| `mounts` | A dictionary of [mounts](/create-apps/image-properties/mounts.md) | | Yes | Directories that are writable even after the app is built. Allocated disk for mounts is defined with a separate resource configuration call using `{{% vendor/cli %}} resources:set`. | +| `web` | A [web instance](/create-apps/image-properties/web.md) | | N/A | How the web application is served. | +| `workers` | A [worker instance](/create-apps/image-properties/workers.md) | | N/A | Alternate copies of the application to run as background processes. | | `timezone` | `string` | | No | The timezone for crons to run. Format: a [TZ database name](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). Defaults to `UTC`, which is the timezone used for all logs no matter the value here. See also [app runtime timezones](../timezone.md). | -| `access` | An [access dictionary](#access) | | Yes | Access control for roles accessing app environments. | -| `variables` | A [variables dictionary](#variables) | | Yes | Variables to control the environment. | -| `firewall` | A [firewall dictionary](#firewall) | | Yes | Outbound firewall rules for the application. | -| `hooks` | A [hooks dictionary](#hooks) | | No | What commands run at different stages in the build and deploy process. | -| `crons` | A [cron dictionary](#crons) | | No | Scheduled tasks for the app. | -| `source` | A [source dictionary](#source) | | No | Information on the app's source code and operations that can be run on it. | -| `additional_hosts` | An [additional hosts dictionary](/create-apps/app-reference/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | +| `access` | An [access dictionary](/create-apps/image-properties/access.md) | | Yes | Access control for roles accessing app environments. | +| `variables` | A [variables dictionary](/create-apps/image-properties/variables.md) | | Yes | Variables to control the environment. | +| `firewall` | A [firewall dictionary](/create-apps/image-properties/firewall.md) | | Yes | Outbound firewall rules for the application. | +| `hooks` | A [hooks dictionary](/create-apps/image-properties/hooks.md) | | No | What commands run at different stages in the build and deploy process. | +| `crons` | A [cron dictionary](/create-apps/image-properties/crons.md) | | No | Scheduled tasks for the app. | +| `source` | A [source dictionary](/create-apps/image-properties/source.md) | | No | Information on the app's source code and operations that can be run on it. | +| `additional_hosts` | An [additional hosts dictionary](/create-apps/image-properties/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | | `operations` | A [dictionary of Runtime operations](/create-apps/runtime-operations.md) | | No | Runtime operations for the application. | @@ -85,7 +89,7 @@ They are replaced by the `stack` key. {{% /note %}} -## Stack +## `stack` {#stack} Use the ``stack`` key to define which runtimes and binaries you want to install in your application container. Define them as a YAML array as follows: @@ -109,7 +113,7 @@ When using the {{% vendor/name %}} composable image, you don't need `nix` comman Everything you install using the `stack` key is readily available to you as the binaries are linked and included in `$PATH`. For instance, to [start a secondary runtime](#primary-runtime), -just issue the command (e.g. in the [`start` command](/create-apps/app-reference/composable-image.md#web-commands)) instead of the `nix run` command. +just issue the command (e.g. in the [`start` command](/create-apps/image-properties/web.md#web-commands)) instead of the `nix run` command. {{% /note %}} #### Primary runtime @@ -118,7 +122,7 @@ If you add multiple runtimes to your application container, the first declared runtime becomes the primary runtime. The primary runtime is the one that is automatically started. -To start other declared runtimes, you need to start them manually, using [web commands](#web-commands). +To start other declared runtimes, you need to start them manually, using [web commands](/create-apps/image-properties/web.md#web-commands). To find out which start command to use, go to the [Languages](/languages/_index.md) section, and visit the documentation page dedicated to your runtime. @@ -303,7 +307,7 @@ If you add multiple runtimes to your application container, the first declared runtime becomes the primary runtime. The primary runtime is the one that is automatically started. -To start other declared runtimes, you need to start them manually, using [web commands](#web-commands). +To start other declared runtimes, you need to start them manually, using [web commands](/create-apps/image-properties/web.md#web-commands). To find out which start command to use, go to the [Languages](/languages/_index.md) section, and visit the documentation page dedicated to your language. @@ -331,215 +335,6 @@ commands: {{% /note %}} -## Relationships - -To allow containers in your project to communicate with one another, -you need to define relationships between them. -You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). - -The quickest way to define a relationship between your app and a service -is to use the service's default endpoint.
-However, some services allow you to define multiple databases, cores, and/or permissions. -In these cases, you can't rely on default endpoints. -Instead, you can explicitly define multiple endpoints when setting up your relationships. - -{{< note >}} -App containers don't have a default endpoint like services. -To connect your app to another app in your project, -you need to explicitly define the `http` endpoint as the endpoint to connect both apps.
-For more information, see how to [define relationships between your apps](/create-apps/multi-app/relationships.md). -{{< /note >}} - -{{< note title="Availability" theme="info">}} - -New syntax (default and explicit endpoints) described below is supported by most, but not all, image types -(`Relationship 'SERVICE_NAME' of application 'myapp' ... targets a service without a valid default endpoint configuration.`). -This syntax is currently being rolled out for all images. -If you encounter this error, use the "legacy" {{% vendor/name %}} configuration noted at the bottom of this section. - -{{< /note >}} - -To define a relationship between your app and a service: - -{{< codetabs >}} - -+++ -title=Using default endpoints -+++ - -Use the following configuration: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - {{% variable "SERVICE_NAME" %}}: -``` - -The `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). -It is used as the relationship name, and associated with a `null` value. -This instructs {{% vendor/name %}} to use the service's default endpoint to connect your app to the service. - -For example, if you define the following configuration: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - mariadb: -``` - -{{% vendor/name %}} looks for a service named `mariadb` in your `{{% vendor/configfile "services" %}}` file, -and connects your app to it through the service's default endpoint. - -For reference, the equivalent configuration using explicit endpoints would be the following: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - mariadb: - service: mariadb - endpoint: mysql -``` - -You can define any number of relationships in this way: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - mariadb: - redis: - elasticsearch: -``` - -{{< note title="Tip" theme="info" >}} - -An even quicker way to define many relationships is to use the following single-line configuration: - -```yaml {configFile="services"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: {{{< variable "SERVICE_NAME_A" >}}, {{< variable "SERVICE_NAME_B" >}}, {{< variable "SERVICE_NAME_C" >}}} - -services: - {{< variable "SERVICE_NAME_A" >}}: - type: mariadb:{{% latest "mariadb" %}} - {{< variable "SERVICE_NAME_B" >}}: - type: redis:{{% latest "redis" %}} - {{< variable "SERVICE_NAME_C" >}}: - type: elasticsearch:{{% latest "elasticsearch" %}} -``` - -{{< /note >}} - -<---> - -+++ -title=Using explicit endpoints -+++ - -Use the following configuration: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - {{% variable "RELATIONSHIP_NAME" %}}: - service: {{% variable "SERVICE_NAME" %}} - endpoint: {{% variable "ENDPOINT_NAME" %}} -``` - -- `RELATIONSHIP_NAME` is the name you want to give to the relationship. -- `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). -- `ENDPOINT_NAME` is the endpoint your app will use to connect to the service (refer to the service reference to know which value to use). - -For example, to define a relationship named `database` that connects your app to a service called `mariadb` through the `db1` endpoint, -use the following configuration: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - database: # The name of the relationship. - service: mariadb - endpoint: db1 -``` - -For more information on how to handle multiple databases, multiple cores, -and/or different permissions with services that support such features, -see each service's dedicated page: - - - [MariaDB/MySQL](/add-services/mysql/_index.md#multiple-databases) (multiple databases and permissions) - - [PostgreSQL](/add-services/postgresql/_index.md#multiple-databases) (multiple databases and permissions) - - [Redis](/add-services/redis/_index.md#multiple-databases) (multiple databases) - - [Solr](add-services/solr/_index.md#solr-6-and-later) (multiple cores) - - [Vault KMS](add-services/vault.md#multiple-endpoints-example) (multiple permissions) - - You can add as many relationships as you want to your app configuration, - using both default and explicit endpoints according to your needs: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - database1: - service: mariadb - endpoint: admin - database2: - service: mariadb - endpoint: legacy - cache: - service: redis - search: - service: elasticsearch -``` - -{{< /codetabs >}} - -{{< note theme="info" title="Legacy" >}} - -The following legacy syntax for specifying relationships is still supported by {{% vendor/name %}}: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - : ":" - -services: - SERVICE_NAME_A: - type: mariadb:{{% latest "mariadb" %}} -``` - -For example: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - database: "db:mysql" - -services: - db: - type: mariadb:{{% latest "mariadb" %}} -``` - -Feel free to use this until the default and explicit endpoint syntax is supported on all images. - -{{< /note >}} - ## Available disk space Disk for application containers are not committed to YAML files, but instead managed over the API using either the @@ -554,980 +349,3 @@ You can decrease the size of an existing disk for an app. If you do so, be aware - Backups from before the downsize are incompatible and can no longer be used. You need to [create new backups](/environments/backup.md). - The downsize fails if there’s more data on the disk than the desired size. -## Mounts - -After your app is built, its file system is read-only. -To make changes to your app's code, you need to use Git. - -For enhanced flexibility, {{% vendor/name %}} allows you to define and use writable directories called "mounts". -Mounts give you write access to files generated by your app (such as cache and log files) -and uploaded files without going through Git. - -When you define a mount, you are mounting an external directory to your app container, -much like you would plug a hard drive into your computer to transfer data. - -{{% note %}} - -- Mounts aren't available during the build -- When you [back up an environment](/environments/backup.md), the mounts on that environment are backed up too - -{{% /note %}} - -### Define a mount - -To define a mount, use the following configuration: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "nodejs@{{% latest nodejs %}}" ] - mounts: - '{{< variable "MOUNT_PATH" >}}': - source: {{< variable "MOUNT_TYPE" >}} - source_path: {{< variable "SOURCE_PATH_LOCATION" >}} -``` - -{{< variable "MOUNT_PATH" >}} is the path to your mount **within the app container** (relative to the app's root). -If you already have a directory with that name, you get a warning that it isn't accessible after the build. -See how to [troubleshoot the warning](../troubleshoot-mounts.md#overlapping-folders). - -| Name | Type | Required | Description | -|---------------|--------------------------------|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `source` | `storage`, `tmp`, or `service` | Yes | Specifies the type of the mount:

- By design, `storage` mounts can be shared between instances of the same app. You can also configure them so they are [shared between different apps](#share-a-mount-between-several-apps).

-`instance` mounts are local mounts. Unique to your app, they are useful to store files that remain local to the app instance, such as application logs.

- `tmp` mounts are local ephemeral mounts, where an external directory is mounted to the `/tmp` directory of your app.
The content of a `tmp` mount **may be removed during infrastructure maintenance operations**. Therefore, `tmp` mounts allow you to **store files that you’re not afraid to lose**, such as your application cache that can be seamlessly rebuilt.
Note that the `/tmp` directory has **a maximum allocation of 8 GB**.

- `service` mounts can be useful if you want to explicitly define and use a [Network Storage](/add-services/network-storage.md) service to share data between different apps (instead of using a `storage` mount). | -| `source_path` | `string` | No | Specifies where the mount points **inside the [external directory](#mounts)**.

- If you explicitly set a `source_path`, your mount points to a specific subdirectory in the external directory.

- If the `source_path` is an empty string (`""`), your mount points to the entire external directory.

- If you don't define a `source_path`, {{% vendor/name %}} uses the {{< variable "MOUNT_PATH" >}} as default value, without leading or trailing slashes.
For example, if your mount lives in the `/web/uploads/` directory in your app container, it will point to a directory named `web/uploads` in the external directory.

**WARNING:** Changing the name of your mount affects the `source_path` when it's undefined. See [how to ensure continuity](#ensure-continuity-when-changing-the-name-of-your-mount) and maintain access to your files. | -| `service` | `string` | | The purpose of the `service` key depends on your use case.

In a multi-app context where a `storage` mount is shared between apps, `service` is required. Its value is the name of the app whose mount you want to share. See how to [share a mount between several apps](#share-a-mount-between-several-apps).

In a multi-app context where a [Network Storage service](/add-services/network-storage.md) (`service` mount) is shared between apps, `service` is required and specifies the name of that Network Storage. | - -The accessibility to the web of a mounted directory depends on the [`web.locations` configuration](#web). -Files can be all public, all private, or with different rules for different paths and file types. - -Note that when you remove a `tmp` mount from your `{{< vendor/configfile "app" >}}` file, -the mounted directory isn't deleted. -The files still exist on disk until manually removed, -or until the app container is moved to another host during a maintenance operation. - -### Example configuration - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "nodejs@{{% latest nodejs %}}" ] - mounts: - 'web/uploads': - source: storage - source_path: uploads - '/.tmp_platformsh': - source: tmp - source_path: files/.tmp_platformsh - '/build': - source: storage - source_path: files/build - '/.cache': - source: tmp - source_path: files/.cache - '/node_modules/.cache': - source: tmp - source_path: files/node_modules/.cache -``` - -### Ensure continuity when changing the name of your mount - -Changing the name of your mount affects the default `source_path`. - -Say you have a `/my/cache/` mount with an undefined `source_path`: - -```yaml {configFile="app"} -mounts: - '/my/cache/': - source: tmp -``` - -If you rename the mount to `/cache/files/`, it will point to a new, empty `/cache/files/` directory. - -To ensure continuity, you need to explicitly define the `source_path` as the previous name of the mount, without leading -or trailing slashes: - - ```yaml {configFile="app"} -mounts: - '/cache/files/': - source: tmp - source_path: my/cache -``` - -The `/cache/files/` mount will point to the original `/my/cache/` directory, maintaining access to all your existing -files in that directory. - -### Share a mount between several apps - -By design, [`storage` mounts](#mounts) are shared **between different instances of the same app**, -which enables [horizontal scaling](/manage-resources/_index.md). - -In a [multi-application context](/create-apps/multi-app/_index.md), -you can even share a `storage` mount **between different applications** in the same project. - -To do so, you need to define a `storage` mount in each of your app containers, -and point each of those mounts to the same shared external network directory. - -Use the following configuration: - -```yaml {configFile="app"} -applications: - app1: - mounts: - '{{< variable "MOUNT_PATH_1" >}}': - source: storage - source_path: {{< variable "SOURCE_PATH_LOCATION" >}} - - app2: - mounts: - '{{< variable "MOUNT_PATH_2" >}}': - source: storage - service: app1 - source_path: {{< variable "SOURCE_PATH_LOCATION" >}} -``` - -- {{< variable "MOUNT_PATH_1" >}} and {{< variable "MOUNT_PATH_2" >}} are the paths to each mount **within their - respective app container** (relative to the app's root). -- When configuring the first `storage` mount, you don't need to include the `service` key. - The first mount implicitly points to an external network directory. - The `service` key is required for subsequent mounts, to ensure they use the same external network directory as the - first mount. -- The `source_path` allows you to point each mount to the same subdirectory **within the shared external network - directory**. - -{{% note title = "Example" %}} - -You have a `backend` app and a `frontend` app. -You want both apps to share data from the same mount.
-Follow these steps: - -1. In your `backend` app configuration, define a `storage` mount: - - ```yaml {configFile="app"} - applications: - backend: - mounts: - var/uploads: #The path to your mount within the backend app container. - source: storage - source_path: backend/uploads #The path to the source of the mount within the external network directory. - ``` - - This creates a `storage` mount named `var/uploads` in the `backend` app container. - The mount points to the `backend/uploads` directory within an external network directory. - -2. In your `frontend` app configuration, define another `storage` mount: - - ```yaml {configFile="app"} - applications: - backend: - mounts: - var/uploads: - source: storage - source_path: backend/uploads - - frontend: - mounts: - web/uploads: #The path to your mount within the frontend app container. - source: storage - service: backend #The name of the other app, so the mount can point to the same external network directory as that other app's mount. - source_path: backend/uploads #The path to the source of the mount within the shared external network directory. - ``` - - This creates another `storage` mount named `web/uploads` in the `frontend` app container. - - The `service` key allows you to specify that the `web/uploads` mount should use the same external network directory - as the mount previously defined in the `backend` app container. - - The `source_path` key specifies which subdirectory within the external network directory both mounts should share ( - here, the `backend/uploads` directory). - -{{% /note %}} - -Note that another way to share data between apps through a mount is by -explicitly [defining a Network Storage service](/add-services/network-storage.md). - -### Local mounts - -If you need a local mount (i.e. unique per container), -{{% vendor/name %}} allows you to mount a directory within the `/tmp` directory of your app. -However, the following limitations apply: - -- Content from `tmp` mounts is removed when your app container is moved to another host during an infrastructure - maintenance operation -- The `/tmp` directory has a [maximum allocation of 8 GB](/create-apps/troubleshoot-disks.md#no-space-left-on-device) - -Therefore, `tmp` mounts are ideal to store non-critical data, such as your application cache which can be seamlessly -rebuilt, -but aren't suitable for storing files that are necessary for your app to run smoothly. - -Note that {{% vendor/name %}} will provide new local mounts in the near future. - -### Overlapping mounts - -The locations of mounts as they are visible to application containers can overlap somewhat. -For example: - -```yaml {configFile="app"} -applications: - myapp: - # ... - mounts: - 'var/cache_a': - source: storage - source_path: cacheA - 'var/cache_b': - source: tmp - source_path: cacheB - 'var/cache_c': - source: instance - source_path: cacheC -``` - -In this case, it does not matter that each mount is of a different `source` type. -Each mount is restricted to a subfolder within `var`, and all is well. - -The following, however, is not allowed and will result in a failure: - -```yaml {configFile="app"} -applications: - myapp: - # ... - mounts: - 'var/': - source: storage - source_path: cacheA - 'var/cache_b': - source: tmp - source_path: cacheB - 'var/cache_c': - source: instance - source_path: cacheC -``` - -The `storage` mount type specifically exists to share data between instances of the same application, whereas `tmp` and `instance` are meant to restrict data to build time and runtime of a single application instance, respectively. -These allowances are not compatible, and will result in an error if pushed. - -## Web - -Use the `web` key to configure the web server running in front of your app. - -| Name | Type | Required | Description | -|-------------|--------------------------------------------|-------------------------------|------------------------------------------------------| -| `commands` | A [web commands dictionary](#web-commands) | See [note](#required-command) | The command to launch your app. | -| `upstream` | An [upstream dictionary](#upstream) | | How the front server connects to your app. | -| `locations` | A [locations dictionary](#locations) | | How the app container responds to incoming requests. | - -See some [examples of how to configure what's served](../web/_index.md). - -### Web commands - -| Name | Type | Required | Description | -|--------------|----------|-------------------------------|-----------------------------------------------------------------------------------------------------| -| `pre_start` | `string` | | Command run just prior to `start`, which can be useful when you need to run _per-instance_ actions. | -| `start` | `string` | See [note](#required-command) | The command to launch your app. If it terminates, it's restarted immediately. | -| `post_start` | `string` | | Command runs **before** adding the container to the router and **after** the `start` command. | - -{{< note theme="info" >}} -The `post_start` feature is _experimental_ and may change. Please share your feedback in the -[{{% vendor/name %}} discord](https://discord.gg/platformsh). -{{< /note >}} - - -Example: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - web: - commands: - start: 'uwsgi --ini conf/server.ini' -``` - -This command runs every time your app is restarted, regardless of whether or not new code is deployed. - -{{< note >}} - -Never "background" a start process using `&`. -That's interpreted as the command terminating and the supervisor process starts a second copy, -creating an infinite loop until the container crashes. -Just run it as normal and allow the {{% vendor/name %}} supervisor to manage it. - -{{< /note >}} - -#### Required command - -On all containers other than PHP, the value for `start` should be treated as required. - -On PHP containers, it's optional and defaults to starting PHP-FPM (`/usr/bin/start-php-app`). -It can also be set explicitly on a PHP container to run a dedicated process, -such as [React PHP](https://github.com/platformsh-examples/platformsh-example-reactphp) -or [Amp](https://github.com/platformsh-examples/platformsh-example-amphp). -See how to set up [alternate start commands on PHP](/languages/php/_index.md#alternate-start-commands). - -### Upstream - -| Name | Type | Required | Description | Default | -|-----------------|---------------------|----------|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| -| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | Defaults to `tcp` for all [primary runtimes](#primary-runtime) except PHP; for PHP the default is `unix`. | -| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | Default varies based on the [primary runtimes](#primary-runtime). | - -For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. -For all other containers, the default for `protocol` is `http`. - -The following example is the default on non-PHP containers: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - web: - upstream: - socket_family: tcp - protocol: http -``` - -#### Where to listen - -Where to listen depends on your setting for `web.upstream.socket_family` (defaults to `tcp`). - -| `socket_family` | Where to listen | -|-----------------|---------------------------------------------------------------------------------------------------------------------------------------| -| `tcp` | The port specified by the [`PORT` environment variable](/development/variables/use-variables.md#use-provided-variables) | -| `unix` | The Unix socket file specified by the [`SOCKET` environment variable](/development/variables/use-variables.md#use-provided-variables) | - -If your application isn't listening at the same place that the runtime is sending requests, -you see `502 Bad Gateway` errors when you try to connect to your website. - -### Locations - -Each key in the `locations` dictionary is a path on your site with a leading `/`. -For `example.com`, a `/` matches `example.com/` and `/admin` matches `example.com/admin`. -When multiple keys match an incoming request, the most-specific applies. - -The following table presents possible properties for each location: - -| Name | Type | Default | Description | -|---------------------|------------------------------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `root` | `string` | | The directory to serve static assets for this location relative to the app's root directory ([see `source.root`](#source)). Must be an actual directory inside the root directory. | -| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | -| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | -| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. | -| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | -| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | -| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | -| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | -| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | - -#### Rules - -The rules dictionary can override most other keys according to a regular expression. -The key of each item is a regular expression to match paths exactly. -If an incoming request matches the rule, it's handled by the properties under the rule, -overriding any conflicting rules from the rest of the `locations` dictionary. - -Under `rules`, you can set all the other possible [`locations` properties](#locations) -except `root`, `index`, `rules` and `request_buffering`. - -In the following example, the `allow` key disallows requests for static files anywhere in the site. -This is overridden by a rule that explicitly allows common image file formats. - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - web: - locations: - '/': - # Handle dynamic requests - root: 'public' - passthru: '/index.php' - # Disallow static files - allow: false - rules: - # Allow common image files only. - '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': - allow: true -``` - -#### Request buffering - -Request buffering is enabled by default to handle chunked requests as most app servers don't support them. -The following table shows the keys in the `request_buffering` dictionary: - -| Name | Type | Required | Default | Description | -|--------------------|-----------|----------|---------|-------------------------------------------| -| `enabled` | `boolean` | Yes | `true` | Whether request buffering is enabled. | -| `max_request_size` | `string` | | `250m` | The maximum size to allow in one request. | - -The default configuration would look like this: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - web: - locations: - '/': - passthru: true - request_buffering: - enabled: true - max_request_size: 250m -``` - -## Workers - -Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](#hooks). -They use the same container image. - -Workers can't accept public requests and so are suitable only for background tasks. -If they exit, they're automatically restarted. - -The keys of the `workers` definition are the names of the workers. -You can then define how each worker differs from the `web` instance using -the [top-level properties](#primary-application-properties). - -Each worker can differ from the `web` instance in all properties _except_ for: - -- `crons` as cron jobs don't run on workers -- `hooks` as the `build` hook must be the same - and the `deploy` and `post_deploy` hooks don't run on workers. - -A worker named `queue` that was small and had a different start command could look like this: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - workers: - queue: - commands: - start: | - ./worker.sh -``` - -Workers require resource definition using `{{% vendor/cli %}} resources:set`, same as application containers. -For more information, see how to [manage resources](/manage-resources.md). - -## Access - -The `access` dictionary has one allowed key: - -| Name | Allowed values | Default | Description | -|-------|-------------------------------------|---------------|-----------------------------------------------------------------------| -| `ssh` | `admin`, `contributor`, or `viewer` | `contributor` | Defines the minimum role required to access app environments via SSH. | - -In the following example, only users with `admin` permissions for the -given [environment type](/administration/users.md#environment-type-roles) -can access the deployed environment via SSH: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - access: - ssh: admin -``` - -## Variables - -{{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). -Variables set in your app configuration have the lowest precedence, -meaning they're overridden by any conflicting values provided elsewhere. - -All variables set in your app configuration must have a prefix. -Some [prefixes have specific meanings](/development/variables/_index.md#variable-prefixes). - -Variables with the prefix `env` are available as a separate environment variable. -All other variables are available in -the [`PLATFORM_VARIABLES` environment variable](/development/variables/use-variables.md#use-provided-variables). - -The following example sets two variables: - -- A variable named `env:AUTHOR` with the value `Juan` that's available in the environment as `AUTHOR` -- A variable named `d8config:system.site:name` with the value `My site rocks` - that's available in the `PLATFORM_VARIABLES` environment variable - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - variables: - env: - AUTHOR: 'Juan' - d8config: - "system.site:name": 'My site rocks' -``` - -You can also define and access more [complex values](/development/variables/use-variables.md#access-complex-values). - -## Firewall - -{{< premium-features/tiered "Elite and Enterprise" >}} - -Set limits in outbound traffic from your app with no impact on inbound requests. - -The `outbound` key is required and contains one or more rules. -The rules define what traffic is allowed; anything unspecified is blocked. - -Each rule has the following properties where at least one is required and `ips` and `domains` can't be specified -together: - -| Name | Type | Default | Description | -|-----------|---------------------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `ips` | Array of `string`s | `["0.0.0.0/0"]` | IP addresses in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). See a [CIDR format converter](https://www.ipaddressguide.com/cidr). | -| `domains` | Array of `string`s | | [Fully qualified domain names](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) to specify specific destinations by hostname. | -| `ports` | Array of `integer`s | | Ports from 1 to 65535 that are allowed. If any ports are specified, all unspecified ports are blocked. If no ports are specified, all ports are allowed. Port `25`, the SMTP port for sending email, is always blocked. | - -The default settings would look like this: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - firewall: - outbound: - - ips: [ "0.0.0.0/0" ] -``` - -### Support for rules - -Where outbound rules for firewalls are supported in all environments. - -### Multiple rules - -Multiple firewall rules can be specified. -In such cases, a given outbound request is allowed if it matches _any_ of the defined rules. - -So in the following example requests to any IP on port 80 are allowed -and requests to 1.2.3.4 on either port 80 or 443 are allowed: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - firewall: - outbound: - - ips: [ "1.2.3.4/32" ] - ports: [ 443 ] - - ports: [ 80 ] -``` - -### Outbound traffic to CDNs - -Be aware that many services are behind a content delivery network (CDN). -For most CDNs, routing is done via domain name, not IP address, -so thousands of domain names may share the same public IP addresses at the CDN. -If you allow the IP address of a CDN, you are usually allowing many or all of the other customers hosted behind that -CDN. - -### Outbound traffic by domain - -You can filter outbound traffic by domain. -Using domains in your rules rather than IP addresses is generally more specific and secure. -For example, if you use an IP address for a service with a CDN, -you have to allow the IP address for the CDN. -This means that you allow potentially hundreds or thousands of other servers also using the CDN. - -An example rule filtering by domain: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "python@{{% latest python %}}" ] - firewall: - outbound: - - protocol: tcp - domains: [ "api.stripe.com", "api.twilio.com" ] - ports: [ 80, 443 ] - - protocol: tcp - ips: [ "1.2.3.4/29","2.3.4.5" ] - ports: [ 22 ] -``` - -#### Determine which domains to allow - -To determine which domains to include in your filtering rules, -find the domains your site has requested the DNS to resolve. -Run the following command to parse your server’s `dns.log` file -and display all Fully Qualified Domain Names that have been requested: - -```bash -awk '/query\[[^P]\]/ { print $6 | "sort -u" }' /var/log/dns.log -``` - -The output includes all DNS requests that were made, including those blocked by your filtering rules. -It doesn't include any requests made using an IP address. - -Example output: - -```bash -facebook.com -fastly.com -upsun.com -www.google.com -www.upsun.com -``` -## Hooks - -There are three different hooks that run as part of the process of building and deploying your app. -These are places where you can run custom scripts. -They are: the `build` hook, the `deploy` hook, and the `post_deploy` hook. -Only the `build` hook is run for [worker instances](#workers), while [web instances](#web) run all three. - -The process is ordered as: - -1. Variables accessible at build time become available. -1. The `build` hook is run. -1. The file system is changed to read only (except for any [mounts](#mounts)). -1. The app container starts. Variables accessible at runtime and services become available. -1. The `deploy` hook is run. -1. The app container begins accepting requests. -1. The `post_deploy` hook is run. - -Note that if an environment changes by no code changes, only the last step is run. -If you want the entire process to run, see how -to [manually trigger builds](/development/troubleshoot.md#manually-trigger-builds). - -### Writable directories during build - -During the `build` hook, there are three writeable directories: - -- `PLATFORM_APP_DIR`: - Where your code is checked out and the working directory when the `build` hook starts. - Becomes the app that gets deployed. -- `PLATFORM_CACHE_DIR`: - Persists between builds, but isn't deployed. - Shared by all builds on all branches. -- `/tmp`: - Isn't deployed and is wiped between each build. - Note that `PLATFORM_CACHE_DIR` is mapped to `/tmp` - and together they offer about 8GB of free space. - -### Hook failure - -Each hook is executed as a single script, so they're considered to have failed only if the final command in them fails. -To cause them to fail on the first failed command, add `set -e` to the beginning of the hook. - -If a `build` hook fails for any reason, the build is aborted and the deploy doesn't happen. -Note that this only works for `build` hooks -- -if other hooks fail, the app is still deployed. - -#### Automated testing - -It’s preferable that you set up and run automated tests in a dedicated CI/CD tool. -Relying on {{% vendor/name %}} hooks for such tasks can prove difficult. - -During the `build` hook, you can halt the deployment on a test failure but the following limitations apply: - -- Access to services such as databases, Redis, Vault KMS, and even writable mounts is disabled. - So any testing that relies on it is sure to fail. -- If you haven’t made changes to your app, an existing build image is reused and the build hook isn’t run. -- Test results are written into your app container, so they might get exposed to a third party. - -During the `deploy` hook, you can access services but **you can’t halt the deployment based on a test failure**. -Note that there are other downsides: - -- Your app container is read-only during the deploy hook, - so if your tests need to write reports and other information, you need to create a file mount for them. -- Your app can only be deployed once the deploy hook has been completed. - Therefore, running automated testing via the deploy hook generates slower deployments. -- Your environment isn’t available externally during the deploy hook. - Unit and integration testing might work without the environment being available, - but you can’t typically perform end-to-end testing until after the environment is up and available. - -## Crons - -The keys of the `crons` definition are the names of the cron jobs. -The names must be unique. - -If an application defines both a `web` instance and `worker` instances, cron jobs run only on the `web` instance. - -See how to [get cron logs](/increase-observability/logs/access-logs.md#container-logs). - -The following table shows the properties for each job: - -| Name | Type | Required | Description | -|--------------------|----------------------------------------------|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time. | -| `commands` | A [cron commands dictionary](#cron-commands) | Yes | A definition of what commands to run when starting and stopping the cron job. | -| `shutdown_timeout` | `integer` | No | When a cron is canceled, this represents the number of seconds after which a `SIGKILL` signal is sent to the process to force terminate it. The default is `10` seconds. | -| `timeout` | `integer` | No | The maximum amount of time a cron can run before it's terminated. Defaults to the maximum allowed value of `86400` seconds (24 hours). | - -Note that you can [cancel pending or running crons](/environments/cancel-activity.md). - - -### Cron commands - -| Name | Type | Required | Description | -|---------|----------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `start` | `string` | Yes | The command that's run. It's run in [Dash](https://en.wikipedia.org/wiki/Almquist_shell). | -| `stop` | `string` | No | The command that's issued to give the cron command a chance to shutdown gracefully, such as to finish an active item in a list of tasks. Issued when a cron task is interrupted by a user through the CLI or Console. If not specified, a `SIGTERM` signal is sent to the process. | - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "nodejs@{{% latest nodejs %}}" ] - crons: - mycommand: - spec: 'H * * * *' - commands: - start: sleep 60 && echo sleep-60-finished && date - stop: killall sleep - shutdown_timeout: 18 -``` - -In this example configuration, the [cron specification](#crons) uses the `H` syntax. - -### Example cron jobs - - -{{< codetabs >}} - -+++ -title=Drupal -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "php@{{% latest php %}}" ] -crons: - # Run Drupal's cron tasks every 19 minutes. - drupal: - spec: '*/19 * * * *' - commands: - start: 'cd web ; drush core-cron' - # But also run pending queue tasks every 7 minutes. - # Use an odd number to avoid running at the same time as the `drupal` cron. - drush-queue: - spec: '*/7 * * * *' - commands: - start: 'cd web ; drush queue-run aggregator_feeds' -{{< /snippet >}} -``` - -<---> - -+++ -title=Ruby on Rails -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "ruby@{{% latest ruby %}}" ] -crons: - # Execute a rake script every 19 minutes. - ruby: - spec: '*/19 * * * *' - commands: - start: 'bundle exec rake some:task' -{{< /snippet >}} -``` - -<---> - -+++ -title=Laravel -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "php@{{% latest php %}}" ] -crons: - # Run Laravel's scheduler every 5 minutes. - scheduler: - spec: '*/5 * * * *' - commands: - start: 'php artisan schedule:run' -{{< /snippet >}} -``` - -<---> - -+++ -title=Symfony -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -stack: [ "php@{{% latest php %}}" ] -crons: - # Take a backup of the environment every day at 5:00 AM. - snapshot: - spec: 0 5 * * * - commands: - start: | - # Only run for the production environment, aka main branch - if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then - croncape symfony ... - fi -{{< /snippet >}} -``` - -{{< /codetabs >}} - - -### Conditional crons - -If you want to set up customized cron schedules depending on the environment type, -define conditional crons. -To do so, use a configuration similar to the following: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "php@{{% latest php %}}" ] - crons: - update: - spec: '0 0 * * *' - commands: - start: | - if [ "$PLATFORM_ENVIRONMENT_TYPE" = production ]; then - {{% vendor/cli %}} backup:create --yes --no-wait - {{% vendor/cli %}} source-operation:run update --no-wait --yes - fi -``` - -### Cron job timing - -The minimum time between cron jobs being triggered is 5 minutes. - -For each app container, only one cron job can run at a time. -If a new job is triggered while another is running, the new job is paused until the other completes. - -To minimize conflicts, a random offset is applied to all triggers. -The offset is a random number of seconds up to 20 minutes or the cron frequency, whichever is smaller. - -Crons are also paused while activities such as [backups](/environments/backup.md) are running. -The crons are queued to run after the other activity finishes. - -To run cron jobs in a timezone other than UTC, set the [timezone property](#primary-application-properties). - -### Paused crons - -[Preview environments](/glossary.md#preview-environment) are often used for a limited time and then abandoned. -While it's useful for environments under active development to have scheduled tasks, -unused environments don't need to run cron jobs. -To minimize unnecessary resource use, -crons on environments with no deployments are paused. - -This affects all preview environments, _and_ production environment that do not yet have a domain attached to them. - -Such environments with deployments within 14 days have crons with the status `running`. -If there haven't been any deployments within 14 days, the status is `paused`. - -You can see the status in the Console -or using the CLI by running `{{% vendor/cli %}} environment:info` and looking under `deployment_state`. - -#### Restarting paused crons - -If the crons on your preview environment are paused but you're still using them, -you can push changes to the environment or redeploy it. - -To restart crons without changing anything: - -{{< codetabs >}} - -+++ -title=In the Console -+++ - -1. In the Console, navigate to your project. -1. Open the environment where you'd like the crons to run. -1. Click `Redeploy` next to the cron status of `Paused`. - -<---> - -+++ -title=Using the CLI -+++ - -Run the following command: - -```bash -{{% vendor/cli %}} redeploy -``` - -{{< /codetabs >}} - -### Sizing hints - -The following table shows the properties that can be set in `sizing_hints`: - -| Name | Type | Default | Minimum | Description | -|-------------------|-----------|---------|---------|------------------------------------------------| -| `request_memory` | `integer` | 45 | 10 | The average memory consumed per request in MB. | -| `reserved_memory` | `integer` | 70 | 70 | The amount of memory reserved in MB. | - -See more about [PHP-FPM workers and sizing](/languages/php/fpm.md). - -## Source - -The following table shows the properties that can be set in `source`: - -| Name | Type | Required | Description | -|--------------|--------------------------|----------|-----------------------------------------------------------------------------------------------------------------------------------| -| `operations` | An operations dictionary | | Operations that can be applied to the source code. See [source operations](../source-operations.md) | -| `root` | `string` | | The path where the app code lives. Defaults to the root project directory. Useful for [multi-app setups](../multi-app/_index.md). | - -## Container profile - -By default, {{% vendor/name %}} allocates a container profile to each app and service depending on the range of resources it’s -expected to need. - -Each container profile gives you access to a specific list of CPU and RAM combinations. -Using the {{% vendor/name %}} CLI or Console, you can then pick a CPU and RAM combination for each of your apps and services. - -- [Container profile types and resources](/manage-resources/adjust-resources.md#advanced-container-profiles) -- [Default container profiles](/manage-resources/adjust-resources.md#default-container-profiles) for runtime and service - containers -- [Customize resources using the `container_profile` key](/manage-resources/adjust-resources.md#adjust-a-container-profile) - -## Additional hosts - -If you're using a private network with specific IP addresses you need to connect to, -you might want to map those addresses to hostnames to better remember and organize them. -In such cases, you can add a map of those IP addresses to whatever hostnames you like. -Then when your app tries to access the hostname, it's sent to the proper IP address. - -So in the following example, if your app tries to access `api.example.com`, it's sent to `192.0.2.23`. - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - stack: [ "php@{{% latest php %}}" ] - additional_hosts: - api.example.com: "192.0.2.23" - web.example.com: "203.0.113.42" -``` - -This is equivalent to adding the mapping to the `/etc/hosts` file for the container. diff --git a/sites/upsun/src/create-apps/app-reference/single-runtime-image.md b/sites/upsun/src/create-apps/app-reference/single-runtime-image.md index 08b4888ed6..d7fdfdb013 100644 --- a/sites/upsun/src/create-apps/app-reference/single-runtime-image.md +++ b/sites/upsun/src/create-apps/app-reference/single-runtime-image.md @@ -37,25 +37,29 @@ and `backend` above). The column _Set in instance?_ defines whether the given property can be overridden within a `web` or `workers` instance. To override any part of a property, you have to provide the entire property. + +- **Note:** Several properties (for example, `size`, `relationships`, `mounts`) are available in both single-runtime and composable images. Clicking the link for their details leads to a separate topic for that property. Properties that are unique to this image type are described in this topic. + + | Name | Type | Required | Set in instance? | Description | |---------------------|--------------------------------------------------------------------------------------------|----------|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `type` | A [type](#types) | Yes | No | The base image to use with a specific app language. Format: `runtime:version`. | -| `container_profile` | A [container profile](/manage-resources/adjust-resources.md#advanced-container-profiles) | | Yes | Container profile of the application. | -| `relationships` | A dictionary of [relationships](/create-apps/app-reference/relationships.md) | | Yes | Connections to other services and apps. | -| `mounts` | A dictionary of [mounts](/create-apps/app-reference/mounts.md) | | Yes | Directories that are writable even after the app is built. Allocated disk for mounts is defined with a separate resource configuration call using `{{% vendor/cli %}} resources:set`. | +| `container_profile` | A [container profile](/create-apps/image-properties/container_profile.md) | | Yes | Container profile of the application. | +| `relationships` | A dictionary of [relationships](/create-apps/image-properties/relationships.md) | | Yes | Connections to other services and apps. | +| `mounts` | A dictionary of [mounts](/create-apps/image-properties/mounts.md) | | Yes | Directories that are writable even after the app is built. Allocated disk for mounts is defined with a separate resource configuration call using `{{% vendor/cli %}} resources:set`. | | `web` | A [web instance](#web) | | N/A | How the web application is served. | -| `workers` | A [worker instance](#workers) | | N/A | Alternate copies of the application to run as background processes. | +| `workers` | A [worker instance](/create-apps/image-properties/workers.md) | | N/A | Alternate copies of the application to run as background processes. | | `timezone` | `string` | | No | The timezone for crons to run. Format: a [TZ database name](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). Defaults to `UTC`, which is the timezone used for all logs no matter the value here. See also [app runtime timezones](../timezone.md) | -| `access` | An [access dictionary](#access) | | Yes | Access control for roles accessing app environments. | -| `variables` | A [variables dictionary](#variables) | | Yes | Variables to control the environment. | -| `firewall` | A [firewall dictionary](#firewall) | | Yes | Outbound firewall rules for the application. | +| `access` | An [access dictionary](/create-apps/image-properties/access.md) | | Yes | Access control for roles accessing app environments. | +| `variables` | A [variables dictionary](/create-apps/image-properties/variables.md) | | Yes | Variables to control the environment. | +| `firewall` | A [firewall dictionary](/create-apps/image-properties/firewall.md) | | Yes | Outbound firewall rules for the application. | | `build` | A [build dictionary](#build) | | No | What happens when the app is built. | | `dependencies` | A [dependencies dictionary](#dependencies) | | No | What global dependencies to install before the `build` hook is run. | -| `hooks` | A [hooks dictionary](#hooks) | | No | What commands run at different stages in the build and deploy process. | -| `crons` | A [cron dictionary](#crons) | | No | Scheduled tasks for the app. | -| `source` | A [source dictionary](#source) | | No | Information on the app's source code and operations that can be run on it. | +| `hooks` | A [hooks dictionary](/create-apps/image-properties/hooks.md) | | No | What commands run at different stages in the build and deploy process. | +| `crons` | A [cron dictionary](/create-apps/image-properties/crons.md) | | No | Scheduled tasks for the app. | +| `source` | A [source dictionary](/create-apps/image-properties/source.md) | | No | Information on the app's source code and operations that can be run on it. | | `runtime` | A [runtime dictionary](#runtime) | | No | Customizations to your PHP runtime. | -| `additional_hosts` | An [additional hosts dictionary](/create-apps/app-reference/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | +| `additional_hosts` | An [additional hosts dictionary](/create-apps/image-properties/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | | `operations` | A [dictionary of Runtime operations](/create-apps/runtime-operations.md) | | No | Runtime operations for the application. | ## Root directory @@ -78,7 +82,7 @@ to the above. To specify another directory, for example for a [multi-app project](../multi-app/_index.md), use the [`source.root` property](#source). -## Types +## `type` {#types} {{% note theme="info" %}} You can now use the {{% vendor/name %}} composable image (BETA) to install runtimes and tools in your application container. @@ -126,225 +130,14 @@ applications: - "python@3.12" - "python312Packages.yq" # python package specific ``` - + ## Resources Resources for application containers are not committed to YAML files, but instead managed over the API using either the Console or the `{{% vendor/cli %}} resources:set` command. For more information, see how to [manage resources](/manage-resources.md). - - -## Relationships - -To allow containers in your project to communicate with one another, -you need to define relationships between them. -You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). - -The quickest way to define a relationship between your app and a service -is to use the service's default endpoint.
-However, some services allow you to define multiple databases, cores, and/or permissions. -In these cases, you can't rely on default endpoints. -Instead, you can explicitly define multiple endpoints when setting up your relationships. - -{{< note >}} -App containers don't have a default endpoint like services. -To connect your app to another app in your project, -you need to explicitly define the `http` endpoint as the endpoint to connect both apps.
-For more information, see how to [define relationships between your apps](/create-apps/multi-app/relationships.md). -{{< /note >}} - -{{< note title="Availability" theme="info">}} - -New syntax (default and explicit endpoints) described below is supported by most, but not all, image types -(`Relationship 'SERVICE_NAME' of application 'app' ... targets a service without a valid default endpoint configuration.`). -This syntax is currently being rolled out for all images. -If you encounter this error, use the "legacy" {{% vendor/name %}} configuration noted at the bottom of this section. - -{{< /note >}} - -To define a relationship between your app and a service: - -{{< codetabs >}} - -+++ -title=Using default endpoints -+++ - -Use the following configuration: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - {{% variable "SERVICE_NAME" %}}: -``` - -The `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). -It is used as the relationship name, and associated with a `null` value. -This instructs {{% vendor/name %}} to use the service's default endpoint to connect your app to the service. - -For example, if you define the following configuration: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - mariadb: -``` - -{{% vendor/name %}} looks for a service named `mariadb` in your `{{% vendor/configfile "services" %}}` file, -and connects your app to it through the service's default endpoint. - -For reference, the equivalent configuration using explicit endpoints would be the following: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - mariadb: - service: mariadb - endpoint: mysql -``` - -You can define any number of relationships in this way: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - mariadb: - redis: - elasticsearch: -``` - -{{< note title="Tip" theme="info" >}} - -An even quicker way to define many relationships is to use the following single-line configuration: - -```yaml {configFile="services"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: {{{< variable "SERVICE_NAME_A" >}}, {{< variable "SERVICE_NAME_B" >}}, {{< variable "SERVICE_NAME_C" >}}} - -services: - {{< variable "SERVICE_NAME_A" >}}: - type: mariadb:{{% latest "mariadb" %}} - {{< variable "SERVICE_NAME_B" >}}: - type: redis:{{% latest "redis" %}} - {{< variable "SERVICE_NAME_C" >}}: - type: elasticsearch:{{% latest "elasticsearch" %}} -``` - -{{< /note >}} - -<---> - -+++ -title=Using explicit endpoints -+++ - -Use the following configuration: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - {{% variable "RELATIONSHIP_NAME" %}}: - service: {{% variable "SERVICE_NAME" %}} - endpoint: {{% variable "ENDPOINT_NAME" %}} -``` - -- `RELATIONSHIP_NAME` is the name you want to give to the relationship. -- `SERVICE_NAME` is the name of the service as defined in its [configuration](/add-services/_index.md). -- `ENDPOINT_NAME` is the endpoint your app will use to connect to the service (refer to the service reference to know which value to use). - -For example, to define a relationship named `database` that connects your app to a service called `mariadb` through the `db1` endpoint, -use the following configuration: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - database: # The name of the relationship. - service: mariadb - endpoint: db1 -``` - -For more information on how to handle multiple databases, multiple cores, -and/or different permissions with services that support such features, -see each service's dedicated page: - - - [MariaDB/MySQL](/add-services/mysql/_index.md#multiple-databases) (multiple databases and permissions) - - [PostgreSQL](/add-services/postgresql/_index.md#multiple-databases) (multiple databases and permissions) - - [Redis](/add-services/redis/_index.md#multiple-databases) (multiple databases) - - [Solr](add-services/solr/_index.md#solr-6-and-later) (multiple cores) - - [Vault KMS](add-services/vault.md#multiple-endpoints-example) (multiple permissions) - - You can add as many relationships as you want to your app configuration, - using both default and explicit endpoints according to your needs: - -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - database1: - service: mariadb - endpoint: admin - database2: - service: mariadb - endpoint: legacy - cache: - service: redis - search: - service: elasticsearch -``` - -{{< /codetabs >}} - -{{< note theme="info" title="Legacy" >}} - -The following legacy syntax for specifying relationships is still supported by {{% vendor/name %}}: -```yaml {configFile="app"} -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - : ":" - -services: - SERVICE_NAME_A: - type: mariadb:{{% latest "mariadb" %}} -``` - -For example: - -```yaml -applications: - {{% variable "APP_NAME" %}}: - # ... - relationships: - database: "db:mysql" - -services: - db: - type: mariadb:{{% latest "mariadb" %}} -``` - -Feel free to use this until the default and explicit endpoint syntax is supported on all images. - -{{< /note >}} - - ## Available disk space Disk for application containers are not committed to YAML files, but instead managed over the API using either the @@ -358,642 +151,8 @@ You can decrease the size of an existing disk for an app. If you do so, be aware - Backups from before the downsize are incompatible and can no longer be used. You need to [create new backups](/environments/backup.md). - The downsize fails if there’s more data on the disk than the desired size. - - -## Mounts - -After your app is built, its file system is read-only. -To make changes to your app's code, you need to use Git. - -For enhanced flexibility, {{% vendor/name %}} allows you to define and use writable directories called "mounts". -Mounts give you write access to files generated by your app (such as cache and log files) -and uploaded files without going through Git. - -When you define a mount, you are mounting an external directory to your app container, -much like you would plug a hard drive into your computer to transfer data. - -{{% note %}} - -- Mounts aren't available during the build -- When you [back up an environment](/environments/backup.md), the mounts on that environment are backed up too - -{{% /note %}} - -### Define a mount - -To define a mount, use the following configuration: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: nodejs:{{% latest "nodejs" %}} - mounts: - '{{< variable "MOUNT_PATH" >}}': - source: {{< variable "MOUNT_TYPE" >}} - source_path: {{< variable "SOURCE_PATH_LOCATION" >}} -``` - -{{< variable "MOUNT_PATH" >}} is the path to your mount **within the app container** (relative to the app's root). -If you already have a directory with that name, you get a warning that it isn't accessible after the build. -See how to [troubleshoot the warning](../troubleshoot-mounts.md#overlapping-folders). - -| Name | Type | Required | Description | -| ------------- | -------------------- | -------- | ----------- | -| `source` | `storage`, `instance`, `tmp` (also called `temporary`), or `service` | Yes | Specifies the type of the mount:

- By design, `storage` mounts can be shared between instances of the same app. You can also configure them so they are [shared between different apps](#share-a-mount-between-several-apps).

-`instance` mounts are local mounts. Unique to your app, they are useful to store files that remain local to the app instance, such as application logs.

- `tmp` (or `temporary`) mounts are local ephemeral mounts, where an external directory is mounted to the `/tmp` directory of your app.
The content of a `tmp` mount **may be removed during infrastructure maintenance operations**. Therefore, `tmp` mounts allow you to **store files that you’re not afraid to lose**, such as your application cache that can be seamlessly rebuilt.
Note that the `/tmp` directory has **a maximum allocation of 8 GB**.

- `service` mounts can be useful if you want to explicitly define and use a [Network Storage](/add-services/network-storage.md) service to share data between different apps (instead of using a `storage` mount).| -| `source_path` | `string` | No | Specifies where the mount points **inside the [external directory](#mounts)**.

- If you explicitly set a `source_path`, your mount points to a specific subdirectory in the external directory.

- If the `source_path` is an empty string (`""`), your mount points to the entire external directory.

- If you don't define a `source_path`, {{% vendor/name %}} uses the {{< variable "MOUNT_PATH" >}} as default value, without leading or trailing slashes.
For example, if your mount lives in the `/web/uploads/` directory in your app container, it will point to a directory named `web/uploads` in the external directory.

**WARNING:** Changing the name of your mount affects the `source_path` when it's undefined. See [how to ensure continuity](#ensure-continuity-when-changing-the-name-of-your-mount) and maintain access to your files. | -| `service` | `string` | | The purpose of the `service` key depends on your use case.

In a multi-app context where a `storage` mount is shared between apps, `service` is required. Its value is the name of the app whose mount you want to share. See how to [share a mount between several apps](#share-a-mount-between-several-apps).

In a multi-app context where a [Network Storage service](/add-services/network-storage.md) (`service` mount) is shared between apps, `service` is required and specifies the name of that Network Storage. | - -The accessibility to the web of a mounted directory depends on the [`web.locations` configuration](#web). -Files can be all public, all private, or with different rules for different paths and file types. - -Note that when you remove a `tmp` mount from your `{{< vendor/configfile "app" >}}` file, -the mounted directory isn't deleted. -The files still exist on disk until manually removed, -or until the app container is moved to another host during a maintenance operation. - -### Example configuration - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: nodejs:20 - mounts: - 'web/uploads': - source: storage - source_path: uploads - '/.tmp_platformsh': - source: tmp - source_path: files/.tmp_platformsh - '/build': - source: storage - source_path: files/build - '/.cache': - source: tmp - source_path: files/.cache - '/node_modules/.cache': - source: tmp - source_path: files/node_modules/.cache -``` - -### Ensure continuity when changing the name of your mount - -Changing the name of your mount affects the default `source_path`. - -Say you have a `/my/cache/` mount with an undefined `source_path`: - -```yaml {configFile="app"} -applications: - myapp: - mounts: - '/my/cache/': - source: tmp -``` - -If you rename the mount to `/cache/files/`, it will point to a new, empty `/cache/files/` directory. - -To ensure continuity, you need to explicitly define the `source_path` as the previous name of the mount, without leading -or trailing slashes: - - ```yaml {configFile="app"} -applications: - myapp: - mounts: - '/cache/files/': - source: tmp - source_path: my/cache -``` - -The `/cache/files/` mount will point to the original `/my/cache/` directory, maintaining access to all your existing -files in that directory. - -### Share a mount between several apps - -By design, [`storage` mounts](#mounts) are shared **between different instances of the same app**, -which enables [horizontal scaling](/manage-resources/_index.md). - -In a [multi-application context](/create-apps/multi-app/_index.md), -you can even share a `storage` mount **between different applications** in the same project. - -To do so, you need to define a `storage` mount in each of your app containers, -and point each of those mounts to the same shared external network directory. - -Use the following configuration: - -```yaml {configFile="app"} -applications: - app1: - mounts: - '{{< variable "MOUNT_PATH_1" >}}': - source: storage - source_path: {{< variable "SOURCE_PATH_LOCATION" >}} - - app2: - mounts: - '{{< variable "MOUNT_PATH_2" >}}': - source: storage - service: app1 - source_path: {{< variable "SOURCE_PATH_LOCATION" >}} -``` - -- {{< variable "MOUNT_PATH_1" >}} and {{< variable "MOUNT_PATH_2" >}} are the paths to each mount **within their - respective app container** (relative to the app's root). -- When configuring the first `storage` mount, you don't need to include the `service` key. - The first mount implicitly points to an external network directory. - The `service` key is required for subsequent mounts, to ensure they use the same external network directory as the - first mount. -- The `source_path` allows you to point each mount to the same subdirectory **within the shared external network - directory**. - -{{% note title = "Example" %}} - -You have a `backend` app and a `frontend` app. -You want both apps to share data from the same mount.
-Follow these steps: - -1. In your `backend` app configuration, define a `storage` mount: - - ```yaml {configFile="app"} - applications: - backend: - mounts: - var/uploads: #The path to your mount within the backend app container. - source: storage - source_path: backend/uploads #The path to the source of the mount within the external network directory. - ``` - - This creates a `storage` mount named `var/uploads` in the `backend` app container. - The mount points to the `backend/uploads` directory within an external network directory. - -2. In your `frontend` app configuration, define another `storage` mount: - - ```yaml {configFile="app"} - applications: - applications: - backend: - mounts: - var/uploads: - source: storage - source_path: backend/uploads - - frontend: - mounts: - web/uploads: #The path to your mount within the frontend app container. - source: storage - service: backend #The name of the other app, so the mount can point to the same external network directory as that other app's mount. - source_path: backend/uploads #The path to the source of the mount within the shared external network directory. - ``` - - This creates another `storage` mount named `web/uploads` in the `frontend` app container. - - The `service` key allows you to specify that the `web/uploads` mount should use the same external network directory - as the mount previously defined in the `backend` app container. - - The `source_path` key specifies which subdirectory within the external network directory both mounts should share ( - here, the `backend/uploads` directory). - -{{% /note %}} - -Note that another way to share data between apps through a mount is by -explicitly [defining a Network Storage service](/add-services/network-storage.md). - -### Overlapping mounts - -The locations of mounts as they are visible to application containers can overlap somewhat. -For example: - -```yaml {configFile="app"} -applications: - myapp: - # ... - mounts: - 'var/cache_a': - source: storage - source_path: cacheA - 'var/cache_b': - source: tmp - source_path: cacheB - 'var/cache_c': - source: instance - source_path: cacheC -``` - -In this case, it does not matter that each mount is of a different `source` type. -Each mount is restricted to a subfolder within `var`, and all is well. - -The following, however, is not allowed and will result in a failure: - -```yaml {configFile="app"} -applications: - myapp: - # ... - mounts: - 'var/': - source: storage - source_path: cacheA - 'var/cache_b': - source: tmp - source_path: cacheB - 'var/cache_c': - source: instance - source_path: cacheC -``` - -The `storage` mount type specifically exists to share data between instances of the same application, whereas `tmp` and `instance` are meant to restrict data to build time and runtime of a single application instance, respectively. -These allowances are not compatible, and will result in an error if pushed. - - -## Web - -Use the `web` key to configure the web server running in front of your app. -Defaults may vary with a different [image `type`](#types). - -| Name | Type | Required | Description | -|-------------|--------------------------------------------|-------------------------------|------------------------------------------------------| -| `commands` | A [web commands dictionary](#web-commands) | See [note](#required-command) | The command to launch your app. | -| `upstream` | An [upstream dictionary](#upstream) | | How the front server connects to your app. | -| `locations` | A [locations dictionary](#locations) | | How the app container responds to incoming requests. | - -See some [examples of how to configure what's served](../web/_index.md). - -### Web commands - -| Name | Type | Required | Description | -|--------------|----------|-------------------------------|-----------------------------------------------------------------------------------------------------| -| `pre_start` | `string` | | Command run just prior to `start`, which can be useful when you need to run _per-instance_ actions. | -| `start` | `string` | See [note](#required-command) | The command to launch your app. If it terminates, it's restarted immediately. | -| `post_start` | `string` | | Command runs **before** adding the container to the router and **after** the `start` command. | - -{{< note theme="info" >}} -The `post_start` feature is _experimental_ and may change. Please share your feedback in the -[{{% vendor/name %}} discord](https://discord.gg/platformsh). -{{< /note >}} - -Example: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - web: - commands: - start: 'uwsgi --ini conf/server.ini' -``` - -This command runs every time your app is restarted, regardless of whether or not new code is deployed. - -{{< note >}} - -Never "background" a start process using `&`. -That's interpreted as the command terminating and the supervisor process starts a second copy, -creating an infinite loop until the container crashes. -Just run it as normal and allow the {{% vendor/name %}} supervisor to manage it. - -{{< /note >}} - -#### Required command - -On all containers other than PHP, the value for `start` should be treated as required. - -On PHP containers, it's optional and defaults to starting PHP-FPM (`/usr/bin/start-php-app`). -It can also be set explicitly on a PHP container to run a dedicated process, -such as [React PHP](https://github.com/platformsh-examples/platformsh-example-reactphp) -or [Amp](https://github.com/platformsh-examples/platformsh-example-amphp). -See how to set up [alternate start commands on PHP](/languages/php/_index.md#alternate-start-commands). - -### Upstream - -| Name | Type | Required | Description | Default | -|-----------------|---------------------|----------|-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| -| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | Defaults to `tcp` for all [image types](#types) except PHP; for PHP image types the default is `unix`. | -| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | Default varies based on [image `type`](#types). | - -For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. -For all other containers, the default for `protocol` is `http`. - -The following example is the default on non-PHP containers: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - web: - upstream: - socket_family: tcp - protocol: http -``` - -#### Where to listen - -Where to listen depends on your setting for `web.upstream.socket_family` (defaults to `tcp`). - -| `socket_family` | Where to listen | -|-----------------|---------------------------------------------------------------------------------------------------------------------------------------| -| `tcp` | The port specified by the [`PORT` environment variable](/development/variables/use-variables.md#use-provided-variables) | -| `unix` | The Unix socket file specified by the [`SOCKET` environment variable](/development/variables/use-variables.md#use-provided-variables) | - -If your application isn't listening at the same place that the runtime is sending requests, -you see `502 Bad Gateway` errors when you try to connect to your website. - -### Locations - -Each key in the `locations` dictionary is a path on your site with a leading `/`. -For `example.com`, a `/` matches `example.com/` and `/admin` matches `example.com/admin`. -When multiple keys match an incoming request, the most-specific applies. - -The following table presents possible properties for each location: - -| Name | Type | Default | Description | -|---------------------|------------------------------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `root` | `string` | | The directory to serve static assets for this location relative to the [app's root directory](#root-directory). Must be an actual directory inside the root directory. | -| `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | -| `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | -| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a the header. | -| `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | -| `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | -| `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | -| `request_buffering` | A [request buffering dictionary](#request-buffering) | See below | Handling for chunked requests. | -| `rules` | A [rules dictionary](#rules) | | Specific overrides for specific locations. | - -#### Rules - -The rules dictionary can override most other keys according to a regular expression. -The key of each item is a regular expression to match paths exactly. -If an incoming request matches the rule, it's handled by the properties under the rule, -overriding any conflicting rules from the rest of the `locations` dictionary. - -Under `rules`, you can set all the other possible [`locations` properties](#locations) -except `root`, `index`, `rules` and `request_buffering`. - -In the following example, the `allow` key disallows requests for static files anywhere in the site. -This is overridden by a rule that explicitly allows common image file formats. - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - web: - locations: - '/': - # Handle dynamic requests - root: 'public' - passthru: '/index.php' - # Disallow static files - allow: false - rules: - # Allow common image files only. - '\.(jpe?g|png|gif|svgz?|css|js|map|ico|bmp|eot|woff2?|otf|ttf)$': - allow: true -``` - -#### Request buffering - -Request buffering is enabled by default to handle chunked requests as most app servers don't support them. -The following table shows the keys in the `request_buffering` dictionary: -| Name | Type | Required | Default | Description | -|--------------------|-----------|----------|---------|-------------------------------------------| -| `enabled` | `boolean` | Yes | `true` | Whether request buffering is enabled. | -| `max_request_size` | `string` | | `250m` | The maximum size to allow in one request. | - -The default configuration would look like this: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - web: - locations: - '/': - passthru: true - request_buffering: - enabled: true - max_request_size: 250m -``` - - -## Workers - -Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](#hooks). -They use the same container image. - -Workers can't accept public requests and so are suitable only for background tasks. -If they exit, they're automatically restarted. - -The keys of the `workers` definition are the names of the workers. -You can then define how each worker differs from the `web` instance using -the [top-level properties](#primary-application-properties). - -Each worker can differ from the `web` instance in all properties _except_ for: - -- `build` and `dependencies` properties, which must be the same -- `crons` as cron jobs don't run on workers -- `hooks` as the `build` hook must be the same - and the `deploy` and `post_deploy` hooks don't run on workers. - -A worker named `queue` that was small and had a different start command could look like this: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - workers: - queue: - commands: - start: | - ./worker.sh -``` - -Workers require resource definition using `{{% vendor/cli %}} resources:set`, same as application containers. -For more information, see how to [manage resources](/manage-resources.md). - - -## Access - -The `access` dictionary has one allowed key: - -| Name | Allowed values | Default | Description | -|-------|-------------------------------------|---------------|-----------------------------------------------------------------------| -| `ssh` | `admin`, `contributor`, or `viewer` | `contributor` | Defines the minimum role required to access app environments via SSH. | - -In the following example, only users with `admin` permissions for the -given [environment type](/administration/users.md#environment-type-roles) -can access the deployed environment via SSH: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - access: - ssh: admin -``` - - -## Variables - -{{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). -Variables set in your app configuration have the lowest precedence, -meaning they're overridden by any conflicting values provided elsewhere. - -All variables set in your app configuration must have a prefix. -Some [prefixes have specific meanings](/development/variables/_index.md#variable-prefixes). - -Variables with the prefix `env` are available as a separate environment variable. -All other variables are available in -the [`PLATFORM_VARIABLES` environment variable](/development/variables/use-variables.md#use-provided-variables). - -The following example sets two variables: - -- A variable named `env:AUTHOR` with the value `Juan` that's available in the environment as `AUTHOR` -- A variable named `d8config:system.site:name` with the value `My site rocks` - that's available in the `PLATFORM_VARIABLES` environment variable - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - variables: - env: - AUTHOR: 'Juan' - d8config: - "system.site:name": 'My site rocks' -``` - -You can also define and access more [complex values](/development/variables/use-variables.md#access-complex-values). - - -## Firewall - -{{< premium-features/tiered "Elite and Enterprise" >}} - -Set limits in outbound traffic from your app with no impact on inbound requests. - -The `outbound` key is required and contains one or more rules. -The rules define what traffic is allowed; anything unspecified is blocked. - -Each rule has the following properties where at least one is required and `ips` and `domains` can't be specified -together: - -| Name | Type | Default | Description | -|-----------|---------------------|-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `ips` | Array of `string`s | `["0.0.0.0/0"]` | IP addresses in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). See a [CIDR format converter](https://www.ipaddressguide.com/cidr). | -| `domains` | Array of `string`s | | [Fully qualified domain names](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) to specify specific destinations by hostname. | -| `ports` | Array of `integer`s | | Ports from 1 to 65535 that are allowed. If any ports are specified, all unspecified ports are blocked. If no ports are specified, all ports are allowed. Port `25`, the SMTP port for sending email, is always blocked. | - -The default settings would look like this: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - firewall: - outbound: - - ips: [ "0.0.0.0/0" ] -``` - -### Support for rules - -Where outbound rules for firewalls are supported in all environments. - -### Multiple rules - -Multiple firewall rules can be specified. -In such cases, a given outbound request is allowed if it matches _any_ of the defined rules. - -So in the following example requests to any IP on port 80 are allowed -and requests to 1.2.3.4 on either port 80 or 443 are allowed: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - firewall: - outbound: - - ips: [ "1.2.3.4/32" ] - ports: [ 443 ] - - ports: [ 80 ] -``` - -### Outbound traffic to CDNs - -Be aware that many services are behind a content delivery network (CDN). -For most CDNs, routing is done via domain name, not IP address, -so thousands of domain names may share the same public IP addresses at the CDN. -If you allow the IP address of a CDN, you are usually allowing many or all of the other customers hosted behind that -CDN. - -### Outbound traffic by domain - -You can filter outbound traffic by domain. -Using domains in your rules rather than IP addresses is generally more specific and secure. -For example, if you use an IP address for a service with a CDN, -you have to allow the IP address for the CDN. -This means that you allow potentially hundreds or thousands of other servers also using the CDN. - -An example rule filtering by domain: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'python:{{% latest "python" %}}' - firewall: - outbound: - - protocol: tcp - domains: [ "api.stripe.com", "api.twilio.com" ] - ports: [ 80, 443 ] - - protocol: tcp - ips: [ "1.2.3.4/29","2.3.4.5" ] - ports: [ 22 ] -``` - -#### Determine which domains to allow - -To determine which domains to include in your filtering rules, -find the domains your site has requested the DNS to resolve. -Run the following command to parse your server’s `dns.log` file -and display all Fully Qualified Domain Names that have been requested: - -```bash -awk '/query\[[^P]\]/ { print $6 | "sort -u" }' /var/log/dns.log -``` - -The output includes all DNS requests that were made, including those blocked by your filtering rules. -It doesn't include any requests made using an IP address. - -Example output: - -```bash -facebook.com -fastly.com -upsun.com -www.google.com -www.upsun.com -``` - -## Build +## `build` {#build} The only property of the `build` dictionary is `flavor`, which specifies a default set of build tasks to run. Flavors are language-specific. @@ -1016,7 +175,7 @@ applications: flavor: none ``` -## Dependencies +## `dependencies` {#dependencies} Installs global dependencies as part of the build process. They're independent of your app's dependencies @@ -1055,296 +214,8 @@ applications: nodejs: # Specify one NPM package per line. pm2: '^4.5.0' ``` - -## Hooks - -There are three different hooks that run as part of the process of building and deploying your app. -These are places where you can run custom scripts. -They are: the `build` hook, the `deploy` hook, and the `post_deploy` hook. -Only the `build` hook is run for [worker instances](#workers), while [web instances](#web) run all three. - -The process is ordered as: - -1. Variables accessible at build time become available. -1. [Build flavor](#build) runs if applicable. -1. Any [dependencies](#dependencies) are installed. -1. The `build` hook is run. -1. The file system is changed to read only (except for any [mounts](#mounts)). -1. The app container starts. Variables accessible at runtime and services become available. -1. The `deploy` hook is run. -1. The app container begins accepting requests. -1. The `post_deploy` hook is run. - -Note that if an environment changes by no code changes, only the last step is run. -If you want the entire process to run, see how -to [manually trigger builds](/development/troubleshoot.md#manually-trigger-builds). - -### Writable directories during build - -During the `build` hook, there are three writeable directories: - -- `PLATFORM_APP_DIR`: - Where your code is checked out and the working directory when the `build` hook starts. - Becomes the app that gets deployed. -- `PLATFORM_CACHE_DIR`: - Persists between builds, but isn't deployed. - Shared by all builds on all branches. -- `/tmp`: - Isn't deployed and is wiped between each build. - Note that `PLATFORM_CACHE_DIR` is mapped to `/tmp` - and together they offer about 8GB of free space. - -### Hook failure - -Each hook is executed as a single script, so they're considered to have failed only if the final command in them fails. -To cause them to fail on the first failed command, add `set -e` to the beginning of the hook. - -If a `build` hook fails for any reason, the build is aborted and the deploy doesn't happen. -Note that this only works for `build` hooks -- -if other hooks fail, the app is still deployed. - -#### Automated testing - -It’s preferable that you set up and run automated tests in a dedicated CI/CD tool. -Relying on {{% vendor/name %}} hooks for such tasks can prove difficult. - -During the `build` hook, you can halt the deployment on a test failure but the following limitations apply: - -- Access to services such as databases, Redis, Vault KMS, and even writable mounts is disabled. - So any testing that relies on it is sure to fail. -- If you haven’t made changes to your app, an existing build image is reused and the build hook isn’t run. -- Test results are written into your app container, so they might get exposed to a third party. - -During the `deploy` hook, you can access services but **you can’t halt the deployment based on a test failure**. -Note that there are other downsides: - -- Your app container is read-only during the deploy hook, - so if your tests need to write reports and other information, you need to create a file mount for them. -- Your app can only be deployed once the deploy hook has been completed. - Therefore, running automated testing via the deploy hook generates slower deployments. -- Your environment isn’t available externally during the deploy hook. - Unit and integration testing might work without the environment being available, - but you can’t typically perform end-to-end testing until after the environment is up and available. - - -## Crons - -The keys of the `crons` definition are the names of the cron jobs. -The names must be unique. - -If an application defines both a `web` instance and `worker` instances, cron jobs run only on the `web` instance. - -See how to [get cron logs](/increase-observability/logs/access-logs.md#container-logs). - -The following table shows the properties for each job: - -| Name | Type | Required | Description | -|--------------------|----------------------------------------------|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time. | -| `commands` | A [cron commands dictionary](#cron-commands) | Yes | A definition of what commands to run when starting and stopping the cron job. | -| `shutdown_timeout` | `integer` | No | When a cron is canceled, this represents the number of seconds after which a `SIGKILL` signal is sent to the process to force terminate it. The default is `10` seconds. | -| `timeout` | `integer` | No | The maximum amount of time a cron can run before it's terminated. Defaults to the maximum allowed value of `86400` seconds (24 hours). | - -Note that you can [cancel pending or running crons](/environments/cancel-activity.md). - -### Cron commands - -| Name | Type | Required | Description | -|---------|----------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `start` | `string` | Yes | The command that's run. It's run in [Dash](https://en.wikipedia.org/wiki/Almquist_shell). | -| `stop` | `string` | No | The command that's issued to give the cron command a chance to shutdown gracefully, such as to finish an active item in a list of tasks. Issued when a cron task is interrupted by a user through the CLI or Console. If not specified, a `SIGTERM` signal is sent to the process. | - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'nodejs:{{% latest "nodejs" %}}' - crons: - mycommand: - spec: 'H * * * *' - commands: - start: sleep 60 && echo sleep-60-finished && date - stop: killall sleep - shutdown_timeout: 18 -``` - -In this example configuration, the [cron specification](#crons) uses the `H` syntax. - -### Example cron jobs - - -{{< codetabs >}} - -+++ -title=Drupal -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'php:{{% latest "php" %}}' -crons: - # Run Drupal's cron tasks every 19 minutes. - drupal: - spec: '*/19 * * * *' - commands: - start: 'cd web ; drush core-cron' - # But also run pending queue tasks every 7 minutes. - # Use an odd number to avoid running at the same time as the `drupal` cron. - drush-queue: - spec: '*/7 * * * *' - commands: - start: 'cd web ; drush queue-run aggregator_feeds' - {{< /snippet >}} -``` - -<---> - -+++ -title=Ruby on Rails -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'ruby:{{% latest "ruby" %}}' -crons: - # Execute a rake script every 19 minutes. - ruby: - spec: '*/19 * * * *' - commands: - start: 'bundle exec rake some:task' - {{< /snippet >}} -``` - -<---> - -+++ -title=Laravel -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'php:{{% latest "php" %}}' -crons: - # Run Laravel's scheduler every 5 minutes. - scheduler: - spec: '*/5 * * * *' - commands: - start: 'php artisan schedule:run' - {{< /snippet >}} -``` - -<---> - -+++ -title=Symfony -+++ - -```yaml {configFile="app"} -{{< snippet name="myapp" config="app" root="/" >}} -type: 'php:{{% latest "php" %}}' -crons: - # Take a backup of the environment every day at 5:00 AM. - snapshot: - spec: 0 5 * * * - commands: - start: | - # Only run for the production environment, aka main branch - if [ "$PLATFORM_ENVIRONMENT_TYPE" = "production" ]; then - croncape symfony ... - fi - {{< /snippet >}} -``` - -{{< /codetabs >}} - - -### Conditional crons - -If you want to set up customized cron schedules depending on the environment type, -define conditional crons. -To do so, use a configuration similar to the following: - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'php:{{% latest "php" %}}' - crons: - update: - spec: '0 0 * * *' - commands: - start: | - if [ "$PLATFORM_ENVIRONMENT_TYPE" = production ]; then - {{% vendor/cli %}} backup:create --yes --no-wait - {{% vendor/cli %}} source-operation:run update --no-wait --yes - fi -``` - -### Cron job timing - -The minimum time between cron jobs being triggered is 5 minutes. - -For each app container, only one cron job can run at a time. -If a new job is triggered while another is running, the new job is paused until the other completes. - -To minimize conflicts, a random offset is applied to all triggers. -The offset is a random number of seconds up to 20 minutes or the cron frequency, whichever is smaller. - -Crons are also paused while activities such as [backups](/environments/backup.md) are running. -The crons are queued to run after the other activity finishes. - -To run cron jobs in a timezone other than UTC, set the [timezone property](#primary-application-properties). - -### Paused crons - -[Preview environments](/glossary.md#preview-environment) are often used for a limited time and then abandoned. -While it's useful for environments under active development to have scheduled tasks, -unused environments don't need to run cron jobs. -To minimize unnecessary resource use, -crons on environments with no deployments are paused. - -This affects all preview environments, _and_ production environment that do not yet have a domain attached to them. - -Such environments with deployments within 14 days have crons with the status `running`. -If there haven't been any deployments within 14 days, the status is `paused`. - -You can see the status in the Console -or using the CLI by running `{{% vendor/cli %}} environment:info` and looking under `deployment_state`. - -#### Restarting paused crons - -If the crons on your preview environment are paused but you're still using them, -you can push changes to the environment or redeploy it. - -To restart crons without changing anything: - -{{< codetabs >}} - -+++ -title=In the Console -+++ - -1. In the Console, navigate to your project. -1. Open the environment where you'd like the crons to run. -1. Click `Redeploy` next to the cron status of `Paused`. - -<---> - -+++ -title=Using the CLI -+++ - -Run the following command: - -```bash -{{% vendor/cli %}} redeploy -``` -{{< /codetabs >}} - -## Runtime +## `runtime` {#runtime} The following table presents the various possible modifications to your PHP runtime: @@ -1409,50 +280,4 @@ The following table shows the properties that can be set in `sizing_hints`: | `reserved_memory` | `integer` | 70 | 70 | The amount of memory reserved in MB. | See more about [PHP-FPM workers and sizing](/languages/php/fpm.md). - -## Source - -The following table shows the properties that can be set in `source`: - -| Name | Type | Required | Description | -|--------------|--------------------------|----------|-----------------------------------------------------------------------------------------------------------------------------------| -| `operations` | An operations dictionary | | Operations that can be applied to the source code. See [source operations](../source-operations.md) | -| `root` | `string` | | The path where the app code lives. Defaults to the root project directory. Useful for [multi-app setups](../multi-app/_index.md). | - - -## Container profile - -By default, {{% vendor/name %}} allocates a container profile to each app and service depending on the range of resources it’s -expected to need. - -Each container profile gives you access to a specific list of CPU and RAM combinations. -Using the {{% vendor/name %}} CLI or Console, you can then pick a CPU and RAM combination for each of your apps and services. - -- [Container profile types and resources](/manage-resources/adjust-resources.md#advanced-container-profiles) -- [Default container profiles](/manage-resources/adjust-resources.md#default-container-profiles) for runtime and service - containers -- [Customize resources using the `container_profile` key](/manage-resources/adjust-resources.md#adjust-a-container-profile) - - -## Additional hosts - -If you're using a private network with specific IP addresses you need to connect to, -you might want to map those addresses to hostnames to better remember and organize them. -In such cases, you can add a map of those IP addresses to whatever hostnames you like. -Then when your app tries to access the hostname, it's sent to the proper IP address. - -So in the following example, if your app tries to access `api.example.com`, it's sent to `192.0.2.23`. - -```yaml {configFile="app"} -applications: - myapp: - source: - root: "/" - type: 'php:{{% latest "php" %}}' - additional_hosts: - api.example.com: "192.0.2.23" - web.example.com: "203.0.113.42" -``` -This is equivalent to adding the mapping to the `/etc/hosts` file for the container. - \ No newline at end of file From 0e58480139698f16ff7e755e16989bb47066c8c1 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 06:15:18 -0400 Subject: [PATCH 38/48] upsun: update links to point to new properties files --- sites/upsun/src/administration/users.md | 2 +- sites/upsun/src/create-apps/runtime-operations.md | 2 +- sites/upsun/src/create-apps/source-operations.md | 2 +- sites/upsun/src/create-apps/workers.md | 6 +++--- sites/upsun/src/development/troubleshoot.md | 2 +- sites/upsun/src/environments/backup.md | 2 +- sites/upsun/src/get-started/stacks/laravel/crons.md | 2 +- sites/upsun/src/increase-observability/logs/access-logs.md | 2 +- sites/upsun/src/integrations/activity/reference.md | 4 ++-- sites/upsun/src/languages/php/_index.md | 2 +- sites/upsun/src/projects/change-project-timezone.md | 2 +- 11 files changed, 14 insertions(+), 14 deletions(-) diff --git a/sites/upsun/src/administration/users.md b/sites/upsun/src/administration/users.md index a965faf161..3a6ee73d18 100644 --- a/sites/upsun/src/administration/users.md +++ b/sites/upsun/src/administration/users.md @@ -48,7 +48,7 @@ A user can have one of the following roles on an environment type which grants t | Contributor | Yes | No | Yes | Yes | Yes | No | No | | Viewer | Yes | No | No | Yes | No | No | No | -To customize which roles can use SSH, set [`access` in your app configuration](/create-apps/app-reference/single-runtime-image.md#access). +To customize which roles can use SSH, set [`access` in your app configuration](/create-apps/image-properties/access.md). ### View a user's permissions across all of the projects in your organization diff --git a/sites/upsun/src/create-apps/runtime-operations.md b/sites/upsun/src/create-apps/runtime-operations.md index 7dfacf8ddc..aaea6a2512 100644 --- a/sites/upsun/src/create-apps/runtime-operations.md +++ b/sites/upsun/src/create-apps/runtime-operations.md @@ -5,7 +5,7 @@ weight: 6 --- Runtime operations allow you to trigger one-off commands or scripts on your project. -Similar to [crons](/create-apps/app-reference/single-runtime-image.md#crons), they run in the app container but not on a specific schedule. +Similar to [crons](/create-apps/image-properties/crons.md), they run in the app container but not on a specific schedule. You can [define runtime operations](#define-a-runtime-operation) in your [app configuration](/create-apps/app-reference/single-runtime-image.md) and [trigger them](#run-a-runtime-operation) at any time through the {{% vendor/name %}} CLI. diff --git a/sites/upsun/src/create-apps/source-operations.md b/sites/upsun/src/create-apps/source-operations.md index aaf5f8ad99..a5750a7cc1 100644 --- a/sites/upsun/src/create-apps/source-operations.md +++ b/sites/upsun/src/create-apps/source-operations.md @@ -26,7 +26,7 @@ or [revert to the last commit](#revert-to-the-last-commit) pushed to your Git re To run your source operations, you can use the [{{% vendor/name %}} CLI](../administration/cli/_index.md) or the [Console](https://console.platform.sh). If you want to run your source operations and update your code automatically, -you can also define [cron jobs](/create-apps/app-reference/single-runtime-image.md#crons). +you can also define [cron jobs](/create-apps/image-properties/crons.md). ## How source operations work diff --git a/sites/upsun/src/create-apps/workers.md b/sites/upsun/src/create-apps/workers.md index 6084d55ade..35647c65ae 100644 --- a/sites/upsun/src/create-apps/workers.md +++ b/sites/upsun/src/create-apps/workers.md @@ -70,13 +70,13 @@ The `start` key specifies the command to use to launch your worker application. It may be any valid shell command, although most often it runs a command in your application in the language of your application. If the command specified by the `start` key terminates, it's restarted automatically. -Note that [`deploy` and `post_deploy` hooks](/create-apps/hooks/_index.md) as well as [`cron` commands](/create-apps/app-reference/single-runtime-image.md#crons) +Note that [`deploy` and `post_deploy` hooks](/create-apps/hooks/_index.md) as well as [`cron` commands](/create-apps/image-properties/crons.md) run only on the [`web`](/create-apps/app-reference/single-runtime-image.md#web) container, not on workers. ## Inheritance -Any top-level definitions for [`relationships`](/create-apps/app-reference/single-runtime-image.md#relationships), -[`access`](/create-apps/app-reference/single-runtime-image.md#access), [`mount`](/create-apps/app-reference/single-runtime-image.md#mounts), and [`variables`](/create-apps/app-reference/single-runtime-image.md#variables) +Any top-level definitions for [`relationships`](/create-apps/image-properties/relationships.md), +[`access`](/create-apps/image-properties/access.md), [`mounts`](/create-apps/image-properties/mounts.md), and [`variables`](/create-apps/image-properties/variables.md) are inherited by every worker, unless overridden explicitly. Likewise [resources defined for the application container](/manage-resources/_index.md) are inherited by every worker, unless overridden explicitly. diff --git a/sites/upsun/src/development/troubleshoot.md b/sites/upsun/src/development/troubleshoot.md index a77b5075e1..4ce10cffbb 100644 --- a/sites/upsun/src/development/troubleshoot.md +++ b/sites/upsun/src/development/troubleshoot.md @@ -348,7 +348,7 @@ strace -T {{< variable "YOUR_HOOK_COMMAND" >}} # Print a system call report ### Cron jobs -Containers can't be shutdown while long-running [cron jobs and scheduled tasks](/create-apps/app-reference/single-runtime-image.md#crons) are active. +Containers can't be shutdown while long-running [cron jobs and scheduled tasks](/create-apps/image-properties/crons.md) are active. That means long-running cron jobs block a container from being shut down to make way for a new deploy. Make sure your custom cron jobs run quickly and properly. diff --git a/sites/upsun/src/environments/backup.md b/sites/upsun/src/environments/backup.md index c73ee1646e..5ea7f85aae 100644 --- a/sites/upsun/src/environments/backup.md +++ b/sites/upsun/src/environments/backup.md @@ -243,7 +243,7 @@ See more information on [backup policies](#backup-policy) and [data retention](# ### Automate manual backups -You can also automate the process of creating manual backups through [cron jobs](/create-apps/app-reference/single-runtime-image.md#crons). +You can also automate the process of creating manual backups through [cron jobs](/create-apps/image-properties/crons.md). The cron job uses the CLI command to back up the environment. It requires you to [set up the CLI on the environment with an API token](../administration/cli/api-tokens.md#authenticate-in-an-environment). diff --git a/sites/upsun/src/get-started/stacks/laravel/crons.md b/sites/upsun/src/get-started/stacks/laravel/crons.md index 2333d802f5..1ca3a06034 100644 --- a/sites/upsun/src/get-started/stacks/laravel/crons.md +++ b/sites/upsun/src/get-started/stacks/laravel/crons.md @@ -50,7 +50,7 @@ applications: ## Run the Laravel scheduler every minute Cron job execution on the default {{< vendor/name >}} offering are limited to once every 5 minutes. -For more information, see the [documentation on crons](/create-apps/app-reference/single-runtime-image.md#crons). +For more information, see the [documentation on crons](/create-apps/image-properties/crons.md). However, you can add a [worker](/create-apps/app-reference/single-runtime-image.md#workers) and specify a start command that [runs the scheduler every minute](https://laravel.com/docs/11.x/scheduling#running-the-scheduler-locally). diff --git a/sites/upsun/src/increase-observability/logs/access-logs.md b/sites/upsun/src/increase-observability/logs/access-logs.md index e63772b670..ed3649ee31 100644 --- a/sites/upsun/src/increase-observability/logs/access-logs.md +++ b/sites/upsun/src/increase-observability/logs/access-logs.md @@ -120,7 +120,7 @@ title=Using SSH directly {{< /codetabs >}} All log files are trimmed to 100 MB automatically. -If you need larger logs, set up a [cron job](/create-apps/app-reference/single-runtime-image.md#crons) to upload them to third-party storage. +If you need larger logs, set up a [cron job](/create-apps/image-properties/crons.md) to upload them to third-party storage. See an example of [uploading logs to Amazon S3](https://gitlab.com/contextualcode/platformsh-store-logs-at-s3) from Contextual Code. ### Types of container logs diff --git a/sites/upsun/src/integrations/activity/reference.md b/sites/upsun/src/integrations/activity/reference.md index 03159f97c3..52366a794c 100644 --- a/sites/upsun/src/integrations/activity/reference.md +++ b/sites/upsun/src/integrations/activity/reference.md @@ -123,7 +123,7 @@ The following table presents the possible activity types: | `environment.backup.delete` | A user deleted a [backup](/environments/backup.md). | | `environment.branch` | A [new branch](/environments.md#create-environments) has been created via the CLI, Console, or API. A branch created via Git shows up as `environment.push`. | | `environment.certificate.renewal` | An environment's SSL certificate has been [renewed](/define-routes/https.md#certificate-renewals). | -| `environment.cron` | A [cron job](/create-apps/app-reference/single-runtime-image.md#crons) has completed. | +| `environment.cron` | A [cron job](/create-apps/image-properties/crons.md) has completed. | | `environment.deactivate` | An environment has been made [inactive](/glossary.md#inactive-environment). | | `environment.delete` | An environment's code was deleted through Git. | | `environment.domain.create` | A new [domain](administration/web/configure-project.md#domains) has been associated with the environment. | @@ -330,7 +330,7 @@ To test responses, [set up a webhook](/integrations/activity/webhooks.md#setup). ### Cron -When a cron job is triggered, the activity contains all the [job's information](/create-apps/app-reference/single-runtime-image.md#crons). +When a cron job is triggered, the activity contains all the [job's information](/create-apps/image-properties/crons.md). The following example response was triggered by a setting where the cron is scheduled to run every five minutes (`5 * * * *`) with the command `sleep 60 && echo sleep-60-finished && date` and times out after 86,400 seconds. diff --git a/sites/upsun/src/languages/php/_index.md b/sites/upsun/src/languages/php/_index.md index c36b96b6a4..a281ec35d0 100644 --- a/sites/upsun/src/languages/php/_index.md +++ b/sites/upsun/src/languages/php/_index.md @@ -495,7 +495,7 @@ Common functions to disable include: PHP has two execution modes you can choose from: - The command line interface mode (PHP-CLI) is the mode used for command line scripts and standalone apps. - This is the mode used when you're logged into your container via SSH, for [crons](/create-apps/app-reference/single-runtime-image.md#crons), + This is the mode used when you're logged into your container via SSH, for [crons](/create-apps/image-properties/crons.md), and usually also for [alternate start commands](#alternate-start-commands). To use PHP-CLI, run your script with `php {{}}`, where {{}} is a file path relative to the [app root](/create-apps/app-reference/single-runtime-image.md#root-directory). diff --git a/sites/upsun/src/projects/change-project-timezone.md b/sites/upsun/src/projects/change-project-timezone.md index 0a05a4316b..d54a3d7cab 100644 --- a/sites/upsun/src/projects/change-project-timezone.md +++ b/sites/upsun/src/projects/change-project-timezone.md @@ -8,7 +8,7 @@ The project timezone affects [automated backups](../environments/backup.md). The project timezone doesn't affect: - [App runtime](/create-apps/timezone.md). -- [Cron jobs](/create-apps/app-reference/single-runtime-image.md#crons). +- [Cron jobs](/create-apps/image-properties/crons.md). - [System logs](/increase-observability/logs/_index.md). UTC is the default timezone for all logs. To change the timezone for a project, follow these steps: From 7e9d0d31efaa15cb378f2a05a4263105079681bd Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Thu, 31 Jul 2025 06:16:02 -0400 Subject: [PATCH 39/48] upsun: app-reference initial outline - decision criteria --- .../src/create-apps/app-reference/_index.md | 49 +++++++++++++++++-- 1 file changed, 45 insertions(+), 4 deletions(-) diff --git a/sites/upsun/src/create-apps/app-reference/_index.md b/sites/upsun/src/create-apps/app-reference/_index.md index c3707742a7..b9a8580a1b 100644 --- a/sites/upsun/src/create-apps/app-reference/_index.md +++ b/sites/upsun/src/create-apps/app-reference/_index.md @@ -1,13 +1,49 @@ --- -title: "App reference" -weight: 4 +title: "Choose an image type" +weight: -19 description: Configure your app and control how it's built and deployed on {{% vendor/name %}}. layout: single --- + + +An _image_ represents the configuration for the container that contains the application (or service) that you want to deploy. + + To define your app, you can either use one of {{% vendor/name %}}'s [single-runtime image](/create-apps/app-reference/single-runtime-image.md) or its [composable image (BETA)](/create-apps/app-reference/composable-image.md). +The single-runtime image type has the following characteristics: +- Can contain only a single runtime +- Requires more manual configuration the composable images, but are more flexible +- Initial build takes +- `type` defines your image version (for example, `php:8.4`) +- You can move to a composable image later, if your application needs change + +The composable image type has the following characteristics: +- Can contain multiple runtimes +- Requires less manual configuration than single-runtime images and offers more flexibility in other ways +- Initial build and rebuilds and can take a long time, but caching increases the speed +- `type` defines your Nix channel +- Can be used for applications only, not services + + + + ## Single-runtime image {{% vendor/name %}} provides and maintains a list of single-runtime images you can use for each of your application containers.
@@ -15,8 +51,13 @@ See [all of the options you can use](/create-apps/app-reference/single-runtime-i ## Composable image (BETA) -The {{% vendor/name %}} composable image provides more flexibility than single-runtime images. -When using a composable image, you can define a stack (or group of packages) for your application container to use. +The {{% vendor/name %}} composable image provides more flexibility than single-runtime images. This image type enables you to define or "compose" the stack (or group of packages) to include in the container that runs your application. + +Composable images can be used for applications only, not for services. This image type enables you to install multiple runtimes (such as PHP, Ruby, and so on) as well aXXX in your application container. + + There are over 120,000 packages available from the [Nix Packages collection](https://search.nixos.org/) that you can add to your stack. You can add as many packages to your application container as you need. From 9a2ea495def9ec216cae028bf2ce595ba1c05085 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Fri, 22 Aug 2025 14:49:14 -0400 Subject: [PATCH 40/48] formatting --- sites/platform/src/create-apps/image-properties/crons.md | 2 +- sites/platform/src/create-apps/image-properties/web.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sites/platform/src/create-apps/image-properties/crons.md b/sites/platform/src/create-apps/image-properties/crons.md index 6ff1d93da1..9a47222bbc 100644 --- a/sites/platform/src/create-apps/image-properties/crons.md +++ b/sites/platform/src/create-apps/image-properties/crons.md @@ -19,7 +19,7 @@ The following table shows the properties for each job: | Name | Type | Required | Description | | ------------------ | -------------------------------------------- | -------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, on **Grid or {{% names/dedicated-gen-3 %}}** projects use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time. **Single-runtime image**: The `H` syntax is available only on **Grid** projects, and not on **{{% names/dedicated-gen-2 %}} projects.** | +| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, on **Grid or {{% names/dedicated-gen-3 %}}** projects use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time.
**Single-runtime image**: The `H` syntax is available only on **Grid** projects, and not on **{{% names/dedicated-gen-2 %}} projects.** | | `commands` | A [cron commands dictionary](#cron-commands) | Yes | A definition of what commands to run when starting and stopping the cron job. | | `shutdown_timeout` | `integer` | No | When a cron is canceled, this represents the number of seconds after which a `SIGKILL` signal is sent to the process to force terminate it. The default is `10` seconds. | | `timeout` | `integer` | No | The maximum amount of time a cron can run before it's terminated. Defaults to the maximum allowed value of `86400` seconds (24 hours). diff --git a/sites/platform/src/create-apps/image-properties/web.md b/sites/platform/src/create-apps/image-properties/web.md index b56ad28a74..42f93ad28f 100644 --- a/sites/platform/src/create-apps/image-properties/web.md +++ b/sites/platform/src/create-apps/image-properties/web.md @@ -67,8 +67,8 @@ See how to set up [alternate start commands on PHP](/languages/php/_index.md#alt | Name | Type | Required | Description | Default | | --------------- |---------------------| -------- |-------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------| -| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | **Single-runtime image**: Defaults to `tcp` for all [image types](/create-apps/app-reference/single-runtime-image.md#types) except PHP; for PHP image types the default is `unix`. **Composable image**: Defaults to `tcp` for all [primary runtimes](/create-apps/app-reference/composable-image.md#primary-runtime) except PHP; for PHP the default is `unix`.| -| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | **Single-runtime image**: Default varies based on [image `type`](/create-apps/app-reference/single-runtime-image.md#types). **Composable image**: Default varies based on the [primary runtimes](/create-apps/app-reference/composable-image.md#primary-runtime). | +| `socket_family` | `tcp` or `unix` | | Whether your app listens on a Unix or TCP socket. | **Single-runtime image**: Defaults to `tcp` for all [image types](/create-apps/app-reference/single-runtime-image.md#types) except PHP; for PHP image types the default is `unix`.
**Composable image**: Defaults to `tcp` for all [primary runtimes](/create-apps/app-reference/composable-image.md#primary-runtime) except PHP; for PHP the default is `unix`.| +| `protocol` | `http` or `fastcgi` | | Whether your app receives incoming requests over HTTP or FastCGI. | **Single-runtime image**: Default varies based on [image `type`](/create-apps/app-reference/single-runtime-image.md#types).
**Composable image**: Default varies based on the [primary runtimes](/create-apps/app-reference/composable-image.md#primary-runtime). | For PHP, the defaults are configured for PHP-FPM and shouldn't need adjustment. For all other containers, the default for `protocol` is `http`. From 95c6cbe5069bc005b6486f3ef3fbc05c92f4939d Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Fri, 22 Aug 2025 18:00:11 -0400 Subject: [PATCH 41/48] minor edits and formatting --- sites/platform/src/create-apps/image-properties/source.md | 2 +- sites/platform/src/create-apps/image-properties/web.md | 2 +- sites/upsun/src/create-apps/image-properties/crons.md | 2 +- sites/upsun/src/create-apps/image-properties/web.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/sites/platform/src/create-apps/image-properties/source.md b/sites/platform/src/create-apps/image-properties/source.md index 0fb5ee9d23..b7c28194e3 100644 --- a/sites/platform/src/create-apps/image-properties/source.md +++ b/sites/platform/src/create-apps/image-properties/source.md @@ -14,4 +14,4 @@ The following table shows the properties that can be set in `source`: | Name | Type | Required | Description | | ------------ | ------------------------ | -------- |------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `operations` | An operations dictionary | | Operations that can be applied to the source code. See [source operations](/create-apps/source-operations.md). | -| `root` | `string` | | The path where the app code lives. Useful for [multi-app setups](/create-apps/multi-app/_index.md). **Single-runtime image**: Defaults to the directory of the `{{< vendor/configfile "app" >}}` file. **Composable image**: Defaults to the root project directory. | +| `root` | `string` | | The path where the app code lives. Useful for [multi-app setups](/create-apps/multi-app/_index.md).
**Single-runtime image**: Defaults to the directory of the `{{< vendor/configfile "app" >}}` file.
**Composable image**: Defaults to the root project directory. | diff --git a/sites/platform/src/create-apps/image-properties/web.md b/sites/platform/src/create-apps/image-properties/web.md index 42f93ad28f..5fa562eaaa 100644 --- a/sites/platform/src/create-apps/image-properties/web.md +++ b/sites/platform/src/create-apps/image-properties/web.md @@ -106,7 +106,7 @@ The following table presents possible properties for each location: | `root` | `string` | | The directory to serve static assets for this location relative to the app's root directory ([single-runtime image](/create-apps/app-reference/single-runtime-image.md#root-directory); [composable image](/create-apps/app-reference/composable-image.md#primary-runtime)). Must be an actual directory inside the root directory. | | `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | | `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | -| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. **Also, for single-runtime image only:** If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a the header. | +| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d.
**Additionally, for single-runtime image only:** If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a header. | | `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | | `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | | `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | diff --git a/sites/upsun/src/create-apps/image-properties/crons.md b/sites/upsun/src/create-apps/image-properties/crons.md index 2f8f20863d..87c00f1834 100644 --- a/sites/upsun/src/create-apps/image-properties/crons.md +++ b/sites/upsun/src/create-apps/image-properties/crons.md @@ -307,7 +307,7 @@ unused environments don't need to run cron jobs. To minimize unnecessary resource use, crons on environments with no deployments are paused. -This affects all preview environments, _and_ production environment that do not yet have a domain attached to them. +This affects all preview environments _and_ production environments that do not yet have a domain attached to them. Such environments with deployments within 14 days have crons with the status `running`. If there haven't been any deployments within 14 days, the status is `paused`. diff --git a/sites/upsun/src/create-apps/image-properties/web.md b/sites/upsun/src/create-apps/image-properties/web.md index 23b1a4e642..a9ff955175 100644 --- a/sites/upsun/src/create-apps/image-properties/web.md +++ b/sites/upsun/src/create-apps/image-properties/web.md @@ -201,7 +201,7 @@ title=Single-runtime image | `root` | `string` | | The directory to serve static assets for this location relative to the [app's root directory](/create-apps/app-reference/single-runtime-image.md#root-directory). Must be an actual directory inside the root directory. | | `passthru` | `boolean` or `string` | `false` | Whether to forward disallowed and missing resources from this location to the app. A string is a path with a leading `/` to the controller, such as `/index.php`.

If your app is in PHP, when setting `passthru` to `true`, you might want to set `scripts` to `false` for enhanced security. This prevents PHP scripts from being executed from the specified location. You might also want to set `allow` to `false` so that not only PHP scripts can't be executed, but their source code also can't be delivered. | | `index` | Array of `string`s or `null` | | Files to consider when serving a request for a directory. When set, requires access to the files through the `allow` or `rules` keys. | -| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a the header. | +| `expires` | `string` | `-1` | How long static assets are cached. The default means no caching. Setting it to a value enables the `Cache-Control` and `Expires` headers. Times can be suffixed with `ms` = milliseconds, `s` = seconds, `m` = minutes, `h` = hours, `d` = days, `w` = weeks, `M` = months/30d, or `y` = years/365d. If a `Cache-Control` appears on the `headers` configuration, `expires`, if set, will be ignored. Thus, make sure to set the `Cache-Control`'s `max-age` value when specifying a header. | | `allow` | `boolean` | `true` | Whether to allow serving files which don't match a rule. | | `scripts` | `boolean` | | Whether to allow scripts to run. Doesn't apply to paths specified in `passthru`. Meaningful only on PHP containers. | | `headers` | A headers dictionary | | Any additional headers to apply to static assets, mapping header names to values (see [Set custom headers on static content](/create-apps/web/custom-headers.html)). Responses from the app aren't affected. | From 8f494eea0ea25e174472d3981b3065701e7a3bfa Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Fri, 22 Aug 2025 18:51:05 -0400 Subject: [PATCH 42/48] Remove reference DG3 only from files under create-apps --- sites/platform/src/create-apps/image-properties/crons.md | 4 ++-- sites/platform/src/create-apps/multi-app/_index.md | 2 +- sites/platform/src/create-apps/multi-app/project-structure.md | 2 +- sites/platform/src/create-apps/multi-app/relationships.md | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sites/platform/src/create-apps/image-properties/crons.md b/sites/platform/src/create-apps/image-properties/crons.md index 9a47222bbc..a551867779 100644 --- a/sites/platform/src/create-apps/image-properties/crons.md +++ b/sites/platform/src/create-apps/image-properties/crons.md @@ -19,7 +19,7 @@ The following table shows the properties for each job: | Name | Type | Required | Description | | ------------------ | -------------------------------------------- | -------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, on **Grid or {{% names/dedicated-gen-3 %}}** projects use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time.
**Single-runtime image**: The `H` syntax is available only on **Grid** projects, and not on **{{% names/dedicated-gen-2 %}} projects.** | +| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, on **Grid** projects use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time.
**Single-runtime image**: The `H` syntax is available only on **Grid** projects, and not on **{{% names/dedicated-gen-2 %}} projects.** | | `commands` | A [cron commands dictionary](#cron-commands) | Yes | A definition of what commands to run when starting and stopping the cron job. | | `shutdown_timeout` | `integer` | No | When a cron is canceled, this represents the number of seconds after which a `SIGKILL` signal is sent to the process to force terminate it. The default is `10` seconds. | | `timeout` | `integer` | No | The maximum amount of time a cron can run before it's terminated. Defaults to the maximum allowed value of `86400` seconds (24 hours). @@ -52,7 +52,7 @@ crons: ``` In this example configuration, the crons [`spec`](#crons) uses the `H` syntax. -Note that this syntax is only supported on Grid and {{% names/dedicated-gen-3 %}} projects. +Note that this syntax is only supported on Grid projects. On {{% names/dedicated-gen-2 %}} projects, use the [standard cron syntax](https://en.wikipedia.org/wiki/Cron#Cron_expression). ### Single-runtime image: Example cron jobs diff --git a/sites/platform/src/create-apps/multi-app/_index.md b/sites/platform/src/create-apps/multi-app/_index.md index dc6ce6ab82..6ee2c5e39e 100644 --- a/sites/platform/src/create-apps/multi-app/_index.md +++ b/sites/platform/src/create-apps/multi-app/_index.md @@ -5,7 +5,7 @@ description: Create multiple apps within a single project, such as a CMS backend banner: title: Feature availability type: tiered-feature - body: This page applies to Grid and {{% names/dedicated-gen-3 %}} projects. To ensure you have enough resources to support multiple apps, you need at least a [{{< partial "plans/multiapp-plan-name" >}} plan](/administration/pricing/_index.md#multiple-apps-in-a-single-project). To set up multiple apps on {{% names/dedicated-gen-2 %}} environments, [contact Sales](https://platform.sh/contact/). + body: This page applies to Grid projects. To ensure you have enough resources to support multiple apps, you need at least a [{{< partial "plans/multiapp-plan-name" >}} plan](/administration/pricing/_index.md#multiple-apps-in-a-single-project). To set up multiple apps on {{% names/dedicated-gen-2 %}} environments, [contact Sales](https://platform.sh/contact/). weight: 8 --- diff --git a/sites/platform/src/create-apps/multi-app/project-structure.md b/sites/platform/src/create-apps/multi-app/project-structure.md index 1f35a4cca8..59404cd8e8 100644 --- a/sites/platform/src/create-apps/multi-app/project-structure.md +++ b/sites/platform/src/create-apps/multi-app/project-structure.md @@ -5,7 +5,7 @@ description: Explore possible code structures you can apply to your multiple app banner: title: Feature availability type: tiered-feature - body: This page applies to Grid and {{% names/dedicated-gen-3 %}} projects. To ensure you have enough resources to support multiple apps, you need at least a [{{< partial "plans/multiapp-plan-name" >}} plan](/administration/pricing/_index.md#multiple-apps-in-a-single-project). To set up multiple apps on {{% names/dedicated-gen-2 %}} environments, [contact Sales](https://platform.sh/contact/). + body: This page applies to Grid projects. To ensure you have enough resources to support multiple apps, you need at least a [{{< partial "plans/multiapp-plan-name" >}} plan](/administration/pricing/_index.md#multiple-apps-in-a-single-project). To set up multiple apps on {{% names/dedicated-gen-2 %}} environments, [contact Sales](https://platform.sh/contact/). --- How you structure a project with multiple apps depends on how your code is organized diff --git a/sites/platform/src/create-apps/multi-app/relationships.md b/sites/platform/src/create-apps/multi-app/relationships.md index f4e516ed12..36a68bccbd 100644 --- a/sites/platform/src/create-apps/multi-app/relationships.md +++ b/sites/platform/src/create-apps/multi-app/relationships.md @@ -6,7 +6,7 @@ description: Find out how relationships are managed between your apps. banner: title: Feature availability type: tiered-feature - body: This page applies to Grid and {{% names/dedicated-gen-3 %}} projects. To ensure you have enough resources to support multiple apps, you need at least a [{{< partial "plans/multiapp-plan-name" >}} plan](/administration/pricing/_index.md#multiple-apps-in-a-single-project). To set up multiple apps on {{% names/dedicated-gen-2 %}} environments, [contact Sales](https://platform.sh/contact/). + body: This page applies to Grid projects. To ensure you have enough resources to support multiple apps, you need at least a [{{< partial "plans/multiapp-plan-name" >}} plan](/administration/pricing/_index.md#multiple-apps-in-a-single-project). To set up multiple apps on {{% names/dedicated-gen-2 %}} environments, [contact Sales](https://platform.sh/contact/). --- When you set up a project containing multiple applications, From 31141d8285720d0f6dfac3c23025ddd855a7fca4 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Mon, 25 Aug 2025 11:15:23 -0400 Subject: [PATCH 43/48] Make the property Name the link, not the Type --- .../app-reference/composable-image.md | 30 ++++++++-------- .../app-reference/single-runtime-image.md | 34 +++++++++---------- .../app-reference/composable-image.md | 28 +++++++-------- .../app-reference/single-runtime-image.md | 34 +++++++++---------- 4 files changed, 63 insertions(+), 63 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/composable-image.md b/sites/platform/src/create-apps/app-reference/composable-image.md index 755d053e74..d47180c0d5 100644 --- a/sites/platform/src/create-apps/app-reference/composable-image.md +++ b/sites/platform/src/create-apps/app-reference/composable-image.md @@ -45,22 +45,22 @@ To override any part of a property, you have to provide the entire property. |--------------------|--------------------------------------------------------------------------|----------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `name` | `string` | Yes | No | A unique name for the app. Must be lowercase alphanumeric characters. Changing the name destroys data associated with the app. | | `type` | A type | Yes | No | [Defines the version of the Nix channel](#supported-nix-channels). Example: `type: "composable:25.05"` | -| `stack` | An array of [Nix packages](#stack) | Yes | No | A list of packages from the {{% vendor/name %}} collection of [supported runtimes](#supported-nix-packages) and/or from [Nixpkgs](https://search.nixos.org/packages). | -| `size` | A [size](/create-apps/image-properties/size.md) | | Yes | How much resources to devote to the app. Defaults to `AUTO` in production environments. | -| `relationships` | A dictionary of [relationships](/create-apps/image-properties/relationships.md) | | Yes | Connections to other services and apps. | -| `disk` | `integer` or `null` | | Yes | The size of the disk space for the app in [MB](/glossary/_index.md#mb). Minimum value is `128`. Defaults to `null`, meaning no disk is available. See the [`disk`](/create-apps/image-properties/disk.md) property details. | -| `mounts` | A dictionary of [mounts](/create-apps/image-properties/mounts.md) | | Yes | Directories that are writable even after the app is built. If set as a local source, `disk` is required. | -| `web` | A [web instance](/create-apps/image-properties/web.md) | | N/A | How the web application is served. | -| `workers` | A [worker instance](/create-apps/image-properties/workers.md) | | N/A | Alternate copies of the application to run as background processes. | +| [`stack`](#stack) | An array of Nix packages | Yes | No | A list of packages from the {{% vendor/name %}} collection of [supported runtimes](#supported-nix-packages) and/or from [Nixpkgs](https://search.nixos.org/packages). | +| [`size`](/create-apps/image-properties/size.md) | A size | | Yes | How much resources to devote to the app. Defaults to `AUTO` in production environments. | +| [`relationships`](/create-apps/image-properties/relationships.md) | A dictionary of relationships | | Yes | Connections to other services and apps. | +| [`disk`](/create-apps/image-properties/disk.md) | `integer` or `null` | | Yes | The size of the disk space for the app in [MB](/glossary/_index.md#mb). Minimum value is `128`. Defaults to `null`, meaning no disk is available. | +| [`mounts`](/create-apps/image-properties/mounts.md) | A dictionary of mounts | | Yes | Directories that are writable even after the app is built. If set as a local source, `disk` is required. | +| [`web`](/create-apps/image-properties/web.md) | A web instance | | N/A | How the web application is served. | +| [`workers`](/create-apps/image-properties/workers.md) | A worker instance | | N/A | Alternate copies of the application to run as background processes. | | `timezone` | `string` | | No | The timezone for crons to run. Format: a [TZ database name](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). Defaults to `UTC`, which is the timezone used for all logs no matter the value here. See also [app runtime timezones](/create-apps/timezone.md). | -| `access` | An [access dictionary](/create-apps/image-properties/access.md) | | Yes | Access control for roles accessing app environments. | -| `variables` | A [variables dictionary](/create-apps/image-properties/variables.md) | | Yes | Variables to control the environment. | -| `firewall` | A [firewall dictionary](/create-apps/image-properties/firewall.md) | | Yes | Outbound firewall rules for the application. | -| `hooks` | A [hooks dictionary](/create-apps/image-properties/hooks.md) | | No | What commands run at different stages in the build and deploy process. | -| `crons` | A [cron dictionary](/create-apps/image-properties/crons.md) | | No | Scheduled tasks for the app. | -| `source` | A [source dictionary](/create-apps/image-properties/source.md) | | No | Information on the app's source code and operations that can be run on it. | -| `additional_hosts` | An [additional hosts dictionary](/create-apps/image-properties/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | -| `operations` | A [dictionary of Runtime operations](/create-apps/runtime-operations.md) | | No | Runtime operations for the application. | +| [`access`](/create-apps/image-properties/access.md) | An access dictionary | | Yes | Access control for roles accessing app environments. | +| [`variables`](/create-apps/image-properties/variables.md) | A variables dictionary | | Yes | Variables to control the environment. | +| [`firewall`](/create-apps/image-properties/firewall.md) | A firewall dictionary | | Yes | Outbound firewall rules for the application. | +| [`hooks`](/create-apps/image-properties/hooks.md) | A hooks dictionary | | No | What commands run at different stages in the build and deploy process. | +| [`crons`](/create-apps/image-properties/crons.md) | A cron dictionary | | No | Scheduled tasks for the app. | +| [`source`](/create-apps/image-properties/source.md) | A source dictionary | | No | Information on the app's source code and operations that can be run on it. | +| [`additional_hosts`](/create-apps/image-properties/additional_hosts.md) | An additional hosts dictionary | | Yes | Maps of hostnames to IP addresses. | +| [`operations`](/create-apps/runtime-operations.md) | A dictionary of runtime operations | | No | Runtime operations for the application. | {{% note %}} The ``build``, ``dependencies``, and ``runtime`` keys are only supported when using a [single-runtime image](/create-apps/app-reference/single-runtime-image.md). diff --git a/sites/platform/src/create-apps/app-reference/single-runtime-image.md b/sites/platform/src/create-apps/app-reference/single-runtime-image.md index d83b69844a..6b634e5890 100644 --- a/sites/platform/src/create-apps/app-reference/single-runtime-image.md +++ b/sites/platform/src/create-apps/app-reference/single-runtime-image.md @@ -31,25 +31,25 @@ To override any part of a property, you have to provide the entire property. | Name | Type | Required | Set in instance? | Description | |--------------------|--------------------------------------------------------------------------|----------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `name` | `string` | Yes | No | A unique name for the app. Must be lowercase alphanumeric characters. Changing the name destroys data associated with the app. | -| `type` | A [type](#types) | Yes | No | The base image to use with a specific app language. Format: `runtime:version`. | -| `size` | A [size](/create-apps/image-properties/size.md) | | Yes | How much resources to devote to the app. Defaults to `AUTO` in production environments. | -| `relationships` | A dictionary of [relationships](/create-apps/image-properties/relationships.md) | | Yes | Connections to other services and apps. | +| [`type`](#types) | A type | Yes | No | The base image to use with a specific app language. Format: `runtime:version`. | +| [`size`](/create-apps/image-properties/size.md) | A size | | Yes | How much resources to devote to the app. Defaults to `AUTO` in production environments. | +| [`relationships`](/create-apps/image-properties/relationships.md) | A dictionary of relationships | | Yes | Connections to other services and apps. | | [`disk`](/create-apps/image-properties/disk.md) | `integer` or `null` | | Yes | The size of the disk space for the app in [MB](/glossary/_index.md#mb). Minimum value is `128`. Defaults to `null`, meaning no disk is available. See the [`disk`](/create-apps/image-properties/disk.md) property details. | -| `mounts` | A dictionary of [mounts](/create-apps/image-properties/mounts.md) | | Yes | Directories that are writable even after the app is built. If set as a local source, `disk` is required. | -| `web` | A [web instance](/create-apps/image-properties/web.md) | | N/A | How the web application is served. | -| `workers` | A [worker instance](/create-apps/image-properties/workers.md) | | N/A | Alternate copies of the application to run as background processes. | +| [`mounts`](/create-apps/image-properties/mounts.md) | A dictionary of mounts | | Yes | Directories that are writable even after the app is built. If set as a local source, `disk` is required. | +| [`web`](/create-apps/image-properties/web.md) | A web instance | | N/A | How the web application is served. | +| [`workers`](/create-apps/image-properties/workers.md) | A worker instance | | N/A | Alternate copies of the application to run as background processes. | | `timezone` | `string` | | No | The timezone for crons to run. Format: a [TZ database name](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). Defaults to `UTC`, which is the timezone used for all logs no matter the value here. See also [app runtime timezones](/create-apps/timezone.md) | -| `access` | An [access dictionary](/create-apps/image-properties/access.md) | | Yes | Access control for roles accessing app environments. | -| `variables` | A [variables dictionary](/create-apps/image-properties/variables.md) | | Yes | Variables to control the environment. | -| `firewall` | A [firewall dictionary](/create-apps/image-properties/firewall.md) | | Yes | Outbound firewall rules for the application. | -| `build` | A [build dictionary](#build) | | No | What happens when the app is built. | -| `dependencies` | A [dependencies dictionary](#dependencies) | | No | What global dependencies to install before the `build` hook is run. | -| `hooks` | A [hooks dictionary](/create-apps/image-properties/hooks.md) | | No | What commands run at different stages in the build and deploy process. | -| `crons` | A [cron dictionary](/create-apps/image-properties/crons.md) | | No | Scheduled tasks for the app. | -| `source` | A [source dictionary](/create-apps/image-properties/source.md) | | No | Information on the app's source code and operations that can be run on it. | -| `runtime` | A [runtime dictionary](#runtime) | | No | Customizations to your PHP runtime. | -| `additional_hosts` | An [additional hosts dictionary](/create-apps/image-properties/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | -| `operations` | A [dictionary of Runtime operations](/create-apps/runtime-operations.md) | | No | Runtime operations for the application. | +| [`access`](/create-apps/image-properties/access.md) | An access dictionary | | Yes | Access control for roles accessing app environments. | +| [`variables`](/create-apps/image-properties/variables.md) | A variables dictionary | | Yes | Variables to control the environment. | +| [`firewall`](/create-apps/image-properties/firewall.md) | A [firewall dictionary | | Yes | Outbound firewall rules for the application. | +| [`build`](#build) | A build dictionary | | No | What happens when the app is built. | +| [`dependencies`](#dependencies) | A dependencies dictionary | | No | What global dependencies to install before the `build` hook is run. | +| [`hooks`](/create-apps/image-properties/hooks.md) | A hooks dictionary | | No | What commands run at different stages in the build and deploy process. | +| [`crons`](/create-apps/image-properties/crons.md) | A cron dictionary | | No | Scheduled tasks for the app. | +| [`source`](/create-apps/image-properties/source.md) | A source dictionary | | No | Information on the app's source code and operations that can be run on it. | +| [`runtime`](#runtime) | A runtime dictionary | | No | Customizations to your PHP runtime. | +| [`additional_hosts`](/create-apps/image-properties/additional_hosts.md) | An additional hosts dictionary | | Yes | Maps of hostnames to IP addresses. | +| [`operations`](/create-apps/runtime-operations.md) | A dictionary of Runtime operations | | No | Runtime operations for the application. | ## Root directory Some of the properties you can define are relative to your app's root directory. diff --git a/sites/upsun/src/create-apps/app-reference/composable-image.md b/sites/upsun/src/create-apps/app-reference/composable-image.md index 3d02cca750..aeaf8f0925 100644 --- a/sites/upsun/src/create-apps/app-reference/composable-image.md +++ b/sites/upsun/src/create-apps/app-reference/composable-image.md @@ -65,21 +65,21 @@ To override any part of a property, you have to provide the entire property. | Name | Type | Required | Set in instance? | Description | |----------------------|------------------------------------------------------------------------------------------|----------|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `type` | A type | Yes | No | [Defines the version of the Nix channel](#supported-nix-channels). Example: `type: "composable:25.05"` | -| `stack` | An array of [Nix packages](#stack) | Yes | No | A list of packages from the {{% vendor/name %}} collection of [supported runtimes](#supported-nix-packages) and/or from [NixPkgs](https://search.nixos.org/packages). | -| `container_profile` | A [container profile](/create-apps/image-properties/container_profile.md) | | Yes | Container profile of the application. | -| `relationships` | A dictionary of [relationships](/create-apps/image-properties/relationships.md) | | Yes | Connections to other services and apps. | -| `mounts` | A dictionary of [mounts](/create-apps/image-properties/mounts.md) | | Yes | Directories that are writable even after the app is built. Allocated disk for mounts is defined with a separate resource configuration call using `{{% vendor/cli %}} resources:set`. | -| `web` | A [web instance](/create-apps/image-properties/web.md) | | N/A | How the web application is served. | -| `workers` | A [worker instance](/create-apps/image-properties/workers.md) | | N/A | Alternate copies of the application to run as background processes. | +| [`stack`](#stack) | An array of Nix packages | Yes | No | A list of packages from the {{% vendor/name %}} collection of [supported runtimes](#supported-nix-packages) and/or from [NixPkgs](https://search.nixos.org/packages). | +| [`container_profile`](/create-apps/image-properties/container_profile.md) | A container profile | | Yes | Container profile of the application. | +| [`relationships`](/create-apps/image-properties/relationships.md) | A dictionary of relationships | | Yes | Connections to other services and apps. | +| [`mounts`](/create-apps/image-properties/mounts.md) | A dictionary of mounts | | Yes | Directories that are writable even after the app is built. Allocated disk for mounts is defined with a separate resource configuration call using `{{% vendor/cli %}} resources:set`. | +|[`web`](/create-apps/image-properties/web.md) | A web instance | | N/A | How the web application is served. | +| [`workers`](/create-apps/image-properties/workers.md) | A worker instance | | N/A | Alternate copies of the application to run as background processes. | | `timezone` | `string` | | No | The timezone for crons to run. Format: a [TZ database name](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). Defaults to `UTC`, which is the timezone used for all logs no matter the value here. See also [app runtime timezones](../timezone.md). | -| `access` | An [access dictionary](/create-apps/image-properties/access.md) | | Yes | Access control for roles accessing app environments. | -| `variables` | A [variables dictionary](/create-apps/image-properties/variables.md) | | Yes | Variables to control the environment. | -| `firewall` | A [firewall dictionary](/create-apps/image-properties/firewall.md) | | Yes | Outbound firewall rules for the application. | -| `hooks` | A [hooks dictionary](/create-apps/image-properties/hooks.md) | | No | What commands run at different stages in the build and deploy process. | -| `crons` | A [cron dictionary](/create-apps/image-properties/crons.md) | | No | Scheduled tasks for the app. | -| `source` | A [source dictionary](/create-apps/image-properties/source.md) | | No | Information on the app's source code and operations that can be run on it. | -| `additional_hosts` | An [additional hosts dictionary](/create-apps/image-properties/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | -| `operations` | A [dictionary of Runtime operations](/create-apps/runtime-operations.md) | | No | Runtime operations for the application. | +| [`access`](/create-apps/image-properties/access.md) | An access dictionary | | Yes | Access control for roles accessing app environments. | +| [`variables`](/create-apps/image-properties/variables.md) | A variables dictionary | | Yes | Variables to control the environment. | +| [`firewall`](/create-apps/image-properties/firewall.md) | A firewall dictionary | | Yes | Outbound firewall rules for the application. | +| [`hooks`](/create-apps/image-properties/hooks.md) | A hooks dictionary | | No | What commands run at different stages in the build and deploy process. | +| [`crons`](/create-apps/image-properties/crons.md) | A cron dictionary | | No | Scheduled tasks for the app. | +| [`source`](/create-apps/image-properties/source.md) | A source dictionary | | No | Information on the app's source code and operations that can be run on it. | +| [`additional_hosts`](/create-apps/image-properties/additional_hosts.md) | An additional hosts dictionary | | Yes | Maps of hostnames to IP addresses. | +| [`operations`](/create-apps/runtime-operations.md) | A dictionary of runtime operations | | No | Runtime operations for the application. | {{% note %}} diff --git a/sites/upsun/src/create-apps/app-reference/single-runtime-image.md b/sites/upsun/src/create-apps/app-reference/single-runtime-image.md index d7fdfdb013..27dd83068b 100644 --- a/sites/upsun/src/create-apps/app-reference/single-runtime-image.md +++ b/sites/upsun/src/create-apps/app-reference/single-runtime-image.md @@ -43,24 +43,24 @@ To override any part of a property, you have to provide the entire property. | Name | Type | Required | Set in instance? | Description | |---------------------|--------------------------------------------------------------------------------------------|----------|------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `type` | A [type](#types) | Yes | No | The base image to use with a specific app language. Format: `runtime:version`. | -| `container_profile` | A [container profile](/create-apps/image-properties/container_profile.md) | | Yes | Container profile of the application. | -| `relationships` | A dictionary of [relationships](/create-apps/image-properties/relationships.md) | | Yes | Connections to other services and apps. | -| `mounts` | A dictionary of [mounts](/create-apps/image-properties/mounts.md) | | Yes | Directories that are writable even after the app is built. Allocated disk for mounts is defined with a separate resource configuration call using `{{% vendor/cli %}} resources:set`. | -| `web` | A [web instance](#web) | | N/A | How the web application is served. | -| `workers` | A [worker instance](/create-apps/image-properties/workers.md) | | N/A | Alternate copies of the application to run as background processes. | +| [`type`](#types) | A type | Yes | No | The base image to use with a specific app language. Format: `runtime:version`. | +| [`container_profile`](/create-apps/image-properties/container_profile.md) | A container profile | | Yes | Container profile of the application. | +| [`relationships`](/create-apps/image-properties/relationships.md) | A dictionary of relationships | | Yes | Connections to other services and apps. | +| [`mounts`](/create-apps/image-properties/mounts.md) | A dictionary of mounts | | Yes | Directories that are writable even after the app is built. Allocated disk for mounts is defined with a separate resource configuration call using `{{% vendor/cli %}} resources:set`. | +| [`web`](/create-apps/image-properties/web.md) | A web instance | | N/A | How the web application is served. | +| [`workers`](/create-apps/image-properties/workers.md) | A worker instance | | N/A | Alternate copies of the application to run as background processes. | | `timezone` | `string` | | No | The timezone for crons to run. Format: a [TZ database name](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). Defaults to `UTC`, which is the timezone used for all logs no matter the value here. See also [app runtime timezones](../timezone.md) | -| `access` | An [access dictionary](/create-apps/image-properties/access.md) | | Yes | Access control for roles accessing app environments. | -| `variables` | A [variables dictionary](/create-apps/image-properties/variables.md) | | Yes | Variables to control the environment. | -| `firewall` | A [firewall dictionary](/create-apps/image-properties/firewall.md) | | Yes | Outbound firewall rules for the application. | -| `build` | A [build dictionary](#build) | | No | What happens when the app is built. | -| `dependencies` | A [dependencies dictionary](#dependencies) | | No | What global dependencies to install before the `build` hook is run. | -| `hooks` | A [hooks dictionary](/create-apps/image-properties/hooks.md) | | No | What commands run at different stages in the build and deploy process. | -| `crons` | A [cron dictionary](/create-apps/image-properties/crons.md) | | No | Scheduled tasks for the app. | -| `source` | A [source dictionary](/create-apps/image-properties/source.md) | | No | Information on the app's source code and operations that can be run on it. | -| `runtime` | A [runtime dictionary](#runtime) | | No | Customizations to your PHP runtime. | -| `additional_hosts` | An [additional hosts dictionary](/create-apps/image-properties/additional_hosts.md) | | Yes | Maps of hostnames to IP addresses. | -| `operations` | A [dictionary of Runtime operations](/create-apps/runtime-operations.md) | | No | Runtime operations for the application. | +| [`access`](/create-apps/image-properties/access.md) | An access dictionary | | Yes | Access control for roles accessing app environments. | +| [`variables`](/create-apps/image-properties/variables.md) | A variables dictionary | | Yes | Variables to control the environment. | +| [`firewall`](/create-apps/image-properties/firewall.md) | A firewall dictionary | | Yes | Outbound firewall rules for the application. | +| [`build`](#build) | A build dictionary | | No | What happens when the app is built. | +| [`dependencies`](#dependencies) | A dependencies dictionary | | No | What global dependencies to install before the `build` hook is run. | +| [`hooks`](/create-apps/image-properties/hooks.md) | A hooks dictionary | | No | What commands run at different stages in the build and deploy process. | +| [`crons`](/create-apps/image-properties/crons.md) | A cron dictionary | | No | Scheduled tasks for the app. | +| [`source`](/create-apps/image-properties/source.md) | A source dictionary | | No | Information on the app's source code and operations that can be run on it. | +| [`runtime`](#runtime) | A runtime dictionary | | No | Customizations to your PHP runtime. | +| [`additional_hosts`](/create-apps/image-properties/additional_hosts.md) | An additional hosts dictionary | | Yes | Maps of hostnames to IP addresses. | +| [`operations`](/create-apps/runtime-operations.md) | A dictionary of runtime operations | | No | Runtime operations for the application. | ## Root directory From 52463990a653b7add027857cfb524c594e7709ce Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Mon, 25 Aug 2025 13:18:58 -0400 Subject: [PATCH 44/48] platform: move description to be first content in topic --- sites/platform/src/create-apps/image-properties/access.md | 3 ++- .../src/create-apps/image-properties/additional_hosts.md | 4 ++-- sites/platform/src/create-apps/image-properties/crons.md | 6 +++--- sites/platform/src/create-apps/image-properties/disk.md | 4 ++-- sites/platform/src/create-apps/image-properties/firewall.md | 4 ++-- sites/platform/src/create-apps/image-properties/hooks.md | 4 ++-- sites/platform/src/create-apps/image-properties/mounts.md | 4 ++-- .../src/create-apps/image-properties/relationships.md | 4 ++-- sites/platform/src/create-apps/image-properties/size.md | 6 ++++-- sites/platform/src/create-apps/image-properties/source.md | 4 ++-- .../platform/src/create-apps/image-properties/variables.md | 4 ++-- sites/platform/src/create-apps/image-properties/web.md | 4 ++-- sites/platform/src/create-apps/image-properties/workers.md | 4 ++-- 13 files changed, 29 insertions(+), 26 deletions(-) diff --git a/sites/platform/src/create-apps/image-properties/access.md b/sites/platform/src/create-apps/image-properties/access.md index d2b0e943a1..118e3c8d5d 100644 --- a/sites/platform/src/create-apps/image-properties/access.md +++ b/sites/platform/src/create-apps/image-properties/access.md @@ -4,9 +4,10 @@ weight: 4 description: An access dictionary that defines the access control for roles accessing app environments. --- +{{% description %}} + Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -{{% description %}} The `access` dictionary has one allowed key: diff --git a/sites/platform/src/create-apps/image-properties/additional_hosts.md b/sites/platform/src/create-apps/image-properties/additional_hosts.md index 9f03e5d01f..e73a6e6529 100644 --- a/sites/platform/src/create-apps/image-properties/additional_hosts.md +++ b/sites/platform/src/create-apps/image-properties/additional_hosts.md @@ -4,10 +4,10 @@ weight: 4 description: An additional hosts dictionary that maps hostnames to IP addresses. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + If you're using a private network with specific IP addresses you need to connect to, you might want to map those addresses to hostnames to better remember and organize them. In such cases, you can add a map of those IP addresses to whatever hostnames you like. diff --git a/sites/platform/src/create-apps/image-properties/crons.md b/sites/platform/src/create-apps/image-properties/crons.md index a551867779..e707d9f98f 100644 --- a/sites/platform/src/create-apps/image-properties/crons.md +++ b/sites/platform/src/create-apps/image-properties/crons.md @@ -4,10 +4,10 @@ weight: 4 description: A cron dictionary that defines scheduled tasks for the app. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + The keys of the `crons` definition are the names of the cron jobs. The names must be unique. @@ -19,7 +19,7 @@ The following table shows the properties for each job: | Name | Type | Required | Description | | ------------------ | -------------------------------------------- | -------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, on **Grid** projects use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time.
**Single-runtime image**: The `H` syntax is available only on **Grid** projects, and not on **{{% names/dedicated-gen-2 %}} projects.** | +| `spec` | `string` | Yes | The [cron specification](https://en.wikipedia.org/wiki/Cron#Cron_expression). To prevent competition for resources that might hurt performance, on **Grid** projects use `H` in definitions to indicate an unspecified but invariant time. For example, instead of using `0 * * * *` to indicate the cron job runs at the start of every hour, you can use `H * * * *` to indicate it runs every hour, but not necessarily at the start. This prevents multiple cron jobs from trying to start at the same time.

**Single-runtime image**: The `H` syntax is available on Grid projects only, and not on {{% names/dedicated-gen-2 %}} projects. | | `commands` | A [cron commands dictionary](#cron-commands) | Yes | A definition of what commands to run when starting and stopping the cron job. | | `shutdown_timeout` | `integer` | No | When a cron is canceled, this represents the number of seconds after which a `SIGKILL` signal is sent to the process to force terminate it. The default is `10` seconds. | | `timeout` | `integer` | No | The maximum amount of time a cron can run before it's terminated. Defaults to the maximum allowed value of `86400` seconds (24 hours). diff --git a/sites/platform/src/create-apps/image-properties/disk.md b/sites/platform/src/create-apps/image-properties/disk.md index bb3a84d9c5..98eef2f202 100644 --- a/sites/platform/src/create-apps/image-properties/disk.md +++ b/sites/platform/src/create-apps/image-properties/disk.md @@ -4,10 +4,10 @@ weight: 4 description: An `integer` (or `null`) that defines the disk space allocated (in MB) to an app. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + The maximum total space available to all apps and services is set by the storage in your plan settings. When deploying your project, the sum of all `disk` keys defined in app and service configurations must be *equal or less* than the plan storage size. diff --git a/sites/platform/src/create-apps/image-properties/firewall.md b/sites/platform/src/create-apps/image-properties/firewall.md index 64be24f113..74db9c42f7 100644 --- a/sites/platform/src/create-apps/image-properties/firewall.md +++ b/sites/platform/src/create-apps/image-properties/firewall.md @@ -6,10 +6,10 @@ description: A firewall dictionary that defines the outbound firewall rules for {{< premium-features/tiered "Elite and Enterprise" >}} -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + This property enables you to set limits in outbound traffic from your app with no impact on inbound requests. The `outbound` key is required and contains one or more rules. diff --git a/sites/platform/src/create-apps/image-properties/hooks.md b/sites/platform/src/create-apps/image-properties/hooks.md index 183cbff9a9..85b9acdef7 100644 --- a/sites/platform/src/create-apps/image-properties/hooks.md +++ b/sites/platform/src/create-apps/image-properties/hooks.md @@ -7,10 +7,10 @@ keywords: - hooks --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + There are three different hooks that run as part of the process of building and deploying your app. These are places where you can run custom scripts. They are: the `build` hook, the `deploy` hook, and the `post_deploy` hook. diff --git a/sites/platform/src/create-apps/image-properties/mounts.md b/sites/platform/src/create-apps/image-properties/mounts.md index e54eb247d6..b6704d3120 100644 --- a/sites/platform/src/create-apps/image-properties/mounts.md +++ b/sites/platform/src/create-apps/image-properties/mounts.md @@ -4,10 +4,10 @@ weight: 4 description: Defines the directories that are writable even after the app is built. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. - {{% description %}} If set as a local source, disk is required. +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + After your app is built, its file system is read-only. To make changes to your app's code, you need to use Git. diff --git a/sites/platform/src/create-apps/image-properties/relationships.md b/sites/platform/src/create-apps/image-properties/relationships.md index 31ed01b64d..86bd4c948a 100644 --- a/sites/platform/src/create-apps/image-properties/relationships.md +++ b/sites/platform/src/create-apps/image-properties/relationships.md @@ -4,10 +4,10 @@ weight: 4 description: A dictionary of relationships that defines the connections to other services and apps. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images in {{% vendor/name %}}. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images in {{% vendor/name %}}. + To allow containers in your project to communicate with one another, you need to define relationships between them. You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). diff --git a/sites/platform/src/create-apps/image-properties/size.md b/sites/platform/src/create-apps/image-properties/size.md index 263800067d..6acdb752df 100644 --- a/sites/platform/src/create-apps/image-properties/size.md +++ b/sites/platform/src/create-apps/image-properties/size.md @@ -6,9 +6,11 @@ keywords: - resource sizing --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. -Defines the amount of resources to dedicate to the app. Defaults to `AUTO` in production environments. + +{{% description %}} Defaults to `AUTO` in production environments. + +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. Resources are distributed across all containers in an environment from the total available from your [plan size](/administration/pricing/_index.md). So if you have more than just a single app, it doesn't get all of the resources available. diff --git a/sites/platform/src/create-apps/image-properties/source.md b/sites/platform/src/create-apps/image-properties/source.md index b7c28194e3..c310285495 100644 --- a/sites/platform/src/create-apps/image-properties/source.md +++ b/sites/platform/src/create-apps/image-properties/source.md @@ -4,10 +4,10 @@ weight: 4 description: Contains information about the app’s source code and operations that can be run on it. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + The following table shows the properties that can be set in `source`: diff --git a/sites/platform/src/create-apps/image-properties/variables.md b/sites/platform/src/create-apps/image-properties/variables.md index 0c33d5740a..e962bff8c8 100644 --- a/sites/platform/src/create-apps/image-properties/variables.md +++ b/sites/platform/src/create-apps/image-properties/variables.md @@ -4,10 +4,10 @@ weight: 4 description: A variables dictionary that defines variables to control the environment. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + {{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). Variables set in your app configuration have the lowest precedence, meaning they're overridden by any conflicting values provided elsewhere. diff --git a/sites/platform/src/create-apps/image-properties/web.md b/sites/platform/src/create-apps/image-properties/web.md index 5fa562eaaa..166127345d 100644 --- a/sites/platform/src/create-apps/image-properties/web.md +++ b/sites/platform/src/create-apps/image-properties/web.md @@ -4,10 +4,10 @@ weight: 4 description: A web instance that defines how the web application is served. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + Use the `web` key to configure the web server running in front of your app. In single-runtime images, defaults may vary with a different [image `type`](/create-apps/app-reference/single-runtime-image.md#types). diff --git a/sites/platform/src/create-apps/image-properties/workers.md b/sites/platform/src/create-apps/image-properties/workers.md index b24852e89d..f545d22c56 100644 --- a/sites/platform/src/create-apps/image-properties/workers.md +++ b/sites/platform/src/create-apps/image-properties/workers.md @@ -4,10 +4,10 @@ weight: 4 description: Defines the list of worker names, which are alternate copies of the application to run as background processes. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. + Workers are exact copies of the code and compilation output as a `web` instance after a [`build` hook](/create-apps/image-properties/hooks.md). They use the same container image. From de379d142c6322166df6cb3015297cb9e1299467 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Mon, 25 Aug 2025 13:33:45 -0400 Subject: [PATCH 45/48] upsun: move the description to be the first content in the topic. --- .../src/create-apps/image-properties/relationships.md | 2 +- sites/upsun/src/create-apps/image-properties/access.md | 4 ++-- .../src/create-apps/image-properties/additional_hosts.md | 4 ++-- .../src/create-apps/image-properties/container_profile.md | 4 ++-- sites/upsun/src/create-apps/image-properties/crons.md | 4 ++-- sites/upsun/src/create-apps/image-properties/firewall.md | 4 ++-- sites/upsun/src/create-apps/image-properties/hooks.md | 4 ++-- sites/upsun/src/create-apps/image-properties/mounts.md | 4 ++-- sites/upsun/src/create-apps/image-properties/relationships.md | 4 ++-- sites/upsun/src/create-apps/image-properties/source.md | 4 ++-- sites/upsun/src/create-apps/image-properties/variables.md | 4 ++-- sites/upsun/src/create-apps/image-properties/web.md | 4 ++-- sites/upsun/src/create-apps/image-properties/workers.md | 4 ++-- 13 files changed, 25 insertions(+), 25 deletions(-) diff --git a/sites/platform/src/create-apps/image-properties/relationships.md b/sites/platform/src/create-apps/image-properties/relationships.md index 86bd4c948a..3864e2bb7d 100644 --- a/sites/platform/src/create-apps/image-properties/relationships.md +++ b/sites/platform/src/create-apps/image-properties/relationships.md @@ -6,7 +6,7 @@ description: A dictionary of relationships that defines the connections to other {{% description %}} -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images in {{% vendor/name %}}. +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#top-level-properties) and [composable](/create-apps/app-reference/composable-image.md#top-level-properties) images. To allow containers in your project to communicate with one another, you need to define relationships between them. diff --git a/sites/upsun/src/create-apps/image-properties/access.md b/sites/upsun/src/create-apps/image-properties/access.md index d1404c07ef..d91de2e62f 100644 --- a/sites/upsun/src/create-apps/image-properties/access.md +++ b/sites/upsun/src/create-apps/image-properties/access.md @@ -4,10 +4,10 @@ weight: 4 description: An access dictionary that defines the access control for roles accessing app environments. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + The `access` dictionary has one allowed key: | Name | Allowed values | Default | Description | diff --git a/sites/upsun/src/create-apps/image-properties/additional_hosts.md b/sites/upsun/src/create-apps/image-properties/additional_hosts.md index 72398a17ee..6e3b629686 100644 --- a/sites/upsun/src/create-apps/image-properties/additional_hosts.md +++ b/sites/upsun/src/create-apps/image-properties/additional_hosts.md @@ -4,10 +4,10 @@ weight: 4 description: An additional hosts dictionary that maps hostnames to IP addresses. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + {{< codetabs >}} +++ diff --git a/sites/upsun/src/create-apps/image-properties/container_profile.md b/sites/upsun/src/create-apps/image-properties/container_profile.md index cfc3bbbd83..0f83f826c8 100644 --- a/sites/upsun/src/create-apps/image-properties/container_profile.md +++ b/sites/upsun/src/create-apps/image-properties/container_profile.md @@ -4,10 +4,10 @@ weight: 4 description: Defines the container profile of the application. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + By default, {{% vendor/name %}} allocates a container profile to each app and service depending on the range of resources it’s expected to need. diff --git a/sites/upsun/src/create-apps/image-properties/crons.md b/sites/upsun/src/create-apps/image-properties/crons.md index 87c00f1834..dffc2a0fdc 100644 --- a/sites/upsun/src/create-apps/image-properties/crons.md +++ b/sites/upsun/src/create-apps/image-properties/crons.md @@ -4,10 +4,10 @@ weight: 4 description: A cron dictionary that defines scheduled tasks for the app. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + The keys of the `crons` definition are the names of the cron jobs. The names must be unique. diff --git a/sites/upsun/src/create-apps/image-properties/firewall.md b/sites/upsun/src/create-apps/image-properties/firewall.md index dba20b8e57..f9e0be361b 100644 --- a/sites/upsun/src/create-apps/image-properties/firewall.md +++ b/sites/upsun/src/create-apps/image-properties/firewall.md @@ -4,10 +4,10 @@ weight: 4 description: A firewall dictionary that defines the outbound firewall rules for the application. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + This property enables you to set limits in outbound traffic from your app with no impact on inbound requests. The `outbound` key is required and contains one or more rules. diff --git a/sites/upsun/src/create-apps/image-properties/hooks.md b/sites/upsun/src/create-apps/image-properties/hooks.md index dd9cbfae46..cc933b438a 100644 --- a/sites/upsun/src/create-apps/image-properties/hooks.md +++ b/sites/upsun/src/create-apps/image-properties/hooks.md @@ -7,10 +7,10 @@ keywords: - hooks --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + There are three different hooks that run as part of the process of building and deploying your app. These are places where you can run custom scripts. They are: the `build` hook, the `deploy` hook, and the `post_deploy` hook. diff --git a/sites/upsun/src/create-apps/image-properties/mounts.md b/sites/upsun/src/create-apps/image-properties/mounts.md index fedcfc7c0b..1184a8895d 100644 --- a/sites/upsun/src/create-apps/image-properties/mounts.md +++ b/sites/upsun/src/create-apps/image-properties/mounts.md @@ -4,10 +4,10 @@ weight: 4 description: Directories that are writable even after the app is built. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. - Directories that are writable even after the app is built. Allocated disk for mounts is defined with a separate resource configuration call using `{{% vendor/cli %}} resources:set`. +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + After your app is built, its file system is read-only. To make changes to your app's code, you need to use Git. diff --git a/sites/upsun/src/create-apps/image-properties/relationships.md b/sites/upsun/src/create-apps/image-properties/relationships.md index 315f6a3351..fd6f9e68b5 100644 --- a/sites/upsun/src/create-apps/image-properties/relationships.md +++ b/sites/upsun/src/create-apps/image-properties/relationships.md @@ -4,10 +4,10 @@ weight: 4 description: A dictionary of relationships that defines the connections to other services and apps. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images in {{% vendor/name %}}. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + To allow containers in your project to communicate with one another, you need to define relationships between them. You can define a relationship between an app and a service, or [between two apps](/create-apps/multi-app/relationships.md). diff --git a/sites/upsun/src/create-apps/image-properties/source.md b/sites/upsun/src/create-apps/image-properties/source.md index 46794b70df..deb0e45fa1 100644 --- a/sites/upsun/src/create-apps/image-properties/source.md +++ b/sites/upsun/src/create-apps/image-properties/source.md @@ -4,10 +4,10 @@ weight: 4 description: Contains information about the app’s source code and operations that can be run on it. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + The following table shows the properties that can be set in `source`: | Name | Type | Required | Description | diff --git a/sites/upsun/src/create-apps/image-properties/variables.md b/sites/upsun/src/create-apps/image-properties/variables.md index 8e1260aa90..5f41ce33b4 100644 --- a/sites/upsun/src/create-apps/image-properties/variables.md +++ b/sites/upsun/src/create-apps/image-properties/variables.md @@ -4,10 +4,10 @@ weight: 4 description: A variables dictionary that defines variables to control the environment. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images in {{% vendor/name %}}. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + {{% vendor/name %}} provides a number of ways to set [variables](/development/variables/_index.md). Variables set in your app configuration have the lowest precedence, meaning they're overridden by any conflicting values provided elsewhere. diff --git a/sites/upsun/src/create-apps/image-properties/web.md b/sites/upsun/src/create-apps/image-properties/web.md index a9ff955175..9e5c3333a7 100644 --- a/sites/upsun/src/create-apps/image-properties/web.md +++ b/sites/upsun/src/create-apps/image-properties/web.md @@ -4,10 +4,10 @@ weight: 4 description: A web instance that defines how the web application is served. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images in {{% vendor/name %}}. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + Use the `web` key to configure the web server running in front of your app. In **single-runtime images**, defaults may vary with a different [image `type`](/create-apps/app-reference/single-runtime-image.md#types). diff --git a/sites/upsun/src/create-apps/image-properties/workers.md b/sites/upsun/src/create-apps/image-properties/workers.md index 34500881f8..c4f98732a2 100644 --- a/sites/upsun/src/create-apps/image-properties/workers.md +++ b/sites/upsun/src/create-apps/image-properties/workers.md @@ -4,10 +4,10 @@ weight: 4 description: Defines the list of worker names, which are alternate copies of the application to run as background processes. --- -Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images in {{% vendor/name %}}. - {{% description %}} +Optional in [single-runtime](/create-apps/app-reference/single-runtime-image.md#primary-application-properties) and [composable](/create-apps/app-reference/composable-image.md#primary-application-properties) images. + {{< codetabs >}} +++ From a1b75d03159c889fb39e17d80bf4087e2c8a0979 Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Mon, 25 Aug 2025 13:48:24 -0400 Subject: [PATCH 46/48] Updates to image-properties content --- sites/platform/src/create-apps/image-properties/_index.md | 8 ++++---- sites/upsun/src/create-apps/image-properties/_index.md | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/sites/platform/src/create-apps/image-properties/_index.md b/sites/platform/src/create-apps/image-properties/_index.md index f3e471612c..0fea96b27a 100644 --- a/sites/platform/src/create-apps/image-properties/_index.md +++ b/sites/platform/src/create-apps/image-properties/_index.md @@ -2,10 +2,10 @@ title: "Image properties" weight: 4 description: Details about image properties in the {{% vendor/name %}} config.yaml file -# layout: single --- -**Note:** The properties below are available in both single-runtime and composable images. -For most of these properties, the syntax and details are the same for both image types. Differences in meaning and syntax are noted as needed in the property details. +**Note:** The properties below are available in **both** [single-runtime image](/create-apps/app-reference/single-runtime-image.md#) and [composable image](/create-apps/app-reference/composable-image.md#) types. -To learn about the properties that are unique to each image type, refer to the [single-runtime image](/create-apps/app-reference/single-runtime-image.md#) and [composable image](/create-apps/app-reference/composable-image.md#) topics. +For most of these properties, the syntax and details are the same for both image types. Differences in meaning and syntax are noted as needed for each property. + +To learn about the properties that are **unique to each image type**, refer to the top-level properties described in the [single-runtime image](/create-apps/app-reference/single-runtime-image.md#) topic or the primary application properties described in the [composable image](/create-apps/app-reference/composable-image.md#) topic. diff --git a/sites/upsun/src/create-apps/image-properties/_index.md b/sites/upsun/src/create-apps/image-properties/_index.md index 5ae422d8cc..6c07b1cece 100644 --- a/sites/upsun/src/create-apps/image-properties/_index.md +++ b/sites/upsun/src/create-apps/image-properties/_index.md @@ -3,10 +3,10 @@ title: "Image properties" sidebarTitle: "Image properties" weight: 4 description: Details about image properties in the {{% vendor/name %}} config.yaml file -# layout: single --- -**Note:** The properties below are available in both single-runtime and composable images. -For most of these properties, the syntax and details are the same for both image types. Differences in meaning and syntax are noted as needed in the property details. +**Note:** The properties below are available in **both** [single-runtime image](/create-apps/app-reference/single-runtime-image.md#) and [composable image](/create-apps/app-reference/composable-image.md#) types. -To learn about the properties that are **unique to each image type**, refer to the [single-runtime image](/create-apps/app-reference/single-runtime-image.md#) and [composable image](/create-apps/app-reference/composable-image.md#) topics. +For most of these properties, the syntax and details are the same for both image types. Differences in meaning and syntax are noted as needed for each property. + +To learn about the properties that are **unique to each image type**, refer to the top-level properties described in the [single-runtime image](/create-apps/app-reference/single-runtime-image.md#) topic or the primary application properties described in the [composable image](/create-apps/app-reference/composable-image.md#) topic. From d486777166a2ec2556f9c2ddcdf2fa281b545adc Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Mon, 25 Aug 2025 14:42:55 -0400 Subject: [PATCH 47/48] Update the note about common properties being in separate topics --- .../platform/src/create-apps/app-reference/composable-image.md | 3 +-- .../src/create-apps/app-reference/single-runtime-image.md | 3 +-- sites/upsun/src/create-apps/app-reference/composable-image.md | 3 +-- .../src/create-apps/app-reference/single-runtime-image.md | 3 +-- 4 files changed, 4 insertions(+), 8 deletions(-) diff --git a/sites/platform/src/create-apps/app-reference/composable-image.md b/sites/platform/src/create-apps/app-reference/composable-image.md index d47180c0d5..56bccec776 100644 --- a/sites/platform/src/create-apps/app-reference/composable-image.md +++ b/sites/platform/src/create-apps/app-reference/composable-image.md @@ -37,8 +37,7 @@ The following table lists all the properties you can use at the top level of you The column _Set in instance?_ defines whether the given property can be overridden within a `web` or `workers` instance. To override any part of a property, you have to provide the entire property. - -- **Note:** Several properties (for example, `size`, `relationships`, `mounts`) are available in both single-runtime and composable images. Clicking the link for their details leads to a separate topic for that property. Properties that are unique to this image type are described in this topic. +- **Note:** Several properties (for example, `size`, `relationships`, `mounts`) are available in **both** the single-runtime and composable image types. Clicking the link for their details leads you to a separate topic for that property. Descriptions for properties that are **unique** to this image type are provided later in this topic. | Name | Type | Required | Set in instance? | Description | diff --git a/sites/platform/src/create-apps/app-reference/single-runtime-image.md b/sites/platform/src/create-apps/app-reference/single-runtime-image.md index 6b634e5890..e97efadedf 100644 --- a/sites/platform/src/create-apps/app-reference/single-runtime-image.md +++ b/sites/platform/src/create-apps/app-reference/single-runtime-image.md @@ -24,8 +24,7 @@ The following table lists all properties available at the top level of the YAML The column _Set in instance?_ defines whether the given property can be overridden within a `web` or `workers` instance. To override any part of a property, you have to provide the entire property. - -- **Note:** Several properties (for example, `size`, `relationships`, `mounts`) are available in both single-runtime and composable images. Clicking the link for their details leads to a separate topic for that property. Properties that are unique to this image type are described in this topic. +- **Note:** Several properties (for example, `size`, `relationships`, `mounts`) are available in **both** the single-runtime and composable image types. Clicking the link for their details leads you to a separate topic for that property. Descriptions for properties that are **unique** to this image type are provided later in this topic. | Name | Type | Required | Set in instance? | Description | diff --git a/sites/upsun/src/create-apps/app-reference/composable-image.md b/sites/upsun/src/create-apps/app-reference/composable-image.md index aeaf8f0925..ad87ee7305 100644 --- a/sites/upsun/src/create-apps/app-reference/composable-image.md +++ b/sites/upsun/src/create-apps/app-reference/composable-image.md @@ -58,8 +58,7 @@ above). The column _Set in instance?_ defines whether the given property can be overridden within a `web` or `workers` instance. To override any part of a property, you have to provide the entire property. - -- **Note:** Several properties (for example, `size`, `relationships`, `mounts`) are available in both single-runtime and composable images. Clicking the link for their details leads to a separate topic for that property. Properties that are unique to this image type are described in this topic. +- **Note:** Several properties (for example, `size`, `relationships`, `mounts`) are available in **both** the single-runtime and composable image types. Clicking the link for their details leads you to a separate topic for that property. Descriptions for properties that are **unique** to this image type are provided later in this topic. | Name | Type | Required | Set in instance? | Description | diff --git a/sites/upsun/src/create-apps/app-reference/single-runtime-image.md b/sites/upsun/src/create-apps/app-reference/single-runtime-image.md index 27dd83068b..831b6e5045 100644 --- a/sites/upsun/src/create-apps/app-reference/single-runtime-image.md +++ b/sites/upsun/src/create-apps/app-reference/single-runtime-image.md @@ -37,8 +37,7 @@ and `backend` above). The column _Set in instance?_ defines whether the given property can be overridden within a `web` or `workers` instance. To override any part of a property, you have to provide the entire property. - -- **Note:** Several properties (for example, `size`, `relationships`, `mounts`) are available in both single-runtime and composable images. Clicking the link for their details leads to a separate topic for that property. Properties that are unique to this image type are described in this topic. +- **Note:** Several properties (for example, `size`, `relationships`, `mounts`) are available in **both** the single-runtime and composable image types. Clicking the link for their details leads you to a separate topic for that property. Descriptions for properties that are **unique** to this image type are provided later in this topic. | Name | Type | Required | Set in instance? | Description | From 92464d3368b900aef53714be3410961ef9e2bead Mon Sep 17 00:00:00 2001 From: C T <215163593+catplat@users.noreply.github.com> Date: Mon, 25 Aug 2025 15:11:19 -0400 Subject: [PATCH 48/48] Delete premium-features/tiered shortcode from upsun content. Applies only to Platform. --- sites/upsun/src/create-apps/source-operations.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/sites/upsun/src/create-apps/source-operations.md b/sites/upsun/src/create-apps/source-operations.md index a5750a7cc1..db2eacd953 100644 --- a/sites/upsun/src/create-apps/source-operations.md +++ b/sites/upsun/src/create-apps/source-operations.md @@ -294,8 +294,6 @@ and then runs the `update-file` source operation defined [previously](#define-a- ## Source operation examples -{{< premium-features/tiered "Enterprise and Elite" >}} - ### Update your application dependencies You can set up a source operation and a cron job to [automate your dependency updates](/learn/tutorials/dependency-updates.md).