From cfebf0a659d3800ece127d7ac779127b69eb982a Mon Sep 17 00:00:00 2001 From: Erik Huelsmann Date: Sat, 1 Mar 2025 18:03:59 +0100 Subject: [PATCH 1/5] Split config and start scripts --- config.sh | 162 +++++++++++++++++++++++++++++++++++++++++++++++++++++ start.sh | 163 +----------------------------------------------------- 2 files changed, 164 insertions(+), 161 deletions(-) create mode 100755 config.sh diff --git a/config.sh b/config.sh new file mode 100755 index 0000000..b5679b6 --- /dev/null +++ b/config.sh @@ -0,0 +1,162 @@ +#!/bin/bash + +set -e + +cd /srv/ledgersmb +[[ -d ./local/conf/ ]] || mkdir ./local/conf/ +if [[ -n "$SSMTP_ROOT" ]]; then + echo "\$SSMTP_ROOT set; parameter is deprecated and will be ignored" + LSMB_HAVE_DEPRECATED=1 +fi +if [[ -n "$SSMTP_FROMLINE_OVERRIDE" ]]; then + echo "\$SSMTP_FROMLINE_OVERRIDE set; parameter is deprecated and will be ignored" + LSMB_HAVE_DEPRECATED=1 +fi +if [[ -n "$SSMTP_MAILHUB" ]]; then + echo "\$SSMTP_MAILHUB set; parameter is deprecated" + if [[ -z "$LSMB_MAIL_SMTPHOST" ]]; then + echo " Deriving \$LSMB_MAIL_SMTPHOST setting from \$SSMTP_MAILHUB" + LSMB_MAIL_SMTPHOST=${SSMTP_MAILHUB%:*} + fi + if [[ -z "$LSMB_MAIL_SMTPPORT" ]]; then + echo " Deriving \$LSMB_MAIL_SMTPPORT setting from \$SSMTP_MAILHUB" + LSMB_MAIL_SMTPPORT=${SSMTP_MAILHUB#*:} + fi + LSMB_HAVE_DEPRECATED=1 +fi +if [[ -n "$SSMTP_HOSTNAME" ]]; then + echo "\$SSMTP_HOSTNAME set; parameter is deprecated" + if [[ -z "$LSMB_MAIL_SMTPSENDER_HOSTNAME" ]]; then + echo " Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_HOSTNAME" + LSMB_MAIL_SMTPSENDER_HOSTNAME=$SSMTP_HOSTNAME + fi + LSMB_HAVE_DEPRECATED=1 +fi +if [[ -n "$SSMTP_USE_STARTTLS" ]]; then + echo "\$SSMTP_USE_STARTTLS set; parameter is deprecated" + if [[ -z "$LSMB_MAIL_SMTPTLS" ]]; then + echo " Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_USE_STARTTLS" + LSMB_MAIL_SMTPTLS=$SSMTP_USE_STARTTLS + fi + LSMB_HAVE_DEPRECATED=1 +fi +if [[ -n "$SSMTP_AUTH_USER" ]]; then + echo "\$SSMTP_AUTH_USER set; parameter is deprecated" + if [[ -z "$LSMB_MAIL_SMTPUSER" ]]; then + echo " Deriving \$LSMB_MAIL_SMTPUSER setting from \$SSMTP_AUTH_USER" + LSMB_MAIL_SMTPUSER=$SSMTP_AUTH_USER + fi + LSMB_HAVE_DEPRECATED=1 +fi +if [[ -n "$SSMTP_AUTH_PASS" ]]; then + echo "\$SSMTP_AUTH_PASS set; parameter is deprecated" + if [[ -z "$LSMB_MAIL_SMTPPASS" ]]; then + echo " Deriving \$LSMB_MAIL_SMTPPASS setting from \$SSMTP_AUTH_PASS" + LSMB_MAIL_SMTPPASS=$SSMTP_AUTH_PASS + fi + LSMB_HAVE_DEPRECATED=1 +fi +if [[ -n "$SSMTP_AUTH_METHOD" ]]; then + echo "\$SSMTP_AUTH_METHOD set; parameter is deprecated" + if [[ -z "$LSMB_MAIL_SMTPAUTHMECH" ]]; then + echo " Deriving \$LSMB_MAIL_SMTPAUTHMECH setting from \$SSMTP_AUTH_METHOD" + LSMB_MAIL_SMTPAUTHMECH=$SSMTP_AUTH_METHOD + fi + LSMB_HAVE_DEPRECATED=1 +fi + +if [[ -n "$LSMB_HAVE_DEPRECATED" ]]; then + echo "!!! DEPRECATED \$SSMTP_* PARAMETERS WILL BE REMOVED in the 1.9 image!!!" +fi + +if [[ ! -f ./local/conf/ledgersmb.yaml ]]; then + if [[ "x$LSMB_MAIL_SMTPTLS" == "xyes" ]]; then + tls_mode=starttls + elif [[ "x$LSMB_MAIL_SMTPTLS" == "xraw" ]]; then + tls_mode=ssl + else + tls_mode=none + fi + cat <./local/conf/ledgersmb.yaml +paths: + \$class: Beam::Wire + config: + UI: ./UI/ + UI_cache: lsmb_templates/ + +db: + \$class: LedgerSMB::Database::Factory + connect_data: + host: ${POSTGRES_HOST:-postgres} + port: ${POSTGRES_PORT:-5432} + +mail: + transport: + \$class: Email::Sender::Transport::SMTP + ssl: $tls_mode + +miscellaneous: + \$class: Beam::Wire + config: + proxy_ip: ${PROXY_IP:-172.17.0.1/12} + +ui: + class: LedgerSMB::Template::UI + method: new_UI + lifecycle: eager + args: + cache: + \$ref: paths/UI_cache + root: + \$ref: paths/UI +EOF + + if [[ -n "$LSMB_MAIL_SMTPHOST" ]] + then + if [[ "$LSMB_MAIL_SMTPHOST" == "__CONTAINER_GATEWAY__" ]] + then + LSMB_MAIL_SMTPHOST="$(ip route | awk '/default/ { print $3 }')" + export LSMB_MAIL_SMTPHOST + fi + + cat <./local/conf/ledgersmb.000.yaml +mail: + transport: + host: $LSMB_MAIL_SMTPHOST +EOF + fi + + if [[ -n "$LSMB_MAIL_SMTPPORT" ]] + then + cat <./local/conf/ledgersmb.001.yaml +mail: + transport: + port: $LSMB_MAIL_SMTPPORT +EOF + fi + + if [[ -n "$LSMB_MAIL_SMTPSENDER_HOSTNAME" ]] + then + cat <./local/conf/ledgersmb.002.yaml +mail: + transport: + helo: $LSMB_MAIL_SMTPSENDER_HOSTNAME +EOF + fi + + if [[ -n "$LSMB_MAIL_SMTPUSER" ]] + then + cat <./local/conf/ledgersmb.003.yaml +mail: + transport: + sasl_authenticator: + \$class: Authen::SASL + mechanism: $LSMB_MAIL_SMTPAUTHMECH + callback: + user: $LSMB_MAIL_SMTPUSER + pass: $LSMB_MAIL_SMTPPASS +EOF + fi +fi + +exit 0 diff --git a/start.sh b/start.sh index ef0d871..2ae51f7 100755 --- a/start.sh +++ b/start.sh @@ -1,167 +1,8 @@ #!/bin/bash +$(dirname `readlink -f $BASH_SOURCE`)/config.sh || (echo "Failed configuration" ; exit) + cd /srv/ledgersmb -[[ -d ./local/conf/ ]] || mkdir ./local/conf/ -if [[ -n "$SSMTP_ROOT" ]]; then - echo "\$SSMTP_ROOT set; parameter is deprecated and will be ignored" - LSMB_HAVE_DEPRECATED=1 -fi -if [[ -n "$SSMTP_FROMLINE_OVERRIDE" ]]; then - echo "\$SSMTP_FROMLINE_OVERRIDE set; parameter is deprecated and will be ignored" - LSMB_HAVE_DEPRECATED=1 -fi -if [[ -n "$SSMTP_MAILHUB" ]]; then - echo "\$SSMTP_MAILHUB set; parameter is deprecated" - if [[ -z "$LSMB_MAIL_SMTPHOST" ]]; then - echo " Deriving \$LSMB_MAIL_SMTPHOST setting from \$SSMTP_MAILHUB" - LSMB_MAIL_SMTPHOST=${SSMTP_MAILHUB%:*} - fi - if [[ -z "$LSMB_MAIL_SMTPPORT" ]]; then - echo " Deriving \$LSMB_MAIL_SMTPPORT setting from \$SSMTP_MAILHUB" - LSMB_MAIL_SMTPPORT=${SSMTP_MAILHUB#*:} - fi - LSMB_HAVE_DEPRECATED=1 -fi -if [[ -n "$SSMTP_HOSTNAME" ]]; then - echo "\$SSMTP_HOSTNAME set; parameter is deprecated" - if [[ -z "$LSMB_MAIL_SMTPSENDER_HOSTNAME" ]]; then - echo " Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_HOSTNAME" - LSMB_MAIL_SMTPSENDER_HOSTNAME=$SSMTP_HOSTNAME - fi - LSMB_HAVE_DEPRECATED=1 -fi -if [[ -n "$SSMTP_USE_STARTTLS" ]]; then - echo "\$SSMTP_USE_STARTTLS set; parameter is deprecated" - if [[ -z "$LSMB_MAIL_SMTPTLS" ]]; then - echo " Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_USE_STARTTLS" - LSMB_MAIL_SMTPTLS=$SSMTP_USE_STARTTLS - fi - LSMB_HAVE_DEPRECATED=1 -fi -if [[ -n "$SSMTP_AUTH_USER" ]]; then - echo "\$SSMTP_AUTH_USER set; parameter is deprecated" - if [[ -z "$LSMB_MAIL_SMTPUSER" ]]; then - echo " Deriving \$LSMB_MAIL_SMTPUSER setting from \$SSMTP_AUTH_USER" - LSMB_MAIL_SMTPUSER=$SSMTP_AUTH_USER - fi - LSMB_HAVE_DEPRECATED=1 -fi -if [[ -n "$SSMTP_AUTH_PASS" ]]; then - echo "\$SSMTP_AUTH_PASS set; parameter is deprecated" - if [[ -z "$LSMB_MAIL_SMTPPASS" ]]; then - echo " Deriving \$LSMB_MAIL_SMTPPASS setting from \$SSMTP_AUTH_PASS" - LSMB_MAIL_SMTPPASS=$SSMTP_AUTH_PASS - fi - LSMB_HAVE_DEPRECATED=1 -fi -if [[ -n "$SSMTP_AUTH_METHOD" ]]; then - echo "\$SSMTP_AUTH_METHOD set; parameter is deprecated" - if [[ -z "$LSMB_MAIL_SMTPAUTHMECH" ]]; then - echo " Deriving \$LSMB_MAIL_SMTPAUTHMECH setting from \$SSMTP_AUTH_METHOD" - LSMB_MAIL_SMTPAUTHMECH=$SSMTP_AUTH_METHOD - fi - LSMB_HAVE_DEPRECATED=1 -fi - -if [[ -n "$LSMB_HAVE_DEPRECATED" ]]; then - echo "!!! DEPRECATED \$SSMTP_* PARAMETERS WILL BE REMOVED in the 1.9 image!!!" -fi - -if [[ ! -f ./local/conf/ledgersmb.yaml ]]; then - if [[ "x$LSMB_MAIL_SMTPTLS" == "xyes" ]]; then - tls_mode=starttls - elif [[ "x$LSMB_MAIL_SMTPTLS" == "xraw" ]]; then - tls_mode=ssl - else - tls_mode=none - fi - cat <./local/conf/ledgersmb.yaml -paths: - \$class: Beam::Wire - config: - UI: ./UI/ - UI_cache: lsmb_templates/ - -db: - \$class: LedgerSMB::Database::Factory - connect_data: - host: ${POSTGRES_HOST:-postgres} - port: ${POSTGRES_PORT:-5432} - -mail: - transport: - \$class: Email::Sender::Transport::SMTP - ssl: $tls_mode - -miscellaneous: - \$class: Beam::Wire - config: - proxy_ip: ${PROXY_IP:-172.17.0.1/12} - -ui: - class: LedgerSMB::Template::UI - method: new_UI - lifecycle: eager - args: - cache: - \$ref: paths/UI_cache - root: - \$ref: paths/UI -EOF - - if [[ -n "$LSMB_MAIL_SMTPHOST" ]] - then - if [[ "$LSMB_MAIL_SMTPHOST" == "__CONTAINER_GATEWAY__" ]] - then - LSMB_MAIL_SMTPHOST="$(ip route | awk '/default/ { print $3 }')" - export LSMB_MAIL_SMTPHOST - fi - - cat <./local/conf/ledgersmb.000.yaml -mail: - transport: - host: $LSMB_MAIL_SMTPHOST -EOF - fi - - if [[ -n "$LSMB_MAIL_SMTPPORT" ]] - then - cat <./local/conf/ledgersmb.001.yaml -mail: - transport: - port: $LSMB_MAIL_SMTPPORT -EOF - fi - - if [[ -n "$LSMB_MAIL_SMTPSENDER_HOSTNAME" ]] - then - cat <./local/conf/ledgersmb.002.yaml -mail: - transport: - helo: $LSMB_MAIL_SMTPSENDER_HOSTNAME -EOF - fi - - if [[ -n "$LSMB_MAIL_SMTPUSER" ]] - then - cat <./local/conf/ledgersmb.003.yaml -mail: - transport: - sasl_authenticator: - \$class: Authen::SASL - mechanism: $LSMB_MAIL_SMTPAUTHMECH - callback: - user: $LSMB_MAIL_SMTPUSER - pass: $LSMB_MAIL_SMTPPASS -EOF - fi -fi - -# start ledgersmb -# --preload-app allows application initialization to kill the entire -# starman instance (instead of just the worker, which will immediately -# get restarted) on error; it also has a positive effect on memory use - LSMB_CONFIG_FILE=${LSMB_CONFIG_FILE:-./local/conf/ledgersmb.yaml} export LSMB_CONFIG_FILE echo '--------- LEDGERSMB CONFIGURATION: ledgersmb.conf' From 70c3da39183a152784219ecf5fdb3f2ebf1c2961 Mon Sep 17 00:00:00 2001 From: Erik Huelsmann Date: Sat, 1 Mar 2025 18:16:45 +0100 Subject: [PATCH 2/5] Split run.sh out of start.sh --- run.sh | 14 ++++++++++++++ start.sh | 17 +++-------------- 2 files changed, 17 insertions(+), 14 deletions(-) create mode 100755 run.sh diff --git a/run.sh b/run.sh new file mode 100755 index 0000000..9a35a79 --- /dev/null +++ b/run.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +cd /srv/ledgersmb +LSMB_CONFIG_FILE=${LSMB_CONFIG_FILE:-./local/conf/ledgersmb.yaml} +export LSMB_CONFIG_FILE +echo '--------- LEDGERSMB CONFIGURATION: ledgersmb.conf' +cat ${LSMB_CONFIG_FILE} +echo '--------- LEDGERSMB CONFIGURATION --- END' + +# ':5762:' suppresses an uninitialized variable warning in starman +# the last colon means "don't connect using tls"; without it, there's a warning +exec starman --listen 0.0.0.0:5762 --workers ${LSMB_WORKERS:-5} \ + -I lib -I old/lib \ + --preload-app bin/ledgersmb-server.psgi diff --git a/start.sh b/start.sh index 2ae51f7..32f507b 100755 --- a/start.sh +++ b/start.sh @@ -1,16 +1,5 @@ #!/bin/bash -$(dirname `readlink -f $BASH_SOURCE`)/config.sh || (echo "Failed configuration" ; exit) - -cd /srv/ledgersmb -LSMB_CONFIG_FILE=${LSMB_CONFIG_FILE:-./local/conf/ledgersmb.yaml} -export LSMB_CONFIG_FILE -echo '--------- LEDGERSMB CONFIGURATION: ledgersmb.conf' -cat ${LSMB_CONFIG_FILE} -echo '--------- LEDGERSMB CONFIGURATION --- END' - -# ':5762:' suppresses an uninitialized variable warning in starman -# the last colon means "don't connect using tls"; without it, there's a warning -exec starman --listen 0.0.0.0:5762 --workers ${LSMB_WORKERS:-5} \ - -I lib -I old/lib \ - --preload-app bin/ledgersmb-server.psgi +home_dir="$(dirname `readlink -f $BASH_SOURCE`)" +"$home_dir/config.sh" || (echo "Failed configuration" ; exit) +exec "$home_dir/run.sh" From c036e6dddf72fe6677fed379a07ba0f6e0967bae Mon Sep 17 00:00:00 2001 From: Erik Huelsmann Date: Sat, 1 Mar 2025 21:00:20 +0100 Subject: [PATCH 3/5] Copy config and run scripts into the resulting image --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 0bff717..380194a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -125,6 +125,8 @@ ENV POSTGRES_PORT=5432 ENV DEFAULT_DB=lsmb COPY start.sh /usr/local/bin/start.sh +COPY config.sh /usr/local/bin/config.sh +COPY run.sh /usr/local/bin/run.sh RUN chmod +x /usr/local/bin/start.sh && \ mkdir -p /var/www && \ From e464dddc64e944f471e888bc1a15caf175e2e7aa Mon Sep 17 00:00:00 2001 From: Walid Mujahid Date: Mon, 21 Oct 2024 02:05:45 -0400 Subject: [PATCH 4/5] feat: provide image with nginx --- Dockerfile => base/Dockerfile | 0 .../docker-compose-reverseproxy.yml | 0 docker-compose.yml => base/docker-compose.yml | 0 nginx.conf => base/nginx.conf | 0 start.sh => base/start.sh | 0 with-proxy/Dockerfile | 54 +++++++ with-proxy/nginx.conf | 81 ++++++++++ with-proxy/scripts/ledgersmb_config/config | 148 ++++++++++++++++++ with-proxy/scripts/ledgersmb_config/type | 1 + with-proxy/scripts/ledgersmb_config/up | 2 + with-proxy/services/nginx/run | 3 + with-proxy/services/starman/run | 16 ++ 12 files changed, 305 insertions(+) rename Dockerfile => base/Dockerfile (100%) rename docker-compose-reverseproxy.yml => base/docker-compose-reverseproxy.yml (100%) rename docker-compose.yml => base/docker-compose.yml (100%) rename nginx.conf => base/nginx.conf (100%) rename start.sh => base/start.sh (100%) create mode 100644 with-proxy/Dockerfile create mode 100644 with-proxy/nginx.conf create mode 100644 with-proxy/scripts/ledgersmb_config/config create mode 100644 with-proxy/scripts/ledgersmb_config/type create mode 100644 with-proxy/scripts/ledgersmb_config/up create mode 100644 with-proxy/services/nginx/run create mode 100644 with-proxy/services/starman/run diff --git a/Dockerfile b/base/Dockerfile similarity index 100% rename from Dockerfile rename to base/Dockerfile diff --git a/docker-compose-reverseproxy.yml b/base/docker-compose-reverseproxy.yml similarity index 100% rename from docker-compose-reverseproxy.yml rename to base/docker-compose-reverseproxy.yml diff --git a/docker-compose.yml b/base/docker-compose.yml similarity index 100% rename from docker-compose.yml rename to base/docker-compose.yml diff --git a/nginx.conf b/base/nginx.conf similarity index 100% rename from nginx.conf rename to base/nginx.conf diff --git a/start.sh b/base/start.sh similarity index 100% rename from start.sh rename to base/start.sh diff --git a/with-proxy/Dockerfile b/with-proxy/Dockerfile new file mode 100644 index 0000000..b09656b --- /dev/null +++ b/with-proxy/Dockerfile @@ -0,0 +1,54 @@ +FROM ledgersmb/ledgersmb:1.11.18 +USER root + +# Remove inherited start.sh +RUN rm -rf /usr/local/bin/start.sh + +# Install nginx and other dependencies +RUN set -x && \ + apt-get update -y && \ + apt-get dist-upgrade -y && \ + apt-get install -y --no-install-recommends \ + nginx wget xz-utils + +RUN set -x && \ + mkdir -p /var/lib/nginx/body /var/cache/nginx && \ + chown -R www-data:www-data /var/lib/nginx /var/cache/nginx + +COPY nginx.conf /etc/nginx/nginx.conf + +# Install s6-overlay +ARG S6_OVERLAY_VERSION=3.2.0.2 + +RUN set -ex && \ + ARCH="x86_64" && \ + wget -O /tmp/s6-overlay-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz && \ + wget -O /tmp/s6-overlay-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz.sha256 && \ + wget -O /tmp/s6-overlay-${ARCH}.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz && \ + wget -O /tmp/s6-overlay-${ARCH}.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz.sha256 && \ + wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz && \ + wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz.sha256 && \ + cd /tmp && \ + sha256sum -c *.sha256 && \ + tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && \ + tar -C / -Jxpf /tmp/s6-overlay-${ARCH}.tar.xz && \ + tar -C / -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz + +# Configure nginx and starman with s6 +COPY services/starman/run /etc/services.d/starman/run +RUN chmod +x /etc/services.d/starman/run && chown www-data:www-data /etc/services.d/starman/run + +COPY services/nginx/run /etc/services.d/nginx/run +RUN chmod +x /etc/services.d/nginx/run && chown www-data:www-data /etc/services.d/nginx/run + +COPY scripts/ledgersmb_config /etc/s6-overlay/s6-rc.d/ledgersmb_config +RUN touch /etc/s6-overlay/s6-rc.d/user/contents.d/ledgersmb_config +RUN chmod +x /etc/s6-overlay/s6-rc.d/ledgersmb_config/up \ + /etc/s6-overlay/s6-rc.d/ledgersmb_config/config && \ + chown -R www-data:www-data /etc/s6-overlay/s6-rc.d/ \ + /etc/services.d /run + +EXPOSE 80 + +USER www-data +ENTRYPOINT ["/init"] diff --git a/with-proxy/nginx.conf b/with-proxy/nginx.conf new file mode 100644 index 0000000..69a0d11 --- /dev/null +++ b/with-proxy/nginx.conf @@ -0,0 +1,81 @@ +# This is a full (minimal) nginx configuration file + +error_log /dev/stderr info; +pid /tmp/nginx.pid; +worker_processes 1; + +events { + worker_connections 1024; +} + +http { + client_body_temp_path /tmp/client_body; + proxy_temp_path /tmp/proxy_temp; + fastcgi_temp_path /tmp/fastcgi_temp; + scgi_temp_path /tmp/scgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /dev/stdout; + error_log /dev/stderr info; + + gzip off; + gzip_static on; + + server { + listen 80 default_server; + listen [::]:80 default_server ipv6only=on; + + root /srv/ledgersmb/UI; + + access_log /dev/stdout; + error_log /dev/stderr info; + + # Don't log status polls + location /nginx_status { + stub_status on; + access_log off; + allow 127.0.0.1; + allow ::1; + deny all; + } + + # Configuration files don't exist + location ^~ \.conf$ { + return 404; + } + + # 'Hidden' files don't exist + location ~ /\. { + return 404; + } + + location = / { + return 301 /login.pl; + } + + # JS & CSS + location ~* \.(js|css)$ { + add_header Pragma "public"; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; # Production + expires 7d; # Indicate that the resource can be cached for 1 week # Production + try_files $uri =404; + } + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 300; + proxy_pass http://127.0.0.1:5762; + } + } +} diff --git a/with-proxy/scripts/ledgersmb_config/config b/with-proxy/scripts/ledgersmb_config/config new file mode 100644 index 0000000..176e9e9 --- /dev/null +++ b/with-proxy/scripts/ledgersmb_config/config @@ -0,0 +1,148 @@ +#!/usr/bin/with-contenv /bin/bash + +cd /srv/ledgersmb +[[ -d ./local/conf/ ]] || mkdir ./local/conf/ +if [[ -n "$SSMTP_ROOT" ]]; then + echo "\$SSMTP_ROOT set; parameter is deprecated and will be ignored" + LSMB_HAVE_DEPRECATED=1 +fi +if [[ -n "$SSMTP_FROMLINE_OVERRIDE" ]]; then + echo "\$SSMTP_FROMLINE_OVERRIDE set; parameter is deprecated and will be ignored" + LSMB_HAVE_DEPRECATED=1 +fi +if [[ -n "$SSMTP_MAILHUB" ]]; then + echo "\$SSMTP_MAILHUB set; parameter is deprecated" + if [[ -z "$LSMB_MAIL_SMTPHOST" ]]; then + echo " Deriving \$LSMB_MAIL_SMTPHOST setting from \$SSMTP_MAILHUB" + LSMB_MAIL_SMTPHOST=${SSMTP_MAILHUB%:*} + fi + if [[ -z "$LSMB_MAIL_SMTPPORT" ]]; then + echo " Deriving \$LSMB_MAIL_SMTPPORT setting from \$SSMTP_MAILHUB" + LSMB_MAIL_SMTPPORT=${SSMTP_MAILHUB#*:} + fi + LSMB_HAVE_DEPRECATED=1 +fi +if [[ -n "$SSMTP_HOSTNAME" ]]; then + echo "\$SSMTP_HOSTNAME set; parameter is deprecated" + if [[ -z "$LSMB_MAIL_SMTPSENDER_HOSTNAME" ]]; then + echo " Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_HOSTNAME" + LSMB_MAIL_SMTPSENDER_HOSTNAME=$SSMTP_HOSTNAME + fi + LSMB_HAVE_DEPRECATED=1 +fi +if [[ -n "$SSMTP_USE_STARTTLS" ]]; then + echo "\$SSMTP_USE_STARTTLS set; parameter is deprecated" + if [[ -z "$LSMB_MAIL_SMTPTLS" ]]; then + echo " Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_USE_STARTTLS" + LSMB_MAIL_SMTPTLS=$SSMTP_USE_STARTTLS + fi + LSMB_HAVE_DEPRECATED=1 +fi +if [[ -n "$SSMTP_AUTH_USER" ]]; then + echo "\$SSMTP_AUTH_USER set; parameter is deprecated" + if [[ -z "$LSMB_MAIL_SMTPUSER" ]]; then + echo " Deriving \$LSMB_MAIL_SMTPUSER setting from \$SSMTP_AUTH_USER" + LSMB_MAIL_SMTPUSER=$SSMTP_AUTH_USER + fi + LSMB_HAVE_DEPRECATED=1 +fi +if [[ -n "$SSMTP_AUTH_PASS" ]]; then + echo "\$SSMTP_AUTH_PASS set; parameter is deprecated" + if [[ -z "$LSMB_MAIL_SMTPPASS" ]]; then + echo " Deriving \$LSMB_MAIL_SMTPPASS setting from \$SSMTP_AUTH_PASS" + LSMB_MAIL_SMTPPASS=$SSMTP_AUTH_PASS + fi + LSMB_HAVE_DEPRECATED=1 +fi +if [[ -n "$SSMTP_AUTH_METHOD" ]]; then + echo "\$SSMTP_AUTH_METHOD set; parameter is deprecated" + if [[ -z "$LSMB_MAIL_SMTPAUTHMECH" ]]; then + echo " Deriving \$LSMB_MAIL_SMTPAUTHMECH setting from \$SSMTP_AUTH_METHOD" + LSMB_MAIL_SMTPAUTHMECH=$SSMTP_AUTH_METHOD + fi + LSMB_HAVE_DEPRECATED=1 +fi + +if [[ -n "$LSMB_HAVE_DEPRECATED" ]]; then + echo "!!! DEPRECATED \$SSMTP_* PARAMETERS WILL BE REMOVED in the 1.9 image!!!" +fi + +if [[ ! -f ./local/conf/ledgersmb.yaml ]]; then + cat <./local/conf/ledgersmb.yaml +paths: + \$class: Beam::Wire + config: + UI: ./UI/ + UI_cache: lsmb_templates/ +db: + \$class: LedgerSMB::Database::Factory + connect_data: + host: ${POSTGRES_HOST:-ledgersmb-do-user-66666666-0.k.db.ondigitalocean.com} + port: ${POSTGRES_PORT:-25060} +mail: + transport: + \$class: LedgerSMB::Mailer::TransportSMTP + tls: $LSMB_MAIL_SMTPTLS +miscellaneous: + \$class: Beam::Wire + config: + proxy_ip: ${PROXY_IP:-172.17.0.1/12} +ui: + class: LedgerSMB::Template::UI + method: new_UI + lifecycle: eager + args: + cache: + \$ref: paths/UI_cache + root: + \$ref: paths/UI +EOF + + if [[ -n "$LSMB_MAIL_SMTPHOST" ]] + then + if [[ "$LSMB_MAIL_SMTPHOST" == "__CONTAINER_GATEWAY__" ]] + then + LSMB_MAIL_SMTPHOST="$(ip route | awk '/default/ { print $3 }')" + export LSMB_MAIL_SMTPHOST + fi + + cat <./local/conf/ledgersmb.000.yaml +mail: + transport: + host: $LSMB_MAIL_SMTPHOST +EOF + fi + + if [[ -n "$LSMB_MAIL_SMTPPORT" ]] + then + cat <./local/conf/ledgersmb.001.yaml +mail: + transport: + port: $LSMB_MAIL_SMTPPORT +EOF + fi + + if [[ -n "$LSMB_MAIL_SMTPSENDER_HOSTNAME" ]] + then + cat <./local/conf/ledgersmb.002.yaml +mail: + transport: + helo: $LSMB_MAIL_SMTPSENDER_HOSTNAME +EOF + fi + + if [[ -n "$LSMB_MAIL_SMTPUSER" ]] + then + cat <./local/conf/ledgersmb.003.yaml +mail: + transport: + sasl_password: '' + sasl_username: + \$class: Authen::SASL + mechanism: $LSMB_MAIL_SMTPAUTHMECH + callback: + user: $LSMB_MAIL_SMTPUSER + pass: $LSMB_MAIL_SMTPPASS +EOF + fi +fi diff --git a/with-proxy/scripts/ledgersmb_config/type b/with-proxy/scripts/ledgersmb_config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/with-proxy/scripts/ledgersmb_config/type @@ -0,0 +1 @@ +oneshot diff --git a/with-proxy/scripts/ledgersmb_config/up b/with-proxy/scripts/ledgersmb_config/up new file mode 100644 index 0000000..80cd625 --- /dev/null +++ b/with-proxy/scripts/ledgersmb_config/up @@ -0,0 +1,2 @@ +foreground { echo "Running config..." } +/etc/s6-overlay/s6-rc.d/ledgersmb_config/config diff --git a/with-proxy/services/nginx/run b/with-proxy/services/nginx/run new file mode 100644 index 0000000..edbd1c8 --- /dev/null +++ b/with-proxy/services/nginx/run @@ -0,0 +1,3 @@ +#!/usr/bin/with-contenv /bin/bash + +exec nginx -g "daemon off;" diff --git a/with-proxy/services/starman/run b/with-proxy/services/starman/run new file mode 100644 index 0000000..aea2bca --- /dev/null +++ b/with-proxy/services/starman/run @@ -0,0 +1,16 @@ +#!/usr/bin/with-contenv /bin/bash + +cd /srv/ledgersmb + +# start ledgersmb +# --preload-app allows application initialization to kill the entire +# starman instance (instead of just the worker, which will immediately +# get restarted) on error; it also has a positive effect on memory use + +LSMB_CONFIG_FILE=${LSMB_CONFIG_FILE:-./local/conf/ledgersmb.yaml} +export LSMB_CONFIG_FILE +echo '--------- LEDGERSMB CONFIGURATION: ledgersmb.conf' +cat ${LSMB_CONFIG_FILE} +echo '--------- LEDGERSMB CONFIGURATION --- END' + +exec starman --listen 0.0.0.0:5762 --workers ${LSMB_WORKERS:-5} -I lib -I old/lib --preload-app bin/ledgersmb-server.psgi From 1fefe51e66972d1ab77ca79ad014384b7b0ac964 Mon Sep 17 00:00:00 2001 From: Erik Huelsmann Date: Sat, 1 Mar 2025 22:29:44 +0100 Subject: [PATCH 5/5] Re-use parent container configuration and startup scripts --- config.sh => base/config.sh | 0 run.sh => base/run.sh | 0 with-proxy/Dockerfile | 19 +-- with-proxy/nginx.conf | 2 + with-proxy/scripts/ledgersmb_config/config | 148 --------------------- with-proxy/scripts/ledgersmb_config/up | 3 +- with-proxy/services/starman/run | 15 +-- 7 files changed, 12 insertions(+), 175 deletions(-) rename config.sh => base/config.sh (100%) rename run.sh => base/run.sh (100%) delete mode 100644 with-proxy/scripts/ledgersmb_config/config diff --git a/config.sh b/base/config.sh similarity index 100% rename from config.sh rename to base/config.sh diff --git a/run.sh b/base/run.sh similarity index 100% rename from run.sh rename to base/run.sh diff --git a/with-proxy/Dockerfile b/with-proxy/Dockerfile index b09656b..6105efe 100644 --- a/with-proxy/Dockerfile +++ b/with-proxy/Dockerfile @@ -1,4 +1,5 @@ -FROM ledgersmb/ledgersmb:1.11.18 +FROM lsmb-split:latest +#FROM ledgersmb/ledgersmb:1.11.18 USER root # Remove inherited start.sh @@ -10,10 +11,7 @@ RUN set -x && \ apt-get dist-upgrade -y && \ apt-get install -y --no-install-recommends \ nginx wget xz-utils - -RUN set -x && \ - mkdir -p /var/lib/nginx/body /var/cache/nginx && \ - chown -R www-data:www-data /var/lib/nginx /var/cache/nginx + mkdir -p /var/lib/nginx/body /var/cache/nginx COPY nginx.conf /etc/nginx/nginx.conf @@ -36,19 +34,16 @@ RUN set -ex && \ # Configure nginx and starman with s6 COPY services/starman/run /etc/services.d/starman/run -RUN chmod +x /etc/services.d/starman/run && chown www-data:www-data /etc/services.d/starman/run +RUN chmod +x /etc/services.d/starman/run COPY services/nginx/run /etc/services.d/nginx/run -RUN chmod +x /etc/services.d/nginx/run && chown www-data:www-data /etc/services.d/nginx/run +RUN chmod +x /etc/services.d/nginx/run COPY scripts/ledgersmb_config /etc/s6-overlay/s6-rc.d/ledgersmb_config RUN touch /etc/s6-overlay/s6-rc.d/user/contents.d/ledgersmb_config -RUN chmod +x /etc/s6-overlay/s6-rc.d/ledgersmb_config/up \ - /etc/s6-overlay/s6-rc.d/ledgersmb_config/config && \ - chown -R www-data:www-data /etc/s6-overlay/s6-rc.d/ \ - /etc/services.d /run +RUN chmod +x /etc/s6-overlay/s6-rc.d/ledgersmb_config/up EXPOSE 80 -USER www-data +#USER www-data ENTRYPOINT ["/init"] diff --git a/with-proxy/nginx.conf b/with-proxy/nginx.conf index 69a0d11..ee08c18 100644 --- a/with-proxy/nginx.conf +++ b/with-proxy/nginx.conf @@ -3,6 +3,8 @@ error_log /dev/stderr info; pid /tmp/nginx.pid; worker_processes 1; +user www-data; + events { worker_connections 1024; diff --git a/with-proxy/scripts/ledgersmb_config/config b/with-proxy/scripts/ledgersmb_config/config deleted file mode 100644 index 176e9e9..0000000 --- a/with-proxy/scripts/ledgersmb_config/config +++ /dev/null @@ -1,148 +0,0 @@ -#!/usr/bin/with-contenv /bin/bash - -cd /srv/ledgersmb -[[ -d ./local/conf/ ]] || mkdir ./local/conf/ -if [[ -n "$SSMTP_ROOT" ]]; then - echo "\$SSMTP_ROOT set; parameter is deprecated and will be ignored" - LSMB_HAVE_DEPRECATED=1 -fi -if [[ -n "$SSMTP_FROMLINE_OVERRIDE" ]]; then - echo "\$SSMTP_FROMLINE_OVERRIDE set; parameter is deprecated and will be ignored" - LSMB_HAVE_DEPRECATED=1 -fi -if [[ -n "$SSMTP_MAILHUB" ]]; then - echo "\$SSMTP_MAILHUB set; parameter is deprecated" - if [[ -z "$LSMB_MAIL_SMTPHOST" ]]; then - echo " Deriving \$LSMB_MAIL_SMTPHOST setting from \$SSMTP_MAILHUB" - LSMB_MAIL_SMTPHOST=${SSMTP_MAILHUB%:*} - fi - if [[ -z "$LSMB_MAIL_SMTPPORT" ]]; then - echo " Deriving \$LSMB_MAIL_SMTPPORT setting from \$SSMTP_MAILHUB" - LSMB_MAIL_SMTPPORT=${SSMTP_MAILHUB#*:} - fi - LSMB_HAVE_DEPRECATED=1 -fi -if [[ -n "$SSMTP_HOSTNAME" ]]; then - echo "\$SSMTP_HOSTNAME set; parameter is deprecated" - if [[ -z "$LSMB_MAIL_SMTPSENDER_HOSTNAME" ]]; then - echo " Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_HOSTNAME" - LSMB_MAIL_SMTPSENDER_HOSTNAME=$SSMTP_HOSTNAME - fi - LSMB_HAVE_DEPRECATED=1 -fi -if [[ -n "$SSMTP_USE_STARTTLS" ]]; then - echo "\$SSMTP_USE_STARTTLS set; parameter is deprecated" - if [[ -z "$LSMB_MAIL_SMTPTLS" ]]; then - echo " Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_USE_STARTTLS" - LSMB_MAIL_SMTPTLS=$SSMTP_USE_STARTTLS - fi - LSMB_HAVE_DEPRECATED=1 -fi -if [[ -n "$SSMTP_AUTH_USER" ]]; then - echo "\$SSMTP_AUTH_USER set; parameter is deprecated" - if [[ -z "$LSMB_MAIL_SMTPUSER" ]]; then - echo " Deriving \$LSMB_MAIL_SMTPUSER setting from \$SSMTP_AUTH_USER" - LSMB_MAIL_SMTPUSER=$SSMTP_AUTH_USER - fi - LSMB_HAVE_DEPRECATED=1 -fi -if [[ -n "$SSMTP_AUTH_PASS" ]]; then - echo "\$SSMTP_AUTH_PASS set; parameter is deprecated" - if [[ -z "$LSMB_MAIL_SMTPPASS" ]]; then - echo " Deriving \$LSMB_MAIL_SMTPPASS setting from \$SSMTP_AUTH_PASS" - LSMB_MAIL_SMTPPASS=$SSMTP_AUTH_PASS - fi - LSMB_HAVE_DEPRECATED=1 -fi -if [[ -n "$SSMTP_AUTH_METHOD" ]]; then - echo "\$SSMTP_AUTH_METHOD set; parameter is deprecated" - if [[ -z "$LSMB_MAIL_SMTPAUTHMECH" ]]; then - echo " Deriving \$LSMB_MAIL_SMTPAUTHMECH setting from \$SSMTP_AUTH_METHOD" - LSMB_MAIL_SMTPAUTHMECH=$SSMTP_AUTH_METHOD - fi - LSMB_HAVE_DEPRECATED=1 -fi - -if [[ -n "$LSMB_HAVE_DEPRECATED" ]]; then - echo "!!! DEPRECATED \$SSMTP_* PARAMETERS WILL BE REMOVED in the 1.9 image!!!" -fi - -if [[ ! -f ./local/conf/ledgersmb.yaml ]]; then - cat <./local/conf/ledgersmb.yaml -paths: - \$class: Beam::Wire - config: - UI: ./UI/ - UI_cache: lsmb_templates/ -db: - \$class: LedgerSMB::Database::Factory - connect_data: - host: ${POSTGRES_HOST:-ledgersmb-do-user-66666666-0.k.db.ondigitalocean.com} - port: ${POSTGRES_PORT:-25060} -mail: - transport: - \$class: LedgerSMB::Mailer::TransportSMTP - tls: $LSMB_MAIL_SMTPTLS -miscellaneous: - \$class: Beam::Wire - config: - proxy_ip: ${PROXY_IP:-172.17.0.1/12} -ui: - class: LedgerSMB::Template::UI - method: new_UI - lifecycle: eager - args: - cache: - \$ref: paths/UI_cache - root: - \$ref: paths/UI -EOF - - if [[ -n "$LSMB_MAIL_SMTPHOST" ]] - then - if [[ "$LSMB_MAIL_SMTPHOST" == "__CONTAINER_GATEWAY__" ]] - then - LSMB_MAIL_SMTPHOST="$(ip route | awk '/default/ { print $3 }')" - export LSMB_MAIL_SMTPHOST - fi - - cat <./local/conf/ledgersmb.000.yaml -mail: - transport: - host: $LSMB_MAIL_SMTPHOST -EOF - fi - - if [[ -n "$LSMB_MAIL_SMTPPORT" ]] - then - cat <./local/conf/ledgersmb.001.yaml -mail: - transport: - port: $LSMB_MAIL_SMTPPORT -EOF - fi - - if [[ -n "$LSMB_MAIL_SMTPSENDER_HOSTNAME" ]] - then - cat <./local/conf/ledgersmb.002.yaml -mail: - transport: - helo: $LSMB_MAIL_SMTPSENDER_HOSTNAME -EOF - fi - - if [[ -n "$LSMB_MAIL_SMTPUSER" ]] - then - cat <./local/conf/ledgersmb.003.yaml -mail: - transport: - sasl_password: '' - sasl_username: - \$class: Authen::SASL - mechanism: $LSMB_MAIL_SMTPAUTHMECH - callback: - user: $LSMB_MAIL_SMTPUSER - pass: $LSMB_MAIL_SMTPPASS -EOF - fi -fi diff --git a/with-proxy/scripts/ledgersmb_config/up b/with-proxy/scripts/ledgersmb_config/up index 80cd625..b6603bc 100644 --- a/with-proxy/scripts/ledgersmb_config/up +++ b/with-proxy/scripts/ledgersmb_config/up @@ -1,2 +1,3 @@ foreground { echo "Running config..." } -/etc/s6-overlay/s6-rc.d/ledgersmb_config/config + +/usr/local/bin/config.sh diff --git a/with-proxy/services/starman/run b/with-proxy/services/starman/run index aea2bca..44218a0 100644 --- a/with-proxy/services/starman/run +++ b/with-proxy/services/starman/run @@ -1,16 +1,3 @@ #!/usr/bin/with-contenv /bin/bash -cd /srv/ledgersmb - -# start ledgersmb -# --preload-app allows application initialization to kill the entire -# starman instance (instead of just the worker, which will immediately -# get restarted) on error; it also has a positive effect on memory use - -LSMB_CONFIG_FILE=${LSMB_CONFIG_FILE:-./local/conf/ledgersmb.yaml} -export LSMB_CONFIG_FILE -echo '--------- LEDGERSMB CONFIGURATION: ledgersmb.conf' -cat ${LSMB_CONFIG_FILE} -echo '--------- LEDGERSMB CONFIGURATION --- END' - -exec starman --listen 0.0.0.0:5762 --workers ${LSMB_WORKERS:-5} -I lib -I old/lib --preload-app bin/ledgersmb-server.psgi +s6-setuidgid www-data /usr/local/bin/run.sh