Merge 81268162ee into 1cd90e0e57

with-proxy/Dockerfile

@@ -0,0 +1,54 @@
+FROM ledgersmb/ledgersmb:1.11.18
+USER root
+
+# Remove inherited start.sh
+RUN rm -rf /usr/local/bin/start.sh
+
+# Install nginx and other dependencies
+RUN set -x && \
+    apt-get update -y && \
+    apt-get dist-upgrade -y && \
+    apt-get install -y --no-install-recommends \
+    nginx wget xz-utils
+
+RUN set -x && \
+    mkdir -p /var/lib/nginx/body /var/cache/nginx && \
+    chown -R www-data:www-data /var/lib/nginx /var/cache/nginx
+
+COPY nginx.conf /etc/nginx/nginx.conf
+
+# Install s6-overlay
+ARG S6_OVERLAY_VERSION=3.2.0.2
+
+RUN set -ex && \
+  ARCH="x86_64" && \
+  wget -O /tmp/s6-overlay-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz && \
+  wget -O /tmp/s6-overlay-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz.sha256 && \
+  wget -O /tmp/s6-overlay-${ARCH}.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz && \
+  wget -O /tmp/s6-overlay-${ARCH}.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz.sha256 && \
+  wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz && \
+  wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz.sha256 && \
+  cd /tmp && \
+  sha256sum -c *.sha256 && \
+  tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && \
+  tar -C / -Jxpf /tmp/s6-overlay-${ARCH}.tar.xz && \ 
+  tar -C / -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz
+
+# Configure nginx and starman with s6
+COPY services/starman/run /etc/services.d/starman/run
+RUN chmod +x /etc/services.d/starman/run && chown www-data:www-data /etc/services.d/starman/run
+
+COPY services/nginx/run /etc/services.d/nginx/run
+RUN chmod +x /etc/services.d/nginx/run && chown www-data:www-data /etc/services.d/nginx/run
+
+COPY scripts/ledgersmb_config /etc/s6-overlay/s6-rc.d/ledgersmb_config
+RUN touch /etc/s6-overlay/s6-rc.d/user/contents.d/ledgersmb_config
+RUN chmod +x /etc/s6-overlay/s6-rc.d/ledgersmb_config/up \
+    /etc/s6-overlay/s6-rc.d/ledgersmb_config/config && \
+    chown -R www-data:www-data /etc/s6-overlay/s6-rc.d/ \
+    /etc/services.d /run
+
+EXPOSE 80
+
+USER www-data
+ENTRYPOINT ["/init"]

with-proxy/nginx.conf

@@ -0,0 +1,81 @@
+# This is a full (minimal) nginx configuration file
+
+error_log /dev/stderr info;
+pid /tmp/nginx.pid;
+worker_processes 1;
+
+events {
+   worker_connections 1024;
+}
+
+http {
+   client_body_temp_path /tmp/client_body;
+   proxy_temp_path /tmp/proxy_temp;
+   fastcgi_temp_path /tmp/fastcgi_temp;
+   scgi_temp_path /tmp/scgi_temp;
+   uwsgi_temp_path /tmp/uwsgi_temp;
+
+   sendfile on;
+   tcp_nopush on;
+   tcp_nodelay on;
+   keepalive_timeout 65;
+   types_hash_max_size 2048;
+   include /etc/nginx/mime.types;
+   default_type application/octet-stream;
+
+   access_log /dev/stdout;
+   error_log /dev/stderr info;
+
+   gzip off;
+   gzip_static on;
+
+   server {
+      listen 80 default_server;
+      listen [::]:80 default_server ipv6only=on;
+
+      root /srv/ledgersmb/UI;
+
+      access_log /dev/stdout;
+      error_log /dev/stderr info;
+
+      # Don't log status polls
+      location /nginx_status {
+               stub_status on;
+               access_log off;
+               allow 127.0.0.1;
+               allow ::1;
+               deny all;
+      }
+
+      # Configuration files don't exist
+      location ^~ \.conf$ {
+         return 404;
+      }
+
+      # 'Hidden' files don't exist
+      location ~ /\. {
+         return 404;
+      }
+
+      location = / {
+         return 301 /login.pl;
+      }
+
+      # JS & CSS
+      location ~* \.(js|css)$ {
+         add_header Pragma "public";
+         add_header Cache-Control "public, must-revalidate, proxy-revalidate"; # Production
+         expires     7d; # Indicate that the resource can be cached for 1 week # Production
+         try_files $uri =404;
+      }
+
+      location / {
+         proxy_set_header        Host $host;
+         proxy_set_header        X-Real-IP $remote_addr;
+         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header        X-Forwarded-Proto $scheme;
+         proxy_read_timeout      300;
+         proxy_pass              http://127.0.0.1:5762;
+      }
+   }
+}

with-proxy/scripts/ledgersmb_config/config

@@ -0,0 +1,148 @@
+#!/usr/bin/with-contenv /bin/bash
+
+cd /srv/ledgersmb
+[[ -d ./local/conf/ ]] || mkdir ./local/conf/
+if [[ -n "$SSMTP_ROOT" ]]; then
+    echo "\$SSMTP_ROOT set; parameter is deprecated and will be ignored"
+    LSMB_HAVE_DEPRECATED=1
+fi
+if [[ -n "$SSMTP_FROMLINE_OVERRIDE" ]]; then
+    echo "\$SSMTP_FROMLINE_OVERRIDE set; parameter is deprecated and will be ignored"
+    LSMB_HAVE_DEPRECATED=1
+fi
+if [[ -n "$SSMTP_MAILHUB" ]]; then
+    echo "\$SSMTP_MAILHUB set; parameter is deprecated"
+    if [[ -z "$LSMB_MAIL_SMTPHOST" ]]; then
+        echo "  Deriving \$LSMB_MAIL_SMTPHOST setting from \$SSMTP_MAILHUB"
+        LSMB_MAIL_SMTPHOST=${SSMTP_MAILHUB%:*}
+    fi
+    if [[ -z "$LSMB_MAIL_SMTPPORT" ]]; then
+        echo "  Deriving \$LSMB_MAIL_SMTPPORT setting from \$SSMTP_MAILHUB"
+        LSMB_MAIL_SMTPPORT=${SSMTP_MAILHUB#*:}
+    fi
+    LSMB_HAVE_DEPRECATED=1
+fi
+if [[ -n "$SSMTP_HOSTNAME" ]]; then
+    echo "\$SSMTP_HOSTNAME set; parameter is deprecated"
+    if [[ -z "$LSMB_MAIL_SMTPSENDER_HOSTNAME" ]]; then
+        echo "  Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_HOSTNAME"
+        LSMB_MAIL_SMTPSENDER_HOSTNAME=$SSMTP_HOSTNAME
+    fi
+    LSMB_HAVE_DEPRECATED=1
+fi
+if [[ -n "$SSMTP_USE_STARTTLS" ]]; then
+    echo "\$SSMTP_USE_STARTTLS set; parameter is deprecated"
+    if [[ -z "$LSMB_MAIL_SMTPTLS" ]]; then
+        echo "  Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_USE_STARTTLS"
+        LSMB_MAIL_SMTPTLS=$SSMTP_USE_STARTTLS
+    fi
+    LSMB_HAVE_DEPRECATED=1
+fi
+if [[ -n "$SSMTP_AUTH_USER" ]]; then
+    echo "\$SSMTP_AUTH_USER set; parameter is deprecated"
+    if [[ -z "$LSMB_MAIL_SMTPUSER" ]]; then
+        echo "  Deriving \$LSMB_MAIL_SMTPUSER setting from \$SSMTP_AUTH_USER"
+        LSMB_MAIL_SMTPUSER=$SSMTP_AUTH_USER
+    fi
+    LSMB_HAVE_DEPRECATED=1
+fi
+if [[ -n "$SSMTP_AUTH_PASS" ]]; then
+    echo "\$SSMTP_AUTH_PASS set; parameter is deprecated"
+    if [[ -z "$LSMB_MAIL_SMTPPASS" ]]; then
+        echo "  Deriving \$LSMB_MAIL_SMTPPASS setting from \$SSMTP_AUTH_PASS"
+        LSMB_MAIL_SMTPPASS=$SSMTP_AUTH_PASS
+    fi
+    LSMB_HAVE_DEPRECATED=1
+fi
+if [[ -n "$SSMTP_AUTH_METHOD" ]]; then
+    echo "\$SSMTP_AUTH_METHOD set; parameter is deprecated"
+    if [[ -z "$LSMB_MAIL_SMTPAUTHMECH" ]]; then
+        echo "  Deriving \$LSMB_MAIL_SMTPAUTHMECH setting from \$SSMTP_AUTH_METHOD"
+        LSMB_MAIL_SMTPAUTHMECH=$SSMTP_AUTH_METHOD
+    fi
+    LSMB_HAVE_DEPRECATED=1
+fi
+
+if [[ -n "$LSMB_HAVE_DEPRECATED" ]]; then
+    echo "!!! DEPRECATED \$SSMTP_* PARAMETERS WILL BE REMOVED in the 1.9 image!!!"
+fi
+
+if [[ ! -f ./local/conf/ledgersmb.yaml ]]; then
+  cat <<EOF >./local/conf/ledgersmb.yaml
+paths:
+  \$class: Beam::Wire
+  config:
+    UI: ./UI/
+    UI_cache: lsmb_templates/
+db:
+  \$class: LedgerSMB::Database::Factory
+  connect_data:
+    host: ${POSTGRES_HOST:-ledgersmb-do-user-66666666-0.k.db.ondigitalocean.com}
+    port: ${POSTGRES_PORT:-25060}
+mail:
+  transport:
+    \$class: LedgerSMB::Mailer::TransportSMTP
+    tls: $LSMB_MAIL_SMTPTLS
+miscellaneous:
+  \$class: Beam::Wire
+  config:
+    proxy_ip: ${PROXY_IP:-172.17.0.1/12}
+ui:
+  class: LedgerSMB::Template::UI
+  method: new_UI
+  lifecycle: eager
+  args:
+    cache:
+      \$ref: paths/UI_cache
+    root:
+      \$ref: paths/UI
+EOF
+
+  if [[ -n "$LSMB_MAIL_SMTPHOST" ]]
+  then
+      if [[ "$LSMB_MAIL_SMTPHOST" == "__CONTAINER_GATEWAY__" ]]
+      then
+         LSMB_MAIL_SMTPHOST="$(ip route | awk '/default/ { print $3 }')"
+         export LSMB_MAIL_SMTPHOST
+      fi
+
+      cat <<EOF >./local/conf/ledgersmb.000.yaml
+mail:
+  transport:
+    host: $LSMB_MAIL_SMTPHOST
+EOF
+  fi
+
+  if [[ -n "$LSMB_MAIL_SMTPPORT" ]]
+  then
+      cat <<EOF >./local/conf/ledgersmb.001.yaml
+mail:
+  transport:
+    port: $LSMB_MAIL_SMTPPORT
+EOF
+  fi
+
+  if [[ -n "$LSMB_MAIL_SMTPSENDER_HOSTNAME" ]]
+  then
+      cat <<EOF >./local/conf/ledgersmb.002.yaml
+mail:
+  transport:
+    helo: $LSMB_MAIL_SMTPSENDER_HOSTNAME
+EOF
+  fi
+
+  if [[ -n "$LSMB_MAIL_SMTPUSER" ]]
+  then
+      cat <<EOF >./local/conf/ledgersmb.003.yaml
+mail:
+  transport:
+    sasl_password: ''
+    sasl_username:
+      \$class: Authen::SASL
+      mechanism: $LSMB_MAIL_SMTPAUTHMECH
+      callback:
+        user: $LSMB_MAIL_SMTPUSER
+        pass: $LSMB_MAIL_SMTPPASS
+EOF
+  fi
+fi

with-proxy/scripts/ledgersmb_config/type

@@ -0,0 +1 @@
+oneshot

with-proxy/scripts/ledgersmb_config/up

@@ -0,0 +1,2 @@
+foreground { echo "Running config..." }
+/etc/s6-overlay/s6-rc.d/ledgersmb_config/config

with-proxy/services/nginx/run

@@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv /bin/bash
+
+exec nginx -g "daemon off;"

with-proxy/services/starman/run

@@ -0,0 +1,16 @@
+#!/usr/bin/with-contenv /bin/bash
+
+cd /srv/ledgersmb
+
+# start ledgersmb
+# --preload-app allows application initialization to kill the entire
+# starman instance (instead of just the worker, which will immediately
+# get restarted) on error; it also has a positive effect on memory use
+
+LSMB_CONFIG_FILE=${LSMB_CONFIG_FILE:-./local/conf/ledgersmb.yaml}
+export LSMB_CONFIG_FILE
+echo '--------- LEDGERSMB CONFIGURATION:  ledgersmb.conf'
+cat ${LSMB_CONFIG_FILE}
+echo '--------- LEDGERSMB CONFIGURATION --- END'
+
+exec starman --listen 0.0.0.0:5762 --workers ${LSMB_WORKERS:-5} -I lib -I old/lib --preload-app bin/ledgersmb-server.psgi