Adjust for new reverse proxy setup

2025-08-20 07:37:24 -04:00 · 2025-08-09 14:51:12 +02:00 · 2025-08-09 14:51:12 +02:00 · f9fa5f04c7
commit f9fa5f04c7
parent 62e773da73
3 changed files with 10 additions and 88 deletions
--- a/README.md
+++ b/README.md
@ -53,7 +53,7 @@ do recommend not exposing this port publicly, because
 2. We strongly recommend TLS encryption of all application traffic

 While the exposed port can be used for quick evaluation, it's recommended
-to add the TLS layer by applying Nginx or Apache as reverse proxy.
+to add TLS for production situations.

 Enabling optional functionalities such as outgoing e-mail and printing
 could require additional setup of a mail service or CUPS printer service.
@ -259,50 +259,6 @@ files named `ledgersmb.1XX.yaml` in the same folder. E.g.:
 keys](https://github.com/ledgersmb/LedgerSMB/blob/master/doc/conf/ledgersmb.yaml)
 is available in the LedgerSMB repository.

-## Docker Compose with reverse proxy
-
-The `docker-compose-reverseproxy.yml` file shows a docker-compose setup
-which adds an Nginx reverse proxy configuration on top of the base
-`docker-compose.yml` configuration file. If the content of this repository
-is cloned into the current directory (`git clone https://github.com/ledgersmb/ledgersmb-docker.git ; cd ledgersmb-docker`), it can be used as:
-
-```plain
- $ docker-compose \
-    -f docker-compose.yml \
-    -f docker-compose-reverseproxy.yml \
-       up -d
-```
-
-This setup can be used in combination with an image which runs the
-Certbot certificate renewal process *and* Nginx to do TLS termination. The
-default reverse proxy is mostly an example; it publishes on
-[http://localhost:8080/](http://localhost:8080/).
-
-An example of such an image can be found at
-[https://github.com/jonasalfredsson/docker-nginx-certbot](https://github.com/jonasalfredsson/docker-nginx-certbot),
-which is published on Docker Hub as
-[jonasal/nginx-certbot](https://hub.docker.com/r/jonasal/nginx-certbot).
-
-**Upgrade note** When upgrading this setup, please remove the volume ending
-in `_lsmbdata` before starting the upgraded containers. Without that, the
-webcontent won't be upgraded! E.g.:
-
-```plain
-  $ docker-compose \
-      -f docker-compose.yml \
-      -f docker-compose-reverseproxy.yml \
-        rm -s -f -v && \
-    docker volume rm ledgersmb-docker_lsmbdata && \
-    docker-compose \
-      -f docker-compose.yml \
-      -f docker-compose-reverseproxy.yml \
-        pull && \
-    docker-compose \
-      -f docker-compose.yml \
-      -f docker-compose-reverseproxy.yml \
-        up -d
-```
-
 # Troubleshooting/Developing

 Currently the LedgerSMB installation is in /srv/ledgersmb
--- a/base/docker-compose-reverseproxy.yml
+++ b/base/docker-compose-reverseproxy.yml
@ -1,36 +0,0 @@
-# Use this docker-compose file as:
-#
-#  docker-compose -f docker-compose.yml -f docker-compose-reverseproxy.yml up -d
-#
-#
-# This command creates one
-# compose 'project' consisting of three containers
-#
-#  1. The PostgreSQL data  container
-#  2. The LedgerSMB application container
-#  3. The Nginx reverse proxy container
-#
-# In addition to publishing LedgerSMB on port 5762 on localhost,
-# this project also publishes Nginx's reverse proxied content on
-# port 8080 on localhost
-
-version: "3.2"
-services:
-  proxy:
-    depends_on:
-      - lsmb
-    image: nginx:1-alpine
-    volumes:
-      - "lsmbdata:/srv/ledgersmb"
-      - "./nginx.conf:/etc/nginx/nginx.conf"
-    ports:
-      - "8080:8080"
-    # Comment the line below to stop the container from restarting on boot
-    # unless it was manually stopped
-    restart: unless-stopped
-  lsmb:
-    volumes:
-      - "lsmbdata:/srv/ledgersmb"
-
-volumes:
-  lsmbdata:
--- a/base/docker-compose.yml
+++ b/base/docker-compose.yml
@ -8,7 +8,7 @@
 # so no special care needs to be taken on
 # container upgrades.  With PostgreSQL, data is
 # persisted across upgrades by the use of a
-# special 'dbdata' volume
+# special 'pgdata' volume

 version: "3.2"
 services:
@ -31,7 +31,7 @@ services:
  lsmb:
    depends_on:
      - postgres
-    image: ghcr.io/ledgersmb/ledgersmb:1.12
+    image: ghcr.io/ledgersmb/ledgersmb:1.13
      # In order to store the configuration outside the image, allowing it to
      # be edited between container restarts, uncomment the section below and
      # change the 'source' to the directory where you want the configuration
@ -48,13 +48,15 @@ services:
    networks:
      - internal
      - default
-    # Comment the 'ports' section to disable mapping the LedgerSMB container port (5762)
-    #  to the host's port of the same number. Mapping "5762:5762" makes LedgerSMB
-    #  available on http://<host-dns-or-ip>:5762/
+    # Comment the 'ports' section to disable mapping the LedgerSMB container
+    # ports (80 and 5762) to host ports of the same number. The mapping below
+    # makes LedgerSMB available on http://localhost/ on the host.
+    #
    #     SECURITY NOTE:  Leave this uncommented for evaluation purposes only!
-    #       In production, be sure to use SSL/TLS (such as by reverse proxying) to protect 
+    #       In production, be sure to use SSL/TLS (such as by reverse proxying) to protect
    #       user's passwords and other sensitive data
    ports:
+      - "80:80"
      - "5762:5762"
    environment:
      # The LSMB_WORKERS environment variable lets you select the number
@ -87,7 +89,7 @@ services:
    # unless it was manually stopped
    restart: unless-stopped

-# having the dbdata volume is required to persist our
+# having the pgdata volume is required to persist our
 # data between PostgreSQL container updates; without
 # that, the data is contained in the same volume as
 # the rest of the image and on update/upgrade, the