From f9fa5f04c70a899a1dd4f0339e44efb43d8b527e Mon Sep 17 00:00:00 2001 From: Erik Huelsmann Date: Sat, 9 Aug 2025 14:51:12 +0200 Subject: [PATCH] Adjust for new reverse proxy setup --- README.md | 46 +------------------ base/docker-compose-reverseproxy.yml | 36 --------------- base/docker-compose.yml => docker-compose.yml | 16 ++++--- 3 files changed, 10 insertions(+), 88 deletions(-) delete mode 100644 base/docker-compose-reverseproxy.yml rename base/docker-compose.yml => docker-compose.yml (91%) diff --git a/README.md b/README.md index cfc1576..25385d6 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ do recommend not exposing this port publicly, because 2. We strongly recommend TLS encryption of all application traffic While the exposed port can be used for quick evaluation, it's recommended -to add the TLS layer by applying Nginx or Apache as reverse proxy. +to add TLS for production situations. Enabling optional functionalities such as outgoing e-mail and printing could require additional setup of a mail service or CUPS printer service. @@ -259,50 +259,6 @@ files named `ledgersmb.1XX.yaml` in the same folder. E.g.: keys](https://github.com/ledgersmb/LedgerSMB/blob/master/doc/conf/ledgersmb.yaml) is available in the LedgerSMB repository. -## Docker Compose with reverse proxy - -The `docker-compose-reverseproxy.yml` file shows a docker-compose setup -which adds an Nginx reverse proxy configuration on top of the base -`docker-compose.yml` configuration file. If the content of this repository -is cloned into the current directory (`git clone https://github.com/ledgersmb/ledgersmb-docker.git ; cd ledgersmb-docker`), it can be used as: - -```plain - $ docker-compose \ - -f docker-compose.yml \ - -f docker-compose-reverseproxy.yml \ - up -d -``` - -This setup can be used in combination with an image which runs the -Certbot certificate renewal process *and* Nginx to do TLS termination. The -default reverse proxy is mostly an example; it publishes on -[http://localhost:8080/](http://localhost:8080/). - -An example of such an image can be found at -[https://github.com/jonasalfredsson/docker-nginx-certbot](https://github.com/jonasalfredsson/docker-nginx-certbot), -which is published on Docker Hub as -[jonasal/nginx-certbot](https://hub.docker.com/r/jonasal/nginx-certbot). - -**Upgrade note** When upgrading this setup, please remove the volume ending -in `_lsmbdata` before starting the upgraded containers. Without that, the -webcontent won't be upgraded! E.g.: - -```plain - $ docker-compose \ - -f docker-compose.yml \ - -f docker-compose-reverseproxy.yml \ - rm -s -f -v && \ - docker volume rm ledgersmb-docker_lsmbdata && \ - docker-compose \ - -f docker-compose.yml \ - -f docker-compose-reverseproxy.yml \ - pull && \ - docker-compose \ - -f docker-compose.yml \ - -f docker-compose-reverseproxy.yml \ - up -d -``` - # Troubleshooting/Developing Currently the LedgerSMB installation is in /srv/ledgersmb diff --git a/base/docker-compose-reverseproxy.yml b/base/docker-compose-reverseproxy.yml deleted file mode 100644 index 5878b1a..0000000 --- a/base/docker-compose-reverseproxy.yml +++ /dev/null @@ -1,36 +0,0 @@ -# Use this docker-compose file as: -# -# docker-compose -f docker-compose.yml -f docker-compose-reverseproxy.yml up -d -# -# -# This command creates one -# compose 'project' consisting of three containers -# -# 1. The PostgreSQL data container -# 2. The LedgerSMB application container -# 3. The Nginx reverse proxy container -# -# In addition to publishing LedgerSMB on port 5762 on localhost, -# this project also publishes Nginx's reverse proxied content on -# port 8080 on localhost - -version: "3.2" -services: - proxy: - depends_on: - - lsmb - image: nginx:1-alpine - volumes: - - "lsmbdata:/srv/ledgersmb" - - "./nginx.conf:/etc/nginx/nginx.conf" - ports: - - "8080:8080" - # Comment the line below to stop the container from restarting on boot - # unless it was manually stopped - restart: unless-stopped - lsmb: - volumes: - - "lsmbdata:/srv/ledgersmb" - -volumes: - lsmbdata: diff --git a/base/docker-compose.yml b/docker-compose.yml similarity index 91% rename from base/docker-compose.yml rename to docker-compose.yml index f5929bb..171db2e 100644 --- a/base/docker-compose.yml +++ b/docker-compose.yml @@ -8,7 +8,7 @@ # so no special care needs to be taken on # container upgrades. With PostgreSQL, data is # persisted across upgrades by the use of a -# special 'dbdata' volume +# special 'pgdata' volume version: "3.2" services: @@ -31,7 +31,7 @@ services: lsmb: depends_on: - postgres - image: ghcr.io/ledgersmb/ledgersmb:1.12 + image: ghcr.io/ledgersmb/ledgersmb:1.13 # In order to store the configuration outside the image, allowing it to # be edited between container restarts, uncomment the section below and # change the 'source' to the directory where you want the configuration @@ -48,13 +48,15 @@ services: networks: - internal - default - # Comment the 'ports' section to disable mapping the LedgerSMB container port (5762) - # to the host's port of the same number. Mapping "5762:5762" makes LedgerSMB - # available on http://:5762/ + # Comment the 'ports' section to disable mapping the LedgerSMB container + # ports (80 and 5762) to host ports of the same number. The mapping below + # makes LedgerSMB available on http://localhost/ on the host. + # # SECURITY NOTE: Leave this uncommented for evaluation purposes only! - # In production, be sure to use SSL/TLS (such as by reverse proxying) to protect + # In production, be sure to use SSL/TLS (such as by reverse proxying) to protect # user's passwords and other sensitive data ports: + - "80:80" - "5762:5762" environment: # The LSMB_WORKERS environment variable lets you select the number @@ -87,7 +89,7 @@ services: # unless it was manually stopped restart: unless-stopped -# having the dbdata volume is required to persist our +# having the pgdata volume is required to persist our # data between PostgreSQL container updates; without # that, the data is contained in the same volume as # the rest of the image and on update/upgrade, the