* Automatic Dockerfile update by release process

Instead of after the configuration phase; printing it before service start supports debugging better

.github/workflows/images-cleanup.yml

@@ -0,0 +1,18 @@
+name: Docker Image cleanup
+
+on:
+  push:
+  workflow_dispatch:
+  schedule:
+    # Schedule for five minutes after the hour, every Friday
+    - cron: '10 3 * * 5'
+
+jobs:
+  cleanup:
+    if: github.repository_owner == 'ledgersmb'
+    runs-on: ubuntu-latest
+    steps:
+    - name: ghcr.io cleanup action
+      uses: dataaxiom/ghcr-cleanup-action@v1
+      with:
+        packages: ledgersmb

Dockerfile

@@ -1,142 +0,0 @@
-# Build time variables
-
-ARG SRCIMAGE=debian:bookworm-slim
-
-
-FROM  $SRCIMAGE AS builder
-
-ARG LSMB_VERSION="1.11.17"
-ARG LSMB_DL_DIR="Releases"
-ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz"
-
-
-RUN set -x ; \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y dist-upgrade && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y install dh-make-perl libmodule-cpanfile-perl git wget && \
-  apt-file update
-
-RUN set -x ; \
-  wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "$ARTIFACT_LOCATION" && \
-  tar -xzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \
-  rm -f /tmp/ledgersmb-$LSMB_VERSION.tar.gz && \
-  cd /srv/ledgersmb && \
-  ( ( for lib in $( cpanfile-dump --with-all-features --recommends --no-configure --no-build --no-test ) ; \
-    do \
-      if dh-make-perl locate "$lib" 2>/dev/null ; \
-      then  \
-        : \
-      else \
-        echo no : $lib ; \
-      fi ; \
-    done ) | grep -v dh-make-perl | grep -v 'not found' | grep -vi 'is in Perl ' | cut -d' ' -f4 | sort | uniq | tee /srv/derived-deps ) && \
-  cat /srv/derived-deps
-
-
-#
-#
-#  The real image build starts here
-#
-#
-
-
-FROM  $SRCIMAGE
-LABEL org.opencontainers.image.authors="LedgerSMB project <devel@lists.ledgersmb.org>"
-LABEL org.opencontainers.image.title="LedgerSMB double-entry accounting web-application"
-LABEL org.opencontainers.image.description="LedgerSMB is a full featured double-entry financial accounting and Enterprise\
- Resource Planning system accessed via a web browser (Perl/JS with a PostgreSQL\
- backend) which offers 'Accounts Receivable', 'Accounts Payable' and 'General\
- Ledger' tracking as well as inventory control and fixed assets handling. The\
- LedgerSMB client can be a web browser or a programmed API call. The goal of\
- the LedgerSMB project is to bring high quality ERP and accounting capabilities\
- to Small and Midsize Businesses."
-
-ARG LSMB_VERSION="1.11.17"
-ARG LSMB_DL_DIR="Releases"
-ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz"
-
-
-# Install Perl, Tex, Starman, psql client, and all dependencies
-# Without libclass-c3-xs-perl, performance is terribly slow...
-
-# Installing psql client directly from instructions at https://wiki.postgresql.org/wiki/Apt
-# That mitigates issues where the PG instance is running a newer version than this container
-
-
-COPY --from=builder /srv/derived-deps /tmp/derived-deps
-
-RUN set -x ; \
-  echo -n "APT::Install-Recommends \"0\";\nAPT::Install-Suggests \"0\";\n" >> /etc/apt/apt.conf && \
-  mkdir -p /usr/share/man/man1/ && \
-  mkdir -p /usr/share/man/man2/ && \
-  mkdir -p /usr/share/man/man3/ && \
-  mkdir -p /usr/share/man/man4/ && \
-  mkdir -p /usr/share/man/man5/ && \
-  mkdir -p /usr/share/man/man6/ && \
-  mkdir -p /usr/share/man/man7/ && \
-  mkdir -p /usr/share/man/man8/ && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y dist-upgrade && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y install \
-    wget ca-certificates gnupg iproute2 \
-    $( cat /tmp/derived-deps ) \
-    libclass-c3-xs-perl \
-    texlive-plain-generic texlive-latex-recommended texlive-fonts-recommended \
-    texlive-xetex fonts-liberation \
-    lsb-release && \
-  echo "deb [signed-by=/etc/apt/keyrings/postgresql.asc] http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
-  wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc > /etc/apt/keyrings/postgresql.asc && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y install postgresql-client && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y install git cpanminus make gcc libperl-dev && \
-  wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "$ARTIFACT_LOCATION" && \
-  tar -xzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \
-  rm -f /tmp/ledgersmb-$LSMB_VERSION.tar.gz && \
-  cpanm --metacpan --notest \
-    --with-feature=starman \
-    --with-feature=latex-pdf-ps \
-    --with-feature=openoffice \
-    --installdeps /srv/ledgersmb/ && \
-  DEBIAN_FRONTEND="noninteractive" apt-get purge -q -y git cpanminus make gcc libperl-dev && \
-  DEBIAN_FRONTEND="noninteractive" apt-get autoremove -q -y && \
-  DEBIAN_FRONTEND="noninteractive" apt-get clean -q && \
-  rm -rf ~/.cpanm/ /var/lib/apt/lists/* /usr/share/man/*
-
-
-WORKDIR /srv/ledgersmb
-
-# master requirements
-
-# Configure outgoing mail to use host, other run time variable defaults
-
-## MAIL
-# '__CONTAINER_GATEWAY__' is a magic value which will be substituted
-# with the actual gateway IP address
-ENV LSMB_MAIL_SMTPHOST __CONTAINER_GATEWAY__
-#ENV LSMB_MAIL_SMTPPORT 25
-#ENV LSMB_MAIL_SMTPSENDER_HOSTNAME (container hostname)
-#ENV LSMB_MAIL_SMTPTLS
-#ENV LSMB_MAIL_SMTPUSER
-#ENV LSMB_MAIL_SMTPPASS
-#ENV LSMB_MAIL_SMTPAUTHMECH
-
-## DATABASE
-ENV POSTGRES_HOST postgres
-ENV POSTGRES_PORT 5432
-ENV DEFAULT_DB lsmb
-
-COPY start.sh /usr/local/bin/start.sh
-
-RUN chmod +x /usr/local/bin/start.sh && \
-  mkdir -p /var/www && \
-  mkdir -p /srv/ledgersmb/local/conf && \
-  chown -R www-data /srv/ledgersmb/local
-
-# Work around an aufs bug related to directory permissions:
-RUN mkdir -p /tmp && chmod 1777 /tmp
-
-# Internal Port Expose
-EXPOSE 5762
-
-USER www-data
-CMD ["start.sh"]

README.md

@@ -16,8 +16,10 @@ Dockerfile for LedgerSMB Docker image
 
 # Supported tags
 
-- `1.11`, `1.11.x`, `latest` - Latest official release from the 1.11 branch
-- `1.10`, `1.10.x` - Latest official release from the 1.10 branch
+- `1.13`, `1.13.x`, `latest` - Latest official release from the 1.13 branch
+- `1.12`, `1.12.x` - Latest official release from the 1.12 branch
+- `1.11`, `1.11.x` - Latest official release from the 1.11 branch
+- `1.10`, `1.10.38` - Last official release from the 1.10 branch (End-of-Life)
 - `1.9`, `1.9.30` - Last official release from the 1.9 branch (End-of-Life)
 - `1.8`, `1.8.31` - Last official release from the 1.8 branch (End-of-Life)
 - `1.7`, `1.7.41` - Last official release from the 1.7 branch (End-of-Life)
@@ -52,11 +54,13 @@ do recommend not exposing this port publicly, because
 2. We strongly recommend TLS encryption of all application traffic
 
 While the exposed port can be used for quick evaluation, it's recommended
-to add the TLS layer by applying Nginx or Apache as reverse proxy.
+to add TLS for production situations.
 
 Enabling optional functionalities such as outgoing e-mail and printing
 could require additional setup of a mail service or CUPS printer service.
 
+❌ Do not use unofficial or AI-generated Docker Compose examples. These are often incomplete, break silently, or skip required services.
+
 # How to use this image
 
 This image can be installed either automatically with the Docker compose file
@@ -256,50 +260,6 @@ files named `ledgersmb.1XX.yaml` in the same folder. E.g.:
 keys](https://github.com/ledgersmb/LedgerSMB/blob/master/doc/conf/ledgersmb.yaml)
 is available in the LedgerSMB repository.
 
-## Docker Compose with reverse proxy
-
-The `docker-compose-reverseproxy.yml` file shows a docker-compose setup
-which adds an Nginx reverse proxy configuration on top of the base
-`docker-compose.yml` configuration file. If the content of this repository
-is cloned into the current directory (`git clone https://github.com/ledgersmb/ledgersmb-docker.git ; cd ledgersmb-docker`), it can be used as:
-
-```plain
- $ docker-compose \
-    -f docker-compose.yml \
-    -f docker-compose-reverseproxy.yml \
-       up -d
-```
-
-This setup can be used in combination with an image which runs the
-Certbot certificate renewal process *and* Nginx to do TLS termination. The
-default reverse proxy is mostly an example; it publishes on
-[http://localhost:8080/](http://localhost:8080/).
-
-An example of such an image can be found at
-[https://github.com/jonasalfredsson/docker-nginx-certbot](https://github.com/jonasalfredsson/docker-nginx-certbot),
-which is published on Docker Hub as
-[jonasal/nginx-certbot](https://hub.docker.com/r/jonasal/nginx-certbot).
-
-**Upgrade note** When upgrading this setup, please remove the volume ending
-in `_lsmbdata` before starting the upgraded containers. Without that, the
-webcontent won't be upgraded! E.g.:
-
-```plain
-  $ docker-compose \
-      -f docker-compose.yml \
-      -f docker-compose-reverseproxy.yml \
-        rm -s -f -v && \
-    docker volume rm ledgersmb-docker_lsmbdata && \
-    docker-compose \
-      -f docker-compose.yml \
-      -f docker-compose-reverseproxy.yml \
-        pull && \
-    docker-compose \
-      -f docker-compose.yml \
-      -f docker-compose-reverseproxy.yml \
-        up -d
-```
-
 # Troubleshooting/Developing
 
 Currently the LedgerSMB installation is in /srv/ledgersmb

base/Dockerfile

@@ -0,0 +1,83 @@
+# Build time variables
+
+ARG SRCIMAGE=debian:trixie-slim
+
+FROM  $SRCIMAGE
+LABEL org.opencontainers.image.authors="LedgerSMB project <devel@lists.ledgersmb.org>"
+LABEL org.opencontainers.image.title="LedgerSMB double-entry accounting web-application"
+LABEL org.opencontainers.image.description="LedgerSMB is a full featured double-entry financial accounting and Enterprise\
+ Resource Planning system accessed via a web browser (Perl/JS with a PostgreSQL\
+ backend) which offers 'Accounts Receivable', 'Accounts Payable' and 'General\
+ Ledger' tracking as well as inventory control and fixed assets handling. The\
+ LedgerSMB client can be a web browser or a programmed API call. The goal of\
+ the LedgerSMB project is to bring high quality ERP and accounting capabilities\
+ to Small and Midsize Businesses."
+
+ARG LSMB_VERSION="1.13.0"
+ARG ARTIFACT_PATH="https://download.ledgersmb.org/f/Releases/$LSMB_VERSION/"
+
+
+# ARTIFACT_PATH is used to work around pre-1.13 Dockerfiles requiring
+# the ARTIFACT_LOCATION to point to the artifact, not to its path
+RUN set -x ; \
+  echo -n "APT::Install-Recommends \"0\";\nAPT::Install-Suggests \"0\";\n" >> /etc/apt/apt.conf && \
+  mkdir -p /usr/share/man/man1/ && \
+  mkdir -p /usr/share/man/man2/ && \
+  mkdir -p /usr/share/man/man3/ && \
+  mkdir -p /usr/share/man/man4/ && \
+  mkdir -p /usr/share/man/man5/ && \
+  mkdir -p /usr/share/man/man6/ && \
+  mkdir -p /usr/share/man/man7/ && \
+  mkdir -p /usr/share/man/man8/ && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -q -y dist-upgrade && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -q -y install \
+    wget curl ca-certificates libio-socket-ssl-perl postgresql-common && \
+  /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -q -y install postgresql-client && \
+  cd /srv && \
+  curl -s -o ledgersmb-installer -L https://get.ledgersmb.org/ledgersmb-installer && \
+  ARTIFACT_LOCATION="$ARTIFACT_PATH" perl ledgersmb-installer install --yes --log-level=trace $LSMB_VERSION && \
+  mv /srv/ledgersmb/server-start /usr/local/bin/run.sh && \
+  rm -rf ~/.cpanm/ /var/lib/apt/lists/* /usr/share/man/*
+
+WORKDIR /srv/ledgersmb
+
+
+# master requirements
+
+# Configure outgoing mail to use host, other run time variable defaults
+
+## MAIL
+# '__CONTAINER_GATEWAY__' is a magic value which will be substituted
+# with the actual gateway IP address
+ENV LSMB_MAIL_SMTPHOST=__CONTAINER_GATEWAY__
+#ENV LSMB_MAIL_SMTPPORT=25
+#ENV LSMB_MAIL_SMTPSENDER_HOSTNAME=(container hostname)
+#ENV LSMB_MAIL_SMTPTLS=
+#ENV LSMB_MAIL_SMTPUSER=
+#ENV LSMB_MAIL_SMTPPASS=
+#ENV LSMB_MAIL_SMTPAUTHMECH=
+
+## DATABASE
+ENV POSTGRES_HOST=postgres
+ENV POSTGRES_PORT=5432
+ENV DEFAULT_DB=lsmb
+
+COPY start.sh /usr/local/bin/start.sh
+COPY config.sh /usr/local/bin/config.sh
+
+RUN chmod +x /usr/local/bin/start.sh /usr/local/bin/config.sh /usr/local/bin/run.sh && \
+  mkdir -p /var/www && \
+  mkdir -p /srv/ledgersmb/local/conf && \
+  chown -R www-data /srv/ledgersmb/local
+
+# Work around an aufs bug related to directory permissions:
+RUN mkdir -p /tmp && chmod 1777 /tmp
+
+# Internal Port Expose
+EXPOSE 5762
+
+USER www-data
+CMD ["start.sh"]

base/config.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+set -e
+
 cd /srv/ledgersmb
 [[ -d ./local/conf/ ]] || mkdir ./local/conf/
 if [[ -n "$SSMTP_ROOT" ]]; then
@@ -33,7 +35,7 @@ fi
 if [[ -n "$SSMTP_USE_STARTTLS" ]]; then
     echo "\$SSMTP_USE_STARTTLS set; parameter is deprecated"
     if [[ -z "$LSMB_MAIL_SMTPTLS" ]]; then
-        echo "  Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_USE_STARTTLS"
+        echo "  Deriving \$LSMB_MAIL_SMTPTLS setting from \$SSMTP_USE_STARTTLS"
         LSMB_MAIL_SMTPTLS=$SSMTP_USE_STARTTLS
     fi
     LSMB_HAVE_DEPRECATED=1
@@ -68,6 +70,13 @@ if [[ -n "$LSMB_HAVE_DEPRECATED" ]]; then
 fi
 
 if [[ ! -f ./local/conf/ledgersmb.yaml ]]; then
+  if [[ "x$LSMB_MAIL_SMTPTLS" == "xyes" ]]; then
+     tls_mode=starttls
+  elif [[ "x$LSMB_MAIL_SMTPTLS" == "xraw" ]]; then
+     tls_mode=ssl
+  else
+     tls_mode=none
+  fi
   cat <<EOF >./local/conf/ledgersmb.yaml
 paths:
   \$class: Beam::Wire
@@ -83,8 +92,8 @@ db:
 
 mail:
   transport:
-    \$class: LedgerSMB::Mailer::TransportSMTP
-    tls: $LSMB_MAIL_SMTPTLS
+    \$class: Email::Sender::Transport::SMTP
+    ssl: $tls_mode
 
 miscellaneous:
   \$class: Beam::Wire
@@ -140,8 +149,7 @@ EOF
       cat <<EOF >./local/conf/ledgersmb.003.yaml
 mail:
   transport:
-    sasl_password: ''
-    sasl_username:
+    sasl_authenticator:
       \$class: Authen::SASL
       mechanism: $LSMB_MAIL_SMTPAUTHMECH
       callback:
@@ -151,19 +159,4 @@ EOF
   fi
 fi
 
-# start ledgersmb
-# --preload-app allows application initialization to kill the entire
-# starman instance (instead of just the worker, which will immediately
-# get restarted) on error; it also has a positive effect on memory use
-
-LSMB_CONFIG_FILE=${LSMB_CONFIG_FILE:-./local/conf/ledgersmb.yaml}
-export LSMB_CONFIG_FILE
-echo '--------- LEDGERSMB CONFIGURATION:  ledgersmb.conf'
-cat ${LSMB_CONFIG_FILE}
-echo '--------- LEDGERSMB CONFIGURATION --- END'
-
-# ':5762:' suppresses an uninitialized variable warning in starman
-# the last colon means "don't connect using tls"; without it, there's a warning
-exec starman --listen 0.0.0.0:5762 --workers ${LSMB_WORKERS:-5} \
-             -I lib -I old/lib \
-             --preload-app bin/ledgersmb-server.psgi
+exit 0

base/start.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+home_dir="$(dirname $(readlink -f $BASH_SOURCE))"
+"$home_dir/config.sh" || { echo "Failed configuration" ; exit 1 }
+
+LSMB_CONFIG_FILE="${LSMB_CONFIG_FILE:-/srv/ledgersmb/local/conf/ledgersmb.yaml}"
+export LSMB_CONFIG_FILE
+echo "--------- LEDGERSMB CONFIGURATION:  $LSMB_CONFIG_FILE"
+cat "${LSMB_CONFIG_FILE}"
+echo '--------- LEDGERSMB CONFIGURATION --- END'
+
+exec "$home_dir/run.sh"

build

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+${DOCKER:-docker} buildx build \
+   --progress plain \
+   --platform ${PLATFORM:-linux/amd64,linux/arm64,linux/arm/v7} \
+   --build-arg "ARTIFACT_PATH=$ARTIFACT_PATH" \
+   -t ledgersmb/ledgersmb:$BRANCH-base \
+   -t ledgersmb/ledgersmb:$VERSION-base \
+   -t ghcr.io/ledgersmb/ledgersmb:$BRANCH-base \
+   -t ghcr.io/ledgersmb/ledgersmb:$VERSION-base \
+   ${SET_LATEST_TAG:+ -t ledgersmb/ledgersmb:latest-base -t ghcr.io/ledgersmb/ledgersmb:latest-base} \
+   --push base/
+
+${DOCKER:-docker} buildx build \
+   --progress plain \
+   --platform ${PLATFORM:-linux/amd64,linux/arm64,linux/arm/v7} \
+   -t ledgersmb/ledgersmb:$BRANCH \
+   -t ledgersmb/ledgersmb:$VERSION \
+   -t ghcr.io/ledgersmb/ledgersmb:$BRANCH \
+   -t ghcr.io/ledgersmb/ledgersmb:$VERSION \
+   ${SET_LATEST_TAG:+ -t ledgersmb/ledgersmb:latest -t ghcr.io/ledgersmb/ledgersmb:latest} \
+   --push proxy/

docker-compose-reverseproxy.yml

@@ -1,36 +0,0 @@
-# Use this docker-compose file as:
-#
-#  docker-compose -f docker-compose.yml -f docker-compose-reverseproxy.yml up -d
-#
-#
-# This command creates one
-# compose 'project' consisting of three containers
-#
-#  1. The PostgreSQL data  container
-#  2. The LedgerSMB application container
-#  3. The Nginx reverse proxy container
-#
-# In addition to publishing LedgerSMB on port 5762 on localhost,
-# this project also publishes Nginx's reverse proxied content on
-# port 8080 on localhost
-
-version: "3.2"
-services:
-  proxy:
-    depends_on:
-      - lsmb
-    image: nginx:1-alpine
-    volumes:
-      - "lsmbdata:/srv/ledgersmb"
-      - "./nginx.conf:/etc/nginx/nginx.conf"
-    ports:
-      - "8080:8080"
-    # Comment the line below to stop the container from restarting on boot
-    # unless it was manually stopped
-    restart: unless-stopped
-  lsmb:
-    volumes:
-      - "lsmbdata:/srv/ledgersmb"
-
-volumes:
-  lsmbdata:

docker-compose.yml

@@ -8,7 +8,7 @@
 # so no special care needs to be taken on
 # container upgrades.  With PostgreSQL, data is
 # persisted across upgrades by the use of a
-# special 'dbdata' volume
+# special 'pgdata' volume
 
 version: "3.2"
 services:
@@ -31,7 +31,7 @@ services:
   lsmb:
     depends_on:
       - postgres
-    image: ghcr.io/ledgersmb/ledgersmb:1.11
+    image: ghcr.io/ledgersmb/ledgersmb:1.13
       # In order to store the configuration outside the image, allowing it to
       # be edited between container restarts, uncomment the section below and
       # change the 'source' to the directory where you want the configuration
@@ -48,13 +48,15 @@ services:
     networks:
       - internal
       - default
-    # Comment the 'ports' section to disable mapping the LedgerSMB container port (5762)
-    #  to the host's port of the same number. Mapping "5762:5762" makes LedgerSMB
-    #  available on http://<host-dns-or-ip>:5762/
+    # Comment the 'ports' section to disable mapping the LedgerSMB container
+    # ports (80 and 5762) to host ports of the same number. The mapping below
+    # makes LedgerSMB available on http://localhost/ on the host.
+    #
     #     SECURITY NOTE:  Leave this uncommented for evaluation purposes only!
-    #       In production, be sure to use SSL/TLS (such as by reverse proxying) to protect 
+    #       In production, be sure to use SSL/TLS (such as by reverse proxying) to protect
     #       user's passwords and other sensitive data
     ports:
+      - "80:80"
       - "5762:5762"
     environment:
       # The LSMB_WORKERS environment variable lets you select the number
@@ -87,7 +89,7 @@ services:
     # unless it was manually stopped
     restart: unless-stopped
 
-# having the dbdata volume is required to persist our
+# having the pgdata volume is required to persist our
 # data between PostgreSQL container updates; without
 # that, the data is contained in the same volume as
 # the rest of the image and on update/upgrade, the

proxy/Dockerfile

@@ -0,0 +1,47 @@
+# Install LedgerSMB version
+ARG LSMB_VERSION="1.13.0"
+# Install s6-overlay
+ARG S6_OVERLAY_VERSION=3.2.0.2
+
+FROM ledgersmb/ledgersmb:$LSMB_VERSION-base
+
+# Repeat args if we still want to use them
+ARG LSMB_VERSION
+ARG S6_OVERLAY_VERSION
+
+# Install nginx and other dependencies
+USER root
+RUN set -x && \
+    DEBIAN_FRONTEND=noninteractive apt-get update -y && \
+    DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends nginx wget xz-utils && \
+    mkdir -p /var/lib/nginx/body /var/cache/nginx && \
+    DEBIAN_FRONTEND=noninteractive apt-get autoremove -q -y && \
+    DEBIAN_FRONTEND=noninteractive apt-get clean -q && \
+    ARCH="$(case "$(dpkg --print-architecture)" in armv7*|armhf) echo "armhf" ;; arm64) echo "aarch64" ;; amd64) echo "x86_64" ;; *) exit 1 ;; esac)" && \
+    wget -O /tmp/s6-overlay-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz && \
+    wget -O /tmp/s6-overlay-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz.sha256 && \
+    wget -O /tmp/s6-overlay-${ARCH}.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz && \
+    wget -O /tmp/s6-overlay-${ARCH}.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz.sha256 && \
+    wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz && \
+    wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz.sha256 && \
+    cd /tmp && \
+    sha256sum -c *.sha256 && \
+    tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && \
+    tar -C / -Jxpf /tmp/s6-overlay-${ARCH}.tar.xz && \ 
+    tar -C / -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz && \
+    rm -rf ~/.cpanm/ /var/lib/apt/lists/* /usr/share/man/* /usr/share/doc/* /tmp/s6-overlay-*.tar.xz*
+
+COPY nginx.conf /etc/nginx/nginx.conf
+
+# Configure nginx and starman with s6
+COPY services/starman/run /etc/services.d/starman/run
+COPY services/nginx/run /etc/services.d/nginx/run
+COPY scripts/ledgersmb_config /etc/s6-overlay/s6-rc.d/ledgersmb_config
+
+RUN chmod +x /etc/services.d/starman/run /etc/services.d/nginx/run /etc/s6-overlay/s6-rc.d/ledgersmb_config/up && \
+    touch /etc/s6-overlay/s6-rc.d/user/contents.d/ledgersmb_config
+
+EXPOSE 80
+
+ENTRYPOINT ["/init"]

proxy/nginx.conf

@@ -0,0 +1,76 @@
+# This is a full (minimal) nginx configuration file
+
+error_log /dev/stderr info;
+pid /tmp/nginx.pid;
+worker_processes 1;
+user www-data;
+
+
+events {
+   worker_connections 1024;
+}
+
+http {
+   client_body_temp_path /tmp/client_body;
+   proxy_temp_path /tmp/proxy_temp;
+   fastcgi_temp_path /tmp/fastcgi_temp;
+   scgi_temp_path /tmp/scgi_temp;
+   uwsgi_temp_path /tmp/uwsgi_temp;
+
+   sendfile on;
+   tcp_nopush on;
+   tcp_nodelay on;
+   keepalive_timeout 65;
+   types_hash_max_size 2048;
+   include /etc/nginx/mime.types;
+   default_type application/octet-stream;
+
+   access_log /dev/stdout;
+   error_log /dev/stderr info;
+
+   gzip off;
+   gzip_static on;
+
+   server {
+      listen 80 default_server;
+      listen [::]:80 default_server ipv6only=on;
+
+      root /srv/ledgersmb/UI;
+
+      access_log /dev/stdout;
+      error_log /dev/stderr info;
+
+      # Configuration files don't exist
+      location ^~ \.conf$ {
+         return 404;
+      }
+
+      # 'Hidden' files don't exist
+      location ~ /\. {
+         return 404;
+      }
+
+      location = / {
+         return 301 login.pl;
+      }
+
+      location / {
+         try_files $uri @strippedprefix @starman;
+      }
+
+      location @strippedprefix {
+         rewrite ^/([a-z0-9A-Z]+)/(.*) /$2 break;
+      }
+
+      location @starman {
+         proxy_pass              http://127.0.0.1:5762;
+         proxy_read_timeout      300;
+         proxy_set_header        Host $host;
+         proxy_set_header        X-Real-IP $remote_addr;
+         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header        X-Forwarded-Host $host;
+         proxy_set_header        X-Forwarded-Server $host;
+         proxy_set_header        X-Forwarded-Proto $scheme;
+      }
+   }
+}

proxy/scripts/ledgersmb_config/type

@@ -0,0 +1 @@
+oneshot

proxy/scripts/ledgersmb_config/up

@@ -0,0 +1,4 @@
+foreground { echo "Running config..." }
+
+with-contenv
+/usr/local/bin/config.sh

proxy/services/nginx/run

@@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv /bin/bash
+
+exec nginx -g "daemon off;"

proxy/services/starman/run

@@ -0,0 +1,10 @@
+#!/usr/bin/with-contenv /bin/bash
+
+
+LSMB_CONFIG_FILE="${LSMB_CONFIG_FILE:-/srv/ledgersmb/local/conf/ledgersmb.yaml}"
+export LSMB_CONFIG_FILE
+echo "--------- LEDGERSMB CONFIGURATION:  $LSMB_CONFIG_FILE"
+cat "${LSMB_CONFIG_FILE}"
+echo '--------- LEDGERSMB CONFIGURATION --- END'
+
+s6-setuidgid www-data /usr/local/bin/run.sh