mirror of
				https://github.com/ledgersmb/ledgersmb-docker.git
				synced 2025-10-20 11:10:30 -04:00 
			
		
		
		
	Compare commits
	
		
			1 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | 3a28ec4f27 | 
							
								
								
									
										138
									
								
								Dockerfile
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										138
									
								
								Dockerfile
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,138 @@ | ||||
| # Build time variables | ||||
|  | ||||
| ARG SRCIMAGE=debian:bookworm-slim | ||||
|  | ||||
|  | ||||
| FROM  $SRCIMAGE AS builder | ||||
|  | ||||
| ARG LSMB_VERSION="1.12.12" | ||||
| ARG LSMB_DL_DIR="Releases" | ||||
| ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz" | ||||
|  | ||||
|  | ||||
| RUN set -x ; \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y dist-upgrade && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y install dh-make-perl libmodule-cpanfile-perl git wget && \ | ||||
|   apt-file update | ||||
|  | ||||
| RUN set -x ; \ | ||||
|   wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "$ARTIFACT_LOCATION" && \ | ||||
|   tar -xzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \ | ||||
|   rm -f /tmp/ledgersmb-$LSMB_VERSION.tar.gz && \ | ||||
|   cd /srv/ledgersmb && \ | ||||
|   ( ( for lib in $( cpanfile-dump --with-all-features --recommends --no-configure --no-build --no-test ) ; \ | ||||
|     do \ | ||||
|       if dh-make-perl locate "$lib" 2>/dev/null ; \ | ||||
|       then  \ | ||||
|         : \ | ||||
|       else \ | ||||
|         echo no : $lib ; \ | ||||
|       fi ; \ | ||||
|     done ) | grep -v dh-make-perl | grep -v 'not found' | grep -vi 'is in Perl ' | cut -d' ' -f4 | sort | uniq | tee /srv/derived-deps ) && \ | ||||
|   cat /srv/derived-deps | ||||
|  | ||||
|  | ||||
| # | ||||
| # | ||||
| #  The real image build starts here | ||||
| # | ||||
| # | ||||
|  | ||||
|  | ||||
| FROM  $SRCIMAGE | ||||
| LABEL org.opencontainers.image.authors="LedgerSMB project <devel@lists.ledgersmb.org>" | ||||
| LABEL org.opencontainers.image.title="LedgerSMB double-entry accounting web-application" | ||||
| LABEL org.opencontainers.image.description="LedgerSMB is a full featured double-entry financial accounting and Enterprise\ | ||||
|  Resource Planning system accessed via a web browser (Perl/JS with a PostgreSQL\ | ||||
|  backend) which offers 'Accounts Receivable', 'Accounts Payable' and 'General\ | ||||
|  Ledger' tracking as well as inventory control and fixed assets handling. The\ | ||||
|  LedgerSMB client can be a web browser or a programmed API call. The goal of\ | ||||
|  the LedgerSMB project is to bring high quality ERP and accounting capabilities\ | ||||
|  to Small and Midsize Businesses." | ||||
|  | ||||
| ARG LSMB_VERSION="1.12.12" | ||||
| ARG LSMB_DL_DIR="Releases" | ||||
| ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz" | ||||
|  | ||||
|  | ||||
| ### PACKAGE REQUIREMENTS RATIONALE | ||||
| # | ||||
| # postgresql-client(from apt.postgresql.org): reduces chances running a newer server than this client | ||||
| # fonts-liberation: installed for compatibility with templates from 1.8 and earlier | ||||
|  | ||||
| COPY --from=builder /srv/derived-deps /tmp/derived-deps | ||||
|  | ||||
| RUN set -x ; \ | ||||
|   echo -n "APT::Install-Recommends \"0\";\nAPT::Install-Suggests \"0\";\n" >> /etc/apt/apt.conf && \ | ||||
|   mkdir -p /usr/share/man/man1/ && \ | ||||
|   mkdir -p /usr/share/man/man2/ && \ | ||||
|   mkdir -p /usr/share/man/man3/ && \ | ||||
|   mkdir -p /usr/share/man/man4/ && \ | ||||
|   mkdir -p /usr/share/man/man5/ && \ | ||||
|   mkdir -p /usr/share/man/man6/ && \ | ||||
|   mkdir -p /usr/share/man/man7/ && \ | ||||
|   mkdir -p /usr/share/man/man8/ && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y dist-upgrade && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y install \ | ||||
|     wget ca-certificates gnupg iproute2 \ | ||||
|     $( cat /tmp/derived-deps ) \ | ||||
|     texlive-plain-generic texlive-latex-recommended texlive-fonts-recommended \ | ||||
|     texlive-xetex fonts-liberation \ | ||||
|     lsb-release postgresql-common && \ | ||||
|   /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y install postgresql-client && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y install git cpanminus make gcc libperl-dev && \ | ||||
|   wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "$ARTIFACT_LOCATION" && \ | ||||
|   tar -xzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \ | ||||
|   rm -f /tmp/ledgersmb-$LSMB_VERSION.tar.gz && \ | ||||
|   cpanm --metacpan --notest \ | ||||
|     --with-feature=starman \ | ||||
|     --with-feature=latex-pdf-ps \ | ||||
|     --with-feature=openoffice \ | ||||
|     --installdeps /srv/ledgersmb/ && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get purge -q -y git cpanminus make gcc libperl-dev && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get autoremove -q -y && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get clean -q && \ | ||||
|   rm -rf ~/.cpanm/ /var/lib/apt/lists/* /usr/share/man/* | ||||
|  | ||||
|  | ||||
| WORKDIR /srv/ledgersmb | ||||
|  | ||||
| # master requirements | ||||
|  | ||||
| # Configure outgoing mail to use host, other run time variable defaults | ||||
|  | ||||
| ## MAIL | ||||
| # '__CONTAINER_GATEWAY__' is a magic value which will be substituted | ||||
| # with the actual gateway IP address | ||||
| ENV LSMB_MAIL_SMTPHOST=__CONTAINER_GATEWAY__ | ||||
| #ENV LSMB_MAIL_SMTPPORT=25 | ||||
| #ENV LSMB_MAIL_SMTPSENDER_HOSTNAME=(container hostname) | ||||
| #ENV LSMB_MAIL_SMTPTLS= | ||||
| #ENV LSMB_MAIL_SMTPUSER= | ||||
| #ENV LSMB_MAIL_SMTPPASS= | ||||
| #ENV LSMB_MAIL_SMTPAUTHMECH= | ||||
|  | ||||
| ## DATABASE | ||||
| ENV POSTGRES_HOST=postgres | ||||
| ENV POSTGRES_PORT=5432 | ||||
| ENV DEFAULT_DB=lsmb | ||||
|  | ||||
| COPY start.sh /usr/local/bin/start.sh | ||||
|  | ||||
| RUN chmod +x /usr/local/bin/start.sh && \ | ||||
|   mkdir -p /var/www && \ | ||||
|   mkdir -p /srv/ledgersmb/local/conf && \ | ||||
|   chown -R www-data /srv/ledgersmb/local | ||||
|  | ||||
| # Work around an aufs bug related to directory permissions: | ||||
| RUN mkdir -p /tmp && chmod 1777 /tmp | ||||
|  | ||||
| # Internal Port Expose | ||||
| EXPOSE 5762 | ||||
|  | ||||
| USER www-data | ||||
| CMD ["start.sh"] | ||||
							
								
								
									
										49
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										49
									
								
								README.md
									
									
									
									
									
								
							| @@ -16,8 +16,7 @@ Dockerfile for LedgerSMB Docker image | ||||
|  | ||||
| # Supported tags | ||||
|  | ||||
| - `1.13`, `1.13.x`, `latest` - Latest official release from the 1.13 branch | ||||
| - `1.12`, `1.12.x` - Latest official release from the 1.12 branch | ||||
| - `1.12`, `1.12.x`, `latest` - Latest official release from the 1.12 branch | ||||
| - `1.11`, `1.11.x` - Latest official release from the 1.11 branch | ||||
| - `1.10`, `1.10.38` - Last official release from the 1.10 branch (End-of-Life) | ||||
| - `1.9`, `1.9.30` - Last official release from the 1.9 branch (End-of-Life) | ||||
| @@ -54,7 +53,7 @@ do recommend not exposing this port publicly, because | ||||
| 2. We strongly recommend TLS encryption of all application traffic | ||||
|  | ||||
| While the exposed port can be used for quick evaluation, it's recommended | ||||
| to add TLS for production situations. | ||||
| to add the TLS layer by applying Nginx or Apache as reverse proxy. | ||||
|  | ||||
| Enabling optional functionalities such as outgoing e-mail and printing | ||||
| could require additional setup of a mail service or CUPS printer service. | ||||
| @@ -260,6 +259,50 @@ files named `ledgersmb.1XX.yaml` in the same folder. E.g.: | ||||
| keys](https://github.com/ledgersmb/LedgerSMB/blob/master/doc/conf/ledgersmb.yaml) | ||||
| is available in the LedgerSMB repository. | ||||
|  | ||||
| ## Docker Compose with reverse proxy | ||||
|  | ||||
| The `docker-compose-reverseproxy.yml` file shows a docker-compose setup | ||||
| which adds an Nginx reverse proxy configuration on top of the base | ||||
| `docker-compose.yml` configuration file. If the content of this repository | ||||
| is cloned into the current directory (`git clone https://github.com/ledgersmb/ledgersmb-docker.git ; cd ledgersmb-docker`), it can be used as: | ||||
|  | ||||
| ```plain | ||||
|  $ docker-compose \ | ||||
|     -f docker-compose.yml \ | ||||
|     -f docker-compose-reverseproxy.yml \ | ||||
|        up -d | ||||
| ``` | ||||
|  | ||||
| This setup can be used in combination with an image which runs the | ||||
| Certbot certificate renewal process *and* Nginx to do TLS termination. The | ||||
| default reverse proxy is mostly an example; it publishes on | ||||
| [http://localhost:8080/](http://localhost:8080/). | ||||
|  | ||||
| An example of such an image can be found at | ||||
| [https://github.com/jonasalfredsson/docker-nginx-certbot](https://github.com/jonasalfredsson/docker-nginx-certbot), | ||||
| which is published on Docker Hub as | ||||
| [jonasal/nginx-certbot](https://hub.docker.com/r/jonasal/nginx-certbot). | ||||
|  | ||||
| **Upgrade note** When upgrading this setup, please remove the volume ending | ||||
| in `_lsmbdata` before starting the upgraded containers. Without that, the | ||||
| webcontent won't be upgraded! E.g.: | ||||
|  | ||||
| ```plain | ||||
|   $ docker-compose \ | ||||
|       -f docker-compose.yml \ | ||||
|       -f docker-compose-reverseproxy.yml \ | ||||
|         rm -s -f -v && \ | ||||
|     docker volume rm ledgersmb-docker_lsmbdata && \ | ||||
|     docker-compose \ | ||||
|       -f docker-compose.yml \ | ||||
|       -f docker-compose-reverseproxy.yml \ | ||||
|         pull && \ | ||||
|     docker-compose \ | ||||
|       -f docker-compose.yml \ | ||||
|       -f docker-compose-reverseproxy.yml \ | ||||
|         up -d | ||||
| ``` | ||||
|  | ||||
| # Troubleshooting/Developing | ||||
|  | ||||
| Currently the LedgerSMB installation is in /srv/ledgersmb | ||||
|   | ||||
| @@ -1,83 +0,0 @@ | ||||
| # Build time variables | ||||
|  | ||||
| ARG SRCIMAGE=debian:trixie-slim | ||||
|  | ||||
| FROM  $SRCIMAGE | ||||
| LABEL org.opencontainers.image.authors="LedgerSMB project <devel@lists.ledgersmb.org>" | ||||
| LABEL org.opencontainers.image.title="LedgerSMB double-entry accounting web-application" | ||||
| LABEL org.opencontainers.image.description="LedgerSMB is a full featured double-entry financial accounting and Enterprise\ | ||||
|  Resource Planning system accessed via a web browser (Perl/JS with a PostgreSQL\ | ||||
|  backend) which offers 'Accounts Receivable', 'Accounts Payable' and 'General\ | ||||
|  Ledger' tracking as well as inventory control and fixed assets handling. The\ | ||||
|  LedgerSMB client can be a web browser or a programmed API call. The goal of\ | ||||
|  the LedgerSMB project is to bring high quality ERP and accounting capabilities\ | ||||
|  to Small and Midsize Businesses." | ||||
|  | ||||
| ARG LSMB_VERSION="1.13.0" | ||||
| ARG ARTIFACT_PATH="https://download.ledgersmb.org/f/Releases/$LSMB_VERSION/" | ||||
|  | ||||
|  | ||||
| # ARTIFACT_PATH is used to work around pre-1.13 Dockerfiles requiring | ||||
| # the ARTIFACT_LOCATION to point to the artifact, not to its path | ||||
| RUN set -x ; \ | ||||
|   echo -n "APT::Install-Recommends \"0\";\nAPT::Install-Suggests \"0\";\n" >> /etc/apt/apt.conf && \ | ||||
|   mkdir -p /usr/share/man/man1/ && \ | ||||
|   mkdir -p /usr/share/man/man2/ && \ | ||||
|   mkdir -p /usr/share/man/man3/ && \ | ||||
|   mkdir -p /usr/share/man/man4/ && \ | ||||
|   mkdir -p /usr/share/man/man5/ && \ | ||||
|   mkdir -p /usr/share/man/man6/ && \ | ||||
|   mkdir -p /usr/share/man/man7/ && \ | ||||
|   mkdir -p /usr/share/man/man8/ && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y dist-upgrade && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y install \ | ||||
|     wget curl ca-certificates libio-socket-ssl-perl postgresql-common && \ | ||||
|   /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \ | ||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y install postgresql-client && \ | ||||
|   cd /srv && \ | ||||
|   curl -s -o ledgersmb-installer -L https://get.ledgersmb.org/ledgersmb-installer && \ | ||||
|   ARTIFACT_LOCATION="$ARTIFACT_PATH" perl ledgersmb-installer install --yes --log-level=trace $LSMB_VERSION && \ | ||||
|   mv /srv/ledgersmb/server-start /usr/local/bin/run.sh && \ | ||||
|   rm -rf ~/.cpanm/ /var/lib/apt/lists/* /usr/share/man/* | ||||
|  | ||||
| WORKDIR /srv/ledgersmb | ||||
|  | ||||
|  | ||||
| # master requirements | ||||
|  | ||||
| # Configure outgoing mail to use host, other run time variable defaults | ||||
|  | ||||
| ## MAIL | ||||
| # '__CONTAINER_GATEWAY__' is a magic value which will be substituted | ||||
| # with the actual gateway IP address | ||||
| ENV LSMB_MAIL_SMTPHOST=__CONTAINER_GATEWAY__ | ||||
| #ENV LSMB_MAIL_SMTPPORT=25 | ||||
| #ENV LSMB_MAIL_SMTPSENDER_HOSTNAME=(container hostname) | ||||
| #ENV LSMB_MAIL_SMTPTLS= | ||||
| #ENV LSMB_MAIL_SMTPUSER= | ||||
| #ENV LSMB_MAIL_SMTPPASS= | ||||
| #ENV LSMB_MAIL_SMTPAUTHMECH= | ||||
|  | ||||
| ## DATABASE | ||||
| ENV POSTGRES_HOST=postgres | ||||
| ENV POSTGRES_PORT=5432 | ||||
| ENV DEFAULT_DB=lsmb | ||||
|  | ||||
| COPY start.sh /usr/local/bin/start.sh | ||||
| COPY config.sh /usr/local/bin/config.sh | ||||
|  | ||||
| RUN chmod +x /usr/local/bin/start.sh /usr/local/bin/config.sh /usr/local/bin/run.sh && \ | ||||
|   mkdir -p /var/www && \ | ||||
|   mkdir -p /srv/ledgersmb/local/conf && \ | ||||
|   chown -R www-data /srv/ledgersmb/local | ||||
|  | ||||
| # Work around an aufs bug related to directory permissions: | ||||
| RUN mkdir -p /tmp && chmod 1777 /tmp | ||||
|  | ||||
| # Internal Port Expose | ||||
| EXPOSE 5762 | ||||
|  | ||||
| USER www-data | ||||
| CMD ["start.sh"] | ||||
| @@ -1,12 +0,0 @@ | ||||
| #!/bin/bash | ||||
|  | ||||
| home_dir="$(dirname $(readlink -f $BASH_SOURCE))" | ||||
| "$home_dir/config.sh" || { echo "Failed configuration" ; exit 1 } | ||||
|  | ||||
| LSMB_CONFIG_FILE="${LSMB_CONFIG_FILE:-/srv/ledgersmb/local/conf/ledgersmb.yaml}" | ||||
| export LSMB_CONFIG_FILE | ||||
| echo "--------- LEDGERSMB CONFIGURATION:  $LSMB_CONFIG_FILE" | ||||
| cat "${LSMB_CONFIG_FILE}" | ||||
| echo '--------- LEDGERSMB CONFIGURATION --- END' | ||||
|  | ||||
| exec "$home_dir/run.sh" | ||||
							
								
								
									
										24
									
								
								build
									
									
									
									
									
								
							
							
						
						
									
										24
									
								
								build
									
									
									
									
									
								
							| @@ -1,24 +0,0 @@ | ||||
| #!/bin/bash | ||||
|  | ||||
| set -euxo pipefail | ||||
|  | ||||
| ${DOCKER:-docker} buildx build \ | ||||
|    --progress plain \ | ||||
|    --platform ${PLATFORM:-linux/amd64,linux/arm64,linux/arm/v7} \ | ||||
|    --build-arg "ARTIFACT_PATH=$ARTIFACT_PATH" \ | ||||
|    -t ledgersmb/ledgersmb:$BRANCH-base \ | ||||
|    -t ledgersmb/ledgersmb:$VERSION-base \ | ||||
|    -t ghcr.io/ledgersmb/ledgersmb:$BRANCH-base \ | ||||
|    -t ghcr.io/ledgersmb/ledgersmb:$VERSION-base \ | ||||
|    ${SET_LATEST_TAG:+ -t ledgersmb/ledgersmb:latest-base -t ghcr.io/ledgersmb/ledgersmb:latest-base} \ | ||||
|    --push base/ | ||||
|  | ||||
| ${DOCKER:-docker} buildx build \ | ||||
|    --progress plain \ | ||||
|    --platform ${PLATFORM:-linux/amd64,linux/arm64,linux/arm/v7} \ | ||||
|    -t ledgersmb/ledgersmb:$BRANCH \ | ||||
|    -t ledgersmb/ledgersmb:$VERSION \ | ||||
|    -t ghcr.io/ledgersmb/ledgersmb:$BRANCH \ | ||||
|    -t ghcr.io/ledgersmb/ledgersmb:$VERSION \ | ||||
|    ${SET_LATEST_TAG:+ -t ledgersmb/ledgersmb:latest -t ghcr.io/ledgersmb/ledgersmb:latest} \ | ||||
|    --push proxy/ | ||||
							
								
								
									
										36
									
								
								docker-compose-reverseproxy.yml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										36
									
								
								docker-compose-reverseproxy.yml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,36 @@ | ||||
| # Use this docker-compose file as: | ||||
| # | ||||
| #  docker-compose -f docker-compose.yml -f docker-compose-reverseproxy.yml up -d | ||||
| # | ||||
| # | ||||
| # This command creates one | ||||
| # compose 'project' consisting of three containers | ||||
| # | ||||
| #  1. The PostgreSQL data  container | ||||
| #  2. The LedgerSMB application container | ||||
| #  3. The Nginx reverse proxy container | ||||
| # | ||||
| # In addition to publishing LedgerSMB on port 5762 on localhost, | ||||
| # this project also publishes Nginx's reverse proxied content on | ||||
| # port 8080 on localhost | ||||
|  | ||||
| version: "3.2" | ||||
| services: | ||||
|   proxy: | ||||
|     depends_on: | ||||
|       - lsmb | ||||
|     image: nginx:1-alpine | ||||
|     volumes: | ||||
|       - "lsmbdata:/srv/ledgersmb" | ||||
|       - "./nginx.conf:/etc/nginx/nginx.conf" | ||||
|     ports: | ||||
|       - "8080:8080" | ||||
|     # Comment the line below to stop the container from restarting on boot | ||||
|     # unless it was manually stopped | ||||
|     restart: unless-stopped | ||||
|   lsmb: | ||||
|     volumes: | ||||
|       - "lsmbdata:/srv/ledgersmb" | ||||
|  | ||||
| volumes: | ||||
|   lsmbdata: | ||||
| @@ -8,7 +8,7 @@ | ||||
| # so no special care needs to be taken on | ||||
| # container upgrades.  With PostgreSQL, data is | ||||
| # persisted across upgrades by the use of a | ||||
| # special 'pgdata' volume | ||||
| # special 'dbdata' volume | ||||
|  | ||||
| version: "3.2" | ||||
| services: | ||||
| @@ -31,7 +31,7 @@ services: | ||||
|   lsmb: | ||||
|     depends_on: | ||||
|       - postgres | ||||
|     image: ghcr.io/ledgersmb/ledgersmb:1.13 | ||||
|     image: ghcr.io/ledgersmb/ledgersmb:1.12 | ||||
|       # In order to store the configuration outside the image, allowing it to | ||||
|       # be edited between container restarts, uncomment the section below and | ||||
|       # change the 'source' to the directory where you want the configuration | ||||
| @@ -48,15 +48,13 @@ services: | ||||
|     networks: | ||||
|       - internal | ||||
|       - default | ||||
|     # Comment the 'ports' section to disable mapping the LedgerSMB container | ||||
|     # ports (80 and 5762) to host ports of the same number. The mapping below | ||||
|     # makes LedgerSMB available on http://localhost/ on the host. | ||||
|     # | ||||
|     # Comment the 'ports' section to disable mapping the LedgerSMB container port (5762) | ||||
|     #  to the host's port of the same number. Mapping "5762:5762" makes LedgerSMB | ||||
|     #  available on http://<host-dns-or-ip>:5762/ | ||||
|     #     SECURITY NOTE:  Leave this uncommented for evaluation purposes only! | ||||
|     #       In production, be sure to use SSL/TLS (such as by reverse proxying) to protect  | ||||
|     #       user's passwords and other sensitive data | ||||
|     ports: | ||||
|       - "80:80" | ||||
|       - "5762:5762" | ||||
|     environment: | ||||
|       # The LSMB_WORKERS environment variable lets you select the number | ||||
| @@ -89,7 +87,7 @@ services: | ||||
|     # unless it was manually stopped | ||||
|     restart: unless-stopped | ||||
|  | ||||
| # having the pgdata volume is required to persist our | ||||
| # having the dbdata volume is required to persist our | ||||
| # data between PostgreSQL container updates; without | ||||
| # that, the data is contained in the same volume as | ||||
| # the rest of the image and on update/upgrade, the | ||||
|   | ||||
| @@ -1,47 +0,0 @@ | ||||
| # Install LedgerSMB version | ||||
| ARG LSMB_VERSION="1.13.0" | ||||
| # Install s6-overlay | ||||
| ARG S6_OVERLAY_VERSION=3.2.0.2 | ||||
|  | ||||
| FROM ledgersmb/ledgersmb:$LSMB_VERSION-base | ||||
|  | ||||
| # Repeat args if we still want to use them | ||||
| ARG LSMB_VERSION | ||||
| ARG S6_OVERLAY_VERSION | ||||
|  | ||||
| # Install nginx and other dependencies | ||||
| USER root | ||||
| RUN set -x && \ | ||||
|     DEBIAN_FRONTEND=noninteractive apt-get update -y && \ | ||||
|     DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y && \ | ||||
|     DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends nginx wget xz-utils && \ | ||||
|     mkdir -p /var/lib/nginx/body /var/cache/nginx && \ | ||||
|     DEBIAN_FRONTEND=noninteractive apt-get autoremove -q -y && \ | ||||
|     DEBIAN_FRONTEND=noninteractive apt-get clean -q && \ | ||||
|     ARCH="$(case "$(dpkg --print-architecture)" in armv7*|armhf) echo "armhf" ;; arm64) echo "aarch64" ;; amd64) echo "x86_64" ;; *) exit 1 ;; esac)" && \ | ||||
|     wget -O /tmp/s6-overlay-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz && \ | ||||
|     wget -O /tmp/s6-overlay-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz.sha256 && \ | ||||
|     wget -O /tmp/s6-overlay-${ARCH}.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz && \ | ||||
|     wget -O /tmp/s6-overlay-${ARCH}.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz.sha256 && \ | ||||
|     wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz && \ | ||||
|     wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz.sha256 && \ | ||||
|     cd /tmp && \ | ||||
|     sha256sum -c *.sha256 && \ | ||||
|     tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && \ | ||||
|     tar -C / -Jxpf /tmp/s6-overlay-${ARCH}.tar.xz && \  | ||||
|     tar -C / -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz && \ | ||||
|     rm -rf ~/.cpanm/ /var/lib/apt/lists/* /usr/share/man/* /usr/share/doc/* /tmp/s6-overlay-*.tar.xz* | ||||
|  | ||||
| COPY nginx.conf /etc/nginx/nginx.conf | ||||
|  | ||||
| # Configure nginx and starman with s6 | ||||
| COPY services/starman/run /etc/services.d/starman/run | ||||
| COPY services/nginx/run /etc/services.d/nginx/run | ||||
| COPY scripts/ledgersmb_config /etc/s6-overlay/s6-rc.d/ledgersmb_config | ||||
|  | ||||
| RUN chmod +x /etc/services.d/starman/run /etc/services.d/nginx/run /etc/s6-overlay/s6-rc.d/ledgersmb_config/up && \ | ||||
|     touch /etc/s6-overlay/s6-rc.d/user/contents.d/ledgersmb_config | ||||
|  | ||||
| EXPOSE 80 | ||||
|  | ||||
| ENTRYPOINT ["/init"] | ||||
| @@ -1,76 +0,0 @@ | ||||
| # This is a full (minimal) nginx configuration file | ||||
|  | ||||
| error_log /dev/stderr info; | ||||
| pid /tmp/nginx.pid; | ||||
| worker_processes 1; | ||||
| user www-data; | ||||
|  | ||||
|  | ||||
| events { | ||||
|    worker_connections 1024; | ||||
| } | ||||
|  | ||||
| http { | ||||
|    client_body_temp_path /tmp/client_body; | ||||
|    proxy_temp_path /tmp/proxy_temp; | ||||
|    fastcgi_temp_path /tmp/fastcgi_temp; | ||||
|    scgi_temp_path /tmp/scgi_temp; | ||||
|    uwsgi_temp_path /tmp/uwsgi_temp; | ||||
|  | ||||
|    sendfile on; | ||||
|    tcp_nopush on; | ||||
|    tcp_nodelay on; | ||||
|    keepalive_timeout 65; | ||||
|    types_hash_max_size 2048; | ||||
|    include /etc/nginx/mime.types; | ||||
|    default_type application/octet-stream; | ||||
|  | ||||
|    access_log /dev/stdout; | ||||
|    error_log /dev/stderr info; | ||||
|  | ||||
|    gzip off; | ||||
|    gzip_static on; | ||||
|  | ||||
|    server { | ||||
|       listen 80 default_server; | ||||
|       listen [::]:80 default_server ipv6only=on; | ||||
|  | ||||
|       root /srv/ledgersmb/UI; | ||||
|  | ||||
|       access_log /dev/stdout; | ||||
|       error_log /dev/stderr info; | ||||
|  | ||||
|       # Configuration files don't exist | ||||
|       location ^~ \.conf$ { | ||||
|          return 404; | ||||
|       } | ||||
|  | ||||
|       # 'Hidden' files don't exist | ||||
|       location ~ /\. { | ||||
|          return 404; | ||||
|       } | ||||
|  | ||||
|       location = / { | ||||
|          return 301 login.pl; | ||||
|       } | ||||
|  | ||||
|       location / { | ||||
|          try_files $uri @strippedprefix @starman; | ||||
|       } | ||||
|  | ||||
|       location @strippedprefix { | ||||
|          rewrite ^/([a-z0-9A-Z]+)/(.*) /$2 break; | ||||
|       } | ||||
|  | ||||
|       location @starman { | ||||
|          proxy_pass              http://127.0.0.1:5762; | ||||
|          proxy_read_timeout      300; | ||||
|          proxy_set_header        Host $host; | ||||
|          proxy_set_header        X-Real-IP $remote_addr; | ||||
|          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|          proxy_set_header        X-Forwarded-Host $host; | ||||
|          proxy_set_header        X-Forwarded-Server $host; | ||||
|          proxy_set_header        X-Forwarded-Proto $scheme; | ||||
|       } | ||||
|    } | ||||
| } | ||||
| @@ -1 +0,0 @@ | ||||
| oneshot | ||||
| @@ -1,4 +0,0 @@ | ||||
| foreground { echo "Running config..." } | ||||
|  | ||||
| with-contenv | ||||
| /usr/local/bin/config.sh | ||||
| @@ -1,3 +0,0 @@ | ||||
| #!/usr/bin/with-contenv /bin/bash | ||||
|  | ||||
| exec nginx -g "daemon off;" | ||||
| @@ -1,10 +0,0 @@ | ||||
| #!/usr/bin/with-contenv /bin/bash | ||||
|  | ||||
|  | ||||
| LSMB_CONFIG_FILE="${LSMB_CONFIG_FILE:-/srv/ledgersmb/local/conf/ledgersmb.yaml}" | ||||
| export LSMB_CONFIG_FILE | ||||
| echo "--------- LEDGERSMB CONFIGURATION:  $LSMB_CONFIG_FILE" | ||||
| cat "${LSMB_CONFIG_FILE}" | ||||
| echo '--------- LEDGERSMB CONFIGURATION --- END' | ||||
|  | ||||
| s6-setuidgid www-data /usr/local/bin/run.sh | ||||
| @@ -1,7 +1,5 @@ | ||||
| #!/bin/bash | ||||
| 
 | ||||
| set -e | ||||
| 
 | ||||
| cd /srv/ledgersmb | ||||
| [[ -d ./local/conf/ ]] || mkdir ./local/conf/ | ||||
| if [[ -n "$SSMTP_ROOT" ]]; then | ||||
| @@ -35,7 +33,7 @@ fi | ||||
| if [[ -n "$SSMTP_USE_STARTTLS" ]]; then | ||||
|     echo "\$SSMTP_USE_STARTTLS set; parameter is deprecated" | ||||
|     if [[ -z "$LSMB_MAIL_SMTPTLS" ]]; then | ||||
|         echo "  Deriving \$LSMB_MAIL_SMTPTLS setting from \$SSMTP_USE_STARTTLS" | ||||
|         echo "  Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_USE_STARTTLS" | ||||
|         LSMB_MAIL_SMTPTLS=$SSMTP_USE_STARTTLS | ||||
|     fi | ||||
|     LSMB_HAVE_DEPRECATED=1 | ||||
| @@ -159,4 +157,19 @@ EOF | ||||
|   fi | ||||
| fi | ||||
| 
 | ||||
| exit 0 | ||||
| # start ledgersmb | ||||
| # --preload-app allows application initialization to kill the entire | ||||
| # starman instance (instead of just the worker, which will immediately | ||||
| # get restarted) on error; it also has a positive effect on memory use | ||||
| 
 | ||||
| LSMB_CONFIG_FILE=${LSMB_CONFIG_FILE:-./local/conf/ledgersmb.yaml} | ||||
| export LSMB_CONFIG_FILE | ||||
| echo '--------- LEDGERSMB CONFIGURATION:  ledgersmb.conf' | ||||
| cat ${LSMB_CONFIG_FILE} | ||||
| echo '--------- LEDGERSMB CONFIGURATION --- END' | ||||
| 
 | ||||
| # ':5762:' suppresses an uninitialized variable warning in starman | ||||
| # the last colon means "don't connect using tls"; without it, there's a warning | ||||
| exec starman --listen 0.0.0.0:5762 --workers ${LSMB_WORKERS:-5} \ | ||||
|              -I lib -I old/lib \ | ||||
|              --preload-app bin/ledgersmb-server.psgi | ||||
		Reference in New Issue
	
	Block a user