* Automatic Dockerfile update by release process

.github/no-response.yml

@@ -0,0 +1,9 @@
+# Configuration for probot-no-response - https://github.com/probot/no-response
+
+# Number of days of inactivity before an Issue is closed for lack of response
+daysUntilClose: 90
+# Label requiring a response
+responseRequiredLabel: waiting-for-user
+# Comment to post when closing an Issue for lack of response. Set to `false` to disable
+closeComment: >
+  Closing: more than 90 days without user response. Feel free to reopen with your comments.

.github/workflows/images-cleanup.yml

@@ -1,18 +0,0 @@
-name: Docker Image cleanup
-
-on:
-  push:
-  workflow_dispatch:
-  schedule:
-    # Schedule for five minutes after the hour, every Friday
-    - cron: '10 3 * * 5'
-
-jobs:
-  cleanup:
-    if: github.repository_owner == 'ledgersmb'
-    runs-on: ubuntu-latest
-    steps:
-    - name: ghcr.io cleanup action
-      uses: dataaxiom/ghcr-cleanup-action@v1
-      with:
-        packages: ledgersmb

.github/workflows/no-response.yml

@@ -1,26 +0,0 @@
-name: No Response
-
-# Both `issue_comment` and `scheduled` event types are required for this Action
-# to work properly.
-on:
-  issue_comment:
-    types: [created]
-  schedule:
-    # Schedule for five minutes after the hour, every hour
-    - cron: '5 3 * * *'
-
-jobs:
-  noResponse:
-    if: github.repository_owner == 'ledgersmb'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/stale@v9
-        with:
-          days-before-issue-stale: -1
-          days-before-pr-stale: -1
-          stale-issue-label: waiting-for-user
-          # Number of days of inactivity before an Issue is closed for lack of response
-          days-before-close: 90
-          # Label requiring a response
-          close-issue-message: >
-            Closing: more than 90 days without user response. Feel free to reopen with your comments.

Dockerfile

@@ -0,0 +1,131 @@
+# Build time variables
+
+ARG SRCIMAGE=debian:buster-slim
+
+
+FROM  $SRCIMAGE AS builder
+
+ARG LSMB_VERSION="1.8.24"
+ARG LSMB_DL_DIR="Releases"
+ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz"
+
+
+RUN set -x ; \
+  DEBIAN_FRONTEND="noninteractive" apt-get -y update && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -y upgrade && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -y install dh-make-perl libmodule-cpanfile-perl git wget && \
+  apt-file update
+
+RUN set -x ; \
+  wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "$ARTIFACT_LOCATION" && \
+  tar -xzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \
+  rm -f /tmp/ledgersmb-$LSMB_VERSION.tar.gz && \
+  cd /srv/ledgersmb && \
+  ( ( for lib in $( cpanfile-dump --with-all-features --recommends --no-configure --no-build --no-test ) ; \
+    do \
+      if dh-make-perl locate "$lib" 2>/dev/null ; \
+      then  \
+        : \
+      else \
+        echo no : $lib ; \
+      fi ; \
+    done ) | grep -v dh-make-perl | grep -v 'not found' | grep -vi 'is in Perl ' | cut -d' ' -f4 | sort | uniq | tee /srv/derived-deps ) && \
+  cat /srv/derived-deps
+
+
+#
+#
+#  The real image build starts here
+#
+#
+
+
+FROM  $SRCIMAGE
+MAINTAINER  Freelock john@freelock.com
+
+# Build time variables
+ARG LSMB_VERSION="1.8.24"
+ARG LSMB_DL_DIR="Releases"
+ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz"
+
+# Install Perl, Tex, Starman, psql client, and all dependencies
+# Without libclass-c3-xs-perl, performance is terribly slow...
+
+# Installing psql client directly from instructions at https://wiki.postgresql.org/wiki/Apt
+# That mitigates issues where the PG instance is running a newer version than this container
+# Install Locale::Codes Locale::Country Locale::Language from CPAN to suppress
+# deprecation-as-core-module warning
+
+COPY --from=builder /srv/derived-deps /tmp/derived-deps
+
+RUN set -x ; \
+  echo -n "APT::Install-Recommends \"0\";\nAPT::Install-Suggests \"0\";\n" >> /etc/apt/apt.conf && \
+  mkdir -p /usr/share/man/man1/ && \
+  mkdir -p /usr/share/man/man2/ && \
+  mkdir -p /usr/share/man/man3/ && \
+  mkdir -p /usr/share/man/man4/ && \
+  mkdir -p /usr/share/man/man5/ && \
+  mkdir -p /usr/share/man/man6/ && \
+  mkdir -p /usr/share/man/man7/ && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -y update && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -y upgrade && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -y install \
+    wget ca-certificates gnupg \
+    $( cat /tmp/derived-deps ) \
+    libclass-c3-xs-perl \
+    texlive-latex-recommended texlive-fonts-recommended \
+    texlive-xetex fonts-liberation \
+    lsb-release && \
+  echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
+  (wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -) && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -y update && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -y install postgresql-client && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -q -y install git cpanminus make gcc libperl-dev && \
+  wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "$ARTIFACT_LOCATION" && \
+  tar -xzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \
+  rm -f /tmp/ledgersmb-$LSMB_VERSION.tar.gz && \
+  cpanm --reinstall --notest Locale::Country Locale::Codes Locale::Language && \
+  cpanm --notest \
+    --with-feature=starman \
+    --with-feature=latex-pdf-ps \
+    --with-feature=openoffice \
+    --installdeps /srv/ledgersmb/ && \
+  apt-get purge -q -y git cpanminus make gcc libperl-dev && \
+  apt-get autoremove -q -y && \
+  apt-get clean -q && \
+  rm -rf ~/.cpanm/ /var/lib/apt/lists/* /usr/share/man/*
+
+
+WORKDIR /srv/ledgersmb
+
+# master requirements
+
+# Configure outgoing mail to use host, other run time variable defaults
+
+## MAIL
+ENV LSMB_MAIL_SMTPHOST 172.17.0.1
+#ENV LSMB_MAIL_SMTPPORT 25
+#ENV LSMB_MAIL_SMTPSENDER_HOSTNAME (container hostname)
+#ENV LSMB_MAIL_SMTPTLS
+#ENV LSMB_MAIL_SMTPUSER
+#ENV LSMB_MAIL_SMTPPASS
+#ENV LSMB_MAIL_SMTPAUTHMECH
+
+## DATABASE
+ENV POSTGRES_HOST postgres
+ENV POSTGRES_PORT 5432
+ENV DEFAULT_DB lsmb
+
+COPY start.sh /usr/local/bin/start.sh
+
+RUN chmod +x /usr/local/bin/start.sh && \
+  mkdir -p /var/www
+
+# Work around an aufs bug related to directory permissions:
+RUN mkdir -p /tmp && chmod 1777 /tmp
+
+# Internal Port Expose
+EXPOSE 5762
+
+USER www-data
+CMD ["start.sh"]

README.md

@@ -2,36 +2,17 @@
 
 Dockerfile for LedgerSMB Docker image
 
-## Content
-
- 1. [Supported tags](#supported-tags)
- 2. [What is LedgerSMB](#what-is-ledgersmb)
- 3. [How to use this image](#how-to-use-this-image)
- 4. [Set up LedgerSMB](#set-up-ledgersmb)
- 5. [Updating the LedgerSMB container](#updating-the-ledgersmb-container)
- 6. [Environment Variables](#environment-variables)
- 7. [Advanced setup](#advanced-setup)
- 8. [Troubleshooting](#troubleshootingdeveloping)
- 9. [User feedback](#user-feedback)
-
 # Supported tags
 
-- `1.13`, `1.13.x`, `latest` - Latest official release from the 1.13 branch
-- `1.12`, `1.12.x` - Latest official release from the 1.12 branch
-- `1.11`, `1.11.x` - Latest official release from the 1.11 branch
-- `1.10`, `1.10.38` - Last official release from the 1.10 branch (End-of-Life)
-- `1.9`, `1.9.30` - Last official release from the 1.9 branch (End-of-Life)
-- `1.8`, `1.8.31` - Last official release from the 1.8 branch (End-of-Life)
-- `1.7`, `1.7.41` - Last official release from the 1.7 branch (End-of-Life)
-- `1.6`, `1.6.33` - Last official release from the 1.6 branch (End-of-Life)
-- `1.5`, `1.5.30` - Last official release from the 1.5 branch (End-of-Life)
-- `1.4`, `1.4.42` - Last official release from the 1.4 branch (End-of-Life)
+- `1.8`, `1.8.x`, `latest` - Latest official release from the 1.8 branch
+- `1.7`, `1.7.x` - Latest official release from 1.7 branch
+- `1.6`, `1.6.33` - Last official release from 1.6 branch 
+- `1.5`, `1.5.30` - Last official release from 1.5 branch
+- `1.4`, `1.4.42` - Last official release from 1.4 branch
 - `master` - Master branch from git, unstable
 
 Containers supporting the development process are provided
-through the ledgersmb-dev-docker project. See [the development
-container's README](https://github.com/ledgersmb/ledgersmb-dev-docker/blob/master/README.md#getting-started)
-for more information.
+through the [ledgersmb-dev-docker project](https://github.com/ledgersmb/ledgersmb-dev-docker/blob/master/README.md#getting-started).
 
 # What is LedgerSMB?
 
@@ -54,49 +35,47 @@ do recommend not exposing this port publicly, because
 2. We strongly recommend TLS encryption of all application traffic
 
 While the exposed port can be used for quick evaluation, it's recommended
-to add TLS for production situations.
+to add the TLS layer by applying Nginx or Apache as reverse proxy.
 
 Enabling optional functionalities such as outgoing e-mail and printing
 could require additional setup of a mail service or CUPS printer service.
 
-❌ Do not use unofficial or AI-generated Docker Compose examples. These are often incomplete, break silently, or skip required services.
-
 # How to use this image
 
 This image can be installed either automatically with the Docker compose file
 or manually with docker only.
 
-## Docker-Compose: Installation and start
+## Docker-Compose installation and start
 
-This repository provides a file named `docker-compose.yml` which can be used to
-pull related images, install them, establish an internal network for their
-communications, adjust environment variables, start and stop LedgerSMB. The
-only instructions required, after the optional edition of the file to adjust
-the environment variables, are:
+This image provides `docker-compose.yml` which can be used to pull related
+images, install them, establish an internal network for their communications,
+adjust environment variables, start and stop LedgerSMB. The only instructions
+required, after the optional edition of the file to adjust the environment
+variables, are:
 
 ```plain
  $ docker-compose pull
  $ docker-compose up -d
 ```
 
-Or use the following to set a different password and/or parallel processing
-capacity (so called 'workers'):
-
-```plain
- $ docker-compose pull
- $ POSTGRES_PASSWORD=def \
-   LSMB_WORKERS=10 \
-   docker-compose up -d
-```
-
 This will set up two containers: (1) a PostgreSQL container with persistent
 storage which is retained between container updates and (2) a LedgerSMB
 container configured to connect to the PostgreSQL container as its database
-server. Your LedgerSMB installation should now be accessible through
-[http://localhost:5762/](http://localhost:5762/).
+server. The containers will be running in the background and can be stopped
+and started by running:
 
-The default number of workers is 5. The default database username and password
-are:
+```plain
+# Stopping the containers
+$ docker-compose stop
+
+# Starting the containers
+$ docker-compose start
+```
+
+(Check the status of the containers using `docker-compose ps`; when the
+containers are running, the `State` column shows `Up`.)
+
+The database username and password are:
 
 ```plain
    username: postgres
@@ -104,7 +83,7 @@ are:
 ```
 
 From here, follow the steps as detailed in the instructions for
-[preparing for first use](https://ledgersmb.org/content/preparing-ledgersmb-19-first-use).
+[preparing for first use](https://ledgersmb.org/content/preparing-ledgersmb-17-first-use).
 
 ## Manual installation
 
@@ -143,13 +122,9 @@ Visit http://localhost:5762/login.pl to log in and get started.
 
 No persistant data is stored in the LedgerSMB container.
 
-All LedgerSMB data is stored in PostgreSQL, so you can stop/destroy/run a
+All LedgerSMB data is stored in Postgres, so you can stop/destroy/run a
 new LedgerSMB container as often as you want.
 
-In case of the Docker Compose setup, all PostgreSQL data is stored on the
-Docker volume with the name ending in `_pgdata`. This volume is not destroyed
-when updating the containers; only explicit removal destroys the data.
-
 # Environment Variables
 
 The LedgerSMB image uses several environment variables. They are all optional.
@@ -185,6 +160,8 @@ affect the performance experience of users.
 
 ## Mail configuration
 
+### 1.8.0 and higher
+
 As of 1.8.0, the image is based on Debian Buster instead of Debian Stretch;
 with Buster, the `ssmtp` program has been removed from Debian, this image
 had to change strategy. The main application always came with built-in e-mail
@@ -192,73 +169,36 @@ yet with the deprecation, the abilities have expanded.
 
 The following parameters are now supported to set mail preferences:
 
-* `LSMB_MAIL_SMTPHOST` \
-  The host name/IP-address of the SMTP server that will forward mail from
-  LedgerSMB to the outside world.
-* `LSMB_MAIL_SMTPPORT` \
-  The port that the SMTP server in `LSMB_MAIL_SMTPHOST` listens to.
-* `LSMB_MAIL_SMTPTLS` \
-  Can be one of `no` (default), `yes` or `raw`. `yes` indicates to use
-  STARTTLS over a regular SMTP connection; `raw`' indicates an SMTP connection
-  should be established over a TLS connection (a.k.a. smtps).
-* `LSMB_MAIL_SMTPSENDER_HOSTNAME` (optional) \
-  When set, used to identify the host when connecting to an SMTP server. When
-  not set, the host is queried for its host name.
-* `LSMB_MAIL_SMTPUSER` \
-  Username to authenticate to the SMTP host in `LSMB_MAIL_SMTPHOST`.
-* `LSMB_MAIL_SMTPPASS` \
-  Password to authenticate to the SMTP host in `LSMB_MAIL_SMTPHOST` with the
-  user in `LSMB_MAIL_SMTPUSER`.
-* `LSMB_MAIL_SMTPAUTHMECH` \
-  A space separated list of SASL mechanisms to be used for authentication of
-  the smtp connection with the SMTP server. Available mechanisms depend on
-  your installed environment, but the following mechanisms should be available
-  in all of them: `PLAIN` `LOGIN` `CRAM_MD5` & `DIGEST_MD5`. **Note that**
-  `PLAIN` or `LOGIN` send passwords in plain text over the wire to the SMTP
-  server; only use these methods in combination with TLS encryption.
+* `LSMB_MAIL_SMTPHOST`
+* `LSMB_MAIL_SMTPPORT`
+* `LSMB_MAIL_SMTPTLS`
+* `LSMB_MAIL_SMTPSENDER_HOSTNAME`
+* `LSMB_MAIL_SMTPUSER`
+* `LSMB_MAIL_SMTPPASS`
+* `LSMB_MAIL_SMTPAUTHMECH`
 
-# Advanced setup
 
-## Changing configuration
+### Before 1.8.0
 
-The configuration file is stored in /srv/ledgersmb/local/conf/. By mounting
-that directory using a bind-mount to a location outside the container,
-configuration can be changed between container starts:
+These variables are used to set outgoing SMTP defaults.
 
-```plain
- $ docker run -d -p 5762:5762 --name myledger \
-     --mount 'type=bind,src=/home/ledgersmb/conf,dst=/srv/ledgersmb/local/conf \
-     -e POSTGRES_HOST=<ip/hostname> ledgersmb/ledgersmb:latest
-```
+* `SSMTP_ROOT` (config: `Root` -- DEPRECATED)
+* `SSMTP_MAILHUB` (config: `Mailhub`)
+* `SSMTP_HOSTNAME` (config: `Hostname`)
+* `SSMTP_USE_STARTTLS` (config: `UseSTARTTLS`)
+* `SSMTP_AUTH_USER` (config: `AuthUser`)
+* `SSMTP_AUTH_PASS` (config: `AuthPass`)
+* `SSMTP_AUTH_METHOD` (config: `AuthMethod` -- DEPRECATED)
+* `SSMTP_FROMLINE_OVERRIDE` (config: `FromLineOverride` -- DEPRECATED)
 
-## Overriding or adding configuration
+`SSMTP_MAILHUB` defaults to the default docker0 interface, so if your host is
+already configured to relay mail, this should relay successfully with only
+the root and hostname set.
 
-By pre-creating a configuration file in the mounted configuration directory,
-the standard configuration generation process in the container can be overruled:
-
-```plain
- $ cat <<EOF > /home/ledgersmb/conf/ledgersmb.yaml
-   ... YOUR CONFIG HERE ...
- EOF
- $ docker run -d -p 5762:5762 --name myledger \
-     --mount 'type=bind,src=/home/ledgersmb/conf,dst=/srv/ledgersmb/local/conf \
-     -e POSTGRES_HOST=<ip/hostname> ledgersmb/ledgersmb:latest
-```
-
-If you do not want to completely overrule the configuration generated, but instead
-supplement the configuration, you can put incremental configuration snippets in
-files named `ledgersmb.1XX.yaml` in the same folder. E.g.:
-
-```plain
- $ cat <<EOF > /home/ledgersmb/conf/ledgersmb.100.yaml
- logging:
-   file: ledgersmb.logging
- EOF
-```
-
-[Documentation with respect to the available configuration
-keys](https://github.com/ledgersmb/LedgerSMB/blob/master/doc/conf/ledgersmb.yaml)
-is available in the LedgerSMB repository.
+Use the other environment variables to relay mail through a different host.
+Use the [ssmtp.conf man
+page](https://www.systutorials.com/docs/linux/man/5-ssmtp.conf/) to look up
+the meaning and function of each of the mail configuration keys.
 
 # Troubleshooting/Developing
 
@@ -275,8 +215,9 @@ please contact us on the [mailing list](http://ledgersmb.org/topic/support/maili
 or through a [GitHub issue](https://github.com/ledgersmb/ledgersmb-docker/issues).
 
 You can also reach some of the official LedgerSMB maintainers via the
-[Matrix](https://matrix.org) room in [#ledgersmb:matrix.org](https://matrix.to/#/#ledgersmb:matrix.org).
-The [Element](https://app.element.io/#/room/#ledgersmb:matrix.org) Matrix client is highly recommended.
+`#ledgersmb` IRC channel on [Freenode](https://freenode.net), or on the
+bridged [Matrix](https://matrix.org) room in [#ledgersmb:matrix.org](https://matrix.to/#/#ledgersmb:matrix.org).
+The [Riot.im](https://riot.im/app/#/room/#ledgersmb:matrix.org) Matrix client is highly recommended.
 
 
 ## Contributing

base/Dockerfile

@@ -1,83 +0,0 @@
-# Build time variables
-
-ARG SRCIMAGE=debian:trixie-slim
-
-FROM  $SRCIMAGE
-LABEL org.opencontainers.image.authors="LedgerSMB project <devel@lists.ledgersmb.org>"
-LABEL org.opencontainers.image.title="LedgerSMB double-entry accounting web-application"
-LABEL org.opencontainers.image.description="LedgerSMB is a full featured double-entry financial accounting and Enterprise\
- Resource Planning system accessed via a web browser (Perl/JS with a PostgreSQL\
- backend) which offers 'Accounts Receivable', 'Accounts Payable' and 'General\
- Ledger' tracking as well as inventory control and fixed assets handling. The\
- LedgerSMB client can be a web browser or a programmed API call. The goal of\
- the LedgerSMB project is to bring high quality ERP and accounting capabilities\
- to Small and Midsize Businesses."
-
-ARG LSMB_VERSION="1.13.0"
-ARG ARTIFACT_PATH="https://download.ledgersmb.org/f/Releases/$LSMB_VERSION/"
-
-
-# ARTIFACT_PATH is used to work around pre-1.13 Dockerfiles requiring
-# the ARTIFACT_LOCATION to point to the artifact, not to its path
-RUN set -x ; \
-  echo -n "APT::Install-Recommends \"0\";\nAPT::Install-Suggests \"0\";\n" >> /etc/apt/apt.conf && \
-  mkdir -p /usr/share/man/man1/ && \
-  mkdir -p /usr/share/man/man2/ && \
-  mkdir -p /usr/share/man/man3/ && \
-  mkdir -p /usr/share/man/man4/ && \
-  mkdir -p /usr/share/man/man5/ && \
-  mkdir -p /usr/share/man/man6/ && \
-  mkdir -p /usr/share/man/man7/ && \
-  mkdir -p /usr/share/man/man8/ && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y dist-upgrade && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y install \
-    wget curl ca-certificates libio-socket-ssl-perl postgresql-common && \
-  /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \
-  DEBIAN_FRONTEND="noninteractive" apt-get -q -y install postgresql-client && \
-  cd /srv && \
-  curl -s -o ledgersmb-installer -L https://get.ledgersmb.org/ledgersmb-installer && \
-  ARTIFACT_LOCATION="$ARTIFACT_PATH" perl ledgersmb-installer install --yes --log-level=trace $LSMB_VERSION && \
-  mv /srv/ledgersmb/server-start /usr/local/bin/run.sh && \
-  rm -rf ~/.cpanm/ /var/lib/apt/lists/* /usr/share/man/*
-
-WORKDIR /srv/ledgersmb
-
-
-# master requirements
-
-# Configure outgoing mail to use host, other run time variable defaults
-
-## MAIL
-# '__CONTAINER_GATEWAY__' is a magic value which will be substituted
-# with the actual gateway IP address
-ENV LSMB_MAIL_SMTPHOST=__CONTAINER_GATEWAY__
-#ENV LSMB_MAIL_SMTPPORT=25
-#ENV LSMB_MAIL_SMTPSENDER_HOSTNAME=(container hostname)
-#ENV LSMB_MAIL_SMTPTLS=
-#ENV LSMB_MAIL_SMTPUSER=
-#ENV LSMB_MAIL_SMTPPASS=
-#ENV LSMB_MAIL_SMTPAUTHMECH=
-
-## DATABASE
-ENV POSTGRES_HOST=postgres
-ENV POSTGRES_PORT=5432
-ENV DEFAULT_DB=lsmb
-
-COPY start.sh /usr/local/bin/start.sh
-COPY config.sh /usr/local/bin/config.sh
-
-RUN chmod +x /usr/local/bin/start.sh /usr/local/bin/config.sh /usr/local/bin/run.sh && \
-  mkdir -p /var/www && \
-  mkdir -p /srv/ledgersmb/local/conf && \
-  chown -R www-data /srv/ledgersmb/local
-
-# Work around an aufs bug related to directory permissions:
-RUN mkdir -p /tmp && chmod 1777 /tmp
-
-# Internal Port Expose
-EXPOSE 5762
-
-USER www-data
-CMD ["start.sh"]

base/nginx.conf

@@ -1,81 +0,0 @@
-# This is a full (minimal) nginx configuration file
-
-error_log /dev/stderr info;
-pid /tmp/nginx.pid;
-worker_processes 1;
-
-events {
-   worker_connections 1024;
-}
-
-http {
-   client_body_temp_path /tmp/client_body;
-   proxy_temp_path /tmp/proxy_temp;
-   fastcgi_temp_path /tmp/fastcgi_temp;
-   scgi_temp_path /tmp/scgi_temp;
-   uwsgi_temp_path /tmp/uwsgi_temp;
-
-   sendfile on;
-   tcp_nopush on;
-   tcp_nodelay on;
-   keepalive_timeout 65;
-   types_hash_max_size 2048;
-   include /etc/nginx/mime.types;
-   default_type application/octet-stream;
-
-   access_log /dev/stdout;
-   error_log /dev/stderr info;
-
-   gzip off;
-   gzip_static on;
-
-   server {
-      listen 8080 default_server;
-      listen [::]:8080 default_server ipv6only=on;
-
-      root /srv/ledgersmb/UI;
-
-      access_log /dev/stdout;
-      error_log /dev/stderr info;
-
-      # Don't log status polls
-      location /nginx_status {
-               stub_status on;
-               access_log off;
-               allow 127.0.0.1;
-               allow ::1;
-               deny all;
-      }
-
-      # Configuration files don't exist
-      location ^~ \.conf$ {
-         return 404;
-      }
-
-      # 'Hidden' files don't exist
-      location ~ /\. {
-         return 404;
-      }
-
-      location = / {
-         return 301 /login.pl;
-      }
-
-      # JS & CSS
-      location ~* \.(js|css)$ {
-         add_header Pragma "public";
-         add_header Cache-Control "public, must-revalidate, proxy-revalidate"; # Production
-         expires     7d; # Indicate that the resource can be cached for 1 week # Production
-         try_files $uri =404;
-      }
-
-      location / {
-         proxy_set_header        Host $host;
-         proxy_set_header        X-Real-IP $remote_addr;
-         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-         proxy_set_header        X-Forwarded-Proto $scheme;
-         proxy_read_timeout      300;
-         proxy_pass              http://lsmb:5762;
-      }
-   }
-}

base/start.sh

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-home_dir="$(dirname $(readlink -f $BASH_SOURCE))"
-"$home_dir/config.sh" || { echo "Failed configuration" ; exit 1 }
-
-LSMB_CONFIG_FILE="${LSMB_CONFIG_FILE:-/srv/ledgersmb/local/conf/ledgersmb.yaml}"
-export LSMB_CONFIG_FILE
-echo "--------- LEDGERSMB CONFIGURATION:  $LSMB_CONFIG_FILE"
-cat "${LSMB_CONFIG_FILE}"
-echo '--------- LEDGERSMB CONFIGURATION --- END'
-
-exec "$home_dir/run.sh"

build

@@ -1,24 +0,0 @@
-#!/bin/bash
-
-set -euxo pipefail
-
-${DOCKER:-docker} buildx build \
-   --progress plain \
-   --platform ${PLATFORM:-linux/amd64,linux/arm64,linux/arm/v7} \
-   --build-arg "ARTIFACT_PATH=$ARTIFACT_PATH" \
-   -t ledgersmb/ledgersmb:$BRANCH-base \
-   -t ledgersmb/ledgersmb:$VERSION-base \
-   -t ghcr.io/ledgersmb/ledgersmb:$BRANCH-base \
-   -t ghcr.io/ledgersmb/ledgersmb:$VERSION-base \
-   ${SET_LATEST_TAG:+ -t ledgersmb/ledgersmb:latest-base -t ghcr.io/ledgersmb/ledgersmb:latest-base} \
-   --push base/
-
-${DOCKER:-docker} buildx build \
-   --progress plain \
-   --platform ${PLATFORM:-linux/amd64,linux/arm64,linux/arm/v7} \
-   -t ledgersmb/ledgersmb:$BRANCH \
-   -t ledgersmb/ledgersmb:$VERSION \
-   -t ghcr.io/ledgersmb/ledgersmb:$BRANCH \
-   -t ghcr.io/ledgersmb/ledgersmb:$VERSION \
-   ${SET_LATEST_TAG:+ -t ledgersmb/ledgersmb:latest -t ghcr.io/ledgersmb/ledgersmb:latest} \
-   --push proxy/

docker-compose.yml

@@ -8,7 +8,7 @@
 # so no special care needs to be taken on
 # container upgrades.  With PostgreSQL, data is
 # persisted across upgrades by the use of a
-# special 'pgdata' volume
+# special 'dbdata' volume
 
 version: "3.2"
 services:
@@ -16,47 +16,29 @@ services:
   # because that allows us to use the default hostname ("postgres")
   # from the LedgerSMB configuration
   postgres:
-    image: postgres:15-alpine
+    image: postgres:9.6-alpine
     environment:
       # Replace the password below for a secure setup
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-abc}
+      POSTGRES_PASSWORD: abc
       PGDATA: /var/lib/postgresql/data/pgdata
     networks:
       - internal
     volumes:
       - "pgdata:/var/lib/postgresql/data"
-    # Comment the line below to stop the container from restarting on boot
-    # unless it was manually stopped
-    restart: unless-stopped
   lsmb:
     depends_on:
       - postgres
-    image: ghcr.io/ledgersmb/ledgersmb:1.13
-      # In order to store the configuration outside the image, allowing it to
-      # be edited between container restarts, uncomment the section below and
-      # change the 'source' to the directory where you want the configuration
-      # to be stored.
-    # volumes:
-    #   # Override all configuration:
-    #   - type: bind
-    #     source: /home/ledgersmb/conf
-    #     target: /srv/ledgersmb/local/conf
-    #   # Add a snippet of configuration:
-    #   - type: bind
-    #     source: /home/ledgersmb/conf/ledgersmb.100.yaml
-    #     target: /srv/ledgersmb/local/conf/ledgersmb.100.yaml
+    image: ledgersmb/ledgersmb:1.8
     networks:
       - internal
       - default
-    # Comment the 'ports' section to disable mapping the LedgerSMB container
-    # ports (80 and 5762) to host ports of the same number. The mapping below
-    # makes LedgerSMB available on http://localhost/ on the host.
-    #
-    #     SECURITY NOTE:  Leave this uncommented for evaluation purposes only!
-    #       In production, be sure to use SSL/TLS (such as by reverse proxying) to protect
-    #       user's passwords and other sensitive data
+    # Comment the 'ports' section to disable mapping the LedgerSMB container port (5762)
+    #  to the host's port of the same number, thus making LedgerSMB
+    #  available on http://<host-dns-or-ip>:5762/
+    #     SECURITY NOTE: Do this for evaluation purposes only!
+    #       In production, be sure to use SSL/TLS to protect user's passwords
+    #       and other sensitive data
     ports:
-      - "80:80"
       - "5762:5762"
     environment:
       # The LSMB_WORKERS environment variable lets you select the number
@@ -65,17 +47,17 @@ services:
       # improve the performance experience, increase memory and the
       # number of workers
       #
-      LSMB_WORKERS: ${LSMB_WORKERS:-5}
+      LSMB_WORKERS: 2
       #
       #
-
-      # LSMB_MAIL_SMTPHOST:
-      # LSMB_MAIL_SMTPPORT:
-      # LSMB_MAIL_SMTPTLS:
-      # LSMB_MAIL_SMTPSENDER_HOSTNAME:
-      # LSMB_MAIL_SMTPUSER:
-      # LSMB_MAIL_SMTPPASS:
-      # LSMB_MAIL_SMTPAUTHMECH:
+      # SSMTP_ROOT:
+      # SSMTP_HOSTNAME:
+      # SSMTP_MAILHUB:
+      # SSMTP_AUTH_USER:
+      # SSMTP_AUTH_PASS:
+      # SSMTP_AUTH_METHOD:
+      # SSMTP_USE_STARTTLS:
+      # SSMTP_FROMLINE_OVERRIDE:
       #
       #
       # The PROXY_IP environment variable lets you set the IP address
@@ -85,11 +67,8 @@ services:
       # hosted in a separate container, this setting needs to be adjusted.
       #
       # PROXY_IP: 172.17.0.1/12
-    # Comment the line below to stop the container from restarting on boot
-    # unless it was manually stopped
-    restart: unless-stopped
 
-# having the pgdata volume is required to persist our
+# having the dbdata volume is required to persist our
 # data between PostgreSQL container updates; without
 # that, the data is contained in the same volume as
 # the rest of the image and on update/upgrade, the

proxy/Dockerfile

@@ -1,47 +0,0 @@
-# Install LedgerSMB version
-ARG LSMB_VERSION="1.13.0"
-# Install s6-overlay
-ARG S6_OVERLAY_VERSION=3.2.0.2
-
-FROM ledgersmb/ledgersmb:$LSMB_VERSION-base
-
-# Repeat args if we still want to use them
-ARG LSMB_VERSION
-ARG S6_OVERLAY_VERSION
-
-# Install nginx and other dependencies
-USER root
-RUN set -x && \
-    DEBIAN_FRONTEND=noninteractive apt-get update -y && \
-    DEBIAN_FRONTEND=noninteractive apt-get dist-upgrade -y && \
-    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends nginx wget xz-utils && \
-    mkdir -p /var/lib/nginx/body /var/cache/nginx && \
-    DEBIAN_FRONTEND=noninteractive apt-get autoremove -q -y && \
-    DEBIAN_FRONTEND=noninteractive apt-get clean -q && \
-    ARCH="$(case "$(dpkg --print-architecture)" in armv7*|armhf) echo "armhf" ;; arm64) echo "aarch64" ;; amd64) echo "x86_64" ;; *) exit 1 ;; esac)" && \
-    wget -O /tmp/s6-overlay-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz && \
-    wget -O /tmp/s6-overlay-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz.sha256 && \
-    wget -O /tmp/s6-overlay-${ARCH}.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz && \
-    wget -O /tmp/s6-overlay-${ARCH}.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz.sha256 && \
-    wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz && \
-    wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz.sha256 && \
-    cd /tmp && \
-    sha256sum -c *.sha256 && \
-    tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && \
-    tar -C / -Jxpf /tmp/s6-overlay-${ARCH}.tar.xz && \ 
-    tar -C / -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz && \
-    rm -rf ~/.cpanm/ /var/lib/apt/lists/* /usr/share/man/* /usr/share/doc/* /tmp/s6-overlay-*.tar.xz*
-
-COPY nginx.conf /etc/nginx/nginx.conf
-
-# Configure nginx and starman with s6
-COPY services/starman/run /etc/services.d/starman/run
-COPY services/nginx/run /etc/services.d/nginx/run
-COPY scripts/ledgersmb_config /etc/s6-overlay/s6-rc.d/ledgersmb_config
-
-RUN chmod +x /etc/services.d/starman/run /etc/services.d/nginx/run /etc/s6-overlay/s6-rc.d/ledgersmb_config/up && \
-    touch /etc/s6-overlay/s6-rc.d/user/contents.d/ledgersmb_config
-
-EXPOSE 80
-
-ENTRYPOINT ["/init"]

proxy/nginx.conf

@@ -1,76 +0,0 @@
-# This is a full (minimal) nginx configuration file
-
-error_log /dev/stderr info;
-pid /tmp/nginx.pid;
-worker_processes 1;
-user www-data;
-
-
-events {
-   worker_connections 1024;
-}
-
-http {
-   client_body_temp_path /tmp/client_body;
-   proxy_temp_path /tmp/proxy_temp;
-   fastcgi_temp_path /tmp/fastcgi_temp;
-   scgi_temp_path /tmp/scgi_temp;
-   uwsgi_temp_path /tmp/uwsgi_temp;
-
-   sendfile on;
-   tcp_nopush on;
-   tcp_nodelay on;
-   keepalive_timeout 65;
-   types_hash_max_size 2048;
-   include /etc/nginx/mime.types;
-   default_type application/octet-stream;
-
-   access_log /dev/stdout;
-   error_log /dev/stderr info;
-
-   gzip off;
-   gzip_static on;
-
-   server {
-      listen 80 default_server;
-      listen [::]:80 default_server ipv6only=on;
-
-      root /srv/ledgersmb/UI;
-
-      access_log /dev/stdout;
-      error_log /dev/stderr info;
-
-      # Configuration files don't exist
-      location ^~ \.conf$ {
-         return 404;
-      }
-
-      # 'Hidden' files don't exist
-      location ~ /\. {
-         return 404;
-      }
-
-      location = / {
-         return 301 login.pl;
-      }
-
-      location / {
-         try_files $uri @strippedprefix @starman;
-      }
-
-      location @strippedprefix {
-         rewrite ^/([a-z0-9A-Z]+)/(.*) /$2 break;
-      }
-
-      location @starman {
-         proxy_pass              http://127.0.0.1:5762;
-         proxy_read_timeout      300;
-         proxy_set_header        Host $host;
-         proxy_set_header        X-Real-IP $remote_addr;
-         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-         proxy_set_header        X-Forwarded-Host $host;
-         proxy_set_header        X-Forwarded-Server $host;
-         proxy_set_header        X-Forwarded-Proto $scheme;
-      }
-   }
-}

proxy/scripts/ledgersmb_config/type

@@ -1 +0,0 @@
-oneshot

proxy/scripts/ledgersmb_config/up

@@ -1,4 +0,0 @@
-foreground { echo "Running config..." }
-
-with-contenv
-/usr/local/bin/config.sh

proxy/services/nginx/run

@@ -1,3 +0,0 @@
-#!/usr/bin/with-contenv /bin/bash
-
-exec nginx -g "daemon off;"

proxy/services/starman/run

@@ -1,10 +0,0 @@
-#!/usr/bin/with-contenv /bin/bash
-
-
-LSMB_CONFIG_FILE="${LSMB_CONFIG_FILE:-/srv/ledgersmb/local/conf/ledgersmb.yaml}"
-export LSMB_CONFIG_FILE
-echo "--------- LEDGERSMB CONFIGURATION:  $LSMB_CONFIG_FILE"
-cat "${LSMB_CONFIG_FILE}"
-echo '--------- LEDGERSMB CONFIGURATION --- END'
-
-s6-setuidgid www-data /usr/local/bin/run.sh

start.sh

@@ -1,9 +1,7 @@
 #!/bin/bash
 
-set -e
-
 cd /srv/ledgersmb
-[[ -d ./local/conf/ ]] || mkdir ./local/conf/
+
 if [[ -n "$SSMTP_ROOT" ]]; then
     echo "\$SSMTP_ROOT set; parameter is deprecated and will be ignored"
     LSMB_HAVE_DEPRECATED=1
@@ -35,7 +33,7 @@ fi
 if [[ -n "$SSMTP_USE_STARTTLS" ]]; then
     echo "\$SSMTP_USE_STARTTLS set; parameter is deprecated"
     if [[ -z "$LSMB_MAIL_SMTPTLS" ]]; then
-        echo "  Deriving \$LSMB_MAIL_SMTPTLS setting from \$SSMTP_USE_STARTTLS"
+        echo "  Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_USE_STARTTLS"
         LSMB_MAIL_SMTPTLS=$SSMTP_USE_STARTTLS
     fi
     LSMB_HAVE_DEPRECATED=1
@@ -69,94 +67,41 @@ if [[ -n "$LSMB_HAVE_DEPRECATED" ]]; then
     echo "!!! DEPRECATED \$SSMTP_* PARAMETERS WILL BE REMOVED in the 1.9 image!!!"
 fi
 
-if [[ ! -f ./local/conf/ledgersmb.yaml ]]; then
-  if [[ "x$LSMB_MAIL_SMTPTLS" == "xyes" ]]; then
-     tls_mode=starttls
-  elif [[ "x$LSMB_MAIL_SMTPTLS" == "xraw" ]]; then
-     tls_mode=ssl
-  else
-     tls_mode=none
-  fi
-  cat <<EOF >./local/conf/ledgersmb.yaml
-paths:
-  \$class: Beam::Wire
-  config:
-    UI: ./UI/
-    UI_cache: lsmb_templates/
 
-db:
-  \$class: LedgerSMB::Database::Factory
-  connect_data:
-    host: ${POSTGRES_HOST:-postgres}
-    port: ${POSTGRES_PORT:-5432}
-
-mail:
-  transport:
-    \$class: Email::Sender::Transport::SMTP
-    ssl: $tls_mode
-
-miscellaneous:
-  \$class: Beam::Wire
-  config:
-    proxy_ip: ${PROXY_IP:-172.17.0.1/12}
-
-ui:
-  class: LedgerSMB::Template::UI
-  method: new_UI
-  lifecycle: eager
-  args:
-    cache:
-      \$ref: paths/UI_cache
-    root:
-      \$ref: paths/UI
+if [[ ! -f ledgersmb.conf ]]; then
+  cat <<EOF >/tmp/ledgersmb.conf
+[main]
+cache_templates = 1
+[database]
+host = $POSTGRES_HOST
+port = $POSTGRES_PORT
+default_db = $DEFAULT_DB
+[mail]
+${LSMB_MAIL_SMTPHOST:+smtphost=$LSMB_MAIL_SMTPHOST
+}${LSMB_MAIL_SMTPPORT:+smtpport=$LSMB_MAIL_SMTPPORT
+}${LSMB_MAIL_SMTPSENDER_HOSTNAME:+smtpsender_hostname=$LSMB_MAIL_SMTPSENDER_HOSTNAME
+}${LSMB_MAIL_SMTPTLS:+smtptls=$LSMB_MAIL_SMTPTLS
+}${LSMB_MAIL_SMTPUSER:+smtpuser=$LSMB_MAIL_SMTPUSER
+}${LSMB_MAIL_SMTPPASS:+smtppass=$LSMB_MAIL_SMTPPASS
+}${LSMB_MAIL_SMTPAUTHMECH:+smtpauthmech=$LSMB_MAIL_SMTPAUTHMECH
+}
+[proxy]
+ip=${PROXY_IP:-172.17.0.1/12}
 EOF
-
-  if [[ -n "$LSMB_MAIL_SMTPHOST" ]]
-  then
-      if [[ "$LSMB_MAIL_SMTPHOST" == "__CONTAINER_GATEWAY__" ]]
-      then
-         LSMB_MAIL_SMTPHOST="$(ip route | awk '/default/ { print $3 }')"
-         export LSMB_MAIL_SMTPHOST
+  export LSMB_CONFIG_FILE='/tmp/ledgersmb.conf'
 fi
 
-      cat <<EOF >./local/conf/ledgersmb.000.yaml
-mail:
-  transport:
-    host: $LSMB_MAIL_SMTPHOST
-EOF
-  fi
+# start ledgersmb
+# --preload-app allows application initialization to kill the entire
+# starman instance (instead of just the worker, which will immediately
+# get restarted) on error; it also has a positive effect on memory use
 
-  if [[ -n "$LSMB_MAIL_SMTPPORT" ]]
-  then
-      cat <<EOF >./local/conf/ledgersmb.001.yaml
-mail:
-  transport:
-    port: $LSMB_MAIL_SMTPPORT
-EOF
-  fi
+echo '--------- LEDGERSMB CONFIGURATION:  ledgersmb.conf'
+cat ${LSMB_CONFIG_FILE:-ledgersmb.conf}
+echo '--------- LEDGERSMB CONFIGURATION --- END'
 
-  if [[ -n "$LSMB_MAIL_SMTPSENDER_HOSTNAME" ]]
-  then
-      cat <<EOF >./local/conf/ledgersmb.002.yaml
-mail:
-  transport:
-    helo: $LSMB_MAIL_SMTPSENDER_HOSTNAME
-EOF
-  fi
-
-  if [[ -n "$LSMB_MAIL_SMTPUSER" ]]
-  then
-      cat <<EOF >./local/conf/ledgersmb.003.yaml
-mail:
-  transport:
-    sasl_authenticator:
-      \$class: Authen::SASL
-      mechanism: $LSMB_MAIL_SMTPAUTHMECH
-      callback:
-        user: $LSMB_MAIL_SMTPUSER
-        pass: $LSMB_MAIL_SMTPPASS
-EOF
-  fi
-fi
-
-exit 0
+# ':5762:' suppresses an uninitialized variable warning in starman
+# the last colon means "don't connect using tls"; without it, there's a warning
+exec starman --listen :5762: --max-workers ${LSMB_WORKERS:-5} \
+             -I lib -I old/lib \
+             --preload-app bin/ledgersmb-server.psgi