* Automatic Dockerfile update by release process

[skip ci]

Dockerfile

@@ -1,9 +1,52 @@
-FROM        debian:buster-slim
-MAINTAINER  Freelock john@freelock.com
-
 # Build time variables
-ARG LSMB_VERSION="1.8.15"
+
+ARG SRCIMAGE=debian:bullseye-slim
+
+
+FROM  $SRCIMAGE AS builder
+
+ARG LSMB_VERSION="1.9.11"
 ARG LSMB_DL_DIR="Releases"
+ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz"
+
+
+RUN set -x ; \
+  DEBIAN_FRONTEND="noninteractive" apt-get -y update && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -y upgrade && \
+  DEBIAN_FRONTEND="noninteractive" apt-get -y install dh-make-perl libmodule-cpanfile-perl git wget && \
+  apt-file update
+
+RUN set -x ; \
+  wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "$ARTIFACT_LOCATION" && \
+  tar -xzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \
+  rm -f /tmp/ledgersmb-$LSMB_VERSION.tar.gz && \
+  cd /srv/ledgersmb && \
+  ( ( for lib in $( cpanfile-dump --with-all-features --recommends --no-configure --no-build --no-test ) ; \
+    do \
+      if dh-make-perl locate "$lib" 2>/dev/null ; \
+      then  \
+        : \
+      else \
+        echo no : $lib ; \
+      fi ; \
+    done ) | grep -v dh-make-perl | grep -v 'not found' | grep -vi 'is in Perl ' | cut -d' ' -f4 | sort | uniq | tee /srv/derived-deps ) && \
+  cat /srv/derived-deps
+
+
+#
+#
+#  The real image build starts here
+#
+#
+
+
+FROM  $SRCIMAGE
+LABEL org.opencontainers.image.authors="LedgerSMB project <devel@lists.ledgersmb.org>"
+
+ARG LSMB_VERSION="1.9.11"
+ARG LSMB_DL_DIR="Releases"
+ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz"
+
 
 # Install Perl, Tex, Starman, psql client, and all dependencies
 # Without libclass-c3-xs-perl, performance is terribly slow...
@@ -13,7 +56,11 @@ ARG LSMB_DL_DIR="Releases"
 # Install Locale::Codes Locale::Country Locale::Language from CPAN to suppress
 # deprecation-as-core-module warning
 
-RUN echo -n "APT::Install-Recommends \"0\";\nAPT::Install-Suggests \"0\";\n" >> /etc/apt/apt.conf && \
+
+COPY --from=builder /srv/derived-deps /tmp/derived-deps
+
+RUN set -x ; \
+  echo -n "APT::Install-Recommends \"0\";\nAPT::Install-Suggests \"0\";\n" >> /etc/apt/apt.conf && \
   mkdir -p /usr/share/man/man1/ && \
   mkdir -p /usr/share/man/man2/ && \
   mkdir -p /usr/share/man/man3/ && \
@@ -21,38 +68,14 @@ RUN echo -n "APT::Install-Recommends \"0\";\nAPT::Install-Suggests \"0\";\n" >>
   mkdir -p /usr/share/man/man5/ && \
   mkdir -p /usr/share/man/man6/ && \
   mkdir -p /usr/share/man/man7/ && \
+  mkdir -p /usr/share/man/man8/ && \
   DEBIAN_FRONTEND="noninteractive" apt-get -y update && \
   DEBIAN_FRONTEND="noninteractive" apt-get -y upgrade && \
   DEBIAN_FRONTEND="noninteractive" apt-get -y install \
     wget ca-certificates gnupg \
-    libauthen-sasl-perl libcgi-emulate-psgi-perl libconfig-inifiles-perl \
+    $( cat /tmp/derived-deps ) \
-    libcookie-baker-perl libdbd-pg-perl libdbi-perl libdata-uuid-perl \
+    libclass-c3-xs-perl \
-    libdatetime-perl libdatetime-format-strptime-perl \
+    texlive-plain-generic texlive-latex-recommended texlive-fonts-recommended \
-    libemail-sender-perl libemail-stuffer-perl libfile-find-rule-perl \
-    libhtml-escape-perl libhttp-headers-fast-perl libio-stringy-perl \
-    libjson-maybexs-perl libcpanel-json-xs-perl libjson-pp-perl \
-    liblist-moreutils-perl \
-    liblocale-maketext-perl liblocale-maketext-lexicon-perl \
-    liblog-log4perl-perl libmime-types-perl \
-    libmath-bigint-gmp-perl libmodule-runtime-perl libmoo-perl \
-    libmoox-types-mooselike-perl libmoose-perl \
-    libmoosex-nonmoose-perl libnumber-format-perl \
-    libpgobject-perl libpgobject-simple-perl libpgobject-simple-role-perl \
-    libpgobject-type-bigfloat-perl libpgobject-type-datetime-perl \
-    libpgobject-type-bytestring-perl libpgobject-util-dbmethod-perl \
-    libpgobject-util-dbadmin-perl libplack-perl \
-    libplack-builder-conditionals-perl libplack-middleware-reverseproxy-perl \
-    libplack-request-withencoding-perl libscope-guard-perl \
-    libsession-storage-secure-perl libstring-random-perl \
-    libtemplate-perl libtext-csv-perl libtext-csv-xs-perl \
-    libtext-markdown-perl libtry-tiny-perl libversion-compare-perl \
-    libxml-libxml-perl libnamespace-autoclean-perl \
-    starman starlet libhttp-parser-xs-perl \
-    libtemplate-plugin-latex-perl libtex-encode-perl \
-    libxml-twig-perl libopenoffice-oodoc-perl \
-    libexcel-writer-xlsx-perl libspreadsheet-writeexcel-perl \
-    libclass-c3-xs-perl liblocale-codes-perl \
-    texlive-latex-recommended texlive-fonts-recommended \
     texlive-xetex fonts-liberation \
     lsb-release && \
   echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
@@ -60,10 +83,9 @@ RUN echo -n "APT::Install-Recommends \"0\";\nAPT::Install-Suggests \"0\";\n" >>
   DEBIAN_FRONTEND="noninteractive" apt-get -y update && \
   DEBIAN_FRONTEND="noninteractive" apt-get -y install postgresql-client && \
   DEBIAN_FRONTEND="noninteractive" apt-get -q -y install git cpanminus make gcc libperl-dev && \
-  wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz" && \
+  wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "$ARTIFACT_LOCATION" && \
   tar -xzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \
   rm -f /tmp/ledgersmb-$LSMB_VERSION.tar.gz && \
-  cpanm --reinstall --notest Locale::Country Locale::Codes Locale::Language && \
   cpanm --notest \
     --with-feature=starman \
     --with-feature=latex-pdf-ps \

README.md

@@ -4,9 +4,10 @@ Dockerfile for LedgerSMB Docker image
 
 # Supported tags
 
-- `1.8`, `1.8.x`, `latest` - Latest official release from the 1.8 branch
+- `1.9`, `1.9.x`, `latest` - Latest official release from the 1.9 branch
+- `1.8`, `1.8.x` - Latest official release from the 1.8 branch
 - `1.7`, `1.7.x` - Latest official release from 1.7 branch
-- `1.6`, `1.6.x` - Latest official release from 1.6 branch 
+- `1.6`, `1.6.33` - Last official release from 1.6 branch 
 - `1.5`, `1.5.30` - Last official release from 1.5 branch
 - `1.4`, `1.4.42` - Last official release from 1.4 branch
 - `master` - Master branch from git, unstable
@@ -45,7 +46,7 @@ could require additional setup of a mail service or CUPS printer service.
 This image can be installed either automatically with the Docker compose file
 or manually with docker only.
 
-## Docker-Compose installation and start
+## Docker-Compose: Installation and start
 
 This image provides `docker-compose.yml` which can be used to pull related
 images, install them, establish an internal network for their communications,
@@ -55,15 +56,27 @@ variables, are:
 
 ```plain
  $ docker-compose pull
- $ docker-compose up
+ $ docker-compose up -d
+```
+
+Or use the following to set a different password and/or parallel processing
+capacity (so called 'workers'):
+
+```plain
+ $ docker-compose pull
+ $ POSTGRES_PASSWORD=def \
+   LSMB_WORKERS=10 \
+   docker-compose up -d
 ```
 
 This will set up two containers: (1) a PostgreSQL container with persistent
 storage which is retained between container updates and (2) a LedgerSMB
 container configured to connect to the PostgreSQL container as its database
-server.
+server. Your LedgerSMB installation should now be accessible through
+[http://localhost:5762/](http://localhost:5762/).
 
-The database username and password are:
+The default number of workers is 5. The default database username and password
+are:
 
 ```plain
    username: postgres
@@ -71,7 +84,7 @@ The database username and password are:
 ```
 
 From here, follow the steps as detailed in the instructions for
-[preparing for first use](https://ledgersmb.org/content/preparing-ledgersmb-17-first-use).
+[preparing for first use](https://ledgersmb.org/content/preparing-ledgersmb-19-first-use).
 
 ## Manual installation
 
@@ -110,9 +123,13 @@ Visit http://localhost:5762/login.pl to log in and get started.
 
 No persistant data is stored in the LedgerSMB container.
 
-All LedgerSMB data is stored in Postgres, so you can stop/destroy/run a
+All LedgerSMB data is stored in PostgreSQL, so you can stop/destroy/run a
 new LedgerSMB container as often as you want.
 
+In case of the Docker Compose setup, all PostgreSQL data is stored on the
+Docker volume with the name ending in `_pgdata`. This volume is not destroyed
+when updating the containers; only explicit removal destroys the data.
+
 # Environment Variables
 
 The LedgerSMB image uses several environment variables. They are all optional.
@@ -148,30 +165,6 @@ affect the performance experience of users.
 
 ## Mail configuration
 
-### Before 1.8.0
-
-These variables are used to set outgoing SMTP defaults.
-
-* `SSMTP_ROOT` (config: `Root` -- DEPRECATED)
-* `SSMTP_MAILHUB` (config: `Mailhub`)
-* `SSMTP_HOSTNAME` (config: `Hostname`)
-* `SSMTP_USE_STARTTLS` (config: `UseSTARTTLS`)
-* `SSMTP_AUTH_USER` (config: `AuthUser`)
-* `SSMTP_AUTH_PASS` (config: `AuthPass`)
-* `SSMTP_AUTH_METHOD` (config: `AuthMethod` -- DEPRECATED)
-* `SSMTP_FROMLINE_OVERRIDE` (config: `FromLineOverride` -- DEPRECATED)
-
-`SSMTP_MAILHUB` defaults to the default docker0 interface, so if your host is
-already configured to relay mail, this should relay successfully with only
-the root and hostname set.
-
-Use the other environment variables to relay mail through a different host.
-Use the [ssmtp.conf man
-page](https://www.systutorials.com/docs/linux/man/5-ssmtp.conf/) to look up
-the meaning and function of each of the mail configuration keys.
-
-### 1.8.0 and higher (under development)
-
 As of 1.8.0, the image is based on Debian Buster instead of Debian Stretch;
 with Buster, the `ssmtp` program has been removed from Debian, this image
 had to change strategy. The main application always came with built-in e-mail
@@ -187,7 +180,51 @@ The following parameters are now supported to set mail preferences:
 * `LSMB_MAIL_SMTPPASS`
 * `LSMB_MAIL_SMTPAUTHMECH`
 
+# Advanced setup
 
+## Docker Compose with reverse proxy
+
+The `docker-compose-reverseproxy.yml` file shows a docker-compose setup
+which adds an Nginx reverse proxy configuration on top of the base
+`docker-compose.yml` configuration file. If the content of this repository
+is cloned into the current directory (`git clone https://github.com/ledgersmb/ledgersmb-docker.git ; cd ledgersmb-docker`), it can be used as:
+
+```plain
+ $ docker-compose \
+    -f docker-compose.yml \
+    -f docker-compose-reverseproxy.yml \
+       up -d
+```
+
+This setup can be used in combination with an image which runs the
+Certbot certificate renewal process *and* Nginx to do TLS termination. The
+default reverse proxy is mostly an example; it publishes on
+[http://localhost:8080/](http://localhost:8080/).
+
+An example of such an image can be found at
+[https://github.com/jonasalfredsson/docker-nginx-certbot](https://github.com/jonasalfredsson/docker-nginx-certbot),
+which is published on Docker Hub as
+[jonasal/nginx-certbot](https://hub.docker.com/r/jonasal/nginx-certbot).
+
+**Upgrade note** When upgrading this setup, please remove the volume ending
+in `_lsmbdata` before starting the upgraded containers. Without that, the
+webcontent won't be upgraded! E.g.:
+
+```plain
+  $ docker-compose \
+      -f docker-compose.yml \
+      -f docker-compose-reverseproxy.yml \
+        rm -s -f -v && \
+    docker volume rm ledgersmb-docker_lsmbdata && \
+    docker-compose \
+      -f docker-compose.yml \
+      -f docker-compose-reverseproxy.yml \
+        pull && \
+    docker-compose \
+      -f docker-compose.yml \
+      -f docker-compose-reverseproxy.yml \
+        up -d
+```
 
 # Troubleshooting/Developing
 
@@ -204,9 +241,8 @@ please contact us on the [mailing list](http://ledgersmb.org/topic/support/maili
 or through a [GitHub issue](https://github.com/ledgersmb/ledgersmb-docker/issues).
 
 You can also reach some of the official LedgerSMB maintainers via the
-`#ledgersmb` IRC channel on [Freenode](https://freenode.net), or on the
+[Matrix](https://matrix.org) room in [#ledgersmb:matrix.org](https://matrix.to/#/#ledgersmb:matrix.org).
-bridged [Matrix](https://matrix.org) room in [#ledgersmb:matrix.org](https://matrix.to/#/#ledgersmb:matrix.org).
+The [Element](https://app.element.io/#/room/#ledgersmb:matrix.org) Matrix client is highly recommended.
-The [Riot.im](https://riot.im/app/#/room/#ledgersmb:matrix.org) Matrix client is highly recommended.
 
 
 ## Contributing

docker-compose-reverseproxy.yml

@@ -0,0 +1,31 @@
+# Use this docker-compose file as:
+#
+#  docker-compose -f docker-compose.yml -f docker-compose-reverseproxy.yml up -d
+#
+#
+# This command creates one
+# compose 'project' consisting of three containers
+#
+#  1. The PostgreSQL data  container
+#  2. The LedgerSMB application container
+#  3. The Nginx reverse proxy container
+#
+# In addition to publishing LedgerSMB on port 5762 on localhost,
+# this project also publishes Nginx's reverse proxied content on
+# port 8080 on localhost
+
+version: "3.2"
+services:
+  proxy:
+    image: nginx:1-alpine
+    volumes:
+      - "lsmbdata:/srv/ledgersmb"
+      - "./nginx.conf:/etc/nginx/nginx.conf"
+    ports:
+      - "8080:8080"
+  lsmb:
+    volumes:
+      - "lsmbdata:/srv/ledgersmb"
+
+volumes:
+  lsmbdata:

docker-compose.yml

@@ -16,10 +16,10 @@ services:
   # because that allows us to use the default hostname ("postgres")
   # from the LedgerSMB configuration
   postgres:
-    image: postgres:9.6-alpine
+    image: postgres:12-alpine
     environment:
       # Replace the password below for a secure setup
-      POSTGRES_PASSWORD: abc
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-abc}
       PGDATA: /var/lib/postgresql/data/pgdata
     networks:
       - internal
@@ -28,7 +28,7 @@ services:
   lsmb:
     depends_on:
       - postgres
-    image: ledgersmb/ledgersmb:1.8
+    image: ghcr.io/ledgersmb/ledgersmb:1.9
     networks:
       - internal
       - default
@@ -47,17 +47,26 @@ services:
       # improve the performance experience, increase memory and the
       # number of workers
       #
-      LSMB_WORKERS: 2
+      LSMB_WORKERS: ${LSMB_WORKERS:-5}
       #
       #
-      # SSMTP_ROOT:
+
-      # SSMTP_HOSTNAME:
+      # LSMB_MAIL_SMTPHOST:
-      # SSMTP_MAILHUB:
+      # LSMB_MAIL_SMTPPORT:
-      # SSMTP_AUTH_USER:
+      # LSMB_MAIL_SMTPTLS:
-      # SSMTP_AUTH_PASS:
+      # LSMB_MAIL_SMTPSENDER_HOSTNAME:
-      # SSMTP_AUTH_METHOD:
+      # LSMB_MAIL_SMTPUSER:
-      # SSMTP_USE_STARTTLS:
+      # LSMB_MAIL_SMTPPASS:
-      # SSMTP_FROMLINE_OVERRIDE:
+      # LSMB_MAIL_SMTPAUTHMECH:
+      #
+      #
+      # The PROXY_IP environment variable lets you set the IP address
+      # (range) of the reverse proxy used for TLS termination, which forwards
+      # its requests to this container. When this reverse proxy runs on the
+      # Docker host, the default below applies. In case the reverse proxy is
+      # hosted in a separate container, this setting needs to be adjusted.
+      #
+      # PROXY_IP: 172.17.0.1/12
 
 # having the dbdata volume is required to persist our
 # data between PostgreSQL container updates; without

nginx.conf

@@ -0,0 +1,81 @@
+# This is a full (minimal) nginx configuration file
+
+error_log /dev/stderr info;
+pid /tmp/nginx.pid;
+worker_processes 1;
+
+events {
+   worker_connections 1024;
+}
+
+http {
+   client_body_temp_path /tmp/client_body;
+   proxy_temp_path /tmp/proxy_temp;
+   fastcgi_temp_path /tmp/fastcgi_temp;
+   scgi_temp_path /tmp/scgi_temp;
+   uwsgi_temp_path /tmp/uwsgi_temp;
+
+   sendfile on;
+   tcp_nopush on;
+   tcp_nodelay on;
+   keepalive_timeout 65;
+   types_hash_max_size 2048;
+   include /etc/nginx/mime.types;
+   default_type application/octet-stream;
+
+   access_log /dev/stdout;
+   error_log /dev/stderr info;
+
+   gzip off;
+   gzip_static on;
+
+   server {
+      listen 8080 default_server;
+      listen [::]:8080 default_server ipv6only=on;
+
+      root /srv/ledgersmb/UI;
+
+      access_log /dev/stdout;
+      error_log /dev/stderr info;
+
+      # Don't log status polls
+      location /nginx_status {
+               stub_status on;
+               access_log off;
+               allow 127.0.0.1;
+               allow ::1;
+               deny all;
+      }
+
+      # Configuration files don't exist
+      location ^~ \.conf$ {
+         return 404;
+      }
+
+      # 'Hidden' files don't exist
+      location ~ /\. {
+         return 404;
+      }
+
+      location = / {
+         return 301 /login.pl;
+      }
+
+      # JS & CSS
+      location ~* \.(js|css)$ {
+         add_header Pragma "public";
+         add_header Cache-Control "public, must-revalidate, proxy-revalidate"; # Production
+         expires     7d; # Indicate that the resource can be cached for 1 week # Production
+         try_files $uri =404;
+      }
+
+      location / {
+         proxy_set_header        Host $host;
+         proxy_set_header        X-Real-IP $remote_addr;
+         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header        X-Forwarded-Proto $scheme;
+         proxy_read_timeout      300;
+         proxy_pass              http://lsmb:5762;
+      }
+   }
+}

start.sh

@@ -85,6 +85,8 @@ ${LSMB_MAIL_SMTPHOST:+smtphost=$LSMB_MAIL_SMTPHOST
 }${LSMB_MAIL_SMTPPASS:+smtppass=$LSMB_MAIL_SMTPPASS
 }${LSMB_MAIL_SMTPAUTHMECH:+smtpauthmech=$LSMB_MAIL_SMTPAUTHMECH
 }
+[proxy]
+ip=${PROXY_IP:-172.17.0.1/12}
 EOF
   export LSMB_CONFIG_FILE='/tmp/ledgersmb.conf'
 fi
@@ -100,6 +102,6 @@ echo '--------- LEDGERSMB CONFIGURATION --- END'
 
 # ':5762:' suppresses an uninitialized variable warning in starman
 # the last colon means "don't connect using tls"; without it, there's a warning
-exec starman --listen :5762: --max-workers ${LSMB_WORKERS:-5} \
+exec starman --listen :5762: --workers ${LSMB_WORKERS:-5} \
              -I lib -I old/lib \
              --preload-app bin/ledgersmb-server.psgi