* Automatic Dockerfile update by release process

[skip ci]

.github/no-response.yml

@@ -1,9 +0,0 @@
-# Configuration for probot-no-response - https://github.com/probot/no-response
-
-# Number of days of inactivity before an Issue is closed for lack of response
-daysUntilClose: 90
-# Label requiring a response
-responseRequiredLabel: waiting-for-user
-# Comment to post when closing an Issue for lack of response. Set to `false` to disable
-closeComment: >
-  Closing: more than 90 days without user response. Feel free to reopen with your comments.

Dockerfile

@@ -1,11 +1,11 @@
 # Build time variables
 
-ARG SRCIMAGE=debian:buster-slim
+ARG SRCIMAGE=debian:bullseye-slim
 
 
 FROM  $SRCIMAGE AS builder
 
-ARG LSMB_VERSION="1.8.30"
+ARG LSMB_VERSION="1.9.6"
 ARG LSMB_DL_DIR="Releases"
 ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz"
 
@@ -41,13 +41,13 @@ RUN set -x ; \
 
 
 FROM  $SRCIMAGE
-MAINTAINER  Freelock john@freelock.com
+LABEL org.opencontainers.image.authors="LedgerSMB project <devel@lists.ledgersmb.org>"
 
-# Build time variables
-ARG LSMB_VERSION="1.8.30"
+ARG LSMB_VERSION="1.9.6"
 ARG LSMB_DL_DIR="Releases"
 ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz"
 
+
 # Install Perl, Tex, Starman, psql client, and all dependencies
 # Without libclass-c3-xs-perl, performance is terribly slow...
 
@@ -56,6 +56,7 @@ ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSI
 # Install Locale::Codes Locale::Country Locale::Language from CPAN to suppress
 # deprecation-as-core-module warning
 
+
 COPY --from=builder /srv/derived-deps /tmp/derived-deps
 
 RUN set -x ; \
@@ -67,13 +68,14 @@ RUN set -x ; \
   mkdir -p /usr/share/man/man5/ && \
   mkdir -p /usr/share/man/man6/ && \
   mkdir -p /usr/share/man/man7/ && \
+  mkdir -p /usr/share/man/man8/ && \
   DEBIAN_FRONTEND="noninteractive" apt-get -y update && \
   DEBIAN_FRONTEND="noninteractive" apt-get -y upgrade && \
   DEBIAN_FRONTEND="noninteractive" apt-get -y install \
     wget ca-certificates gnupg \
     $( cat /tmp/derived-deps ) \
     libclass-c3-xs-perl \
-    texlive-latex-recommended texlive-fonts-recommended \
+    texlive-plain-generic texlive-latex-recommended texlive-fonts-recommended \
     texlive-xetex fonts-liberation \
     lsb-release && \
   echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
@@ -84,7 +86,6 @@ RUN set -x ; \
   wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "$ARTIFACT_LOCATION" && \
   tar -xzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \
   rm -f /tmp/ledgersmb-$LSMB_VERSION.tar.gz && \
-  cpanm --reinstall --notest Locale::Country Locale::Codes Locale::Language && \
   cpanm --notest \
     --with-feature=starman \
     --with-feature=latex-pdf-ps \

README.md

@@ -4,7 +4,8 @@ Dockerfile for LedgerSMB Docker image
 
 # Supported tags
 
-- `1.8`, `1.8.x`, `latest` - Latest official release from the 1.8 branch
+- `1.9`, `1.9.x`, `latest` - Latest official release from the 1.9 branch
+- `1.8`, `1.8.x` - Latest official release from the 1.8 branch
 - `1.7`, `1.7.x` - Latest official release from 1.7 branch
 - `1.6`, `1.6.33` - Last official release from 1.6 branch 
 - `1.5`, `1.5.30` - Last official release from 1.5 branch
@@ -12,7 +13,7 @@ Dockerfile for LedgerSMB Docker image
 - `master` - Master branch from git, unstable
 
 Containers supporting the development process are provided
-through the [ledgersmb-dev-docker project](https://github.com/ledgersmb/ledgersmb-dev-docker/blob/master/README.md#getting-started).
+through the ledgersmb-dev-docker project. See https://github.com/ledgersmb/ledgersmb-dev-docker/blob/master/README.md#getting-started.
 
 # What is LedgerSMB?
 
@@ -45,7 +46,7 @@ could require additional setup of a mail service or CUPS printer service.
 This image can be installed either automatically with the Docker compose file
 or manually with docker only.
 
-## Docker-Compose installation and start
+## Docker-Compose: Installation and start
 
 This image provides `docker-compose.yml` which can be used to pull related
 images, install them, establish an internal network for their communications,
@@ -58,24 +59,24 @@ variables, are:
  $ docker-compose up -d
 ```
 
+Or use the following to set a different password and/or parallel processing
+capacity (so called 'workers'):
+
+```plain
+ $ docker-compose pull
+ $ POSTGRES_PASSWORD=def \
+   LSMB_WORKERS=10 \
+   docker-compose up -d
+```
+
 This will set up two containers: (1) a PostgreSQL container with persistent
 storage which is retained between container updates and (2) a LedgerSMB
 container configured to connect to the PostgreSQL container as its database
-server. The containers will be running in the background and can be stopped
-and started by running:
+server. Your LedgerSMB installation should now be accessible through
+[http://localhost:5762/](http://localhost:5762/).
 
-```plain
-# Stopping the containers
-$ docker-compose stop
-
-# Starting the containers
-$ docker-compose start
-```
-
-(Check the status of the containers using `docker-compose ps`; when the
-containers are running, the `State` column shows `Up`.)
-
-The database username and password are:
+The default number of workers is 5. The default database username and password
+are:
 
 ```plain
    username: postgres
@@ -83,7 +84,7 @@ The database username and password are:
 ```
 
 From here, follow the steps as detailed in the instructions for
-[preparing for first use](https://ledgersmb.org/content/preparing-ledgersmb-17-first-use).
+[preparing for first use](https://ledgersmb.org/content/preparing-ledgersmb-19-first-use).
 
 ## Manual installation
 
@@ -122,9 +123,13 @@ Visit http://localhost:5762/login.pl to log in and get started.
 
 No persistant data is stored in the LedgerSMB container.
 
-All LedgerSMB data is stored in Postgres, so you can stop/destroy/run a
+All LedgerSMB data is stored in PostgreSQL, so you can stop/destroy/run a
 new LedgerSMB container as often as you want.
 
+In case of the Docker Compose setup, all PostgreSQL data is stored on the
+Docker volume with the name ending in `_pgdata`. This volume is not destroyed
+when updating the containers; only explicit removal destroys the data.
+
 # Environment Variables
 
 The LedgerSMB image uses several environment variables. They are all optional.
@@ -160,8 +165,6 @@ affect the performance experience of users.
 
 ## Mail configuration
 
-### 1.8.0 and higher
-
 As of 1.8.0, the image is based on Debian Buster instead of Debian Stretch;
 with Buster, the `ssmtp` program has been removed from Debian, this image
 had to change strategy. The main application always came with built-in e-mail
@@ -177,28 +180,51 @@ The following parameters are now supported to set mail preferences:
 * `LSMB_MAIL_SMTPPASS`
 * `LSMB_MAIL_SMTPAUTHMECH`
 
+# Advanced setup
 
-### Before 1.8.0
+## Docker Compose with reverse proxy
 
-These variables are used to set outgoing SMTP defaults.
+The `docker-compose-reverseproxy.yml` file shows a docker-compose setup
+which adds an Nginx reverse proxy configuration on top of the base
+`docker-compose.yml` configuration file. If the content of this repository
+is cloned into the current directory (`git clone https://github.com/ledgersmb/ledgersmb-docker.git ; cd ledgersmb-docker`), it can be used as:
 
-* `SSMTP_ROOT` (config: `Root` -- DEPRECATED)
-* `SSMTP_MAILHUB` (config: `Mailhub`)
-* `SSMTP_HOSTNAME` (config: `Hostname`)
-* `SSMTP_USE_STARTTLS` (config: `UseSTARTTLS`)
-* `SSMTP_AUTH_USER` (config: `AuthUser`)
-* `SSMTP_AUTH_PASS` (config: `AuthPass`)
-* `SSMTP_AUTH_METHOD` (config: `AuthMethod` -- DEPRECATED)
-* `SSMTP_FROMLINE_OVERRIDE` (config: `FromLineOverride` -- DEPRECATED)
+```plain
+ $ docker-compose \
+    -f docker-compose.yml \
+    -f docker-compose-reverseproxy.yml \
+       up -d
+```
 
-`SSMTP_MAILHUB` defaults to the default docker0 interface, so if your host is
-already configured to relay mail, this should relay successfully with only
-the root and hostname set.
+This setup can be used in combination with an image which runs the
+Certbot certificate renewal process *and* Nginx to do TLS termination. The
+default reverse proxy is mostly an example; it publishes on
+[http://localhost:8080/](http://localhost:8080/).
 
-Use the other environment variables to relay mail through a different host.
-Use the [ssmtp.conf man
-page](https://www.systutorials.com/docs/linux/man/5-ssmtp.conf/) to look up
-the meaning and function of each of the mail configuration keys.
+An example of such an image can be found at
+[https://github.com/jonasalfredsson/docker-nginx-certbot](https://github.com/jonasalfredsson/docker-nginx-certbot),
+which is published on Docker Hub as
+[jonasal/nginx-certbot](https://hub.docker.com/r/jonasal/nginx-certbot).
+
+**Upgrade note** When upgrading this setup, please remove the volume ending
+in `_lsmbdata` before starting the upgraded containers. Without that, the
+webcontent won't be upgraded! E.g.:
+
+```plain
+  $ docker-compose \
+      -f docker-compose.yml \
+      -f docker-compose-reverseproxy.yml \
+        rm -s -f -v && \
+    docker volume rm ledgersmb-docker_lsmbdata && \
+    docker-compose \
+      -f docker-compose.yml \
+      -f docker-compose-reverseproxy.yml \
+        pull && \
+    docker-compose \
+      -f docker-compose.yml \
+      -f docker-compose-reverseproxy.yml \
+        up -d
+```
 
 # Troubleshooting/Developing
 
@@ -215,9 +241,8 @@ please contact us on the [mailing list](http://ledgersmb.org/topic/support/maili
 or through a [GitHub issue](https://github.com/ledgersmb/ledgersmb-docker/issues).
 
 You can also reach some of the official LedgerSMB maintainers via the
-`#ledgersmb` IRC channel on [Freenode](https://freenode.net), or on the
-bridged [Matrix](https://matrix.org) room in [#ledgersmb:matrix.org](https://matrix.to/#/#ledgersmb:matrix.org).
-The [Riot.im](https://riot.im/app/#/room/#ledgersmb:matrix.org) Matrix client is highly recommended.
+[Matrix](https://matrix.org) room in [#ledgersmb:matrix.org](https://matrix.to/#/#ledgersmb:matrix.org).
+The [Element](https://app.element.io/#/room/#ledgersmb:matrix.org) Matrix client is highly recommended.
 
 
 ## Contributing

docker-compose-reverseproxy.yml

@@ -0,0 +1,31 @@
+# Use this docker-compose file as:
+#
+#  docker-compose -f docker-compose.yml -f docker-compose-reverseproxy.yml up -d
+#
+#
+# This command creates one
+# compose 'project' consisting of three containers
+#
+#  1. The PostgreSQL data  container
+#  2. The LedgerSMB application container
+#  3. The Nginx reverse proxy container
+#
+# In addition to publishing LedgerSMB on port 5762 on localhost,
+# this project also publishes Nginx's reverse proxied content on
+# port 8080 on localhost
+
+version: "3.2"
+services:
+  proxy:
+    image: nginx:1-alpine
+    volumes:
+      - "lsmbdata:/srv/ledgersmb"
+      - "./nginx.conf:/etc/nginx/nginx.conf"
+    ports:
+      - "8080:8080"
+  lsmb:
+    volumes:
+      - "lsmbdata:/srv/ledgersmb"
+
+volumes:
+  lsmbdata:

docker-compose.yml

@@ -16,10 +16,10 @@ services:
   # because that allows us to use the default hostname ("postgres")
   # from the LedgerSMB configuration
   postgres:
-    image: postgres:9.6-alpine
+    image: postgres:12-alpine
     environment:
       # Replace the password below for a secure setup
-      POSTGRES_PASSWORD: abc
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-abc}
       PGDATA: /var/lib/postgresql/data/pgdata
     networks:
       - internal
@@ -28,7 +28,7 @@ services:
   lsmb:
     depends_on:
       - postgres
-    image: ghcr.io/ledgersmb/ledgersmb:1.8
+    image: ledgersmb/ledgersmb:1.9
     networks:
       - internal
       - default
@@ -47,9 +47,10 @@ services:
       # improve the performance experience, increase memory and the
       # number of workers
       #
-      LSMB_WORKERS: 2
+      LSMB_WORKERS: ${LSMB_WORKERS:-5}
       #
       #
+
       # LSMB_MAIL_SMTPHOST:
       # LSMB_MAIL_SMTPPORT:
       # LSMB_MAIL_SMTPTLS:

nginx.conf

@@ -0,0 +1,81 @@
+# This is a full (minimal) nginx configuration file
+
+error_log /dev/stderr info;
+pid /tmp/nginx.pid;
+worker_processes 1;
+
+events {
+   worker_connections 1024;
+}
+
+http {
+   client_body_temp_path /tmp/client_body;
+   proxy_temp_path /tmp/proxy_temp;
+   fastcgi_temp_path /tmp/fastcgi_temp;
+   scgi_temp_path /tmp/scgi_temp;
+   uwsgi_temp_path /tmp/uwsgi_temp;
+
+   sendfile on;
+   tcp_nopush on;
+   tcp_nodelay on;
+   keepalive_timeout 65;
+   types_hash_max_size 2048;
+   include /etc/nginx/mime.types;
+   default_type application/octet-stream;
+
+   access_log /dev/stdout;
+   error_log /dev/stderr info;
+
+   gzip off;
+   gzip_static on;
+
+   server {
+      listen 8080 default_server;
+      listen [::]:8080 default_server ipv6only=on;
+
+      root /srv/ledgersmb/UI;
+
+      access_log /dev/stdout;
+      error_log /dev/stderr info;
+
+      # Don't log status polls
+      location /nginx_status {
+               stub_status on;
+               access_log off;
+               allow 127.0.0.1;
+               allow ::1;
+               deny all;
+      }
+
+      # Configuration files don't exist
+      location ^~ \.conf$ {
+         return 404;
+      }
+
+      # 'Hidden' files don't exist
+      location ~ /\. {
+         return 404;
+      }
+
+      location = / {
+         return 301 /login.pl;
+      }
+
+      # JS & CSS
+      location ~* \.(js|css)$ {
+         add_header Pragma "public";
+         add_header Cache-Control "public, must-revalidate, proxy-revalidate"; # Production
+         expires     7d; # Indicate that the resource can be cached for 1 week # Production
+         try_files $uri =404;
+      }
+
+      location / {
+         proxy_set_header        Host $host;
+         proxy_set_header        X-Real-IP $remote_addr;
+         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header        X-Forwarded-Proto $scheme;
+         proxy_read_timeout      300;
+         proxy_pass              http://lsmb:5762;
+      }
+   }
+}

start.sh

@@ -102,6 +102,6 @@ echo '--------- LEDGERSMB CONFIGURATION --- END'
 
 # ':5762:' suppresses an uninitialized variable warning in starman
 # the last colon means "don't connect using tls"; without it, there's a warning
-exec starman --listen :5762: --max-workers ${LSMB_WORKERS:-5} \
+exec starman --listen :5762: --workers ${LSMB_WORKERS:-5} \
              -I lib -I old/lib \
              --preload-app bin/ledgersmb-server.psgi