mirror of
				https://github.com/ledgersmb/ledgersmb-docker.git
				synced 2025-10-22 12:10:31 -04:00 
			
		
		
		
	Compare commits
	
		
			33 Commits
		
	
	
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | 3658a14ccd | ||
|  | f114db8fcb | ||
|  | 2849671500 | ||
|  | bdebd44ae0 | ||
|  | c95e4b4b9d | ||
|  | 7c89b26987 | ||
|  | cd7f62abc6 | ||
|  | d518733d23 | ||
|  | 53c4e6ac92 | ||
|  | 78b902ddc9 | ||
|  | c1fee69d52 | ||
|  | 33d4019521 | ||
|  | 2a138c50f2 | ||
|  | 11baa4c0a0 | ||
|  | 7e914dbfd1 | ||
|  | 1a1d294e31 | ||
|  | 44b544c8ba | ||
|  | 5dc7176b3f | ||
|  | f25dee9473 | ||
|  | 0332a27535 | ||
|  | 19c6b2d6df | ||
|  | 6ff37dc952 | ||
|  | da234d021d | ||
|  | ffb7ff1a09 | ||
|  | 966c1fd043 | ||
|  | ba98f4c5c0 | ||
|  | 20bd26798a | ||
|  | f4bc2c874f | ||
|  | 0897045096 | ||
|  | 53ab84cbaa | ||
|  | 760c5c0138 | ||
|  | 8930ac395d | ||
|  | 1bbf65543b | 
							
								
								
									
										134
									
								
								Dockerfile
									
									
									
									
									
								
							
							
						
						
									
										134
									
								
								Dockerfile
									
									
									
									
									
								
							| @@ -1,64 +1,27 @@ | |||||||
|  | FROM        debian:stretch-slim | ||||||
|  | MAINTAINER  Freelock john@freelock.com | ||||||
|  |  | ||||||
| # Build time variables | # Build time variables | ||||||
|  | ARG LSMB_VERSION="1.7.33" | ||||||
| ARG SRCIMAGE=debian:bullseye-slim |  | ||||||
|  |  | ||||||
|  |  | ||||||
| FROM  $SRCIMAGE AS builder |  | ||||||
|  |  | ||||||
| ARG LSMB_VERSION="1.9.14" |  | ||||||
| ARG LSMB_DL_DIR="Releases" | ARG LSMB_DL_DIR="Releases" | ||||||
| ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz" | ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz" | ||||||
|  |  | ||||||
|  |  | ||||||
| RUN set -x ; \ |  | ||||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -y update && \ |  | ||||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -y upgrade && \ |  | ||||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -y install dh-make-perl libmodule-cpanfile-perl git wget && \ |  | ||||||
|   apt-file update |  | ||||||
|  |  | ||||||
| RUN set -x ; \ |  | ||||||
|   wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "$ARTIFACT_LOCATION" && \ |  | ||||||
|   tar -xzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \ |  | ||||||
|   rm -f /tmp/ledgersmb-$LSMB_VERSION.tar.gz && \ |  | ||||||
|   cd /srv/ledgersmb && \ |  | ||||||
|   ( ( for lib in $( cpanfile-dump --with-all-features --recommends --no-configure --no-build --no-test ) ; \ |  | ||||||
|     do \ |  | ||||||
|       if dh-make-perl locate "$lib" 2>/dev/null ; \ |  | ||||||
|       then  \ |  | ||||||
|         : \ |  | ||||||
|       else \ |  | ||||||
|         echo no : $lib ; \ |  | ||||||
|       fi ; \ |  | ||||||
|     done ) | grep -v dh-make-perl | grep -v 'not found' | grep -vi 'is in Perl ' | cut -d' ' -f4 | sort | uniq | tee /srv/derived-deps ) && \ |  | ||||||
|   cat /srv/derived-deps |  | ||||||
|  |  | ||||||
|  |  | ||||||
| # |  | ||||||
| # |  | ||||||
| #  The real image build starts here |  | ||||||
| # |  | ||||||
| # |  | ||||||
|  |  | ||||||
|  |  | ||||||
| FROM  $SRCIMAGE |  | ||||||
| LABEL org.opencontainers.image.authors="LedgerSMB project <devel@lists.ledgersmb.org>" |  | ||||||
|  |  | ||||||
| ARG LSMB_VERSION="1.9.14" |  | ||||||
| ARG LSMB_DL_DIR="Releases" |  | ||||||
| ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz" |  | ||||||
|  |  | ||||||
|  |  | ||||||
| # Install Perl, Tex, Starman, psql client, and all dependencies | # Install Perl, Tex, Starman, psql client, and all dependencies | ||||||
| # Without libclass-c3-xs-perl, performance is terribly slow... | # Without libclass-c3-xs-perl, performance is terribly slow... | ||||||
|  | # Without libclass-accessor-lite-perl, HTML::Entities won't build from CPAN | ||||||
|  | # libnet-cidr-lite-perl is a dependency for Plack::Builder::Conditionals | ||||||
|  | #   which is being installed from CPAN | ||||||
|  | # libtest-requires-perl is a dependency of Module-Build-Pluggable-PPPort | ||||||
|  | #   on which HTML::Escape depends | ||||||
|  |  | ||||||
| # Installing psql client directly from instructions at https://wiki.postgresql.org/wiki/Apt | # Installing psql client directly from instructions at https://wiki.postgresql.org/wiki/Apt | ||||||
| # That mitigates issues where the PG instance is running a newer version than this container | # That mitigates issues where the PG instance is running a newer version than this container | ||||||
| # Install Locale::Codes Locale::Country Locale::Language from CPAN to suppress |  | ||||||
| # deprecation-as-core-module warning |  | ||||||
|  |  | ||||||
|  |  | ||||||
| COPY --from=builder /srv/derived-deps /tmp/derived-deps |  | ||||||
|  |  | ||||||
|  | # for Buster, add: | ||||||
|  | #    libhtml-escape-perl \ | ||||||
|  | #    libplack-middleware-builder-conditionals-perl \ | ||||||
|  | #    libplack-request-withencoding-perl \ | ||||||
|  | #libversion-compare-perl | ||||||
| RUN set -x ; \ | RUN set -x ; \ | ||||||
|   echo -n "APT::Install-Recommends \"0\";\nAPT::Install-Suggests \"0\";\n" >> /etc/apt/apt.conf && \ |   echo -n "APT::Install-Recommends \"0\";\nAPT::Install-Suggests \"0\";\n" >> /etc/apt/apt.conf && \ | ||||||
|   mkdir -p /usr/share/man/man1/ && \ |   mkdir -p /usr/share/man/man1/ && \ | ||||||
| @@ -68,20 +31,41 @@ RUN set -x ; \ | |||||||
|   mkdir -p /usr/share/man/man5/ && \ |   mkdir -p /usr/share/man/man5/ && \ | ||||||
|   mkdir -p /usr/share/man/man6/ && \ |   mkdir -p /usr/share/man/man6/ && \ | ||||||
|   mkdir -p /usr/share/man/man7/ && \ |   mkdir -p /usr/share/man/man7/ && \ | ||||||
|   mkdir -p /usr/share/man/man8/ && \ |   DEBIAN_FRONTEND="noninteractive" apt-get update -q && \ | ||||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -y update && \ |   DEBIAN_FRONTEND="noninteractive" apt-get dist-upgrade -y -q && \ | ||||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -y upgrade && \ |   DEBIAN_FRONTEND="noninteractive" apt-get -y -q install \ | ||||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -y install \ |  | ||||||
|     wget ca-certificates gnupg \ |     wget ca-certificates gnupg \ | ||||||
|     $( cat /tmp/derived-deps ) \ |     libcgi-emulate-psgi-perl libconfig-inifiles-perl \ | ||||||
|     libclass-c3-xs-perl \ |     libdbd-pg-perl libdbi-perl libdata-uuid-perl libdatetime-perl \ | ||||||
|     texlive-plain-generic texlive-latex-recommended texlive-fonts-recommended \ |     libdatetime-format-strptime-perl \ | ||||||
|  |     libio-stringy-perl \ | ||||||
|  |     libcpanel-json-xs-perl liblist-moreutils-perl \ | ||||||
|  |     liblocale-maketext-perl liblocale-maketext-lexicon-perl \ | ||||||
|  |     liblog-log4perl-perl libmime-lite-perl libmime-types-perl \ | ||||||
|  |     libmath-bigint-gmp-perl libmodule-runtime-perl libmoose-perl \ | ||||||
|  |     libmoosex-nonmoose-perl libnumber-format-perl \ | ||||||
|  |     libpgobject-perl libpgobject-simple-perl libpgobject-simple-role-perl \ | ||||||
|  |     libpgobject-type-bigfloat-perl libpgobject-type-datetime-perl \ | ||||||
|  |     libpgobject-type-bytestring-perl libpgobject-util-dbmethod-perl \ | ||||||
|  |     libpgobject-util-dbadmin-perl libplack-perl \ | ||||||
|  |     libplack-middleware-reverseproxy-perl \ | ||||||
|  |     libtemplate-perl libtext-csv-perl libtext-csv-xs-perl \ | ||||||
|  |     libtext-markdown-perl  libxml-simple-perl \ | ||||||
|  |     libnamespace-autoclean-perl \ | ||||||
|  |     libfile-find-rule-perl \ | ||||||
|  |     libtemplate-plugin-latex-perl libtex-encode-perl \ | ||||||
|  |     libclass-c3-xs-perl libclass-accessor-lite-perl \ | ||||||
|  |     libnet-cidr-lite-perl \ | ||||||
|  |     texlive-latex-recommended texlive-fonts-recommended \ | ||||||
|     texlive-xetex fonts-liberation \ |     texlive-xetex fonts-liberation \ | ||||||
|  |     starman \ | ||||||
|  |     libopenoffice-oodoc-perl \ | ||||||
|  |     ssmtp \ | ||||||
|     lsb-release && \ |     lsb-release && \ | ||||||
|   echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \ |   echo "deb http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \ | ||||||
|   (wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -) && \ |   (wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -) && \ | ||||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -y update && \ |   DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \ | ||||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -y install postgresql-client && \ |   DEBIAN_FRONTEND="noninteractive" apt-get -q -y install postgresql-client && \ | ||||||
|   DEBIAN_FRONTEND="noninteractive" apt-get -q -y install git cpanminus make gcc libperl-dev && \ |   DEBIAN_FRONTEND="noninteractive" apt-get -q -y install git cpanminus make gcc libperl-dev && \ | ||||||
|   wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "$ARTIFACT_LOCATION" && \ |   wget --quiet -O /tmp/ledgersmb-$LSMB_VERSION.tar.gz "$ARTIFACT_LOCATION" && \ | ||||||
|   tar -xzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \ |   tar -xzf /tmp/ledgersmb-$LSMB_VERSION.tar.gz --directory /srv && \ | ||||||
| @@ -93,8 +77,9 @@ RUN set -x ; \ | |||||||
|     --installdeps /srv/ledgersmb/ && \ |     --installdeps /srv/ledgersmb/ && \ | ||||||
|   apt-get purge -q -y git cpanminus make gcc libperl-dev && \ |   apt-get purge -q -y git cpanminus make gcc libperl-dev && \ | ||||||
|   apt-get autoremove -q -y && \ |   apt-get autoremove -q -y && \ | ||||||
|   apt-get clean -q && \ |   apt-get autoclean -q && \ | ||||||
|   rm -rf ~/.cpanm/ /var/lib/apt/lists/* /usr/share/man/* |   rm -rf ~/.cpanm/ && \ | ||||||
|  |   rm -rf /var/lib/apt/lists/* /usr/share/man/* | ||||||
|  |  | ||||||
|  |  | ||||||
| WORKDIR /srv/ledgersmb | WORKDIR /srv/ledgersmb | ||||||
| @@ -103,27 +88,30 @@ WORKDIR /srv/ledgersmb | |||||||
|  |  | ||||||
| # Configure outgoing mail to use host, other run time variable defaults | # Configure outgoing mail to use host, other run time variable defaults | ||||||
|  |  | ||||||
| ## MAIL | ## sSMTP | ||||||
| ENV LSMB_MAIL_SMTPHOST 172.17.0.1 | ENV SSMTP_ROOT ar@example.com | ||||||
| #ENV LSMB_MAIL_SMTPPORT 25 | ENV SSMTP_MAILHUB 172.17.0.1 | ||||||
| #ENV LSMB_MAIL_SMTPSENDER_HOSTNAME (container hostname) | ENV SSMTP_HOSTNAME 172.17.0.1 | ||||||
| #ENV LSMB_MAIL_SMTPTLS | #ENV SSMTP_USE_STARTTLS | ||||||
| #ENV LSMB_MAIL_SMTPUSER | #ENV SSMTP_AUTH_USER | ||||||
| #ENV LSMB_MAIL_SMTPPASS | #ENV SSMTP_AUTH_PASS | ||||||
| #ENV LSMB_MAIL_SMTPAUTHMECH | ENV SSMTP_FROMLINE_OVERRIDE YES | ||||||
|  | #ENV SSMTP_AUTH_METHOD | ||||||
|  |  | ||||||
| ## DATABASE |  | ||||||
| ENV POSTGRES_HOST postgres | ENV POSTGRES_HOST postgres | ||||||
| ENV POSTGRES_PORT 5432 | ENV POSTGRES_PORT 5432 | ||||||
| ENV DEFAULT_DB lsmb | ENV DEFAULT_DB lsmb | ||||||
|  |  | ||||||
| COPY start.sh /usr/local/bin/start.sh | COPY start.sh /usr/local/bin/start.sh | ||||||
|  | COPY update_ssmtp.sh /usr/local/bin/update_ssmtp.sh | ||||||
|  |  | ||||||
| RUN chmod +x /usr/local/bin/start.sh && \ | RUN chown www-data /etc/ssmtp /etc/ssmtp/ssmtp.conf && \ | ||||||
|  |   chmod +x /usr/local/bin/update_ssmtp.sh /usr/local/bin/start.sh && \ | ||||||
|   mkdir -p /var/www |   mkdir -p /var/www | ||||||
|  |  | ||||||
| # Work around an aufs bug related to directory permissions: | # Work around an aufs bug related to directory permissions: | ||||||
| RUN mkdir -p /tmp && chmod 1777 /tmp | RUN mkdir -p /tmp && \ | ||||||
|  |   chmod 1777 /tmp | ||||||
|  |  | ||||||
| # Internal Port Expose | # Internal Port Expose | ||||||
| EXPOSE 5762 | EXPOSE 5762 | ||||||
|   | |||||||
							
								
								
									
										106
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										106
									
								
								README.md
									
									
									
									
									
								
							| @@ -4,9 +4,8 @@ Dockerfile for LedgerSMB Docker image | |||||||
|  |  | ||||||
| # Supported tags | # Supported tags | ||||||
|  |  | ||||||
| - `1.9`, `1.9.x`, `latest` - Latest official release from the 1.9 branch | - `1.8` - Preview version for the 1.8 branch | ||||||
| - `1.8`, `1.8.x` - Latest official release from the 1.8 branch | - `1.7`, `1.7.x`, `latest` - Latest official release from 1.7 branch | ||||||
| - `1.7`, `1.7.x` - Latest official release from 1.7 branch |  | ||||||
| - `1.6`, `1.6.33` - Last official release from 1.6 branch  | - `1.6`, `1.6.33` - Last official release from 1.6 branch  | ||||||
| - `1.5`, `1.5.30` - Last official release from 1.5 branch | - `1.5`, `1.5.30` - Last official release from 1.5 branch | ||||||
| - `1.4`, `1.4.42` - Last official release from 1.4 branch | - `1.4`, `1.4.42` - Last official release from 1.4 branch | ||||||
| @@ -46,7 +45,7 @@ could require additional setup of a mail service or CUPS printer service. | |||||||
| This image can be installed either automatically with the Docker compose file | This image can be installed either automatically with the Docker compose file | ||||||
| or manually with docker only. | or manually with docker only. | ||||||
|  |  | ||||||
| ## Docker-Compose: Installation and start | ## Docker-Compose installation and start | ||||||
|  |  | ||||||
| This image provides `docker-compose.yml` which can be used to pull related | This image provides `docker-compose.yml` which can be used to pull related | ||||||
| images, install them, establish an internal network for their communications, | images, install them, establish an internal network for their communications, | ||||||
| @@ -56,27 +55,15 @@ variables, are: | |||||||
|  |  | ||||||
| ```plain | ```plain | ||||||
|  $ docker-compose pull |  $ docker-compose pull | ||||||
|  $ docker-compose up -d |  $ docker-compose up | ||||||
| ``` |  | ||||||
|  |  | ||||||
| Or use the following to set a different password and/or parallel processing |  | ||||||
| capacity (so called 'workers'): |  | ||||||
|  |  | ||||||
| ```plain |  | ||||||
|  $ docker-compose pull |  | ||||||
|  $ POSTGRES_PASSWORD=def \ |  | ||||||
|    LSMB_WORKERS=10 \ |  | ||||||
|    docker-compose up -d |  | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| This will set up two containers: (1) a PostgreSQL container with persistent | This will set up two containers: (1) a PostgreSQL container with persistent | ||||||
| storage which is retained between container updates and (2) a LedgerSMB | storage which is retained between container updates and (2) a LedgerSMB | ||||||
| container configured to connect to the PostgreSQL container as its database | container configured to connect to the PostgreSQL container as its database | ||||||
| server. Your LedgerSMB installation should now be accessible through | server. | ||||||
| [http://localhost:5762/](http://localhost:5762/). |  | ||||||
|  |  | ||||||
| The default number of workers is 5. The default database username and password | The database username and password are: | ||||||
| are: |  | ||||||
|  |  | ||||||
| ```plain | ```plain | ||||||
|    username: postgres |    username: postgres | ||||||
| @@ -84,7 +71,7 @@ are: | |||||||
| ``` | ``` | ||||||
|  |  | ||||||
| From here, follow the steps as detailed in the instructions for | From here, follow the steps as detailed in the instructions for | ||||||
| [preparing for first use](https://ledgersmb.org/content/preparing-ledgersmb-19-first-use). | [preparing for first use](https://ledgersmb.org/content/preparing-ledgersmb-17-first-use). | ||||||
|  |  | ||||||
| ## Manual installation | ## Manual installation | ||||||
|  |  | ||||||
| @@ -123,13 +110,9 @@ Visit http://localhost:5762/login.pl to log in and get started. | |||||||
|  |  | ||||||
| No persistant data is stored in the LedgerSMB container. | No persistant data is stored in the LedgerSMB container. | ||||||
|  |  | ||||||
| All LedgerSMB data is stored in PostgreSQL, so you can stop/destroy/run a | All LedgerSMB data is stored in Postgres, so you can stop/destroy/run a | ||||||
| new LedgerSMB container as often as you want. | new LedgerSMB container as often as you want. | ||||||
|  |  | ||||||
| In case of the Docker Compose setup, all PostgreSQL data is stored on the |  | ||||||
| Docker volume with the name ending in `_pgdata`. This volume is not destroyed |  | ||||||
| when updating the containers; only explicit removal destroys the data. |  | ||||||
|  |  | ||||||
| # Environment Variables | # Environment Variables | ||||||
|  |  | ||||||
| The LedgerSMB image uses several environment variables. They are all optional. | The LedgerSMB image uses several environment variables. They are all optional. | ||||||
| @@ -165,6 +148,30 @@ affect the performance experience of users. | |||||||
|  |  | ||||||
| ## Mail configuration | ## Mail configuration | ||||||
|  |  | ||||||
|  | ### Before 1.8.0 | ||||||
|  |  | ||||||
|  | These variables are used to set outgoing SMTP defaults. | ||||||
|  |  | ||||||
|  | * `SSMTP_ROOT` (config: `Root` -- DEPRECATED) | ||||||
|  | * `SSMTP_MAILHUB` (config: `Mailhub`) | ||||||
|  | * `SSMTP_HOSTNAME` (config: `Hostname`) | ||||||
|  | * `SSMTP_USE_STARTTLS` (config: `UseSTARTTLS`) | ||||||
|  | * `SSMTP_AUTH_USER` (config: `AuthUser`) | ||||||
|  | * `SSMTP_AUTH_PASS` (config: `AuthPass`) | ||||||
|  | * `SSMTP_AUTH_METHOD` (config: `AuthMethod` -- DEPRECATED) | ||||||
|  | * `SSMTP_FROMLINE_OVERRIDE` (config: `FromLineOverride` -- DEPRECATED) | ||||||
|  |  | ||||||
|  | `SSMTP_MAILHUB` defaults to the default docker0 interface, so if your host is | ||||||
|  | already configured to relay mail, this should relay successfully with only | ||||||
|  | the root and hostname set. | ||||||
|  |  | ||||||
|  | Use the other environment variables to relay mail through a different host. | ||||||
|  | Use the [ssmtp.conf man | ||||||
|  | page](https://www.systutorials.com/docs/linux/man/5-ssmtp.conf/) to look up | ||||||
|  | the meaning and function of each of the mail configuration keys. | ||||||
|  |  | ||||||
|  | ### 1.8.0 and higher (under development) | ||||||
|  |  | ||||||
| As of 1.8.0, the image is based on Debian Buster instead of Debian Stretch; | As of 1.8.0, the image is based on Debian Buster instead of Debian Stretch; | ||||||
| with Buster, the `ssmtp` program has been removed from Debian, this image | with Buster, the `ssmtp` program has been removed from Debian, this image | ||||||
| had to change strategy. The main application always came with built-in e-mail | had to change strategy. The main application always came with built-in e-mail | ||||||
| @@ -180,51 +187,7 @@ The following parameters are now supported to set mail preferences: | |||||||
| * `LSMB_MAIL_SMTPPASS` | * `LSMB_MAIL_SMTPPASS` | ||||||
| * `LSMB_MAIL_SMTPAUTHMECH` | * `LSMB_MAIL_SMTPAUTHMECH` | ||||||
|  |  | ||||||
| # Advanced setup |  | ||||||
|  |  | ||||||
| ## Docker Compose with reverse proxy |  | ||||||
|  |  | ||||||
| The `docker-compose-reverseproxy.yml` file shows a docker-compose setup |  | ||||||
| which adds an Nginx reverse proxy configuration on top of the base |  | ||||||
| `docker-compose.yml` configuration file. If the content of this repository |  | ||||||
| is cloned into the current directory (`git clone https://github.com/ledgersmb/ledgersmb-docker.git ; cd ledgersmb-docker`), it can be used as: |  | ||||||
|  |  | ||||||
| ```plain |  | ||||||
|  $ docker-compose \ |  | ||||||
|     -f docker-compose.yml \ |  | ||||||
|     -f docker-compose-reverseproxy.yml \ |  | ||||||
|        up -d |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| This setup can be used in combination with an image which runs the |  | ||||||
| Certbot certificate renewal process *and* Nginx to do TLS termination. The |  | ||||||
| default reverse proxy is mostly an example; it publishes on |  | ||||||
| [http://localhost:8080/](http://localhost:8080/). |  | ||||||
|  |  | ||||||
| An example of such an image can be found at |  | ||||||
| [https://github.com/jonasalfredsson/docker-nginx-certbot](https://github.com/jonasalfredsson/docker-nginx-certbot), |  | ||||||
| which is published on Docker Hub as |  | ||||||
| [jonasal/nginx-certbot](https://hub.docker.com/r/jonasal/nginx-certbot). |  | ||||||
|  |  | ||||||
| **Upgrade note** When upgrading this setup, please remove the volume ending |  | ||||||
| in `_lsmbdata` before starting the upgraded containers. Without that, the |  | ||||||
| webcontent won't be upgraded! E.g.: |  | ||||||
|  |  | ||||||
| ```plain |  | ||||||
|   $ docker-compose \ |  | ||||||
|       -f docker-compose.yml \ |  | ||||||
|       -f docker-compose-reverseproxy.yml \ |  | ||||||
|         rm -s -f -v && \ |  | ||||||
|     docker volume rm ledgersmb-docker_lsmbdata && \ |  | ||||||
|     docker-compose \ |  | ||||||
|       -f docker-compose.yml \ |  | ||||||
|       -f docker-compose-reverseproxy.yml \ |  | ||||||
|         pull && \ |  | ||||||
|     docker-compose \ |  | ||||||
|       -f docker-compose.yml \ |  | ||||||
|       -f docker-compose-reverseproxy.yml \ |  | ||||||
|         up -d |  | ||||||
| ``` |  | ||||||
|  |  | ||||||
| # Troubleshooting/Developing | # Troubleshooting/Developing | ||||||
|  |  | ||||||
| @@ -241,8 +204,9 @@ please contact us on the [mailing list](http://ledgersmb.org/topic/support/maili | |||||||
| or through a [GitHub issue](https://github.com/ledgersmb/ledgersmb-docker/issues). | or through a [GitHub issue](https://github.com/ledgersmb/ledgersmb-docker/issues). | ||||||
|  |  | ||||||
| You can also reach some of the official LedgerSMB maintainers via the | You can also reach some of the official LedgerSMB maintainers via the | ||||||
| [Matrix](https://matrix.org) room in [#ledgersmb:matrix.org](https://matrix.to/#/#ledgersmb:matrix.org). | `#ledgersmb` IRC channel on [Freenode](https://freenode.net), or on the | ||||||
| The [Element](https://app.element.io/#/room/#ledgersmb:matrix.org) Matrix client is highly recommended. | bridged [Matrix](https://matrix.org) room in [#ledgersmb:matrix.org](https://matrix.to/#/#ledgersmb:matrix.org). | ||||||
|  | The [Riot.im](https://riot.im/app/#/room/#ledgersmb:matrix.org) Matrix client is highly recommended. | ||||||
|  |  | ||||||
|  |  | ||||||
| ## Contributing | ## Contributing | ||||||
|   | |||||||
| @@ -1,31 +0,0 @@ | |||||||
| # Use this docker-compose file as: |  | ||||||
| # |  | ||||||
| #  docker-compose -f docker-compose.yml -f docker-compose-reverseproxy.yml up -d |  | ||||||
| # |  | ||||||
| # |  | ||||||
| # This command creates one |  | ||||||
| # compose 'project' consisting of three containers |  | ||||||
| # |  | ||||||
| #  1. The PostgreSQL data  container |  | ||||||
| #  2. The LedgerSMB application container |  | ||||||
| #  3. The Nginx reverse proxy container |  | ||||||
| # |  | ||||||
| # In addition to publishing LedgerSMB on port 5762 on localhost, |  | ||||||
| # this project also publishes Nginx's reverse proxied content on |  | ||||||
| # port 8080 on localhost |  | ||||||
|  |  | ||||||
| version: "3.2" |  | ||||||
| services: |  | ||||||
|   proxy: |  | ||||||
|     image: nginx:1-alpine |  | ||||||
|     volumes: |  | ||||||
|       - "lsmbdata:/srv/ledgersmb" |  | ||||||
|       - "./nginx.conf:/etc/nginx/nginx.conf" |  | ||||||
|     ports: |  | ||||||
|       - "8080:8080" |  | ||||||
|   lsmb: |  | ||||||
|     volumes: |  | ||||||
|       - "lsmbdata:/srv/ledgersmb" |  | ||||||
|  |  | ||||||
| volumes: |  | ||||||
|   lsmbdata: |  | ||||||
| @@ -16,10 +16,10 @@ services: | |||||||
|   # because that allows us to use the default hostname ("postgres") |   # because that allows us to use the default hostname ("postgres") | ||||||
|   # from the LedgerSMB configuration |   # from the LedgerSMB configuration | ||||||
|   postgres: |   postgres: | ||||||
|     image: postgres:12-alpine |     image: postgres:9.6-alpine | ||||||
|     environment: |     environment: | ||||||
|       # Replace the password below for a secure setup |       # Replace the password below for a secure setup | ||||||
|       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-abc} |       POSTGRES_PASSWORD: abc | ||||||
|       PGDATA: /var/lib/postgresql/data/pgdata |       PGDATA: /var/lib/postgresql/data/pgdata | ||||||
|     networks: |     networks: | ||||||
|       - internal |       - internal | ||||||
| @@ -28,18 +28,12 @@ services: | |||||||
|   lsmb: |   lsmb: | ||||||
|     depends_on: |     depends_on: | ||||||
|       - postgres |       - postgres | ||||||
|     image: ghcr.io/ledgersmb/ledgersmb:1.9 |     image: ledgersmb/ledgersmb:1.7 | ||||||
|     networks: |     networks: | ||||||
|       - internal |       - internal | ||||||
|       - default |       - default | ||||||
|     # Comment the 'ports' section to disable mapping the LedgerSMB container port (5762) |  | ||||||
|     #  to the host's port of the same number, thus making LedgerSMB |  | ||||||
|     #  available on http://<host-dns-or-ip>:5762/ |  | ||||||
|     #     SECURITY NOTE: Do this for evaluation purposes only! |  | ||||||
|     #       In production, be sure to use SSL/TLS to protect user's passwords |  | ||||||
|     #       and other sensitive data |  | ||||||
|     ports: |     ports: | ||||||
|       - "5762:5762" |       - "127.0.0.1:5762:5762" | ||||||
|     environment: |     environment: | ||||||
|       # The LSMB_WORKERS environment variable lets you select the number |       # The LSMB_WORKERS environment variable lets you select the number | ||||||
|       # of processes serving HTTP requests. The default number of 2 workers |       # of processes serving HTTP requests. The default number of 2 workers | ||||||
| @@ -47,26 +41,17 @@ services: | |||||||
|       # improve the performance experience, increase memory and the |       # improve the performance experience, increase memory and the | ||||||
|       # number of workers |       # number of workers | ||||||
|       # |       # | ||||||
|       LSMB_WORKERS: ${LSMB_WORKERS:-5} |       LSMB_WORKERS: 2 | ||||||
|       # |       # | ||||||
|       # |       # | ||||||
|  |       # SSMTP_ROOT: | ||||||
|       # LSMB_MAIL_SMTPHOST: |       # SSMTP_HOSTNAME: | ||||||
|       # LSMB_MAIL_SMTPPORT: |       # SSMTP_MAILHUB: | ||||||
|       # LSMB_MAIL_SMTPTLS: |       # SSMTP_AUTH_USER: | ||||||
|       # LSMB_MAIL_SMTPSENDER_HOSTNAME: |       # SSMTP_AUTH_PASS: | ||||||
|       # LSMB_MAIL_SMTPUSER: |       # SSMTP_AUTH_METHOD: | ||||||
|       # LSMB_MAIL_SMTPPASS: |       # SSMTP_USE_STARTTLS: | ||||||
|       # LSMB_MAIL_SMTPAUTHMECH: |       # SSMTP_FROMLINE_OVERRIDE: | ||||||
|       # |  | ||||||
|       # |  | ||||||
|       # The PROXY_IP environment variable lets you set the IP address |  | ||||||
|       # (range) of the reverse proxy used for TLS termination, which forwards |  | ||||||
|       # its requests to this container. When this reverse proxy runs on the |  | ||||||
|       # Docker host, the default below applies. In case the reverse proxy is |  | ||||||
|       # hosted in a separate container, this setting needs to be adjusted. |  | ||||||
|       # |  | ||||||
|       # PROXY_IP: 172.17.0.1/12 |  | ||||||
|  |  | ||||||
| # having the dbdata volume is required to persist our | # having the dbdata volume is required to persist our | ||||||
| # data between PostgreSQL container updates; without | # data between PostgreSQL container updates; without | ||||||
|   | |||||||
							
								
								
									
										81
									
								
								nginx.conf
									
									
									
									
									
								
							
							
						
						
									
										81
									
								
								nginx.conf
									
									
									
									
									
								
							| @@ -1,81 +0,0 @@ | |||||||
| # This is a full (minimal) nginx configuration file |  | ||||||
|  |  | ||||||
| error_log /dev/stderr info; |  | ||||||
| pid /tmp/nginx.pid; |  | ||||||
| worker_processes 1; |  | ||||||
|  |  | ||||||
| events { |  | ||||||
|    worker_connections 1024; |  | ||||||
| } |  | ||||||
|  |  | ||||||
| http { |  | ||||||
|    client_body_temp_path /tmp/client_body; |  | ||||||
|    proxy_temp_path /tmp/proxy_temp; |  | ||||||
|    fastcgi_temp_path /tmp/fastcgi_temp; |  | ||||||
|    scgi_temp_path /tmp/scgi_temp; |  | ||||||
|    uwsgi_temp_path /tmp/uwsgi_temp; |  | ||||||
|  |  | ||||||
|    sendfile on; |  | ||||||
|    tcp_nopush on; |  | ||||||
|    tcp_nodelay on; |  | ||||||
|    keepalive_timeout 65; |  | ||||||
|    types_hash_max_size 2048; |  | ||||||
|    include /etc/nginx/mime.types; |  | ||||||
|    default_type application/octet-stream; |  | ||||||
|  |  | ||||||
|    access_log /dev/stdout; |  | ||||||
|    error_log /dev/stderr info; |  | ||||||
|  |  | ||||||
|    gzip off; |  | ||||||
|    gzip_static on; |  | ||||||
|  |  | ||||||
|    server { |  | ||||||
|       listen 8080 default_server; |  | ||||||
|       listen [::]:8080 default_server ipv6only=on; |  | ||||||
|  |  | ||||||
|       root /srv/ledgersmb/UI; |  | ||||||
|  |  | ||||||
|       access_log /dev/stdout; |  | ||||||
|       error_log /dev/stderr info; |  | ||||||
|  |  | ||||||
|       # Don't log status polls |  | ||||||
|       location /nginx_status { |  | ||||||
|                stub_status on; |  | ||||||
|                access_log off; |  | ||||||
|                allow 127.0.0.1; |  | ||||||
|                allow ::1; |  | ||||||
|                deny all; |  | ||||||
|       } |  | ||||||
|  |  | ||||||
|       # Configuration files don't exist |  | ||||||
|       location ^~ \.conf$ { |  | ||||||
|          return 404; |  | ||||||
|       } |  | ||||||
|  |  | ||||||
|       # 'Hidden' files don't exist |  | ||||||
|       location ~ /\. { |  | ||||||
|          return 404; |  | ||||||
|       } |  | ||||||
|  |  | ||||||
|       location = / { |  | ||||||
|          return 301 /login.pl; |  | ||||||
|       } |  | ||||||
|  |  | ||||||
|       # JS & CSS |  | ||||||
|       location ~* \.(js|css)$ { |  | ||||||
|          add_header Pragma "public"; |  | ||||||
|          add_header Cache-Control "public, must-revalidate, proxy-revalidate"; # Production |  | ||||||
|          expires     7d; # Indicate that the resource can be cached for 1 week # Production |  | ||||||
|          try_files $uri =404; |  | ||||||
|       } |  | ||||||
|  |  | ||||||
|       location / { |  | ||||||
|          proxy_set_header        Host $host; |  | ||||||
|          proxy_set_header        X-Real-IP $remote_addr; |  | ||||||
|          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for; |  | ||||||
|          proxy_set_header        X-Forwarded-Proto $scheme; |  | ||||||
|          proxy_read_timeout      300; |  | ||||||
|          proxy_pass              http://lsmb:5762; |  | ||||||
|       } |  | ||||||
|    } |  | ||||||
| } |  | ||||||
							
								
								
									
										96
									
								
								start.sh
									
									
									
									
									
								
							
							
						
						
									
										96
									
								
								start.sh
									
									
									
									
									
								
							| @@ -1,107 +1,33 @@ | |||||||
| #!/bin/bash | #!/bin/bash | ||||||
|  |  | ||||||
|  | update_ssmtp.sh | ||||||
| cd /srv/ledgersmb | cd /srv/ledgersmb | ||||||
|  |  | ||||||
| if [[ -n "$SSMTP_ROOT" ]]; then |  | ||||||
|     echo "\$SSMTP_ROOT set; parameter is deprecated and will be ignored" |  | ||||||
|     LSMB_HAVE_DEPRECATED=1 |  | ||||||
| fi |  | ||||||
| if [[ -n "$SSMTP_FROMLINE_OVERRIDE" ]]; then |  | ||||||
|     echo "\$SSMTP_FROMLINE_OVERRIDE set; parameter is deprecated and will be ignored" |  | ||||||
|     LSMB_HAVE_DEPRECATED=1 |  | ||||||
| fi |  | ||||||
| if [[ -n "$SSMTP_MAILHUB" ]]; then |  | ||||||
|     echo "\$SSMTP_MAILHUB set; parameter is deprecated" |  | ||||||
|     if [[ -z "$LSMB_MAIL_SMTPHOST" ]]; then |  | ||||||
|         echo "  Deriving \$LSMB_MAIL_SMTPHOST setting from \$SSMTP_MAILHUB" |  | ||||||
|         LSMB_MAIL_SMTPHOST=${SSMTP_MAILHUB%:*} |  | ||||||
|     fi |  | ||||||
|     if [[ -z "$LSMB_MAIL_SMTPPORT" ]]; then |  | ||||||
|         echo "  Deriving \$LSMB_MAIL_SMTPPORT setting from \$SSMTP_MAILHUB" |  | ||||||
|         LSMB_MAIL_SMTPPORT=${SSMTP_MAILHUB#*:} |  | ||||||
|     fi |  | ||||||
|     LSMB_HAVE_DEPRECATED=1 |  | ||||||
| fi |  | ||||||
| if [[ -n "$SSMTP_HOSTNAME" ]]; then |  | ||||||
|     echo "\$SSMTP_HOSTNAME set; parameter is deprecated" |  | ||||||
|     if [[ -z "$LSMB_MAIL_SMTPSENDER_HOSTNAME" ]]; then |  | ||||||
|         echo "  Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_HOSTNAME" |  | ||||||
|         LSMB_MAIL_SMTPSENDER_HOSTNAME=$SSMTP_HOSTNAME |  | ||||||
|     fi |  | ||||||
|     LSMB_HAVE_DEPRECATED=1 |  | ||||||
| fi |  | ||||||
| if [[ -n "$SSMTP_USE_STARTTLS" ]]; then |  | ||||||
|     echo "\$SSMTP_USE_STARTTLS set; parameter is deprecated" |  | ||||||
|     if [[ -z "$LSMB_MAIL_SMTPTLS" ]]; then |  | ||||||
|         echo "  Deriving \$LSMB_MAIL_SMTPSENDER_HOSTNAME setting from \$SSMTP_USE_STARTTLS" |  | ||||||
|         LSMB_MAIL_SMTPTLS=$SSMTP_USE_STARTTLS |  | ||||||
|     fi |  | ||||||
|     LSMB_HAVE_DEPRECATED=1 |  | ||||||
| fi |  | ||||||
| if [[ -n "$SSMTP_AUTH_USER" ]]; then |  | ||||||
|     echo "\$SSMTP_AUTH_USER set; parameter is deprecated" |  | ||||||
|     if [[ -z "$LSMB_MAIL_SMTPUSER" ]]; then |  | ||||||
|         echo "  Deriving \$LSMB_MAIL_SMTPUSER setting from \$SSMTP_AUTH_USER" |  | ||||||
|         LSMB_MAIL_SMTPUSER=$SSMTP_AUTH_USER |  | ||||||
|     fi |  | ||||||
|     LSMB_HAVE_DEPRECATED=1 |  | ||||||
| fi |  | ||||||
| if [[ -n "$SSMTP_AUTH_PASS" ]]; then |  | ||||||
|     echo "\$SSMTP_AUTH_PASS set; parameter is deprecated" |  | ||||||
|     if [[ -z "$LSMB_MAIL_SMTPPASS" ]]; then |  | ||||||
|         echo "  Deriving \$LSMB_MAIL_SMTPPASS setting from \$SSMTP_AUTH_PASS" |  | ||||||
|         LSMB_MAIL_SMTPPASS=$SSMTP_AUTH_PASS |  | ||||||
|     fi |  | ||||||
|     LSMB_HAVE_DEPRECATED=1 |  | ||||||
| fi |  | ||||||
| if [[ -n "$SSMTP_AUTH_METHOD" ]]; then |  | ||||||
|     echo "\$SSMTP_AUTH_METHOD set; parameter is deprecated" |  | ||||||
|     if [[ -z "$LSMB_MAIL_SMTPAUTHMECH" ]]; then |  | ||||||
|         echo "  Deriving \$LSMB_MAIL_SMTPAUTHMECH setting from \$SSMTP_AUTH_METHOD" |  | ||||||
|         LSMB_MAIL_SMTPAUTHMECH=$SSMTP_AUTH_METHOD |  | ||||||
|     fi |  | ||||||
|     LSMB_HAVE_DEPRECATED=1 |  | ||||||
| fi |  | ||||||
|  |  | ||||||
| if [[ -n "$LSMB_HAVE_DEPRECATED" ]]; then |  | ||||||
|     echo "!!! DEPRECATED \$SSMTP_* PARAMETERS WILL BE REMOVED in the 1.9 image!!!" |  | ||||||
| fi |  | ||||||
|  |  | ||||||
|  |  | ||||||
| if [[ ! -f ledgersmb.conf ]]; then | if [[ ! -f ledgersmb.conf ]]; then | ||||||
|   cat <<EOF >/tmp/ledgersmb.conf |   cat <<EOF >/tmp/ledgersmb.conf | ||||||
| [main] | [main] | ||||||
| cache_templates = 1 | cache_templates = 1 | ||||||
|  |  | ||||||
| [database] | [database] | ||||||
| host = $POSTGRES_HOST | host = $POSTGRES_HOST | ||||||
| port = $POSTGRES_PORT | port = $POSTGRES_PORT | ||||||
| default_db = $DEFAULT_DB | default_db = $DEFAULT_DB | ||||||
|  |  | ||||||
| [mail] | [mail] | ||||||
| ${LSMB_MAIL_SMTPHOST:+smtphost=$LSMB_MAIL_SMTPHOST | sendmail   = /usr/sbin/ssmtp | ||||||
| }${LSMB_MAIL_SMTPPORT:+smtpport=$LSMB_MAIL_SMTPPORT |  | ||||||
| }${LSMB_MAIL_SMTPSENDER_HOSTNAME:+smtpsender_hostname=$LSMB_MAIL_SMTPSENDER_HOSTNAME |  | ||||||
| }${LSMB_MAIL_SMTPTLS:+smtptls=$LSMB_MAIL_SMTPTLS |  | ||||||
| }${LSMB_MAIL_SMTPUSER:+smtpuser=$LSMB_MAIL_SMTPUSER |  | ||||||
| }${LSMB_MAIL_SMTPPASS:+smtppass=$LSMB_MAIL_SMTPPASS |  | ||||||
| }${LSMB_MAIL_SMTPAUTHMECH:+smtpauthmech=$LSMB_MAIL_SMTPAUTHMECH |  | ||||||
| } |  | ||||||
| [proxy] |  | ||||||
| ip=${PROXY_IP:-172.17.0.1/12} |  | ||||||
| EOF | EOF | ||||||
|   export LSMB_CONFIG_FILE='/tmp/ledgersmb.conf' |   export LSMB_CONFIG_FILE='/tmp/ledgersmb.conf' | ||||||
| fi | fi | ||||||
|  |  | ||||||
|  | if [ ! -d "/tmp/ledgersmb" ]; then | ||||||
|  |   mkdir -p /tmp/ledgersmb | ||||||
|  | fi | ||||||
|  |  | ||||||
| # start ledgersmb | # start ledgersmb | ||||||
| # --preload-app allows application initialization to kill the entire | # --preload-app allows application initialization to kill the entire | ||||||
| # starman instance (instead of just the worker, which will immediately | # starman instance (instead of just the worker, which will immediately | ||||||
| # get restarted) on error; it also has a positive effect on memory use | # get restarted); it also has a positive effect on memory use | ||||||
|  |  | ||||||
| echo '--------- LEDGERSMB CONFIGURATION:  ledgersmb.conf' | exec starman --port 5762 --workers ${LSMB_WORKERS:-5} -I lib -I old/lib \ | ||||||
| cat ${LSMB_CONFIG_FILE:-ledgersmb.conf} |  | ||||||
| echo '--------- LEDGERSMB CONFIGURATION --- END' |  | ||||||
|  |  | ||||||
| # ':5762:' suppresses an uninitialized variable warning in starman |  | ||||||
| # the last colon means "don't connect using tls"; without it, there's a warning |  | ||||||
| exec starman --listen :5762: --workers ${LSMB_WORKERS:-5} \ |  | ||||||
|              -I lib -I old/lib \ |  | ||||||
|         --preload-app bin/ledgersmb-server.psgi |         --preload-app bin/ledgersmb-server.psgi | ||||||
|   | |||||||
							
								
								
									
										18
									
								
								update_ssmtp.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								update_ssmtp.sh
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | |||||||
|  | #!/bin/bash | ||||||
|  | ConfiguredComment='# install script update_ssmtp.sh has configured ssmtp' | ||||||
|  | grep -qc "$ConfiguredComment" /etc/ssmtp/ssmtp.conf && { | ||||||
|  |     echo "smtp configured." | ||||||
|  |     exit | ||||||
|  | } | ||||||
|  |  | ||||||
|  | sed -i \ | ||||||
|  |     -e "s/\(root=\).*\$/\1$SSMTP_ROOT/g" \ | ||||||
|  |     -e "s/\(mailhub=\).*\$/\1$SSMTP_MAILHUB/g" \ | ||||||
|  |     -e "s/\(hostname=\).*\$/\1$SSMTP_HOSTNAME/g" \ | ||||||
|  |     /etc/ssmtp/ssmtp.conf | ||||||
|  | [ -z "$SSMTP_USE_STARTTLS" ] || echo "UseSTARTTLS=$SSMTP_USE_STARTTLS" >> /etc/ssmtp/ssmtp.conf | ||||||
|  | [ -z "$SSMTP_AUTH_USER" ] || echo "AuthUser=$SSMTP_AUTH_USER" >> /etc/ssmtp/ssmtp.conf | ||||||
|  | [ -z "$SSMTP_AUTH_PASS" ] || echo "AuthPass=$SSMTP_AUTH_PASS" >> /etc/ssmtp/ssmtp.conf | ||||||
|  | [ -z "$SSMTP_AUTH_METHOD" ] || echo "AuthMethod=$SSMTP_AUTH_METHOD" >> /etc/ssmtp/ssmtp.conf | ||||||
|  | [ -z "$SSMTP_FROMLINE_OVERRIDE" ] || echo "FromLineOverride=$SSMTP_FROMLINE_OVERRIDE" >> /etc/ssmtp/ssmtp.conf | ||||||
|  | echo "$ConfiguredComment" >> /etc/ssmtp/ssmtp.conf | ||||||
		Reference in New Issue
	
	Block a user