* Automatic Dockerfile update by release process

[skip ci]

Dockerfile

@@ -5,7 +5,7 @@ ARG SRCIMAGE=debian:bullseye-slim
 
 FROM  $SRCIMAGE AS builder
 
-ARG LSMB_VERSION="1.9.5"
+ARG LSMB_VERSION="1.9.12"
 ARG LSMB_DL_DIR="Releases"
 ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz"
 
@@ -43,7 +43,7 @@ RUN set -x ; \
 FROM  $SRCIMAGE
 LABEL org.opencontainers.image.authors="LedgerSMB project <devel@lists.ledgersmb.org>"
 
-ARG LSMB_VERSION="1.9.5"
+ARG LSMB_VERSION="1.9.12"
 ARG LSMB_DL_DIR="Releases"
 ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz"
 

README.md

@@ -46,7 +46,7 @@ could require additional setup of a mail service or CUPS printer service.
 This image can be installed either automatically with the Docker compose file
 or manually with docker only.
 
-## Docker-Compose installation and start
+## Docker-Compose: Installation and start
 
 This image provides `docker-compose.yml` which can be used to pull related
 images, install them, establish an internal network for their communications,
@@ -56,15 +56,27 @@ variables, are:
 
 ```plain
  $ docker-compose pull
- $ docker-compose up
+ $ docker-compose up -d
+```
+
+Or use the following to set a different password and/or parallel processing
+capacity (so called 'workers'):
+
+```plain
+ $ docker-compose pull
+ $ POSTGRES_PASSWORD=def \
+   LSMB_WORKERS=10 \
+   docker-compose up -d
 ```
 
 This will set up two containers: (1) a PostgreSQL container with persistent
 storage which is retained between container updates and (2) a LedgerSMB
 container configured to connect to the PostgreSQL container as its database
-server.
+server. Your LedgerSMB installation should now be accessible through
+[http://localhost:5762/](http://localhost:5762/).
 
-The database username and password are:
+The default number of workers is 5. The default database username and password
+are:
 
 ```plain
    username: postgres
@@ -111,9 +123,13 @@ Visit http://localhost:5762/login.pl to log in and get started.
 
 No persistant data is stored in the LedgerSMB container.
 
-All LedgerSMB data is stored in Postgres, so you can stop/destroy/run a
+All LedgerSMB data is stored in PostgreSQL, so you can stop/destroy/run a
 new LedgerSMB container as often as you want.
 
+In case of the Docker Compose setup, all PostgreSQL data is stored on the
+Docker volume with the name ending in `_pgdata`. This volume is not destroyed
+when updating the containers; only explicit removal destroys the data.
+
 # Environment Variables
 
 The LedgerSMB image uses several environment variables. They are all optional.
@@ -164,7 +180,51 @@ The following parameters are now supported to set mail preferences:
 * `LSMB_MAIL_SMTPPASS`
 * `LSMB_MAIL_SMTPAUTHMECH`
 
+# Advanced setup
 
+## Docker Compose with reverse proxy
+
+The `docker-compose-reverseproxy.yml` file shows a docker-compose setup
+which adds an Nginx reverse proxy configuration on top of the base
+`docker-compose.yml` configuration file. If the content of this repository
+is cloned into the current directory (`git clone https://github.com/ledgersmb/ledgersmb-docker.git ; cd ledgersmb-docker`), it can be used as:
+
+```plain
+ $ docker-compose \
+    -f docker-compose.yml \
+    -f docker-compose-reverseproxy.yml \
+       up -d
+```
+
+This setup can be used in combination with an image which runs the
+Certbot certificate renewal process *and* Nginx to do TLS termination. The
+default reverse proxy is mostly an example; it publishes on
+[http://localhost:8080/](http://localhost:8080/).
+
+An example of such an image can be found at
+[https://github.com/jonasalfredsson/docker-nginx-certbot](https://github.com/jonasalfredsson/docker-nginx-certbot),
+which is published on Docker Hub as
+[jonasal/nginx-certbot](https://hub.docker.com/r/jonasal/nginx-certbot).
+
+**Upgrade note** When upgrading this setup, please remove the volume ending
+in `_lsmbdata` before starting the upgraded containers. Without that, the
+webcontent won't be upgraded! E.g.:
+
+```plain
+  $ docker-compose \
+      -f docker-compose.yml \
+      -f docker-compose-reverseproxy.yml \
+        rm -s -f -v && \
+    docker volume rm ledgersmb-docker_lsmbdata && \
+    docker-compose \
+      -f docker-compose.yml \
+      -f docker-compose-reverseproxy.yml \
+        pull && \
+    docker-compose \
+      -f docker-compose.yml \
+      -f docker-compose-reverseproxy.yml \
+        up -d
+```
 
 # Troubleshooting/Developing
 

docker-compose-reverseproxy.yml

@@ -0,0 +1,31 @@
+# Use this docker-compose file as:
+#
+#  docker-compose -f docker-compose.yml -f docker-compose-reverseproxy.yml up -d
+#
+#
+# This command creates one
+# compose 'project' consisting of three containers
+#
+#  1. The PostgreSQL data  container
+#  2. The LedgerSMB application container
+#  3. The Nginx reverse proxy container
+#
+# In addition to publishing LedgerSMB on port 5762 on localhost,
+# this project also publishes Nginx's reverse proxied content on
+# port 8080 on localhost
+
+version: "3.2"
+services:
+  proxy:
+    image: nginx:1-alpine
+    volumes:
+      - "lsmbdata:/srv/ledgersmb"
+      - "./nginx.conf:/etc/nginx/nginx.conf"
+    ports:
+      - "8080:8080"
+  lsmb:
+    volumes:
+      - "lsmbdata:/srv/ledgersmb"
+
+volumes:
+  lsmbdata:

docker-compose.yml

@@ -19,7 +19,7 @@ services:
     image: postgres:12-alpine
     environment:
       # Replace the password below for a secure setup
-      POSTGRES_PASSWORD: abc
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-abc}
       PGDATA: /var/lib/postgresql/data/pgdata
     networks:
       - internal
@@ -28,7 +28,7 @@ services:
   lsmb:
     depends_on:
       - postgres
-    image: ledgersmb/ledgersmb:1.9
+    image: ghcr.io/ledgersmb/ledgersmb:1.9
     networks:
       - internal
       - default
@@ -47,17 +47,17 @@ services:
       # improve the performance experience, increase memory and the
       # number of workers
       #
-      LSMB_WORKERS: 2
+      LSMB_WORKERS: ${LSMB_WORKERS:-5}
       #
       #
-      # SSMTP_ROOT:
+
-      # SSMTP_HOSTNAME:
+      # LSMB_MAIL_SMTPHOST:
-      # SSMTP_MAILHUB:
+      # LSMB_MAIL_SMTPPORT:
-      # SSMTP_AUTH_USER:
+      # LSMB_MAIL_SMTPTLS:
-      # SSMTP_AUTH_PASS:
+      # LSMB_MAIL_SMTPSENDER_HOSTNAME:
-      # SSMTP_AUTH_METHOD:
+      # LSMB_MAIL_SMTPUSER:
-      # SSMTP_USE_STARTTLS:
+      # LSMB_MAIL_SMTPPASS:
-      # SSMTP_FROMLINE_OVERRIDE:
+      # LSMB_MAIL_SMTPAUTHMECH:
       #
       #
       # The PROXY_IP environment variable lets you set the IP address

nginx.conf

@@ -0,0 +1,81 @@
+# This is a full (minimal) nginx configuration file
+
+error_log /dev/stderr info;
+pid /tmp/nginx.pid;
+worker_processes 1;
+
+events {
+   worker_connections 1024;
+}
+
+http {
+   client_body_temp_path /tmp/client_body;
+   proxy_temp_path /tmp/proxy_temp;
+   fastcgi_temp_path /tmp/fastcgi_temp;
+   scgi_temp_path /tmp/scgi_temp;
+   uwsgi_temp_path /tmp/uwsgi_temp;
+
+   sendfile on;
+   tcp_nopush on;
+   tcp_nodelay on;
+   keepalive_timeout 65;
+   types_hash_max_size 2048;
+   include /etc/nginx/mime.types;
+   default_type application/octet-stream;
+
+   access_log /dev/stdout;
+   error_log /dev/stderr info;
+
+   gzip off;
+   gzip_static on;
+
+   server {
+      listen 8080 default_server;
+      listen [::]:8080 default_server ipv6only=on;
+
+      root /srv/ledgersmb/UI;
+
+      access_log /dev/stdout;
+      error_log /dev/stderr info;
+
+      # Don't log status polls
+      location /nginx_status {
+               stub_status on;
+               access_log off;
+               allow 127.0.0.1;
+               allow ::1;
+               deny all;
+      }
+
+      # Configuration files don't exist
+      location ^~ \.conf$ {
+         return 404;
+      }
+
+      # 'Hidden' files don't exist
+      location ~ /\. {
+         return 404;
+      }
+
+      location = / {
+         return 301 /login.pl;
+      }
+
+      # JS & CSS
+      location ~* \.(js|css)$ {
+         add_header Pragma "public";
+         add_header Cache-Control "public, must-revalidate, proxy-revalidate"; # Production
+         expires     7d; # Indicate that the resource can be cached for 1 week # Production
+         try_files $uri =404;
+      }
+
+      location / {
+         proxy_set_header        Host $host;
+         proxy_set_header        X-Real-IP $remote_addr;
+         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header        X-Forwarded-Proto $scheme;
+         proxy_read_timeout      300;
+         proxy_pass              http://lsmb:5762;
+      }
+   }
+}