Re-use parent container configuration and startup scripts

Clean up untagged images from the 'ledgersmb' package repo

.github/workflows/images-cleanup.yml

@@ -0,0 +1,18 @@
+name: Docker Image cleanup
+
+on:
+  push:
+  workflow_dispatch:
+  schedule:
+    # Schedule for five minutes after the hour, every Friday
+    - cron: '10 3 * * 5'
+
+jobs:
+  cleanup:
+    if: github.repository_owner == 'ledgersmb'
+    runs-on: ubuntu-latest
+    steps:
+    - name: ghcr.io cleanup action
+      uses: dataaxiom/ghcr-cleanup-action@v1
+      with:
+        packages: ledgersmb

README.md

@@ -16,8 +16,9 @@ Dockerfile for LedgerSMB Docker image
 
 # Supported tags
 
-- `1.11`, `1.11.x`, `latest` - Latest official release from the 1.11 branch
-- `1.10`, `1.10.x` - Latest official release from the 1.10 branch
+- `1.12`, `1.12.x`, `latest` - Latest official release from the 1.12 branch
+- `1.11`, `1.11.x` - Latest official release from the 1.11 branch
+- `1.10`, `1.10.38` - Last official release from the 1.10 branch (End-of-Life)
 - `1.9`, `1.9.30` - Last official release from the 1.9 branch (End-of-Life)
 - `1.8`, `1.8.31` - Last official release from the 1.8 branch (End-of-Life)
 - `1.7`, `1.7.41` - Last official release from the 1.7 branch (End-of-Life)

base/Dockerfile

@@ -5,7 +5,7 @@ ARG SRCIMAGE=debian:bookworm-slim
 
 FROM  $SRCIMAGE AS builder
 
-ARG LSMB_VERSION="1.11.17"
+ARG LSMB_VERSION="1.12.5"
 ARG LSMB_DL_DIR="Releases"
 ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz"
 
@@ -51,7 +51,7 @@ LABEL org.opencontainers.image.description="LedgerSMB is a full featured double-
  the LedgerSMB project is to bring high quality ERP and accounting capabilities\
  to Small and Midsize Businesses."
 
-ARG LSMB_VERSION="1.11.17"
+ARG LSMB_VERSION="1.12.5"
 ARG LSMB_DL_DIR="Releases"
 ARG ARTIFACT_LOCATION="https://download.ledgersmb.org/f/$LSMB_DL_DIR/$LSMB_VERSION/ledgersmb-$LSMB_VERSION.tar.gz"
 
@@ -83,9 +83,8 @@ RUN set -x ; \
     libclass-c3-xs-perl \
     texlive-plain-generic texlive-latex-recommended texlive-fonts-recommended \
     texlive-xetex fonts-liberation \
-    lsb-release && \
-  echo "deb [signed-by=/etc/apt/keyrings/postgresql.asc] http://apt.postgresql.org/pub/repos/apt/ $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
-  wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc > /etc/apt/keyrings/postgresql.asc && \
+    lsb-release postgresql-common && \
+  /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \
   DEBIAN_FRONTEND="noninteractive" apt-get -q -y update && \
   DEBIAN_FRONTEND="noninteractive" apt-get -q -y install postgresql-client && \
   DEBIAN_FRONTEND="noninteractive" apt-get -q -y install git cpanminus make gcc libperl-dev && \
@@ -112,20 +111,22 @@ WORKDIR /srv/ledgersmb
 ## MAIL
 # '__CONTAINER_GATEWAY__' is a magic value which will be substituted
 # with the actual gateway IP address
-ENV LSMB_MAIL_SMTPHOST __CONTAINER_GATEWAY__
-#ENV LSMB_MAIL_SMTPPORT 25
-#ENV LSMB_MAIL_SMTPSENDER_HOSTNAME (container hostname)
-#ENV LSMB_MAIL_SMTPTLS
-#ENV LSMB_MAIL_SMTPUSER
-#ENV LSMB_MAIL_SMTPPASS
-#ENV LSMB_MAIL_SMTPAUTHMECH
+ENV LSMB_MAIL_SMTPHOST=__CONTAINER_GATEWAY__
+#ENV LSMB_MAIL_SMTPPORT=25
+#ENV LSMB_MAIL_SMTPSENDER_HOSTNAME=(container hostname)
+#ENV LSMB_MAIL_SMTPTLS=
+#ENV LSMB_MAIL_SMTPUSER=
+#ENV LSMB_MAIL_SMTPPASS=
+#ENV LSMB_MAIL_SMTPAUTHMECH=
 
 ## DATABASE
-ENV POSTGRES_HOST postgres
-ENV POSTGRES_PORT 5432
-ENV DEFAULT_DB lsmb
+ENV POSTGRES_HOST=postgres
+ENV POSTGRES_PORT=5432
+ENV DEFAULT_DB=lsmb
 
 COPY start.sh /usr/local/bin/start.sh
+COPY config.sh /usr/local/bin/config.sh
+COPY run.sh /usr/local/bin/run.sh
 
 RUN chmod +x /usr/local/bin/start.sh && \
   mkdir -p /var/www && \

base/config.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+set -e
+
 cd /srv/ledgersmb
 [[ -d ./local/conf/ ]] || mkdir ./local/conf/
 if [[ -n "$SSMTP_ROOT" ]]; then
@@ -68,6 +70,13 @@ if [[ -n "$LSMB_HAVE_DEPRECATED" ]]; then
 fi
 
 if [[ ! -f ./local/conf/ledgersmb.yaml ]]; then
+  if [[ "x$LSMB_MAIL_SMTPTLS" == "xyes" ]]; then
+     tls_mode=starttls
+  elif [[ "x$LSMB_MAIL_SMTPTLS" == "xraw" ]]; then
+     tls_mode=ssl
+  else
+     tls_mode=none
+  fi
   cat <<EOF >./local/conf/ledgersmb.yaml
 paths:
   \$class: Beam::Wire
@@ -83,8 +92,8 @@ db:
 
 mail:
   transport:
-    \$class: LedgerSMB::Mailer::TransportSMTP
-    tls: $LSMB_MAIL_SMTPTLS
+    \$class: Email::Sender::Transport::SMTP
+    ssl: $tls_mode
 
 miscellaneous:
   \$class: Beam::Wire
@@ -140,8 +149,7 @@ EOF
       cat <<EOF >./local/conf/ledgersmb.003.yaml
 mail:
   transport:
-    sasl_password: ''
-    sasl_username:
+    sasl_authenticator:
       \$class: Authen::SASL
       mechanism: $LSMB_MAIL_SMTPAUTHMECH
       callback:
@@ -151,19 +159,4 @@ EOF
   fi
 fi
 
-# start ledgersmb
-# --preload-app allows application initialization to kill the entire
-# starman instance (instead of just the worker, which will immediately
-# get restarted) on error; it also has a positive effect on memory use
-
-LSMB_CONFIG_FILE=${LSMB_CONFIG_FILE:-./local/conf/ledgersmb.yaml}
-export LSMB_CONFIG_FILE
-echo '--------- LEDGERSMB CONFIGURATION:  ledgersmb.conf'
-cat ${LSMB_CONFIG_FILE}
-echo '--------- LEDGERSMB CONFIGURATION --- END'
-
-# ':5762:' suppresses an uninitialized variable warning in starman
-# the last colon means "don't connect using tls"; without it, there's a warning
-exec starman --listen 0.0.0.0:5762 --workers ${LSMB_WORKERS:-5} \
-             -I lib -I old/lib \
-             --preload-app bin/ledgersmb-server.psgi
+exit 0

base/docker-compose.yml

@@ -31,7 +31,7 @@ services:
   lsmb:
     depends_on:
       - postgres
-    image: ghcr.io/ledgersmb/ledgersmb:1.11
+    image: ghcr.io/ledgersmb/ledgersmb:1.12
       # In order to store the configuration outside the image, allowing it to
       # be edited between container restarts, uncomment the section below and
       # change the 'source' to the directory where you want the configuration

base/run.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+cd /srv/ledgersmb
+LSMB_CONFIG_FILE=${LSMB_CONFIG_FILE:-./local/conf/ledgersmb.yaml}
+export LSMB_CONFIG_FILE
+echo '--------- LEDGERSMB CONFIGURATION:  ledgersmb.conf'
+cat ${LSMB_CONFIG_FILE}
+echo '--------- LEDGERSMB CONFIGURATION --- END'
+
+# ':5762:' suppresses an uninitialized variable warning in starman
+# the last colon means "don't connect using tls"; without it, there's a warning
+exec starman --listen 0.0.0.0:5762 --workers ${LSMB_WORKERS:-5} \
+             -I lib -I old/lib \
+             --preload-app bin/ledgersmb-server.psgi

base/start.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+home_dir="$(dirname `readlink -f $BASH_SOURCE`)"
+"$home_dir/config.sh" || (echo "Failed configuration" ; exit)
+exec "$home_dir/run.sh"

with-proxy/Dockerfile

@@ -0,0 +1,49 @@
+FROM lsmb-split:latest
+#FROM ledgersmb/ledgersmb:1.11.18
+USER root
+
+# Remove inherited start.sh
+RUN rm -rf /usr/local/bin/start.sh
+
+# Install nginx and other dependencies
+RUN set -x && \
+    apt-get update -y && \
+    apt-get dist-upgrade -y && \
+    apt-get install -y --no-install-recommends \
+    nginx wget xz-utils
+    mkdir -p /var/lib/nginx/body /var/cache/nginx
+
+COPY nginx.conf /etc/nginx/nginx.conf
+
+# Install s6-overlay
+ARG S6_OVERLAY_VERSION=3.2.0.2
+
+RUN set -ex && \
+  ARCH="x86_64" && \
+  wget -O /tmp/s6-overlay-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz && \
+  wget -O /tmp/s6-overlay-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz.sha256 && \
+  wget -O /tmp/s6-overlay-${ARCH}.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz && \
+  wget -O /tmp/s6-overlay-${ARCH}.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz.sha256 && \
+  wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz && \
+  wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz.sha256 && \
+  cd /tmp && \
+  sha256sum -c *.sha256 && \
+  tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && \
+  tar -C / -Jxpf /tmp/s6-overlay-${ARCH}.tar.xz && \ 
+  tar -C / -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz
+
+# Configure nginx and starman with s6
+COPY services/starman/run /etc/services.d/starman/run
+RUN chmod +x /etc/services.d/starman/run
+
+COPY services/nginx/run /etc/services.d/nginx/run
+RUN chmod +x /etc/services.d/nginx/run
+
+COPY scripts/ledgersmb_config /etc/s6-overlay/s6-rc.d/ledgersmb_config
+RUN touch /etc/s6-overlay/s6-rc.d/user/contents.d/ledgersmb_config
+RUN chmod +x /etc/s6-overlay/s6-rc.d/ledgersmb_config/up
+
+EXPOSE 80
+
+#USER www-data
+ENTRYPOINT ["/init"]

with-proxy/nginx.conf

@@ -0,0 +1,83 @@
+# This is a full (minimal) nginx configuration file
+
+error_log /dev/stderr info;
+pid /tmp/nginx.pid;
+worker_processes 1;
+user www-data;
+
+
+events {
+   worker_connections 1024;
+}
+
+http {
+   client_body_temp_path /tmp/client_body;
+   proxy_temp_path /tmp/proxy_temp;
+   fastcgi_temp_path /tmp/fastcgi_temp;
+   scgi_temp_path /tmp/scgi_temp;
+   uwsgi_temp_path /tmp/uwsgi_temp;
+
+   sendfile on;
+   tcp_nopush on;
+   tcp_nodelay on;
+   keepalive_timeout 65;
+   types_hash_max_size 2048;
+   include /etc/nginx/mime.types;
+   default_type application/octet-stream;
+
+   access_log /dev/stdout;
+   error_log /dev/stderr info;
+
+   gzip off;
+   gzip_static on;
+
+   server {
+      listen 80 default_server;
+      listen [::]:80 default_server ipv6only=on;
+
+      root /srv/ledgersmb/UI;
+
+      access_log /dev/stdout;
+      error_log /dev/stderr info;
+
+      # Don't log status polls
+      location /nginx_status {
+               stub_status on;
+               access_log off;
+               allow 127.0.0.1;
+               allow ::1;
+               deny all;
+      }
+
+      # Configuration files don't exist
+      location ^~ \.conf$ {
+         return 404;
+      }
+
+      # 'Hidden' files don't exist
+      location ~ /\. {
+         return 404;
+      }
+
+      location = / {
+         return 301 /login.pl;
+      }
+
+      # JS & CSS
+      location ~* \.(js|css)$ {
+         add_header Pragma "public";
+         add_header Cache-Control "public, must-revalidate, proxy-revalidate"; # Production
+         expires     7d; # Indicate that the resource can be cached for 1 week # Production
+         try_files $uri =404;
+      }
+
+      location / {
+         proxy_set_header        Host $host;
+         proxy_set_header        X-Real-IP $remote_addr;
+         proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header        X-Forwarded-Proto $scheme;
+         proxy_read_timeout      300;
+         proxy_pass              http://127.0.0.1:5762;
+      }
+   }
+}

with-proxy/scripts/ledgersmb_config/type

@@ -0,0 +1 @@
+oneshot

with-proxy/scripts/ledgersmb_config/up

@@ -0,0 +1,3 @@
+foreground { echo "Running config..." }
+
+/usr/local/bin/config.sh

with-proxy/services/nginx/run

@@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv /bin/bash
+
+exec nginx -g "daemon off;"

with-proxy/services/starman/run

@@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv /bin/bash
+
+s6-setuidgid www-data /usr/local/bin/run.sh