From 30eef8abc185e3ff977ed00df1b081e460c5bd59 Mon Sep 17 00:00:00 2001 From: Markus Opolka Date: Mon, 7 Jun 2021 07:59:53 +0200 Subject: [PATCH] Upgrade to LimeSurvey 5.0 (#62) * Add Dockerfiles for LimeSurvey 5.0 - This changes the default user to www-data in the Apache2 Images - Removed extra download layer - Add LS 5.0 Update Guide - Update base images to PHP 8.0 - Add Variable for showScriptName --- .travis.yml | 6 +- 3.0/apache/Dockerfile | 3 +- 3.0/fpm-alpine/Dockerfile | 5 +- 3.0/fpm/Dockerfile | 3 +- 4.0/apache/Dockerfile | 3 +- 4.0/fpm-alpine/Dockerfile | 5 +- 4.0/fpm/Dockerfile | 3 +- 5.0/apache/Dockerfile | 84 ++++++++++++++++++ 5.0/apache/entrypoint.sh | 151 +++++++++++++++++++++++++++++++++ 5.0/fpm-alpine/Dockerfile | 60 +++++++++++++ 5.0/fpm-alpine/entrypoint.sh | 144 +++++++++++++++++++++++++++++++ 5.0/fpm/Dockerfile | 69 +++++++++++++++ 5.0/fpm/entrypoint.sh | 144 +++++++++++++++++++++++++++++++ Makefile | 14 +++ README.md | 53 ++++++++++-- docker-compose.example.yml | 2 +- docker-compose.fpm-certbot.yml | 3 +- docker-compose.fpm.alpine.yml | 3 +- docker-compose.fpm.yml | 3 +- docker-compose.pgsql.yml | 5 +- docker-compose.yml | 5 +- examples/apache-example.conf | 2 +- makefile | 18 ---- upgrade.sh | 2 +- 24 files changed, 736 insertions(+), 54 deletions(-) create mode 100644 5.0/apache/Dockerfile create mode 100755 5.0/apache/entrypoint.sh create mode 100644 5.0/fpm-alpine/Dockerfile create mode 100755 5.0/fpm-alpine/entrypoint.sh create mode 100644 5.0/fpm/Dockerfile create mode 100755 5.0/fpm/entrypoint.sh create mode 100644 Makefile delete mode 100644 makefile diff --git a/.travis.yml b/.travis.yml index 0ea210d..a8964a0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,8 +11,8 @@ jobs: - chmod 700 ${HADOLINT} - git ls-files --exclude='Dockerfile*' --ignored | xargs --max-lines=1 ${HADOLINT} --ignore DL4006 --ignore DL3008 --ignore DL3018 - env: TAG=martialblog/limesurvey-apache - script: cd 4.0/apache; docker build -q -t $TAG . && cd ../..; ./tests/run.sh $TAG + script: cd 5.0/apache; docker build -q -t $TAG . && cd ../..; ./tests/run.sh $TAG - env: TAG=martialblog/limesurvey-fpm - script: cd 4.0/fpm; docker build -q -t $TAG . && cd ../..; ./tests/run.sh $TAG + script: cd 5.0/fpm; docker build -q -t $TAG . && cd ../..; ./tests/run.sh $TAG - env: TAG=martialblog/limesurvey-alpine - script: cd 4.0/fpm; docker build -q -t $TAG . && cd ../..; ./tests/run.sh $TAG + script: cd 5.0/fpm; docker build -q -t $TAG . && cd ../..; ./tests/run.sh $TAG diff --git a/3.0/apache/Dockerfile b/3.0/apache/Dockerfile index 5a9a164..eb0d26b 100644 --- a/3.0/apache/Dockerfile +++ b/3.0/apache/Dockerfile @@ -66,9 +66,8 @@ RUN a2enmod headers rewrite remoteip; \ RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" # Download, unzip and chmod LimeSurvey from official GitHub repository -RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz - RUN set -ex; \ + curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \ echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ \ tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ diff --git a/3.0/fpm-alpine/Dockerfile b/3.0/fpm-alpine/Dockerfile index 44e9000..6d51a7e 100644 --- a/3.0/fpm-alpine/Dockerfile +++ b/3.0/fpm-alpine/Dockerfile @@ -35,10 +35,9 @@ RUN set -ex; \ tidy \ zip -# Download, unzip and chmod of LimeSurvey -RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz - +# Download, unzip and chmod LimeSurvey from official GitHub repository RUN set -ex; \ + curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \ echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ \ tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ diff --git a/3.0/fpm/Dockerfile b/3.0/fpm/Dockerfile index 156d5a3..9c117b2 100644 --- a/3.0/fpm/Dockerfile +++ b/3.0/fpm/Dockerfile @@ -51,9 +51,8 @@ RUN set -ex; \ ENV LIMESURVEY_VERSION=$version # Download, unzip and chmod LimeSurvey from official GitHub repository -RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz - RUN set -ex; \ + curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \ echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ \ tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ diff --git a/4.0/apache/Dockerfile b/4.0/apache/Dockerfile index 2c2131f..e3a6673 100644 --- a/4.0/apache/Dockerfile +++ b/4.0/apache/Dockerfile @@ -67,9 +67,8 @@ RUN a2enmod headers rewrite remoteip; \ RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" # Download, unzip and chmod LimeSurvey from official GitHub repository -RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz - RUN set -ex; \ + curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \ echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ \ tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ diff --git a/4.0/fpm-alpine/Dockerfile b/4.0/fpm-alpine/Dockerfile index 54f1f4d..2e2fd90 100644 --- a/4.0/fpm-alpine/Dockerfile +++ b/4.0/fpm-alpine/Dockerfile @@ -36,10 +36,9 @@ RUN set -ex; \ tidy \ zip -# Download, unzip and chmod of LimeSurvey -RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz - +# Download, unzip and chmod LimeSurvey from official GitHub repository RUN set -ex; \ + curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \ echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ \ tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ diff --git a/4.0/fpm/Dockerfile b/4.0/fpm/Dockerfile index 4d94505..c5e59f8 100644 --- a/4.0/fpm/Dockerfile +++ b/4.0/fpm/Dockerfile @@ -51,9 +51,8 @@ RUN set -ex; \ ENV LIMESURVEY_VERSION=$version # Download, unzip and chmod LimeSurvey from official GitHub repository -RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz - RUN set -ex; \ + curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \ echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ \ tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ diff --git a/5.0/apache/Dockerfile b/5.0/apache/Dockerfile new file mode 100644 index 0000000..c772a26 --- /dev/null +++ b/5.0/apache/Dockerfile @@ -0,0 +1,84 @@ +FROM php:8-apache +LABEL maintainer="markus@martialblog.de" +ARG version='5.0.0+210526' +ARG sha256_checksum='b82edc84970b438fdcc63880bb4dee74ee5afb61540f25be8c84a102881c2bc0' +ARG USER=www-data +ARG LISTEN_PORT=8080 + +# Install OS dependencies +RUN set -ex; \ + apt-get update && \ + DEBIAN_FRONTEND=noninteractive \ + apt-get install --no-install-recommends -y \ + \ + libldap2-dev \ + libfreetype6-dev \ + libjpeg-dev \ + libonig-dev \ + zlib1g-dev \ + libc-client-dev \ + libkrb5-dev \ + libpng-dev \ + libpq-dev \ + libzip-dev \ + libtidy-dev \ + libsodium-dev \ + netcat \ + curl \ + \ + && apt-get -y autoclean; apt-get -y autoremove; \ + rm -rf /var/lib/apt/lists/* + +# Link LDAP library for PHP ldap extension +RUN set -ex; \ + ln -fs /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/ + +# Install PHP Plugins and Configure PHP imap plugin +RUN set -ex; \ + docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr && \ + docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \ + docker-php-ext-install -j5 \ + exif \ + gd \ + imap \ + ldap \ + mbstring \ + pdo \ + pdo_mysql \ + pdo_pgsql \ + pgsql \ + sodium \ + tidy \ + zip + +ENV LIMESURVEY_VERSION=$version + +# Apache configuration +RUN a2enmod headers rewrite remoteip; \ + {\ + echo RemoteIPHeader X-Real-IP ;\ + echo RemoteIPTrustedProxy 10.0.0.0/8 ;\ + echo RemoteIPTrustedProxy 172.16.0.0/12 ;\ + echo RemoteIPTrustedProxy 192.168.0.0/16 ;\ + } > /etc/apache2/conf-available/remoteip.conf;\ + a2enconf remoteip + +# Use the default production configuration +RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini" + +# Download, unzip and chmod LimeSurvey from official GitHub repository +RUN set -ex; \ + curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \ + echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ + \ + tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ + rm -f "/tmp/limesurvey.tar.gz" && \ + chown -R "$USER:$USER" /var/www/html /etc/apache2 + +EXPOSE $LISTEN_PORT + +WORKDIR /var/www/html +COPY entrypoint.sh entrypoint.sh +USER $USER +ENTRYPOINT ["/var/www/html/entrypoint.sh"] +CMD ["apache2-foreground"] diff --git a/5.0/apache/entrypoint.sh b/5.0/apache/entrypoint.sh new file mode 100755 index 0000000..5cecb90 --- /dev/null +++ b/5.0/apache/entrypoint.sh @@ -0,0 +1,151 @@ +#!/bin/bash +# Entrypoint for Docker Container + + +DB_TYPE=${DB_TYPE:-'mysql'} +DB_HOST=${DB_HOST:-'mysql'} +DB_PORT=${DB_PORT:-'3306'} +DB_SOCK=${DB_SOCK:-} +DB_NAME=${DB_NAME:-'limesurvey'} +DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'} +DB_USERNAME=${DB_USERNAME:-'limesurvey'} +DB_PASSWORD=${DB_PASSWORD:-} + +ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-} +ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-} +ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-} + +ADMIN_USER=${ADMIN_USER:-'admin'} +ADMIN_NAME=${ADMIN_NAME:-'admin'} +ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'} +ADMIN_PASSWORD=${ADMIN_PASSWORD:-} + +BASE_URL=${BASE_URL:-} +PUBLIC_URL=${PUBLIC_URL:-} +URL_FORMAT=${URL_FORMAT:-'path'} +SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'} + +DEBUG=${DEBUG:-0} +DEBUG_SQL=${DEBUG_SQL:-0} + +LISTEN_PORT=${LISTEN_PORT:-"8080"} + +if [ -z "$DB_PASSWORD" ]; then + echo >&2 'Error: Missing DB_PASSWORD' + exit 1 +fi + +if [ -z "$ADMIN_PASSWORD" ]; then + echo >&2 'Error: Missing ADMIN_PASSWORD' + exit 1 +fi + +if [ "$LISTEN_PORT" != "80" ]; then + echo "Info: Customizing Apache Listen port to $LISTEN_PORT" + sed -i "s/80/$LISTEN_PORT/" /etc/apache2/ports.conf /etc/apache2/sites-available/000-default.conf +fi + +# Check if database is available +if [ -z "$DB_SOCK" ]; then + until nc -z -v -w30 $DB_HOST $DB_PORT + do + echo "Info: Waiting for database connection..." + sleep 5 + done +fi + +# Check if config already provisioned +if [ -f application/config/config.php ]; then + echo 'Info: config.php already provisioned' +else + echo 'Info: Generating config.php' + + if [ "$DB_TYPE" = 'mysql' ]; then + echo 'Info: Using MySQL configuration' + DB_CHARSET=${DB_CHARSET:-'utf8mb4'} + fi + + if [ "$DB_TYPE" = 'pgsql' ]; then + echo 'Info: Using PostgreSQL configuration' + DB_CHARSET=${DB_CHARSET:-'utf8'} + fi + + if [ ! -z "$DB_SOCK" ]; then + echo 'Info: Using unix socket' + DB_CONNECT='unix_socket' + else + echo 'Info: Using TCP connection' + DB_CONNECT='host' + fi + + if [ -z "$PUBLIC_URL" ]; then + echo 'Info: Setting PublicURL' + fi + + cat < application/config/config.php + array( + 'db' => array( + 'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;', + 'emulatePrepare' => true, + 'username' => '$DB_USERNAME', + 'password' => '$DB_PASSWORD', + 'charset' => '$DB_CHARSET', + 'tablePrefix' => '$DB_TABLE_PREFIX', + ), + 'urlManager' => array( + 'urlFormat' => '$URL_FORMAT', + 'rules' => array(), + 'showScriptName' => $SHOW_SCRIPT_NAME, + ), + 'request' => array( + 'baseUrl' => '$BASE_URL', + ), + ), + 'config'=>array( + 'publicurl'=>'$PUBLIC_URL', + 'debug'=>$DEBUG, + 'debugsql'=>$DEBUG_SQL, + ) +); + +EOF + +fi + +# Check if security config already provisioned +if [ -f application/config/security.php ]; then + echo 'Info: security.php already provisioned' +else + echo 'Info: Creating security.php' + if [ ! -z "$ENCRYPT_KEYPAIR" ]; then + + cat < application/config/security.php +&2 'Warning: No encryption keys were provided' + echo >&2 'Warning: A security.php config will be created by the application' + echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT' + fi +fi + +# Check if LimeSurvey database is provisioned +echo 'Info: Check if database already provisioned. Nevermind the Stack trace.' +php application/commands/console.php updatedb + +if [ $? -eq 0 ]; then + echo 'Info: Database already provisioned' +else + echo '' + echo 'Running console.php install' + php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL +fi + +exec "$@" diff --git a/5.0/fpm-alpine/Dockerfile b/5.0/fpm-alpine/Dockerfile new file mode 100644 index 0000000..504e25d --- /dev/null +++ b/5.0/fpm-alpine/Dockerfile @@ -0,0 +1,60 @@ +FROM php:8-fpm-alpine +LABEL maintainer="markus@martialblog.de" +ARG version='5.0.0+210526' +ARG sha256_checksum='b82edc84970b438fdcc63880bb4dee74ee5afb61540f25be8c84a102881c2bc0' +ARG USER=www-data + +# Install OS dependencies +RUN set -ex; \ + apk add --no-cache --virtual .build-deps \ + freetype-dev \ + libpng-dev \ + libzip-dev \ + libjpeg-turbo-dev \ + tidyhtml-dev \ + libsodium-dev \ + openldap-dev \ + oniguruma-dev \ + imap-dev \ + postgresql-dev && \ + apk add --no-cache netcat-openbsd bash + +# Install PHP Plugins +RUN set -ex; \ + docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr && \ + docker-php-ext-configure imap --with-imap-ssl && \ + docker-php-ext-install \ + exif \ + gd \ + imap \ + ldap \ + mbstring \ + pdo \ + pdo_mysql \ + pdo_pgsql \ + pgsql \ + sodium \ + tidy \ + zip + +# Download, unzip and chmod LimeSurvey from official GitHub repository +RUN set -ex; \ + curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \ + echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ + \ + tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ + \ + rm -rf "/tmp/limesurvey.tar.gz" \ + /var/www/html/docs \ + /var/www/html/tests \ + /var/www/html/*.md && \ + chown -R "${USER}:root" /var/www/ ; \ + chmod -R g=u /var/www + +EXPOSE 9000 + +WORKDIR /var/www/html +COPY entrypoint.sh entrypoint.sh +USER $USER +ENTRYPOINT ["/var/www/html/entrypoint.sh"] +CMD ["php-fpm"] diff --git a/5.0/fpm-alpine/entrypoint.sh b/5.0/fpm-alpine/entrypoint.sh new file mode 100755 index 0000000..892bad9 --- /dev/null +++ b/5.0/fpm-alpine/entrypoint.sh @@ -0,0 +1,144 @@ +#!/bin/bash +# Entrypoint for Docker Container + + +DB_TYPE=${DB_TYPE:-'mysql'} +DB_HOST=${DB_HOST:-'mysql'} +DB_PORT=${DB_PORT:-'3306'} +DB_SOCK=${DB_SOCK:-} +DB_NAME=${DB_NAME:-'limesurvey'} +DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'} +DB_USERNAME=${DB_USERNAME:-'limesurvey'} +DB_PASSWORD=${DB_PASSWORD:-} + +ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-} +ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-} +ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-} + +ADMIN_USER=${ADMIN_USER:-'admin'} +ADMIN_NAME=${ADMIN_NAME:-'admin'} +ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'} +ADMIN_PASSWORD=${ADMIN_PASSWORD:-} + +BASE_URL=${BASE_URL:-} +PUBLIC_URL=${PUBLIC_URL:-} +URL_FORMAT=${URL_FORMAT:-'path'} +SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'} + +DEBUG=${DEBUG:-0} +DEBUG_SQL=${DEBUG_SQL:-0} + +if [ -z "$DB_PASSWORD" ]; then + echo >&2 'Error: Missing DB_PASSWORD' + exit 1 +fi + +if [ -z "$ADMIN_PASSWORD" ]; then + echo >&2 'Error: Missing ADMIN_PASSWORD' + exit 1 +fi + +# Check if database is available +if [ -z "$DB_SOCK" ]; then + until nc -z -v -w30 $DB_HOST $DB_PORT + do + echo "Info: Waiting for database connection..." + sleep 5 + done +fi + +# Check if config already provisioned +if [ -f application/config/config.php ]; then + echo 'Info: config.php already provisioned' +else + echo 'Info: Generating config.php' + + if [ "$DB_TYPE" = 'mysql' ]; then + echo 'Info: Using MySQL configuration' + DB_CHARSET=${DB_CHARSET:-'utf8mb4'} + fi + + if [ "$DB_TYPE" = 'pgsql' ]; then + echo 'Info: Using PostgreSQL configuration' + DB_CHARSET=${DB_CHARSET:-'utf8'} + fi + + if [ ! -z "$DB_SOCK" ]; then + echo 'Info: Using unix socket' + DB_CONNECT='unix_socket' + else + echo 'Info: Using TCP connection' + DB_CONNECT='host' + fi + + if [ -z "$PUBLIC_URL" ]; then + echo 'Info: Setting PublicURL' + fi + + cat < application/config/config.php + array( + 'db' => array( + 'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;', + 'emulatePrepare' => true, + 'username' => '$DB_USERNAME', + 'password' => '$DB_PASSWORD', + 'charset' => '$DB_CHARSET', + 'tablePrefix' => '$DB_TABLE_PREFIX', + ), + 'urlManager' => array( + 'urlFormat' => '$URL_FORMAT', + 'rules' => array(), + 'showScriptName' => $SHOW_SCRIPT_NAME, + ), + 'request' => array( + 'baseUrl' => '$BASE_URL', + ), + ), + 'config'=>array( + 'publicurl'=>'$PUBLIC_URL', + 'debug'=>$DEBUG, + 'debugsql'=>$DEBUG_SQL, + ) +); + +EOF + +fi + +# Check if security config already provisioned +if [ -f application/config/security.php ]; then + echo 'Info: security.php already provisioned' +else + echo 'Info: Creating security.php' + if [ ! -z "$ENCRYPT_KEYPAIR" ]; then + + cat < application/config/security.php +&2 'Warning: No encryption keys were provided' + echo >&2 'Warning: A security.php config will be created by the application' + echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT' + fi +fi + +# Check if LimeSurvey database is provisioned +echo 'Info: Check if database already provisioned. Nevermind the Stack trace.' +php application/commands/console.php updatedb + +if [ $? -eq 0 ]; then + echo 'Info: Database already provisioned' +else + echo '' + echo 'Running console.php install' + php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL +fi + +exec "$@" diff --git a/5.0/fpm/Dockerfile b/5.0/fpm/Dockerfile new file mode 100644 index 0000000..e50d3a4 --- /dev/null +++ b/5.0/fpm/Dockerfile @@ -0,0 +1,69 @@ +FROM php:8-fpm +LABEL maintainer="markus@martialblog.de" +ARG version='5.0.0+210526' +ARG sha256_checksum='b82edc84970b438fdcc63880bb4dee74ee5afb61540f25be8c84a102881c2bc0' +ARG USER=www-data + +# Install OS dependencies +RUN set -ex; \ + apt-get update && \ + DEBIAN_FRONTEND=noninteractive \ + apt-get install --no-install-recommends -y \ + \ + libldap2-dev \ + libfreetype6-dev \ + libjpeg-dev \ + libonig-dev \ + zlib1g-dev \ + libc-client-dev \ + libkrb5-dev \ + libpng-dev \ + libpq-dev \ + libzip-dev \ + libtidy-dev \ + libsodium-dev \ + netcat \ + \ + && apt-get -y autoclean; apt-get -y autoremove; \ + rm -rf /var/lib/apt/lists/* + +# Link LDAP library for PHP ldap extension +RUN set -ex; \ + ln -fs /usr/lib/x86_64-linux-gnu/libldap.so /usr/lib/ + +# Install PHP Plugins and Configure PHP imap plugin +RUN set -ex; \ + docker-php-ext-configure gd --with-freetype=/usr/include/ --with-jpeg=/usr && \ + docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \ + docker-php-ext-install -j5 \ + exif \ + gd \ + imap \ + ldap \ + mbstring \ + pdo \ + pdo_mysql \ + pdo_pgsql \ + pgsql \ + sodium \ + tidy \ + zip + +ENV LIMESURVEY_VERSION=$version + +# Download, unzip and chmod LimeSurvey from official GitHub repository +RUN set -ex; \ + curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz && \ + echo "${sha256_checksum} /tmp/limesurvey.tar.gz" | sha256sum -c - && \ + \ + tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \ + rm -f "/tmp/limesurvey.tar.gz" && \ + chown -R "$USER:$USER" /var/www/html + +EXPOSE 9000 + +WORKDIR /var/www/html +COPY entrypoint.sh entrypoint.sh +USER $USER +ENTRYPOINT ["/var/www/html/entrypoint.sh"] +CMD ["php-fpm"] diff --git a/5.0/fpm/entrypoint.sh b/5.0/fpm/entrypoint.sh new file mode 100755 index 0000000..892bad9 --- /dev/null +++ b/5.0/fpm/entrypoint.sh @@ -0,0 +1,144 @@ +#!/bin/bash +# Entrypoint for Docker Container + + +DB_TYPE=${DB_TYPE:-'mysql'} +DB_HOST=${DB_HOST:-'mysql'} +DB_PORT=${DB_PORT:-'3306'} +DB_SOCK=${DB_SOCK:-} +DB_NAME=${DB_NAME:-'limesurvey'} +DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'} +DB_USERNAME=${DB_USERNAME:-'limesurvey'} +DB_PASSWORD=${DB_PASSWORD:-} + +ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-} +ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-} +ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-} + +ADMIN_USER=${ADMIN_USER:-'admin'} +ADMIN_NAME=${ADMIN_NAME:-'admin'} +ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'} +ADMIN_PASSWORD=${ADMIN_PASSWORD:-} + +BASE_URL=${BASE_URL:-} +PUBLIC_URL=${PUBLIC_URL:-} +URL_FORMAT=${URL_FORMAT:-'path'} +SHOW_SCRIPT_NAME=${SHOW_SCRIPT_NAME:-'true'} + +DEBUG=${DEBUG:-0} +DEBUG_SQL=${DEBUG_SQL:-0} + +if [ -z "$DB_PASSWORD" ]; then + echo >&2 'Error: Missing DB_PASSWORD' + exit 1 +fi + +if [ -z "$ADMIN_PASSWORD" ]; then + echo >&2 'Error: Missing ADMIN_PASSWORD' + exit 1 +fi + +# Check if database is available +if [ -z "$DB_SOCK" ]; then + until nc -z -v -w30 $DB_HOST $DB_PORT + do + echo "Info: Waiting for database connection..." + sleep 5 + done +fi + +# Check if config already provisioned +if [ -f application/config/config.php ]; then + echo 'Info: config.php already provisioned' +else + echo 'Info: Generating config.php' + + if [ "$DB_TYPE" = 'mysql' ]; then + echo 'Info: Using MySQL configuration' + DB_CHARSET=${DB_CHARSET:-'utf8mb4'} + fi + + if [ "$DB_TYPE" = 'pgsql' ]; then + echo 'Info: Using PostgreSQL configuration' + DB_CHARSET=${DB_CHARSET:-'utf8'} + fi + + if [ ! -z "$DB_SOCK" ]; then + echo 'Info: Using unix socket' + DB_CONNECT='unix_socket' + else + echo 'Info: Using TCP connection' + DB_CONNECT='host' + fi + + if [ -z "$PUBLIC_URL" ]; then + echo 'Info: Setting PublicURL' + fi + + cat < application/config/config.php + array( + 'db' => array( + 'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;', + 'emulatePrepare' => true, + 'username' => '$DB_USERNAME', + 'password' => '$DB_PASSWORD', + 'charset' => '$DB_CHARSET', + 'tablePrefix' => '$DB_TABLE_PREFIX', + ), + 'urlManager' => array( + 'urlFormat' => '$URL_FORMAT', + 'rules' => array(), + 'showScriptName' => $SHOW_SCRIPT_NAME, + ), + 'request' => array( + 'baseUrl' => '$BASE_URL', + ), + ), + 'config'=>array( + 'publicurl'=>'$PUBLIC_URL', + 'debug'=>$DEBUG, + 'debugsql'=>$DEBUG_SQL, + ) +); + +EOF + +fi + +# Check if security config already provisioned +if [ -f application/config/security.php ]; then + echo 'Info: security.php already provisioned' +else + echo 'Info: Creating security.php' + if [ ! -z "$ENCRYPT_KEYPAIR" ]; then + + cat < application/config/security.php +&2 'Warning: No encryption keys were provided' + echo >&2 'Warning: A security.php config will be created by the application' + echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT' + fi +fi + +# Check if LimeSurvey database is provisioned +echo 'Info: Check if database already provisioned. Nevermind the Stack trace.' +php application/commands/console.php updatedb + +if [ $? -eq 0 ]; then + echo 'Info: Database already provisioned' +else + echo '' + echo 'Running console.php install' + php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL +fi + +exec "$@" diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..c39a00e --- /dev/null +++ b/Makefile @@ -0,0 +1,14 @@ +# .PHONY: apache fpm fpm-alpine + +apache-lts: + docker build --pull -t martialblog/limesurvey:3-apache 3.0/apache +apache-latest: + docker build --pull -t martialblog/limesurvey:5-apache 5.0/apache +fpm-alpine-lts: + docker build --pull -t martialblog/limesurvey:3-fpm-alpine 3.0/fpm-alpine +fpm-alpine-latest: + docker build --pull -t martialblog/limesurvey:5-fpm-alpine 5.0/fpm-alpine +fpm-lts: + docker build --pull -t martialblog/limesurvey:3-fpm 3.0/fpm +fpm-latest: + docker build --pull -t martialblog/limesurvey:5-fpm 5.0/fpm diff --git a/README.md b/README.md index 897598b..a320cce 100644 --- a/README.md +++ b/README.md @@ -12,12 +12,10 @@ Dockerfile to build a [LimeSurvey](https://limesurvey.org) Image for the Docker ## Supported tags and respective Dockerfile links -- [`4-apache`, `4.-apache`, `latest` ](https://github.com/martialblog/docker-limesurvey/blob/master/4.0/apache/Dockerfile) -- [`4-apache-rootless`, `4.-apache-rootless`](https://github.com/martialblog/docker-limesurvey/blob/master/4.0/apache/Dockerfile) -- [`4-fpm`, `4.-fpm`](https://github.com/martialblog/docker-limesurvey/blob/master/4.0/fpm/Dockerfile) -- [`4-fpm-alpine`, `4.-fpm-alpine`](https://github.com/martialblog/docker-limesurvey/blob/master/4.0/fpm-alpine/Dockerfile) +- [`5-apache`, `5.-apache`, `latest` ](https://github.com/martialblog/docker-limesurvey/blob/master/5.0/apache/Dockerfile) +- [`5-fpm`, `5.-fpm`](https://github.com/martialblog/docker-limesurvey/blob/master/5.0/fpm/Dockerfile) +- [`5-fpm-alpine`, `5.-fpm-alpine`](https://github.com/martialblog/docker-limesurvey/blob/master/5.0/fpm-alpine/Dockerfile) - [`3-apache`, `3.-apache`](https://github.com/martialblog/docker-limesurvey/blob/master/3.0/apache/Dockerfile) -- [`3-apache-rootless`, `3.-apache-rootless`](https://github.com/martialblog/docker-limesurvey/blob/master/3.0/apache/Dockerfile) - [`3-fpm`, `3.-fpm`](https://github.com/martialblog/docker-limesurvey/blob/master/3.0/fpm/Dockerfile) - [`3-fpm-alpine`, `3.-fpm-alpine`](https://github.com/martialblog/docker-limesurvey/blob/master/3.0/fpm-alpine/Dockerfile) @@ -25,7 +23,7 @@ Dockerfile to build a [LimeSurvey](https://limesurvey.org) Image for the Docker The `apache` image comes with an Apache Webserver and PHP installed. -This image is also available as `rootless` with `www-data` as default user. +This image is also available in a `rootless` variant with `www-data` as default user and Apache listening on 8080. Starting from 5.0, the `rootless` variant is the default for Apache images. ## Apache Configuration @@ -35,7 +33,7 @@ To change to Apache Webserver configuration, mount a Volume into the Container a See the example configuration provided. -If you want to run Apache on a non-privileged port inside the container, just specify a environment variable `LISTEN_PORT` (e.g. `LISTEN_PORT=8080`). +The Apache port can be specified by setting the environment variable `LISTEN_PORT` (e.g. `LISTEN_PORT=8080`). Starting from 5.0, Apache defaults to listening on a non-privilged port (8080) in inside the container. # Using the fpm Image @@ -75,7 +73,7 @@ To change to LimeSurvey configuration, you can mount a Volume into the Container ## Data encryption -LimeSurvey 4 supports data encryption, this image give you these options: +LimeSurvey version 4.0 and newer support data encryption, this image give you these options: * Provide a security.php file directly (volume) * Provide encryption keys for the `security.php` file (environment variables) @@ -113,12 +111,13 @@ For further details on the settings see: https://manual.limesurvey.org/Data_encr | PUBLIC_URL | Public URL for public scripts | | BASE_URL | Application Base URL | | URL_FORMAT | URL Format. path or get | +| SHOW_SCRIPT_NAME | Script name in URL (true|false). Default: true | | DEBUG | Debug level (0, 1, 2). Default: 0 | | DEBUG_SQL | SQL Debug level (0, 1, 2). Default 0 | | ENCRYPT_KEYPAIR | Data encryption keypair | | ENCRYPT_PUBLIC_KEY | Data encryption public key | | ENCRYPT_SECRET_KEY | Data encryption secret key | -| LISTEN_PORT | Apache: Listen port. Default: 80 | +| LISTEN_PORT | Apache: Listen port. Default: 8080 | For further details on the settings see: https://manual.limesurvey.org/Optional_settings#Advanced_Path_Settings @@ -136,6 +135,42 @@ http://localhost:8080/ http://localhost:8080/index.php/admin ``` +# Upgrade Guide + +These guides are only referring to the Docker Image, for details on the application users should consult the [official LimeSurvey documentation](https://manual.limesurvey.org/Upgrading_from_a_previous_version) for details. + +## Upgrading the FPM Images + +If you are using docker-compose to run the FPM Images, you need to stop the application and webserver Containers and delete the application volume: + +``` +$ docker volume ls +DRIVER VOLUME NAME +local docker-limesurvey_lime + +$ docker volume rm docker-limesurvey_lime +``` + +## Upgrading to 5.0 from 4.x + +The default user in the Container will now be *www-data* (uid 33 in Debian, uid 82 in Alpine), any volumes mounted need the corresponding permissions: + +``` +# Debian +$ ls -ln upload/ +total 4 +drwxr-xr-x 3 33 33 4096 Jun 3 13:51 surveys +``` + +``` +# Alpine +$ ls -ln upload/ +total 4 +drwxr-xr-x 3 82 82 4096 Jun 3 13:51 surveys +``` + +If you are using the Apache2 Images, the default port will now be **8080**. Depending on your setup the port configurations might need adjustment. + # References - https://www.limesurvey.org/ diff --git a/docker-compose.example.yml b/docker-compose.example.yml index bf61a37..e53df22 100644 --- a/docker-compose.example.yml +++ b/docker-compose.example.yml @@ -18,7 +18,7 @@ services: volumes: - limesurvey:/var/www/html/upload/surveys ports: - - 8080:80 + - 8080:8080 depends_on: - db db: diff --git a/docker-compose.fpm-certbot.yml b/docker-compose.fpm-certbot.yml index fb73c8a..dfcd5d9 100644 --- a/docker-compose.fpm-certbot.yml +++ b/docker-compose.fpm-certbot.yml @@ -2,9 +2,10 @@ version: "3.0" services: limesurvey: build: - context: 4.0/fpm/ + context: 5.0/fpm/ dockerfile: Dockerfile volumes: + # Hint: This is just an example, change /tmp to something persistent - /tmp/upload/surveys:/var/www/html/upload/surveys - lime:/var/www/html links: diff --git a/docker-compose.fpm.alpine.yml b/docker-compose.fpm.alpine.yml index 858232f..555be17 100644 --- a/docker-compose.fpm.alpine.yml +++ b/docker-compose.fpm.alpine.yml @@ -2,9 +2,10 @@ version: "3.0" services: limesurvey: build: - context: 4.0/fpm-alpine/ + context: 5.0/fpm-alpine/ dockerfile: Dockerfile volumes: + # Hint: This is just an example, change /tmp to something persistent - /tmp/upload/surveys:/var/www/html/upload/surveys - lime:/var/www/html links: diff --git a/docker-compose.fpm.yml b/docker-compose.fpm.yml index 56ef884..530c042 100644 --- a/docker-compose.fpm.yml +++ b/docker-compose.fpm.yml @@ -2,9 +2,10 @@ version: "3.0" services: limesurvey: build: - context: 4.0/fpm/ + context: 5.0/fpm/ dockerfile: Dockerfile volumes: + # Hint: This is just an example, change /tmp to something persistent - /tmp/upload/surveys:/var/www/html/upload/surveys - lime:/var/www/html links: diff --git a/docker-compose.pgsql.yml b/docker-compose.pgsql.yml index 1402973..ce352ee 100644 --- a/docker-compose.pgsql.yml +++ b/docker-compose.pgsql.yml @@ -2,16 +2,17 @@ version: "3.0" services: limesurvey: build: - context: 4.0/apache/ + context: 5.0/apache/ dockerfile: Dockerfile volumes: + # Hint: This is just an example, change /tmp to something persistent - /tmp/upload/surveys:/var/www/html/upload/surveys links: - lime-db depends_on: - lime-db ports: - - "8080:80" + - "8080:8080" environment: - "DB_TYPE=pgsql" - "DB_PORT=5432" diff --git a/docker-compose.yml b/docker-compose.yml index 050a776..f7c5fa4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,16 +2,17 @@ version: "3.0" services: limesurvey: build: - context: 4.0/apache/ + context: 5.0/apache/ dockerfile: Dockerfile volumes: + # Hint: This is just an example, change /tmp to something persistent - /tmp/upload/surveys:/var/www/html/upload/surveys links: - lime-db depends_on: - lime-db ports: - - "8080:80" + - "8080:8080" environment: - "DB_HOST=lime-db" - "DB_PASSWORD=secret" diff --git a/examples/apache-example.conf b/examples/apache-example.conf index 4105ae8..d4bccd4 100644 --- a/examples/apache-example.conf +++ b/examples/apache-example.conf @@ -1,4 +1,4 @@ - + ServerAdmin foo@bar.com DocumentRoot /var/www/html Alias /lime "/var/www/html" diff --git a/makefile b/makefile deleted file mode 100644 index 341efe1..0000000 --- a/makefile +++ /dev/null @@ -1,18 +0,0 @@ -.PHONY: apache fpm fpm-alpine - -apache3: - docker build --pull -t martialblog/limesurvey:3-apache 3.0/apache -apache3-rootless: - docker build --pull --build-arg USER=www-data --build-arg LISTEN_PORT=8080 -t martialblog/limesurvey:3-apache-rootless 3.0/apache -apache4: - docker build --pull -t martialblog/limesurvey:3-apache 3.0/apache -apache4-rootless: - docker build --pull --build-arg USER=www-data --build-arg LISTEN_PORT=8080 -t martialblog/limesurvey:4-apache-rootless 4.0/apache -fpm-alpine3: - docker build --pull -t martialblog/limesurvey:3-fpm-alpine 3.0/fpm-alpine -fpm-alpine4: - docker build --pull -t martialblog/limesurvey:4-fpm-alpine 4.0/fpm-alpine -fpm3: - docker build --pull -t martialblog/limesurvey:3-fpm 3.0/fpm -fpm4: - docker build --pull -t martialblog/limesurvey:4-fpm 4.0/fpm diff --git a/upgrade.sh b/upgrade.sh index 1409e39..c57a591 100755 --- a/upgrade.sh +++ b/upgrade.sh @@ -32,4 +32,4 @@ sed -r -i -e "s/[A-Fa-f0-9]{64}/$SHA256_CHECKSUM/" $MAJOR_VERSION/apache/Dockerf # After that, check and commit echo "git add 3.0 ; git commit -m 'Upgrading to LTS Version ${NEW_VERSION}' && git tag ${NEW_VERSION}" -echo "git add 4.0 ; git commit -m 'Upgrading to Version ${NEW_VERSION}' && git tag ${NEW_VERSION}" +echo "git add 5.0 ; git commit -m 'Upgrading to Version ${NEW_VERSION}' && git tag ${NEW_VERSION}"