Upgrading to Version 4.4.5+210213

Remove unused references to encryption for LS3 entrypoints

3.0/apache/Dockerfile

@@ -1,7 +1,7 @@
-FROM php:7.2-apache
+FROM php:7.4-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.12+200406'
-ARG sha256_checksum='f21bfe619c6f50c621b96b21c3149ffc7d3da5f1fb87fe61a1c33db31ca6f5a9'
+ARG version='3.25.11+210210'
+ARG sha256_checksum='53ed386936abb613f604e02808b61d87f510f470cc8c9a5fd9a2c631467d1be1'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -12,11 +12,13 @@ RUN set -ex; \
         libldap2-dev \
         libfreetype6-dev \
         libjpeg-dev \
+        libonig-dev \
         zlib1g-dev \
         libc-client-dev \
         libkrb5-dev \
         libpng-dev \
         libpq-dev \
+        libzip-dev \
         netcat \
         \
         && apt-get -y autoclean; apt-get -y autoremove; \
@@ -28,9 +30,10 @@ RUN set -ex; \
 
 # Install PHP Plugins and Configure PHP imap plugin
 RUN set -ex; \
-        docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
+        docker-php-ext-configure gd && \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
+        exif \
         gd \
         imap \
         ldap \
@@ -57,13 +60,13 @@ RUN a2enmod headers rewrite remoteip; \
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
-        rm -f "/tmp/${version}.tar.gz" && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        rm -f "/tmp/limesurvey.tar.gz" && \
         chown -R www-data:www-data /var/www/html
 
 COPY entrypoint.sh entrypoint.sh

3.0/apache/entrypoint.sh

@@ -14,11 +14,24 @@ DB_PASSWORD=${DB_PASSWORD:-}
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
+BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +42,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
-# Check if already provisioned
+# Check if config already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,37 +51,55 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
     fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
 fi
 
 
@@ -77,22 +107,9 @@ fi
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

3.0/fpm-alpine/Dockerfile

@@ -1,22 +1,24 @@
-FROM php:7.2-fpm-alpine
+FROM php:7.4-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.12+200406'
-ARG sha256_checksum='f21bfe619c6f50c621b96b21c3149ffc7d3da5f1fb87fe61a1c33db31ca6f5a9'
+ARG version='3.25.11+210210'
+ARG sha256_checksum='53ed386936abb613f604e02808b61d87f510f470cc8c9a5fd9a2c631467d1be1'
 
 # Install OS dependencies
 RUN set -ex; \
         apk add --no-cache --virtual .build-deps \
         freetype-dev \
         libpng-dev \
+        libzip-dev \
         libjpeg-turbo-dev \
         openldap-dev \
+        oniguruma-dev \
         imap-dev \
         postgresql-dev && \
         apk add --no-cache netcat-openbsd bash
 
 # Install PHP Plugins
 RUN set -ex; \
-        docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr ; \
+        docker-php-ext-configure gd && \
         docker-php-ext-configure imap --with-imap-ssl && \
         docker-php-ext-install \
         gd \
@@ -30,14 +32,14 @@ RUN set -ex; \
         zip
 
 # Download, unzip and chmod of LimeSurvey
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
         \
-        rm -rf "/tmp/${version}.tar.gz" \
+        rm -rf "/tmp/limesurvey.tar.gz" \
         /var/www/html/docs \
         /var/www/html/tests \
         /var/www/html/*.md && \

3.0/fpm-alpine/entrypoint.sh

@@ -14,11 +14,24 @@ DB_PASSWORD=${DB_PASSWORD:-}
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
+BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +42,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
-# Check if already provisioned
+# Check if config already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,37 +51,55 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
     fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
 fi
 
 
@@ -77,22 +107,9 @@ fi
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

3.0/fpm/Dockerfile

@@ -1,7 +1,7 @@
-FROM php:7.2-fpm
+FROM php:7.4-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.12+200406'
-ARG sha256_checksum='f21bfe619c6f50c621b96b21c3149ffc7d3da5f1fb87fe61a1c33db31ca6f5a9'
+ARG version='3.25.11+210210'
+ARG sha256_checksum='53ed386936abb613f604e02808b61d87f510f470cc8c9a5fd9a2c631467d1be1'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -12,11 +12,13 @@ RUN set -ex; \
         libldap2-dev \
         libfreetype6-dev \
         libjpeg-dev \
+        libonig-dev \
         zlib1g-dev \
         libc-client-dev \
         libkrb5-dev \
         libpng-dev \
         libpq-dev \
+        libzip-dev \
         netcat \
         \
         && apt-get -y autoclean; apt-get -y autoremove; \
@@ -28,9 +30,10 @@ RUN set -ex; \
 
 # Install PHP Plugins and Configure PHP imap plugin
 RUN set -ex; \
-        docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
+        docker-php-ext-configure gd && \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
+        exif \
         gd \
         imap \
         ldap \
@@ -44,13 +47,13 @@ RUN set -ex; \
 ENV LIMESURVEY_VERSION=$version
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
-        rm -f "/tmp/${version}.tar.gz" && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        rm -f "/tmp/limesurvey.tar.gz" && \
         chown -R www-data:www-data /var/www/html
 
 EXPOSE 9000

3.0/fpm/entrypoint.sh

@@ -14,11 +14,24 @@ DB_PASSWORD=${DB_PASSWORD:-}
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
+BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +42,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
-# Check if already provisioned
+# Check if config already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,37 +51,55 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
     fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
 fi
 
 
@@ -77,22 +107,9 @@ fi
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

4.0/apache/Dockerfile

@@ -1,7 +1,7 @@
-FROM php:7.2-apache
+FROM php:7.4-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.1.16+200407'
-ARG sha256_checksum='dbcc1154fde2ffb196c0ca5374d6dafeb5fef7f208e1b8ecf7440685ee2c3369'
+ARG version='4.4.5+210213'
+ARG sha256_checksum='621cd93ee5666c2e4de22b67f042e4e6c11f0d1c1aebfe76a7dc98eb7425e7ed'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -12,12 +12,15 @@ RUN set -ex; \
         libldap2-dev \
         libfreetype6-dev \
         libjpeg-dev \
+        libonig-dev \
         zlib1g-dev \
         libc-client-dev \
         libkrb5-dev \
         libpng-dev \
         libpq-dev \
+        libzip-dev \
         netcat \
+        curl \
         \
         && apt-get -y autoclean; apt-get -y autoremove; \
         rm -rf /var/lib/apt/lists/*
@@ -28,9 +31,10 @@ RUN set -ex; \
 
 # Install PHP Plugins and Configure PHP imap plugin
 RUN set -ex; \
-        docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
+        docker-php-ext-configure gd && \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
+        exif \
         gd \
         imap \
         ldap \
@@ -57,13 +61,13 @@ RUN a2enmod headers rewrite remoteip; \
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
-        rm -f "/tmp/${version}.tar.gz" && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        rm -f "/tmp/limesurvey.tar.gz" && \
         chown -R www-data:www-data /var/www/html
 
 COPY entrypoint.sh entrypoint.sh

4.0/apache/entrypoint.sh

@@ -11,14 +11,31 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
+BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +46,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
-# Check if already provisioned
+# Check if config already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +55,86 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
     fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
 fi
 
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

4.0/fpm-alpine/Dockerfile

@@ -1,24 +1,27 @@
-FROM php:7.2-fpm-alpine
+FROM php:7.4-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.1.16+200407'
-ARG sha256_checksum='dbcc1154fde2ffb196c0ca5374d6dafeb5fef7f208e1b8ecf7440685ee2c3369'
+ARG version='4.4.5+210213'
+ARG sha256_checksum='621cd93ee5666c2e4de22b67f042e4e6c11f0d1c1aebfe76a7dc98eb7425e7ed'
 
 # Install OS dependencies
 RUN set -ex; \
         apk add --no-cache --virtual .build-deps \
         freetype-dev \
         libpng-dev \
+        libzip-dev \
         libjpeg-turbo-dev \
         openldap-dev \
+        oniguruma-dev \
         imap-dev \
         postgresql-dev && \
         apk add --no-cache netcat-openbsd bash
 
 # Install PHP Plugins
 RUN set -ex; \
-        docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr ; \
+        docker-php-ext-configure gd && \
         docker-php-ext-configure imap --with-imap-ssl && \
         docker-php-ext-install \
+        exif \
         gd \
         imap \
         ldap \
@@ -30,14 +33,14 @@ RUN set -ex; \
         zip
 
 # Download, unzip and chmod of LimeSurvey
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
         \
-        rm -rf "/tmp/${version}.tar.gz" \
+        rm -rf "/tmp/limesurvey.tar.gz" \
         /var/www/html/docs \
         /var/www/html/tests \
         /var/www/html/*.md && \

4.0/fpm-alpine/entrypoint.sh

@@ -11,14 +11,31 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
+BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +46,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
-# Check if already provisioned
+# Check if config already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +55,86 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
     fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
 fi
 
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

4.0/fpm/Dockerfile

@@ -1,7 +1,7 @@
-FROM php:7.2-fpm
+FROM php:7.4-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.1.16+200407'
-ARG sha256_checksum='dbcc1154fde2ffb196c0ca5374d6dafeb5fef7f208e1b8ecf7440685ee2c3369'
+ARG version='4.4.5+210213'
+ARG sha256_checksum='621cd93ee5666c2e4de22b67f042e4e6c11f0d1c1aebfe76a7dc98eb7425e7ed'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -12,11 +12,13 @@ RUN set -ex; \
         libldap2-dev \
         libfreetype6-dev \
         libjpeg-dev \
+        libonig-dev \
         zlib1g-dev \
         libc-client-dev \
         libkrb5-dev \
         libpng-dev \
         libpq-dev \
+        libzip-dev \
         netcat \
         \
         && apt-get -y autoclean; apt-get -y autoremove; \
@@ -28,9 +30,10 @@ RUN set -ex; \
 
 # Install PHP Plugins and Configure PHP imap plugin
 RUN set -ex; \
-        docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
+        docker-php-ext-configure gd && \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
+        exif \
         gd \
         imap \
         ldap \
@@ -44,13 +47,13 @@ RUN set -ex; \
 ENV LIMESURVEY_VERSION=$version
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
-        rm -f "/tmp/${version}.tar.gz" && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        rm -f "/tmp/limesurvey.tar.gz" && \
         chown -R www-data:www-data /var/www/html
 
 EXPOSE 9000

4.0/fpm/entrypoint.sh

@@ -11,14 +11,31 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
+BASE_URL=${BASE_URL:-}
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +46,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
-# Check if already provisioned
+# Check if config already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +55,86 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
     fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+    'request' => array(
+      'baseUrl' => '$BASE_URL',
+     ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
 fi
 
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

CONTRIBUTING.md

@@ -4,23 +4,27 @@ Every Pull Request is welcome.
 
 ## Upgrading the Version
 
-To upgrade the LimeSurvey Version the ARG variable needs to be changed.
+The versions in this repository should correspond to the [GitHub LimeSurvey Releases](https://github.com/LimeSurvey/LimeSurvey/releases)
+
+To update the version, simply update ARG variables for version and corresponding checksum:
 
 ```bash
-$ grep Agrep ARG apache/Dockerfile
-ARG version='3.7.0+180418'
+# Version from GitHub Tags
+# sha256 of tar.gz from GitHub Releases
+
+$ grep ARG 4.0/apache/Dockerfile
+ARG version='4.3.13+200824'
+ARG sha256_checksum='4e9c6f20e'
 ```
 
-Since this is a reoccuring and boring task, a script is provided.
+It is best to use the upgrade shell script:
 
 ```bash
-# Dependencies
-python3 -m venv .venv
-source .venv/bin/activate
-pip3 install -r requirements.txt
+./upgrade.sh 4.3.13+200824
+# Check if sha256 is correct
 
-# Upgrades to latest Limesurvey version
-./upgrade.py
+git add 4.0/ && git commit -m 'Upgrading to Version 4.3.13+200824'
+git tag 4.3.13+200824
 ```
 
 ## Testing

README.md

@@ -1,25 +1,47 @@
-[![Build Status](https://travis-ci.org/martialblog/docker-limesurvey.svg?branch=master)](https://travis-ci.org/martialblog/docker-limesurvey)
+[![Build Status](https://travis-ci.com/martialblog/docker-limesurvey.svg?branch=master)](https://travis-ci.com/martialblog/docker-limesurvey)
 [![](https://images.microbadger.com/badges/image/martialblog/limesurvey.svg)](https://microbadger.com/images/martialblog/limesurvey "Get your own image badge on microbadger.com")
 
 # LimeSurvey Docker
 
 Dockerfile to build a [LimeSurvey](https://limesurvey.org) Image for the Docker container platform.
 
-# Using the apache image
+## Quick reference
+
+- **Maintained by:** https://github.com/martialblog/
+- **Where to get help:** [GitHub Issues](https://github.com/martialblog/docker-limesurvey/issues)
+
+## Supported tags and respective Dockerfile links
+
+- [`4-apache`, `4.<BUILD-NUMBER>-apache`, `latest` ](https://github.com/martialblog/docker-limesurvey/blob/master/4.0/apache/Dockerfile)
+- [`4-fpm`, `4.<BUILD-NUMBER>-fpm`](https://github.com/martialblog/docker-limesurvey/blob/master/4.0/fpm/Dockerfile)
+- [`4-fpm-alpine`, `4.<BUILD-NUMBER>-fpm-alpine`](https://github.com/martialblog/docker-limesurvey/blob/master/4.0/fpm-alpine/Dockerfile)
+- [`3-apache`, `3.<BUILD-NUMBER>-apache`](https://github.com/martialblog/docker-limesurvey/blob/master/3.0/apache/Dockerfile)
+- [`3-fpm`, `3.<BUILD-NUMBER>-fpm`](https://github.com/martialblog/docker-limesurvey/blob/master/3.0/fpm/Dockerfile)
+- [`3-fpm-alpine`, `3.<BUILD-NUMBER>-fpm-alpine`](https://github.com/martialblog/docker-limesurvey/blob/master/3.0/fpm-alpine/Dockerfile)
+
+# Using the Apache Image
 
 The apache image comes with an Apache Webserver and PHP installed.
 
-# Apache Configuration
+## Apache Configuration
 
 To change to Apache Webserver configuration, mount a Volume into the Container at:
 
- - /etc/apache2/sites-available/000-default.conf
+ - `/etc/apache2/sites-available/000-default.conf`
 
 See the example configuration provided.
 
-# Using the fpm image
+# Using the fpm Image
 
-To use the fpm image, you need an additional web server that can proxy http-request to the fpm-port of the container. See *docker-compose.fpm.yml* for example
+To use the fpm image, you need an additional web server that can proxy http-request to the fpm-port of the container. See *docker-compose.fpm.yml* for example.
+
+## Using the fpm Image with HTTPS
+
+If you would like to run the fpm setup with https, you can get a free certificate from Letsencrypt. As an example, the configuration in *docker-compose.fpm-certbot.yml*
+will take care of getting a certificate and installing it. Please note that you will have to adjust the domain name in the file *examples/nginx-certbot.conf* to match
+the domain used in the *HOSTNAMES* variable in the docker-compose configuration file. If you added both the a domain and the hostname *www* within the domain,
+*nginx-certbot.conf* needs to contain the domain without the hostname. E.g. if you set *"HOSTNAMES=example.org www.example.org"*, the path in *nginx-certbot.conf* needs
+to contain *example.org*.
 
 # Using an external database
 
@@ -29,11 +51,11 @@ LimeSurvey requires an external database (MySQL, PostgreSQL) to run. See *docker
 
 To preserve the uploaded files assign the upload folder into a volume. See *docker-compose.yml* for example.
 
-Path: */var/www/html/upload/surveys*
+Path: `/var/www/html/upload/surveys`
 
 **Hint**: The mounted directory must be owned by the webserver user (e.g. www-data)
 
-# LimeSurvey Configuration
+# LimeSurvey configuration
 
 The entrypoint will create a new config.php if none is provided and run the LimeSurvey command line interface for installation.
 
@@ -41,10 +63,31 @@ The entrypoint will create a new config.php if none is provided and run the Lime
 
 To change to LimeSurvey configuration, you can mount a Volume into the Container at:
 
- - /my-data/config.php:/var/www/html/application/config/config.php
+ - `/my-data/config.php:/var/www/html/application/config/config.php`
 
 **Hint**: If this configuration is present before the installation, the LimeSurvey Web Installer will not run automatically.
 
+## Data encryption
+
+LimeSurvey 4 supports data encryption, this image give you these options:
+
+* Provide a security.php file directly (volume)
+* Provide encryption keys for the `security.php` file (environment variables)
+* Provide nothing and get a non-persistent `security.php` file
+
+For further details on the settings see: https://manual.limesurvey.org/Data_encryption
+
+# Reverse Proxy configuration
+
+## Traefik example
+
+```
+# BASE_URL = /limesurvey
+"traefik.http.routers.limesurvey.rule=PathPrefix(`/limesurvey`)",
+"traefik.http.routers.limesurvey.middlewares=strip-limesurvey@docker",
+"traefik.http.middlewares.strip-limesurvey.stripprefix.prefixes=/limesurvey",
+```
+
 # Environment Variables
 
 | Parameter       | Description                               |
@@ -62,13 +105,19 @@ To change to LimeSurvey configuration, you can mount a Volume into the Container
 | ADMIN_EMAIL     | Initial LimeSurvey Admin Email            |
 | ADMIN_PASSWORD  | Initial LimeSurvey Admin Password         |
 | PUBLIC_URL      | Public URL for public scripts             |
+| BASE_URL        | Application Base URL                      |
 | URL_FORMAT      | URL Format. path or get                   |
+| DEBUG           | Debug level (0, 1, 2). Default: 0         |
+| DEBUG_SQL       | SQL Debug level (0, 1, 2). Default 0      |
+| ENCRYPT_KEYPAIR  | Data encryption keypair                  |
+| ENCRYPT_PUBLIC_KEY | Data encryption public key             |
+| ENCRYPT_SECRET_KEY | Data encryption secret key             |
 
 For further details on the settings see: https://manual.limesurvey.org/Optional_settings#Advanced_Path_Settings
 
-# Running this image with docker-compose
+# Running this Image with docker-compose
 
-The easiest way to get a fully featured and functional setup is using a docker-compose file. Several examples are provided in the repository.
+The easiest way to get a fully featured and functional setup is using a docker-compose file. Several examples are provided in the [repository](https://github.com/martialblog/docker-limesurvey).
 
 ```
 docker-compose up

docker-compose.example.yml

@@ -6,7 +6,7 @@ services:
     environment:
       - DB_TYPE=pgsql
       - DB_PORT=5432
-      - DB_HOST=limesurvey_db_1.limesurvey_default
+      - DB_HOST=db
       - DB_PASSWORD=example
       - DB_NAME=limesurvey
       - DB_USERNAME=limesurvey

docker-compose.fpm-certbot.yml

@@ -0,0 +1,49 @@
+version: "3.0"
+services:
+  limesurvey:
+    build:
+      context: 4.0/fpm/
+      dockerfile: Dockerfile
+    volumes:
+      - /tmp/upload/surveys:/var/www/html/upload/surveys
+      - lime:/var/www/html
+    links:
+      - lime-db
+    depends_on:
+      - lime-db
+    environment:
+      - "DB_HOST=lime-db"
+      - "DB_PASSWORD=secret"
+      - "ADMIN_PASSWORD=foobar"
+  lime-web:
+    build:
+      context: nginx-certbot/
+      dockerfile: Dockerfile
+    links:
+      - limesurvey
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./examples/nginx-certbot.conf:/etc/nginx/nginx.conf:ro
+      - ./certbot/conf:/etc/letsencrypt
+      - ./certbot/www:/var/www/certbot
+      - lime:/var/www/html
+    environment:
+      - "HOSTNAMES=www.example.com example.com"
+  certbot:
+    image: certbot/certbot
+    restart: unless-stopped
+    volumes:
+      - ./certbot/conf:/etc/letsencrypt
+      - ./certbot/www:/var/www/certbot
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
+  lime-db:
+    image: mysql:5.7
+    environment:
+      - "MYSQL_USER=limesurvey"
+      - "MYSQL_DATABASE=limesurvey"
+      - "MYSQL_PASSWORD=secret"
+      - "MYSQL_ROOT_PASSWORD=secret"
+volumes:
+  lime:

docker-compose.fpm.alpine.yml

@@ -12,7 +12,7 @@ services:
     depends_on:
       - lime-db
     environment:
-      - "DB_HOST=docker-limesurvey_lime-db_1"
+      - "DB_HOST=lime-db"
       - "DB_PASSWORD=secret"
       - "ADMIN_PASSWORD=foobar"
   lime-web:

docker-compose.fpm.yml

@@ -12,7 +12,7 @@ services:
     depends_on:
       - lime-db
     environment:
-      - "DB_HOST=docker-limesurvey_lime-db_1"
+      - "DB_HOST=lime-db"
       - "DB_PASSWORD=secret"
       - "ADMIN_PASSWORD=foobar"
   lime-web:

docker-compose.pgsql.yml

@@ -15,7 +15,7 @@ services:
     environment:
       - "DB_TYPE=pgsql"
       - "DB_PORT=5432"
-      - "DB_HOST=docker-limesurvey_lime-db_1"
+      - "DB_HOST=lime-db"
       - "DB_PASSWORD=secret"
       - "ADMIN_PASSWORD=foobar"
   lime-db:

docker-compose.yml

@@ -13,7 +13,7 @@ services:
     ports:
       - "8080:80"
     environment:
-      - "DB_HOST=docker-limesurvey_lime-db_1"
+      - "DB_HOST=lime-db"
       - "DB_PASSWORD=secret"
       - "ADMIN_PASSWORD=foobar"
   lime-db:

examples/nginx-certbot.conf

@@ -0,0 +1,57 @@
+worker_processes 1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    server {
+        listen 80;
+        server_name _;
+        server_tokens off;
+
+        location /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }
+
+        location / {
+            return 301 https://$host$request_uri;
+        }
+    }
+    server {
+        listen 443 ssl;
+        index index.php;
+        set $host_path "/var/www/html";
+        root /var/www/html;
+        server_name _;
+        charset utf-8;
+        include /etc/nginx/mime.types;
+
+        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+        include /etc/letsencrypt/options-ssl-nginx.conf;
+        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+        location / {
+            try_files $uri /index.php?$args;
+        }
+        location ~ ^/(protected|framework|themes/\w+/views) {
+            deny  all;
+        }
+        location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
+            try_files $uri =404;
+        }
+        location ~ \.php$ {
+            fastcgi_split_path_info  ^(.+\.php)(.*)$;
+            try_files $uri index.php;
+            include fastcgi_params;
+            fastcgi_index index.php;
+            fastcgi_pass  limesurvey:9000;
+            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+            fastcgi_param  SCRIPT_NAME      $fastcgi_script_name;
+        }
+    }
+}

examples/nginx.conf

@@ -12,6 +12,7 @@ http {
         listen 80;
         index index.php;
         set $host_path "/var/www/html";
+        include /etc/nginx/mime.types;
         root /var/www/html;
         server_name localhost;
         charset utf-8;

makefile

@@ -1,14 +1,14 @@
 .PHONY: apache fpm fpm-alpine
 
-apache:
-	docker build --pull -t limesurvey:apache 3.0/apache
+apache3:
+	docker build --pull -t martialblog/limesurvey:3-apache 3.0/apache
 apache4:
-	docker build --pull -t limesurvey:apache 4.0/apache
-fpm-alpine:
-	docker build --pull -t limesurvey:fpm-alpine 3.0/fpm-alpine
+	docker build --pull -t martialblog/limesurvey:4-apache 4.0/apache
+fpm-alpine3:
+	docker build --pull -t martialblog/limesurvey:3-fpm-alpine 3.0/fpm-alpine
 fpm-alpine4:
-	docker build --pull -t limesurvey:fpm-alpine 4.0/fpm-alpine
-fpm:
-	docker build --pull -t limesurvey:fpm 3.0/fpm
+	docker build --pull -t martialblog/limesurvey:4-fpm-alpine 4.0/fpm-alpine
+fpm3:
+	docker build --pull -t martialblog/limesurvey:3-fpm 3.0/fpm
 fpm4:
-	docker build --pull -t limesurvey:fpm 4.0/fpm
+	docker build --pull -t martialblog/limesurvey:4-fpm 4.0/fpm

nginx-certbot/Dockerfile

@@ -0,0 +1,10 @@
+FROM nginx
+RUN apt-get update && \
+    apt-get install -y certbot curl python-certbot-nginx && \
+    apt-get -y autoclean; apt-get -y autoremove; \
+    rm -rf /var/lib/apt/lists/*
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod 700 /entrypoint.sh
+
+CMD ["/entrypoint.sh"]

nginx-certbot/entrypoint.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+cert_path=/etc/letsencrypt/live/$(echo $HOSTNAMES | awk '{print $1}')
+mkdir -p cert_path
+
+# if there is no certificate yet, get one
+email="--email $CERT_EMAIL"
+if [ -z $CERT_EMAIL ]
+then
+    email='--register-unsafely-without-email'
+fi
+if [ ! -e $cert_path/privkey.pem ]
+then
+    names=""
+    for h in $HOSTNAMES
+    do
+        names=$(echo "$names -d $h")
+    done
+    echo "Getting new certificate..."
+    /usr/bin/curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > /etc/letsencrypt/options-ssl-nginx.conf
+    /usr/bin/curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > /etc/letsencrypt/ssl-dhparams.pem
+    /usr/bin/certbot certonly --standalone $names --agree-tos $email
+fi
+
+nginx -g "daemon off;"

upgrade.sh

@@ -31,3 +31,5 @@ sed -r -i -e "s/[0-9]+(\.[0-9]+)+\+[0-9]+/$NEW_VERSION/" $MAJOR_VERSION/apache/D
 sed -r -i -e "s/[A-Fa-f0-9]{64}/$SHA256_CHECKSUM/" $MAJOR_VERSION/apache/Dockerfile $MAJOR_VERSION/fpm/Dockerfile $MAJOR_VERSION/fpm-alpine/Dockerfile
 
 # After that, check and commit
+echo "git add 3.0 ; git commit -m 'Upgrading to LTS Version ${NEW_VERSION}' && git tag ${NEW_VERSION}"
+echo "git add 4.0 ; git commit -m 'Upgrading to Version ${NEW_VERSION}' && git tag ${NEW_VERSION}"