Upgrading to LTS Version 3.23.6+200929

Update README.md

3.0/apache/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.7+200225'
+ARG version='3.23.6+200929'
-ARG sha256_checksum='766ce2b1e62566409f96869977bfa6f2d705a21fcb1751c0b0ae75156f56ca74'
+ARG sha256_checksum='e9887e8defa16f33da9d6580c59ea610cc1db722d4c6cb456e0017429835286e'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -31,6 +31,7 @@ RUN set -ex; \
         docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
+        exif \
         gd \
         imap \
         ldap \
@@ -57,13 +58,13 @@ RUN a2enmod headers rewrite remoteip; \
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
-        rm -f "/tmp/${version}.tar.gz" && \
+        rm -f "/tmp/limesurvey.tar.gz" && \
         chown -R www-data:www-data /var/www/html
 
 COPY entrypoint.sh entrypoint.sh

3.0/apache/entrypoint.sh

@@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
+# Check if config already provisioned
-# Check if already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +54,83 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
     fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
 fi
 
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

3.0/fpm-alpine/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.7+200225'
+ARG version='3.23.6+200929'
-ARG sha256_checksum='766ce2b1e62566409f96869977bfa6f2d705a21fcb1751c0b0ae75156f56ca74'
+ARG sha256_checksum='e9887e8defa16f33da9d6580c59ea610cc1db722d4c6cb456e0017429835286e'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -30,14 +30,14 @@ RUN set -ex; \
         zip
 
 # Download, unzip and chmod of LimeSurvey
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
         \
-        rm -rf "/tmp/${version}.tar.gz" \
+        rm -rf "/tmp/limesurvey.tar.gz" \
         /var/www/html/docs \
         /var/www/html/tests \
         /var/www/html/*.md && \

3.0/fpm-alpine/entrypoint.sh

@@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
+# Check if config already provisioned
-# Check if already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +54,83 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
     fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
 fi
 
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

3.0/fpm/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.7+200225'
+ARG version='3.23.6+200929'
-ARG sha256_checksum='766ce2b1e62566409f96869977bfa6f2d705a21fcb1751c0b0ae75156f56ca74'
+ARG sha256_checksum='e9887e8defa16f33da9d6580c59ea610cc1db722d4c6cb456e0017429835286e'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -31,6 +31,7 @@ RUN set -ex; \
         docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
+        exif \
         gd \
         imap \
         ldap \
@@ -44,13 +45,13 @@ RUN set -ex; \
 ENV LIMESURVEY_VERSION=$version
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
-        rm -f "/tmp/${version}.tar.gz" && \
+        rm -f "/tmp/limesurvey.tar.gz" && \
         chown -R www-data:www-data /var/www/html
 
 EXPOSE 9000

3.0/fpm/entrypoint.sh

@@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
+# Check if config already provisioned
-# Check if already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +54,83 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
     fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
 fi
 
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

4.0/apache/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.1.9+200310'
+ARG version='4.3.17+200921'
-ARG sha256_checksum='d90f415fe748c909de7ce47ee08bcf60b972f389af8e449cede69566bed93198'
+ARG sha256_checksum='136101f681e62c29e0fb8b38ac31ff568629647a1e67036802c5c4e70023c4d4'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -18,6 +18,7 @@ RUN set -ex; \
         libpng-dev \
         libpq-dev \
         netcat \
+        curl \
         \
         && apt-get -y autoclean; apt-get -y autoremove; \
         rm -rf /var/lib/apt/lists/*
@@ -31,6 +32,7 @@ RUN set -ex; \
         docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
+        exif \
         gd \
         imap \
         ldap \
@@ -57,13 +59,13 @@ RUN a2enmod headers rewrite remoteip; \
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
-        rm -f "/tmp/${version}.tar.gz" && \
+        rm -f "/tmp/limesurvey.tar.gz" && \
         chown -R www-data:www-data /var/www/html
 
 COPY entrypoint.sh entrypoint.sh

4.0/apache/entrypoint.sh

@@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
+# Check if config already provisioned
-# Check if already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +54,83 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
     fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
 fi
 
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

4.0/fpm-alpine/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.1.9+200310'
+ARG version='4.3.17+200921'
-ARG sha256_checksum='d90f415fe748c909de7ce47ee08bcf60b972f389af8e449cede69566bed93198'
+ARG sha256_checksum='136101f681e62c29e0fb8b38ac31ff568629647a1e67036802c5c4e70023c4d4'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -19,6 +19,7 @@ RUN set -ex; \
         docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr ; \
         docker-php-ext-configure imap --with-imap-ssl && \
         docker-php-ext-install \
+        exif \
         gd \
         imap \
         ldap \
@@ -30,14 +31,14 @@ RUN set -ex; \
         zip
 
 # Download, unzip and chmod of LimeSurvey
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
         \
-        rm -rf "/tmp/${version}.tar.gz" \
+        rm -rf "/tmp/limesurvey.tar.gz" \
         /var/www/html/docs \
         /var/www/html/tests \
         /var/www/html/*.md && \

4.0/fpm-alpine/entrypoint.sh

@@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
+# Check if config already provisioned
-# Check if already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +54,83 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
     fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
 fi
 
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

4.0/fpm/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.1.9+200310'
+ARG version='4.3.17+200921'
-ARG sha256_checksum='d90f415fe748c909de7ce47ee08bcf60b972f389af8e449cede69566bed93198'
+ARG sha256_checksum='136101f681e62c29e0fb8b38ac31ff568629647a1e67036802c5c4e70023c4d4'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -31,6 +31,7 @@ RUN set -ex; \
         docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
+        exif \
         gd \
         imap \
         ldap \
@@ -44,13 +45,13 @@ RUN set -ex; \
 ENV LIMESURVEY_VERSION=$version
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
-        rm -f "/tmp/${version}.tar.gz" && \
+        rm -f "/tmp/limesurvey.tar.gz" && \
         chown -R www-data:www-data /var/www/html
 
 EXPOSE 9000

4.0/fpm/entrypoint.sh

@@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
+# Check if config already provisioned
-# Check if already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +54,83 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
     fi
+
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
 fi
 
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

CONTRIBUTING.md

@@ -4,23 +4,27 @@ Every Pull Request is welcome.
 
 ## Upgrading the Version
 
-To upgrade the LimeSurvey Version the ARG variable needs to be changed.
+The versions in this repository should correspond to the [GitHub LimeSurvey Releases](https://github.com/LimeSurvey/LimeSurvey/releases)
+
+To update the version, simply update ARG variables for version and corresponding checksum:
 
 ```bash
-$ grep Agrep ARG apache/Dockerfile
+# Version from GitHub Tags
-ARG version='3.7.0+180418'
+# sha256 of tar.gz from GitHub Releases
+
+$ grep ARG 4.0/apache/Dockerfile
+ARG version='4.3.13+200824'
+ARG sha256_checksum='4e9c6f20e'
 ```
 
-Since this is a reoccuring and boring task, a script is provided.
+It is best to use the upgrade shell script:
 
 ```bash
-# Dependencies
+./upgrade.sh 4.3.13+200824
-python3 -m venv .venv
+# Check if sha256 is correct
-source .venv/bin/activate
-pip3 install -r requirements.txt
 
-# Upgrades to latest Limesurvey version
+git add 4.0/ && git commit -m 'Upgrading to Version 4.3.13+200824'
-./upgrade.py
+git tag 4.3.13+200824
 ```
 
 ## Testing

README.md

@@ -19,7 +19,14 @@ See the example configuration provided.
 
 # Using the fpm image
 
-To use the fpm image, you need an additional web server that can proxy http-request to the fpm-port of the container. See *docker-compose.fpm.yml* for example
+To use the fpm image, you need an additional web server that can proxy http-request to the fpm-port of the container. See *docker-compose.fpm.yml* for example.
+
+# Using the fpm image with https
+If you would like to run the fpm setup with https, you can get a free certificate from Letsencrypt. As an example, the configuration in *docker-compose.fpm-certbot.yml*
+will take care of getting a certificate and installing it. Please note that you will have to adjust the domain name in the file *examples/nginx-certbot.conf* to match
+the domain used in the *HOSTNAMES* variable in the docker-compose configuration file. If you added both the a domain and the hostname *www* within the domain,
+*nginx-certbot.conf* needs to contain the domain without the hostname. E.g. if you set *"HOSTNAMES=example.org www.example.org"*, the path in *nginx-certbot.conf* needs
+to contain *example.org*.
 
 # Using an external database
 
@@ -37,12 +44,24 @@ Path: */var/www/html/upload/surveys*
 
 The entrypoint will create a new config.php if none is provided and run the LimeSurvey command line interface for installation.
 
+**Hint**: Changing the *ADMIN_* configuration has no effect after the initial configuration. It's best to do this within the application.
+
 To change to LimeSurvey configuration, you can mount a Volume into the Container at:
 
  - /my-data/config.php:/var/www/html/application/config/config.php
 
 **Hint**: If this configuration is present before the installation, the LimeSurvey Web Installer will not run automatically.
 
+## Data Encryption
+
+LimeSurvey 4 supports data encryption, this image give you these options:
+
+* Provide a security.php file directly (volume)
+* Provide encryption keys for the security.php file (environment variables)
+* Provide nothing and get a non-persistent security.php file
+
+For further details on the settings see: https://manual.limesurvey.org/Data_encryption
+
 # Environment Variables
 
 | Parameter       | Description                               |
@@ -55,18 +74,23 @@ To change to LimeSurvey configuration, you can mount a Volume into the Container
 | DB_TABLE_PREFIX | Database table prefix                     |
 | DB_USERNAME     | Database user                             |
 | DB_PASSWORD     | Database user's password                  |
-| ADMIN_USER      | LimeSurvey Admin User                     |
+| ADMIN_USER      | Initial LimeSurvey Admin User             |
-| ADMIN_NAME      | LimeSurvey Admin Username                 |
+| ADMIN_NAME      | Initial LimeSurvey Admin Username         |
-| ADMIN_EMAIL     | LimeSurvey Admin Email                    |
+| ADMIN_EMAIL     | Initial LimeSurvey Admin Email            |
-| ADMIN_PASSWORD  | LimeSurvey Admin Password                 |
+| ADMIN_PASSWORD  | Initial LimeSurvey Admin Password         |
 | PUBLIC_URL      | Public URL for public scripts             |
 | URL_FORMAT      | URL Format. path or get                   |
+| DEBUG           | Debug level (0, 1, 2). Default: 0         |
+| DEBUG_SQL       | SQL Debug level (0, 1, 2). Default 0      |
+| ENCRYPT_KEYPAIR  | Data encryption keypair                  |
+| ENCRYPT_PUBLIC_KEY | Data encryption public key             |
+| ENCRYPT_SECRET_KEY | Data encryption secret key             |
 
 For further details on the settings see: https://manual.limesurvey.org/Optional_settings#Advanced_Path_Settings
 
 # Running this image with docker-compose
 
-The easiest way to get a fully featured and functional setup is using a docker-compose file. Several examples are provided in the repository.
+The easiest way to get a fully featured and functional setup is using a docker-compose file. Several examples are provided in the [repository](https://github.com/martialblog/docker-limesurvey).
 
 ```
 docker-compose up

docker-compose.fpm-certbot.yml

@@ -0,0 +1,49 @@
+version: "3.0"
+services:
+  limesurvey:
+    build:
+      context: 4.0/fpm/
+      dockerfile: Dockerfile
+    volumes:
+      - /tmp/upload/surveys:/var/www/html/upload/surveys
+      - lime:/var/www/html
+    links:
+      - lime-db
+    depends_on:
+      - lime-db
+    environment:
+      - "DB_HOST=lime-db"
+      - "DB_PASSWORD=secret"
+      - "ADMIN_PASSWORD=foobar"
+  lime-web:
+    build:
+      context: nginx-certbot/
+      dockerfile: Dockerfile
+    links:
+      - limesurvey
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./examples/nginx-certbot.conf:/etc/nginx/nginx.conf:ro
+      - ./certbot/conf:/etc/letsencrypt
+      - ./certbot/www:/var/www/certbot
+      - lime:/var/www/html
+    environment:
+      - "HOSTNAMES=www.example.com example.com"
+  certbot:
+    image: certbot/certbot
+    restart: unless-stopped
+    volumes:
+      - ./certbot/conf:/etc/letsencrypt
+      - ./certbot/www:/var/www/certbot
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
+  lime-db:
+    image: mysql:5.7
+    environment:
+      - "MYSQL_USER=limesurvey"
+      - "MYSQL_DATABASE=limesurvey"
+      - "MYSQL_PASSWORD=secret"
+      - "MYSQL_ROOT_PASSWORD=secret"
+volumes:
+  lime:

examples/nginx-certbot.conf

@@ -0,0 +1,57 @@
+worker_processes 1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    server {
+        listen 80;
+        server_name _;
+        server_tokens off;
+
+        location /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }
+
+        location / {
+            return 301 https://$host$request_uri;
+        }
+    }
+    server {
+        listen 443 ssl;
+        index index.php;
+        set $host_path "/var/www/html";
+        root /var/www/html;
+        server_name _;
+        charset utf-8;
+        include /etc/nginx/mime.types;
+
+        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+        include /etc/letsencrypt/options-ssl-nginx.conf;
+        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+        location / {
+            try_files $uri /index.php?$args;
+        }
+        location ~ ^/(protected|framework|themes/\w+/views) {
+            deny  all;
+        }
+        location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
+            try_files $uri =404;
+        }
+        location ~ \.php$ {
+            fastcgi_split_path_info  ^(.+\.php)(.*)$;
+            try_files $uri index.php;
+            include fastcgi_params;
+            fastcgi_index index.php;
+            fastcgi_pass  limesurvey:9000;
+            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+            fastcgi_param  SCRIPT_NAME      $fastcgi_script_name;
+        }
+    }
+}

examples/nginx.conf

@@ -12,6 +12,7 @@ http {
         listen 80;
         index index.php;
         set $host_path "/var/www/html";
+        include /etc/nginx/mime.types;
         root /var/www/html;
         server_name localhost;
         charset utf-8;

nginx-certbot/Dockerfile

@@ -0,0 +1,10 @@
+FROM nginx
+RUN apt-get update && \
+    apt-get install -y certbot curl python-certbot-nginx && \
+    apt-get -y autoclean; apt-get -y autoremove; \
+    rm -rf /var/lib/apt/lists/*
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod 700 /entrypoint.sh
+
+CMD ["/entrypoint.sh"]

nginx-certbot/entrypoint.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+cert_path=/etc/letsencrypt/live/$(echo $HOSTNAMES | awk '{print $1}')
+mkdir -p cert_path
+
+# if there is no certificate yet, get one
+email="--email $CERT_EMAIL"
+if [ -z $CERT_EMAIL ]
+then
+    email='--register-unsafely-without-email'
+fi
+if [ ! -e $cert_path/privkey.pem ]
+then
+    names=""
+    for h in $HOSTNAMES
+    do
+        names=$(echo "$names -d $h")
+    done
+    echo "Getting new certificate..."
+    /usr/bin/curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > /etc/letsencrypt/options-ssl-nginx.conf
+    /usr/bin/curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > /etc/letsencrypt/ssl-dhparams.pem
+    /usr/bin/certbot certonly --standalone $names --agree-tos $email
+fi
+
+nginx -g "daemon off;"