Upgrading to Version 4.2.2+200504

Added configuration which adds Nginx with Letsencrypt certificate

3.0/apache/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.7+200225'
+ARG version='3.22.14+200423'
-ARG sha256_checksum='766ce2b1e62566409f96869977bfa6f2d705a21fcb1751c0b0ae75156f56ca74'
+ARG sha256_checksum='c148af72e9b26c7803c8e98815ffed1a7bd75b10eefc7791e3826c4dc9553b62'
 
 # Install OS dependencies
 RUN set -ex; \

3.0/fpm-alpine/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.7+200225'
+ARG version='3.22.14+200423'
-ARG sha256_checksum='766ce2b1e62566409f96869977bfa6f2d705a21fcb1751c0b0ae75156f56ca74'
+ARG sha256_checksum='c148af72e9b26c7803c8e98815ffed1a7bd75b10eefc7791e3826c4dc9553b62'
 
 # Install OS dependencies
 RUN set -ex; \

3.0/fpm/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.7+200225'
+ARG version='3.22.14+200423'
-ARG sha256_checksum='766ce2b1e62566409f96869977bfa6f2d705a21fcb1751c0b0ae75156f56ca74'
+ARG sha256_checksum='c148af72e9b26c7803c8e98815ffed1a7bd75b10eefc7791e3826c4dc9553b62'
 
 # Install OS dependencies
 RUN set -ex; \

4.0/apache/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.1.9+200310'
+ARG version='4.2.2+200504'
-ARG sha256_checksum='d90f415fe748c909de7ce47ee08bcf60b972f389af8e449cede69566bed93198'
+ARG sha256_checksum='3ac59a055e37880458d9f8ebed615fb9d55df574e26434254bceae10f8aeda2e'
 
 # Install OS dependencies
 RUN set -ex; \

4.0/fpm-alpine/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.1.9+200310'
+ARG version='4.2.2+200504'
-ARG sha256_checksum='d90f415fe748c909de7ce47ee08bcf60b972f389af8e449cede69566bed93198'
+ARG sha256_checksum='3ac59a055e37880458d9f8ebed615fb9d55df574e26434254bceae10f8aeda2e'
 
 # Install OS dependencies
 RUN set -ex; \

4.0/fpm/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.1.9+200310'
+ARG version='4.2.2+200504'
-ARG sha256_checksum='d90f415fe748c909de7ce47ee08bcf60b972f389af8e449cede69566bed93198'
+ARG sha256_checksum='3ac59a055e37880458d9f8ebed615fb9d55df574e26434254bceae10f8aeda2e'
 
 # Install OS dependencies
 RUN set -ex; \

README.md

@@ -19,7 +19,14 @@ See the example configuration provided.
 
 # Using the fpm image
 
-To use the fpm image, you need an additional web server that can proxy http-request to the fpm-port of the container. See *docker-compose.fpm.yml* for example
+To use the fpm image, you need an additional web server that can proxy http-request to the fpm-port of the container. See *docker-compose.fpm.yml* for example.
+
+# Using the fpm image with https
+If you would like to run the fpm setup with https, you can get a free certificate from Letsencrypt. As an example, the configuration in *docker-compose.fpm-certbot.yml*
+will take care of getting a certificate and installing it. Please note that you will have to adjust the domain name in the file *examples/nginx-certbot.conf* to match
+the domain used in the *HOSTNAMES* variable in the docker-compose configuration file. If you added both the a domain and the hostname *www* within the domain,
+*nginx-certbot.conf* needs to contain the domain without the hostname. E.g. if you set *"HOSTNAMES=example.org www.example.org"*, the path in *nginx-certbot.conf* needs
+to contain *example.org*.
 
 # Using an external database
 
@@ -37,6 +44,8 @@ Path: */var/www/html/upload/surveys*
 
 The entrypoint will create a new config.php if none is provided and run the LimeSurvey command line interface for installation.
 
+**Hint**: Changing the *ADMIN_* configuration has no effect after the initial configuration. It's best to do this within the application.
+
 To change to LimeSurvey configuration, you can mount a Volume into the Container at:
 
  - /my-data/config.php:/var/www/html/application/config/config.php
@@ -55,10 +64,10 @@ To change to LimeSurvey configuration, you can mount a Volume into the Container
 | DB_TABLE_PREFIX | Database table prefix                     |
 | DB_USERNAME     | Database user                             |
 | DB_PASSWORD     | Database user's password                  |
-| ADMIN_USER      | LimeSurvey Admin User                     |
+| ADMIN_USER      | Initial LimeSurvey Admin User             |
-| ADMIN_NAME      | LimeSurvey Admin Username                 |
+| ADMIN_NAME      | Initial LimeSurvey Admin Username         |
-| ADMIN_EMAIL     | LimeSurvey Admin Email                    |
+| ADMIN_EMAIL     | Initial LimeSurvey Admin Email            |
-| ADMIN_PASSWORD  | LimeSurvey Admin Password                 |
+| ADMIN_PASSWORD  | Initial LimeSurvey Admin Password         |
 | PUBLIC_URL      | Public URL for public scripts             |
 | URL_FORMAT      | URL Format. path or get                   |
 

docker-compose.fpm-certbot.yml

@@ -0,0 +1,49 @@
+version: "3.0"
+services:
+  limesurvey:
+    build:
+      context: 4.0/fpm/
+      dockerfile: Dockerfile
+    volumes:
+      - /tmp/upload/surveys:/var/www/html/upload/surveys
+      - lime:/var/www/html
+    links:
+      - lime-db
+    depends_on:
+      - lime-db
+    environment:
+      - "DB_HOST=lime-db"
+      - "DB_PASSWORD=secret"
+      - "ADMIN_PASSWORD=foobar"
+  lime-web:
+    build:
+      context: nginx-certbot/
+      dockerfile: Dockerfile
+    links:
+      - limesurvey
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./examples/nginx-certbot.conf:/etc/nginx/nginx.conf:ro
+      - ./certbot/conf:/etc/letsencrypt
+      - ./certbot/www:/var/www/certbot
+      - lime:/var/www/html
+    environment:
+      - "HOSTNAMES=www.example.com example.com"
+  certbot:
+    image: certbot/certbot
+    restart: unless-stopped
+    volumes:
+      - ./certbot/conf:/etc/letsencrypt
+      - ./certbot/www:/var/www/certbot
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
+  lime-db:
+    image: mysql:5.7
+    environment:
+      - "MYSQL_USER=limesurvey"
+      - "MYSQL_DATABASE=limesurvey"
+      - "MYSQL_PASSWORD=secret"
+      - "MYSQL_ROOT_PASSWORD=secret"
+volumes:
+  lime:

examples/nginx-certbot.conf

@@ -0,0 +1,57 @@
+worker_processes 1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    server {
+        listen 80;
+        server_name _;
+        server_tokens off;
+
+        location /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }
+
+        location / {
+            return 301 https://$host$request_uri;
+        }
+    }
+    server {
+        listen 443 ssl;
+        index index.php;
+        set $host_path "/var/www/html";
+        root /var/www/html;
+        server_name _;
+        charset utf-8;
+        include /etc/nginx/mime.types;
+
+        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+        include /etc/letsencrypt/options-ssl-nginx.conf;
+        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+        location / {
+            try_files $uri /index.php?$args;
+        }
+        location ~ ^/(protected|framework|themes/\w+/views) {
+            deny  all;
+        }
+        location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
+            try_files $uri =404;
+        }
+        location ~ \.php$ {
+            fastcgi_split_path_info  ^(.+\.php)(.*)$;
+            try_files $uri index.php;
+            include fastcgi_params;
+            fastcgi_index index.php;
+            fastcgi_pass  limesurvey:9000;
+            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+            fastcgi_param  SCRIPT_NAME      $fastcgi_script_name;
+        }
+    }
+}

examples/nginx.conf

@@ -12,6 +12,7 @@ http {
         listen 80;
         index index.php;
         set $host_path "/var/www/html";
+        include /etc/nginx/mime.types;
         root /var/www/html;
         server_name localhost;
         charset utf-8;

nginx-certbot/Dockerfile

@@ -0,0 +1,10 @@
+FROM nginx
+RUN apt-get update && \
+    apt-get install -y certbot curl python-certbot-nginx && \
+    apt-get -y autoclean; apt-get -y autoremove; \
+    rm -rf /var/lib/apt/lists/*
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod 700 /entrypoint.sh
+
+CMD ["/entrypoint.sh"]

nginx-certbot/entrypoint.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+cert_path=/etc/letsencrypt/live/$(echo $HOSTNAMES | awk '{print $1}')
+mkdir -p cert_path
+
+# if there is no certificate yet, get one
+email="--email $CERT_EMAIL"
+if [ -z $CERT_EMAIL ]
+then
+    email='--register-unsafely-without-email'
+fi
+if [ ! -e $cert_path/privkey.pem ]
+then
+    names=""
+    for h in $HOSTNAMES
+    do
+        names=$(echo "$names -d $h")
+    done
+    echo "Getting new certificate..."
+    /usr/bin/curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > /etc/letsencrypt/options-ssl-nginx.conf
+    /usr/bin/curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > /etc/letsencrypt/ssl-dhparams.pem
+    /usr/bin/certbot certonly --standalone $names --agree-tos $email
+fi
+
+nginx -g "daemon off;"