Upgrading to LTS Version 5.6.41+231017

Now security.php is created properly if $ENCRYPT_SECRET_BOX_KEY is set

.github/workflows/build-latest-container-images.yaml

@@ -15,7 +15,7 @@ jobs:
           - 6.0/fpm-alpine/Dockerfile
           - 6.0/fpm/Dockerfile
     steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
       - uses: hadolint/hadolint-action@v3.1.0
         with:
           dockerfile: ${{ matrix.dockerfile }}
@@ -31,7 +31,7 @@ jobs:
       contents: read
     steps:
       - name: 'Check out the repo'
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
       - name: 'Set up QEMU'
         uses: docker/setup-qemu-action@v3
         with:

.github/workflows/build-lts-container-images.yaml

@@ -15,7 +15,7 @@ jobs:
           - 5.0/fpm-alpine/Dockerfile
           - 5.0/fpm/Dockerfile
     steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
       - uses: hadolint/hadolint-action@v3.1.0
         with:
           dockerfile: ${{ matrix.dockerfile }}
@@ -31,7 +31,7 @@ jobs:
       contents: read
     steps:
       - name: 'Check out the repo'
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
       - name: 'Set up QEMU'
         uses: docker/setup-qemu-action@v3
         with:

.github/workflows/lint-dockerfiles.yaml

@@ -17,7 +17,7 @@ jobs:
           - 6.0/fpm/Dockerfile
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
       - uses: hadolint/hadolint-action@v3.1.0
         with:
           dockerfile: ${{ matrix.dockerfile }}

.github/workflows/test-arm-container-images.yaml

@@ -22,7 +22,7 @@ jobs:
           - linux/arm64
     steps:
       - name: 'Check out the repo'
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: 'Set up QEMU'
         uses: docker/setup-qemu-action@v3

.github/workflows/test-latest-container-images.yaml

@@ -14,7 +14,7 @@ jobs:
           - fpm
     steps:
       - name: 'Check out the repo'
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: 'Set up QEMU'
         uses: docker/setup-qemu-action@v3

.github/workflows/test-lts-container-images.yaml

@@ -14,7 +14,7 @@ jobs:
           - fpm
     steps:
       - name: 'Check out the repo'
-        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
 
       - name: 'Set up QEMU'
         uses: docker/setup-qemu-action@v3

5.0/apache/Dockerfile

@@ -81,8 +81,8 @@ RUN a2enmod headers rewrite remoteip; \
 # Use the default production configuration
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
-ARG version="5.6.38+230919"
+ARG version="5.6.41+231017"
-ARG sha256_checksum="0f7d6c59bf9f06bd2b326269b13792c546966b3ad18380152c37fd88bb6bd861"
+ARG sha256_checksum="b572e0a92465be5e804171155a312eb9e1493897b6f42037abffaa4105e50fd6"
 ARG archive_url="https://github.com/LimeSurvey/LimeSurvey/archive/refs/tags/${version}.tar.gz"
 ARG USER=www-data
 ARG LISTEN_PORT=8080

5.0/apache/entrypoint.sh

@@ -153,7 +153,7 @@ if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ -n "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ] || [ -n "$ENCRYPT_SECRET_BOX_KEY" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');

5.0/fpm-alpine/Dockerfile

@@ -51,8 +51,8 @@ RUN set -ex; \
     apk add --no-cache --no-network --virtual .limesurvey-phpext-rundeps $runDeps; \
     apk del --no-cache --no-network .build-deps
 
-ARG version="5.6.38+230919"
+ARG version="5.6.41+231017"
-ARG sha256_checksum="0f7d6c59bf9f06bd2b326269b13792c546966b3ad18380152c37fd88bb6bd861"
+ARG sha256_checksum="b572e0a92465be5e804171155a312eb9e1493897b6f42037abffaa4105e50fd6"
 ARG archive_url="https://github.com/LimeSurvey/LimeSurvey/archive/refs/tags/${version}.tar.gz"
 ARG USER=www-data
 ENV LIMESURVEY_VERSION=$version

5.0/fpm-alpine/entrypoint.sh

@@ -146,7 +146,7 @@ if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ -n "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ] || [ -n "$ENCRYPT_SECRET_BOX_KEY" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');

5.0/fpm/Dockerfile

@@ -68,8 +68,8 @@ RUN set -ex; \
         apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
         rm -rf /var/lib/apt/lists/*
 
-ARG version="5.6.38+230919"
+ARG version="5.6.41+231017"
-ARG sha256_checksum="0f7d6c59bf9f06bd2b326269b13792c546966b3ad18380152c37fd88bb6bd861"
+ARG sha256_checksum="b572e0a92465be5e804171155a312eb9e1493897b6f42037abffaa4105e50fd6"
 ARG archive_url="https://github.com/LimeSurvey/LimeSurvey/archive/refs/tags/${version}.tar.gz"
 ARG USER=www-data
 ENV LIMESURVEY_VERSION=$version

5.0/fpm/entrypoint.sh

@@ -146,7 +146,7 @@ if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ -n "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ] || [ -n "$ENCRYPT_SECRET_BOX_KEY" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');

6.0/apache/Dockerfile

@@ -81,8 +81,8 @@ RUN a2enmod headers rewrite remoteip; \
 # Use the default production configuration
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
-ARG version="6.2.7+230918"
+ARG version="6.2.11+231007"
-ARG sha256_checksum="ec25994c4f2d96cc1d8d1ba7a6a382e8d2d95395f719446448a4ada86952305a"
+ARG sha256_checksum="902ec8f0bebd827187fec8cab53411ec14f10a4e6f9e59124a02500059bea399"
 ARG archive_url="https://github.com/LimeSurvey/LimeSurvey/archive/refs/tags/${version}.tar.gz"
 ARG USER=www-data
 ARG LISTEN_PORT=8080

6.0/apache/entrypoint.sh

@@ -153,7 +153,7 @@ if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ -n "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ] || [ -n "$ENCRYPT_SECRET_BOX_KEY" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');

6.0/fpm-alpine/Dockerfile

@@ -51,8 +51,8 @@ RUN set -ex; \
     apk add --no-cache --no-network --virtual .limesurvey-phpext-rundeps $runDeps; \
     apk del --no-cache --no-network .build-deps
 
-ARG version="6.2.7+230918"
+ARG version="6.2.11+231007"
-ARG sha256_checksum="ec25994c4f2d96cc1d8d1ba7a6a382e8d2d95395f719446448a4ada86952305a"
+ARG sha256_checksum="902ec8f0bebd827187fec8cab53411ec14f10a4e6f9e59124a02500059bea399"
 ARG archive_url="https://github.com/LimeSurvey/LimeSurvey/archive/refs/tags/${version}.tar.gz"
 ARG USER=www-data
 ENV LIMESURVEY_VERSION=$version

6.0/fpm-alpine/entrypoint.sh

@@ -146,7 +146,7 @@ if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ -n "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ] || [ -n "$ENCRYPT_SECRET_BOX_KEY" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');

6.0/fpm/Dockerfile

@@ -68,8 +68,8 @@ RUN set -ex; \
         apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
         rm -rf /var/lib/apt/lists/*
 
-ARG version="6.2.7+230918"
+ARG version="6.2.11+231007"
-ARG sha256_checksum="ec25994c4f2d96cc1d8d1ba7a6a382e8d2d95395f719446448a4ada86952305a"
+ARG sha256_checksum="902ec8f0bebd827187fec8cab53411ec14f10a4e6f9e59124a02500059bea399"
 ARG archive_url="https://github.com/LimeSurvey/LimeSurvey/archive/refs/tags/${version}.tar.gz"
 ARG USER=www-data
 ENV LIMESURVEY_VERSION=$version

6.0/fpm/entrypoint.sh

@@ -146,7 +146,7 @@ if [ -f application/config/security.php ]; then
     echo 'Info: security.php already provisioned'
 else
     echo 'Info: Creating security.php'
-    if [ -n "$ENCRYPT_KEYPAIR" ]; then
+    if [ -n "$ENCRYPT_KEYPAIR" ] || [ -n "$ENCRYPT_SECRET_BOX_KEY" ]; then
 
         cat <<EOF > application/config/security.php
 <?php if (!defined('BASEPATH')) exit('No direct script access allowed');

README.md

@@ -151,6 +151,8 @@ For further details on the settings see: https://manual.limesurvey.org/Optional_
 
 The easiest way to get a fully featured and functional setup is using a docker-compose file. Several examples are provided in the [repository](https://github.com/martialblog/docker-limesurvey).
 
+**Hint:** You need to configure a database and Limesurvey password in the `docker-compose` files before starting. No defaults are provided to discourage production use with default passwords.
+
 ```
 docker-compose up
 
@@ -161,8 +163,6 @@ http://localhost:8080/
 http://localhost:8080/index.php/admin
 ```
 
-Please note / warning: To sign into the admin panel in the examples, the credentials are username: *admin* password: *foobar*, however, if you are planning for any use beyond testing, it is highly recommended that you use environment variables to define a secure username and password.
-
 # Running LimeSurvey with Helm
 
 A Helm Chart for this Image can be used for deployments. Please refer to the Helm Repository for further details:

docker-compose.apache.yml

@@ -8,8 +8,8 @@ services:
       - lime-db
     environment:
       - "DB_HOST=lime-db"
-      - "DB_PASSWORD=secret"
+      # - "DB_PASSWORD="
-      - "ADMIN_PASSWORD=foobar"
+      # - "ADMIN_PASSWORD="
       - "PUBLIC_URL=http://my.survey.localhost:8080"  # Example, Change this
       - "BASE_URL=http://my.survey.localhost:8080"  # Example, Change this
   proxy:
@@ -24,6 +24,6 @@ services:
     environment:
       - "MYSQL_USER=limesurvey"
       - "MYSQL_DATABASE=limesurvey"
-      - "MYSQL_PASSWORD=secret"
+      # - "MYSQL_PASSWORD="
-      - "MYSQL_ROOT_PASSWORD=secret"
+      # - "MYSQL_ROOT_PASSWORD="
 

docker-compose.example.yml

@@ -7,12 +7,12 @@ services:
       - DB_TYPE=pgsql
       - DB_PORT=5432
       - DB_HOST=db
-      - DB_PASSWORD=example
+      # - DB_PASSWORD=
       - DB_NAME=limesurvey
       - DB_USERNAME=limesurvey
       - ADMIN_USER=admin
       - ADMIN_NAME=Admin
-      - ADMIN_PASSWORD=example
+      # - ADMIN_PASSWORD=
       - ADMIN_EMAIL=admin@example.com
       - PUBLIC_URL=foobar.com
     volumes:
@@ -29,7 +29,7 @@ services:
     environment:
       - POSTGRES_USER=limesurvey
       - POSTGRES_DB=limesurvey
-      - POSTGRES_PASSWORD=example
+      # - POSTGRES_PASSWORD=
 
 volumes:
   limesurvey:

docker-compose.fpm-certbot.yml

@@ -14,8 +14,8 @@ services:
       - lime-db
     environment:
       - "DB_HOST=lime-db"
-      - "DB_PASSWORD=secret"
+      # - "DB_PASSWORD="
-      - "ADMIN_PASSWORD=foobar"
+      # - "ADMIN_PASSWORD="
    lime-web:
     build:
       context: nginx-certbot/
@@ -44,7 +44,7 @@ services:
     environment:
       - "MYSQL_USER=limesurvey"
       - "MYSQL_DATABASE=limesurvey"
-      - "MYSQL_PASSWORD=secret"
+      # - "MYSQL_PASSWORD="
-      - "MYSQL_ROOT_PASSWORD=secret"
+      # - "MYSQL_ROOT_PASSWORD="
 volumes:
   lime:

docker-compose.fpm.alpine.yml

@@ -14,8 +14,8 @@ services:
       - lime-db
     environment:
       - "DB_HOST=lime-db"
-      - "DB_PASSWORD=secret"
+      # - "DB_PASSWORD="
-      - "ADMIN_PASSWORD=foobar"
+      # - "ADMIN_PASSWORD="
   lime-web:
     image: docker.io/nginx:alpine
     links:
@@ -32,7 +32,7 @@ services:
     environment:
       - "MYSQL_USER=limesurvey"
       - "MYSQL_DATABASE=limesurvey"
-      - "MYSQL_PASSWORD=secret"
+      # - "MYSQL_PASSWORD="
-      - "MYSQL_ROOT_PASSWORD=secret"
+      # - "MYSQL_ROOT_PASSWORD="
 volumes:
   lime:

docker-compose.fpm.yml

@@ -14,8 +14,8 @@ services:
       - lime-db
     environment:
       - "DB_HOST=lime-db"
-      - "DB_PASSWORD=secret"
+      # - "DB_PASSWORD="
-      - "ADMIN_PASSWORD=foobar"
+      # - "ADMIN_PASSWORD="
   lime-web:
     image: docker.io/nginx
     links:
@@ -30,7 +30,7 @@ services:
     environment:
       - "MYSQL_USER=limesurvey"
       - "MYSQL_DATABASE=limesurvey"
-      - "MYSQL_PASSWORD=secret"
+      # - "MYSQL_PASSWORD="
-      - "MYSQL_ROOT_PASSWORD=secret"
+      # - "MYSQL_ROOT_PASSWORD="
 volumes:
   lime:

docker-compose.pgsql.yml

@@ -19,8 +19,8 @@ services:
       - "DB_TYPE=pgsql"
       - "DB_PORT=5432"
       - "DB_HOST=lime-db"
-      - "DB_PASSWORD=secret"
+      # - "DB_PASSWORD="
-      - "ADMIN_PASSWORD=foobar"
+      # - "ADMIN_PASSWORD="
   lime-db:
     image: docker.io/postgres:10
     volumes:
@@ -28,7 +28,7 @@ services:
     environment:
       - "POSTGRES_USER=limesurvey"
       - "POSTGRES_DB=limesurvey"
-      - "POSTGRES_PASSWORD=secret"
+      # - "POSTGRES_PASSWORD="
 
 volumes:
   db-data:

docker-compose.traefik.domain.yml

@@ -15,8 +15,8 @@ services:
       - lime-db
     environment:
       - "DB_HOST=lime-db"
-      - "DB_PASSWORD=secret"
+      # - "DB_PASSWORD="
-      - "ADMIN_PASSWORD=foobar"
+      # - "ADMIN_PASSWORD="
       - "PUBLIC_URL=http://my.survey.localhost:8888"
       - "BASE_URL=http://my.survey.localhost:8888"
   traefik:
@@ -37,6 +37,5 @@ services:
     environment:
       - "MYSQL_USER=limesurvey"
       - "MYSQL_DATABASE=limesurvey"
-      - "MYSQL_PASSWORD=secret"
+      # - "MYSQL_PASSWORD="
-      - "MYSQL_ROOT_PASSWORD=secret"
+      # - "MYSQL_ROOT_PASSWORD="
-

docker-compose.traefik.yml

@@ -19,8 +19,8 @@ services:
       - "./examples/apache-example.conf:/etc/apache2/sites-available/000-default.conf:ro"
     environment:
       - "DB_HOST=lime-db"
-      - "DB_PASSWORD=secret"
+      # - "DB_PASSWORD="
-      - "ADMIN_PASSWORD=foobar"
+      # - "ADMIN_PASSWORD="
       - "PUBLIC_URL=http://localhost:8888/limesurvey"
       - "BASE_URL=http://localhost:8888/limesurvey"
   traefik:
@@ -41,6 +41,5 @@ services:
     environment:
       - "MYSQL_USER=limesurvey"
       - "MYSQL_DATABASE=limesurvey"
-      - "MYSQL_PASSWORD=secret"
+      # - "MYSQL_PASSWORD="
-      - "MYSQL_ROOT_PASSWORD=secret"
+      # - "MYSQL_ROOT_PASSWORD="
-

docker-compose.yml

@@ -15,8 +15,8 @@ services:
       - "8080:8080"
     environment:
       - "DB_HOST=lime-db"
-      - "DB_PASSWORD=secret"
+      # - "DB_PASSWORD="
-      - "ADMIN_PASSWORD=foobar"
+      # - "ADMIN_PASSWORD="
       # If you require an empty table prefix, use a space as the DB_TABLE_PREFIX
       # - "DB_TABLE_PREFIX= "
   lime-db:
@@ -24,5 +24,5 @@ services:
     environment:
       - "MYSQL_USER=limesurvey"
       - "MYSQL_DATABASE=limesurvey"
-      - "MYSQL_PASSWORD=secret"
+      # - "MYSQL_PASSWORD="
-      - "MYSQL_ROOT_PASSWORD=secret"
+      # - "MYSQL_ROOT_PASSWORD="