Refactor Image to support new tiredofit/nginx-php-fpm base

Author: tiredofit

CHANGELOG.md

@@ -1,3 +1,8 @@
+## 4.0 2019-12-06 <dave at tiredofit dot ca>
+
+* Refactored Image to support new tiredofit/nginx-php-fpm image
+* PHP 7.3
+
 ## 3.1 2019-02-15 <dave at tiredofit dot ca>
 
 * Add USE_TOKENS

Dockerfile

@@ -1,13 +1,20 @@
-FROM tiredofit/nginx-php-fpm:7.2
+FROM tiredofit/nginx-php-fpm:7.3
 LABEL maintainer="Dave Conroy (dave at tiredofit dot ca)"
 
-### Environment Variables
-ENV SSP_VERSION=1.3
+ENV SSP_VERSION=1.3 \
+    PHP_ENABLE_LDAP=TRUE \
+    PHP_ENABLE_CREATE_SAMPLE_PHP=FALSE \
+    NGINX_WEBROOT="/www/ssp" \
+    ZABBIX_HOSTNAME=ssp-app
 
-### Download and setup files
-RUN mkdir -p /assets/install && \
-    echo '** Downloading Self Service Password version '${SSP_VERSION} && \
-    curl -sSL -o /assets/install/v${SSP_VERSION}.tar.gz https://github.com/ltb-project/self-service-password/archive/v1.3.tar.gz
+### Dependency Installation
+  RUN set -x && \
+  	  apk update && \
+      apk upgrade && \
+      mkdir -p /assets/install && \
+      echo '** Downloading Self Service Password version '${SSP_VERSION} && \
+      curl -sSL -o /assets/install/v${SSP_VERSION}.tar.gz https://github.com/ltb-project/self-service-password/archive/v${SSP_VERSION}.tar.gz && \
+      rm -rf /var/cache/apk/*
 
 ### Files Addition
-ADD install /
+  ADD install /

README.md

@@ -12,7 +12,7 @@ Dockerfile to build a [LTB-Self Service Password](https://ltb-project.org/docume
 
 * This Container uses a [customized Alpine Linux base](https://hub.docker.com/r/tiredofit/alpine) which includes [s6 overlay](https://github.com/just-containers/s6-overlay) enabled for PID 1 Init capabilities, [zabbix-agent](https://zabbix.org) for individual container monitoring, Cron also installed along with other tools (bash,curl, less, logrotate, nano, vim) for easier management.
 
-This Container uses [tiredofit/alpine:3.8](https://hub.docker.com/r/tiredofit/alpine as a base, and [tiredofit/nginx-php-fpm:7.2](https://hub.docker.com/r/tiredofit/nginx-php-fpm) to provide the serving of the content.
+This Container uses [tiredofit/alpine:3.10](https://hub.docker.com/r/tiredofit/alpine as a base, and [tiredofit/nginx-php-fpm:7.3](https://hub.docker.com/r/tiredofit/nginx-php-fpm) to provide the serving of the content.
 
 [Changelog](CHANGELOG.md)
 

examples/docker-compose.yml

@@ -1,21 +1,20 @@
-version: '2'
-
+version: '3.7'
 services:
+
   ssp-app:
     image: tiredofit/self-service-password:latest
     container_name: ssp-app
+    labels:
+      - traefik.enable=true
+      - traefik.frontend.rule=Host:url.example.com
+      - traefik.port=80
+      - traefik.protocol=http
+      - traefik.docker.network=proxy
+      - traefik.backend=ssp-app
     volumes:
       - ./data/:/www/ssp
       - ./logs/:/www/logs
     environment:
-      - VIRTUAL_HOST=url.hostname.com
-      - VIRTUAL_NETWORK=nginx-proxy
-      - VIRTUAL_PORT=80
-      - LETSENCRYPT_HOST=url.hostname.com
-      - [email protected]
-
-      - ZABBIX_HOSTNAME=ssp-app
-
       - LDAP_SERVER=ldap://openldap.example.com
       - LDAP_STARTTLS=false
       - LDAP_BINDDN=cn=admin,dc=example,dc=com
@@ -24,122 +23,121 @@ services:
       - LDAP_LOGIN_ATTRIBUTE=uid
       - LDAP_FULLNAME_ATTRIBUTE=cn
 
-# Active Directory mode
-# true: use unicodePwd as password field
-# false: LDAPv3 standard behavior
+    # Active Directory mode
+    # true: use unicodePwd as password field
+    # false: LDAPv3 standard behavior
       - ADMODE=false
-# Force account unlock when password is changed
+    # Force account unlock when password is changed
       - AD_OPT_FORCE_UNLOCK=false
-# Force user change password at next login
+    # Force user change password at next login
       - AD_OPT_FORCE_PWD_CHANGE=false
-# Allow user with expired password to change password
+    # Allow user with expired password to change password
       - AD_OPT_CHANGE_EXPIRED_PASSWORD=false
 
-# Samba mode
-# true: update sambaNTpassword and sambaPwdLastSet attributes too
-# false: just update the password
+    # Samba mode
+    # true: update sambaNTpassword and sambaPwdLastSet attributes too
+    # false: just update the password
       - SAMBA_MODE=false
 
-# Shadow options - require shadowAccount objectClass
-# Update shadowLastChange
+    # Shadow options - require shadowAccount objectClass
+    # Update shadowLastChange
       - SHADOW_OPT_UPDATE_SHADOWLASTCHANGE=false
-# Hash mechanism for password:
-# SSHA
-# SHA
-# SMD5
-# MD5
-# CRYPT
-# clear (the default)
-# auto (will check the hash of current password)
-# This option is not used with ad_mode = true
+    # Hash mechanism for password:
+    # SSHA
+    # SHA
+    # SMD5
+    # MD5
+    # CRYPT
+    # clear (the default)
+    # auto (will check the hash of current password)
+    # This option is not used with ad_mode = true
       - PASSWORD_HASH=auto
 
-# Local password policy
-# This is applied before directory password policy
-# Minimal length
+    # Local password policy
+    # This is applied before directory password policy
+    # Minimal length
       - PASSWORD_MIN_LENGTH: 0
-# Maximal length
+    # Maximal length
       - PASSWORD_MAX_LENGTH: 0
-# Minimal lower characters
+    # Minimal lower characters
       - PASSWORD_MIN_LOWERCASE: 0
-# Minimal upper characters
+    # Minimal upper characters
       - PASSWORD_MIN_UPPERCASE: 0
-# Minimal digit characters
+    # Minimal digit characters
       - PASSWORD_MIN_DIGIT: 0
-# Minimal special characters
+    # Minimal special characters
       - PASSWORD_MIN_SPECIAL: 0
-# Dont reuse the same password as currently
+    # Dont reuse the same password as currently
       - PASSWORD_NO_REUSE=true
-# Show policy constraints message:
-# always
-# never
-# onerror
+    # Show policy constraints message:
+    # always
+    # never
+    # onerror
       - PASSWORD_SHOW_POLICY=never
-# Position of password policy constraints message:
-# above - the form
-# below - the form
+    # Position of password policy constraints message:
+    # above - the form
+    # below - the form
       - PASSWORD_SHOW_POLICY_POSITION=above
 
-# Who changes the password?
-# Also applicable for question/answer save
-# user: the user itself
-# manager: the above binddn
+    # Who changes the password?
+    # Also applicable for question/answer save
+    # user: the user itself
+    # manager: the above binddn
       - WHO_CAN_CHANGE_PASSWORD=user
 
-## Questions/answers
-# Use questions/answers?
-# true (default)
-# false
+    ## Questions/answers
+    # Use questions/answers?
+    # true (default)
+    # false
       - QUESTIONS_ENABLED=false
 
-## Mail
-# LDAP mail attribute
+    ## Mail
+    # LDAP mail attribute
       - LDAP_MAIL_ATTRIBUTE=mail
-# Who the email should come from
+    # Who the email should come from
       - [email protected]
       - MAIL_FROM_NAME=Password Admin
-# Notify users anytime their password is changed
+    # Notify users anytime their password is changed
       - NOTIFY_ON_CHANGE=true
-# PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)
+    # PHPMailer configuration (see https://github.com/PHPMailer/PHPMailer)
       - SMTP_DEBUG: 0
       - SMTP_HOST=smtp.example.com
       - SMTP_AUTH_ON=true
       - [email protected]
       - SMTP_PASS=smtppassword
       - SMTP_PORT: 587
       - SMTP_SECURE_TYPE=tls
-      - SMTP_AUTOTLS=false
-## SMS
-# Use sms (NOT WORKING YET)
+    ## SMS
+    # Use sms (NOT WORKING YET)
       - USE_SMS=false
-# Reset URL (if behind a reverse proxy)
+    # Reset URL (if behind a reverse proxy)
       - IS_BEHIND_PROXY=false
-# Display help messages
+    # Display help messages
       - SHOW_HELP=true
-# Language
+    # Language
       - LANG=en
-# Debug mode
+    # Debug mode
       - DEBUG_MODE=false
-# Encryption, decryption keyphrase
+    # Encryption, decryption keyphrase
       - SECRETEKEY=secretkey
-## CAPTCHA
-# Use Google reCAPTCHA (http://www.google.com/recaptcha)
+    ## CAPTCHA
+    # Use Google reCAPTCHA (http://www.google.com/recaptcha)
       - USE_RECAPTCHA=false
-# Go on the site to get public and private key
+    # Go on the site to get public and private key
       - RECAPTCHA_PUB_KEY=akjsdnkajnd
       - RECAPTCHA_PRIV_KEY=aksdjnakjdnsa
-## Default action
-# change
-# sendtoken
-# sendsms
+    ## Default action
+    # change
+    # sendtoken
+    # sendsms
       - DEFAULT_ACTION=change
-
     networks:
-      - proxy-tier
+      - proxy
+      - services
     restart: always
 
 networks:
-  proxy-tier:
-    external:
-      name: nginx-proxy
-
+  proxy:
+    external: true
+  services:
+    external: true