From 568b899cdd8fcb3eff34314c5aa91bca05a6c7f9 Mon Sep 17 00:00:00 2001 From: Alexander Elchlepp Date: Mon, 23 Feb 2026 09:21:11 +0100 Subject: [PATCH 1/7] make sure new env variables are set automatically during update-docker.sh --- .env.app.dist | 44 +++++++++++++++++++++++ .env.dist | 42 +--------------------- .gitignore | 1 + docker-compose.yml | 41 +++------------------ install.sh | 19 ++++++---- update-docker.sh | 88 ++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 151 insertions(+), 84 deletions(-) create mode 100644 .env.app.dist diff --git a/.env.app.dist b/.env.app.dist new file mode 100644 index 0000000..225dc76 --- /dev/null +++ b/.env.app.dist @@ -0,0 +1,44 @@ +# FewohBee application settings +# This file is used to pass environment variables to the php and cron containers. +# Copy this file to .env.app and adjust the values accordingly. +# New variables will be added automatically by update-docker.sh. + +LOCALE=de +FEWOHBEE_VERSION=latest +APP_ENV=prod +APP_SECRET= +REDIS_IDX=1 +REDIS_HOST=redis +USE_PASSWORD_BLACKLIST=true + +DATABASE_URL=mysql://fewohbee:db_password@db:3306/fewohbee + +# set up for sending mails +# e.g. smtp://username:password@yourdomain.tld:port +MAILER_DSN=null://localhost +FROM_MAIL=info@domain.tld +# enter the name +FROM_NAME="PENSION XY" +# the address when a recipient clicks on "answer", can be the same as in FROM_MAIL +RETURN_PATH=info@domain.tld +# sent copy of mail to the address specified in FROM_MAIL +MAIL_COPY=true +# comma-separated list of customer salutations +CUSTOMER_SALUTATIONS="Ms,Mr,Family" +# invoice export filename pattern (without extension) +# allowed placeholders: , , , , , , +# fallback syntax is supported: , the first non-empty value will be used +INVOICE_FILENAME_PATTERN="Invoice-" +###> web-authn/passkey ### +# set the domain name of your application here and make sure you use a valid SSL certificate +RELYING_PARTY_ID=example.com +RELYING_PARTY_NAME="FewohBee" +# Enable or disable passkey login/management +PASSKEY_ENABLED=false +###< web-authn/passkey ### + +# this is used for loading uploaded files embedded in a PDF Template, the host of the web server must be set +# in a docker environment the internal host name of the web container must be specified, e.g. "http://web" +# otherwise the host name of your web server must be set, e.g. https://pve +# leave this untouched when using fewohbee-dockerized +WEB_HOST=http://web:8080 diff --git a/.env.dist b/.env.dist index b2133b0..5632778 100644 --- a/.env.dist +++ b/.env.dist @@ -33,47 +33,7 @@ DEDYN_TOKEN="" # Set your dedyn.io domain name here: DEDYN_NAME="" - # self signed certificate settings SELF_SIGNED=true -# FewohBee Settings -LOCALE=de -FEWOHBEE_VERSION=latest -APP_ENV=prod -APP_SECRET= -REDIS_IDX=1 -REDIS_HOST=redis -USE_PASSWORD_BLACKLIST=true - -DATABASE_URL=mysql://fewohbee:db_password@db:3306/fewohbee - -# set up for sending mails -# e.g. smtp://username:password@yourdomain.tld:port -MAILER_DSN=null://localhost -FROM_MAIL=info@domain.tld -# enter the name -FROM_NAME="PENSION XY" -# the address when a recipient clicks on "answer", can be the same as in FROM_MAIL -RETURN_PATH=info@domain.tld -# sent copy of mail to the address specified in FROM_MAIL -MAIL_COPY=true -# comma-separated list of customer salutations -CUSTOMER_SALUTATIONS="Ms,Mr,Family" -# invoice export filename pattern (without extension) -# allowed placeholders: , , , , , , -# fallback syntax is supported: , the first non-empty value will be used -INVOICE_FILENAME_PATTERN="Invoice-" -###> web-authn/passkey ### -# set the domain name of your application here and make sure you use a valid SSL certificate -RELYING_PARTY_ID=example.com -RELYING_PARTY_NAME="FewohBee" -# Enable or disable passkey login/management -PASSKEY_ENABLED=false -###< web-authn/passkey ### - -# this is used for loading uploaded files embedded in a PDF Template, the host of the web server must be set -# in a docker environment the internal host name of the web container must be specified, e.g. "http://web" -# otherwise the host name of your web server must be set, e.g. https://pve -# leave this untouched when using fewohbee-dockerized -WEB_HOST=http://web:8080 +# For FewohBee application settings see .env.app.dist / .env.app diff --git a/.gitignore b/.gitignore index 03b0331..20a1505 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ .env +.env.app .DS_Store conf/nginx/server_name.active diff --git a/docker-compose.yml b/docker-compose.yml index 1846b4f..7342dad 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -23,29 +23,13 @@ services: - ${WWW_ROOT}:/var/www/data:cached networks: - internal-network + env_file: + - .env.app environment: - TZ=${TZ} - - LOCALE=${LOCALE} - - FEWOHBEE_VERSION=${FEWOHBEE_VERSION:-latest} - - APP_ENV=${APP_ENV} - - APP_SECRET=${APP_SECRET} - - DATABASE_URL=${DATABASE_URL} - - FROM_MAIL=${FROM_MAIL} - - FROM_NAME=${FROM_NAME} - - RETURN_PATH=${RETURN_PATH} - - MAILER_DSN=${MAILER_DSN:-null://localhost} - DB_SERVER_VERSION=12.1.2-MariaDB - - WEB_HOST=${WEB_HOST} - - REDIS_HOST=${REDIS_HOST} - - REDIS_IDX=${REDIS_IDX} - - USE_PASSWORD_BLACKLIST=${USE_PASSWORD_BLACKLIST} - - CUSTOMER_SALUTATIONS=${CUSTOMER_SALUTATIONS} - - INVOICE_FILENAME_PATTERN=${INVOICE_FILENAME_PATTERN} - - RELYING_PARTY_ID=${RELYING_PARTY_ID} - - RELYING_PARTY_NAME=${RELYING_PARTY_NAME} - - PASSKEY_ENABLED=${PASSKEY_ENABLED} restart: always - + cron: image: developeregrem/fewohbee-phpcli:latest volumes: @@ -54,26 +38,11 @@ services: - ./cron.d/cli:/opt/cron:ro networks: - internal-network + env_file: + - .env.app environment: - TZ=${TZ} - - LOCALE=${LOCALE} - - FEWOHBEE_VERSION=${FEWOHBEE_VERSION:-latest} - - APP_ENV=${APP_ENV} - - APP_SECRET=${APP_SECRET} - - DATABASE_URL=${DATABASE_URL} - - FROM_MAIL=${FROM_MAIL} - - FROM_NAME=${FROM_NAME} - - RETURN_PATH=${RETURN_PATH} - - MAILER_DSN=${MAILER_DSN:-null://localhost} - DB_SERVER_VERSION=12.1.2-MariaDB - - WEB_HOST=${WEB_HOST} - - REDIS_HOST=${REDIS_HOST} - - REDIS_IDX=${REDIS_IDX} - - USE_PASSWORD_BLACKLIST=${USE_PASSWORD_BLACKLIST} - - CUSTOMER_SALUTATIONS=${CUSTOMER_SALUTATIONS} - - RELYING_PARTY_ID=${RELYING_PARTY_ID} - - RELYING_PARTY_NAME=${RELYING_PARTY_NAME} - - PASSKEY_ENABLED=${PASSKEY_ENABLED} restart: always db: diff --git a/install.sh b/install.sh index fb108ce..33ec21e 100755 --- a/install.sh +++ b/install.sh @@ -1,7 +1,7 @@ #!/bin/bash if [ -f ".env" ]; then - echo "Already installed. If you want to change settings please modify the file .env manually." + echo "Already installed. If you want to change settings please modify the files .env and .env.app manually." exit 0 fi @@ -60,8 +60,12 @@ umask 0177 envTemplate=.env.dist envTmp=.env.tmp envEnd=.env +envAppTemplate=.env.app.dist +envAppTmp=.env.app.tmp +envAppEnd=.env.app cp $envTemplate $envTmp +cp $envAppTemplate $envAppTmp ########## setup host name ########## pveHostDefault=$(hostname) @@ -69,7 +73,7 @@ pveHost="" read -p "Please enter the host name of your server [$pveHostDefault]:" pveHost pveHost="${pveHost:-${pveHostDefault}}" $(sed "s/HOST_NAME=fewohbee/HOST_NAME=$pveHost/" $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) -$(sed "s/RELYING_PARTY_ID=example.com/RELYING_PARTY_ID=$pveHost/" $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) +$(sed "s/RELYING_PARTY_ID=example.com/RELYING_PARTY_ID=$pveHost/" $envAppTmp > $envAppTmp.tmp && mv $envAppTmp.tmp $envAppTmp) ########## setup certificate self-signed or letsencrypt ########## sslDefault="self-signed" @@ -157,7 +161,7 @@ do pveLang="${pveLang:-${pveLangDefault}}" done -$(sed 's@APP_ENV=prod@APP_ENV='"$pveEnv"'@g' $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) +$(sed 's@APP_ENV=prod@APP_ENV='"$pveEnv"'@g' $envAppTmp > $envAppTmp.tmp && mv $envAppTmp.tmp $envAppTmp) echo "Setting up $pveEnv environment." echo "Generating secrets and passwords." @@ -169,13 +173,14 @@ appSecret=$(openssl rand -base64 23) $(sed 's@MARIADB_ROOT_PASSWORD=@MARIADB_ROOT_PASSWORD='"$mariadbRootPw"'@g' $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) $(sed 's@MARIADB_PASSWORD=@MARIADB_PASSWORD='"$mariadbPw"'@g' $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) $(sed "s@MYSQL_BACKUP_PASSWORD=@MYSQL_BACKUP_PASSWORD=$mysqlBackupPw@g" $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) -$(sed "s@APP_SECRET=@APP_SECRET=$appSecret@g" $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) -$(sed "s@LOCALE=de@LOCALE=$pveLang@g" $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) +$(sed "s@APP_SECRET=@APP_SECRET=$appSecret@g" $envAppTmp > $envAppTmp.tmp && mv $envAppTmp.tmp $envAppTmp) +$(sed "s@LOCALE=de@LOCALE=$pveLang@g" $envAppTmp > $envAppTmp.tmp && mv $envAppTmp.tmp $envAppTmp) -# replace db password in db string -$(sed "s@db_password@$mariadbPw@" $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) +# replace db password in DATABASE_URL +$(sed "s@db_password@$mariadbPw@" $envAppTmp > $envAppTmp.tmp && mv $envAppTmp.tmp $envAppTmp) mv $envTmp $envEnd +mv $envAppTmp $envAppEnd ########## pull, build and start environment ########## echo "Preparing and starting docker-compose setup ..." diff --git a/update-docker.sh b/update-docker.sh index 6f48477..45c022c 100755 --- a/update-docker.sh +++ b/update-docker.sh @@ -3,8 +3,96 @@ cd "$(dirname "$0")" dockerBin=$(/usr/bin/which docker) + +# Pull and build new images $dockerBin compose pull $dockerBin compose build --force-rm --pull + +# Migrate existing .env to .env + .env.app if .env.app does not exist yet. +# This must happen before "docker compose up" since docker-compose.yml requires +# .env.app to exist via the env_file directive. +if [ ! -f ".env.app" ]; then + if grep -q "^# FewohBee Settings" .env 2>/dev/null; then + echo "Migrating FewohBee settings from .env to .env.app ..." + sed -n '/^# FewohBee Settings/,$p' .env > .env.app + chmod 0600 .env.app + echo "Created .env.app from .env." + echo "Please review .env.app and remove the FewohBee Settings section from .env manually." + else + echo "Warning: .env.app does not exist and no migration source found in .env." + echo "Please create .env.app from .env.app.dist manually." + exit 1 + fi +fi + +# Start containers. The php entrypoint will clone/update fewohbee via git. $dockerBin compose stop $dockerBin compose up --force-recreate -d + +# Wait for fewohbee to finish setup (git clone/pull + composer + migrations) +echo "Waiting for fewohbee to finish setup ..." +until [ "$($dockerBin compose exec -T php /bin/sh -c 'cat /firstrun' 2>/dev/null)" == "1" ]; do + echo " still waiting ..." + sleep 10 +done + +# Sync new environment variables from the now-running container into .env.app +echo "Checking for new environment variables ..." +containerEnvDist=$($dockerBin compose exec --user www-data -T php /bin/sh -c "cat fewohbee/.env.dist" 2>/dev/null) + +if [ $? -ne 0 ] || [ -z "$containerEnvDist" ]; then + echo "Warning: Could not read .env.dist from container. Skipping env sync." +else + addedVars=0 + commentBuffer="" + + while IFS= read -r line; do + # Accumulate comments and empty lines to carry them along with their variable + if [[ "$line" =~ ^[[:space:]]*# ]] || [[ -z "${line// }" ]]; then + [ -n "$commentBuffer" ] && commentBuffer+=$'\n' + commentBuffer+="$line" + continue + fi + + # Extract variable name (everything before the first =) + varName="${line%%=*}" + if [[ -z "$varName" ]]; then + commentBuffer="" + continue + fi + + # DB_SERVER_VERSION is hardcoded in docker-compose.yml, skip it + if [[ "$varName" == "DB_SERVER_VERSION" ]]; then + commentBuffer="" + continue + fi + + # Add if not already present in .env.app + if ! grep -q "^${varName}=" .env.app; then + if [ $addedVars -eq 0 ]; then + printf "\n# Variables added by update-docker.sh on %s\n" "$(date '+%Y-%m-%d')" >> .env.app + fi + # Write accumulated comments first, then the variable + if [ -n "$commentBuffer" ]; then + printf "\n%s\n" "$commentBuffer" >> .env.app + fi + printf "%s\n" "$line" >> .env.app + echo " Added: $varName" + addedVars=$((addedVars + 1)) + fi + + # Reset comment buffer after each variable (whether added or already present) + commentBuffer="" + done <<< "$containerEnvDist" + + if [ $addedVars -gt 0 ]; then + echo "$addedVars new variable(s) added to .env.app." + echo "Please review the new variables and adjust values if needed." + echo "Restarting php and cron containers to apply new environment variables ..." + $dockerBin compose up --force-recreate -d php cron + else + echo "No new environment variables found." + fi +fi + docker image prune -f From bea8eacfaa1852bb581d4148364458e27f75c507 Mon Sep 17 00:00:00 2001 From: Alexander Elchlepp Date: Tue, 24 Feb 2026 09:10:19 +0100 Subject: [PATCH 2/7] added multi env setup --- .env.dist | 6 +- README.md | 118 +++++++++++++++++++++++++------- conf/db/create-backup-user.sh | 4 ++ conf/nginx/docker-entrypoint.sh | 43 ++++++++++++ conf/nginx/site.conf.no-ssl | 27 ++++++++ docker-compose.no-ssl.yml | 87 +++++++++++++++++++++++ docker-compose.yml | 6 +- install.sh | 7 -- 8 files changed, 262 insertions(+), 36 deletions(-) create mode 100644 conf/db/create-backup-user.sh create mode 100644 conf/nginx/docker-entrypoint.sh create mode 100644 conf/nginx/site.conf.no-ssl create mode 100644 docker-compose.no-ssl.yml diff --git a/.env.dist b/.env.dist index 5632778..796aadb 100644 --- a/.env.dist +++ b/.env.dist @@ -18,8 +18,6 @@ MYSQL_BACKUP_PASSWORD= MYSQL_BACKUP_FOLDER=../dbbackup -DOCKER_API_VERSION=1.37 - # letsencrypt settings LETSENCRYPT=false EMAIL="" @@ -36,4 +34,8 @@ DEDYN_NAME="" # self signed certificate settings SELF_SIGNED=true +# reverse proxy settings (docker-compose.no-ssl.yml) +# Port exposed by the web container when using docker-compose.no-ssl.yml +LISTEN_PORT=80 + # For FewohBee application settings see .env.app.dist / .env.app diff --git a/README.md b/README.md index 35125d0..6702096 100644 --- a/README.md +++ b/README.md @@ -1,37 +1,109 @@ +# fewohbee-dockerized - # fewohbee-dockerized +This docker compose setup is part of the [fewohbee guesthouse administration tool](https://github.com/developeregrem/fewohbee). It provides all necessary services to run fewohbee out of the box. -This docker-compose setup is part of the [guesthouse administration tool](https://github.com/developeregrem/fewohbee). fewohbee-dockerized provides all necessary software/images in order to run the guesthouse administration tool (Pensionsverwaltung) out of the box. +## Services -The setup contains: +| Service | Image | Description | +|---------|-------|-------------| +| `web` | [nginx](https://hub.docker.com/_/nginx/) | Web server | +| `php` | [fewohbee-phpfpm](https://github.com/developeregrem/fewohbee-phpfpm) | PHP 8 FPM – clones and runs the app on first start | +| `cron` | [fewohbee-phpcli](https://github.com/developeregrem/fewohbee-phpfpm) | PHP CLI for scheduled tasks | +| `db` | [mariadb](https://hub.docker.com/_/mariadb) | Database | +| `redis` | [redis](https://hub.docker.com/_/redis) | In-memory cache | +| `acme` | [fewohbee-acme](https://github.com/developeregrem/fewohbee-acme) | SSL certificate management (Let's Encrypt or self-signed) | -- [nginx](https://hub.docker.com/_/nginx/) as web server or reverse proxy +## Configuration -- [mariadb](https://hub.docker.com/_/mariadb) as database management system +Two configuration files are required before starting the stack: -- [PHP 8.5-fpm-alpine](https://hub.docker.com/_/php/) with [composer](https://hub.docker.com/_/composer) which [installs](https://github.com/developeregrem/fewohbee-phpfpm) the guesthouse administration tool when the container is started. +| File | Contents | +|------|----------| +| `.env` | Infrastructure settings: hostname, database passwords, SSL/cert options | +| `.env.app` | Application settings: locale, mailer, passkeys, app secret, … | -- [redis](https://hub.docker.com/_/redis) as in-memory cache +Use `.env.dist` and `.env.app.dist` as reference templates. -- ACME for letsencrypt or self-signed certificates (with automatic renew) +## Setup -## Installation +### Option A – Setup container (recommended, all platforms) -Clone the master branch of the repository. +Works on Linux, macOS and Windows — requires only Docker. - ```` - cd /opt - git clone https://github.com/developeregrem/fewohbee-dockerized.git - cd fewohbee-dockerized - ```` - -Run the interactive installtion script to generate the configuration file and setup the application. +```sh +# Clone the repository first +git clone https://github.com/developeregrem/fewohbee-dockerized.git +cd fewohbee-dockerized - ```` - chmod +x install.sh - ./install.sh - ```` +# Linux / macOS +docker run --rm -it -v $(pwd):/config developeregrem/fewohbee-setup -## Usage +# Windows PowerShell +docker run --rm -it -v ${PWD}:/config developeregrem/fewohbee-setup +``` -Please refer to the documentation in the Wiki: [https://github.com/developeregrem/fewohbee/wiki/Docker-Setup](https://github.com/developeregrem/fewohbee/wiki/Docker-Setup) +The container asks a few questions (hostname, SSL mode, language), generates passwords and writes `.env` and `.env.app`. + +### Option B – install.sh (Linux only) + +A Bash script that additionally sets up optional cron jobs for database backups and automatic updates: + +```sh +git clone https://github.com/developeregrem/fewohbee-dockerized.git +cd fewohbee-dockerized +chmod +x install.sh +sudo ./install.sh +``` + +## Starting the application + +### Standard mode (with SSL) + +For servers with direct internet access. Manages SSL certificates automatically via the `acme` container (self-signed or Let's Encrypt). + +```sh +docker compose up -d +``` + +### Reverse proxy mode (no internal SSL) + +For deployments behind an external reverse proxy (Traefik, Nginx Proxy Manager, Caddy, etc.) that handles SSL termination. No `acme` container — the web container serves plain HTTP. + +```sh +docker compose -f docker-compose.no-ssl.yml up -d +``` + +Configure the exposed HTTP port via `LISTEN_PORT` in `.env` (default: `80`). + +## First-run initialisation + +After starting the stack, the PHP container clones the app and installs dependencies (~2 minutes). Monitor progress: + +```sh +docker compose logs -f php +``` + +Once `ready to handle connections` appears, run once to create the first admin user: + +```sh +docker compose exec --user www-data php /bin/sh -c "php fewohbee/bin/console app:first-run" +``` + +Optional: load sample data (guests, reservations, invoices) + +```sh +docker compose exec --user www-data php sh -c 'php fewohbee/bin/console doctrine:fixtures:load --append --group settings --group customer --group reservation --group invoices'" +``` +## Updates + +```sh +chmod +x update-docker.sh +./update-docker.sh +``` + +The script pulls new images, restarts the stack and automatically syncs any new application environment variables into `.env.app`. New variables should be reviewed and adjusted after the update. + +## Documentation + +Full setup and configuration documentation: +[https://github.com/developeregrem/fewohbee/wiki/Docker-Setup](https://github.com/developeregrem/fewohbee/wiki/Docker-Setup) diff --git a/conf/db/create-backup-user.sh b/conf/db/create-backup-user.sh new file mode 100644 index 0000000..bdbc2cf --- /dev/null +++ b/conf/db/create-backup-user.sh @@ -0,0 +1,4 @@ +#!/bin/sh +# Creates the database backup user on first database initialization. +# Runs automatically via /docker-entrypoint-initdb.d/ on first start. +mariadb -e "GRANT LOCK TABLES, SELECT ON *.* TO '${MYSQL_BACKUP_USER}'@'%' IDENTIFIED BY '${MYSQL_BACKUP_PASSWORD}';" diff --git a/conf/nginx/docker-entrypoint.sh b/conf/nginx/docker-entrypoint.sh new file mode 100644 index 0000000..51607ce --- /dev/null +++ b/conf/nginx/docker-entrypoint.sh @@ -0,0 +1,43 @@ +#!/bin/sh +set -e + +# Generate the active server_name config from template +envsubst < /etc/nginx/conf.d/templates/server_name.template > /etc/nginx/conf.d/server_name.active + +if [ "${REVERSE_PROXY:-false}" != "true" ]; then + # Wait for SSL certificates to be provided by the acme container. + # On first start the certs volume is empty; acme writes the files shortly after launch. + echo "Waiting for SSL certificates ..." + while [ ! -f "/certs/fullchain.pem" ] || [ ! -f "/certs/privkey.pem" ] || [ ! -f "/certs/dhparams.pem" ]; do + sleep 2 + done + echo "Certificates found, starting nginx." +fi + +# Start nginx in the background so we can watch for cert changes +nginx -g 'daemon off;' & +NGINX_PID=$! + +if [ "${REVERSE_PROXY:-false}" != "true" ]; then + # Record the initial cert fingerprint + CERT_HASH=$(md5sum /certs/fullchain.pem | cut -d' ' -f1) + + # Watch for certificate renewal every 60 seconds and reload nginx when changed. + # This replaces the previous approach of restarting the container via the Docker socket. + while kill -0 "$NGINX_PID" 2>/dev/null; do + sleep 60 + NEW_HASH=$(md5sum /certs/fullchain.pem 2>/dev/null | cut -d' ' -f1) + if [ -n "$NEW_HASH" ] && [ "$NEW_HASH" != "$CERT_HASH" ]; then + CERT_HASH="$NEW_HASH" + echo "Certificate changed, reloading nginx ..." + nginx -s reload 2>/dev/null || true + fi + done +else + # In reverse proxy mode just wait for nginx to exit + while kill -0 "$NGINX_PID" 2>/dev/null; do + sleep 60 + done +fi + +wait "$NGINX_PID" diff --git a/conf/nginx/site.conf.no-ssl b/conf/nginx/site.conf.no-ssl new file mode 100644 index 0000000..251aa6d --- /dev/null +++ b/conf/nginx/site.conf.no-ssl @@ -0,0 +1,27 @@ +server_tokens off; + +server { + listen 80; + listen [::]:80; + index index.html index.php; + error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; + + root /var/www/html/fewohbee/public; + + include /etc/nginx/conf.d/server_name.active; + + include /etc/nginx/conf.d/snippets/header.snippet; + + # app configs (PHP/FastCGI — reused from HTTPS setup) + include /etc/nginx/conf.d/site-enabled-https/*; +} + +server { + # this vhost is for internal connections only (e.g. mpdf fetches images from here, see env WEB_HOST) + listen 8080; + + root /var/www/html/fewohbee/public; + + include /etc/nginx/conf.d/server_name.active; +} diff --git a/docker-compose.no-ssl.yml b/docker-compose.no-ssl.yml new file mode 100644 index 0000000..805947e --- /dev/null +++ b/docker-compose.no-ssl.yml @@ -0,0 +1,87 @@ +# Reverse-proxy mode: SSL is terminated by an external proxy (Traefik, Nginx, Caddy, etc.) +# The web container listens on plain HTTP on LISTEN_PORT (default: 80). +# No acme container — certificate management is handled by the external proxy. +# +# Usage: docker compose -f docker-compose.no-ssl.yml up -d + +services: + web: + image: nginx:mainline-alpine + ports: + - ${LISTEN_PORT:-80}:80 + volumes: + - feb-data:/var/www/html:cached + - ./conf/nginx/:/etc/nginx/conf.d/ + - ./conf/nginx/site.conf.no-ssl:/etc/nginx/conf.d/site.conf:ro + environment: + - HOST_NAME=${HOST_NAME} + - REVERSE_PROXY=true + entrypoint: ["/bin/sh", "/etc/nginx/conf.d/docker-entrypoint.sh"] + networks: + - internal-network + restart: always + + php: + image: developeregrem/fewohbee-phpfpm:latest + volumes: + - feb-data:/var/www/html:cached + - ./conf/php/conf.ini:/usr/local/etc/php/conf.d/conf.ini + - ${WWW_ROOT}:/var/www/data:cached + networks: + - internal-network + env_file: + - .env.app + environment: + - TZ=${TZ} + - DB_SERVER_VERSION=12.1.2-MariaDB + restart: always + + cron: + image: developeregrem/fewohbee-phpcli:latest + volumes: + - feb-data:/var/www/html:cached + - ./conf/php/conf.ini:/usr/local/etc/php/conf.d/conf.ini + - ./cron.d/cli:/opt/cron:ro + networks: + - internal-network + env_file: + - .env.app + environment: + - TZ=${TZ} + - DB_SERVER_VERSION=12.1.2-MariaDB + restart: always + + db: + image: mariadb:12.1 + restart: always + volumes: + - db-vol:/var/lib/mysql:cached + - ${MYSQL_BACKUP_FOLDER}:/dbbackup:cached + - ./data/db:/db + - ./conf/db/create-backup-user.sh:/docker-entrypoint-initdb.d/create-backup-user.sh:ro + environment: + MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD} + MARIADB_USER: ${MARIADB_USER} + MARIADB_PASSWORD: ${MARIADB_PASSWORD} + MARIADB_DATABASE: ${MARIADB_DATABASE} + MYSQL_BACKUP_PASSWORD: ${MYSQL_BACKUP_PASSWORD} + MYSQL_BACKUP_USER: ${MYSQL_BACKUP_USER} + networks: + - internal-network + + redis: + image: redis:alpine + restart: always + volumes: + - redis-vol:/data/ + networks: + - internal-network + +networks: + internal-network: + driver: bridge + +volumes: + redis-vol: + db-vol: + feb-data: diff --git a/docker-compose.yml b/docker-compose.yml index 7342dad..415c913 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,7 +10,7 @@ services: - certs-vol:/certs:ro environment: - HOST_NAME=${HOST_NAME} - command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/server_name.template > /etc/nginx/conf.d/server_name.active && nginx -g 'daemon off;'" + entrypoint: ["/bin/sh", "/etc/nginx/conf.d/docker-entrypoint.sh"] networks: - internal-network restart: always @@ -52,6 +52,7 @@ services: - db-vol:/var/lib/mysql:cached - ${MYSQL_BACKUP_FOLDER}:/dbbackup:cached - ./data/db:/db + - ./conf/db/create-backup-user.sh:/docker-entrypoint-initdb.d/create-backup-user.sh:ro environment: MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD} MARIADB_USER: ${MARIADB_USER} @@ -74,10 +75,8 @@ services: image: developeregrem/fewohbee-acme:latest volumes: - certs-vol:/certs - - /var/run/docker.sock:/var/run/docker.sock - feb-data:/var/www:cached restart: always - entrypoint: "" environment: - HOST_NAME=${HOST_NAME} # used for self signed certificate - LETSENCRYPT_DOMAINS=${LETSENCRYPT_DOMAINS} @@ -85,7 +84,6 @@ services: - SELF_SIGNED=${SELF_SIGNED} - LETSENCRYPT=${LETSENCRYPT} - TZ=${TZ} - - DOCKER_API_VERSION=${DOCKER_API_VERSION} - DYNDNS_PROVIDER=${DYNDNS_PROVIDER} - DEDYN_TOKEN=${DEDYN_TOKEN} - DEDYN_NAME=${DEDYN_NAME} diff --git a/install.sh b/install.sh index 33ec21e..39a7a34 100755 --- a/install.sh +++ b/install.sh @@ -192,11 +192,6 @@ then exit 1 fi -########## ssl setup ########## -echo "Initiating certificate creation ..." -sleep 3 -$dockerComposeBin exec acme /bin/sh -c "./run.sh" - ########## application setup ########## echo "Setting up application ..." echo "Pulling app dependencies and setting up the database (this will take some time)." @@ -217,8 +212,6 @@ $dockerComposeBin exec db /bin/sh -c "mariadb -p$mariadbRootPw -uroot -e '$dbQue $dockerComposeBin exec --user www-data php /bin/sh -c "php fewohbee/bin/console app:first-run" ########## load test data ########## -## always load templates -$dockerComposeBin exec --user www-data php /bin/sh -c "php fewohbee/bin/console doctrine:fixtures:load --append --group templates" testDataDefault="no" testData="" while ! [[ "$testData" =~ ^(yes|no|y|n)$ ]] From fb6170f8b4b4811cfb8bc37a1da24a2c008fc830 Mon Sep 17 00:00:00 2001 From: Alexander Elchlepp Date: Tue, 24 Feb 2026 12:57:57 +0100 Subject: [PATCH 3/7] refactoring --- .env.app.dist | 44 -------------------------- .env.dist | 58 +++++++++++++++++++++++++++++----- README.md | 22 ++++--------- docker-compose.no-ssl.yml | 50 ++++++++++++++++++++++++++---- docker-compose.yml | 61 ++++++++++++++++++++++++++++-------- install.sh | 65 +++++++++++++++++---------------------- update-docker.sh | 48 ++++++++++++++--------------- 7 files changed, 201 insertions(+), 147 deletions(-) delete mode 100644 .env.app.dist diff --git a/.env.app.dist b/.env.app.dist deleted file mode 100644 index 225dc76..0000000 --- a/.env.app.dist +++ /dev/null @@ -1,44 +0,0 @@ -# FewohBee application settings -# This file is used to pass environment variables to the php and cron containers. -# Copy this file to .env.app and adjust the values accordingly. -# New variables will be added automatically by update-docker.sh. - -LOCALE=de -FEWOHBEE_VERSION=latest -APP_ENV=prod -APP_SECRET= -REDIS_IDX=1 -REDIS_HOST=redis -USE_PASSWORD_BLACKLIST=true - -DATABASE_URL=mysql://fewohbee:db_password@db:3306/fewohbee - -# set up for sending mails -# e.g. smtp://username:password@yourdomain.tld:port -MAILER_DSN=null://localhost -FROM_MAIL=info@domain.tld -# enter the name -FROM_NAME="PENSION XY" -# the address when a recipient clicks on "answer", can be the same as in FROM_MAIL -RETURN_PATH=info@domain.tld -# sent copy of mail to the address specified in FROM_MAIL -MAIL_COPY=true -# comma-separated list of customer salutations -CUSTOMER_SALUTATIONS="Ms,Mr,Family" -# invoice export filename pattern (without extension) -# allowed placeholders: , , , , , , -# fallback syntax is supported: , the first non-empty value will be used -INVOICE_FILENAME_PATTERN="Invoice-" -###> web-authn/passkey ### -# set the domain name of your application here and make sure you use a valid SSL certificate -RELYING_PARTY_ID=example.com -RELYING_PARTY_NAME="FewohBee" -# Enable or disable passkey login/management -PASSKEY_ENABLED=false -###< web-authn/passkey ### - -# this is used for loading uploaded files embedded in a PDF Template, the host of the web server must be set -# in a docker environment the internal host name of the web container must be specified, e.g. "http://web" -# otherwise the host name of your web server must be set, e.g. https://pve -# leave this untouched when using fewohbee-dockerized -WEB_HOST=http://web:8080 diff --git a/.env.dist b/.env.dist index 796aadb..13f0056 100644 --- a/.env.dist +++ b/.env.dist @@ -1,11 +1,15 @@ -# define the path of your web application, relative to the current folder -WWW_ROOT=../data +# fewohbee configuration +# Copy this file to .env and adjust the values accordingly. +# New variables will be added automatically by update-docker.sh. + +# Compose file to use. Change to docker-compose.no-ssl.yml for reverse proxy mode. +COMPOSE_FILE=docker-compose.yml # set timezone TZ=Europe/Berlin # e.g. fewohbee or mydomain.tld -HOST_NAME=fewohbee +HOST_NAME=fewohbee # mysql settings MARIADB_ROOT_PASSWORD= @@ -16,12 +20,10 @@ MARIADB_DATABASE=fewohbee MYSQL_BACKUP_USER=backupuser MYSQL_BACKUP_PASSWORD= -MYSQL_BACKUP_FOLDER=../dbbackup - # letsencrypt settings LETSENCRYPT=false EMAIL="" -# enter here all (sub-)domains which should be included in the certificate, sepearated with a whitespace e.g.: domain.tld sub1.domain.tld +# enter here all (sub-)domains which should be included in the certificate, separated with a whitespace e.g.: domain.tld sub1.domain.tld LETSENCRYPT_DOMAINS="" # if used specify your dyndns provider, currently "desec.io" is supported # leave empty if not used @@ -38,4 +40,46 @@ SELF_SIGNED=true # Port exposed by the web container when using docker-compose.no-ssl.yml LISTEN_PORT=80 -# For FewohBee application settings see .env.app.dist / .env.app +###> Application settings ### + +LOCALE=de +FEWOHBEE_VERSION=latest +APP_ENV=prod +APP_SECRET= +REDIS_IDX=1 +REDIS_HOST=redis +USE_PASSWORD_BLACKLIST=true + +DATABASE_URL=mysql://fewohbee:db_password@db:3306/fewohbee + +# set up for sending mails +# e.g. smtp://username:password@yourdomain.tld:port +MAILER_DSN=null://localhost +FROM_MAIL=info@domain.tld +# enter the name +FROM_NAME="PENSION XY" +# the address when a recipient clicks on "answer", can be the same as in FROM_MAIL +RETURN_PATH=info@domain.tld +# sent copy of mail to the address specified in FROM_MAIL +MAIL_COPY=true +# comma-separated list of customer salutations +CUSTOMER_SALUTATIONS="Ms,Mr,Family" +# invoice export filename pattern (without extension) +# allowed placeholders: , , , , , , +# fallback syntax is supported: , the first non-empty value will be used +INVOICE_FILENAME_PATTERN="Invoice-" +###> web-authn/passkey ### +# set the domain name of your application here and make sure you use a valid SSL certificate +RELYING_PARTY_ID=example.com +RELYING_PARTY_NAME="FewohBee" +# Enable or disable passkey login/management +PASSKEY_ENABLED=false +###< web-authn/passkey ### + +# this is used for loading uploaded files embedded in a PDF Template, the host of the web server must be set +# in a docker environment the internal host name of the web container must be specified, e.g. "http://web" +# otherwise the host name of your web server must be set, e.g. https://pve +# leave this untouched when using fewohbee-dockerized +WEB_HOST=http://web:8080 + +###< Application settings ### diff --git a/README.md b/README.md index 6702096..37ed9c5 100644 --- a/README.md +++ b/README.md @@ -15,14 +15,7 @@ This docker compose setup is part of the [fewohbee guesthouse administration too ## Configuration -Two configuration files are required before starting the stack: - -| File | Contents | -|------|----------| -| `.env` | Infrastructure settings: hostname, database passwords, SSL/cert options | -| `.env.app` | Application settings: locale, mailer, passkeys, app secret, … | - -Use `.env.dist` and `.env.app.dist` as reference templates. +All settings are stored in a single `.env` file. Use `.env.dist` as the reference template. ## Setup @@ -42,7 +35,7 @@ docker run --rm -it -v $(pwd):/config developeregrem/fewohbee-setup docker run --rm -it -v ${PWD}:/config developeregrem/fewohbee-setup ``` -The container asks a few questions (hostname, SSL mode, language), generates passwords and writes `.env` and `.env.app`. +The container asks a few questions (hostname, SSL mode, language), generates passwords and writes `.env`. ### Option B – install.sh (Linux only) @@ -69,8 +62,10 @@ docker compose up -d For deployments behind an external reverse proxy (Traefik, Nginx Proxy Manager, Caddy, etc.) that handles SSL termination. No `acme` container — the web container serves plain HTTP. +Set `COMPOSE_FILE=docker-compose.no-ssl.yml` in `.env` (done automatically by the setup scripts when choosing `reverse-proxy`) and then: + ```sh -docker compose -f docker-compose.no-ssl.yml up -d +docker compose up -d ``` Configure the exposed HTTP port via `LISTEN_PORT` in `.env` (default: `80`). @@ -89,11 +84,6 @@ Once `ready to handle connections` appears, run once to create the first admin u docker compose exec --user www-data php /bin/sh -c "php fewohbee/bin/console app:first-run" ``` -Optional: load sample data (guests, reservations, invoices) - -```sh -docker compose exec --user www-data php sh -c 'php fewohbee/bin/console doctrine:fixtures:load --append --group settings --group customer --group reservation --group invoices'" -``` ## Updates ```sh @@ -101,7 +91,7 @@ chmod +x update-docker.sh ./update-docker.sh ``` -The script pulls new images, restarts the stack and automatically syncs any new application environment variables into `.env.app`. New variables should be reviewed and adjusted after the update. +The script pulls new images, restarts the stack and automatically syncs any new environment variables into `.env` and both compose files. New variables should be reviewed and adjusted after the update. ## Documentation diff --git a/docker-compose.no-ssl.yml b/docker-compose.no-ssl.yml index 805947e..dce277f 100644 --- a/docker-compose.no-ssl.yml +++ b/docker-compose.no-ssl.yml @@ -26,14 +26,32 @@ services: volumes: - feb-data:/var/www/html:cached - ./conf/php/conf.ini:/usr/local/etc/php/conf.d/conf.ini - - ${WWW_ROOT}:/var/www/data:cached networks: - internal-network - env_file: - - .env.app environment: - TZ=${TZ} - DB_SERVER_VERSION=12.1.2-MariaDB + - LOCALE=${LOCALE} + - FEWOHBEE_VERSION=${FEWOHBEE_VERSION} + - APP_ENV=${APP_ENV} + - APP_SECRET=${APP_SECRET} + - REDIS_IDX=${REDIS_IDX} + - REDIS_HOST=${REDIS_HOST} + - USE_PASSWORD_BLACKLIST=${USE_PASSWORD_BLACKLIST} + - DATABASE_URL=${DATABASE_URL} + - MAILER_DSN=${MAILER_DSN} + - FROM_MAIL=${FROM_MAIL} + - FROM_NAME=${FROM_NAME} + - RETURN_PATH=${RETURN_PATH} + - MAIL_COPY=${MAIL_COPY} + - CUSTOMER_SALUTATIONS=${CUSTOMER_SALUTATIONS} + - RELYING_PARTY_ID=${RELYING_PARTY_ID} + - RELYING_PARTY_NAME=${RELYING_PARTY_NAME} + - PASSKEY_ENABLED=${PASSKEY_ENABLED} + - WEB_HOST=${WEB_HOST} + - INVOICE_FILENAME_PATTERN=${INVOICE_FILENAME_PATTERN} + - DEFAULT_URI=${DEFAULT_URI} + # new-vars-marker restart: always cron: @@ -44,11 +62,30 @@ services: - ./cron.d/cli:/opt/cron:ro networks: - internal-network - env_file: - - .env.app environment: - TZ=${TZ} - DB_SERVER_VERSION=12.1.2-MariaDB + - LOCALE=${LOCALE} + - FEWOHBEE_VERSION=${FEWOHBEE_VERSION} + - APP_ENV=${APP_ENV} + - APP_SECRET=${APP_SECRET} + - REDIS_IDX=${REDIS_IDX} + - REDIS_HOST=${REDIS_HOST} + - USE_PASSWORD_BLACKLIST=${USE_PASSWORD_BLACKLIST} + - DATABASE_URL=${DATABASE_URL} + - MAILER_DSN=${MAILER_DSN} + - FROM_MAIL=${FROM_MAIL} + - FROM_NAME=${FROM_NAME} + - RETURN_PATH=${RETURN_PATH} + - MAIL_COPY=${MAIL_COPY} + - CUSTOMER_SALUTATIONS=${CUSTOMER_SALUTATIONS} + - RELYING_PARTY_ID=${RELYING_PARTY_ID} + - RELYING_PARTY_NAME=${RELYING_PARTY_NAME} + - PASSKEY_ENABLED=${PASSKEY_ENABLED} + - WEB_HOST=${WEB_HOST} + - INVOICE_FILENAME_PATTERN=${INVOICE_FILENAME_PATTERN} + - DEFAULT_URI=${DEFAULT_URI} + # new-vars-marker restart: always db: @@ -56,7 +93,7 @@ services: restart: always volumes: - db-vol:/var/lib/mysql:cached - - ${MYSQL_BACKUP_FOLDER}:/dbbackup:cached + - db-backup-vol:/dbbackup:cached - ./data/db:/db - ./conf/db/create-backup-user.sh:/docker-entrypoint-initdb.d/create-backup-user.sh:ro environment: @@ -85,3 +122,4 @@ volumes: redis-vol: db-vol: feb-data: + db-backup-vol: diff --git a/docker-compose.yml b/docker-compose.yml index 415c913..e1d028b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,14 +20,32 @@ services: volumes: - feb-data:/var/www/html:cached - ./conf/php/conf.ini:/usr/local/etc/php/conf.d/conf.ini - - ${WWW_ROOT}:/var/www/data:cached networks: - internal-network - env_file: - - .env.app environment: - TZ=${TZ} - DB_SERVER_VERSION=12.1.2-MariaDB + - LOCALE=${LOCALE} + - FEWOHBEE_VERSION=${FEWOHBEE_VERSION} + - APP_ENV=${APP_ENV} + - APP_SECRET=${APP_SECRET} + - REDIS_IDX=${REDIS_IDX} + - REDIS_HOST=${REDIS_HOST} + - USE_PASSWORD_BLACKLIST=${USE_PASSWORD_BLACKLIST} + - DATABASE_URL=${DATABASE_URL} + - MAILER_DSN=${MAILER_DSN} + - FROM_MAIL=${FROM_MAIL} + - FROM_NAME=${FROM_NAME} + - RETURN_PATH=${RETURN_PATH} + - MAIL_COPY=${MAIL_COPY} + - CUSTOMER_SALUTATIONS=${CUSTOMER_SALUTATIONS} + - RELYING_PARTY_ID=${RELYING_PARTY_ID} + - RELYING_PARTY_NAME=${RELYING_PARTY_NAME} + - PASSKEY_ENABLED=${PASSKEY_ENABLED} + - WEB_HOST=${WEB_HOST} + - INVOICE_FILENAME_PATTERN=${INVOICE_FILENAME_PATTERN} + - DEFAULT_URI=${DEFAULT_URI} + # new-vars-marker restart: always cron: @@ -38,11 +56,30 @@ services: - ./cron.d/cli:/opt/cron:ro networks: - internal-network - env_file: - - .env.app environment: - TZ=${TZ} - DB_SERVER_VERSION=12.1.2-MariaDB + - LOCALE=${LOCALE} + - FEWOHBEE_VERSION=${FEWOHBEE_VERSION} + - APP_ENV=${APP_ENV} + - APP_SECRET=${APP_SECRET} + - REDIS_IDX=${REDIS_IDX} + - REDIS_HOST=${REDIS_HOST} + - USE_PASSWORD_BLACKLIST=${USE_PASSWORD_BLACKLIST} + - DATABASE_URL=${DATABASE_URL} + - MAILER_DSN=${MAILER_DSN} + - FROM_MAIL=${FROM_MAIL} + - FROM_NAME=${FROM_NAME} + - RETURN_PATH=${RETURN_PATH} + - MAIL_COPY=${MAIL_COPY} + - CUSTOMER_SALUTATIONS=${CUSTOMER_SALUTATIONS} + - RELYING_PARTY_ID=${RELYING_PARTY_ID} + - RELYING_PARTY_NAME=${RELYING_PARTY_NAME} + - PASSKEY_ENABLED=${PASSKEY_ENABLED} + - WEB_HOST=${WEB_HOST} + - INVOICE_FILENAME_PATTERN=${INVOICE_FILENAME_PATTERN} + - DEFAULT_URI=${DEFAULT_URI} + # new-vars-marker restart: always db: @@ -50,7 +87,7 @@ services: restart: always volumes: - db-vol:/var/lib/mysql:cached - - ${MYSQL_BACKUP_FOLDER}:/dbbackup:cached + - db-backup-vol:/dbbackup:cached - ./data/db:/db - ./conf/db/create-backup-user.sh:/docker-entrypoint-initdb.d/create-backup-user.sh:ro environment: @@ -62,7 +99,7 @@ services: MYSQL_BACKUP_USER: ${MYSQL_BACKUP_USER} networks: - internal-network - + redis: image: redis:alpine restart: always @@ -70,7 +107,7 @@ services: - redis-vol:/data/ networks: - internal-network - + acme: image: developeregrem/fewohbee-acme:latest volumes: @@ -78,7 +115,7 @@ services: - feb-data:/var/www:cached restart: always environment: - - HOST_NAME=${HOST_NAME} # used for self signed certificate + - HOST_NAME=${HOST_NAME} - LETSENCRYPT_DOMAINS=${LETSENCRYPT_DOMAINS} - EMAIL=${EMAIL} - SELF_SIGNED=${SELF_SIGNED} @@ -89,14 +126,14 @@ services: - DEDYN_NAME=${DEDYN_NAME} networks: - internal-network - + networks: internal-network: driver: bridge - + volumes: redis-vol: certs-vol: db-vol: feb-data: - + db-backup-vol: diff --git a/install.sh b/install.sh index 39a7a34..f76791e 100755 --- a/install.sh +++ b/install.sh @@ -1,7 +1,7 @@ #!/bin/bash if [ -f ".env" ]; then - echo "Already installed. If you want to change settings please modify the files .env and .env.app manually." + echo "Already installed. If you want to change settings please modify the file .env manually." exit 0 fi @@ -33,7 +33,7 @@ createCron() { return 1 fi targetCron="/etc/cron.d/$1" - ln -s $PWD/cron.d/$1 $targetCron + ln -s $PWD/cron.d/$1 $targetCron if [ $? -ne 0 ] then echo "Could not create symlink $targetCron. Do you have the permission to write there?" @@ -55,17 +55,13 @@ checkRequirements echo "This script will guide you through the installation of the tool." -# use env.dist as template and replace specific values during script execution +# use .env.dist as template and replace specific values during script execution umask 0177 envTemplate=.env.dist envTmp=.env.tmp envEnd=.env -envAppTemplate=.env.app.dist -envAppTmp=.env.app.tmp -envAppEnd=.env.app cp $envTemplate $envTmp -cp $envAppTemplate $envAppTmp ########## setup host name ########## pveHostDefault=$(hostname) @@ -73,18 +69,17 @@ pveHost="" read -p "Please enter the host name of your server [$pveHostDefault]:" pveHost pveHost="${pveHost:-${pveHostDefault}}" $(sed "s/HOST_NAME=fewohbee/HOST_NAME=$pveHost/" $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) -$(sed "s/RELYING_PARTY_ID=example.com/RELYING_PARTY_ID=$pveHost/" $envAppTmp > $envAppTmp.tmp && mv $envAppTmp.tmp $envAppTmp) +$(sed "s/RELYING_PARTY_ID=example.com/RELYING_PARTY_ID=$pveHost/" $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) -########## setup certificate self-signed or letsencrypt ########## +########## setup certificate ########## sslDefault="self-signed" ssl="" -while ! [[ "$ssl" =~ ^(self-signed|letsencrypt)$ ]] +while ! [[ "$ssl" =~ ^(self-signed|letsencrypt|reverse-proxy)$ ]] do - read -p "SSL Certificate: Using self-signed or letsencrypt? [$sslDefault]:" ssl + read -p "SSL Certificate: Using self-signed, letsencrypt or reverse-proxy? [$sslDefault]:" ssl ssl="${ssl:-${sslDefault}}" done -# default is self-signed if [ "$ssl" == "letsencrypt" ] then # ask for email for letsencrypt @@ -112,6 +107,13 @@ then $(sed 's/EMAIL=""/EMAIL='"$leMail"'/g' $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) fi +# reverse-proxy: SSL is terminated externally — disable internal SSL and switch compose file +if [ "$ssl" == "reverse-proxy" ] +then + $(sed 's@SELF_SIGNED=true@SELF_SIGNED=false@g' $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) + $(sed 's@COMPOSE_FILE=docker-compose.yml@COMPOSE_FILE=docker-compose.no-ssl.yml@g' $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) +fi + ########## setup cron ########## cronDefault="yes" cronDB="" @@ -124,9 +126,9 @@ then createCron "backup_mysql_docker" if [ $? -eq 0 ] then - echo "Backups will be stored in ../dbbackup." + echo "Backups will be stored in the db-backup-vol Docker volume." fi - chmod +x backup-db.sh + chmod +x backup-db.sh fi read -p "Enable automatic updates of docker images? (yes/no) [$cronDefault]:" cronDocker @@ -140,7 +142,7 @@ fi ########## setup symfony env ########## pveEnvDefault="prod" pveEnv="" -while ! [[ "$pveEnv" =~ ^(prod|dev)$ ]] +while ! [[ "$pveEnv" =~ ^(prod|dev)$ ]] do read -p "Do you want to run the tool in productive mode oder development mode (prod/dev) [$pveEnvDefault]:" pveEnv pveEnv="${pveEnv:-${pveEnvDefault}}" @@ -155,13 +157,14 @@ fi ### select language ### pveLangDefault="de" pveLang="" -while ! [[ "$pveLang" =~ ^(de|en)$ ]] +while ! [[ "$pveLang" =~ ^(de|en)$ ]] do read -p "Please choose the language of the tool (de/en) [$pveLangDefault]:" pveLang pveLang="${pveLang:-${pveLangDefault}}" done -$(sed 's@APP_ENV=prod@APP_ENV='"$pveEnv"'@g' $envAppTmp > $envAppTmp.tmp && mv $envAppTmp.tmp $envAppTmp) +$(sed 's@APP_ENV=prod@APP_ENV='"$pveEnv"'@g' $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) +$(sed "s@LOCALE=de@LOCALE=$pveLang@g" $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) echo "Setting up $pveEnv environment." echo "Generating secrets and passwords." @@ -173,14 +176,12 @@ appSecret=$(openssl rand -base64 23) $(sed 's@MARIADB_ROOT_PASSWORD=@MARIADB_ROOT_PASSWORD='"$mariadbRootPw"'@g' $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) $(sed 's@MARIADB_PASSWORD=@MARIADB_PASSWORD='"$mariadbPw"'@g' $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) $(sed "s@MYSQL_BACKUP_PASSWORD=@MYSQL_BACKUP_PASSWORD=$mysqlBackupPw@g" $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) -$(sed "s@APP_SECRET=@APP_SECRET=$appSecret@g" $envAppTmp > $envAppTmp.tmp && mv $envAppTmp.tmp $envAppTmp) -$(sed "s@LOCALE=de@LOCALE=$pveLang@g" $envAppTmp > $envAppTmp.tmp && mv $envAppTmp.tmp $envAppTmp) +$(sed "s@APP_SECRET=@APP_SECRET=$appSecret@g" $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) # replace db password in DATABASE_URL -$(sed "s@db_password@$mariadbPw@" $envAppTmp > $envAppTmp.tmp && mv $envAppTmp.tmp $envAppTmp) +$(sed "s@db_password@$mariadbPw@" $envTmp > $envTmp.tmp && mv $envTmp.tmp $envTmp) mv $envTmp $envEnd -mv $envAppTmp $envAppEnd ########## pull, build and start environment ########## echo "Preparing and starting docker-compose setup ..." @@ -197,7 +198,7 @@ echo "Setting up application ..." echo "Pulling app dependencies and setting up the database (this will take some time)." # this check depends on the script entrypoint.sh from fewohbee-phpfpm image until [ "`$dockerComposeBin exec -T php /bin/sh -c 'cat /firstrun'`" == "1" ] -do +do echo "still waiting ..." sleep 10 done @@ -211,23 +212,13 @@ $dockerComposeBin exec db /bin/sh -c "mariadb -p$mariadbRootPw -uroot -e '$dbQue ########## init tool ########## $dockerComposeBin exec --user www-data php /bin/sh -c "php fewohbee/bin/console app:first-run" -########## load test data ########## -testDataDefault="no" -testData="" -while ! [[ "$testData" =~ ^(yes|no|y|n)$ ]] -do - read -p "Do you want to load some initial test data into the application? (yes/no) [$testDataDefault]:" testData - testData="${testData:-${testDataDefault}}" -done - -# default is self-signed -if [ "$testData" == "yes" ] +echo "done" +if [ "$ssl" == "reverse-proxy" ] then - $dockerComposeBin exec --user www-data php /bin/sh -c "php fewohbee/bin/console doctrine:fixtures:load --append --group settings --group customer --group reservation --group invoices" + echo "You can now open a browser and visit http://$pveHost (via reverse proxy)." +else + echo "You can now open a browser and visit https://$pveHost." fi - -echo "done" -echo "You can now open a browser and visit https://$pveHost." echo "If you want to use the conversation feature please modify the section in the .env file accordingly." echo " > see https://github.com/developeregrem/fewohbee/wiki/Konfiguration#e-mails" echo "To use the city lookup feature please refer to: https://github.com/developeregrem/fewohbee/wiki/City-Lookup" diff --git a/update-docker.sh b/update-docker.sh index 45c022c..f839f2f 100755 --- a/update-docker.sh +++ b/update-docker.sh @@ -4,27 +4,13 @@ cd "$(dirname "$0")" dockerBin=$(/usr/bin/which docker) +# Pull latest changes to docker-compose.yml and configuration files +#git pull + # Pull and build new images $dockerBin compose pull $dockerBin compose build --force-rm --pull -# Migrate existing .env to .env + .env.app if .env.app does not exist yet. -# This must happen before "docker compose up" since docker-compose.yml requires -# .env.app to exist via the env_file directive. -if [ ! -f ".env.app" ]; then - if grep -q "^# FewohBee Settings" .env 2>/dev/null; then - echo "Migrating FewohBee settings from .env to .env.app ..." - sed -n '/^# FewohBee Settings/,$p' .env > .env.app - chmod 0600 .env.app - echo "Created .env.app from .env." - echo "Please review .env.app and remove the FewohBee Settings section from .env manually." - else - echo "Warning: .env.app does not exist and no migration source found in .env." - echo "Please create .env.app from .env.app.dist manually." - exit 1 - fi -fi - # Start containers. The php entrypoint will clone/update fewohbee via git. $dockerBin compose stop $dockerBin compose up --force-recreate -d @@ -36,7 +22,7 @@ until [ "$($dockerBin compose exec -T php /bin/sh -c 'cat /firstrun' 2>/dev/null sleep 10 done -# Sync new environment variables from the now-running container into .env.app +# Sync new environment variables from the now-running container into .env echo "Checking for new environment variables ..." containerEnvDist=$($dockerBin compose exec --user www-data -T php /bin/sh -c "cat fewohbee/.env.dist" 2>/dev/null) @@ -67,16 +53,28 @@ else continue fi - # Add if not already present in .env.app - if ! grep -q "^${varName}=" .env.app; then + # Add if not already present in .env + if ! grep -q "^${varName}=" .env; then if [ $addedVars -eq 0 ]; then - printf "\n# Variables added by update-docker.sh on %s\n" "$(date '+%Y-%m-%d')" >> .env.app + printf "\n# Variables added by update-docker.sh on %s\n" "$(date '+%Y-%m-%d')" >> .env fi # Write accumulated comments first, then the variable if [ -n "$commentBuffer" ]; then - printf "\n%s\n" "$commentBuffer" >> .env.app + printf "\n%s\n" "$commentBuffer" >> .env fi - printf "%s\n" "$line" >> .env.app + printf "%s\n" "$line" >> .env + + # Also add the variable to the environment: sections in both compose files + # (inserted before the # new-vars-marker comment, which appears in php and cron services) + for composeFile in docker-compose.yml docker-compose.no-ssl.yml; do + if [ -f "$composeFile" ] && grep -q "# new-vars-marker" "$composeFile"; then + tmpfile=$(mktemp) + awk -v varline=" - ${varName}=\${${varName}}" \ + '/# new-vars-marker/ { print varline } { print }' \ + "$composeFile" > "$tmpfile" && mv "$tmpfile" "$composeFile" + fi + done + echo " Added: $varName" addedVars=$((addedVars + 1)) fi @@ -86,8 +84,8 @@ else done <<< "$containerEnvDist" if [ $addedVars -gt 0 ]; then - echo "$addedVars new variable(s) added to .env.app." - echo "Please review the new variables and adjust values if needed." + echo "$addedVars new variable(s) added to .env and docker-compose.yml / docker-compose.no-ssl.yml." + echo "Please review the new variables in .env and adjust values if needed." echo "Restarting php and cron containers to apply new environment variables ..." $dockerBin compose up --force-recreate -d php cron else From 15185cec647fc07a0899140f1ed906acc4435a3d Mon Sep 17 00:00:00 2001 From: Alexander Elchlepp Date: Tue, 24 Feb 2026 15:20:22 +0100 Subject: [PATCH 4/7] refactoring --- conf/nginx/Dockerfile | 10 ++++++++++ conf/nginx/docker-entrypoint.sh | 5 +++++ docker-compose.no-ssl.yml | 5 +---- docker-compose.yml | 4 +--- update-docker.sh | 1 + 5 files changed, 18 insertions(+), 7 deletions(-) create mode 100644 conf/nginx/Dockerfile diff --git a/conf/nginx/Dockerfile b/conf/nginx/Dockerfile new file mode 100644 index 0000000..489a4d3 --- /dev/null +++ b/conf/nginx/Dockerfile @@ -0,0 +1,10 @@ +FROM nginx:mainline-alpine + +COPY . /etc/nginx/conf.d/ + +# Remove the default nginx config (replaced by site.conf) and the runtime-generated file +RUN rm -f /etc/nginx/conf.d/default.conf \ + /etc/nginx/conf.d/server_name.active \ + && chmod +x /etc/nginx/conf.d/docker-entrypoint.sh + +ENTRYPOINT ["/bin/sh", "/etc/nginx/conf.d/docker-entrypoint.sh"] diff --git a/conf/nginx/docker-entrypoint.sh b/conf/nginx/docker-entrypoint.sh index 51607ce..ddcb147 100644 --- a/conf/nginx/docker-entrypoint.sh +++ b/conf/nginx/docker-entrypoint.sh @@ -1,6 +1,11 @@ #!/bin/sh set -e +# Select site config based on SSL mode +if [ "${REVERSE_PROXY:-false}" = "true" ]; then + cp /etc/nginx/conf.d/site.conf.no-ssl /etc/nginx/conf.d/site.conf +fi + # Generate the active server_name config from template envsubst < /etc/nginx/conf.d/templates/server_name.template > /etc/nginx/conf.d/server_name.active diff --git a/docker-compose.no-ssl.yml b/docker-compose.no-ssl.yml index dce277f..4147bed 100644 --- a/docker-compose.no-ssl.yml +++ b/docker-compose.no-ssl.yml @@ -6,17 +6,14 @@ services: web: - image: nginx:mainline-alpine + build: ./conf/nginx ports: - ${LISTEN_PORT:-80}:80 volumes: - feb-data:/var/www/html:cached - - ./conf/nginx/:/etc/nginx/conf.d/ - - ./conf/nginx/site.conf.no-ssl:/etc/nginx/conf.d/site.conf:ro environment: - HOST_NAME=${HOST_NAME} - REVERSE_PROXY=true - entrypoint: ["/bin/sh", "/etc/nginx/conf.d/docker-entrypoint.sh"] networks: - internal-network restart: always diff --git a/docker-compose.yml b/docker-compose.yml index e1d028b..552dd11 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,16 +1,14 @@ services: web: - image: nginx:mainline-alpine + build: ./conf/nginx ports: - 80:80 - 443:443 volumes: - feb-data:/var/www/html:cached - - ./conf/nginx/:/etc/nginx/conf.d/ - certs-vol:/certs:ro environment: - HOST_NAME=${HOST_NAME} - entrypoint: ["/bin/sh", "/etc/nginx/conf.d/docker-entrypoint.sh"] networks: - internal-network restart: always diff --git a/update-docker.sh b/update-docker.sh index f839f2f..77c06b6 100755 --- a/update-docker.sh +++ b/update-docker.sh @@ -88,6 +88,7 @@ else echo "Please review the new variables in .env and adjust values if needed." echo "Restarting php and cron containers to apply new environment variables ..." $dockerBin compose up --force-recreate -d php cron + $dockerBin compose exec -T web nginx -s reload else echo "No new environment variables found." fi From 7576a2a01771193cc5c95c532c96fe913d345908 Mon Sep 17 00:00:00 2001 From: Alexander Elchlepp Date: Tue, 24 Feb 2026 16:06:18 +0100 Subject: [PATCH 5/7] added health check for db --- docker-compose.no-ssl.yml | 14 ++++++++++++-- docker-compose.yml | 14 ++++++++++++-- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/docker-compose.no-ssl.yml b/docker-compose.no-ssl.yml index 4147bed..dcab041 100644 --- a/docker-compose.no-ssl.yml +++ b/docker-compose.no-ssl.yml @@ -20,6 +20,9 @@ services: php: image: developeregrem/fewohbee-phpfpm:latest + depends_on: + db: + condition: service_healthy volumes: - feb-data:/var/www/html:cached - ./conf/php/conf.ini:/usr/local/etc/php/conf.d/conf.ini @@ -47,12 +50,14 @@ services: - PASSKEY_ENABLED=${PASSKEY_ENABLED} - WEB_HOST=${WEB_HOST} - INVOICE_FILENAME_PATTERN=${INVOICE_FILENAME_PATTERN} - - DEFAULT_URI=${DEFAULT_URI} # new-vars-marker restart: always cron: image: developeregrem/fewohbee-phpcli:latest + depends_on: + db: + condition: service_healthy volumes: - feb-data:/var/www/html:cached - ./conf/php/conf.ini:/usr/local/etc/php/conf.d/conf.ini @@ -81,7 +86,6 @@ services: - PASSKEY_ENABLED=${PASSKEY_ENABLED} - WEB_HOST=${WEB_HOST} - INVOICE_FILENAME_PATTERN=${INVOICE_FILENAME_PATTERN} - - DEFAULT_URI=${DEFAULT_URI} # new-vars-marker restart: always @@ -100,6 +104,12 @@ services: MARIADB_DATABASE: ${MARIADB_DATABASE} MYSQL_BACKUP_PASSWORD: ${MYSQL_BACKUP_PASSWORD} MYSQL_BACKUP_USER: ${MYSQL_BACKUP_USER} + healthcheck: + test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"] + start_period: 30s + interval: 10s + timeout: 5s + retries: 5 networks: - internal-network diff --git a/docker-compose.yml b/docker-compose.yml index 552dd11..d8761bc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,6 +15,9 @@ services: php: image: developeregrem/fewohbee-phpfpm:latest + depends_on: + db: + condition: service_healthy volumes: - feb-data:/var/www/html:cached - ./conf/php/conf.ini:/usr/local/etc/php/conf.d/conf.ini @@ -42,12 +45,14 @@ services: - PASSKEY_ENABLED=${PASSKEY_ENABLED} - WEB_HOST=${WEB_HOST} - INVOICE_FILENAME_PATTERN=${INVOICE_FILENAME_PATTERN} - - DEFAULT_URI=${DEFAULT_URI} # new-vars-marker restart: always cron: image: developeregrem/fewohbee-phpcli:latest + depends_on: + db: + condition: service_healthy volumes: - feb-data:/var/www/html:cached - ./conf/php/conf.ini:/usr/local/etc/php/conf.d/conf.ini @@ -76,7 +81,6 @@ services: - PASSKEY_ENABLED=${PASSKEY_ENABLED} - WEB_HOST=${WEB_HOST} - INVOICE_FILENAME_PATTERN=${INVOICE_FILENAME_PATTERN} - - DEFAULT_URI=${DEFAULT_URI} # new-vars-marker restart: always @@ -95,6 +99,12 @@ services: MARIADB_DATABASE: ${MARIADB_DATABASE} MYSQL_BACKUP_PASSWORD: ${MYSQL_BACKUP_PASSWORD} MYSQL_BACKUP_USER: ${MYSQL_BACKUP_USER} + healthcheck: + test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"] + start_period: 30s + interval: 10s + timeout: 5s + retries: 5 networks: - internal-network From 6be1d413ed67cb6c666f2cd37c2da61a8aea5f5d Mon Sep 17 00:00:00 2001 From: Alexander Elchlepp Date: Thu, 26 Feb 2026 08:55:29 +0100 Subject: [PATCH 6/7] removed rel paths --- conf/db/create-backup-user.sh | 2 +- conf/php/conf.ini | 19 ------------------- cron.d/cli/www-data | 4 ---- docker-compose.no-ssl.yml | 10 +++------- docker-compose.yml | 10 +++------- 5 files changed, 7 insertions(+), 38 deletions(-) delete mode 100644 conf/php/conf.ini delete mode 100644 cron.d/cli/www-data diff --git a/conf/db/create-backup-user.sh b/conf/db/create-backup-user.sh index bdbc2cf..887fb62 100644 --- a/conf/db/create-backup-user.sh +++ b/conf/db/create-backup-user.sh @@ -1,4 +1,4 @@ #!/bin/sh # Creates the database backup user on first database initialization. # Runs automatically via /docker-entrypoint-initdb.d/ on first start. -mariadb -e "GRANT LOCK TABLES, SELECT ON *.* TO '${MYSQL_BACKUP_USER}'@'%' IDENTIFIED BY '${MYSQL_BACKUP_PASSWORD}';" +mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" -e "GRANT LOCK TABLES, SELECT ON *.* TO '${MYSQL_BACKUP_USER}'@'%' IDENTIFIED BY '${MYSQL_BACKUP_PASSWORD}';" diff --git a/conf/php/conf.ini b/conf/php/conf.ini deleted file mode 100644 index cdac5a9..0000000 --- a/conf/php/conf.ini +++ /dev/null @@ -1,19 +0,0 @@ -date.timezone=${TZ} - -opcache.enable=1 -opcache.enable_cli=1 -opcache.interned_strings_buffer=8 -opcache.max_accelerated_files=10000 -opcache.memory_consumption=128 -opcache.save_comments=1 -opcache.revalidate_freq=1 -opcache.jit_buffer_size=100M - -session.save_handler = redis -session.save_path = "tcp://redis:6379" - -expose_php = Off - -display_errors = 0 -error_reporting = E_ALL -log_errors = On diff --git a/cron.d/cli/www-data b/cron.d/cli/www-data deleted file mode 100644 index 926cc5e..0000000 --- a/cron.d/cli/www-data +++ /dev/null @@ -1,4 +0,0 @@ -SHELL=/bin/sh -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin - -0 * * * * cd /var/www/html/fewohbee && /usr/local/bin/php bin/console calendar:import:sync --force diff --git a/docker-compose.no-ssl.yml b/docker-compose.no-ssl.yml index dcab041..075f622 100644 --- a/docker-compose.no-ssl.yml +++ b/docker-compose.no-ssl.yml @@ -25,12 +25,11 @@ services: condition: service_healthy volumes: - feb-data:/var/www/html:cached - - ./conf/php/conf.ini:/usr/local/etc/php/conf.d/conf.ini networks: - internal-network environment: - TZ=${TZ} - - DB_SERVER_VERSION=12.1.2-MariaDB + - DB_SERVER_VERSION=12.2.2-MariaDB - LOCALE=${LOCALE} - FEWOHBEE_VERSION=${FEWOHBEE_VERSION} - APP_ENV=${APP_ENV} @@ -60,13 +59,11 @@ services: condition: service_healthy volumes: - feb-data:/var/www/html:cached - - ./conf/php/conf.ini:/usr/local/etc/php/conf.d/conf.ini - - ./cron.d/cli:/opt/cron:ro networks: - internal-network environment: - TZ=${TZ} - - DB_SERVER_VERSION=12.1.2-MariaDB + - DB_SERVER_VERSION=12.2.2-MariaDB - LOCALE=${LOCALE} - FEWOHBEE_VERSION=${FEWOHBEE_VERSION} - APP_ENV=${APP_ENV} @@ -90,12 +87,11 @@ services: restart: always db: - image: mariadb:12.1 + image: mariadb:12.2 restart: always volumes: - db-vol:/var/lib/mysql:cached - db-backup-vol:/dbbackup:cached - - ./data/db:/db - ./conf/db/create-backup-user.sh:/docker-entrypoint-initdb.d/create-backup-user.sh:ro environment: MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD} diff --git a/docker-compose.yml b/docker-compose.yml index d8761bc..f2ff4eb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,12 +20,11 @@ services: condition: service_healthy volumes: - feb-data:/var/www/html:cached - - ./conf/php/conf.ini:/usr/local/etc/php/conf.d/conf.ini networks: - internal-network environment: - TZ=${TZ} - - DB_SERVER_VERSION=12.1.2-MariaDB + - DB_SERVER_VERSION=12.2.2-MariaDB - LOCALE=${LOCALE} - FEWOHBEE_VERSION=${FEWOHBEE_VERSION} - APP_ENV=${APP_ENV} @@ -55,13 +54,11 @@ services: condition: service_healthy volumes: - feb-data:/var/www/html:cached - - ./conf/php/conf.ini:/usr/local/etc/php/conf.d/conf.ini - - ./cron.d/cli:/opt/cron:ro networks: - internal-network environment: - TZ=${TZ} - - DB_SERVER_VERSION=12.1.2-MariaDB + - DB_SERVER_VERSION=12.2.2-MariaDB - LOCALE=${LOCALE} - FEWOHBEE_VERSION=${FEWOHBEE_VERSION} - APP_ENV=${APP_ENV} @@ -85,12 +82,11 @@ services: restart: always db: - image: mariadb:12.1 + image: mariadb:12.2 restart: always volumes: - db-vol:/var/lib/mysql:cached - db-backup-vol:/dbbackup:cached - - ./data/db:/db - ./conf/db/create-backup-user.sh:/docker-entrypoint-initdb.d/create-backup-user.sh:ro environment: MARIADB_ROOT_PASSWORD: ${MARIADB_ROOT_PASSWORD} From a28ce905ec9be801ca4aadc78592379f7215f8f0 Mon Sep 17 00:00:00 2001 From: Alexander Elchlepp Date: Tue, 3 Mar 2026 12:05:29 +0100 Subject: [PATCH 7/7] web uses docker dns resolver --- conf/nginx/site-enabled-https/01_fewohbee.snippet | 4 +++- update-docker.sh | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/conf/nginx/site-enabled-https/01_fewohbee.snippet b/conf/nginx/site-enabled-https/01_fewohbee.snippet index a59be25..ab584fb 100644 --- a/conf/nginx/site-enabled-https/01_fewohbee.snippet +++ b/conf/nginx/site-enabled-https/01_fewohbee.snippet @@ -7,7 +7,9 @@ location / { location ~ ^/index\.php(/|$) { root /var/www/html/fewohbee/public; fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass php:9000; + resolver 127.0.0.11 valid=5s; + set $php_backend php:9000; + fastcgi_pass $php_backend; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; diff --git a/update-docker.sh b/update-docker.sh index 77c06b6..f839f2f 100755 --- a/update-docker.sh +++ b/update-docker.sh @@ -88,7 +88,6 @@ else echo "Please review the new variables in .env and adjust values if needed." echo "Restarting php and cron containers to apply new environment variables ..." $dockerBin compose up --force-recreate -d php cron - $dockerBin compose exec -T web nginx -s reload else echo "No new environment variables found." fi