chore(deps): update islandora/nginx docker tag to v6.2.3 - abandoned

Dockerfile

@@ -1,4 +1,4 @@
-FROM islandora/nginx:6.0.10@sha256:57f9e680cc7515ba0025c2e5ba5f1f16dc6bb0810810684556805431af5fd962
+FROM islandora/nginx:6.2.3@sha256:1e85a1f0a222289a3079d5740ce8156d36c325c1f8477fb96806fa157cfb666b
 
 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 
@@ -12,11 +12,11 @@ ARG \
     # renovate: datasource=repology depName=alpine_3_22/ghostscript
     GHOSTSCRIPT_VERSION=10.05.1-r0 \
     # renovate: datasource=repology depName=alpine_3_22/npm
-    NPM_VERSION=11.4.2-r0 \
+    NPM_VERSION=11.6.4-r0 \
     # renovate: datasource=github-tags depName=ojs packageName=pkp/ojs
     OJS_VERSION=3_5_0rc2 \
     # renovate: datasource=repology depName=alpine_3_22/php83
-    PHP_VERSION=8.3.27-r0 \
+    PHP_VERSION=8.3.29-r0 \
     # renovate: datasource=repology depName=alpine_3_22/poppler-utils
     POPPLER_VERSION=25.04.0-r0
 

docker-compose.yaml

@@ -1,4 +1,6 @@
 ---
+networks:
+  default:
 volumes:
   mariadb-data: {}
   ojs-cache: {}
@@ -21,7 +23,7 @@ secrets:
 
 services:
   init:
-    image: islandora/base:6.0.10@sha256:00f16e56a20950f7b85e690b03c1e6e167625236bc77c56f4cd121dafd9ef578
+    image: islandora/base:6.2.3@sha256:010f7e422ad4563f91335106215a72c7485635b0a1125c651b4e76cb6d7efbd4
     restart: no
     volumes:
       - ./secrets:/secrets:rw
@@ -32,12 +34,16 @@ services:
   ojs:
     image: ghcr.io/libops/ojs:main
     build: .
+    networks:
+      - default
     ports:
       - 80:80
     environment:
       OJS_OAI_REPOSITORY_ID: ${DOMAIN:-localhost}
       OJS_ENABLE_BEACON: 1
       OJS_SMTP_SERVER: ${OJS_SMTP_SERVER:-}
+      OJS_ENABLE_HTTPS: "true"
+      OJS_BASE_URL: "https://${DOMAIN:-localhost}"
     secrets:
       - source: DB_ROOT_PASSWORD
       - source: OJS_API_KEY_SECRET
@@ -54,7 +60,9 @@ services:
       mariadb:
         condition: service_started
   mariadb:
-    image: islandora/mariadb:6.0.10@sha256:a89a1152abe0fc3d5de66d071b4391dd8f18e5f4883bfa32a82caf45a46d96da
+    image: islandora/mariadb:6.2.3@sha256:3c6e7cbed734310f4d9fea7a4f08e7e282ecb1a5e73aec0ab79b4167930380ab
+    networks:
+      - default
     volumes:
       - mariadb-data:/var/lib/mysql:rw
     secrets:

rootfs/etc/confd/conf.d/ojs.conf.toml

@@ -0,0 +1,7 @@
+[template]
+src = "ojs.conf.tmpl"
+dest = "/etc/nginx/shared/ojs.conf"
+uid = 0
+gid = 0
+mode = "0644"
+keys = [ "/" ]

rootfs/etc/confd/templates/config.inc.tmpl

@@ -102,7 +102,7 @@ restful_urls = On
 {{- $cleaned := replace $temp "http://"  "" -1 -}}
 
 {{- $host  := index (split $cleaned "/") 0 -}}
-{{- $domain := index (split $host    ":") 0 -}}
+{{ $domain := index (split $host    ":") 0 }}
 allowed_hosts = '["localhost", "{{ $domain }}"]'
 
 
@@ -431,45 +431,13 @@ page_links = 10
 [captcha]
 
 ; Whether or not to enable ReCaptcha
-recaptcha = off
-
-; Public key for reCaptcha (see http://www.google.com/recaptcha)
-recaptcha_public_key = your_public_key
-
-; Private key for reCaptcha (see http://www.google.com/recaptcha)
-recaptcha_private_key = your_private_key
-
-; Whether or not to use Captcha on user registration
+recaptcha = {{ if getenv "RECAPTCHA_PUBLIC_KEY" }}on{{ else }}off{{ end }}
+recaptcha_public_key = {{ getenv "RECAPTCHA_PUBLIC_KEY" }}
+recaptcha_private_key = {{ getenv "RECAPTCHA_PRIVATE_KEY" }}
 captcha_on_register = on
-
-; Whether or not to use Captcha on user login
 captcha_on_login = on
-
-; Validate the hostname in the ReCaptcha response
 recaptcha_enforce_hostname = Off
 
-; ALTCHA is a free and open-source alternative to Google's ReCaptcha
-; The options below will manage all the required configurations used to
-; work with ALTCHA instead of ReCaptcha on system
-
-; Whether or not to enable ALTCHA
-altcha = off
-
-; Private key for ALTCHA
-altcha_hmackey = 'Example key'
-
-; Whether or not to use ALTCHA on user registration
-altcha_on_register = on
-
-; Whether or not to use ALTCHA on user login
-altcha_on_login = on
-
-; Whether or not to use ALTCHA on user lost password
-altcha_on_lost_password = on
-
-; The quantity of encryption cycles performed by the ALTCHA system
-altcha_encrypt_number = 10000
-
 ;;;;;;;;;;;;;;;;;;;;;
 ; External Commands ;
 ;;;;;;;;;;;;;;;;;;;;;

rootfs/etc/confd/templates/ojs.conf.tmpl

@@ -0,0 +1,42 @@
+root /var/www/ojs;
+index index.php;
+
+error_log /dev/stderr;
+access_log /dev/stdout combined;
+
+error_log /dev/stderr;
+access_log /dev/stdout combined;
+
+# API rewrite with redirect
+location ~ ^/api/v1(.*)$ {
+    return 307 /index.php/api/v1$1;
+}
+
+# Main location block
+location / {
+    # Try to serve file directly, otherwise pass to index.php
+    try_files $uri $uri/ /index.php/$uri?$query_string;
+}
+
+# PHP processing
+location ~ \.php(/|$) {
+    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+    if (!-f $document_root$fastcgi_script_name) {
+        return 404;
+    }
+
+    fastcgi_pass unix:/var/run/php-fpm83/php-fpm83.sock;
+    {{ if eq (getenv "OJS_ENABLE_HTTPS") "true" }}
+    fastcgi_param HTTPS on;
+    fastcgi_param HTTP_SCHEME https;
+    {{ end }}
+    fastcgi_index index.php;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param PATH_INFO $fastcgi_path_info;
+    include fastcgi_params;
+}
+
+# Deny access to hidden files
+location ~ /\. {
+    deny all;
+}

rootfs/etc/nginx/shared/fpm.conf

@@ -0,0 +1,24 @@
+# Used to validate that PHP-FPM is in a ready state.
+# Not accessible outside of the container.
+location ~ ^/(status|ping)$ {
+    access_log off;
+    allow 127.0.0.1;
+    allow ::1;
+    deny all;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_index index.php;
+    include fastcgi_params;
+    fastcgi_pass unix:/var/run/php-fpm83/php-fpm83.sock;
+}
+
+location = /opcache_stat.php {
+    access_log off;
+    allow 127.0.0.1;
+    allow ::1;
+    allow 128.180.0.0/16;
+    deny all;
+    fastcgi_pass unix:/var/run/php-fpm83/php-fpm83.sock;
+    fastcgi_index index.php;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    include fastcgi_params;
+}

rootfs/etc/s6-overlay/scripts/ojs-setup.sh

@@ -70,20 +70,18 @@ function install_ojs {
 }
 
 function main {
-    mysql_create_database
-
     # wait for nginx
     if ! timeout 300 wait-for-open-port.sh localhost 80; then
       echo "Could not connect to nginx at localhost:80"
       exit 1
     fi
-
-    if ! check_ojs_installed; then
-        install_ojs &
-        echo "OJS installation started."
-    else
-        echo "OJS is already installed. Skipping installation."
-        set_ojs_installed
+    if [ "${DB_HOST}" = "mariadb" ]; then
+      mysql_create_database
+      install_ojs &
+      echo "OJS installation started."
+      exit 0
     fi
+
+    set_ojs_installed
 }
 main

scripts/generate-secrets.sh

@@ -16,3 +16,16 @@ yq -r '.secrets[].file' docker-compose.yaml | uniq | while read -r SECRET; do
     (grep -ao "${CHARACTERS}" < /dev/urandom || true) | head "-${LENGTH}" | tr -d '\n' > "${SECRET}"
   fi
 done
+
+if [ -f docker-compose.override.yaml ]; then
+  yq -r '.secrets[].file' docker-compose.override.yaml | uniq | while read -r SECRET; do
+    if [ ! -f "${SECRET}" ]; then
+      echo "Creating: ${SECRET}" >&2
+      DIR=$(dirname "${SECRET}")
+      if [ ! -d "${DIR}" ]; then
+        mkdir -p "$DIR"
+      fi
+      (grep -ao "${CHARACTERS}" < /dev/urandom || true) | head "-${LENGTH}" | tr -d '\n' > "${SECRET}"
+    fi
+  done
+fi

scripts/test.sh

@@ -2,20 +2,24 @@
 
 set -eou pipefail
 
-max_attempts=10
+max_attempts=20
 attempt=0
 
 while [ $attempt -lt $max_attempts ]; do
   attempt=$(( attempt + 1 ))
   echo "Attempt $attempt of $max_attempts..."
 
-  sleep 60
+  sleep 10
 
-  if curl -sf http://localhost | grep "<img" | grep -q "Open Journal Systems"; then
+  if curl -sf http://localhost/ | grep "<img" | grep -q "Open Journal Systems"; then
     echo "OJS is up!"
     exit 0
   fi
+  sleep 30
+  docker compose logs ojs --tail 20
 done
 
+docker compose logs ojs
+
 echo "Failed to detect OJS after $max_attempts attempts"
 exit 1