From 2afc324e6ba5bcca1c2cac9c6387bfdeb33d5cb4 Mon Sep 17 00:00:00 2001
From: root <root@docker01.blorand.local>
Date: Wed, 3 Sep 2025 00:34:56 +0200
Subject: [PATCH] =?UTF-8?q?Update=20de=20GLPI=20Ajout=20de=20la=20conf=20t?=
 =?UTF-8?q?raefik=20passage=20=C3=A0=20mariadb?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker-compose.yml        | 52 ++++++++++++++++++++++++++++-----------
 web-builder/Dockerfile    | 13 +++++-----
 web-builder/remoteip.conf |  2 +-
 web-builder/service/cron  |  4 ++-
 web-builder/service/glpi  | 19 +++++++++-----
 web-builder/service/php   |  0
 6 files changed, 61 insertions(+), 29 deletions(-)
 mode change 100644 => 100755 web-builder/service/cron
 mode change 100644 => 100755 web-builder/service/glpi
 mode change 100644 => 100755 web-builder/service/php

diff --git a/docker-compose.yml b/docker-compose.yml
index 4d01be7..7d73f69 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,9 +1,11 @@
-version: '3.5'
 services:
-  web:
+  web: &glpi_base
     container_name: glpi-web
     build: web-builder
     restart: always
+    networks:
+      - proxy
+      - default
     volumes:
       - ./etc/:/etc/glpi/
       - ./files/:/var/lib/glpi/
@@ -21,34 +23,46 @@ services:
     depends_on:
       - db
       - redis
+    labels:
+       - "traefik.enable=true"
+       - "traefik.http.middlewares.tohttps.redirectscheme.scheme=https"
+       - "traefik.http.middlewares.tohttps.redirectscheme.permanent=true"
+       - "traefik.http.middlewares.tohttps.redirectscheme.port=443"
+       - "traefik.http.routers.glpi-http.rule=Host(`glpi.blorand.org`)"
+       - "traefik.http.routers.glpi-http.entrypoints=web"
+       - "traefik.http.routers.glpi-http.middlewares=tohttps"
+       - "traefik.http.routers.glpi-https.rule=Host(`glpi.blorand.org`)&&!PathPrefix(`/front/inventory.php`)"
+       - "traefik.http.routers.glpi-https.entrypoints=websecure"
+       - "traefik.http.routers.glpi-https.tls=true"
+       - "traefik.http.routers.glpi-inventory-https.rule=Host(`glpi.blorand.org`)&&PathPrefix(`/front/inventory.php`)"
+       - "traefik.http.routers.glpi-inventory-https.entrypoints=websecure"
+       - "traefik.http.routers.glpi-inventory-https.tls=true"
+       - "traefik.http.routers.glpi-inventory-https.middlewares=glpi-inventory-auth"
 
   cron:
+    <<: *glpi_base
     container_name: glpi-cron
-    image : glpi-web:latest
-    restart: always
+    networks:
+      - default
     volumes:
       - ./etc/:/etc/glpi/
       - ./files/:/var/lib/glpi/
       - ./log/:/var/log/glpi/
       - /etc/localtime:/etc/localtime:ro
-    env_file:
-      - ./mysql_settings.ini
-    environment:
-      - PHP_MEMORY_LIMIT=256M
-      - PHP_UPLOAD_MAX_FILESIZE=20M
-      - PHP_POST_MAX_SIZE=40M
-      - PHP_SESSION_GC_MAXLIFETIME=14400
-      - PHP_DATE_TIMEZONE=Europe/Paris
+    ports: []
     entrypoint: /etc/service/cron
     depends_on:
       - db
       - web
+    labels: []
 
   db:
-    image: mariadb
+    image: mariadb:lts
     container_name: glpi-db
     command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
     restart: always
+    networks:
+      - default
     env_file:
       - ./mysql_settings.ini
     volumes:
@@ -57,8 +71,18 @@ services:
 
   redis:
     container_name: glpi-redis
-    image: redis:latest
+    image: redis:alpine
     volumes:
       - ./cache:/data
     restart: "always"
+    networks:
+      - default
 
+networks:
+  default:
+    ipam:
+      config:
+        - subnet: 172.18.4.0/24
+  proxy:
+    name: proxy
+    external: true
diff --git a/web-builder/Dockerfile b/web-builder/Dockerfile
index aff2ad9..11d0a74 100644
--- a/web-builder/Dockerfile
+++ b/web-builder/Dockerfile
@@ -1,14 +1,14 @@
 FROM alpine
-MAINTAINER Benoit LORAND <benoit.lorand@blorand.org>
+LABEL BUILDER="Benoit LORAND <benoit.lorand@blorand.org>"
 
 WORKDIR /root
 ENV GLPI_CONFIG_DIR=/etc/glpi
 ENV GLPI_VAR_DIR=/var/lib/glpi
 ENV GLPI_LOG_DIR=/var/log/glpi
-ENV GLPI_VERSION=10.0.14
-ENV FIELDS_VERSION=1.21.8
-ENV DATAINJECTION_VERSION=2.13.5
-ENV GLPIINVENTORY_VERSION=1.3.5
+ENV GLPI_VERSION=10.0.19
+ENV FIELDS_VERSION=1.21.23
+ENV DATAINJECTION_VERSION=2.14.2
+ENV GLPIINVENTORY_VERSION=1.5.3
 
 
 RUN \
@@ -75,7 +75,6 @@ chmod 600 /etc/crontabs/apache && \
 rm -f /var/www/html/* /root/CAS-1.3.8.tgz /root/glpi-${GLPI_VERSION}.tgz /root/glpi-fields-${FIELDS_VERSION}.tar.bz2 /root/glpi-datainjection-${DATAINJECTION_VERSION}.tar.bz2 /root/glpi-glpiinventory-${GLPIINVENTORY_VERSION}.tar.bz2 && \
 rm -rf /tmp/* /var/tmp/*
 
-COPY logo.png /var/www/glpi/pics/logo.png
-
+EXPOSE 80
 WORKDIR /var/www/glpi
 ENTRYPOINT ["/etc/service/glpi"]
diff --git a/web-builder/remoteip.conf b/web-builder/remoteip.conf
index c38373e..3dd4eef 100644
--- a/web-builder/remoteip.conf
+++ b/web-builder/remoteip.conf
@@ -1,7 +1,7 @@
 <IfModule remoteip_module>
 	RemoteIPHeader X-Forwarded-For
 	RemoteIPProxiesHeader X-Forwarded-By
-	RemoteIPInternalProxy 172.23.0.0/24
+	RemoteIPInternalProxy 172.18.4.0/24 192.168.77.254
 </IfModule>
 
 <IfModule log_config_module>
diff --git a/web-builder/service/cron b/web-builder/service/cron
old mode 100644
new mode 100755
index 069b36e..822aee7
--- a/web-builder/service/cron
+++ b/web-builder/service/cron
@@ -5,6 +5,8 @@ msglog green "Starting Cron..."
 /etc/service/php
 
 # Touch cron files to fix 'NUMBER OF HARD LINKS > 1' issue. See  https://github.com/phusion/baseimage-docker/issues/198
-chown -R apache:apache /var/www/glpi /etc/glpi /var/lib/glpi /var/log/glpi
+for i in  /var/www/glpi /etc/glpi /var/lib/glpi /var/log/glpi ; do
+	find $i ! -user apache -exec chown apache:apache {} \; || true
+done
 touch -c /etc/crontab /etc/cron.*/* /var/spool/cron/crontabs/*
 exec /usr/sbin/crond -f -L /dev/stdout
diff --git a/web-builder/service/glpi b/web-builder/service/glpi
old mode 100644
new mode 100755
index 310d8bb..f170957
--- a/web-builder/service/glpi
+++ b/web-builder/service/glpi
@@ -20,7 +20,7 @@ msglog() {
 }
 
 waiting_for_db() {
-while ! mysqlshow -h db -uroot -p${MYSQL_ROOT_PASSWORD} 2>&1 | grep "^| ${MYSQL_DATABASE}" > /dev/null 2>&1 ; do
+while ! mariadb-show -h db -uroot -p${MYSQL_ROOT_PASSWORD} 2>&1 | grep "^| ${MYSQL_DATABASE}" > /dev/null 2>&1 ; do
 	msglog red "Waiting for mysql database initilization..."
 	sleep 5
 done
@@ -43,18 +43,21 @@ if [ ! -e "/etc/glpi/config_db.php" ] ; then
 	cd /root
 	cp -r /root/glpi_template/etc/. /etc/glpi/.
 	cp -r /root/glpi_template/files/. /var/lib/glpi/.
-	mysql --host=db --user=root --password=${MYSQL_ROOT_PASSWORD} << EOF
+	mariadb --host=db --user=root --password=${MYSQL_ROOT_PASSWORD} << EOF
 use mysql;
 GRANT SELECT ON time_zone_name TO '${MYSQL_USER}'@'%';
 EOF
 	cd /var/www/glpi
 	php82 bin/console db:install --config-dir=${GLPI_CONFIG_DIR} -L fr_FR -H db -d ${MYSQL_DATABASE} -u ${MYSQL_USER} -p ${MYSQL_PASSWORD} -n
 	rm install/install.php
-	chown -R apache:apache /var/www/glpi /etc/glpi /var/lib/glpi /var/log/glpi
+	for i in  /var/www/glpi /etc/glpi /var/lib/glpi /var/log/glpi ; do
+		find $i ! -user apache -exec chown apache:apache {} \; || true
+	done
 	echo "${GLPI_VERSION}" > /etc/glpi/glpi_actual_version
 	echo "${FIELDS_VERSION}" > /etc/glpi/fields_actual_version
 	echo "${DATAINJECTION_VERSION}" > /etc/glpi/datainjection_actual_version
 	echo "${GLPIINVENTORY_VERSION}" > /etc/glpi/glpiinventory_actual_version
+	php bin/console database:enable_timezones
 	msglog green "Initialazing complete..."
 else
 	msglog green "GLPI is already initialized"
@@ -63,7 +66,9 @@ else
 	DATAINJECTION_ACTUAL_VERSION=$(test -e /etc/glpi/datainjection_actual_version && cat /etc/glpi/datainjection_actual_version)
 	GLPIINVENTORY_ACTUAL_VERSION=$(test -e /etc/glpi/glpiinventory_actual_version && cat /etc/glpi/glpiinventory_actual_version)
 	if [ "${GLPI_ACTUAL_VERSION}" = "${GLPI_VERSION}" -a "${FIELDS_ACTUAL_VERSION}" = "${FIELDS_VERSION}" -a "${DATAINJECTION_ACTUAL_VERSION}" = "${DATAINJECTION_VERSION}" -a "${GLPIINVENTORY_ACTUAL_VERSION}" = "${GLPIINVENTORY_VERSION}" ] ; then
-		chown -R apache:apache /var/www/glpi /etc/glpi /var/lib/glpi /var/log/glpi
+		for i in  /var/www/glpi /etc/glpi /var/lib/glpi /var/log/glpi ; do
+			find $i ! -user apache -exec chown apache:apache {} \; || true
+		done
 		[ -e "/var/www/glpi/install/install.php" ] && rm /var/www/glpi/install/install.php
 		msglog green "GLPI already up2date"
 		start_apache
@@ -74,12 +79,14 @@ else
 	php82 bin/console glpi:maintenance:enable -n
 	php82 bin/console glpi:plugin:deactivate --all # -n
 	rm /var/www/glpi/install/install.php
-	php82 bin/console db:update --config-dir=${GLPI_CONFIG_DIR} -n && \
+	php82 bin/console database:update --config-dir=${GLPI_CONFIG_DIR} -n && \
 	       ( echo "${GLPI_VERSION}" > /etc/glpi/glpi_actual_version ; \
 	       echo "${FIELDS_VERSION}" > /etc/glpi/fields_actual_version ; \
 	       echo "${DATAINJECTION_VERSION}" > /etc/glpi/datainjection_actual_version  ; \
 	       echo "${GLPIINVENTORY_VERSION}" > /etc/glpi/glpiinventory_actual_version )
 	php82 bin/console glpi:maintenance:disable -n
-	chown -R apache:apache /var/www/glpi /etc/glpi /var/lib/glpi /var/log/glpi
+	for i in  /var/www/glpi /etc/glpi /var/lib/glpi /var/log/glpi ; do
+		find $i ! -user apache -exec chown apache:apache {} \; || true
+	done
 fi
 start_apache
diff --git a/web-builder/service/php b/web-builder/service/php
old mode 100644
new mode 100755