Merge pull request #753 from benbrummer/debian

saxon defaults now to 12.5.0

.editorconfig

@@ -0,0 +1,24 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+# Matches multiple files with brace expansion notation
+# Set default charset
+[*.*]
+charset = utf-8
+
+# Tab indentation (no size specified)
+[Makefile]
+indent_style = tab
+
+# Matches the files *.yml
+[*.yml]
+indent_style = space
+indent_size = 2
+

.github/workflows/auto-close-issues.yml

@@ -0,0 +1,21 @@
+name: Close stale issues after 5 days
+
+on:
+  schedule:
+    # Run this workflow every day at midnight
+    - cron: '0 0 * * *'
+
+jobs:
+  close-stale-issues:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Close stale issues
+        uses: actions/stale@v7
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          stale-issue-message: "This issue has been automatically closed due to inactivity for 5 days."
+          days-before-stale: 4  # Number of days before marking an issue as stale
+          days-before-close: 1 # Number of days after being marked stale before closing
+          stale-label: "stale" # Label to add to stale issues
+          exempt-issue-labels: "keep-open,triage,bug" # Prevents issues with this label from being closed
+          only-issues: true # Only affects issues, not pull requests

.github/workflows/build-image-debian.yaml

@@ -0,0 +1,38 @@
+name: Build Debian Container Image
+
+on:
+  pull_request:
+    paths:
+      - "debian/**"
+  push:
+    paths:
+      - "debian/**"
+    branches:
+      - master
+
+jobs:
+  docker:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build
+        id: docker_build
+        uses: docker/build-push-action@v5
+        with:
+          context: debian  
+          file: debian/Dockerfile  
+          load: true
+          tags: invoiceninja/invoiceninja-debian:test
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/build-image-octane.yaml

@@ -1,48 +0,0 @@
-name: Build Octane Container Image
-
-on:
-  pull_request:
-    paths:
-      - ".github/**"
-      - "octane/**"
-  push:
-    paths:
-      - ".github/**"
-      - "octane/**"
-
-env:
-  REGISTRY_IMAGE: invoiceninja/invoiceninja-octane
-
-jobs:
-  build:
-    runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
-    strategy:
-      fail-fast: false
-      matrix:
-        platform:
-          - linux/amd64
-          - linux/arm64
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.REGISTRY_IMAGE }}
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build
-        id: build
-        uses: docker/build-push-action@v6
-        with:
-          context: octane
-          platforms: ${{ matrix.platform }}
-          tags: ${{ env.REGISTRY_IMAGE }}
-          outputs: type=image,push-by-digest=true,name-canonical=true
-          cache-from: type=gha
-          cache-to: type=gha,mode=max

.github/workflows/publish-image-octane.yaml

@@ -1,166 +0,0 @@
-name: Publish Octane Container Images
-
-on:
-  push:
-    tags-ignore:
-      - "invoiceninja-*"
-
-env:
-  REGISTRY_IMAGE: invoiceninja/invoiceninja-octane
-
-jobs:
-  version:
-    runs-on: ubuntu-latest
-    outputs:
-      version: ${{ steps.version.outputs.version }}
-      major: ${{ steps.version.outputs.major }}
-      minor: ${{ steps.version.outputs.minor }}
-      url: ${{ steps.version.outputs.url }}
-    steps:
-      - id: version
-        run: |
-
-          VERSION=edge
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-            VERSION=${GITHUB_REF#refs/tags/}
-            # Remove -o or -d suffix if present
-            VERSION=${VERSION%-*}
-          fi
-          MAJOR="$(echo "${VERSION}" | cut -d. -f1)"
-          MINOR="$(echo "${VERSION}" | cut -d. -f2)"
-          URL=https://github.com/invoiceninja/invoiceninja/releases/download/v${VERSION}/invoiceninja.tar.gz
-
-          # Debug output
-          echo "Current version: ${VERSION}"
-          echo "Version pattern check: $([[ $VERSION =~ ^5\.[0-9]{1,3}\.[0-9]{1,3}$ ]] && echo "matches" || echo "doesn't match")"
-
-          echo "version=${VERSION}" >> $GITHUB_OUTPUT
-          echo "major=${MAJOR}" >> $GITHUB_OUTPUT
-          echo "minor=${MINOR}" >> $GITHUB_OUTPUT
-          echo "url=${URL}" >> $GITHUB_OUTPUT
-
-  build:
-    runs-on: ${{ startsWith(matrix.platform, 'linux/arm') && 'ubuntu-24.04-arm' || 'ubuntu-latest' }}
-    needs:
-      - version
-    strategy:
-      fail-fast: false
-      matrix:
-        platform:
-          - linux/amd64
-          - linux/arm64
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-
-      - name: Prepare
-        id: prep
-        run: |
-          platform=${{ matrix.platform }}
-          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.REGISTRY_IMAGE }}
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build and push by digest
-        id: build
-        uses: docker/build-push-action@v6
-        with:
-          context: octane
-          build-args: URL=${{ needs.version.outputs.url }}
-          platforms: ${{ matrix.platform }}
-          labels: ${{ steps.meta.outputs.labels }}
-          tags: ${{ env.REGISTRY_IMAGE }}
-          outputs: type=image,push-by-digest=true,name-canonical=true,push=${{ github.event_name != 'pull_request' }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Export digest
-        run: |
-          mkdir -p ${{ runner.temp }}/digests
-          digest="${{ steps.build.outputs.digest }}"
-          touch "${{ runner.temp }}/digests/${digest#sha256:}"
-
-      - name: Upload digest
-        uses: actions/upload-artifact@v4
-        with:
-          name: digests-${{ env.PLATFORM_PAIR }}
-          path: ${{ runner.temp }}/digests/*
-          if-no-files-found: error
-          retention-days: 1
-
-  merge:
-    runs-on: ubuntu-latest
-    needs:
-      - version
-      - build
-    steps:
-      - name: Download digests
-        uses: actions/download-artifact@v4
-        with:
-          path: ${{ runner.temp }}/digests
-          pattern: digests-*
-          merge-multiple: true
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.REGISTRY_IMAGE }}
-          tags: |
-            ${{ needs.version.outputs.version }}
-            ${{ needs.version.outputs.major }}
-            ${{ needs.version.outputs.major }}.${{ needs.version.outputs.minor }}
-            latest
-
-      - name: Create manifest list and push
-        working-directory: ${{ runner.temp }}/digests
-        if: ${{ github.event_name != 'pull_request' }}
-        run: |
-          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
-            $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *)
-
-      - name: Inspect image
-        if: ${{ github.event_name != 'pull_request' }}
-        run: |
-          docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.meta.outputs.version }}
-
-  Description:
-    if: ${{ github.event_name != 'pull_request' }}
-    runs-on: ubuntu-latest
-    needs:
-      - merge
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
-        with:
-          sparse-checkout: "README.md"
-
-      - name: Docker Hub Description
-        uses: peter-evans/dockerhub-description@v4
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_PASSWORD }}
-          repository: ${{ env.REGISTRY_IMAGE }}

.github/workflows/publish-image.yaml

@@ -0,0 +1,75 @@
+name: Publish Debian Container Images
+
+on:
+  push:
+    tags-ignore:
+      - "invoiceninja-*"
+
+jobs:
+  docker:
+    runs-on: ubuntu-22.04
+    strategy:
+      matrix:
+        include:
+          - image: invoiceninja/invoiceninja-debian
+            context: ./debian
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4  # Updated from v2
+        with:
+          fetch-depth: 0
+
+      - name: Prepare
+        id: prep
+        run: |
+          DOCKER_IMAGE=${{ matrix.image }}
+          VERSION=edge
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/}
+          fi
+          TAGS="${DOCKER_IMAGE}:${VERSION}"
+          MAJOR="$(echo "${VERSION}" | cut -d. -f1)"
+          MINOR="$(echo "${VERSION}" | cut -d. -f2)"
+          TAGS="$TAGS,${DOCKER_IMAGE}:${MAJOR},${DOCKER_IMAGE}:${MAJOR}.${MINOR}"
+          
+          # Debug output
+          echo "Current version: ${VERSION}"
+          echo "Version pattern check: $([[ $VERSION =~ ^5\.[0-9]{1,3}\.[0-9]{1,3}$ ]] && echo "matches" || echo "doesn't match")"
+          
+          TAGS="$TAGS,${DOCKER_IMAGE}:latest"
+
+          echo "tags=${TAGS}" >> $GITHUB_OUTPUT  # Updated output syntax
+          echo "version=${VERSION}" >> $GITHUB_OUTPUT
+          echo "major=${MAJOR}" >> $GITHUB_OUTPUT
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3  # Updated from v1
+        with:
+          platforms: all
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3  # Updated from v1
+
+      - name: Login to DockerHub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3  # Updated from v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
+
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v5  # Updated from v2
+        with:
+          context: ${{ matrix.context }}
+          build-args: INVOICENINJA_VERSION=${{ steps.prep.outputs.version }}
+          platforms: linux/amd64,linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.prep.outputs.tags }}
+          cache-from: type=gha  # Updated cache type
+          cache-to: type=gha,mode=max
+
+      - name: Image digest
+        run: echo ${{ steps.docker_build.outputs.digest }}

.gitignore

@@ -0,0 +1,14 @@
+# OS files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Helm
+charts/**/charts/
+
+# Compose filesystem
+/docker

README.md

@@ -1,13 +1,13 @@
-[![Docker Image Size](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja-octane?label=octane)](https://hub.docker.com/r/invoiceninja/invoiceninja-octane)
+[![Docker Image Size](https://img.shields.io/docker/image-size/invoiceninja/invoiceninja-debian?label=debian)](https://hub.docker.com/r/invoiceninja/invoiceninja-debian)
-[![Docker Pulls](https://img.shields.io/docker/pulls/invoiceninja/invoiceninja-octane)](https://hub.docker.com/r/invoiceninja/invoiceninja-octane)
+[![Docker Pulls](https://img.shields.io/docker/pulls/invoiceninja/invoiceninja-debian)](https://hub.docker.com/r/invoiceninja/invoiceninja-debian)
-[![Publish Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image-octane.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image-octane.yaml)
+[![Publish Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/publish-image.yaml)
-[![Build Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-octane.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-octane.yaml)
+[![Build Status](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml/badge.svg)](https://github.com/invoiceninja/dockerfiles/actions/workflows/build-image-v5.yaml)
 
-# Octane Docker for [Invoice Ninja](https://www.invoiceninja.com/)
+# Debian Docker for [Invoice Ninja](https://www.invoiceninja.com/)
 
-👑 **Features**
+:crown: **Features**
 
-[FRANKENPHP](https://frankenphp.dev/)  
+NGINX webserver support [NGINX](https://nginx.org/)  
 Built-in Chrome for PDF generation and other features  
 Saxon XLST 2 engine  
 OPcache  
@@ -18,8 +18,8 @@ Multi language support
 This Debian-based image includes Chrome for enhanced PDF generation and other features. To get started:
 
 ```bash
-git clone https://github.com/invoiceninja/dockerfiles.git -b octane
+git clone https://github.com/invoiceninja/dockerfiles.git -b debian
-cd dockerfiles/octane
+cd dockerfiles/debian
 ```
 
 Instead of defining our environment variables inside our docker-compose.yml file we now define this in the `.env` file, open this file up and insert your `APP_URL`, `APP_KEY` and update the rest of the variables as required.
@@ -51,10 +51,10 @@ The `APP_KEY` can be generated by running:
 
 ```bash
 # If you haven't started the containers yet:
-docker run --rm -it invoiceninja/invoiceninja-octane frankenphp php-cli artisan key:generate --show
+docker run --rm -it invoiceninja/invoiceninja-debian php artisan key:generate --show
 
 # Or if your containers are already running:
-docker compose exec app frankenphp php-cli artisan key:generate --show
+docker compose exec app php artisan key:generate --show
 ```
 
 Copy the entire string and insert in the .env file at `APP_KEY=base64....`
@@ -74,8 +74,9 @@ docker compose up -d
 To upgrade to a newer release image, update your docker-compose.yml first by running:
 
 ```bash
+docker compose down
 docker compose pull
-docker compose up -d
+docker compose up
 ```
 
 It is recommended to perform a backup before updating.
@@ -91,4 +92,4 @@ This is a new image which should provide much better support for all users, howe
 
 - [ ] Backup script  
 - [ ] Integrate soketi server  
-- [ ] Add elastic search for site wide search  
+- [ ] Add elastic search for site wide search  

debian/.env

@@ -1,5 +1,5 @@
 # IN application vars
-APP_URL=http://localhost
+APP_URL=http://localhost:8012
 APP_KEY=base64:RR++yx2rJ9kdxbdh3+AmbHLDQu+Q76i++co9Y8ybbno=
 APP_ENV=production
 APP_DEBUG=true

debian/Dockerfile

@@ -1,42 +1,31 @@
-ARG PHP_VERSION=8.4
+ARG PHP=8.3
-ARG FRANKENPHP_VERSION=1
-ARG DEBIAN_VERSION=trixie
 
-FROM dunglas/frankenphp:${FRANKENPHP_VERSION}-php${PHP_VERSION}-${DEBIAN_VERSION} AS prepare-app
+FROM php:${PHP}-fpm AS prepare-app
 
-ARG URL=https://github.com/invoiceninja/invoiceninja/releases/latest/download/invoiceninja.tar.gz
+USER www-data
 
-ADD ${URL} /tmp/invoiceninja.tar.gz
+RUN curl -sL "https://github.com/invoiceninja/invoiceninja/releases/latest/download/invoiceninja.tar.gz" | \
-
+    tar -xz -C /var/www/html \
-RUN tar -xf /tmp/invoiceninja.tar.gz \
+    && ln -s /var/www/html/resources/views/react/index.blade.php /var/www/html/public/index.html \
-    && ln -s ./resources/views/react/index.blade.php ./public/index.html \
-    # Symlink
     && php artisan storage:link \
-    # Octane
+    # Workaround for application updates
-    && php artisan octane:install --server=frankenphp
+    && mv /var/www/html/public /tmp/public
 
 # ==================
 # InvoiceNinja image
 # ==================
-FROM dunglas/frankenphp:${FRANKENPHP_VERSION}-php${PHP_VERSION}-${DEBIAN_VERSION}
+FROM php:${PHP}-fpm
-
-ARG user=ninja
 
 # PHP modules
 ARG php_require="bcmath gd mbstring pdo_mysql zip"
 ARG php_suggest="exif imagick intl pcntl saxon soap"
 ARG php_extra="opcache"
 
-# Create a system user UID/GID=999
-RUN	useradd -r ${user}
-
-# Allow to bind to privileged ports
-RUN setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/frankenphp
-
 # Install system dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends \
     mariadb-client \
     gpg \
+    supervisor \
     # Unicode support for PDF
     fonts-noto-cjk-extra \
     fonts-wqy-microhei \
@@ -49,15 +38,14 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     gpg --dearmor -o /etc/apt/keyrings/google.gpg \
     && echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/google.gpg] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
     && apt-get update \
-    && apt-get install -y --no-install-recommends google-chrome-stable \
+    && apt-get install -y --no-install-recommends google-chrome-stable; \
-    && mkdir /config/google-chrome \
-    && chown ${user}: /config/google-chrome; \
     elif [ "$(dpkg --print-architecture)" = "arm64" ]; then \
     apt-get install -y --no-install-recommends \
-    chromium \
+    chromium; \        
-    && mkdir /config/chromium \
-    && chown ${user}: /config/chromium; \
     fi \
+    # Create config directory for chromium/google-chrome-stable
+    && mkdir /var/www/.config \
+    && chown www-data:www-data /var/www/.config \
     # Cleanup
     && apt-get purge -y gpg \
     && apt-get autoremove -y \
@@ -65,38 +53,33 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     && rm -rf /var/lib/apt/lists/*
 
 # Install PHP extensions
+COPY --from=ghcr.io/mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
+
 RUN install-php-extensions \
     ${php_require} \
     ${php_suggest} \
     ${php_extra}
 
 # Configure PHP
-RUN ln -s "${PHP_INI_DIR}/php.ini-production" "${PHP_INI_DIR}/php.ini"
+RUN ln -s "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
 COPY php/php.ini /usr/local/etc/php/conf.d/invoiceninja.ini
 
-# Workaround: Disable SSL for mariadb-client for compatibility with MySQL
+COPY php/php-fpm.conf /usr/local/etc/php-fpm.d/invoiceninja.conf
-RUN echo "skip-ssl = true" >> /etc/mysql/mariadb.conf.d/50-client.cnf
 
-# Create directory for artisan tinker (init.sh)
+# Setup supervisor
-RUN mkdir /config/psysh \
+COPY supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
-    && chown ${user}: /config/psysh
 
-# Change owner for caddy directories
+# Setup InvoiceNinja
-RUN chown -R ${user}: \
+COPY --from=prepare-app /var/www/html /var/www/html
-    /data/caddy \
+COPY --from=prepare-app /tmp/public /tmp/public
-    /config/caddy
-
-# InvoiceNinja
-COPY --from=prepare-app --chown=${user}:${user} /app /app
 
 # Add initialization script
 COPY --chmod=0755 scripts/init.sh /usr/local/bin/init.sh
 
-USER ${user}
+# Health check
-
+HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
-HEALTHCHECK --start-period=100s CMD curl -f http://localhost/health
+    CMD pgrep -f "php-fpm: master process"
 
 ENTRYPOINT ["/usr/local/bin/init.sh"]
-
+CMD ["supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
-CMD ["frankenphp", "php-cli", "artisan", "octane:frankenphp"]

debian/docker-compose.yml

@@ -0,0 +1,93 @@
+x-logging: &default-logging
+  options:
+    max-size: "10m"
+    max-file: "3"
+  driver: json-file
+
+services:
+  app:
+    build:
+      context: .
+    image: invoiceninja/invoiceninja-debian:${TAG:-latest}
+    restart: unless-stopped
+    env_file:
+      - ./.env
+    volumes:
+      - ./.env:/var/www/html/.env
+      # - ./php/php.ini:/usr/local/etc/php/conf.d/invoiceninja.ini:ro
+      # - ./php/php-fpm.conf:/usr/local/etc/php-fpm.d/invoiceninja.conf:ro
+      # - ./supervisor/supervisord.conf:/etc/supervisor/conf.d/supervisord.conf:ro
+      - app_public:/var/www/html/public
+      - app_storage:/var/www/html/storage
+    networks:
+      - app-network
+    depends_on:
+      mysql:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
+    logging: *default-logging
+
+  nginx:
+    image: nginx:alpine
+    restart: unless-stopped
+    ports:
+      - "80:80"
+    volumes:
+      - ./nginx:/etc/nginx/conf.d:ro
+      - app_public:/var/www/html/public:ro
+      - app_storage:/var/www/html/storage:ro
+    networks:
+      - app-network
+    depends_on:
+      - app
+    logging: *default-logging
+
+  mysql:
+    image: mysql:8
+    restart: unless-stopped
+    env_file:
+      - ./.env
+    environment:
+      MYSQL_DATABASE: ${DB_DATABASE}
+      MYSQL_USER: ${DB_USERNAME}
+      MYSQL_PASSWORD: ${DB_PASSWORD}
+      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
+    volumes:
+      - mysql_data:/var/lib/mysql
+    networks:
+      - app-network
+    healthcheck:
+      test: [ "CMD", "mysqladmin", "ping", "-h", "localhost", "-u${MYSQL_USER}", "-p${MYSQL_PASSWORD}" ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    logging: *default-logging
+
+  redis:
+    image: redis:alpine
+    restart: unless-stopped
+    volumes:
+      - redis_data:/data
+    networks:
+      - app-network
+    healthcheck:
+      test: [ "CMD", "redis-cli", "ping" ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    logging: *default-logging
+
+networks:
+  app-network:
+    driver: bridge
+
+volumes:
+  app_public:
+    driver: local
+  app_storage:
+    driver: local  
+  mysql_data:
+    driver: local
+  redis_data:
+    driver: local

debian/nginx/invoiceninja.conf

@@ -0,0 +1,14 @@
+# https://nginx.org/en/docs/http/ngx_http_core_module.html
+client_max_body_size 10M;
+client_body_buffer_size 10M;
+server_tokens off;
+
+# https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html
+fastcgi_buffers 32 16K;
+
+# https://nginx.org/en/docs/http/ngx_http_gzip_module.html
+gzip on;
+gzip_comp_level 2;
+gzip_min_length 1M;
+gzip_proxied any;
+gzip_types *;

debian/nginx/laravel.conf

@@ -0,0 +1,32 @@
+# https://laravel.com/docs/master/deployment#nginx
+server {
+    listen 80 default_server;
+    server_name _;   
+    root /var/www/html/public;
+
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-Content-Type-Options "nosniff";
+
+    index index.php;
+ 
+    charset utf-8;
+ 
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+ 
+    location = /favicon.ico { access_log off; log_not_found off; }
+    location = /robots.txt  { access_log off; log_not_found off; }
+ 
+    error_page 404 /index.php;
+
+    location ~ \.php$ {
+        fastcgi_pass app:9000;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    location ~ /\.(?!well-known).* {
+        deny all;
+    }
+}

debian/php/php-fpm.conf

@@ -0,0 +1 @@
+pm.max_children = 10

debian/php/php.ini

@@ -2,7 +2,6 @@
 ; https://www.php.net/manual/en/ini.core.php
 post_max_size=10M
 upload_max_filesize=10M
-memory_limit=512M
 
 [opcache]
 ; https://www.php.net/manual/en/opcache.installation.php#opcache.installation.recommended
@@ -14,11 +13,11 @@ opcache.jit=tracing
 opcache.jit_buffer_size=64M
 
 [extra]
-; https://frankenphp.dev/docs/performance/#php-performance
 ; http://symfony.com/doc/current/performance.html
 opcache.memory_consumption=256
 opcache.max_accelerated_files=20000
-opcache.preload=/app/preload.php
+opcache.preload=/var/www/html/preload.php
+opcache.preload_user=www-data
 opcache.validate_timestamps=0
 realpath_cache_size = 4096K
 realpath_cache_ttl = 600

debian/scripts/init.sh

@@ -0,0 +1,67 @@
+#!/bin/sh -eu
+
+# Set PDF generation browser path based on architecture
+if [ "$(dpkg --print-architecture)" = "amd64" ]; then
+    export SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
+elif [ "$(dpkg --print-architecture)" = "arm64" ]; then
+    export SNAPPDF_CHROMIUM_PATH=/usr/bin/chromium
+fi
+
+if [ "$*" = 'supervisord -c /etc/supervisor/conf.d/supervisord.conf' ]; then
+
+    # Check for required folders and create if needed
+    [ -d /var/www/html/storage/framework/sessions ] || mkdir -p /var/www/html/storage/framework/sessions
+    [ -d /var/www/html/storage/framework/views ] || mkdir -p /var/www/html/storage/framework/views
+    [ -d /var/www/html/storage/framework/cache ] || mkdir -p /var/www/html/storage/framework/cache
+
+    # Workaround for application updates
+    if [ "$(ls -A /tmp/public)" ]; then
+        echo "Updating public folder..."
+        rm -rf /var/www/html/public/.htaccess \
+            /var/www/html/public/.well-known \
+            /var/www/html/public/*
+        mv /tmp/public/* \
+            /tmp/public/.htaccess \
+            /tmp/public/.well-known \
+            /var/www/html/public/
+    fi
+    echo "Public Folder is up to date"
+
+    # Ensure owner, file and directory permissions are correct
+    chown -R www-data:www-data \
+        /var/www/html/public \
+        /var/www/html/storage
+    find /var/www/html/public \
+        /var/www/html/storage \
+        -type f -exec chmod 644 {} \;
+    find /var/www/html/public \
+        /var/www/html/storage \
+        -type d -exec chmod 755 {} \;
+
+    # Clear and cache config in production
+    if [ "$APP_ENV" = "production" ]; then
+        runuser -u www-data -- php artisan optimize
+        runuser -u www-data -- php artisan package:discover
+        runuser -u www-data -- php artisan migrate --force
+
+        # If first IN run, it needs to be initialized
+        if [ "$(php -d opcache.preload='' artisan tinker --execute='echo Schema::hasTable("accounts") && !App\Models\Account::all()->first();')" = "1" ]; then
+            echo "Running initialization..."
+
+            php artisan db:seed --force
+
+            if [ -n "${IN_USER_EMAIL}" ] && [ -n "${IN_PASSWORD}" ]; then
+                php artisan ninja:create-account --email "${IN_USER_EMAIL}" --password "${IN_PASSWORD}"
+            else
+                echo "Initialization failed - Set IN_USER_EMAIL and IN_PASSWORD in .env"
+                exit 1
+            fi
+        fi
+
+        echo "Production setup completed"
+    fi
+
+    echo "Starting supervisord..."
+fi
+
+exec "$@"

debian/supervisor/supervisord.conf

@@ -0,0 +1,42 @@
+[supervisord]
+nodaemon=true
+user=root
+logfile=/dev/null
+logfile_maxbytes=0
+pidfile=/var/run/supervisord.pid
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface
+
+[program:php-fpm]
+command=/usr/local/sbin/php-fpm -F
+autostart=true
+autorestart=true
+priority=5
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true
+
+[program:queue-worker]
+process_name=%(program_name)s_%(process_num)02d
+command=php /var/www/html/artisan queue:work --sleep=3 --tries=3 --max-time=3600 --verbose
+autostart=true
+autorestart=true
+stopasgroup=true
+killasgroup=true
+user=www-data
+numprocs=2
+environment=HOME="/var/www"
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true
+stopwaitsecs=3600
+
+[program:scheduler]
+command=php /var/www/html/artisan schedule:work --verbose
+autostart=true
+autorestart=true
+user=www-data
+stdout_logfile=/dev/fd/1
+stdout_logfile_maxbytes=0
+redirect_stderr=true

docker/app/public/.keep

@@ -0,0 +1 @@
+

docker/app/storage/.keep

@@ -0,0 +1 @@
+

octane/docker-compose.yml

@@ -1,129 +0,0 @@
-# name: invoiceninja
-
-x-app-volumes: &volumes
-  volumes:
-    - app_storage:/app/storage
-    - caddy_data:/data
-
-services:
-  app:
-    build:
-      context: .
-    image: invoiceninja/invoiceninja-octane:${TAG:-latest}
-    restart: unless-stopped
-    # php artisan help octane:frankenphp
-    command: --port=80 --workers=2
-    # command: --host=example.com --port=443 --workers=2 --https --http-redirect --log-level=info
-    ports:
-      - "80:80" # HTTP
-      # - "443:443" # HTTPS
-      # - "443:443/udp" # HTTP/3, Works for chromium based browser, but causes H3_GENERAL_PROTOCOL_ERROR for pdf previews in Firefox
-    env_file:
-      - ./.env
-    environment:
-      LARAVEL_ROLE: app
-    <<: *volumes
-    depends_on:
-      mysql:
-        condition: service_healthy
-      redis:
-        condition: service_healthy
-      # mariadb:
-      #   condition: service_healthy
-      # valkey:
-      #   condition: service_healthy
-
-  app-worker:
-    image: invoiceninja/invoiceninja-octane:${TAG:-latest}
-    restart: unless-stopped
-    # php artisan help queue:work
-    command: --verbose --sleep=3 --tries=3 --max-time=3600
-    deploy:
-      mode: replicated
-      replicas: 2
-    env_file:
-      - ./.env
-    environment:
-      LARAVEL_ROLE: worker
-    <<: *volumes
-    healthcheck:
-      test: ["CMD", "pgrep", "-f", "queue:work"]
-    depends_on:
-      app:
-        condition: service_healthy
-
-  app-scheduler:
-    image: invoiceninja/invoiceninja-octane:${TAG:-latest}
-    restart: unless-stopped
-    # php artisan help schedule:work
-    command: --verbose
-    env_file:
-      - ./.env
-    environment:
-      LARAVEL_ROLE: scheduler
-    <<: *volumes
-    healthcheck:
-      test: ["CMD", "pgrep", "-f", "schedule:work"]
-    depends_on:
-      app:
-        condition: service_healthy
-
-  mysql:
-    image: mysql:8
-    restart: unless-stopped
-    environment:
-      MYSQL_DATABASE: ${DB_DATABASE}
-      MYSQL_USER: ${DB_USERNAME}
-      MYSQL_PASSWORD: ${DB_PASSWORD}
-      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
-    volumes:
-      - mysql_data:/var/lib/mysql
-    healthcheck:
-      test:
-        [
-          "CMD",
-          "mysqladmin",
-          "ping",
-          "-h",
-          "localhost",
-          "-u${MYSQL_USER}",
-          "-p${MYSQL_PASSWORD}",
-        ]
-
-  redis:
-    image: redis:alpine
-    restart: unless-stopped
-    volumes:
-      - redis_data:/data
-    healthcheck:
-      test: ["CMD", "redis-cli", "ping"]
-
-  # mariadb:
-  #   image: mariadb:11.8
-  #   restart: unless-stopped
-  #   environment:
-  #     MARIADB_DATABASE: ${DB_DATABASE}
-  #     MARIADB_USER: ${DB_USERNAME}
-  #     MARIADB_PASSWORD: ${DB_PASSWORD}
-  #     MARIADB_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
-  #   volumes:
-  #     - mariadb:/var/lib/mysql
-  #   healthcheck:
-  #     test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
-
-  # valkey:
-  #   image: valkey/valkey:8
-  #   restart: unless-stopped
-  #   volumes:
-  #     - valkey:/data
-  #   healthcheck:
-  #     test: [ "CMD", "valkey-cli", "ping" ]
-
-
-volumes:
-  app_storage:
-  caddy_data:
-  mysql_data:
-  redis_data:
-  # mariadb:
-  # valkey:

octane/scripts/init.sh

@@ -1,97 +0,0 @@
-#!/bin/sh -eu
-
-# Fallback to app
-role=${LARAVEL_ROLE:-app}
-
-# Set PDF generation browser path based on architecture
-export SNAPPDF_CHROMIUM_PATH=/usr/bin/google-chrome-stable
-if [ "$(dpkg --print-architecture)" = "arm64" ]; then
-    export SNAPPDF_CHROMIUM_PATH=/usr/bin/chromium
-fi
-
-# Check for default CMD, flag(s) or empty CMD
-if [ "$*" = 'frankenphp php-cli artisan octane:frankenphp' ] || [ "${1#-}" != "$1" ] || [ "$#" -eq  "0" ]; then
-
-    if [ "--help" = "$1" ]; then
-        echo [CMD]
-        echo "This image will execute specific CMDs based on the environment variable LARAVEL_ROLE"
-        echo
-        echo "LARAVEL_ROLE=app:       frankenphp php-cli artisan octane:frankenphp (default)"
-        echo "LARAVEL_ROLE=worker:    frankenphp php-cli artisan queue:work"
-        echo "LARAVEL_ROLE=scheduler: frankenphp php-cli artisan schedule:work"
-        echo
-        echo [FLAGS]
-        echo To the CMD defined by LARAVEL_ROLE can be extended with flags for artisan commands
-        echo
-        echo Available flags can be displaced:
-        echo docker run --rm invoiceninja/invoiceninja-debian frankenphp php-cli artisan help octane:frankenphp
-        echo docker run --rm invoiceninja/invoiceninja-debian frankenphp php-cli artisan queue:work
-        echo docker run --rm invoiceninja/invoiceninja-debian frankenphp php-cli artisan schedule:work
-        echo
-        echo Example:
-        echo docker run -e LARAVEL_ROLE=worker invoiceninja/invoiceninja-debian --verbose --sleep=3 --tries=3 --max-time=3600
-        echo
-        echo [Deployment]
-        echo Docker compose is recommended
-        echo
-        echo Example:
-        echo https://github.com/invoiceninja/dockerfiles/blob/octane/debian/docker-compose.yml
-        echo
-        exit 0
-    fi
-
-    # Run app
-    if [ "${role}" = "app" ]; then
-        cmd="frankenphp php-cli artisan octane:frankenphp"
-
-        # Check for required folders and create if needed, relevant for bind mounts
-        # It is not possible to chown, as we are not executing this script as root
-        [ -d /var/www/html/storage/app/public ] || mkdir -p /var/www/html/storage/app/public
-        [ -d /app/storage/framework/sessions ] || mkdir -p /app/storage/framework/sessions
-        [ -d /app/storage/framework/views ] || mkdir -p /app/storage/framework/views
-        [ -d /app/storage/framework/cache ] || mkdir -p /app/storage/framework/cache
-        [ -d /app/storage/logs ] || mkdir -p /app/storage/logs
-
-        if [ "$APP_ENV" = "production" ]; then
-            frankenphp php-cli artisan migrate --force
-            frankenphp php-cli artisan cache:clear # Clear after the migration
-            frankenphp php-cli artisan ninja:design-update
-            frankenphp php-cli artisan optimize
-
-            # If first IN run, it needs to be initialized
-            if [ "$(frankenphp php-cli artisan tinker --execute='echo Schema::hasTable("accounts") && !App\Models\Account::all()->first();')" = "1" ]; then
-                echo "Running initialization..."
-
-                frankenphp php-cli artisan db:seed --force
-
-                if [ -n "${IN_USER_EMAIL}" ] && [ -n "${IN_PASSWORD}" ]; then
-                    frankenphp php-cli artisan ninja:create-account --email "${IN_USER_EMAIL}" --password "${IN_PASSWORD}"
-                else
-                    echo "Initialization failed - Set IN_USER_EMAIL and IN_PASSWORD in .env"
-                    exit 1
-                fi
-            fi
-        fi
-
-        echo "Production setup completed"
-    # Run worker
-    elif [ "${role}" = "worker" ]; then
-        cmd="frankenphp php-cli artisan queue:work"
-    # Run scheduler
-    elif [ "${role}" = "scheduler" ]; then
-        cmd="frankenphp php-cli artisan schedule:work"
-    # Invalid role
-    else
-        echo "Invalid role: ${role}"
-        exit 1
-    fi
-
-    # Append flag(s) to role cmd
-    if [ "${1#-}" != "$1" ]; then
-        set -- ${cmd} "$@"
-    else
-        set -- ${cmd}
-    fi
-fi
-
-exec "$@"