diff --git a/roles/web-app-suitecrm/config/main.yml b/roles/web-app-suitecrm/config/main.yml index 286221ee..923570a7 100644 --- a/roles/web-app-suitecrm/config/main.yml +++ b/roles/web-app-suitecrm/config/main.yml @@ -1,25 +1,24 @@ features: matomo: true - css: true + css: false # Temporary deactivated desktop: true ldap: true oidc: false # OIDC isn't available, just SAML for SSO central_database: true logout: true - oauth2: true + oauth2: false # Deactivated for API server: csp: - flags: {} - whitelist: - # Allow data URIs for icons etc. - connect-src: - - "data:" + flags: + script-src-attr: + unsafe-eval: true + whitelist: + manifest-src: "{{ WEB_PROTOCOL }}://auth.{{ PRIMARY_DOMAIN }}" domains: aliases: [] canonical: - suite.crm.{{ PRIMARY_DOMAIN }} - email: from_name: "Customer Relationship Management (SuiteCRM, {{ PRIMARY_DOMAIN }})" diff --git a/roles/web-app-suitecrm/files/docker-entrypoint-suitecrm.sh b/roles/web-app-suitecrm/files/docker-entrypoint-suitecrm.sh index 622db6fa..a57e2eba 100644 --- a/roles/web-app-suitecrm/files/docker-entrypoint-suitecrm.sh +++ b/roles/web-app-suitecrm/files/docker-entrypoint-suitecrm.sh @@ -31,6 +31,12 @@ for d in cache public/upload public/legacy/upload public/legacy/cache; do fi done +TMPDIR="${APP_DIR}/tmp" +export TMPDIR +mkdir -p "$TMPDIR" +chown -R "$WEB_USER:$WEB_GROUP" "$TMPDIR" +chmod 775 "$TMPDIR" + ############################################ # 3) Auto-Install SuiteCRM (only if not yet installed) ############################################ diff --git a/roles/web-app-suitecrm/files/style.css b/roles/web-app-suitecrm/files/style.css new file mode 100644 index 00000000..c5b56a37 --- /dev/null +++ b/roles/web-app-suitecrm/files/style.css @@ -0,0 +1,12 @@ +.admin-card-link-box .admin-card-link .admin-card-link-wrapper { + color: var(--color-01-22); +} + +.admin-view { + background-color: var(--color-01-77); +} + +div.widget-panel .panel-card .card-header { + background-color: var(--color-01-23); + color: var(--color-01-92); +} \ No newline at end of file diff --git a/roles/web-app-suitecrm/templates/Dockerfile.j2 b/roles/web-app-suitecrm/templates/Dockerfile.j2 index b2e60579..e383418f 100644 --- a/roles/web-app-suitecrm/templates/Dockerfile.j2 +++ b/roles/web-app-suitecrm/templates/Dockerfile.j2 @@ -13,6 +13,8 @@ RUN apt-get update && apt-get install -y \ libldap2-dev \ && docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu \ && docker-php-ext-install \ + pdo \ + pdo_mysql \ mysqli \ gd \ zip \ @@ -23,6 +25,13 @@ RUN apt-get update && apt-get install -y \ ldap \ && rm -rf /var/lib/apt/lists/* +RUN { \ + echo 'file_uploads = On'; \ + echo 'upload_max_filesize = 32M'; \ + echo 'post_max_size = 32M'; \ + echo 'memory_limit = 512M'; \ + } > /usr/local/etc/php/conf.d/suitecrm-upload.ini + # Install Apache modules RUN a2enmod rewrite headers @@ -48,12 +57,31 @@ RUN set -eux; \ # Install PHP dependencies via Composer (critical!) RUN set -eux; \ composer install \ - --no-dev \ --prefer-dist \ --no-interaction \ --optimize-autoloader \ --no-scripts +# Legacy (SugarCRM) dependencies – Tinymce etc. +WORKDIR /var/www/html/public/legacy + +RUN set -eux; \ + if [ -f composer.json ]; then \ + composer install --prefer-dist --no-interaction --optimize-autoloader --no-scripts; \ + fi + +WORKDIR /var/www/html + +# Install Node + Corepack +RUN apt-get update && apt-get install -y nodejs npm \ + && corepack enable && corepack prepare yarn@4.5.1 --activate + +WORKDIR /var/www/html + +RUN yarn install --immutable \ + && yarn merge-angular-json \ + && yarn build + # Copy entrypoint COPY {{ SUITECRM_ENTRYPOINT_SCRIPT_HOST_REL }} {{ SUITECRM_ENTRYPOINT_SCRIPT_DOCKER }} RUN chmod +x {{ SUITECRM_ENTRYPOINT_SCRIPT_DOCKER }} diff --git a/roles/web-app-suitecrm/templates/env.j2 b/roles/web-app-suitecrm/templates/env.j2 index 49d03344..2a85d3f0 100644 --- a/roles/web-app-suitecrm/templates/env.j2 +++ b/roles/web-app-suitecrm/templates/env.j2 @@ -50,11 +50,11 @@ SUITECRM_EMAIL_FROM_NAME={{ applications | get_app_conf(application_id, 'email.f AUTH_TYPE=ldap LDAP_HOST={{ LDAP.SERVER.DOMAIN }} LDAP_PORT={{ LDAP.SERVER.PORT }} -LDAP_ENCRYPTION={{ LDAP.SERVER.SECURITY | lower if LDAP.SERVER.SECURITY else "none" }} # none|ssl|tls +LDAP_ENCRYPTION={{ LDAP.SERVER.SECURITY | lower if LDAP.SERVER.SECURITY else "none" }} LDAP_BASE_DN={{ LDAP.DN.OU.USERS }} LDAP_BIND_DN={{ LDAP.DN.ADMINISTRATOR.DATA }} LDAP_BIND_PASSWORD={{ LDAP.BIND_CREDENTIAL }} -LDAP_UID_KEY={{ LDAP.USER.ATTRIBUTES.ID }} # e.g. uid or mail +LDAP_UID_KEY={{ LDAP.USER.ATTRIBUTES.ID }} {% else %} AUTH_TYPE=disabled {% endif %} @@ -63,3 +63,5 @@ AUTH_TYPE=disabled # Maintenance mode toggle # ------------------------------------------------ SUITECRM_MAINTENANCE={{ SUITECRM_INIT_MAINTENANCE_MODE | lower }} + +NODE_OPTIONS=--max-old-space-size={{ SUITECRM_MAX_OLD_SPACE_SIZE }} diff --git a/roles/web-app-suitecrm/vars/main.yml b/roles/web-app-suitecrm/vars/main.yml index 60704a98..b6fe01c1 100644 --- a/roles/web-app-suitecrm/vars/main.yml +++ b/roles/web-app-suitecrm/vars/main.yml @@ -1,36 +1,39 @@ # General -application_id: "web-app-suitecrm" -entity_name: "{{ application_id | get_entity_name }}" +application_id: "web-app-suitecrm" +entity_name: "{{ application_id | get_entity_name }}" # Database -database_type: "mariadb" +database_type: "mariadb" # Webserver -client_max_body_size: "100m" +client_max_body_size: "100m" # Container images # Base PHP image used to run SuiteCRM -SUITECRM_BASE_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.image') }}" -SUITECRM_BASE_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}" +SUITECRM_BASE_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.image') }}" +SUITECRM_BASE_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}" # Upstream SuiteCRM application version (Git tag, e.g. 8.6.0) -SUITECRM_APP_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.app_version') }}" +SUITECRM_APP_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.app_version') }}" -SUITECRM_CUSTOM_IMAGE: "custom_suitecrm" -SUITECRM_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.name') }}" -SUITECRM_SERVICE: "{{ entity_name }}" +SUITECRM_CUSTOM_IMAGE: "custom_suitecrm" +SUITECRM_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.name') }}" +SUITECRM_SERVICE: "{{ entity_name }}" # Volumes -SUITECRM_DATA_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}" +SUITECRM_DATA_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}" # URLs & feature flags -SUITECRM_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" -SUITECRM_LDAP_ENABLED: "{{ applications | get_app_conf(application_id, 'features.ldap') }}" +SUITECRM_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" +SUITECRM_LDAP_ENABLED: "{{ applications | get_app_conf(application_id, 'features.ldap') }}" # Simple maintenance toggle (for later extensions) -SUITECRM_INIT_MAINTENANCE_MODE: "{{ applications | get_app_conf(application_id, 'maintenance_mode') }}" +SUITECRM_INIT_MAINTENANCE_MODE: "{{ applications | get_app_conf(application_id, 'maintenance_mode') }}" # Entrypoint script (host <-> container mapping) SUITECRM_ENTRYPOINT_SCRIPT_FILE: "docker-entrypoint-suitecrm.sh" SUITECRM_ENTRYPOINT_SCRIPT_HOST_ABS: "{{ [ docker_compose.directories.volumes, SUITECRM_ENTRYPOINT_SCRIPT_FILE ] | path_join }}" SUITECRM_ENTRYPOINT_SCRIPT_HOST_REL: "volumes/{{ SUITECRM_ENTRYPOINT_SCRIPT_FILE }}" SUITECRM_ENTRYPOINT_SCRIPT_DOCKER: "{{ [ '/usr/local/bin/', SUITECRM_ENTRYPOINT_SCRIPT_FILE ] | path_join }}" + +# Node +SUITECRM_MAX_OLD_SPACE_SIZE: "{{ applications | node_max_old_space_size(application_id, entity_name) }}"