fix: #1 solves the security configuration warning

.env.example

@@ -1,6 +1,8 @@
 GLPI_LANG="en_US"
 VERSION="10.0.16"
-GLPI_MARKETPLACE_DIR=/var/www/html/marketplace
+
+# You should in general leave these configs as they are
+GLPI_MARKETPLACE_DIR=/app/public/marketplace
 GLPI_VAR_DIR=/var/lib/glpi
 GLPI_DOC_DIR=/var/lib/glpi
 GLPI_CRON_DIR=/var/lib/glpi/_cron
@@ -16,10 +18,13 @@ GLPI_TMP_DIR=/var/lib/glpi/_tmp
 GLPI_UPLOAD_DIR=/var/lib/glpi/_uploads
 GLPI_CACHE_DIR=/var/lib/glpi/_cache
 GLPI_CONFIG_DIR=/etc/glpi/config
+
+# You should leave this as is unless you're using an external MariaDB instance
 MARIADB_HOST="mariadb"
 MARIADB_PORT="3306"
 MARIADB_DATABASE="glpi"
+# Do not change the MARIADB username unless you intend to connect to an extenal MySQL/MariaDB Instance
+# Changing this will result in a broken timezone configuration
 MARIADB_USER="glpi"
 MARIADB_PASSWORD="glpi"
-MARIADB_ROOT_PASSWORD="my-secret-pw"
-# MARIADB_RANDOM_ROOT_PASSWORD="1" 
+MARIADB_ROOT_PASSWORD="my-secret-pw"

.github/workflows/publish-docker.yml

@@ -75,11 +75,11 @@ jobs:
           build-args: |
             VERSION=${{ steps.glpi-version.outputs.release }}
 
-      - name: Attest
-        uses: actions/attest-build-provenance@v1
-        id: attest
-        if: ${{ github.event_name != 'pull_request' }}
-        with:
-          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          subject-digest: ${{ steps.build-and-push.outputs.digest }}
-          push-to-registry: true
+#      - name: Attest
+#        uses: actions/attest-build-provenance@v1
+#        id: attest
+#        if: ${{ github.event_name != 'pull_request' }}
+#        with:
+#          subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+#          subject-digest: ${{ steps.build-and-push.outputs.digest }}
+#          push-to-registry: true

README.md

@@ -5,6 +5,8 @@ Manifest files for build and deploy the **GLPI** as Containers with Docker and F
 
 This version can handle a significant number of users, with extremely low page loading times and overall operates extremely well.
 
+Additionally, this version comes build and prepared to run straight out the box with cron jobs and redis caching, just copy the .env.example file to .env, setup the passwords and secrets, and launch with `docker compose up -d`.
+
 Original Inspiration: https://github.com/eftechcombr/glpi
 
 ## Credentials

docker-compose-build.yml

@@ -24,7 +24,6 @@ services:
       - glpi-marketplace:/app/public/marketplace:rw
       - glpi-files:/var/lib/glpi:rw
       - glpi-etc:/etc/glpi:rw
-      - glpi-config:/app/public/config:rw
     depends_on: 
       - mariadb
     command: 
@@ -37,7 +36,6 @@ services:
       - glpi-marketplace:/app/public/marketplace:rw
       - glpi-files:/var/lib/glpi:rw
       - glpi-etc:/etc/glpi:rw
-      - glpi-config:/app/public/config:rw
     env_file: ./.env
     depends_on: 
       - glpi-db-install
@@ -51,7 +49,6 @@ services:
       - glpi-marketplace:/app/public/marketplace:rw
       - glpi-files:/var/lib/glpi:rw
       - glpi-etc:/etc/glpi:rw
-      - glpi-config:/app/public/config:rw
     env_file: ./.env
     depends_on: 
       - glpi-verify-dir
@@ -70,7 +67,6 @@ services:
       - glpi-marketplace:/app/public/marketplace:rw
       - glpi-files:/var/lib/glpi:rw
       - glpi-etc:/etc/glpi:rw
-      - glpi-config:/app/public/config:rw
     env_file: ./.env
     depends_on:
       - glpi-verify-dir
@@ -86,7 +82,6 @@ services:
       - glpi-marketplace:/app/public/marketplace:rw
       - glpi-files:/var/lib/glpi:rw
       - glpi-etc:/etc/glpi:rw
-      - glpi-config:/app/public/config:rw
     env_file: ./.env
     depends_on: 
       - mariadb
@@ -103,7 +98,6 @@ services:
       - glpi-marketplace:/app/public/marketplace:rw
       - glpi-files:/var/lib/glpi:rw
       - glpi-etc:/etc/glpi:rw
-      - glpi-config:/app/public/config:rw
     env_file: ./.env
     depends_on:
       - php
@@ -114,6 +108,5 @@ volumes:
   glpi-marketplace:
   glpi-files:
   glpi-etc:
-  glpi-config:
   glpi-install:
   mariadb-glpi-volume:

docker-compose.yml

@@ -24,7 +24,6 @@ services:
       - glpi-marketplace:/app/public/marketplace:rw
       - glpi-files:/var/lib/glpi:rw
       - glpi-etc:/etc/glpi:rw
-      - glpi-config:/app/public/config:rw   
     depends_on: 
       - mariadb
     command: 
@@ -37,7 +36,6 @@ services:
       - glpi-marketplace:/app/public/marketplace:rw
       - glpi-files:/var/lib/glpi:rw
       - glpi-etc:/etc/glpi:rw
-      - glpi-config:/app/public/config:rw
     env_file: ./.env
     depends_on: 
       - glpi-db-install
@@ -51,7 +49,6 @@ services:
       - glpi-marketplace:/app/public/marketplace:rw
       - glpi-files:/var/lib/glpi:rw
       - glpi-etc:/etc/glpi:rw
-      - glpi-config:/app/public/config:rw
     env_file: ./.env
     depends_on: 
       - glpi-verify-dir
@@ -70,7 +67,6 @@ services:
       - glpi-marketplace:/app/public/marketplace:rw
       - glpi-files:/var/lib/glpi:rw
       - glpi-etc:/etc/glpi:rw
-      - glpi-config:/app/public/config:rw
     env_file: ./.env
     depends_on:
       - glpi-verify-dir
@@ -85,7 +81,6 @@ services:
       - glpi-marketplace:/app/public/marketplace:rw
       - glpi-files:/var/lib/glpi:rw
       - glpi-etc:/etc/glpi:rw
-      - glpi-config:/app/public/config:rw
     env_file: ./.env
     depends_on: 
       - mariadb
@@ -102,7 +97,6 @@ services:
       - glpi-marketplace:/app/public/marketplace:rw
       - glpi-files:/var/lib/glpi:rw
       - glpi-etc:/etc/glpi:rw
-      - glpi-config:/app/public/config:rw
     env_file: ./.env
     depends_on:
       - php
@@ -113,6 +107,5 @@ volumes:
   glpi-marketplace:
   glpi-files:
   glpi-etc:
-  glpi-config:
   glpi-install:
   mariadb-glpi-volume:

php/conf.d/Caddyfile

@@ -4,24 +4,36 @@
 }
 
 http://*:9000 {
-	root * /app/public
+	root * /app/public/public
 	@insecure {
   		header X-Forwarded-Proto http
 	}
 
-	# Enable compression (optional)
+	# Enable compression
 	encode zstd br gzip
 
 	# Execute PHP files in the current directory and serve assets
 	route {
-		rewrite /api/* /apirest.php/{path}
+
 		@blocked path src/* config/* files/* vendor/*
-       	handle {
-       		respond @blocked "Access Denied" 403 {
-       			close
-       		}
+       	respond @blocked "Access Denied" 403 {
+       		close
        	}
-
-		php_server
+		# Add trailing slash for directory requests
+		@canonicalPath {
+			file {path}/index.php
+			not path */
+		}
+		redir @canonicalPath {path}/ 308
+		# If the requested file does not exist, try index files
+		@indexFiles file {
+			try_files {path} {path}/index.php index.php
+			split_path .php
+		}
+		rewrite @indexFiles {http.matchers.file.relative}
+		# FrankenPHP!
+		@phpFiles path *.php
+		php @phpFiles
+		file_server
 	}
 }