Merge branch 'master' into issues/572-vpn-name-supervisord

Author: Piyushkhobragade

.env

@@ -4,6 +4,10 @@
 # Essential
 DASHBOARD_DOMAIN=dashboard.openwisp.org
 API_DOMAIN=api.openwisp.org
+# Image tag pinning
+IMAGE_OWNER=openwisp
+# OPENWISP_VERSION: Image tag version (e.g., "25.10.0", "latest", or "edge")
+OPENWISP_VERSION=edge
 # SSH Credentials Configurations
 SSH_PRIVATE_KEY_PATH=/home/openwisp/.ssh/id_ed25519
 SSH_PUBLIC_KEY_PATH=/home/openwisp/.ssh/id_ed25519.pub

.github/workflows/ci.yml

@@ -90,7 +90,7 @@ jobs:
       # echo "$DOCKER_HUB_SECRET" | docker login --username "$DOCKER_HUB_USERNAME" --password-stdin
       - name: Login to Docker Hub
         if: ${{ success() && github.event_name == 'push' && github.ref == 'refs/heads/master' }}
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_SECRET }}
@@ -105,7 +105,7 @@ jobs:
 
       - name: Login to GitLab Container Registry
         if: ${{ success() && github.event_name == 'push' && github.ref == 'refs/heads/master' }}
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: registry.gitlab.com
           username: ${{ secrets.GITLAB_DOCKER_REGISTRY_USER }}

.github/workflows/release.yml

@@ -27,7 +27,7 @@ jobs:
       # the following action is equivalent to
       # echo "$DOCKER_HUB_SECRET" | docker login --username "$DOCKER_HUB_USERNAME" --password-stdin
       - name: Login to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_SECRET }}
@@ -37,7 +37,7 @@ jobs:
           make release USER=docker.io/openwisp
 
       - name: Login to GitLab Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: registry.gitlab.com
           username: ${{ secrets.GITLAB_DOCKER_REGISTRY_USER }}

Makefile

@@ -1,14 +1,22 @@
 # Find documentation in README.md under
 # the heading "Makefile Options".
 
-OPENWISP_VERSION = 25.10.0
+# The .env file can override ?= variables in the Makefile (e.g. OPENWISP_VERSION, IMAGE_OWNER)
+include .env 
+
+# RELEASE_VERSION: version string used when tagging a new release.
+RELEASE_VERSION = 25.10.0
 SHELL := /bin/bash
 .SILENT: clean pull start stop
 
 default: compose-build
 
 USER = registry.gitlab.com/openwisp/docker-openwisp
 TAG = edge
+# OPENWISP_VERSION: image tag used for pulling/pushing images (e.g. "edge", "latest", "25.10.0")
+# Can be overridden via .env or command line. Not the same as RELEASE_VERSION
+OPENWISP_VERSION ?= edge
+IMAGE_OWNER ?= openwisp
 SKIP_PULL ?= false
 SKIP_BUILD ?= false
 SKIP_TESTS ?= false
@@ -19,8 +27,8 @@ pull:
 	for image in 'openwisp-base' 'openwisp-nfs' 'openwisp-api' 'openwisp-dashboard' \
 				 'openwisp-freeradius' 'openwisp-nginx' 'openwisp-openvpn' 'openwisp-postfix' \
 				 'openwisp-websocket' ; do \
-		docker pull --quiet $(USER)/$${image}:$(TAG); \
-		docker tag  $(USER)/$${image}:$(TAG) openwisp/$${image}:latest; \
+		docker pull --quiet $(USER)/$${image}:$(OPENWISP_VERSION); \
+		docker tag  $(USER)/$${image}:$(OPENWISP_VERSION) $(IMAGE_OWNER)/$${image}:$(OPENWISP_VERSION); \
 	done
 
 # Build
@@ -39,12 +47,12 @@ base-build:
 	             --file ./images/openwisp_base/Dockerfile \
 	             --target PYTHON ./images/ \
 	             $$BUILD_ARGS; \
-	docker build --tag openwisp/openwisp-base:latest \
+	docker build --tag $(IMAGE_OWNER)/openwisp-base:$(OPENWISP_VERSION) \
 	             --file ./images/openwisp_base/Dockerfile ./images/ \
 	             $$BUILD_ARGS
 
 nfs-build:
-	docker build --tag openwisp/openwisp-nfs:latest \
+	docker build --tag $(IMAGE_OWNER)/openwisp-nfs:$(OPENWISP_VERSION) \
 	             --file ./images/openwisp_nfs/Dockerfile ./images/
 
 compose-build: base-build
@@ -72,10 +80,10 @@ clean:
 	docker compose stop &> /dev/null
 	docker compose down --remove-orphans --volumes --rmi all &> /dev/null
 	docker compose rm -svf &> /dev/null
-	docker rmi --force openwisp/openwisp-base:latest \
-				openwisp/openwisp-base:intermedia-system \
+	docker rmi --force openwisp/openwisp-base:intermedia-system \
 				openwisp/openwisp-base:intermedia-python \
-				openwisp/openwisp-nfs:latest \
+				$(IMAGE_OWNER)/openwisp-base:$(OPENWISP_VERSION) \
+				$(IMAGE_OWNER)/openwisp-nfs:$(OPENWISP_VERSION) \
 				`docker images -f "dangling=true" -q` \
 				`docker images | grep openwisp/docker-openwisp | tr -s ' ' | cut -d ' ' -f 3` &> /dev/null
 
@@ -105,16 +113,13 @@ publish:
 	for image in 'openwisp-base' 'openwisp-nfs' 'openwisp-api' 'openwisp-dashboard' \
 				 'openwisp-freeradius' 'openwisp-nginx' 'openwisp-openvpn' 'openwisp-postfix' \
 				 'openwisp-websocket' ; do \
-		# Docker images built locally are tagged "latest" by default. \
-		# This script updates the tag of each built image to a user-defined tag \
-		# and pushes the newly tagged image to a Docker registry under the user's namespace. \
-		docker tag openwisp/$${image}:latest $(USER)/$${image}:$(TAG); \
+		docker tag $(IMAGE_OWNER)/$${image}:$(OPENWISP_VERSION) $(USER)/$${image}:$(TAG); \
 		docker push $(USER)/$${image}:$(TAG); \
 		if [ "$(TAG)" != "latest" ]; then \
 			docker rmi $(USER)/$${image}:$(TAG); \
 		fi; \
 	done
 
 release:
-	make publish TAG=latest SKIP_TESTS=true
-	make publish TAG=$(OPENWISP_VERSION) SKIP_BUILD=true SKIP_TESTS=true
+	make publish TAG=latest OPENWISP_VERSION=$(RELEASE_VERSION) SKIP_TESTS=true
+	make publish TAG=$(RELEASE_VERSION) OPENWISP_VERSION=$(RELEASE_VERSION) SKIP_BUILD=true SKIP_TESTS=true

deploy/auto-install.sh

@@ -59,7 +59,7 @@ apt_dependenices_setup() {
 }
 
 get_version_from_user() {
-	echo -ne ${GRN}"OpenWISP Version (leave blank for latest): "${NON}
+	echo -ne "${GRN}OpenWISP Version (leave blank for latest stable release): ${NON}"
 	read openwisp_version
 	if [[ -z "$openwisp_version" ]]; then
 		openwisp_version=$(curl -L --silent https://api.github.com/repos/openwisp/docker-openwisp/releases/latest | jq -r .tag_name)
@@ -128,7 +128,7 @@ setup_docker_openwisp() {
 
 	cd $INSTALL_PATH &>>$LOG_FILE
 	check_status $? "docker-openwisp download failed."
-	echo $openwisp_version >$INSTALL_PATH/VERSION
+	set_env "OPENWISP_VERSION" "$openwisp_version"
 
 	if [[ ! -f "$env_path" ]]; then
 		# Dashboard Domain
@@ -179,7 +179,7 @@ setup_docker_openwisp() {
 	start_step "Configuring docker-openwisp..."
 	report_ok
 	start_step "Starting images docker-openwisp (this will take a while)..."
-	make start TAG=$(cat $INSTALL_PATH/VERSION) -C $INSTALL_PATH/ &>>$LOG_FILE
+	make start -C $INSTALL_PATH/ &>>$LOG_FILE
 	check_status $? "Starting openwisp failed."
 }
 
@@ -192,7 +192,7 @@ upgrade_docker_openwisp() {
 
 	cd $INSTALL_PATH &>>$LOG_FILE
 	check_status $? "docker-openwisp download failed."
-	echo $openwisp_version >$INSTALL_PATH/VERSION
+	set_env "OPENWISP_VERSION" "$openwisp_version"
 
 	start_step "Configuring docker-openwisp..."
 	for config in $(grep '=' $ENV_BACKUP | cut -f1 -d'='); do
@@ -202,7 +202,7 @@ upgrade_docker_openwisp() {
 	report_ok
 
 	start_step "Starting images docker-openwisp (this will take a while)..."
-	make start TAG=$(cat $INSTALL_PATH/VERSION) -C $INSTALL_PATH/ &>>$LOG_FILE
+	make start -C $INSTALL_PATH/ &>>$LOG_FILE
 	check_status $? "Starting openwisp failed."
 }
 

docker-compose.yml

@@ -12,13 +12,14 @@ x-celery-depends-on: &celery-depends-on
 
 services:
   dashboard:
-    image: openwisp/openwisp-dashboard:latest
+    image: openwisp/openwisp-dashboard:${OPENWISP_VERSION:-edge}
     restart: always
     build:
       context: images
       dockerfile: openwisp_dashboard/Dockerfile
       args:
         DASHBOARD_APP_PORT: 8000
+        OPENWISP_VERSION: ${OPENWISP_VERSION:-edge}
     env_file:
       - .env
     volumes:
@@ -35,13 +36,14 @@ services:
       - influxdb
 
   api:
-    image: openwisp/openwisp-api:latest
+    image: openwisp/openwisp-api:${OPENWISP_VERSION:-edge}
     restart: always
     build:
       context: images
       dockerfile: openwisp_api/Dockerfile
       args:
         API_APP_PORT: 8001
+        OPENWISP_VERSION: ${OPENWISP_VERSION:-edge}
     env_file:
       - .env
     volumes:
@@ -55,13 +57,14 @@ services:
       - dashboard
 
   websocket:
-    image: openwisp/openwisp-websocket:latest
+    image: openwisp/openwisp-websocket:${OPENWISP_VERSION:-edge}
     restart: always
     build:
       context: images
       dockerfile: openwisp_websocket/Dockerfile
       args:
         WEBSOCKET_APP_PORT: 8002
+        OPENWISP_VERSION: ${OPENWISP_VERSION:-edge}
     env_file:
       - .env
     volumes:
@@ -70,7 +73,7 @@ services:
       - dashboard
 
   celery:
-    image: openwisp/openwisp-dashboard:latest
+    image: openwisp/openwisp-dashboard:${OPENWISP_VERSION:-edge}
     restart: always
     environment:
       - MODULE_NAME=celery
@@ -85,7 +88,7 @@ services:
     network_mode: "${CELERY_SERVICE_NETWORK_MODE-service:openvpn}"
 
   celery_monitoring:
-    image: openwisp/openwisp-dashboard:latest
+    image: openwisp/openwisp-dashboard:${OPENWISP_VERSION:-edge}
     restart: always
     environment:
       - MODULE_NAME=celery_monitoring
@@ -99,7 +102,7 @@ services:
     network_mode: "${CELERY_SERVICE_NETWORK_MODE-service:openvpn}"
 
   celerybeat:
-    image: openwisp/openwisp-dashboard:latest
+    image: openwisp/openwisp-dashboard:${OPENWISP_VERSION:-edge}
     restart: always
     environment:
       - MODULE_NAME=celerybeat
@@ -113,7 +116,7 @@ services:
       - dashboard
 
   nginx:
-    image: openwisp/openwisp-nginx:latest
+    image: openwisp/openwisp-nginx:${OPENWISP_VERSION:-edge}
     restart: always
     build:
       context: images
@@ -140,7 +143,7 @@ services:
       - websocket
 
   freeradius:
-    image: openwisp/openwisp-freeradius:latest
+    image: openwisp/openwisp-freeradius:${OPENWISP_VERSION:-edge}
     restart: always
     build:
       context: images
@@ -156,7 +159,7 @@ services:
       - dashboard
 
   postfix:
-    image: openwisp/openwisp-postfix:latest
+    image: openwisp/openwisp-postfix:${OPENWISP_VERSION:-edge}
     restart: always
     build:
       context: images
@@ -167,7 +170,7 @@ services:
       - openwisp_certs:/etc/ssl/mail
 
   openvpn:
-    image: openwisp/openwisp-openvpn:latest
+    image: openwisp/openwisp-openvpn:${OPENWISP_VERSION:-edge}
     restart: on-failure
     build:
       context: images

docs/developer/instructions.rst

@@ -114,10 +114,10 @@ Makefile Options
 
 Most commonly used:
 
-- ``make start [USER=docker-username] [TAG=image-tag]``: Start OpenWISP
-  containers on your server.
-- ``make pull [USER=docker-username] [TAG=image-tag]``: Pull images from
-  the registry.
+- ``make start [IMAGE_OWNER=docker-username] [OPENWISP_VERSION=version]``:
+  Start OpenWISP containers on your server.
+- ``make pull [IMAGE_OWNER=docker-username] [OPENWISP_VERSION=version]``:
+  Pull images from the registry.
 - ``make stop``: Stop OpenWISP containers on your server.
 - ``make develop``: Bundle all the commands required to build the images
   and run containers.
@@ -128,8 +128,8 @@ Most commonly used:
 
 Other options:
 
-- ``make publish [USER=docker-username] [TAG=image-tag]``: Build, test,
-  and publish images.
+- ``make publish [IMAGE_OWNER=docker-username]
+  [OPENWISP_VERSION=version]``: Build, test, and publish images.
 - ``make python-build``: Generate a random Django secret and set it in the
   ``.env`` file.
 - ``make nfs-build``: Build the OpenWISP NFS server image.

docs/user/settings.rst

@@ -37,6 +37,18 @@ Essential
 You will need to adapt these values to get the docker images working
 properly on your system.
 
+.. _openwisp_version:
+
+``OPENWISP_VERSION``
+~~~~~~~~~~~~~~~~~~~~
+
+- **Explanation:** The version of OpenWISP to use. It can be set to a
+  specific version (e.g. ``25.10.0``) or to ``edge`` to always use the
+  latest development version.
+- **Valid Values:** ``edge``, ``latest``, or a semantic version string
+  (e.g., ``25.10.0``)
+- **Default:** ``edge``
+
 .. _dashboard_domain:
 
 ``DASHBOARD_DOMAIN``
@@ -1082,6 +1094,14 @@ X509 Certificates
 Misc Services
 -------------
 
+``IMAGE_OWNER``
+~~~~~~~~~~~~~~~
+
+- **Explanation:** Docker registry namespace for OpenWISP images. Change
+  this only if you are using custom-built images or a private registry.
+- **Valid Values:** A valid Docker registry namespace.
+- **Default:** ``openwisp``
+
 ``REDIS_HOST``
 ~~~~~~~~~~~~~~
 

images/common/init_command.sh

@@ -57,7 +57,17 @@ elif [ "$MODULE_NAME" = 'nginx' ]; then
 	if [ "$NGINX_CUSTOM_FILE" = 'True' ]; then
 		nginx -g 'daemon off;'
 	fi
+	# Expand escape sequences in the optional events block so it can be injected
+	# correctly into the nginx configuration template.
+	NGINX_EVENTS_BLOCK=$(printf "%b" "${NGINX_EVENTS_BLOCK:-}")
+	export NGINX_EVENTS_BLOCK
+	# Use a sentinel value when the variable is unset. Since envsubst cannot
+	# conditionally omit directives, we later remove any line containing this
+	# sentinel from the generated nginx.conf.
+	export NGINX_WORKER_RLIMIT_NOFILE="${NGINX_WORKER_RLIMIT_NOFILE:-__UNSET__}"
 	envsubst </etc/nginx/nginx.template.conf >/etc/nginx/nginx.conf
+    # Remove incomplete worker_rlimit_nofile directives if env var is unset or empty
+	sed -i '/__UNSET__/d; /^worker_rlimit_nofile *$/d; /^[[:space:]]*$/d' /etc/nginx/nginx.conf
 	envsubst_create_config /etc/nginx/openwisp.internal.template.conf internal INTERNAL
 	if [ "$SSL_CERT_MODE" = 'Yes' ]; then
 		nginx_prod

images/common/services.py

@@ -8,8 +8,10 @@
 
 
 def database_status():
+    import psycopg
+
     try:
-        psycopg2.connect(
+        with psycopg.connect(
             dbname=os.environ["DB_NAME"],
             user=os.environ["DB_USER"],
             password=os.environ["DB_PASS"],
@@ -19,8 +21,9 @@ def database_status():
             sslcert=os.environ["DB_SSLCERT"],
             sslkey=os.environ["DB_SSLKEY"],
             sslrootcert=os.environ["DB_SSLROOTCERT"],
-        )
-    except psycopg2.OperationalError:
+        ):
+            pass
+    except psycopg.OperationalError:
         time.sleep(3)
         return False
     else:
@@ -74,8 +77,6 @@ def redis_status():
     arguments = sys.argv[1:]
     # Database Connection
     if "database" in arguments:
-        import psycopg2
-
         print("Waiting for database to become available...")
         connected = False
         while not connected: