Multiple Repo to Single Repo. Squashed some layers.

2025-06-05 23:16:12 +00:00 · 2018-04-16 12:13:59 +02:00 · 2018-04-16 12:13:59 +02:00 · 1d7cc13d91
commit 1d7cc13d91
34 changed files with 797 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+.vscode/settings.json
+**/.vscode
--- a/21
+++ b/21
@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017-2018 Andre Zoledziowski
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/kopano_base/Dockerfile
+++ b/kopano_base/Dockerfile
@ -0,0 +1,50 @@
+FROM debian:stretch
+
+LABEL maintainer=az@zok.xyz \
+      version="1.1"
+
+RUN mkdir -p /kopano/repo && mkdir -p /kopano/data
+WORKDIR /kopano/repo
+
+ENV DEBIAN_FRONTEND noninteractive
+
+ARG KOPANO_REPOSITORY=http://localhost:8081/kopanoarchive/
+
+# # get kopano packages
+# RUN curl -L `lynx -listonly -nonumbers -dump ${KOPANO_REPOSITORY}core:/ | grep ${DISTRIBUTION}-${ARCH}.tar.gz | grep --regexp=${CORE_VERSION_FILTER}` | tar xzf - --strip-components 1
+# RUN curl -L `lynx -listonly -nonumbers -dump ${KOPANO_REPOSITORY}webapp:/ | grep ${DISTRIBUTION}-all.tar.gz | grep --regexp=${WEBAPP_VERSION_FILTER}` | tar xzf - --strip-components 1
+
+# # create and add repositories
+# RUN apt-ftparchive packages . | gzip -9c > Packages.gz && echo "deb [trusted=yes] file:/kopano/repo ./" > /etc/apt/sources.list.d/kopano.list; \
+#     echo "deb http://repo.z-hub.io/z-push:/final/${DISTRIBUTION}/ /" > /etc/apt/sources.list.d/zpush.list; \
+#     apt-key add /kopano/repo/z-push-GPG.key
+
+# trigger rebuild from here on new version - dont use cache my dear docker
+ARG CORE_VERSION
+
+# install base components
+RUN echo ${CORE_VERSION} > /kopano/buildversion && \
+    echo "deb [trusted=yes] ${KOPANO_REPOSITORY} ./" > /etc/apt/sources.list.d/kopano.list && \
+    apt-get update && apt-get install -y --no-install-recommends \
+    curl \
+    gpg \
+    kopano-common \
+    python3-kopano \
+    ca-certificates \
+    moreutils \
+    && rm -rf /var/cache/apt /var/lib/apt/lists
+
+RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
+    sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \
+    dpkg-reconfigure --frontend=noninteractive locales && \
+    update-locale LANG=en_US.UTF-8 && \
+    sed -e 's,^KOPANO_LOCALE="C",KOPANO_LOCALE="de_DE.UTF-8",' -i /etc/default/kopano && \
+    sed -e 's,^KOPANO_USERSCRIPT_LOCALE="C",KOPANO_USERSCRIPT_LOCALE="de_DE.UTF-8",' -i /etc/default/kopano && \
+    curl -L -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64 && \
+    chmod a+x /usr/local/bin/dumb-init
+
+ENV LANG en_US.UTF-8 
+
+ADD kcconf.py /kopano/kcconf.py
+
+ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
--- a/kopano_base/README.md
+++ b/kopano_base/README.md
@ -0,0 +1,2 @@
+# kopano_base
+The base image of all Kopano services. Based on debian:stretch.
--- a/kopano_base/kcconf.py
+++ b/kopano_base/kcconf.py
@ -0,0 +1,33 @@
+"""This module provides functions for easy editing of kopano config files \
+via environment variables"""
+
+import re
+import os
+import os.path
+
+def configkopano(configs):
+    for filename, config in configs.iteritems():
+        if not os.path.exists(filename):
+            return
+        with open(filename) as f:
+            contents = f.read()
+        f.close()
+
+        for key, newvalue in config.iteritems():
+            contents = re.sub(r"^\s*#?\s*{}\s*=.*".format(key), r"{} = {}".format(key, newvalue), contents, 0, re.MULTILINE)
+
+        with open(filename, "w") as f:
+            f.write(contents)
+        f.close()
+
+def parseenvironmentvariables(prependingpath):
+    configs = dict()
+    for name, value in os.environ.iteritems():
+        namematch = re.match(r"^KCCONF_([A-Z]+)_([A-Z0-9_]+)$", name)
+        if namematch != None:
+            filename = namematch.group(1).lower() + ".cfg"
+            if not configs.has_key(prependingpath + filename):
+                configs[prependingpath + filename] = dict()
+            confkey = namematch.group(2).lower()
+            configs[prependingpath + filename][confkey] = value
+    return configs
--- a/kopano_dagent/Dockerfile
+++ b/kopano_dagent/Dockerfile
@ -0,0 +1,19 @@
+ARG BASE_VERSION=latest
+FROM zokradonh/kopano_base:${BASE_VERSION}
+
+LABEL maintainer=az@zok.xyz \
+      version="1.0"
+
+# install kopano
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    kopano-dagent python3-mapi \
+    && rm -rf /var/cache/apt /var/lib/apt/lists
+
+ADD configure.py /kopano/configure.py
+ADD start.sh /kopano/start.sh
+
+RUN chmod a+x /kopano/start.sh
+
+EXPOSE 2003/tcp
+
+CMD [ "/kopano/start.sh" ]
--- a/kopano_dagent/configure.py
+++ b/kopano_dagent/configure.py
@ -0,0 +1,15 @@
+import os
+import kcconf
+
+# Component specific configurations
+kcconf.configkopano({
+    r"/etc/kopano/dagent.cfg":
+    {
+        'log_file': "-",
+        'log_level': "4",
+        'tmp_path': "/tmp/dagent/"
+    }
+})
+
+# Override configs from environment variables
+kcconf.configkopano(kcconf.parseenvironmentvariables(r"/etc/kopano/"))
--- a/kopano_dagent/start.sh
+++ b/kopano_dagent/start.sh
@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -eu # unset variables are errors & non-zero return values exit the whole script
+
+mkdir -p /tmp/dagent /var/run/kopano
+
+echo "Configure dagent" | ts
+/usr/bin/python3 /kopano/configure.py
+
+echo "Set config ownership" | ts
+chown -R kopano:kopano /kopano/data /run /tmp
+
+echo "Clean old pid files and sockets" | ts
+rm -f /var/run/kopano/*
+
+exec /usr/sbin/kopano-dagent -l
--- a/kopano_gateway/Dockerfile
+++ b/kopano_gateway/Dockerfile
@ -0,0 +1,19 @@
+ARG BASE_VERSION=latest
+FROM zokradonh/kopano_base:${BASE_VERSION}
+
+LABEL maintainer=az@zok.xyz \
+      version="1.0"
+
+# install kopano
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    kopano-gateway python3-mapi \
+    && rm -rf /var/cache/apt /var/lib/apt/lists
+
+ADD configure.py /kopano/configure.py
+ADD start.sh /kopano/start.sh
+
+RUN chmod a+x /kopano/start.sh
+
+EXPOSE 993/tcp
+
+CMD [ "/kopano/start.sh" ]
--- a/kopano_gateway/configure.py
+++ b/kopano_gateway/configure.py
@ -0,0 +1,18 @@
+import os
+import kcconf
+
+# Component specific configurations
+kcconf.configkopano({
+    r"/etc/kopano/gateway.cfg":
+    {
+        'log_file': "-",
+        'log_level': "4",
+        'tmp_path': "/tmp/gateway/",
+        'pop3_enable': "no",
+        'imap_enable': "no",
+        'imaps_enable': "yes"
+    }
+})
+
+# Override configs from environment variables
+kcconf.configkopano(kcconf.parseenvironmentvariables(r"/etc/kopano/"))
--- a/kopano_gateway/start.sh
+++ b/kopano_gateway/start.sh
@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -eu # unset variables are errors & non-zero return values exit the whole script
+
+mkdir -p /tmp/gateway /var/run/kopano
+
+echo "Configure gateway" | ts
+/usr/bin/python3 /kopano/configure.py
+
+echo "Set config ownership" | ts
+chown -R kopano:kopano /kopano/data /run /tmp
+
+echo "Clean old pid files and sockets" | ts
+rm -f /var/run/kopano/*
+
+exec /usr/sbin/kopano-gateway -F
--- a/kopano_ical/Dockerfile
+++ b/kopano_ical/Dockerfile
@ -0,0 +1,17 @@
+ARG BASE_VERSION=latest
+FROM zokradonh/kopano_base:${BASE_VERSION}
+
+LABEL maintainer=az@zok.xyz \
+      version="1.0"
+
+# install kopano
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    kopano-ical \
+    && rm -rf /var/cache/apt /var/lib/apt/lists
+
+ADD configure.py /kopano/configure.py
+ADD start.sh /kopano/start.sh
+
+RUN chmod a+x /kopano/start.sh
+
+CMD [ "bash", "-c", "/kopano/start.sh && /usr/sbin/kopano-ical -F" ]
--- a/kopano_ical/configure.py
+++ b/kopano_ical/configure.py
@ -0,0 +1,14 @@
+import os
+import kcconf
+
+# Component specific configurations
+kcconf.configkopano({
+    r"/etc/kopano/ical.cfg":
+    {
+        'log_file': "-",
+        'log_level': "4"
+    }
+})
+
+# Override configs from environment variables
+kcconf.configkopano(kcconf.parseenvironmentvariables(r"/etc/kopano/"))
--- a/kopano_ical/start.sh
+++ b/kopano_ical/start.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -eu # unset variables are errors & non-zero return values exit the whole script
+
+mkdir -p /kopano/data/attachments /var/run/kopano
+
+echo "Configure ical" | ts
+/usr/bin/python3 /kopano/configure.py
+
+echo "Set config ownership" | ts
+chown -R kopano:kopano /kopano/data /run /tmp
+
+echo "Clean old pid files and sockets" | ts
+rm -f /var/run/kopano/*
--- a/kopano_monitor/Dockerfile
+++ b/kopano_monitor/Dockerfile
@ -0,0 +1,17 @@
+ARG BASE_VERSION=latest
+FROM zokradonh/kopano_base:${BASE_VERSION}
+
+LABEL maintainer=az@zok.xyz \
+      version="1.0"
+
+# install kopano
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    kopano-monitor \
+    && rm -rf /var/cache/apt /var/lib/apt/lists
+
+ADD configure.py /kopano/configure.py
+ADD start.sh /kopano/start.sh
+
+RUN chmod a+x /kopano/start.sh
+
+CMD [ "/kopano/start.sh" ]
--- a/kopano_monitor/configure.py
+++ b/kopano_monitor/configure.py
@ -0,0 +1,14 @@
+import os
+import kcconf
+
+# Component specific configurations
+kcconf.configkopano({
+    r"/etc/kopano/monitor.cfg":
+    {
+        'log_file': "-",
+        'log_level': "4"
+    }
+})
+
+# Override configs from environment variables
+kcconf.configkopano(kcconf.parseenvironmentvariables(r"/etc/kopano/"))
--- a/kopano_monitor/start.sh
+++ b/kopano_monitor/start.sh
@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -eu # unset variables are errors & non-zero return values exit the whole script
+
+mkdir -p /kopano/data/attachments /var/run/kopano
+
+echo "Configure monitor" | ts
+/usr/bin/python3 /kopano/configure.py
+
+echo "Set config ownership" | ts
+chown -R kopano:kopano /kopano/data /run /tmp
+
+echo "Clean old pid files and sockets" | ts
+rm -f /var/run/kopano/*
+
+exec /usr/sbin/kopano-monitor -F
--- a/kopano_search/Dockerfile
+++ b/kopano_search/Dockerfile
@ -0,0 +1,17 @@
+ARG BASE_VERSION=latest
+FROM zokradonh/kopano_base:${BASE_VERSION}
+
+LABEL maintainer=az@zok.xyz \
+      version="1.0"
+
+# install kopano
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    kopano-search \
+    && rm -rf /var/cache/apt /var/lib/apt/lists
+
+ADD configure.py /kopano/configure.py
+ADD start.sh /kopano/start.sh
+
+RUN chmod a+x /kopano/start.sh
+
+CMD [ "/kopano/start.sh" ]
--- a/kopano_search/configure.py
+++ b/kopano_search/configure.py
@ -0,0 +1,14 @@
+import os
+import kcconf
+
+# Component specific configurations
+kcconf.configkopano({
+    r"/etc/kopano/search.cfg":
+    {
+        'log_file': "-",
+        'log_level': "4"
+    }
+})
+
+# Override configs from environment variables
+kcconf.configkopano(kcconf.parseenvironmentvariables(r"/etc/kopano/"))
--- a/kopano_search/start.sh
+++ b/kopano_search/start.sh
@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -eu # unset variables are errors & non-zero return values exit the whole script
+
+mkdir -p /kopano/data/attachments /var/run/kopano
+
+echo "Configure search" | ts
+/usr/bin/python3 /kopano/configure.py
+
+echo "Set config ownership" | ts
+chown -R kopano:kopano /kopano/data /run /tmp
+
+echo "Clean old pid files and sockets" | ts
+rm -f /var/run/kopano/*
+
+exec /usr/bin/python3 /usr/sbin/kopano-search -F
--- a/kopano_server/Dockerfile
+++ b/kopano_server/Dockerfile
@ -0,0 +1,20 @@
+ARG BASE_VERSION=latest
+FROM zokradonh/kopano_base:${BASE_VERSION}
+
+LABEL maintainer=az@zok.xyz \
+      version="1.0"
+
+# install kopano
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    kopano-server \
+    kopano-utils \
+    && rm -rf /var/cache/apt /var/lib/apt/lists
+
+ADD configure.py /kopano/configure.py
+ADD start.sh /kopano/start.sh
+
+RUN chmod a+x /kopano/start.sh
+
+EXPOSE 237/tcp
+
+CMD [ "/kopano/start.sh" ]
--- a/kopano_server/README.md
+++ b/kopano_server/README.md
@ -0,0 +1,34 @@
+
+This image is part of a complete set of kopano docker images:
+* zokradonh/kopano_webapp
+* zokradonh/kopano_spooler
+* zokradonh/kopano_gateway
+* zokradonh/kopano_ical
+* zokradonh/kopano_dagent
+* zokradonh/kopano_monitor
+* zokradonh/kopano_search
+* zokradonh/kopano_ssl
+
+E-Mail attachment directory is by default in /kopano/data/attachments/ so bind /kopano/data as volume.
+
+You can reconfigure by setting environment variable `KCCONF_SERVER_ATTACHMENT_PATH`.
+
+You can change all server.cfg settings you like prefixed with "`KCCONF_SERVER_`"
+So specify "`KCCONF_SERVER_MYSQL_HOST`" for "mysql\_host" setting in "server.cfg".
+Or specify "`KCCONF_LDAP_LDAP_SEARCH_BASE`" to set "ldap\_search_base" in "ldap.cfg".
+
+This image activates ActiveDirectory mode (Not OpenLDAP).
+So you need an ActiveDirectory already running to use this.
+You may try to override default settings with "`KCCONF_*`" options but using OpenLDAP instead of ActiveDirectory will fail due to !include command in ldap.cfg. This docker image does not support any method to edit this file. Create your own Dockerfile to enable OpenLDAP.
+
+For coredumps on crashes kopano-server requires the fs.suid_dumpable sysctl to contain the value 2, not 0.
+
+The docker image kopano_ssl will create certificates for all containers. Those certificates are selfsigned and only for internal Kopano component communication.
+
+kopano_webapp port 80 is meant to be published through a https reverse proxy. MAPI connection for Outlook is also handled over port 80.
+
+Maybe you need to execute `kopano-cli --list-users` once after initial install in the kopano_server container
+see https://documentation.kopano.io/kopanocore_administrator_manual/configure_kc_components.html#testing-ldap-configuration
+
+Example:
+`docker-compose exec kserver kopano-cli --list-users` (This may last very long without any console output.)
--- a/kopano_server/configure.py
+++ b/kopano_server/configure.py
@ -0,0 +1,18 @@
+import os
+import kcconf
+
+# Component specific configurations
+kcconf.configkopano({
+    r"/etc/kopano/server.cfg":
+    {
+        'log_file': "-",
+        'log_level': "3",
+        'attachment_path': "/kopano/data/attachments/",
+        'user_plugin': "ldap",
+        'server_listen': "",
+        'server_listen_tls': "*:237",
+    }
+})
+
+# Override configs from environment variables
+kcconf.configkopano(kcconf.parseenvironmentvariables(r"/etc/kopano/"))
--- a/kopano_server/start.sh
+++ b/kopano_server/start.sh
@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -eu # unset variables are errors & non-zero return values exit the whole script
+
+mkdir -p /kopano/data/attachments /var/run/kopano
+
+echo "Create /etc/kopano/ldap.cfg and prepare" | ts
+cp /usr/share/doc/kopano/example-config/ldap.cfg /etc/kopano/ldap.cfg
+sed -e "s|^\s*!include /usr/share/kopano/ldap.openldap.cfg|#!include /usr/sharekopano/ldap.openldap.cfg|" \
+    -e "s|#!include /usr/share/kopano/ldap.active-directory.cfg|!include /usr/share/kopano/ldap.active-directory.cfg|" \
+    -i /etc/kopano/ldap.cfg
+
+echo "Configure server core" | ts
+/usr/bin/python3 /kopano/configure.py
+
+echo "Set config ownership" | ts
+chown -R kopano:kopano /kopano/data /run /tmp
+
+echo "Clean old pid files and sockets" | ts
+rm -f /var/run/kopano/*
+
+exec /usr/sbin/kopano-server -F
--- a/kopano_spooler/Dockerfile
+++ b/kopano_spooler/Dockerfile
@ -0,0 +1,17 @@
+ARG BASE_VERSION=latest
+FROM zokradonh/kopano_base:${BASE_VERSION}
+
+LABEL maintainer=az@zok.xyz \
+      version="1.0"
+
+# install kopano
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    kopano-spooler python3-mapi \
+    && rm -rf /var/cache/apt /var/lib/apt/lists
+
+ADD configure.py /kopano/configure.py
+ADD start.sh /kopano/start.sh
+
+RUN chmod a+x /kopano/start.sh
+
+CMD [ "/kopano/start.sh" ]
--- a/kopano_spooler/configure.py
+++ b/kopano_spooler/configure.py
@ -0,0 +1,15 @@
+import os
+import kcconf
+
+# Component specific configurations
+kcconf.configkopano({
+    r"/etc/kopano/spooler.cfg":
+    {
+        'log_file': "-",
+        'log_level': "4",
+        'tmp_path': "/tmp/spooler/"
+    }
+})
+
+# Override configs from environment variables
+kcconf.configkopano(kcconf.parseenvironmentvariables(r"/etc/kopano/"))
--- a/kopano_spooler/start.sh
+++ b/kopano_spooler/start.sh
@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -eu # unset variables are errors & non-zero return values exit the whole script
+
+mkdir -p /kopano/data/attachments /tmp/spooler /var/run/kopano
+
+echo "Configure spooler" | ts
+/usr/bin/python3 /kopano/configure.py
+
+echo "Set config ownership" | ts
+chown -R kopano:kopano /kopano/data /run /tmp
+
+echo "Clean old pid files and sockets" | ts
+rm -f /var/run/kopano/*
+
+exec /usr/sbin/kopano-spooler -F
--- a/kopano_ssl/Dockerfile
+++ b/kopano_ssl/Dockerfile
@ -0,0 +1,23 @@
+FROM alpine:latest
+
+LABEL maintainer=az@zok.xyz \
+      version="1.0"
+
+RUN mkdir -p /kopano/easypki /kopano/ssl /kopano/ssl/clients
+WORKDIR /kopano/easypki
+
+ENV PKI_ROOT /kopano/easypki
+ENV PKI_ORGANIZATION Internal Kopano System
+ENV PKI_COUNTRY DE
+
+RUN apk add --update \
+    easypki \
+    openssl \
+    && rm -rf /var/cache/apk/*
+
+COPY start.sh /start.sh
+COPY gencerts.sh /gencerts.sh
+
+RUN chmod a+x /start.sh /gencerts.sh
+
+CMD ["/start.sh"]
--- a/kopano_ssl/gencerts.sh
+++ b/kopano_ssl/gencerts.sh
@ -0,0 +1,17 @@
+#!/bin/sh
+
+echo "Creating CA and Server certificates..."
+
+easypki create --filename internalca --organizational-unit primary --expire 3650 --ca "Internal Kopano System" 
+
+cp /kopano/easypki/internalca/certs/internalca.crt /kopano/ssl/ca.pem
+
+for s in kserver kdagent kmonitor ksearch kspooler kwebapp
+  do
+    easypki create --ca-name internalca --organizational-unit $s --expire 3650 $s
+    cp /kopano/easypki/internalca/keys/$s.key /kopano/ssl/$s.pem
+    cat /kopano/easypki/internalca/certs/$s.crt >> /kopano/ssl/$s.pem
+    openssl x509 -in /kopano/easypki/internalca/certs/$s.crt -pubkey -noout > /kopano/ssl/clients/$s-public.pem
+done
+
+ls -l /kopano/ssl/*.pem
--- a/kopano_ssl/start.sh
+++ b/kopano_ssl/start.sh
@ -0,0 +1,8 @@
+#!/bin/sh
+
+
+if [ -f /kopano/ssl/ca.pem ]
+  then exit 0
+fi
+
+/gencerts.sh
--- a/kopano_webapp/Dockerfile
+++ b/kopano_webapp/Dockerfile
@ -0,0 +1,94 @@
+FROM debian:stretch
+
+LABEL maintainer=az@zok.xyz \
+      version="1.1"
+
+RUN mkdir -p /kopano/repo && mkdir -p /kopano/data
+WORKDIR /kopano/repo
+
+ADD z-push-GPG.key /kopano/repo
+
+ENV DEBIAN_FRONTEND noninteractive
+
+ARG KOPANO_REPOSITORY=http://localhost:8081/kopanoarchive/
+
+RUN apt-get update && \
+    apt-get install -y curl crudini gpg && \
+    echo "deb [trusted=yes] ${KOPANO_REPOSITORY} ./" > /etc/apt/sources.list.d/kopano.list; \
+    echo "deb http://repo.z-hub.io/z-push:/final/Debian_9.0/ /" > /etc/apt/sources.list.d/zpush.list; \
+    apt-key add /kopano/repo/z-push-GPG.key && \
+    apt-get install -y --no-install-recommends \
+    apache2 \
+    libapache2-mod-php7.0 \
+    z-push-backend-kopano \
+    z-push-config-apache \
+    && rm -rf /var/cache/apt /var/lib/apt/lists
+
+# trigger rebuild from here on new version - dont use cache my dear docker
+ARG WEBAPP_VERSION
+
+# install kopano web app and refresh ca-certificates
+RUN echo ${WEBAPP_VERSION} > /kopano/buildversion && \
+    apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates \
+    kopano-webapp \
+    kopano-webapp-plugin-contactfax \
+    kopano-webapp-plugin-desktopnotifications \
+    kopano-webapp-plugin-filepreviewer \
+    kopano-webapp-plugin-folderwidgets \
+#    kopano-webapp-plugin-gmaps \
+    kopano-webapp-plugin-pimfolder \
+    kopano-webapp-plugin-quickitems \
+#    kopano-webapp-plugin-spell-de-at \
+#    kopano-webapp-plugin-spell-de-ch \
+    kopano-webapp-plugin-spell-de-de \
+    kopano-webapp-plugin-spell-en-gb \
+    kopano-webapp-plugin-spell-en \
+#    kopano-webapp-plugin-spell-es \
+#    kopano-webapp-plugin-spell-fr \
+#    kopano-webapp-plugin-spell-nl \
+#    kopano-webapp-plugin-spell-pl-pl \
+    kopano-webapp-plugin-spell \
+#    kopano-webapp-plugin-titlecounter \
+#    kopano-webapp-plugin-webappmanual \
+#    kopano-webapp-plugin-zdeveloper \
+    && rm -rf /var/cache/apt /var/lib/apt/lists
+
+ADD apache2-kopano.conf /etc/apache2/sites-available/kopano.conf
+
+    # configure basics
+RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
+    sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \
+    dpkg-reconfigure --frontend=noninteractive locales && \
+    update-locale LANG=en_US.UTF-8 && \
+    curl -L -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64 && \
+    chmod a+x /usr/local/bin/dumb-init && \
+    # configure apache
+    rm /etc/apache2/sites-enabled/* && \
+    sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf && \
+    sed -e "s,MaxSpareServers[^:].*,MaxSpareServers 5," -i /etc/apache2/mods-available/mpm_prefork.conf && \
+    a2disconf other-vhosts-access-log && \
+    a2ensite kopano && \
+    echo "Listen 80" > /etc/apache2/ports.conf && \
+    # configure mod_php
+    a2enmod rewrite && \
+    crudini --set /etc/php/7.0/apache2/php.ini PHP upload_max_filesize 500M && \
+    crudini --set /etc/php/7.0/apache2/php.ini PHP post_max_size 500M && \
+    crudini --set /etc/php/7.0/apache2/php.ini PHP max_input_vars 1800 && \
+    crudini --set /etc/php/7.0/apache2/php.ini Session session.save_path /run/sessions && \
+    # configure z-push
+    mkdir -p /var/lib/z-push /var/log/z-push && \
+    chown www-data:www-data /var/lib/z-push /var/log/z-push
+
+VOLUME /var/lib/z-push/
+
+EXPOSE 80/tcp
+
+ADD start.sh /kopano/start.sh
+
+RUN chmod a+x /kopano/start.sh
+
+ENV LANG en_US.UTF-8 
+
+ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
+CMD [ "/kopano/start.sh" ]
--- a/kopano_webapp/apache2-kopano.conf
+++ b/kopano_webapp/apache2-kopano.conf
@ -0,0 +1,79 @@
+<VirtualHost *:80>
+    DocumentRoot /usr/share/kopano-webapp
+
+    LogFormat "%{X-Forwarded-For}i %{%a %b %d %T %Y}t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+    ErrorLog "|/bin/cat"
+    CustomLog "|/bin/cat" proxy
+
+    <Directory /usr/share/kopano-webapp/>
+        DirectoryIndex index.php
+        Options -Indexes +FollowSymLinks
+
+        <IfVersion < 2.4>
+        Allow from all
+        AllowOverride Options Limit
+        Order allow,deny
+        </IfVersion>
+
+        <IfVersion >= 2.4>
+        AllowOverride Options Limit Authconfig
+        Require all granted
+        </IfVersion>
+
+        FileETag All
+
+        # Uncomment to enhance security of WebApp by restricting cookies to only
+        # be provided over HTTPS connections
+        # php_flag session.cookie_secure on
+        # php_flag session.cookie_httponly on
+
+        # Manipulate the cache control headers if mod_expires and
+        # mod_headers are both enabled; otherwise the client will depend
+        # on the ETag header.  However, you can set FileETag to "None" if
+        # you have multiple servers serving WebApp to the same user.  In
+        # that case, apache will fall back to the config below so make
+        # sure these two modules are loaded!
+        <IfModule expires_module>
+            <IfModule headers_module>
+                ExpiresActive On
+                ExpiresDefault "now"
+
+                <filesMatch "\.(jpg|gif|png)$">
+                    # All (static) resources set to 2 months expiration time.
+                    ExpiresDefault "access plus 2 months"
+                    Header append Cache-Control "public"
+                </filesMatch>
+
+                <FilesMatch "\.(js|css)$">
+                    # All non-dynamic files set to 2 weeks expiration time.
+                    ExpiresDefault "access plus 2 weeks"
+                    # User agents are requested to revalidate for each resource
+                    # so that the server can always serve a newer version if
+                    # necessary.
+                    Header append Cache-Control "no-cache, must-revalidate"
+
+                    # Treat IE a little differently due to the remarks on no-cache
+                    # on http://support.microsoft.com/kb/234067
+                    <IfModule setenvif_module>
+                        BrowserMatch MSIE ie_bug
+                    </IfModule>
+                    Header set Cache-Control "must-revalidate, private" env=ie_bug
+                </FilesMatch>
+
+                <filesMatch "\.(php)$">
+                    # PHP files must always be retrieved from the server.
+                    ExpiresActive Off
+                    Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
+                    Header set Pragma "no-cache"
+                </filesMatch>
+            </IfModule>
+        </IfModule>
+
+        # Enable gzip compression if the module is available
+        <IfModule deflate_module>
+            <filesMatch "\.(js|css)$">
+                SetOutputFilter DEFLATE
+            </filesMatch>
+        </IfModule>
+    </Directory>
+</VirtualHost>
--- a/kopano_webapp/start.sh
+++ b/kopano_webapp/start.sh
@ -0,0 +1,33 @@
+#!/bin/bash
+
+set -eu # unset variables are errors & non-zero return values exit the whole script
+
+echo "Ensure directories"
+mkdir -p /run/sessions /tmp/webapp 
+
+echo "Configure webapp"
+sed -e "s#define(\"DEFAULT_SERVER\",\s*\".*\"#define(\"DEFAULT_SERVER\", \"https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano\"#" \
+    -e "s#define(\"INSECURE_COOKIES\",\s*.*)#define(\"INSECURE_COOKIES\", true)#" \
+    -i /etc/kopano/webapp/config.php
+
+echo "Configure z-push"
+sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \
+        -i /etc/z-push/kopano.conf.php
+sed -e "s#define([\"']USE_X_FORWARDED_FOR_HEADER[\"'],\s*false)#define('USE_X_FORWARDED_FOR_HEADER', true)#" \
+        -i /etc/z-push/z-push.conf.php
+
+echo "Ensure config ownership"
+chown -R www-data:www-data /run/sessions /tmp/webapp
+
+echo "Activate z-push log rerouting"
+tail --pid=$$ -F --lines=0 -q /var/log/z-push/z-push.log &
+tail --pid=$$ -F --lines=0 -q /var/log/z-push/z-push-error.log &
+
+
+
+echo "Starting Apache"
+rm -f /run/apache2/apache2.pid
+set +u
+source /etc/apache2/envvars
+exec /usr/sbin/apache2 -DFOREGROUND
+#exec /bin/bash -c "source /etc/apache2/envvars && /usr/sbin/apache2 -DFOREGROUND"
--- a/kopano_webapp/z-push-GPG.key
+++ b/kopano_webapp/z-push-GPG.key
@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFcjak8BEACl/9+3+hgGmkIgn/G8dzfo4BY8gRtLdQkFPw/dhvZWGznvFkdY
+GbSdIbcFNp8uMKva8P75rIq5XSYAU8o21gjoGuVSi55MB/JNnR22whpXHnx3Os2i
+pkoFZEWqGoW/7CWAk6QVOpVK+0UXEaXTkuEKVsB+hRL9wRQNpcWN8M894/I5egGB
+b1gPD9OFMTlHEVjLYFLUwGeMCSpcTU4kHu93g7S/s2xVng31xlZ2FqUgUT2GWTrR
+YfPuNib0srIZXwsqmVMJdu4qx3FoIJeAd3KH11fbb2oZEmwGKYfULoATGQ6s9/nG
+wVR2aJPPgZJv2YIpoE4CqKixj8ll6yc6DWzp2dOOj/4JJvpdpeO3Vu3dMy+8qBsR
+VlsCRKAFJLkmnliaUxtGM3oH3URb8LSnLXWPrvDB3sEq4o5mRxooqcwzi5FQ8bvG
+jzoqdw4NWIuH24Y7cC80X7o28qmN+DxySkeOtMQ9hVxYhK+bab3kw9Q9KCIT70r6
+YsCPX2+5RSBDpWI4bmP/3xMD2EUsdZBZYx79Qccai9+Syhw+GgIC/Yj9tdK8++5D
+XJWxTZLhYBAfoI3RsOmx38Yg9Z8fFF2l43jgveFORrv0EMcWBrJTtvLEXBPdCjBi
+AYBhAsuku/Kc6/zXrbWOYnmtxiYqjiqsyOXFdXat9Vw163rup2UoGjw8sQARAQAB
+tCpLb3Bhbm8gRGV2ZWxvcG1lbnQgPGRldmVsb3BtZW50QGtvcGFuby5pbz6JAj8E
+EwECACkFAlcjak8CGwMFCQlmAYAHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAK
+CRBcsn4TWOLyp6nyEACKoLHrZHszq9FsNeCP+K44c30tMUaDMs65q+dR4AN6LVCF
+KTQPGdw1Ie5SKzjAFl4/wt7uEwyf1SAjpTWM+VM+X6GpcaNzdH0BhNWxdPagqYtt
+Rt0bLdYWuz/pvbv8xjbMXFRVaHbSs41gEMyYhI2y9tFg6/hvfe03GeK8xHnbFLlA
+mcP2SREGpApUGKSol3VR+5nZsBjf/o8fp/F0TQd2B72pvLQZtNBr/BAjNZ+rzmRP
+iXG4s+HejHceyMmDMyJ//jUsADm3GADZnP/3X3DHQz4A7ox/7Z9YB1SwPx3Th/8H
+/EZSDySL02F//V0+PU/0aYJSGCj8MKlVpPmoyMqhcLIj/c/25PzVsYfHi5lVcXs8
+tRUhFC10KYHtEZmpjFSxCMIuz8noxxBubF0cbXh+NoJBktf8DlI2ijOwgBwTqem2
+a7UoMYSb403m0eAfdNO7Jy4RJP0NnBYyWCSK8BtlYE9N4yAwmRK0gGwwyLiVHVgk
+uG8u1Wzzd0NHeJVZYdJePDCLfyvCtcbsOevUwVMCFOWnFialnleNeIF37LeBcpC9
+3A5MsH+aLFs0rAwGpEqBdS79/96zlf99oWC/DF6ZI/zWCKq563Zskk7tf0CN4zp0
+56j9hlYmgE7a9FGu31ExeQIoCNJ9maxC4akLh9gWLpZgVqxMGMwBmU72+OYA27kC
+DQRXI2pPARAAzc8kt99ckNuJ0BTEW+U802QafzZz7V663Sw0uVHYcGTFTFia0LsH
+spdjVJXj6vSfPxWqxpLSZygC2M70sgG8n7/TPTZZvKWxSTyVJBJLfd8xBhZiRgIa
+UpwRDlyM4roLQ/ZWZyENWDfOtT7KIxmLgidj5fxzIuJkBAfc3CfUs6sYwktg1Q9E
+tYSIzK8a1t5EzvK6EpXnR1efQJCtDOlsTiLpzeloNvcrO1cGJ6oNYVwqxT9o7akB
+3g/czplvS52f1A0zX4qVyVan29OPjkC1Gi2w9h3cwi0HKCI8Jjq9zWZG211tC7pJ
+c7uj0YpiyeJrnM9ZLAHxSaiQIRf9E4yYg2UZ/+68KUfpuG22vDCDJokX+nvlpaVY
+Ck2C9ugcLgkqch4yMbraF0wRmdn09W8uUf+kpdnIEFxiiZzR1gpWt7B1Rb0JlTAX
+pxRTIxnpfZdm75eiOjcruZMbQ9Kw8pxzJfTiNjpJRszi0pYYqEJ1mm7aMrvYJZhF
+PqH8jQXtASZhScR/Y6rzsFtmjB1uDRDEdaT+yzYC24EOkNUNVnoSu9E4grh+HdFl
+VUPnZfzq0EllpqqPBA8ufdFCU5Nrix+Zq3mpjtGlbsOxpMAKF6DKMMxiYxz/mwVq
+w7nX4i8GQaSB4NjoHLeWcSqYK/U8dIcIsan04+HjtJu+o9O9P4b4EZ0AEQEAAYkC
+JQQYAQIADwUCVyNqTwIbDAUJCWYBgAAKCRBcsn4TWOLyp0QvD/48u+aGGswkYTo7
+jSO3z69mueOm48eEwjTGT8t6p1oPajMAcfMzbMfXAIN3SuGkCzeL2nD0WcqVbeIC
+qBk9smpclavphN66EgMpI1vuennzuiRiD/8ux8kG9xebc2zCW+eTNQ9M3kCSS7wr
+rdlNDPU/LPc4otjdDMm1FoEhMfyB5k8TvTBGaEQT4yZH0QZ4aSfY0oj7YRLrZNhP
+sTLbYvNkalp+Wp7VMXb2fgF65/VV8TNZFFWctDiWS+LT3+MN0vshmIzrXuwRIQ7r
+PvDwPrK33a6EkgPvPdXxg6I6NpxcwuGuDLyD6rrccujLvlpLEVQOMNxPFiDbsBBK
+ZrFP7Fr0piY2jbuxLmZk4hf4D2qaPK+m9V1977TxOlBE7L5xp9iCo7AMx3HceSmK
+RqV0++YOOskar8JOG9MLFQwNv61wk6eDfcryDZmdCHA6gRtUWMEXSo0jeE1/rz7b
+uHIg2U703IH+wNrvzP23OTMWbHI3seqZ6P70ujfMle9bBmiqUCTiTTVODb3YJ2o1
+jCfSFXIcBliRRrmPPaEs1vg/TGXGCoSSoFOzeyYA2FJJ2NcSacE/lxY1gRmwY0AB
+ED0D3Bnq0wo0RvYowrK8rZdrkTBmxV7ni2JglQhKyEy41/YL3MTx9/MMTJDujEJ6
+7zUlfHQRsIWNhNJyXwU/2pk8F6DY5g==
+=PzW0
+-----END PGP PUBLIC KEY BLOCK-----