diff --git a/README.md b/README.md index ad2b448..b6c0756 100644 --- a/README.md +++ b/README.md @@ -1,282 +1,282 @@ -# KopanoDocker -Unofficial kopano docker images for all kopano services. -Use kopano_core image for server/spooler/dagent/search/monitor/ical/gateway services. -Use kopano_webapp for web service. - -Example -======= - -docker-compose.yml -``` -version: '3' - -services: - - kserver: - image: zokradonh/kopano_core:${CORE_VERSION} - hostname: kserver - container_name: kopano_server - links: - - db - depends_on: - - "kssl" - environment: - - SERVICE_TO_START=server - - TZ=Europe/Berlin - - KCCONF_SERVER_COREDUMP_ENABLED=no - - KCCONF_SERVER_LOG_LEVEL=4 - - KCCONF_SERVER_MYSQL_HOST=db - - KCCONF_SERVER_MYSQL_PORT=3306 - - KCCONF_SERVER_MYSQL_DATABASE=kopano - - KCCONF_SERVER_MYSQL_USERNAME=root - - KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here - - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem - - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem - - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients - - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy - - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld #change here - - KCCONF_SERVER_DISABLED_FEATURES=pop3 - - KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/ - - KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport #change here - - KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here - - KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER #change here - - KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld #change here - - KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap - - KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap - networks: - - kopanonet - volumes: - - data:/kopano/data - - sslcerts:/kopano/ssl - - kdagent: - image: zokradonh/kopano_core:${CORE_VERSION} - container_name: kopano_dagent - links: - - kserver - volumes: - - sslcerts:/kopano/ssl - environment: - - SERVICE_TO_START=dagent - - TZ=Europe/Berlin - - KCCONF_DAGENT_LOG_LEVEL=6 - - KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/ - - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem - networks: - - kopanonet - - kgateway: - image: zokradonh/kopano_core:${CORE_VERSION} - container_name: kopano_gateway - links: - - kserver - volumes: - - ./gatewaycerts/:/kopano/certs/ - environment: - - SERVICE_TO_START=gateway - - TZ=Europe/Berlin - - KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/ - - KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here - - KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here - networks: - - kopanonet - - kical: - image: zokradonh/kopano_core:${CORE_VERSION} - container_name: kopano_ical - links: - - kserver - environment: - - SERVICE_TO_START=ical - - TZ=Europe/Berlin - - KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/ - networks: - - kopanonet - - kmonitor: - image: zokradonh/kopano_core:${CORE_VERSION} - container_name: kopano_monitor - links: - - kserver - volumes: - - sslcerts:/kopano/ssl - environment: - - SERVICE_TO_START=monitor - - TZ=Europe/Berlin - - KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/ - - KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem - networks: - - kopanonet - - ksearch: - image: zokradonh/kopano_core:${CORE_VERSION} - container_name: kopano_search - links: - - kserver - volumes: - - sslcerts:/kopano/ssl - environment: - - SERVICE_TO_START=search - - TZ=Europe/Berlin - - KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380 - - KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/ - - KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem - networks: - - kopanonet - - kspooler: - image: zokradonh/kopano_core:${CORE_VERSION} - container_name: kopano_spooler - links: - - kserver - volumes: - - sslcerts:/kopano/ssl - environment: - - SERVICE_TO_START=spooler - - TZ=Europe/Berlin - - KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/ - - KCCONF_SPOOLER_LOG_LEVEL=4 - - KCCONF_SPOOLER_SMTP_SERVER=kmta - - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem - networks: - - kopanonet - - kwebapp: - image: zokradonh/kopano_webapp:${WEBAPP_VERSION} - hostname: kwebapp - container_name: kopano_webapp - links: - - kserver - #ports: - # - "8236:80" - # - "8237:443" - volumes: - - syncstates:/var/lib/z-push/ - - sslcerts:/kopano/ssl - environment: - - TZ=Europe/Berlin - - KCCONF_SERVERHOSTNAME=kserver - - KCCONF_SERVERPORT=237 - networks: - - web - - kopanonet - - kssl: - image: zokradonh/kopano_ssl - container_name: kopano_ssl - volumes: - - sslcerts:/kopano/ssl - - kmta: - image: tvial/docker-mailserver:latest - hostname: myhost #change here - domainname: domain.tld #change here - #dns: 127.0.0.1 - container_name: kopano_mta - #links: - # - adtunnel - ports: - - "25:25" - # - "143:143" - # - "587:587" - # - "993:993" - volumes: - - tmpmaildata:/var/mail - - tmpmailstate:/var/mail-state - - ./mtaconfig/:/tmp/docker-mailserver/ # create this dir - environment: - - TZ=Europe/Berlin - - ENABLE_SPAMASSASSIN=1 - - ENABLE_CLAMAV=1 - - ENABLE_FAIL2BAN=1 - - ENABLE_POSTGREY=1 - - TLS_LEVEL=intermediate - - POSTGREY_DELAY=10 - - ONE_DIR=1 - - DMS_DEBUG=0 - - ENABLE_LDAP=1 - - LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here - - LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here - - LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here - - LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here - - LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s))) - - LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s)) - - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s)) - - LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group))) - - ENABLE_SASLAUTHD=1 - - SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here - - SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here - - SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER #change here - - SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here - - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person)) - - SASLAUTHD_MECHANISMS=ldap - - POSTMASTER_ADDRESS=postmaster@domain.tld #change here - - SMTP_ONLY=1 - - PERMIT_DOCKER=network - - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1 - - POSTFIX_DAGENT=lmtp:kdagent:2003 - - REPORT_RECIPIENT=1 - networks: - - kopanonet - cap_add: - - NET_ADMIN - - SYS_PTRACE - - db: - image: mariadb - restart: always - container_name: kopano_db - volumes: - - db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here - - MYSQL_PASSWORD=YOUR_PASSWORD #change here - - MYSQL_DATABASE=kopano - - MYSQL_USER=kopano - networks: - - kopanonet - -volumes: - db: - data: - syncstates: - sslcerts: - tmpmaildata: - tmpmailstate: - -networks: - web: # this requires an external docker container that is a http reverse proxy (e.g. haproxy) - external: - name: haproxy_webrproxynet - kopanonet: - driver: bridge -``` - -Requires haproxy network for http reverse proxy. -Change all lines which are commented especially those with #change here - -This is just a quick example docker-compose.yml made in some minutes to provide a better start. - -Requires `.env` file next to docker-compose.yml with content like this -``` -CORE_VERSION=8.6.80.1055-0plus156.1 -WEBAPP_VERSION=3.4.17.1565plus895.1 -``` - -Requires `ldap-groups.cf` in ./mtaconfig directory next to docker-compose.yml -``` -bind = yes -bind_dn = cn=admin,dc=domain,dc=com -bind_pw = admin -query_filter = (&(mailGroupMember=%s)(mailEnabled=TRUE)) -result_attribute = mail -search_base = ou=people,dc=domain,dc=com -server_host = mail.domain.com -start_tls = no -version = 3 -leaf_result_attribute = mail -special_result_attribute = member -``` -Now group members of Active Directory groups can be found by postfix. - -Furthermore you can use this directory for opendkim - see kmta's image for details. +# KopanoDocker +Unofficial kopano docker images for all kopano services. +Use kopano_core image for server/spooler/dagent/search/monitor/ical/gateway services. +Use kopano_webapp for web service. + +Example +======= + +docker-compose.yml +``` +version: '3' + +services: + + kserver: + image: zokradonh/kopano_core:${CORE_VERSION} + hostname: kserver + container_name: kopano_server + links: + - db + depends_on: + - "kssl" + environment: + - SERVICE_TO_START=server + - TZ=Europe/Berlin + - KCCONF_SERVER_COREDUMP_ENABLED=no + - KCCONF_SERVER_LOG_LEVEL=4 + - KCCONF_SERVER_MYSQL_HOST=db + - KCCONF_SERVER_MYSQL_PORT=3306 + - KCCONF_SERVER_MYSQL_DATABASE=kopano + - KCCONF_SERVER_MYSQL_USER=root + - KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here + - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem + - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem + - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients + - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy + - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld #change here + - KCCONF_SERVER_DISABLED_FEATURES=pop3 + - KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/ + - KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport #change here + - KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here + - KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER #change here + - KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld #change here + - KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap + - KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap + networks: + - kopanonet + volumes: + - data:/kopano/data + - sslcerts:/kopano/ssl + + kdagent: + image: zokradonh/kopano_core:${CORE_VERSION} + container_name: kopano_dagent + links: + - kserver + volumes: + - sslcerts:/kopano/ssl + environment: + - SERVICE_TO_START=dagent + - TZ=Europe/Berlin + - KCCONF_DAGENT_LOG_LEVEL=6 + - KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/ + - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem + networks: + - kopanonet + + kgateway: + image: zokradonh/kopano_core:${CORE_VERSION} + container_name: kopano_gateway + links: + - kserver + volumes: + - ./gatewaycerts/:/kopano/certs/ + environment: + - SERVICE_TO_START=gateway + - TZ=Europe/Berlin + - KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/ + - KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here + - KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here + networks: + - kopanonet + + kical: + image: zokradonh/kopano_core:${CORE_VERSION} + container_name: kopano_ical + links: + - kserver + environment: + - SERVICE_TO_START=ical + - TZ=Europe/Berlin + - KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/ + networks: + - kopanonet + + kmonitor: + image: zokradonh/kopano_core:${CORE_VERSION} + container_name: kopano_monitor + links: + - kserver + volumes: + - sslcerts:/kopano/ssl + environment: + - SERVICE_TO_START=monitor + - TZ=Europe/Berlin + - KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/ + - KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem + networks: + - kopanonet + + ksearch: + image: zokradonh/kopano_core:${CORE_VERSION} + container_name: kopano_search + links: + - kserver + volumes: + - sslcerts:/kopano/ssl + environment: + - SERVICE_TO_START=search + - TZ=Europe/Berlin + - KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380 + - KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/ + - KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem + networks: + - kopanonet + + kspooler: + image: zokradonh/kopano_core:${CORE_VERSION} + container_name: kopano_spooler + links: + - kserver + volumes: + - sslcerts:/kopano/ssl + environment: + - SERVICE_TO_START=spooler + - TZ=Europe/Berlin + - KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/ + - KCCONF_SPOOLER_LOG_LEVEL=4 + - KCCONF_SPOOLER_SMTP_SERVER=kmta + - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem + networks: + - kopanonet + + kwebapp: + image: zokradonh/kopano_webapp:${WEBAPP_VERSION} + hostname: kwebapp + container_name: kopano_webapp + links: + - kserver + #ports: + # - "8236:80" + # - "8237:443" + volumes: + - syncstates:/var/lib/z-push/ + - sslcerts:/kopano/ssl + environment: + - TZ=Europe/Berlin + - KCCONF_SERVERHOSTNAME=kserver + - KCCONF_SERVERPORT=237 + networks: + - web + - kopanonet + + kssl: + image: zokradonh/kopano_ssl + container_name: kopano_ssl + volumes: + - sslcerts:/kopano/ssl + + kmta: + image: tvial/docker-mailserver:latest + hostname: myhost #change here + domainname: domain.tld #change here + #dns: 127.0.0.1 + container_name: kopano_mta + #links: + # - adtunnel + ports: + - "25:25" + # - "143:143" + # - "587:587" + # - "993:993" + volumes: + - tmpmaildata:/var/mail + - tmpmailstate:/var/mail-state + - ./mtaconfig/:/tmp/docker-mailserver/ # create this dir + environment: + - TZ=Europe/Berlin + - ENABLE_SPAMASSASSIN=1 + - ENABLE_CLAMAV=1 + - ENABLE_FAIL2BAN=1 + - ENABLE_POSTGREY=1 + - TLS_LEVEL=intermediate + - POSTGREY_DELAY=10 + - ONE_DIR=1 + - DMS_DEBUG=0 + - ENABLE_LDAP=1 + - LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here + - LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here + - LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here + - LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here + - LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s))) + - LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s)) + - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s)) + - LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group))) + - ENABLE_SASLAUTHD=1 + - SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here + - SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here + - SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER #change here + - SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here + - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person)) + - SASLAUTHD_MECHANISMS=ldap + - POSTMASTER_ADDRESS=postmaster@domain.tld #change here + - SMTP_ONLY=1 + - PERMIT_DOCKER=network + - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1 + - POSTFIX_DAGENT=lmtp:kdagent:2003 + - REPORT_RECIPIENT=1 + networks: + - kopanonet + cap_add: + - NET_ADMIN + - SYS_PTRACE + + db: + image: mariadb + restart: always + container_name: kopano_db + volumes: + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here + - MYSQL_PASSWORD=YOUR_PASSWORD #change here + - MYSQL_DATABASE=kopano + - MYSQL_USER=kopano + networks: + - kopanonet + +volumes: + db: + data: + syncstates: + sslcerts: + tmpmaildata: + tmpmailstate: + +networks: + web: # this requires an external docker container that is a http reverse proxy (e.g. haproxy) + external: + name: haproxy_webrproxynet + kopanonet: + driver: bridge +``` + +Requires haproxy network for http reverse proxy. +Change all lines which are commented especially those with #change here + +This is just a quick example docker-compose.yml made in some minutes to provide a better start. + +Requires `.env` file next to docker-compose.yml with content like this +``` +CORE_VERSION=8.6.80.1055-0plus156.1 +WEBAPP_VERSION=3.4.17.1565plus895.1 +``` + +Requires `ldap-groups.cf` in ./mtaconfig directory next to docker-compose.yml +``` +bind = yes +bind_dn = cn=admin,dc=domain,dc=com +bind_pw = admin +query_filter = (&(mailGroupMember=%s)(mailEnabled=TRUE)) +result_attribute = mail +search_base = ou=people,dc=domain,dc=com +server_host = mail.domain.com +start_tls = no +version = 3 +leaf_result_attribute = mail +special_result_attribute = member +``` +Now group members of Active Directory groups can be found by postfix. + +Furthermore you can use this directory for opendkim - see kmta's image for details. diff --git a/build.sh b/build.sh index 2a13d19..87be0fe 100644 --- a/build.sh +++ b/build.sh @@ -8,18 +8,21 @@ networkname="buildproxy_net" customBuildArgs=() serial="" component="" +proxyContainerId="" +nocache="" function _usage() { - echo "Usage: build.sh -c core|webapp [-s serial] [-b master|final|pre-final] [-p buildcontext] [-n networkname] [[-a buildarg] ...]" + echo "Usage: build.sh -c core|webapp [-s serial] [-b master|final|pre-final] [-p buildcontext] [-n networkname] [[-a buildarg] ...] [-i]" echo "Example: build.sh -c core -s ABC123456789DEF -b final" - echo "If no branch is specified, 'master' will be built by default." - echo "If no buildcontext is specified, it will be built from git repository. Normally, you do not need to specify this." - echo "If no networkname is specified, it will create and use a network named 'buildproxy_net'." - echo "You can specify custom build args via e.g. -a KOPANO_CORE_REPOSITORY_URL=http://thisismy/url -a KOPANO_WEBAPP_REPOSITORY_URL=http://thisismy/url." + echo "-i Do not use cache on docker build." + echo "-b If no branch is specified, 'master' will be built by default." + echo "-p If no buildcontext is specified, it will be built from git repository. Normally, you do not need to specify this." + echo "-n If no networkname is specified, it will create and use a network named 'buildproxy_net'." + echo "-a You can specify custom build args via e.g. -a KOPANO_CORE_REPOSITORY_URL=http://thisismy/url -a KOPANO_WEBAPP_REPOSITORY_URL=http://thisismy/url." } -while getopts ":s:c:b:p:n:a:" opt; do +while getopts ":s:c:b:p:n:a:i" opt; do case $opt in s) serial=$OPTARG @@ -39,6 +42,9 @@ while getopts ":s:c:b:p:n:a:" opt; do a) customBuildArgs[${#customBuildArgs[*]}]=$OPTARG ;; + i) + nocache="--no-cache" + ;; \?) _usage exit 1 @@ -118,6 +124,7 @@ docker build \ --build-arg KOPANO_${component^^}_VERSION=$currentVersion \ $customBuildString \ $tagLatest \ + $nocache \ -t zokradonh/kopano_$component:$currentVersionDocker \ -t zokradonh/kopano_$component:latest-$branch \ --network $networkname \ diff --git a/core/start-service.sh b/core/start-service.sh index db1355b..02a8ebe 100644 --- a/core/start-service.sh +++ b/core/start-service.sh @@ -19,6 +19,14 @@ chown -R kopano:kopano /kopano/data /run /tmp echo "Clean old pid files and sockets" | ts rm -f /var/run/kopano/* +# allow helper commands given by "docker-compose run" +if [ $# -gt 0 ] +then + exec "$@" + exit +fi + +# start regular service case "$SERVICE_TO_START" in server) exec /usr/sbin/kopano-server -F