make docker-compose easier to use (also by introducing variables and a setup script)

update Dockerfiles/Makefile for use with kopano supported build
introduce a local ldap image with some demo users
include caddy for reverse proxying
add proper documentation and remove obsolete build and push scripts

Signed-off-by: Felix Bartels <felix@host-consultants.de>

.gitignore

@@ -2,4 +2,6 @@
 **/.vscode
 *.yml
 docker-compose.yml
-certs/*
+data/*
+Makefile-env
+.env

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "caddy"]
+	path = caddy
+	url = https://github.com/fbartels/caddy-gen.git

Makefile

@@ -4,18 +4,35 @@ docker_pwd := `cat ~/.docker-account-pwd`
 
 base_version = $(shell docker run --rm $(docker_repo)/kopano_base cat /kopano/buildversion)
 base_download_version = $(shell ./version.sh core)
-core_version = $(shell docker run --rm $(docker_repo)/kopano_core cat /kopano/buildversion | grep -o -P '(?<=-).*(?=_)')
+core_version = $(shell docker run --rm $(docker_repo)/kopano_core cat /kopano/buildversion | grep -o -P '(?<=-).*(?=\+)')
 core_download_version = $(shell ./version.sh core)
 webapp_version = $(shell docker run --rm $(docker_repo)/kopano_webapp cat /kopano/buildversion | tail -n 1 | grep -o -P '(?<=-).*(?=\+)')
 webapp_download_version = $(shell ./version.sh webapp)
 
+KOPANO_CORE_REPOSITORY_URL := file:/kopano/repo/core
+KOPANO_WEBAPP_REPOSITORY_URL := file:/kopano/repo/webapp
+RELEASE_KEY_DOWNLOAD := 0
+DOWNLOAD_COMMUNITY_PACKAGES := 1
+
+-include .env
+export
+
+# convert lowercase componentname to uppercase
 COMPONENT = $(shell echo $(component) | tr a-z A-Z)
 
-build-all: build-base build-core build-webapp
+build-all: build-ssl build-base build-core build-webapp
 
 build: component ?= base
 build:
-	docker build --build-arg KOPANO_$(COMPONENT)_VERSION=${$(component)_download_version} -t $(docker_repo)/kopano_$(component) $(component)/
+	docker build \
+		--build-arg docker_repo=${docker_repo} \
+		--build-arg KOPANO_CORE_VERSION=${core_download_version} \
+		--build-arg KOPANO_$(COMPONENT)_VERSION=${$(component)_download_version} \
+		--build-arg KOPANO_CORE_REPOSITORY_URL=$(KOPANO_CORE_REPOSITORY_URL) \
+		--build-arg KOPANO_WEBAPP_REPOSITORY_URL=$(KOPANO_WEBAPP_REPOSITORY_URL) \
+		--build-arg RELEASE_KEY_DOWNLOAD=$(RELEASE_KEY_DOWNLOAD) \
+		--build-arg DOWNLOAD_COMMUNITY_PACKAGES=$(DOWNLOAD_COMMUNITY_PACKAGES) \
+		-t $(docker_repo)/kopano_$(component) $(component)/
 
 build-base:
 	component=base make build
@@ -26,12 +43,16 @@ build-core:
 build-webapp:
 	component=webapp make build
 
+build-ssl:
+	docker build -t $(docker_repo)/kopano_ssl ssl/
+
 tag: component ?= base
 tag:
 	@echo 'create tag $($(component)_version)'
 	docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):${$(component)_version}
 	@echo 'create tag latest'
 	docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):latest
+	git commit -m 'ci: committing changes for $(component)' -- $(component) || true
 	git tag $(component)/${$(component)_version} || true
 
 tag-base:
@@ -43,14 +64,11 @@ tag-core:
 tag-webapp:
 	component=webapp make tag
 
-git-commit:
-	git add -A && git commit -m "ci: commit changes before tagging"
-
 # Docker publish
 repo-login:
 	docker login -u $(docker_login) -p $(docker_pwd)
 
-publish: git-commit repo-login publish-base publish-core publish-webapp
+publish: repo-login publish-ssl publish-base publish-core publish-webapp
 	git push
 	git push origin --tags
 
@@ -68,3 +86,12 @@ publish-core: build-core tag-core
 
 publish-webapp: build-webapp tag-webapp
 	component=webapp make publish-container
+
+publish-ssl: build-ssl
+	docker push $(docker_repo)/kopano_ssl:latest
+
+test:
+	sudo rm -rf data/
+	make build-all
+	docker-compose build
+	docker-compose up

README.md

@@ -1,321 +1,72 @@
-# Kopano Docker Image
+# (unofficial) Kopano Docker Images
-Unofficial kopano docker images for all kopano services.
-Use kopano_core image for server/spooler/dagent/search/monitor/ical/gateway services.
-Use kopano_webapp for web service.
 
-Building
+This repository contains an easy to replicate recipe to spin up a [Kopano](https://kopano.com/) demo enviroment, which can (through modification of `.env` and possibly `docker-compose.yml`) also be used for production environments.
-=======
-You may use `build.sh` script but you can also invoke `docker build` directly to build community or supported kopano components.
-Currently there are the following components implemented by this project:
-- core (server/spooler/dagent/search/monitor/ical/gateway services)
-- webapp (apache server for kopano webapp and z-push)
 
-### Building community Kopano
+## How to get started?
-Example:
 
-`docker build https://github.com/zokradonh/kopano-docker.git#:core`
+- make sure that you are running a recent enought version of Docker and [Docker Compose](https://docs.docker.com/compose/install/)
+- clone this repository to your local disk
+- run `git submodule update --init --recursive` from within the checkout to also clone submodules
+- run `setup.sh`
+  - this script will ask you a few questions about your environment.
+  - If you are just interested in the demo environment you can accept the default values by pressing `Enter` on each question
+  - afterwards it builds a local image for the demo LDAP and the reverse proxy
+- now run `docker-compose up` and you will see how the remaining Docker images are pulled and then everything is started
+- after startup has succeeded you can access the Kopano WebApp by going to `https://webapp.kopano.demo` (if you have given a differing LDAP Domain name then it will be `https://webapp.your.domain`).
+- you can also access phpLDAPadmin by going to `https://ldap.kopano.demo`
 
-Or use the build.sh script:
+**Note:** For the reverse proxy to work you need to make sure that the given domain resolves to the reverse proxy.
 
-`build.sh -c core`
+The `docker-compose.yml` file by default pulls Docker containers from https://hub.docker.com/r/zokradonh/kopano_core/ and https://hub.docker.com/r/zokradonh/kopano_webapp/. These images are based on the [Kopano nightly builds](https://download.kopano.io/community/) and will contain the latest version available from the time the image was built.
 
-### Building supported Kopano
+### Need to adjust any values after the initial run of `setup.sh`?
-If you have an active Kopano subscription you need specify the following build time arguments:
-- KOPANO_CORE_REPOSITORY_URL to `https://serial:<YOURSERIAL>@download.kopano.io/supported/core:/final/Debian_9.0`
-- RELEASE_KEY_DOWNLOAD to 1
-- DOWNLOAD_COMMUNITY_PACKAGES to 0
 
-Example:
+If you want to modify some of the values from the `setup.sh` run you can simply edit `.env` in your favourite editor. Repeated runs of `setup.sh` will neither modify `docker-compose.yml` nor `.env`. In that file you will also find some given defaults like ldap query filters and the local ports for the Caddy reverse proxy.
 
-`docker build --build-arg KOPANO_CORE_REPOSITORY_URL=https://serial:ABC123456789@download.kopano.io/supported/core:/final/Debian_9.0 --build-arg RELEASE_KEY_DOWNLOAD=1 --build-arg DOWNLOAD_COMMUNITY_PACKAGES=0 https://github.com/zokradonh/kopano-docker.git#:core`
+### How to use a newer version than the one available from the Docker Hub?
 
-Or use the build.sh script:
+In this repository you can also find a Makefile that automates the process of building newer images.
 
-`build.sh -c core -s ABC123456789 -b final`
+You can easily rebuild all images based on the currently available Kopano version by running `make build-all`. To just rebuild a certain image you can also run `make build-core` or `make build-webapp`. Please check the `Makefile` to see other possible targets. (depending on your environment you may also be able to autocomplete with the `Tab` key)
 
-Replace `ABC123456789` with your serial.
+To be able to easily go back to a previous version you can also "tag" you Docker images by running e.g. `make tag-core`.
+
+### How to use the project with the official and supported Kopano releases?
+
+This project also makes it possible to build Docker images based on the official Kopano releases. For this the following section needs to be modified in `.env`:
+
+```
+# Docker Repository to push to
+#docker_repo=zokradonh
+
+# modify below to build a different version, than the kopano nightly release
+#KOPANO_CORE_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/core:/final/Debian_9.0/
+#KOPANO_WEBAPP_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/webapp:/final/Debian_9.0/
+#RELEASE_KEY_DOWNLOAD=1
+#DOWNLOAD_COMMUNITY_PACKAGES=0
+```
+Just uncomment the last four lines and insert your Kopano subscription key where it currently says `REPLACE-ME`. Once this is done a `make build-all` will rebuild the images based on the latest available Kopano release (don't forget to `make tag-core` and `make tag-webapp` your images after building them).
+
+If you are running a private Docker Registry then you may also change `docker_repo` to reference your internal registry.
 
----
 ***WARNING***
 
-The built image now includes your serial. Do not push this image to any public registry like `hub.docker.com`.
+The built image includes your subscription key! Do not push this image to any public registry like e.g. https://hub.docker.com!
 
----
+### Some more commands for those unfamilar with docker-compose
 
-Example
+- Start ``docker-compose-yml`` file in the background: `docker-compose up -d`
-=======
+- Get a status overview of the running containers`: `docker-compose ps`
+- Stop compose running in the background: `docker-compose stop`
+- Destroy local containers and network interfaces: `docker-compose down`
+- Run commands in a running container: `docker-compose exec kserver kopano-cli --list-users`
+- Get logs of a container running in the background: `docker-compose logs -f kserver`
 
-docker-compose.yml
-```YAML
-version: '3'
 
-services:
+## Third party docker images
 
-  kserver:
+The example `docker-compose.yml` uses the following components for the MTA (mail delivery, including anti-spam & anti-virus) and openLDAP. Please consult their documentation for further configuration advice.
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    hostname: kserver
-    container_name: kopano_server
-    links:
-      - db
-    depends_on:
-      - "kssl"
-    environment:
-      - SERVICE_TO_START=server
-      - TZ=Europe/Berlin
-      - KCCONF_SERVER_COREDUMP_ENABLED=no
-      - KCCONF_SERVER_LOG_LEVEL=4
-      - KCCONF_SERVER_MYSQL_HOST=db
-      - KCCONF_SERVER_MYSQL_PORT=3306
-      - KCCONF_SERVER_MYSQL_DATABASE=kopano
-      - KCCONF_SERVER_MYSQL_USER=root
-      - KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD  #change here
-      - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
-      - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
-      - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
-      - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
-      - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld  #change here
-      - KCCONF_SERVER_DISABLED_FEATURES=pop3
-      - KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/
-      - KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport  #change here
-      - KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
-      - KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER  #change here
-      - KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld  #change here
-      - KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
-      - KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
-    networks:
-      - kopanonet
-    volumes:
-      - data:/kopano/data
-      - sslcerts:/kopano/ssl
 
-  kdagent:
+- https://github.com/tomav/docker-mailserver/
-    image: zokradonh/kopano_core:${CORE_VERSION}
+- https://github.com/osixia/docker-openldap
-    container_name: kopano_dagent
+- https://github.com/osixia/docker-phpLDAPadmin
-    links:
-      - kserver
-    volumes:
-      - sslcerts:/kopano/ssl
-    environment:
-      - SERVICE_TO_START=dagent
-      - TZ=Europe/Berlin
-      - KCCONF_DAGENT_LOG_LEVEL=6
-      - KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/
-      - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
-    networks:
-      - kopanonet
-
-  kgateway:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_gateway
-    links:
-      - kserver
-    volumes:
-      - ./gatewaycerts/:/kopano/certs/
-    environment:
-      - SERVICE_TO_START=gateway
-      - TZ=Europe/Berlin
-      - KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
-      - KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here
-      - KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here
-    networks:
-      - kopanonet
-
-  kical:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_ical
-    links:
-      - kserver
-    environment:
-      - SERVICE_TO_START=ical
-      - TZ=Europe/Berlin
-      - KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
-    networks:
-      - kopanonet
-
-  kmonitor:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_monitor
-    links:
-      - kserver
-    volumes:
-      - sslcerts:/kopano/ssl
-    environment:
-      - SERVICE_TO_START=monitor
-      - TZ=Europe/Berlin
-      - KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/
-      - KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem
-    networks:
-      - kopanonet
-
-  ksearch:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_search
-    links:
-      - kserver
-    volumes:
-      - sslcerts:/kopano/ssl
-    environment:
-      - SERVICE_TO_START=search
-      - TZ=Europe/Berlin
-      - KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380
-      - KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/
-      - KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem
-    networks:
-      - kopanonet
-
-  kspooler:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_spooler
-    links:
-      - kserver
-    volumes:
-      - sslcerts:/kopano/ssl
-    environment:
-      - SERVICE_TO_START=spooler
-      - TZ=Europe/Berlin
-      - KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/
-      - KCCONF_SPOOLER_LOG_LEVEL=4
-      - KCCONF_SPOOLER_SMTP_SERVER=kmta
-      - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
-    networks:
-      - kopanonet
-
-  kwebapp:
-    image: zokradonh/kopano_webapp:${WEBAPP_VERSION}
-    hostname: kwebapp
-    container_name: kopano_webapp
-    links:
-      - kserver
-    #ports:
-    #  - "8236:80"
-    #  - "8237:443"
-    volumes:
-      - syncstates:/var/lib/z-push/
-      - sslcerts:/kopano/ssl
-    environment:
-      - TZ=Europe/Berlin
-      - KCCONF_SERVERHOSTNAME=kserver
-      - KCCONF_SERVERPORT=237
-    networks:
-      - web
-      - kopanonet
-
-  kssl:
-    image: zokradonh/kopano_ssl
-    container_name: kopano_ssl
-    volumes:
-      - sslcerts:/kopano/ssl
-
-  kmta:
-    image: tvial/docker-mailserver:latest
-    hostname: myhost #change here
-    domainname: domain.tld #change here
-    #dns: 127.0.0.1
-    container_name: kopano_mta
-    #links:
-    #  - adtunnel
-    ports:
-      - "25:25"
-    #  - "143:143"
-    #  - "587:587"
-    #  - "993:993"
-    volumes:
-      - tmpmaildata:/var/mail
-      - tmpmailstate:/var/mail-state
-      - ./mtaconfig/:/tmp/docker-mailserver/ # create this dir
-    environment:
-      - TZ=Europe/Berlin
-      - ENABLE_SPAMASSASSIN=1
-      - ENABLE_CLAMAV=1
-      - ENABLE_FAIL2BAN=1
-      - ENABLE_POSTGREY=1
-      - TLS_LEVEL=intermediate
-      - POSTGREY_DELAY=10
-      - ONE_DIR=1
-      - DMS_DEBUG=0
-      - ENABLE_LDAP=1
-      - LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here
-      - LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
-      - LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
-      - LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here
-      - LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s)))
-      - LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
-      - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
-      - LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group)))
-      - ENABLE_SASLAUTHD=1
-      - SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here
-      - SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
-      - SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER  #change here
-      - SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld  #change here
-      - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
-      - SASLAUTHD_MECHANISMS=ldap
-      - POSTMASTER_ADDRESS=postmaster@domain.tld #change here
-      - SMTP_ONLY=1
-      - PERMIT_DOCKER=network
-      - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
-      - POSTFIX_DAGENT=lmtp:kdagent:2003
-      - REPORT_RECIPIENT=1
-    networks:
-      - kopanonet
-    cap_add:
-      - NET_ADMIN
-      - SYS_PTRACE
-
-  db:
-    image: mariadb
-    restart: always
-    container_name: kopano_db
-    volumes:
-      - db:/var/lib/mysql
-    environment:
-      - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD  #change here
-      - MYSQL_PASSWORD=YOUR_PASSWORD #change here
-      - MYSQL_DATABASE=kopano
-      - MYSQL_USER=kopano
-    networks:
-      - kopanonet
-
-volumes:
-  db:
-  data:
-  syncstates:
-  sslcerts:
-  tmpmaildata:
-  tmpmailstate:
-
-networks:
-  web: # this requires an external docker container that is a http reverse proxy (e.g. haproxy)
-    external:
-      name: haproxy_webrproxynet
-  kopanonet:
-    driver: bridge
-```
-
-Requires haproxy network for http reverse proxy.
-Change all lines which are commented especially those with #change here
-
-This is just a quick example docker-compose.yml made in some minutes to provide a better start.
-
-Requires `.env` file next to docker-compose.yml with content like this
-```INI
-CORE_VERSION=8.6.80.1055-0plus156.1
-WEBAPP_VERSION=3.4.17.1565plus895.1
-```
-
-Requires `ldap-groups.cf` in ./mtaconfig directory next to docker-compose.yml
-```INI
-bind                     = yes
-bind_dn                  = cn=admin,dc=domain,dc=com
-bind_pw                  = admin
-query_filter             = (&(mailGroupMember=%s)(mailEnabled=TRUE))
-result_attribute         = mail
-search_base              = ou=people,dc=domain,dc=com
-server_host              = mail.domain.com
-start_tls                = no
-version                  = 3
-leaf_result_attribute = mail
-special_result_attribute = member
-```
-Now group members of Active Directory groups can be found by postfix.
-
-Furthermore you can use this directory for opendkim - see kmta's image for details.

TODO

@@ -0,0 +1,6 @@
+- How to execute `kopano-cli --list-users` and `kopano-storeadm -h default: -P` after kopano-server has been started?
+  - `--list-users` should be run in regular intervals
+  - `kopano-storeadm` just needs to be run after startup, multiple executions do not harm
+- ssl config for ical and gateway
+- ldap indices
+- Won't fix: Kopano 8.6.x dagent won't start because of an incompatible configuration. A fix for this should be only present in a dedicated branch

base/Dockerfile

@@ -31,6 +31,9 @@ RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
     dpkg-reconfigure --frontend=noninteractive locales && \
     update-locale LANG=en_US.UTF-8
 
+ENV DOCKERIZE_VERSION v0.6.1
+RUN curl -L https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz | tar xzvf - -C /usr/local/bin
+
 ARG ADDITIONAL_KOPANO_PACKAGES=""
 ARG DOWNLOAD_COMMUNITY_PACKAGES=1
 ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core"

build.sh

@@ -1,137 +0,0 @@
-#!/bin/bash
-
-set -eu
-
-branch="master"
-buildcontext_base="https://github.com/zokradonh/kopano-docker.git#:"
-customBuildArgs=()
-serial=""
-component=""
-nocache=""
-
-. ./base/create-kopano-repo.sh
-
-function _usage()
-{
-    echo "Usage: build.sh -c core|webapp [-s serial] [-b master|final|pre-final] [-p buildcontext] [[-a buildarg] ...] [-i]"
-    echo "Example: build.sh -c core -s ABC123456789DEF -b final"
-    echo "-c   The Kopano component to be built."
-    echo "-s   Provide serial if you want to build from supported repository."
-    echo "-i   Do not use cache on docker build."
-    echo "-b   If no branch is specified, 'master' will be built by default."
-    echo "-p   If no buildcontext is specified, it will be built from git repository. Normally, you do not need to specify this."
-    echo "-a   You can specify custom build args via e.g. -a ADDITIONAL_KOPANO_PACKAGES=kopano-migration-imap"
-}
-
-while getopts ":s:c:b:p:a:i" opt; do
-    case $opt in
-        s)
-            serial=$OPTARG
-        ;;
-        c)
-            component=${OPTARG,,}
-        ;;
-        b)
-            branch=${OPTARG,,}
-        ;;
-        p)
-            buildcontext_base=$OPTARG
-        ;;
-        a)
-            customBuildArgs[${#customBuildArgs[*]}]=$OPTARG
-        ;;
-        i)
-            nocache="--no-cache"
-        ;;
-        \?)
-            _usage
-            exit 1
-        ;;
-        :)
-            echo "Option -$OPTARG requires an argument."
-            exit 1
-        ;;
-    esac
-done
-
-case "$component" in
-    core)
-        mainpackage="kopano-server"
-        ;;
-    webapp)
-        mainpackage="kopano-webapp"
-        ;;
-    *)
-        _usage
-        exit 1
-esac
-
-customBuildString=""
-# prepare custom build args
-if [[ ${customBuildArgs[@]:+${customBuildArgs[@]}} ]];
-then
-    for buildArg in "${customBuildArgs[@]}"
-    do
-        customBuildString="$customBuildString --build-arg $buildArg"
-    done
-fi
-
-if [ ! -z "$serial" ]
-then
-
-    # start build of supported kopano
-    # get current version to brand and tag the image correctly
-    currentVersion=$(curl -s -S -L "https://serial:$serial@download.kopano.io/supported/$component:/$branch/Debian_9.0/Packages.gz" |\
-                        gzip -d | grep -A 8 "^Package: $mainpackage$" | awk '/Version/ { print $2 }')
-
-    # webapp also needs core repository
-    if [ "$component" == "webapp" ]
-    then
-        customBuildString="$customBuildString --build-arg KOPANO_CORE_REPOSITORY_URL=https://serial:$serial@download.kopano.io/supported/core:/$branch/Debian_9.0"
-    fi
-
-    echo "Start building supported kopano $component image version ($currentVersion)..."
-    set -x
-    # build it
-    if docker build --pull \
-                 --build-arg "KOPANO_${component^^}_REPOSITORY_URL=https://serial:$serial@download.kopano.io/supported/$component:/$branch/Debian_9.0" \
-                 --build-arg RELEASE_KEY_DOWNLOAD=1 \
-                 --build-arg "DOWNLOAD_COMMUNITY_PACKAGES=0" \
-                 --build-arg "KOPANO_${component^^}_VERSION=$currentVersion" \
-                 -t "zokradonh/kopano_$component:${currentVersion//+/plus}" \
-                 -t "zokradonh/kopano_$component:latest-$branch" \
-                 $nocache \
-                 $customBuildString \
-                 "${buildcontext_base}${component}"
-    then 
-        set +x
-        echo "Please note that this image does include your serial. If you publish this image then your serial is exposed to public."
-    fi
-else
-    # start build of community kopano
-
-    
-    if ! hash jq
-    then
-        echo "Please install jq in order to run this build script."
-        exit 1
-    fi
-
-    # query community server by h5ai API
-    filename=$(h5ai_query "$component")
-
-    currentVersion=$(version_from_filename "$filename")
-
-    echo "Start building community kopano $component image version ($currentVersion)..."
-    set -x
-    # build it
-    docker build --pull \
-                 -t "zokradonh/kopano_$component:${currentVersion//+/plus}" \
-                 -t "zokradonh/kopano_$component:latest-$branch" \
-                 -t "zokradonh/kopano_$component:latest" \
-                 --build-arg "KOPANO_${component^^}_VERSION=$currentVersion" \
-                 $nocache \
-                 $customBuildString \
-                 "${buildcontext_base}${component}"
-    set +x
-fi

caddy

@@ -0,0 +1 @@
+Subproject commit 90af1a372ff79ced472c646f12fc252b024ab7be

core/Dockerfile

@@ -1,4 +1,5 @@
-FROM zokradonh/kopano_base
+ARG docker_repo=zokradonh
+FROM ${docker_repo}/kopano_base
 
 ARG ADDITIONAL_KOPANO_PACKAGES=""
 ARG DOWNLOAD_COMMUNITY_PACKAGES=1
@@ -15,10 +16,8 @@ RUN \
         dl_and_package_community "core"; \
     fi; \
     echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
-    # save kopano version if supported kopano
+    # save kopano version
-    if [ ! -f /kopano/buildversion ]; then \
+    echo "core-${KOPANO_CORE_VERSION}" > /kopano/buildversion; \
-        echo "core-${KOPANO_CORE_VERSION}" > /kopano/buildversion; \
-    fi; \
     # install apt key if supported kopano
     if [ ${RELEASE_KEY_DOWNLOAD} -eq 1 ]; then \
         curl -s -S -o - "${KOPANO_CORE_REPOSITORY_URL}/Release.key" | apt-key add -; \
@@ -47,3 +46,6 @@ COPY kcconf.py defaultconfigs/ start-service.sh /kopano/
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 
 CMD [ "/kopano/start-service.sh" ]
+
+HEALTHCHECK --interval=30s --timeout=60s \
+	CMD /kopano/healthcheck.sh

core/defaultconfigs/server.py

@@ -9,7 +9,7 @@ kcconf.configkopano({
         'log_level': "3",
         'attachment_path': "/kopano/data/attachments/",
         'user_plugin': "ldap",
-        'server_listen': "",
+        'server_listen': "*:236",
         'server_listen_tls': "*:237"
     }
 })

core/healthcheck.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -ex
+
+exit 0

core/kcconf.py

@@ -1,77 +1,77 @@
-"""This module provides functions for easy editing of kopano config files
+"""This module provides functions for easy editing of kopano config files
-via environment variables"""
+via environment variables"""
-
+
-import re
+import re
-import os
+import os
-import os.path
+import os.path
-
+
-def configkopano(configs):
+def configkopano(configs):
-    """ Changes configuration files according to configs typically returned from parseenvironmentvariables(..)"""
+    """ Changes configuration files according to configs typically returned from parseenvironmentvariables(..)"""
-    for filename, config in configs.items():
+    for filename, config in configs.items():
-        if not os.path.exists(filename):
+        if not os.path.exists(filename):
-            return
+            return
-        # read configuration file
+        # read configuration file
-        with open(filename) as f:
+        with open(filename) as f:
-            contents = f.read()
+            contents = f.read()
-        f.close()
+        f.close()
-
+
-        for key, newvalue in config.items():
+        for key, newvalue in config.items():
-            if key == "kccomment":
+            if key == "kccomment":
-                # comment lines
+                # comment lines
-                for line in newvalue:
+                for line in newvalue:
-                    contents = re.sub(r"^\s*" + re.escape(line), r"#{}".format(line), contents, 0, re.MULTILINE)
+                    contents = re.sub(r"^\s*" + re.escape(line), r"#{}".format(line), contents, 0, re.MULTILINE)
-            elif key == "kcuncomment":
+            elif key == "kcuncomment":
-                # uncomment lines
+                # uncomment lines
-                for line in newvalue:
+                for line in newvalue:
-                    contents = re.sub(r"^\s*#\s*" + re.escape(line) , line, contents, 0, re.MULTILINE)
+                    contents = re.sub(r"^\s*#\s*" + re.escape(line) , line, contents, 0, re.MULTILINE)
-            else:
+            else:
-                # find config line
+                # find config line
-                if re.search(r"^\s*#?\s*{}\s*=.*".format(key), contents, re.MULTILINE) == None:
+                if re.search(r"^\s*#?\s*{}\s*=.*".format(key), contents, re.MULTILINE) == None:
-                    # add configuration as new line
+                    # add configuration as new line
-                    contents += "\n{} = {}".format(key, newvalue)
+                    contents += "\n{} = {}".format(key, newvalue)
-                else:
+                else:
-                    # change existing line
+                    # change existing line
-                    contents = re.sub(r"^\s*#?\s*{}\s*=.*".format(key), r"{} = {}".format(key, newvalue), contents, 0, re.MULTILINE)
+                    contents = re.sub(r"^\s*#?\s*{}\s*=.*".format(key), r"{} = {}".format(key, newvalue), contents, 0, re.MULTILINE)
-
+
-        # save new configuration
+        # save new configuration
-        with open(filename, "w") as f:
+        with open(filename, "w") as f:
-            f.write(contents)
+            f.write(contents)
-        f.close()
+        f.close()
-
+
-def parseenvironmentvariables(prependingpath):
+def parseenvironmentvariables(prependingpath):
-    """ Parse all environment variables starting with KCCONF_, KCCOMMENT_ and KCUNCOMMENT_ and 
+    """ Parse all environment variables starting with KCCONF_, KCCOMMENT_ and KCUNCOMMENT_ and
-    return as multi dimensional dict """
+    return as multi dimensional dict """
-    configs = dict()
+    configs = dict()
-
+
-    for name, value in os.environ.items():
+    for name, value in os.environ.items():
-        # parse change/add configuration commands
+        # parse change/add configuration commands
-        namematch = re.match(r"^KCCONF_([A-Z]+)_([A-Z0-9_]+)$", name)
+        namematch = re.match(r"^KCCONF_([A-Z]+)_([A-Z0-9_]+)$", name)
-        if namematch != None:
+        if namematch != None:
-            filename = namematch.group(1).lower() + ".cfg"
+            filename = namematch.group(1).lower() + ".cfg"
-            if prependingpath + filename not in configs:
+            if prependingpath + filename not in configs:
-                configs[prependingpath + filename] = dict()
+                configs[prependingpath + filename] = dict()
-            confkey = namematch.group(2).lower()
+            confkey = namematch.group(2).lower()
-            configs[prependingpath + filename][confkey] = value
+            configs[prependingpath + filename][confkey] = value
-        # parse comment configuration commands
+        # parse comment configuration commands
-        commentmatch = re.match(r"^KCCOMMENT_([A-Z]+)_([A-Z0-9_]+)$", name)
+        commentmatch = re.match(r"^KCCOMMENT_([A-Z]+)_([A-Z0-9_]+)$", name)
-        if commentmatch != None:
+        if commentmatch != None:
-            filename = commentmatch.group(1).lower() + ".cfg"
+            filename = commentmatch.group(1).lower() + ".cfg"
-            if prependingpath + filename not in configs:
+            if prependingpath + filename not in configs:
-                configs[prependingpath + filename] = dict()
+                configs[prependingpath + filename] = dict()
-            try: 
+            try:
-                configs[prependingpath + filename]["kccomment"].append(value)
+                configs[prependingpath + filename]["kccomment"].append(value)
-            except KeyError:
+            except KeyError:
-                configs[prependingpath + filename]["kccomment"] = []
+                configs[prependingpath + filename]["kccomment"] = []
-                configs[prependingpath + filename]["kccomment"].append(value)
+                configs[prependingpath + filename]["kccomment"].append(value)
-        # parse uncomment configuration commands
+        # parse uncomment configuration commands
-        uncommentmatch = re.match(r"^KCUNCOMMENT_([A-Z]+)_([A-Z0-9_]+)$", name)
+        uncommentmatch = re.match(r"^KCUNCOMMENT_([A-Z]+)_([A-Z0-9_]+)$", name)
-        if uncommentmatch != None:
+        if uncommentmatch != None:
-            filename = uncommentmatch.group(1).lower() + ".cfg"
+            filename = uncommentmatch.group(1).lower() + ".cfg"
-            if prependingpath + filename not in configs:
+            if prependingpath + filename not in configs:
-                configs[prependingpath + filename] = dict()
+                configs[prependingpath + filename] = dict()
-            try: 
+            try:
-                configs[prependingpath + filename]["kcuncomment"].append(value)
+                configs[prependingpath + filename]["kcuncomment"].append(value)
-            except KeyError:
+            except KeyError:
-                configs[prependingpath + filename]["kcuncomment"] = []
+                configs[prependingpath + filename]["kcuncomment"] = []
-                configs[prependingpath + filename]["kcuncomment"].append(value)
+                configs[prependingpath + filename]["kcuncomment"].append(value)
-    return configs
+    return configs

core/start-service.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
+
 set -eu # unset variables are errors & non-zero return values exit the whole script
 
 if [ ! -e /kopano/$SERVICE_TO_START.py ]
@@ -8,6 +10,13 @@ then
     exit 1
 fi
 
+[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && apt update
+[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && for installpkg in "$ADDITIONAL_KOPANO_PACKAGES"; do
+	if [ $(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
+		apt --assume-yes install $installpkg;
+	fi
+done
+
 mkdir -p /kopano/data/attachments /tmp/$SERVICE_TO_START /var/run/kopano
 
 echo "Configure core service '$SERVICE_TO_START'" | ts
@@ -17,9 +26,6 @@ echo "Set ownership" | ts
 chown -R kopano:kopano /run /tmp
 chown kopano:kopano /kopano/data/ /kopano/data/attachments
 
-echo "Clean old pid files and sockets" | ts
-rm -f /var/run/kopano/*
-
 # allow helper commands given by "docker-compose run"
 if [ $# -gt 0 ]
 then
@@ -29,28 +35,52 @@ fi
 
 # start regular service
 case "$SERVICE_TO_START" in
-    server)
+server)
-        exec /usr/sbin/kopano-server -F
+	exec dockerize \
-        ;;
+		-wait file://$KCCONF_SERVER_SERVER_SSL_CA_FILE \
-    dagent)
+		-wait file://$KCCONF_SERVER_SERVER_SSL_KEY_FILE \
-        exec /usr/sbin/kopano-dagent -l
+		-wait tcp://db:3306 \
-        ;;
+		-timeout 360s \
-    gateway)
+		/usr/sbin/kopano-server -F
-        exec /usr/sbin/kopano-gateway -F
+	;;
-        ;;
+dagent)
-    ical)
+	exec dockerize \
-        exec /usr/sbin/kopano-ical -F
+		-wait file://var/run/kopano/server.sock \
-        ;;
+		-timeout 360s \
-    monitor)
+		/usr/sbin/kopano-dagent -l
-        exec /usr/sbin/kopano-monitor -F
+	;;
-        ;;
+gateway)
-    search)
+	exec dockerize \
-        exec /usr/bin/python /usr/sbin/kopano-search -F
+		-wait tcp://kserver:236 \
-        ;;
+		-timeout 360s \
-    spooler)
+		/usr/sbin/kopano-gateway -F
-        exec /usr/sbin/kopano-spooler -F
+	;;
-        ;;
+ical)
-    *)
+	exec dockerize \
-        echo "Failed to start: Unknown service name: '$SERVICE_TO_START'" | ts
+		-wait tcp://kserver:236 \
-        exit 1
+		-timeout 360s \
+		/usr/sbin/kopano-ical -F
+	;;
+monitor)
+	exec dockerize \
+		-wait file://var/run/kopano/server.sock \
+		-timeout 360s \
+		/usr/sbin/kopano-monitor -F
+	;;
+search)
+	exec dockerize \
+		-wait file://var/run/kopano/server.sock \
+		-timeout 360s \
+		/usr/bin/python /usr/sbin/kopano-search -F
+	;;
+spooler)
+	exec dockerize \
+		-wait file://var/run/kopano/server.sock \
+		-wait tcp://mail:25 \
+		-timeout 1080s \
+		/usr/sbin/kopano-spooler -F
+	;;
+*)
+	echo "Failed to start: Unknown service name: '$SERVICE_TO_START'" | ts
+	exit 1
 esac

docker-compose.yml-example

@@ -1,208 +1,108 @@
-version: '3'
+version: "3"
 
 services:
-
+  web:
-  kserver:
+    build: caddy/
-    image: zokradonh/kopano_core:${CORE_VERSION}
+    #image: abiosoft/caddy:0.10.4
-    hostname: kserver
+    container_name: web
-    container_name: kopano_server
+    restart: always
+    privileged: true
     links:
-      - db
+      - kwebapp
-    depends_on:
+      #- kzpush
-      - "kssl"
+    ports:
-    environment:
+      - "2015:2015"
-      - SERVICE_TO_START=server
+      - "${HTTP}:80"
-      - TZ=Europe/Berlin
+      - "${HTTPS}:443"
-      - KCCONF_SERVER_COREDUMP_ENABLED=no
-      - KCCONF_SERVER_LOG_LEVEL=4
-      - KCCONF_SERVER_MYSQL_HOST=db
-      - KCCONF_SERVER_MYSQL_PORT=3306
-      - KCCONF_SERVER_MYSQL_DATABASE=kopano
-      - KCCONF_SERVER_MYSQL_USER=root
-      - KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD  #change here
-      - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
-      - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
-      - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
-      - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
-      - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld  #change here
-      - KCCONF_SERVER_DISABLED_FEATURES=pop3
-      - KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/
-      - KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport  #change here
-      - KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
-      - KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER  #change here
-      - KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld  #change here
-      - KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
-      - KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
-    networks:
-      - kopanonet
     volumes:
-      - data:/kopano/data
+      - /var/run/docker.sock:/var/run/docker.sock
-      - sslcerts:/kopano/ssl
+      - ./data/web:/root/.caddy
-
-  kdagent:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_dagent
-    links:
-      - kserver
-    volumes:
-      - sslcerts:/kopano/ssl
-    environment:
-      - SERVICE_TO_START=dagent
-      - TZ=Europe/Berlin
-      - KCCONF_DAGENT_LOG_LEVEL=6
-      - KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/
-      - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
-    networks:
-      - kopanonet
-
-  kgateway:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_gateway
-    links:
-      - kserver
-    volumes:
-      - ./gatewaycerts/:/kopano/certs/
-    environment:
-      - SERVICE_TO_START=gateway
-      - TZ=Europe/Berlin
-      - KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
-      - KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here
-      - KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here
-    networks:
-      - kopanonet
-
-  kical:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_ical
-    links:
-      - kserver
-    environment:
-      - SERVICE_TO_START=ical
-      - TZ=Europe/Berlin
-      - KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
-    networks:
-      - kopanonet
-
-  kmonitor:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_monitor
-    links:
-      - kserver
-    volumes:
-      - sslcerts:/kopano/ssl
-    environment:
-      - SERVICE_TO_START=monitor
-      - TZ=Europe/Berlin
-      - KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/
-      - KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem
-    networks:
-      - kopanonet
-
-  ksearch:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_search
-    links:
-      - kserver
-    volumes:
-      - sslcerts:/kopano/ssl
-    environment:
-      - SERVICE_TO_START=search
-      - TZ=Europe/Berlin
-      - KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380
-      - KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/
-      - KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem
-    networks:
-      - kopanonet
-
-  kspooler:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_spooler
-    links:
-      - kserver
-    volumes:
-      - sslcerts:/kopano/ssl
-    environment:
-      - SERVICE_TO_START=spooler
-      - TZ=Europe/Berlin
-      - KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/
-      - KCCONF_SPOOLER_LOG_LEVEL=4
-      - KCCONF_SPOOLER_SMTP_SERVER=kmta
-      - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
-    networks:
-      - kopanonet
-
-  kwebapp:
-    image: zokradonh/kopano_webapp:${WEBAPP_VERSION}
-    hostname: kwebapp
-    container_name: kopano_webapp
-    links:
-      - kserver
-    #ports:
-    #  - "8236:80"
-    #  - "8237:443"
-    volumes:
-      - syncstates:/var/lib/z-push/
-      - sslcerts:/kopano/ssl
-    environment:
-      - TZ=Europe/Berlin
-      - KCCONF_SERVERHOSTNAME=kserver
-      - KCCONF_SERVERPORT=237
     networks:
       - web
+
+  ldap:
+    build: ldap/
+    #image: osixia/openldap:1.2.2
+    container_name: ldap
+    ports:
+      - 389:389
+    environment:
+      - LDAP_ORGANISATION=${LDAP_ORGANISATION}
+      - LDAP_DOMAIN=${LDAP_DOMAIN}
+      - LDAP_BASE_DN=${LDAP_BASE_DN}
+      - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
+      - LDAP_READONLY_USER=true
+      - LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
+    command: "--loglevel debug --copy-service"
+    volumes:
+      - ./data/ldap/var/lib/ldap:/var/lib/ldap
+      - ./data/ldap/etc/ldap/slapd.d:/etc/ldap/slapd.d
+    networks:
       - kopanonet
 
-  kssl:
-    image: zokradonh/kopano_ssl
-    container_name: kopano_ssl
-    volumes:
-      - sslcerts:/kopano/ssl
 
-  kmta:
+  ldap-admin:
-    image: tvial/docker-mailserver:latest
+    image: osixia/phpldapadmin:0.7.2
-    hostname: myhost #change here
+    container_name: ldap-admin
-    domainname: domain.tld #change here
+    depends_on:
-    #dns: 127.0.0.1
+      - ldap
-    container_name: kopano_mta
+    environment:
-    #links:
+      - PHPLDAPADMIN_LDAP_HOSTS=ldap
-    #  - adtunnel
+      - PHPLDAPADMIN_HTTPS=false
+      - CADDY_HOST=${LDAP_HOST}
+      - CADDY_PORT=80
+      - CADDY_PROXY_PARAMS=transparent
+      - CADDY_TLS_SELFSIGNED
+    command: -l debug
+    links:
+      - ldap
+    networks:
+      - web
+
+  mail:
+    image: tvial/docker-mailserver:release-v6.1.0
+    restart: always
+    hostname: mail
+    domainname: ${LDAP_DOMAIN}
+    container_name: mail
+    depends_on:
+      - ldap
+    links:
+      - ldap
     ports:
       - "25:25"
-    #  - "143:143"
-    #  - "587:587"
-    #  - "993:993"
     volumes:
-      - tmpmaildata:/var/mail
+      - ./data/mail/data:/var/mail
-      - tmpmailstate:/var/mail-state
+      - ./data/mail/state:/var/mail-state
-      - ./mtaconfig/:/tmp/docker-mailserver/ # create this dir
+      - ./data/mtaconfig:/tmp/docker-mailserver/
     environment:
-      - TZ=Europe/Berlin
+      - TZ=${TZ}
       - ENABLE_SPAMASSASSIN=1
       - ENABLE_CLAMAV=1
       - ENABLE_FAIL2BAN=1
       - ENABLE_POSTGREY=1
-      - TLS_LEVEL=intermediate
-      - POSTGREY_DELAY=10
       - ONE_DIR=1
       - DMS_DEBUG=0
+      - SSL_TYPE=self-signed
       - ENABLE_LDAP=1
-      - LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here
+      - LDAP_SERVER_HOST=${LDAP_SERVER}
-      - LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
+      - LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
-      - LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
+      - LDAP_BIND_DN=${LDAP_BIND_DN}
-      - LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here
+      - LDAP_BIND_PW=${LDAP_BIND_PW}
-      - LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s)))
+      - LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER}
-      - LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
+      - LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
-      - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
+      - LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
-      - LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group)))
+      - LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
       - ENABLE_SASLAUTHD=1
-      - SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here
+      - SASLAUTHD_LDAP_SERVER=${LDAP_SERVER}
-      - SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
+      - SASLAUTHD_LDAP_BIND_DN=${LDAP_BIND_DN}
-      - SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER  #change here
+      - SASLAUTHD_LDAP_PASSWORD=${LDAP_BIND_PW}
-      - SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld  #change here
+      - SASLAUTHD_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
-      - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
+      - SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
       - SASLAUTHD_MECHANISMS=ldap
-      - POSTMASTER_ADDRESS=postmaster@domain.tld #change here
+      - POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
       - SMTP_ONLY=1
-      - PERMIT_DOCKER=network
+      - PERMIT_DOCKER=host
       - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
       - POSTFIX_DAGENT=lmtp:kdagent:2003
       - REPORT_RECIPIENT=1
@@ -213,30 +113,186 @@ services:
       - SYS_PTRACE
 
   db:
-    image: mariadb
+    image: mariadb:10.3.10-bionic
     restart: always
     container_name: kopano_db
     volumes:
-      - db:/var/lib/mysql
+      - ./data/mysql/:/var/lib/mysql
     environment:
-      - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD  #change here
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
-      - MYSQL_PASSWORD=YOUR_PASSWORD #change here
+      - MYSQL_USER=${MYSQL_USER}
-      - MYSQL_DATABASE=kopano
+      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
-      - MYSQL_USER=kopano
+      - MYSQL_DATABASE=${MYSQL_DATABASE}
+    healthcheck:
+      test: ["CMD-SHELL", 'mysql --database=$$MYSQL_DATABASE --password=$$MYSQL_ROOT_PASSWORD --execute="SELECT count(table_name) > 0 FROM information_schema.tables;" --skip-column-names -B']
+      interval: 30s
+      timeout: 10s
+      retries: 4
+    networks:
+      - kopanonet
+  
+  kssl:
+    image: ${docker_repo:?err}/kopano_ssl
+    container_name: kopano_ssl
+    volumes:
+      - ./data/ssl/:/kopano/ssl
+
+  kserver:
+    image: ${docker_repo}/kopano_core:${CORE_VERSION}
+    hostname: kserver
+    container_name: kopano_server
+    links:
+      - db
+      - ldap
+    depends_on:
+      - db
+      - ldap
+      - kssl
+    environment:
+      - SERVICE_TO_START=server
+      - TZ=${TZ}
+      - KCCONF_SERVER_COREDUMP_ENABLED=no
+      - KCCONF_SERVER_LOG_LEVEL=4
+      - KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
+      - KCCONF_SERVER_MYSQL_PORT=3306
+      - KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE}
+      - KCCONF_SERVER_MYSQL_USER=${MYSQL_USER}
+      - KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD}
+      - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
+      - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
+      - KCCONF_SERVER_SERVER_NAME=Kopano
+      - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
+      - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
+      - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS}
+      - KCCONF_LDAP_LDAP_URI=${LDAP_SERVER}
+      - KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN}
+      - KCCONF_LDAP_LDAP_BIND_PASSWD=${LDAP_BIND_PW}
+      - KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
+      - KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1}
+      - KCCOMMENT_LDAP_1=${KCCOMMENT_LDAP_1}
+      #- ADDITIONAL_KOPANO_PACKAGES=kopano-migration-imap
+    networks:
+      - kopanonet
+    volumes:
+      - ./data/kopano/:/kopano/data
+      - ./data/ssl/:/kopano/ssl
+      - ./data/socket/:/run/kopano
+
+  kwebapp:
+    image: ${docker_repo:?err}/kopano_webapp:${WEBAPP_VERSION}
+    hostname: kwebapp
+    container_name: kopano_webapp
+    links:
+      - kserver
+    volumes:
+      - ./data/z-push-states/:/var/lib/z-push/
+      - ./data/ssl/:/kopano/ssl
+      - ./data/socket/:/run/kopano
+    environment:
+      - TZ=${TZ}
+      - CADDY_HOST=${WEBAPP_HOST}
+      - CADDY_PROXY_PARAMS=transparent
+      - CADDY_TLS_SELFSIGNED
+    networks:
+      - web
+      - kopanonet
+
+  kdagent:
+    image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
+    container_name: kopano_dagent
+    links:
+      - kserver
+    volumes:
+      - ./data/ssl/:/kopano/ssl
+      - ./data/socket/:/run/kopano
+    environment:
+      - SERVICE_TO_START=dagent
+      - TZ=${TZ}
+      - KCCONF_DAGENT_LOG_LEVEL=6
+      - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
     networks:
       - kopanonet
 
-volumes:
+  kspooler:
-  db:
+    image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
-  data:
+    container_name: kopano_spooler
-  syncstates:
+    hostname: spooler
-  sslcerts:
+    domainname: ${LDAP_DOMAIN}
-  tmpmaildata:
+    links:
-  tmpmailstate:
+      - kserver
+    volumes:
+      - ./data/ssl/:/kopano/ssl
+      - ./data/socket/:/run/kopano
+    environment:
+      - SERVICE_TO_START=spooler
+      - TZ=${TZ}
+      - KCCONF_SPOOLER_LOG_LEVEL=4
+      - KCCONF_SPOOLER_SMTP_SERVER=mail
+      - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
+    networks:
+      - kopanonet
+
+  kgateway:
+    image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
+    container_name: kopano_gateway
+    links:
+      - kserver
+    volumes:
+      - ./data/ssl/:/kopano/ssl
+      - ./data/socket/:/run/kopano
+    environment:
+      - SERVICE_TO_START=gateway
+      - TZ=${TZ}
+      - KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
+      - KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here
+      - KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here
+    networks:
+      - kopanonet
+
+  kical:
+    image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
+    container_name: kopano_ical
+    links:
+      - kserver
+    volumes:
+      - ./data/ssl/:/kopano/ssl
+      - ./data/socket/:/run/kopano
+    environment:
+      - SERVICE_TO_START=ical
+      - TZ=${TZ}
+      - KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
+    networks:
+      - kopanonet
+
+  kmonitor:
+    image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
+    container_name: kopano_monitor
+    links:
+      - kserver
+    volumes:
+      - ./data/ssl/:/kopano/ssl
+      - ./data/socket/:/run/kopano
+    environment:
+      - SERVICE_TO_START=monitor
+      - TZ=${TZ}
+    networks:
+      - kopanonet
+
+  ksearch:
+    image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
+    container_name: kopano_search
+    links:
+      - kserver
+    volumes:
+      - ./data/ssl/:/kopano/ssl
+      - ./data/socket/:/run/kopano
+    environment:
+      - SERVICE_TO_START=search
+      - TZ=${TZ}
+    networks:
+      - kopanonet
 
 networks:
-  web: # this requires an external docker container that is a http reverse proxy (e.g. haproxy)
+  web:
-    external:
-      name: haproxy_webrproxynet
   kopanonet:
     driver: bridge

ldap/Dockerfile

@@ -0,0 +1,5 @@
+FROM osixia/openldap:1.2.2
+
+ADD bootstrap /container/service/slapd/assets/config/bootstrap
+RUN rm /container/service/slapd/assets/config/bootstrap/schema/mmc/mail.schema
+RUN touch /etc/ldap/slapd.conf

ldap/bootstrap/schema/mmc/kopano.schema

@@ -0,0 +1,336 @@
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.1
+	NAME 'kopanoQuotaOverride'
+	DESC 'KOPANO: Override child quota'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.2
+	NAME 'kopanoQuotaWarn'
+	DESC 'KOPANO: Warning quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.3
+	NAME 'kopanoQuotaSoft'
+	DESC 'KOPANO: Soft quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.4
+	NAME 'kopanoQuotaHard'
+	DESC 'KOPANO: Hard quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.5
+	NAME 'kopanoUserDefaultQuotaOverride'
+	DESC 'KOPANO: Override User default quota for children'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.6
+	NAME 'kopanoUserDefaultQuotaWarn'
+	DESC 'KOPANO: User default warning quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.7
+	NAME 'kopanoUserDefaultQuotaSoft'
+	DESC 'KOPANO: User default soft quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.8
+	NAME 'kopanoUserDefaultQuotaHard'
+	DESC 'KOPANO: User default hard quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.1
+	NAME 'kopanoAdmin'
+	DESC 'KOPANO: Administrator of kopano'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.2
+	NAME 'kopanoSharedStoreOnly'
+	DESC 'KOPANO: is store a shared store'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.3
+	NAME 'kopanoAccount'
+	DESC 'KOPANO: entry is a part of kopano'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.4
+	NAME 'kopanoSendAsPrivilege'
+	DESC 'KOPANO: Users may directly send email as this user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.5
+	NAME 'kopanoMrAccept'
+	DESC 'KOPANO: user should auto-accept meeting requests'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.6
+	NAME 'kopanoMrDeclineConflict'
+	DESC 'KOPANO: user should automatically decline conflicting meeting requests'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.7
+	NAME 'kopanoMrDeclineRecurring'
+	DESC 'KOPANO: user should automatically decline recurring meeting requests'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+	
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.8
+	NAME 'kopanoId'
+	DESC 'KOPANO: Generic unique ID'
+	EQUALITY octetStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )	
+	
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.9
+	NAME 'kopanoResourceType'
+	DESC 'KOPANO: for shared stores, resource is type Room or Equipment'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.10
+	NAME 'kopanoResourceCapacity'
+	DESC 'KOPANO: number of rooms or equipment available'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.11
+	NAME 'kopanoHidden'
+	DESC 'KOPANO: This object should be hidden from address book'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.13
+	NAME 'kopanoEnabledFeatures'
+	DESC 'KOPANO: This user has these features explicitly enabled'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.14
+	NAME 'kopanoDisabledFeatures'
+	DESC 'KOPANO: This user has these features explicitly disabled'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.3.1
+	NAME 'kopanoAliases'
+	DESC 'KOPANO: All other email addresses for this user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.4.1
+	NAME 'kopanoUserServer'
+	DESC 'KOPANO: Home server for the user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.6.1
+	NAME 'kopanoUserArchiveServers'
+	DESC 'KOPANO: List of server names that contain an archive store for the user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.6.2
+	NAME 'kopanoUserArchiveCouplings'
+	DESC 'KOPANO: List of username:foldername pairs that specify many-to-one archive locations'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass	( 1.3.6.1.4.1.47732.1.1.0.0
+	NAME 'kopano-user'
+	DESC 'KOPANO: an user of Kopano'
+	SUP top AUXILIARY
+	MUST ( cn )
+	MAY (
+		kopanoQuotaOverride $ kopanoQuotaWarn $ kopanoQuotaSoft $ kopanoSendAsPrivilege $
+		kopanoQuotaHard $ kopanoAdmin $ kopanoSharedStoreOnly $ kopanoResourceType $
+		kopanoResourceCapacity $ kopanoAccount $ kopanoHidden $ kopanoAliases $
+		kopanoUserServer $ kopanoEnabledFeatures $ kopanoDisabledFeatures $
+		kopanoUserArchiveServers $ kopanoUserArchiveCouplings $
+		uidNumber
+		)
+	)
+
+objectclass	( 1.3.6.1.4.1.47732.1.6.0.0
+	NAME 'kopano-contact'
+	DESC 'KOPANO: a contact of Kopano'
+	SUP top AUXILIARY
+	MUST ( cn $ uidNumber )
+	MAY (
+		kopanoSendAsPrivilege $ kopanoHidden $ kopanoAliases $ kopanoAccount
+		)
+	)
+
+
+attributetype ( 1.3.6.1.4.1.47732.1.2.2.1
+	NAME 'kopanoSecurityGroup'
+	DESC 'KOPANO: group has security possibilities'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+objectclass	( 1.3.6.1.4.1.47732.1.2.0.0
+	NAME 'kopano-group'
+	DESC 'KOPANO: a group of Kopano'
+	SUP top	AUXILIARY
+	MUST ( cn )
+	MAY (
+		kopanoAccount $ kopanoHidden $ mail $ kopanoAliases $ kopanoSecurityGroup $ kopanoSendAsPrivilege $
+		gidNumber
+		)
+	)
+	
+attributetype ( 1.3.6.1.4.1.47732.1.3.2.4
+	NAME 'kopanoViewPrivilege'
+	DESC 'KOPANO: Companies with view privileges over selected company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+
+attributetype ( 1.3.6.1.4.1.47732.1.3.2.5
+	NAME 'kopanoAdminPrivilege'
+	DESC 'KOPANO: Users from different companies which are administrator over selected company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+
+attributetype ( 1.3.6.1.4.1.47732.1.3.2.6
+	NAME 'kopanoSystemAdmin'
+	DESC 'KOPANO: The user who is the system administrator for this company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
+	)
+
+attributetype (1.3.6.1.4.1.47732.1.3.1.5
+	NAME 'kopanoQuotaUserWarningRecipients'
+	DESC 'KOPANO: Users who will recieve a notification email when a user exceeds his quota'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+
+attributetype (1.3.6.1.4.1.47732.1.3.1.6
+	NAME 'kopanoQuotaCompanyWarningRecipients'
+	DESC 'KOPANO: Users who will recieve a notification email when a company exceeds its quota'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+	
+attributetype ( 1.3.6.1.4.1.47732.1.3.4.1
+	NAME 'kopanoCompanyServer'
+	DESC 'KOPANO: Home server for the public folders for a company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.47732.1.3.0.0
+	NAME 'kopano-company'
+	DESC 'KOPANO: a company of Kopano' 
+	SUP top AUXILIARY
+	MUST ( ou )
+	MAY (
+		kopanoAccount $ kopanoHidden $
+		kopanoViewPrivilege $ kopanoAdminPrivilege $ kopanoSystemAdmin $
+		kopanoQuotaOverride $ kopanoQuotaWarn $
+		kopanoUserDefaultQuotaOverride $ kopanoUserDefaultQuotaWarn $ kopanoUserDefaultQuotaSoft $ kopanoUserDefaultQuotaHard $
+		kopanoQuotaUserWarningRecipients $ kopanoQuotaCompanyWarningRecipients $
+		kopanoCompanyServer
+		)
+	)
+
+attributetype (1.3.6.1.4.1.47732.1.4.4.1
+	NAME 'kopanoHttpPort'
+	DESC 'KOPANO: Port for the http connection'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.47732.1.4.4.2
+	NAME 'kopanoSslPort'
+	DESC 'KOPANO: Port for the ssl connection'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.47732.1.4.4.3
+	NAME 'kopanoFilePath'
+	DESC 'KOPANO: The Unix socket or named pipe to the server'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+	
+attributetype (1.3.6.1.4.1.47732.1.4.4.4
+	NAME 'kopanoContainsPublic'
+	DESC 'KOPANO: This server contains the public store'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.47732.1.4.4.6
+	NAME 'kopanoProxyURL'
+	DESC 'KOPANO: Full proxy URL for this server'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.47732.1.4.0.0
+	NAME 'kopano-server'
+	DESC 'KOPANO: a Kopano server'
+	SUP top AUXILIARY
+	MUST ( cn )
+	MAY (
+		kopanoAccount $ kopanoHidden $ kopanoHttpPort $ kopanoSslPort $ kopanoFilePath $ kopanoContainsPublic $ kopanoProxyURL
+		)
+	)
+
+attributetype (1.3.6.1.4.1.47732.1.5.5.1
+	NAME 'kopanoFilter'
+	DESC 'KOPANO: LDAP Filter to apply'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.47732.1.5.5.2
+	NAME 'kopanoBase'
+	DESC 'KOPANO: LDAP Search base to apply'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.47732.1.5.0.0
+	NAME 'kopano-addresslist'
+	DESC 'KOPANO: a Kopano Addresslist'
+	SUP top STRUCTURAL
+	MUST ( cn )
+    MAY (
+		kopanoAccount $ kopanoHidden $ kopanoFilter $ kopanoBase
+		)
+	)
+
+objectclass ( 1.3.6.1.4.1.47732.1.7.0.0
+	NAME 'kopano-dynamicgroup'
+	DESC 'KOPANO: a Kopano dynamic group'
+	SUP top STRUCTURAL
+	MUST ( cn )
+    MAY (
+		kopanoAccount $ kopanoHidden $ mail $ kopanoAliases $ kopanoFilter $ kopanoBase
+		)
+	)

master-push.sh

@@ -1,15 +0,0 @@
-#!/bin/bash
-
-if [ $# -lt 2 ]
-then
-    echo "Usage: master-push.sh core|webapp version"
-    echo "Example: master-push.sh core 3.4.17.1565plus895.1"
-    exit 1
-fi
-
-component=$1
-version=$2
-
-docker push zokradonh/kopano_${component}:latest
-docker push zokradonh/kopano_${component}:latest-master
-docker push zokradonh/kopano_${component}:$version

setup.sh

@@ -0,0 +1,139 @@
+#!/bin/bash
+
+if [ ! -e ./docker-compose.yml ]; then
+	echo "copying example compose file"
+	cp docker-compose.yml-example docker-compose.yml
+fi
+
+if [ ! -e ./.env ]; then
+	echo "Creating an .env file for you"
+	value_default=latest
+	read -p "Which tag do you want to use for Kopano Core components? [$value_default]: " new_value
+	CORE_VERSION=${new_value:-$value_default}
+
+	value_default=latest
+	read -p "Which tag do you want to use for Kopano WebApp? [$value_default]: " new_value
+	WEBAPP_VERSION=${new_value:-$value_default}
+
+	value_default="Kopano Demo"
+	read -p "Name of the Organisation for LDAP [$value_default]: " new_value
+	LDAP_ORGANISATION=${new_value:-$value_default}
+
+	value_default="kopano.demo"
+	read -p "Name of the Domain for LDAP [$value_default]: " new_value
+	LDAP_DOMAIN=${new_value:-$value_default}
+
+	value_default="dc=kopano,dc=demo"
+	read -p "Name of the BASE DN for LDAP [$value_default]: " new_value
+	LDAP_BASE_DN=${new_value:-$value_default}
+
+	value_default="kopano123"
+	read -p "Password of the admin user (in bundled LDAP) [$value_default]: " new_value
+	LDAP_ADMIN_PASSWORD=${new_value:-$value_default}
+
+	value_default="ldap://ldap:389"
+	read -p "LDAP server to be used (default to bundled openldap) [$value_default]: " new_value
+	LDAP_SERVER=${new_value:-$value_default}
+
+	value_default="DC=kopano,DC=demo"
+	read -p "LDAP search base [$value_default]: " new_value
+	LDAP_SEARCH_BASE=${new_value:-$value_default}
+
+	value_default="CN=readonly,DC=kopano,DC=demo"
+	read -p "LDAP bind user (needs only read permissions) [$value_default]: " new_value
+	LDAP_BIND_DN=${new_value:-$value_default}
+
+	value_default="kopano123"
+	read -p "LDAP server to be used (default bundled openldap) [$value_default]: " new_value
+	LDAP_BIND_PW=${new_value:-$value_default}
+
+	value_default="Europe/Berlin"
+	read -p "Timezone to be used [$value_default]: " new_value
+	TZ=${new_value:-$value_default}
+
+	value_default="postmaster@kopano.demo"
+	read -p "E-Mail Address displayed for the 'postmaster' [$value_default]: " new_value
+	POSTMASTER_ADDRESS=${new_value:-$value_default}
+
+	value_default="db"
+	read -p "Name/Address of Database server (defaults to the bundled one) [$value_default]: " new_value
+	MYSQL_HOST=${new_value:-$value_default}
+
+	value_default="kopano123"
+	read -p "Password for the MySQL root user [$value_default]: " new_value
+	MYSQL_ROOT_PASSWORD=${new_value:-$value_default}
+
+	value_default="kopanoDbUser"
+	read -p "Username to connect to the database [$value_default]: " new_value
+	MYSQL_USER=${new_value:-$value_default}
+
+	value_default="kopanoDbPw"
+	read -p "Password to connect to the database [$value_default]: " new_value
+	MYSQL_PASSWORD=${new_value:-$value_default}
+
+	value_default="kopano"
+	read -p "Datebase to use for Kopano [$value_default]: " new_value
+	MYSQL_DATABASE=${new_value:-$value_default}
+
+
+        cat <<-EOF >"./.env"
+# please consult https://github.com/zokradonh/kopano-docker
+# for possible configuration values and their impact
+CORE_VERSION=$CORE_VERSION
+WEBAPP_VERSION=$WEBAPP_VERSION
+
+LDAP_ORGANISATION="$LDAP_ORGANISATION"
+LDAP_DOMAIN=$LDAP_DOMAIN
+LDAP_BASE_DN=$LDAP_BASE_DN
+LDAP_SERVER=$LDAP_SERVER
+LDAP_ADMIN_PASSWORD=$LDAP_ADMIN_PASSWORD
+LDAP_READONLY_USER_PASSWORD=$LDAP_BIND_PW
+LDAP_BIND_DN=$LDAP_BIND_DN
+LDAP_BIND_PW=$LDAP_BIND_PW
+LDAP_SEARCH_BASE=$LDAP_SEARCH_BASE
+
+# LDAP query filters
+LDAP_QUERY_FILTER_USER=(&(kopanoAccount=1)(mail=%s))
+LDAP_QUERY_FILTER_GROUP=(&(objectclass=kopano-group)(mail=%s))
+LDAP_QUERY_FILTER_ALIAS=(&(kopanoAccount=1)(kopanoAliases=%s))
+LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(kopanoAliases=%s=*@%s)))
+SASLAUTHD_LDAP_FILTER=(&(kopanoAccount=1)(uid=%s))
+
+# switch the value of these two variables to use the activedirectory configuration
+KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg
+KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg
+
+MYSQL_HOST=$MYSQL_HOST
+MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD
+MYSQL_USER=$MYSQL_USER
+MYSQL_PASSWORD=$MYSQL_PASSWORD
+MYSQL_DATABASE=$MYSQL_DATABASE
+
+KCCONF_SERVER_SERVER_NAME=Kopano
+
+POSTMASTER_ADDRESS=$POSTMASTER_ADDRESS
+TZ=$TZ
+
+# Defines how Kopano can be accessed from the outside world
+WEBAPP_HOST=webapp.$LDAP_DOMAIN
+LDAP_HOST=ldap.$LDAP_DOMAIN
+HTTP=80
+HTTPS=443
+
+# Docker Repository to push to
+docker_repo=zokradonh
+
+# modify below to build a different version, than the kopano nightly release
+#KOPANO_CORE_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/core:/final/Debian_9.0/
+#KOPANO_WEBAPP_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/webapp:/final/Debian_9.0/
+#RELEASE_KEY_DOWNLOAD=1
+#DOWNLOAD_COMMUNITY_PACKAGES=0
+
+EOF
+else
+	echo "config already exists, doing nothing"
+	echo "if you want to change the configuration, please edit .env directly"
+fi
+
+# build the local docker containers. This has the benefit that it will warn about empty variables
+docker-compose build

ssl/gencerts.sh

@@ -1,9 +1,12 @@
 #!/bin/sh
+# https://github.com/google/easypki
+
+# TODO integrate this directly into start.sh?
 
 echo "Creating CA and Server certificates..."
+easypki create --filename internalca --organizational-unit primary --expire 3650 --ca "Internal Kopano System"
 
-easypki create --filename internalca --organizational-unit primary --expire 3650 --ca "Internal Kopano System" 
+mkdir -p /kopano/ssl/clients/
-
 cp /kopano/easypki/internalca/certs/internalca.crt /kopano/ssl/ca.pem
 
 for s in kserver kdagent kmonitor ksearch kspooler kwebapp
@@ -14,4 +17,4 @@ for s in kserver kdagent kmonitor ksearch kspooler kwebapp
     openssl x509 -in /kopano/easypki/internalca/certs/$s.crt -pubkey -noout > /kopano/ssl/clients/$s-public.pem
 done
 
-ls -l /kopano/ssl/*.pem
+ls -l /kopano/ssl/*.pem

ssl/start.sh

@@ -1,8 +1,7 @@
 #!/bin/sh
 
-
+if [ -f /kopano/ssl/ca.pem ]; then
-if [ -f /kopano/ssl/ca.pem ]
+	exit 0
-  then exit 0
 fi
 
 /gencerts.sh

version.sh

@@ -8,6 +8,26 @@ source base/create-kopano-repo.sh
 
 component=${1:-core}
 
+if [ -e ./env ]; then
+	source ./env
+fi
+KOPANO_CORE_REPOSITORY_URL=${KOPANO_CORE_REPOSITORY_URL:-""}
+KOPANO_WEBAPP_REPOSITORY_URL=${KOPANO_WEBAPP_REPOSITORY_URL:-""}
+
+if [[ $KOPANO_CORE_REPOSITORY_URL == http* ]] || [[ $KOPANO_WEBAPP_REPOSITORY_URL == http* ]]; then
+	case $component in
+	core)
+		version=$(curl -s -S -L $KOPANO_CORE_REPOSITORY_URL/Packages | grep -A2 "Package: kopano-server-packages")
+		echo "${version##* }"
+		;;
+	webapp)
+		version=$(curl -s -S -L $KOPANO_WEBAPP_REPOSITORY_URL/Packages | grep -m1 -A1 "Package: kopano-webapp")
+		echo "${version##* }"
+		;;
+	esac
+	exit
+fi
+
 # query community server by h5ai API
 filename=$(h5ai_query "$component")
 

web/Caddyfile

@@ -0,0 +1,11 @@
+webapp.kopano.demo {
+
+	tls self_signed
+
+	redir / /webapp
+
+	proxy /webapp kwebapp:80 {
+		transparent
+		websocket
+	}
+}

webapp/Dockerfile

@@ -1,10 +1,12 @@
-FROM zokradonh/kopano_base
+ARG docker_repo=zokradonh
+FROM ${docker_repo}/kopano_base
 
 ARG ADDITIONAL_KOPANO_PACKAGES=""
 ARG DOWNLOAD_COMMUNITY_PACKAGES=1
 ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core"
 ARG KOPANO_REPOSITORY_FLAGS="trusted=yes"
 ARG KOPANO_WEBAPP_REPOSITORY_URL="file:/kopano/repo/webapp"
+ARG KOPANO_CORE_VERSION=newest
 ARG KOPANO_WEBAPP_VERSION=newest
 ARG RELEASE_KEY_DOWNLOAD=0
 
@@ -18,11 +20,9 @@ RUN \
     fi; \
     echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
     echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_WEBAPP_REPOSITORY_URL} ./" >> /etc/apt/sources.list.d/kopano.list; \
-    # save kopano version if supported kopano
+    # save kopano version
-    if [ ! -f /kopano/buildversion ]; then \
+    echo "core-${KOPANO_CORE_VERSION}" > /kopano/buildversion; \
-        echo "core-${KOPANO_CORE_VERSION}" > /kopano/buildversion; \
+    echo "webapp-${KOPANO_WEBAPP_VERSION}" >> /kopano/buildversion; \
-        echo "webapp-${KOPANO_WEBAPP_VERSION}" >> /kopano/buildversion; \
-    fi; \
     # install apt keys if supported kopano
     if [ ${RELEASE_KEY_DOWNLOAD} -eq 1 ]; then \
         curl -s -S -o - "${KOPANO_CORE_REPOSITORY_URL}/Release.key" | apt-key add -; \

webapp/start.sh

@@ -1,20 +1,47 @@
 #!/bin/bash
 
+# define default value for serverhostname and serverport if not passed into container
+KCCONF_SERVERHOSTNAME=${KCCONF_SERVERHOSTNAME:-127.0.0.1}
+KCCONF_SERVERPORT=${KCCONF_SERVERPORT:-237}
+ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
+
 set -eu # unset variables are errors & non-zero return values exit the whole script
 
-echo "Ensure directories"
+[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && apt update
-mkdir -p /run/sessions /tmp/webapp 
+[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && for installpkg in "$ADDITIONAL_KOPANO_PACKAGES"; do
+	if [ $(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
+		apt --assume-yes install $installpkg;
+	fi
+done
 
-echo "Configure webapp"
+echo "Ensure directories"
-sed -e "s#define(\"DEFAULT_SERVER\",\s*\".*\"#define(\"DEFAULT_SERVER\", \"https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano\"#" \
+mkdir -p /run/sessions /tmp/webapp
+
+if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
+	echo "Kopano WebApp is using the default: connection"
+else
+	echo "Kopano WebApp is using an ip connection"
+	sed -e "s#define(\"DEFAULT_SERVER\",\s*\".*\"#define(\"DEFAULT_SERVER\", \"https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano\"#" \
+	    -i /etc/kopano/webapp/config.php
+fi
+
+# TODO is enabling this really neccesary when reverse proxying webapp?
+echo "Configuring Kopano WebApp for use behind a reverse proxy"
+sed \
     -e "s#define(\"INSECURE_COOKIES\",\s*.*)#define(\"INSECURE_COOKIES\", true)#" \
     -i /etc/kopano/webapp/config.php
 
-echo "Configure z-push"
+if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
-sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \
+	echo "Z-Push is using the default: connection"
-        -i /etc/z-push/kopano.conf.php
+else
+	echo "Z-Push is using an ip connection"
+	sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \
+	    -i /etc/z-push/kopano.conf.php
+fi
+
+echo "Configuring Z-Push for use behind a reverse proxy"
 sed -e "s#define([\"']USE_CUSTOM_REMOTE_IP_HEADER[\"'],\s*false)#define('USE_CUSTOM_REMOTE_IP_HEADER', true)#" \
-        -i /etc/z-push/z-push.conf.php
+    -i /etc/z-push/z-push.conf.php
 
 echo "Ensure config ownership"
 chown -R www-data:www-data /run/sessions /tmp/webapp