flywithu/kopano-docker
1
0
Fork 0
mirror of https://github.com/zokradonh/kopano-docker synced 2025-06-07 07:56:12 +00:00
Code Issues Releases Wiki Activity

WIP: Kopano Konnect und Rest API (#72)

Browse Source 
* add a new image for konnect
* add konnect to compose file
* adapt gencerts for konnect certs
* integrate gencerts into start.sh and adapt if to only skip individual parts
* add container for kapi
* use same config for webapp and z-push as https://stash.kopano.io/projects/KGOL/repos/kweb/browse/config/legacy.go
* use example compose file in make test target
* make compose file configurable through an env variable
* remove legacy links in compose
* write certificates first to a tempfile
* remove unnecessary paths
* add option to run kapi insecure for testing
* configure openid for kopano-server
* add local playground to test functionality of konnect and kapi
* print errors and logs to stdout in web
* add extrahosts to kopano_server
* adapt extrahosts for ip command on ubuntu 18.04
* add documentation

Signed-off-by: Felix Bartels <felix@host-consultants.de>
This commit is contained in:
Felix Bartels 2019-01-09 21:57:04 +01:00 committed by GitHub
parent d2b6952f8f
commit 789762cb34
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
16 changed files with 386 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Makefile
View File

@ -19,13 +19,14 @@ KOPANO_ZPUSH_REPOSITORY_URL := http://repo.z-hub.io/z-push:/final/Debian_9.0/
RELEASE_KEY_DOWNLOAD := 0
DOWNLOAD_COMMUNITY_PACKAGES := 1
COMPOSE_FILE := docker-compose.yml-example
-include .env
export
# convert lowercase componentname to uppercase
COMPONENT = $(shell echo $(component) | tr a-z A-Z)
build-all: build-ssl build-base build-core build-utils build-webapp build-zpush build-kweb build-ldap-demo
build-all: build-ssl build-base build-core build-utils build-webapp build-zpush build-kweb build-konnect build-playground build-ldap-demo
build: component ?= base
build:
@ -66,6 +67,12 @@ build-ssl:
build-kweb:
docker build -t $(docker_repo)/kopano_web kweb/
build-konnect:
docker build -t $(docker_repo)/kopano_konnect konnect/
build-playground:
docker build -t $(docker_repo)/kopano_playground playground/
build-ldap-demo:
docker build -t $(docker_repo)/kopano_ldap_demo ldap-demo/
@ -137,13 +144,13 @@ publish-kweb: build-kweb
docker push $(docker_repo)/kopano_web:latest
test:
docker-compose down -v || true
docker-compose -f $(COMPOSE_FILE) down -v || true
make build-all
docker-compose build
docker-compose up -d
docker-compose ps
docker-compose -f $(COMPOSE_FILE) build
docker-compose -f $(COMPOSE_FILE) up -d
docker-compose -f $(COMPOSE_FILE) ps
test-quick:
docker-compose stop || true
docker-compose up -d
docker-compose ps
docker-compose -f $(COMPOSE_FILE) stop || true
docker-compose -f $(COMPOSE_FILE) up -d
docker-compose -f $(COMPOSE_FILE) ps

6
README.md
View File

@ -69,11 +69,15 @@ While using kweb is recommended, this is of course possible.
- The `kopano_webapp` image is accessible on port 80 and serves the WebApp both on `/` and `/webapp`.
- The `kopano_zpush` image is accessible on port 80 and serves Z-Push on `/Microsoft-Server-ActiveSync` (additional urls may be needed in the future see #39).
### What are and how can I use the Kapi Playground and OIDC Playground?
This project includes a Docker container to easily inspect the data returned by the Kopano Rest API (KAPI), as well as the OpenID (Connect) Service Provider. To explore these applications you need to pass the URL of the "Issuer" when opening these. For the Kapi Playground this would for example be `https://kopano.demo/kapi-playground/?iss=https://kopano.demo`.
### I want to use these Docker images outside of an evaluation environment. What do I need to adjust to make this possible?
To get a quick impression of Kopano this git repository bundles a locally build ldap image with some example users. When using the docker-compose.yml in a production environment make sure to:
- either remove `ldap-demo/bootstrap/ldif/demo-users.ldif` from the locally built ldap image or complelty remove the local ldap from the compose file
- either remove `ldap-demo/bootstrap/ldif/demo-users.ldif` from the locally built ldap image or complety remove the local ldap from the compose file
- adapt ldap queries in .env to match you actual ldap server and users
- all additional configuration of the Kopano components should be specified in the compose file and **not within the running container**

1
core/Dockerfile
View File

@ -29,6 +29,7 @@ RUN \
set -x && \
apt-get install --no-install-recommends -y \
kopano-server-packages \
kopano-grapi kopano-kapid \
${ADDITIONAL_KOPANO_PACKAGES} \
&& \
set +x && \

5
core/defaultconfigs/grapi.py Normal file
View File

@ -0,0 +1,5 @@
import os
import kcconf
# Override configs from environment variables
kcconf.configkopano(kcconf.parseenvironmentvariables(r"/etc/kopano/"))

18
core/defaultconfigs/kapid.py Normal file
View File

@ -0,0 +1,18 @@
import os
import kcconf
# Component specific configurations
kcconf.configkopano({
r"/etc/kopano/kapid.cfg":
{
'log_level': "info",
'listen': "0.0.0.0:8039",
'DEFAULT_PLUGIN_PUBS_SECRET_KEY_FILE': "/kopano/ssl/kapid-pubs-secret.key",
'plugin_kvs_db_datasource': "/kopano/data/kapi-kvs/kvs.db",
'plugin_grapi_socket_path': "/var/run/kopano/grapi"
}
})
# Override configs from environment variables
kcconf.configkopano(kcconf.parseenvironmentvariables(r"/etc/kopano/"))

24
core/start-service.sh
View File

@ -16,7 +16,7 @@ fi
fi
done
mkdir -p /kopano/data/attachments /tmp/$SERVICE_TO_START /var/run/kopano
mkdir -p /kopano/data/attachments /kopano/data/kapi-kvs /tmp/$SERVICE_TO_START /var/run/kopano
echo "Configure core service '$SERVICE_TO_START'" | ts
/usr/bin/python3 /kopano/$SERVICE_TO_START.py
@ -72,6 +72,28 @@ ical)
unset "${!KCCONF_@}"
exec /usr/sbin/kopano-ical -F
;;
grapi)
LC_CTYPE=en_US.UTF-8
export socket_path=/var/run/kopano/grapi
mkdir $socket_path
chown -R kapi:kopano $socket_path
# cleaning up env variables
unset "${!KCCONF_@}"
exec kopano-grapi serve
;;
kapid)
dockerize \
-wait file://var/run/kopano/grapi/notify.sock \
-wait http://kopano_konnect:8777/.well-known/openid-configuration \
-timeout 360s
LC_CTYPE=en_US.UTF-8
sed -i s/\ *=\ */=/g /etc/kopano/kapid.cfg
export $(grep -v '^#' /etc/kopano/kapid.cfg | xargs -d '\n')
kopano-kapid setup
# cleaning up env variables
unset "${!KCCONF_@}"
exec kopano-kapid serve --log-timestamp=false
;;
monitor)
dockerize \
-wait file://var/run/kopano/server.sock \

91
docker-compose.yml-example
View File

@ -5,9 +5,6 @@ services:
image: ${docker_repo:?err}/kopano_web
container_name: web
restart: always
links:
- kopano_webapp
- kopano_zpush
ports:
- "2015:2015"
- "${HTTP}:8080"
@ -49,8 +46,6 @@ services:
- PHPLDAPADMIN_LDAP_HOSTS=ldap
- PHPLDAPADMIN_HTTPS=false
command: -l debug
links:
- ldap
networks:
- ldap-net
- web-net
@ -63,8 +58,6 @@ services:
container_name: mail
depends_on:
- ldap
links:
- ldap
ports:
- "25:25"
volumes:
@ -138,12 +131,9 @@ services:
- kopanossl/:/kopano/ssl
kopano_server:
image: ${docker_repo}/kopano_core:${CORE_VERSION}
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
hostname: kopano_server
container_name: kopano_server
links:
- db
- ldap
depends_on:
- db
- ldap
@ -155,7 +145,7 @@ services:
- SERVICE_TO_START=server
- TZ=${TZ}
- KCCONF_SERVER_COREDUMP_ENABLED=no
- KCCONF_SERVER_LOG_LEVEL=4
- KCCONF_SERVER_LOG_LEVEL=3
- KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
- KCCONF_SERVER_MYSQL_PORT=3306
- KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE}
@ -175,9 +165,15 @@ services:
- KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1}
- KCCOMMENT_LDAP_1=${KCCOMMENT_LDAP_1}
- ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES}
- KCCONF_SERVER_ENABLE_SSO=yes
- KCCONF_SERVER_KCOIDC_ISSUER_IDENTIFIER=https://${FQDN}
- KCCONF_SERVER_KCOIDC_INSECURE_SKIP_VERIFY=${INSECURE}
- KCCONF_SERVER_KCOIDC_INITIALIZE_TIMEOUT=360
networks:
- kopano-net
- ldap-net
extra_hosts:
- ${EXTRAHOSTS}
volumes:
- kopanodata/:/kopano/data
- kopanossl/:/kopano/ssl
@ -187,8 +183,6 @@ services:
image: ${docker_repo:?err}/kopano_webapp:${WEBAPP_VERSION}
hostname: kopano_webapp
container_name: kopano_webapp
links:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
@ -203,8 +197,6 @@ services:
image: ${docker_repo:?err}/kopano_zpush:${ZPUSH_VERSION}
hostname: kopano_zpush
container_name: kopano_zpush
links:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
@ -215,18 +207,46 @@ services:
- web-net
- kopano-net
kopano_grapi:
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
container_name: kopano_grapi
volumes:
- kopanosocket/:/run/kopano
environment:
- SERVICE_TO_START=grapi
- TZ=${TZ}
networks:
- kopano-net
kopano_kapi:
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
container_name: kopano_kapi
volumes:
- kopanodata/:/kopano/data
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
environment:
- SERVICE_TO_START=kapid
- TZ=${TZ}
- KCCONF_KAPID_LOG_LEVEL=DEBUG
- KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN}
- KCCONF_KAPID_INSECURE=${INSECURE}
extra_hosts:
- ${EXTRAHOSTS}
networks:
- kopano-net
- web-net
kopano_dagent:
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
container_name: kopano_dagent
links:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
environment:
- SERVICE_TO_START=dagent
- TZ=${TZ}
- KCCONF_DAGENT_LOG_LEVEL=6
- KCCONF_DAGENT_LOG_LEVEL=3
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
networks:
- kopano-net
@ -236,15 +256,13 @@ services:
container_name: kopano_spooler
hostname: spooler
domainname: ${LDAP_DOMAIN}
links:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
environment:
- SERVICE_TO_START=spooler
- TZ=${TZ}
- KCCONF_SPOOLER_LOG_LEVEL=4
- KCCONF_SPOOLER_LOG_LEVEL=3
- KCCONF_SPOOLER_SMTP_SERVER=mail
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
networks:
@ -253,8 +271,6 @@ services:
kopano_gateway:
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
container_name: kopano_gateway
links:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
@ -269,8 +285,6 @@ services:
kopano_ical:
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
container_name: kopano_ical
links:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
@ -284,8 +298,6 @@ services:
kopano_monitor:
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
container_name: kopano_monitor
links:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
@ -298,8 +310,6 @@ services:
kopano_search:
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
container_name: kopano_search
links:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
@ -309,6 +319,27 @@ services:
- TZ=${TZ}
networks:
- kopano-net
kopano_konnect:
image: ${docker_repo:?err}/kopano_konnect
container_name: kopano_konnect
command: wrapper.sh
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
environment:
- FQDN=${FQDN}
networks:
- kopano-net
- web-net
kopano_playground:
image: ${docker_repo:?err}/kopano_playground
container_name: kopano_playground
networks:
- kopano-net
- web-net
volumes:
web:
ldap:

14
konnect/Dockerfile Normal file
View File

@ -0,0 +1,14 @@
FROM kopano/konnectd:0.16.1
RUN apk add --update \
openssl \
&& rm -rf /var/cache/apk/*
ENV DOCKERIZE_VERSION v0.6.1
RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& tar -C /usr/local/bin -xzvf dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& rm dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz
RUN mkdir -p /etc/kopano/
COPY identifier-registration.yaml /etc/kopano
COPY wrapper.sh /usr/local/bin

54
konnect/identifier-registration.yaml Executable file
View File

@ -0,0 +1,54 @@
---
# OpenID Connect client registry.
clients:
# - id: oidc-client-example.js
# name: OIDC Playground
# application_type: web
# redirect_uris:
# - https://devmail.kopano.com/kapi-playground/
# - id: playground.js
# name: OIDC Playground
# application_type: web
# redirect_uris:
# - https://my-host:8509/
# - id: playground-trusted.js
# name: Trusted OIDC Playground
# trusted: yes
# application_type: web
# redirect_uris:
# - https://my-host:8509/
# - id: playground-trusted.js
# name: Trusted Insecure OIDC Playground
# trusted: yes
# application_type: web
# insecure: yes
# - id: client-with-keys
# secret: super
# application_type: native
# redirect_uris:
# - http://localhost
# jwks:
# keys:
# - kty: EC
# use: sig
# kid: client-with-keys-key-1
# crv: P-256
# x: RTZpWoRbjwX1YavmSHVBj6Cy3Yzdkkp6QLvTGB22D0c
# y: jeavjwcX0xlDSchFcBMzXSU7wGs2VPpNxWCwmxFvmF0
# request_object_signing_alg: ES256
# - id: first
# secret: lala
# application_type: native
# redirect_uris:
# - my://app
# - id: second
# secret: lulu
# application_type: native
# redirect_uris:
# - http://localhost

14
konnect/wrapper.sh Executable file
View File

@ -0,0 +1,14 @@
#!/bin/sh
set -e
dockerize \
-wait file:///kopano/ssl/konnectd-tokens-signing-key.pem \
-wait file:///kopano/ssl/konnectd-encryption.key \
-timeout 360s
exec konnectd serve \
--signing-private-key=/kopano/ssl/konnectd-tokens-signing-key.pem \
--encryption-secret=/kopano/ssl/konnectd-encryption.key \
--iss=https://$FQDN \
--identifier-registration-conf /etc/kopano/identifier-registration.yaml \
kc

101
kweb/kweb.cfg
View File

@ -3,22 +3,119 @@
}
*, :8443 {
log stdout
errors stdout
gzip
header / Server kweb
tls {%EMAIL%}
limits {
header 1MB
body 50MB
}
redir 302 {
if {path} is /
/ /webapp/
}
proxy /webapp/ kopano_webapp:80 {
# Config
configjson /api/config/v1/kopano/ config/kopano
# Konnect
proxy /upstreams/konnect/ {
without /upstreams/konnect/
upstream kopano_konnect:8777
policy least_conn
health_check /health-check
fail_timeout 10s
try_duration 30s
keepalive 100
transparent
header_downstream Feature-Policy "midi 'none'"
header_downstream X-Frame-Options "sameorigin"
}
redir /webapp /webapp/
ratelimit * 100 200 minute {
/upstreams/konnect/v1/
/signin/v1/identifier/_/
whitelist 127.0.0.1/8
}
rewrite /.well-known/openid-configuration {
to /upstreams/konnect/{path}
}
rewrite /konnect/v1/ {
to /upstreams/konnect/{path}
}
rewrite /signin/v1/ {
to /upstreams/konnect/{path}
}
redir /signin /signin/v1/identifier
# Kapi
proxy /upstreams/kapi/ {
without /upstreams/kapi/
upstream kopano_kapi:8039
policy least_conn
health_check /health-check
fail_timeout 10s
try_duration 30s
keepalive 100
transparent
websocket
}
ratelimit * 100 200 minute {
/upstreams/kapi/api/
whitelist 127.0.0.1/8
}
rewrite /api/gc/v1/ {
to /upstreams/kapi/{path}
}
rewrite /api/pubs/v1/ {
to /upstreams/kapi/{path}
}
rewrite /api/kvs/v1/ {
to /upstreams/kapi/{path}
}
# playground for oidc
proxy /oidc-playground/ http://kopano_playground:8888/ {
fail_timeout 10s
try_duration 30s
transparent
keepalive 100
}
folderish /oidc-playground
# playground for Kapi
proxy /kapi-playground/ http://kopano_playground:8888/ {
fail_timeout 10s
try_duration 30s
transparent
keepalive 100
}
folderish /kapi-playground
proxy /webapp/ kopano_webapp:80 {
fail_timeout 10s
try_duration 30s
transparent
keepalive 100
}
folderish /webapp
proxy /Microsoft-Server-ActiveSync kopano_zpush:80 {
transparent
keepalive 0
timeout 3540s
}
proxy /AutoDiscover/AutoDiscover.xml kopano_zpush:80 {
transparent
keepalive 0
fail_timeout 10s
try_duration 30s
}
proxy /ldap-admin/ ldap-admin:80 {

14
playground/Dockerfile Normal file
View File

@ -0,0 +1,14 @@
from alpine:3.8 as builder
RUN apk add --update \
git make \
&& rm -rf /var/cache/apk/*
RUN mkdir -p /web/oidc-playground /web/kapi-playground
RUN git clone https://stash.kopano.io/scm/~seisenmann/oidc-playground.git
RUN mv oidc-playground/www/* /web/oidc-playground
RUN git clone https://stash.kopano.io/scm/kc/kapi.git
RUN mv kapi/examples/* /web/kapi-playground
RUN cd /web/kapi-playground && rm Makefile && ln -s oidc-client-example.html index.html
from halverneus/static-file-server:v1.5.2
env PORT 8888
COPY --from=builder /web /web

19
setup.sh
View File

@ -50,6 +50,10 @@ if [ ! -e ./.env ]; then
read -p "Which tag do you want to use for Z-Push? [$value_default]: " new_value
ZPUSH_VERSION=${new_value:-$value_default}
value_default=latest
read -p "Which tag do you want to use for Kopano Konnect? [$value_default]: " new_value
KONNECT_VERSION=${new_value:-$value_default}
value_default="Kopano Demo"
read -p "Name of the Organisation for LDAP [$value_default]: " new_value
LDAP_ORGANISATION=${new_value:-$value_default}
@ -62,6 +66,13 @@ if [ ! -e ./.env ]; then
read -p "Email address to use for Lets Encrypt. Use 'self_signed' as your email to create self signed certificates [$value_default]: " new_value
EMAIL=${new_value:-$value_default}
# Let Kapi accept self signed certs if required
if [ "$EMAIL" == "self_signed" ]; then
INSECURE="yes"
else
INSECURE="no"
fi
LDAP_BASE_DN=$(fqdn_to_dn $FQDN)
value_default="$LDAP_BASE_DN"
read -p "Name of the BASE DN for LDAP [$value_default]: " new_value
@ -191,6 +202,7 @@ if [ ! -e ./.env ]; then
CORE_VERSION=$CORE_VERSION
WEBAPP_VERSION=$WEBAPP_VERSION
ZPUSH_VERSION=$ZPUSH_VERSION
KONNECT_VERSION=$KONNECT_VERSION
LDAP_ORGANISATION="$LDAP_ORGANISATION"
LDAP_DOMAIN=$FQDN
@ -230,8 +242,13 @@ EMAIL=$EMAIL
HTTP=80
HTTPS=443
# Docker Repository to push to
# Settings for test environments
EXTRAHOSTS=$FQDN:$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
INSECURE=$INSECURE
# Docker Repository to push to/pull from
docker_repo=zokradonh
COMPOSE_PROJECT_NAME=kopano
# Modify below to build a different version, than the kopano nightly release
#KOPANO_CORE_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/core:/final/Debian_9.0/

3
ssl/Dockerfile
View File

@ -16,8 +16,7 @@ RUN apk add --update \
&& rm -rf /var/cache/apk/*
COPY start.sh /start.sh
COPY gencerts.sh /gencerts.sh
RUN chmod a+x /start.sh /gencerts.sh
RUN chmod a+x /start.sh
CMD ["/start.sh"]

20
ssl/gencerts.sh
View File

@ -1,20 +0,0 @@
#!/bin/sh
# https://github.com/google/easypki
# TODO integrate this directly into start.sh?
echo "Creating CA and Server certificates..."
easypki create --filename internalca --organizational-unit primary --expire 3650 --ca "Internal Kopano System"
mkdir -p /kopano/ssl/clients/
cp /kopano/easypki/internalca/certs/internalca.crt /kopano/ssl/ca.pem
for s in kserver kdagent kmonitor ksearch kspooler kwebapp
do
easypki create --ca-name internalca --organizational-unit $s --expire 3650 $s
cp /kopano/easypki/internalca/keys/$s.key /kopano/ssl/$s.pem
cat /kopano/easypki/internalca/certs/$s.crt >> /kopano/ssl/$s.pem
openssl x509 -in /kopano/easypki/internalca/certs/$s.crt -pubkey -noout > /kopano/ssl/clients/$s-public.pem
done
ls -l /kopano/ssl/*.pem

46
ssl/start.sh
View File

@ -1,7 +1,47 @@
#!/bin/sh
if [ -f /kopano/ssl/ca.pem ]; then
exit 0
mkdir -p /kopano/ssl/clients/
if [ ! -f /kopano/ssl/ca.pem ]; then
# https://github.com/google/easypki
echo "Creating CA and server certificates..."
easypki create --filename internalca --organizational-unit primary --expire 3650 --ca "Internal Kopano System"
for s in kserver kdagent kmonitor ksearch kspooler kwebapp; do
easypki create --ca-name internalca --organizational-unit $s --expire 3650 $s
cp /kopano/easypki/internalca/keys/$s.key /kopano/ssl/$s.pem.tmp
cat /kopano/easypki/internalca/certs/$s.crt >> /kopano/ssl/$s.pem.tmp
openssl x509 -in /kopano/easypki/internalca/certs/$s.crt -pubkey -noout > /kopano/ssl/clients/$s-public.pem.tmp
mv /kopano/ssl/$s.pem.tmp /kopano/ssl/$s.pem
mv /kopano/ssl/clients/$s-public.pem.tmp /kopano/ssl/clients/$s-public.pem
done
cp /kopano/easypki/internalca/certs/internalca.crt /kopano/ssl/ca.pem.tmp
mv /kopano/ssl/ca.pem.tmp /kopano/ssl/ca.pem
fi
/gencerts.sh
# Konnect - create encryption key if not already present
enckey="/kopano/ssl/konnectd-encryption.key"
if [ ! -f $enckey ]; then
echo "creating new encryption key"
openssl rand -out $enckey.tmp 32
mv $enckey.tmp $enckey
fi
# Konnect - create token signing key if not already present
signkey="/kopano/ssl/konnectd-tokens-signing-key.pem"
if [ ! -f $signkey ]; then
echo "creating new token signing key"
openssl genpkey -algorithm RSA -out $signkey.tmp -pkeyopt rsa_keygen_bits:4096
mv $signkey.tmp $signkey
fi
# Kapi
secretkey="/kopano/ssl/kapid-pubs-secret.key"
if [ ! -f $secretkey ]; then
openssl rand -out $secretkey.tmp -hex 64
mv $secretkey.tmp $secretkey
fi
ls -l /kopano/ssl/*.pem
ls -l /kopano/ssl/*.key