diff --git a/.gitmodules b/.gitmodules index c6a80a5..e69de29 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +0,0 @@ -[submodule "caddy"] - path = caddy - url = https://github.com/fbartels/caddy-gen.git diff --git a/Makefile b/Makefile index 6d916f0..6e2f43b 100644 --- a/Makefile +++ b/Makefile @@ -53,6 +53,12 @@ build-zpush: build-ssl: docker build -t $(docker_repo)/kopano_ssl ssl/ +build-kweb: + docker build -t $(docker_repo)/kopano_web kweb/ + +build-ldap-demo: + docker build -t $(docker_repo)/kopano_ldap_demo ldap-demo/ + tag: component ?= base tag: @echo 'create tag $($(component)_version)' @@ -103,6 +109,9 @@ publish-zpush: build-zpush tag-zpush publish-ssl: build-ssl docker push $(docker_repo)/kopano_ssl:latest +publish-kweb: build-kweb + docker push $(docker_repo)/kopano_web:latest + test: sudo rm -rf data/ make build-all diff --git a/README.md b/README.md index 7e634d4..09fbe8d 100644 --- a/README.md +++ b/README.md @@ -6,16 +6,13 @@ This repository contains an easy to replicate recipe to spin up a [Kopano](https - make sure that you are running a recent enought version of Docker and [Docker Compose](https://docs.docker.com/compose/install/) - clone this repository to your local disk -- run `git submodule update --init --recursive` from within the checkout to also clone submodules - run `setup.sh` - this script will ask you a few questions about your environment. - If you are just interested in the demo environment you can accept the default values by pressing `Enter` on each question - - afterwards it builds a local image for the demo LDAP and the reverse proxy + - afterwards it builds a local image for the demo LDAP - now run `docker-compose up` and you will see how the remaining Docker images are pulled and then everything is started -- after startup has succeeded you can access the Kopano WebApp by going to `https://webapp.kopano.demo` (if you have given a differing LDAP Domain name then it will be `https://webapp.your.domain`). -- you can also access phpLDAPadmin by going to `https://ldap.kopano.demo` - -**Note:** For the reverse proxy to work you need to make sure that the given domain resolves to the reverse proxy. +- after startup has succeeded you can access the Kopano WebApp by going to `https://kopano.demo/webapp` +- you can also access phpLDAPadmin by going to `https://kopano.demo/ldap-admin` **Note:** There have been reports about the ldap demo not starting up on MacOS. It is recommended to use a Linux OS if you want to use the bundled LDAP image. @@ -23,7 +20,7 @@ The `docker-compose.yml` file by default pulls Docker containers from https://hu ### Need to adjust any values after the initial run of `setup.sh`? -If you want to modify some of the values from the `setup.sh` run you can simply edit `.env` in your favourite editor. Repeated runs of `setup.sh` will neither modify `docker-compose.yml` nor `.env`. In that file you will also find some given defaults like ldap query filters and the local ports for the Caddy reverse proxy. +If you want to modify some of the values from the `setup.sh` run you can simply edit `.env` in your favourite editor. Repeated runs of `setup.sh` will neither modify `docker-compose.yml` nor `.env`. In that file you will also find some given defaults like ldap query filters and the local ports for the reverse proxy. ### How to use a newer version than the one available from the Docker Hub? @@ -55,6 +52,13 @@ If you are running a private Docker Registry then you may also change `docker_re The built image includes your subscription key! Do not push this image to any public registry like e.g. https://hub.docker.com! +### What if I want to use a different front facing proxy than the one in docker-compose? Or just some part of the compose file? + +While using kweb is recommended, this is of course possible. + +- The `kopano_webapp` image is accessible on port 80 and serves the WebApp both on `/` and `/webapp`. +- The `kopano_zpush` image is accessible on port 80 and serves Z-Push on `/Microsoft-Server-ActiveSync` (additional urls may be needed in the future see #39). + ### I want to use these Docker images outside of an evaluation environment. What do I need to adjust to make this possible? To get a quick impression of Kopano this git repository bundles a locally build ldap image with some example users. When using the docker-compose.yml in a production environment make sure to: diff --git a/caddy b/caddy deleted file mode 160000 index 90af1a3..0000000 --- a/caddy +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 90af1a372ff79ced472c646f12fc252b024ab7be diff --git a/core/Dockerfile b/core/Dockerfile index 585998a..3d3ee0e 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -10,7 +10,7 @@ ARG KOPANO_CORE_VERSION=newest ARG KOPANO_REPOSITORY_FLAGS="trusted=yes" ARG RELEASE_KEY_DOWNLOAD=0 -# install Kopano WebApp and refresh ca-certificates +# install Kopano Core and refresh ca-certificates RUN \ # community download and package as apt source repository . /kopano/helper/create-kopano-repo.sh && \ diff --git a/docker-compose.yml-example b/docker-compose.yml-example index 89ec579..b426dc1 100644 --- a/docker-compose.yml-example +++ b/docker-compose.yml-example @@ -2,27 +2,28 @@ version: "3" services: web: - build: caddy/ - #image: abiosoft/caddy:0.10.4 + image: ${docker_repo:?err}/kopano_web container_name: web restart: always - privileged: true links: - kopano_webapp - kopano_zpush ports: - "2015:2015" - - "${HTTP}:80" - - "${HTTPS}:443" + - "${HTTP}:8080" + - "${HTTPS}:8443" + environment: + - EMAIL=${EMAIL} + - FQDN=${FQDN} + command: wrapper.sh volumes: - - /var/run/docker.sock:/var/run/docker.sock - - web:/root/.caddy + - web:/.kweb networks: - web ldap: - build: ldap-demo/ - #image: osixia/openldap:1.2.2 + #build: ldap-demo/ + image: ${docker_repo:?err}/kopano_ldap_demo container_name: ldap ports: - 389:389 @@ -48,10 +49,6 @@ services: environment: - PHPLDAPADMIN_LDAP_HOSTS=ldap - PHPLDAPADMIN_HTTPS=false - - CADDY_HOST=${LDAP_HOST} - - CADDY_PORT=80 - - CADDY_PROXY_PARAMS=transparent - - CADDY_TLS_SELFSIGNED command: -l debug links: - ldap @@ -189,9 +186,6 @@ services: - kopanosocket/:/run/kopano environment: - TZ=${TZ} - - CADDY_HOST=${WEBAPP_HOST} - - CADDY_PROXY_PARAMS=transparent - - CADDY_TLS_SELFSIGNED networks: - web - kopanonet @@ -208,9 +202,6 @@ services: - zpushstates/:/var/lib/z-push/ environment: - TZ=${TZ} - - CADDY_HOST=${ZPUSH_HOST} - - CADDY_PROXY_PARAMS=transparent - - CADDY_TLS_SELFSIGNED networks: - web - kopanonet diff --git a/kweb/Dockerfile b/kweb/Dockerfile new file mode 100644 index 0000000..1e918a0 --- /dev/null +++ b/kweb/Dockerfile @@ -0,0 +1,4 @@ +FROM kopano/kwebd:0.4.2 +COPY wrapper.sh /usr/local/bin +COPY kweb.cfg /etc/kweb.cfg + diff --git a/kweb/kweb.cfg b/kweb/kweb.cfg new file mode 100644 index 0000000..e1e40fa --- /dev/null +++ b/kweb/kweb.cfg @@ -0,0 +1,29 @@ +:8080 { + redir / https://{host}{uri} +} + +*, :8443 { + gzip + + tls {%EMAIL%} + + redir 302 { + if {path} is / + / /webapp/ + } + + proxy /webapp/ kopano_webapp:80 { + transparent + } + redir /webapp /webapp/ + + proxy /Microsoft-Server-ActiveSync kopano_zpush:80 { + transparent + } + + proxy /ldap-admin/ ldap-admin:80 { + without /ldap-admin + transparent + } + redir /ldap-admin /ldap-admin/ +} diff --git a/kweb/wrapper.sh b/kweb/wrapper.sh new file mode 100755 index 0000000..e54b495 --- /dev/null +++ b/kweb/wrapper.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +set -e + +if [ "$EMAIL" = "self_signed" ]; then + # do not use the '-host' option if using a self signed cert + exec kwebd caddy -conf /etc/kweb.cfg -agree +else + exec kwebd caddy -conf /etc/kweb.cfg -agree -host "$FQDN" +fi diff --git a/setup.sh b/setup.sh index fea189d..6352ec2 100755 --- a/setup.sh +++ b/setup.sh @@ -1,4 +1,6 @@ -#!/bin/bash +#!/bin/sh + +set -e if [ ! -e ./docker-compose.yml ]; then echo "copying example compose file" @@ -20,8 +22,12 @@ if [ ! -e ./.env ]; then LDAP_ORGANISATION=${new_value:-$value_default} value_default="kopano.demo" - read -p "Domain to be used (for LDAP and reverse proxy) [$value_default]: " new_value - LDAP_DOMAIN=${new_value:-$value_default} + read -p "FQDN to be used (for reverse proxy) [$value_default]: " new_value + FQDN=${new_value:-$value_default} + + value_default="self_signed" + read -p "Email address to use for Lets Encrypt. Use 'self_signed' as your email to create self signed certificates [$value_default]: " new_value + EMAIL=${new_value:-$value_default} value_default="dc=kopano,dc=demo" read -p "Name of the BASE DN for LDAP [$value_default]: " new_value @@ -83,7 +89,7 @@ CORE_VERSION=$CORE_VERSION WEBAPP_VERSION=$WEBAPP_VERSION LDAP_ORGANISATION="$LDAP_ORGANISATION" -LDAP_DOMAIN=$LDAP_DOMAIN +LDAP_DOMAIN=$FQDN LDAP_BASE_DN=$LDAP_BASE_DN LDAP_SERVER=$LDAP_SERVER LDAP_ADMIN_PASSWORD=$LDAP_ADMIN_PASSWORD @@ -115,9 +121,8 @@ POSTMASTER_ADDRESS=$POSTMASTER_ADDRESS TZ=$TZ # Defines how Kopano can be accessed from the outside world -WEBAPP_HOST=webapp.$LDAP_DOMAIN -ZPUSH_HOST=zpush.$LDAP_DOMAIN -LDAP_HOST=ldap.$LDAP_DOMAIN +FQDN=$FQDN +EMAIL=$EMAIL HTTP=80 HTTPS=443 @@ -138,4 +143,4 @@ else fi # build the local docker containers. This has the benefit that it will warn about empty variables -docker-compose build +#docker-compose build diff --git a/webapp/Dockerfile b/webapp/Dockerfile index 91f1a54..248d1c6 100644 --- a/webapp/Dockerfile +++ b/webapp/Dockerfile @@ -82,7 +82,7 @@ RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \ sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf && \ sed -e "s,MaxSpareServers[^:].*,MaxSpareServers 5," -i /etc/apache2/mods-available/mpm_prefork.conf && \ a2disconf other-vhosts-access-log && \ - a2ensite kopano && \ + a2ensite kopano kopano-webapp && \ echo "Listen 80" > /etc/apache2/ports.conf && \ # configure mod_php a2enmod rewrite && \