Merge pull request #13 from zokradonh/base

Introduce a base image

.gitignore

@@ -1,3 +1,5 @@
 .vscode/settings.json
 **/.vscode
 *.yml
+docker-compose.yml
+certs/*

Makefile

@@ -0,0 +1,65 @@
+docker_repo := zokradonh
+docker_login := `cat ~/.docker-account-user`
+docker_pwd := `cat ~/.docker-account-pwd`
+
+base_version = $(shell docker run --rm $(docker_repo)/kopano_base cat /kopano/buildversion)
+core_version = $(shell docker run --rm $(docker_repo)/kopano_core cat /kopano/buildversion | grep -o -P '(?<=-).*(?=_)')
+webapp_version = $(shell docker run --rm $(docker_repo)/kopano_webapp cat /kopano/buildversion | tail -n 1 | grep -o -P '(?<=-).*(?=\+)')
+
+build-all: build-base build-core build-webapp
+
+build: component ?= base
+build:
+	docker build -t $(docker_repo)/kopano_$(component) $(component)/
+
+build-base:
+	component=base make build
+
+build-core:
+	component=core make build
+
+build-webapp:
+	component=webapp make build
+
+tag: component ?= base
+tag:
+	@echo 'create tag $($(component)_version)'
+	docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):${$(component)_version}
+	@echo 'create tag latest'
+	docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):latest
+	git tag $(component)/${$(component)_version} || true
+
+tag-base:
+	component=base make tag
+
+tag-core:
+	component=core make tag
+
+tag-webapp:
+	component=webapp make tag
+
+git-commit:
+	git add -A && git commit -m "ci: commit changes before tagging"
+
+# Docker publish
+repo-login:
+	docker login -u $(docker_login) -p $(docker_pwd)
+
+publish: git-commit repo-login publish-base publish-core publish-webapp
+	git push
+	git push origin --tags
+
+publish-container: component ?= base
+publish-container:
+	@echo 'publish latest to $(docker_repo)/kopano_$(component)'
+	docker push $(docker_repo)/kopano_$(component):${$(component)_version}
+	docker push $(docker_repo)/kopano_$(component):latest
+
+publish-base: build-base tag-base
+	component=base make publish-container
+
+publish-core: build-core tag-core
+	component=core make publish-container
+
+publish-webapp: build-webapp tag-webapp
+	component=webapp make publish-container

base/Dockerfile

@@ -0,0 +1,47 @@
+FROM debian:stretch
+
+LABEL maintainer=az@zok.xyz \
+      version="2.0"
+
+RUN mkdir -p /kopano/repo /kopano/data /kopano/helper
+WORKDIR /kopano/repo
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+# install basics
+# TODO require python3 or python3-minimal?
+RUN apt-get update && \
+    apt-get upgrade -y && \
+    apt-get install --no-install-recommends -y \
+        apt-transport-https \
+        apt-utils \
+        ca-certificates \
+        curl \
+        dumb-init \
+        gpg \
+        jq \
+        locales \
+        moreutils \
+        python3 \
+        && \
+    rm -rf /var/cache/apt /var/lib/apt/lists
+
+RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
+    sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \
+    dpkg-reconfigure --frontend=noninteractive locales && \
+    update-locale LANG=en_US.UTF-8
+
+ARG ADDITIONAL_KOPANO_PACKAGES=""
+ARG DOWNLOAD_COMMUNITY_PACKAGES=1
+ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core"
+ARG KOPANO_CORE_VERSION=newest
+ARG KOPANO_REPOSITORY_FLAGS="trusted=yes"
+ARG KOPANO_WEBAPP_REPOSITORY_URL="file:/kopano/repo/webapp"
+ARG KOPANO_WEBAPP_VERSION=newest
+ARG RELEASE_KEY_DOWNLOAD=0
+
+# get common utilities
+COPY create-kopano-repo.sh /kopano/helper/
+RUN date +%s > /kopano/buildversion
+
+SHELL [ "/bin/bash", "-c"]

base/create-kopano-repo.sh

@@ -9,9 +9,10 @@ function version_from_filename {
 }
 
 function h5ai_query {
-    filename=$(curl -s -S -L -d "action=get&items%5Bhref%5D=%2Fcommunity%2F$1%3A%2F&items%5Bwhat%5D=1" -H \
+    component="$1"
+    filename=$(curl -s -S -L -d "action=get&items%5Bhref%5D=%2Fcommunity%2F$component%3A%2F&items%5Bwhat%5D=1" -H \
                 "Accept: application/json" https://download.kopano.io/community/ | jq '.items[].href' | \
-                grep 'Debian_9.0-all\|Debian_9.0-amd64' | sed 's#"##g' | sed "s#/community/$1:/##")
+                grep 'Debian_9.0-all\|Debian_9.0-amd64' | sed 's#"##g' | sed "s#/community/$component:/##")
 
     if [ -z "${filename// }" ]; then
         echo "unknown component"

common/Dockerfile

@@ -1,3 +0,0 @@
-FROM scratch
-
-COPY common.sh /

core/Dockerfile

@@ -1,50 +1,16 @@
-FROM zokradonh/kopano_common AS common
+FROM zokradonh/kopano_base
 
-FROM debian:stretch
-
-LABEL maintainer=az@zok.xyz \
-      version="2.0"
-
-RUN mkdir -p /kopano/repo /kopano/data /kopano/helper
-WORKDIR /kopano/repo
-
-ARG DEBIAN_FRONTEND=noninteractive
-
-# install basics
-RUN apt-get update && \
-    apt-get upgrade -y && \
-    apt-get install --no-install-recommends -y \
-        curl \
-        gpg \
-        ca-certificates \
-        moreutils \
-        locales \
-        apt-transport-https \
-        apt-utils jq \
-        dumb-init \
-        python3-minimal && \
-    rm -rf /var/cache/apt /var/lib/apt/lists
-
-RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
-    sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \
-    dpkg-reconfigure --frontend=noninteractive locales && \
-    update-locale LANG=en_US.UTF-8
-
-ARG KOPANO_CORE_VERSION=newest
-ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core"
-ARG KOPANO_REPOSITORY_FLAGS="trusted=yes"
-ARG DOWNLOAD_COMMUNITY_PACKAGES=1
-ARG RELEASE_KEY_DOWNLOAD=0
 ARG ADDITIONAL_KOPANO_PACKAGES=""
+ARG DOWNLOAD_COMMUNITY_PACKAGES=1
+ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core"
+ARG KOPANO_CORE_VERSION=newest
+ARG KOPANO_REPOSITORY_FLAGS="trusted=yes"
+ARG RELEASE_KEY_DOWNLOAD=0
 
-# get common utilities
-COPY --from=common /common.sh /kopano/helper/
-
-SHELL [ "/bin/bash", "-c"]
-
+# install Kopano WebApp and refresh ca-certificates
 RUN \
     # community download and package as apt source repository
-    . /kopano/helper/common.sh && \
+    . /kopano/helper/create-kopano-repo.sh && \
     if [ ${DOWNLOAD_COMMUNITY_PACKAGES} -eq 1 ]; then \
         dl_and_package_community "core"; \
     fi; \

docker-compose.yml-example

@@ -0,0 +1,242 @@
+version: '3'
+
+services:
+
+  kserver:
+    image: zokradonh/kopano_core:${CORE_VERSION}
+    hostname: kserver
+    container_name: kopano_server
+    links:
+      - db
+    depends_on:
+      - "kssl"
+    environment:
+      - SERVICE_TO_START=server
+      - TZ=Europe/Berlin
+      - KCCONF_SERVER_COREDUMP_ENABLED=no
+      - KCCONF_SERVER_LOG_LEVEL=4
+      - KCCONF_SERVER_MYSQL_HOST=db
+      - KCCONF_SERVER_MYSQL_PORT=3306
+      - KCCONF_SERVER_MYSQL_DATABASE=kopano
+      - KCCONF_SERVER_MYSQL_USER=root
+      - KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD  #change here
+      - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
+      - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
+      - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
+      - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
+      - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld  #change here
+      - KCCONF_SERVER_DISABLED_FEATURES=pop3
+      - KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/
+      - KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport  #change here
+      - KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
+      - KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER  #change here
+      - KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld  #change here
+      - KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
+      - KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
+    networks:
+      - kopanonet
+    volumes:
+      - data:/kopano/data
+      - sslcerts:/kopano/ssl
+
+  kdagent:
+    image: zokradonh/kopano_core:${CORE_VERSION}
+    container_name: kopano_dagent
+    links:
+      - kserver
+    volumes:
+      - sslcerts:/kopano/ssl
+    environment:
+      - SERVICE_TO_START=dagent
+      - TZ=Europe/Berlin
+      - KCCONF_DAGENT_LOG_LEVEL=6
+      - KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/
+      - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
+    networks:
+      - kopanonet
+
+  kgateway:
+    image: zokradonh/kopano_core:${CORE_VERSION}
+    container_name: kopano_gateway
+    links:
+      - kserver
+    volumes:
+      - ./gatewaycerts/:/kopano/certs/
+    environment:
+      - SERVICE_TO_START=gateway
+      - TZ=Europe/Berlin
+      - KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
+      - KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here
+      - KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here
+    networks:
+      - kopanonet
+
+  kical:
+    image: zokradonh/kopano_core:${CORE_VERSION}
+    container_name: kopano_ical
+    links:
+      - kserver
+    environment:
+      - SERVICE_TO_START=ical
+      - TZ=Europe/Berlin
+      - KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
+    networks:
+      - kopanonet
+
+  kmonitor:
+    image: zokradonh/kopano_core:${CORE_VERSION}
+    container_name: kopano_monitor
+    links:
+      - kserver
+    volumes:
+      - sslcerts:/kopano/ssl
+    environment:
+      - SERVICE_TO_START=monitor
+      - TZ=Europe/Berlin
+      - KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/
+      - KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem
+    networks:
+      - kopanonet
+
+  ksearch:
+    image: zokradonh/kopano_core:${CORE_VERSION}
+    container_name: kopano_search
+    links:
+      - kserver
+    volumes:
+      - sslcerts:/kopano/ssl
+    environment:
+      - SERVICE_TO_START=search
+      - TZ=Europe/Berlin
+      - KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380
+      - KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/
+      - KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem
+    networks:
+      - kopanonet
+
+  kspooler:
+    image: zokradonh/kopano_core:${CORE_VERSION}
+    container_name: kopano_spooler
+    links:
+      - kserver
+    volumes:
+      - sslcerts:/kopano/ssl
+    environment:
+      - SERVICE_TO_START=spooler
+      - TZ=Europe/Berlin
+      - KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/
+      - KCCONF_SPOOLER_LOG_LEVEL=4
+      - KCCONF_SPOOLER_SMTP_SERVER=kmta
+      - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
+    networks:
+      - kopanonet
+
+  kwebapp:
+    image: zokradonh/kopano_webapp:${WEBAPP_VERSION}
+    hostname: kwebapp
+    container_name: kopano_webapp
+    links:
+      - kserver
+    #ports:
+    #  - "8236:80"
+    #  - "8237:443"
+    volumes:
+      - syncstates:/var/lib/z-push/
+      - sslcerts:/kopano/ssl
+    environment:
+      - TZ=Europe/Berlin
+      - KCCONF_SERVERHOSTNAME=kserver
+      - KCCONF_SERVERPORT=237
+    networks:
+      - web
+      - kopanonet
+
+  kssl:
+    image: zokradonh/kopano_ssl
+    container_name: kopano_ssl
+    volumes:
+      - sslcerts:/kopano/ssl
+
+  kmta:
+    image: tvial/docker-mailserver:latest
+    hostname: myhost #change here
+    domainname: domain.tld #change here
+    #dns: 127.0.0.1
+    container_name: kopano_mta
+    #links:
+    #  - adtunnel
+    ports:
+      - "25:25"
+    #  - "143:143"
+    #  - "587:587"
+    #  - "993:993"
+    volumes:
+      - tmpmaildata:/var/mail
+      - tmpmailstate:/var/mail-state
+      - ./mtaconfig/:/tmp/docker-mailserver/ # create this dir
+    environment:
+      - TZ=Europe/Berlin
+      - ENABLE_SPAMASSASSIN=1
+      - ENABLE_CLAMAV=1
+      - ENABLE_FAIL2BAN=1
+      - ENABLE_POSTGREY=1
+      - TLS_LEVEL=intermediate
+      - POSTGREY_DELAY=10
+      - ONE_DIR=1
+      - DMS_DEBUG=0
+      - ENABLE_LDAP=1
+      - LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here
+      - LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
+      - LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
+      - LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here
+      - LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s)))
+      - LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
+      - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
+      - LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group)))
+      - ENABLE_SASLAUTHD=1
+      - SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here
+      - SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
+      - SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER  #change here
+      - SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld  #change here
+      - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
+      - SASLAUTHD_MECHANISMS=ldap
+      - POSTMASTER_ADDRESS=postmaster@domain.tld #change here
+      - SMTP_ONLY=1
+      - PERMIT_DOCKER=network
+      - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
+      - POSTFIX_DAGENT=lmtp:kdagent:2003
+      - REPORT_RECIPIENT=1
+    networks:
+      - kopanonet
+    cap_add:
+      - NET_ADMIN
+      - SYS_PTRACE
+
+  db:
+    image: mariadb
+    restart: always
+    container_name: kopano_db
+    volumes:
+      - db:/var/lib/mysql
+    environment:
+      - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD  #change here
+      - MYSQL_PASSWORD=YOUR_PASSWORD #change here
+      - MYSQL_DATABASE=kopano
+      - MYSQL_USER=kopano
+    networks:
+      - kopanonet
+
+volumes:
+  db:
+  data:
+  syncstates:
+  sslcerts:
+  tmpmaildata:
+  tmpmailstate:
+
+networks:
+  web: # this requires an external docker container that is a http reverse proxy (e.g. haproxy)
+    external:
+      name: haproxy_webrproxynet
+  kopanonet:
+    driver: bridge

webapp/Dockerfile

@@ -1,49 +1,17 @@
-FROM zokradonh/kopano_common AS common
+FROM zokradonh/kopano_base
 
-FROM debian:stretch
-
-LABEL maintainer=az@zok.xyz \
-      version="2.0"
-
-RUN mkdir -p /kopano/repo /kopano/data /kopano/helper
-WORKDIR /kopano/repo
-
-ARG DEBIAN_FRONTEND=noninteractive
-
-# install basics
-RUN apt-get update && \
-    apt-get upgrade -y && \
-    apt-get install --no-install-recommends -y \
-        apt-transport-https \
-        apt-utils \
-        ca-certificates \
-        curl \
-        dumb-init \
-        gpg \
-        jq \
-        locales \
-        moreutils \
-        python3 \
-        && \
-    rm -rf /var/cache/apt /var/lib/apt/lists
-
-ARG KOPANO_WEBAPP_VERSION=newest
-ARG KOPANO_WEBAPP_REPOSITORY_URL="file:/kopano/repo/webapp"
+ARG ADDITIONAL_KOPANO_PACKAGES=""
+ARG DOWNLOAD_COMMUNITY_PACKAGES=1
 ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core"
 ARG KOPANO_REPOSITORY_FLAGS="trusted=yes"
-ARG DOWNLOAD_COMMUNITY_PACKAGES=1
+ARG KOPANO_WEBAPP_REPOSITORY_URL="file:/kopano/repo/webapp"
+ARG KOPANO_WEBAPP_VERSION=newest
 ARG RELEASE_KEY_DOWNLOAD=0
-ARG ADDITIONAL_KOPANO_PACKAGES=""
 
-# get common utilities
-COPY --from=common /common.sh /kopano/helper/
-
-SHELL [ "/bin/bash", "-c"]
-
-# install kopano web app and refresh ca-certificates
+# install Kopano WebApp and refresh ca-certificates
 RUN \
     # community download and package as apt source repository
-    . /kopano/helper/common.sh && \
+    . /kopano/helper/create-kopano-repo.sh && \
     if [ ${DOWNLOAD_COMMUNITY_PACKAGES} -eq 1 ]; then \
         dl_and_package_community "core"; \
         dl_and_package_community "webapp"; \
@@ -60,6 +28,7 @@ RUN \
         curl -s -S -o - "${KOPANO_CORE_REPOSITORY_URL}/Release.key" | apt-key add -; \
         curl -s -S -o - "${KOPANO_WEBAPP_REPOSITORY_URL}/Release.key" | apt-key add -; \
     fi; \
+    # TODO separate out z-push?
     # prepare z-push installation
     echo "deb http://repo.z-hub.io/z-push:/final/Debian_9.0/ /" > /etc/apt/sources.list.d/zpush.list && \
     curl -s -S -o - "http://repo.z-hub.io/z-push:/final/Debian_9.0/Release.key" | apt-key add - && \