diff --git a/.gitignore b/.gitignore index d7835d6..ef284cd 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ .vscode/settings.json **/.vscode -*.yml \ No newline at end of file +*.yml +docker-compose.yml diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..becb40f --- /dev/null +++ b/Makefile @@ -0,0 +1,66 @@ +docker_repo := zokradonh +docker_login := `cat ~/.docker-account-user` +docker_pwd := `cat ~/.docker-account-pwd` + +# TODO get actual version from container, below fails since it runs through dumb-init +base_version = $(shell docker run --rm $(docker_repo)/kopano_base cat /kopano/buildversion) +core_version = $(shell docker run --rm $(docker_repo)/kopano_core cat /kopano/buildversion | grep -o -P '(?<=-).*(?=_)') +webapp_version = $(shell docker run --rm $(docker_repo)/kopano_webapp cat /kopano/buildversion | tail -n 1 | grep -o -P '(?<=-).*(?=\+)') + +build-all: build-base build-core build-webapp + +build-base: + docker build -t $(docker_repo)/kopano_base base/ + +tag-base: + @echo 'create tag $(base_version)' + docker tag $(docker_repo)/kopano_base $(docker_repo)/kopano_base:${base_version} + @echo 'create tag latest' + docker tag $(docker_repo)/kopano_base $(docker_repo)/kopano_base:latest + git tag base/${base_version} || true + +build-core: build-base + docker build -t $(docker_repo)/kopano_core core/ + +tag-core: + @echo 'create tag $(core_version)' + docker tag $(docker_repo)/kopano_core $(docker_repo)/kopano_core:${core_version} + @echo 'create tag latest' + docker tag $(docker_repo)/kopano_core $(docker_repo)/kopano_core:latest + git tag core/${core_version} || true + +build-webapp: build-base + docker build -t $(docker_repo)/kopano_webapp webapp/ + +tag-webapp: + @echo 'create tag $(webapp_version)' + docker tag $(docker_repo)/kopano_webapp $(docker_repo)/kopano_webapp:${webapp_version} + @echo 'create tag latest' + docker tag $(docker_repo)/kopano_webapp $(docker_repo)/kopano_webapp:latest + git tag webapp/${webapp_version} || true + +git-commit: + git add -A && git commit -m "ci: commit changes before tagging" + +# Docker publish +repo-login: + docker login -u $(docker_login) -p $(docker_pwd) + +publish: git-commit repo-login publish-base publish-core publish-webapp + git push + git push origin --tags + +publish-base: build-base tag-base + @echo 'publish latest to $(docker_repo)/kopano_base' + docker push $(docker_repo)/kopano_base:${base_version} + docker push $(docker_repo)/kopano_base:latest + +publish-core: build-core tag-core + @echo 'publish latest to $(docker_repo)/kopano_core' + docker push $(docker_repo)/kopano_core:${core_version} + docker push $(docker_repo)/kopano_core:latest + +publish-webapp: build-webapp tag-webapp + @echo 'publish latest to $(docker_repo)/kopano_webapp' + docker push $(docker_repo)/kopano_webapp:${webapp_version} + docker push $(docker_repo)/kopano_webapp:latest diff --git a/base/Dockerfile b/base/Dockerfile new file mode 100644 index 0000000..3737836 --- /dev/null +++ b/base/Dockerfile @@ -0,0 +1,47 @@ +FROM debian:stretch + +LABEL maintainer=az@zok.xyz \ + version="2.0" + +RUN mkdir -p /kopano/repo /kopano/data /kopano/helper +WORKDIR /kopano/repo + +ARG DEBIAN_FRONTEND=noninteractive + +# install basics +# TODO require python3 or python3-minimal? +RUN apt-get update && \ + apt-get upgrade -y && \ + apt-get install --no-install-recommends -y \ + apt-transport-https \ + apt-utils \ + ca-certificates \ + curl \ + dumb-init \ + gpg \ + jq \ + locales \ + moreutils \ + python3 \ + && \ + rm -rf /var/cache/apt /var/lib/apt/lists + +RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \ + sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \ + dpkg-reconfigure --frontend=noninteractive locales && \ + update-locale LANG=en_US.UTF-8 + +ARG ADDITIONAL_KOPANO_PACKAGES="" +ARG DOWNLOAD_COMMUNITY_PACKAGES=1 +ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core" +ARG KOPANO_CORE_VERSION=newest +ARG KOPANO_REPOSITORY_FLAGS="trusted=yes" +ARG KOPANO_WEBAPP_REPOSITORY_URL="file:/kopano/repo/webapp" +ARG KOPANO_WEBAPP_VERSION=newest +ARG RELEASE_KEY_DOWNLOAD=0 + +# get common utilities +COPY create-kopano-repo.sh /kopano/helper/ +RUN date +%s > /kopano/buildversion + +SHELL [ "/bin/bash", "-c"] diff --git a/common/common.sh b/base/create-kopano-repo.sh similarity index 99% rename from common/common.sh rename to base/create-kopano-repo.sh index f2557ef..6013832 100755 --- a/common/common.sh +++ b/base/create-kopano-repo.sh @@ -46,4 +46,4 @@ function dl_and_package_community { cd "$component" apt-ftparchive packages . | gzip -9c > Packages.gz cd ".." -} \ No newline at end of file +} diff --git a/common/Dockerfile b/common/Dockerfile deleted file mode 100644 index 04e633b..0000000 --- a/common/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM scratch - -COPY common.sh / \ No newline at end of file diff --git a/core/Dockerfile b/core/Dockerfile index bf641fe..0326db6 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -1,50 +1,17 @@ -FROM zokradonh/kopano_common AS common +FROM zokradonh/kopano_base -FROM debian:stretch - -LABEL maintainer=az@zok.xyz \ - version="2.0" - -RUN mkdir -p /kopano/repo /kopano/data /kopano/helper -WORKDIR /kopano/repo - -ARG DEBIAN_FRONTEND=noninteractive - -# install basics -RUN apt-get update && \ - apt-get upgrade -y && \ - apt-get install --no-install-recommends -y \ - curl \ - gpg \ - ca-certificates \ - moreutils \ - locales \ - apt-transport-https \ - apt-utils jq \ - dumb-init \ - python3-minimal && \ - rm -rf /var/cache/apt /var/lib/apt/lists - -RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \ - sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \ - dpkg-reconfigure --frontend=noninteractive locales && \ - update-locale LANG=en_US.UTF-8 - -ARG KOPANO_CORE_VERSION=newest -ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core" -ARG KOPANO_REPOSITORY_FLAGS="trusted=yes" -ARG DOWNLOAD_COMMUNITY_PACKAGES=1 -ARG RELEASE_KEY_DOWNLOAD=0 ARG ADDITIONAL_KOPANO_PACKAGES="" +ARG DOWNLOAD_COMMUNITY_PACKAGES=1 +ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core" +ARG KOPANO_CORE_VERSION=newest +ARG KOPANO_REPOSITORY_FLAGS="trusted=yes" +ARG RELEASE_KEY_DOWNLOAD=0 -# get common utilities -COPY --from=common /common.sh /kopano/helper/ - -SHELL [ "/bin/bash", "-c"] - +# install Kopano WebApp and refresh ca-certificates RUN \ # community download and package as apt source repository - . /kopano/helper/common.sh && \ + # TODO: source or execute repo script? + . /kopano/helper/create-kopano-repo.sh && \ if [ ${DOWNLOAD_COMMUNITY_PACKAGES} -eq 1 ]; then \ dl_and_package_community "core"; \ fi; \ diff --git a/docker-compose.yml-example b/docker-compose.yml-example new file mode 100644 index 0000000..07d0bea --- /dev/null +++ b/docker-compose.yml-example @@ -0,0 +1,242 @@ +version: '3' + +services: + + kserver: + image: zokradonh/kopano_core:${CORE_VERSION} + hostname: kserver + container_name: kopano_server + links: + - db + depends_on: + - "kssl" + environment: + - SERVICE_TO_START=server + - TZ=Europe/Berlin + - KCCONF_SERVER_COREDUMP_ENABLED=no + - KCCONF_SERVER_LOG_LEVEL=4 + - KCCONF_SERVER_MYSQL_HOST=db + - KCCONF_SERVER_MYSQL_PORT=3306 + - KCCONF_SERVER_MYSQL_DATABASE=kopano + - KCCONF_SERVER_MYSQL_USER=root + - KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here + - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem + - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem + - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients + - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy + - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld #change here + - KCCONF_SERVER_DISABLED_FEATURES=pop3 + - KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/ + - KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport #change here + - KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here + - KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER #change here + - KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld #change here + - KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap + - KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap + networks: + - kopanonet + volumes: + - data:/kopano/data + - sslcerts:/kopano/ssl + + kdagent: + image: zokradonh/kopano_core:${CORE_VERSION} + container_name: kopano_dagent + links: + - kserver + volumes: + - sslcerts:/kopano/ssl + environment: + - SERVICE_TO_START=dagent + - TZ=Europe/Berlin + - KCCONF_DAGENT_LOG_LEVEL=6 + - KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/ + - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem + networks: + - kopanonet + + kgateway: + image: zokradonh/kopano_core:${CORE_VERSION} + container_name: kopano_gateway + links: + - kserver + volumes: + - ./gatewaycerts/:/kopano/certs/ + environment: + - SERVICE_TO_START=gateway + - TZ=Europe/Berlin + - KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/ + - KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here + - KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here + networks: + - kopanonet + + kical: + image: zokradonh/kopano_core:${CORE_VERSION} + container_name: kopano_ical + links: + - kserver + environment: + - SERVICE_TO_START=ical + - TZ=Europe/Berlin + - KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/ + networks: + - kopanonet + + kmonitor: + image: zokradonh/kopano_core:${CORE_VERSION} + container_name: kopano_monitor + links: + - kserver + volumes: + - sslcerts:/kopano/ssl + environment: + - SERVICE_TO_START=monitor + - TZ=Europe/Berlin + - KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/ + - KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem + networks: + - kopanonet + + ksearch: + image: zokradonh/kopano_core:${CORE_VERSION} + container_name: kopano_search + links: + - kserver + volumes: + - sslcerts:/kopano/ssl + environment: + - SERVICE_TO_START=search + - TZ=Europe/Berlin + - KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380 + - KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/ + - KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem + networks: + - kopanonet + + kspooler: + image: zokradonh/kopano_core:${CORE_VERSION} + container_name: kopano_spooler + links: + - kserver + volumes: + - sslcerts:/kopano/ssl + environment: + - SERVICE_TO_START=spooler + - TZ=Europe/Berlin + - KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/ + - KCCONF_SPOOLER_LOG_LEVEL=4 + - KCCONF_SPOOLER_SMTP_SERVER=kmta + - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem + networks: + - kopanonet + + kwebapp: + image: zokradonh/kopano_webapp:${WEBAPP_VERSION} + hostname: kwebapp + container_name: kopano_webapp + links: + - kserver + #ports: + # - "8236:80" + # - "8237:443" + volumes: + - syncstates:/var/lib/z-push/ + - sslcerts:/kopano/ssl + environment: + - TZ=Europe/Berlin + - KCCONF_SERVERHOSTNAME=kserver + - KCCONF_SERVERPORT=237 + networks: + - web + - kopanonet + + kssl: + image: zokradonh/kopano_ssl + container_name: kopano_ssl + volumes: + - sslcerts:/kopano/ssl + + kmta: + image: tvial/docker-mailserver:latest + hostname: myhost #change here + domainname: domain.tld #change here + #dns: 127.0.0.1 + container_name: kopano_mta + #links: + # - adtunnel + ports: + - "25:25" + # - "143:143" + # - "587:587" + # - "993:993" + volumes: + - tmpmaildata:/var/mail + - tmpmailstate:/var/mail-state + - ./mtaconfig/:/tmp/docker-mailserver/ # create this dir + environment: + - TZ=Europe/Berlin + - ENABLE_SPAMASSASSIN=1 + - ENABLE_CLAMAV=1 + - ENABLE_FAIL2BAN=1 + - ENABLE_POSTGREY=1 + - TLS_LEVEL=intermediate + - POSTGREY_DELAY=10 + - ONE_DIR=1 + - DMS_DEBUG=0 + - ENABLE_LDAP=1 + - LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here + - LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here + - LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here + - LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here + - LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s))) + - LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s)) + - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s)) + - LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group))) + - ENABLE_SASLAUTHD=1 + - SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here + - SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here + - SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER #change here + - SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here + - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person)) + - SASLAUTHD_MECHANISMS=ldap + - POSTMASTER_ADDRESS=postmaster@domain.tld #change here + - SMTP_ONLY=1 + - PERMIT_DOCKER=network + - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1 + - POSTFIX_DAGENT=lmtp:kdagent:2003 + - REPORT_RECIPIENT=1 + networks: + - kopanonet + cap_add: + - NET_ADMIN + - SYS_PTRACE + + db: + image: mariadb + restart: always + container_name: kopano_db + volumes: + - db:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here + - MYSQL_PASSWORD=YOUR_PASSWORD #change here + - MYSQL_DATABASE=kopano + - MYSQL_USER=kopano + networks: + - kopanonet + +volumes: + db: + data: + syncstates: + sslcerts: + tmpmaildata: + tmpmailstate: + +networks: + web: # this requires an external docker container that is a http reverse proxy (e.g. haproxy) + external: + name: haproxy_webrproxynet + kopanonet: + driver: bridge diff --git a/webapp/Dockerfile b/webapp/Dockerfile index c919fd0..d859145 100644 --- a/webapp/Dockerfile +++ b/webapp/Dockerfile @@ -1,49 +1,18 @@ -FROM zokradonh/kopano_common AS common +FROM zokradonh/kopano_base -FROM debian:stretch - -LABEL maintainer=az@zok.xyz \ - version="2.0" - -RUN mkdir -p /kopano/repo /kopano/data /kopano/helper -WORKDIR /kopano/repo - -ARG DEBIAN_FRONTEND=noninteractive - -# install basics -RUN apt-get update && \ - apt-get upgrade -y && \ - apt-get install --no-install-recommends -y \ - apt-transport-https \ - apt-utils \ - ca-certificates \ - curl \ - dumb-init \ - gpg \ - jq \ - locales \ - moreutils \ - python3 \ - && \ - rm -rf /var/cache/apt /var/lib/apt/lists - -ARG KOPANO_WEBAPP_VERSION=newest -ARG KOPANO_WEBAPP_REPOSITORY_URL="file:/kopano/repo/webapp" +ARG ADDITIONAL_KOPANO_PACKAGES="" +ARG DOWNLOAD_COMMUNITY_PACKAGES=1 ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core" ARG KOPANO_REPOSITORY_FLAGS="trusted=yes" -ARG DOWNLOAD_COMMUNITY_PACKAGES=1 +ARG KOPANO_WEBAPP_REPOSITORY_URL="file:/kopano/repo/webapp" +ARG KOPANO_WEBAPP_VERSION=newest ARG RELEASE_KEY_DOWNLOAD=0 -ARG ADDITIONAL_KOPANO_PACKAGES="" -# get common utilities -COPY --from=common /common.sh /kopano/helper/ - -SHELL [ "/bin/bash", "-c"] - -# install kopano web app and refresh ca-certificates +# install Kopano WebApp and refresh ca-certificates RUN \ # community download and package as apt source repository - . /kopano/helper/common.sh && \ + # TODO: source or execute repo script? + . /kopano/helper/create-kopano-repo.sh && \ if [ ${DOWNLOAD_COMMUNITY_PACKAGES} -eq 1 ]; then \ dl_and_package_community "core"; \ dl_and_package_community "webapp"; \ @@ -60,6 +29,7 @@ RUN \ curl -s -S -o - "${KOPANO_CORE_REPOSITORY_URL}/Release.key" | apt-key add -; \ curl -s -S -o - "${KOPANO_WEBAPP_REPOSITORY_URL}/Release.key" | apt-key add -; \ fi; \ + # TODO separate out z-push? # prepare z-push installation echo "deb http://repo.z-hub.io/z-push:/final/Debian_9.0/ /" > /etc/apt/sources.list.d/zpush.list && \ curl -s -S -o - "http://repo.z-hub.io/z-push:/final/Debian_9.0/Release.key" | apt-key add - && \