diff --git a/.gitignore b/.gitignore index afbd1e8..761dd53 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ .vscode/settings.json **/.vscode -*-build.sh \ No newline at end of file +*-build.sh +*.yml \ No newline at end of file diff --git a/base/Dockerfile b/base/Dockerfile index b533080..a1bf61b 100644 --- a/base/Dockerfile +++ b/base/Dockerfile @@ -1,9 +1,9 @@ FROM debian:stretch LABEL maintainer=az@zok.xyz \ - version="1.2" + version="2.0" -RUN mkdir -p /kopano/repo && mkdir -p /kopano/data +RUN mkdir -p /kopano/repo /kopano/data WORKDIR /kopano/repo ENV DEBIAN_FRONTEND noninteractive @@ -29,21 +29,20 @@ RUN curl -s -S -L -o /usr/local/bin/confix https://raw.githubusercontent.com/bud curl -s -S -L -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64 && \ chmod a+x /usr/local/bin/dumb-init -# If you have active Kopano subscription you can provide your own details via build args. -# If you want to use community version, use images from hub.docker.com or built your own -# kopano package host via kopano_version_watch project in order to use nightly builds. +# If you have active Kopano subscription you can change KOPANO_CORE_REPOSITORY_URL to +# https://serial:@download.kopano.io/supported/core:/final/Debian_9.0 +# and replace with your serial. You can also use pre-final or any other repository branch. +# If you want to use community version please use images from hub.docker.com ARG KOPANO_CORE_VERSION=newest ARG KOPANO_REPOSITORY_BRANCH=master -ARG KOPANO_USER=serial -ARG KOPANO_SERIAL -ARG KOPANO_REPOSITORY_URL="https://${KOPANO_USER}:${KOPANO_SERIAL}@download.kopano.io/supported/core:/${KOPANO_REPOSITORY_BRANCH}/Debian_9.0" +ARG KOPANO_CORE_REPOSITORY_URL="http://buildproxy/supported/core:/${KOPANO_REPOSITORY_BRANCH}/Debian_9.0" ARG KOPANO_REPOSITORY_FLAGS="trusted=yes" # install kopano components RUN set -x && \ echo ${KOPANO_CORE_VERSION} > /kopano/buildversion && \ - echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano-core.list && \ - curl -s -S -o - "${KOPANO_REPOSITORY_URL}/Release.key" | apt-key add - && \ + echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano-core.list && \ + curl -s -S -o - "${KOPANO_CORE_REPOSITORY_URL}/Release.key" | apt-key add - && \ apt-get update && \ apt-get install --no-install-recommends -y \ kopano-server-packages="${KOPANO_CORE_VERSION}" \ @@ -55,8 +54,13 @@ RUN set -x && \ ENV KOPANO_LOCALE="de_DE.UTF-8" ENV KOPANO_USERSCRIPT_LOCALE="de_DE.UTF-8" -ENV LANG en_US.UTF-8 +ENV LANG=en_US.UTF-8 -ADD kcconf.py /kopano/kcconf.py +ENV SERVICE_TO_START=server -ENTRYPOINT ["/usr/local/bin/dumb-init", "--"] \ No newline at end of file +COPY kcconf.py defaultconfigs/ start-service.sh /kopano/ +RUN chmod a+x /kopano/start-service.sh + +ENTRYPOINT ["/usr/local/bin/dumb-init", "--"] + +CMD [ "/kopano/start-service.sh" ] \ No newline at end of file diff --git a/base/README.md b/base/README.md index 8e64799..0e6546b 100644 --- a/base/README.md +++ b/base/README.md @@ -1,2 +1,23 @@ -# kopano_base -The base image of all Kopano services. Based on debian:stretch. \ No newline at end of file +E-Mail attachment directory is by default in `/kopano/data/attachments/` so bind `/kopano/data` as volume. + +You can reconfigure by setting environment variable `KCCONF_SERVER_ATTACHMENT_PATH`. + +You can change all server.cfg settings you like prefixed with "`KCCONF_SERVER_`" +So specify "`KCCONF_SERVER_MYSQL_HOST`" for "mysql\_host" setting in "server.cfg". +Or specify "`KCCONF_LDAP_LDAP_SEARCH_BASE`" to set "ldap\_search_base" in "ldap.cfg". + +This image activates ActiveDirectory mode (Not OpenLDAP). +So you need an ActiveDirectory already running to use this. +You may try to override default settings with "`KCCONF_*`" options but using OpenLDAP instead of ActiveDirectory will fail due to !include command in ldap.cfg. This docker image does not support any method to edit this file. Create your own Dockerfile to enable OpenLDAP. + +For coredumps on crashes kopano-server requires the fs.suid_dumpable sysctl to contain the value 2, not 0. + +The docker image kopano_ssl will create certificates for all containers. Those certificates are selfsigned and only for internal Kopano component communication. + +kopano_webapp port 80 is meant to be published through a https reverse proxy. MAPI connection for Outlook is also handled over port 80. + +Maybe you need to execute `kopano-cli --list-users` once after initial install in the kopano_server container +see https://documentation.kopano.io/kopanocore_administrator_manual/configure_kc_components.html#testing-ldap-configuration + +Example: +`docker-compose exec kserver kopano-cli --list-users` (This may last very long without any console output.) \ No newline at end of file diff --git a/dagent/configure.py b/base/defaultconfigs/dagent.py similarity index 100% rename from dagent/configure.py rename to base/defaultconfigs/dagent.py diff --git a/gateway/configure.py b/base/defaultconfigs/gateway.py similarity index 100% rename from gateway/configure.py rename to base/defaultconfigs/gateway.py diff --git a/ical/configure.py b/base/defaultconfigs/ical.py similarity index 100% rename from ical/configure.py rename to base/defaultconfigs/ical.py diff --git a/monitor/configure.py b/base/defaultconfigs/monitor.py similarity index 100% rename from monitor/configure.py rename to base/defaultconfigs/monitor.py diff --git a/search/configure.py b/base/defaultconfigs/search.py similarity index 100% rename from search/configure.py rename to base/defaultconfigs/search.py diff --git a/server/configure.py b/base/defaultconfigs/server.py similarity index 64% rename from server/configure.py rename to base/defaultconfigs/server.py index 3c96683..217a2bf 100644 --- a/server/configure.py +++ b/base/defaultconfigs/server.py @@ -10,7 +10,12 @@ kcconf.configkopano({ 'attachment_path': "/kopano/data/attachments/", 'user_plugin': "ldap", 'server_listen': "", - 'server_listen_tls': "*:237", + 'server_listen_tls': "*:237" + }, + r"/etc/kopano/ldap.cfg": + { + 'kccomment': ["!include /usr/share/kopano/ldap.openldap.cfg"], + 'kcuncomment': ["!include /usr/share/kopano/ldap.active-directory.cfg"] } }) diff --git a/spooler/configure.py b/base/defaultconfigs/spooler.py similarity index 100% rename from spooler/configure.py rename to base/defaultconfigs/spooler.py diff --git a/base/start-service.sh b/base/start-service.sh new file mode 100644 index 0000000..bc4d911 --- /dev/null +++ b/base/start-service.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +set -eu # unset variables are errors & non-zero return values exit the whole script + +if [ ! -e /kopano/$SERVICE_TO_START.py ] +then + echo "Invalid service specified: $SERVICE_TO_START" | ts + exit 1 +fi + +mkdir -p /kopano/data/attachments /tmp/$SERVICE_TO_START /var/run/kopano + +echo "Configure core service '$SERVICE_TO_START'" | ts +/usr/bin/python3 /kopano/$SERVICE_TO_START.py + +echo "Set config ownership" | ts +chown -R kopano:kopano /kopano/data /run /tmp + +echo "Clean old pid files and sockets" | ts +rm -f /var/run/kopano/* + +case "$SERVICE_TO_START" in + server) + exec /usr/sbin/kopano-server -F + ;; + dagent) + exec /usr/sbin/kopano-dagent -l + ;; + gateway) + exec /usr/sbin/kopano-gateway -F + ;; + ical) + exec /usr/sbin/kopano-ical -F + ;; + monitor) + exec /usr/sbin/kopano-monitor -F + ;; + search) + exec /usr/bin/python /usr/sbin/kopano-search -F + ;; + spooler) + exec /usr/sbin/kopano-spooler -F + ;; + *) + echo "Failed to start: Unknown service name: '$SERVICE_TO_START'" | ts + exit 1 +esac \ No newline at end of file diff --git a/dagent/Dockerfile b/dagent/Dockerfile deleted file mode 100644 index 339f5c9..0000000 --- a/dagent/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -ARG KOPANO_CORE_VERSION=latest -FROM zokradonh/kopano_base:${KOPANO_CORE_VERSION} - -LABEL maintainer=az@zok.xyz \ - version="1.0" - -ADD configure.py /kopano/configure.py -ADD start.sh /kopano/start.sh - -RUN chmod a+x /kopano/start.sh - -EXPOSE 2003/tcp - -CMD [ "/kopano/start.sh" ] \ No newline at end of file diff --git a/dagent/start.sh b/dagent/start.sh deleted file mode 100644 index 03ecee8..0000000 --- a/dagent/start.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -set -eu # unset variables are errors & non-zero return values exit the whole script - -mkdir -p /tmp/dagent /var/run/kopano - -echo "Configure dagent" | ts -/usr/bin/python3 /kopano/configure.py - -echo "Set config ownership" | ts -chown -R kopano:kopano /kopano/data /run /tmp - -echo "Clean old pid files and sockets" | ts -rm -f /var/run/kopano/* - -exec /usr/sbin/kopano-dagent -l diff --git a/gateway/Dockerfile b/gateway/Dockerfile deleted file mode 100644 index ceba6a5..0000000 --- a/gateway/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -ARG KOPANO_CORE_VERSION=latest -FROM zokradonh/kopano_base:${KOPANO_CORE_VERSION} - -LABEL maintainer=az@zok.xyz \ - version="1.0" - -ADD configure.py /kopano/configure.py -ADD start.sh /kopano/start.sh - -RUN chmod a+x /kopano/start.sh - -EXPOSE 993/tcp - -CMD [ "/kopano/start.sh" ] \ No newline at end of file diff --git a/gateway/start.sh b/gateway/start.sh deleted file mode 100644 index 4274af1..0000000 --- a/gateway/start.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -set -eu # unset variables are errors & non-zero return values exit the whole script - -mkdir -p /tmp/gateway /var/run/kopano - -echo "Configure gateway" | ts -/usr/bin/python3 /kopano/configure.py - -echo "Set config ownership" | ts -chown -R kopano:kopano /kopano/data /run /tmp - -echo "Clean old pid files and sockets" | ts -rm -f /var/run/kopano/* - -exec /usr/sbin/kopano-gateway -F diff --git a/ical/Dockerfile b/ical/Dockerfile deleted file mode 100644 index 14e4a5c..0000000 --- a/ical/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -ARG KOPANO_CORE_VERSION=latest -FROM zokradonh/kopano_base:${KOPANO_CORE_VERSION} - -LABEL maintainer=az@zok.xyz \ - version="1.0" - -ADD configure.py /kopano/configure.py -ADD start.sh /kopano/start.sh - -RUN chmod a+x /kopano/start.sh - -CMD [ "bash", "-c", "/kopano/start.sh && /usr/sbin/kopano-ical -F" ] \ No newline at end of file diff --git a/ical/start.sh b/ical/start.sh deleted file mode 100644 index 3437b30..0000000 --- a/ical/start.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -set -eu # unset variables are errors & non-zero return values exit the whole script - -mkdir -p /kopano/data/attachments /var/run/kopano - -echo "Configure ical" | ts -/usr/bin/python3 /kopano/configure.py - -echo "Set config ownership" | ts -chown -R kopano:kopano /kopano/data /run /tmp - -echo "Clean old pid files and sockets" | ts -rm -f /var/run/kopano/* diff --git a/monitor/Dockerfile b/monitor/Dockerfile deleted file mode 100644 index 3393630..0000000 --- a/monitor/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -ARG KOPANO_CORE_VERSION=latest -FROM zokradonh/kopano_base:${KOPANO_CORE_VERSION} - -LABEL maintainer=az@zok.xyz \ - version="1.0" - -ADD configure.py /kopano/configure.py -ADD start.sh /kopano/start.sh - -RUN chmod a+x /kopano/start.sh - -CMD [ "/kopano/start.sh" ] \ No newline at end of file diff --git a/monitor/start.sh b/monitor/start.sh deleted file mode 100644 index 839cef6..0000000 --- a/monitor/start.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -set -eu # unset variables are errors & non-zero return values exit the whole script - -mkdir -p /kopano/data/attachments /var/run/kopano - -echo "Configure monitor" | ts -/usr/bin/python3 /kopano/configure.py - -echo "Set config ownership" | ts -chown -R kopano:kopano /kopano/data /run /tmp - -echo "Clean old pid files and sockets" | ts -rm -f /var/run/kopano/* - -exec /usr/sbin/kopano-monitor -F diff --git a/repoproxy/Dockerfile b/repoproxy/Dockerfile new file mode 100644 index 0000000..9c15d9b --- /dev/null +++ b/repoproxy/Dockerfile @@ -0,0 +1,6 @@ +FROM nginx:alpine + +COPY default.conf start.sh /buildproxy/ +RUN chmod a+x /buildproxy/start.sh + +CMD ["/buildproxy/start.sh"] \ No newline at end of file diff --git a/repoproxy/README.md b/repoproxy/README.md new file mode 100644 index 0000000..dafb166 --- /dev/null +++ b/repoproxy/README.md @@ -0,0 +1,4 @@ +This image is simply for building the Kopano images. It allows building Kopano from repositories that need a serial key without +exposing the serial key in the image metadata. + +Never publish an image of this proxy as this will include your serial. \ No newline at end of file diff --git a/repoproxy/default.conf b/repoproxy/default.conf new file mode 100644 index 0000000..0e408d7 --- /dev/null +++ b/repoproxy/default.conf @@ -0,0 +1,24 @@ +server { + listen 80; + server_name _; + + #charset koi8-r; + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + location / { + proxy_pass ${KOPANO_REPOSITORY_BASE_URL}; + proxy_set_header Authorization "Basic ${B64_CREDS}"; + } + +} \ No newline at end of file diff --git a/repoproxy/start.sh b/repoproxy/start.sh new file mode 100644 index 0000000..53641de --- /dev/null +++ b/repoproxy/start.sh @@ -0,0 +1,13 @@ +#!/bin/ash + +KOPANO_USER=serial + +export KOPANO_REPOSITORY_BASE_URL="https://download.kopano.io/" + +export B64_CREDS=$(echo "$KOPANO_USER:$KOPANO_SERIAL" | base64) + +# inject the secrets into config file +cat /buildproxy/default.conf | envsubst > /etc/nginx/conf.d/default.conf + +# run reverse proxy +exec nginx -g "daemon off;" \ No newline at end of file diff --git a/search/Dockerfile b/search/Dockerfile deleted file mode 100644 index 3393630..0000000 --- a/search/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -ARG KOPANO_CORE_VERSION=latest -FROM zokradonh/kopano_base:${KOPANO_CORE_VERSION} - -LABEL maintainer=az@zok.xyz \ - version="1.0" - -ADD configure.py /kopano/configure.py -ADD start.sh /kopano/start.sh - -RUN chmod a+x /kopano/start.sh - -CMD [ "/kopano/start.sh" ] \ No newline at end of file diff --git a/search/start.sh b/search/start.sh deleted file mode 100644 index 9e94992..0000000 --- a/search/start.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -set -eu # unset variables are errors & non-zero return values exit the whole script - -mkdir -p /kopano/data/attachments /var/run/kopano - -echo "Configure search" | ts -/usr/bin/python3 /kopano/configure.py - -echo "Set config ownership" | ts -chown -R kopano:kopano /kopano/data /run /tmp - -echo "Clean old pid files and sockets" | ts -rm -f /var/run/kopano/* - -exec /usr/bin/python3 /usr/sbin/kopano-search -F diff --git a/server/Dockerfile b/server/Dockerfile deleted file mode 100644 index 4e52b42..0000000 --- a/server/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -ARG KOPANO_CORE_VERSION=latest -FROM zokradonh/kopano_base:${KOPANO_CORE_VERSION} - -LABEL maintainer=az@zok.xyz \ - version="1.0" - -ADD configure.py /kopano/configure.py -ADD start.sh /kopano/start.sh - -RUN chmod a+x /kopano/start.sh - -EXPOSE 237/tcp - -CMD [ "/kopano/start.sh" ] \ No newline at end of file diff --git a/server/README.md b/server/README.md deleted file mode 100644 index 67b1b42..0000000 --- a/server/README.md +++ /dev/null @@ -1,34 +0,0 @@ - -This image is part of a complete set of kopano docker images: -* zokradonh/kopano_webapp -* zokradonh/kopano_spooler -* zokradonh/kopano_gateway -* zokradonh/kopano_ical -* zokradonh/kopano_dagent -* zokradonh/kopano_monitor -* zokradonh/kopano_search -* zokradonh/kopano_ssl - -E-Mail attachment directory is by default in /kopano/data/attachments/ so bind /kopano/data as volume. - -You can reconfigure by setting environment variable `KCCONF_SERVER_ATTACHMENT_PATH`. - -You can change all server.cfg settings you like prefixed with "`KCCONF_SERVER_`" -So specify "`KCCONF_SERVER_MYSQL_HOST`" for "mysql\_host" setting in "server.cfg". -Or specify "`KCCONF_LDAP_LDAP_SEARCH_BASE`" to set "ldap\_search_base" in "ldap.cfg". - -This image activates ActiveDirectory mode (Not OpenLDAP). -So you need an ActiveDirectory already running to use this. -You may try to override default settings with "`KCCONF_*`" options but using OpenLDAP instead of ActiveDirectory will fail due to !include command in ldap.cfg. This docker image does not support any method to edit this file. Create your own Dockerfile to enable OpenLDAP. - -For coredumps on crashes kopano-server requires the fs.suid_dumpable sysctl to contain the value 2, not 0. - -The docker image kopano_ssl will create certificates for all containers. Those certificates are selfsigned and only for internal Kopano component communication. - -kopano_webapp port 80 is meant to be published through a https reverse proxy. MAPI connection for Outlook is also handled over port 80. - -Maybe you need to execute `kopano-cli --list-users` once after initial install in the kopano_server container -see https://documentation.kopano.io/kopanocore_administrator_manual/configure_kc_components.html#testing-ldap-configuration - -Example: -`docker-compose exec kserver kopano-cli --list-users` (This may last very long without any console output.) \ No newline at end of file diff --git a/server/start.sh b/server/start.sh deleted file mode 100644 index 9f20aa6..0000000 --- a/server/start.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -set -eu # unset variables are errors & non-zero return values exit the whole script - -mkdir -p /kopano/data/attachments /var/run/kopano - -echo "Create default configs and prepare" | ts -sed -e "s|^\s*!include /usr/share/kopano/ldap.openldap.cfg|#!include /usr/sharekopano/ldap.openldap.cfg|" \ - -e "s|#!include /usr/share/kopano/ldap.active-directory.cfg|!include /usr/share/kopano/ldap.active-directory.cfg|" \ - -i /etc/kopano/ldap.cfg - -echo "Configure server core" | ts -/usr/bin/python3 /kopano/configure.py - -echo "Set config ownership" | ts -chown -R kopano:kopano /kopano/data /run /tmp - -echo "Clean old pid files and sockets" | ts -rm -f /var/run/kopano/* - -exec /usr/sbin/kopano-server -F diff --git a/spooler/Dockerfile b/spooler/Dockerfile deleted file mode 100644 index 3393630..0000000 --- a/spooler/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -ARG KOPANO_CORE_VERSION=latest -FROM zokradonh/kopano_base:${KOPANO_CORE_VERSION} - -LABEL maintainer=az@zok.xyz \ - version="1.0" - -ADD configure.py /kopano/configure.py -ADD start.sh /kopano/start.sh - -RUN chmod a+x /kopano/start.sh - -CMD [ "/kopano/start.sh" ] \ No newline at end of file diff --git a/spooler/start.sh b/spooler/start.sh deleted file mode 100644 index 9e71361..0000000 --- a/spooler/start.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -set -eu # unset variables are errors & non-zero return values exit the whole script - -mkdir -p /kopano/data/attachments /tmp/spooler /var/run/kopano - -echo "Configure spooler" | ts -/usr/bin/python3 /kopano/configure.py - -echo "Set config ownership" | ts -chown -R kopano:kopano /kopano/data /run /tmp - -echo "Clean old pid files and sockets" | ts -rm -f /var/run/kopano/* - -exec /usr/sbin/kopano-spooler -F