New: Every service now uses same image (kopano_base)

.gitignore

@@ -1,3 +1,4 @@
 .vscode/settings.json
 **/.vscode
-*-build.sh
+*-build.sh
+*.yml

base/Dockerfile

@@ -1,9 +1,9 @@
 FROM debian:stretch
 
 LABEL maintainer=az@zok.xyz \
-      version="1.2"
+      version="2.0"
 
-RUN mkdir -p /kopano/repo && mkdir -p /kopano/data
+RUN mkdir -p /kopano/repo /kopano/data
 WORKDIR /kopano/repo
 
 ENV DEBIAN_FRONTEND noninteractive
@@ -29,21 +29,20 @@ RUN curl -s -S -L -o /usr/local/bin/confix https://raw.githubusercontent.com/bud
     curl -s -S -L -o /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.1/dumb-init_1.2.1_amd64 && \
     chmod a+x /usr/local/bin/dumb-init
 
-# If you have active Kopano subscription you can provide your own details via build args.
-# If you want to use community version, use images from hub.docker.com or built your own
-# kopano package host via kopano_version_watch project in order to use nightly builds.
+# If you have active Kopano subscription you can change KOPANO_CORE_REPOSITORY_URL to
+# https://serial:<YOURSERIAL>@download.kopano.io/supported/core:/final/Debian_9.0
+# and replace <YOURSERIAL> with your serial. You can also use pre-final or any other repository branch.
+# If you want to use community version please use images from hub.docker.com
 ARG KOPANO_CORE_VERSION=newest
 ARG KOPANO_REPOSITORY_BRANCH=master
-ARG KOPANO_USER=serial
-ARG KOPANO_SERIAL
-ARG KOPANO_REPOSITORY_URL="https://${KOPANO_USER}:${KOPANO_SERIAL}@download.kopano.io/supported/core:/${KOPANO_REPOSITORY_BRANCH}/Debian_9.0"
+ARG KOPANO_CORE_REPOSITORY_URL="http://buildproxy/supported/core:/${KOPANO_REPOSITORY_BRANCH}/Debian_9.0"
 ARG KOPANO_REPOSITORY_FLAGS="trusted=yes"
 
 # install kopano components
 RUN set -x && \
     echo ${KOPANO_CORE_VERSION} > /kopano/buildversion && \
-    echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano-core.list && \
-    curl -s -S -o - "${KOPANO_REPOSITORY_URL}/Release.key" | apt-key add - && \
+    echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano-core.list && \
+    curl -s -S -o - "${KOPANO_CORE_REPOSITORY_URL}/Release.key" | apt-key add - && \
     apt-get update && \
     apt-get install --no-install-recommends -y \
         kopano-server-packages="${KOPANO_CORE_VERSION}" \
@@ -55,8 +54,13 @@ RUN set -x && \
 
 ENV KOPANO_LOCALE="de_DE.UTF-8"
 ENV KOPANO_USERSCRIPT_LOCALE="de_DE.UTF-8"
-ENV LANG en_US.UTF-8 
+ENV LANG=en_US.UTF-8 
 
-ADD kcconf.py /kopano/kcconf.py
+ENV SERVICE_TO_START=server
 
-ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
+COPY kcconf.py defaultconfigs/ start-service.sh /kopano/
+RUN chmod a+x /kopano/start-service.sh
+
+ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
+
+CMD [ "/kopano/start-service.sh" ]

base/README.md

@@ -1,2 +1,23 @@
-# kopano_base
-The base image of all Kopano services. Based on debian:stretch.
+E-Mail attachment directory is by default in `/kopano/data/attachments/` so bind `/kopano/data` as volume.
+
+You can reconfigure by setting environment variable `KCCONF_SERVER_ATTACHMENT_PATH`.
+
+You can change all server.cfg settings you like prefixed with "`KCCONF_SERVER_`"
+So specify "`KCCONF_SERVER_MYSQL_HOST`" for "mysql\_host" setting in "server.cfg".
+Or specify "`KCCONF_LDAP_LDAP_SEARCH_BASE`" to set "ldap\_search_base" in "ldap.cfg".
+
+This image activates ActiveDirectory mode (Not OpenLDAP).
+So you need an ActiveDirectory already running to use this.
+You may try to override default settings with "`KCCONF_*`" options but using OpenLDAP instead of ActiveDirectory will fail due to !include command in ldap.cfg. This docker image does not support any method to edit this file. Create your own Dockerfile to enable OpenLDAP.
+
+For coredumps on crashes kopano-server requires the fs.suid_dumpable sysctl to contain the value 2, not 0.
+
+The docker image kopano_ssl will create certificates for all containers. Those certificates are selfsigned and only for internal Kopano component communication.
+
+kopano_webapp port 80 is meant to be published through a https reverse proxy. MAPI connection for Outlook is also handled over port 80.
+
+Maybe you need to execute `kopano-cli --list-users` once after initial install in the kopano_server container
+see https://documentation.kopano.io/kopanocore_administrator_manual/configure_kc_components.html#testing-ldap-configuration
+
+Example:
+`docker-compose exec kserver kopano-cli --list-users` (This may last very long without any console output.)

base/defaultconfigs/server.py

@@ -10,7 +10,12 @@ kcconf.configkopano({
         'attachment_path': "/kopano/data/attachments/",
         'user_plugin': "ldap",
         'server_listen': "",
-        'server_listen_tls': "*:237",
+        'server_listen_tls': "*:237"
+    },
+    r"/etc/kopano/ldap.cfg":
+    {
+        'kccomment': ["!include /usr/share/kopano/ldap.openldap.cfg"],
+        'kcuncomment': ["!include /usr/share/kopano/ldap.active-directory.cfg"]
     }
 })
 

base/start-service.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+
+set -eu # unset variables are errors & non-zero return values exit the whole script
+
+if [ ! -e /kopano/$SERVICE_TO_START.py ]
+then
+    echo "Invalid service specified: $SERVICE_TO_START" | ts
+    exit 1
+fi
+
+mkdir -p /kopano/data/attachments /tmp/$SERVICE_TO_START /var/run/kopano
+
+echo "Configure core service '$SERVICE_TO_START'" | ts
+/usr/bin/python3 /kopano/$SERVICE_TO_START.py
+
+echo "Set config ownership" | ts
+chown -R kopano:kopano /kopano/data /run /tmp
+
+echo "Clean old pid files and sockets" | ts
+rm -f /var/run/kopano/*
+
+case "$SERVICE_TO_START" in
+    server)
+        exec /usr/sbin/kopano-server -F
+        ;;
+    dagent)
+        exec /usr/sbin/kopano-dagent -l
+        ;;
+    gateway)
+        exec /usr/sbin/kopano-gateway -F
+        ;;
+    ical)
+        exec /usr/sbin/kopano-ical -F
+        ;;
+    monitor)
+        exec /usr/sbin/kopano-monitor -F
+        ;;
+    search)
+        exec /usr/bin/python /usr/sbin/kopano-search -F
+        ;;
+    spooler)
+        exec /usr/sbin/kopano-spooler -F
+        ;;
+    *)
+        echo "Failed to start: Unknown service name: '$SERVICE_TO_START'" | ts
+        exit 1
+esac

dagent/Dockerfile

@@ -1,14 +0,0 @@
-ARG KOPANO_CORE_VERSION=latest
-FROM zokradonh/kopano_base:${KOPANO_CORE_VERSION}
-
-LABEL maintainer=az@zok.xyz \
-      version="1.0"
-
-ADD configure.py /kopano/configure.py
-ADD start.sh /kopano/start.sh
-
-RUN chmod a+x /kopano/start.sh
-
-EXPOSE 2003/tcp
-
-CMD [ "/kopano/start.sh" ]

dagent/start.sh

@@ -1,16 +0,0 @@
-#!/bin/bash
-
-set -eu # unset variables are errors & non-zero return values exit the whole script
-
-mkdir -p /tmp/dagent /var/run/kopano
-
-echo "Configure dagent" | ts
-/usr/bin/python3 /kopano/configure.py
-
-echo "Set config ownership" | ts
-chown -R kopano:kopano /kopano/data /run /tmp
-
-echo "Clean old pid files and sockets" | ts
-rm -f /var/run/kopano/*
-
-exec /usr/sbin/kopano-dagent -l

gateway/Dockerfile

@@ -1,14 +0,0 @@
-ARG KOPANO_CORE_VERSION=latest
-FROM zokradonh/kopano_base:${KOPANO_CORE_VERSION}
-
-LABEL maintainer=az@zok.xyz \
-      version="1.0"
-
-ADD configure.py /kopano/configure.py
-ADD start.sh /kopano/start.sh
-
-RUN chmod a+x /kopano/start.sh
-
-EXPOSE 993/tcp
-
-CMD [ "/kopano/start.sh" ]

gateway/start.sh

@@ -1,16 +0,0 @@
-#!/bin/bash
-
-set -eu # unset variables are errors & non-zero return values exit the whole script
-
-mkdir -p /tmp/gateway /var/run/kopano
-
-echo "Configure gateway" | ts
-/usr/bin/python3 /kopano/configure.py
-
-echo "Set config ownership" | ts
-chown -R kopano:kopano /kopano/data /run /tmp
-
-echo "Clean old pid files and sockets" | ts
-rm -f /var/run/kopano/*
-
-exec /usr/sbin/kopano-gateway -F

ical/Dockerfile

@@ -1,12 +0,0 @@
-ARG KOPANO_CORE_VERSION=latest
-FROM zokradonh/kopano_base:${KOPANO_CORE_VERSION}
-
-LABEL maintainer=az@zok.xyz \
-      version="1.0"
-
-ADD configure.py /kopano/configure.py
-ADD start.sh /kopano/start.sh
-
-RUN chmod a+x /kopano/start.sh
-
-CMD [ "bash", "-c", "/kopano/start.sh && /usr/sbin/kopano-ical -F" ]

ical/start.sh

@@ -1,14 +0,0 @@
-#!/bin/bash
-
-set -eu # unset variables are errors & non-zero return values exit the whole script
-
-mkdir -p /kopano/data/attachments /var/run/kopano
-
-echo "Configure ical" | ts
-/usr/bin/python3 /kopano/configure.py
-
-echo "Set config ownership" | ts
-chown -R kopano:kopano /kopano/data /run /tmp
-
-echo "Clean old pid files and sockets" | ts
-rm -f /var/run/kopano/*

monitor/Dockerfile

@@ -1,12 +0,0 @@
-ARG KOPANO_CORE_VERSION=latest
-FROM zokradonh/kopano_base:${KOPANO_CORE_VERSION}
-
-LABEL maintainer=az@zok.xyz \
-      version="1.0"
-
-ADD configure.py /kopano/configure.py
-ADD start.sh /kopano/start.sh
-
-RUN chmod a+x /kopano/start.sh
-
-CMD [ "/kopano/start.sh" ]

monitor/start.sh

@@ -1,16 +0,0 @@
-#!/bin/bash
-
-set -eu # unset variables are errors & non-zero return values exit the whole script
-
-mkdir -p /kopano/data/attachments /var/run/kopano
-
-echo "Configure monitor" | ts
-/usr/bin/python3 /kopano/configure.py
-
-echo "Set config ownership" | ts
-chown -R kopano:kopano /kopano/data /run /tmp
-
-echo "Clean old pid files and sockets" | ts
-rm -f /var/run/kopano/*
-
-exec /usr/sbin/kopano-monitor -F

repoproxy/Dockerfile

@@ -0,0 +1,6 @@
+FROM nginx:alpine
+
+COPY default.conf start.sh /buildproxy/
+RUN chmod a+x /buildproxy/start.sh
+
+CMD ["/buildproxy/start.sh"]

repoproxy/README.md

@@ -0,0 +1,4 @@
+This image is simply for building the Kopano images. It allows building Kopano from repositories that need a serial key without 
+exposing the serial key in the image metadata.
+
+Never publish an image of this proxy as this will include your serial.

repoproxy/default.conf

@@ -0,0 +1,24 @@
+server {
+    listen       80;
+    server_name  _;
+
+    #charset koi8-r;
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+    #
+    #location ~ \.php$ {
+    #    proxy_pass   http://127.0.0.1;
+    #}
+
+    location / {
+        proxy_pass ${KOPANO_REPOSITORY_BASE_URL};
+        proxy_set_header Authorization "Basic ${B64_CREDS}";
+    }
+
+}

repoproxy/start.sh

@@ -0,0 +1,13 @@
+#!/bin/ash
+
+KOPANO_USER=serial
+
+export KOPANO_REPOSITORY_BASE_URL="https://download.kopano.io/"
+
+export B64_CREDS=$(echo "$KOPANO_USER:$KOPANO_SERIAL" | base64)
+
+# inject the secrets into config file
+cat /buildproxy/default.conf | envsubst > /etc/nginx/conf.d/default.conf
+
+# run reverse proxy
+exec nginx -g "daemon off;"

search/Dockerfile

@@ -1,12 +0,0 @@
-ARG KOPANO_CORE_VERSION=latest
-FROM zokradonh/kopano_base:${KOPANO_CORE_VERSION}
-
-LABEL maintainer=az@zok.xyz \
-      version="1.0"
-
-ADD configure.py /kopano/configure.py
-ADD start.sh /kopano/start.sh
-
-RUN chmod a+x /kopano/start.sh
-
-CMD [ "/kopano/start.sh" ]

search/start.sh

@@ -1,16 +0,0 @@
-#!/bin/bash
-
-set -eu # unset variables are errors & non-zero return values exit the whole script
-
-mkdir -p /kopano/data/attachments /var/run/kopano
-
-echo "Configure search" | ts
-/usr/bin/python3 /kopano/configure.py
-
-echo "Set config ownership" | ts
-chown -R kopano:kopano /kopano/data /run /tmp
-
-echo "Clean old pid files and sockets" | ts
-rm -f /var/run/kopano/*
-
-exec /usr/bin/python3 /usr/sbin/kopano-search -F

server/Dockerfile

@@ -1,14 +0,0 @@
-ARG KOPANO_CORE_VERSION=latest
-FROM zokradonh/kopano_base:${KOPANO_CORE_VERSION}
-
-LABEL maintainer=az@zok.xyz \
-      version="1.0"
-
-ADD configure.py /kopano/configure.py
-ADD start.sh /kopano/start.sh
-
-RUN chmod a+x /kopano/start.sh
-
-EXPOSE 237/tcp
-
-CMD [ "/kopano/start.sh" ]

server/README.md

@@ -1,34 +0,0 @@
-
-This image is part of a complete set of kopano docker images:
-* zokradonh/kopano_webapp
-* zokradonh/kopano_spooler
-* zokradonh/kopano_gateway
-* zokradonh/kopano_ical
-* zokradonh/kopano_dagent
-* zokradonh/kopano_monitor
-* zokradonh/kopano_search
-* zokradonh/kopano_ssl
-
-E-Mail attachment directory is by default in /kopano/data/attachments/ so bind /kopano/data as volume.
-
-You can reconfigure by setting environment variable `KCCONF_SERVER_ATTACHMENT_PATH`.
-
-You can change all server.cfg settings you like prefixed with "`KCCONF_SERVER_`"
-So specify "`KCCONF_SERVER_MYSQL_HOST`" for "mysql\_host" setting in "server.cfg".
-Or specify "`KCCONF_LDAP_LDAP_SEARCH_BASE`" to set "ldap\_search_base" in "ldap.cfg".
-
-This image activates ActiveDirectory mode (Not OpenLDAP).
-So you need an ActiveDirectory already running to use this.
-You may try to override default settings with "`KCCONF_*`" options but using OpenLDAP instead of ActiveDirectory will fail due to !include command in ldap.cfg. This docker image does not support any method to edit this file. Create your own Dockerfile to enable OpenLDAP.
-
-For coredumps on crashes kopano-server requires the fs.suid_dumpable sysctl to contain the value 2, not 0.
-
-The docker image kopano_ssl will create certificates for all containers. Those certificates are selfsigned and only for internal Kopano component communication.
-
-kopano_webapp port 80 is meant to be published through a https reverse proxy. MAPI connection for Outlook is also handled over port 80.
-
-Maybe you need to execute `kopano-cli --list-users` once after initial install in the kopano_server container
-see https://documentation.kopano.io/kopanocore_administrator_manual/configure_kc_components.html#testing-ldap-configuration
-
-Example:
-`docker-compose exec kserver kopano-cli --list-users` (This may last very long without any console output.)

server/start.sh

@@ -1,21 +0,0 @@
-#!/bin/bash
-
-set -eu # unset variables are errors & non-zero return values exit the whole script
-
-mkdir -p /kopano/data/attachments /var/run/kopano
-
-echo "Create default configs and prepare" | ts
-sed -e "s|^\s*!include /usr/share/kopano/ldap.openldap.cfg|#!include /usr/sharekopano/ldap.openldap.cfg|" \
-    -e "s|#!include /usr/share/kopano/ldap.active-directory.cfg|!include /usr/share/kopano/ldap.active-directory.cfg|" \
-    -i /etc/kopano/ldap.cfg
-
-echo "Configure server core" | ts
-/usr/bin/python3 /kopano/configure.py
-
-echo "Set config ownership" | ts
-chown -R kopano:kopano /kopano/data /run /tmp
-
-echo "Clean old pid files and sockets" | ts
-rm -f /var/run/kopano/*
-
-exec /usr/sbin/kopano-server -F

spooler/Dockerfile

@@ -1,12 +0,0 @@
-ARG KOPANO_CORE_VERSION=latest
-FROM zokradonh/kopano_base:${KOPANO_CORE_VERSION}
-
-LABEL maintainer=az@zok.xyz \
-      version="1.0"
-
-ADD configure.py /kopano/configure.py
-ADD start.sh /kopano/start.sh
-
-RUN chmod a+x /kopano/start.sh
-
-CMD [ "/kopano/start.sh" ]

spooler/start.sh

@@ -1,16 +0,0 @@
-#!/bin/bash
-
-set -eu # unset variables are errors & non-zero return values exit the whole script
-
-mkdir -p /kopano/data/attachments /tmp/spooler /var/run/kopano
-
-echo "Configure spooler" | ts
-/usr/bin/python3 /kopano/configure.py
-
-echo "Set config ownership" | ts
-chown -R kopano:kopano /kopano/data /run /tmp
-
-echo "Clean old pid files and sockets" | ts
-rm -f /var/run/kopano/*
-
-exec /usr/sbin/kopano-spooler -F