diff --git a/.gitignore b/.gitignore index 118f789..7ab73c2 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ **/.vscode *.yml docker-compose.yml -certs/* +ssl/* +data/* diff --git a/docker-compose.yml-example b/docker-compose.yml-example index a60af85..ab1cee1 100644 --- a/docker-compose.yml-example +++ b/docker-compose.yml-example @@ -1,9 +1,111 @@ -version: '3' +version: "3" services: + web: + image: abiosoft/caddy:0.10.4 + restart: always + privileged: true + links: + - kwebapp + #- kzpush + ports: + - "10080:80" + - "10443:443" + volumes: + - ./web/Caddyfile:/etc/Caddyfile + - ./data/web:/root/.caddy + + mail: + image: tvial/docker-mailserver:latest + restart: always + hostname: mail + domainname: kopano.demo # change here + container_name: mail + ports: + - "25:25" + volumes: + - ./data/mail/data:/var/mail + - ./data/mail/state:/var/mail-state + - ./mail/config:/tmp/docker-mailserver/ + - ./data/web/acme-v01.api.letsencrypt.org/sites/mail.kopano.demo:/tmp/ssl:ro + environment: + - TZ=Europe/Berlin + - ENABLE_SPAMASSASSIN=1 + - ENABLE_CLAMAV=1 + - ENABLE_FAIL2BAN=1 + - ENABLE_POSTGREY=1 + - ONE_DIR=1 + - DMS_DEBUG=0 + - SSL_TYPE=manual + - SSL_CERT_PATH=/tmp/ssl/mail.kopano.demo.crt + - SSL_KEY_PATH=/tmp/ssl/mail.kopano.demo.key + - ENABLE_LDAP=1 + - LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here + - LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here + - LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here + - LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here + - LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s))) + - LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s)) + - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s)) + - LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group))) + - ENABLE_SASLAUTHD=1 + - SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here + - SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here + - SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER #change here + - SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here + - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person)) + - SASLAUTHD_MECHANISMS=ldap + - POSTMASTER_ADDRESS=postmaster@domain.tld #change here + - SMTP_ONLY=1 + - PERMIT_DOCKER=network + - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1 + - POSTFIX_DAGENT=lmtp:kdagent:2003 + - REPORT_RECIPIENT=1 + networks: + - kopanonet + cap_add: + - NET_ADMIN + - SYS_PTRACE + + # TODO find good example ldap container + db: + image: mariadb:10.3.10-bionic + restart: always + container_name: kopano_db + volumes: + - ./data/mysql/:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here + - MYSQL_PASSWORD=YOUR_PASSWORD #change here + - MYSQL_DATABASE=kopano + - MYSQL_USER=kopano + networks: + - kopanonet + + kwebapp: + image: zokradonh/kopano_webapp:latest + hostname: kwebapp + container_name: kopano_webapp + links: + - kserver + volumes: + - ./data/z-push-states/:/var/lib/z-push/ + - ./ssl/:/kopano/ssl + - ./data/socket/:/run/kopano + environment: + - TZ=Europe/Berlin + networks: + - web + - kopanonet + + kssl: + image: zokradonh/kopano_ssl + container_name: kopano_ssl + volumes: + - ./ssl/:/kopano/ssl kserver: - image: zokradonh/kopano_core:${CORE_VERSION} + image: zokradonh/kopano_core:latest hostname: kserver container_name: kopano_server links: @@ -36,263 +138,10 @@ services: networks: - kopanonet volumes: - - data:/kopano/data - - sslcerts:/kopano/ssl - - kdagent: - image: zokradonh/kopano_core:${CORE_VERSION} - container_name: kopano_dagent - links: - - kserver - volumes: - - sslcerts:/kopano/ssl - environment: - - SERVICE_TO_START=dagent - - TZ=Europe/Berlin - - KCCONF_DAGENT_LOG_LEVEL=6 - - KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/ - - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem - networks: - - kopanonet - - kgateway: - image: zokradonh/kopano_core:${CORE_VERSION} - container_name: kopano_gateway - links: - - kserver - volumes: - - ./gatewaycerts/:/kopano/certs/ - environment: - - SERVICE_TO_START=gateway - - TZ=Europe/Berlin - - KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/ - - KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here - - KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here - networks: - - kopanonet - - kical: - image: zokradonh/kopano_core:${CORE_VERSION} - container_name: kopano_ical - links: - - kserver - environment: - - SERVICE_TO_START=ical - - TZ=Europe/Berlin - - KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/ - networks: - - kopanonet - - kmonitor: - image: zokradonh/kopano_core:${CORE_VERSION} - container_name: kopano_monitor - links: - - kserver - volumes: - - sslcerts:/kopano/ssl - environment: - - SERVICE_TO_START=monitor - - TZ=Europe/Berlin - - KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/ - - KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem - networks: - - kopanonet - - ksearch: - image: zokradonh/kopano_core:${CORE_VERSION} - container_name: kopano_search - links: - - kserver - volumes: - - sslcerts:/kopano/ssl - environment: - - SERVICE_TO_START=search - - TZ=Europe/Berlin - - KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380 - - KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/ - - KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem - networks: - - kopanonet - - kspooler: - image: zokradonh/kopano_core:${CORE_VERSION} - container_name: kopano_spooler - links: - - kserver - volumes: - - sslcerts:/kopano/ssl - environment: - - SERVICE_TO_START=spooler - - TZ=Europe/Berlin - - KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/ - - KCCONF_SPOOLER_LOG_LEVEL=4 - - KCCONF_SPOOLER_SMTP_SERVER=kmta - - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem - networks: - - kopanonet - - kwebapp: - image: zokradonh/kopano_webapp:${WEBAPP_VERSION} - hostname: kwebapp - container_name: kopano_webapp - links: - - kserver - #ports: - # - "8236:80" - # - "8237:443" - volumes: - - syncstates:/var/lib/z-push/ - - sslcerts:/kopano/ssl - environment: - - TZ=Europe/Berlin - - KCCONF_SERVERHOSTNAME=kserver - - KCCONF_SERVERPORT=237 - networks: - - web - - kopanonet - - kssl: - image: zokradonh/kopano_ssl - container_name: kopano_ssl - volumes: - - sslcerts:/kopano/ssl - - kmta: - image: tvial/docker-mailserver:latest - hostname: myhost #change here - domainname: domain.tld #change here - #dns: 127.0.0.1 - container_name: kopano_mta - #links: - # - adtunnel - ports: - - "25:25" - # - "143:143" - # - "587:587" - # - "993:993" - volumes: - - tmpmaildata:/var/mail - - tmpmailstate:/var/mail-state - - ./mtaconfig/:/tmp/docker-mailserver/ # create this dir - environment: - - TZ=Europe/Berlin - - ENABLE_SPAMASSASSIN=1 - - ENABLE_CLAMAV=1 - - ENABLE_FAIL2BAN=1 - - ENABLE_POSTGREY=1 - - TLS_LEVEL=intermediate - - POSTGREY_DELAY=10 - - ONE_DIR=1 - - DMS_DEBUG=0 - - ENABLE_LDAP=1 - - LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here - - LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here - - LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here - - LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here - - LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s))) - - LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s)) - - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s)) - - LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group))) - - ENABLE_SASLAUTHD=1 - - SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here - - SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here - - SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER #change here - - SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here - - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person)) - - SASLAUTHD_MECHANISMS=ldap - - POSTMASTER_ADDRESS=postmaster@domain.tld #change here - - SMTP_ONLY=1 - - PERMIT_DOCKER=network - - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1 - - POSTFIX_DAGENT=lmtp:kdagent:2003 - - REPORT_RECIPIENT=1 - networks: - - kopanonet - cap_add: - - NET_ADMIN - - SYS_PTRACE - - db: - image: mariadb - restart: always - container_name: kopano_db - volumes: - - db:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here - - MYSQL_PASSWORD=YOUR_PASSWORD #change here - - MYSQL_DATABASE=kopano - - MYSQL_USER=kopano - networks: - - kopanonet - -volumes: - db: - data: - syncstates: - sslcerts: - tmpmaildata: - tmpmailstate: + - ./data/kopano/:/kopano/data + - ./ssl/:/kopano/ssl networks: web: - external: - driver: default kopanonet: driver: bridge - - - -version: "3" - -services: - rainloop: - image: hardware/rainloop - links: - - mail - volumes: - - ./data/rainloop:/rainloop/data - - mail: - image: tvial/docker-mailserver:latest - restart: always - hostname: mail - domainname: fancydomain.tld - container_name: mail - ports: - - "25:25" - - "143:143" - - "587:587" - - "993:993" - - "4190:4190" - volumes: - - ./data/mail/data:/var/mail - - ./data/mail/state:/var/mail-state - - ./mail/config:/tmp/docker-mailserver/ - - ./data/entry/acme/acme-v01.api.letsencrypt.org/sites/mail.fancydomain.tld:/tmp/ssl:ro - environment: - - ENABLE_SPAMASSASSIN=1 - - ENABLE_CLAMAV=1 - - ENABLE_FAIL2BAN=1 - - ENABLE_POSTGREY=1 - - ONE_DIR=1 - - DMS_DEBUG=0 - - ENABLE_MANAGESIEVE=1 - - SSL_TYPE=manual - - SSL_CERT_PATH=/tmp/ssl/mail.fancydomain.tld.crt - - SSL_KEY_PATH=/tmp/ssl/mail.fancydomain.tld.key - cap_add: - - NET_ADMIN - - entry: - image: abiosoft/caddy:0.10.4 - restart: always - privileged: true - links: - - rainloop - ports: - - "80:80" - - "443:443" - volumes: - - ./entry/Caddyfile:/etc/Caddyfile - - ./data/entry:/root/.caddy diff --git a/Caddyfile b/web/Caddyfile similarity index 100% rename from Caddyfile rename to web/Caddyfile