implement new env variable to disable all automatic actions (#434)

* implement new env variable to disable all automatic actions fixes https://github.com/zokradonh/kopano-docker/issues/360 * wrap the remaining services in checks if autoconfigure/disable_checks is used * move definition of AUTOCONFIGURE variable into base image * add logic to kapps and kdav container * add autoconfigure to konnect container * update build stage to latest golang * add autoconfig to remaining images * delete obsolete apache config in z-push folder * when specifying config paths use KOPANO_CONFIG_PATH * also use env variable in helper scripts * add message about removal of kopano-cli
2025-10-31 02:17:47 +00:00 · 2020-08-28 09:48:32 +02:00 · 2020-08-28 09:48:32 +02:00 · d514ef44cb
commit d514ef44cb
parent 3d7ff97aab
18 changed files with 617 additions and 566 deletions
--- a/base/Dockerfile
+++ b/base/Dockerfile
@ -11,6 +11,7 @@ ARG KOPANO_UID=999
 ARG KOPANO_GID=999
 ENV \
    AUTOCONFIGURE=true \
    BASE_VERSION=2.2.0 \
    DEBIAN_FRONTEND=noninteractive \
    DEBUG=""
--- a/core/bin/kopano-autorespond
+++ b/core/bin/kopano-autorespond
@ -1,3 +1,3 @@
 #!/bin/bash
-/usr/sbin/kopano-autorespond -C /tmp/kopano/autorespond.cfg "$@"
+/usr/sbin/kopano-autorespond -C "$KOPANO_CONFIG_PATH/autorespond.cfg" "$@"
--- a/core/bin/kopano-cli
+++ b/core/bin/kopano-cli
@ -1,3 +1,8 @@
 #!/bin/bash
-/usr/sbin/kopano-cli --config /tmp/kopano/admin.cfg "$@"
+if [ ! -f /usr/sbin/kopano-cli ]; then
 	echo "kopano-cli has been removed from Kopano Groupware Core 10 and upwards. Please use kopano-admin instead."
 	exit 1
 fi
 /usr/sbin/kopano-cli --config "$KOPANO_CONFIG_PATH/admin.cfg" "$@"
--- a/core/start-service.sh
+++ b/core/start-service.sh
@ -4,6 +4,7 @@ set -eu # unset variables are errors & non-zero return values exit the whole scr
 [ "$DEBUG" ] && set -x
 ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
 AUTOCONFIGURE=${AUTOCONFIGURE:-true} # when set to false will disable all automatic configuration actions
 KCCONF_SERVER_MYSQL_SOCKET=${KCCONF_SERVER_MYSQL_SOCKET:-""}
 DISABLE_CHECKS=${DISABLE_CHECKS:-false}
 DISABLE_CONFIG_CHANGES=${DISABLE_CONFIG_CHANGES:-false}
@ -16,47 +17,50 @@ KCCONF_SPOOLER_SERVER_SOCKET=${KCCONF_SPOOLER_SERVER_SOCKET:-"file:///var/run/ko
 KOPANO_CON=${KOPANO_CON:-"file:///var/run/kopano/server.sock"}
 KCCONF_SPOOLER_SMTP_SERVER=${KCCONF_SPOOLER_SMTP_SERVER:-mail}
 KCCONF_SPOOLER_SMTP_PORT=${KCCONF_SPOOLER_SMTP_PORT:-25}
 KOPANO_CONFIG_PATH=${KOPANO_CONFIG_PATH:-/tmp/kopano}
-# copy configuration files to /tmp/kopano to prevent modification of mounted config files
+if [ "${AUTOCONFIGURE}" == true ]; then
-mkdir -p /tmp/kopano
+	# copy configuration files to /tmp/kopano (default value of $KOPANO_CONFIG_PATH)  to prevent modification of mounted config files
-cp /etc/kopano/*.cfg /tmp/kopano
+	mkdir -p /tmp/kopano
 	cp /etc/kopano/*.cfg /tmp/kopano
-if [ ! -e /kopano/"$SERVICE_TO_START".py ]; then
+	if [ ! -e /kopano/"$SERVICE_TO_START".py ]; then
-	echo "Invalid service specified: $SERVICE_TO_START" | ts
+		echo "Invalid service specified: $SERVICE_TO_START" | ts
-	exit 1
+		exit 1
 	fi
 	# Hint: this is not compatible with a read-only container.
 	# The general recommendation is to already build a container that has all required packages installed.
 	ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
 	if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
 		[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
 		[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
 			# shellcheck disable=SC2016 disable=SC2086
 			if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
 				DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg"
 			else
 				echo "INFO: $installpkg is already installed"
 			fi
 		done
 	else
 		echo "Notice: Container is run read-only, skipping package installation."
 		echo "If you want to have additional packages installed in the container either:"
 		echo "- build your own image with the packages already included"
 		echo "- switch the container to 'read_only: false'"
 	fi
 	mkdir -p /tmp/"$SERVICE_TO_START" /var/run/kopano
 	# TODO is this still required now that we won't modify configuration mounted to /etc/kopano?
 	if [ "${DISABLE_CONFIG_CHANGES}" == false ]; then
 		echo "Configure core service '$SERVICE_TO_START'" | ts
 		/kopano/"$SERVICE_TO_START".py
 	fi
 	# ensure removed pid-file on unclean shutdowns and mounted volumes
 	rm -f /var/run/kopano/"$SERVICE_TO_START".pid
 fi
 # Hint: this is not compatible with a read-only container.
 # The general recommendation is to already build a container that has all required packages installed.
 ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
 if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
 	[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
 	[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
 		# shellcheck disable=SC2016 disable=SC2086
 		if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
 			DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg"
 		else
 			echo "INFO: $installpkg is already installed"
 		fi
 	done
 else
 	echo "Notice: Container is run read-only, skipping package installation."
 	echo "If you want to have additional packages installed in the container either:"
 	echo "- build your own image with the packages already included"
 	echo "- switch the container to 'read_only: false'"
 fi
 mkdir -p /tmp/"$SERVICE_TO_START" /var/run/kopano
 # TODO is this still required now that we won't modify configuration mounted to /etc/kopano?
 if [ "${DISABLE_CONFIG_CHANGES}" == false ]; then
 	echo "Configure core service '$SERVICE_TO_START'" | ts
 	/kopano/"$SERVICE_TO_START".py
 fi
 # ensure removed pid-file on unclean shutdowns and mounted volumes
 rm -f /var/run/kopano/"$SERVICE_TO_START".pid
 coreversion=$(dpkg-query --showformat='${Version}' --show kopano-server)
 echo "Using Kopano Groupware Core: $coreversion"
@ -67,7 +71,7 @@ if [ $# -gt 0 ]; then
 fi
 # services need to be aware of the machine-id
-if [[ "$DISABLE_CHECKS" == false  ]]; then
+if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
 	dockerize \
 		-wait file:///etc/machine-id \
 		-wait file:///var/lib/dbus/machine-id
@ -119,78 +123,88 @@ fi
 # start regular service
 case "$SERVICE_TO_START" in
 server)
-	echo "Set ownership" | ts
+	if [ "${AUTOCONFIGURE}" == true ]; then
-	mkdir -p /kopano/data/attachments
+		echo "Set ownership" | ts
-	chown kopano:kopano /kopano/data/ /kopano/data/attachments
+		mkdir -p /kopano/data/attachments
 		chown kopano:kopano /kopano/data/ /kopano/data/attachments
-	if [[ "$DISABLE_CHECKS" == false ]]; then
+		if [[ "$DISABLE_CHECKS" == false ]]; then
-		# determine db connection mode (unix vs. network socket)
+			# determine db connection mode (unix vs. network socket)
-		if [ -n "$KCCONF_SERVER_MYSQL_SOCKET" ]; then
+			if [ -n "$KCCONF_SERVER_MYSQL_SOCKET" ]; then
-			DB_CON="file://$KCCONF_SERVER_MYSQL_SOCKET"
+				DB_CON="file://$KCCONF_SERVER_MYSQL_SOCKET"
-		else
+			else
-			DB_CON="tcp://$KCCONF_SERVER_MYSQL_HOST:$KCCONF_SERVER_MYSQL_PORT"
+				DB_CON="tcp://$KCCONF_SERVER_MYSQL_HOST:$KCCONF_SERVER_MYSQL_PORT"
 			fi
 			dockerize \
 				-wait file://"$KCCONF_SERVER_SERVER_SSL_CA_FILE" \
 				-wait file://"$KCCONF_SERVER_SERVER_SSL_KEY_FILE" \
 				-wait "$DB_CON" \
 				-timeout 360s
 		fi
 		# pre populate database
 		if dpkg --compare-versions "$coreversion" "gt" "8.7.84"; then
 			kopano-dbadm -c "$KOPANO_CONFIG_PATH/server.cfg" populate
 		fi
 		dockerize \
 			-wait file://"$KCCONF_SERVER_SERVER_SSL_CA_FILE" \
 			-wait file://"$KCCONF_SERVER_SERVER_SSL_KEY_FILE" \
 			-wait "$DB_CON" \
 			-timeout 360s
 	fi
 	# pre populate database
 	if dpkg --compare-versions "$coreversion" "gt" "8.7.84"; then
 		kopano-dbadm -c /tmp/kopano/server.cfg populate
 	fi
 	# cleaning up env variables
 	unset "${!KCCONF_@}"
 	exec "$EXE" -F
 	;;
 dagent)
-	dockerize \
+	if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
-		-wait "$KOPANO_CON" \
+		dockerize \
-		-timeout 360s
+			-wait "$KOPANO_CON" \
 			-timeout 360s
 	fi
 	# cleaning up env variables
 	unset "${!KCCONF_@}"
 	exec "$EXE" -l
 	;;
 gateway)
-	dockerize \
+	if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
-		-wait "$KOPANO_CON" \
+		dockerize \
-		-timeout 360s
+			-wait "$KOPANO_CON" \
 			-timeout 360s
 	fi
 	# cleaning up env variables
 	unset "${!KCCONF_@}"
 	exec "$EXE" -F
 	;;
 ical)
-	dockerize \
+	if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
-		-wait "$KOPANO_CON" \
+		dockerize \
-		-timeout 360s
+			-wait "$KOPANO_CON" \
 			-timeout 360s
 	fi
 	# cleaning up env variables
 	unset "${!KCCONF_@}"
 	exec "$EXE" -F
 	;;
 grapi)
-	LC_CTYPE=en_US.UTF-8
+	if [ "${AUTOCONFIGURE}" == true ]; then
-	export socket_path=/var/run/kopano/grapi
+		LC_CTYPE=en_US.UTF-8
-	export pid_file="$socket_path/grapi.pid"
+		export socket_path=/var/run/kopano/grapi
-	mkdir -p "$socket_path" /var/lib/kopano-grapi
+		export pid_file="$socket_path/grapi.pid"
-	chown -R kapi:kopano "$socket_path"
+		mkdir -p "$socket_path" /var/lib/kopano-grapi
-	chown kapi:kopano /var/lib/kopano-grapi
+		chown -R kapi:kopano "$socket_path"
-	# TODO there could be a case where multiple backends are desired
+		chown kapi:kopano /var/lib/kopano-grapi
-	case $GRAPI_BACKEND in
+		# TODO there could be a case where multiple backends are desired
-	ldap)
+		case $GRAPI_BACKEND in
-		[ -n "$KCCONF_GRAPI_LDAP_URI" ] && export LDAP_URI="${KCCONF_GRAPI_LDAP_URI}"
+		ldap)
-		[ -n "$KCCONF_GRAPI_LDAP_BASEDN" ] && export LDAP_BASEDN="${KCCONF_GRAPI_LDAP_BASEDN}"
+			[ -n "$KCCONF_GRAPI_LDAP_URI" ] && export LDAP_URI="${KCCONF_GRAPI_LDAP_URI}"
-		[ -n "$KCCONF_GRAPI_LDAP_BINDDN" ] && export LDAP_BINDDN="${KCCONF_GRAPI_LDAP_BINDDN}"
+			[ -n "$KCCONF_GRAPI_LDAP_BASEDN" ] && export LDAP_BASEDN="${KCCONF_GRAPI_LDAP_BASEDN}"
-		if [ -n "$KCCONF_GRAPI_LDAP_BINDPW_FILE" ]; then
+			[ -n "$KCCONF_GRAPI_LDAP_BINDDN" ] && export LDAP_BINDDN="${KCCONF_GRAPI_LDAP_BINDDN}"
-			bindpw="$(cat "${KCCONF_GRAPI_LDAP_BINDPW_FILE}")"
+			if [ -n "$KCCONF_GRAPI_LDAP_BINDPW_FILE" ]; then
-			export LDAP_BINDPW="${bindpw}"
+				bindpw="$(cat "${KCCONF_GRAPI_LDAP_BINDPW_FILE}")"
-		fi
+				export LDAP_BINDPW="${bindpw}"
-		;;
+			fi
-	esac
+			;;
-	sed s/\ *=\ */=/g /tmp/kopano/grapi.cfg > /tmp/grapi-env
+		esac
-	# shellcheck disable=SC2046
+		sed s/\ *=\ */=/g "$KOPANO_CONFIG_PATH/grapi.cfg" > /tmp/grapi-env
-	export $(grep -v '^#' /tmp/grapi-env | xargs -d '\n')
+		# shellcheck disable=SC2046
 		export $(grep -v '^#' /tmp/grapi-env | xargs -d '\n')
 	fi
 	# cleaning up env variables
 	unset "${!KCCONF_@}"
 	# the backend option is only available in more recent versions of grapi
@ -203,65 +217,75 @@ grapi)
 	fi
 	;;
 kapi)
-	mkdir -p /kopano/data/kapi-kvs
+	if [ "${AUTOCONFIGURE}" == true ]; then
-	if [ "$KCCONF_KAPID_INSECURE" = "yes" ]; then
+		mkdir -p /kopano/data/kapi-kvs
-		dockerize \
+		if [ "$KCCONF_KAPID_INSECURE" = "yes" ]; then
-		-skip-tls-verify \
+			dockerize \
-		-wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \
+			-skip-tls-verify \
-		-timeout 360s
+			-wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \
-	else
+			-timeout 360s
-		dockerize \
+		else
-		-wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \
+			dockerize \
-		-timeout 360s
+			-wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \
 			-timeout 360s
 		fi
 		LC_CTYPE=en_US.UTF-8
 		sed s/\ *=\ */=/g "$KOPANO_CONFIG_PATH/kapid.cfg" > /tmp/kapid-env
 		# shellcheck disable=SC2046
 		export $(grep -v '^#' /tmp/kapid-env | xargs -d '\n')
 		"$EXE" setup
 	fi
 	kapiversion=$(dpkg-query --showformat='${Version}' --show kopano-kapid)
 	echo "Using Kopano Kapi: $kapiversion"
 	LC_CTYPE=en_US.UTF-8
 	sed s/\ *=\ */=/g /tmp/kopano/kapid.cfg > /tmp/kapid-env
 	# shellcheck disable=SC2046
 	export $(grep -v '^#' /tmp/kapid-env | xargs -d '\n')
 	"$EXE" setup
 	# cleaning up env variables
 	unset "${!KCCONF_@}"
 	kapiversion=$(dpkg-query --showformat='${Version}' --show kopano-kapid)
 	echo "Using Kopano Kapi: $kapiversion"
 	exec "$EXE" serve --log-timestamp=false
 	;;
 monitor)
-	dockerize \
+	if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
-		-wait "$KOPANO_CON" \
+		dockerize \
-		-timeout 360s
+			-wait "$KOPANO_CON" \
 			-timeout 360s
 	fi
 	# cleaning up env variables
 	unset "${!KCCONF_@}"
 	exec "$EXE" -F
 	;;
 search)
-	dockerize \
+	if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
-		-wait "$KOPANO_CON" \
+		dockerize \
-		-timeout 360s
+			-wait "$KOPANO_CON" \
-	# give kopano-server a moment to settler before starting search
+			-timeout 360s
-	sleep 5
+		# give kopano-server a moment to settler before starting search
 		sleep 5
 	fi
 	# cleaning up env variables
 	unset "${!KCCONF_@}"
 	# with commit 702bb3fccb3 search does not need -F any longer
 	searchversion=$(dpkg-query --showformat='${Version}' --show kopano-search)
 	if dpkg --compare-versions "$searchversion" "gt" "8.7.82.165"; then
-		exec "$EXE" --config /tmp/kopano/search.cfg
+		exec "$EXE" --config "$KOPANO_CONFIG_PATH/search.cfg"
 	else
-		exec /usr/bin/python3 "$EXE" --config /tmp/kopano/search.cfg -F
+		exec /usr/bin/python3 "$EXE" --config "$KOPANO_CONFIG_PATH/search.cfg" -F
 	fi
 	;;
 spamd)
-	dockerize \
+	if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
-		-wait "$KOPANO_CON" \
+		dockerize \
-		-timeout 360s
+			-wait "$KOPANO_CON" \
 			-timeout 360s
 	fi
 	# cleaning up env variables
 	unset "${!KCCONF_@}"
-	exec "$EXE" --config /tmp/kopano/spamd.cfg -F
+	exec "$EXE" --config "$KOPANO_CONFIG_PATH/spamd.cfg" -F
 	;;
 spooler)
-	dockerize \
+	if [ "${AUTOCONFIGURE}" == true ] && [ "$DISABLE_CHECKS" == false ]; then
-		-wait "$KOPANO_CON" \
+		dockerize \
-		-wait tcp://"$KCCONF_SPOOLER_SMTP_SERVER":"$KCCONF_SPOOLER_SMTP_PORT" \
+			-wait "$KOPANO_CON" \
-		-timeout 1080s
+			-wait tcp://"$KCCONF_SPOOLER_SMTP_SERVER":"$KCCONF_SPOOLER_SMTP_PORT" \
 			-timeout 1080s
 	fi
 	# cleaning up env variables
 	unset "${!KCCONF_@}"
 	exec "$EXE" -F
--- a/kapps/start-service.sh
+++ b/kapps/start-service.sh
@ -1,16 +1,19 @@
 #!/bin/bash
 ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
 AUTOCONFIGURE=${AUTOCONFIGURE:-true} # when set to false will disable all automatic configuration actions
 set -eu # unset variables are errors & non-zero return values exit the whole script
 [ "$DEBUG" ] && set -x
-# copy configuration files to /tmp/kopano to prevent modification of mounted config files
+if [ "${AUTOCONFIGURE}" == true ]; then
-mkdir -p /tmp/kopano
+	# copy configuration files to /tmp/kopano to prevent modification of mounted config files
-cp /etc/kopano/*.cfg /tmp/kopano
+	mkdir -p /tmp/kopano
 	cp /etc/kopano/*.cfg /tmp/kopano
-echo "Applying cfg changes from env"
+	echo "Applying cfg changes from env"
-/usr/bin/python3 /kopano/cfg-from-env.py
+	/usr/bin/python3 /kopano/cfg-from-env.py
 fi
 meetversion=$(dpkg-query --showformat='${Version}' --show kopano-calendar-webapp)
 echo "Using Kopano Calendar: $meetversion"
@ -21,58 +24,60 @@ if [ $# -gt 0 ]; then
 	exit
 fi
-cp /usr/share/doc/kopano-calendar-webapp/config.json.in /tmp/calendar.json
+if [ "${AUTOCONFIGURE}" == true ]; then
-CONFIG_JSON="/tmp/calendar.json"
+	cp /usr/share/doc/kopano-calendar-webapp/config.json.in /tmp/calendar.json
-# TODO move into extra file to make it easier to reuse
+	CONFIG_JSON="/tmp/calendar.json"
-echo "Updating $CONFIG_JSON"
+	# TODO move into extra file to make it easier to reuse
-for setting in $(compgen -A variable KCCONF_CALENDAR); do
+	echo "Updating $CONFIG_JSON"
-	setting2=${setting#KCCONF_CALENDAR_}
+	for setting in $(compgen -A variable KCCONF_CALENDAR); do
-	# dots in setting2 need to be escaped to not be handled as separate entities in the json file
+		setting2=${setting#KCCONF_CALENDAR_}
-	case ${!setting} in
+		# dots in setting2 need to be escaped to not be handled as separate entities in the json file
-		true|TRUE|false|FALSE|[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9])
+		case ${!setting} in
-			jq ".\"${setting2//_/\".\"}\" = ${!setting}" $CONFIG_JSON | sponge $CONFIG_JSON
+			true|TRUE|false|FALSE|[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9])
-			;;
+				jq ".\"${setting2//_/\".\"}\" = ${!setting}" $CONFIG_JSON | sponge $CONFIG_JSON
-		*)
+				;;
-			jq ".\"${setting2//_/\".\"}\" = \"${!setting}\"" $CONFIG_JSON | sponge $CONFIG_JSON
+			*)
-			;;
+				jq ".\"${setting2//_/\".\"}\" = \"${!setting}\"" $CONFIG_JSON | sponge $CONFIG_JSON
-		esac
+				;;
-done
+			esac
 	done
-# Populate app grid
+	# Populate app grid
-# TODO move into extra file to make it easier to reuse
+	# TODO move into extra file to make it easier to reuse
-# Note: if all of below variables are set to "no" kpop will fall back to its default behaviour and show all known apps.
+	# Note: if all of below variables are set to "no" kpop will fall back to its default behaviour and show all known apps.
-# enable Kopano Konnect in the app grid
+	# enable Kopano Konnect in the app grid
-if [ "${GRID_KONNECT:-yes}" = "yes" ]; then
+	if [ "${GRID_KONNECT:-yes}" = "yes" ]; then
-	jq '.apps.enabled += ["kopano-konnect"]' $CONFIG_JSON | sponge $CONFIG_JSON
+		jq '.apps.enabled += ["kopano-konnect"]' $CONFIG_JSON | sponge $CONFIG_JSON
 	fi
 	# enable Kopano Meet in the app grid
 	if [ "${GRID_MEET:-yes}" = "yes" ]; then
 		jq '.apps.enabled += ["kopano-meet"]' $CONFIG_JSON | sponge $CONFIG_JSON
 	fi
 	# enable Kopano WebApp in the app grid
 	if [ "${GRID_WEBAPP:-yes}" = "yes" ]; then
 		jq '.apps.enabled += ["kopano-webapp"]' $CONFIG_JSON | sponge $CONFIG_JSON
 	fi
 	# enable Kopano WebApp in the app grid
 	if [ "${GRID_CALENDAR:-yes}" = "yes" ]; then
 		jq '.apps.enabled += ["kopano-calendar"]' $CONFIG_JSON | sponge $CONFIG_JSON
 	fi
 	sed s/\ *=\ */=/g /tmp/kopano/kwebd.cfg > /tmp/kweb-env
 	# always disable tls
 	export tls=no
 	# shellcheck disable=SC2046
 	export $(grep -v '^#' /tmp/kweb-env | xargs -d '\n')
 	# services need to be aware of the machine-id
 	dockerize \
 		-wait file:///etc/machine-id \
 		-wait file:///var/lib/dbus/machine-id
 fi
 # enable Kopano Meet in the app grid
 if [ "${GRID_MEET:-yes}" = "yes" ]; then
 	jq '.apps.enabled += ["kopano-meet"]' $CONFIG_JSON | sponge $CONFIG_JSON
 fi
 # enable Kopano WebApp in the app grid
 if [ "${GRID_WEBAPP:-yes}" = "yes" ]; then
 	jq '.apps.enabled += ["kopano-webapp"]' $CONFIG_JSON | sponge $CONFIG_JSON
 fi
 # enable Kopano WebApp in the app grid
 if [ "${GRID_CALENDAR:-yes}" = "yes" ]; then
 	jq '.apps.enabled += ["kopano-calendar"]' $CONFIG_JSON | sponge $CONFIG_JSON
 fi
 sed s/\ *=\ */=/g /tmp/kopano/kwebd.cfg > /tmp/kweb-env
 # always disable tls
 export tls=no
 # shellcheck disable=SC2046
 export $(grep -v '^#' /tmp/kweb-env | xargs -d '\n')
 # services need to be aware of the machine-id
 dockerize \
 	-wait file:///etc/machine-id \
 	-wait file:///var/lib/dbus/machine-id
 # cleaning up env variables
 unset "${!KCCONF_@}"
 exec kopano-kwebd serve
--- a/kdav/start.sh
+++ b/kdav/start.sh
@ -1,57 +1,61 @@
 #!/bin/bash
 ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
 AUTOCONFIGURE=${AUTOCONFIGURE:-true} # when set to false will disable all automatic configuration actions
 # define default value for serverhostname and serverport if not passed into container
 KCCONF_SERVERHOSTNAME=${KCCONF_SERVERHOSTNAME:-127.0.0.1}
 KCCONF_SERVERPORT=${KCCONF_SERVERPORT:-236}
 ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
 set -eu # unset variables are errors & non-zero return values exit the whole script
 [ "$DEBUG" ] && set -x
-# Hint: this is not compatible with a read-only container.
+if [ "${AUTOCONFIGURE}" == true ]; then
-# The general recommendation is to already build a container that has all required packages installed.
+	# Hint: this is not compatible with a read-only container.
-ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
+	# The general recommendation is to already build a container that has all required packages installed.
-if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
+	ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
-	[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
+	if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
-	[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
+		[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
-		# shellcheck disable=SC2016 disable=SC2086
+		[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
-		if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
+			# shellcheck disable=SC2016 disable=SC2086
-			apt --assume-yes --no-upgrade install "$installpkg"
+			if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
-		fi
+				apt --assume-yes --no-upgrade install "$installpkg"
-	done
+			fi
-else
+		done
-	echo "Notice: Container is run read-only, skipping package installation."
+	else
-	echo "If you want to have additional packages installed in the container either:"
+		echo "Notice: Container is run read-only, skipping package installation."
-	echo "- build your own image with the packages already included"
+		echo "If you want to have additional packages installed in the container either:"
-	echo "- switch the container to 'read_only: false'"
+		echo "- build your own image with the packages already included"
 		echo "- switch the container to 'read_only: false'"
 	fi
 	echo "Ensure directories"
 	mkdir -p /run/sessions
 	CONFIG_PHP=/tmp/config.php
 	# copy latest config template. This should be the mount point for preexisting config files.
 	cp /usr/share/kdav/config.php.dist $CONFIG_PHP
 	if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
 		echo "kDAV is using the default: connection"
 	else
 		echo "kDAV is using an ip connection"
 		sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \
 			-i $CONFIG_PHP
 	fi
 	# change root uri to /kdav
 	sed -e "s#define('DAV_ROOT_URI', '/');#define('DAV_ROOT_URI', '/kdav/');#" -i $CONFIG_PHP
 	echo "Ensure config ownership"
 	chown -R www-data:www-data /run/sessions
 	# services need to be aware of the machine-id
 	#dockerize \
 	#	-wait file:///etc/machine-id \
 	#	-wait file:///var/lib/dbus/machine-id
 fi
 echo "Ensure directories"
 mkdir -p /run/sessions
 CONFIG_PHP=/tmp/config.php
 # copy latest config template. This should be the mount point for preexisting config files.
 cp /usr/share/kdav/config.php.dist $CONFIG_PHP
 if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
 	echo "kDAV is using the default: connection"
 else
 	echo "kDAV is using an ip connection"
 	sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \
 		-i $CONFIG_PHP
 fi
 # change root uri to /kdav
 sed -e "s#define('DAV_ROOT_URI', '/');#define('DAV_ROOT_URI', '/kdav/');#" -i $CONFIG_PHP
 echo "Ensure config ownership"
 chown -R www-data:www-data /run/sessions
 # services need to be aware of the machine-id
 #dockerize \
 #	-wait file:///etc/machine-id \
 #	-wait file:///var/lib/dbus/machine-id
 touch /var/log/kdav/kdav.log
 chown www-data:www-data /var/log/kdav/kdav.log
 tail --pid=$$ -F --lines=0 -q /var/log/kdav/kdav.log &
--- a/konnect/Dockerfile
+++ b/konnect/Dockerfile
@ -1,6 +1,6 @@
 ARG CODE_VERSION=0.33.5
-FROM golang:1.13.5-alpine3.10 as builder-sponge
+FROM golang:1.15-alpine3.12 as builder-sponge
 RUN apk add --no-cache git
 RUN go get -d -v github.com/go-moreutils/sponge
@ -10,7 +10,9 @@ FROM kopano/konnectd:${CODE_VERSION}
 ARG CODE_VERSION
-ENV CODE_VERSION="${CODE_VERSION}" \
+ENV \
    AUTOCONFIGURE=true \
    CODE_VERSION="${CODE_VERSION}" \
    DEBUG="" \
    FQDN=localhost \
    KONNECT_BACKEND="kc" \
--- a/konnect/wrapper.sh
+++ b/konnect/wrapper.sh
@ -11,105 +11,107 @@ if [ $# -gt 0 ]; then
 	exit
 fi
-signing_private_key=${signing_private_key:-"/etc/kopano/konnectd-signing-private-key.pem"}
+if [ "${AUTOCONFIGURE}" = true ]; then
-validation_keys_path=${validation_keys_path:-"/etc/kopano/konnectkeys"}
+	signing_private_key=${signing_private_key:-"/etc/kopano/konnectd-signing-private-key.pem"}
 	validation_keys_path=${validation_keys_path:-"/etc/kopano/konnectkeys"}
-if ! true >> "$signing_private_key"; then
+	if ! true >> "$signing_private_key"; then
-	# file can not be created in this container, wait for external creation
+		# file can not be created in this container, wait for external creation
-	dockerize \
+		dockerize \
-		-wait file://"$signing_private_key" \
+			-wait file://"$signing_private_key" \
-		-timeout "$DOCKERIZE_TIMEOUT"
+			-timeout "$DOCKERIZE_TIMEOUT"
 fi
 if [ -f "${signing_private_key}" ] && [ ! -s "${signing_private_key}" ]; then
 	mkdir -p "${validation_keys_path}"
 	rnd=$(RANDFILE=/tmp/.rnd openssl rand -hex 2)
 	key="${validation_keys_path}/konnect-$(date +%Y%m%d)-${rnd}.pem"
 	>&2	echo "setup: creating new RSA private key at ${key} ..."
 	RANDFILE=/tmp/.rnd openssl genpkey -algorithm RSA -out "${key}" -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:65537
 	if [ -f "${key}" ]; then
 		rm "$signing_private_key"
 		ln -sn "${key}" "${signing_private_key}"
 	fi
 fi
-encryption_secret_key=${encryption_secret_key:-"/etc/kopano/konnectd-encryption-secret.key"}
+	if [ -f "${signing_private_key}" ] && [ ! -s "${signing_private_key}" ]; then
-if ! true >> "$encryption_secret_key"; then
+		mkdir -p "${validation_keys_path}"
-	# file can not be created in this container, wait for external creation
+		rnd=$(RANDFILE=/tmp/.rnd openssl rand -hex 2)
-	dockerize \
+		key="${validation_keys_path}/konnect-$(date +%Y%m%d)-${rnd}.pem"
-		-wait file://"$encryption_secret_key" \
+		>&2	echo "setup: creating new RSA private key at ${key} ..."
-		-timeout "$DOCKERIZE_TIMEOUT"
+		RANDFILE=/tmp/.rnd openssl genpkey -algorithm RSA -out "${key}" -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_keygen_pubexp:65537
-fi
+		if [ -f "${key}" ]; then
-
+			rm "$signing_private_key"
-if [ -f "${encryption_secret_key}" ] && [ ! -s "${encryption_secret_key}" ]; then
+			ln -sn "${key}" "${signing_private_key}"
 	>&2	echo "setup: creating new secret key at ${encryption_secret_key} ..."
 	RANDFILE=/tmp/.rnd openssl rand -out "${encryption_secret_key}" 32
 fi
 CONFIG_JSON=/tmp/konnectd-identifier-registration.yaml
 if [ "${allow_client_guests:-}" = "yes" ]; then
 	# Create working copy by merging packaged example in /etc/kopano with passed registration conf
 	yq -y -s '.[0] + .[1]' /etc/kopano/konnectd-identifier-registration.yaml "${identifier_registration_conf:?}" | sponge "$CONFIG_JSON"
 	# only modify identifier registration if it does not already contain the right settings
 	if ! yq .clients[].id /kopano/ssl/konnectd-identifier-registration.yaml | grep -q "kpop-https://${FQDN%/*}/meet/"; then
 		# TODO this could be simplified so that ecparam and eckey are only required if there is no jwk-meet.json yet
 		ecparam=${ecparam:-/etc/kopano/ecparam.pem}
 		if ! true >> "$ecparam"; then
 			# ecparam can not be created in this container, wait for external creation
 			dockerize \
 				-wait file://"$ecparam" \
 				-timeout "$DOCKERIZE_TIMEOUT"
 		fi
 		eckey=${eckey:-/etc/kopano/meet-kwmserver.pem}
 		if ! true >> "$eckey"; then
 			# eckey can not be created in this container, wait for external creation
 			dockerize \
 				-wait file://"$eckey" \
 				-timeout "$DOCKERIZE_TIMEOUT"
 		fi
 		# Key generation for Meet guest mode
 		if [ ! -s "$ecparam" ]; then
 			echo "Creating ec param key for Meet guest mode ..."
 			openssl ecparam -name prime256v1 -genkey -noout -out "$ecparam" >/dev/null 2>&1
 		fi
 		if [ ! -s "$eckey" ]; then
 			echo "Creating ec private key for Meet guest mode..."
 			openssl ec -in "$ecparam" -out "$eckey" >/dev/null 2>&1
 		fi
 		echo "Entrypoint: Patching identifier registration for use of the Meet guest mode"
 		"$EXE" utils jwk-from-pem --use sig "$eckey" > /tmp/jwk-meet.json
 		#yq -y ".clients += [{\"id\": \"grapi-explorer.js\", \"name\": \"Grapi Explorer\", \"application_type\": \"web\", \"trusted\": true, \"insecure\": true, \"redirect_uris\": [\"http://$FQDNCLEANED:3000/\"]}]" $CONFIG_JSON | sponge $CONFIG_JSON
 		yq -y ".clients += [{\"id\": \"kpop-https://${FQDN%/*}/meet/\", \"name\": \"Kopano Meet\", \"application_type\": \"web\", \"trusted\": true, \"redirect_uris\": [\"https://${FQDN%/*}/meet/\"], \"trusted_scopes\": [\"konnect/guestok\", \"kopano/kwm\"], \"jwks\": {\"keys\": [{\"kty\": $(jq .kty /tmp/jwk-meet.json), \"use\": $(jq .use /tmp/jwk-meet.json), \"crv\": $(jq .crv /tmp/jwk-meet.json), \"d\": $(jq .d /tmp/jwk-meet.json), \"kid\": $(jq .kid /tmp/jwk-meet.json), \"x\": $(jq .x /tmp/jwk-meet.json), \"y\": $(jq .y /tmp/jwk-meet.json)}]},\"request_object_signing_alg\": \"ES256\"}]" $CONFIG_JSON >> /tmp/guest-mode.yml
 		yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/guest-mode.yml | sponge "$identifier_registration_conf"
 	else
 		echo "Entrypoint: Skipping guest mode configuration, as it is already configured."
 	fi
 fi
-if [ "${external_oidc_provider:-}" = "yes" ]; then
+	encryption_secret_key=${encryption_secret_key:-"/etc/kopano/konnectd-encryption-secret.key"}
-	# Create working copy by merging packaged example in /etc/kopano with passed registration conf
+	if ! true >> "$encryption_secret_key"; then
-	yq -y -s '.[0] + .[1]' /etc/kopano/konnectd-identifier-registration.yaml "${identifier_registration_conf:?}" | sponge "$CONFIG_JSON"
+		# file can not be created in this container, wait for external creation
 		dockerize \
 			-wait file://"$encryption_secret_key" \
 			-timeout "$DOCKERIZE_TIMEOUT"
 	fi
-	echo "Patching identifier registration for external OIDC provider"
+	if [ -f "${encryption_secret_key}" ] && [ ! -s "${encryption_secret_key}" ]; then
-	echo "authorities: [{name: ${external_oidc_name:-}, default: yes, iss: ${external_oidc_url:-}, client_id: ${external_oidc_clientid:-}, client_secret: ${external_oidc_clientsecret:-}, authority_type: oidc, response_type: id_token, scopes: [openid, profile, email], trusted: yes, end_session_enabled: true}]" >> /tmp/authority.yml
+		>&2	echo "setup: creating new secret key at ${encryption_secret_key} ..."
-	yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/authority.yml | sponge "$identifier_registration_conf"
+		RANDFILE=/tmp/.rnd openssl rand -out "${encryption_secret_key}" 32
 	fi
-	echo "Checking if external OIDC provider is reachable"
+	CONFIG_JSON=/tmp/konnectd-identifier-registration.yaml
 	dockerize \
 		-wait "$external_oidc_url"/.well-known/openid-configuration \
 		-timeout "$DOCKERIZE_TIMEOUT"
-	reported_issuer=$(curl -s "$external_oidc_url/.well-known/openid-configuration" | jq -r .issuer)
+	if [ "${allow_client_guests:-}" = "yes" ]; then
-	if [ -n "${external_oidc_url##$reported_issuer}" ] ;then
+		# Create working copy by merging packaged example in /etc/kopano with passed registration conf
-		echo "Error: The Issuer does not match the configured url"
+		yq -y -s '.[0] + .[1]' /etc/kopano/konnectd-identifier-registration.yaml "${identifier_registration_conf:?}" | sponge "$CONFIG_JSON"
-		exit 1
+
 		# only modify identifier registration if it does not already contain the right settings
 		if ! yq .clients[].id /kopano/ssl/konnectd-identifier-registration.yaml | grep -q "kpop-https://${FQDN%/*}/meet/"; then
 			# TODO this could be simplified so that ecparam and eckey are only required if there is no jwk-meet.json yet
 			ecparam=${ecparam:-/etc/kopano/ecparam.pem}
 			if ! true >> "$ecparam"; then
 				# ecparam can not be created in this container, wait for external creation
 				dockerize \
 					-wait file://"$ecparam" \
 					-timeout "$DOCKERIZE_TIMEOUT"
 			fi
 			eckey=${eckey:-/etc/kopano/meet-kwmserver.pem}
 			if ! true >> "$eckey"; then
 				# eckey can not be created in this container, wait for external creation
 				dockerize \
 					-wait file://"$eckey" \
 					-timeout "$DOCKERIZE_TIMEOUT"
 			fi
 			# Key generation for Meet guest mode
 			if [ ! -s "$ecparam" ]; then
 				echo "Creating ec param key for Meet guest mode ..."
 				openssl ecparam -name prime256v1 -genkey -noout -out "$ecparam" >/dev/null 2>&1
 			fi
 			if [ ! -s "$eckey" ]; then
 				echo "Creating ec private key for Meet guest mode..."
 				openssl ec -in "$ecparam" -out "$eckey" >/dev/null 2>&1
 			fi
 			echo "Entrypoint: Patching identifier registration for use of the Meet guest mode"
 			"$EXE" utils jwk-from-pem --use sig "$eckey" > /tmp/jwk-meet.json
 			#yq -y ".clients += [{\"id\": \"grapi-explorer.js\", \"name\": \"Grapi Explorer\", \"application_type\": \"web\", \"trusted\": true, \"insecure\": true, \"redirect_uris\": [\"http://$FQDNCLEANED:3000/\"]}]" $CONFIG_JSON | sponge $CONFIG_JSON
 			yq -y ".clients += [{\"id\": \"kpop-https://${FQDN%/*}/meet/\", \"name\": \"Kopano Meet\", \"application_type\": \"web\", \"trusted\": true, \"redirect_uris\": [\"https://${FQDN%/*}/meet/\"], \"trusted_scopes\": [\"konnect/guestok\", \"kopano/kwm\"], \"jwks\": {\"keys\": [{\"kty\": $(jq .kty /tmp/jwk-meet.json), \"use\": $(jq .use /tmp/jwk-meet.json), \"crv\": $(jq .crv /tmp/jwk-meet.json), \"d\": $(jq .d /tmp/jwk-meet.json), \"kid\": $(jq .kid /tmp/jwk-meet.json), \"x\": $(jq .x /tmp/jwk-meet.json), \"y\": $(jq .y /tmp/jwk-meet.json)}]},\"request_object_signing_alg\": \"ES256\"}]" $CONFIG_JSON >> /tmp/guest-mode.yml
 			yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/guest-mode.yml | sponge "$identifier_registration_conf"
 		else
 			echo "Entrypoint: Skipping guest mode configuration, as it is already configured."
 		fi
 	fi
 	if [ "${external_oidc_provider:-}" = "yes" ]; then
 		# Create working copy by merging packaged example in /etc/kopano with passed registration conf
 		yq -y -s '.[0] + .[1]' /etc/kopano/konnectd-identifier-registration.yaml "${identifier_registration_conf:?}" | sponge "$CONFIG_JSON"
 		echo "Patching identifier registration for external OIDC provider"
 		echo "authorities: [{name: ${external_oidc_name:-}, default: yes, iss: ${external_oidc_url:-}, client_id: ${external_oidc_clientid:-}, client_secret: ${external_oidc_clientsecret:-}, authority_type: oidc, response_type: id_token, scopes: [openid, profile, email], trusted: yes, end_session_enabled: true}]" >> /tmp/authority.yml
 		yq -y -s '.[0] + .[1]' $CONFIG_JSON /tmp/authority.yml | sponge "$identifier_registration_conf"
 		echo "Checking if external OIDC provider is reachable"
 		dockerize \
 			-wait "$external_oidc_url"/.well-known/openid-configuration \
 			-timeout "$DOCKERIZE_TIMEOUT"
 		reported_issuer=$(curl -s "$external_oidc_url/.well-known/openid-configuration" | jq -r .issuer)
 		if [ -n "${external_oidc_url##$reported_issuer}" ] ;then
 			echo "Error: The Issuer does not match the configured url"
 			exit 1
 		fi
 	fi
 fi
--- a/kwmbridge/Dockerfile
+++ b/kwmbridge/Dockerfile
@ -2,7 +2,9 @@ ARG CODE_VERSION=0.1.0
 FROM kopano/kwmbridged:${CODE_VERSION}
 ARG CODE_VERSION
-ENV CODE_VERSION="${CODE_VERSION}"
+ENV \
    AUTOCONFIGURE=true \
    CODE_VERSION="${CODE_VERSION}"
 LABEL maintainer=az@zok.xyz \
    org.label-schema.name="Kopano Kwmbridge container" \
--- a/kwmbridge/wrapper.sh
+++ b/kwmbridge/wrapper.sh
@ -45,21 +45,23 @@ if [ "$INSECURE" = "yes" ]; then
 	set -- "$@" --insecure
 fi
-if [ "$INSECURE" = "yes" ]; then
+if [ "${AUTOCONFIGURE}" = true ]; then
-	dockerize \
+	if [ "$INSECURE" = "yes" ]; then
-	-skip-tls-verify \
+		dockerize \
-	-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
+		-skip-tls-verify \
-	-timeout 360s
+		-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
-else
+		-timeout 360s
-	dockerize \
+	else
-	-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
+		dockerize \
-	-timeout 360s
+		-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
-fi
+		-timeout 360s
 	fi
-# services need to be aware of the machine-id
+	# services need to be aware of the machine-id
-dockerize \
+	dockerize \
-	-wait file:///etc/machine-id \
+		-wait file:///etc/machine-id \
-	-wait file:///var/lib/dbus/machine-id
+		-wait file:///var/lib/dbus/machine-id
 fi
 exec kwmbridged serve \
 	"$@"
--- a/kwmserver/Dockerfile
+++ b/kwmserver/Dockerfile
@ -2,7 +2,9 @@ ARG CODE_VERSION=1.2.0
 FROM kopano/kwmserverd:${CODE_VERSION}
 ARG CODE_VERSION
-ENV CODE_VERSION="${CODE_VERSION}"
+ENV \
    AUTOCONFIGURE=true \
    CODE_VERSION="${CODE_VERSION}"
 LABEL maintainer=az@zok.xyz \
    org.label-schema.name="Kopano Kwmserver container" \
--- a/kwmserver/wrapper.sh
+++ b/kwmserver/wrapper.sh
@ -68,21 +68,23 @@ if [ -n "${public_guest_access_regexp:-}" ]; then
 	set -- "$@" --public-guest-access-regexp="$public_guest_access_regexp"
 fi
-if [ "$INSECURE" = "yes" ]; then
+if [ "${AUTOCONFIGURE}" = true ]; then
-	dockerize \
+	if [ "$INSECURE" = "yes" ]; then
-	-skip-tls-verify \
+		dockerize \
-	-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
+		-skip-tls-verify \
-	-timeout 360s
+		-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
-else
+		-timeout 360s
-	dockerize \
+	else
-	-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
+		dockerize \
-	-timeout 360s
+		-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
-fi
+		-timeout 360s
 	fi
-# services need to be aware of the machine-id
+	# services need to be aware of the machine-id
-dockerize \
+	dockerize \
-	-wait file:///etc/machine-id \
+		-wait file:///etc/machine-id \
-	-wait file:///var/lib/dbus/machine-id
+		-wait file:///var/lib/dbus/machine-id
 fi
 registration_conf=${registration_conf:-/etc/kopano/kwmserverd-registration.yaml}
--- a/meet/start-service.sh
+++ b/meet/start-service.sh
@ -5,12 +5,14 @@ ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
 set -eu # unset variables are errors & non-zero return values exit the whole script
 [ "$DEBUG" ] && set -x
-# copy configuration files to /tmp/kopano to prevent modification of mounted config files
+if [ "${AUTOCONFIGURE}" == true ]; then
-mkdir -p /tmp/kopano
+	# copy configuration files to /tmp/kopano to prevent modification of mounted config files
-cp /etc/kopano/*.cfg /tmp/kopano
+	mkdir -p /tmp/kopano
 	cp /etc/kopano/*.cfg /tmp/kopano
-echo "Applying cfg changes from env"
+	echo "Applying cfg changes from env"
-/usr/bin/python3 /kopano/cfg-from-env.py
+	/usr/bin/python3 /kopano/cfg-from-env.py
 fi
 meetversion=$(dpkg-query --showformat='${Version}' --show kopano-meet-webapp)
 echo "Using Kopano Meet: $meetversion"
@ -21,55 +23,57 @@ if [ $# -gt 0 ]; then
 	exit
 fi
-cp /usr/share/doc/kopano-meet-webapp/config.json.in /tmp/meet.json
+if [ "${AUTOCONFIGURE}" == true ]; then
-CONFIG_JSON="/tmp/meet.json"
+	cp /usr/share/doc/kopano-meet-webapp/config.json.in /tmp/meet.json
-echo "Updating $CONFIG_JSON"
+	CONFIG_JSON="/tmp/meet.json"
-for setting in $(compgen -A variable KCCONF_MEET); do
+	echo "Updating $CONFIG_JSON"
-	setting2=${setting#KCCONF_MEET_}
+	for setting in $(compgen -A variable KCCONF_MEET); do
-	# dots in setting2 need to be escaped to not be handled as separate entities in the json file
+		setting2=${setting#KCCONF_MEET_}
-	case ${!setting} in
+		# dots in setting2 need to be escaped to not be handled as separate entities in the json file
-		true|TRUE|false|FALSE|[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9])
+		case ${!setting} in
-			jq ".\"${setting2//_/\".\"}\" = ${!setting}" $CONFIG_JSON | sponge $CONFIG_JSON
+			true|TRUE|false|FALSE|[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9])
-			;;
+				jq ".\"${setting2//_/\".\"}\" = ${!setting}" $CONFIG_JSON | sponge $CONFIG_JSON
-		*)
+				;;
-			jq ".\"${setting2//_/\".\"}\" = \"${!setting}\"" $CONFIG_JSON | sponge $CONFIG_JSON
+			*)
-			;;
+				jq ".\"${setting2//_/\".\"}\" = \"${!setting}\"" $CONFIG_JSON | sponge $CONFIG_JSON
-		esac
+				;;
-done
+			esac
 	done
-# Populate app grid
+	# Populate app grid
-# Note: if below variables are set to "no" kpop will fall back to its default behaviour and show all known apps.
+	# Note: if below variables are set to "no" kpop will fall back to its default behaviour and show all known apps.
-# enable Kopano Konnect in the app grid
+	# enable Kopano Konnect in the app grid
-if [ "${GRID_KONNECT:-yes}" = "yes" ]; then
+	if [ "${GRID_KONNECT:-yes}" = "yes" ]; then
-	jq '.apps.enabled += ["kopano-konnect"]' $CONFIG_JSON | sponge $CONFIG_JSON
+		jq '.apps.enabled += ["kopano-konnect"]' $CONFIG_JSON | sponge $CONFIG_JSON
 	fi
 	# enable Kopano Meet in the app grid
 	if [ "${GRID_MEET:-yes}" = "yes" ]; then
 		jq '.apps.enabled += ["kopano-meet"]' $CONFIG_JSON | sponge $CONFIG_JSON
 	fi
 	# enable Kopano WebApp in the app grid
 	if [ "${GRID_WEBAPP:-yes}" = "yes" ]; then
 		jq '.apps.enabled += ["kopano-webapp"]' $CONFIG_JSON | sponge $CONFIG_JSON
 	fi
 	# enable Kopano WebApp in the app grid
 	if [ "${GRID_CALENDAR:-yes}" = "yes" ]; then
 		jq '.apps.enabled += ["kopano-calendar"]' $CONFIG_JSON | sponge $CONFIG_JSON
 	fi
 	sed s/\ *=\ */=/g /tmp/kopano/kwebd.cfg > /tmp/kweb-env
 	# always disable tls
 	export tls=no
 	# shellcheck disable=SC2046
 	export $(grep -v '^#' /tmp/kweb-env | xargs -d '\n')
 	# services need to be aware of the machine-id
 	dockerize \
 		-wait file:///etc/machine-id \
 		-wait file:///var/lib/dbus/machine-id
 fi
 # enable Kopano Meet in the app grid
 if [ "${GRID_MEET:-yes}" = "yes" ]; then
 	jq '.apps.enabled += ["kopano-meet"]' $CONFIG_JSON | sponge $CONFIG_JSON
 fi
 # enable Kopano WebApp in the app grid
 if [ "${GRID_WEBAPP:-yes}" = "yes" ]; then
 	jq '.apps.enabled += ["kopano-webapp"]' $CONFIG_JSON | sponge $CONFIG_JSON
 fi
 # enable Kopano WebApp in the app grid
 if [ "${GRID_CALENDAR:-yes}" = "yes" ]; then
 	jq '.apps.enabled += ["kopano-calendar"]' $CONFIG_JSON | sponge $CONFIG_JSON
 fi
 sed s/\ *=\ */=/g /tmp/kopano/kwebd.cfg > /tmp/kweb-env
 # always disable tls
 export tls=no
 # shellcheck disable=SC2046
 export $(grep -v '^#' /tmp/kweb-env | xargs -d '\n')
 # services need to be aware of the machine-id
 dockerize \
 	-wait file:///etc/machine-id \
 	-wait file:///var/lib/dbus/machine-id
 # cleaning up env variables
 unset "${!KCCONF_@}"
 exec kopano-kwebd serve
--- a/web/Dockerfile
+++ b/web/Dockerfile
@ -12,7 +12,7 @@ LABEL maintainer=az@zok.xyz \
    org.label-schema.schema-version="1.0"
 ENV \
-    AUTOCONFIG=yes \
+    AUTOCONFIGURE=true \
    CODE_VERSION="${CODE_VERSION}" \
    DEFAULTREDIRECT="/webapp" \
    KONNECTPATH=kopanoid \
--- a/web/wrapper.sh
+++ b/web/wrapper.sh
@ -11,7 +11,7 @@ fi
 export CADDYPATH="$KOPANO_KWEB_ASSETS_PATH"
 # services need to be aware of the machine-id
-if [ "$AUTOCONFIG" = "yes" ]; then
+if [ "$AUTOCONFIGURE" = true ]; then
 	dockerize \
 		-wait file:///etc/machine-id \
 		-wait file:///var/lib/dbus/machine-id
--- a/webapp/start.sh
+++ b/webapp/start.sh
@ -9,75 +9,77 @@ ADDITIONAL_KOPANO_WEBAPP_PLUGINS=${ADDITIONAL_KOPANO_WEBAPP_PLUGINS:-""}
 set -eu # unset variables are errors & non-zero return values exit the whole script
 [ "$DEBUG" ] && set -x
-# shellcheck source=php/start-helper.sh
+if [ "${AUTOCONFIGURE}" == true ]; then
-source /kopano/start-helper.sh
+	# shellcheck source=php/start-helper.sh
 	source /kopano/start-helper.sh
-# Hint: this is not compatible with a read-only container.
+	# Hint: this is not compatible with a read-only container.
-# The general recommendation is to already build a container that has all required packages installed.
+	# The general recommendation is to already build a container that has all required packages installed.
-ADDITIONAL_KOPANO_PACKAGES="$ADDITIONAL_KOPANO_PACKAGES $ADDITIONAL_KOPANO_WEBAPP_PLUGINS"
+	ADDITIONAL_KOPANO_PACKAGES="$ADDITIONAL_KOPANO_PACKAGES $ADDITIONAL_KOPANO_WEBAPP_PLUGINS"
-ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
+	ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
-if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
+	if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
-	[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
+		[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
-	[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
+		[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
-		# shellcheck disable=SC2016 disable=SC2086
+			# shellcheck disable=SC2016 disable=SC2086
-		if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
+			if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
-			DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg"
+				DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg"
-		else
+			else
-			echo "INFO: $installpkg is already installed"
+				echo "INFO: $installpkg is already installed"
-		fi
+			fi
 		done
 	else
 		echo "Notice: Container is run read-only, skipping package installation."
 		echo "If you want to have additional packages installed in the container either:"
 		echo "- build your own image with the packages already included"
 		echo "- switch the container to 'read_only: false'"
 	fi
 	# copy latest config template
 	mkdir -p /tmp/webapp/
 	for i in /etc/kopano/webapp/*.dist /etc/kopano/webapp/.[^.]*.dist; do
 		filename=$(basename -- "$i")
 		cp "$i" "/tmp/webapp/${filename%.*}"
 	done
-else
+
-	echo "Notice: Container is run read-only, skipping package installation."
+	# Ensure directories exist
-	echo "If you want to have additional packages installed in the container either:"
+	mkdir -p /run/sessions /tmp/webapp /var/lib/kopano-webapp/tmp
-	echo "- build your own image with the packages already included"
+
-	echo "- switch the container to 'read_only: false'"
+	phpversion=$(dpkg-query --showformat='${Version}' --show php7-mapi)
 	echo "Using PHP-Mapi: $phpversion"
 	webappversion=$(dpkg-query --showformat='${Version}' --show kopano-webapp)
 	echo "Using Kopano WebApp: $webappversion"
 	if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
 		echo "Kopano WebApp is using the default: connection"
 	else
 		echo "Kopano WebApp is using an ip connection"
 		php_cfg_gen /tmp/webapp/config.php DEFAULT_SERVER "https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano"
 	fi
 	# configuring webapp from env
 	for setting in $(compgen -A variable KCCONF_WEBAPP_); do
 		setting2=${setting#KCCONF_WEBAPP_}
 		php_cfg_gen /tmp/webapp/config.php "${setting2}" "${!setting}"
 	done
 	# configuring webapp plugins from env
 	for setting in $(compgen -A variable KCCONF_WEBAPPPLUGIN_); do
 		setting2=${setting#KCCONF_WEBAPPPLUGIN_}
 		filename="${setting2%%_*}"
 		setting3=${setting#KCCONF_WEBAPPPLUGIN_${filename}_}
 		identifier="${filename,,}"
 		php_cfg_gen /tmp/webapp/config-"$identifier".php "${setting3}" "${!setting}"
 	done
 	echo "Ensure config ownership"
 	chown -R www-data:www-data /run/sessions /tmp/webapp /var/lib/kopano-webapp/tmp
 	# services need to be aware of the machine-id
 	#dockerize \
 	#	-wait file:///etc/machine-id \
 	#	-wait file:///var/lib/dbus/machine-id
 fi
 # copy latest config template
 mkdir -p /tmp/webapp/
 for i in /etc/kopano/webapp/*.dist /etc/kopano/webapp/.[^.]*.dist; do
 	filename=$(basename -- "$i")
 	cp "$i" "/tmp/webapp/${filename%.*}"
 done
 # Ensure directories exist
 mkdir -p /run/sessions /tmp/webapp /var/lib/kopano-webapp/tmp
 phpversion=$(dpkg-query --showformat='${Version}' --show php7-mapi)
 echo "Using PHP-Mapi: $phpversion"
 webappversion=$(dpkg-query --showformat='${Version}' --show kopano-webapp)
 echo "Using Kopano WebApp: $webappversion"
 if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
 	echo "Kopano WebApp is using the default: connection"
 else
 	echo "Kopano WebApp is using an ip connection"
 	php_cfg_gen /tmp/webapp/config.php DEFAULT_SERVER "https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano"
 fi
 # configuring webapp from env
 for setting in $(compgen -A variable KCCONF_WEBAPP_); do
 	setting2=${setting#KCCONF_WEBAPP_}
 	php_cfg_gen /tmp/webapp/config.php "${setting2}" "${!setting}"
 done
 # configuring webapp plugins from env
 for setting in $(compgen -A variable KCCONF_WEBAPPPLUGIN_); do
 	setting2=${setting#KCCONF_WEBAPPPLUGIN_}
 	filename="${setting2%%_*}"
 	setting3=${setting#KCCONF_WEBAPPPLUGIN_${filename}_}
 	identifier="${filename,,}"
 	php_cfg_gen /tmp/webapp/config-"$identifier".php "${setting3}" "${!setting}"
 done
 echo "Ensure config ownership"
 chown -R www-data:www-data /run/sessions /tmp/webapp /var/lib/kopano-webapp/tmp
 # services need to be aware of the machine-id
 #dockerize \
 #	-wait file:///etc/machine-id \
 #	-wait file:///var/lib/dbus/machine-id
 set +u
 # cleaning up env variables
 unset "${!KCCONF_@}"
--- a/zpush/apache2-kopano.conf
+++ b/zpush/apache2-kopano.conf
@ -1,8 +0,0 @@
 <VirtualHost *:80>
 	DocumentRoot /var/www/
 	LogFormat "%{X-Forwarded-For}i %{%a %b %d %T %Y}t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
 	ErrorLog "|/bin/cat"
 	CustomLog "|/bin/cat" proxy
 </VirtualHost>
--- a/zpush/start.sh
+++ b/zpush/start.sh
@ -39,106 +39,108 @@ php_cfg_gen() {
 	fi
 }
-# Hint: this is not compatible with a read-only container.
+if [ "${AUTOCONFIGURE}" == true ]; then
-# The general recommendation is to already build a container that has all required packages installed.
+	# Hint: this is not compatible with a read-only container.
-ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
+	# The general recommendation is to already build a container that has all required packages installed.
-if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
+	ADDITIONAL_KOPANO_PACKAGES=$(echo "$ADDITIONAL_KOPANO_PACKAGES" | tr -d '"')
-	[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
+	if [ -n "$(mkdir -p "/var/lib/apt/lists/" 2&> /dev/null)" ]; then
-	[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
+		[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && apt update
-		# shellcheck disable=SC2016 disable=SC2086
+		[ -n "${ADDITIONAL_KOPANO_PACKAGES// }" ] && for installpkg in $ADDITIONAL_KOPANO_PACKAGES; do
-		if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
+			# shellcheck disable=SC2016 disable=SC2086
-			DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg"
+			if [ "$(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c 'ok installed')" -eq 0 ]; then
-		else
+				DEBIAN_FRONTEND=noninteractive apt --assume-yes --no-upgrade install "$installpkg"
-			echo "INFO: $installpkg is already installed"
+			else
-		fi
+				echo "INFO: $installpkg is already installed"
 			fi
 		done
 	else
 		echo "Notice: Container is run read-only, skipping package installation."
 		echo "If you want to have additional packages installed in the container either:"
 		echo "- build your own image with the packages already included"
 		echo "- switch the container to 'read_only: false'"
 	fi
 	# copy latest config template
 	mkdir -p /tmp/z-push/
 	for i in /etc/z-push/*.dist; do
 		filename=$(basename -- "$i")
 		cp "$i" "/tmp/z-push/${filename%.*}"
 	done
-else
+
-	echo "Notice: Container is run read-only, skipping package installation."
+	# Ensure directories
-	echo "If you want to have additional packages installed in the container either:"
+	mkdir -p /run/sessions
-	echo "- build your own image with the packages already included"
+
-	echo "- switch the container to 'read_only: false'"
+	phpversion=$(dpkg-query --showformat='${Version}' --show php7-mapi)
 	echo "Using PHP-Mapi: $phpversion"
 	zpushversion=$(dpkg-query --showformat='${Version}' --show z-push-kopano)
 	echo "Using Z-Push: $zpushversion"
 	if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
 		echo "Z-Push is using the default: connection"
 	else
 		echo "Z-Push is using an ip connection"
 		php_cfg_gen /tmp/z-push/kopano.conf.php MAPI_SERVER "https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano"
 	fi
 	echo "Configuring Z-Push for use behind a reverse proxy"
 	php_cfg_gen /tmp/z-push/z-push.conf.php USE_CUSTOM_REMOTE_IP_HEADER HTTP_X_FORWARDED_FOR
 	# configuring z-push from env
 	for setting in $(compgen -A variable KCCONF_ZPUSH_); do
 		setting2=${setting#KCCONF_ZPUSH_}
 		php_cfg_gen /tmp/z-push/z-push.conf.php "${setting2}" "${!setting}"
 	done
 	# configuring autodiscover
 	for setting in $(compgen -A variable KCCONF_ZPUSHAUTODISCOVER_); do
 		setting2=${setting#KCCONF_ZPUSHAUTODISCOVER_}
 		php_cfg_gen /tmp/z-push/autodiscover.conf.php "${setting2}" "${!setting}"
 	done
 	# configuring z-push gabsync
 	php_cfg_gen /tmp/z-push/gabsync.conf.php USERNAME SYSTEM
 	for setting in $(compgen -A variable KCCONF_ZPUSHGABSYNC_); do
 		setting2=${setting#KCCONF_ZPUSHGAVSYNC_}
 		php_cfg_gen /tmp/z-push/z-push.conf.php "${setting2}" "${!setting}"
 	done
 	# configuring z-push sql state engine
 	for setting in $(compgen -A variable KCCONF_ZPUSHSQL_); do
 		setting2=${setting#KCCONF_ZPUSHSQL_}
 		php_cfg_gen /tmp/z-push/state-sql.conf.php "${setting2}" "${!setting}"
 	done
 	# configuring z-push memcached
 	for setting in $(compgen -A variable KCCONF_ZPUSHMEMCACHED_); do
 		setting2=${setting#KCCONF_ZPUSHMEMCACHED_}
 		php_cfg_gen /tmp/z-push/memcached.conf.php "${setting2}" "${!setting}"
 	done
 	# configuring z-push gab2contacts
 	for setting in $(compgen -A variable KCCONF_ZPUSHGA2CONTACTS_); do
 		setting2=${setting#KCCONF_ZPUSHSQL_}
 		php_cfg_gen /tmp/z-push/gab2contacts.conf.php "${setting2}" "${!setting}"
 	done
 	# configuring z-push shared folders
 	perl -i -0pe 's/\$additionalFolders.*\);//s' /tmp/z-push/z-push.conf.php
 	echo -e "  \$additionalFolders = array(" >> /tmp/z-push/z-push.conf.php
 	echo "$ZPUSH_ADDITIONAL_FOLDERS" | jq -c '.[]' | while read -r folder; do
 		eval "$(echo "$folder" | jq -r '@sh "NAME=\(.name) ID=\(.id) TYPE=\(.type) FLAGS=\(.flags)"')"
 		echo -e "    array('store' => \"SYSTEM\", 'folderid' => \"$ID\", 'name' => \"$NAME\", 'type' => $TYPE, 'flags' => $FLAGS)," >> /etc/z-push/z-push.conf.php
 	done
 	echo -e '  );' >> /tmp/z-push/z-push.conf.php
 	echo "Ensure config ownership"
 	chown -R www-data:www-data /run/sessions
 	# services need to be aware of the machine-id
 	#dockerize \
 	#	-wait file:///etc/machine-id \
 	#	-wait file:///var/lib/dbus/machine-id
 fi
 # copy latest config template
 mkdir -p /tmp/z-push/
 for i in /etc/z-push/*.dist; do
 	filename=$(basename -- "$i")
 	cp "$i" "/tmp/z-push/${filename%.*}"
 done
 # Ensure directories
 mkdir -p /run/sessions
 phpversion=$(dpkg-query --showformat='${Version}' --show php7-mapi)
 echo "Using PHP-Mapi: $phpversion"
 zpushversion=$(dpkg-query --showformat='${Version}' --show z-push-kopano)
 echo "Using Z-Push: $zpushversion"
 if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
 	echo "Z-Push is using the default: connection"
 else
 	echo "Z-Push is using an ip connection"
 	php_cfg_gen /tmp/z-push/kopano.conf.php MAPI_SERVER "https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano"
 fi
 echo "Configuring Z-Push for use behind a reverse proxy"
 php_cfg_gen /tmp/z-push/z-push.conf.php USE_CUSTOM_REMOTE_IP_HEADER HTTP_X_FORWARDED_FOR
 # configuring z-push from env
 for setting in $(compgen -A variable KCCONF_ZPUSH_); do
 	setting2=${setting#KCCONF_ZPUSH_}
 	php_cfg_gen /tmp/z-push/z-push.conf.php "${setting2}" "${!setting}"
 done
 # configuring autodiscover
 for setting in $(compgen -A variable KCCONF_ZPUSHAUTODISCOVER_); do
 	setting2=${setting#KCCONF_ZPUSHAUTODISCOVER_}
 	php_cfg_gen /tmp/z-push/autodiscover.conf.php "${setting2}" "${!setting}"
 done
 # configuring z-push gabsync
 php_cfg_gen /tmp/z-push/gabsync.conf.php USERNAME SYSTEM
 for setting in $(compgen -A variable KCCONF_ZPUSHGABSYNC_); do
 	setting2=${setting#KCCONF_ZPUSHGAVSYNC_}
 	php_cfg_gen /tmp/z-push/z-push.conf.php "${setting2}" "${!setting}"
 done
 # configuring z-push sql state engine
 for setting in $(compgen -A variable KCCONF_ZPUSHSQL_); do
 	setting2=${setting#KCCONF_ZPUSHSQL_}
 	php_cfg_gen /tmp/z-push/state-sql.conf.php "${setting2}" "${!setting}"
 done
 # configuring z-push memcached
 for setting in $(compgen -A variable KCCONF_ZPUSHMEMCACHED_); do
 	setting2=${setting#KCCONF_ZPUSHMEMCACHED_}
 	php_cfg_gen /tmp/z-push/memcached.conf.php "${setting2}" "${!setting}"
 done
 # configuring z-push gab2contacts
 for setting in $(compgen -A variable KCCONF_ZPUSHGA2CONTACTS_); do
 	setting2=${setting#KCCONF_ZPUSHSQL_}
 	php_cfg_gen /tmp/z-push/gab2contacts.conf.php "${setting2}" "${!setting}"
 done
 # configuring z-push shared folders
 perl -i -0pe 's/\$additionalFolders.*\);//s' /tmp/z-push/z-push.conf.php
 echo -e "  \$additionalFolders = array(" >> /tmp/z-push/z-push.conf.php
 echo "$ZPUSH_ADDITIONAL_FOLDERS" | jq -c '.[]' | while read -r folder; do
 	eval "$(echo "$folder" | jq -r '@sh "NAME=\(.name) ID=\(.id) TYPE=\(.type) FLAGS=\(.flags)"')"
 	echo -e "    array('store' => \"SYSTEM\", 'folderid' => \"$ID\", 'name' => \"$NAME\", 'type' => $TYPE, 'flags' => $FLAGS)," >> /etc/z-push/z-push.conf.php
 done
 echo -e '  );' >> /tmp/z-push/z-push.conf.php
 echo "Ensure config ownership"
 chown -R www-data:www-data /run/sessions
 # services need to be aware of the machine-id
 #dockerize \
 #	-wait file:///etc/machine-id \
 #	-wait file:///var/lib/dbus/machine-id
 echo "Activate z-push log rerouting"
 mkdir -p /var/log/z-push/
 touch /var/log/z-push/{z-push.log,z-push-error.log,autodiscover.log,autodiscover-error.log}
`@ -1,3 +1,3 @@`
	`#!/bin/bash`	`#!/bin/bash`

	`/usr/sbin/kopano-autorespond -C /tmp/kopano/autorespond.cfg "$@"`	`/usr/sbin/kopano-autorespond -C "$KOPANO_CONFIG_PATH/autorespond.cfg" "$@"`