mirror of
https://github.com/zokradonh/kopano-docker
synced 2025-06-07 07:56:12 +00:00
Add a per setup unique machine-id (#257)
* add mount for machine-id * services should check the availability of the machine id before starting * add a note to the readme * add new mounts to the multiserver example * add dockerize to kweb * fix meet demo
This commit is contained in:
Felix Bartels
GitHub
parent
753dc21eae
commit
ead0acfdb0
@ -128,9 +128,11 @@ The exposed ports of each container are defined in `docker-compose.ports.yml`. I
|
||||
|
||||
To get a quick impression of Kopano this git repository bundles a locally build LDAP image with some example users. When using the docker-compose.yml in a production environment make sure to:
|
||||
|
||||
- either remove `ldap-demo/bootstrap/ldif/demo-users.ldif` from the locally built LDAP image or completely remove the local LDAP from the compose file
|
||||
- switch to the non-demo ldap tree or completely remove the local LDAP from the compose file
|
||||
- adapt LDAP queries in .env to match you actual LDAP server and users
|
||||
- all additional configuration of the Kopano components should be specified in the compose file and **not within the running container**
|
||||
- all additional configuration of the Kopano components should be specified in the compose file/the env file/an override and **not within the running container**
|
||||
- make sure that there is a unique machine-id for your deployment
|
||||
- the default setup mounts the file from the host, if your host is running multiple installations of Kopano make sure to generate a unique value for each installation.
|
||||
|
||||
#### Can I combine these Docker images with my existing environment?
|
||||
|
||||
|
||||
@ -40,6 +40,11 @@ if [ $# -gt 0 ]; then
|
||||
exit
|
||||
fi
|
||||
|
||||
# services need to be aware of the machine-id
|
||||
dockerize \
|
||||
-wait file:///etc/machine-id \
|
||||
-wait file:///var/lib/dbus/machine-id
|
||||
|
||||
# start regular service
|
||||
case "$SERVICE_TO_START" in
|
||||
server)
|
||||
@ -89,7 +94,7 @@ server)
|
||||
;;
|
||||
dagent)
|
||||
dockerize \
|
||||
-wait file://var/run/kopano/server.sock \
|
||||
-wait file:///var/run/kopano/server.sock \
|
||||
-timeout 360s
|
||||
# cleaning up env variables
|
||||
unset "${!KCCONF_@}"
|
||||
@ -145,12 +150,12 @@ kapi)
|
||||
if [ "$KCCONF_KAPID_INSECURE" = "yes" ]; then
|
||||
dockerize \
|
||||
-skip-tls-verify \
|
||||
-wait file://var/run/kopano/grapi/notify.sock \
|
||||
-wait file:///var/run/kopano/grapi/notify.sock \
|
||||
-wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \
|
||||
-timeout 360s
|
||||
else
|
||||
dockerize \
|
||||
-wait file://var/run/kopano/grapi/notify.sock \
|
||||
-wait file:///var/run/kopano/grapi/notify.sock \
|
||||
-wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \
|
||||
-timeout 360s
|
||||
fi
|
||||
@ -165,7 +170,7 @@ kapi)
|
||||
;;
|
||||
monitor)
|
||||
dockerize \
|
||||
-wait file://var/run/kopano/server.sock \
|
||||
-wait file:///var/run/kopano/server.sock \
|
||||
-timeout 360s
|
||||
# cleaning up env variables
|
||||
unset "${!KCCONF_@}"
|
||||
@ -173,7 +178,7 @@ monitor)
|
||||
;;
|
||||
search)
|
||||
dockerize \
|
||||
-wait file://var/run/kopano/server.sock \
|
||||
-wait file:///var/run/kopano/server.sock \
|
||||
-timeout 360s
|
||||
# give kopano-server a moment to settler before starting search
|
||||
sleep 5
|
||||
@ -189,7 +194,7 @@ search)
|
||||
;;
|
||||
spooler)
|
||||
dockerize \
|
||||
-wait file://var/run/kopano/server.sock \
|
||||
-wait file:///var/run/kopano/server.sock \
|
||||
-wait tcp://"$KCCONF_SPOOLER_SMTP_SERVER":25 \
|
||||
-timeout 1080s
|
||||
# cleaning up env variables
|
||||
|
||||
@ -5,18 +5,20 @@ services:
|
||||
image: ${docker_repo:-zokradonh}/kopano_web:${KWEB_VERSION:-latest}
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- DEFAULTREDIRECT=${DEFAULTREDIRECT:-/webapp}
|
||||
- EMAIL=${EMAIL:-off}
|
||||
- FQDN=${FQDNCLEANED?err}
|
||||
- DEFAULTREDIRECT=${DEFAULTREDIRECT:-/webapp}
|
||||
command: wrapper.sh
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- NET_BIND_SERVICE
|
||||
- CHOWN
|
||||
- NET_BIND_SERVICE
|
||||
- SETGID
|
||||
- SETUID
|
||||
volumes:
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- web:/.kweb
|
||||
networks:
|
||||
web-net:
|
||||
@ -28,12 +30,12 @@ services:
|
||||
restart: unless-stopped
|
||||
container_name: ${COMPOSE_PROJECT_NAME}_ldap
|
||||
environment:
|
||||
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
|
||||
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
||||
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
||||
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
|
||||
- LDAP_READONLY_USER=true
|
||||
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
||||
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
||||
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
|
||||
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
|
||||
- LDAP_READONLY_USER=true
|
||||
env_file:
|
||||
- ldap.env
|
||||
command: "--loglevel info --copy-service"
|
||||
@ -56,36 +58,36 @@ services:
|
||||
- mailstate:/var/mail-state
|
||||
- mtaconfig:/tmp/docker-mailserver/
|
||||
environment:
|
||||
- TZ=${TZ}
|
||||
- ENABLE_SPAMASSASSIN=1
|
||||
- DMS_DEBUG=0
|
||||
- ENABLE_CLAMAV=1
|
||||
- ENABLE_FAIL2BAN=1
|
||||
- ENABLE_POSTGREY=1
|
||||
- ONE_DIR=1
|
||||
- DMS_DEBUG=0
|
||||
- SSL_TYPE=self-signed
|
||||
- ENABLE_LDAP=1
|
||||
- LDAP_SERVER_HOST=${LDAP_SERVER}
|
||||
- LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
|
||||
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
|
||||
- ENABLE_POSTGREY=1
|
||||
- ENABLE_SASLAUTHD=1
|
||||
- ENABLE_SPAMASSASSIN=1
|
||||
- LDAP_BIND_DN=${LDAP_BIND_DN}
|
||||
- LDAP_BIND_PW=${LDAP_BIND_PW}
|
||||
- LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER}
|
||||
- LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
|
||||
- LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
|
||||
- LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
|
||||
- ENABLE_SASLAUTHD=1
|
||||
- SASLAUTHD_LDAP_SERVER=${LDAP_SERVER}
|
||||
- LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
|
||||
- LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER}
|
||||
- LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
|
||||
- LDAP_SERVER_HOST=${LDAP_SERVER}
|
||||
- ONE_DIR=1
|
||||
- PERMIT_DOCKER=connected-networks
|
||||
- POSTFIX_DAGENT=lmtp:kopano_dagent:2003
|
||||
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
|
||||
- REPORT_RECIPIENT=1
|
||||
- SASLAUTHD_LDAP_BIND_DN=${LDAP_BIND_DN}
|
||||
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
|
||||
- SASLAUTHD_LDAP_PASSWORD=${LDAP_BIND_PW}
|
||||
- SASLAUTHD_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
|
||||
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
|
||||
- SASLAUTHD_LDAP_SERVER=${LDAP_SERVER}
|
||||
- SASLAUTHD_MECHANISMS=ldap
|
||||
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
|
||||
- SMTP_ONLY=1
|
||||
- PERMIT_DOCKER=connected-networks
|
||||
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
|
||||
- POSTFIX_DAGENT=lmtp:kopano_dagent:2003
|
||||
- REPORT_RECIPIENT=1
|
||||
- SSL_TYPE=self-signed
|
||||
- TZ=${TZ}
|
||||
env_file:
|
||||
- mail.env
|
||||
networks:
|
||||
@ -105,10 +107,10 @@ services:
|
||||
volumes:
|
||||
- mysql/:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_DATABASE=${MYSQL_DATABASE}
|
||||
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
||||
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
||||
- MYSQL_USER=${MYSQL_USER}
|
||||
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
||||
- MYSQL_DATABASE=${MYSQL_DATABASE}
|
||||
env_file:
|
||||
- db.env
|
||||
healthcheck:
|
||||
@ -136,35 +138,35 @@ services:
|
||||
container_name: ${COMPOSE_PROJECT_NAME}_server
|
||||
depends_on:
|
||||
- db
|
||||
- ldap
|
||||
- kopano_ssl
|
||||
- kopano_konnect
|
||||
- kopano_ssl
|
||||
- ldap
|
||||
environment:
|
||||
- ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES}
|
||||
- KCCOMMENT_LDAP_1=${KCCOMMENT_LDAP_1}
|
||||
- KCCONF_ADMIN_DEFAULT_STORE_LOCALE=${MAILBOXLANG:-en_US.UTF-8}
|
||||
- KCCONF_LDAP_LDAP_BIND_PASSWD=${LDAP_BIND_PW}
|
||||
- KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN}
|
||||
- KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
|
||||
- KCCONF_LDAP_LDAP_URI=${LDAP_SERVER}
|
||||
- KCCONF_SERVER_COREDUMP_ENABLED=no
|
||||
- KCCONF_SERVER_ENABLE_SSO=yes
|
||||
- KCCONF_SERVER_KCOIDC_INSECURE_SKIP_VERIFY=${INSECURE}
|
||||
- KCCONF_SERVER_KCOIDC_ISSUER_IDENTIFIER=https://${FQDN}
|
||||
- KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE}
|
||||
- KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
|
||||
- KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
||||
- KCCONF_SERVER_MYSQL_PORT=3306
|
||||
- KCCONF_SERVER_MYSQL_USER=${MYSQL_USER}
|
||||
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
|
||||
- KCCONF_SERVER_SERVER_NAME=Kopano
|
||||
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
|
||||
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kopano_server.pem
|
||||
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
|
||||
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS}
|
||||
- KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1}
|
||||
- SERVICE_TO_START=server
|
||||
- TZ=${TZ}
|
||||
- KCCONF_SERVER_COREDUMP_ENABLED=no
|
||||
- KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
|
||||
- KCCONF_SERVER_MYSQL_PORT=3306
|
||||
- KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE}
|
||||
- KCCONF_SERVER_MYSQL_USER=${MYSQL_USER}
|
||||
- KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
||||
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kopano_server.pem
|
||||
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
|
||||
- KCCONF_SERVER_SERVER_NAME=Kopano
|
||||
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
|
||||
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
|
||||
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS}
|
||||
- KCCONF_LDAP_LDAP_URI=${LDAP_SERVER}
|
||||
- KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN}
|
||||
- KCCONF_LDAP_LDAP_BIND_PASSWD=${LDAP_BIND_PW}
|
||||
- KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
|
||||
- KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1}
|
||||
- KCCOMMENT_LDAP_1=${KCCOMMENT_LDAP_1}
|
||||
- ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES}
|
||||
- KCCONF_SERVER_ENABLE_SSO=yes
|
||||
- KCCONF_SERVER_KCOIDC_ISSUER_IDENTIFIER=https://${FQDN}
|
||||
- KCCONF_SERVER_KCOIDC_INSECURE_SKIP_VERIFY=${INSECURE}
|
||||
- KCCONF_ADMIN_DEFAULT_STORE_LOCALE=${MAILBOXLANG:-en_US.UTF-8}
|
||||
env_file:
|
||||
- kopano_server.env
|
||||
networks:
|
||||
@ -172,9 +174,11 @@ services:
|
||||
- ldap-net
|
||||
- web-net
|
||||
volumes:
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanodata/:/kopano/data
|
||||
- kopanossl/:/kopano/ssl
|
||||
- kopanosocket/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
|
||||
kopano_webapp:
|
||||
image: ${docker_repo:-zokradonh}/kopano_webapp:${WEBAPP_VERSION:-latest}
|
||||
@ -183,19 +187,21 @@ services:
|
||||
depends_on:
|
||||
- kopano_server
|
||||
volumes:
|
||||
- kopanossl/:/kopano/ssl
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanosocket/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
- kopanowebapp/:/var/lib/kopano-webapp/
|
||||
environment:
|
||||
- TZ=${TZ}
|
||||
- ADDITIONAL_KOPANO_WEBAPP_PLUGINS=${ADDITIONAL_KOPANO_WEBAPP_PLUGINS}
|
||||
- KCCONF_WEBAPP_OIDC_ISS=https://${FQDN}
|
||||
- KCCONF_WEBAPP_OIDC_CLIENT_ID=webapp
|
||||
- KCCONF_WEBAPP_OIDC_ISS=https://${FQDN}
|
||||
- TZ=${TZ}
|
||||
env_file:
|
||||
- kopano_webapp.env
|
||||
networks:
|
||||
- web-net
|
||||
- kopano-net
|
||||
- web-net
|
||||
|
||||
kopano_zpush:
|
||||
image: ${docker_repo:-zokradonh}/kopano_zpush:${ZPUSH_VERSION:-latest}
|
||||
@ -205,8 +211,10 @@ services:
|
||||
depends_on:
|
||||
- kopano_server
|
||||
volumes:
|
||||
- kopanossl/:/kopano/ssl
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanosocket/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
- zpushstates/:/var/lib/z-push/
|
||||
environment:
|
||||
- TZ=${TZ}
|
||||
@ -216,8 +224,8 @@ services:
|
||||
env_file:
|
||||
- kopano_zpush.env
|
||||
networks:
|
||||
- web-net
|
||||
- kopano-net
|
||||
- web-net
|
||||
|
||||
kopano_grapi:
|
||||
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
|
||||
@ -226,13 +234,15 @@ services:
|
||||
depends_on:
|
||||
- kopano_server
|
||||
volumes:
|
||||
- kopanosocket/:/run/kopano
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanograpi/:/var/lib/kopano-grapi
|
||||
- kopanosocket/:/run/kopano
|
||||
environment:
|
||||
- KCCONF_GRAPI_ENABLE_EXPERIMENTAL_ENDPOINTS=no
|
||||
- KCCONF_GRAPI_INSECURE=${INSECURE}
|
||||
- SERVICE_TO_START=grapi
|
||||
- TZ=${TZ}
|
||||
- KCCONF_GRAPI_INSECURE=${INSECURE}
|
||||
- KCCONF_GRAPI_ENABLE_EXPERIMENTAL_ENDPOINTS=no
|
||||
env_file:
|
||||
- kopano_grapi.env
|
||||
networks:
|
||||
@ -246,15 +256,17 @@ services:
|
||||
depends_on:
|
||||
- kopano_grapi
|
||||
volumes:
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanodata/:/kopano/data
|
||||
- kopanossl/:/kopano/ssl
|
||||
- kopanosocket/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
environment:
|
||||
- SERVICE_TO_START=kapi
|
||||
- TZ=${TZ}
|
||||
- KCCONF_KAPID_INSECURE=${INSECURE}
|
||||
- KCCONF_KAPID_LOG_LEVEL=DEBUG
|
||||
- KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN}
|
||||
- KCCONF_KAPID_INSECURE=${INSECURE}
|
||||
- SERVICE_TO_START=kapi
|
||||
- TZ=${TZ}
|
||||
env_file:
|
||||
- kopano_kapi.env
|
||||
networks:
|
||||
@ -269,9 +281,11 @@ services:
|
||||
depends_on:
|
||||
- kopano_server
|
||||
volumes:
|
||||
- kopanossl/:/kopano/ssl
|
||||
- kopanosocket/:/run/kopano
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kdavstates/:/var/lib/kopano/kdav
|
||||
- kopanosocket/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
environment:
|
||||
- TZ=${TZ}
|
||||
networks:
|
||||
@ -284,13 +298,15 @@ services:
|
||||
depends_on:
|
||||
- kopano_server
|
||||
volumes:
|
||||
- kopanossl/:/kopano/ssl
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanosocket/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
environment:
|
||||
- KCCONF_DAGENT_LOG_LEVEL=3
|
||||
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kopano_dagent.pem
|
||||
- SERVICE_TO_START=dagent
|
||||
- TZ=${TZ}
|
||||
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kopano_dagent.pem
|
||||
- KCCONF_DAGENT_LOG_LEVEL=3
|
||||
env_file:
|
||||
- kopano_dagent.env
|
||||
networks:
|
||||
@ -305,14 +321,16 @@ services:
|
||||
- kopano_server
|
||||
- mail
|
||||
volumes:
|
||||
- kopanossl/:/kopano/ssl
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanosocket/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
environment:
|
||||
- SERVICE_TO_START=spooler
|
||||
- TZ=${TZ}
|
||||
- KCCONF_SPOOLER_LOG_LEVEL=3
|
||||
- KCCONF_SPOOLER_SMTP_SERVER=mail
|
||||
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kopano_spooler.pem
|
||||
- SERVICE_TO_START=spooler
|
||||
- TZ=${TZ}
|
||||
env_file:
|
||||
- kopano_spooler.env
|
||||
networks:
|
||||
@ -324,13 +342,15 @@ services:
|
||||
depends_on:
|
||||
- kopano_server
|
||||
volumes:
|
||||
- kopanossl/:/kopano/ssl
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanosocket/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
environment:
|
||||
- KCCONF_GATEWAY_LOG_LEVEL=3
|
||||
- KCCONF_GATEWAY_SERVER_SOCKET=http://kopano_server:236/
|
||||
- SERVICE_TO_START=gateway
|
||||
- TZ=${TZ}
|
||||
- KCCONF_GATEWAY_SERVER_SOCKET=http://kopano_server:236/
|
||||
- KCCONF_GATEWAY_LOG_LEVEL=3
|
||||
env_file:
|
||||
- kopano_gateway.env
|
||||
networks:
|
||||
@ -342,12 +362,14 @@ services:
|
||||
depends_on:
|
||||
- kopano_server
|
||||
volumes:
|
||||
- kopanossl/:/kopano/ssl
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanosocket/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
environment:
|
||||
- KCCONF_ICAL_SERVER_SOCKET=http://kopano_server:236/
|
||||
- SERVICE_TO_START=ical
|
||||
- TZ=${TZ}
|
||||
- KCCONF_ICAL_SERVER_SOCKET=http://kopano_server:236/
|
||||
env_file:
|
||||
- kopano_ical.env
|
||||
networks:
|
||||
@ -360,8 +382,10 @@ services:
|
||||
depends_on:
|
||||
- kopano_server
|
||||
volumes:
|
||||
- kopanossl/:/kopano/ssl
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanosocket/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
environment:
|
||||
- SERVICE_TO_START=monitor
|
||||
- TZ=${TZ}
|
||||
@ -377,9 +401,11 @@ services:
|
||||
depends_on:
|
||||
- kopano_server
|
||||
volumes:
|
||||
- kopanossl/:/kopano/ssl
|
||||
- kopanosocket/:/run/kopano
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanodata/:/kopano/data
|
||||
- kopanosocket/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
environment:
|
||||
- SERVICE_TO_START=search
|
||||
- TZ=${TZ}
|
||||
@ -396,18 +422,20 @@ services:
|
||||
- web
|
||||
# to be useful Konnect also need a running kopano_server, but this dependency cannot be added here since this would be a circular dependency
|
||||
volumes:
|
||||
- kopanossl/:/kopano/ssl
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanosocket/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
environment:
|
||||
- FQDN=${FQDN}
|
||||
- ecparam=/kopano/ssl/ecparam.pem
|
||||
- eckey=/kopano/ssl/meet-kwmserver.pem
|
||||
- signing_private_key=/kopano/ssl/konnectd-tokens-signing-key.pem
|
||||
- encryption_secret_key=/kopano/ssl/konnectd-encryption.key
|
||||
- identifier_registration_conf=/kopano/ssl/konnectd-identifier-registration.yaml
|
||||
- identifier_scopes_conf=/etc/kopano/konnectd-identifier-scopes.yaml
|
||||
- allow_client_guests=yes
|
||||
- allow_dynamic_client_registration=yes
|
||||
- eckey=/kopano/ssl/meet-kwmserver.pem
|
||||
- ecparam=/kopano/ssl/ecparam.pem
|
||||
- encryption_secret_key=/kopano/ssl/konnectd-encryption.key
|
||||
- FQDN=${FQDN}
|
||||
- identifier_registration_conf=/kopano/ssl/konnectd-identifier-registration.yaml
|
||||
- identifier_scopes_conf=/etc/kopano/konnectd-identifier-scopes.yaml
|
||||
- signing_private_key=/kopano/ssl/konnectd-tokens-signing-key.pem
|
||||
env_file:
|
||||
- kopano_konnect.env
|
||||
networks:
|
||||
@ -422,13 +450,15 @@ services:
|
||||
- kopano_kapi
|
||||
- kopano_konnect
|
||||
environment:
|
||||
- enable_guest_api=yes
|
||||
- INSECURE=${INSECURE}
|
||||
- oidc_issuer_identifier=https://${FQDN}
|
||||
- enable_guest_api=yes
|
||||
- public_guest_access_regexp=^group/public/.*
|
||||
env_file:
|
||||
- kopano_kwmserver.env
|
||||
volumes:
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanossl/:/kopano/ssl
|
||||
networks:
|
||||
- web-net
|
||||
@ -437,9 +467,9 @@ services:
|
||||
image: ${docker_repo:-zokradonh}/kopano_meet:${MEET_VERSION:-latest}
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- SERVICE_TO_START=meet
|
||||
- KCCONF_MEET_disableFullGAB=false
|
||||
- KCCONF_MEET_guests_enabled=true
|
||||
- SERVICE_TO_START=meet
|
||||
env_file:
|
||||
- kopano_meet.env
|
||||
depends_on:
|
||||
@ -447,6 +477,9 @@ services:
|
||||
- kopano_konnect
|
||||
- kopano_kwmserver
|
||||
- web
|
||||
volumes:
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
networks:
|
||||
- web-net
|
||||
|
||||
@ -462,35 +495,35 @@ services:
|
||||
- kopano_server
|
||||
- kopano_zpush
|
||||
environment:
|
||||
- TZ=${TZ}
|
||||
- CRON_KOPANOUSERS=10 * * * * docker exec kopano_server kopano-admin --sync
|
||||
- CRON_ZPUSHGAB=0 22 * * * docker exec kopano_zpush z-push-gabsync -a sync
|
||||
- CRONDELAYED_KBACKUP=30 1 * * * docker run --rm -it --volumes-from kopano_server -v /root/kopano-backup:/kopano/path ${docker_repo:-zokradonh}/kopano_utils:${CORE_VERSION:-latest} kopano-backup -h
|
||||
- CRONDELAYED_SOFTDELETE=30 2 * * * docker exec kopano_server kopano-admin --purge-softdelete 30
|
||||
- TZ=${TZ}
|
||||
env_file:
|
||||
- kopano_scheduler.env
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
|
||||
volumes:
|
||||
web:
|
||||
kdavstates:
|
||||
kopanodata:
|
||||
kopanograpi:
|
||||
kopanosocket:
|
||||
kopanossl:
|
||||
kopanowebapp:
|
||||
ldap:
|
||||
slapd:
|
||||
maildata:
|
||||
mailstate:
|
||||
mtaconfig:
|
||||
mysql:
|
||||
kopanodata:
|
||||
kopanograpi:
|
||||
kopanossl:
|
||||
kopanosocket:
|
||||
kopanowebapp:
|
||||
slapd:
|
||||
web:
|
||||
zpushstates:
|
||||
kdavstates:
|
||||
|
||||
networks:
|
||||
web-net:
|
||||
kopano-net:
|
||||
driver: bridge
|
||||
ldap-net:
|
||||
driver: bridge
|
||||
web-net:
|
||||
|
||||
@ -9,9 +9,9 @@ services:
|
||||
|
||||
kopano_server:
|
||||
environment:
|
||||
- KCCONF_SERVER_SERVER_NAME=kopano_server
|
||||
- KCCONF_SERVER_ENABLE_DISTRIBUTED_KOPANO=true
|
||||
- KCCONF_ADMIN_SSLKEY_FILE=/kopano/ssl/admin.pem
|
||||
- KCCONF_SERVER_ENABLE_DISTRIBUTED_KOPANO=true
|
||||
- KCCONF_SERVER_SERVER_NAME=kopano_server
|
||||
|
||||
kopano_server_2:
|
||||
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
|
||||
@ -19,36 +19,36 @@ services:
|
||||
container_name: ${COMPOSE_PROJECT_NAME}_server_2
|
||||
depends_on:
|
||||
- db
|
||||
- ldap
|
||||
- kopano_ssl
|
||||
- kopano_konnect
|
||||
- kopano_ssl
|
||||
- ldap
|
||||
environment:
|
||||
- ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES}
|
||||
- KCCOMMENT_LDAP_1=${KCCOMMENT_LDAP_1}
|
||||
- KCCONF_ADMIN_SSLKEY_FILE=/kopano/ssl/admin.pem
|
||||
- KCCONF_LDAP_LDAP_BIND_PASSWD=${LDAP_BIND_PW}
|
||||
- KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN}
|
||||
- KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
|
||||
- KCCONF_LDAP_LDAP_URI=${LDAP_SERVER}
|
||||
- KCCONF_SERVER_COREDUMP_ENABLED=no
|
||||
- KCCONF_SERVER_ENABLE_DISTRIBUTED_KOPANO=true
|
||||
- KCCONF_SERVER_ENABLE_SSO=yes
|
||||
- KCCONF_SERVER_KCOIDC_INSECURE_SKIP_VERIFY=${INSECURE}
|
||||
- KCCONF_SERVER_KCOIDC_ISSUER_IDENTIFIER=https://${FQDN}
|
||||
- KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE}2
|
||||
- KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
|
||||
- KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
||||
- KCCONF_SERVER_MYSQL_PORT=3306
|
||||
- KCCONF_SERVER_MYSQL_USER=${MYSQL_USER}
|
||||
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
|
||||
- KCCONF_SERVER_SERVER_NAME=kopano_server_2
|
||||
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
|
||||
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kopano_server_2.pem
|
||||
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
|
||||
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS}
|
||||
- KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1}
|
||||
- SERVICE_TO_START=server
|
||||
- TZ=${TZ}
|
||||
- KCCONF_SERVER_COREDUMP_ENABLED=no
|
||||
- KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
|
||||
- KCCONF_SERVER_MYSQL_PORT=3306
|
||||
- KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE}2
|
||||
- KCCONF_SERVER_MYSQL_USER=${MYSQL_USER}
|
||||
- KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
||||
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kopano_server_2.pem
|
||||
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
|
||||
- KCCONF_SERVER_SERVER_NAME=kopano_server_2
|
||||
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
|
||||
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
|
||||
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS}
|
||||
- KCCONF_LDAP_LDAP_URI=${LDAP_SERVER}
|
||||
- KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN}
|
||||
- KCCONF_LDAP_LDAP_BIND_PASSWD=${LDAP_BIND_PW}
|
||||
- KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
|
||||
- KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1}
|
||||
- KCCOMMENT_LDAP_1=${KCCOMMENT_LDAP_1}
|
||||
- ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES}
|
||||
- KCCONF_SERVER_ENABLE_SSO=yes
|
||||
- KCCONF_SERVER_KCOIDC_ISSUER_IDENTIFIER=https://${FQDN}
|
||||
- KCCONF_SERVER_KCOIDC_INSECURE_SKIP_VERIFY=${INSECURE}
|
||||
- KCCONF_SERVER_ENABLE_DISTRIBUTED_KOPANO=true
|
||||
- KCCONF_ADMIN_SSLKEY_FILE=/kopano/ssl/admin.pem
|
||||
env_file:
|
||||
- kopano_server.env
|
||||
networks:
|
||||
@ -56,9 +56,11 @@ services:
|
||||
- ldap-net
|
||||
- web-net
|
||||
volumes:
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanodata2/:/kopano/data
|
||||
- kopanossl/:/kopano/ssl
|
||||
- kopanosocket2/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
|
||||
kopano_spooler_2:
|
||||
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
|
||||
@ -70,14 +72,14 @@ services:
|
||||
- kopano_server_2
|
||||
- mail
|
||||
volumes:
|
||||
- kopanossl/:/kopano/ssl
|
||||
- kopanosocket2/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
environment:
|
||||
- SERVICE_TO_START=spooler
|
||||
- TZ=${TZ}
|
||||
- KCCONF_SPOOLER_LOG_LEVEL=3
|
||||
- KCCONF_SPOOLER_SMTP_SERVER=mail
|
||||
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kopano_spooler.pem
|
||||
- SERVICE_TO_START=spooler
|
||||
- TZ=${TZ}
|
||||
env_file:
|
||||
- kopano_spooler.env
|
||||
networks:
|
||||
@ -87,7 +89,6 @@ services:
|
||||
depends_on:
|
||||
- kopano_server_2
|
||||
environment:
|
||||
- TZ=${TZ}
|
||||
- CRON_KOPANOUSERS2=10 * * * * docker exec kopano_server_2 kopano-admin --sync
|
||||
|
||||
volumes:
|
||||
|
||||
@ -9,18 +9,20 @@ services:
|
||||
- "${HTTP:-80}:80"
|
||||
- "${HTTPS:-443}:443"
|
||||
environment:
|
||||
- DEFAULTREDIRECT=/meet
|
||||
- EMAIL=${EMAIL:-off}
|
||||
- FQDN=${FQDNCLEANED?err}
|
||||
- DEFAULTREDIRECT=/meet
|
||||
command: wrapper.sh
|
||||
cap_drop:
|
||||
- ALL
|
||||
cap_add:
|
||||
- NET_BIND_SERVICE
|
||||
- CHOWN
|
||||
- NET_BIND_SERVICE
|
||||
- SETGID
|
||||
- SETUID
|
||||
volumes:
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- web:/.kweb
|
||||
networks:
|
||||
web-net:
|
||||
@ -32,12 +34,12 @@ services:
|
||||
restart: unless-stopped
|
||||
container_name: ${COMPOSE_PROJECT_NAME}_ldap
|
||||
environment:
|
||||
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
|
||||
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
||||
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
||||
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
|
||||
- LDAP_READONLY_USER=true
|
||||
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
||||
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
||||
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
|
||||
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
|
||||
- LDAP_READONLY_USER=true
|
||||
command: "--loglevel info --copy-service"
|
||||
volumes:
|
||||
- ldap:/var/lib/ldap
|
||||
@ -58,16 +60,18 @@ services:
|
||||
restart: unless-stopped
|
||||
container_name: ${COMPOSE_PROJECT_NAME}_grapi
|
||||
volumes:
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanosocket/:/run/kopano
|
||||
environment:
|
||||
- SERVICE_TO_START=grapi
|
||||
- TZ=${TZ}
|
||||
- ADDITIONAL_KOPANO_PACKAGES=python3-grapi.backend.ldap
|
||||
- GRAPI_BACKEND=ldap
|
||||
- LDAP_URI=${LDAP_SERVER}
|
||||
- LDAP_BASEDN=${LDAP_SEARCH_BASE}
|
||||
- LDAP_BINDDN=${LDAP_BIND_DN}
|
||||
- LDAP_BINDPW=${LDAP_BIND_PW}
|
||||
- LDAP_BASEDN=${LDAP_SEARCH_BASE}
|
||||
- LDAP_URI=${LDAP_SERVER}
|
||||
- SERVICE_TO_START=grapi
|
||||
- TZ=${TZ}
|
||||
networks:
|
||||
- kopano-net
|
||||
- ldap-net
|
||||
@ -79,15 +83,17 @@ services:
|
||||
depends_on:
|
||||
- kopano_grapi
|
||||
volumes:
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanodata/:/kopano/data
|
||||
- kopanossl/:/kopano/ssl
|
||||
- kopanosocket/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
environment:
|
||||
- SERVICE_TO_START=kapi
|
||||
- TZ=${TZ}
|
||||
- KCCONF_KAPID_INSECURE=${INSECURE}
|
||||
- KCCONF_KAPID_LOG_LEVEL=DEBUG
|
||||
- KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN}
|
||||
- KCCONF_KAPID_INSECURE=${INSECURE}
|
||||
- SERVICE_TO_START=kapi
|
||||
- TZ=${TZ}
|
||||
networks:
|
||||
- kopano-net
|
||||
- web-net
|
||||
@ -99,29 +105,31 @@ services:
|
||||
- kopano_ssl
|
||||
- web
|
||||
volumes:
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanossl/:/kopano/ssl
|
||||
environment:
|
||||
- FQDN=${FQDN}
|
||||
- ecparam=/kopano/ssl/ecparam.pem
|
||||
- eckey=/kopano/ssl/meet-kwmserver.pem
|
||||
- signing_private_key=/kopano/ssl/konnectd-tokens-signing-key.pem
|
||||
- encryption_secret_key=/kopano/ssl/konnectd-encryption.key
|
||||
- identifier_registration_conf=/kopano/ssl/konnectd-identifier-registration.yaml
|
||||
- identifier_scopes_conf=/etc/kopano/konnectd-identifier-scopes.yaml
|
||||
- allow_client_guests=yes
|
||||
- allow_dynamic_client_registration=yes
|
||||
- eckey=/kopano/ssl/meet-kwmserver.pem
|
||||
- ecparam=/kopano/ssl/ecparam.pem
|
||||
- encryption_secret_key=/kopano/ssl/konnectd-encryption.key
|
||||
- FQDN=${FQDN}
|
||||
- identifier_registration_conf=/kopano/ssl/konnectd-identifier-registration.yaml
|
||||
- identifier_scopes_conf=/etc/kopano/konnectd-identifier-scopes.yaml
|
||||
- KONNECT_BACKEND=ldap
|
||||
- LDAP_URI=${LDAP_SERVER}
|
||||
- LDAP_BASEDN=${LDAP_SEARCH_BASE}
|
||||
- LDAP_BINDDN=${LDAP_BIND_DN}
|
||||
- LDAP_BINDPW=${LDAP_BIND_PW}
|
||||
- LDAP_BASEDN=${LDAP_SEARCH_BASE}
|
||||
- LDAP_SCOPE=sub
|
||||
- LDAP_LOGIN_ATTRIBUTE=uid
|
||||
- LDAP_EMAIL_ATTRIBUTE=mail
|
||||
- LDAP_NAME_ATTRIBUTE=cn
|
||||
- LDAP_UUID_ATTRIBUTE=uidNumber
|
||||
- LDAP_UUID_ATTRIBUTE_TYPE=text
|
||||
- LDAP_FILTER=(objectClass=organizationalPerson)
|
||||
- LDAP_LOGIN_ATTRIBUTE=uid
|
||||
- LDAP_NAME_ATTRIBUTE=cn
|
||||
- LDAP_SCOPE=sub
|
||||
- LDAP_URI=${LDAP_SERVER}
|
||||
- LDAP_UUID_ATTRIBUTE_TYPE=text
|
||||
- LDAP_UUID_ATTRIBUTE=uidNumber
|
||||
- signing_private_key=/kopano/ssl/konnectd-tokens-signing-key.pem
|
||||
networks:
|
||||
- kopano-net
|
||||
- ldap-net
|
||||
@ -135,13 +143,15 @@ services:
|
||||
- kopano_kapi
|
||||
- kopano_konnect
|
||||
environment:
|
||||
- enable_guest_api=yes
|
||||
- INSECURE=${INSECURE}
|
||||
- oidc_issuer_identifier=https://${FQDN}
|
||||
- enable_guest_api=yes
|
||||
- public_guest_access_regexp=^group/public/.*
|
||||
- turn_service_credentials_user=${TURN_USER}
|
||||
- turn_service_credentials_password=${TURN_PASSWORD}
|
||||
- turn_service_credentials_user=${TURN_USER}
|
||||
volumes:
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
- kopanossl/:/kopano/ssl
|
||||
networks:
|
||||
- web-net
|
||||
@ -150,30 +160,33 @@ services:
|
||||
image: ${docker_repo:-kopano}/kopano_meet:${MEET_VERSION:-latest}
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- SERVICE_TO_START=meet
|
||||
- KCCONF_MEET_disableFullGAB=false
|
||||
- KCCONF_MEET_GRID_WEBAPP=no
|
||||
- KCCONF_MEET_guests_enabled=true
|
||||
- KCCONF_MEET_useIdentifiedUser=true
|
||||
- KCCONF_MEET_GRID_WEBAPP=no
|
||||
- SERVICE_TO_START=meet
|
||||
depends_on:
|
||||
- kopano_kapi
|
||||
- kopano_konnect
|
||||
- kopano_kwmserver
|
||||
- web
|
||||
volumes:
|
||||
- /etc/machine-id:/etc/machine-id
|
||||
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
||||
networks:
|
||||
- web-net
|
||||
|
||||
volumes:
|
||||
web:
|
||||
kopanodata:
|
||||
kopanosocket:
|
||||
kopanossl:
|
||||
ldap:
|
||||
slapd:
|
||||
kopanodata:
|
||||
kopanossl:
|
||||
kopanosocket:
|
||||
web:
|
||||
|
||||
networks:
|
||||
web-net:
|
||||
kopano-net:
|
||||
driver: bridge
|
||||
ldap-net:
|
||||
driver: bridge
|
||||
web-net:
|
||||
|
||||
@ -5,7 +5,7 @@ set -ex
|
||||
# waits for key events in various containers
|
||||
# e.g. kopano_server:236 signals succesful start of kopano-server process
|
||||
dockerize \
|
||||
-wait file://var/run/kopano/grapi/notify.sock \
|
||||
-wait file:///var/run/kopano/grapi/notify.sock \
|
||||
-wait http://kopano_konnect:8777/.well-known/openid-configuration \
|
||||
-wait tcp://kopano_kwmserver:8778 \
|
||||
-wait tcp://kopano_meet:9080 \
|
||||
|
||||
@ -11,9 +11,13 @@ services:
|
||||
- ldap-net
|
||||
- web-net
|
||||
volumes:
|
||||
- kopanodata/:/kopano/data
|
||||
- kopanossl/:/kopano/ssl
|
||||
- kopanosocket/:/run/kopano
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- kopanodata/:/kopano/data
|
||||
- kopanosocket/:/run/kopano
|
||||
- kopanossl/:/kopano/ssl
|
||||
environment:
|
||||
- KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
|
||||
ldap:
|
||||
tmpfs:
|
||||
- /var/lib/ldap
|
||||
- /etc/ldap/slapd.d
|
||||
|
||||
@ -34,6 +34,11 @@ sed -e "s#define('DAV_ROOT_URI', '/');#define('DAV_ROOT_URI', '/kdav/');#" -i /u
|
||||
echo "Ensure config ownership"
|
||||
chown -R www-data:www-data /run/sessions
|
||||
|
||||
# services need to be aware of the machine-id
|
||||
dockerize \
|
||||
-wait file:///etc/machine-id \
|
||||
-wait file:///var/lib/dbus/machine-id
|
||||
|
||||
touch /var/log/kdav/kdav.log
|
||||
touch /var/log/kdav/kdav-error.log
|
||||
chown www-data:www-data /var/log/kdav/kdav.log /var/log/kdav/kdav-error.log
|
||||
|
||||
@ -88,9 +88,12 @@ if [ -n "${LDAP_BINDPW_FILE:-}" ]; then
|
||||
export LDAP_BINDPW="${bindpw}"
|
||||
fi
|
||||
|
||||
# services need to be aware of the machine-id
|
||||
dockerize \
|
||||
-wait file://"${signing_private_key:?}" \
|
||||
-wait file://"${encryption_secret_key:?}" \
|
||||
-wait file:///etc/machine-id \
|
||||
-wait file:///var/lib/dbus/machine-id \
|
||||
-timeout 360s
|
||||
exec konnectd serve \
|
||||
--signing-private-key="${signing_private_key:?}" \
|
||||
|
||||
@ -76,6 +76,11 @@ else
|
||||
-timeout 360s
|
||||
fi
|
||||
|
||||
# services need to be aware of the machine-id
|
||||
dockerize \
|
||||
-wait file:///etc/machine-id \
|
||||
-wait file:///var/lib/dbus/machine-id
|
||||
|
||||
exec /usr/local/bin/docker-entrypoint.sh serve \
|
||||
--registration-conf /kopano/ssl/konnectd-identifier-registration.yaml \
|
||||
"$@"
|
||||
|
||||
@ -43,12 +43,17 @@ if [ "${GRID_WEBAPP:-yes}" = "yes" ]; then
|
||||
jq '.apps += {"enabled": ["kopano-webapp", "kopano-konnect"]}' $CONFIG_JSON | sponge $CONFIG_JSON
|
||||
fi
|
||||
|
||||
#cat $CONFIG_JSON
|
||||
|
||||
sed -i s/\ *=\ */=/g /etc/kopano/kwebd.cfg
|
||||
# always disable tls
|
||||
export tls=no
|
||||
# shellcheck disable=SC2046
|
||||
export $(grep -v '^#' /etc/kopano/kwebd.cfg | xargs -d '\n')
|
||||
|
||||
# services need to be aware of the machine-id
|
||||
dockerize \
|
||||
-wait file:///etc/machine-id \
|
||||
-wait file:///var/lib/dbus/machine-id
|
||||
|
||||
# cleaning up env variables
|
||||
unset "${!KCCONF_@}"
|
||||
exec kopano-kwebd serve
|
||||
|
||||
@ -22,6 +22,11 @@ ENV KWEBD_DNS_KDAV="kopano_kdav"
|
||||
ENV KWEBD_DNS_GRAPI="kopano_grapi"
|
||||
ENV KWEBD_DNS_ICAL="kopano_ical"
|
||||
|
||||
ENV DOCKERIZE_VERSION v0.6.1
|
||||
RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
|
||||
&& tar -C /usr/local/bin -xzvf dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
|
||||
&& rm dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz
|
||||
|
||||
COPY wrapper.sh /usr/local/bin
|
||||
COPY kweb.cfg /etc/kweb.cfg
|
||||
|
||||
|
||||
@ -2,4 +2,9 @@
|
||||
|
||||
set -e
|
||||
|
||||
# services need to be aware of the machine-id
|
||||
dockerize \
|
||||
-wait file:///etc/machine-id \
|
||||
-wait file:///var/lib/dbus/machine-id
|
||||
|
||||
exec kwebd caddy -conf /etc/kweb.cfg -agree
|
||||
|
||||
@ -53,6 +53,11 @@ done
|
||||
echo "Ensure config ownership"
|
||||
chown -R www-data:www-data /run/sessions /tmp/webapp
|
||||
|
||||
# services need to be aware of the machine-id
|
||||
dockerize \
|
||||
-wait file:///etc/machine-id \
|
||||
-wait file:///var/lib/dbus/machine-id
|
||||
|
||||
set +u
|
||||
# cleaning up env variables
|
||||
unset "${!KCCONF_@}"
|
||||
|
||||
@ -113,6 +113,11 @@ echo -e ' );' >> /etc/z-push/z-push.conf.php
|
||||
echo "Ensure config ownership"
|
||||
chown -R www-data:www-data /run/sessions
|
||||
|
||||
# services need to be aware of the machine-id
|
||||
dockerize \
|
||||
-wait file:///etc/machine-id \
|
||||
-wait file:///var/lib/dbus/machine-id
|
||||
|
||||
echo "Activate z-push log rerouting"
|
||||
touch /var/log/z-push/{z-push.log,z-push-error.log,autodiscover.log,autodiscover-error.log}
|
||||
chown -R www-data:www-data /var/log/z-push
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user