flywithu/kopano-docker
1
0
Fork 0
mirror of https://github.com/zokradonh/kopano-docker synced 2025-06-07 16:06:14 +00:00
Code Issues Releases Wiki Activity

Merge pull request #14 from fbartels/compose

Browse Source 
Rework readme & docker-compose
This commit is contained in:
Felix Bartels 2018-11-10 09:36:35 +01:00 committed by GitHub
commit edd6ad1057
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
26 changed files with 27631 additions and 789 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -2,4 +2,6 @@
**/.vscode
*.yml
docker-compose.yml
certs/*
data/*
Makefile-env
.env

3
.gitmodules vendored Normal file
View File

@ -0,0 +1,3 @@
[submodule "caddy"]
path = caddy
url = https://github.com/fbartels/caddy-gen.git

0
Caddyfile
View File

41
Makefile
View File

@ -4,18 +4,35 @@ docker_pwd := `cat ~/.docker-account-pwd`
base_version = $(shell docker run --rm $(docker_repo)/kopano_base cat /kopano/buildversion)
base_download_version = $(shell ./version.sh core)
core_version = $(shell docker run --rm $(docker_repo)/kopano_core cat /kopano/buildversion | grep -o -P '(?<=-).*(?=_)')
core_version = $(shell docker run --rm $(docker_repo)/kopano_core cat /kopano/buildversion | grep -o -P '(?<=-).*(?=\+)')
core_download_version = $(shell ./version.sh core)
webapp_version = $(shell docker run --rm $(docker_repo)/kopano_webapp cat /kopano/buildversion | tail -n 1 | grep -o -P '(?<=-).*(?=\+)')
webapp_download_version = $(shell ./version.sh webapp)
KOPANO_CORE_REPOSITORY_URL := file:/kopano/repo/core
KOPANO_WEBAPP_REPOSITORY_URL := file:/kopano/repo/webapp
RELEASE_KEY_DOWNLOAD := 0
DOWNLOAD_COMMUNITY_PACKAGES := 1
-include .env
export
# convert lowercase componentname to uppercase
COMPONENT = $(shell echo $(component) | tr a-z A-Z)
build-all: build-base build-core build-webapp
build-all: build-ssl build-base build-core build-webapp
build: component ?= base
build:
docker build --build-arg KOPANO_$(COMPONENT)_VERSION=${$(component)_download_version} -t $(docker_repo)/kopano_$(component) $(component)/
docker build \
--build-arg docker_repo=${docker_repo} \
--build-arg KOPANO_CORE_VERSION=${core_download_version} \
--build-arg KOPANO_$(COMPONENT)_VERSION=${$(component)_download_version} \
--build-arg KOPANO_CORE_REPOSITORY_URL=$(KOPANO_CORE_REPOSITORY_URL) \
--build-arg KOPANO_WEBAPP_REPOSITORY_URL=$(KOPANO_WEBAPP_REPOSITORY_URL) \
--build-arg RELEASE_KEY_DOWNLOAD=$(RELEASE_KEY_DOWNLOAD) \
--build-arg DOWNLOAD_COMMUNITY_PACKAGES=$(DOWNLOAD_COMMUNITY_PACKAGES) \
-t $(docker_repo)/kopano_$(component) $(component)/
build-base:
component=base make build
@ -26,12 +43,16 @@ build-core:
build-webapp:
component=webapp make build
build-ssl:
docker build -t $(docker_repo)/kopano_ssl ssl/
tag: component ?= base
tag:
@echo 'create tag $($(component)_version)'
docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):${$(component)_version}
@echo 'create tag latest'
docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):latest
git commit -m 'ci: committing changes for $(component)' -- $(component) || true
git tag $(component)/${$(component)_version} || true
tag-base:
@ -43,14 +64,11 @@ tag-core:
tag-webapp:
component=webapp make tag
git-commit:
git add -A && git commit -m "ci: commit changes before tagging"
# Docker publish
repo-login:
docker login -u $(docker_login) -p $(docker_pwd)
publish: git-commit repo-login publish-base publish-core publish-webapp
publish: repo-login publish-ssl publish-base publish-core publish-webapp
git push
git push origin --tags
@ -68,3 +86,12 @@ publish-core: build-core tag-core
publish-webapp: build-webapp tag-webapp
component=webapp make publish-container
publish-ssl: build-ssl
docker push $(docker_repo)/kopano_ssl:latest
test:
sudo rm -rf data/
make build-all
docker-compose build
docker-compose up

353
README.md
View File

@ -1,321 +1,72 @@
# Kopano Docker Image
Unofficial kopano docker images for all kopano services.
Use kopano_core image for server/spooler/dagent/search/monitor/ical/gateway services.
Use kopano_webapp for web service.
# (unofficial) Kopano Docker Images
Building
=======
You may use `build.sh` script but you can also invoke `docker build` directly to build community or supported kopano components.
Currently there are the following components implemented by this project:
- core (server/spooler/dagent/search/monitor/ical/gateway services)
- webapp (apache server for kopano webapp and z-push)
This repository contains an easy to replicate recipe to spin up a [Kopano](https://kopano.com/) demo enviroment, which can (through modification of `.env` and possibly `docker-compose.yml`) also be used for production environments.
### Building community Kopano
Example:
## How to get started?
`docker build https://github.com/zokradonh/kopano-docker.git#:core`
- make sure that you are running a recent enought version of Docker and [Docker Compose](https://docs.docker.com/compose/install/)
- clone this repository to your local disk
- run `git submodule update --init --recursive` from within the checkout to also clone submodules
- run `setup.sh`
- this script will ask you a few questions about your environment.
- If you are just interested in the demo environment you can accept the default values by pressing `Enter` on each question
- afterwards it builds a local image for the demo LDAP and the reverse proxy
- now run `docker-compose up` and you will see how the remaining Docker images are pulled and then everything is started
- after startup has succeeded you can access the Kopano WebApp by going to `https://webapp.kopano.demo` (if you have given a differing LDAP Domain name then it will be `https://webapp.your.domain`).
- you can also access phpLDAPadmin by going to `https://ldap.kopano.demo`
Or use the build.sh script:
**Note:** For the reverse proxy to work you need to make sure that the given domain resolves to the reverse proxy.
`build.sh -c core`
The `docker-compose.yml` file by default pulls Docker containers from https://hub.docker.com/r/zokradonh/kopano_core/ and https://hub.docker.com/r/zokradonh/kopano_webapp/. These images are based on the [Kopano nightly builds](https://download.kopano.io/community/) and will contain the latest version available from the time the image was built.
### Building supported Kopano
If you have an active Kopano subscription you need specify the following build time arguments:
- KOPANO_CORE_REPOSITORY_URL to `https://serial:<YOURSERIAL>@download.kopano.io/supported/core:/final/Debian_9.0`
- RELEASE_KEY_DOWNLOAD to 1
- DOWNLOAD_COMMUNITY_PACKAGES to 0
### Need to adjust any values after the initial run of `setup.sh`?
Example:
If you want to modify some of the values from the `setup.sh` run you can simply edit `.env` in your favourite editor. Repeated runs of `setup.sh` will neither modify `docker-compose.yml` nor `.env`. In that file you will also find some given defaults like ldap query filters and the local ports for the Caddy reverse proxy.
`docker build --build-arg KOPANO_CORE_REPOSITORY_URL=https://serial:ABC123456789@download.kopano.io/supported/core:/final/Debian_9.0 --build-arg RELEASE_KEY_DOWNLOAD=1 --build-arg DOWNLOAD_COMMUNITY_PACKAGES=0 https://github.com/zokradonh/kopano-docker.git#:core`
### How to use a newer version than the one available from the Docker Hub?
Or use the build.sh script:
In this repository you can also find a Makefile that automates the process of building newer images.
`build.sh -c core -s ABC123456789 -b final`
You can easily rebuild all images based on the currently available Kopano version by running `make build-all`. To just rebuild a certain image you can also run `make build-core` or `make build-webapp`. Please check the `Makefile` to see other possible targets. (depending on your environment you may also be able to autocomplete with the `Tab` key)
Replace `ABC123456789` with your serial.
To be able to easily go back to a previous version you can also "tag" you Docker images by running e.g. `make tag-core`.
### How to use the project with the official and supported Kopano releases?
This project also makes it possible to build Docker images based on the official Kopano releases. For this the following section needs to be modified in `.env`:
```
# Docker Repository to push to
#docker_repo=zokradonh
# modify below to build a different version, than the kopano nightly release
#KOPANO_CORE_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/core:/final/Debian_9.0/
#KOPANO_WEBAPP_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/webapp:/final/Debian_9.0/
#RELEASE_KEY_DOWNLOAD=1
#DOWNLOAD_COMMUNITY_PACKAGES=0
```
Just uncomment the last four lines and insert your Kopano subscription key where it currently says `REPLACE-ME`. Once this is done a `make build-all` will rebuild the images based on the latest available Kopano release (don't forget to `make tag-core` and `make tag-webapp` your images after building them).
If you are running a private Docker Registry then you may also change `docker_repo` to reference your internal registry.
---
***WARNING***
The built image now includes your serial. Do not push this image to any public registry like `hub.docker.com`.
The built image includes your subscription key! Do not push this image to any public registry like e.g. https://hub.docker.com!
---
### Some more commands for those unfamilar with docker-compose
Example
=======
- Start ``docker-compose-yml`` file in the background: `docker-compose up -d`
- Get a status overview of the running containers`: `docker-compose ps`
- Stop compose running in the background: `docker-compose stop`
- Destroy local containers and network interfaces: `docker-compose down`
- Run commands in a running container: `docker-compose exec kserver kopano-cli --list-users`
- Get logs of a container running in the background: `docker-compose logs -f kserver`
docker-compose.yml
```YAML
version: '3'
services:
## Third party docker images
kserver:
image: zokradonh/kopano_core:${CORE_VERSION}
hostname: kserver
container_name: kopano_server
links:
- db
depends_on:
- "kssl"
environment:
- SERVICE_TO_START=server
- TZ=Europe/Berlin
- KCCONF_SERVER_COREDUMP_ENABLED=no
- KCCONF_SERVER_LOG_LEVEL=4
- KCCONF_SERVER_MYSQL_HOST=db
- KCCONF_SERVER_MYSQL_PORT=3306
- KCCONF_SERVER_MYSQL_DATABASE=kopano
- KCCONF_SERVER_MYSQL_USER=root
- KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld #change here
- KCCONF_SERVER_DISABLED_FEATURES=pop3
- KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/
- KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport #change here
- KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER #change here
- KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld #change here
- KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
- KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
networks:
- kopanonet
volumes:
- data:/kopano/data
- sslcerts:/kopano/ssl
The example `docker-compose.yml` uses the following components for the MTA (mail delivery, including anti-spam & anti-virus) and openLDAP. Please consult their documentation for further configuration advice.
kdagent:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_dagent
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=dagent
- TZ=Europe/Berlin
- KCCONF_DAGENT_LOG_LEVEL=6
- KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
networks:
- kopanonet
kgateway:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_gateway
links:
- kserver
volumes:
- ./gatewaycerts/:/kopano/certs/
environment:
- SERVICE_TO_START=gateway
- TZ=Europe/Berlin
- KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
- KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here
- KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here
networks:
- kopanonet
kical:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_ical
links:
- kserver
environment:
- SERVICE_TO_START=ical
- TZ=Europe/Berlin
- KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
networks:
- kopanonet
kmonitor:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_monitor
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=monitor
- TZ=Europe/Berlin
- KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/
- KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem
networks:
- kopanonet
ksearch:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_search
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=search
- TZ=Europe/Berlin
- KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380
- KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/
- KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem
networks:
- kopanonet
kspooler:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_spooler
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=spooler
- TZ=Europe/Berlin
- KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/
- KCCONF_SPOOLER_LOG_LEVEL=4
- KCCONF_SPOOLER_SMTP_SERVER=kmta
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
networks:
- kopanonet
kwebapp:
image: zokradonh/kopano_webapp:${WEBAPP_VERSION}
hostname: kwebapp
container_name: kopano_webapp
links:
- kserver
#ports:
# - "8236:80"
# - "8237:443"
volumes:
- syncstates:/var/lib/z-push/
- sslcerts:/kopano/ssl
environment:
- TZ=Europe/Berlin
- KCCONF_SERVERHOSTNAME=kserver
- KCCONF_SERVERPORT=237
networks:
- web
- kopanonet
kssl:
image: zokradonh/kopano_ssl
container_name: kopano_ssl
volumes:
- sslcerts:/kopano/ssl
kmta:
image: tvial/docker-mailserver:latest
hostname: myhost #change here
domainname: domain.tld #change here
#dns: 127.0.0.1
container_name: kopano_mta
#links:
# - adtunnel
ports:
- "25:25"
# - "143:143"
# - "587:587"
# - "993:993"
volumes:
- tmpmaildata:/var/mail
- tmpmailstate:/var/mail-state
- ./mtaconfig/:/tmp/docker-mailserver/ # create this dir
environment:
- TZ=Europe/Berlin
- ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- TLS_LEVEL=intermediate
- POSTGREY_DELAY=10
- ONE_DIR=1
- DMS_DEBUG=0
- ENABLE_LDAP=1
- LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here
- LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
- LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here
- LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s)))
- LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
- LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
- LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group)))
- ENABLE_SASLAUTHD=1
- SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here
- SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER #change here
- SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
- SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
- SASLAUTHD_MECHANISMS=ldap
- POSTMASTER_ADDRESS=postmaster@domain.tld #change here
- SMTP_ONLY=1
- PERMIT_DOCKER=network
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
- POSTFIX_DAGENT=lmtp:kdagent:2003
- REPORT_RECIPIENT=1
networks:
- kopanonet
cap_add:
- NET_ADMIN
- SYS_PTRACE
db:
image: mariadb
restart: always
container_name: kopano_db
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here
- MYSQL_PASSWORD=YOUR_PASSWORD #change here
- MYSQL_DATABASE=kopano
- MYSQL_USER=kopano
networks:
- kopanonet
volumes:
db:
data:
syncstates:
sslcerts:
tmpmaildata:
tmpmailstate:
networks:
web: # this requires an external docker container that is a http reverse proxy (e.g. haproxy)
external:
name: haproxy_webrproxynet
kopanonet:
driver: bridge
```
Requires haproxy network for http reverse proxy.
Change all lines which are commented especially those with #change here
This is just a quick example docker-compose.yml made in some minutes to provide a better start.
Requires `.env` file next to docker-compose.yml with content like this
```INI
CORE_VERSION=8.6.80.1055-0plus156.1
WEBAPP_VERSION=3.4.17.1565plus895.1
```
Requires `ldap-groups.cf` in ./mtaconfig directory next to docker-compose.yml
```INI
bind = yes
bind_dn = cn=admin,dc=domain,dc=com
bind_pw = admin
query_filter = (&(mailGroupMember=%s)(mailEnabled=TRUE))
result_attribute = mail
search_base = ou=people,dc=domain,dc=com
server_host = mail.domain.com
start_tls = no
version = 3
leaf_result_attribute = mail
special_result_attribute = member
```
Now group members of Active Directory groups can be found by postfix.
Furthermore you can use this directory for opendkim - see kmta's image for details.
- https://github.com/tomav/docker-mailserver/
- https://github.com/osixia/docker-openldap
- https://github.com/osixia/docker-phpLDAPadmin

6
TODO Normal file
View File

@ -0,0 +1,6 @@
- How to execute `kopano-cli --list-users` and `kopano-storeadm -h default: -P` after kopano-server has been started?
- `--list-users` should be run in regular intervals
- `kopano-storeadm` just needs to be run after startup, multiple executions do not harm
- ssl config for ical and gateway
- ldap indices
- Won't fix: Kopano 8.6.x dagent won't start because of an incompatible configuration. A fix for this should be only present in a dedicated branch

3
base/Dockerfile
View File

@ -31,6 +31,9 @@ RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
dpkg-reconfigure --frontend=noninteractive locales && \
update-locale LANG=en_US.UTF-8
ENV DOCKERIZE_VERSION v0.6.1
RUN curl -L https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz | tar xzvf - -C /usr/local/bin
ARG ADDITIONAL_KOPANO_PACKAGES=""
ARG DOWNLOAD_COMMUNITY_PACKAGES=1
ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core"

137
build.sh
View File

@ -1,137 +0,0 @@
#!/bin/bash
set -eu
branch="master"
buildcontext_base="https://github.com/zokradonh/kopano-docker.git#:"
customBuildArgs=()
serial=""
component=""
nocache=""
. ./base/create-kopano-repo.sh
function _usage()
{
echo "Usage: build.sh -c core|webapp [-s serial] [-b master|final|pre-final] [-p buildcontext] [[-a buildarg] ...] [-i]"
echo "Example: build.sh -c core -s ABC123456789DEF -b final"
echo "-c The Kopano component to be built."
echo "-s Provide serial if you want to build from supported repository."
echo "-i Do not use cache on docker build."
echo "-b If no branch is specified, 'master' will be built by default."
echo "-p If no buildcontext is specified, it will be built from git repository. Normally, you do not need to specify this."
echo "-a You can specify custom build args via e.g. -a ADDITIONAL_KOPANO_PACKAGES=kopano-migration-imap"
}
while getopts ":s:c:b:p:a:i" opt; do
case $opt in
s)
serial=$OPTARG
;;
c)
component=${OPTARG,,}
;;
b)
branch=${OPTARG,,}
;;
p)
buildcontext_base=$OPTARG
;;
a)
customBuildArgs[${#customBuildArgs[*]}]=$OPTARG
;;
i)
nocache="--no-cache"
;;
\?)
_usage
exit 1
;;
:)
echo "Option -$OPTARG requires an argument."
exit 1
;;
esac
done
case "$component" in
core)
mainpackage="kopano-server"
;;
webapp)
mainpackage="kopano-webapp"
;;
*)
_usage
exit 1
esac
customBuildString=""
# prepare custom build args
if [[ ${customBuildArgs[@]:+${customBuildArgs[@]}} ]];
then
for buildArg in "${customBuildArgs[@]}"
do
customBuildString="$customBuildString --build-arg $buildArg"
done
fi
if [ ! -z "$serial" ]
then
# start build of supported kopano
# get current version to brand and tag the image correctly
currentVersion=$(curl -s -S -L "https://serial:$serial@download.kopano.io/supported/$component:/$branch/Debian_9.0/Packages.gz" |\
gzip -d | grep -A 8 "^Package: $mainpackage$" | awk '/Version/ { print $2 }')
# webapp also needs core repository
if [ "$component" == "webapp" ]
then
customBuildString="$customBuildString --build-arg KOPANO_CORE_REPOSITORY_URL=https://serial:$serial@download.kopano.io/supported/core:/$branch/Debian_9.0"
fi
echo "Start building supported kopano $component image version ($currentVersion)..."
set -x
# build it
if docker build --pull \
--build-arg "KOPANO_${component^^}_REPOSITORY_URL=https://serial:$serial@download.kopano.io/supported/$component:/$branch/Debian_9.0" \
--build-arg RELEASE_KEY_DOWNLOAD=1 \
--build-arg "DOWNLOAD_COMMUNITY_PACKAGES=0" \
--build-arg "KOPANO_${component^^}_VERSION=$currentVersion" \
-t "zokradonh/kopano_$component:${currentVersion//+/plus}" \
-t "zokradonh/kopano_$component:latest-$branch" \
$nocache \
$customBuildString \
"${buildcontext_base}${component}"
then
set +x
echo "Please note that this image does include your serial. If you publish this image then your serial is exposed to public."
fi
else
# start build of community kopano
if ! hash jq
then
echo "Please install jq in order to run this build script."
exit 1
fi
# query community server by h5ai API
filename=$(h5ai_query "$component")
currentVersion=$(version_from_filename "$filename")
echo "Start building community kopano $component image version ($currentVersion)..."
set -x
# build it
docker build --pull \
-t "zokradonh/kopano_$component:${currentVersion//+/plus}" \
-t "zokradonh/kopano_$component:latest-$branch" \
-t "zokradonh/kopano_$component:latest" \
--build-arg "KOPANO_${component^^}_VERSION=$currentVersion" \
$nocache \
$customBuildString \
"${buildcontext_base}${component}"
set +x
fi

1
caddy Submodule

@ -0,0 +1 @@
Subproject commit 90af1a372ff79ced472c646f12fc252b024ab7be

12
core/Dockerfile
View File

@ -1,4 +1,5 @@
FROM zokradonh/kopano_base
ARG docker_repo=zokradonh
FROM ${docker_repo}/kopano_base
ARG ADDITIONAL_KOPANO_PACKAGES=""
ARG DOWNLOAD_COMMUNITY_PACKAGES=1
@ -15,10 +16,8 @@ RUN \
dl_and_package_community "core"; \
fi; \
echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
# save kopano version if supported kopano
if [ ! -f /kopano/buildversion ]; then \
echo "core-${KOPANO_CORE_VERSION}" > /kopano/buildversion; \
fi; \
# save kopano version
echo "core-${KOPANO_CORE_VERSION}" > /kopano/buildversion; \
# install apt key if supported kopano
if [ ${RELEASE_KEY_DOWNLOAD} -eq 1 ]; then \
curl -s -S -o - "${KOPANO_CORE_REPOSITORY_URL}/Release.key" | apt-key add -; \
@ -47,3 +46,6 @@ COPY kcconf.py defaultconfigs/ start-service.sh /kopano/
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
CMD [ "/kopano/start-service.sh" ]
HEALTHCHECK --interval=30s --timeout=60s \
CMD /kopano/healthcheck.sh

2
core/defaultconfigs/server.py
View File

@ -9,7 +9,7 @@ kcconf.configkopano({
'log_level': "3",
'attachment_path': "/kopano/data/attachments/",
'user_plugin': "ldap",
'server_listen': "",
'server_listen': "*:236",
'server_listen_tls': "*:237"
}
})

5
core/healthcheck.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/bash
set -ex
exit 0

154
core/kcconf.py
View File

@ -1,77 +1,77 @@
"""This module provides functions for easy editing of kopano config files
via environment variables"""
import re
import os
import os.path
def configkopano(configs):
""" Changes configuration files according to configs typically returned from parseenvironmentvariables(..)"""
for filename, config in configs.items():
if not os.path.exists(filename):
return
# read configuration file
with open(filename) as f:
contents = f.read()
f.close()
for key, newvalue in config.items():
if key == "kccomment":
# comment lines
for line in newvalue:
contents = re.sub(r"^\s*" + re.escape(line), r"#{}".format(line), contents, 0, re.MULTILINE)
elif key == "kcuncomment":
# uncomment lines
for line in newvalue:
contents = re.sub(r"^\s*#\s*" + re.escape(line) , line, contents, 0, re.MULTILINE)
else:
# find config line
if re.search(r"^\s*#?\s*{}\s*=.*".format(key), contents, re.MULTILINE) == None:
# add configuration as new line
contents += "\n{} = {}".format(key, newvalue)
else:
# change existing line
contents = re.sub(r"^\s*#?\s*{}\s*=.*".format(key), r"{} = {}".format(key, newvalue), contents, 0, re.MULTILINE)
# save new configuration
with open(filename, "w") as f:
f.write(contents)
f.close()
def parseenvironmentvariables(prependingpath):
""" Parse all environment variables starting with KCCONF_, KCCOMMENT_ and KCUNCOMMENT_ and
return as multi dimensional dict """
configs = dict()
for name, value in os.environ.items():
# parse change/add configuration commands
namematch = re.match(r"^KCCONF_([A-Z]+)_([A-Z0-9_]+)$", name)
if namematch != None:
filename = namematch.group(1).lower() + ".cfg"
if prependingpath + filename not in configs:
configs[prependingpath + filename] = dict()
confkey = namematch.group(2).lower()
configs[prependingpath + filename][confkey] = value
# parse comment configuration commands
commentmatch = re.match(r"^KCCOMMENT_([A-Z]+)_([A-Z0-9_]+)$", name)
if commentmatch != None:
filename = commentmatch.group(1).lower() + ".cfg"
if prependingpath + filename not in configs:
configs[prependingpath + filename] = dict()
try:
configs[prependingpath + filename]["kccomment"].append(value)
except KeyError:
configs[prependingpath + filename]["kccomment"] = []
configs[prependingpath + filename]["kccomment"].append(value)
# parse uncomment configuration commands
uncommentmatch = re.match(r"^KCUNCOMMENT_([A-Z]+)_([A-Z0-9_]+)$", name)
if uncommentmatch != None:
filename = uncommentmatch.group(1).lower() + ".cfg"
if prependingpath + filename not in configs:
configs[prependingpath + filename] = dict()
try:
configs[prependingpath + filename]["kcuncomment"].append(value)
except KeyError:
configs[prependingpath + filename]["kcuncomment"] = []
configs[prependingpath + filename]["kcuncomment"].append(value)
return configs
"""This module provides functions for easy editing of kopano config files
via environment variables"""
import re
import os
import os.path
def configkopano(configs):
""" Changes configuration files according to configs typically returned from parseenvironmentvariables(..)"""
for filename, config in configs.items():
if not os.path.exists(filename):
return
# read configuration file
with open(filename) as f:
contents = f.read()
f.close()
for key, newvalue in config.items():
if key == "kccomment":
# comment lines
for line in newvalue:
contents = re.sub(r"^\s*" + re.escape(line), r"#{}".format(line), contents, 0, re.MULTILINE)
elif key == "kcuncomment":
# uncomment lines
for line in newvalue:
contents = re.sub(r"^\s*#\s*" + re.escape(line) , line, contents, 0, re.MULTILINE)
else:
# find config line
if re.search(r"^\s*#?\s*{}\s*=.*".format(key), contents, re.MULTILINE) == None:
# add configuration as new line
contents += "\n{} = {}".format(key, newvalue)
else:
# change existing line
contents = re.sub(r"^\s*#?\s*{}\s*=.*".format(key), r"{} = {}".format(key, newvalue), contents, 0, re.MULTILINE)
# save new configuration
with open(filename, "w") as f:
f.write(contents)
f.close()
def parseenvironmentvariables(prependingpath):
""" Parse all environment variables starting with KCCONF_, KCCOMMENT_ and KCUNCOMMENT_ and
return as multi dimensional dict """
configs = dict()
for name, value in os.environ.items():
# parse change/add configuration commands
namematch = re.match(r"^KCCONF_([A-Z]+)_([A-Z0-9_]+)$", name)
if namematch != None:
filename = namematch.group(1).lower() + ".cfg"
if prependingpath + filename not in configs:
configs[prependingpath + filename] = dict()
confkey = namematch.group(2).lower()
configs[prependingpath + filename][confkey] = value
# parse comment configuration commands
commentmatch = re.match(r"^KCCOMMENT_([A-Z]+)_([A-Z0-9_]+)$", name)
if commentmatch != None:
filename = commentmatch.group(1).lower() + ".cfg"
if prependingpath + filename not in configs:
configs[prependingpath + filename] = dict()
try:
configs[prependingpath + filename]["kccomment"].append(value)
except KeyError:
configs[prependingpath + filename]["kccomment"] = []
configs[prependingpath + filename]["kccomment"].append(value)
# parse uncomment configuration commands
uncommentmatch = re.match(r"^KCUNCOMMENT_([A-Z]+)_([A-Z0-9_]+)$", name)
if uncommentmatch != None:
filename = uncommentmatch.group(1).lower() + ".cfg"
if prependingpath + filename not in configs:
configs[prependingpath + filename] = dict()
try:
configs[prependingpath + filename]["kcuncomment"].append(value)
except KeyError:
configs[prependingpath + filename]["kcuncomment"] = []
configs[prependingpath + filename]["kcuncomment"].append(value)
return configs

84
core/start-service.sh
View File

@ -1,5 +1,7 @@
#!/bin/bash
ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
set -eu # unset variables are errors & non-zero return values exit the whole script
if [ ! -e /kopano/$SERVICE_TO_START.py ]
@ -8,6 +10,13 @@ then
exit 1
fi
[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && apt update
[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && for installpkg in "$ADDITIONAL_KOPANO_PACKAGES"; do
if [ $(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
apt --assume-yes install $installpkg;
fi
done
mkdir -p /kopano/data/attachments /tmp/$SERVICE_TO_START /var/run/kopano
echo "Configure core service '$SERVICE_TO_START'" | ts
@ -17,9 +26,6 @@ echo "Set ownership" | ts
chown -R kopano:kopano /run /tmp
chown kopano:kopano /kopano/data/ /kopano/data/attachments
echo "Clean old pid files and sockets" | ts
rm -f /var/run/kopano/*
# allow helper commands given by "docker-compose run"
if [ $# -gt 0 ]
then
@ -29,28 +35,52 @@ fi
# start regular service
case "$SERVICE_TO_START" in
server)
exec /usr/sbin/kopano-server -F
;;
dagent)
exec /usr/sbin/kopano-dagent -l
;;
gateway)
exec /usr/sbin/kopano-gateway -F
;;
ical)
exec /usr/sbin/kopano-ical -F
;;
monitor)
exec /usr/sbin/kopano-monitor -F
;;
search)
exec /usr/bin/python /usr/sbin/kopano-search -F
;;
spooler)
exec /usr/sbin/kopano-spooler -F
;;
*)
echo "Failed to start: Unknown service name: '$SERVICE_TO_START'" | ts
exit 1
server)
exec dockerize \
-wait file://$KCCONF_SERVER_SERVER_SSL_CA_FILE \
-wait file://$KCCONF_SERVER_SERVER_SSL_KEY_FILE \
-wait tcp://db:3306 \
-timeout 360s \
/usr/sbin/kopano-server -F
;;
dagent)
exec dockerize \
-wait file://var/run/kopano/server.sock \
-timeout 360s \
/usr/sbin/kopano-dagent -l
;;
gateway)
exec dockerize \
-wait tcp://kserver:236 \
-timeout 360s \
/usr/sbin/kopano-gateway -F
;;
ical)
exec dockerize \
-wait tcp://kserver:236 \
-timeout 360s \
/usr/sbin/kopano-ical -F
;;
monitor)
exec dockerize \
-wait file://var/run/kopano/server.sock \
-timeout 360s \
/usr/sbin/kopano-monitor -F
;;
search)
exec dockerize \
-wait file://var/run/kopano/server.sock \
-timeout 360s \
/usr/bin/python /usr/sbin/kopano-search -F
;;
spooler)
exec dockerize \
-wait file://var/run/kopano/server.sock \
-wait tcp://mail:25 \
-timeout 1080s \
/usr/sbin/kopano-spooler -F
;;
*)
echo "Failed to start: Unknown service name: '$SERVICE_TO_START'" | ts
exit 1
esac

452
docker-compose.yml-example
View File

@ -1,208 +1,108 @@
version: '3'
version: "3"
services:
kserver:
image: zokradonh/kopano_core:${CORE_VERSION}
hostname: kserver
container_name: kopano_server
web:
build: caddy/
#image: abiosoft/caddy:0.10.4
container_name: web
restart: always
privileged: true
links:
- db
depends_on:
- "kssl"
environment:
- SERVICE_TO_START=server
- TZ=Europe/Berlin
- KCCONF_SERVER_COREDUMP_ENABLED=no
- KCCONF_SERVER_LOG_LEVEL=4
- KCCONF_SERVER_MYSQL_HOST=db
- KCCONF_SERVER_MYSQL_PORT=3306
- KCCONF_SERVER_MYSQL_DATABASE=kopano
- KCCONF_SERVER_MYSQL_USER=root
- KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld #change here
- KCCONF_SERVER_DISABLED_FEATURES=pop3
- KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/
- KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport #change here
- KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER #change here
- KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld #change here
- KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
- KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
networks:
- kopanonet
- kwebapp
#- kzpush
ports:
- "2015:2015"
- "${HTTP}:80"
- "${HTTPS}:443"
volumes:
- data:/kopano/data
- sslcerts:/kopano/ssl
kdagent:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_dagent
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=dagent
- TZ=Europe/Berlin
- KCCONF_DAGENT_LOG_LEVEL=6
- KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
networks:
- kopanonet
kgateway:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_gateway
links:
- kserver
volumes:
- ./gatewaycerts/:/kopano/certs/
environment:
- SERVICE_TO_START=gateway
- TZ=Europe/Berlin
- KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
- KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here
- KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here
networks:
- kopanonet
kical:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_ical
links:
- kserver
environment:
- SERVICE_TO_START=ical
- TZ=Europe/Berlin
- KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
networks:
- kopanonet
kmonitor:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_monitor
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=monitor
- TZ=Europe/Berlin
- KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/
- KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem
networks:
- kopanonet
ksearch:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_search
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=search
- TZ=Europe/Berlin
- KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380
- KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/
- KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem
networks:
- kopanonet
kspooler:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_spooler
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=spooler
- TZ=Europe/Berlin
- KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/
- KCCONF_SPOOLER_LOG_LEVEL=4
- KCCONF_SPOOLER_SMTP_SERVER=kmta
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
networks:
- kopanonet
kwebapp:
image: zokradonh/kopano_webapp:${WEBAPP_VERSION}
hostname: kwebapp
container_name: kopano_webapp
links:
- kserver
#ports:
# - "8236:80"
# - "8237:443"
volumes:
- syncstates:/var/lib/z-push/
- sslcerts:/kopano/ssl
environment:
- TZ=Europe/Berlin
- KCCONF_SERVERHOSTNAME=kserver
- KCCONF_SERVERPORT=237
- /var/run/docker.sock:/var/run/docker.sock
- ./data/web:/root/.caddy
networks:
- web
ldap:
build: ldap/
#image: osixia/openldap:1.2.2
container_name: ldap
ports:
- 389:389
environment:
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
- LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_BASE_DN=${LDAP_BASE_DN}
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
- LDAP_READONLY_USER=true
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
command: "--loglevel debug --copy-service"
volumes:
- ./data/ldap/var/lib/ldap:/var/lib/ldap
- ./data/ldap/etc/ldap/slapd.d:/etc/ldap/slapd.d
networks:
- kopanonet
kssl:
image: zokradonh/kopano_ssl
container_name: kopano_ssl
volumes:
- sslcerts:/kopano/ssl
kmta:
image: tvial/docker-mailserver:latest
hostname: myhost #change here
domainname: domain.tld #change here
#dns: 127.0.0.1
container_name: kopano_mta
#links:
# - adtunnel
ldap-admin:
image: osixia/phpldapadmin:0.7.2
container_name: ldap-admin
depends_on:
- ldap
environment:
- PHPLDAPADMIN_LDAP_HOSTS=ldap
- PHPLDAPADMIN_HTTPS=false
- CADDY_HOST=${LDAP_HOST}
- CADDY_PORT=80
- CADDY_PROXY_PARAMS=transparent
- CADDY_TLS_SELFSIGNED
command: -l debug
links:
- ldap
networks:
- web
mail:
image: tvial/docker-mailserver:release-v6.1.0
restart: always
hostname: mail
domainname: ${LDAP_DOMAIN}
container_name: mail
depends_on:
- ldap
links:
- ldap
ports:
- "25:25"
# - "143:143"
# - "587:587"
# - "993:993"
volumes:
- tmpmaildata:/var/mail
- tmpmailstate:/var/mail-state
- ./mtaconfig/:/tmp/docker-mailserver/ # create this dir
- ./data/mail/data:/var/mail
- ./data/mail/state:/var/mail-state
- ./data/mtaconfig:/tmp/docker-mailserver/
environment:
- TZ=Europe/Berlin
- TZ=${TZ}
- ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- TLS_LEVEL=intermediate
- POSTGREY_DELAY=10
- ONE_DIR=1
- DMS_DEBUG=0
- SSL_TYPE=self-signed
- ENABLE_LDAP=1
- LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here
- LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
- LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here
- LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s)))
- LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
- LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
- LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group)))
- LDAP_SERVER_HOST=${LDAP_SERVER}
- LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- LDAP_BIND_DN=${LDAP_BIND_DN}
- LDAP_BIND_PW=${LDAP_BIND_PW}
- LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER}
- LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
- LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
- LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
- ENABLE_SASLAUTHD=1
- SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here
- SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER #change here
- SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
- SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
- SASLAUTHD_LDAP_SERVER=${LDAP_SERVER}
- SASLAUTHD_LDAP_BIND_DN=${LDAP_BIND_DN}
- SASLAUTHD_LDAP_PASSWORD=${LDAP_BIND_PW}
- SASLAUTHD_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
- SASLAUTHD_MECHANISMS=ldap
- POSTMASTER_ADDRESS=postmaster@domain.tld #change here
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
- SMTP_ONLY=1
- PERMIT_DOCKER=network
- PERMIT_DOCKER=host
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
- POSTFIX_DAGENT=lmtp:kdagent:2003
- REPORT_RECIPIENT=1
@ -213,30 +113,186 @@ services:
- SYS_PTRACE
db:
image: mariadb
image: mariadb:10.3.10-bionic
restart: always
container_name: kopano_db
volumes:
- db:/var/lib/mysql
- ./data/mysql/:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here
- MYSQL_PASSWORD=YOUR_PASSWORD #change here
- MYSQL_DATABASE=kopano
- MYSQL_USER=kopano
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_DATABASE=${MYSQL_DATABASE}
healthcheck:
test: ["CMD-SHELL", 'mysql --database=$$MYSQL_DATABASE --password=$$MYSQL_ROOT_PASSWORD --execute="SELECT count(table_name) > 0 FROM information_schema.tables;" --skip-column-names -B']
interval: 30s
timeout: 10s
retries: 4
networks:
- kopanonet
kssl:
image: ${docker_repo:?err}/kopano_ssl
container_name: kopano_ssl
volumes:
- ./data/ssl/:/kopano/ssl
kserver:
image: ${docker_repo}/kopano_core:${CORE_VERSION}
hostname: kserver
container_name: kopano_server
links:
- db
- ldap
depends_on:
- db
- ldap
- kssl
environment:
- SERVICE_TO_START=server
- TZ=${TZ}
- KCCONF_SERVER_COREDUMP_ENABLED=no
- KCCONF_SERVER_LOG_LEVEL=4
- KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
- KCCONF_SERVER_MYSQL_PORT=3306
- KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE}
- KCCONF_SERVER_MYSQL_USER=${MYSQL_USER}
- KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD}
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
- KCCONF_SERVER_SERVER_NAME=Kopano
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS}
- KCCONF_LDAP_LDAP_URI=${LDAP_SERVER}
- KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN}
- KCCONF_LDAP_LDAP_BIND_PASSWD=${LDAP_BIND_PW}
- KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1}
- KCCOMMENT_LDAP_1=${KCCOMMENT_LDAP_1}
#- ADDITIONAL_KOPANO_PACKAGES=kopano-migration-imap
networks:
- kopanonet
volumes:
- ./data/kopano/:/kopano/data
- ./data/ssl/:/kopano/ssl
- ./data/socket/:/run/kopano
kwebapp:
image: ${docker_repo:?err}/kopano_webapp:${WEBAPP_VERSION}
hostname: kwebapp
container_name: kopano_webapp
links:
- kserver
volumes:
- ./data/z-push-states/:/var/lib/z-push/
- ./data/ssl/:/kopano/ssl
- ./data/socket/:/run/kopano
environment:
- TZ=${TZ}
- CADDY_HOST=${WEBAPP_HOST}
- CADDY_PROXY_PARAMS=transparent
- CADDY_TLS_SELFSIGNED
networks:
- web
- kopanonet
kdagent:
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
container_name: kopano_dagent
links:
- kserver
volumes:
- ./data/ssl/:/kopano/ssl
- ./data/socket/:/run/kopano
environment:
- SERVICE_TO_START=dagent
- TZ=${TZ}
- KCCONF_DAGENT_LOG_LEVEL=6
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
networks:
- kopanonet
volumes:
db:
data:
syncstates:
sslcerts:
tmpmaildata:
tmpmailstate:
kspooler:
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
container_name: kopano_spooler
hostname: spooler
domainname: ${LDAP_DOMAIN}
links:
- kserver
volumes:
- ./data/ssl/:/kopano/ssl
- ./data/socket/:/run/kopano
environment:
- SERVICE_TO_START=spooler
- TZ=${TZ}
- KCCONF_SPOOLER_LOG_LEVEL=4
- KCCONF_SPOOLER_SMTP_SERVER=mail
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
networks:
- kopanonet
kgateway:
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
container_name: kopano_gateway
links:
- kserver
volumes:
- ./data/ssl/:/kopano/ssl
- ./data/socket/:/run/kopano
environment:
- SERVICE_TO_START=gateway
- TZ=${TZ}
- KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
- KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here
- KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here
networks:
- kopanonet
kical:
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
container_name: kopano_ical
links:
- kserver
volumes:
- ./data/ssl/:/kopano/ssl
- ./data/socket/:/run/kopano
environment:
- SERVICE_TO_START=ical
- TZ=${TZ}
- KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
networks:
- kopanonet
kmonitor:
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
container_name: kopano_monitor
links:
- kserver
volumes:
- ./data/ssl/:/kopano/ssl
- ./data/socket/:/run/kopano
environment:
- SERVICE_TO_START=monitor
- TZ=${TZ}
networks:
- kopanonet
ksearch:
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
container_name: kopano_search
links:
- kserver
volumes:
- ./data/ssl/:/kopano/ssl
- ./data/socket/:/run/kopano
environment:
- SERVICE_TO_START=search
- TZ=${TZ}
networks:
- kopanonet
networks:
web: # this requires an external docker container that is a http reverse proxy (e.g. haproxy)
external:
name: haproxy_webrproxynet
web:
kopanonet:
driver: bridge

5
ldap/Dockerfile Normal file
View File

@ -0,0 +1,5 @@
FROM osixia/openldap:1.2.2
ADD bootstrap /container/service/slapd/assets/config/bootstrap
RUN rm /container/service/slapd/assets/config/bootstrap/schema/mmc/mail.schema
RUN touch /etc/ldap/slapd.conf

26568
ldap/bootstrap/ldif/demo-users.ldif Normal file
View File

File diff suppressed because it is too large Load Diff

336
ldap/bootstrap/schema/mmc/kopano.schema Normal file
View File

@ -0,0 +1,336 @@
attributetype ( 1.3.6.1.4.1.47732.1.1.1.1
NAME 'kopanoQuotaOverride'
DESC 'KOPANO: Override child quota'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.1.2
NAME 'kopanoQuotaWarn'
DESC 'KOPANO: Warning quota size in MB'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.1.3
NAME 'kopanoQuotaSoft'
DESC 'KOPANO: Soft quota size in MB'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.1.4
NAME 'kopanoQuotaHard'
DESC 'KOPANO: Hard quota size in MB'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.1.5
NAME 'kopanoUserDefaultQuotaOverride'
DESC 'KOPANO: Override User default quota for children'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.1.6
NAME 'kopanoUserDefaultQuotaWarn'
DESC 'KOPANO: User default warning quota size in MB'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.1.7
NAME 'kopanoUserDefaultQuotaSoft'
DESC 'KOPANO: User default soft quota size in MB'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.1.8
NAME 'kopanoUserDefaultQuotaHard'
DESC 'KOPANO: User default hard quota size in MB'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.2.1
NAME 'kopanoAdmin'
DESC 'KOPANO: Administrator of kopano'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.2.2
NAME 'kopanoSharedStoreOnly'
DESC 'KOPANO: is store a shared store'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.2.3
NAME 'kopanoAccount'
DESC 'KOPANO: entry is a part of kopano'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.2.4
NAME 'kopanoSendAsPrivilege'
DESC 'KOPANO: Users may directly send email as this user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.47732.1.1.2.5
NAME 'kopanoMrAccept'
DESC 'KOPANO: user should auto-accept meeting requests'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.2.6
NAME 'kopanoMrDeclineConflict'
DESC 'KOPANO: user should automatically decline conflicting meeting requests'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.2.7
NAME 'kopanoMrDeclineRecurring'
DESC 'KOPANO: user should automatically decline recurring meeting requests'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.2.8
NAME 'kopanoId'
DESC 'KOPANO: Generic unique ID'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.2.9
NAME 'kopanoResourceType'
DESC 'KOPANO: for shared stores, resource is type Room or Equipment'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.2.10
NAME 'kopanoResourceCapacity'
DESC 'KOPANO: number of rooms or equipment available'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.2.11
NAME 'kopanoHidden'
DESC 'KOPANO: This object should be hidden from address book'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.2.13
NAME 'kopanoEnabledFeatures'
DESC 'KOPANO: This user has these features explicitly enabled'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
attributetype ( 1.3.6.1.4.1.47732.1.1.2.14
NAME 'kopanoDisabledFeatures'
DESC 'KOPANO: This user has these features explicitly disabled'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
attributetype ( 1.3.6.1.4.1.47732.1.1.3.1
NAME 'kopanoAliases'
DESC 'KOPANO: All other email addresses for this user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.47732.1.1.4.1
NAME 'kopanoUserServer'
DESC 'KOPANO: Home server for the user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.47732.1.1.6.1
NAME 'kopanoUserArchiveServers'
DESC 'KOPANO: List of server names that contain an archive store for the user'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.4.1.47732.1.1.6.2
NAME 'kopanoUserArchiveCouplings'
DESC 'KOPANO: List of username:foldername pairs that specify many-to-one archive locations'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.47732.1.1.0.0
NAME 'kopano-user'
DESC 'KOPANO: an user of Kopano'
SUP top AUXILIARY
MUST ( cn )
MAY (
kopanoQuotaOverride $ kopanoQuotaWarn $ kopanoQuotaSoft $ kopanoSendAsPrivilege $
kopanoQuotaHard $ kopanoAdmin $ kopanoSharedStoreOnly $ kopanoResourceType $
kopanoResourceCapacity $ kopanoAccount $ kopanoHidden $ kopanoAliases $
kopanoUserServer $ kopanoEnabledFeatures $ kopanoDisabledFeatures $
kopanoUserArchiveServers $ kopanoUserArchiveCouplings $
uidNumber
)
)
objectclass ( 1.3.6.1.4.1.47732.1.6.0.0
NAME 'kopano-contact'
DESC 'KOPANO: a contact of Kopano'
SUP top AUXILIARY
MUST ( cn $ uidNumber )
MAY (
kopanoSendAsPrivilege $ kopanoHidden $ kopanoAliases $ kopanoAccount
)
)
attributetype ( 1.3.6.1.4.1.47732.1.2.2.1
NAME 'kopanoSecurityGroup'
DESC 'KOPANO: group has security possibilities'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.47732.1.2.0.0
NAME 'kopano-group'
DESC 'KOPANO: a group of Kopano'
SUP top AUXILIARY
MUST ( cn )
MAY (
kopanoAccount $ kopanoHidden $ mail $ kopanoAliases $ kopanoSecurityGroup $ kopanoSendAsPrivilege $
gidNumber
)
)
attributetype ( 1.3.6.1.4.1.47732.1.3.2.4
NAME 'kopanoViewPrivilege'
DESC 'KOPANO: Companies with view privileges over selected company'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
attributetype ( 1.3.6.1.4.1.47732.1.3.2.5
NAME 'kopanoAdminPrivilege'
DESC 'KOPANO: Users from different companies which are administrator over selected company'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
attributetype ( 1.3.6.1.4.1.47732.1.3.2.6
NAME 'kopanoSystemAdmin'
DESC 'KOPANO: The user who is the system administrator for this company'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
)
attributetype (1.3.6.1.4.1.47732.1.3.1.5
NAME 'kopanoQuotaUserWarningRecipients'
DESC 'KOPANO: Users who will recieve a notification email when a user exceeds his quota'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
attributetype (1.3.6.1.4.1.47732.1.3.1.6
NAME 'kopanoQuotaCompanyWarningRecipients'
DESC 'KOPANO: Users who will recieve a notification email when a company exceeds its quota'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
attributetype ( 1.3.6.1.4.1.47732.1.3.4.1
NAME 'kopanoCompanyServer'
DESC 'KOPANO: Home server for the public folders for a company'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.47732.1.3.0.0
NAME 'kopano-company'
DESC 'KOPANO: a company of Kopano'
SUP top AUXILIARY
MUST ( ou )
MAY (
kopanoAccount $ kopanoHidden $
kopanoViewPrivilege $ kopanoAdminPrivilege $ kopanoSystemAdmin $
kopanoQuotaOverride $ kopanoQuotaWarn $
kopanoUserDefaultQuotaOverride $ kopanoUserDefaultQuotaWarn $ kopanoUserDefaultQuotaSoft $ kopanoUserDefaultQuotaHard $
kopanoQuotaUserWarningRecipients $ kopanoQuotaCompanyWarningRecipients $
kopanoCompanyServer
)
)
attributetype (1.3.6.1.4.1.47732.1.4.4.1
NAME 'kopanoHttpPort'
DESC 'KOPANO: Port for the http connection'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype (1.3.6.1.4.1.47732.1.4.4.2
NAME 'kopanoSslPort'
DESC 'KOPANO: Port for the ssl connection'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype (1.3.6.1.4.1.47732.1.4.4.3
NAME 'kopanoFilePath'
DESC 'KOPANO: The Unix socket or named pipe to the server'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (1.3.6.1.4.1.47732.1.4.4.4
NAME 'kopanoContainsPublic'
DESC 'KOPANO: This server contains the public store'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype (1.3.6.1.4.1.47732.1.4.4.6
NAME 'kopanoProxyURL'
DESC 'KOPANO: Full proxy URL for this server'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.47732.1.4.0.0
NAME 'kopano-server'
DESC 'KOPANO: a Kopano server'
SUP top AUXILIARY
MUST ( cn )
MAY (
kopanoAccount $ kopanoHidden $ kopanoHttpPort $ kopanoSslPort $ kopanoFilePath $ kopanoContainsPublic $ kopanoProxyURL
)
)
attributetype (1.3.6.1.4.1.47732.1.5.5.1
NAME 'kopanoFilter'
DESC 'KOPANO: LDAP Filter to apply'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (1.3.6.1.4.1.47732.1.5.5.2
NAME 'kopanoBase'
DESC 'KOPANO: LDAP Search base to apply'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
objectclass ( 1.3.6.1.4.1.47732.1.5.0.0
NAME 'kopano-addresslist'
DESC 'KOPANO: a Kopano Addresslist'
SUP top STRUCTURAL
MUST ( cn )
MAY (
kopanoAccount $ kopanoHidden $ kopanoFilter $ kopanoBase
)
)
objectclass ( 1.3.6.1.4.1.47732.1.7.0.0
NAME 'kopano-dynamicgroup'
DESC 'KOPANO: a Kopano dynamic group'
SUP top STRUCTURAL
MUST ( cn )
MAY (
kopanoAccount $ kopanoHidden $ mail $ kopanoAliases $ kopanoFilter $ kopanoBase
)
)

15
master-push.sh
View File

@ -1,15 +0,0 @@
#!/bin/bash
if [ $# -lt 2 ]
then
echo "Usage: master-push.sh core|webapp version"
echo "Example: master-push.sh core 3.4.17.1565plus895.1"
exit 1
fi
component=$1
version=$2
docker push zokradonh/kopano_${component}:latest
docker push zokradonh/kopano_${component}:latest-master
docker push zokradonh/kopano_${component}:$version

139
setup.sh Executable file
View File

@ -0,0 +1,139 @@
#!/bin/bash
if [ ! -e ./docker-compose.yml ]; then
echo "copying example compose file"
cp docker-compose.yml-example docker-compose.yml
fi
if [ ! -e ./.env ]; then
echo "Creating an .env file for you"
value_default=latest
read -p "Which tag do you want to use for Kopano Core components? [$value_default]: " new_value
CORE_VERSION=${new_value:-$value_default}
value_default=latest
read -p "Which tag do you want to use for Kopano WebApp? [$value_default]: " new_value
WEBAPP_VERSION=${new_value:-$value_default}
value_default="Kopano Demo"
read -p "Name of the Organisation for LDAP [$value_default]: " new_value
LDAP_ORGANISATION=${new_value:-$value_default}
value_default="kopano.demo"
read -p "Name of the Domain for LDAP [$value_default]: " new_value
LDAP_DOMAIN=${new_value:-$value_default}
value_default="dc=kopano,dc=demo"
read -p "Name of the BASE DN for LDAP [$value_default]: " new_value
LDAP_BASE_DN=${new_value:-$value_default}
value_default="kopano123"
read -p "Password of the admin user (in bundled LDAP) [$value_default]: " new_value
LDAP_ADMIN_PASSWORD=${new_value:-$value_default}
value_default="ldap://ldap:389"
read -p "LDAP server to be used (default to bundled openldap) [$value_default]: " new_value
LDAP_SERVER=${new_value:-$value_default}
value_default="DC=kopano,DC=demo"
read -p "LDAP search base [$value_default]: " new_value
LDAP_SEARCH_BASE=${new_value:-$value_default}
value_default="CN=readonly,DC=kopano,DC=demo"
read -p "LDAP bind user (needs only read permissions) [$value_default]: " new_value
LDAP_BIND_DN=${new_value:-$value_default}
value_default="kopano123"
read -p "LDAP server to be used (default bundled openldap) [$value_default]: " new_value
LDAP_BIND_PW=${new_value:-$value_default}
value_default="Europe/Berlin"
read -p "Timezone to be used [$value_default]: " new_value
TZ=${new_value:-$value_default}
value_default="postmaster@kopano.demo"
read -p "E-Mail Address displayed for the 'postmaster' [$value_default]: " new_value
POSTMASTER_ADDRESS=${new_value:-$value_default}
value_default="db"
read -p "Name/Address of Database server (defaults to the bundled one) [$value_default]: " new_value
MYSQL_HOST=${new_value:-$value_default}
value_default="kopano123"
read -p "Password for the MySQL root user [$value_default]: " new_value
MYSQL_ROOT_PASSWORD=${new_value:-$value_default}
value_default="kopanoDbUser"
read -p "Username to connect to the database [$value_default]: " new_value
MYSQL_USER=${new_value:-$value_default}
value_default="kopanoDbPw"
read -p "Password to connect to the database [$value_default]: " new_value
MYSQL_PASSWORD=${new_value:-$value_default}
value_default="kopano"
read -p "Datebase to use for Kopano [$value_default]: " new_value
MYSQL_DATABASE=${new_value:-$value_default}
cat <<-EOF >"./.env"
# please consult https://github.com/zokradonh/kopano-docker
# for possible configuration values and their impact
CORE_VERSION=$CORE_VERSION
WEBAPP_VERSION=$WEBAPP_VERSION
LDAP_ORGANISATION="$LDAP_ORGANISATION"
LDAP_DOMAIN=$LDAP_DOMAIN
LDAP_BASE_DN=$LDAP_BASE_DN
LDAP_SERVER=$LDAP_SERVER
LDAP_ADMIN_PASSWORD=$LDAP_ADMIN_PASSWORD
LDAP_READONLY_USER_PASSWORD=$LDAP_BIND_PW
LDAP_BIND_DN=$LDAP_BIND_DN
LDAP_BIND_PW=$LDAP_BIND_PW
LDAP_SEARCH_BASE=$LDAP_SEARCH_BASE
# LDAP query filters
LDAP_QUERY_FILTER_USER=(&(kopanoAccount=1)(mail=%s))
LDAP_QUERY_FILTER_GROUP=(&(objectclass=kopano-group)(mail=%s))
LDAP_QUERY_FILTER_ALIAS=(&(kopanoAccount=1)(kopanoAliases=%s))
LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(kopanoAliases=%s=*@%s)))
SASLAUTHD_LDAP_FILTER=(&(kopanoAccount=1)(uid=%s))
# switch the value of these two variables to use the activedirectory configuration
KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg
KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg
MYSQL_HOST=$MYSQL_HOST
MYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD
MYSQL_USER=$MYSQL_USER
MYSQL_PASSWORD=$MYSQL_PASSWORD
MYSQL_DATABASE=$MYSQL_DATABASE
KCCONF_SERVER_SERVER_NAME=Kopano
POSTMASTER_ADDRESS=$POSTMASTER_ADDRESS
TZ=$TZ
# Defines how Kopano can be accessed from the outside world
WEBAPP_HOST=webapp.$LDAP_DOMAIN
LDAP_HOST=ldap.$LDAP_DOMAIN
HTTP=80
HTTPS=443
# Docker Repository to push to
docker_repo=zokradonh
# modify below to build a different version, than the kopano nightly release
#KOPANO_CORE_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/core:/final/Debian_9.0/
#KOPANO_WEBAPP_REPOSITORY_URL=https://serial:REPLACE-ME@download.kopano.io/supported/webapp:/final/Debian_9.0/
#RELEASE_KEY_DOWNLOAD=1
#DOWNLOAD_COMMUNITY_PACKAGES=0
EOF
else
echo "config already exists, doing nothing"
echo "if you want to change the configuration, please edit .env directly"
fi
# build the local docker containers. This has the benefit that it will warn about empty variables
docker-compose build

9
ssl/gencerts.sh Normal file → Executable file
View File

@ -1,9 +1,12 @@
#!/bin/sh
# https://github.com/google/easypki
# TODO integrate this directly into start.sh?
echo "Creating CA and Server certificates..."
easypki create --filename internalca --organizational-unit primary --expire 3650 --ca "Internal Kopano System"
easypki create --filename internalca --organizational-unit primary --expire 3650 --ca "Internal Kopano System"
mkdir -p /kopano/ssl/clients/
cp /kopano/easypki/internalca/certs/internalca.crt /kopano/ssl/ca.pem
for s in kserver kdagent kmonitor ksearch kspooler kwebapp
@ -14,4 +17,4 @@ for s in kserver kdagent kmonitor ksearch kspooler kwebapp
openssl x509 -in /kopano/easypki/internalca/certs/$s.crt -pubkey -noout > /kopano/ssl/clients/$s-public.pem
done
ls -l /kopano/ssl/*.pem
ls -l /kopano/ssl/*.pem

5
ssl/start.sh Normal file → Executable file
View File

@ -1,8 +1,7 @@
#!/bin/sh
if [ -f /kopano/ssl/ca.pem ]
then exit 0
if [ -f /kopano/ssl/ca.pem ]; then
exit 0
fi
/gencerts.sh

20
version.sh
View File

@ -8,6 +8,26 @@ source base/create-kopano-repo.sh
component=${1:-core}
if [ -e ./env ]; then
source ./env
fi
KOPANO_CORE_REPOSITORY_URL=${KOPANO_CORE_REPOSITORY_URL:-""}
KOPANO_WEBAPP_REPOSITORY_URL=${KOPANO_WEBAPP_REPOSITORY_URL:-""}
if [[ $KOPANO_CORE_REPOSITORY_URL == http* ]] || [[ $KOPANO_WEBAPP_REPOSITORY_URL == http* ]]; then
case $component in
core)
version=$(curl -s -S -L $KOPANO_CORE_REPOSITORY_URL/Packages | grep -A2 "Package: kopano-server-packages")
echo "${version##* }"
;;
webapp)
version=$(curl -s -S -L $KOPANO_WEBAPP_REPOSITORY_URL/Packages | grep -m1 -A1 "Package: kopano-webapp")
echo "${version##* }"
;;
esac
exit
fi
# query community server by h5ai API
filename=$(h5ai_query "$component")

11
web/Caddyfile Normal file
View File

@ -0,0 +1,11 @@
webapp.kopano.demo {
tls self_signed
redir / /webapp
proxy /webapp kwebapp:80 {
transparent
websocket
}
}

12
webapp/Dockerfile
View File

@ -1,10 +1,12 @@
FROM zokradonh/kopano_base
ARG docker_repo=zokradonh
FROM ${docker_repo}/kopano_base
ARG ADDITIONAL_KOPANO_PACKAGES=""
ARG DOWNLOAD_COMMUNITY_PACKAGES=1
ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core"
ARG KOPANO_REPOSITORY_FLAGS="trusted=yes"
ARG KOPANO_WEBAPP_REPOSITORY_URL="file:/kopano/repo/webapp"
ARG KOPANO_CORE_VERSION=newest
ARG KOPANO_WEBAPP_VERSION=newest
ARG RELEASE_KEY_DOWNLOAD=0
@ -18,11 +20,9 @@ RUN \
fi; \
echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_CORE_REPOSITORY_URL} ./" > /etc/apt/sources.list.d/kopano.list; \
echo "deb [${KOPANO_REPOSITORY_FLAGS}] ${KOPANO_WEBAPP_REPOSITORY_URL} ./" >> /etc/apt/sources.list.d/kopano.list; \
# save kopano version if supported kopano
if [ ! -f /kopano/buildversion ]; then \
echo "core-${KOPANO_CORE_VERSION}" > /kopano/buildversion; \
echo "webapp-${KOPANO_WEBAPP_VERSION}" >> /kopano/buildversion; \
fi; \
# save kopano version
echo "core-${KOPANO_CORE_VERSION}" > /kopano/buildversion; \
echo "webapp-${KOPANO_WEBAPP_VERSION}" >> /kopano/buildversion; \
# install apt keys if supported kopano
if [ ${RELEASE_KEY_DOWNLOAD} -eq 1 ]; then \
curl -s -S -o - "${KOPANO_CORE_REPOSITORY_URL}/Release.key" | apt-key add -; \

43
webapp/start.sh
View File

@ -1,20 +1,47 @@
#!/bin/bash
# define default value for serverhostname and serverport if not passed into container
KCCONF_SERVERHOSTNAME=${KCCONF_SERVERHOSTNAME:-127.0.0.1}
KCCONF_SERVERPORT=${KCCONF_SERVERPORT:-237}
ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
set -eu # unset variables are errors & non-zero return values exit the whole script
echo "Ensure directories"
mkdir -p /run/sessions /tmp/webapp
[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && apt update
[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && for installpkg in "$ADDITIONAL_KOPANO_PACKAGES"; do
if [ $(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
apt --assume-yes install $installpkg;
fi
done
echo "Configure webapp"
sed -e "s#define(\"DEFAULT_SERVER\",\s*\".*\"#define(\"DEFAULT_SERVER\", \"https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano\"#" \
echo "Ensure directories"
mkdir -p /run/sessions /tmp/webapp
if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
echo "Kopano WebApp is using the default: connection"
else
echo "Kopano WebApp is using an ip connection"
sed -e "s#define(\"DEFAULT_SERVER\",\s*\".*\"#define(\"DEFAULT_SERVER\", \"https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano\"#" \
-i /etc/kopano/webapp/config.php
fi
# TODO is enabling this really neccesary when reverse proxying webapp?
echo "Configuring Kopano WebApp for use behind a reverse proxy"
sed \
-e "s#define(\"INSECURE_COOKIES\",\s*.*)#define(\"INSECURE_COOKIES\", true)#" \
-i /etc/kopano/webapp/config.php
echo "Configure z-push"
sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \
-i /etc/z-push/kopano.conf.php
if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
echo "Z-Push is using the default: connection"
else
echo "Z-Push is using an ip connection"
sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \
-i /etc/z-push/kopano.conf.php
fi
echo "Configuring Z-Push for use behind a reverse proxy"
sed -e "s#define([\"']USE_CUSTOM_REMOTE_IP_HEADER[\"'],\s*false)#define('USE_CUSTOM_REMOTE_IP_HEADER', true)#" \
-i /etc/z-push/z-push.conf.php
-i /etc/z-push/z-push.conf.php
echo "Ensure config ownership"
chown -R www-data:www-data /run/sessions /tmp/webapp