flywithu/kopano-docker
1
0
Fork 0
mirror of https://github.com/zokradonh/kopano-docker synced 2025-06-07 07:56:12 +00:00
Code Issues Releases Wiki Activity

Make it possible to use an existing konnect instance (#195)

Browse Source 
* make konnect url configurable
* switch to fork of dockerize as it allows to skip ssl verification
since the address of the oidc issuer is now dynamic it could point to an invalid ssl certificate (the self signed cert is by default "valid" for *)
* update hadolint
* add more scopes
* only skip ssl verification when running insecure
This commit is contained in:
Felix Bartels 2019-08-20 21:16:42 +02:00 committed by GitHub
parent ae7f679be2
commit f7934cbc51
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 38 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -7,7 +7,7 @@ node_js:
env: env:
global: global:
- HADOLINT_VERSION=1.16.3 - HADOLINT_VERSION=1.17.1
- DOCKER_COMPOSE_VERSION=1.23.2 - DOCKER_COMPOSE_VERSION=1.23.2
- TRIVY_VERSION=0.1.1 - TRIVY_VERSION=0.1.1
- secure: iSwQW1ytg9/ntqlF1nMzYcg0ouT3TifuAzauu//vWMiRfRthAi0bLuz3nBvlkQwtUk/iF3+smdOtwvjlmW7wWdwdf9tzpsyVKVYcS/+1MbxnGXE4OyNLkUJ7KASRk4otfsujMDNO95q/m04sOLJ721dsOWR6dv+5MNJ3LrushsbFfuStHmM1cNyUR6NuPy4g/x4oppv23rbSXU/qS7ULUsOTEUuTsmgvvKQRZiiOFaOgzeHCIEdrX6Dpsx6DPtYQ5az88q6CrkkTaw7GhP1qBXAGNX03NeHPd7YZvsgePoZJEJ/jTRsZVx9LxwkmnVTJDqthgqTGXTBJIvow3oICjKLf/DhURvkHaAJPu+Nxyvxo2xgYaa0Zbau5fmhEblyKU8Q9g+ZXsdjC5uy/vqJjg1rZD9BZjbKXRP9nb5VpxLdzcWE80XpEj7tHMfF4bN7LvIHZ81wINtZdZeFLVW53YzIO0NAoRCDk1SmR6N11T1uE8FrBzO80oETUMud2zYTx9U+J0m/qsNK+fOz2GtxwI3mlU0/bgVlcFE6865lOPuRwcTOhDwGqeWsLbBYsYXaJhqktn6XKiZ/BEeJLx6Z/CvyNXbzexn1i4wyVZAK7xxkhjxFPnWFU9WPan4ibkGLsS9sFsUTLVa4oBszkTO6q5NU7vIycdgJpfZlkdL2V0EA= - secure: iSwQW1ytg9/ntqlF1nMzYcg0ouT3TifuAzauu//vWMiRfRthAi0bLuz3nBvlkQwtUk/iF3+smdOtwvjlmW7wWdwdf9tzpsyVKVYcS/+1MbxnGXE4OyNLkUJ7KASRk4otfsujMDNO95q/m04sOLJ721dsOWR6dv+5MNJ3LrushsbFfuStHmM1cNyUR6NuPy4g/x4oppv23rbSXU/qS7ULUsOTEUuTsmgvvKQRZiiOFaOgzeHCIEdrX6Dpsx6DPtYQ5az88q6CrkkTaw7GhP1qBXAGNX03NeHPd7YZvsgePoZJEJ/jTRsZVx9LxwkmnVTJDqthgqTGXTBJIvow3oICjKLf/DhURvkHaAJPu+Nxyvxo2xgYaa0Zbau5fmhEblyKU8Q9g+ZXsdjC5uy/vqJjg1rZD9BZjbKXRP9nb5VpxLdzcWE80XpEj7tHMfF4bN7LvIHZ81wINtZdZeFLVW53YzIO0NAoRCDk1SmR6N11T1uE8FrBzO80oETUMud2zYTx9U+J0m/qsNK+fOz2GtxwI3mlU0/bgVlcFE6865lOPuRwcTOhDwGqeWsLbBYsYXaJhqktn6XKiZ/BEeJLx6Z/CvyNXbzexn1i4wyVZAK7xxkhjxFPnWFU9WPan4ibkGLsS9sFsUTLVa4oBszkTO6q5NU7vIycdgJpfZlkdL2V0EA=

4
base/Dockerfile
View File

@ -47,8 +47,8 @@ RUN apt-get update && \
curl -s -S -o - "${KOPANO_CORE_REPOSITORY_URL}/Release.key" | apt-key add -; \ curl -s -S -o - "${KOPANO_CORE_REPOSITORY_URL}/Release.key" | apt-key add -; \
fi fi
ENV DOCKERIZE_VERSION v0.6.1 ENV DOCKERIZE_VERSION v0.11.0
RUN curl -L https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz | tar xzvf - -C /usr/local/bin RUN curl -sfL https://github.com/powerman/dockerize/releases/download/"$DOCKERIZE_VERSION"/dockerize-"$(uname -s)"-"$(uname -m)" | install /dev/stdin /usr/local/bin/dockerize
RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \ RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \ sed -i -e 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen && \

10
core/start-service.sh
View File

@ -88,10 +88,18 @@ grapi)
exec kopano-grapi serve exec kopano-grapi serve
;; ;;
kapid) kapid)
if [ "$KCCONF_KAPID_INSECURE" = "yes" ]; then
dockerize \
-skip-tls-verify \
-wait file://var/run/kopano/grapi/notify.sock \
-wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \
-timeout 360s
else
dockerize \ dockerize \
-wait file://var/run/kopano/grapi/notify.sock \ -wait file://var/run/kopano/grapi/notify.sock \
-wait http://kopano_konnect:8777/.well-known/openid-configuration \ -wait "$KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER"/.well-known/openid-configuration \
-timeout 360s -timeout 360s
fi
LC_CTYPE=en_US.UTF-8 LC_CTYPE=en_US.UTF-8
sed -i s/\ *=\ */=/g /etc/kopano/kapid.cfg sed -i s/\ *=\ */=/g /etc/kopano/kapid.cfg
# shellcheck disable=SC2046 # shellcheck disable=SC2046

2
docker-compose.yml
View File

@ -486,8 +486,8 @@ services:
restart: unless-stopped restart: unless-stopped
environment: environment:
- SERVICE_TO_START=meet - SERVICE_TO_START=meet
- KCCONF_MEET_guests_enabled=true
- KCCONF_MEET_disableFullGAB=false - KCCONF_MEET_disableFullGAB=false
- KCCONF_MEET_guests_enabled=true
env_file: env_file:
- kopano_meet.env - kopano_meet.env
depends_on: depends_on:

4
konnect/konnectd-identifier-scopes.yaml
View File

@ -3,6 +3,9 @@
--- ---
scopes: scopes:
kopano/gc:
description: "Kopano"
kopano/kwm: kopano/kwm:
description: "Access Kopano Meet" description: "Access Kopano Meet"
@ -11,4 +14,3 @@ scopes:
kopano/pubs: kopano/pubs:
description: "Access Kopano Pub/Sub" description: "Access Kopano Pub/Sub"

5
konnect/wrapper.sh
View File

@ -2,6 +2,7 @@
set -e set -e
# TODO since this file is only used here, also generate it here.
dockerize \ dockerize \
-wait file:///kopano/ssl/meet-kwmserver.pem \ -wait file:///kopano/ssl/meet-kwmserver.pem \
-timeout 360s -timeout 360s
@ -29,8 +30,8 @@ fi
dockerize \ dockerize \
-wait file:///kopano/ssl/konnectd-tokens-signing-key.pem \ -wait file:///kopano/ssl/konnectd-tokens-signing-key.pem \
-wait file:///kopano/ssl/konnectd-encryption.key \ -wait file:///kopano/ssl/konnectd-encryption.key \
-timeout 360s \ -timeout 360s
konnectd serve \ konnectd serve \
--signing-private-key=/kopano/ssl/konnectd-tokens-signing-key.pem \ --signing-private-key=/kopano/ssl/konnectd-tokens-signing-key.pem \
--encryption-secret=/kopano/ssl/konnectd-encryption.key \ --encryption-secret=/kopano/ssl/konnectd-encryption.key \
--iss=https://"$FQDN" \ --iss=https://"$FQDN" \

8
kwmserver/Dockerfile
View File

@ -17,10 +17,10 @@ LABEL maintainer=az@zok.xyz \
USER root USER root
ENV DOCKERIZE_VERSION v0.6.1 SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& tar -C /usr/local/bin -xzvf dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \ ENV DOCKERIZE_VERSION v0.11.0
&& rm dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz RUN wget -O - https://github.com/powerman/dockerize/releases/download/"$DOCKERIZE_VERSION"/dockerize-"$(uname -s)"-"$(uname -m)" | install /dev/stdin /bin/dockerize
COPY wrapper.sh /usr/local/bin COPY wrapper.sh /usr/local/bin

19
kwmserver/wrapper.sh
View File

@ -65,14 +65,17 @@ if [ -n "$public_guest_access_regexp" ]; then
set -- "$@" --public-guest-access-regexp="$public_guest_access_regexp" set -- "$@" --public-guest-access-regexp="$public_guest_access_regexp"
fi fi
# shellcheck disable=SC2034 if [ "$INSECURE" = "yes" ]; then
export registration_conf=/kopano/ssl/konnectd-identifier-registration.yaml dockerize \
-skip-tls-verify \
-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
-timeout 360s
else
dockerize \
-wait "$oidc_issuer_identifier"/.well-known/openid-configuration \
-timeout 360s
fi
# originally I wanted to wait for $registration_conf, but I needed to precreate the file exec /usr/local/bin/docker-entrypoint.sh serve \
# so the konnect container (since the startup is running as nobody) can write to it.
exec dockerize \
-wait http://kopano_konnect:8777/.well-known/openid-configuration \
-timeout 360s \
/usr/local/bin/docker-entrypoint.sh serve \
--registration-conf /kopano/ssl/konnectd-identifier-registration.yaml \ --registration-conf /kopano/ssl/konnectd-identifier-registration.yaml \
"$@" "$@"

2
meet/README.md
View File

@ -1,4 +1,4 @@
# Kopano Kwmserver image # Kopano Meet image
[![](https://images.microbadger.com/badges/image/zokradonh/kopano_meet.svg)](https://microbadger.com/images/zokradonh/kopano_meet "Microbadger size/labels") [![](https://images.microbadger.com/badges/version/zokradonh/kopano_meet.svg)](https://microbadger.com/images/zokradonh/kopano_meet "Microbadger version") [![](https://images.microbadger.com/badges/image/zokradonh/kopano_meet.svg)](https://microbadger.com/images/zokradonh/kopano_meet "Microbadger size/labels") [![](https://images.microbadger.com/badges/version/zokradonh/kopano_meet.svg)](https://microbadger.com/images/zokradonh/kopano_meet "Microbadger version")

2
utils/Dockerfile
View File

@ -11,7 +11,7 @@ LABEL maintainer=az@zok.xyz \
org.label-schema.schema-version="1.0" org.label-schema.schema-version="1.0"
RUN apt-get update && apt-get install --no-install-recommends -y \ RUN apt-get update && apt-get install --no-install-recommends -y \
vim nano man \ vim nano man less \
kopano-backup \ kopano-backup \
kopano-migration-imap \ kopano-migration-imap \
kopano-migration-pst \ kopano-migration-pst \