make it possible to build official kopano releases

Signed-off-by: Felix Bartels <felix@host-consultants.de>
move server name to docker-compose
2025-06-08 00:16:22 +00:00 · 2018-11-06 12:14:11 +01:00 · 2018-11-06 07:53:04 +01:00 · 2018-11-05 10:27:08 +01:00 · 2018-11-05 09:49:41 +01:00 · 2018-11-05 08:43:00 +01:00
21 changed files with 27599 additions and 293 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,4 +2,5 @@
 **/.vscode
 *.yml
 docker-compose.yml
-certs/*
+data/*
 env
--- a/0
+++ b/0
--- a/31
+++ b/31
@ -9,13 +9,28 @@ core_download_version = $(shell ./version.sh core)
 webapp_version = $(shell docker run --rm $(docker_repo)/kopano_webapp cat /kopano/buildversion | tail -n 1 | grep -o -P '(?<=-).*(?=\+)')
 webapp_download_version = $(shell ./version.sh webapp)
 KOPANO_CORE_REPOSITORY_URL := file:/kopano/repo/core
 KOPANO_WEBAPP_REPOSITORY_URL := file:/kopano/repo/webapp
 RELEASE_KEY_DOWNLOAD := 0
 DOWNLOAD_COMMUNITY_PACKAGES := 1
 include env
 export
 # convert lowercase componentname to uppercase
 COMPONENT = $(shell echo $(component) | tr a-z A-Z)
-build-all: build-base build-core build-webapp
+build-all: build-ssl build-base build-core build-webapp
 build: component ?= base
 build:
-	docker build --build-arg KOPANO_$(COMPONENT)_VERSION=${$(component)_download_version} -t $(docker_repo)/kopano_$(component) $(component)/
+	docker build \
 		--build-arg KOPANO_$(COMPONENT)_VERSION=${$(component)_download_version} \
 		--build-arg KOPANO_CORE_REPOSITORY_URL=$(KOPANO_CORE_REPOSITORY_URL) \
 		--build-arg KOPANO_WEBAPP_REPOSITORY_URL=$(KOPANO_WEBAPP_REPOSITORY_URL) \
 		--build-arg RELEASE_KEY_DOWNLOAD=$(RELEASE_KEY_DOWNLOAD) \
 		--build-arg DOWNLOAD_COMMUNITY_PACKAGES=$(DOWNLOAD_COMMUNITY_PACKAGES) \
 		-t $(docker_repo)/kopano_$(component) $(component)/
 build-base:
 	component=base make build
@ -26,12 +41,16 @@ build-core:
 build-webapp:
 	component=webapp make build
 build-ssl:
 	docker build -t $(docker_repo)/kopano_ssl ssl/
 tag: component ?= base
 tag:
 	@echo 'create tag $($(component)_version)'
 	docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):${$(component)_version}
 	@echo 'create tag latest'
 	docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):latest
 	git commit -m 'ci: committing changes for $(component)' -- $(component) || true
 	git tag $(component)/${$(component)_version} || true
 tag-base:
@ -43,14 +62,11 @@ tag-core:
 tag-webapp:
 	component=webapp make tag
 git-commit:
 	git add -A && git commit -m "ci: commit changes before tagging"
 # Docker publish
 repo-login:
 	docker login -u $(docker_login) -p $(docker_pwd)
-publish: git-commit repo-login publish-base publish-core publish-webapp
+publish: repo-login publish-ssl publish-base publish-core publish-webapp
 	git push
 	git push origin --tags
@ -68,3 +84,6 @@ publish-core: build-core tag-core
 publish-webapp: build-webapp tag-webapp
 	component=webapp make publish-container
 publish-ssl: build-ssl
 	docker push $(docker_repo)/kopano_ssl:latest
--- a/README.md
+++ b/README.md
@ -1,3 +1,32 @@
 # (unofficial) Kopano Docker Images
 New instructions:
 - explain Makefile
 - `make docker_repo=kopano publish` to upload to a custom docker hub account
 ## Getting started with docker-compose
 Thie repository contains an example docker-compose.yml file that spins up a Kopano demo environment incl. pre filled ldap tree. Run `docker-compose build` to create the ldap image locally. After running `docker-compose up` you can login through phpldapadmin at http://localhost:8081/ with the the user `cn=admin,dc=kopano,dc=demo` with the password `kopano123`.
 git clone https://github.com/fbartels/kopano-docker.git
 cd kopano-docker
 git checkout compose
 make build-all
 docker-compose build
 docker-compose up -d
 docker-compose exec kserver kopano-cli --list-users
 docker-compose logs -f kserver
 docker-compose down
 sudo rm -rf data/
 docker-compose up -d
 # Kopano Docker Image
 Unofficial kopano docker images for all kopano services.
 Use kopano_core image for server/spooler/dagent/search/monitor/ical/gateway services.
--- a/base/Dockerfile
+++ b/base/Dockerfile
@ -31,6 +31,9 @@ RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
    dpkg-reconfigure --frontend=noninteractive locales && \
    update-locale LANG=en_US.UTF-8
 ENV DOCKERIZE_VERSION v0.6.1
 RUN curl -L https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz | tar xzvf - -C /usr/local/bin
 ARG ADDITIONAL_KOPANO_PACKAGES=""
 ARG DOWNLOAD_COMMUNITY_PACKAGES=1
 ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core"
--- a/core/Dockerfile
+++ b/core/Dockerfile
@ -47,3 +47,6 @@ COPY kcconf.py defaultconfigs/ start-service.sh /kopano/
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 CMD [ "/kopano/start-service.sh" ]
 HEALTHCHECK --interval=30s --timeout=60s \
 	CMD /kopano/healthcheck.sh
--- a/core/defaultconfigs/server.py
+++ b/core/defaultconfigs/server.py
@ -9,7 +9,7 @@ kcconf.configkopano({
        'log_level': "3",
        'attachment_path': "/kopano/data/attachments/",
        'user_plugin': "ldap",
-        'server_listen': "",
+        'server_listen': "*:236",
        'server_listen_tls': "*:237"
    }
 })
--- a/core/healthcheck.sh
+++ b/core/healthcheck.sh
@ -0,0 +1,10 @@
 #!/bin/bash
 set -ex
 case "$SERVICE_TO_START" in
 server)
 	kopano-cli --list-users
 	exit 0
 	;;
 esac
--- a/core/start-service.sh
+++ b/core/start-service.sh
@ -1,5 +1,7 @@
 #!/bin/bash
 ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
 set -eu # unset variables are errors & non-zero return values exit the whole script
 if [ ! -e /kopano/$SERVICE_TO_START.py ]
@ -8,6 +10,13 @@ then
    exit 1
 fi
 [ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && apt update
 [ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && for installpkg in "$ADDITIONAL_KOPANO_PACKAGES"; do
 	if [ $(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
 		apt --assume-yes install $installpkg;
 	fi
 done
 mkdir -p /kopano/data/attachments /tmp/$SERVICE_TO_START /var/run/kopano
 echo "Configure core service '$SERVICE_TO_START'" | ts
@ -17,8 +26,8 @@ echo "Set ownership" | ts
 chown -R kopano:kopano /run /tmp
 chown kopano:kopano /kopano/data/ /kopano/data/attachments
-echo "Clean old pid files and sockets" | ts
+#echo "Clean old pid files and sockets" | ts
-rm -f /var/run/kopano/*
+#rm -f /var/run/kopano/*
 # allow helper commands given by "docker-compose run"
 if [ $# -gt 0 ]
@ -30,7 +39,13 @@ fi
 # start regular service
 case "$SERVICE_TO_START" in
    server)
-        exec /usr/sbin/kopano-server -F
+	# TODO use dockerize to start other services as well
 	exec dockerize \
 		-wait file://$KCCONF_SERVER_SERVER_SSL_CA_FILE \
 		-wait file://$KCCONF_SERVER_SERVER_SSL_KEY_FILE \
 		-wait tcp://db:3306 \
 		-timeout 360s \
 		/usr/sbin/kopano-server -F
        ;;
    dagent)
        exec /usr/sbin/kopano-dagent -l
--- a/docker-compose.yml-example
+++ b/docker-compose.yml-example
@ -1,206 +1,102 @@
-version: '3'
+version: "3"
 services:
-
+  web:
-  kserver:
+    image: abiosoft/caddy:0.10.4
-    image: zokradonh/kopano_core:${CORE_VERSION}
+    container_name: web
-    hostname: kserver
+    restart: always
-    container_name: kopano_server
+    privileged: true
    links:
-      - db
+      - kwebapp
      #- kzpush
    ports:
      - "10080:80"
      - "10443:443"
    volumes:
      - ./web/Caddyfile:/etc/Caddyfile
      - ./data/web:/root/.caddy
  ldap:
    build: ldap/
    #image: osixia/openldap:1.2.2
    container_name: ldap
    ports:
      - 389:389
    environment:
      - LDAP_ORGANISATION="Kopano Demo"
      - LDAP_DOMAIN=kopano.demo
      - LDAP_BASE_DN=dc=kopano,dc=demo
      - LDAP_ADMIN_PASSWORD=kopano123
      - LDAP_READONLY_USER=true
      - LDAP_READONLY_USER_PASSWORD=kopano123
    command: --loglevel debug --copy-service
    volumes:
      #- ./ldap/bootstrap:/container/service/slapd/assets/config/bootstrap/ldif/custom
      - ./data/ldap/var/lib/ldap:/var/lib/ldap
      - ./data/ldap/etc/ldap/slapd.d:/etc/ldap/slapd.d
    networks:
      - kopanonet
  ldap-admin:
    image: osixia/phpldapadmin:0.7.2
    container_name: ldap-admin
    depends_on:
-      - "kssl"
+      - ldap
    environment:
-      - SERVICE_TO_START=server
+      - PHPLDAPADMIN_LDAP_HOSTS=ldap
-      - TZ=Europe/Berlin
+      - PHPLDAPADMIN_HTTPS=false
-      - KCCONF_SERVER_COREDUMP_ENABLED=no
+    command: -l debug
      - KCCONF_SERVER_LOG_LEVEL=4
      - KCCONF_SERVER_MYSQL_HOST=db
      - KCCONF_SERVER_MYSQL_PORT=3306
      - KCCONF_SERVER_MYSQL_DATABASE=kopano
      - KCCONF_SERVER_MYSQL_USER=root
      - KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD  #change here
      - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
      - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
      - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
      - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
      - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld  #change here
      - KCCONF_SERVER_DISABLED_FEATURES=pop3
      - KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/
      - KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport  #change here
      - KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
      - KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER  #change here
      - KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld  #change here
      - KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
      - KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
    networks:
      - kopanonet
    volumes:
      - data:/kopano/data
      - sslcerts:/kopano/ssl
  kdagent:
    image: zokradonh/kopano_core:${CORE_VERSION}
    container_name: kopano_dagent
    links:
-      - kserver
+      - ldap
-    volumes:
+    ports:
-      - sslcerts:/kopano/ssl
+      - "8081:80"
    environment:
      - SERVICE_TO_START=dagent
      - TZ=Europe/Berlin
      - KCCONF_DAGENT_LOG_LEVEL=6
      - KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/
      - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
    networks:
      - kopanonet
-  kgateway:
+  mail:
-    image: zokradonh/kopano_core:${CORE_VERSION}
+    image: tvial/docker-mailserver:release-v6.1.0
-    container_name: kopano_gateway
+    restart: always
    hostname: mail
    domainname: kopano.demo # change here
    container_name: mail
    depends_on:
      - ldap
    links:
-      - kserver
+      - ldap
    volumes:
      - ./gatewaycerts/:/kopano/certs/
    environment:
      - SERVICE_TO_START=gateway
      - TZ=Europe/Berlin
      - KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
      - KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here
      - KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here
    networks:
      - kopanonet
  kical:
    image: zokradonh/kopano_core:${CORE_VERSION}
    container_name: kopano_ical
    links:
      - kserver
    environment:
      - SERVICE_TO_START=ical
      - TZ=Europe/Berlin
      - KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
    networks:
      - kopanonet
  kmonitor:
    image: zokradonh/kopano_core:${CORE_VERSION}
    container_name: kopano_monitor
    links:
      - kserver
    volumes:
      - sslcerts:/kopano/ssl
    environment:
      - SERVICE_TO_START=monitor
      - TZ=Europe/Berlin
      - KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/
      - KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem
    networks:
      - kopanonet
  ksearch:
    image: zokradonh/kopano_core:${CORE_VERSION}
    container_name: kopano_search
    links:
      - kserver
    volumes:
      - sslcerts:/kopano/ssl
    environment:
      - SERVICE_TO_START=search
      - TZ=Europe/Berlin
      - KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380
      - KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/
      - KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem
    networks:
      - kopanonet
  kspooler:
    image: zokradonh/kopano_core:${CORE_VERSION}
    container_name: kopano_spooler
    links:
      - kserver
    volumes:
      - sslcerts:/kopano/ssl
    environment:
      - SERVICE_TO_START=spooler
      - TZ=Europe/Berlin
      - KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/
      - KCCONF_SPOOLER_LOG_LEVEL=4
      - KCCONF_SPOOLER_SMTP_SERVER=kmta
      - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
    networks:
      - kopanonet
  kwebapp:
    image: zokradonh/kopano_webapp:${WEBAPP_VERSION}
    hostname: kwebapp
    container_name: kopano_webapp
    links:
      - kserver
    #ports:
    #  - "8236:80"
    #  - "8237:443"
    volumes:
      - syncstates:/var/lib/z-push/
      - sslcerts:/kopano/ssl
    environment:
      - TZ=Europe/Berlin
      - KCCONF_SERVERHOSTNAME=kserver
      - KCCONF_SERVERPORT=237
    networks:
      - web
      - kopanonet
  kssl:
    image: zokradonh/kopano_ssl
    container_name: kopano_ssl
    volumes:
      - sslcerts:/kopano/ssl
  kmta:
    image: tvial/docker-mailserver:latest
    hostname: myhost #change here
    domainname: domain.tld #change here
    #dns: 127.0.0.1
    container_name: kopano_mta
    #links:
    #  - adtunnel
    ports:
      - "25:25"
    #  - "143:143"
    #  - "587:587"
    #  - "993:993"
    volumes:
-      - tmpmaildata:/var/mail
+      - ./data/mail/data:/var/mail
-      - tmpmailstate:/var/mail-state
+      - ./data/mail/state:/var/mail-state
-      - ./mtaconfig/:/tmp/docker-mailserver/ # create this dir
+      - ./mail/config:/tmp/docker-mailserver/
      #- ./data/web/acme-v01.api.letsencrypt.org/sites/mail.kopano.demo:/tmp/ssl:ro
    environment:
      - TZ=Europe/Berlin
      - ENABLE_SPAMASSASSIN=1
      - ENABLE_CLAMAV=1
      - ENABLE_FAIL2BAN=1
      - ENABLE_POSTGREY=1
      - TLS_LEVEL=intermediate
      - POSTGREY_DELAY=10
      - ONE_DIR=1
      - DMS_DEBUG=0
      - SSL_TYPE=manual
      #- SSL_CERT_PATH=/tmp/ssl/mail.kopano.demo.crt
      #- SSL_KEY_PATH=/tmp/ssl/mail.kopano.demo.key
      - ENABLE_LDAP=1
-      - LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here
+      - LDAP_SERVER_HOST=ldaps://ldap:636
-      - LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
+      - LDAP_SEARCH_BASE=OU=users,DC=kopano,DC=demo
-      - LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
+      - LDAP_BIND_DN=cn=readonly,DC=kopano,DC=demo
-      - LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here
+      - LDAP_BIND_PW=kopano123
      - LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s)))
      - LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
      - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
      - LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group)))
      - ENABLE_SASLAUTHD=1
-      - SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here
+      - SASLAUTHD_LDAP_SERVER=ldaps://ldap:363
-      - SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
+      - SASLAUTHD_LDAP_BIND_DN=cn=cn=readonly,DC=kopano,DC=demo
-      - SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER  #change here
+      - SASLAUTHD_LDAP_PASSWORD=kopano123
-      - SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld  #change here
+      - SASLAUTHD_LDAP_SEARCH_BASE=OU=users,DC=kopano,DC=demo
      - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
      - SASLAUTHD_MECHANISMS=ldap
-      - POSTMASTER_ADDRESS=postmaster@domain.tld #change here
+      - POSTMASTER_ADDRESS=postmaster@kopano.demo
      - SMTP_ONLY=1
      - PERMIT_DOCKER=network
      - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
@ -212,31 +108,90 @@ services:
      - NET_ADMIN
      - SYS_PTRACE
  # TODO find good example ldap container
  db:
-    image: mariadb
+    image: mariadb:10.3.10-bionic
    restart: always
    container_name: kopano_db
    volumes:
-      - db:/var/lib/mysql
+      - ./data/mysql/:/var/lib/mysql
    environment:
-      - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD  #change here
+      - MYSQL_ROOT_PASSWORD=kopano123
-      - MYSQL_PASSWORD=YOUR_PASSWORD #change here
+      - MYSQL_USER=kopanodbuser
      - MYSQL_PASSWORD=kopanodbpw
      - MYSQL_DATABASE=kopano
-      - MYSQL_USER=kopano
+    healthcheck:
      test: ["CMD-SHELL", 'mysql --database=$$MYSQL_DATABASE --password=$$MYSQL_ROOT_PASSWORD --execute="SELECT count(table_name) > 0 FROM information_schema.tables;" --skip-column-names -B']
      interval: 30s
      timeout: 10s
      retries: 4
    networks:
      - kopanonet
  kwebapp:
    image: zokradonh/kopano_webapp:latest
    hostname: kwebapp
    container_name: kopano_webapp
    links:
      - kserver
    volumes:
-  db:
+      - ./data/z-push-states/:/var/lib/z-push/
-  data:
+      - ./ssl/:/kopano/ssl
-  syncstates:
+      - ./data/socket/:/run/kopano
-  sslcerts:
+    environment:
-  tmpmaildata:
+      - TZ=Europe/Berlin
-  tmpmailstate:
+    networks:
      - web
      - kopanonet
  kssl:
    image: zokradonh/kopano_ssl
    container_name: kopano_ssl
    volumes:
      - ./data/ssl/:/kopano/ssl
  kserver:
    image: zokradonh/kopano_core:latest
    hostname: kserver
    container_name: kopano_server
    links:
      - db
      - ldap
    depends_on:
      - db
      - ldap
      - kssl
    environment:
      - SERVICE_TO_START=server
      - TZ=Europe/Berlin
      - KCCONF_SERVER_COREDUMP_ENABLED=no
      - KCCONF_SERVER_LOG_LEVEL=4
      - KCCONF_SERVER_MYSQL_HOST=db
      - KCCONF_SERVER_MYSQL_PORT=3306
      - KCCONF_SERVER_MYSQL_DATABASE=kopano
      - KCCONF_SERVER_MYSQL_USER=kopanodbuser
      - KCCONF_SERVER_MYSQL_PASSWORD=kopanodbpw
      - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
      - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
      - KCCONF_SERVER_SERVER_NAME=Kopano
      - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
      - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
      - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld  #change here
      - KCCONF_SERVER_DISABLED_FEATURES=pop3
      - KCCONF_LDAP_LDAP_URI=ldap://ldap:389
      - KCCONF_LDAP_LDAP_BIND_USER=cn=readonly,DC=kopano,DC=demo
      - KCCONF_LDAP_LDAP_BIND_PASSWD=kopano123
      - KCCONF_LDAP_LDAP_SEARCH_BASE=OU=users,dc=kopano,dc=demo
      - KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
      - KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
      #- ADDITIONAL_KOPANO_PACKAGES=kopano-migration-imap
    networks:
      - kopanonet
    volumes:
      - ./data/kopano/:/kopano/data
      - ./data/ssl/:/kopano/ssl
 networks:
-  web: # this requires an external docker container that is a http reverse proxy (e.g. haproxy)
+  web:
    external:
      name: haproxy_webrproxynet
  kopanonet:
    driver: bridge
--- a/docker-compose.yml-wip
+++ b/docker-compose.yml-wip
@ -0,0 +1,298 @@
 version: '3'
 services:
  kserver:
    image: zokradonh/kopano_core:${CORE_VERSION}
    hostname: kserver
    container_name: kopano_server
    links:
      - db
    depends_on:
      - "kssl"
    environment:
      - SERVICE_TO_START=server
      - TZ=Europe/Berlin
      - KCCONF_SERVER_COREDUMP_ENABLED=no
      - KCCONF_SERVER_LOG_LEVEL=4
      - KCCONF_SERVER_MYSQL_HOST=db
      - KCCONF_SERVER_MYSQL_PORT=3306
      - KCCONF_SERVER_MYSQL_DATABASE=kopano
      - KCCONF_SERVER_MYSQL_USER=root
      - KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD  #change here
      - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
      - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
      - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
      - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
      - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld  #change here
      - KCCONF_SERVER_DISABLED_FEATURES=pop3
      - KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/
      - KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport  #change here
      - KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
      - KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER  #change here
      - KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld  #change here
      - KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
      - KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
    networks:
      - kopanonet
    volumes:
      - data:/kopano/data
      - sslcerts:/kopano/ssl
  kdagent:
    image: zokradonh/kopano_core:${CORE_VERSION}
    container_name: kopano_dagent
    links:
      - kserver
    volumes:
      - sslcerts:/kopano/ssl
    environment:
      - SERVICE_TO_START=dagent
      - TZ=Europe/Berlin
      - KCCONF_DAGENT_LOG_LEVEL=6
      - KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/
      - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
    networks:
      - kopanonet
  kgateway:
    image: zokradonh/kopano_core:${CORE_VERSION}
    container_name: kopano_gateway
    links:
      - kserver
    volumes:
      - ./gatewaycerts/:/kopano/certs/
    environment:
      - SERVICE_TO_START=gateway
      - TZ=Europe/Berlin
      - KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
      - KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here
      - KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here
    networks:
      - kopanonet
  kical:
    image: zokradonh/kopano_core:${CORE_VERSION}
    container_name: kopano_ical
    links:
      - kserver
    environment:
      - SERVICE_TO_START=ical
      - TZ=Europe/Berlin
      - KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
    networks:
      - kopanonet
  kmonitor:
    image: zokradonh/kopano_core:${CORE_VERSION}
    container_name: kopano_monitor
    links:
      - kserver
    volumes:
      - sslcerts:/kopano/ssl
    environment:
      - SERVICE_TO_START=monitor
      - TZ=Europe/Berlin
      - KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/
      - KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem
    networks:
      - kopanonet
  ksearch:
    image: zokradonh/kopano_core:${CORE_VERSION}
    container_name: kopano_search
    links:
      - kserver
    volumes:
      - sslcerts:/kopano/ssl
    environment:
      - SERVICE_TO_START=search
      - TZ=Europe/Berlin
      - KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380
      - KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/
      - KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem
    networks:
      - kopanonet
  kspooler:
    image: zokradonh/kopano_core:${CORE_VERSION}
    container_name: kopano_spooler
    links:
      - kserver
    volumes:
      - sslcerts:/kopano/ssl
    environment:
      - SERVICE_TO_START=spooler
      - TZ=Europe/Berlin
      - KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/
      - KCCONF_SPOOLER_LOG_LEVEL=4
      - KCCONF_SPOOLER_SMTP_SERVER=kmta
      - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
    networks:
      - kopanonet
  kwebapp:
    image: zokradonh/kopano_webapp:${WEBAPP_VERSION}
    hostname: kwebapp
    container_name: kopano_webapp
    links:
      - kserver
    #ports:
    #  - "8236:80"
    #  - "8237:443"
    volumes:
      - syncstates:/var/lib/z-push/
      - sslcerts:/kopano/ssl
    environment:
      - TZ=Europe/Berlin
      - KCCONF_SERVERHOSTNAME=kserver
      - KCCONF_SERVERPORT=237
    networks:
      - web
      - kopanonet
  kssl:
    image: zokradonh/kopano_ssl
    container_name: kopano_ssl
    volumes:
      - sslcerts:/kopano/ssl
  kmta:
    image: tvial/docker-mailserver:latest
    hostname: myhost #change here
    domainname: domain.tld #change here
    #dns: 127.0.0.1
    container_name: kopano_mta
    #links:
    #  - adtunnel
    ports:
      - "25:25"
    #  - "143:143"
    #  - "587:587"
    #  - "993:993"
    volumes:
      - tmpmaildata:/var/mail
      - tmpmailstate:/var/mail-state
      - ./mtaconfig/:/tmp/docker-mailserver/ # create this dir
    environment:
      - TZ=Europe/Berlin
      - ENABLE_SPAMASSASSIN=1
      - ENABLE_CLAMAV=1
      - ENABLE_FAIL2BAN=1
      - ENABLE_POSTGREY=1
      - TLS_LEVEL=intermediate
      - POSTGREY_DELAY=10
      - ONE_DIR=1
      - DMS_DEBUG=0
      - ENABLE_LDAP=1
      - LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here
      - LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
      - LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
      - LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here
      - LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s)))
      - LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
      - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
      - LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group)))
      - ENABLE_SASLAUTHD=1
      - SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here
      - SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
      - SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER  #change here
      - SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld  #change here
      - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
      - SASLAUTHD_MECHANISMS=ldap
      - POSTMASTER_ADDRESS=postmaster@domain.tld #change here
      - SMTP_ONLY=1
      - PERMIT_DOCKER=network
      - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
      - POSTFIX_DAGENT=lmtp:kdagent:2003
      - REPORT_RECIPIENT=1
    networks:
      - kopanonet
    cap_add:
      - NET_ADMIN
      - SYS_PTRACE
  db:
    image: mariadb
    restart: always
    container_name: kopano_db
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD  #change here
      - MYSQL_PASSWORD=YOUR_PASSWORD #change here
      - MYSQL_DATABASE=kopano
      - MYSQL_USER=kopano
    networks:
      - kopanonet
 volumes:
  db:
  data:
  syncstates:
  sslcerts:
  tmpmaildata:
  tmpmailstate:
 networks:
  web:
    external:
      driver: default
  kopanonet:
    driver: bridge
 version: "3"
 services:
  rainloop:
    image: hardware/rainloop
    links:
      - mail
    volumes:
      - ./data/rainloop:/rainloop/data
  mail:
    image: tvial/docker-mailserver:latest
    restart: always
    hostname: mail
    domainname: fancydomain.tld
    container_name: mail
    ports:
      - "25:25"
      - "143:143"
      - "587:587"
      - "993:993"
      - "4190:4190"
    volumes:
      - ./data/mail/data:/var/mail
      - ./data/mail/state:/var/mail-state
      - ./mail/config:/tmp/docker-mailserver/
      - ./data/entry/acme/acme-v01.api.letsencrypt.org/sites/mail.fancydomain.tld:/tmp/ssl:ro
    environment:
      - ENABLE_SPAMASSASSIN=1
      - ENABLE_CLAMAV=1
      - ENABLE_FAIL2BAN=1
      - ENABLE_POSTGREY=1
      - ONE_DIR=1
      - DMS_DEBUG=0
      - ENABLE_MANAGESIEVE=1
      - SSL_TYPE=manual
      - SSL_CERT_PATH=/tmp/ssl/mail.fancydomain.tld.crt
      - SSL_KEY_PATH=/tmp/ssl/mail.fancydomain.tld.key
    cap_add:
      - NET_ADMIN
  entry:
    image: abiosoft/caddy:0.10.4
    restart: always
    privileged: true
    links:
      - rainloop
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./entry/Caddyfile:/etc/Caddyfile
      - ./data/entry:/root/.caddy
--- a/5
+++ b/5
@ -0,0 +1,5 @@
 # modify below to build a different version, than the kopano nightly release
 KOPANO_CORE_REPOSITORY_URL=https://serial:xxxx@download.kopano.io/supported/core:/final/Debian_9.0/
 KOPANO_WEBAPP_REPOSITORY_URL=https://serial:xxxx@download.kopano.io/supported/webapp:/final/Debian_9.0/
 RELEASE_KEY_DOWNLOAD=1
 DOWNLOAD_COMMUNITY_PACKAGES=0
--- a/ldap/Dockerfile
+++ b/ldap/Dockerfile
@ -0,0 +1,4 @@
 FROM osixia/openldap:1.2.2
 ADD bootstrap /container/service/slapd/assets/config/bootstrap
 RUN rm /container/service/slapd/assets/config/bootstrap/schema/mmc/mail.schema
--- a/ldap/bootstrap/ldif/demo-users.ldif
+++ b/ldap/bootstrap/ldif/demo-users.ldif
--- a/ldap/bootstrap/schema/mmc/kopano.schema
+++ b/ldap/bootstrap/schema/mmc/kopano.schema
@ -0,0 +1,336 @@
 attributetype ( 1.3.6.1.4.1.47732.1.1.1.1
 	NAME 'kopanoQuotaOverride'
 	DESC 'KOPANO: Override child quota'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 attributetype ( 1.3.6.1.4.1.47732.1.1.1.2
 	NAME 'kopanoQuotaWarn'
 	DESC 'KOPANO: Warning quota size in MB'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 attributetype ( 1.3.6.1.4.1.47732.1.1.1.3
 	NAME 'kopanoQuotaSoft'
 	DESC 'KOPANO: Soft quota size in MB'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 attributetype ( 1.3.6.1.4.1.47732.1.1.1.4
 	NAME 'kopanoQuotaHard'
 	DESC 'KOPANO: Hard quota size in MB'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
 attributetype ( 1.3.6.1.4.1.47732.1.1.1.5
 	NAME 'kopanoUserDefaultQuotaOverride'
 	DESC 'KOPANO: Override User default quota for children'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 attributetype ( 1.3.6.1.4.1.47732.1.1.1.6
 	NAME 'kopanoUserDefaultQuotaWarn'
 	DESC 'KOPANO: User default warning quota size in MB'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 attributetype ( 1.3.6.1.4.1.47732.1.1.1.7
 	NAME 'kopanoUserDefaultQuotaSoft'
 	DESC 'KOPANO: User default soft quota size in MB'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 attributetype ( 1.3.6.1.4.1.47732.1.1.1.8
 	NAME 'kopanoUserDefaultQuotaHard'
 	DESC 'KOPANO: User default hard quota size in MB'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
 attributetype ( 1.3.6.1.4.1.47732.1.1.2.1
 	NAME 'kopanoAdmin'
 	DESC 'KOPANO: Administrator of kopano'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
 attributetype ( 1.3.6.1.4.1.47732.1.1.2.2
 	NAME 'kopanoSharedStoreOnly'
 	DESC 'KOPANO: is store a shared store'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
 attributetype ( 1.3.6.1.4.1.47732.1.1.2.3
 	NAME 'kopanoAccount'
 	DESC 'KOPANO: entry is a part of kopano'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
 attributetype ( 1.3.6.1.4.1.47732.1.1.2.4
 	NAME 'kopanoSendAsPrivilege'
 	DESC 'KOPANO: Users may directly send email as this user'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 attributetype ( 1.3.6.1.4.1.47732.1.1.2.5
 	NAME 'kopanoMrAccept'
 	DESC 'KOPANO: user should auto-accept meeting requests'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
 attributetype ( 1.3.6.1.4.1.47732.1.1.2.6
 	NAME 'kopanoMrDeclineConflict'
 	DESC 'KOPANO: user should automatically decline conflicting meeting requests'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
 attributetype ( 1.3.6.1.4.1.47732.1.1.2.7
 	NAME 'kopanoMrDeclineRecurring'
 	DESC 'KOPANO: user should automatically decline recurring meeting requests'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
 attributetype ( 1.3.6.1.4.1.47732.1.1.2.8
 	NAME 'kopanoId'
 	DESC 'KOPANO: Generic unique ID'
 	EQUALITY octetStringMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )	
 attributetype ( 1.3.6.1.4.1.47732.1.1.2.9
 	NAME 'kopanoResourceType'
 	DESC 'KOPANO: for shared stores, resource is type Room or Equipment'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )	
 attributetype ( 1.3.6.1.4.1.47732.1.1.2.10
 	NAME 'kopanoResourceCapacity'
 	DESC 'KOPANO: number of rooms or equipment available'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
 attributetype ( 1.3.6.1.4.1.47732.1.1.2.11
 	NAME 'kopanoHidden'
 	DESC 'KOPANO: This object should be hidden from address book'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 attributetype ( 1.3.6.1.4.1.47732.1.1.2.13
 	NAME 'kopanoEnabledFeatures'
 	DESC 'KOPANO: This user has these features explicitly enabled'
 	EQUALITY caseIgnoreMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
 attributetype ( 1.3.6.1.4.1.47732.1.1.2.14
 	NAME 'kopanoDisabledFeatures'
 	DESC 'KOPANO: This user has these features explicitly disabled'
 	EQUALITY caseIgnoreMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
 attributetype ( 1.3.6.1.4.1.47732.1.1.3.1
 	NAME 'kopanoAliases'
 	DESC 'KOPANO: All other email addresses for this user'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 attributetype ( 1.3.6.1.4.1.47732.1.1.4.1
 	NAME 'kopanoUserServer'
 	DESC 'KOPANO: Home server for the user'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 attributetype ( 1.3.6.1.4.1.47732.1.1.6.1
 	NAME 'kopanoUserArchiveServers'
 	DESC 'KOPANO: List of server names that contain an archive store for the user'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 attributetype ( 1.3.6.1.4.1.47732.1.1.6.2
 	NAME 'kopanoUserArchiveCouplings'
 	DESC 'KOPANO: List of username:foldername pairs that specify many-to-one archive locations'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 objectclass	( 1.3.6.1.4.1.47732.1.1.0.0
 	NAME 'kopano-user'
 	DESC 'KOPANO: an user of Kopano'
 	SUP top AUXILIARY
 	MUST ( cn )
 	MAY (
 		kopanoQuotaOverride $ kopanoQuotaWarn $ kopanoQuotaSoft $ kopanoSendAsPrivilege $
 		kopanoQuotaHard $ kopanoAdmin $ kopanoSharedStoreOnly $ kopanoResourceType $
 		kopanoResourceCapacity $ kopanoAccount $ kopanoHidden $ kopanoAliases $
 		kopanoUserServer $ kopanoEnabledFeatures $ kopanoDisabledFeatures $
 		kopanoUserArchiveServers $ kopanoUserArchiveCouplings $
 		uidNumber
 		)
 	)
 objectclass	( 1.3.6.1.4.1.47732.1.6.0.0
 	NAME 'kopano-contact'
 	DESC 'KOPANO: a contact of Kopano'
 	SUP top AUXILIARY
 	MUST ( cn $ uidNumber )
 	MAY (
 		kopanoSendAsPrivilege $ kopanoHidden $ kopanoAliases $ kopanoAccount
 		)
 	)
 attributetype ( 1.3.6.1.4.1.47732.1.2.2.1
 	NAME 'kopanoSecurityGroup'
 	DESC 'KOPANO: group has security possibilities'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 objectclass	( 1.3.6.1.4.1.47732.1.2.0.0
 	NAME 'kopano-group'
 	DESC 'KOPANO: a group of Kopano'
 	SUP top	AUXILIARY
 	MUST ( cn )
 	MAY (
 		kopanoAccount $ kopanoHidden $ mail $ kopanoAliases $ kopanoSecurityGroup $ kopanoSendAsPrivilege $
 		gidNumber
 		)
 	)
 attributetype ( 1.3.6.1.4.1.47732.1.3.2.4
 	NAME 'kopanoViewPrivilege'
 	DESC 'KOPANO: Companies with view privileges over selected company'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 	)
 attributetype ( 1.3.6.1.4.1.47732.1.3.2.5
 	NAME 'kopanoAdminPrivilege'
 	DESC 'KOPANO: Users from different companies which are administrator over selected company'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 	)
 attributetype ( 1.3.6.1.4.1.47732.1.3.2.6
 	NAME 'kopanoSystemAdmin'
 	DESC 'KOPANO: The user who is the system administrator for this company'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
 	)
 attributetype (1.3.6.1.4.1.47732.1.3.1.5
 	NAME 'kopanoQuotaUserWarningRecipients'
 	DESC 'KOPANO: Users who will recieve a notification email when a user exceeds his quota'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 	)
 attributetype (1.3.6.1.4.1.47732.1.3.1.6
 	NAME 'kopanoQuotaCompanyWarningRecipients'
 	DESC 'KOPANO: Users who will recieve a notification email when a company exceeds its quota'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 	)
 attributetype ( 1.3.6.1.4.1.47732.1.3.4.1
 	NAME 'kopanoCompanyServer'
 	DESC 'KOPANO: Home server for the public folders for a company'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 objectclass ( 1.3.6.1.4.1.47732.1.3.0.0
 	NAME 'kopano-company'
 	DESC 'KOPANO: a company of Kopano' 
 	SUP top AUXILIARY
 	MUST ( ou )
 	MAY (
 		kopanoAccount $ kopanoHidden $
 		kopanoViewPrivilege $ kopanoAdminPrivilege $ kopanoSystemAdmin $
 		kopanoQuotaOverride $ kopanoQuotaWarn $
 		kopanoUserDefaultQuotaOverride $ kopanoUserDefaultQuotaWarn $ kopanoUserDefaultQuotaSoft $ kopanoUserDefaultQuotaHard $
 		kopanoQuotaUserWarningRecipients $ kopanoQuotaCompanyWarningRecipients $
 		kopanoCompanyServer
 		)
 	)
 attributetype (1.3.6.1.4.1.47732.1.4.4.1
 	NAME 'kopanoHttpPort'
 	DESC 'KOPANO: Port for the http connection'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 attributetype (1.3.6.1.4.1.47732.1.4.4.2
 	NAME 'kopanoSslPort'
 	DESC 'KOPANO: Port for the ssl connection'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 attributetype (1.3.6.1.4.1.47732.1.4.4.3
 	NAME 'kopanoFilePath'
 	DESC 'KOPANO: The Unix socket or named pipe to the server'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 attributetype (1.3.6.1.4.1.47732.1.4.4.4
 	NAME 'kopanoContainsPublic'
 	DESC 'KOPANO: This server contains the public store'
 	EQUALITY integerMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 attributetype (1.3.6.1.4.1.47732.1.4.4.6
 	NAME 'kopanoProxyURL'
 	DESC 'KOPANO: Full proxy URL for this server'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 objectclass ( 1.3.6.1.4.1.47732.1.4.0.0
 	NAME 'kopano-server'
 	DESC 'KOPANO: a Kopano server'
 	SUP top AUXILIARY
 	MUST ( cn )
 	MAY (
 		kopanoAccount $ kopanoHidden $ kopanoHttpPort $ kopanoSslPort $ kopanoFilePath $ kopanoContainsPublic $ kopanoProxyURL
 		)
 	)
 attributetype (1.3.6.1.4.1.47732.1.5.5.1
 	NAME 'kopanoFilter'
 	DESC 'KOPANO: LDAP Filter to apply'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 attributetype (1.3.6.1.4.1.47732.1.5.5.2
 	NAME 'kopanoBase'
 	DESC 'KOPANO: LDAP Search base to apply'
 	EQUALITY caseIgnoreMatch
 	SUBSTR caseIgnoreSubstringsMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 objectclass ( 1.3.6.1.4.1.47732.1.5.0.0
 	NAME 'kopano-addresslist'
 	DESC 'KOPANO: a Kopano Addresslist'
 	SUP top STRUCTURAL
 	MUST ( cn )
    MAY (
 		kopanoAccount $ kopanoHidden $ kopanoFilter $ kopanoBase
 		)
 	)
 objectclass ( 1.3.6.1.4.1.47732.1.7.0.0
 	NAME 'kopano-dynamicgroup'
 	DESC 'KOPANO: a Kopano dynamic group'
 	SUP top STRUCTURAL
 	MUST ( cn )
    MAY (
 		kopanoAccount $ kopanoHidden $ mail $ kopanoAliases $ kopanoFilter $ kopanoBase
 		)
 	)
--- a/ssl/gencerts.sh
+++ b/ssl/gencerts.sh
@ -1,9 +1,12 @@
 #!/bin/sh
 # https://github.com/google/easypki
 # TODO integrate this directly into start.sh?
 echo "Creating CA and Server certificates..."
 easypki create --filename internalca --organizational-unit primary --expire 3650 --ca "Internal Kopano System"
 mkdir -p /kopano/ssl/clients/
 cp /kopano/easypki/internalca/certs/internalca.crt /kopano/ssl/ca.pem
 for s in kserver kdagent kmonitor ksearch kspooler kwebapp
--- a/ssl/start.sh
+++ b/ssl/start.sh
@ -1,8 +1,7 @@
 #!/bin/sh
-
+if [ -f /kopano/ssl/ca.pem ]; then
-if [ -f /kopano/ssl/ca.pem ]
+	exit 0
  then exit 0
 fi
 /gencerts.sh
--- a/version.sh
+++ b/version.sh
@ -8,6 +8,26 @@ source base/create-kopano-repo.sh
 component=${1:-core}
 if [ -e ./env ]; then
 	source ./env
 fi
 KOPANO_CORE_REPOSITORY_URL=${KOPANO_CORE_REPOSITORY_URL:-""}
 KOPANO_WEBAPP_REPOSITORY_URL=${KOPANO_WEBAPP_REPOSITORY_URL:-""}
 if [[ $KOPANO_CORE_REPOSITORY_URL == http* ]] || [[ $KOPANO_WEBAPP_REPOSITORY_URL == http* ]]; then
 	case $component in
 	core)
 		version=$(curl -s -S -L $KOPANO_CORE_REPOSITORY_URL/Packages | grep -A2 "Package: kopano-server-packages")
 		echo "${version##* }"
 		;;
 	webapp)
 		version=$(curl -s -S -L $KOPANO_WEBAPP_REPOSITORY_URL/Packages | grep -m1 -A1 "Package: kopano-webapp")
 		echo "${version##* }"
 		;;
 	esac
 	exit
 fi
 # query community server by h5ai API
 filename=$(h5ai_query "$component")
--- a/web/Caddyfile
+++ b/web/Caddyfile
@ -0,0 +1,11 @@
 webapp.kopano.demo {
 	tls self_signed
 	redir / /webapp
 	proxy /webapp kwebapp:80 {
 		transparent
 		websocket
 	}
 }
--- a/webapp/start.sh
+++ b/webapp/start.sh
@ -1,18 +1,45 @@
 #!/bin/bash
 # define default value for serverhostname and serverport if not passed into container
 KCCONF_SERVERHOSTNAME=${KCCONF_SERVERHOSTNAME:-127.0.0.1}
 KCCONF_SERVERPORT=${KCCONF_SERVERPORT:-237}
 ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
 set -eu # unset variables are errors & non-zero return values exit the whole script
 [ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && apt update
 [ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && for installpkg in "$ADDITIONAL_KOPANO_PACKAGES"; do
 	if [ $(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
 		apt --assume-yes install $installpkg;
 	fi
 done
 echo "Ensure directories"
 mkdir -p /run/sessions /tmp/webapp
-echo "Configure webapp"
+if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
 	echo "Kopano WebApp is using the default: connection"
 else
 	echo "Kopano WebApp is using an ip connection"
 	sed -e "s#define(\"DEFAULT_SERVER\",\s*\".*\"#define(\"DEFAULT_SERVER\", \"https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano\"#" \
 	    -i /etc/kopano/webapp/config.php
 fi
 # TODO is enabling this really neccesary when reverse proxying webapp?
 echo "Configuring Kopano WebApp for use behind a reverse proxy"
 sed \
    -e "s#define(\"INSECURE_COOKIES\",\s*.*)#define(\"INSECURE_COOKIES\", true)#" \
    -i /etc/kopano/webapp/config.php
-echo "Configure z-push"
+if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
 	echo "Z-Push is using the default: connection"
 else
 	echo "Z-Push is using an ip connection"
 	sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \
 	    -i /etc/z-push/kopano.conf.php
 fi
 echo "Configuring Z-Push for use behind a reverse proxy"
 sed -e "s#define([\"']USE_CUSTOM_REMOTE_IP_HEADER[\"'],\s*false)#define('USE_CUSTOM_REMOTE_IP_HEADER', true)#" \
    -i /etc/z-push/z-push.conf.php
Author	SHA1	Message	Date
Felix Bartels	119826e180	make it possible to build official kopano releases Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-11-06 12:14:11 +01:00
Felix Bartels	12eb0daddc	move server name to docker-compose Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-11-06 07:53:04 +01:00
Felix Bartels	19563d1dc8	add usage to the readme Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-11-05 10:27:08 +01:00
Felix Bartels	52113f3206	clean up ldap demo data Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-11-05 09:49:41 +01:00
Felix Bartels	ff542b4f54	healthcheck test Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-11-05 08:43:00 +01:00
Felix Bartels	0aaba5224e	convert kcconf.py to unix line endings add *:236 to default config add healthckeck script Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-11-05 08:03:24 +01:00
Felix Bartels	4dd68c9499	configure kopano-server for ldap Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-11-04 22:42:43 +01:00
Felix Bartels	fd5f50f13b	update readme, remove user 1234 from demo data Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-11-04 21:31:48 +01:00
Felix Bartels	05ef34d41b	add demo data to ldap Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-11-04 21:18:54 +01:00
Felix Bartels	0c459dd16d	start kopano-server through dockerize Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-11-04 12:05:57 +01:00
Felix Bartels	c8096b9a8f	make it possible to install additional packages at runtime and not only during build Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-11-01 08:37:50 +01:00
Felix Bartels	2043b94062	update todo Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-10-23 09:45:54 +02:00
Felix Bartels	098ff5208c	add a link to the project into gencerts.sh Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-10-23 09:45:21 +02:00
Felix Bartels	8db1dc5488	make webapp container start first start with caddyfile Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-10-22 12:13:10 +02:00
Felix Bartels	51af427dce	add demo ldap data from https://github.com/tomav/docker-mailserver/tree/master/test/docker-openldap	2018-10-22 10:06:42 +02:00
Felix Bartels	6773927116	reolace until loop with dockerize as well Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-10-20 09:07:21 +02:00
Felix Bartels	92b6e0da10	update docker-file while it did not work out to depend in the health status of mysql for the start of kopano-server, its nevertheless an interesting value. since the dockerfile does not include an automatic healcheak, add it to the compose file. Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-10-19 16:48:19 +02:00
Felix Bartels	0bd6886b47	use dockerize to wait for mysql to start up Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-10-19 16:47:51 +02:00
Felix Bartels	b381a29859	add dockerize to base image	2018-10-19 16:47:32 +02:00
Felix Bartels	d08b00375c	tuning of ssl settings Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-10-19 15:19:04 +02:00
Felix Bartels	5d838d2194	wait with kopano-server startup until ssl certificates are present Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-10-19 15:18:29 +02:00
Felix Bartels	b608aa59f5	also build ssl helper container fix creation of folders when ssl helper is run with mounted dirs	2018-10-19 15:17:59 +02:00
Felix Bartels	a3315f61c9	do not ignore ssl dir	2018-10-19 15:17:07 +02:00
Felix Bartels	a183ac1f8d	make committing of components always succeed Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-10-18 18:18:40 +02:00
Felix Bartels	a656ddb8f5	refine tagging a bit Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-10-18 18:10:59 +02:00
Felix Bartels	a2511f4f44	ci: commit changes before tagging	2018-10-18 14:33:48 +02:00
Felix Bartels	0b686587c2	Merge branch 'master' into compose	2018-10-18 14:32:58 +02:00
Felix Bartels	c44017b3e3	Merge branch 'master' into compose	2018-10-18 14:28:03 +02:00
Felix Bartels	c08bdfc6a9	docker-compose Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-10-17 22:55:12 +02:00
Felix Bartels	5523f4c984	wip: try to get some inspiration from https://www.davd.eu/byecloud-building-a-mailserver-with-modern-webmail/ for the compose example Signed-off-by: Felix Bartels <felix@host-consultants.de>	2018-10-17 08:46:58 +02:00