make it possible to build official kopano releases

Signed-off-by: Felix Bartels <felix@host-consultants.de>

.gitignore

@@ -2,4 +2,5 @@
 **/.vscode
 *.yml
 docker-compose.yml
-certs/*
+data/*
+env

Makefile

@@ -9,13 +9,28 @@ core_download_version = $(shell ./version.sh core)
 webapp_version = $(shell docker run --rm $(docker_repo)/kopano_webapp cat /kopano/buildversion | tail -n 1 | grep -o -P '(?<=-).*(?=\+)')
 webapp_download_version = $(shell ./version.sh webapp)
 
+KOPANO_CORE_REPOSITORY_URL := file:/kopano/repo/core
+KOPANO_WEBAPP_REPOSITORY_URL := file:/kopano/repo/webapp
+RELEASE_KEY_DOWNLOAD := 0
+DOWNLOAD_COMMUNITY_PACKAGES := 1
+
+include env
+export
+
+# convert lowercase componentname to uppercase
 COMPONENT = $(shell echo $(component) | tr a-z A-Z)
 
-build-all: build-base build-core build-webapp
+build-all: build-ssl build-base build-core build-webapp
 
 build: component ?= base
 build:
-	docker build --build-arg KOPANO_$(COMPONENT)_VERSION=${$(component)_download_version} -t $(docker_repo)/kopano_$(component) $(component)/
+	docker build \
+		--build-arg KOPANO_$(COMPONENT)_VERSION=${$(component)_download_version} \
+		--build-arg KOPANO_CORE_REPOSITORY_URL=$(KOPANO_CORE_REPOSITORY_URL) \
+		--build-arg KOPANO_WEBAPP_REPOSITORY_URL=$(KOPANO_WEBAPP_REPOSITORY_URL) \
+		--build-arg RELEASE_KEY_DOWNLOAD=$(RELEASE_KEY_DOWNLOAD) \
+		--build-arg DOWNLOAD_COMMUNITY_PACKAGES=$(DOWNLOAD_COMMUNITY_PACKAGES) \
+		-t $(docker_repo)/kopano_$(component) $(component)/
 
 build-base:
 	component=base make build
@@ -26,12 +41,16 @@ build-core:
 build-webapp:
 	component=webapp make build
 
+build-ssl:
+	docker build -t $(docker_repo)/kopano_ssl ssl/
+
 tag: component ?= base
 tag:
 	@echo 'create tag $($(component)_version)'
 	docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):${$(component)_version}
 	@echo 'create tag latest'
 	docker tag $(docker_repo)/kopano_$(component) $(docker_repo)/kopano_$(component):latest
+	git commit -m 'ci: committing changes for $(component)' -- $(component) || true
 	git tag $(component)/${$(component)_version} || true
 
 tag-base:
@@ -43,14 +62,11 @@ tag-core:
 tag-webapp:
 	component=webapp make tag
 
-git-commit:
-	git add -A && git commit -m "ci: commit changes before tagging"
-
 # Docker publish
 repo-login:
 	docker login -u $(docker_login) -p $(docker_pwd)
 
-publish: git-commit repo-login publish-base publish-core publish-webapp
+publish: repo-login publish-ssl publish-base publish-core publish-webapp
 	git push
 	git push origin --tags
 
@@ -68,3 +84,6 @@ publish-core: build-core tag-core
 
 publish-webapp: build-webapp tag-webapp
 	component=webapp make publish-container
+
+publish-ssl: build-ssl
+	docker push $(docker_repo)/kopano_ssl:latest

README.md

@@ -1,3 +1,32 @@
+# (unofficial) Kopano Docker Images
+
+New instructions:
+
+- explain Makefile
+- `make docker_repo=kopano publish` to upload to a custom docker hub account
+
+
+## Getting started with docker-compose
+
+Thie repository contains an example docker-compose.yml file that spins up a Kopano demo environment incl. pre filled ldap tree. Run `docker-compose build` to create the ldap image locally. After running `docker-compose up` you can login through phpldapadmin at http://localhost:8081/ with the the user `cn=admin,dc=kopano,dc=demo` with the password `kopano123`.
+
+git clone https://github.com/fbartels/kopano-docker.git
+cd kopano-docker
+git checkout compose
+make build-all
+docker-compose build
+docker-compose up -d
+docker-compose exec kserver kopano-cli --list-users
+docker-compose logs -f kserver
+
+
+docker-compose down
+sudo rm -rf data/
+docker-compose up -d
+
+
+
+
 # Kopano Docker Image
 Unofficial kopano docker images for all kopano services.
 Use kopano_core image for server/spooler/dagent/search/monitor/ical/gateway services.

base/Dockerfile

@@ -31,6 +31,9 @@ RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
     dpkg-reconfigure --frontend=noninteractive locales && \
     update-locale LANG=en_US.UTF-8
 
+ENV DOCKERIZE_VERSION v0.6.1
+RUN curl -L https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz | tar xzvf - -C /usr/local/bin
+
 ARG ADDITIONAL_KOPANO_PACKAGES=""
 ARG DOWNLOAD_COMMUNITY_PACKAGES=1
 ARG KOPANO_CORE_REPOSITORY_URL="file:/kopano/repo/core"

core/Dockerfile

@@ -47,3 +47,6 @@ COPY kcconf.py defaultconfigs/ start-service.sh /kopano/
 ENTRYPOINT ["/usr/bin/dumb-init", "--"]
 
 CMD [ "/kopano/start-service.sh" ]
+
+HEALTHCHECK --interval=30s --timeout=60s \
+	CMD /kopano/healthcheck.sh

core/defaultconfigs/server.py

@@ -9,7 +9,7 @@ kcconf.configkopano({
         'log_level': "3",
         'attachment_path': "/kopano/data/attachments/",
         'user_plugin': "ldap",
-        'server_listen': "",
+        'server_listen': "*:236",
         'server_listen_tls': "*:237"
     }
 })

core/healthcheck.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -ex
+
+case "$SERVICE_TO_START" in
+server)
+	kopano-cli --list-users
+	exit 0
+	;;
+esac

core/kcconf.py

@@ -1,77 +1,77 @@
-"""This module provides functions for easy editing of kopano config files
+"""This module provides functions for easy editing of kopano config files
-via environment variables"""
+via environment variables"""
-
+
-import re
+import re
-import os
+import os
-import os.path
+import os.path
-
+
-def configkopano(configs):
+def configkopano(configs):
-    """ Changes configuration files according to configs typically returned from parseenvironmentvariables(..)"""
+    """ Changes configuration files according to configs typically returned from parseenvironmentvariables(..)"""
-    for filename, config in configs.items():
+    for filename, config in configs.items():
-        if not os.path.exists(filename):
+        if not os.path.exists(filename):
-            return
+            return
-        # read configuration file
+        # read configuration file
-        with open(filename) as f:
+        with open(filename) as f:
-            contents = f.read()
+            contents = f.read()
-        f.close()
+        f.close()
-
+
-        for key, newvalue in config.items():
+        for key, newvalue in config.items():
-            if key == "kccomment":
+            if key == "kccomment":
-                # comment lines
+                # comment lines
-                for line in newvalue:
+                for line in newvalue:
-                    contents = re.sub(r"^\s*" + re.escape(line), r"#{}".format(line), contents, 0, re.MULTILINE)
+                    contents = re.sub(r"^\s*" + re.escape(line), r"#{}".format(line), contents, 0, re.MULTILINE)
-            elif key == "kcuncomment":
+            elif key == "kcuncomment":
-                # uncomment lines
+                # uncomment lines
-                for line in newvalue:
+                for line in newvalue:
-                    contents = re.sub(r"^\s*#\s*" + re.escape(line) , line, contents, 0, re.MULTILINE)
+                    contents = re.sub(r"^\s*#\s*" + re.escape(line) , line, contents, 0, re.MULTILINE)
-            else:
+            else:
-                # find config line
+                # find config line
-                if re.search(r"^\s*#?\s*{}\s*=.*".format(key), contents, re.MULTILINE) == None:
+                if re.search(r"^\s*#?\s*{}\s*=.*".format(key), contents, re.MULTILINE) == None:
-                    # add configuration as new line
+                    # add configuration as new line
-                    contents += "\n{} = {}".format(key, newvalue)
+                    contents += "\n{} = {}".format(key, newvalue)
-                else:
+                else:
-                    # change existing line
+                    # change existing line
-                    contents = re.sub(r"^\s*#?\s*{}\s*=.*".format(key), r"{} = {}".format(key, newvalue), contents, 0, re.MULTILINE)
+                    contents = re.sub(r"^\s*#?\s*{}\s*=.*".format(key), r"{} = {}".format(key, newvalue), contents, 0, re.MULTILINE)
-
+
-        # save new configuration
+        # save new configuration
-        with open(filename, "w") as f:
+        with open(filename, "w") as f:
-            f.write(contents)
+            f.write(contents)
-        f.close()
+        f.close()
-
+
-def parseenvironmentvariables(prependingpath):
+def parseenvironmentvariables(prependingpath):
-    """ Parse all environment variables starting with KCCONF_, KCCOMMENT_ and KCUNCOMMENT_ and 
+    """ Parse all environment variables starting with KCCONF_, KCCOMMENT_ and KCUNCOMMENT_ and
-    return as multi dimensional dict """
+    return as multi dimensional dict """
-    configs = dict()
+    configs = dict()
-
+
-    for name, value in os.environ.items():
+    for name, value in os.environ.items():
-        # parse change/add configuration commands
+        # parse change/add configuration commands
-        namematch = re.match(r"^KCCONF_([A-Z]+)_([A-Z0-9_]+)$", name)
+        namematch = re.match(r"^KCCONF_([A-Z]+)_([A-Z0-9_]+)$", name)
-        if namematch != None:
+        if namematch != None:
-            filename = namematch.group(1).lower() + ".cfg"
+            filename = namematch.group(1).lower() + ".cfg"
-            if prependingpath + filename not in configs:
+            if prependingpath + filename not in configs:
-                configs[prependingpath + filename] = dict()
+                configs[prependingpath + filename] = dict()
-            confkey = namematch.group(2).lower()
+            confkey = namematch.group(2).lower()
-            configs[prependingpath + filename][confkey] = value
+            configs[prependingpath + filename][confkey] = value
-        # parse comment configuration commands
+        # parse comment configuration commands
-        commentmatch = re.match(r"^KCCOMMENT_([A-Z]+)_([A-Z0-9_]+)$", name)
+        commentmatch = re.match(r"^KCCOMMENT_([A-Z]+)_([A-Z0-9_]+)$", name)
-        if commentmatch != None:
+        if commentmatch != None:
-            filename = commentmatch.group(1).lower() + ".cfg"
+            filename = commentmatch.group(1).lower() + ".cfg"
-            if prependingpath + filename not in configs:
+            if prependingpath + filename not in configs:
-                configs[prependingpath + filename] = dict()
+                configs[prependingpath + filename] = dict()
-            try: 
+            try:
-                configs[prependingpath + filename]["kccomment"].append(value)
+                configs[prependingpath + filename]["kccomment"].append(value)
-            except KeyError:
+            except KeyError:
-                configs[prependingpath + filename]["kccomment"] = []
+                configs[prependingpath + filename]["kccomment"] = []
-                configs[prependingpath + filename]["kccomment"].append(value)
+                configs[prependingpath + filename]["kccomment"].append(value)
-        # parse uncomment configuration commands
+        # parse uncomment configuration commands
-        uncommentmatch = re.match(r"^KCUNCOMMENT_([A-Z]+)_([A-Z0-9_]+)$", name)
+        uncommentmatch = re.match(r"^KCUNCOMMENT_([A-Z]+)_([A-Z0-9_]+)$", name)
-        if uncommentmatch != None:
+        if uncommentmatch != None:
-            filename = uncommentmatch.group(1).lower() + ".cfg"
+            filename = uncommentmatch.group(1).lower() + ".cfg"
-            if prependingpath + filename not in configs:
+            if prependingpath + filename not in configs:
-                configs[prependingpath + filename] = dict()
+                configs[prependingpath + filename] = dict()
-            try: 
+            try:
-                configs[prependingpath + filename]["kcuncomment"].append(value)
+                configs[prependingpath + filename]["kcuncomment"].append(value)
-            except KeyError:
+            except KeyError:
-                configs[prependingpath + filename]["kcuncomment"] = []
+                configs[prependingpath + filename]["kcuncomment"] = []
-                configs[prependingpath + filename]["kcuncomment"].append(value)
+                configs[prependingpath + filename]["kcuncomment"].append(value)
-    return configs
+    return configs

core/start-service.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
+
 set -eu # unset variables are errors & non-zero return values exit the whole script
 
 if [ ! -e /kopano/$SERVICE_TO_START.py ]
@@ -8,6 +10,13 @@ then
     exit 1
 fi
 
+[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && apt update
+[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && for installpkg in "$ADDITIONAL_KOPANO_PACKAGES"; do
+	if [ $(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
+		apt --assume-yes install $installpkg;
+	fi
+done
+
 mkdir -p /kopano/data/attachments /tmp/$SERVICE_TO_START /var/run/kopano
 
 echo "Configure core service '$SERVICE_TO_START'" | ts
@@ -17,8 +26,8 @@ echo "Set ownership" | ts
 chown -R kopano:kopano /run /tmp
 chown kopano:kopano /kopano/data/ /kopano/data/attachments
 
-echo "Clean old pid files and sockets" | ts
+#echo "Clean old pid files and sockets" | ts
-rm -f /var/run/kopano/*
+#rm -f /var/run/kopano/*
 
 # allow helper commands given by "docker-compose run"
 if [ $# -gt 0 ]
@@ -30,7 +39,13 @@ fi
 # start regular service
 case "$SERVICE_TO_START" in
     server)
-        exec /usr/sbin/kopano-server -F
+	# TODO use dockerize to start other services as well
+	exec dockerize \
+		-wait file://$KCCONF_SERVER_SERVER_SSL_CA_FILE \
+		-wait file://$KCCONF_SERVER_SERVER_SSL_KEY_FILE \
+		-wait tcp://db:3306 \
+		-timeout 360s \
+		/usr/sbin/kopano-server -F
         ;;
     dagent)
         exec /usr/sbin/kopano-dagent -l

docker-compose.yml-example

@@ -1,206 +1,102 @@
-version: '3'
+version: "3"
 
 services:
-
+  web:
-  kserver:
+    image: abiosoft/caddy:0.10.4
-    image: zokradonh/kopano_core:${CORE_VERSION}
+    container_name: web
-    hostname: kserver
+    restart: always
-    container_name: kopano_server
+    privileged: true
     links:
-      - db
+      - kwebapp
+      #- kzpush
+    ports:
+      - "10080:80"
+      - "10443:443"
+    volumes:
+      - ./web/Caddyfile:/etc/Caddyfile
+      - ./data/web:/root/.caddy
+
+  ldap:
+    build: ldap/
+    #image: osixia/openldap:1.2.2
+    container_name: ldap
+    ports:
+      - 389:389
+    environment:
+      - LDAP_ORGANISATION="Kopano Demo"
+      - LDAP_DOMAIN=kopano.demo
+      - LDAP_BASE_DN=dc=kopano,dc=demo
+      - LDAP_ADMIN_PASSWORD=kopano123
+      - LDAP_READONLY_USER=true
+      - LDAP_READONLY_USER_PASSWORD=kopano123
+    command: --loglevel debug --copy-service
+    volumes:
+      #- ./ldap/bootstrap:/container/service/slapd/assets/config/bootstrap/ldif/custom
+      - ./data/ldap/var/lib/ldap:/var/lib/ldap
+      - ./data/ldap/etc/ldap/slapd.d:/etc/ldap/slapd.d
+    networks:
+      - kopanonet
+
+
+  ldap-admin:
+    image: osixia/phpldapadmin:0.7.2
+    container_name: ldap-admin
     depends_on:
-      - "kssl"
+      - ldap
     environment:
-      - SERVICE_TO_START=server
+      - PHPLDAPADMIN_LDAP_HOSTS=ldap
-      - TZ=Europe/Berlin
+      - PHPLDAPADMIN_HTTPS=false
-      - KCCONF_SERVER_COREDUMP_ENABLED=no
+    command: -l debug
-      - KCCONF_SERVER_LOG_LEVEL=4
-      - KCCONF_SERVER_MYSQL_HOST=db
-      - KCCONF_SERVER_MYSQL_PORT=3306
-      - KCCONF_SERVER_MYSQL_DATABASE=kopano
-      - KCCONF_SERVER_MYSQL_USER=root
-      - KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD  #change here
-      - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
-      - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
-      - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
-      - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
-      - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld  #change here
-      - KCCONF_SERVER_DISABLED_FEATURES=pop3
-      - KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/
-      - KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport  #change here
-      - KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
-      - KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER  #change here
-      - KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld  #change here
-      - KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
-      - KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
-    networks:
-      - kopanonet
-    volumes:
-      - data:/kopano/data
-      - sslcerts:/kopano/ssl
-
-  kdagent:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_dagent
     links:
-      - kserver
+      - ldap
-    volumes:
+    ports:
-      - sslcerts:/kopano/ssl
+      - "8081:80"
-    environment:
-      - SERVICE_TO_START=dagent
-      - TZ=Europe/Berlin
-      - KCCONF_DAGENT_LOG_LEVEL=6
-      - KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/
-      - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
-    networks:
-      - kopanonet
 
-  kgateway:
+  mail:
-    image: zokradonh/kopano_core:${CORE_VERSION}
+    image: tvial/docker-mailserver:release-v6.1.0
-    container_name: kopano_gateway
+    restart: always
+    hostname: mail
+    domainname: kopano.demo # change here
+    container_name: mail
+    depends_on:
+      - ldap
     links:
-      - kserver
+      - ldap
-    volumes:
-      - ./gatewaycerts/:/kopano/certs/
-    environment:
-      - SERVICE_TO_START=gateway
-      - TZ=Europe/Berlin
-      - KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
-      - KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here
-      - KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here
-    networks:
-      - kopanonet
-
-  kical:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_ical
-    links:
-      - kserver
-    environment:
-      - SERVICE_TO_START=ical
-      - TZ=Europe/Berlin
-      - KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
-    networks:
-      - kopanonet
-
-  kmonitor:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_monitor
-    links:
-      - kserver
-    volumes:
-      - sslcerts:/kopano/ssl
-    environment:
-      - SERVICE_TO_START=monitor
-      - TZ=Europe/Berlin
-      - KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/
-      - KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem
-    networks:
-      - kopanonet
-
-  ksearch:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_search
-    links:
-      - kserver
-    volumes:
-      - sslcerts:/kopano/ssl
-    environment:
-      - SERVICE_TO_START=search
-      - TZ=Europe/Berlin
-      - KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380
-      - KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/
-      - KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem
-    networks:
-      - kopanonet
-
-  kspooler:
-    image: zokradonh/kopano_core:${CORE_VERSION}
-    container_name: kopano_spooler
-    links:
-      - kserver
-    volumes:
-      - sslcerts:/kopano/ssl
-    environment:
-      - SERVICE_TO_START=spooler
-      - TZ=Europe/Berlin
-      - KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/
-      - KCCONF_SPOOLER_LOG_LEVEL=4
-      - KCCONF_SPOOLER_SMTP_SERVER=kmta
-      - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
-    networks:
-      - kopanonet
-
-  kwebapp:
-    image: zokradonh/kopano_webapp:${WEBAPP_VERSION}
-    hostname: kwebapp
-    container_name: kopano_webapp
-    links:
-      - kserver
-    #ports:
-    #  - "8236:80"
-    #  - "8237:443"
-    volumes:
-      - syncstates:/var/lib/z-push/
-      - sslcerts:/kopano/ssl
-    environment:
-      - TZ=Europe/Berlin
-      - KCCONF_SERVERHOSTNAME=kserver
-      - KCCONF_SERVERPORT=237
-    networks:
-      - web
-      - kopanonet
-
-  kssl:
-    image: zokradonh/kopano_ssl
-    container_name: kopano_ssl
-    volumes:
-      - sslcerts:/kopano/ssl
-
-  kmta:
-    image: tvial/docker-mailserver:latest
-    hostname: myhost #change here
-    domainname: domain.tld #change here
-    #dns: 127.0.0.1
-    container_name: kopano_mta
-    #links:
-    #  - adtunnel
     ports:
       - "25:25"
-    #  - "143:143"
-    #  - "587:587"
-    #  - "993:993"
     volumes:
-      - tmpmaildata:/var/mail
+      - ./data/mail/data:/var/mail
-      - tmpmailstate:/var/mail-state
+      - ./data/mail/state:/var/mail-state
-      - ./mtaconfig/:/tmp/docker-mailserver/ # create this dir
+      - ./mail/config:/tmp/docker-mailserver/
+      #- ./data/web/acme-v01.api.letsencrypt.org/sites/mail.kopano.demo:/tmp/ssl:ro
     environment:
       - TZ=Europe/Berlin
       - ENABLE_SPAMASSASSIN=1
       - ENABLE_CLAMAV=1
       - ENABLE_FAIL2BAN=1
       - ENABLE_POSTGREY=1
-      - TLS_LEVEL=intermediate
-      - POSTGREY_DELAY=10
       - ONE_DIR=1
       - DMS_DEBUG=0
+      - SSL_TYPE=manual
+      #- SSL_CERT_PATH=/tmp/ssl/mail.kopano.demo.crt
+      #- SSL_KEY_PATH=/tmp/ssl/mail.kopano.demo.key
       - ENABLE_LDAP=1
-      - LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here
+      - LDAP_SERVER_HOST=ldaps://ldap:636
-      - LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
+      - LDAP_SEARCH_BASE=OU=users,DC=kopano,DC=demo
-      - LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
+      - LDAP_BIND_DN=cn=readonly,DC=kopano,DC=demo
-      - LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here
+      - LDAP_BIND_PW=kopano123
       - LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s)))
       - LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
       - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
       - LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group)))
       - ENABLE_SASLAUTHD=1
-      - SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here
+      - SASLAUTHD_LDAP_SERVER=ldaps://ldap:363
-      - SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
+      - SASLAUTHD_LDAP_BIND_DN=cn=cn=readonly,DC=kopano,DC=demo
-      - SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER  #change here
+      - SASLAUTHD_LDAP_PASSWORD=kopano123
-      - SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld  #change here
+      - SASLAUTHD_LDAP_SEARCH_BASE=OU=users,DC=kopano,DC=demo
       - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
       - SASLAUTHD_MECHANISMS=ldap
-      - POSTMASTER_ADDRESS=postmaster@domain.tld #change here
+      - POSTMASTER_ADDRESS=postmaster@kopano.demo
       - SMTP_ONLY=1
       - PERMIT_DOCKER=network
       - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
@@ -212,31 +108,90 @@ services:
       - NET_ADMIN
       - SYS_PTRACE
 
+  # TODO find good example ldap container
   db:
-    image: mariadb
+    image: mariadb:10.3.10-bionic
     restart: always
     container_name: kopano_db
     volumes:
-      - db:/var/lib/mysql
+      - ./data/mysql/:/var/lib/mysql
     environment:
-      - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD  #change here
+      - MYSQL_ROOT_PASSWORD=kopano123
-      - MYSQL_PASSWORD=YOUR_PASSWORD #change here
+      - MYSQL_USER=kopanodbuser
+      - MYSQL_PASSWORD=kopanodbpw
       - MYSQL_DATABASE=kopano
-      - MYSQL_USER=kopano
+    healthcheck:
+      test: ["CMD-SHELL", 'mysql --database=$$MYSQL_DATABASE --password=$$MYSQL_ROOT_PASSWORD --execute="SELECT count(table_name) > 0 FROM information_schema.tables;" --skip-column-names -B']
+      interval: 30s
+      timeout: 10s
+      retries: 4
     networks:
       - kopanonet
+  
+  kwebapp:
+    image: zokradonh/kopano_webapp:latest
+    hostname: kwebapp
+    container_name: kopano_webapp
+    links:
+      - kserver
+    volumes:
+      - ./data/z-push-states/:/var/lib/z-push/
+      - ./ssl/:/kopano/ssl
+      - ./data/socket/:/run/kopano
+    environment:
+      - TZ=Europe/Berlin
+    networks:
+      - web
+      - kopanonet
 
-volumes:
+  kssl:
-  db:
+    image: zokradonh/kopano_ssl
-  data:
+    container_name: kopano_ssl
-  syncstates:
+    volumes:
-  sslcerts:
+      - ./data/ssl/:/kopano/ssl
-  tmpmaildata:
+
-  tmpmailstate:
+  kserver:
+    image: zokradonh/kopano_core:latest
+    hostname: kserver
+    container_name: kopano_server
+    links:
+      - db
+      - ldap
+    depends_on:
+      - db
+      - ldap
+      - kssl
+    environment:
+      - SERVICE_TO_START=server
+      - TZ=Europe/Berlin
+      - KCCONF_SERVER_COREDUMP_ENABLED=no
+      - KCCONF_SERVER_LOG_LEVEL=4
+      - KCCONF_SERVER_MYSQL_HOST=db
+      - KCCONF_SERVER_MYSQL_PORT=3306
+      - KCCONF_SERVER_MYSQL_DATABASE=kopano
+      - KCCONF_SERVER_MYSQL_USER=kopanodbuser
+      - KCCONF_SERVER_MYSQL_PASSWORD=kopanodbpw
+      - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
+      - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
+      - KCCONF_SERVER_SERVER_NAME=Kopano
+      - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
+      - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
+      - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld  #change here
+      - KCCONF_SERVER_DISABLED_FEATURES=pop3
+      - KCCONF_LDAP_LDAP_URI=ldap://ldap:389
+      - KCCONF_LDAP_LDAP_BIND_USER=cn=readonly,DC=kopano,DC=demo
+      - KCCONF_LDAP_LDAP_BIND_PASSWD=kopano123
+      - KCCONF_LDAP_LDAP_SEARCH_BASE=OU=users,dc=kopano,dc=demo
+      - KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
+      - KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
+      #- ADDITIONAL_KOPANO_PACKAGES=kopano-migration-imap
+    networks:
+      - kopanonet
+    volumes:
+      - ./data/kopano/:/kopano/data
+      - ./data/ssl/:/kopano/ssl
 
 networks:
-  web: # this requires an external docker container that is a http reverse proxy (e.g. haproxy)
+  web:
-    external:
-      name: haproxy_webrproxynet
   kopanonet:
     driver: bridge

docker-compose.yml-wip

@@ -0,0 +1,298 @@
+version: '3'
+
+services:
+
+  kserver:
+    image: zokradonh/kopano_core:${CORE_VERSION}
+    hostname: kserver
+    container_name: kopano_server
+    links:
+      - db
+    depends_on:
+      - "kssl"
+    environment:
+      - SERVICE_TO_START=server
+      - TZ=Europe/Berlin
+      - KCCONF_SERVER_COREDUMP_ENABLED=no
+      - KCCONF_SERVER_LOG_LEVEL=4
+      - KCCONF_SERVER_MYSQL_HOST=db
+      - KCCONF_SERVER_MYSQL_PORT=3306
+      - KCCONF_SERVER_MYSQL_DATABASE=kopano
+      - KCCONF_SERVER_MYSQL_USER=root
+      - KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD  #change here
+      - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
+      - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
+      - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
+      - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
+      - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld  #change here
+      - KCCONF_SERVER_DISABLED_FEATURES=pop3
+      - KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/
+      - KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport  #change here
+      - KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
+      - KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER  #change here
+      - KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld  #change here
+      - KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
+      - KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
+    networks:
+      - kopanonet
+    volumes:
+      - data:/kopano/data
+      - sslcerts:/kopano/ssl
+
+  kdagent:
+    image: zokradonh/kopano_core:${CORE_VERSION}
+    container_name: kopano_dagent
+    links:
+      - kserver
+    volumes:
+      - sslcerts:/kopano/ssl
+    environment:
+      - SERVICE_TO_START=dagent
+      - TZ=Europe/Berlin
+      - KCCONF_DAGENT_LOG_LEVEL=6
+      - KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/
+      - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
+    networks:
+      - kopanonet
+
+  kgateway:
+    image: zokradonh/kopano_core:${CORE_VERSION}
+    container_name: kopano_gateway
+    links:
+      - kserver
+    volumes:
+      - ./gatewaycerts/:/kopano/certs/
+    environment:
+      - SERVICE_TO_START=gateway
+      - TZ=Europe/Berlin
+      - KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
+      - KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here
+      - KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here
+    networks:
+      - kopanonet
+
+  kical:
+    image: zokradonh/kopano_core:${CORE_VERSION}
+    container_name: kopano_ical
+    links:
+      - kserver
+    environment:
+      - SERVICE_TO_START=ical
+      - TZ=Europe/Berlin
+      - KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
+    networks:
+      - kopanonet
+
+  kmonitor:
+    image: zokradonh/kopano_core:${CORE_VERSION}
+    container_name: kopano_monitor
+    links:
+      - kserver
+    volumes:
+      - sslcerts:/kopano/ssl
+    environment:
+      - SERVICE_TO_START=monitor
+      - TZ=Europe/Berlin
+      - KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/
+      - KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem
+    networks:
+      - kopanonet
+
+  ksearch:
+    image: zokradonh/kopano_core:${CORE_VERSION}
+    container_name: kopano_search
+    links:
+      - kserver
+    volumes:
+      - sslcerts:/kopano/ssl
+    environment:
+      - SERVICE_TO_START=search
+      - TZ=Europe/Berlin
+      - KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380
+      - KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/
+      - KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem
+    networks:
+      - kopanonet
+
+  kspooler:
+    image: zokradonh/kopano_core:${CORE_VERSION}
+    container_name: kopano_spooler
+    links:
+      - kserver
+    volumes:
+      - sslcerts:/kopano/ssl
+    environment:
+      - SERVICE_TO_START=spooler
+      - TZ=Europe/Berlin
+      - KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/
+      - KCCONF_SPOOLER_LOG_LEVEL=4
+      - KCCONF_SPOOLER_SMTP_SERVER=kmta
+      - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
+    networks:
+      - kopanonet
+
+  kwebapp:
+    image: zokradonh/kopano_webapp:${WEBAPP_VERSION}
+    hostname: kwebapp
+    container_name: kopano_webapp
+    links:
+      - kserver
+    #ports:
+    #  - "8236:80"
+    #  - "8237:443"
+    volumes:
+      - syncstates:/var/lib/z-push/
+      - sslcerts:/kopano/ssl
+    environment:
+      - TZ=Europe/Berlin
+      - KCCONF_SERVERHOSTNAME=kserver
+      - KCCONF_SERVERPORT=237
+    networks:
+      - web
+      - kopanonet
+
+  kssl:
+    image: zokradonh/kopano_ssl
+    container_name: kopano_ssl
+    volumes:
+      - sslcerts:/kopano/ssl
+
+  kmta:
+    image: tvial/docker-mailserver:latest
+    hostname: myhost #change here
+    domainname: domain.tld #change here
+    #dns: 127.0.0.1
+    container_name: kopano_mta
+    #links:
+    #  - adtunnel
+    ports:
+      - "25:25"
+    #  - "143:143"
+    #  - "587:587"
+    #  - "993:993"
+    volumes:
+      - tmpmaildata:/var/mail
+      - tmpmailstate:/var/mail-state
+      - ./mtaconfig/:/tmp/docker-mailserver/ # create this dir
+    environment:
+      - TZ=Europe/Berlin
+      - ENABLE_SPAMASSASSIN=1
+      - ENABLE_CLAMAV=1
+      - ENABLE_FAIL2BAN=1
+      - ENABLE_POSTGREY=1
+      - TLS_LEVEL=intermediate
+      - POSTGREY_DELAY=10
+      - ONE_DIR=1
+      - DMS_DEBUG=0
+      - ENABLE_LDAP=1
+      - LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here
+      - LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
+      - LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
+      - LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here
+      - LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s)))
+      - LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
+      - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
+      - LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group)))
+      - ENABLE_SASLAUTHD=1
+      - SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here
+      - SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
+      - SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER  #change here
+      - SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld  #change here
+      - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
+      - SASLAUTHD_MECHANISMS=ldap
+      - POSTMASTER_ADDRESS=postmaster@domain.tld #change here
+      - SMTP_ONLY=1
+      - PERMIT_DOCKER=network
+      - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
+      - POSTFIX_DAGENT=lmtp:kdagent:2003
+      - REPORT_RECIPIENT=1
+    networks:
+      - kopanonet
+    cap_add:
+      - NET_ADMIN
+      - SYS_PTRACE
+
+  db:
+    image: mariadb
+    restart: always
+    container_name: kopano_db
+    volumes:
+      - db:/var/lib/mysql
+    environment:
+      - MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD  #change here
+      - MYSQL_PASSWORD=YOUR_PASSWORD #change here
+      - MYSQL_DATABASE=kopano
+      - MYSQL_USER=kopano
+    networks:
+      - kopanonet
+
+volumes:
+  db:
+  data:
+  syncstates:
+  sslcerts:
+  tmpmaildata:
+  tmpmailstate:
+
+networks:
+  web:
+    external:
+      driver: default
+  kopanonet:
+    driver: bridge
+
+
+
+version: "3"
+
+services:
+  rainloop:
+    image: hardware/rainloop
+    links:
+      - mail
+    volumes:
+      - ./data/rainloop:/rainloop/data
+
+  mail:
+    image: tvial/docker-mailserver:latest
+    restart: always
+    hostname: mail
+    domainname: fancydomain.tld
+    container_name: mail
+    ports:
+      - "25:25"
+      - "143:143"
+      - "587:587"
+      - "993:993"
+      - "4190:4190"
+    volumes:
+      - ./data/mail/data:/var/mail
+      - ./data/mail/state:/var/mail-state
+      - ./mail/config:/tmp/docker-mailserver/
+      - ./data/entry/acme/acme-v01.api.letsencrypt.org/sites/mail.fancydomain.tld:/tmp/ssl:ro
+    environment:
+      - ENABLE_SPAMASSASSIN=1
+      - ENABLE_CLAMAV=1
+      - ENABLE_FAIL2BAN=1
+      - ENABLE_POSTGREY=1
+      - ONE_DIR=1
+      - DMS_DEBUG=0
+      - ENABLE_MANAGESIEVE=1
+      - SSL_TYPE=manual
+      - SSL_CERT_PATH=/tmp/ssl/mail.fancydomain.tld.crt
+      - SSL_KEY_PATH=/tmp/ssl/mail.fancydomain.tld.key
+    cap_add:
+      - NET_ADMIN
+
+  entry:
+    image: abiosoft/caddy:0.10.4
+    restart: always
+    privileged: true
+    links:
+      - rainloop
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - ./entry/Caddyfile:/etc/Caddyfile
+      - ./data/entry:/root/.caddy

env-example

@@ -0,0 +1,5 @@
+# modify below to build a different version, than the kopano nightly release
+KOPANO_CORE_REPOSITORY_URL=https://serial:xxxx@download.kopano.io/supported/core:/final/Debian_9.0/
+KOPANO_WEBAPP_REPOSITORY_URL=https://serial:xxxx@download.kopano.io/supported/webapp:/final/Debian_9.0/
+RELEASE_KEY_DOWNLOAD=1
+DOWNLOAD_COMMUNITY_PACKAGES=0

ldap/Dockerfile

@@ -0,0 +1,4 @@
+FROM osixia/openldap:1.2.2
+
+ADD bootstrap /container/service/slapd/assets/config/bootstrap
+RUN rm /container/service/slapd/assets/config/bootstrap/schema/mmc/mail.schema

ldap/bootstrap/schema/mmc/kopano.schema

@@ -0,0 +1,336 @@
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.1
+	NAME 'kopanoQuotaOverride'
+	DESC 'KOPANO: Override child quota'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.2
+	NAME 'kopanoQuotaWarn'
+	DESC 'KOPANO: Warning quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.3
+	NAME 'kopanoQuotaSoft'
+	DESC 'KOPANO: Soft quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.4
+	NAME 'kopanoQuotaHard'
+	DESC 'KOPANO: Hard quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.5
+	NAME 'kopanoUserDefaultQuotaOverride'
+	DESC 'KOPANO: Override User default quota for children'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.6
+	NAME 'kopanoUserDefaultQuotaWarn'
+	DESC 'KOPANO: User default warning quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.7
+	NAME 'kopanoUserDefaultQuotaSoft'
+	DESC 'KOPANO: User default soft quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.8
+	NAME 'kopanoUserDefaultQuotaHard'
+	DESC 'KOPANO: User default hard quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.1
+	NAME 'kopanoAdmin'
+	DESC 'KOPANO: Administrator of kopano'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.2
+	NAME 'kopanoSharedStoreOnly'
+	DESC 'KOPANO: is store a shared store'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.3
+	NAME 'kopanoAccount'
+	DESC 'KOPANO: entry is a part of kopano'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.4
+	NAME 'kopanoSendAsPrivilege'
+	DESC 'KOPANO: Users may directly send email as this user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.5
+	NAME 'kopanoMrAccept'
+	DESC 'KOPANO: user should auto-accept meeting requests'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.6
+	NAME 'kopanoMrDeclineConflict'
+	DESC 'KOPANO: user should automatically decline conflicting meeting requests'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.7
+	NAME 'kopanoMrDeclineRecurring'
+	DESC 'KOPANO: user should automatically decline recurring meeting requests'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+	
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.8
+	NAME 'kopanoId'
+	DESC 'KOPANO: Generic unique ID'
+	EQUALITY octetStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )	
+	
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.9
+	NAME 'kopanoResourceType'
+	DESC 'KOPANO: for shared stores, resource is type Room or Equipment'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.10
+	NAME 'kopanoResourceCapacity'
+	DESC 'KOPANO: number of rooms or equipment available'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.11
+	NAME 'kopanoHidden'
+	DESC 'KOPANO: This object should be hidden from address book'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.13
+	NAME 'kopanoEnabledFeatures'
+	DESC 'KOPANO: This user has these features explicitly enabled'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.14
+	NAME 'kopanoDisabledFeatures'
+	DESC 'KOPANO: This user has these features explicitly disabled'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.3.1
+	NAME 'kopanoAliases'
+	DESC 'KOPANO: All other email addresses for this user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.4.1
+	NAME 'kopanoUserServer'
+	DESC 'KOPANO: Home server for the user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.6.1
+	NAME 'kopanoUserArchiveServers'
+	DESC 'KOPANO: List of server names that contain an archive store for the user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.6.2
+	NAME 'kopanoUserArchiveCouplings'
+	DESC 'KOPANO: List of username:foldername pairs that specify many-to-one archive locations'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass	( 1.3.6.1.4.1.47732.1.1.0.0
+	NAME 'kopano-user'
+	DESC 'KOPANO: an user of Kopano'
+	SUP top AUXILIARY
+	MUST ( cn )
+	MAY (
+		kopanoQuotaOverride $ kopanoQuotaWarn $ kopanoQuotaSoft $ kopanoSendAsPrivilege $
+		kopanoQuotaHard $ kopanoAdmin $ kopanoSharedStoreOnly $ kopanoResourceType $
+		kopanoResourceCapacity $ kopanoAccount $ kopanoHidden $ kopanoAliases $
+		kopanoUserServer $ kopanoEnabledFeatures $ kopanoDisabledFeatures $
+		kopanoUserArchiveServers $ kopanoUserArchiveCouplings $
+		uidNumber
+		)
+	)
+
+objectclass	( 1.3.6.1.4.1.47732.1.6.0.0
+	NAME 'kopano-contact'
+	DESC 'KOPANO: a contact of Kopano'
+	SUP top AUXILIARY
+	MUST ( cn $ uidNumber )
+	MAY (
+		kopanoSendAsPrivilege $ kopanoHidden $ kopanoAliases $ kopanoAccount
+		)
+	)
+
+
+attributetype ( 1.3.6.1.4.1.47732.1.2.2.1
+	NAME 'kopanoSecurityGroup'
+	DESC 'KOPANO: group has security possibilities'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+objectclass	( 1.3.6.1.4.1.47732.1.2.0.0
+	NAME 'kopano-group'
+	DESC 'KOPANO: a group of Kopano'
+	SUP top	AUXILIARY
+	MUST ( cn )
+	MAY (
+		kopanoAccount $ kopanoHidden $ mail $ kopanoAliases $ kopanoSecurityGroup $ kopanoSendAsPrivilege $
+		gidNumber
+		)
+	)
+	
+attributetype ( 1.3.6.1.4.1.47732.1.3.2.4
+	NAME 'kopanoViewPrivilege'
+	DESC 'KOPANO: Companies with view privileges over selected company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+
+attributetype ( 1.3.6.1.4.1.47732.1.3.2.5
+	NAME 'kopanoAdminPrivilege'
+	DESC 'KOPANO: Users from different companies which are administrator over selected company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+
+attributetype ( 1.3.6.1.4.1.47732.1.3.2.6
+	NAME 'kopanoSystemAdmin'
+	DESC 'KOPANO: The user who is the system administrator for this company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
+	)
+
+attributetype (1.3.6.1.4.1.47732.1.3.1.5
+	NAME 'kopanoQuotaUserWarningRecipients'
+	DESC 'KOPANO: Users who will recieve a notification email when a user exceeds his quota'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+
+attributetype (1.3.6.1.4.1.47732.1.3.1.6
+	NAME 'kopanoQuotaCompanyWarningRecipients'
+	DESC 'KOPANO: Users who will recieve a notification email when a company exceeds its quota'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+	
+attributetype ( 1.3.6.1.4.1.47732.1.3.4.1
+	NAME 'kopanoCompanyServer'
+	DESC 'KOPANO: Home server for the public folders for a company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.47732.1.3.0.0
+	NAME 'kopano-company'
+	DESC 'KOPANO: a company of Kopano' 
+	SUP top AUXILIARY
+	MUST ( ou )
+	MAY (
+		kopanoAccount $ kopanoHidden $
+		kopanoViewPrivilege $ kopanoAdminPrivilege $ kopanoSystemAdmin $
+		kopanoQuotaOverride $ kopanoQuotaWarn $
+		kopanoUserDefaultQuotaOverride $ kopanoUserDefaultQuotaWarn $ kopanoUserDefaultQuotaSoft $ kopanoUserDefaultQuotaHard $
+		kopanoQuotaUserWarningRecipients $ kopanoQuotaCompanyWarningRecipients $
+		kopanoCompanyServer
+		)
+	)
+
+attributetype (1.3.6.1.4.1.47732.1.4.4.1
+	NAME 'kopanoHttpPort'
+	DESC 'KOPANO: Port for the http connection'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.47732.1.4.4.2
+	NAME 'kopanoSslPort'
+	DESC 'KOPANO: Port for the ssl connection'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.47732.1.4.4.3
+	NAME 'kopanoFilePath'
+	DESC 'KOPANO: The Unix socket or named pipe to the server'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+	
+attributetype (1.3.6.1.4.1.47732.1.4.4.4
+	NAME 'kopanoContainsPublic'
+	DESC 'KOPANO: This server contains the public store'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.47732.1.4.4.6
+	NAME 'kopanoProxyURL'
+	DESC 'KOPANO: Full proxy URL for this server'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.47732.1.4.0.0
+	NAME 'kopano-server'
+	DESC 'KOPANO: a Kopano server'
+	SUP top AUXILIARY
+	MUST ( cn )
+	MAY (
+		kopanoAccount $ kopanoHidden $ kopanoHttpPort $ kopanoSslPort $ kopanoFilePath $ kopanoContainsPublic $ kopanoProxyURL
+		)
+	)
+
+attributetype (1.3.6.1.4.1.47732.1.5.5.1
+	NAME 'kopanoFilter'
+	DESC 'KOPANO: LDAP Filter to apply'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.47732.1.5.5.2
+	NAME 'kopanoBase'
+	DESC 'KOPANO: LDAP Search base to apply'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.47732.1.5.0.0
+	NAME 'kopano-addresslist'
+	DESC 'KOPANO: a Kopano Addresslist'
+	SUP top STRUCTURAL
+	MUST ( cn )
+    MAY (
+		kopanoAccount $ kopanoHidden $ kopanoFilter $ kopanoBase
+		)
+	)
+
+objectclass ( 1.3.6.1.4.1.47732.1.7.0.0
+	NAME 'kopano-dynamicgroup'
+	DESC 'KOPANO: a Kopano dynamic group'
+	SUP top STRUCTURAL
+	MUST ( cn )
+    MAY (
+		kopanoAccount $ kopanoHidden $ mail $ kopanoAliases $ kopanoFilter $ kopanoBase
+		)
+	)

ssl/gencerts.sh

@@ -1,9 +1,12 @@
 #!/bin/sh
+# https://github.com/google/easypki
+
+# TODO integrate this directly into start.sh?
 
 echo "Creating CA and Server certificates..."
+easypki create --filename internalca --organizational-unit primary --expire 3650 --ca "Internal Kopano System"
 
-easypki create --filename internalca --organizational-unit primary --expire 3650 --ca "Internal Kopano System" 
+mkdir -p /kopano/ssl/clients/
-
 cp /kopano/easypki/internalca/certs/internalca.crt /kopano/ssl/ca.pem
 
 for s in kserver kdagent kmonitor ksearch kspooler kwebapp
@@ -14,4 +17,4 @@ for s in kserver kdagent kmonitor ksearch kspooler kwebapp
     openssl x509 -in /kopano/easypki/internalca/certs/$s.crt -pubkey -noout > /kopano/ssl/clients/$s-public.pem
 done
 
-ls -l /kopano/ssl/*.pem
+ls -l /kopano/ssl/*.pem

ssl/start.sh

@@ -1,8 +1,7 @@
 #!/bin/sh
 
-
+if [ -f /kopano/ssl/ca.pem ]; then
-if [ -f /kopano/ssl/ca.pem ]
+	exit 0
-  then exit 0
 fi
 
 /gencerts.sh

version.sh

@@ -8,6 +8,26 @@ source base/create-kopano-repo.sh
 
 component=${1:-core}
 
+if [ -e ./env ]; then
+	source ./env
+fi
+KOPANO_CORE_REPOSITORY_URL=${KOPANO_CORE_REPOSITORY_URL:-""}
+KOPANO_WEBAPP_REPOSITORY_URL=${KOPANO_WEBAPP_REPOSITORY_URL:-""}
+
+if [[ $KOPANO_CORE_REPOSITORY_URL == http* ]] || [[ $KOPANO_WEBAPP_REPOSITORY_URL == http* ]]; then
+	case $component in
+	core)
+		version=$(curl -s -S -L $KOPANO_CORE_REPOSITORY_URL/Packages | grep -A2 "Package: kopano-server-packages")
+		echo "${version##* }"
+		;;
+	webapp)
+		version=$(curl -s -S -L $KOPANO_WEBAPP_REPOSITORY_URL/Packages | grep -m1 -A1 "Package: kopano-webapp")
+		echo "${version##* }"
+		;;
+	esac
+	exit
+fi
+
 # query community server by h5ai API
 filename=$(h5ai_query "$component")
 

web/Caddyfile

@@ -0,0 +1,11 @@
+webapp.kopano.demo {
+
+	tls self_signed
+
+	redir / /webapp
+
+	proxy /webapp kwebapp:80 {
+		transparent
+		websocket
+	}
+}

webapp/start.sh

@@ -1,20 +1,47 @@
 #!/bin/bash
 
+# define default value for serverhostname and serverport if not passed into container
+KCCONF_SERVERHOSTNAME=${KCCONF_SERVERHOSTNAME:-127.0.0.1}
+KCCONF_SERVERPORT=${KCCONF_SERVERPORT:-237}
+ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES:-""}
+
 set -eu # unset variables are errors & non-zero return values exit the whole script
 
-echo "Ensure directories"
+[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && apt update
-mkdir -p /run/sessions /tmp/webapp 
+[ ! -z "$ADDITIONAL_KOPANO_PACKAGES" ] && for installpkg in "$ADDITIONAL_KOPANO_PACKAGES"; do
+	if [ $(dpkg-query -W -f='${Status}' $installpkg 2>/dev/null | grep -c "ok installed") -eq 0 ]; then
+		apt --assume-yes install $installpkg;
+	fi
+done
 
-echo "Configure webapp"
+echo "Ensure directories"
-sed -e "s#define(\"DEFAULT_SERVER\",\s*\".*\"#define(\"DEFAULT_SERVER\", \"https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano\"#" \
+mkdir -p /run/sessions /tmp/webapp
+
+if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
+	echo "Kopano WebApp is using the default: connection"
+else
+	echo "Kopano WebApp is using an ip connection"
+	sed -e "s#define(\"DEFAULT_SERVER\",\s*\".*\"#define(\"DEFAULT_SERVER\", \"https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano\"#" \
+	    -i /etc/kopano/webapp/config.php
+fi
+
+# TODO is enabling this really neccesary when reverse proxying webapp?
+echo "Configuring Kopano WebApp for use behind a reverse proxy"
+sed \
     -e "s#define(\"INSECURE_COOKIES\",\s*.*)#define(\"INSECURE_COOKIES\", true)#" \
     -i /etc/kopano/webapp/config.php
 
-echo "Configure z-push"
+if [ "$KCCONF_SERVERHOSTNAME" == "127.0.0.1" ]; then
-sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \
+	echo "Z-Push is using the default: connection"
-        -i /etc/z-push/kopano.conf.php
+else
+	echo "Z-Push is using an ip connection"
+	sed -e "s#define([\"']MAPI_SERVER[\"'],\s*[\"']default:[\"'])#define('MAPI_SERVER', 'https://${KCCONF_SERVERHOSTNAME}:${KCCONF_SERVERPORT}/kopano')#" \
+	    -i /etc/z-push/kopano.conf.php
+fi
+
+echo "Configuring Z-Push for use behind a reverse proxy"
 sed -e "s#define([\"']USE_CUSTOM_REMOTE_IP_HEADER[\"'],\s*false)#define('USE_CUSTOM_REMOTE_IP_HEADER', true)#" \
-        -i /etc/z-push/z-push.conf.php
+    -i /etc/z-push/z-push.conf.php
 
 echo "Ensure config ownership"
 chown -R www-data:www-data /run/sessions /tmp/webapp