version: "3.5" services: web: image: ${docker_repo:-zokradonh}/kopano_web container_name: web restart: always ports: - "2015:2015" - "${HTTP:-80}:80" - "${HTTPS:-443}:443" environment: - EMAIL=${EMAIL:-off} - FQDN=${FQDN?err} command: wrapper.sh cap_drop: - ALL cap_add: - NET_BIND_SERVICE - CHOWN - SETGID - SETUID volumes: - web:/.kweb networks: web-net: aliases: - ${FQDNCLEANED?err} ldap: image: ${docker_repo:-zokradonh}/kopano_ldap_demo container_name: ldap ports: - ${LDAPPORT:-389}:389 environment: - LDAP_ORGANISATION=${LDAP_ORGANISATION} - LDAP_DOMAIN=${LDAP_DOMAIN} - LDAP_BASE_DN=${LDAP_BASE_DN} - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD} - LDAP_READONLY_USER=true - LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD} env_file: - ldap.env command: "--loglevel info --copy-service" volumes: - ldap:/var/lib/ldap - slapd:/etc/ldap/slapd.d networks: - ldap-net ldap-admin: image: osixia/phpldapadmin:0.7.2 container_name: ldap-admin depends_on: - ldap environment: - PHPLDAPADMIN_LDAP_HOSTS=ldap - PHPLDAPADMIN_HTTPS=false command: -l debug networks: - ldap-net - web-net password-self-service: image: tiredofit/self-service-password:3.0 container_name: password-self-service domainname: ${LDAP_DOMAIN} depends_on: - ldap - mail environment: - SSP_VERSION=1.3 - LDAP_SERVER=ldap://ldap:389 - LDAP_BINDDN=cn=admin,${LDAP_BASE_DN} - LDAP_BINDPASS=${LDAP_ADMIN_PASSWORD} - LDAP_BASE_SEARCH=${LDAP_BASE_DN} - MAIL_FROM=noreply@${LDAP_DOMAIN} - SMTP_HOST=mail - SMTP_PORT=25 - SMTP_SECURE_TYPE=false - SMTP_AUTOTLS=false - QUESTIONS_ENABLED=false - PASSWORD_NO_REUSE=true - WHO_CAN_CHANGE_PASSWORD=user - SECRETEKEY=${SELF_SERVICE_SECRETEKEY} - BACKGROUND=. - PASSWORD_MIN_LENGTH=${SELF_SERVICE_PASSWORD_MIN_LENGTH} - PASSWORD_MAX_LENGTH=${SELF_SERVICE_PASSWORD_MAX_LENGTH} - PASSWORD_MIN_LOWERCASE=${SELF_SERVICE_PASSWORD_MIN_LOWERCASE} - PASSWORD_MIN_UPPERCASE=${SELF_SERVICE_PASSWORD_MIN_UPPERCASE} - PASSWORD_MIN_DIGIT=${SELF_SERVICE_PASSWORD_MIN_DIGIT} - PASSWORD_MIN_SPECIAL=${SELF_SERVICE_PASSWORD_MIN_SPECIAL} - PASSWORD_HASH=CRYPT env_file: - password-self-service.env expose: - "80" networks: - web-net # provide web-frontend - ldap-net # access ldap user base and write passwords - kopano-net # send mail directly to mailstack mail: image: tvial/docker-mailserver:release-v6.1.0 restart: always hostname: mail domainname: ${LDAP_DOMAIN} container_name: mail depends_on: - ldap ports: - "${SMTPPORT:-25}:25" - "465:465" - "587:587" volumes: - maildata:/var/mail - mailstate:/var/mail-state - mtaconfig:/tmp/docker-mailserver/ environment: - TZ=${TZ} - ENABLE_SPAMASSASSIN=1 - ENABLE_CLAMAV=1 - ENABLE_FAIL2BAN=1 - ENABLE_POSTGREY=1 - ONE_DIR=1 - DMS_DEBUG=0 - SSL_TYPE=self-signed - ENABLE_LDAP=1 - LDAP_SERVER_HOST=${LDAP_SERVER} - LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE} - LDAP_BIND_DN=${LDAP_BIND_DN} - LDAP_BIND_PW=${LDAP_BIND_PW} - LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER} - LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP} - LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS} - LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN} - ENABLE_SASLAUTHD=1 - SASLAUTHD_LDAP_SERVER=${LDAP_SERVER} - SASLAUTHD_LDAP_BIND_DN=${LDAP_BIND_DN} - SASLAUTHD_LDAP_PASSWORD=${LDAP_BIND_PW} - SASLAUTHD_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE} - SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER} - SASLAUTHD_MECHANISMS=ldap - POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS} - SMTP_ONLY=1 - PERMIT_DOCKER=host - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1 - POSTFIX_DAGENT=lmtp:kopano_dagent:2003 - REPORT_RECIPIENT=1 env_file: - mail.env networks: - kopano-net - ldap-net #dns: 1.1.1.1 # using Google DNS can lead to lookup errors uncomment this option and # set to the ip of a trusted dns service (Cloudflare is given as an example). # See https://github.com/zokradonh/kopano-docker/issues/52 for more information. cap_add: - NET_ADMIN - SYS_PTRACE db: image: mariadb:10.3.10-bionic restart: always container_name: kopano_db volumes: - mysql/:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - MYSQL_USER=${MYSQL_USER} - MYSQL_PASSWORD=${MYSQL_PASSWORD} - MYSQL_DATABASE=${MYSQL_DATABASE} env_file: - db.env healthcheck: test: ["CMD-SHELL", 'mysql --database=$$MYSQL_DATABASE --password=$$MYSQL_ROOT_PASSWORD --execute="SELECT count(table_name) > 0 FROM information_schema.tables;" --skip-column-names -B'] interval: 30s timeout: 10s retries: 4 networks: - kopano-net kopano_ssl: image: ${docker_repo:-zokradonh}/kopano_ssl container_name: kopano_ssl environment: - FQDN=${FQDN} - PKI_COUNTRY=NL env_file: - kopano_ssl.env volumes: - kopanossl/:/kopano/ssl kopano_server: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} hostname: kopano_server container_name: kopano_server depends_on: - db - ldap - kopano_ssl ports: - ${KOPANOPORT:-236}:236 - ${KOPANOSPORT:-237}:237 environment: - SERVICE_TO_START=server - TZ=${TZ} - KCCONF_SERVER_COREDUMP_ENABLED=no - KCCONF_SERVER_LOG_LEVEL=3 - KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST} - KCCONF_SERVER_MYSQL_PORT=3306 - KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE} - KCCONF_SERVER_MYSQL_USER=${MYSQL_USER} - KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD} - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kopano_server.pem - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem - KCCONF_SERVER_SERVER_NAME=Kopano - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS} - KCCONF_SERVER_SYNC_GAB_REALTIME=no - KCCONF_LDAP_LDAP_URI=${LDAP_SERVER} - KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN} - KCCONF_LDAP_LDAP_BIND_PASSWD=${LDAP_BIND_PW} - KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE} - KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1} - KCCOMMENT_LDAP_1=${KCCOMMENT_LDAP_1} - ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES} - KCCONF_SERVER_ENABLE_SSO=yes - KCCONF_SERVER_KCOIDC_ISSUER_IDENTIFIER=https://${FQDN} - KCCONF_SERVER_KCOIDC_INSECURE_SKIP_VERIFY=${INSECURE} - KCCONF_SERVER_KCOIDC_INITIALIZE_TIMEOUT=360 env_file: - kopano_server.env networks: - kopano-net - ldap-net - web-net volumes: - kopanodata/:/kopano/data - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano kopano_webapp: image: ${docker_repo:-zokradonh}/kopano_webapp:${WEBAPP_VERSION:-latest} hostname: kopano_webapp container_name: kopano_webapp volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - TZ=${TZ} - ADDITIONAL_KOPANO_WEBAPP_PLUGINS=${ADDITIONAL_KOPANO_WEBAPP_PLUGINS} env_file: - kopano_webapp.env networks: - web-net - kopano-net kopano_zpush: image: ${docker_repo:-zokradonh}/kopano_zpush:${ZPUSH_VERSION:-latest} hostname: kopano_zpush container_name: kopano_zpush volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano - zpushstates/:/var/lib/z-push/ environment: - TZ=${TZ} env_file: - kopano_zpush.env networks: - web-net - kopano-net kopano_grapi: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} container_name: kopano_grapi volumes: - kopanosocket/:/run/kopano environment: - SERVICE_TO_START=grapi - TZ=${TZ} env_file: - kopano_grapi.env networks: - kopano-net kopano_kapi: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} container_name: kopano_kapi depends_on: - kopano_grapi volumes: - kopanodata/:/kopano/data - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - SERVICE_TO_START=kapid - TZ=${TZ} - KCCONF_KAPID_LOG_LEVEL=DEBUG - KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN} - KCCONF_KAPID_INSECURE=${INSECURE} env_file: - kopano_kapi.env networks: - kopano-net - web-net kopano_kdav: image: ${docker_repo:?err}/kopano_kdav:${KDAV_VERSION:-latest} hostname: kopano_kdav container_name: kopano_kdav volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano - kdavstates/:/var/lib/kopano/kdav environment: - TZ=${TZ} networks: - kopano-net - web-net kopano_dagent: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} container_name: kopano_dagent volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - SERVICE_TO_START=dagent - TZ=${TZ} - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kopano_dagent.pem - KCCONF_DAGENT_LOG_LEVEL=3 env_file: - kopano_dagent.env networks: - kopano-net kopano_spooler: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} container_name: kopano_spooler hostname: spooler domainname: ${LDAP_DOMAIN} volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - SERVICE_TO_START=spooler - TZ=${TZ} - KCCONF_SPOOLER_LOG_LEVEL=3 - KCCONF_SPOOLER_SMTP_SERVER=mail - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kopano_spooler.pem env_file: - kopano_spooler.env networks: - kopano-net kopano_gateway: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} container_name: kopano_gateway ports: - "143:143" volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - SERVICE_TO_START=gateway - TZ=${TZ} - KCCONF_GATEWAY_SERVER_SOCKET=http://kopano_server:236/ - KCCONF_GATEWAY_LOG_LEVEL=3 env_file: - kopano_gateway.env networks: - kopano-net kopano_ical: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} container_name: kopano_ical volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - SERVICE_TO_START=ical - TZ=${TZ} - KCCONF_ICAL_SERVER_SOCKET=http://kopano_server:236/ env_file: - kopano_ical.env networks: - kopano-net - web-net kopano_monitor: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} container_name: kopano_monitor volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - SERVICE_TO_START=monitor - TZ=${TZ} env_file: - kopano_monitor.env networks: - kopano-net kopano_search: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} container_name: kopano_search volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano - kopanodata/:/kopano/data environment: - SERVICE_TO_START=search - TZ=${TZ} env_file: - kopano_search.env networks: - kopano-net kopano_konnect: image: ${docker_repo:-zokradonh}/kopano_konnect:${KONNECT_VERSION:-latest} container_name: kopano_konnect command: wrapper.sh volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - FQDN=${FQDN} env_file: - kopano_konnect.env networks: - kopano-net - web-net kopano_playground: image: ${docker_repo:-zokradonh}/kopano_playground container_name: kopano_playground networks: - kopano-net - web-net kopano_kwmserver: image: ${docker_repo:-zokradonh}/kopano_kwmserver:${KWM_VERSION:-latest} container_name: kopano_kwmserver command: wrapper.sh environment: - INSECURE=${INSECURE} - oidc_issuer_identifier=https://${FQDN} env_file: - kopano_kwmserver.env volumes: - kopanossl/:/kopano/ssl networks: - web-net kopano_meet: image: ${docker_repo:-zokradonh}/kopano_meet:${MEET_VERSION:-latest} container_name: kopano_meet environment: - SERVICE_TO_START=meet - KCCONF_KWEBD_TLS=no env_file: - kopano_meet.env depends_on: - kopano_kapi - kopano_konnect - kopano_kwmserver - web networks: - web-net volumes: web: ldap: slapd: maildata: mailstate: mtaconfig: mysql: kopanodata: kopanossl: kopanosocket: zpushstates: kdavstates: networks: web-net: kopano-net: driver: bridge ldap-net: name: ldap-net driver: bridge