version: "3.5" services: web: image: ${docker_repo:-zokradonh}/kopano_web:${KWEB_VERSION:-latest} restart: unless-stopped environment: - EMAIL=${EMAIL:-off} - FQDN=${FQDNCLEANED?err} command: wrapper.sh cap_drop: - ALL cap_add: - NET_BIND_SERVICE - CHOWN - SETGID - SETUID volumes: - web:/.kweb networks: web-net: aliases: - ${FQDNCLEANED?err} ldap: image: ${docker_repo:-zokradonh}/${LDAP_CONTAINER:-kopano_ldap_demo}:${LDAP_VERSION:-latest} restart: unless-stopped container_name: ${COMPOSE_PROJECT_NAME}_ldap environment: - LDAP_ORGANISATION=${LDAP_ORGANISATION} - LDAP_DOMAIN=${LDAP_DOMAIN} - LDAP_BASE_DN=${LDAP_BASE_DN} - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD} - LDAP_READONLY_USER=true - LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD} env_file: - ldap.env command: "--loglevel info --copy-service" volumes: - ldap:/var/lib/ldap - slapd:/etc/ldap/slapd.d networks: - ldap-net ldap-admin: image: osixia/phpldapadmin:0.7.2 restart: unless-stopped depends_on: - ldap environment: - PHPLDAPADMIN_LDAP_HOSTS=ldap - PHPLDAPADMIN_HTTPS=false networks: - ldap-net - web-net password-self-service: image: tiredofit/self-service-password:3.0 restart: unless-stopped domainname: ${LDAP_DOMAIN} depends_on: - ldap - mail environment: - SSP_VERSION=1.3 - LDAP_SERVER=ldap://ldap:389 - LDAP_BINDDN=cn=admin,${LDAP_BASE_DN} - LDAP_BINDPASS=${LDAP_ADMIN_PASSWORD} - LDAP_BASE_SEARCH=${LDAP_BASE_DN} - MAIL_FROM=noreply@${LDAP_DOMAIN} - SMTP_HOST=mail - SMTP_PORT=25 - SMTP_SECURE_TYPE=false - SMTP_AUTOTLS=false - QUESTIONS_ENABLED=false - PASSWORD_NO_REUSE=true - WHO_CAN_CHANGE_PASSWORD=user - SECRETEKEY=${SELF_SERVICE_SECRETEKEY} - BACKGROUND=. - PASSWORD_MIN_LENGTH=${SELF_SERVICE_PASSWORD_MIN_LENGTH} - PASSWORD_MAX_LENGTH=${SELF_SERVICE_PASSWORD_MAX_LENGTH} - PASSWORD_MIN_LOWERCASE=${SELF_SERVICE_PASSWORD_MIN_LOWERCASE} - PASSWORD_MIN_UPPERCASE=${SELF_SERVICE_PASSWORD_MIN_UPPERCASE} - PASSWORD_MIN_DIGIT=${SELF_SERVICE_PASSWORD_MIN_DIGIT} - PASSWORD_MIN_SPECIAL=${SELF_SERVICE_PASSWORD_MIN_SPECIAL} - PASSWORD_HASH=CRYPT env_file: - password-self-service.env expose: - "80" networks: - web-net # provide web-frontend - ldap-net # access ldap user base and write passwords - kopano-net # send mail directly to mailstack mail: image: tvial/docker-mailserver:release-v6.1.0 restart: unless-stopped hostname: mail domainname: ${LDAP_DOMAIN} container_name: ${COMPOSE_PROJECT_NAME}_mail depends_on: - ldap volumes: - maildata:/var/mail - mailstate:/var/mail-state - mtaconfig:/tmp/docker-mailserver/ environment: - TZ=${TZ} - ENABLE_SPAMASSASSIN=1 - ENABLE_CLAMAV=1 - ENABLE_FAIL2BAN=1 - ENABLE_POSTGREY=1 - ONE_DIR=1 - DMS_DEBUG=0 - SSL_TYPE=self-signed - ENABLE_LDAP=1 - LDAP_SERVER_HOST=${LDAP_SERVER} - LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE} - LDAP_BIND_DN=${LDAP_BIND_DN} - LDAP_BIND_PW=${LDAP_BIND_PW} - LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER} - LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP} - LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS} - LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN} - ENABLE_SASLAUTHD=1 - SASLAUTHD_LDAP_SERVER=${LDAP_SERVER} - SASLAUTHD_LDAP_BIND_DN=${LDAP_BIND_DN} - SASLAUTHD_LDAP_PASSWORD=${LDAP_BIND_PW} - SASLAUTHD_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE} - SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER} - SASLAUTHD_MECHANISMS=ldap - POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS} - SMTP_ONLY=1 - PERMIT_DOCKER=host - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1 - POSTFIX_DAGENT=lmtp:kopano_dagent:2003 - REPORT_RECIPIENT=1 env_file: - mail.env networks: - kopano-net - ldap-net #dns: 1.1.1.1 # using Google DNS can lead to lookup errors uncomment this option and # set to the ip of a trusted dns service (Cloudflare is given as an example). # See https://github.com/zokradonh/kopano-docker/issues/52 for more information. cap_add: - NET_ADMIN - SYS_PTRACE db: image: mariadb:10.3.10-bionic restart: unless-stopped container_name: ${COMPOSE_PROJECT_NAME}_db volumes: - mysql/:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - MYSQL_USER=${MYSQL_USER} - MYSQL_PASSWORD=${MYSQL_PASSWORD} - MYSQL_DATABASE=${MYSQL_DATABASE} env_file: - db.env healthcheck: test: ["CMD-SHELL", 'mysql --database=$$MYSQL_DATABASE --password=$$MYSQL_ROOT_PASSWORD --execute="SELECT count(table_name) > 0 FROM information_schema.tables;" --skip-column-names -B'] interval: 30s timeout: 10s retries: 4 networks: - kopano-net kopano_ssl: image: ${docker_repo:-zokradonh}/kopano_ssl:${SSL_VERSION:-latest} environment: - FQDN=${FQDN} - PKI_COUNTRY=NL env_file: - kopano_ssl.env volumes: - kopanossl/:/kopano/ssl kopano_server: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} restart: unless-stopped hostname: kopano_server container_name: ${COMPOSE_PROJECT_NAME}_server depends_on: - db - ldap - kopano_ssl - kopano_konnect environment: - SERVICE_TO_START=server - TZ=${TZ} - KCCONF_SERVER_COREDUMP_ENABLED=no - KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST} - KCCONF_SERVER_MYSQL_PORT=3306 - KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE} - KCCONF_SERVER_MYSQL_USER=${MYSQL_USER} - KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD} - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kopano_server.pem - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem - KCCONF_SERVER_SERVER_NAME=Kopano - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS} - KCCONF_LDAP_LDAP_URI=${LDAP_SERVER} - KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN} - KCCONF_LDAP_LDAP_BIND_PASSWD=${LDAP_BIND_PW} - KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE} - KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1} - KCCOMMENT_LDAP_1=${KCCOMMENT_LDAP_1} - ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES} - KCCONF_SERVER_ENABLE_SSO=yes - KCCONF_SERVER_KCOIDC_ISSUER_IDENTIFIER=https://${FQDN} - KCCONF_SERVER_KCOIDC_INSECURE_SKIP_VERIFY=${INSECURE} env_file: - kopano_server.env networks: - kopano-net - ldap-net - web-net volumes: - kopanodata/:/kopano/data - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano kopano_webapp: image: ${docker_repo:-zokradonh}/kopano_webapp:${WEBAPP_VERSION:-latest} restart: unless-stopped hostname: kopano_webapp depends_on: - kopano_server volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano - kopanowebapp/:/var/lib/kopano-webapp/ environment: - TZ=${TZ} - ADDITIONAL_KOPANO_WEBAPP_PLUGINS=${ADDITIONAL_KOPANO_WEBAPP_PLUGINS} - KCCONF_WEBAPP_OIDC_ISS=https://${FQDN} - KCCONF_WEBAPP_OIDC_CLIENT_ID=webapp env_file: - kopano_webapp.env networks: - web-net - kopano-net kopano_zpush: image: ${docker_repo:-zokradonh}/kopano_zpush:${ZPUSH_VERSION:-latest} restart: unless-stopped hostname: kopano_zpush container_name: ${COMPOSE_PROJECT_NAME}_zpush depends_on: - kopano_server volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano - zpushstates/:/var/lib/z-push/ environment: - TZ=${TZ} env_file: - kopano_zpush.env networks: - web-net - kopano-net kopano_grapi: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} restart: unless-stopped container_name: ${COMPOSE_PROJECT_NAME}_grapi depends_on: - kopano_server volumes: - kopanosocket/:/run/kopano environment: - SERVICE_TO_START=grapi - TZ=${TZ} env_file: - kopano_grapi.env networks: - kopano-net kopano_kapi: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} restart: unless-stopped container_name: ${COMPOSE_PROJECT_NAME}_kapi depends_on: - kopano_grapi volumes: - kopanodata/:/kopano/data - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - SERVICE_TO_START=kapid - TZ=${TZ} - KCCONF_KAPID_LOG_LEVEL=DEBUG - KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN} - KCCONF_KAPID_INSECURE=${INSECURE} env_file: - kopano_kapi.env networks: - kopano-net - web-net kopano_kdav: image: ${docker_repo:-zokradonh}/kopano_kdav:${KDAV_VERSION:-latest} restart: unless-stopped hostname: kopano_kdav container_name: ${COMPOSE_PROJECT_NAME}_kdav depends_on: - kopano_server volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano - kdavstates/:/var/lib/kopano/kdav environment: - TZ=${TZ} networks: - kopano-net - web-net kopano_dagent: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} restart: unless-stopped depends_on: - kopano_server volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - SERVICE_TO_START=dagent - TZ=${TZ} - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kopano_dagent.pem - KCCONF_DAGENT_LOG_LEVEL=3 env_file: - kopano_dagent.env networks: - kopano-net kopano_spooler: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} restart: unless-stopped hostname: spooler domainname: ${LDAP_DOMAIN} depends_on: - kopano_server - mail volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - SERVICE_TO_START=spooler - TZ=${TZ} - KCCONF_SPOOLER_LOG_LEVEL=3 - KCCONF_SPOOLER_SMTP_SERVER=mail - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kopano_spooler.pem env_file: - kopano_spooler.env networks: - kopano-net kopano_gateway: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} restart: unless-stopped depends_on: - kopano_server volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - SERVICE_TO_START=gateway - TZ=${TZ} - KCCONF_GATEWAY_SERVER_SOCKET=http://kopano_server:236/ - KCCONF_GATEWAY_LOG_LEVEL=3 env_file: - kopano_gateway.env networks: - kopano-net kopano_ical: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} restart: unless-stopped depends_on: - kopano_server volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - SERVICE_TO_START=ical - TZ=${TZ} - KCCONF_ICAL_SERVER_SOCKET=http://kopano_server:236/ env_file: - kopano_ical.env networks: - kopano-net - web-net kopano_monitor: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} restart: unless-stopped depends_on: - kopano_server volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - SERVICE_TO_START=monitor - TZ=${TZ} env_file: - kopano_monitor.env networks: - kopano-net kopano_search: image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest} restart: unless-stopped container_name: ${COMPOSE_PROJECT_NAME}_search depends_on: - kopano_server volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano - kopanodata/:/kopano/data environment: - SERVICE_TO_START=search - TZ=${TZ} env_file: - kopano_search.env networks: - kopano-net kopano_konnect: image: ${docker_repo:-zokradonh}/kopano_konnect:${KONNECT_VERSION:-latest} restart: unless-stopped command: wrapper.sh depends_on: - kopano_ssl - web # to be useful Konnect also need a running kopano_server, but this dependency cannot be added here since this would be a circular dependency volumes: - kopanossl/:/kopano/ssl - kopanosocket/:/run/kopano environment: - FQDN=${FQDN} - allow_client_guests=yes - allow_dynamic_client_registration=yes env_file: - kopano_konnect.env networks: - kopano-net - web-net kopano_playground: image: ${docker_repo:-zokradonh}/kopano_playground restart: unless-stopped depends_on: - kopano_kapi - kopano_konnect networks: - kopano-net - web-net kopano_kwmserver: image: ${docker_repo:-zokradonh}/kopano_kwmserver:${KWM_VERSION:-latest} restart: unless-stopped command: wrapper.sh depends_on: - kopano_kapi - kopano_konnect environment: - INSECURE=${INSECURE} - oidc_issuer_identifier=https://${FQDN} - enable_guest_api=yes - public_guest_access_regexp=^group/public/.* env_file: - kopano_kwmserver.env volumes: - kopanossl/:/kopano/ssl networks: - web-net kopano_meet: image: ${docker_repo:-zokradonh}/kopano_meet:${MEET_VERSION:-latest} restart: unless-stopped environment: - SERVICE_TO_START=meet - KCCONF_MEET_disableFullGAB=false - KCCONF_MEET_guests_enabled=true env_file: - kopano_meet.env depends_on: - kopano_kapi - kopano_konnect - kopano_kwmserver - web networks: - web-net kopano_scheduler: image: ${docker_repo:-zokradonh}/kopano_scheduler:${SCHEDULER_VERSION:-latest} restart: "no" container_name: ${COMPOSE_PROJECT_NAME}_scheduler networks: - kopano-net - ldap-net - web-net depends_on: - kopano_server - kopano_zpush environment: - TZ=${TZ} - CRON_KOPANOUSERS=10 * * * * docker exec kopano_server kopano-admin --sync - CRON_ZPUSHGAB=0 22 * * * docker exec kopano_zpush z-push-gabsync -a sync - CRONDELAYED_KBACKUP=30 1 * * * docker run --rm -it --volumes-from kopano_server -v /root/kopano-backup:/kopano/path ${docker_repo:-zokradonh}/kopano_utils:${CORE_VERSION:-latest} kopano-backup -h - CRONDELAYED_SOFTDELETE=30 2 * * * docker exec kopano_server kopano-admin --purge-softdelete 30 env_file: - kopano_scheduler.env volumes: - /var/run/docker.sock:/var/run/docker.sock:ro volumes: web: ldap: slapd: maildata: mailstate: mtaconfig: mysql: kopanodata: kopanossl: kopanosocket: kopanowebapp: zpushstates: kdavstates: networks: web-net: kopano-net: driver: bridge ldap-net: driver: bridge