(unofficial) Kopano Docker Images
New instructions:
- explain Makefile
make docker_repo=kopano publishto upload to a custom docker hub account
Getting started with docker-compose
Thie repository contains an example docker-compose.yml file that spins up a Kopano demo environment incl. pre filled ldap tree. Run docker-compose build to create the ldap image locally. After running docker-compose up you can login through phpldapadmin at http://localhost:8081/ with the the user cn=admin,dc=kopano,dc=demo with the password kopano123.
git clone https://github.com/fbartels/kopano-docker.git cd kopano-docker git checkout compose make build-all docker-compose build docker-compose up -d docker-compose exec kserver kopano-cli --list-users docker-compose logs -f kserver
docker-compose down sudo rm -rf data/ docker-compose up -d
Kopano Docker Image
Unofficial kopano docker images for all kopano services. Use kopano_core image for server/spooler/dagent/search/monitor/ical/gateway services. Use kopano_webapp for web service.
Building
You may use build.sh script but you can also invoke docker build directly to build community or supported kopano components.
Currently there are the following components implemented by this project:
- core (server/spooler/dagent/search/monitor/ical/gateway services)
- webapp (apache server for kopano webapp and z-push)
Building community Kopano
Example:
docker build https://github.com/zokradonh/kopano-docker.git#:core
Or use the build.sh script:
build.sh -c core
Building supported Kopano
If you have an active Kopano subscription you need specify the following build time arguments:
- KOPANO_CORE_REPOSITORY_URL to
https://serial:<YOURSERIAL>@download.kopano.io/supported/core:/final/Debian_9.0 - RELEASE_KEY_DOWNLOAD to 1
- DOWNLOAD_COMMUNITY_PACKAGES to 0
Example:
docker build --build-arg KOPANO_CORE_REPOSITORY_URL=https://serial:ABC123456789@download.kopano.io/supported/core:/final/Debian_9.0 --build-arg RELEASE_KEY_DOWNLOAD=1 --build-arg DOWNLOAD_COMMUNITY_PACKAGES=0 https://github.com/zokradonh/kopano-docker.git#:core
Or use the build.sh script:
build.sh -c core -s ABC123456789 -b final
Replace ABC123456789 with your serial.
WARNING
The built image now includes your serial. Do not push this image to any public registry like hub.docker.com.
Example
docker-compose.yml
version: '3'
services:
kserver:
image: zokradonh/kopano_core:${CORE_VERSION}
hostname: kserver
container_name: kopano_server
links:
- db
depends_on:
- "kssl"
environment:
- SERVICE_TO_START=server
- TZ=Europe/Berlin
- KCCONF_SERVER_COREDUMP_ENABLED=no
- KCCONF_SERVER_LOG_LEVEL=4
- KCCONF_SERVER_MYSQL_HOST=db
- KCCONF_SERVER_MYSQL_PORT=3306
- KCCONF_SERVER_MYSQL_DATABASE=kopano
- KCCONF_SERVER_MYSQL_USER=root
- KCCONF_SERVER_MYSQL_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld #change here
- KCCONF_SERVER_DISABLED_FEATURES=pop3
- KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/
- KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport #change here
- KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER #change here
- KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld #change here
- KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
- KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
networks:
- kopanonet
volumes:
- data:/kopano/data
- sslcerts:/kopano/ssl
kdagent:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_dagent
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=dagent
- TZ=Europe/Berlin
- KCCONF_DAGENT_LOG_LEVEL=6
- KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
networks:
- kopanonet
kgateway:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_gateway
links:
- kserver
volumes:
- ./gatewaycerts/:/kopano/certs/
environment:
- SERVICE_TO_START=gateway
- TZ=Europe/Berlin
- KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
- KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs/yourcert.key # change here
- KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/yourcert.pem # change here
networks:
- kopanonet
kical:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_ical
links:
- kserver
environment:
- SERVICE_TO_START=ical
- TZ=Europe/Berlin
- KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
networks:
- kopanonet
kmonitor:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_monitor
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=monitor
- TZ=Europe/Berlin
- KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/
- KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem
networks:
- kopanonet
ksearch:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_search
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=search
- TZ=Europe/Berlin
- KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380
- KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/
- KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem
networks:
- kopanonet
kspooler:
image: zokradonh/kopano_core:${CORE_VERSION}
container_name: kopano_spooler
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=spooler
- TZ=Europe/Berlin
- KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/
- KCCONF_SPOOLER_LOG_LEVEL=4
- KCCONF_SPOOLER_SMTP_SERVER=kmta
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
networks:
- kopanonet
kwebapp:
image: zokradonh/kopano_webapp:${WEBAPP_VERSION}
hostname: kwebapp
container_name: kopano_webapp
links:
- kserver
#ports:
# - "8236:80"
# - "8237:443"
volumes:
- syncstates:/var/lib/z-push/
- sslcerts:/kopano/ssl
environment:
- TZ=Europe/Berlin
- KCCONF_SERVERHOSTNAME=kserver
- KCCONF_SERVERPORT=237
networks:
- web
- kopanonet
kssl:
image: zokradonh/kopano_ssl
container_name: kopano_ssl
volumes:
- sslcerts:/kopano/ssl
kmta:
image: tvial/docker-mailserver:latest
hostname: myhost #change here
domainname: domain.tld #change here
#dns: 127.0.0.1
container_name: kopano_mta
#links:
# - adtunnel
ports:
- "25:25"
# - "143:143"
# - "587:587"
# - "993:993"
volumes:
- tmpmaildata:/var/mail
- tmpmailstate:/var/mail-state
- ./mtaconfig/:/tmp/docker-mailserver/ # create this dir
environment:
- TZ=Europe/Berlin
- ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- TLS_LEVEL=intermediate
- POSTGREY_DELAY=10
- ONE_DIR=1
- DMS_DEBUG=0
- ENABLE_LDAP=1
- LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here
- LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
- LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here
- LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s)))
- LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
- LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
- LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group)))
- ENABLE_SASLAUTHD=1
- SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here
- SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER #change here
- SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
- SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
- SASLAUTHD_MECHANISMS=ldap
- POSTMASTER_ADDRESS=postmaster@domain.tld #change here
- SMTP_ONLY=1
- PERMIT_DOCKER=network
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
- POSTFIX_DAGENT=lmtp:kdagent:2003
- REPORT_RECIPIENT=1
networks:
- kopanonet
cap_add:
- NET_ADMIN
- SYS_PTRACE
db:
image: mariadb
restart: always
container_name: kopano_db
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=YOUR_MYSQL_ROOT_PASSWORD #change here
- MYSQL_PASSWORD=YOUR_PASSWORD #change here
- MYSQL_DATABASE=kopano
- MYSQL_USER=kopano
networks:
- kopanonet
volumes:
db:
data:
syncstates:
sslcerts:
tmpmaildata:
tmpmailstate:
networks:
web: # this requires an external docker container that is a http reverse proxy (e.g. haproxy)
external:
name: haproxy_webrproxynet
kopanonet:
driver: bridge
Requires haproxy network for http reverse proxy. Change all lines which are commented especially those with #change here
This is just a quick example docker-compose.yml made in some minutes to provide a better start.
Requires .env file next to docker-compose.yml with content like this
CORE_VERSION=8.6.80.1055-0plus156.1
WEBAPP_VERSION=3.4.17.1565plus895.1
Requires ldap-groups.cf in ./mtaconfig directory next to docker-compose.yml
bind = yes
bind_dn = cn=admin,dc=domain,dc=com
bind_pw = admin
query_filter = (&(mailGroupMember=%s)(mailEnabled=TRUE))
result_attribute = mail
search_base = ou=people,dc=domain,dc=com
server_host = mail.domain.com
start_tls = no
version = 3
leaf_result_attribute = mail
special_result_attribute = member
Now group members of Active Directory groups can be found by postfix.
Furthermore you can use this directory for opendkim - see kmta's image for details.