mirror of
https://github.com/zokradonh/kopano-docker
synced 2025-06-07 16:06:14 +00:00
5077bbd1b6
* make it possible to configure grapi through its cfg * add test for config setting in grapi * add volume for persistent data * chown and add tests for dir
495 lines
14 KiB
YAML
495 lines
14 KiB
YAML
version: "3.5"
|
|
|
|
services:
|
|
web:
|
|
image: ${docker_repo:-zokradonh}/kopano_web:${KWEB_VERSION:-latest}
|
|
restart: unless-stopped
|
|
environment:
|
|
- EMAIL=${EMAIL:-off}
|
|
- FQDN=${FQDNCLEANED?err}
|
|
- DEFAULTREDIRECT=${DEFAULTREDIRECT:-/webapp}
|
|
command: wrapper.sh
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- NET_BIND_SERVICE
|
|
- CHOWN
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- web:/.kweb
|
|
networks:
|
|
web-net:
|
|
aliases:
|
|
- ${FQDNCLEANED?err}
|
|
|
|
ldap:
|
|
image: ${docker_repo:-zokradonh}/${LDAP_CONTAINER:-kopano_ldap_demo}:${LDAP_VERSION:-latest}
|
|
restart: unless-stopped
|
|
container_name: ${COMPOSE_PROJECT_NAME}_ldap
|
|
environment:
|
|
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
|
|
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
|
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
|
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
|
|
- LDAP_READONLY_USER=true
|
|
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
|
|
env_file:
|
|
- ldap.env
|
|
command: "--loglevel info --copy-service"
|
|
volumes:
|
|
- ldap:/var/lib/ldap
|
|
- slapd:/etc/ldap/slapd.d
|
|
networks:
|
|
- ldap-net
|
|
|
|
mail:
|
|
image: tvial/docker-mailserver:release-v6.2.0
|
|
restart: unless-stopped
|
|
hostname: mail
|
|
domainname: ${LDAP_DOMAIN}
|
|
container_name: ${COMPOSE_PROJECT_NAME}_mail
|
|
depends_on:
|
|
- ldap
|
|
volumes:
|
|
- maildata:/var/mail
|
|
- mailstate:/var/mail-state
|
|
- mtaconfig:/tmp/docker-mailserver/
|
|
environment:
|
|
- TZ=${TZ}
|
|
- ENABLE_SPAMASSASSIN=1
|
|
- ENABLE_CLAMAV=1
|
|
- ENABLE_FAIL2BAN=1
|
|
- ENABLE_POSTGREY=1
|
|
- ONE_DIR=1
|
|
- DMS_DEBUG=0
|
|
- SSL_TYPE=self-signed
|
|
- ENABLE_LDAP=1
|
|
- LDAP_SERVER_HOST=${LDAP_SERVER}
|
|
- LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
|
|
- LDAP_BIND_DN=${LDAP_BIND_DN}
|
|
- LDAP_BIND_PW=${LDAP_BIND_PW}
|
|
- LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER}
|
|
- LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
|
|
- LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
|
|
- LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
|
|
- ENABLE_SASLAUTHD=1
|
|
- SASLAUTHD_LDAP_SERVER=${LDAP_SERVER}
|
|
- SASLAUTHD_LDAP_BIND_DN=${LDAP_BIND_DN}
|
|
- SASLAUTHD_LDAP_PASSWORD=${LDAP_BIND_PW}
|
|
- SASLAUTHD_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
|
|
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
|
|
- SASLAUTHD_MECHANISMS=ldap
|
|
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
|
|
- SMTP_ONLY=1
|
|
- PERMIT_DOCKER=connected-networks
|
|
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
|
|
- POSTFIX_DAGENT=lmtp:kopano_dagent:2003
|
|
- REPORT_RECIPIENT=1
|
|
env_file:
|
|
- mail.env
|
|
networks:
|
|
- kopano-net
|
|
- ldap-net
|
|
# dns: 1.1.1.1 # using Google DNS can lead to lookup errors uncomment this option and
|
|
# set to the ip of a trusted dns service (Cloudflare is given as an example).
|
|
# See https://github.com/zokradonh/kopano-docker/issues/52 for more information.
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_PTRACE
|
|
|
|
db:
|
|
image: mariadb:10.3.10-bionic
|
|
restart: unless-stopped
|
|
container_name: ${COMPOSE_PROJECT_NAME}_db
|
|
volumes:
|
|
- mysql/:/var/lib/mysql
|
|
environment:
|
|
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
|
- MYSQL_USER=${MYSQL_USER}
|
|
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
|
- MYSQL_DATABASE=${MYSQL_DATABASE}
|
|
env_file:
|
|
- db.env
|
|
healthcheck:
|
|
test: ["CMD-SHELL", 'mysql --database=$$MYSQL_DATABASE --password=$$MYSQL_ROOT_PASSWORD --execute="SELECT count(table_name) > 0 FROM information_schema.tables;" --skip-column-names -B']
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 4
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_ssl:
|
|
image: ${docker_repo:-zokradonh}/kopano_ssl:${SSL_VERSION:-latest}
|
|
environment:
|
|
- FQDN=${FQDN}
|
|
- PKI_COUNTRY=NL
|
|
env_file:
|
|
- kopano_ssl.env
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
|
|
kopano_server:
|
|
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
|
|
restart: unless-stopped
|
|
hostname: kopano_server
|
|
container_name: ${COMPOSE_PROJECT_NAME}_server
|
|
depends_on:
|
|
- db
|
|
- ldap
|
|
- kopano_ssl
|
|
- kopano_konnect
|
|
environment:
|
|
- SERVICE_TO_START=server
|
|
- TZ=${TZ}
|
|
- KCCONF_SERVER_COREDUMP_ENABLED=no
|
|
- KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
|
|
- KCCONF_SERVER_MYSQL_PORT=3306
|
|
- KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE}
|
|
- KCCONF_SERVER_MYSQL_USER=${MYSQL_USER}
|
|
- KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
|
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kopano_server.pem
|
|
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
|
|
- KCCONF_SERVER_SERVER_NAME=Kopano
|
|
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
|
|
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
|
|
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS}
|
|
- KCCONF_LDAP_LDAP_URI=${LDAP_SERVER}
|
|
- KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN}
|
|
- KCCONF_LDAP_LDAP_BIND_PASSWD=${LDAP_BIND_PW}
|
|
- KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
|
|
- KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1}
|
|
- KCCOMMENT_LDAP_1=${KCCOMMENT_LDAP_1}
|
|
- ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES}
|
|
- KCCONF_SERVER_ENABLE_SSO=yes
|
|
- KCCONF_SERVER_KCOIDC_ISSUER_IDENTIFIER=https://${FQDN}
|
|
- KCCONF_SERVER_KCOIDC_INSECURE_SKIP_VERIFY=${INSECURE}
|
|
- KCCONF_ADMIN_DEFAULT_STORE_LOCALE=${MAILBOXLANG:-en_US.UTF-8}
|
|
env_file:
|
|
- kopano_server.env
|
|
networks:
|
|
- kopano-net
|
|
- ldap-net
|
|
- web-net
|
|
volumes:
|
|
- kopanodata/:/kopano/data
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
|
|
kopano_webapp:
|
|
image: ${docker_repo:-zokradonh}/kopano_webapp:${WEBAPP_VERSION:-latest}
|
|
restart: unless-stopped
|
|
hostname: kopano_webapp
|
|
depends_on:
|
|
- kopano_server
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
- kopanowebapp/:/var/lib/kopano-webapp/
|
|
environment:
|
|
- TZ=${TZ}
|
|
- ADDITIONAL_KOPANO_WEBAPP_PLUGINS=${ADDITIONAL_KOPANO_WEBAPP_PLUGINS}
|
|
- KCCONF_WEBAPP_OIDC_ISS=https://${FQDN}
|
|
- KCCONF_WEBAPP_OIDC_CLIENT_ID=webapp
|
|
env_file:
|
|
- kopano_webapp.env
|
|
networks:
|
|
- web-net
|
|
- kopano-net
|
|
|
|
kopano_zpush:
|
|
image: ${docker_repo:-zokradonh}/kopano_zpush:${ZPUSH_VERSION:-latest}
|
|
restart: unless-stopped
|
|
hostname: kopano_zpush
|
|
container_name: ${COMPOSE_PROJECT_NAME}_zpush
|
|
depends_on:
|
|
- kopano_server
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
- zpushstates/:/var/lib/z-push/
|
|
environment:
|
|
- TZ=${TZ}
|
|
# Shared folders automatically assigned to all users in the format: [{"name":"<folder name>","id":"<kopano folder id>","type":"<type>","flags":"<flags>"},...]
|
|
# For more information on the parameters see the z-push-admin help for the addshared-action.
|
|
- ZPUSH_ADDITIONAL_FOLDERS=[]
|
|
env_file:
|
|
- kopano_zpush.env
|
|
networks:
|
|
- web-net
|
|
- kopano-net
|
|
|
|
kopano_grapi:
|
|
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
|
|
restart: unless-stopped
|
|
container_name: ${COMPOSE_PROJECT_NAME}_grapi
|
|
depends_on:
|
|
- kopano_server
|
|
volumes:
|
|
- kopanosocket/:/run/kopano
|
|
- kopanograpi/:/var/lib/kopano-grapi
|
|
environment:
|
|
- SERVICE_TO_START=grapi
|
|
- TZ=${TZ}
|
|
- KCCONF_GRAPI_ENABLE_EXPERIMENTAL_ENDPOINTS=false
|
|
env_file:
|
|
- kopano_grapi.env
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_kapi:
|
|
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
|
|
restart: unless-stopped
|
|
container_name: ${COMPOSE_PROJECT_NAME}_kapi
|
|
depends_on:
|
|
- kopano_grapi
|
|
volumes:
|
|
- kopanodata/:/kopano/data
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- SERVICE_TO_START=kapi
|
|
- TZ=${TZ}
|
|
- KCCONF_KAPID_LOG_LEVEL=DEBUG
|
|
- KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN}
|
|
- KCCONF_KAPID_INSECURE=${INSECURE}
|
|
env_file:
|
|
- kopano_kapi.env
|
|
networks:
|
|
- kopano-net
|
|
- web-net
|
|
|
|
kopano_kdav:
|
|
image: ${docker_repo:-zokradonh}/kopano_kdav:${KDAV_VERSION:-latest}
|
|
restart: unless-stopped
|
|
hostname: kopano_kdav
|
|
container_name: ${COMPOSE_PROJECT_NAME}_kdav
|
|
depends_on:
|
|
- kopano_server
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
- kdavstates/:/var/lib/kopano/kdav
|
|
environment:
|
|
- TZ=${TZ}
|
|
networks:
|
|
- kopano-net
|
|
- web-net
|
|
|
|
kopano_dagent:
|
|
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- kopano_server
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- SERVICE_TO_START=dagent
|
|
- TZ=${TZ}
|
|
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kopano_dagent.pem
|
|
- KCCONF_DAGENT_LOG_LEVEL=3
|
|
env_file:
|
|
- kopano_dagent.env
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_spooler:
|
|
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
|
|
restart: unless-stopped
|
|
hostname: spooler
|
|
domainname: ${LDAP_DOMAIN}
|
|
depends_on:
|
|
- kopano_server
|
|
- mail
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- SERVICE_TO_START=spooler
|
|
- TZ=${TZ}
|
|
- KCCONF_SPOOLER_LOG_LEVEL=3
|
|
- KCCONF_SPOOLER_SMTP_SERVER=mail
|
|
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kopano_spooler.pem
|
|
env_file:
|
|
- kopano_spooler.env
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_gateway:
|
|
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- kopano_server
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- SERVICE_TO_START=gateway
|
|
- TZ=${TZ}
|
|
- KCCONF_GATEWAY_SERVER_SOCKET=http://kopano_server:236/
|
|
- KCCONF_GATEWAY_LOG_LEVEL=3
|
|
env_file:
|
|
- kopano_gateway.env
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_ical:
|
|
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- kopano_server
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- SERVICE_TO_START=ical
|
|
- TZ=${TZ}
|
|
- KCCONF_ICAL_SERVER_SOCKET=http://kopano_server:236/
|
|
env_file:
|
|
- kopano_ical.env
|
|
networks:
|
|
- kopano-net
|
|
- web-net
|
|
|
|
kopano_monitor:
|
|
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- kopano_server
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- SERVICE_TO_START=monitor
|
|
- TZ=${TZ}
|
|
env_file:
|
|
- kopano_monitor.env
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_search:
|
|
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
|
|
restart: unless-stopped
|
|
container_name: ${COMPOSE_PROJECT_NAME}_search
|
|
depends_on:
|
|
- kopano_server
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
- kopanodata/:/kopano/data
|
|
environment:
|
|
- SERVICE_TO_START=search
|
|
- TZ=${TZ}
|
|
env_file:
|
|
- kopano_search.env
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_konnect:
|
|
image: ${docker_repo:-zokradonh}/kopano_konnect:${KONNECT_VERSION:-latest}
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- kopano_ssl
|
|
- web
|
|
# to be useful Konnect also need a running kopano_server, but this dependency cannot be added here since this would be a circular dependency
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- FQDN=${FQDN}
|
|
- ecparam=/kopano/ssl/ecparam.pem
|
|
- eckey=/kopano/ssl/meet-kwmserver.pem
|
|
- signing_private_key=/kopano/ssl/konnectd-tokens-signing-key.pem
|
|
- encryption_secret_key=/kopano/ssl/konnectd-encryption.key
|
|
- identifier_registration_conf=/kopano/ssl/konnectd-identifier-registration.yaml
|
|
- identifier_scopes_conf=/etc/kopano/konnectd-identifier-scopes.yaml
|
|
- allow_client_guests=yes
|
|
- allow_dynamic_client_registration=yes
|
|
env_file:
|
|
- kopano_konnect.env
|
|
networks:
|
|
- kopano-net
|
|
- web-net
|
|
|
|
kopano_kwmserver:
|
|
image: ${docker_repo:-zokradonh}/kopano_kwmserver:${KWM_VERSION:-latest}
|
|
restart: unless-stopped
|
|
command: wrapper.sh
|
|
depends_on:
|
|
- kopano_kapi
|
|
- kopano_konnect
|
|
environment:
|
|
- INSECURE=${INSECURE}
|
|
- oidc_issuer_identifier=https://${FQDN}
|
|
- enable_guest_api=yes
|
|
- public_guest_access_regexp=^group/public/.*
|
|
env_file:
|
|
- kopano_kwmserver.env
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
networks:
|
|
- web-net
|
|
|
|
kopano_meet:
|
|
image: ${docker_repo:-zokradonh}/kopano_meet:${MEET_VERSION:-latest}
|
|
restart: unless-stopped
|
|
environment:
|
|
- SERVICE_TO_START=meet
|
|
- KCCONF_MEET_disableFullGAB=false
|
|
- KCCONF_MEET_guests_enabled=true
|
|
env_file:
|
|
- kopano_meet.env
|
|
depends_on:
|
|
- kopano_kapi
|
|
- kopano_konnect
|
|
- kopano_kwmserver
|
|
- web
|
|
networks:
|
|
- web-net
|
|
|
|
kopano_scheduler:
|
|
image: ${docker_repo:-zokradonh}/kopano_scheduler:${SCHEDULER_VERSION:-latest}
|
|
restart: "no"
|
|
container_name: ${COMPOSE_PROJECT_NAME}_scheduler
|
|
networks:
|
|
- kopano-net
|
|
- ldap-net
|
|
- web-net
|
|
depends_on:
|
|
- kopano_server
|
|
- kopano_zpush
|
|
environment:
|
|
- TZ=${TZ}
|
|
- CRON_KOPANOUSERS=10 * * * * docker exec kopano_server kopano-admin --sync
|
|
- CRON_ZPUSHGAB=0 22 * * * docker exec kopano_zpush z-push-gabsync -a sync
|
|
- CRONDELAYED_KBACKUP=30 1 * * * docker run --rm -it --volumes-from kopano_server -v /root/kopano-backup:/kopano/path ${docker_repo:-zokradonh}/kopano_utils:${CORE_VERSION:-latest} kopano-backup -h
|
|
- CRONDELAYED_SOFTDELETE=30 2 * * * docker exec kopano_server kopano-admin --purge-softdelete 30
|
|
env_file:
|
|
- kopano_scheduler.env
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
|
|
volumes:
|
|
web:
|
|
ldap:
|
|
slapd:
|
|
maildata:
|
|
mailstate:
|
|
mtaconfig:
|
|
mysql:
|
|
kopanodata:
|
|
kopanograpi:
|
|
kopanossl:
|
|
kopanosocket:
|
|
kopanowebapp:
|
|
zpushstates:
|
|
kdavstates:
|
|
|
|
networks:
|
|
web-net:
|
|
kopano-net:
|
|
driver: bridge
|
|
ldap-net:
|
|
driver: bridge
|