flywithu/kopano-docker
1
0
Fork 0
mirror of https://github.com/zokradonh/kopano-docker synced 2025-11-03 20:07:27 +00:00
Code Issues Releases Wiki Activity
kopano-docker/examples/traefik-proxy-subdomain.md
Felix Bartels acdb5bed88
spell (via mispell) and markup fixed (#307) 
Signed-off-by: Felix Bartels <felix@host-consultants.de>
2019-12-13 13:27:55 +01:00

79 lines
2.5 KiB
Markdown
Raw Blame History

# Situation and motivation:
* running the kopano stack behind an ssl-terminating proxy
* as less as possible maintenance effort --> run the kopano stack as close as possible at the default configuration
* using the kopano-stack to provide a central ldap authentication for the domain, but running the frontend using a subdomain
## Way to go:
1. initial clean **setup of kopano stack** --> follow the documentation of https://github.com/zokradonh/kopano-docker/blob/master/README.md
1. clone the repo https://github.com/zokradonh/kopano-docker
2. run the setup.sh (only steps, necessary for the configuration is shown here)
1. Name of the Organisation for LDAP `mydomain.com`
2. FQDN to be used (for reverse proxy) `kopano.mydomain.com`
3. Email address to use for Lets Encrypt. `self_signed`
4. Name of the BASE DN for LDAP `dc=mydomain,dc=com`
5. E-Mail Address displayed for the 'postmaster' `postmaster@mydomain.com`
2. ensure ldap and reverse-proxy domain is split correctly in generated `.env` file:
```bash
LDAP_DOMAIN=mydomain.com
LDAP_BASE_DN=dc=mydomain,dc=com
FQDN=kopano.mydomain.com
```
3. ensure kwmserver is able to connect through an endpoint with valid ssl-certificate
```bash
FQDNCLEANED=somethingInvalidToEnforceConnectionFromOutsideEndpoint
```
4. ensure your traefik instance outside of the kopano-stack does allow **proxying to self-signed certificates**:
```bash
command: --insecureSkipVerify=true
```
5. disable the docker-host portmapping of the kopano-caddy proxy in `docker-compose.yml` to not interference with your traefik proxy
```yaml
services:
web:
...
# ports:
# - "${CADDY:-2015}:2015"
# - "${HTTP:-80}:80"
# - "${HTTPS:-443}:443"
```
6. make the self-signed kopano reverse-proxy available in traefik via `docker-compose.override.yml`
```yaml
version: "3.5"
services:
web:
networks:
proxy-net:
labels:
traefik.enable: true
traefik.frontend.rule: "Host:${FQDN}"
traefik.port: 2015
traefik.protocol: https
traefik.docker.network: "proxy-net"
traefik.frontend.headers.forceSTSHeader: true
traefik.frontend.headers.STSSeconds: 315360000
traefik.frontend.headers.STSIncludeSubdomains: true
traefik.frontend.headers.STSPreload: true
networks:
proxy-net:
external: true
ldap-net:
name: ldap-net
```
Everything else should be configurable as normal. My test-setup showed a functional active-sync connection using the mdm plugin in the webapp, as well as screensharing via kopano-meet.
Reference in New Issue View Git Blame Copy Permalink