flywithu/kopano-docker
1
0
Fork 0
mirror of https://github.com/zokradonh/kopano-docker synced 2025-10-31 02:17:47 +00:00
Code Issues Releases Wiki Activity
kopano-docker/docker-compose.yml
Felix Bartels d7fb796fa3
split up installation for core and kapi+grapi (#293) 
* split up installation for core and kapi+grapi
* add some debug output in case package installation fails
* let konnect run as nobody
* add code to check writing permissions for certificates and create certificates in container if possible
* add tests to check on failed and successful certificate creation
* add certificate creation logic from the konnect binfile
* add env for custom dockerize timeout (to fail earlier in tests)
2019-11-26 10:10:22 +01:00

531 lines
16 KiB
YAML
Raw Blame History

version: "3.5"
services:
web:
image: ${docker_repo:-zokradonh}/kopano_web:${KWEB_VERSION:-latest}
restart: unless-stopped
environment:
- DEFAULTREDIRECT=${DEFAULTREDIRECT:-/webapp}
- EMAIL=${EMAIL:-off}
- FQDN=${FQDNCLEANED?err}
command: wrapper.sh
cap_drop:
- ALL
cap_add:
- CHOWN
- NET_BIND_SERVICE
- SETGID
- SETUID
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- web:/.kweb
networks:
web-net:
aliases:
- ${FQDNCLEANED?err}
ldap:
image: ${docker_repo:-zokradonh}/${LDAP_CONTAINER:-kopano_ldap_demo}:${LDAP_VERSION:-latest}
restart: unless-stopped
container_name: ${COMPOSE_PROJECT_NAME}_ldap
environment:
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
- LDAP_BASE_DN=${LDAP_BASE_DN}
- LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
- LDAP_READONLY_USER=true
env_file:
- ldap.env
command: "--loglevel info --copy-service"
volumes:
- ldap:/var/lib/ldap
- slapd:/etc/ldap/slapd.d
networks:
- ldap-net
mail:
image: tvial/docker-mailserver:release-v6.2.0
restart: unless-stopped
hostname: mail
domainname: ${LDAP_DOMAIN}
container_name: ${COMPOSE_PROJECT_NAME}_mail
depends_on:
- ldap
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- mtaconfig:/tmp/docker-mailserver/
environment:
- DMS_DEBUG=0
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_LDAP=1
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
- ENABLE_POSTGREY=1
- ENABLE_SASLAUTHD=1
- ENABLE_SPAMASSASSIN=1
- LDAP_BIND_DN=${LDAP_BIND_DN}
- LDAP_BIND_PW=${LDAP_BIND_PW}
- LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
- LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
- LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
- LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER}
- LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- LDAP_SERVER_HOST=${LDAP_SERVER}
- ONE_DIR=1
- PERMIT_DOCKER=connected-networks
- POSTFIX_DAGENT=lmtp:kopano_dagent:2003
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
- REPORT_RECIPIENT=1
- SASLAUTHD_LDAP_BIND_DN=${LDAP_BIND_DN}
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
- SASLAUTHD_LDAP_PASSWORD=${LDAP_BIND_PW}
- SASLAUTHD_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- SASLAUTHD_LDAP_SERVER=${LDAP_SERVER}
- SASLAUTHD_MECHANISMS=ldap
- SMTP_ONLY=1
- SSL_TYPE=self-signed
- TZ=${TZ}
env_file:
- mail.env
networks:
- kopano-net
- ldap-net
# dns: 1.1.1.1 # using Google DNS can lead to lookup errors uncomment this option and
# set to the ip of a trusted dns service (Cloudflare is given as an example).
# See https://github.com/zokradonh/kopano-docker/issues/52 for more information.
cap_add:
- NET_ADMIN
- SYS_PTRACE
db:
image: mariadb:10.3.10-bionic
restart: unless-stopped
container_name: ${COMPOSE_PROJECT_NAME}_db
volumes:
- mysql/:/var/lib/mysql
environment:
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_USER=${MYSQL_USER}
env_file:
- db.env
healthcheck:
test: ["CMD-SHELL", 'mysql --database=$$MYSQL_DATABASE --password=$$MYSQL_ROOT_PASSWORD --execute="SELECT count(table_name) > 0 FROM information_schema.tables;" --skip-column-names -B']
interval: 30s
timeout: 10s
retries: 4
networks:
- kopano-net
kopano_ssl:
image: ${docker_repo:-zokradonh}/kopano_ssl:${SSL_VERSION:-latest}
environment:
- FQDN=${FQDN}
- PKI_COUNTRY=NL
env_file:
- kopano_ssl.env
volumes:
- kopanossl/:/kopano/ssl
kopano_server:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
hostname: kopano_server
container_name: ${COMPOSE_PROJECT_NAME}_server
depends_on:
- db
- kopano_konnect
- kopano_ssl
- ldap
environment:
- ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES}
- KCCOMMENT_LDAP_1=${KCCOMMENT_LDAP_1}
- KCCONF_ADMIN_DEFAULT_STORE_LOCALE=${MAILBOXLANG:-en_US.UTF-8}
- KCCONF_LDAP_LDAP_BIND_PASSWD=${LDAP_BIND_PW}
- KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN}
- KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- KCCONF_LDAP_LDAP_URI=${LDAP_SERVER}
- KCCONF_SERVER_COREDUMP_ENABLED=no
- KCCONF_SERVER_ENABLE_SSO=yes
- KCCONF_SERVER_KCOIDC_INSECURE_SKIP_VERIFY=${INSECURE}
- KCCONF_SERVER_KCOIDC_ISSUER_IDENTIFIER=https://${FQDN}
- KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE}
- KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
- KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD}
- KCCONF_SERVER_MYSQL_PORT=3306
- KCCONF_SERVER_MYSQL_USER=${MYSQL_USER}
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
- KCCONF_SERVER_SERVER_NAME=Kopano
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kopano_server.pem
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS}
- KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1}
- SERVICE_TO_START=server
- TZ=${TZ}
env_file:
- kopano_server.env
networks:
- kopano-net
- ldap-net
- web-net
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- kopanodata/:/kopano/data
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
kopano_webapp:
image: ${docker_repo:-zokradonh}/kopano_webapp:${WEBAPP_VERSION:-latest}
restart: unless-stopped
hostname: kopano_webapp
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
- kopanowebapp/:/var/lib/kopano-webapp/
environment:
- ADDITIONAL_KOPANO_WEBAPP_PLUGINS=${ADDITIONAL_KOPANO_WEBAPP_PLUGINS}
- KCCONF_WEBAPP_OIDC_CLIENT_ID=webapp
- KCCONF_WEBAPP_OIDC_ISS=https://${FQDN}
- TZ=${TZ}
env_file:
- kopano_webapp.env
networks:
- kopano-net
- web-net
kopano_zpush:
image: ${docker_repo:-zokradonh}/kopano_zpush:${ZPUSH_VERSION:-latest}
restart: unless-stopped
hostname: kopano_zpush
container_name: ${COMPOSE_PROJECT_NAME}_zpush
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
- zpushstates/:/var/lib/z-push/
environment:
- TZ=${TZ}
# Shared folders automatically assigned to all users in the format: [{"name":"<folder name>","id":"<kopano folder id>","type":"<type>","flags":"<flags>"},...]
# For more information on the parameters see the z-push-admin help for the addshared-action.
- ZPUSH_ADDITIONAL_FOLDERS=[]
env_file:
- kopano_zpush.env
networks:
- kopano-net
- web-net
kopano_grapi:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
container_name: ${COMPOSE_PROJECT_NAME}_grapi
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- kopanograpi/:/var/lib/kopano-grapi
- kopanosocket/:/run/kopano
environment:
- KCCONF_GRAPI_ENABLE_EXPERIMENTAL_ENDPOINTS=no
- KCCONF_GRAPI_INSECURE=${INSECURE}
- SERVICE_TO_START=grapi
- TZ=${TZ}
env_file:
- kopano_grapi.env
networks:
- kopano-net
- web-net
kopano_kapi:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
container_name: ${COMPOSE_PROJECT_NAME}_kapi
depends_on:
- kopano_grapi
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- kopanodata/:/kopano/data
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- KCCONF_KAPID_INSECURE=${INSECURE}
- KCCONF_KAPID_LOG_LEVEL=DEBUG
- KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN}
- SERVICE_TO_START=kapi
- TZ=${TZ}
env_file:
- kopano_kapi.env
networks:
- kopano-net
- web-net
kopano_kdav:
image: ${docker_repo:-zokradonh}/kopano_kdav:${KDAV_VERSION:-latest}
restart: unless-stopped
hostname: kopano_kdav
container_name: ${COMPOSE_PROJECT_NAME}_kdav
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- kdavstates/:/var/lib/kopano/kdav
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- TZ=${TZ}
networks:
- kopano-net
- web-net
kopano_dagent:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- KCCONF_DAGENT_LOG_LEVEL=3
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kopano_dagent.pem
- SERVICE_TO_START=dagent
- TZ=${TZ}
env_file:
- kopano_dagent.env
networks:
- kopano-net
kopano_spooler:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
hostname: spooler
domainname: ${LDAP_DOMAIN}
depends_on:
- kopano_server
- mail
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- KCCONF_SPOOLER_LOG_LEVEL=3
- KCCONF_SPOOLER_SMTP_SERVER=mail
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kopano_spooler.pem
- SERVICE_TO_START=spooler
- TZ=${TZ}
env_file:
- kopano_spooler.env
networks:
- kopano-net
kopano_gateway:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- KCCONF_GATEWAY_LOG_LEVEL=3
- KCCONF_GATEWAY_SERVER_SOCKET=http://kopano_server:236/
- SERVICE_TO_START=gateway
- TZ=${TZ}
env_file:
- kopano_gateway.env
networks:
- kopano-net
kopano_ical:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- KCCONF_ICAL_SERVER_SOCKET=http://kopano_server:236/
- SERVICE_TO_START=ical
- TZ=${TZ}
env_file:
- kopano_ical.env
networks:
- kopano-net
- web-net
kopano_monitor:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- SERVICE_TO_START=monitor
- TZ=${TZ}
env_file:
- kopano_monitor.env
networks:
- kopano-net
kopano_search:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
container_name: ${COMPOSE_PROJECT_NAME}_search
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- kopanodata/:/kopano/data
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- SERVICE_TO_START=search
- TZ=${TZ}
env_file:
- kopano_search.env
networks:
- kopano-net
kopano_konnect:
image: ${docker_repo:-zokradonh}/kopano_konnect:${KONNECT_VERSION:-latest}
restart: unless-stopped
depends_on:
- kopano_ssl
- web
# to be useful Konnect also need a running kopano_server, but this dependency cannot be added here since this would be a circular dependency
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- allow_client_guests=yes
- allow_dynamic_client_registration=yes
- eckey=/kopano/ssl/meet-kwmserver.pem
- ecparam=/kopano/ssl/ecparam.pem
- encryption_secret_key=/kopano/ssl/konnectd-encryption.key
- FQDN=${FQDN}
- identifier_registration_conf=/kopano/ssl/konnectd-identifier-registration.yaml
- identifier_scopes_conf=/etc/kopano/konnectd-identifier-scopes.yaml
- signing_private_key=/kopano/ssl/konnectd-tokens-signing-key.pem
- validation_keys_path=/kopano/ssl/konnectkeys
env_file:
- kopano_konnect.env
networks:
- kopano-net
- web-net
kopano_kwmserver:
image: ${docker_repo:-zokradonh}/kopano_kwmserver:${KWM_VERSION:-latest}
restart: unless-stopped
command: wrapper.sh
depends_on:
- kopano_kapi
- kopano_konnect
environment:
- enable_guest_api=yes
- INSECURE=${INSECURE}
- oidc_issuer_identifier=https://${FQDN}
- public_guest_access_regexp=^group/public/.*
env_file:
- kopano_kwmserver.env
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
- kopanossl/:/kopano/ssl
networks:
- web-net
kopano_meet:
image: ${docker_repo:-zokradonh}/kopano_meet:${MEET_VERSION:-latest}
restart: unless-stopped
environment:
- KCCONF_MEET_disableFullGAB=false
- KCCONF_MEET_guests_enabled=true
- SERVICE_TO_START=meet
env_file:
- kopano_meet.env
depends_on:
- kopano_kapi
- kopano_konnect
- kopano_kwmserver
- web
volumes:
- /etc/machine-id:/etc/machine-id
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
networks:
- web-net
kopano_scheduler:
image: ${docker_repo:-zokradonh}/kopano_scheduler:${SCHEDULER_VERSION:-latest}
restart: "no"
container_name: ${COMPOSE_PROJECT_NAME}_scheduler
networks:
- kopano-net
- ldap-net
- web-net
depends_on:
- kopano_server
- kopano_zpush
environment:
- CRON_KOPANOUSERS=10 * * * * docker exec kopano_server kopano-admin --sync
- CRON_ZPUSHGAB=0 22 * * * docker exec kopano_zpush z-push-gabsync -a sync
- CRONDELAYED_KBACKUP=30 1 * * * docker run --rm -it --volumes-from kopano_server -v /root/kopano-backup:/kopano/path ${docker_repo:-zokradonh}/kopano_utils:${CORE_VERSION:-latest} kopano-backup -h
- CRONDELAYED_SOFTDELETE=30 2 * * * docker exec kopano_server kopano-admin --purge-softdelete 30
- TZ=${TZ}
env_file:
- kopano_scheduler.env
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes:
kdavstates:
kopanodata:
kopanograpi:
kopanosocket:
kopanossl:
kopanowebapp:
ldap:
maildata:
mailstate:
mtaconfig:
mysql:
slapd:
web:
zpushstates:
networks:
kopano-net:
driver: bridge
ldap-net:
driver: bridge
web-net:
Reference in New Issue View Git Blame Copy Permalink