mirror of
https://github.com/zokradonh/kopano-docker
synced 2025-10-31 02:17:47 +00:00
ead0acfdb0
* add mount for machine-id * services should check the availability of the machine id before starting * add a note to the readme * add new mounts to the multiserver example * add dockerize to kweb * fix meet demo
193 lines
5.3 KiB
YAML
193 lines
5.3 KiB
YAML
version: "3.5"
|
|
|
|
services:
|
|
web:
|
|
image: ${docker_repo:-kopano}/kopano_web:${KWEB_VERSION:-latest}
|
|
restart: unless-stopped
|
|
ports:
|
|
- "${CADDY:-2015}:2015"
|
|
- "${HTTP:-80}:80"
|
|
- "${HTTPS:-443}:443"
|
|
environment:
|
|
- DEFAULTREDIRECT=/meet
|
|
- EMAIL=${EMAIL:-off}
|
|
- FQDN=${FQDNCLEANED?err}
|
|
command: wrapper.sh
|
|
cap_drop:
|
|
- ALL
|
|
cap_add:
|
|
- CHOWN
|
|
- NET_BIND_SERVICE
|
|
- SETGID
|
|
- SETUID
|
|
volumes:
|
|
- /etc/machine-id:/etc/machine-id
|
|
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
|
- web:/.kweb
|
|
networks:
|
|
web-net:
|
|
aliases:
|
|
- ${FQDNCLEANED?err}
|
|
|
|
ldap:
|
|
image: ${docker_repo:-kopano}/${LDAP_CONTAINER:-kopano_ldap_demo}:${LDAP_VERSION:-latest}
|
|
restart: unless-stopped
|
|
container_name: ${COMPOSE_PROJECT_NAME}_ldap
|
|
environment:
|
|
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
|
|
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
|
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
|
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
|
|
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
|
|
- LDAP_READONLY_USER=true
|
|
command: "--loglevel info --copy-service"
|
|
volumes:
|
|
- ldap:/var/lib/ldap
|
|
- slapd:/etc/ldap/slapd.d
|
|
networks:
|
|
- ldap-net
|
|
|
|
kopano_ssl:
|
|
image: ${docker_repo:-kopano}/kopano_ssl:${SSL_VERSION:-latest}
|
|
environment:
|
|
- FQDN=${FQDN}
|
|
- PKI_COUNTRY=NL
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
|
|
kopano_grapi:
|
|
image: ${docker_repo:-kopano}/kopano_core:${CORE_VERSION:-latest}
|
|
restart: unless-stopped
|
|
container_name: ${COMPOSE_PROJECT_NAME}_grapi
|
|
volumes:
|
|
- /etc/machine-id:/etc/machine-id
|
|
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- ADDITIONAL_KOPANO_PACKAGES=python3-grapi.backend.ldap
|
|
- GRAPI_BACKEND=ldap
|
|
- LDAP_BASEDN=${LDAP_SEARCH_BASE}
|
|
- LDAP_BINDDN=${LDAP_BIND_DN}
|
|
- LDAP_BINDPW=${LDAP_BIND_PW}
|
|
- LDAP_URI=${LDAP_SERVER}
|
|
- SERVICE_TO_START=grapi
|
|
- TZ=${TZ}
|
|
networks:
|
|
- kopano-net
|
|
- ldap-net
|
|
|
|
kopano_kapi:
|
|
image: ${docker_repo:-kopano}/kopano_core:${CORE_VERSION:-latest}
|
|
restart: unless-stopped
|
|
container_name: ${COMPOSE_PROJECT_NAME}_kapi
|
|
depends_on:
|
|
- kopano_grapi
|
|
volumes:
|
|
- /etc/machine-id:/etc/machine-id
|
|
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
|
- kopanodata/:/kopano/data
|
|
- kopanosocket/:/run/kopano
|
|
- kopanossl/:/kopano/ssl
|
|
environment:
|
|
- KCCONF_KAPID_INSECURE=${INSECURE}
|
|
- KCCONF_KAPID_LOG_LEVEL=DEBUG
|
|
- KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN}
|
|
- SERVICE_TO_START=kapi
|
|
- TZ=${TZ}
|
|
networks:
|
|
- kopano-net
|
|
- web-net
|
|
|
|
kopano_konnect:
|
|
image: ${docker_repo:-kopano}/kopano_konnect:${KONNECT_VERSION:-latest}
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- kopano_ssl
|
|
- web
|
|
volumes:
|
|
- /etc/machine-id:/etc/machine-id
|
|
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
|
- kopanossl/:/kopano/ssl
|
|
environment:
|
|
- allow_client_guests=yes
|
|
- allow_dynamic_client_registration=yes
|
|
- eckey=/kopano/ssl/meet-kwmserver.pem
|
|
- ecparam=/kopano/ssl/ecparam.pem
|
|
- encryption_secret_key=/kopano/ssl/konnectd-encryption.key
|
|
- FQDN=${FQDN}
|
|
- identifier_registration_conf=/kopano/ssl/konnectd-identifier-registration.yaml
|
|
- identifier_scopes_conf=/etc/kopano/konnectd-identifier-scopes.yaml
|
|
- KONNECT_BACKEND=ldap
|
|
- LDAP_BASEDN=${LDAP_SEARCH_BASE}
|
|
- LDAP_BINDDN=${LDAP_BIND_DN}
|
|
- LDAP_BINDPW=${LDAP_BIND_PW}
|
|
- LDAP_EMAIL_ATTRIBUTE=mail
|
|
- LDAP_FILTER=(objectClass=organizationalPerson)
|
|
- LDAP_LOGIN_ATTRIBUTE=uid
|
|
- LDAP_NAME_ATTRIBUTE=cn
|
|
- LDAP_SCOPE=sub
|
|
- LDAP_URI=${LDAP_SERVER}
|
|
- LDAP_UUID_ATTRIBUTE_TYPE=text
|
|
- LDAP_UUID_ATTRIBUTE=uidNumber
|
|
- signing_private_key=/kopano/ssl/konnectd-tokens-signing-key.pem
|
|
networks:
|
|
- kopano-net
|
|
- ldap-net
|
|
- web-net
|
|
|
|
kopano_kwmserver:
|
|
image: ${docker_repo:-kopano}/kopano_kwmserver:${KWM_VERSION:-latest}
|
|
restart: unless-stopped
|
|
command: wrapper.sh
|
|
depends_on:
|
|
- kopano_kapi
|
|
- kopano_konnect
|
|
environment:
|
|
- enable_guest_api=yes
|
|
- INSECURE=${INSECURE}
|
|
- oidc_issuer_identifier=https://${FQDN}
|
|
- public_guest_access_regexp=^group/public/.*
|
|
- turn_service_credentials_password=${TURN_PASSWORD}
|
|
- turn_service_credentials_user=${TURN_USER}
|
|
volumes:
|
|
- /etc/machine-id:/etc/machine-id
|
|
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
|
- kopanossl/:/kopano/ssl
|
|
networks:
|
|
- web-net
|
|
|
|
kopano_meet:
|
|
image: ${docker_repo:-kopano}/kopano_meet:${MEET_VERSION:-latest}
|
|
restart: unless-stopped
|
|
environment:
|
|
- KCCONF_MEET_disableFullGAB=false
|
|
- KCCONF_MEET_GRID_WEBAPP=no
|
|
- KCCONF_MEET_guests_enabled=true
|
|
- KCCONF_MEET_useIdentifiedUser=true
|
|
- SERVICE_TO_START=meet
|
|
depends_on:
|
|
- kopano_kapi
|
|
- kopano_konnect
|
|
- kopano_kwmserver
|
|
- web
|
|
volumes:
|
|
- /etc/machine-id:/etc/machine-id
|
|
- /var/lib/dbus/machine-id:/var/lib/dbus/machine-id
|
|
networks:
|
|
- web-net
|
|
|
|
volumes:
|
|
kopanodata:
|
|
kopanosocket:
|
|
kopanossl:
|
|
ldap:
|
|
slapd:
|
|
web:
|
|
|
|
networks:
|
|
kopano-net:
|
|
driver: bridge
|
|
ldap-net:
|
|
driver: bridge
|
|
web-net:
|