mirror of
https://github.com/zokradonh/kopano-docker
synced 2025-06-07 07:56:12 +00:00
9badb0af5a
* add compose file * add working configuration for ldap account manager depends on https://github.com/LDAPAccountManager/lam/pull/76 Important note: the open source code of lam does not include the Kopano integration. So admins can generally manage users, but to add kopano attributes admins would need to switch to the ldap tree view. * use :7.0.RC1 as this is the first image that supports automatic setup
234 lines
4.2 KiB
INI
234 lines
4.2 KiB
INI
{%FQDN%}:80, *:80 {
|
|
log stdout
|
|
errors stdout
|
|
redir / https://{host}{uri}
|
|
}
|
|
|
|
# kweb >=0.7.0 needs the explicit hostname to be set
|
|
{%FQDN%}, *:2015, *:443 {
|
|
log stdout
|
|
errors stdout
|
|
|
|
gzip
|
|
header / Server kweb
|
|
|
|
tls {%EMAIL%}
|
|
|
|
limits {
|
|
header 1MB
|
|
body 50MB
|
|
}
|
|
|
|
# serve static content from /var/www/
|
|
root /var/www/
|
|
|
|
redir 302 {
|
|
if {path} is /
|
|
/ {%DEFAULTREDIRECT%}/
|
|
}
|
|
|
|
# Config
|
|
proxy /api/config/v1/kopano/meet/ http://{%KWEBD_DNS_MEET%}:9080/ {
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
transparent
|
|
keepalive 100
|
|
}
|
|
|
|
# Konnect
|
|
proxy /upstreams/konnect/ {
|
|
without /upstreams/konnect/
|
|
upstream {%KWEBD_DNS_KONNECT%}:8777
|
|
policy least_conn
|
|
health_check /health-check
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
keepalive 100
|
|
transparent
|
|
header_downstream Feature-Policy "midi 'none'"
|
|
header_downstream X-Frame-Options "sameorigin"
|
|
}
|
|
ratelimit * 100 200 minute {
|
|
/upstreams/konnect/v1/
|
|
/signin/v1/identifier/_/
|
|
whitelist 127.0.0.1/8
|
|
}
|
|
rewrite /.well-known/openid-configuration {
|
|
to /upstreams/konnect/{path}
|
|
}
|
|
rewrite /konnect/v1/ {
|
|
to /upstreams/konnect/{path}
|
|
}
|
|
rewrite /signin/v1/ {
|
|
to /upstreams/konnect/{path}
|
|
}
|
|
redir /signin /signin/v1/identifier
|
|
|
|
# Konnect in subpath - this config supports /kopanoid as a subpath
|
|
rewrite /kopanoid/konnect/v1/ {
|
|
to /upstreams/konnect/{path}
|
|
}
|
|
rewrite /kopanoid/signin/v1/ {
|
|
to /upstreams/konnect/{path}
|
|
}
|
|
|
|
# Kapi
|
|
proxy /upstreams/kapi/ {
|
|
without /upstreams/kapi/
|
|
upstream {%KWEBD_DNS_KAPI%}:8039
|
|
policy least_conn
|
|
health_check /health-check
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
keepalive 100
|
|
transparent
|
|
websocket
|
|
}
|
|
ratelimit * 100 200 minute {
|
|
/upstreams/kapi/api/
|
|
whitelist 127.0.0.1/8
|
|
}
|
|
rewrite /api/gc/v1/ {
|
|
to /upstreams/kapi/{path}
|
|
}
|
|
rewrite /api/pubs/v1/ {
|
|
to /upstreams/kapi/{path}
|
|
}
|
|
rewrite /api/kvs/v1/ {
|
|
to /upstreams/kapi/{path}
|
|
}
|
|
|
|
# playground for oidc
|
|
proxy /oidc-playground/ http://{%KWEBD_DNS_PLAYGROUND%}:8888/ {
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
transparent
|
|
keepalive 100
|
|
}
|
|
folderish /oidc-playground
|
|
|
|
# playground for Kapi
|
|
proxy /kapi-playground/ http://{%KWEBD_DNS_PLAYGROUND%}:8888/ {
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
transparent
|
|
keepalive 100
|
|
}
|
|
folderish /kapi-playground
|
|
|
|
# Kwmserver
|
|
proxy /upstreams/kwmserver/ {
|
|
without /upstreams/kwmserver/
|
|
upstream {%KWEBD_DNS_KWMSERVER%}:8778
|
|
policy least_conn
|
|
health_check /health-check
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
keepalive 100
|
|
transparent
|
|
websocket
|
|
}
|
|
ratelimit * 100 200 minute {
|
|
/upstreams/kwmserver/
|
|
whitelist 127.0.0.1/8
|
|
}
|
|
rewrite /api/kwm/v2/ {
|
|
to /upstreams/kwmserver/{path}
|
|
}
|
|
|
|
proxy /meet/ {%KWEBD_DNS_MEET%}:9080 {
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
transparent
|
|
keepalive 100
|
|
}
|
|
folderish /meet
|
|
|
|
proxy /webapp/ {%KWEBD_DNS_WEBAPP%}:9080 {
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
transparent
|
|
keepalive 100
|
|
}
|
|
folderish /webapp
|
|
|
|
proxy /Microsoft-Server-ActiveSync {%KWEBD_DNS_ZPUSH%}:80 {
|
|
transparent
|
|
keepalive 0
|
|
timeout 3540s
|
|
}
|
|
|
|
proxy /AutoDiscover/AutoDiscover.xml {%KWEBD_DNS_ZPUSH%}:80 {
|
|
transparent
|
|
keepalive 0
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
}
|
|
|
|
proxy /Autodiscover/Autodiscover.xml {%KWEBD_DNS_ZPUSH%}:80 {
|
|
transparent
|
|
keepalive 0
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
}
|
|
|
|
proxy /autodiscover/autodiscover.xml {%KWEBD_DNS_ZPUSH%}:80 {
|
|
transparent
|
|
keepalive 0
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
}
|
|
|
|
proxy /caldav/ {%KWEBD_DNS_ICAL%}:8080 {
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
transparent
|
|
}
|
|
folderish /caldav
|
|
|
|
proxy /kdav/ {%KWEBD_DNS_KDAV%}:80 {
|
|
transparent
|
|
keepalive 0
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
}
|
|
|
|
redir 301 {
|
|
/.well-known/carddav /kdav/
|
|
/.well-known/caldav /kdav/
|
|
}
|
|
|
|
proxy /lam/ ldap-account-manager:80 {
|
|
transparent
|
|
}
|
|
redir /lam /lam/
|
|
|
|
proxy /ldap-admin/ ldap-admin:80 {
|
|
without /ldap-admin
|
|
transparent
|
|
}
|
|
redir /ldap-admin /ldap-admin/
|
|
|
|
proxy /password-reset/ password-self-service:80 {
|
|
without /password-reset
|
|
transparent
|
|
}
|
|
redir /password-reset /password-reset/
|
|
|
|
proxy /grapi-explorer/ http://{%KWEBD_DNS_GRAPI%}-explorer:3000/ {
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
transparent
|
|
keepalive 100
|
|
}
|
|
proxy /owncloud/ owncloud:8080 {
|
|
transparent
|
|
keepalive 0
|
|
fail_timeout 10s
|
|
try_duration 30s
|
|
}
|
|
folderish /owncloud
|
|
|
|
import /etc/kweb-extras/*
|
|
}
|