flywithu/kopano-docker
1
0
Fork 0
mirror of https://github.com/zokradonh/kopano-docker synced 2025-06-06 23:46:24 +00:00
Code Issues Releases Wiki Activity
kopano-docker/examples/traefik-proxy-subdomain.md
Felix Bartels acdb5bed88
spell (via mispell) and markup fixed (#307) 
Signed-off-by: Felix Bartels <felix@host-consultants.de>
2019-12-13 13:27:55 +01:00

2.5 KiB
Raw Blame History

Situation and motivation:

  • running the kopano stack behind an ssl-terminating proxy
  • as less as possible maintenance effort --> run the kopano stack as close as possible at the default configuration
  • using the kopano-stack to provide a central ldap authentication for the domain, but running the frontend using a subdomain

Way to go:

  1. initial clean setup of kopano stack --> follow the documentation of https://github.com/zokradonh/kopano-docker/blob/master/README.md

    1. clone the repo https://github.com/zokradonh/kopano-docker
    2. run the setup.sh (only steps, necessary for the configuration is shown here)
      1. Name of the Organisation for LDAP mydomain.com
      2. FQDN to be used (for reverse proxy) kopano.mydomain.com
      3. Email address to use for Lets Encrypt. self_signed
      4. Name of the BASE DN for LDAP dc=mydomain,dc=com
      5. E-Mail Address displayed for the 'postmaster' postmaster@mydomain.com

  2. ensure ldap and reverse-proxy domain is split correctly in generated .env file:

LDAP_DOMAIN=mydomain.com
LDAP_BASE_DN=dc=mydomain,dc=com

FQDN=kopano.mydomain.com
  1. ensure kwmserver is able to connect through an endpoint with valid ssl-certificate
FQDNCLEANED=somethingInvalidToEnforceConnectionFromOutsideEndpoint
  1. ensure your traefik instance outside of the kopano-stack does allow proxying to self-signed certificates:
command: --insecureSkipVerify=true
  1. disable the docker-host portmapping of the kopano-caddy proxy in docker-compose.yml to not interference with your traefik proxy
services:
  web:
...
#    ports:
#      - "${CADDY:-2015}:2015"
#      - "${HTTP:-80}:80"
#      - "${HTTPS:-443}:443"
  1. make the self-signed kopano reverse-proxy available in traefik via docker-compose.override.yml
version: "3.5"

services:
  web:
    networks:
      proxy-net:
    labels:
      traefik.enable: true 
      traefik.frontend.rule: "Host:${FQDN}"
      traefik.port: 2015
      traefik.protocol: https
      traefik.docker.network: "proxy-net"
      traefik.frontend.headers.forceSTSHeader: true
      traefik.frontend.headers.STSSeconds: 315360000
      traefik.frontend.headers.STSIncludeSubdomains: true
      traefik.frontend.headers.STSPreload: true

networks:
  proxy-net:
    external: true
  ldap-net:
    name: ldap-net

Everything else should be configurable as normal. My test-setup showed a functional active-sync connection using the mdm plugin in the webapp, as well as screensharing via kopano-meet.