flywithu/kopano-docker
1
0
Fork 0
mirror of https://github.com/zokradonh/kopano-docker synced 2025-06-06 15:36:40 +00:00
Code Issues Releases Wiki Activity
kopano-docker/docker-compose.yml
Felix Bartels 9efed4fe80
move implicit defaults to docker-compose (#353) 
Reson: some non-default configuration options are backed into the startup scripts. This can be unexpected when mounting files e.g. in a Kubernetes setup.

https://github.com/zokradonh/kopano-docker/issues/294

* core configuration
* fix compose for meet
* remove interpreter from start script
* use default oidc timeout
2020-04-09 09:39:30 +02:00

516 lines
16 KiB
YAML
Raw Blame History

version: "3.5"
services:
web:
image: ${docker_repo:-zokradonh}/kopano_web:${KWEB_VERSION:-latest}
read_only: true
restart: unless-stopped
environment:
- DEFAULTREDIRECT=${DEFAULTREDIRECT:-/webapp}
- EMAIL=${EMAIL:-off}
- FQDN=${FQDNCLEANED?err}
command: wrapper.sh
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- web:/.kweb
networks:
web-net:
aliases:
- ${FQDNCLEANED?err}
kopano_ssl:
image: ${docker_repo:-zokradonh}/kopano_ssl:${SSL_VERSION:-latest}
read_only: true
environment:
- FQDN=${FQDN}
- PKI_COUNTRY=NL
env_file:
- kopano_ssl.env
volumes:
- kopanossl/:/kopano/ssl
tmpfs:
- /kopano/easypki/
kopano_kustomer:
image: kopano/kustomerd:${KUSTOMER_VERSION:-latest}
read_only: true
restart: unless-stopped
command: serve --log-level debug
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanolicenses:/etc/kopano/licenses
- kopanosocket/:/run/kopano
kopano_server:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
read_only: true # in case additional packages need to be installed this option should be set to false
restart: unless-stopped
hostname: kopano_server
container_name: ${COMPOSE_PROJECT_NAME}_server
depends_on:
- kopano_konnect
- kopano_ssl
environment:
- ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES}
- KCCOMMENT_LDAP_1=${KCCOMMENT_LDAP_1}
- KCCONF_ADMIN_DEFAULT_STORE_LOCALE=${MAILBOXLANG:-en_US.UTF-8} # Hint: if additional locales are required these should be added in base/Dockerfile
- KCCONF_LDAP_LDAP_BIND_PASSWD=${LDAP_BIND_PW}
- KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN}
- KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- KCCONF_LDAP_LDAP_URI=${LDAP_SERVER}
- KCCONF_SERVER_ATTACHMENT_PATH=/kopano/data/attachments
- KCCONF_SERVER_COREDUMP_ENABLED=no
- KCCONF_SERVER_ENABLE_SSO=yes
- KCCONF_SERVER_KCOIDC_INSECURE_SKIP_VERIFY=${INSECURE}
- KCCONF_SERVER_KCOIDC_ISSUER_IDENTIFIER=https://${FQDN}
- KCCONF_SERVER_LOG_LEVEL=3
- KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE}
- KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
- KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD}
- KCCONF_SERVER_MYSQL_PORT=3306
- KCCONF_SERVER_MYSQL_USER=${MYSQL_USER}
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
- KCCONF_SERVER_SERVER_LISTEN_TLS=0.0.0.0:237
- KCCONF_SERVER_SERVER_LISTEN=0.0.0.0:236
- KCCONF_SERVER_SERVER_NAME=Kopano
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kopano_server.pem
- KCCONF_SERVER_SOFTDELETE_LIFETIME=0
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
- KCCONF_SERVER_SYNC_GAB_REALTIME=no
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS}
- KCCONF_SERVER_USER_PLUGIN_CONFIG=/tmp/kopano/ldap.cfg
- KCCONF_SERVER_USER_PLUGIN=ldap
- KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1}
- SERVICE_TO_START=server
- TZ=${TZ}
env_file:
- kopano_server.env
networks:
- kopano-net
- web-net
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanodata/:/kopano/data
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
tmpfs:
- /tmp/
kopano_webapp:
image: ${docker_repo:-zokradonh}/kopano_webapp:${WEBAPP_VERSION:-latest}
read_only: true # in case additional packages need to be installed this option should be set to false
restart: unless-stopped
hostname: kopano_webapp
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
- kopanowebapp/:/var/lib/kopano-webapp/
environment:
- ADDITIONAL_KOPANO_WEBAPP_PLUGINS=${ADDITIONAL_KOPANO_WEBAPP_PLUGINS}
- KCCONF_WEBAPP_OIDC_CLIENT_ID=webapp
- KCCONF_WEBAPP_OIDC_ISS=https://${FQDN}
- KCCONF_WEBAPP_CLIENT_TIMEOUT=0 # needed to set to 0 to work around an oidc bug KW-3398
- TZ=${TZ}
env_file:
- kopano_webapp.env
networks:
- kopano-net
- web-net
tmpfs:
- /tmp/
- /run/sessions/
- /run/php/
- /var/log/
kopano_zpush:
image: ${docker_repo:-zokradonh}/kopano_zpush:${ZPUSH_VERSION:-latest}
read_only: true
restart: unless-stopped
hostname: kopano_zpush
container_name: ${COMPOSE_PROJECT_NAME}_zpush
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
- zpushstates/:/var/lib/z-push/
environment:
- TZ=${TZ}
# Shared folders automatically assigned to all users in the format: [{"name":"<folder name>","id":"<kopano folder id>","type":"<type>","flags":"<flags>"},...]
# For more information on the parameters see the z-push-admin help for the addshared-action.
- ZPUSH_ADDITIONAL_FOLDERS=[]
env_file:
- kopano_zpush.env
networks:
- kopano-net
- web-net
tmpfs:
- /run/apache2/
- /run/sessions/
- /tmp
- /var/log/z-push/
kopano_grapi:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
read_only: true
restart: unless-stopped
container_name: ${COMPOSE_PROJECT_NAME}_grapi
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanograpi/:/var/lib/kopano-grapi
- kopanosocket/:/run/kopano
environment:
- KCCONF_GRAPI_ENABLE_EXPERIMENTAL_ENDPOINTS=no
- KCCONF_GRAPI_INSECURE=${INSECURE}
- KCCONF_GRAPI_PERSISTENCY_PATH=/var/lib/kopano-grapi
- SERVICE_TO_START=grapi
- TZ=${TZ}
env_file:
- kopano_grapi.env
networks:
- kopano-net
- web-net
tmpfs:
- /tmp/
kopano_kapi:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
read_only: true
restart: unless-stopped
container_name: ${COMPOSE_PROJECT_NAME}_kapi
depends_on:
- kopano_grapi
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanodata/:/kopano/data
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- DEFAULT_PLUGIN_PUBS_SECRET_KEY_FILE=/kopano/ssl/kapid-pubs-secret.key
- KCCONF_KAPID_INSECURE=${INSECURE}
- KCCONF_KAPID_LISTEN=0.0.0.0:8039
- KCCONF_KAPID_LOG_LEVEL=DEBUG
- KCCONF_KAPID_LOG_LEVEL=info
- KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN}
- KCCONF_KAPID_PLUGIN_GRAPI_SOCKET_PATH=/var/run/kopano/grapi
- KCCONF_KAPID_PLUGIN_KVS_DB_DATASOURCE=/kopano/data/kapi-kvs/kvs.db
- SERVICE_TO_START=kapi
- TZ=${TZ}
env_file:
- kopano_kapi.env
networks:
- kopano-net
- web-net
tmpfs:
- /tmp
kopano_kdav:
image: ${docker_repo:-zokradonh}/kopano_kdav:${KDAV_VERSION:-latest}
read_only: true
restart: unless-stopped
hostname: kopano_kdav
container_name: ${COMPOSE_PROJECT_NAME}_kdav
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kdavstates/:/var/lib/kopano/kdav
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- TZ=${TZ}
networks:
- kopano-net
- web-net
tmpfs:
- /run/apache2/
- /run/sessions/
- /tmp
- /var/log/kdav/
kopano_dagent:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
read_only: true
restart: unless-stopped
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- KCCONF_DAGENT_LMTP_LISTEN=0.0.0.0:2003
- KCCONF_DAGENT_LOG_LEVEL=3
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kopano_dagent.pem
- KCCONF_DAGENT_TMP_PATH=/tmp/dagent/
- SERVICE_TO_START=dagent
- TZ=${TZ}
env_file:
- kopano_dagent.env
networks:
- kopano-net
tmpfs:
- /tmp
kopano_spooler:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
read_only: true
restart: unless-stopped
hostname: spooler # hostname and domainname may need to be commented on some platforms (e.g. ChromeOS)
domainname: ${LDAP_DOMAIN}
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- KCCONF_SPOOLER_LOG_LEVEL=3
- KCCONF_SPOOLER_SMTP_SERVER=mail
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kopano_spooler.pem
- KCCONF_SPOOLER_TMP_PATH=/tmp/spooler/
- SERVICE_TO_START=spooler
- TZ=${TZ}
env_file:
- kopano_spooler.env
networks:
- kopano-net
tmpfs:
- /tmp
kopano_gateway:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
read_only: true
restart: unless-stopped
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- KCCONF_GATEWAY_IMAP_LISTEN=0.0.0.0:143
- KCCONF_GATEWAY_LOG_LEVEL=3
- KCCONF_GATEWAY_SERVER_SOCKET=http://kopano_server:236/
- KCCONF_GATEWAY_TMP_PATH=/tmp/gateway/
- SERVICE_TO_START=gateway
- TZ=${TZ}
env_file:
- kopano_gateway.env
networks:
- kopano-net
tmpfs:
- /tmp
kopano_ical:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
read_only: true
restart: unless-stopped
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- KCCONF_ICAL_ICAL_LISTEN=0.0.0.0:8080
- KCCONF_ICAL_LOG_LEVEL=3
- KCCONF_ICAL_SERVER_SOCKET=http://kopano_server:236/
- SERVICE_TO_START=ical
- TZ=${TZ}
env_file:
- kopano_ical.env
networks:
- kopano-net
- web-net
tmpfs:
- /tmp
kopano_monitor:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
read_only: true
restart: unless-stopped
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- SERVICE_TO_START=monitor
- KCCONF_MONITOR_LOG_LEVEL=3
- TZ=${TZ}
env_file:
- kopano_monitor.env
networks:
- kopano-net
tmpfs:
- /tmp
kopano_search:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
read_only: true
restart: unless-stopped
container_name: ${COMPOSE_PROJECT_NAME}_search
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanodata/:/kopano/data
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- SERVICE_TO_START=search
- KCCONF_SEARCH_LOG_LEVEL=3
- KCCONF_SEARCH_INDEX_PATH=/kopano/data/search/
- TZ=${TZ}
env_file:
- kopano_search.env
networks:
- kopano-net
tmpfs:
- /tmp
kopano_konnect:
image: ${docker_repo:-zokradonh}/kopano_konnect:${KONNECT_VERSION:-latest}
read_only: true
restart: unless-stopped
depends_on:
- kopano_ssl
- web
# to be useful Konnect also needs a running kopano_server, but this dependency cannot be added here since this would be a circular dependency
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- allow_client_guests=yes
- allow_dynamic_client_registration=yes
- eckey=/kopano/ssl/meet-kwmserver.pem
- ecparam=/kopano/ssl/ecparam.pem
- encryption_secret_key=/kopano/ssl/konnectd-encryption.key
- FQDN=${FQDN}
- identifier_registration_conf=/kopano/ssl/konnectd-identifier-registration.yaml
- identifier_scopes_conf=/etc/kopano/konnectd-identifier-scopes.yaml
- signing_private_key=/kopano/ssl/konnectd-tokens-signing-key.pem
- validation_keys_path=/kopano/ssl/konnectkeys
env_file:
- kopano_konnect.env
networks:
- kopano-net
- web-net
tmpfs:
- /tmp
kopano_kwmserver:
image: ${docker_repo:-zokradonh}/kopano_kwmserver:${KWM_VERSION:-latest}
read_only: true
restart: unless-stopped
command: wrapper.sh
depends_on:
- kopano_kapi
- kopano_konnect
environment:
- enable_guest_api=yes
- INSECURE=${INSECURE}
- oidc_issuer_identifier=https://${FQDN}
- public_guest_access_regexp=^group/public/.*
- registration_conf=/kopano/ssl/konnectd-identifier-registration.yaml
env_file:
- kopano_kwmserver.env
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanossl/:/kopano/ssl
networks:
- web-net
tmpfs:
- /tmp
kopano_meet:
image: ${docker_repo:-zokradonh}/kopano_meet:${MEET_VERSION:-latest}
read_only: true
restart: unless-stopped
environment:
- KCCONF_MEET_disableFullGAB=false
- KCCONF_MEET_guests_enabled=true
- KCCONF_MEET_oidc_useImplicitFlow=true # workaround for guest login with meet https://stash.kopano.io/projects/KWM/repos/meet/pull-requests/102/overview
- KCCONF_MEET_minimumVersion=20200121 # can be used force updates of Meet
- SERVICE_TO_START=meet
env_file:
- kopano_meet.env
depends_on:
- kopano_kapi
- kopano_konnect
- kopano_kwmserver
- web
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
networks:
- web-net
tmpfs:
- /tmp
kopano_scheduler:
image: ${docker_repo:-zokradonh}/kopano_scheduler:${SCHEDULER_VERSION:-latest}
read_only: true
restart: "no"
container_name: ${COMPOSE_PROJECT_NAME}_scheduler
networks:
- kopano-net
- web-net
depends_on:
- kopano_server
- kopano_zpush
environment:
- CRON_KOPANOUSERS=10 * * * * docker exec kopano_server kopano-admin --sync
- CRON_ZPUSHGAB=0 22 * * * docker exec kopano_zpush z-push-gabsync -a sync
- CRONDELAYED_KBACKUP=30 1 * * * docker run --rm -it --volumes-from kopano_server -v /root/kopano-backup:/kopano/path ${docker_repo:-zokradonh}/kopano_utils:${CORE_VERSION:-latest} kopano-backup -h
- CRONDELAYED_SOFTDELETE=30 2 * * * docker exec kopano_server kopano-admin --purge-softdelete 30
- TZ=${TZ}
env_file:
- kopano_scheduler.env
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
tmpfs:
- /tmp
volumes:
kdavstates:
kopanodata:
kopanograpi:
kopanolicenses:
kopanosocket:
kopanossl:
kopanowebapp:
web:
zpushstates:
networks:
kopano-net:
driver: bridge
web-net:
Reference in New Issue View Git Blame Copy Permalink