mirror of
https://github.com/zokradonh/kopano-docker
synced 2025-06-06 23:46:24 +00:00
e3d7e01583
Makefile adjustments reorder Makefile adds image for kwmserver adds image for meet add Meet to compose clean up proxy configuration move kcconf.py into the base image
430 lines
12 KiB
Plaintext
430 lines
12 KiB
Plaintext
version: "3.5"
|
|
|
|
services:
|
|
web:
|
|
image: ${docker_repo:?err}/kopano_web
|
|
container_name: web
|
|
restart: always
|
|
ports:
|
|
- "2015:2015"
|
|
- "${HTTP}:8080"
|
|
- "${HTTPS}:8443"
|
|
environment:
|
|
- EMAIL=${EMAIL}
|
|
- FQDN=${FQDN}
|
|
command: wrapper.sh
|
|
volumes:
|
|
- web:/.kweb
|
|
networks:
|
|
- web-net
|
|
|
|
ldap:
|
|
image: ${docker_repo:?err}/kopano_ldap_demo
|
|
container_name: ldap
|
|
ports:
|
|
- ${LDAPPORT:-389}:389
|
|
environment:
|
|
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
|
|
- LDAP_DOMAIN=${LDAP_DOMAIN}
|
|
- LDAP_BASE_DN=${LDAP_BASE_DN}
|
|
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
|
|
- LDAP_READONLY_USER=true
|
|
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
|
|
command: "--loglevel info --copy-service"
|
|
volumes:
|
|
- ldap:/var/lib/ldap
|
|
- slapd:/etc/ldap/slapd.d
|
|
networks:
|
|
- ldap-net
|
|
|
|
ldap-admin:
|
|
image: osixia/phpldapadmin:0.7.2
|
|
container_name: ldap-admin
|
|
depends_on:
|
|
- ldap
|
|
environment:
|
|
- PHPLDAPADMIN_LDAP_HOSTS=ldap
|
|
- PHPLDAPADMIN_HTTPS=false
|
|
command: -l debug
|
|
networks:
|
|
- ldap-net
|
|
- web-net
|
|
|
|
password-self-service:
|
|
image: tiredofit/self-service-password:3.0
|
|
container_name: password-self-service
|
|
domainname: ${LDAP_DOMAIN}
|
|
depends_on:
|
|
- ldap
|
|
- mail
|
|
environment:
|
|
- SSP_VERSION=1.3
|
|
- LDAP_SERVER=ldap://ldap:389
|
|
- LDAP_BINDDN=cn=admin,${LDAP_BASE_DN}
|
|
- LDAP_BINDPASS=${LDAP_ADMIN_PASSWORD}
|
|
- LDAP_BASE_SEARCH=${LDAP_BASE_DN}
|
|
- MAIL_FROM=noreply@${LDAP_DOMAIN}
|
|
- SMTP_HOST=mail
|
|
- SMTP_PORT=25
|
|
- SMTP_SECURE_TYPE=false
|
|
- SMTP_AUTOTLS=false
|
|
- QUESTIONS_ENABLED=false
|
|
- PASSWORD_NO_REUSE=true
|
|
- WHO_CAN_CHANGE_PASSWORD=user
|
|
- SECRETEKEY=${SELF_SERVICE_SECRETEKEY}
|
|
- BACKGROUND=.
|
|
- PASSWORD_MIN_LENGTH=${SELF_SERVICE_PASSWORD_MIN_LENGTH}
|
|
- PASSWORD_MAX_LENGTH=${SELF_SERVICE_PASSWORD_MAX_LENGTH}
|
|
- PASSWORD_MIN_LOWERCASE=${SELF_SERVICE_PASSWORD_MIN_LOWERCASE}
|
|
- PASSWORD_MIN_UPPERCASE=${SELF_SERVICE_PASSWORD_MIN_UPPERCASE}
|
|
- PASSWORD_MIN_DIGIT=${SELF_SERVICE_PASSWORD_MIN_DIGIT}
|
|
- PASSWORD_MIN_SPECIAL=${SELF_SERVICE_PASSWORD_MIN_SPECIAL}
|
|
- PASSWORD_HASH=CRYPT
|
|
expose:
|
|
- "80"
|
|
networks:
|
|
- web-net # provide web-frontend
|
|
- ldap-net # access ldap user base and write passwords
|
|
- kopano-net # send mail directly to mailstack
|
|
|
|
mail:
|
|
image: tvial/docker-mailserver:release-v6.1.0
|
|
restart: always
|
|
hostname: mail
|
|
domainname: ${LDAP_DOMAIN}
|
|
container_name: mail
|
|
depends_on:
|
|
- ldap
|
|
ports:
|
|
- "25:25"
|
|
volumes:
|
|
- maildata:/var/mail
|
|
- mailstate:/var/mail-state
|
|
- mtaconfig:/tmp/docker-mailserver/
|
|
environment:
|
|
- TZ=${TZ}
|
|
- ENABLE_SPAMASSASSIN=1
|
|
- ENABLE_CLAMAV=1
|
|
- ENABLE_FAIL2BAN=1
|
|
- ENABLE_POSTGREY=1
|
|
- ONE_DIR=1
|
|
- DMS_DEBUG=0
|
|
- SSL_TYPE=self-signed
|
|
- ENABLE_LDAP=1
|
|
- LDAP_SERVER_HOST=${LDAP_SERVER}
|
|
- LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
|
|
- LDAP_BIND_DN=${LDAP_BIND_DN}
|
|
- LDAP_BIND_PW=${LDAP_BIND_PW}
|
|
- LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER}
|
|
- LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
|
|
- LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
|
|
- LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
|
|
- ENABLE_SASLAUTHD=1
|
|
- SASLAUTHD_LDAP_SERVER=${LDAP_SERVER}
|
|
- SASLAUTHD_LDAP_BIND_DN=${LDAP_BIND_DN}
|
|
- SASLAUTHD_LDAP_PASSWORD=${LDAP_BIND_PW}
|
|
- SASLAUTHD_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
|
|
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
|
|
- SASLAUTHD_MECHANISMS=ldap
|
|
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
|
|
- SMTP_ONLY=1
|
|
- PERMIT_DOCKER=host
|
|
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
|
|
- POSTFIX_DAGENT=lmtp:kopano_dagent:2003
|
|
- REPORT_RECIPIENT=1
|
|
networks:
|
|
- kopano-net
|
|
- ldap-net
|
|
#dns: 1.1.1.1 # using Google DNS can lead to lookup errors uncomment this option and
|
|
# set to the ip of a trusted dns service (Cloudflare is given as an example).
|
|
# See https://github.com/zokradonh/kopano-docker/issues/52 for more information.
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_PTRACE
|
|
|
|
db:
|
|
image: mariadb:10.3.10-bionic
|
|
restart: always
|
|
container_name: kopano_db
|
|
volumes:
|
|
- mysql/:/var/lib/mysql
|
|
environment:
|
|
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
|
- MYSQL_USER=${MYSQL_USER}
|
|
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
|
- MYSQL_DATABASE=${MYSQL_DATABASE}
|
|
healthcheck:
|
|
test: ["CMD-SHELL", 'mysql --database=$$MYSQL_DATABASE --password=$$MYSQL_ROOT_PASSWORD --execute="SELECT count(table_name) > 0 FROM information_schema.tables;" --skip-column-names -B']
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 4
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_ssl:
|
|
image: ${docker_repo:?err}/kopano_ssl
|
|
container_name: kopano_ssl
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
|
|
kopano_server:
|
|
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
|
|
hostname: kopano_server
|
|
container_name: kopano_server
|
|
depends_on:
|
|
- db
|
|
- ldap
|
|
- kopano_ssl
|
|
ports:
|
|
- 236:236
|
|
- 237:237
|
|
environment:
|
|
- SERVICE_TO_START=server
|
|
- TZ=${TZ}
|
|
- KCCONF_SERVER_COREDUMP_ENABLED=no
|
|
- KCCONF_SERVER_LOG_LEVEL=3
|
|
- KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
|
|
- KCCONF_SERVER_MYSQL_PORT=3306
|
|
- KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE}
|
|
- KCCONF_SERVER_MYSQL_USER=${MYSQL_USER}
|
|
- KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD}
|
|
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
|
|
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
|
|
- KCCONF_SERVER_SERVER_NAME=Kopano
|
|
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
|
|
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
|
|
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS}
|
|
- KCCONF_SERVER_SYNC_GAB_REALTIME=no
|
|
- KCCONF_LDAP_LDAP_URI=${LDAP_SERVER}
|
|
- KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN}
|
|
- KCCONF_LDAP_LDAP_BIND_PASSWD=${LDAP_BIND_PW}
|
|
- KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
|
|
- KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1}
|
|
- KCCOMMENT_LDAP_1=${KCCOMMENT_LDAP_1}
|
|
- ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES}
|
|
- KCCONF_SERVER_ENABLE_SSO=yes
|
|
- KCCONF_SERVER_KCOIDC_ISSUER_IDENTIFIER=https://${FQDN}
|
|
- KCCONF_SERVER_KCOIDC_INSECURE_SKIP_VERIFY=${INSECURE}
|
|
- KCCONF_SERVER_KCOIDC_INITIALIZE_TIMEOUT=360
|
|
networks:
|
|
- kopano-net
|
|
- ldap-net
|
|
extra_hosts:
|
|
- ${EXTRAHOSTS}
|
|
volumes:
|
|
- kopanodata/:/kopano/data
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
|
|
kopano_webapp:
|
|
image: ${docker_repo:?err}/kopano_webapp:${WEBAPP_VERSION}
|
|
hostname: kopano_webapp
|
|
container_name: kopano_webapp
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- TZ=${TZ}
|
|
- ADDITIONAL_KOPANO_WEBAPP_PLUGINS=${ADDITIONAL_KOPANO_WEBAPP_PLUGINS}
|
|
networks:
|
|
- web-net
|
|
- kopano-net
|
|
|
|
kopano_zpush:
|
|
image: ${docker_repo:?err}/kopano_zpush:${ZPUSH_VERSION}
|
|
hostname: kopano_zpush
|
|
container_name: kopano_zpush
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
- zpushstates/:/var/lib/z-push/
|
|
environment:
|
|
- TZ=${TZ}
|
|
networks:
|
|
- web-net
|
|
- kopano-net
|
|
|
|
kopano_grapi:
|
|
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
|
|
container_name: kopano_grapi
|
|
volumes:
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- SERVICE_TO_START=grapi
|
|
- TZ=${TZ}
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_kapi:
|
|
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
|
|
container_name: kopano_kapi
|
|
depends_on:
|
|
- kopano_grapi
|
|
volumes:
|
|
- kopanodata/:/kopano/data
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- SERVICE_TO_START=kapid
|
|
- TZ=${TZ}
|
|
- KCCONF_KAPID_LOG_LEVEL=DEBUG
|
|
- KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN}
|
|
- KCCONF_KAPID_INSECURE=${INSECURE}
|
|
extra_hosts:
|
|
- ${EXTRAHOSTS}
|
|
networks:
|
|
- kopano-net
|
|
- web-net
|
|
|
|
kopano_dagent:
|
|
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
|
|
container_name: kopano_dagent
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- SERVICE_TO_START=dagent
|
|
- TZ=${TZ}
|
|
- KCCONF_DAGENT_LOG_LEVEL=3
|
|
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_spooler:
|
|
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
|
|
container_name: kopano_spooler
|
|
hostname: spooler
|
|
domainname: ${LDAP_DOMAIN}
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- SERVICE_TO_START=spooler
|
|
- TZ=${TZ}
|
|
- KCCONF_SPOOLER_LOG_LEVEL=3
|
|
- KCCONF_SPOOLER_SMTP_SERVER=mail
|
|
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_gateway:
|
|
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
|
|
container_name: kopano_gateway
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- SERVICE_TO_START=gateway
|
|
- TZ=${TZ}
|
|
- KCCONF_GATEWAY_SERVER_SOCKET=http://kopano_server:236/
|
|
- KCCONF_GATEWAY_LOG_LEVEL=6
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_ical:
|
|
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
|
|
container_name: kopano_ical
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- SERVICE_TO_START=ical
|
|
- TZ=${TZ}
|
|
- KCCONF_ICAL_SERVER_SOCKET=http://kopano_server:236/
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_monitor:
|
|
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
|
|
container_name: kopano_monitor
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- SERVICE_TO_START=monitor
|
|
- TZ=${TZ}
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_search:
|
|
image: ${docker_repo:?err}/kopano_core:${CORE_VERSION}
|
|
container_name: kopano_search
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
- kopanodata/:/kopano/data
|
|
environment:
|
|
- SERVICE_TO_START=search
|
|
- TZ=${TZ}
|
|
networks:
|
|
- kopano-net
|
|
|
|
kopano_konnect:
|
|
image: ${docker_repo:?err}/kopano_konnect:${KONNECT_VERSION}
|
|
container_name: kopano_konnect
|
|
command: wrapper.sh
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
- kopanosocket/:/run/kopano
|
|
environment:
|
|
- FQDN=${FQDN}
|
|
networks:
|
|
- kopano-net
|
|
- web-net
|
|
|
|
kopano_playground:
|
|
image: ${docker_repo:?err}/kopano_playground
|
|
container_name: kopano_playground
|
|
networks:
|
|
- kopano-net
|
|
- web-net
|
|
|
|
kopano_kwmserver:
|
|
image: ${docker_repo:?err}/kopano_kwmserver:${KWM_VERSION}
|
|
container_name: kopano_kwmserver
|
|
command: wrapper.sh
|
|
environment:
|
|
- INSECURE=${INSECURE}
|
|
- oidc_issuer_identifier=https://${FQDN}
|
|
volumes:
|
|
- kopanossl/:/kopano/ssl
|
|
extra_hosts:
|
|
- ${EXTRAHOSTS}
|
|
networks:
|
|
- web-net
|
|
|
|
kopano_meet:
|
|
image: ${docker_repo:?err}/kopano_meet:${MEET_VERSION}
|
|
container_name: kopano_meet
|
|
environment:
|
|
- SERVICE_TO_START=meet
|
|
- KCCONF_KWEBD_TLS=no
|
|
depends_on:
|
|
- kopano_kapi
|
|
- kopano_konnect
|
|
- kopano_kwmserver
|
|
- web
|
|
networks:
|
|
- web-net
|
|
|
|
volumes:
|
|
web:
|
|
ldap:
|
|
slapd:
|
|
maildata:
|
|
mailstate:
|
|
mtaconfig:
|
|
mysql:
|
|
kopanodata:
|
|
kopanossl:
|
|
kopanosocket:
|
|
zpushstates:
|
|
|
|
networks:
|
|
web-net:
|
|
kopano-net:
|
|
driver: bridge
|
|
ldap-net:
|
|
name: ldap-net
|
|
driver: bridge
|