flywithu/kopano-docker
1
0
Fork 0
mirror of https://github.com/zokradonh/kopano-docker synced 2025-06-06 23:46:24 +00:00
Code Issues Releases Wiki Activity
kopano-docker/docker-compose.yml
Felix Bartels f7934cbc51
Make it possible to use an existing konnect instance (#195) 
* make konnect url configurable
* switch to fork of dockerize as it allows to skip ssl verification
since the address of the oidc issuer is now dynamic it could point to an invalid ssl certificate (the self signed cert is by default "valid" for *)
* update hadolint
* add more scopes
* only skip ssl verification when running insecure
2019-08-20 21:16:42 +02:00

544 lines
15 KiB
YAML
Raw Blame History

version: "3.5"
services:
web:
image: ${docker_repo:-zokradonh}/kopano_web:${KWEB_VERSION:-latest}
restart: unless-stopped
environment:
- EMAIL=${EMAIL:-off}
- FQDN=${FQDNCLEANED?err}
command: wrapper.sh
cap_drop:
- ALL
cap_add:
- NET_BIND_SERVICE
- CHOWN
- SETGID
- SETUID
volumes:
- web:/.kweb
networks:
web-net:
aliases:
- ${FQDNCLEANED?err}
ldap:
image: ${docker_repo:-zokradonh}/${LDAP_CONTAINER:-kopano_ldap_demo}:${LDAP_VERSION:-latest}
restart: unless-stopped
container_name: ${COMPOSE_PROJECT_NAME}_ldap
environment:
- LDAP_ORGANISATION=${LDAP_ORGANISATION}
- LDAP_DOMAIN=${LDAP_DOMAIN}
- LDAP_BASE_DN=${LDAP_BASE_DN}
- LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
- LDAP_READONLY_USER=true
- LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
env_file:
- ldap.env
command: "--loglevel info --copy-service"
volumes:
- ldap:/var/lib/ldap
- slapd:/etc/ldap/slapd.d
networks:
- ldap-net
ldap-admin:
image: osixia/phpldapadmin:0.7.2
restart: unless-stopped
depends_on:
- ldap
environment:
- PHPLDAPADMIN_LDAP_HOSTS=ldap
- PHPLDAPADMIN_HTTPS=false
networks:
- ldap-net
- web-net
password-self-service:
image: tiredofit/self-service-password:3.0
restart: unless-stopped
domainname: ${LDAP_DOMAIN}
depends_on:
- ldap
- mail
environment:
- SSP_VERSION=1.3
- LDAP_SERVER=ldap://ldap:389
- LDAP_BINDDN=cn=admin,${LDAP_BASE_DN}
- LDAP_BINDPASS=${LDAP_ADMIN_PASSWORD}
- LDAP_BASE_SEARCH=${LDAP_BASE_DN}
- MAIL_FROM=noreply@${LDAP_DOMAIN}
- SMTP_HOST=mail
- SMTP_PORT=25
- SMTP_SECURE_TYPE=false
- SMTP_AUTOTLS=false
- QUESTIONS_ENABLED=false
- PASSWORD_NO_REUSE=true
- WHO_CAN_CHANGE_PASSWORD=user
- SECRETEKEY=${SELF_SERVICE_SECRETEKEY}
- BACKGROUND=.
- PASSWORD_MIN_LENGTH=${SELF_SERVICE_PASSWORD_MIN_LENGTH}
- PASSWORD_MAX_LENGTH=${SELF_SERVICE_PASSWORD_MAX_LENGTH}
- PASSWORD_MIN_LOWERCASE=${SELF_SERVICE_PASSWORD_MIN_LOWERCASE}
- PASSWORD_MIN_UPPERCASE=${SELF_SERVICE_PASSWORD_MIN_UPPERCASE}
- PASSWORD_MIN_DIGIT=${SELF_SERVICE_PASSWORD_MIN_DIGIT}
- PASSWORD_MIN_SPECIAL=${SELF_SERVICE_PASSWORD_MIN_SPECIAL}
- PASSWORD_HASH=CRYPT
env_file:
- password-self-service.env
expose:
- "80"
networks:
- web-net # provide web-frontend
- ldap-net # access ldap user base and write passwords
- kopano-net # send mail directly to mailstack
mail:
image: tvial/docker-mailserver:release-v6.1.0
restart: unless-stopped
hostname: mail
domainname: ${LDAP_DOMAIN}
container_name: ${COMPOSE_PROJECT_NAME}_mail
depends_on:
- ldap
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- mtaconfig:/tmp/docker-mailserver/
environment:
- TZ=${TZ}
- ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- ONE_DIR=1
- DMS_DEBUG=0
- SSL_TYPE=self-signed
- ENABLE_LDAP=1
- LDAP_SERVER_HOST=${LDAP_SERVER}
- LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- LDAP_BIND_DN=${LDAP_BIND_DN}
- LDAP_BIND_PW=${LDAP_BIND_PW}
- LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER}
- LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
- LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
- LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
- ENABLE_SASLAUTHD=1
- SASLAUTHD_LDAP_SERVER=${LDAP_SERVER}
- SASLAUTHD_LDAP_BIND_DN=${LDAP_BIND_DN}
- SASLAUTHD_LDAP_PASSWORD=${LDAP_BIND_PW}
- SASLAUTHD_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
- SASLAUTHD_MECHANISMS=ldap
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
- SMTP_ONLY=1
- PERMIT_DOCKER=host
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
- POSTFIX_DAGENT=lmtp:kopano_dagent:2003
- REPORT_RECIPIENT=1
env_file:
- mail.env
networks:
- kopano-net
- ldap-net
#dns: 1.1.1.1 # using Google DNS can lead to lookup errors uncomment this option and
# set to the ip of a trusted dns service (Cloudflare is given as an example).
# See https://github.com/zokradonh/kopano-docker/issues/52 for more information.
cap_add:
- NET_ADMIN
- SYS_PTRACE
db:
image: mariadb:10.3.10-bionic
restart: unless-stopped
container_name: ${COMPOSE_PROJECT_NAME}_db
volumes:
- mysql/:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
- MYSQL_DATABASE=${MYSQL_DATABASE}
env_file:
- db.env
healthcheck:
test: ["CMD-SHELL", 'mysql --database=$$MYSQL_DATABASE --password=$$MYSQL_ROOT_PASSWORD --execute="SELECT count(table_name) > 0 FROM information_schema.tables;" --skip-column-names -B']
interval: 30s
timeout: 10s
retries: 4
networks:
- kopano-net
kopano_ssl:
image: ${docker_repo:-zokradonh}/kopano_ssl:${SSL_VERSION:-latest}
environment:
- FQDN=${FQDN}
- PKI_COUNTRY=NL
env_file:
- kopano_ssl.env
volumes:
- kopanossl/:/kopano/ssl
kopano_server:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
hostname: kopano_server
container_name: ${COMPOSE_PROJECT_NAME}_server
depends_on:
- db
- ldap
- kopano_ssl
- kopano_konnect
environment:
- SERVICE_TO_START=server
- TZ=${TZ}
- KCCONF_SERVER_COREDUMP_ENABLED=no
- KCCONF_SERVER_MYSQL_HOST=${MYSQL_HOST}
- KCCONF_SERVER_MYSQL_PORT=3306
- KCCONF_SERVER_MYSQL_DATABASE=${MYSQL_DATABASE}
- KCCONF_SERVER_MYSQL_USER=${MYSQL_USER}
- KCCONF_SERVER_MYSQL_PASSWORD=${MYSQL_PASSWORD}
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kopano_server.pem
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
- KCCONF_SERVER_SERVER_NAME=Kopano
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
- KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=${POSTMASTER_ADDRESS}
- KCCONF_LDAP_LDAP_URI=${LDAP_SERVER}
- KCCONF_LDAP_LDAP_BIND_USER=${LDAP_BIND_DN}
- KCCONF_LDAP_LDAP_BIND_PASSWD=${LDAP_BIND_PW}
- KCCONF_LDAP_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- KCUNCOMMENT_LDAP_1=${KCUNCOMMENT_LDAP_1}
- KCCOMMENT_LDAP_1=${KCCOMMENT_LDAP_1}
- ADDITIONAL_KOPANO_PACKAGES=${ADDITIONAL_KOPANO_PACKAGES}
- KCCONF_SERVER_ENABLE_SSO=yes
- KCCONF_SERVER_KCOIDC_ISSUER_IDENTIFIER=https://${FQDN}
- KCCONF_SERVER_KCOIDC_INSECURE_SKIP_VERIFY=${INSECURE}
env_file:
- kopano_server.env
networks:
- kopano-net
- ldap-net
- web-net
volumes:
- kopanodata/:/kopano/data
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
kopano_webapp:
image: ${docker_repo:-zokradonh}/kopano_webapp:${WEBAPP_VERSION:-latest}
restart: unless-stopped
hostname: kopano_webapp
depends_on:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
- kopanowebapp/:/var/lib/kopano-webapp/
environment:
- TZ=${TZ}
- ADDITIONAL_KOPANO_WEBAPP_PLUGINS=${ADDITIONAL_KOPANO_WEBAPP_PLUGINS}
- KCCONF_WEBAPP_OIDC_ISS=https://${FQDN}
- KCCONF_WEBAPP_OIDC_CLIENT_ID=webapp
env_file:
- kopano_webapp.env
networks:
- web-net
- kopano-net
kopano_zpush:
image: ${docker_repo:-zokradonh}/kopano_zpush:${ZPUSH_VERSION:-latest}
restart: unless-stopped
hostname: kopano_zpush
container_name: ${COMPOSE_PROJECT_NAME}_zpush
depends_on:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
- zpushstates/:/var/lib/z-push/
environment:
- TZ=${TZ}
env_file:
- kopano_zpush.env
networks:
- web-net
- kopano-net
kopano_grapi:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
container_name: ${COMPOSE_PROJECT_NAME}_grapi
depends_on:
- kopano_server
volumes:
- kopanosocket/:/run/kopano
environment:
- SERVICE_TO_START=grapi
- TZ=${TZ}
env_file:
- kopano_grapi.env
networks:
- kopano-net
kopano_kapi:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
container_name: ${COMPOSE_PROJECT_NAME}_kapi
depends_on:
- kopano_grapi
volumes:
- kopanodata/:/kopano/data
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
environment:
- SERVICE_TO_START=kapid
- TZ=${TZ}
- KCCONF_KAPID_LOG_LEVEL=DEBUG
- KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN}
- KCCONF_KAPID_INSECURE=${INSECURE}
env_file:
- kopano_kapi.env
networks:
- kopano-net
- web-net
kopano_kdav:
image: ${docker_repo:-zokradonh}/kopano_kdav:${KDAV_VERSION:-latest}
restart: unless-stopped
hostname: kopano_kdav
container_name: ${COMPOSE_PROJECT_NAME}_kdav
depends_on:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
- kdavstates/:/var/lib/kopano/kdav
environment:
- TZ=${TZ}
networks:
- kopano-net
- web-net
kopano_dagent:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
depends_on:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
environment:
- SERVICE_TO_START=dagent
- TZ=${TZ}
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kopano_dagent.pem
- KCCONF_DAGENT_LOG_LEVEL=3
env_file:
- kopano_dagent.env
networks:
- kopano-net
kopano_spooler:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
hostname: spooler
domainname: ${LDAP_DOMAIN}
depends_on:
- kopano_server
- mail
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
environment:
- SERVICE_TO_START=spooler
- TZ=${TZ}
- KCCONF_SPOOLER_LOG_LEVEL=3
- KCCONF_SPOOLER_SMTP_SERVER=mail
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kopano_spooler.pem
env_file:
- kopano_spooler.env
networks:
- kopano-net
kopano_gateway:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
depends_on:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
environment:
- SERVICE_TO_START=gateway
- TZ=${TZ}
- KCCONF_GATEWAY_SERVER_SOCKET=http://kopano_server:236/
- KCCONF_GATEWAY_LOG_LEVEL=3
env_file:
- kopano_gateway.env
networks:
- kopano-net
kopano_ical:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
depends_on:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
environment:
- SERVICE_TO_START=ical
- TZ=${TZ}
- KCCONF_ICAL_SERVER_SOCKET=http://kopano_server:236/
env_file:
- kopano_ical.env
networks:
- kopano-net
- web-net
kopano_monitor:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
depends_on:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
environment:
- SERVICE_TO_START=monitor
- TZ=${TZ}
env_file:
- kopano_monitor.env
networks:
- kopano-net
kopano_search:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
restart: unless-stopped
container_name: ${COMPOSE_PROJECT_NAME}_search
depends_on:
- kopano_server
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
- kopanodata/:/kopano/data
environment:
- SERVICE_TO_START=search
- TZ=${TZ}
env_file:
- kopano_search.env
networks:
- kopano-net
kopano_konnect:
image: ${docker_repo:-zokradonh}/kopano_konnect:${KONNECT_VERSION:-latest}
restart: unless-stopped
command: wrapper.sh
depends_on:
- kopano_ssl
- web
# to be useful Konnect also need a running kopano_server, but this dependency cannot be added here since this would be a circular dependency
volumes:
- kopanossl/:/kopano/ssl
- kopanosocket/:/run/kopano
environment:
- FQDN=${FQDN}
- allow_client_guests=yes
- allow_dynamic_client_registration=yes
env_file:
- kopano_konnect.env
networks:
- kopano-net
- web-net
kopano_playground:
image: ${docker_repo:-zokradonh}/kopano_playground
restart: unless-stopped
depends_on:
- kopano_kapi
- kopano_konnect
networks:
- kopano-net
- web-net
kopano_kwmserver:
image: ${docker_repo:-zokradonh}/kopano_kwmserver:${KWM_VERSION:-latest}
restart: unless-stopped
command: wrapper.sh
depends_on:
- kopano_kapi
- kopano_konnect
environment:
- INSECURE=${INSECURE}
- oidc_issuer_identifier=https://${FQDN}
- enable_guest_api=yes
- public_guest_access_regexp=^group/public/.*
env_file:
- kopano_kwmserver.env
volumes:
- kopanossl/:/kopano/ssl
networks:
- web-net
kopano_meet:
image: ${docker_repo:-zokradonh}/kopano_meet:${MEET_VERSION:-latest}
restart: unless-stopped
environment:
- SERVICE_TO_START=meet
- KCCONF_MEET_disableFullGAB=false
- KCCONF_MEET_guests_enabled=true
env_file:
- kopano_meet.env
depends_on:
- kopano_kapi
- kopano_konnect
- kopano_kwmserver
- web
networks:
- web-net
kopano_scheduler:
image: ${docker_repo:-zokradonh}/kopano_scheduler:${SCHEDULER_VERSION:-latest}
restart: "no"
container_name: ${COMPOSE_PROJECT_NAME}_scheduler
networks:
- kopano-net
- ldap-net
- web-net
depends_on:
- kopano_server
- kopano_zpush
environment:
- TZ=${TZ}
- CRON_KOPANOUSERS=10 * * * * docker exec kopano_server kopano-admin --sync
- CRON_ZPUSHGAB=0 22 * * * docker exec kopano_zpush z-push-gabsync -a sync
- CRONDELAYED_KBACKUP=30 1 * * * docker run --rm -it --volumes-from kopano_server -v /root/kopano-backup:/kopano/path ${docker_repo:-zokradonh}/kopano_utils:${CORE_VERSION:-latest} kopano-backup -h
- CRONDELAYED_SOFTDELETE=30 2 * * * docker exec kopano_server kopano-admin --purge-softdelete 30
env_file:
- kopano_scheduler.env
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes:
web:
ldap:
slapd:
maildata:
mailstate:
mtaconfig:
mysql:
kopanodata:
kopanossl:
kopanosocket:
kopanowebapp:
zpushstates:
kdavstates:
networks:
web-net:
kopano-net:
driver: bridge
ldap-net:
driver: bridge
Reference in New Issue View Git Blame Copy Permalink