USEFULL/docker-kopano
1
0
Fork 0
mirror of https://github.com/mlan/docker-kopano.git synced 2025-05-31 11:42:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Reversed tag naming scheme. now full-8.7.80-3.5.2 instead of ~~8.7.80-3.5.2-full~~

Browse Source 
- Demo based on `docker-compose.yml` and `Makefile` files
- Check and fix file attributes in the `/var/lib/kopano/attachments` directory
- Updated Tags overview, Usage and Docker compose example section in README.md
This commit is contained in:
admin@vbox1 2019-02-19 13:52:36 +01:00
parent 3c9420690c
commit 902a893205
15 changed files with 348 additions and 288 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.dockerignore
View File

@ -2,5 +2,7 @@
.gitignore
.github
.gitattributes
READMETEMPLATE.md
README.md
demo
*.md
local*
*private

5
.gitignore vendored
View File

@ -1,4 +1,3 @@
deb
tmp
*.swp
local_*
local*
*private

17
CHANGELOG.md Normal file
View File

@ -0,0 +1,17 @@
# v1.1.0
- Reversed tag naming scheme. now `full-8.7.80-3.5.2` instead of ~~8.7.80-3.5.2-full~~
- Demo based on `docker-compose.yml` and `Makefile` files
- Check and fix file attributes in the `/var/lib/kopano/attachments` directory
# v1.0.0
- Groupware server [Kopano WebApp](https://kopano.io/)
- ActiveSync server [Z-Push](http://z-push.org/)
- Multi-staged build providing the images `full`, `debugtools` and `core`
- Configuration using environment variables
- Log directed to docker daemon with configurable level
- Built in utility script `conf` helping configuring Kopano components, WebApp and Z-Push
- Health check
- Hook for theming

9
Dockerfile
View File

@ -88,7 +88,8 @@ RUN mkdir -p $docker_build_deb_dir \
&& for i in $(seq ${docker_build_passes}); do echo "\033[1;36mKOPANO CORE INSTALL PASS: $i\033[0m" \
&& dpkg --install --force-depends --skip-same-version --recursive $docker_build_deb_dir \
&& apt-get install --yes --no-install-recommends --fix-broken; done \
# && rm -rf $docker_build_deb_dir \
&& mkdir -p /var/lib/kopano/attachments && chown kopano: /var/lib/kopano/attachments \
&& rm -rf $docker_build_deb_dir \
&& setup-runit.sh \
"kopano-dagent -l" \
"kopano-gateway -F" \
@ -155,7 +156,7 @@ RUN apt-get install --yes --no-install-recommends apache2 libapache2-mod-php7.2
# && a2disconf other-vhosts-access-log \
&& a2dissite 000-default.conf \
&& a2ensite kopano-webapp \
# && rm -rf $docker_build_deb_dir \
&& rm -rf $docker_build_deb_dir \
&& setup-runit.sh "apache2ctl -D FOREGROUND -k start"
#
# Ports
@ -187,8 +188,8 @@ ENV DEBIAN_FRONTEND=noninteractive \
RUN debaddr="$(kopano-webaddr.sh --deb final http://repo.z-hub.io/z-push: ${DIST} ${REL})" \
&& echo "deb $debaddr/ /" > /etc/apt/sources.list.d/z-push.list \
&& wget -qO - $debaddr/Release.key | apt-key add - \
&& mkdir -p /var/lib/z-push && chown www-data:www-data /var/lib/z-push \
&& mkdir -p /var/log/z-push && chown www-data:www-data /var/log/z-push \
&& mkdir -p /var/lib/z-push && chown www-data: /var/lib/z-push \
&& mkdir -p /var/log/z-push && chown www-data: /var/log/z-push \
&& apt-get update && apt-get install --yes --no-install-recommends \
z-push-backend-kopano \
z-push-kopano \

14
Makefile
View File

@ -3,6 +3,7 @@
BLD_ARG ?= --build-arg DIST=ubuntu --build-arg REL=18.04 --build-arg ARCH=amd64
IMG_REPO ?= mlan/kopano
IMG_VER ?= $(shell assets/kopano-webaddr.sh -VV)
IMG_CMD ?= /bin/bash
CNT_NAME ?= kopano-default
CNT_PORT ?= -p 80:80
@ -12,6 +13,9 @@ CNT_VOL ?=
.PHONY: build build-all bulid-core build-full build-debugtools \
variables push shell exec run run-fg start stop rm-container rm-image release logs
variables:
make -pn | grep -A1 "^# makefile"| grep -v "^#\|^--" | sort | uniq
build: Dockerfile
docker build $(BLD_ARG) --target kopano-full -t $(IMG_REPO)\:$(IMG_VER) .
@ -34,18 +38,14 @@ build-debugtools: Dockerfile
-t $(IMG_REPO)\:$(IMG_VER)-debugtools \
-t $(IMG_REPO)\:latest-debugtools .
variables:
make -pn | grep -A1 "^# makefile"| grep -v "^#\|^--" | sort | uniq
push:
docker push $(IMG_REPO)\:$(IMG_VER)
shell:
docker run --rm --name $(CNT_NAME)-$(CNT_INST) -i -t $(CNT_PORT) $(CNT_VOL) $(CNT_ENV) $(IMG_REPO)\:$(IMG_VER) /bin/bash
docker run --rm --name $(CNT_NAME)-$(CNT_INST) -i -t $(CNT_PORT) $(CNT_VOL) $(CNT_ENV) $(IMG_REPO)\:$(IMG_VER) $(IMG_CMD)
exec:
docker exec -it $(CNT_NAME) /bin/bash
docker exec -it $(CNT_NAME) $(IMG_CMD)
run-fg:
docker run --rm --name $(CNT_NAME) $(CNT_PORT) $(CNT_VOL) $(CNT_ENV) $(IMG_REPO)\:$(IMG_VER)
@ -67,5 +67,3 @@ rm-image:
release: build
make push -e IMG_VER=$(IMG_VER)
default: build

181
README.md
View File

@ -1,6 +1,6 @@
# The mlan/kopano repository
# The `mlan/kopano` repository
This (unofficial) repository provides dockerized web mail service as well as ActiveSync, ICAL, IMAP and POP3 service. It is based on [Kopano]() core components, as well as the Kopano WebApp and [Z-Push](http://z-push.org/). The image uses [nightly built packages](https://download.kopano.io/community/) which are provided by the Kopano community.
This (non official) repository provides dockerized web mail service as well as ActiveSync, ICAL, IMAP and POP3 service. It is based on [Kopano]() core components, as well as the Kopano WebApp and [Z-Push](http://z-push.org/). The image uses [nightly built packages](https://download.kopano.io/community/) which are provided by the Kopano community.
Hopefully this repository can be retired once the Kopano community make official images available. There is some evidence of such activity on [dockerhub:kopano](https://hub.docker.com/u/kopano).
@ -8,36 +8,46 @@ Hopefully this repository can be retired once the Kopano community make official
Brief feature list follows below
- Groupware server [Kopano WebApp](https://kopano.io/)
- Groupware server [Kopano WebApp](https://kopano.io/)
- ActiveSync server [Z-Push](http://z-push.org/)
- Multi-staged build providing the images `-full `, `-debugtools` , `-core` and `-webapp`
- Multi-staged build providing the images `full`, `debugtools` and `core`
- Configuration using environment variables
- Log directed to docker daemon with configurable level
- Built in utility script `conf` helping configuring Kopano components, WebApp and Z-Push
- Health check
- Hook for theming
- Hook for theming
- Demo based on `docker-compose.yml` and `Makefile` files
## Tags overview
The mlan/kopano repository contains a multi staged built. You select which build using the appropriate tag.
The `mlan/kopano` repository contains a multi staged built. You select which build using the appropriate tag.
The version part of the tag is `latest` or the combined revision numbers of the nightly kopano-core and kopano-webapp package suits that was available when building this image. For example, `8.7.80-3.5.2` indicates that the image was built using the 8.7.80 version of Kopano core and 3.5.2 version of Kopano webapp.
The version part of the tag is not based on the version of this repository. It is instead, based on the combined revision numbers of the nightly Kopano core and Kopano WebApp package suits that was available when building the images. For example, `8.7.80-3.5.2` indicates that the image was built using the 8.7.80 version of Kopano core and 3.5.2 version of Kopano WebApp.
The build part of the tag is one of `full `, `debugtools` , `core` and soon also `webapp`. The image with tag `full` or without ending contain Kopano core components, as well as, the Kopano webapp and z-push. The image with tag `debugtools` also contains some debug tools. The image with tag `core` contains the kopano-core components proving the server and imap, pop3 and ical access. The image with tag `webapp` contains the Kopano webapp and z-push proving web and active sync service which will depend on a kopano server running in a separate container or elsewhere.
The build part of the tag is one of `full`, `debugtools` and `core`. The image with tag `full` contain Kopano core components, as well as, the Kopano WebApp and Z-Push. The image with tag `debugtools` also contains some debug tools. The image with tag `core` contains the Kopano core components proving the server and IMAP, POP3 and ICAL access, but no web access.
To exemplify the usage of the tags, lets assume that the latest version tag is `8.7.80-3.5.2`. In this case `latest`, `8.7.80-3.5.2`, `full`, `latest-full` and `8.7.80-3.5.2-full` all identify the same image.
The tags `latest`, `full`, `debugtools` or `core` all reference the most recent builds.
To exemplify the usage of the tags, lets assume that the latest version tag is `8.7.80-3.5.2`. In this case `latest`, `8.7.80-3.5.2`, `full`, and `full-8.7.80-3.5.2` all identify the same image.
# Usage
In most use cases the `mlan/kopano` container also needs a SQL database (e.g., [MySQL](https://hub.docker.com/_/mysql) or [MariaDB](https://hub.docker.com/_/mariadb)), Mail Transfer Agent (e.g., [Postfix](http://www.postfix.org/)) and authentication (e.g., [OpenLDAP](https://www.openldap.org/)). Docker images of such services are available. The docker compose example below is used to demonstrate how to configure these services.
In most use cases the `mlan/kopano` container also needs a SQL database (e.g., [MySQL](https://hub.docker.com/_/mysql) or [MariaDB](https://hub.docker.com/_/mariadb)), Mail Transfer Agent (e.g., [Postfix](http://www.postfix.org/)) and authentication (e.g., [OpenLDAP](https://www.openldap.org/)). Docker images of such services are available.
```bash
docker run -d --name mail-app -p 80:80 mlan/kopano
```
Often you want to configure Kopano and its components. There are
different methods available to achieve this. You can use the environment
variables described below set in the shell before creating the container.
These environment variables can also be explicitly given on
the command line when creating the container. They can also be given in
an `docker-compose.yml` file (and the `.env` file), see below. Moreover docker
volumes or host directories with desired configuration files can be
mounted in the container. And finally you can exec into a running container and modify configuration files directly.
The docker compose example below is used to demonstrate how to configure these services.
## Docker compose example
An example of how to configure an web mail server using docker compose is given below. It defines five services, `mail-app`, `mail-mta`, `mail-db`, `auth` and `proxy`, which are the web mail server, the mail transfer agent, the SQL database, authentication and reverse proxy respectively.
An example of how to configure an web mail server using docker compose is given below. It defines 4 services, `mail-app`, `mail-mta`, `mail-db` and `auth`, which are the web mail server, the mail transfer agent, the SQL database and LDAP authentication respectively.
```yaml
version: '3.7'
@ -45,17 +55,10 @@ version: '3.7'
services:
mail-app:
image: mlan/kopano
restart: unless-stopped
networks:
- proxy
- backend
ports:
- "80:80"
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:mail.${DOMAIN-docker.localhost}
- traefik.docker.network=${COMPOSE_PROJECT_NAME}_proxy
- traefik.port=80
- "127.0.0.1:8080:80"
depends_on:
- auth
- mail-db
@ -66,12 +69,12 @@ services:
- MYSQL_HOST=mail-db
- SMTP_SERVER=mail-mta
- LDAP_SEARCH_BASE=${LDAP_BASE-dc=example,dc=com}
- LDAP_USER_TYPE_ATTRIBUTE_VALUE=kopano-user
- LDAP_GROUP_TYPE_ATTRIBUTE_VALUE=kopano-group
- LDAP_USER_SEARCH_FILTER=(kopanoAccount=1)
- SYSLOG_LEVEL=4
env_file:
- .init.env
- LDAP_USER_TYPE_ATTRIBUTE_VALUE=${LDAP_USEROBJ-posixAccount}
- LDAP_GROUP_TYPE_ATTRIBUTE_VALUE=${LDAP_GROUPOBJ-posixGroup}
- MYSQL_DATABASE=kopano
- MYSQL_USER=kopano
- MYSQL_PASSWORD=secret
- SYSLOG_LEVEL=3
volumes:
- mail-conf:/etc/kopano
- mail-atch:/var/lib/kopano/attachments
@ -79,17 +82,11 @@ services:
mail-mta:
image: mlan/postfix-amavis
restart: unless-stopped
hostname: ${MAIL_SRV-mx}.${MAIL_DOMAIN-docker.localhost}
hostname: ${MAIL_SRV-mx}.${MAIL_DOMAIN-example.com}
networks:
- backend
ports:
- "25:25"
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:${MAIL_SRV-mx}.${MAIL_DOMAIN-docker.localhost}
- traefik.docker.network=${COMPOSE_PROJECT_NAME}_proxy
- traefik.port=80
- "127.0.0.1:25:25"
depends_on:
- auth
environment:
@ -99,119 +96,79 @@ services:
- SMTP_RELAY_HOSTAUTH=${SMTP_RELAY_HOSTAUTH-}
- SMTP_TLS_SECURITY_LEVEL=${SMTP_TLS_SECURITY_LEVEL-}
- SMTP_TLS_WRAPPERMODE=${SMTP_TLS_WRAPPERMODE-no}
- LDAP_USER_BASE=${LDAP_USEROU},${LDAP_BASE}
- LDAP_GROUP_BASE=${LDAP_GROUPOU},${LDAP_BASE}
- LDAP_QUERY_FILTER_USER=(&(kopanoAccount=1)(mail=%s))
- LDAP_QUERY_FILTER_ALIAS=(&(kopanoAccount=1)(kopanoAliases=%s))
- LDAP_QUERY_FILTER_GROUP=(&(objectclass=kopano-group)(mail=%s))
- LDAP_QUERY_FILTER_EXPAND=(&(objectclass=kopano-user)(uid=%s))
- LDAP_USER_BASE=ou=${LDAP_USEROU-users},${LDAP_BASE-dc=example,dc=com}
- LDAP_QUERY_FILTER_USER=(&(objectclass=${LDAP_USEROBJ-posixAccount})(mail=%s))
- DKIM_SELECTOR=${DKIM_SELECTOR-default}
- SYSLOG_LEVEL=5
env_file:
- .init.env
- SYSLOG_LEVEL=4
volumes:
- mail-mta:/var
- proxy-acme:/acme
mail-db:
image: mariadb
restart: unless-stopped
command: ['--log_warnings=1']
networks:
- backend
environment:
- LANG=C.UTF-8
env_file:
- .init.env
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD-secret}
- MYSQL_DATABASE=${MYSQL_DATABASE-kopano}
- MYSQL_USER=${MYSQL_USER-kopano}
- MYSQL_PASSWORD=${MYSQL_PASSWORD-secret}
volumes:
- mail-db:/var/lib/mysql
auth:
image: mlan/openldap:1
restart: unless-stopped
image: mlan/openldap
networks:
- backend
environment:
- LDAP_LOGLEVEL=parse
volumes:
- auth-conf:/srv/conf
- auth-data:/srv/data
proxy:
image: traefik:alpine
restart: unless-stopped
command:
- "--api"
- "--docker"
- "--defaultentrypoints=http,https"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 TLS"
- "--retry"
- "--docker.domain=${DOMAIN-docker.localhost}"
- "--docker.exposedbydefault=false"
- "--docker.watch=true"
- "--acme"
- "--acme.email=${CERTMASTER-certmaster}@${DOMAIN-docker.localhost}"
- "--acme.entrypoint=https"
- "--acme.onhostrule=true"
- "--acme.storage=/acme/acme.json"
- "--acme.httpchallenge"
- "--acme.httpchallenge.entrypoint=http"
- "--loglevel=ERROR"
cap_drop:
- all
cap_add:
- net_bind_service
networks:
- proxy
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
labels:
- traefik.enable=true
- traefik.docker.network=${COMPOSE_PROJECT_NAME}_proxy
- traefik.port=8080
- traefik.frontend.passHostHeader=true
- traefik.frontend.rule=Host:monitor.${DOMAIN-docker.localhost}
- traefik.frontend.auth.basic=${PROXY_USER-admin}:${PROXY_PASSWORD-secret}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- proxy-acme:/acme
- /dev/null:/traefik.toml
- auth-db:/srv
networks:
proxy:
backend:
volumes:
auth-db:
mail-conf:
mail-atch:
mail-db:
mail-mta:
mail-sync:
proxy-acme:
```
This repository contains a `demo` directory which hold the `docker-compose.yml` file as well as a `Makefile` which might come handy. From within the `demo` directory you can start the `mlan/kopano` container simply by typing:
```bash
make init
```
Then you can assess WebApp on the URL [`http://localhost:8080`](http://localhost:8080) and log in with the user name `demo` and password `demo` . You can send a test email by typing:
```bash
make test
```
## Environment variables
When you create the `mlan/kopano` container, you can adjust the configuration of the Kopano server by passing one or more environment variables or on the docker run command line. Note that any pre-existing configuration files within the container will be left untouched.
To see all available configuration variables you can run `man` within the container, for example like this:
To see all available configuration variables you can run `man` within the container by for example using the `Makefile` described above:
```bash
docker exec mail-app man kopano-server.cfg
make mail-app-man_server
```
If you do, you will notice that configuration variable names are all lower case, but they will be matched with all uppercase environment variables by the container entrypoint script.
## SQL database configuration
The Kopano server uses a SQL database, which needs to be initiated, see below. Once the SQL database has been initiated you can create the Kopano container and configure it to use the SQL database using environment variables.
The Kopano server uses a SQL database, which needs to be initiated, see below. Once the SQL database has been initiated you can create the Kopano container and configure it to use the SQL database using environment variables.
#### `MYSQL_HOST`
The hostname of the MySQL server to use. Default `MYSQL_HOST=localhost`.
The host name of the MySQL server to use. Default `MYSQL_HOST=localhost`.
#### `MYSQL_PORT`
@ -235,7 +192,7 @@ The location where attachments are stored. This can be in the MySQL database, or
#### `ATTACHMENT_COMPRESSION`
When the attachment_storage option is `ATTACHMENT_STORAGE=files`, this option controls the compression level for the attachments. Higher compression levels will compress data better, but at the cost of CPU usage. Lower compression levels will require less CPU but will compress data less. Setting the compression level to 0 will effectively disable compression completely. Changing the compression level, or switching it on or off, will not affect any existing attachments, and will remain accessible as normal. Set to 0 to disable compression completely. The maximum compression level is 9. Default: `ATTACHMENT_COMPRESSION=6`
When the `ATTACHMENT_STORAGE` option is `ATTACHMENT_STORAGE=files`, this option controls the compression level for the attachments. Higher compression levels will compress data better, but at the cost of CPU usage. Lower compression levels will require less CPU but will compress data less. Setting the compression level to 0 will effectively disable compression completely. Changing the compression level, or switching it on or off, will not affect any existing attachments, and will remain accessible as normal. Set to 0 to disable compression completely. The maximum compression level is 9. Default: `ATTACHMENT_COMPRESSION=6`
### SQL Database initialization
@ -249,7 +206,7 @@ There are at least three directories which should be considered mounted; the con
Kopano supports three different ways to manage user authentication. Use the `USER_PLUGIN` environment variable to select the source of the user base. Possible values are: `db` (default), `ldap` and `unix`.
`db`: Retrieve the users from the Kopano database. Use the kopano-admin tool to create users and groups. There are no additional settings for this plugin.
`db`: Retrieve the users from the Kopano database. Use the kopano-admin tool to create users and groups. There are no additional settings for this plug-in.
`ldap`: Retrieve the users and groups information from an LDAP server. All additional LDAP settings are needed see below
@ -259,11 +216,11 @@ Kopano supports three different ways to manage user authentication. Use the `USE
An LDAP server with user accounts configured to be used with Kopano is needed, but how to set one up is out of our scope here, instead see: [Kopano Knowledge Base/Install and optimize OpenLDAP for use with Kopano Groupware Core](https://kb.kopano.io/display/WIKI/Install+and+optimize+OpenLDAP+for+use+with+Kopano+Groupware+Core).
Once the LDAP server is up and running, the `mlan/kopano` container can be configured to use it using environment variables. In addition to the variables discussed below also set `USER_PLUGIN=ldap`.
Once the LDAP server is up and running, the `mlan/kopano` container can be configured to use it using environment variables. In addition to the variables discussed below also set `USER_PLUGIN=ldap`.
#### `LDAP_HOST`, `LDAP_PORT`, `LDAP_PROTOCOL`
These directives specify a single LDAP server to use. Defaults: `LDAP_HOST=localhost`, `LDAP_PORT=389`, `LDAP_PROTOCOL=ldap`
These directives specify a single LDAP server to use. Defaults: `LDAP_HOST=localhost`, `LDAP_PORT=389`, `LDAP_PROTOCOL=ldap`
#### `LDAP_SEARCH_BASE`
@ -285,7 +242,7 @@ Hint: Use the `kopanoAccount` attribute in the filter to differentiate between n
### Enabling IMAP and POP3 `DISABLED_FEATURES`
By default the `imap` and `pop3` services are disabled for all users. You can set the environment variable `DISABLED_FEATURES=` to enable both `imap` and `pop3`. In this list you can disable certain features for users. This list is space separated, and currently may contain the following features: `imap`, `pop3`. Default: `DISABLED_FEATURES=imap pop3`
By default the `imap` and `pop3` services are disabled for all users. You can set the environment variable `DISABLED_FEATURES=` to enable both `imap` and `pop3`. In this list you can disable certain features for users. This list is space separated, and currently may contain the following features: `imap`, `pop3`. Default: `DISABLED_FEATURES=imap pop3`
### Logging `LOG_LEVEL`
@ -296,9 +253,9 @@ The level of output for logging in the range from 0 to 6. 0 means no logging, 1
You can easily customize the Kopano WebApp see [New! JSON themes in Kopano WebApp](https://kopano.com/blog/new-json-themes-in-kopano-webapp/). Once you have the files you can install them in your docker container using the receipt below, where we assume that the container name is `mail-app` and that the directory `mytheme` contains the `theme.json` and the other file defining the theme.
```bash
$ docker cp mytheme/. mail-app:/etc/kopano/theme/Custom
$ docker exec mail-app chown -R root:root /etc/kopano/theme
$ docker exec mail-app conf replace /etc/kopano/webapp/config.php 'define("THEME", \x27\x27);' 'define("THEME", \x27Custom\x27);'
docker cp mytheme/. mail-app:/etc/kopano/theme/Custom
docker exec -it mail-app chown -R root: /etc/kopano/theme
docker exec -it mail-app conf replace /etc/kopano/webapp/config.php 'define("THEME", \x27\x27);' 'define("THEME", \x27Custom\x27);'
```
Please note that it is not possible to rename the directory `/etc/kopano/theme/Custom` within the container without further modifications.
@ -309,12 +266,12 @@ Environment variables can be used to configure where Kopano find the Mail Transf
#### `SMTP_SERVER`
Hostname or IP address of the outgoing SMTP server. This server needs to relay mail for your server. Default: `SMTP_SERVER=localhost`
Host name or IP address of the outgoing SMTP server. This server needs to relay mail for your server. Default: `SMTP_SERVER=localhost`
#### `SMTP_PORT`
TCP Port number for smtp_server. Default: `SMTP_PORT=25`
TCP Port number used to contact the `SMTP_SERVER`. Default: `SMTP_PORT=25`
### Configuring postfix
The Kopano server listens to the port 2003 and expect the LMTP protocol. For Postfix you can define `VIRTUAL_TRANSPORT=lmtp:mail-app:2003` assuming the `mlan/kopano` container is named `mail-app`
The Kopano server listens to the port 2003 and expect the [LMTP](https://en.wikipedia.org/wiki/Local_Mail_Transfer_Protocol) protocol. For Postfix you can define `VIRTUAL_TRANSPORT=lmtp:mail-app:2003` assuming the `mlan/kopano` container is named `mail-app`

7
TODO.md → ROADMAP.md
View File

@ -1,9 +1,10 @@
# To Do
# Road map
## apache2 runit script not working properly
## 1) apache2 runit script not working properly
See: https://github.com/phusion/baseimage-docker/issues/271
## 2) Improve healthcheck
## Improve healthcheck
Verify the user anonymously.
```bash
ldapsearch -h dockerhost -xLLL -b dc=circuit-factory,dc=com '(kopanoAccount=1)'

17
assets/entrypoint.sh
View File

@ -5,7 +5,9 @@
#
docker_build_runit_root=${docker_build_runit_root-/etc/service}
kopano_user=kopano
kopano_cfg_dir=/etc/kopano
kopano_atch_dir=/var/lib/kopano/attachments
zpush_cfg_dir=/usr/share/z-push
server_cfg_file=$kopano_cfg_dir/server.cfg
ldap_cfg_file=$kopano_cfg_dir/ldap.cfg
@ -40,6 +42,20 @@ inform() {
echo -e "$f_bold${f_green}INFO ($name)${f_norm} $@"
}
fixatr() {
# make sure all files are rw by user $kopano_user
for dir in $@; do
if [ -n "$(find $dir ! -user $kopano_user -print -exec chown -h $kopano_user: {} \;)" ]; then
inform "Changed owner to $kopano_user for some files in $dir"
fi
if [ -n "$(find -L $dir ! -user $kopano_user -print -exec chown $kopano_user: {} \;)" ]; then
inform "Changed owner to $kopano_user for some files in $dir"
fi
if [ -n "$(find -H $dir ! -perm -u+rw -print -exec chmod u+rw {} \;)" ]; then
inform "Changed permision to rw for some files in $dir"
fi
done
}
#
# kopano now installs without any cfg files, so we just write custom values
@ -97,6 +113,7 @@ loglevel() {
#
define_formats
fixatr $kopano_atch_dir
kopano_cfg
php_cfg
loglevel

2
assets/setup-runit.sh
View File

@ -27,7 +27,7 @@ inform() {
init_service() {
# create runit 'run' script for service
# if service is part of kopano suite alos make the 'run' script
# if service is part of kopano suite also make the 'run' script
# delete lingering pid files, which appears to happen to kopano-search
local cmd="$1"
shift

16
demo/.env Normal file
View File

@ -0,0 +1,16 @@
COMPOSE_PROJECT_NAME=demo
MAIL_DOMAIN=example.com
MAIL_SRV=mx
DKIM_SELECTOR=default
LDAP_BASE=dc=example,dc=com
LDAP_USEROU=users
LDAP_USEROBJ=posixAccount
LDAP_USERFLT=
LDAP_GROUPOU=groups
LDAP_GROUPOBJ=posixGroup
LDAP_TEST_USER=demo
LDAP_TEST_PASSWD=demo
MYSQL_ROOT_PASSWORD=secret
MYSQL_DATABASE=kopano
MYSQL_USER=kopano
MYSQL_PASSWORD=secret

118
demo/Makefile Normal file
View File

@ -0,0 +1,118 @@
-include *.mk .env .init.env
.PHONY: variables ps init up down destroy wait test \
auth-up auth-down auth-cmd auth-logs auth-show_conf auth-show_user auth-add_user \
mail-mta-up mail-mta-down mail-mta-cmd mail-mta-logs mail-mta-bayes mail-mta-test \
mail-db-up mail-db-down mail-db-cmd mail-db-logs mail-db-test \
mail-app-up mail-app-down mail-app-cmd mail-app-logs mail-app-debugtools \
mail-app-man_server mail-app-man_ldap \
mail-app-test mail-app-show_user1 mail-app-show_user2
variables:
make -pn | grep -A1 "^# makefile"| grep -v "^#\|^--" | sort | uniq
ps:
docker-compose ps
init: auth-up wait auth-add_user wait mail-db-up wait mail-mta-up wait mail-app-up
up:
docker-compose up -d
down:
docker-compose down
destroy:
docker-compose down -v
wait:
sleep 10
test: mail-mta-test
auth-up:
docker-compose up -d auth
auth-down:
docker-compose down auth
auth-cmd:
docker-compose exec auth /bin/sh
auth-logs:
docker container logs $(COMPOSE_PROJECT_NAME)_auth_1
auth-show_conf:
docker-compose exec auth ldap search -b cn=config olcDatabase={1}mdb
auth-show_user:
docker-compose exec auth ldap search -b "$(LDAP_BASE)"
auth-add_user:
printf "dn: ou=$(LDAP_USEROU),$(LDAP_BASE)\nchangetype: add\nobjectClass: organizationalUnit\nobjectClass: top\nou: $(LDAP_USEROU)\n\ndn: ou=$(LDAP_GROUPOU),$(LDAP_BASE)\nchangetype: add\nobjectClass: organizationalUnit\nobjectClass: top\nou: $(LDAP_GROUPOU)\n\ndn: uid=$(LDAP_TEST_USER),ou=$(LDAP_USEROU),$(LDAP_BASE)\nchangetype: add\nobjectClass: top\nobjectClass: inetOrgPerson\nobjectClass: $(LDAP_USEROBJ)\ncn: $(LDAP_TEST_USER)\nsn: $(LDAP_TEST_USER)\nuid: $(LDAP_TEST_USER)\nmail: $(LDAP_TEST_USER)@$(MAIL_DOMAIN)\nuidNumber: 1234\ngidNumber: 1234\nhomeDirectory: /home/$(LDAP_TEST_USER)\nuserPassword: $(LDAP_TEST_PASSWD)\n" \
| tee /dev/tty | docker-compose exec -T auth ldap modify
mail-mta-up:
docker-compose up -d mail-mta
mail-mta-down:
docker-compose down mail-mta
mail-mta-cmd:
docker-compose exec mail-mta /bin/bash
mail-mta-logs:
docker container logs $(COMPOSE_PROJECT_NAME)_mail-mta_1
mail-mta-bayes:
docker-compose exec mail-mta sh -c 'rm -f bayesian.database.gz && wget http://artinvoice.hu/spams/bayesian.database.gz && gunzip bayesian.database.gz && sa-learn --restore bayesian.database && chown -R amavis: /var/amavis && rm -rf bayesian.database'
mail-mta-test:
printf "EHLO mx\nMAIL FROM: <test@$(MAIL_DOMAIN).com>\nRCPT TO: <$(LDAP_TEST_USER)@$(MAIL_DOMAIN)>\nDATA\nFrom: A tester <test@$(MAIL_DOMAIN)>\nTo: <$(LDAP_TEST_USER)@$(MAIL_DOMAIN)>\nDate: $$(date)\nSubject: A test message\n\nGreat news! You can receive email.\n.\nQUIT\n" \
| nc -C localhost 25
mail-db-up:
docker-compose up -d mail-db
mail-db-down:
docker-compose down mail-db
mail-db-cmd:
docker-compose exec mail-db /bin/bash
mail-db-logs:
docker container logs $(COMPOSE_PROJECT_NAME)_mail-db_1
mail-db-test:
docker-compose exec mail-db mysqlshow -u $(MYSQL_USER) $(MYSQL_DATABASE) -p$(MYSQL_PASSWORD)
mail-app-up:
docker-compose up -d mail-app
mail-app-down:
docker-compose down mail-app
mail-app-cmd:
docker-compose exec mail-app /bin/bash
mail-app-logs:
docker container logs $(COMPOSE_PROJECT_NAME)_mail-app_1
mail-app-debugtools:
docker-compose exec mail-app apt-get update
docker-compose exec mail-app apt-get install --yes \
less nano ldap-utils htop net-tools lsof iputils-ping
mail-app-man_server:
docker-compose exec mail-app man kopano-server.cfg
mail-app-man_ldap:
docker-compose exec mail-app man kopano-ldap.cfg
mail-app-test: mail-mta-test
mail-app-show_user1:
docker-compose exec mail-app kopano-admin -l
mail-app-show_user2: mail-app-debugtools
docker-compose exec mail-app ldapsearch -H ldap://auth:389 -xLLL -b $(LDAP_BASE) '*'

86
demo/docker-compose.yml Normal file
View File

@ -0,0 +1,86 @@
version: '3.7'
services:
mail-app:
image: mlan/kopano
networks:
- backend
ports:
- "127.0.0.1:8080:80"
depends_on:
- auth
- mail-db
- mail-mta
environment:
- USER_PLUGIN=ldap
- LDAP_HOST=auth
- MYSQL_HOST=mail-db
- SMTP_SERVER=mail-mta
- LDAP_SEARCH_BASE=${LDAP_BASE-dc=example,dc=com}
- LDAP_USER_TYPE_ATTRIBUTE_VALUE=${LDAP_USEROBJ-posixAccount}
- LDAP_GROUP_TYPE_ATTRIBUTE_VALUE=${LDAP_GROUPOBJ-posixGroup}
- MYSQL_DATABASE=kopano
- MYSQL_USER=kopano
- MYSQL_PASSWORD=secret
- SYSLOG_LEVEL=3
volumes:
- mail-conf:/etc/kopano
- mail-atch:/var/lib/kopano/attachments
- mail-sync:/var/lib/z-push
mail-mta:
image: mlan/postfix-amavis
hostname: ${MAIL_SRV-mx}.${MAIL_DOMAIN-example.com}
networks:
- backend
ports:
- "127.0.0.1:25:25"
depends_on:
- auth
environment:
- MESSAGE_SIZE_LIMIT=${MESSAGE_SIZE_LIMIT-25600000}
- LDAP_HOST=auth
- VIRTUAL_TRANSPORT=lmtp:mail-app:2003
- SMTP_RELAY_HOSTAUTH=${SMTP_RELAY_HOSTAUTH-}
- SMTP_TLS_SECURITY_LEVEL=${SMTP_TLS_SECURITY_LEVEL-}
- SMTP_TLS_WRAPPERMODE=${SMTP_TLS_WRAPPERMODE-no}
- LDAP_USER_BASE=ou=${LDAP_USEROU-users},${LDAP_BASE-dc=example,dc=com}
- LDAP_QUERY_FILTER_USER=(&(objectclass=${LDAP_USEROBJ-posixAccount})(mail=%s))
- DKIM_SELECTOR=${DKIM_SELECTOR-default}
- SYSLOG_LEVEL=4
volumes:
- mail-mta:/var
mail-db:
image: mariadb
command: ['--log_warnings=1']
networks:
- backend
environment:
- LANG=C.UTF-8
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD-secret}
- MYSQL_DATABASE=${MYSQL_DATABASE-kopano}
- MYSQL_USER=${MYSQL_USER-kopano}
- MYSQL_PASSWORD=${MYSQL_PASSWORD-secret}
volumes:
- mail-db:/var/lib/mysql
auth:
image: mlan/openldap
networks:
- backend
environment:
- LDAP_LOGLEVEL=parse
volumes:
- auth-db:/srv
networks:
backend:
volumes:
auth-db:
mail-conf:
mail-atch:
mail-db:
mail-mta:
mail-sync:

150
docker-compose.yml
View File

@ -1,150 +0,0 @@
version: '3.7'
services:
mail-app:
image: mlan/kopano:8.7.80-3.5.2
restart: unless-stopped
networks:
- proxy
- backend
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:mail.${DOMAIN-docker.localhost}
- traefik.docker.network=${COMPOSE_PROJECT_NAME}_proxy
- traefik.port=80
depends_on:
- auth
- mail-db
- mail-mta
environment:
- USER_PLUGIN=ldap
- LDAP_HOST=auth
- MYSQL_HOST=mail-db
- SMTP_SERVER=mail-mta
- LDAP_SEARCH_BASE=${LDAP_BASE}
- LDAP_USER_TYPE_ATTRIBUTE_VALUE=kopano-user
- LDAP_GROUP_TYPE_ATTRIBUTE_VALUE=kopano-group
- LDAP_USER_SEARCH_FILTER=(kopanoAccount=1)
- SYSLOG_LEVEL=4
env_file:
- .init.env
volumes:
- mail-conf:/etc/kopano
- mail-atch:/var/lib/kopano/attachments
- mail-sync:/var/lib/z-push
mail-mta:
image: mlan/postfix-amavis:3.8
restart: unless-stopped
hostname: ${MAIL_SRV-mx}.${MAIL_DOMAIN-docker.localhost}
networks:
- backend
ports:
- "25:25"
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:${MAIL_SRV-mx}.${MAIL_DOMAIN-docker.localhost}
- traefik.docker.network=${COMPOSE_PROJECT_NAME}_proxy
- traefik.port=80
depends_on:
- auth
environment:
- MESSAGE_SIZE_LIMIT=${MESSAGE_SIZE_LIMIT-25600000}
- LDAP_HOST=auth
- DAGENT_TRANSPORT=lmtp:mail-app:2003
- SMTP_RELAY_HOSTAUTH=${SMTP_RELAY_HOSTAUTH}
- SMTP_TLS_SECURITY_LEVEL=${SMTP_TLS_SECURITY_LEVEL-}
- SMTP_TLS_WRAPPERMODE=${SMTP_TLS_WRAPPERMODE-no}
- LDAP_USER_BASE=${LDAP_USEROU},${LDAP_BASE}
- LDAP_GROUP_BASE=${LDAP_GROUPOU},${LDAP_BASE}
- LDAP_QUERY_FILTER_USER=(&(kopanoAccount=1)(mail=%s))
- LDAP_QUERY_FILTER_ALIAS=(&(kopanoAccount=1)(kopanoAliases=%s))
- LDAP_QUERY_FILTER_GROUP=(&(objectclass=kopano-group)(mail=%s))
- LDAP_QUERY_FILTER_EXPAND=(&(objectclass=kopano-user)(uid=%s))
- DKIM_SELECTOR=${DKIM_SELECTOR-default}
- SYSLOG_LEVEL=5
env_file:
- .init.env
volumes:
- mail-mta:/var
- proxy-acme:/acme
mail-db:
image: mariadb
restart: unless-stopped
command: ['--log_warnings=1']
networks:
- backend
environment:
- LANG=C.UTF-8
env_file:
- .init.env
volumes:
- mail-db:/var/lib/mysql
auth:
image: mlan/openldap:1.0
restart: unless-stopped
networks:
- backend
environment:
- LDAP_LOGLEVEL=parse
volumes:
- auth-conf:/srv/conf
- auth-data:/srv/data
proxy:
image: traefik:alpine
restart: unless-stopped
command:
- "--api"
- "--docker"
- "--defaultentrypoints=http,https"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 TLS"
- "--retry"
- "--docker.domain=${DOMAIN-docker.localhost}"
- "--docker.exposedbydefault=false"
- "--docker.watch=true"
- "--acme"
- "--acme.email=${CERTMASTER-certmaster}@${DOMAIN-docker.localhost}"
- "--acme.entrypoint=https"
- "--acme.onhostrule=true"
- "--acme.storage=/acme/acme.json"
- "--acme.httpchallenge"
- "--acme.httpchallenge.entrypoint=http"
- "--loglevel=ERROR"
cap_drop:
- all
cap_add:
- net_bind_service
networks:
- proxy
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
labels:
- traefik.enable=true
- traefik.docker.network=${COMPOSE_PROJECT_NAME}_proxy
- traefik.port=8080
- traefik.frontend.passHostHeader=true
- traefik.frontend.rule=Host:monitor.${DOMAIN-docker.localhost}
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- proxy-acme:/acme
- /dev/null:/traefik.toml
networks:
proxy:
backend:
volumes:
proxy-acme:
mail-conf:
mail-atch:
mail-db:
mail-mta:
mail-sync:
auth-conf:
auth-data:

2
hooks/build
View File

@ -3,7 +3,7 @@
# $DOCKER_REPO and $DOCKER_TAG are injected into the build environment
echo "hooks/build called with IMAGE_NAME=${DOCKER_REPO}:${DOCKER_TAG}, so we will run:"
printenv
#printenv
case "${DOCKER_TAG}" in
core) bld_target=kopano-core ;;

6
hooks/post_push
View File

@ -12,10 +12,8 @@ _docker_add_tags() {
if [[ "$DOCKER_TAG" == "full" ]]; then
_docker_add_tags latest
_docker_add_tags latest-full
_docker_add_tags ${version}
_docker_add_tags ${version}-full
_docker_add_tags full-${version}
else
_docker_add_tags latest-${DOCKER_TAG}
_docker_add_tags ${version}-${DOCKER_TAG}
_docker_add_tags ${DOCKER_TAG}-${version}
fi