Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F2571732
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
16 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/docker-compose.yml b/docker-compose.yml
index e5d1f81a..67011649 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,347 +1,349 @@
version: '3'
services:
coturn:
build:
context: ./docker/coturn/
container_name: kolab-coturn
healthcheck:
interval: 10s
test: "kill -0 $$(cat /tmp/turnserver.pid)"
timeout: 5s
retries: 30
environment:
- TURN_PUBLIC_IP=${COTURN_PUBLIC_IP}
- TURN_LISTEN_PORT=3478
- TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
hostname: sturn.mgmt.com
image: kolab-coturn
network_mode: host
restart: on-failure
kolab:
build:
context: ./docker/kolab/
args:
DB_KOLAB_DATABASE: kolab
DB_KOLAB_USERNAME: kolab
DB_KOLAB_PASSWORD: ${DB_PASSWORD:?"DB_PASSWORD is missing"}
LDAP_HOST: ldap
LDAP_ADMIN_BIND_DN: ${LDAP_ADMIN_BIND_DN}
LDAP_ADMIN_BIND_PW: ${LDAP_ADMIN_BIND_PW}
LDAP_SERVICE_BIND_PW: ${LDAP_SERVICE_BIND_PW}
+ IMAP_ADMIN_LOGIN: ${IMAP_ADMIN_LOGIN}
+ IMAP_ADMIN_PASSWORD: ${IMAP_ADMIN_PASSWORD}
container_name: kolab
privileged: true
restart: on-failure
tty: true
depends_on:
mariadb:
condition: service_healthy
pdns:
condition: service_healthy
ldap:
condition: service_healthy
extra_hosts:
- "kolab.mgmt.com:127.0.0.1"
- "services.${APP_DOMAIN}:172.18.0.4"
environment:
- APP_DOMAIN=${APP_DOMAIN}
- LDAP_HOST=ldap
- LDAP_ADMIN_BIND_DN=${LDAP_ADMIN_BIND_DN}
- LDAP_ADMIN_BIND_PW=${LDAP_ADMIN_BIND_PW}
- LDAP_SERVICE_BIND_PW=${LDAP_SERVICE_BIND_PW}
- DB_HOST=mariadb
- DB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
- DB_HKCCP_DATABASE=${DB_DATABASE}
- DB_HKCCP_USERNAME=${DB_USERNAME}
- DB_HKCCP_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"}
- DB_KOLAB_DATABASE=kolab
- DB_KOLAB_USERNAME=kolab
- DB_KOLAB_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"}
- SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE:?"KOLAB_SSL_CERTIFICATE is missing"}
- SSL_CERTIFICATE_FULLCHAIN=${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?"KOLAB_SSL_CERTIFICATE_FULLCHAIN is missing"}
- SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY:?"KOLAB_SSL_CERTIFICATE_KEY is missing"}
- IMAP_HOST=127.0.0.1
- IMAP_PORT=11993
- IMAP_ADMIN_LOGIN=${IMAP_ADMIN_LOGIN}
- IMAP_ADMIN_PASSWORD=${IMAP_ADMIN_PASSWORD}
- MAIL_HOST=127.0.0.1
- MAIL_PORT=10587
healthcheck:
interval: 10s
test: "systemctl is-active kolab-init || exit 1"
timeout: 5s
retries: 30
start_period: 5m
# This makes docker's dns, resolve via pdns for this container.
# Please note it does not affect /etc/resolv.conf
dns: 172.18.0.11
hostname: kolab.mgmt.com
image: kolab
networks:
kolab:
ipv4_address: 172.18.0.5
ports:
- "12143:12143"
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
volumes:
- ./ext/:/src/:ro
- /etc/letsencrypt/:/etc/letsencrypt/:ro
- ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro
- ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro
- ./docker/certs/kolab.hosted.com.cert:${KOLAB_SSL_CERTIFICATE:?err}
- ./docker/certs/kolab.hosted.com.chain.pem:${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?err}
- ./docker/certs/kolab.hosted.com.key:${KOLAB_SSL_CERTIFICATE_KEY:?err}
- ./docker/kolab/utils:/root/utils:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- imap:/imapdata
ldap:
build:
context: ./docker/ldap/
container_name: kolab-ldap
restart: on-failure
tty: true
hostname: ldap
privileged: true
environment:
- APP_DOMAIN=${APP_DOMAIN}
- LDAP_ADMIN_ROOT_DN=${LDAP_ADMIN_ROOT_DN}
- LDAP_ADMIN_BIND_DN=${LDAP_ADMIN_BIND_DN}
- LDAP_ADMIN_BIND_PW=${LDAP_ADMIN_BIND_PW}
- LDAP_SERVICE_BIND_PW=${LDAP_SERVICE_BIND_PW}
- LDAP_HOSTED_BIND_PW=${LDAP_HOSTED_BIND_PW}
- IMAP_ADMIN_PASSWORD=${IMAP_ADMIN_PASSWORD}
healthcheck:
interval: 10s
test: "systemctl status dirsrv@kolab || exit 1"
timeout: 5s
retries: 30
start_period: 5m
image: kolab-ldap
networks:
kolab:
ipv4_address: 172.18.0.12
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- ldap:/ldapdata
roundcube:
build:
context: ./docker/roundcube/
container_name: kolab-roundcube
hostname: roundcube.hosted.com
restart: on-failure
depends_on:
mariadb:
condition: service_healthy
pdns:
condition: service_healthy
kolab:
condition: service_healthy
environment:
- APP_DOMAIN=${APP_DOMAIN}
- LDAP_HOST=ldap
- LDAP_ADMIN_BIND_DN=${LDAP_ADMIN_BIND_DN}
- LDAP_ADMIN_BIND_PW=${LDAP_ADMIN_BIND_PW}
- LDAP_SERVICE_BIND_PW=${LDAP_SERVICE_BIND_PW}
- LDAP_HOSTED_BIND_PW=${LDAP_HOSTED_BIND_PW}
- DB_HOST=mariadb
- DB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
- DB_RC_DATABASE=roundcube
- DB_RC_USERNAME=roundcube
- DB_RC_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"}
- IMAP_HOST=tls://haproxy
- IMAP_PORT=145
- IMAP_ADMIN_LOGIN=${IMAP_ADMIN_LOGIN}
- IMAP_ADMIN_PASSWORD=${IMAP_ADMIN_PASSWORD}
- MAIL_HOST=tls://kolab
- MAIL_PORT=10587
healthcheck:
interval: 10s
test: "kill -0 $$(cat /run/httpd/httpd.pid)"
timeout: 5s
retries: 30
# This makes docker's dns, resolve via pdns for this container.
# Please note it does not affect /etc/resolv.conf
dns: 172.18.0.11
image: roundcube
networks:
kolab:
ipv4_address: 172.18.0.9
ports:
- "8001:80"
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
volumes:
- ./ext/:/src.orig/:ro
mariadb:
container_name: kolab-mariadb
restart: on-failure
environment:
- MARIADB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
- TZ="+02:00"
- DB_HKCCP_DATABASE=${DB_DATABASE}
- DB_HKCCP_USERNAME=${DB_USERNAME}
- DB_HKCCP_PASSWORD=${DB_PASSWORD}
healthcheck:
interval: 10s
test: test -e /var/run/mysqld/mysqld.sock
timeout: 5s
retries: 30
image: mariadb:latest
networks:
kolab:
ipv4_address: 172.18.0.3
volumes:
- ./docker/mariadb/mysql-init/:/docker-entrypoint-initdb.d/
- mariadb:/var/lib/mysql
haproxy:
build:
context: ./docker/haproxy/
healthcheck:
interval: 10s
test: "kill -0 $$(cat /var/run/haproxy.pid)"
timeout: 5s
retries: 30
container_name: kolab-haproxy
restart: on-failure
hostname: haproxy.hosted.com
image: kolab-haproxy
networks:
kolab:
ipv4_address: 172.18.0.6
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
volumes:
- ./docker/certs/:/etc/certs/:ro
- /etc/letsencrypt/:/etc/letsencrypt/:ro
pdns:
build:
context: ./docker/pdns/
args:
DB_HOST: mariadb
DB_DATABASE: ${DB_DATABASE:?DB_DATABASE}
DB_USERNAME: ${DB_USERNAME:?DB_USERNAME}
DB_PASSWORD: ${DB_PASSWORD:?DB_PASSWORD}
container_name: kolab-pdns
restart: on-failure
tty: true
hostname: pdns
depends_on:
mariadb:
condition: service_healthy
healthcheck:
interval: 10s
test: "systemctl status pdns || exit 1"
timeout: 5s
retries: 30
image: kolab-pdns
networks:
kolab:
ipv4_address: 172.18.0.11
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
redis:
build:
context: ./docker/redis/
healthcheck:
interval: 10s
test: "redis-cli ping || exit 1"
timeout: 5s
retries: 30
container_name: kolab-redis
restart: on-failure
hostname: redis
image: redis
networks:
- kolab
volumes:
- ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro
webapp:
build:
context: ./docker/webapp/
args:
GIT_REF: ${KOLAB_GIT_REF:-master}
container_name: kolab-webapp
restart: on-failure
image: kolab-webapp
healthcheck:
interval: 10s
test: "/src/kolabsrc/artisan octane:status || exit 1"
timeout: 5s
retries: 30
start_period: 5m
depends_on:
kolab:
condition: service_healthy
redis:
condition: service_healthy
roundcube:
condition: service_healthy
networks:
kolab:
ipv4_address: 172.18.0.4
volumes:
- ./src:/src/kolabsrc.orig:ro
ports:
- "8000:8000"
meet:
build:
context: ./docker/meet/
args:
GIT_REF: ${KOLAB_GIT_REF:-master}
container_name: kolab-meet
restart: on-failure
healthcheck:
interval: 10s
test: "curl --insecure -H 'X-AUTH-TOKEN: ${MEET_SERVER_TOKEN}' --fail https://${MEET_LISTENING_HOST}:12443/meetmedia/api/health || exit 1"
timeout: 5s
retries: 30
start_period: 5m
environment:
- WEBRTC_LISTEN_IP=${MEET_WEBRTC_LISTEN_IP:?err}
- PUBLIC_DOMAIN=${MEET_PUBLIC_DOMAIN:?err}
- LISTENING_HOST=${MEET_LISTENING_HOST:?err}
- LISTENING_PORT=12443
- TURN_SERVER=${MEET_TURN_SERVER}
- TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
- AUTH_TOKEN=${MEET_SERVER_TOKEN:?err}
- WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN:?err}
- WEBHOOK_URL=${APP_PUBLIC_URL:?err}/api/webhooks/meet
- SSL_CERT=/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN:?err}.cert
- SSL_KEY=/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN:?err}.key
network_mode: host
container_name: kolab-meet
image: kolab-meet
volumes:
- ./meet/server:/src/meet/:ro
- ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.cert:/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN}.cert
- ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.key:/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN}.key
networks:
kolab:
driver: bridge
ipam:
config:
- subnet: "172.18.0.0/24"
volumes:
mariadb:
imap:
ldap:
diff --git a/docker/kolab/Dockerfile b/docker/kolab/Dockerfile
index 7dd2f502..461ea328 100644
--- a/docker/kolab/Dockerfile
+++ b/docker/kolab/Dockerfile
@@ -1,84 +1,88 @@
FROM quay.io/centos/centos:stream8
LABEL maintainer="contact@apheleia-it.ch"
LABEL dist=centos8
LABEL tier=${TIER}
ENV SYSTEMD_PAGER=''
ENV DISTRO=centos8
ENV LANG=en_US.utf8
ENV LC_ALL=en_US.utf8
# Add EPEL.
RUN dnf config-manager --set-enabled powertools && \
dnf -y install \
epel-release epel-next-release && \
dnf -y module enable 389-directory-server:stable/default && \
dnf -y module enable mariadb:10.3 && \
dnf -y install iputils vim-enhanced bind-utils && \
dnf clean all
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
# Install kolab
RUN rpm --import https://mirror.apheleia-it.ch/repos/Kolab:/16/key.asc && \
rpm -Uvh https://mirror.apheleia-it.ch/repos/Kolab:/16/kolab-16-for-el8stream.rpm
RUN sed -i -e '/^ssl/d' /etc/yum.repos.d/kolab*.repo && \
dnf config-manager --enable kolab-16-testing &&\
dnf -y --setopt tsflags= install kolab patch &&\
dnf clean all
COPY kolab-init.service /etc/systemd/system/kolab-init.service
COPY kolab-setenv.service /etc/systemd/system/kolab-setenv.service
COPY utils /root/utils
RUN rm -rf /etc/systemd/system/multi-user.target.wants/{avahi-daemon,sshd}.* && \
ln -s /etc/systemd/system/kolab-init.service \
/etc/systemd/system/multi-user.target.wants/kolab-init.service && \
ln -s /etc/systemd/system/kolab-setenv.service \
/etc/systemd/system/multi-user.target.wants/kolab-setenv.service
RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || :
COPY /rootfs /
COPY kolab-init.sh /usr/local/sbin/
RUN chmod 750 /usr/local/sbin/kolab-init.sh
COPY kolab.conf /etc/kolab/kolab.conf
COPY cyrus.conf /etc/cyrus.conf
COPY imapd.conf /etc/imapd.conf
COPY imapd.annotations.conf /etc/imapd.annotations.conf
COPY guam.conf /etc/guam/sys.config
ARG DB_KOLAB_DATABASE
ARG DB_KOLAB_USERNAME
ARG DB_KOLAB_PASSWORD
ARG LDAP_HOST
ARG LDAP_ADMIN_BIND_DN
ARG LDAP_ADMIN_BIND_PW
ARG LDAP_SERVICE_BIND_PW
+ARG IMAP_ADMIN_LOGIN
+ARG IMAP_ADMIN_PASSWORD
RUN sed -i -r \
-e "s|DB_KOLAB_DATABASE|$DB_KOLAB_DATABASE|g" \
-e "s|DB_KOLAB_USERNAME|$DB_KOLAB_USERNAME|g" \
-e "s|DB_KOLAB_PASSWORD|$DB_KOLAB_PASSWORD|g" \
-e "s|LDAP_HOST|$LDAP_HOST|g" \
-e "s|LDAP_ADMIN_BIND_DN|$LDAP_ADMIN_BIND_DN|g" \
-e "s|LDAP_ADMIN_BIND_PW|$LDAP_ADMIN_BIND_PW|g" \
-e "s|LDAP_SERVICE_BIND_PW|$LDAP_SERVICE_BIND_PW|g" \
+ -e "s|IMAP_ADMIN_LOGIN|$IMAP_ADMIN_LOGIN|g" \
+ -e "s|IMAP_ADMIN_PASSWORD|$IMAP_ADMIN_PASSWORD|g" \
/etc/kolab/kolab.conf
RUN mkdir -p /imapdata/{spool,lib} && \
rm -rf /var/spool/imap && ln -s /imapdata/spool /var/spool/imap && \
mv /var/lib/imap /var/lib/imap-bak && ln -s /imapdata/lib /var/lib/imap && \
chmod -R 777 /imapdata && \
chown cyrus:mail /var/spool/imap /var/lib/imap
VOLUME [ "/sys/fs/cgroup" ]
VOLUME [ "/imapdata" ]
WORKDIR /root/
CMD ["/lib/systemd/systemd"]
EXPOSE 10143/tcp 10465/tcp 10587/tcp 11143/tcp 11993/tcp
diff --git a/docker/kolab/kolab.conf b/docker/kolab/kolab.conf
index 24782436..fa2215ba 100644
--- a/docker/kolab/kolab.conf
+++ b/docker/kolab/kolab.conf
@@ -1,90 +1,90 @@
[kolab]
primary_domain = mgmt.com
auth_mechanism = ldap
imap_backend = cyrus-imap
default_locale = en_US
sync_interval = 300
domain_sync_interval = 600
policy_uid = %(surname)s.lower()
daemon_rcpt_policy = False
[imap]
virtual_domains = userid
[ldap]
ldap_uri = ldap://LDAP_HOST:389
timeout = 10
supported_controls = 0,2,3
base_dn = dc=mgmt,dc=com
bind_dn = LDAP_ADMIN_BIND_DN
bind_pw = LDAP_ADMIN_BIND_PW
service_bind_dn = uid=kolab-service,ou=Special Users,dc=mgmt,dc=com
service_bind_pw = LDAP_SERVICE_BIND_PW
user_base_dn = dc=hosted,dc=com
user_scope = sub
user_filter = (objectclass=inetorgperson)
kolab_user_base_dn = dc=hosted,dc=com
kolab_user_filter = (objectclass=kolabinetorgperson)
group_base_dn = dc=hosted,dc=com
group_filter = (|(objectclass=groupofuniquenames)(objectclass=groupofurls))
group_scope = sub
kolab_group_filter = (|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgroupofurls))
sharedfolder_base_dn = dc=hosted,dc=com
sharedfolder_filter = (objectclass=kolabsharedfolder)
sharedfolder_acl_entry_attribute = acl
resource_base_dn = dc=hosted,dc=com
resource_filter = (|%(group_filter)s(objectclass=kolabsharedfolder))
domain_base_dn = ou=Domains,dc=mgmt,dc=com
domain_filter = (&(associatedDomain=*))
domain_name_attribute = associateddomain
domain_rootdn_attribute = inetdomainbasedn
quota_attribute = mailquota
modifytimestamp_format = %Y%m%d%H%M%SZ
unique_attribute = nsuniqueid
mail_attributes = mail, alias
mailserver_attribute = mailhost
auth_attributes = mail, uid
[kolab_smtp_access_policy]
cache_uri = mysql://DB_KOLAB_USERNAME:DB_KOLAB_PASSWORD@mariadb/DB_KOLAB_DATABASE
cache_retention = 86400
address_search_attrs = mail, alias
delegate_sender_header = True
alias_sender_header = True
sender_header = True
xsender_header = True
empty_sender_hosts = 3.2.1.0/24, 6.6.6.0/24
[kolab_wap]
mgmt_root_dn = dc=mgmt,dc=com
hosted_root_dn = dc=hosted,dc=com
api_url = http://127.0.0.1:9080/kolab-webadmin/api
skin = default
sql_uri = mysql://DB_KOLAB_USERNAME:DB_KOLAB_PASSWORD@mariadb/DB_KOLAB_DATABASE
ssl_verify_peer = false
ssl_verify_host = false
[cyrus-imap]
uri = imaps://127.0.0.1:11993
-admin_login = cyrus-admin
-admin_password =
+admin_login = IMAP_ADMIN_LOGIN
+admin_password = IMAP_ADMIN_PASSWORD
[cyrus-sasl]
result_attribute = mail
[wallace]
webmail_url = https://%(domain)s/roundcubemail
modules = resources, invitationpolicy
kolab_invitation_policy = ACT_ACCEPT_IF_NO_CONFLICT:example.org, ACT_MANUAL
invitationpolicy_autoupdate_other_attendees_on_reply = false
resource_calendar_expire_days = 100
[mgmt.com]
default_quota = 1048576
daemon_rcpt_policy = False
[autodiscover]
;debug_mode = trace
activesync = %d
imap = ssl://%d:993
smtp = ssl://%d:465
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Thu, Mar 19, 8:56 AM (1 d, 1 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
456393
Default Alt Text
(16 KB)
Attached To
Mode
R2 kolab
Attached
Detach File
Event Timeline
Log In to Comment