Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F2572172
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
20 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/docker-compose.yml b/docker-compose.yml
index 4dd05111..f1151661 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,274 +1,277 @@
version: '3'
services:
coturn:
build:
context: ./docker/coturn/
container_name: kolab-coturn
healthcheck:
interval: 10s
test: "kill -0 $$(cat /tmp/turnserver.pid)"
timeout: 5s
retries: 30
environment:
- TURN_PUBLIC_IP=${COTURN_PUBLIC_IP}
- TURN_LISTEN_PORT=3478
- TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
hostname: sturn.mgmt.com
image: kolab-coturn
network_mode: host
restart: on-failure
tty: true
kolab:
build:
context: ./docker/kolab/
container_name: kolab
privileged: true
depends_on:
mariadb:
condition: service_healthy
pdns:
condition: service_healthy
extra_hosts:
- "kolab.mgmt.com:127.0.0.1"
+ - "services.${APP_DOMAIN}:172.18.0.4"
environment:
+ - APP_DOMAIN=${APP_DOMAIN}
- LDAP_HOST=127.0.0.1
- LDAP_ADMIN_BIND_DN="cn=Directory Manager"
- LDAP_ADMIN_BIND_PW=Welcome2KolabSystems
- DB_HOST=mariadb
- DB_ROOT_PASSWORD=Welcome2KolabSystems
- DB_HKCCP_DATABASE=${DB_DATABASE}
- DB_HKCCP_USERNAME=${DB_USERNAME}
- DB_HKCCP_PASSWORD=${DB_PASSWORD}
- DB_KOLAB_DATABASE=kolab
- DB_KOLAB_USERNAME=kolab
- DB_KOLAB_PASSWORD=Welcome2KolabSystems
- DB_RC_USERNAME=roundcube
- DB_RC_PASSWORD=Welcome2KolabSystems
- SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE:?err}
- SSL_CERTIFICATE_FULLCHAIN=${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?err}
- SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY:?err}
- IMAP_HOST=127.0.0.1
- IMAP_PORT=11993
- MAIL_HOST=127.0.0.1
- MAIL_PORT=10587
healthcheck:
interval: 10s
test: "systemctl is-active kolab-init || exit 1"
timeout: 5s
retries: 30
start_period: 5m
# This makes docker's dns, resolve via pdns for this container.
# Please note it does not affect /etc/resolv.conf
dns: 172.18.0.11
hostname: kolab.mgmt.com
image: kolab
networks:
kolab:
ipv4_address: 172.18.0.5
ports:
- "12143:12143"
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- ./ext/:/src/:ro
- /etc/letsencrypt/:/etc/letsencrypt/:ro
- ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro
- ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro
- ./docker/certs/kolab.hosted.com.cert:${KOLAB_SSL_CERTIFICATE:?err}
- ./docker/certs/kolab.hosted.com.chain.pem:${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?err}
- ./docker/certs/kolab.hosted.com.key:${KOLAB_SSL_CERTIFICATE_KEY:?err}
- ./docker/kolab/utils:/root/utils:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- imap:/imapdata
- ldap:/ldapdata
mariadb:
container_name: kolab-mariadb
environment:
- MARIADB_ROOT_PASSWORD=Welcome2KolabSystems
- TZ="+02:00"
- DB_HKCCP_DATABASE=${DB_DATABASE}
- DB_HKCCP_USERNAME=${DB_USERNAME}
- DB_HKCCP_PASSWORD=${DB_PASSWORD}
healthcheck:
interval: 10s
test: test -e /var/run/mysqld/mysqld.sock
timeout: 5s
retries: 30
image: mariadb:latest
networks:
- kolab
volumes:
- ./docker/mariadb/mysql-init/:/docker-entrypoint-initdb.d/
- mariadb:/var/lib/mysql
haproxy:
depends_on:
proxy:
condition: service_healthy
build:
context: ./docker/haproxy/
healthcheck:
interval: 10s
test: "kill -0 $$(cat /var/run/haproxy.pid)"
timeout: 5s
retries: 30
container_name: kolab-haproxy
hostname: haproxy.hosted.com
image: kolab-haproxy
networks:
- kolab
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- ./docker/certs/:/etc/certs/:ro
- /etc/letsencrypt/:/etc/letsencrypt/:ro
pdns:
build:
context: ./docker/pdns/
container_name: kolab-pdns
hostname: pdns
depends_on:
mariadb:
condition: service_healthy
healthcheck:
interval: 10s
test: "systemctl status pdns || exit 1"
timeout: 5s
retries: 30
image: kolab-pdns
networks:
kolab:
ipv4_address: 172.18.0.11
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
proxy:
depends_on:
kolab:
condition: service_healthy
webapp:
condition: service_healthy
build:
context: ./docker/proxy/
args:
APP_WEBSITE_DOMAIN: ${APP_WEBSITE_DOMAIN:?err}
SSL_CERTIFICATE: ${PROXY_SSL_CERTIFICATE:?err}
SSL_CERTIFICATE_KEY: ${PROXY_SSL_CERTIFICATE_KEY:?err}
healthcheck:
interval: 10s
test: "kill -0 $$(cat /run/nginx.pid)"
timeout: 5s
retries: 30
container_name: kolab-proxy
hostname: proxy
image: kolab-proxy
extra_hosts:
- "meet:${MEET_LISTENING_HOST}"
networks:
kolab:
ipv4_address: 172.18.0.7
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- ./docker/certs/:/etc/certs/:ro
- /etc/letsencrypt/:/etc/letsencrypt/:ro
ports:
# - "80:80"
- "443:443"
- "465:465"
- "587:587"
- "143:143"
- "993:993"
redis:
build:
context: ./docker/redis/
healthcheck:
interval: 10s
test: "redis-cli ping || exit 1"
timeout: 5s
retries: 30
container_name: kolab-redis
hostname: redis
image: redis
networks:
- kolab
volumes:
- ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro
# ports:
# - "6379:6379"
webapp:
build:
context: ./docker/webapp/
container_name: kolab-webapp
image: kolab-webapp
healthcheck:
interval: 10s
test: "/src/kolabsrc/artisan octane:status || exit 1"
timeout: 5s
retries: 30
start_period: 5m
depends_on:
kolab:
condition: service_healthy
redis:
condition: service_healthy
networks:
- - kolab
+ kolab:
+ ipv4_address: 172.18.0.4
volumes:
- ./src:/src/kolabsrc.orig:ro
ports:
- "8000:8000"
meet:
build:
context: ./docker/meet/
healthcheck:
interval: 10s
test: "curl --insecure -H 'X-AUTH-TOKEN: ${MEET_SERVER_TOKEN}' --fail https://${MEET_LISTENING_HOST}:12443/meetmedia/api/health || exit 1"
timeout: 5s
retries: 30
start_period: 5m
environment:
- WEBRTC_LISTEN_IP=${MEET_WEBRTC_LISTEN_IP:?err}
- PUBLIC_DOMAIN=${MEET_PUBLIC_DOMAIN:?err}
- LISTENING_HOST=${MEET_LISTENING_HOST:?err}
- LISTENING_PORT=12443
- TURN_SERVER=${MEET_TURN_SERVER}
- TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
- AUTH_TOKEN=${MEET_SERVER_TOKEN:?err}
- WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN:?err}
- WEBHOOK_URL=${APP_PUBLIC_URL:?err}/api/webhooks/meet
- SSL_CERT=/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN:?err}.cert
- SSL_KEY=/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN:?err}.key
network_mode: host
container_name: kolab-meet
image: kolab-meet
volumes:
- ./meet/server:/src/meet/:ro
- ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.cert:/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN}.cert
- ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.key:/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN}.key
networks:
kolab:
driver: bridge
ipam:
config:
- subnet: "172.18.0.0/24"
volumes:
mariadb:
imap:
ldap:
diff --git a/docker/kolab/imapd.conf b/docker/kolab/imapd.conf
index 637aff77..d28c0cdb 100644
--- a/docker/kolab/imapd.conf
+++ b/docker/kolab/imapd.conf
@@ -1,58 +1,38 @@
defaultpartition: default
configdirectory: /var/lib/imap/
partition-default: /var/spool/imap/
admins: cyrus-admin
sievedir: /var/lib/imap/sieve/
sendmail: /usr/sbin/sendmail
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN
allowplaintext: no
guam_allowplaintext: yes
nginx_allowplaintext: yes
tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
# uncomment this if you're operating in a DSCP environment (RFC-4594)
# qosmarking: af13
-auth_mech: pts
-pts_module: ldap
-ptloader_sock: /var/lib/imap/socket/ptsock
-ldap_uri: ldap://127.0.0.1:389
-ldap_sasl: 0
-ldap_base: dc=hosted,dc=com
-ldap_bind_dn: uid=kolab-service,ou=Special Users,dc=mgmt,dc=com
-ldap_password: Welcome2KolabSystems
-ldap_filter: (|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@%d)(mail=%U@%r))(objectclass=kolabinetorgperson)))
-ldap_user_attribute: mail
-ldap_group_base: dc=mgmt,dc=com
-ldap_group_filter: (&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))
-ldap_group_scope: one
-ldap_member_base: dc=mgmt,dc=com
-ldap_member_method: attribute
-ldap_member_attribute: nsrole
-ldap_restart: 1
-ldap_timeout: 10
-ldap_time_limit: 10
unixhierarchysep: 1
virtdomains: userid
annotation_definitions: /etc/imapd.annotations.conf
sieve_extensions: fileinto reject envelope body vacation imapflags notify include regex subaddress relational copy date index
allowallsubscribe: 0
allowusermoves: 1
altnamespace: 1
hashimapspool: 1
anysievefolder: 1
fulldirhash: 0
sieveusehomedir: 0
sieve_allowreferrals: 0
lmtp_downcase_rcpt: 1
lmtp_fuzzy_mailbox_match: 1
username_tolower: 1
deletedprefix: DELETED
delete_mode: delayed
expunge_mode: delayed
postuser: shared
# on systems with cyrus 3+ specify search engine
# search_engine: squat
-ldap_domain_base_dn: ou=Domains,dc=mgmt,dc=com
chatty: 1
debug: 1
diff --git a/docker/kolab/utils/03-setup-kolab.sh b/docker/kolab/utils/03-setup-kolab.sh
index d9e65378..f4ab4f0d 100755
--- a/docker/kolab/utils/03-setup-kolab.sh
+++ b/docker/kolab/utils/03-setup-kolab.sh
@@ -1,86 +1,97 @@
#!/bin/bash
. ./settings.sh
echo ${CMD} | tee -a /root/setup-kolab.log
echo -n "Wait for MariaDB container: " | tee -a /root/setup-kolab.log
while ! mysqladmin -u root ping > /dev/null 2>&1 ; do
echo -n '.'
sleep 3
done | tee -a /root/setup-kolab.log
echo "OK!" | tee -a /root/setup-kolab.log
echo -n "Wait for DS389 container: " | tee -a /root/setup-kolab.log
while ! ldapsearch -h ${LDAP_HOST} -D "${LDAP_ADMIN_BIND_DN}" -w "${LDAP_ADMIN_BIND_PW}" -b "" -s base > /dev/null 2>&1 ; do
echo -n '.'
sleep 3
done | tee -a /root/setup-kolab.log
echo "OK!" | tee -a /root/setup-kolab.log
cat > /tmp/kolab-setup-my.cnf << EOF
[client]
host=${DB_HOST}
user=root
password=${DB_ROOT_PASSWORD}
EOF
CMD="$(which setup-kolab) mta \
--default"
${CMD} 2>&1 | tee -a /root/setup-kolab.log
CMD="$(which setup-kolab) php \
--default \
--timezone=Europe/Zurich"
${CMD} 2>&1 | tee -a /root/setup-kolab.log
# setup imap
if [ -f "/var/lib/imap/db" ]; then
echo "IMAP directory exists, nothing to do"
else
echo "Initializing IMAP volume"
cp -ar /var/lib/imap-bak/* /var/lib/imap/
systemctl start cyrus-imapd
fi
-systemctl stop saslauthd
-systemctl start kolab-saslauthd
-systemctl enable kolab-saslauthd
+
+
+# Setup httpform auth against kolab
+sed -i "s/MECH=.*/MECH=httpform/" /etc/sysconfig/saslauthd
+
+cat > /etc/saslauthd.conf << EOF
+httpform_host: services.${APP_DOMAIN}
+httpform_port: 8000
+httpform_uri: /api/webhooks/cyrus-sasl
+httpform_data: %u %r %p
+EOF
+
+systemctl restart saslauthd
+
#Setup guam
systemctl start guam
systemctl enable guam
#TODO just add /etc/kolab-freebusy/
# CMD="$(which setup-kolab) freebusy \
# --default"
# ${CMD} 2>&1 | tee -a /root/setup-kolab.log
cat > /tmp/kolab-setup-my.cnf << EOF
[client]
host=${DB_HOST}
user=root
password=${DB_ROOT_PASSWORD}
EOF
# Configure roundcube and setup db
# The db setup will just fail if the db already exists,
# but no harm done
CMD="$(which setup-kolab) roundcube \
--default"
${CMD} 2>&1 | tee -a /root/setup-kolab.log
cat > /tmp/kolab-setup-my.cnf << EOF
[client]
host=${DB_HOST}
user=root
password=${DB_ROOT_PASSWORD}
EOF
CMD="$(which setup-kolab) syncroton \
--default"
${CMD} 2>&1 | tee -a /root/setup-kolab.log
diff --git a/src/database/seeds/local/UserSeeder.php b/src/database/seeds/local/UserSeeder.php
index 07c0dec5..f74ffeae 100644
--- a/src/database/seeds/local/UserSeeder.php
+++ b/src/database/seeds/local/UserSeeder.php
@@ -1,242 +1,250 @@
<?php
namespace Database\Seeds\Local;
use App\Auth\SecondFactor;
use App\Domain;
use App\Entitlement;
use App\User;
use App\Sku;
use Carbon\Carbon;
use Illuminate\Database\Seeder;
use App\Wallet;
class UserSeeder extends Seeder
{
/**
* Run the database seeds.
*
* @return void
*/
public function run()
{
$domain = Domain::create(
[
'namespace' => 'kolab.org',
'status' => Domain::STATUS_NEW
+ Domain::STATUS_ACTIVE
+ Domain::STATUS_CONFIRMED
+ Domain::STATUS_VERIFIED,
'type' => Domain::TYPE_EXTERNAL
]
);
$john = User::create(
[
'email' => 'john@kolab.org',
'password' => \App\Utils::generatePassphrase()
]
);
$john->setSettings(
[
'first_name' => 'John',
'last_name' => 'Doe',
'currency' => 'USD',
'country' => 'US',
'billing_address' => "601 13th Street NW\nSuite 900 South\nWashington, DC 20005",
'external_email' => 'john.doe.external@gmail.com',
'organization' => 'Kolab Developers',
'phone' => '+1 509-248-1111',
]
);
$john->setAliases(['john.doe@kolab.org']);
$wallet = $john->wallets->first();
$packageDomain = \App\Package::withEnvTenantContext()->where('title', 'domain-hosting')->first();
$packageKolab = \App\Package::withEnvTenantContext()->where('title', 'kolab')->first();
$packageLite = \App\Package::withEnvTenantContext()->where('title', 'lite')->first();
$domain->assignPackage($packageDomain, $john);
$john->assignPackage($packageKolab);
$appDomain = \App\Domain::where(
[
'namespace' => \config('app.domain')
]
)->first();
$fred = User::create(
[
'email' => 'fred@' . \config('app.domain'),
'password' => \App\Utils::generatePassphrase()
]
);
$fred->setSettings(
[
'first_name' => 'fred',
'last_name' => 'Doe',
'currency' => 'USD',
'country' => 'US',
'billing_address' => "601 13th Street NW\nSuite 900 South\nWashington, DC 20005",
'external_email' => 'fred.doe.external@gmail.com',
'organization' => 'Kolab Developers',
'phone' => '+1 509-248-1111',
]
);
$appDomain->assignPackage($packageDomain, $fred);
$fred->assignPackage($packageKolab);
$jack = User::create(
[
'email' => 'jack@kolab.org',
'password' => \App\Utils::generatePassphrase()
]
);
$jack->setSettings(
[
'first_name' => 'Jack',
'last_name' => 'Daniels',
'currency' => 'USD',
'country' => 'US'
]
);
$jack->setAliases(['jack.daniels@kolab.org']);
$john->assignPackage($packageKolab, $jack);
foreach ($john->entitlements as $entitlement) {
$entitlement->created_at = Carbon::now()->subMonthsWithoutOverflow(1);
$entitlement->updated_at = Carbon::now()->subMonthsWithoutOverflow(1);
$entitlement->save();
}
$ned = User::create(
[
'email' => 'ned@kolab.org',
'password' => \App\Utils::generatePassphrase()
]
);
$ned->setSettings(
[
'first_name' => 'Edward',
'last_name' => 'Flanders',
'currency' => 'USD',
'country' => 'US',
'guam_enabled' => false,
]
);
$john->assignPackage($packageKolab, $ned);
$ned->assignSku(\App\Sku::withEnvTenantContext()->where('title', 'activesync')->first(), 1);
// Ned is a controller on Jack's wallet
$john->wallets()->first()->addController($ned);
// Ned is also our 2FA test user
$sku2fa = Sku::withEnvTenantContext()->where('title', '2fa')->first();
$ned->assignSku($sku2fa);
SecondFactor::seed('ned@kolab.org');
$joe = User::create(
[
'email' => 'joe@kolab.org',
'password' => \App\Utils::generatePassphrase()
]
);
$john->assignPackage($packageLite, $joe);
//$john->assignSku(Sku::firstOrCreate(['title' => 'beta']));
//$john->assignSku(Sku::firstOrCreate(['title' => 'meet']));
$joe->setAliases(['joe.monster@kolab.org']);
// This only exists so the user create job doesn't fail because the domain is not found
Domain::create(
[
'namespace' => 'jeroen.jeroen',
'status' => Domain::STATUS_NEW
+ Domain::STATUS_ACTIVE
+ Domain::STATUS_CONFIRMED
+ Domain::STATUS_VERIFIED,
'type' => Domain::TYPE_EXTERNAL
]
);
$jeroen = User::create(
[
'email' => 'jeroen@jeroen.jeroen',
'password' => \App\Utils::generatePassphrase()
]
);
$jeroen->role = 'admin';
$jeroen->save();
$reseller = User::create(
[
'email' => 'reseller@' . \config('app.domain'),
'password' => \App\Utils::generatePassphrase()
]
);
$reseller->role = 'reseller';
$reseller->save();
$reseller->assignPackage($packageKolab);
// for tenants that are not the configured tenant id
$tenants = \App\Tenant::where('id', '!=', \config('app.tenant_id'))->get();
foreach ($tenants as $tenant) {
$domain = Domain::where('tenant_id', $tenant->id)->first();
$packageKolab = \App\Package::where(
[
'title' => 'kolab',
'tenant_id' => $tenant->id
]
)->first();
if ($domain) {
$reseller = User::create(
[
'email' => 'reseller@' . $domain->namespace,
'password' => \App\Utils::generatePassphrase()
]
);
$reseller->role = 'reseller';
$reseller->tenant_id = $tenant->id;
$reseller->save();
$reseller->assignPackage($packageKolab);
$user = User::create(
[
'email' => 'user@' . $domain->namespace,
'password' => \App\Utils::generatePassphrase()
]
);
$user->tenant_id = $tenant->id;
$user->save();
$user->assignPackage($packageKolab);
}
}
+
+ # Create imap admin service account
+ User::create(
+ [
+ 'email' => \config('imap.admin_login'),
+ 'password' => \config('imap.admin_password')
+ ]
+ );
}
}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Fri, Mar 20, 2:39 AM (1 d, 16 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
458846
Default Alt Text
(20 KB)
Attached To
Mode
R2 kolab
Attached
Detach File
Event Timeline
Log In to Comment