Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F2572173
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
14 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/ansible/env.local b/ansible/env.local
index af4eb44e..e3bab548 100644
--- a/ansible/env.local
+++ b/ansible/env.local
@@ -1,36 +1,47 @@
MFA_DSN=mysql://root:Welcome2KolabSystems@127.0.0.1/roundcube
APP_DOMAIN={{ host }}
APP_WEBSITE_DOMAIN={{ host }}
APP_KEY=base64:FG6ECzyAMSmyX+eYwO/FW3bwnarbKkBhqtO65vlMb1E=
APP_PUBLIC_URL=https://{{ host }}
COTURN_STATIC_SECRET=uzYguvIl9tpZFMuQOE78DpOi6Jc7VFSD0UAnvgMsg5n4e74MgIf6vQvbc6LWzZjz
COTURN_PUBLIC_IP='{{ public_ip }}'
MEET_TURN_SERVER='turn:{{ public_ip }}:3478'
MEET_WEBRTC_LISTEN_IP='{{ public_ip }}'
MEET_PUBLIC_DOMAIN={{ host }}
MEET_SERVER_URLS=https://{{ host }}/meetmedia/api/
WEBMAIL_URL=/roundcubemail
APP_URL=https://{{ host }}
ASSET_URL=https://{{ host }}
MOLLIE_KEY=
STRIPE_KEY=
STRIPE_PUBLIC_KEY=
STRIPE_WEBHOOK_SECRET=
OCTANE_HTTP_HOST={{ host }}
OPENEXCHANGERATES_API_KEY={{ openexchangerates_api_key }}
FIREBASE_API_KEY={{ firebase_api_key }}
#Generated by php artisan passport:client --password, but can be left hardcoded (the seeder will pick it up)
PASSPORT_PROXY_OAUTH_CLIENT_ID=942edef5-3dbd-4a14-8e3e-d5d59b727bee
PASSPORT_PROXY_OAUTH_CLIENT_SECRET=L6L0n56ecvjjK0cJMjeeV1pPAeffUBO0YSSH63wf
#Generated by php artisan passport:client --password, but can be left hardcoded (the seeder will pick it up)
PASSPORT_COMPANIONAPP_OAUTH_CLIENT_ID=9566e018-f05d-425c-9915-420cdb9258bb
PASSPORT_COMPANIONAPP_OAUTH_CLIENT_SECRET=XjgV6SU9shO0QFKaU6pQPRC5rJpyRezDJTSoGLgz
APP_TENANT_ID=42
APP_PASSPHRASE=simple123
MAIL_DRIVER=log
+
+KOLAB_SSL_CERTIFICATE=/etc/letsencrypt/live/{{ host }}/cert.pem
+KOLAB_SSL_CERTIFICATE_FULLCHAIN=/etc/letsencrypt/live/{{ host }}/fullchain.pem
+KOLAB_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/{{ host }}/privkey.pem
+
+PROXY_SSL_CERTIFICATE=/etc/letsencrypt/live/{{ host }}/fullchain.pem
+PROXY_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/{{ host }}/privkey.pem
+
+NGINX_SSL_CERTIFICATE=/etc/letsencrypt/live/{{ host }}/fullchain.pem
+NGINX_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/{{ host }}/privkey.pem
+
diff --git a/docker-compose.yml b/docker-compose.yml
index f2ca0bc5..f66b028e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,250 +1,250 @@
version: '3'
services:
coturn:
build:
context: ./docker/coturn/
container_name: kolab-coturn
healthcheck:
interval: 10s
test: "kill -0 $$(cat /tmp/turnserver.pid)"
timeout: 5s
retries: 30
environment:
- TURN_PUBLIC_IP=${COTURN_PUBLIC_IP}
- TURN_LISTEN_PORT=3478
- TURN_STATIC_SECRET==${COTURN_STATIC_SECRET}
hostname: sturn.mgmt.com
image: kolab-coturn
network_mode: host
restart: on-failure
tty: true
kolab:
build:
context: ./docker/kolab/
container_name: kolab
depends_on:
mariadb:
condition: service_healthy
extra_hosts:
- "kolab.mgmt.com:127.0.0.1"
environment:
- DB_HOST=${DB_HOST}
- DB_ROOT_PASSWORD=Welcome2KolabSystems
- DB_HKCCP_DATABASE=${DB_DATABASE}
- DB_HKCCP_USERNAME=${DB_USERNAME}
- DB_HKCCP_PASSWORD=${DB_PASSWORD}
- DB_KOLAB_DATABASE=kolab
- DB_KOLAB_USERNAME=kolab
- DB_KOLAB_PASSWORD=Welcome2KolabSystems
- DB_RC_USERNAME=roundcube
- DB_RC_PASSWORD=Welcome2KolabSystems
- - SSL_CERTIFICATE=/etc/letsencrypt/live/${APP_WEBSITE_DOMAIN:?err}/cert.pem
- - SSL_CERTIFICATE_FULLCHAIN=/etc/letsencrypt/live/${APP_WEBSITE_DOMAIN:?err}/fullchain.pem
- - SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/${APP_WEBSITE_DOMAIN:?err}/privkey.pem
+ - SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE:?err}
+ - SSL_CERTIFICATE_FULLCHAIN=${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?err}
+ - SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY:?err}
- IMAP_HOST=127.0.0.1
- IMAP_PORT=11993
- MAIL_HOST=127.0.0.1
- MAIL_PORT=10587
healthcheck:
interval: 10s
test: test -f /tmp/kolab-init.done
timeout: 5s
retries: 30
hostname: kolab.mgmt.com
image: kolab
network_mode: host
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- ./ext/:/src/:ro
- /etc/letsencrypt/:/etc/letsencrypt/:ro
- ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro
- ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro
- ./docker/certs/kolab.hosted.com.cert:/etc/pki/tls/certs/kolab.hosted.com.cert
- ./docker/certs/kolab.hosted.com.key:/etc/pki/tls/certs/kolab.hosted.com.key
- ./docker/certs/kolab.mgmt.com.cert:/etc/pki/tls/certs/kolab.mgmt.com.cert
- ./docker/certs/kolab.mgmt.com.key:/etc/pki/tls/certs/kolab.mgmt.com.key
- ./docker/kolab/utils:/root/utils:ro
- ./src/.env:/.dockerenv:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro
mariadb:
container_name: kolab-mariadb
environment:
MYSQL_ROOT_PASSWORD: Welcome2KolabSystems
TZ: "+02:00"
healthcheck:
interval: 10s
test: test -e /var/run/mysqld/mysqld.sock
timeout: 5s
retries: 30
image: mariadb
network_mode: host
nginx:
build:
context: ./docker/nginx/
args:
APP_WEBSITE_DOMAIN: ${APP_WEBSITE_DOMAIN:?err}
- SSL_CERTIFICATE: /etc/letsencrypt/live/${APP_WEBSITE_DOMAIN:?err}/fullchain.pem
- SSL_CERTIFICATE_KEY: /etc/letsencrypt/live/${APP_WEBSITE_DOMAIN:?err}/privkey.pem
+ SSL_CERTIFICATE: ${NGINX_SSL_CERTIFICATE:?err}
+ SSL_CERTIFICATE_KEY: ${NGINX_SSL_CERTIFICATE_KEY:?err}
depends_on:
kolab:
condition: service_healthy
healthcheck:
interval: 10s
test: "kill -0 $$(cat /run/nginx.pid)"
timeout: 5s
retries: 30
container_name: kolab-nginx
hostname: nginx.hosted.com
image: kolab-nginx
network_mode: host
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- /etc/letsencrypt/:/etc/letsencrypt/:ro
- ./docker/certs/imap.hosted.com.cert:/etc/pki/tls/certs/imap.hosted.com.cert
- ./docker/certs/imap.hosted.com.key:/etc/pki/tls/private/imap.hosted.com.key
pdns-sql:
build:
context: ./docker/pdns-sql/
container_name: kolab-pdns-sql
depends_on:
mariadb:
condition: service_healthy
hostname: pdns-sql
image: apheleia/kolab-pdns-sql
network_mode: host
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
proxy:
build:
context: ./docker/proxy/
args:
APP_WEBSITE_DOMAIN: ${APP_WEBSITE_DOMAIN:?err}
- SSL_CERTIFICATE: /etc/letsencrypt/live/${APP_WEBSITE_DOMAIN:?err}/fullchain.pem
- SSL_CERTIFICATE_KEY: /etc/letsencrypt/live/${APP_WEBSITE_DOMAIN:?err}/privkey.pem
+ SSL_CERTIFICATE: ${PROXY_SSL_CERTIFICATE:?err}
+ SSL_CERTIFICATE_KEY: ${PROXY_SSL_CERTIFICATE_KEY:?err}
healthcheck:
interval: 10s
test: "kill -0 $$(cat /run/nginx.pid)"
timeout: 5s
retries: 30
container_name: kolab-proxy
hostname: ${APP_WEBSITE_DOMAIN:?err}
image: kolab-proxy
network_mode: host
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- ./docker/certs/:/etc/certs/:ro
- /etc/letsencrypt/:/etc/letsencrypt/:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro
redis:
build:
context: ./docker/redis/
healthcheck:
interval: 10s
test: "redis-cli ping || exit 1"
timeout: 5s
retries: 30
container_name: kolab-redis
hostname: redis
image: redis
network_mode: host
volumes:
- ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro
swoole:
build:
context: ./docker/swoole/
container_name: kolab-swoole
image: apheleia/swoole:4.8.x
webapp:
build:
context: ./docker/webapp/
container_name: kolab-webapp
image: kolab-webapp
healthcheck:
interval: 10s
test: "/src/kolabsrc/artisan octane:status || exit 1"
timeout: 5s
retries: 30
depends_on:
kolab:
condition: service_healthy
network_mode: host
volumes:
- ./src:/src/kolabsrc.orig:ro
tests:
build:
context: ./docker/tests/
container_name: kolab-tests
image: kolab-tests
depends_on:
kolab:
condition: service_healthy
network_mode: host
volumes:
- ./src:/src/kolabsrc.orig:ro
worker:
build:
context: ./docker/worker/
container_name: kolab-worker
depends_on:
- kolab
hostname: worker
image: kolab-worker
network_mode: host
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- ./src:/home/worker/src.orig:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro
meet:
build:
context: ./docker/meet/
healthcheck:
interval: 10s
test: "curl --insecure -H 'X-AUTH-TOKEN: ${MEET_SERVER_TOKEN}' --fail https://localhost:12443/meetmedia/api/health || exit 1"
timeout: 5s
retries: 30
environment:
- WEBRTC_LISTEN_IP=${MEET_WEBRTC_LISTEN_IP:?err}
- PUBLIC_DOMAIN=${MEET_PUBLIC_DOMAIN:?err}
- LISTENING_HOST=0.0.0.0
- LISTENING_PORT=12443
- TURN_SERVER=${MEET_TURN_SERVER}
- TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
- AUTH_TOKEN=${MEET_SERVER_TOKEN:?err}
- WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN:?err}
- WEBHOOK_URL=${APP_PUBLIC_URL:?err}/api/webhooks/meet
- SSL_CERT=/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN:?err}.cert
- SSL_KEY=/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN:?err}.key
network_mode: host
container_name: kolab-meet
image: kolab-meet
volumes:
- ./meet/server:/src/meet/:ro
- ./docker/meet/build/node_modules:/root/node_modules
- ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.cert:/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN}.cert
- ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.key:/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN}.key
diff --git a/src/.env.example b/src/.env.example
index ff90e3a4..41c85959 100644
--- a/src/.env.example
+++ b/src/.env.example
@@ -1,176 +1,186 @@
APP_NAME=Kolab
APP_ENV=local
APP_KEY=
APP_DEBUG=true
APP_URL=http://127.0.0.1:8000
#APP_PASSPHRASE=
APP_PUBLIC_URL=
APP_DOMAIN=kolabnow.com
APP_WEBSITE_DOMAIN=kolabnow.com
APP_THEME=default
APP_TENANT_ID=5
APP_LOCALE=en
APP_LOCALES=
APP_WITH_ADMIN=1
APP_WITH_RESELLER=1
APP_WITH_SERVICES=1
APP_WITH_FILES=1
APP_HEADER_CSP="connect-src 'self'; child-src 'self'; font-src 'self'; form-action 'self' data:; frame-ancestors 'self'; img-src blob: data: 'self' *; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; default-src 'self';"
APP_HEADER_XFO=sameorigin
SIGNUP_LIMIT_EMAIL=0
SIGNUP_LIMIT_IP=0
ASSET_URL=http://127.0.0.1:8000
WEBMAIL_URL=/apps
SUPPORT_URL=/support
SUPPORT_EMAIL=
LOG_CHANNEL=stack
LOG_SLOW_REQUESTS=5
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug
DB_CONNECTION=mysql
DB_DATABASE=kolabdev
DB_HOST=127.0.0.1
DB_PASSWORD=kolab
DB_PORT=3306
DB_USERNAME=kolabdev
BROADCAST_DRIVER=redis
CACHE_DRIVER=redis
QUEUE_CONNECTION=redis
SESSION_DRIVER=file
SESSION_LIFETIME=120
OPENEXCHANGERATES_API_KEY="from openexchangerates.org"
MFA_DSN=mysql://roundcube:Welcome2KolabSystems@127.0.0.1/roundcube
MFA_TOTP_DIGITS=6
MFA_TOTP_INTERVAL=30
MFA_TOTP_DIGEST=sha1
IMAP_URI=ssl://127.0.0.1:11993
IMAP_ADMIN_LOGIN=cyrus-admin
IMAP_ADMIN_PASSWORD=Welcome2KolabSystems
IMAP_VERIFY_HOST=false
IMAP_VERIFY_PEER=false
LDAP_BASE_DN="dc=mgmt,dc=com"
LDAP_DOMAIN_BASE_DN="ou=Domains,dc=mgmt,dc=com"
LDAP_HOSTS=127.0.0.1
LDAP_PORT=389
LDAP_SERVICE_BIND_DN="uid=kolab-service,ou=Special Users,dc=mgmt,dc=com"
LDAP_SERVICE_BIND_PW="Welcome2KolabSystems"
LDAP_USE_SSL=false
LDAP_USE_TLS=false
# Administrative
LDAP_ADMIN_BIND_DN="cn=Directory Manager"
LDAP_ADMIN_BIND_PW="Welcome2KolabSystems"
LDAP_ADMIN_ROOT_DN="dc=mgmt,dc=com"
# Hosted (public registration)
LDAP_HOSTED_BIND_DN="uid=hosted-kolab-service,ou=Special Users,dc=mgmt,dc=com"
LDAP_HOSTED_BIND_PW="Welcome2KolabSystems"
LDAP_HOSTED_ROOT_DN="dc=hosted,dc=com"
COTURN_PUBLIC_IP=127.0.0.1
COTURN_STATIC_SECRET="Welcome2KolabSystems"
MEET_WEBHOOK_TOKEN=Welcome2KolabSystems
MEET_SERVER_TOKEN=Welcome2KolabSystems
MEET_SERVER_URLS=https://localhost:12443/meetmedia/api/
MEET_SERVER_VERIFY_TLS=true
MEET_WEBRTC_LISTEN_IP=
MEET_PUBLIC_DOMAIN=127.0.0.1:12443
MEET_TURN_SERVER='turn:127.0.0.1:3478?transport=tcp'
PGP_ENABLED=
PGP_BINARY=
PGP_AGENT=
PGP_GPGCONF=
PGP_LENGTH=
# Set these to IP addresses you serve WOAT with.
# Have the domain owner point _woat.<hosted-domain> NS RRs refer to ns0{1,2}.<provider-domain>
WOAT_NS1=ns01.domain.tld
WOAT_NS2=ns02.domain.tld
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
OCTANE_HTTP_HOST=127.0.0.1
SWOOLE_PACKAGE_MAX_LENGTH=10485760
PAYMENT_PROVIDER=
MOLLIE_KEY=
STRIPE_KEY=
STRIPE_PUBLIC_KEY=
STRIPE_WEBHOOK_SECRET=
MAIL_MAILER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS="noreply@example.com"
MAIL_FROM_NAME="Example.com"
MAIL_REPLYTO_ADDRESS="replyto@example.com"
MAIL_REPLYTO_NAME=null
DNS_TTL=3600
DNS_SPF="v=spf1 mx -all"
DNS_STATIC="%s. MX 10 ext-mx01.mykolab.com."
DNS_COPY_FROM=null
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
AWS_USE_PATH_STYLE_ENDPOINT=false
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
MIX_ASSET_PATH='/'
MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
# Generate with ./artisan passport:client --password
#PASSPORT_PROXY_OAUTH_CLIENT_ID=
#PASSPORT_PROXY_OAUTH_CLIENT_SECRET=
# Generate with ./artisan passport:client --password
#PASSPORT_COMPANIONAPP_OAUTH_CLIENT_ID=
#PASSPORT_COMPANIONAPP_OAUTH_CLIENT_SECRET=
PASSPORT_PRIVATE_KEY=
PASSPORT_PUBLIC_KEY=
PASSWORD_POLICY=
COMPANY_NAME=
COMPANY_ADDRESS=
COMPANY_DETAILS=
COMPANY_EMAIL=
COMPANY_LOGO=
COMPANY_FOOTER=
VAT_COUNTRIES=CH,LI
VAT_RATE=7.7
KB_ACCOUNT_DELETE=
KB_ACCOUNT_SUSPENDED=
KB_PAYMENT_SYSTEM=
+
+KOLAB_SSL_CERTIFICATE=/etc/pki/tls/certs/kolab.hosted.com.cert
+KOLAB_SSL_CERTIFICATE_FULLCHAIN=/etc/pki/tls/certs/kolab.hosted.com.chain.pem
+KOLAB_SSL_CERTIFICATE_KEY=/etc/pki/tls/certs/kolab.hosted.com.key
+
+PROXY_SSL_CERTIFICATE=/etc/pki/tls/certs/imap.hosted.com.cert
+PROXY_SSL_CERTIFICATE_KEY=/etc/pki/tls/certs/imap.hosted.com.key
+
+NGINX_SSL_CERTIFICATE=/etc/pki/tls/certs/imap.hosted.com.cert
+NGINX_SSL_CERTIFICATE_KEY=/etc/pki/tls/certs/imap.hosted.com.key
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Fri, Mar 20, 2:39 AM (1 d, 16 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
458847
Default Alt Text
(14 KB)
Attached To
Mode
R2 kolab
Attached
Detach File
Event Timeline
Log In to Comment