andreas/kopano-docker
1
0
Fork 0
Code Issues 8 Pull Requests Packages Projects 1 Releases Wiki Activity

added build & push

Browse Source
This commit is contained in:
andreas
2023-04-09 20:48:49 +00:00
parent 820d8f71d7
commit e7ef8f4496
23 changed files with 100 additions and 427 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1 +1,2 @@
/dist
*.tmp

14
build_push Normal file
View File

@@ -0,0 +1,14 @@
#!/usr/bin/bash
# build and push images (using compose)
docker compose build
# docker compose build --no-cache
docker compose push
# build and push images (just with docker)
# find . -name Dockerfile | while read P; do sed -e 's|\./\(.*\)/Dockerfile|\1|'; done >builds.tmp
# export TAG=1.0
# cat builds.tmp | while read P; do \
# docker build -t $P ./$P; \
# docker tag $P:latest baloan/$P:latest; \
# docker tag $P:latest baloan/$P:$TAG; \
# docker push baloan/$P:latest; \
# done

2
core/Dockerfile
View File

@@ -25,7 +25,7 @@ COPY --chmod=0775 entrypoint.sh /entrypoint.sh
#EXPOSE 237
# lmtp (dagent)
#EXPOSE 2003
VOLUME /etc/kopano
VOLUME /var/lib/kopano/attachments
VOLUME /var/lib/kopano/search
ENTRYPOINT ["/entrypoint.sh"]
CMD ["bash"]

4
core/build.sh → core/scratchpad.sh
View File

@@ -15,7 +15,3 @@ docker container ls
docker container prune
docker image ls
docker image prune -a -f
# docker login --username baloan --password 'yZBCUs5&@?:.'
# docker tag -t core:latest ...
# docker push

30
docker-compose.yml
View File

@@ -2,18 +2,27 @@
services:
server:
build: ./core
image: core
image: baloan/core
depends_on:
- mysql
ports:
- 236:236
volumes:
- attachments:/var/lib/kopano/attachments
- ./etc-zntrl/kopano:/etc/kopano:ro
- attachments:/var/lib/kopano/attachments
command: /usr/sbin/kopano-server
search:
build: ./core
image: baloan/core
depends_on:
- server
volumes:
- ./etc-zntrl/kopano:/etc/kopano:ro
- search:/var/lib/kopano/search
command: /usr/sbin/kopano-search
spooler:
build: ./core
image: core
image: baloan/core
depends_on:
- server
volumes:
@@ -21,7 +30,7 @@ services:
command: /usr/sbin/kopano-spooler
dagent:
build: ./core
image: core
image: baloan/core
volumes:
- ./etc-zntrl/kopano:/etc/kopano:ro
depends_on:
@@ -39,7 +48,7 @@ services:
- 3307:3306
webapp:
build: ./webapp
image: webapp
image: baloan/webapp
labels:
- traefik.enable=true
- traefik.http.routers.webapp.rule=Host(`$MAIL_DOMAIN`) && PathPrefix(`/webapp`)
@@ -56,7 +65,7 @@ services:
- traefik
z-push:
build: ./z-push
image: z-push
image: baloan/z-push
labels:
- traefik.enable=true
- traefik.http.routers.webapp.rule=Host(`$MAIL_DOMAIN`) && PathPrefix(`/Microsoft-Server-ActiveSync`)
@@ -74,7 +83,7 @@ services:
- traefik
postfix:
build: ./postfix
image: postfix
image: baloan/postfix
ports:
- 8025:25
volumes:
@@ -86,12 +95,7 @@ networks:
volumes:
database:
attachments:
search:
z-push:
spool:
# search:
# image: core
# depends_on:
# - db
# - server
# command: /usr/sbin/kopano-search

11
etc-zntrl/kopano/search.cfg
View File

@@ -5,11 +5,10 @@
# Limit the number of results returned (0 = no limit)
#limit_results = 1000
# Socket to the storage server.
# Use https to reach servers over the network
#server_socket = file:///var/run/kopano/server.sock
server_socket = https://server:237
# Login to the storage server using this SSL Key
#sslkey_file = /etc/kopano/ssl/search.pem
sslkey_file = /etc/kopano/ssl/private/system-key-cert.pem
# The password of the SSL Key
#sslkey_pass = replace-with-server-cert-password
@@ -20,10 +19,10 @@
# File with RSA key for SSL, used when server_bind_name uses https://...
#ssl_private_key_file = /etc/kopano/search/privkey.pem
#log_method = file
#log_method = auto
# Loglevel (0(none), 1(crit), 2(err), 3(warn), 4(notice), 5(info), 6(debug))
log_level = 5
log_file = /var/log/kopano/search.log
log_level = 6
#log_file = /var/log/kopano/search.log
#log_timestamp = yes
# Number of indexing processes used during initial indexing

4
etc-zntrl/kopano/server.cfg
View File

@@ -20,9 +20,9 @@ sslkeys_path = /etc/kopano/sslkeys
# Name for identifying the server in a multi-server environment. Need
# not be a DNS name, but this name needs to be present on a LDAP
# kopano-server object's cn value.
server_name = kopano.server
#server_name = kopano.server
# Multi-server
# enable_distributed_kopano = false
#enable_distributed_kopano = false
database_engine = mysql
mysql_host = mysql

6
etc-zntrl/kopano/webapp/config.php
View File

@@ -19,7 +19,7 @@
// define("DEFAULT_SERVER", "http://localhost:236/kopano");
// define("DEFAULT_SERVER", "https://localhost:237/kopano");
// define("DEFAULT_SERVER", "file:///var/run/kopano/server.sock");
define("DEFAULT_SERVER", "http://kopano-server-1:236/kopano");
define("DEFAULT_SERVER", "http://server:236/kopano");
// When using a Single-Sign-On (SSO) system on your webserver and Kopano Core is on another server
// you can use https to access the Kopano server, and authenticate using an SSL certificate.
@@ -258,7 +258,7 @@
* LOGLEVEL_WARN and LOGLEVEL_INFO level entries.
*
**************************************************************************************/
define("LOG_USER_LEVEL", LOGLEVEL_OFF);
define("LOG_USER_LEVEL", LOGLEVEL_INFO);
// To save e.g. user activity data only for selected users, provide the username followed by semicolon.
// The data will be saved into a dedicated file per user in the LOG_FILE_DIR
@@ -296,7 +296,7 @@
// Defines the default time zone
if (!ini_get('date.timezone')) {
date_default_timezone_set('Europe/Amsterdam');
date_default_timezone_set('Europe/Berlin');
}
/**************************************\

4
etc-zntrl/z-push/gabsync.conf.php
View File

@@ -33,7 +33,7 @@ define('SYNCWORKER', 'Kopano');
// Unique id to find a contact from the GAB (value to be supplied by -u on the command line)
// Zarafa supports: 'account' and 'smtpAddress' (email)
define('UNIQUEID', 'account');
define('UNIQUEID', 'smtpAddress');
// Server connection settings
// Depending on your setup, it might be advisable to change the lines below to one defined with your
@@ -50,7 +50,7 @@ define('UNIQUEID', 'account');
// For ZCP versions prior to 7.2.0 the socket location is different (http(s) sockets are the same):
// define("SERVER", "file:///var/run/zarafa");
define('SERVER', 'default:');
define('SERVER', 'http://server:236/kopano');
define('USERNAME', 'SYSTEM');
define('PASSWORD', '');

2
etc-zntrl/z-push/kopano.conf.php
View File

@@ -43,7 +43,7 @@
// For ZCP versions prior to 7.2.0 the socket location is different (http(s) sockets are the same):
// define("MAPI_SERVER", "file:///var/run/zarafa");
define('MAPI_SERVER', 'http://kopano-server-1:236/kopano');
define('MAPI_SERVER', 'http://server:236/kopano');
// Read-Only shared folders
// When trying to write a change on a read-only folder this data is dropped and replaced on the device of the user.

2
etc-zntrl/z-push/z-push.conf.php
View File

@@ -50,7 +50,7 @@
* false - use the username only.
* true - string the mobile sends as username, e.g. full email address (default).
*/
define('USE_FULLEMAIL_FOR_LOGIN', false);
define('USE_FULLEMAIL_FOR_LOGIN', true);
/**********************************************************************************
* StateMachine setting

375
etc-zntrl/z-push/z-push.conf.php.dist
View File

@@ -1,375 +0,0 @@
<?php
/***********************************************
* File : config.php
* Project : Z-Push
* Descr : Main configuration file
*
* Created : 01.10.2007
*
* Copyright 2007 - 2016 Zarafa Deutschland GmbH
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* Consult LICENSE file for details
************************************************/
/**********************************************************************************
* Default settings
*/
// Defines the default time zone, change e.g. to "Europe/London" if necessary
define('TIMEZONE', '');
// Defines the base path on the server
define('BASE_PATH', dirname($_SERVER['SCRIPT_FILENAME']). '/');
// Try to set unlimited timeout
define('SCRIPT_TIMEOUT', 0);
// When accessing through a proxy, the "X-Forwarded-For" header contains the original remote IP
define('USE_X_FORWARDED_FOR_HEADER', false);
// When using client certificates, we can check if the login sent matches the owner of the certificate.
// This setting specifies the owner parameter in the certificate to look at.
define("CERTIFICATE_OWNER_PARAMETER", "SSL_CLIENT_S_DN_CN");
/*
* Whether to use the complete email address as a login name
* (e.g. user@company.com) or the username only (user).
* This is required for Z-Push to work properly after autodiscover.
* Possible values:
* false - use the username only.
* true - string the mobile sends as username, e.g. full email address (default).
*/
define('USE_FULLEMAIL_FOR_LOGIN', true);
/**********************************************************************************
* StateMachine setting
*
* These StateMachines can be used:
* FILE - FileStateMachine (default). Needs STATE_DIR set as well.
* SQL - SqlStateMachine has own configuration file. STATE_DIR is ignored.
* State migration script is available, more informations: https://wiki.z-hub.io/x/xIAa
*/
define('STATE_MACHINE', 'FILE');
define('STATE_DIR', '/var/lib/z-push/');
/**********************************************************************************
* IPC - InterProcessCommunication
*
* Is either provided by using shared memory on a single host or
* using the memcache provider for multi-host environments.
* When another implementation should be used, the class can be set here explicitly.
* If empty Z-Push will try to use available providers.
*/
define('IPC_PROVIDER', '');
/**********************************************************************************
* Logging settings
*
* The LOGBACKEND specifies where the logs are sent to.
* Either to file ("filelog") or to a "syslog" server or a custom log class in core/log/logclass.
* filelog and syslog have several options that can be set below.
* For more information about the syslog configuration, see https://wiki.z-hub.io/x/HIAT
* Possible LOGLEVEL and LOGUSERLEVEL values are:
* LOGLEVEL_OFF - no logging
* LOGLEVEL_FATAL - log only critical errors
* LOGLEVEL_ERROR - logs events which might require corrective actions
* LOGLEVEL_WARN - might lead to an error or require corrective actions in the future
* LOGLEVEL_INFO - usually completed actions
* LOGLEVEL_DEBUG - debugging information, typically only meaningful to developers
* LOGLEVEL_WBXML - also prints the WBXML sent to/from the device
* LOGLEVEL_DEVICEID - also prints the device id for every log entry
* LOGLEVEL_WBXMLSTACK - also prints the contents of WBXML stack
*
* The verbosity increases from top to bottom. More verbose levels include less verbose
* ones, e.g. setting to LOGLEVEL_DEBUG will also output LOGLEVEL_FATAL, LOGLEVEL_ERROR,
* LOGLEVEL_WARN and LOGLEVEL_INFO level entries.
*
* LOGAUTHFAIL is logged to the LOGBACKEND.
*/
define('LOGBACKEND', 'filelog');
define('LOGLEVEL', LOGLEVEL_INFO);
define('LOGAUTHFAIL', false);
// To save e.g. WBXML data only for selected users, add the usernames to the array
// The data will be saved into a dedicated file per user in the LOGFILEDIR
// Users have to be encapusulated in quotes, several users are comma separated, like:
// $specialLogUsers = array('info@domain.com', 'myusername');
define('LOGUSERLEVEL', LOGLEVEL_DEVICEID);
$specialLogUsers = array();
// Filelog settings
define('LOGFILEDIR', '/var/log/z-push/');
define('LOGFILE', LOGFILEDIR . 'z-push.log');
define('LOGERRORFILE', LOGFILEDIR . 'z-push-error.log');
// Syslog settings
// false will log to local syslog, otherwise put the remote syslog IP here
define('LOG_SYSLOG_HOST', false);
// Syslog port
define('LOG_SYSLOG_PORT', 514);
// Program showed in the syslog. Useful if you have more than one instance login to the same syslog
define('LOG_SYSLOG_PROGRAM', 'z-push');
// Syslog facility - use LOG_USER when running on Windows
define('LOG_SYSLOG_FACILITY', LOG_LOCAL0);
// Location of the trusted CA, e.g. '/etc/ssl/certs/EmailCA.pem'
// Uncomment and modify the following line if the validation of the certificates fails.
// define('CAINFO', '/etc/ssl/certs/EmailCA.pem');
/**********************************************************************************
* Mobile settings
*/
// Device Provisioning
define('PROVISIONING', true);
// This option allows the 'loose enforcement' of the provisioning policies for older
// devices which don't support provisioning (like WM 5 and HTC Android Mail) - dw2412 contribution
// false (default) - Enforce provisioning for all devices
// true - allow older devices, but enforce policies on devices which support it
define('LOOSE_PROVISIONING', false);
// The file containing the policies' settings.
// Set a full path or relative to the z-push main directory
define('PROVISIONING_POLICYFILE', 'policies.ini');
// Default conflict preference
// Some devices allow to set if the server or PIM (mobile)
// should win in case of a synchronization conflict
// SYNC_CONFLICT_OVERWRITE_SERVER - Server is overwritten, PIM wins
// SYNC_CONFLICT_OVERWRITE_PIM - PIM is overwritten, Server wins (default)
define('SYNC_CONFLICT_DEFAULT', SYNC_CONFLICT_OVERWRITE_PIM);
// Global limitation of items to be synchronized
// The mobile can define a sync back period for calendar and email items
// For large stores with many items the time period could be limited to a max value
// If the mobile transmits a wider time period, the defined max value is used
// Applicable values:
// SYNC_FILTERTYPE_ALL (default, no limitation)
// SYNC_FILTERTYPE_1DAY, SYNC_FILTERTYPE_3DAYS, SYNC_FILTERTYPE_1WEEK, SYNC_FILTERTYPE_2WEEKS,
// SYNC_FILTERTYPE_1MONTH, SYNC_FILTERTYPE_3MONTHS, SYNC_FILTERTYPE_6MONTHS
define('SYNC_FILTERTIME_MAX', SYNC_FILTERTYPE_ALL);
// Interval in seconds before checking if there are changes on the server when in Ping.
// It means the highest time span before a change is pushed to a mobile. Set it to
// a higher value if you have a high load on the server.
define('PING_INTERVAL', 30);
// Set the fileas (save as) order for contacts in the webaccess/webapp/outlook.
// It will only affect new/modified contacts on the mobile which then are synced to the server.
// Possible values are:
// SYNC_FILEAS_FIRSTLAST - fileas will be "Firstname Middlename Lastname"
// SYNC_FILEAS_LASTFIRST - fileas will be "Lastname, Firstname Middlename"
// SYNC_FILEAS_COMPANYONLY - fileas will be "Company"
// SYNC_FILEAS_COMPANYLAST - fileas will be "Company (Lastname, Firstname Middlename)"
// SYNC_FILEAS_COMPANYFIRST - fileas will be "Company (Firstname Middlename Lastname)"
// SYNC_FILEAS_LASTCOMPANY - fileas will be "Lastname, Firstname Middlename (Company)"
// SYNC_FILEAS_FIRSTCOMPANY - fileas will be "Firstname Middlename Lastname (Company)"
// The company-fileas will only be set if a contact has a company set. If one of
// company-fileas is selected and a contact doesn't have a company set, it will default
// to SYNC_FILEAS_FIRSTLAST or SYNC_FILEAS_LASTFIRST (depending on if last or first
// option is selected for company).
// If SYNC_FILEAS_COMPANYONLY is selected and company of the contact is not set
// SYNC_FILEAS_LASTFIRST will be used
define('FILEAS_ORDER', SYNC_FILEAS_LASTFIRST);
// Maximum amount of items to be synchronized per request.
// Normally this value is requested by the mobile. Common values are 5, 25, 50 or 100.
// Exporting too much items can cause mobile timeout on busy systems.
// Z-Push will use the lowest provided value, either set here or by the mobile.
// MS Outlook 2013+ request up to 512 items to accelerate the sync process.
// If you detect high load (also on subsystems) you could try a lower setting.
// max: 512 - value used if mobile does not limit amount of items
define('SYNC_MAX_ITEMS', 512);
// The devices usually send a list of supported properties for calendar and contact
// items. If a device does not includes such a supported property in Sync request,
// it means the property's value will be deleted on the server.
// However some devices do not send a list of supported properties. It is then impossible
// to tell if a property was deleted or it was not set at all if it does not appear in Sync.
// This parameter defines Z-Push behaviour during Sync if a device does not issue a list with
// supported properties.
// See also https://jira.z-hub.io/browse/ZP-302.
// Possible values:
// false - do not unset properties which are not sent during Sync (default)
// true - unset properties which are not sent during Sync
define('UNSET_UNDEFINED_PROPERTIES', false);
// ActiveSync specifies that a contact photo may not exceed 48 KB. This value is checked
// in the semantic sanity checks and contacts with larger photos are not synchronized.
// This limitation is not being followed by the ActiveSync clients which set much bigger
// contact photos. You can override the default value of the max photo size.
// default: 5242880 - 5 MB default max photo size in bytes
define('SYNC_CONTACTS_MAXPICTURESIZE', 5242880);
// Over the WebserviceUsers command it is possible to retrieve a list of all
// known devices and users on this Z-Push system. The authenticated user needs to have
// admin rights and a public folder must exist.
// In multicompany environments this enable an admin user of any company to retrieve
// this full list, so this feature is disabled by default. Enable with care.
define('ALLOW_WEBSERVICE_USERS_ACCESS', false);
// Users with many folders can use the 'partial foldersync' feature, where the server
// actively stops processing the folder list if it takes too long. Other requests are
// then redirected to the FolderSync to synchronize the remaining items.
// Device compatibility for this procedure is not fully understood.
// NOTE: THIS IS AN EXPERIMENTAL FEATURE WHICH COULD PREVENT YOUR MOBILES FROM SYNCHRONIZING.
define('USE_PARTIAL_FOLDERSYNC', false);
// The minimum accepted time in second that a ping command should last.
// It is strongly advised to keep this config to false. Some device
// might not be able to send a higher value than the one specificied here and thus
// unable to start a push connection.
// If set to false, there will be no lower bound to the ping lifetime.
// The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes).
define('PING_LOWER_BOUND_LIFETIME', false);
// The maximum accepted time in second that a ping command should last.
// If set to false, there will be no higher bound to the ping lifetime.
// The minimum accepted value is 1 second. The maximum accepted value is 3540 seconds (59 minutes).
define('PING_HIGHER_BOUND_LIFETIME', false);
// Maximum response time
// Mobiles implement different timeouts to their TCP/IP connections. Android devices for example
// have a hard timeout of 30 seconds. If the server is not able to answer a request within this timeframe,
// the answer will not be recieved and the device will send a new one overloading the server.
// There are three categories
// - Short timeout - server has up within 30 seconds - is automatically applied for not categorized types
// - Medium timeout - server has up to 90 seconds to respond
// - Long timeout - server has up to 4 minutes to respond
// If a timeout is almost reached the server will break and sent the results it has until this
// point. You can add DeviceType strings to the categories.
// In general longer timeouts are better, because more data can be streamed at once.
define('SYNC_TIMEOUT_MEDIUM_DEVICETYPES', "SAMSUNGGTI");
define('SYNC_TIMEOUT_LONG_DEVICETYPES', "iPod, iPad, iPhone, WP, WindowsOutlook, WindowsMail");
// Time in seconds the device should wait whenever the service is unavailable,
// e.g. when a backend service is unavailable.
// Z-Push sends a "Retry-After" header in the response with the here defined value.
// It is up to the device to respect or not this directive so even if this option is set,
// the device might not wait requested time frame.
// Number of seconds before retry, to disable set to: false
define('RETRY_AFTER_DELAY', 300);
/**********************************************************************************
* Backend settings
*/
// the backend data provider
define('BACKEND_PROVIDER', '');
/**********************************************************************************
* Search provider settings
*
* Alternative backend to perform SEARCH requests (GAL search)
* By default the main Backend defines the preferred search functionality.
* If set, the Search Provider will always be preferred.
* Use 'BackendSearchLDAP' to search in a LDAP directory (see backend/searchldap/config.php)
*/
define('SEARCH_PROVIDER', '');
// Time in seconds for the server search. Setting it too high might result in timeout.
// Setting it too low might not return all results. Default is 10.
define('SEARCH_WAIT', 10);
// The maximum number of results to send to the client. Setting it too high
// might result in timeout. Default is 10.
define('SEARCH_MAXRESULTS', 10);
/**********************************************************************************
* Kopano Outlook Extension - Settings
*
* The Kopano Outlook Extension (KOE) provides MS Outlook 2013 and newer with
* functionality not provided by ActiveSync or not implemented by Outlook.
* For more information, see: https://wiki.z-hub.io/x/z4Aa
*/
// Global Address Book functionality
define('KOE_CAPABILITY_GAB', true);
// Synchronize mail flags from the server to Outlook/KOE
define('KOE_CAPABILITY_RECEIVEFLAGS', true);
// Encode flags when sending from Outlook/KOE
define('KOE_CAPABILITY_SENDFLAGS', true);
// Out-of-office support
define('KOE_CAPABILITY_OOF', true);
// Out-of-office support with start & end times (superseeds KOE_CAPABILITY_OOF)
define('KOE_CAPABILITY_OOFTIMES', true);
// Notes support
define('KOE_CAPABILITY_NOTES', true);
// Shared folder support
define('KOE_CAPABILITY_SHAREDFOLDER', true);
// Send-As support for Outlook/KOE and mobiles
define('KOE_CAPABILITY_SENDAS', true);
// Secondary Contact folders (own and shared)
define('KOE_CAPABILITY_SECONDARYCONTACTS', true);
// Copy WebApp signature into KOE
define('KOE_CAPABILITY_SIGNATURES', true);
// Delivery receipt requests
define('KOE_CAPABILITY_RECEIPTS', true);
// To synchronize the GAB KOE, the GAB store and folderid need to be specified.
// Use the gab-sync script to generate this data. The name needs to
// match the config of the gab-sync script.
// More information here: https://wiki.z-hub.io/x/z4Aa (GAB Sync Script)
define('KOE_GAB_STORE', 'SYSTEM');
define('KOE_GAB_FOLDERID', '');
define('KOE_GAB_NAME', 'Z-Push-KOE-GAB');
/**********************************************************************************
* Synchronize additional folders to all mobiles
*
* With this feature, special folders can be synchronized to all mobiles.
* This is useful for e.g. global company contacts.
*
* This feature is supported only by certain devices, like iPhones.
* Check the compatibility list for supported devices:
* http://z-push.org/compatibility
*
* To synchronize a folder, add a section setting all parameters as below:
* store: the ressource where the folder is located.
* Kopano users use 'SYSTEM' for the 'Public Folder'
* folderid: folder id of the folder to be synchronized
* name: name to be displayed on the mobile device
* type: supported types are:
* SYNC_FOLDER_TYPE_USER_CONTACT
* SYNC_FOLDER_TYPE_USER_APPOINTMENT
* SYNC_FOLDER_TYPE_USER_TASK
* SYNC_FOLDER_TYPE_USER_MAIL
* SYNC_FOLDER_TYPE_USER_NOTE
*
* Additional notes:
* - on Kopano systems use backend/kopano/listfolders.php script to get a list
* of available folders
*
* - all Z-Push users must have at least reading permissions so the configured
* folders can be synchronized to the mobile. Else they are ignored.
*
* - this feature is only partly suitable for multi-tenancy environments,
* as ALL users from ALL tenents need access to the configured store & folder.
* When configuring a public folder, this will cause problems, as each user has
* a different public folder in his tenant, so the folder are not available.
* - changing this configuration could cause HIGH LOAD on the system, as all
* connected devices will be updated and load the data contained in the
* added/modified folders.
*/
$additionalFolders = array(
// demo entry for the synchronization of contacts from the public folder.
// uncomment (remove '/*' '*/') and fill in the folderid
/*
array(
'store' => "SYSTEM",
'folderid' => "",
'name' => "Public Contacts",
'type' => SYNC_FOLDER_TYPE_USER_CONTACT,
),
*/
);

0
migration.sh → migrate
View File

3
mysql/docker-entrypoint-initdb.d/00-create-kopano-user.sql
View File

@@ -1,2 +1,5 @@
CREATE USER 'kopano' IDENTIFIED BY 'Asdf2345';
GRANT ALL ON kopano.* TO 'kopano'@'%';
flush privileges;
-- database is created by server automatically if not present
-- create database kopano CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

1
postfix/Dockerfile
View File

@@ -10,7 +10,6 @@ apt-get autoclean
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* ~/.cache ~/.npm
EOF
COPY etc/postfix/ /etc/postfix/
RUN cp /etc/resolv.conf /var/spool/postfix/etc/resolv.conf
COPY --chmod=0775 entrypoint.sh /entrypoint.sh
EXPOSE 25
VOLUME /var/spool/postfix

12
postfix/etc/postfix/main.cf
View File

@@ -20,32 +20,34 @@ alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = zntrl.de
# mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
# trusts all hosts in the kopano docker network
mynetworks_style = subnet
# virtual domains
virtual_mailbox_domains = zntrl.de
virtual_mailbox_domains = zntrl.de ads64.de
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual
# virtual_transport = lmtp:unix:/var/spool/kopano/dagent.sock
virtual_transport = lmtp:dagent:2003
# default domains
# default outbound transport for all domains, use one relay for all domains
# authenticates to relay.zntrl.de for authorisation to relay mail, see also: SMTP (outbound)
default_transport = smtp:[relay.zntrl.de]:465
# SMTPD (inbound) TLS parameters
smtpd_tls_key_file = /etc/postfix/ssl/private/nuc0.lan.key
smtpd_tls_cert_file = /etc/postfix/ssl/nuc0-full-chain.pem
smtpd_tls_CApath = /etc/ssl/certs
smtpd_tls_CAfile = /etc/postfix/ssl/certs/balusign-signing-ca.pem
smtpd_tls_cert_file = /etc/postfix/ssl/nuc0-full-chain.pem
smtpd_tls_key_file = /etc/postfix/ssl/private/nuc0.lan.key
smtpd_tls_security_level=may
smtpd_tls_loglevel = 1
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
# SMTP (outbound)
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_key_file = /etc/postfix/ssl/private/nuc0.lan.key
smtp_tls_cert_file = /etc/postfix/ssl/nuc0-full-chain.pem
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt

2
postfix/etc/postfix/vmailbox
View File

@@ -2,5 +2,7 @@ baloan@zntrl.de notused
blu3prince@zntrl.de notused
fafnir@zntrl.de notused
postmaster@zntrl.de notused
andreas@ads64.de notused
postmaster@ads64.de notused
# Comment out the entry below to implement a catch-all.
# @zntrl.de notused

5
postfix/build.sh → postfix/scratchpad.sh
View File

@@ -1,9 +1,8 @@
#!/usr/bin/bash
# docker login --username baloan --password 'yZBCUs5&@?:.'
# docker run -d --name apache -p80:80 -v/root/kopano/dist:/var/www httpd
# export DOCKER_BUILDKIT=1
# docker run -d --name apache -p80:80 -v/root/kopano/dist:/var/www httpd
docker build -t postfix .
docker run -d --name postfix -v/root/kopano/postfix/etc/postfix:/etc/postfix postfix
docker run -d --name postfix -v/root/kopano/postfix/etc/postfix:/etc/postfix -p8025:25 postfix
docker logs -f postfix
docker exec -it postfix sh

10
prep Normal file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/bash
export DOCKER_BUILDKIT=1
alias up='docker compose up -d'
#alias up='docker compose up -d --build'
alias down='docker compose down'
alias build='docker compose build'
alias push='docker compose push'
docker login --username baloan --password 'yZBCUs5&@?:.'
# access to packages
docker run -d --rm --name dist -p80:80 -v/root/kopano-docker/dist:/usr/local/apache2/htdocs httpd

18
ssl/mkcerts Normal file
View File

@@ -0,0 +1,18 @@
#!/usr/bin/bash
# create ssl certificates for docker network
# create signing ca (minimal pki)
openssl req -new -config etc/kopano-ca.conf -out ca/kopano-ca.csr -keyout private/kopano-ca.key
openssl ca -selfsign -config etc/kopano-ca.conf -in ca/kopano-ca.csr -out certs/kopano-ca.crt -extensions signing_ca_ext
# create kopano server ssl key (for encryption)
set SAN=DNS:server
openssl req -new -config etc/kopano-server.conf -out certs/kopano-server.csr -keyout private/kopano-server.key
openssl ca -config etc/kopano-ca.conf -in certs/kopano-server.csr -out certs/kopano-server.crt -extensions server_ext
# create kopano clients ssl key pair (for authentification)
# private key for client, public key for server sslkeys
create-key dagent
create-key spooler
create-key search
create-key webapp
create-key z-push

9
todo Normal file
View File

@@ -0,0 +1,9 @@
complete internal SSL key generation and injection
complete relay SSL key generation and injection (manual for distribution to relay)
recipe: how to add a domain (dns, postfix virtual domains, webapp, z-push)
bareos mysql backup (mysqldump, or database shutdown during backup)
remove all etc volume mounts
kopano server and database tuning
check logging for all containers
remove passwords from gitlab & docker
baloghs.de migration

4
webapp/build.sh → webapp/scratchpad.sh
View File

@@ -14,7 +14,3 @@ docker container ls
docker container prune
docker image ls
docker image prune -a -f
# docker login --username baloan --password 'yZBCUs5&@?:.'
# docker tag -t webapp:latest ...
# docker push

4
z-push/build.sh → z-push/scratchpad.sh
View File

@@ -15,7 +15,3 @@ docker container ls
docker container prune
docker image ls
docker image prune -a -f
# docker login --username baloan --password 'yZBCUs5&@?:.'
# docker tag -t z-push:latest ...
# docker push