Page MenuHomePhorge
Files F117652098

D3845.1774870030.diff
No OneTemporary
Actions

Authored By
Unknown
Size
96 KB
Referenced Files
None
Subscribers
None

D3845.1774870030.diff
View Options

diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -1,32 +1,41 @@
-## Quickstart Instructions
-
-Really quick?
-
-```
-$ bin/quickstart.sh
-```
-
-More detailed:
-
-```
-$ bin/regen-certs
-$ docker pull kolab/centos7:latest
-$ docker-compose down
-$ docker-compose up -d
-$ cd src/
-$ composer install
-$ npm install
-$ cp .env.example .env
-$ echo "" >> .env
-$ cat .env.local >> .env
-$ ./artisan key:generate
-$ ./artisan jwt:secret -f
-$ ./artisan clear-compiled
-$ npm run dev
-$ rm -rf database/database.sqlite
-$ touch database/database.sqlite
-$ ./artisan migrate:refresh --seed
-$ ./artisan serve
-```
-
-NOTE: Set `APP_PUBLIC_URL` and `MOLLIE_KEY` and other such private settings in `.env.local`
+## Quickstart Instructions to try it out
+
+* Make sure you have docker and docker-compose available.
+* Run 'make deploy' in the base directory.
+* Add an /etc/hosts entry "127.0.0.1 kolab.local"
+* navigate to https://kolab.local
+* login as "john@kolab.org" with password "simple123"
+
+# Setup env.local
+
+To customize the installation, create a file src/env.local to override setting in src/.env.example.
+
+The setup script with merge these settings into src/.env, which is what is ultimately used by the installation.
+
+Take a look at ansible/env.local for an example of typical modifications required for an installation.
+
+# Use the ansible setup
+
+The ansible/ directory contains setup scripts to setup a fresh Fedora system with a kolab deployment.
+Modify the Makefile with the required variables and then execute `make setup`.
+
+This will configure the remote system and execute bin/deploy.sh
+
+### Update
+
+* git pull
+* Run "bin/update.sh"
+
+### Backup / Restore
+
+The "bin/backup.sh" script will stop all containers, snapshot the volumes to the backup/ directory, and restart the containers.
+
+"bin/restore.sh" will stop all containers, restore the volumes from tarballs in the backup/ directory, and restart the containers.
+
+
+### Requirements
+* docker
+* openssl
+
+## TODO
+* Only seed admin user, but not all the development stuff?
diff --git a/ansible/env.local b/ansible/env.local
--- a/ansible/env.local
+++ b/ansible/env.local
@@ -1,4 +1,3 @@
-MFA_DSN=mysql://root:Welcome2KolabSystems@127.0.0.1/roundcube
APP_DOMAIN={{ host }}
APP_WEBSITE_DOMAIN={{ host }}
APP_KEY=base64:FG6ECzyAMSmyX+eYwO/FW3bwnarbKkBhqtO65vlMb1E=
@@ -9,10 +8,14 @@
MEET_WEBRTC_LISTEN_IP='{{ public_ip }}'
MEET_PUBLIC_DOMAIN={{ host }}
MEET_SERVER_URLS=https://{{ host }}/meetmedia/api/
-WEBMAIL_URL=/roundcubemail
APP_URL=https://{{ host }}
ASSET_URL=https://{{ host }}
+DB_HOST=mariadb
+REDIS_HOST=redis
+IMAP_URI=ssl://kolab:11993
+LDAP_HOSTS=kolab
+
MOLLIE_KEY=
STRIPE_KEY=
STRIPE_PUBLIC_KEY=
@@ -30,23 +33,11 @@
PASSPORT_COMPANIONAPP_OAUTH_CLIENT_ID=9566e018-f05d-425c-9915-420cdb9258bb
PASSPORT_COMPANIONAPP_OAUTH_CLIENT_SECRET=XjgV6SU9shO0QFKaU6pQPRC5rJpyRezDJTSoGLgz
-APP_TENANT_ID=42
APP_PASSPHRASE=simple123
-MAIL_DRIVER=log
-
KOLAB_SSL_CERTIFICATE=/etc/letsencrypt/live/{{ host }}/cert.pem
KOLAB_SSL_CERTIFICATE_FULLCHAIN=/etc/letsencrypt/live/{{ host }}/fullchain.pem
KOLAB_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/{{ host }}/privkey.pem
PROXY_SSL_CERTIFICATE=/etc/letsencrypt/live/{{ host }}/fullchain.pem
PROXY_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/{{ host }}/privkey.pem
-
-NGINX_SSL_CERTIFICATE=/etc/letsencrypt/live/{{ host }}/fullchain.pem
-NGINX_SSL_CERTIFICATE_KEY=/etc/letsencrypt/live/{{ host }}/privkey.pem
-
-PGP_ENABLE=true
-PGP_BINARY=/usr/bin/gpg
-PGP_AGENT=/usr/bin/gpg-agent
-PGP_GPGCONF=/usr/bin/gpgconf
-
diff --git a/bin/backup.sh b/bin/backup.sh
new file mode 100755
--- /dev/null
+++ b/bin/backup.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+mkdir -p backup
+
+backup_path="$(pwd)/backup/"
+
+function backup_volume {
+ volume_name=$1
+ backup_destination=$2
+
+ echo "Backing up $volume_name to $backup_destination"
+ docker run --rm -v $volume_name:/data -v $backup_destination:/backup quay.io/centos/centos:stream8 tar -zcvf /backup/$volume_name.tar /data
+}
+
+echo "Stopping containers"
+docker-compose stop
+
+echo "Backing up volumes"
+volumes=($(docker volume ls -f name=kolab | awk '{if (NR > 1) print $2}'))
+for v in "${volumes[@]}"
+do
+ backup_volume $v $backup_path
+done
+
+echo "Restarting containers"
+docker-compose start
diff --git a/bin/quickstart.sh b/bin/quickstart.sh
--- a/bin/quickstart.sh
+++ b/bin/quickstart.sh
@@ -27,16 +27,30 @@
export DOCKER_BUILDKIT=0
+COMPOSE_ARGS=
+if [ "$1" != "--nodev" ]; then
+ COMPOSE_ARGS="-f docker-compose.yml -f docker-compose.local.yml"
+fi
docker-compose down --remove-orphans
-src/artisan octane:stop >/dev/null 2>&1 || :
-src/artisan horizon:terminate >/dev/null 2>&1 || :
-
-docker-compose build coturn kolab mariadb meet pdns proxy redis haproxy
+docker volume rm kolab_mariadb || :
+docker volume rm kolab_imap || :
+docker volume rm kolab_ldap || :
+
+if [ "$1" != "--nodev" ]; then
+ src/artisan octane:stop >/dev/null 2>&1 || :
+ src/artisan horizon:terminate >/dev/null 2>&1 || :
+else
+ # If we switch from an existing development setup to a compose deployment,
+ # we don't have a nice way to terminate octane/horizon.
+ # We can't use the artisan command because it will just block if redis is,
+ # no longer available, so we just kill all artisan processes running.
+ pkill -9 -f artisan || :
+fi
bin/regen-certs
-
-docker-compose up -d coturn kolab mariadb meet pdns proxy redis haproxy
+docker-compose build coturn kolab mariadb meet pdns proxy redis haproxy
+docker-compose ${COMPOSE_ARGS} up -d coturn kolab mariadb meet pdns redis
# Workaround until we have docker-compose --wait (https://github.com/docker/compose/pull/8777)
function wait_for_container {
@@ -60,15 +74,11 @@
done;
}
-# Ensure the containers we depend on are fully started
-wait_for_container 'kolab'
-wait_for_container 'kolab-redis'
-
if [ "$1" == "--nodev" ]; then
echo "starting everything in containers"
- docker-compose build swoole
+ docker-compose -f docker-compose.build.yml build swoole
docker-compose build webapp
- docker-compose up -d webapp proxy
+ docker-compose up -d webapp proxy haproxy
wait_for_container 'kolab-webapp'
exit 0
fi
@@ -97,6 +107,10 @@
test ! -z "$(php --modules | grep swoole)" || \
die "Is swoole installed?"
+# Ensure the containers we depend on are fully started
+wait_for_container 'kolab'
+wait_for_container 'kolab-redis'
+
pushd ${base_dir}/src/
rm -rf vendor/ composer.lock
@@ -137,4 +151,7 @@
./artisan data:import || :
nohup ./artisan octane:start --host=$(grep OCTANE_HTTP_HOST .env | tail -n1 | sed "s/OCTANE_HTTP_HOST=//") > octane.out &
nohup ./artisan horizon > horizon.out &
+
popd
+
+docker-compose ${COMPOSE_ARGS} up --no-deps -d proxy haproxy
diff --git a/bin/restore.sh b/bin/restore.sh
new file mode 100755
--- /dev/null
+++ b/bin/restore.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+backup_path="$(pwd)/backup/"
+
+function restore_volume {
+ volume_name=$1
+ backup_destination=$2
+
+ echo "Restoring $volume_name from $backup_destination"
+ docker run --rm -v $volume_name:/data -v $backup_destination:/backup quay.io/centos/centos:stream8 bash -c "rm -rf /data/* && tar xvf /backup/$volume_name.tar -C /data --strip 1"
+}
+
+echo "Stopping containers"
+docker-compose stop
+
+# We currently expect the volumes to exist.
+# We could alternatively create volumes form existing tar files
+# for f in backup/*.tar; do
+# echo "$(basename $f .tar)" ;
+# done
+
+echo "Restoring volumes"
+volumes=($(docker volume ls -f name=kolab | awk '{if (NR > 1) print $2}'))
+for v in "${volumes[@]}"
+do
+ restore_volume $v $backup_path
+done
+echo "Restarting containers"
+docker-compose start
+
diff --git a/bin/update.sh b/bin/update.sh
new file mode 100755
--- /dev/null
+++ b/bin/update.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+docker-compose down --remove-orphans
+docker-compose build coturn kolab mariadb meet pdns proxy redis haproxy webapp
+bin/regen-certs
+docker-compose up -d coturn kolab mariadb meet pdns proxy redis haproxy webapp
diff --git a/ci/Makefile b/ci/Makefile
--- a/ci/Makefile
+++ b/ci/Makefile
@@ -17,13 +17,13 @@
cd .. && bin/quickstart.sh --nodev
build:
- cd .. && DOCKER_BUILDKIT=0 docker compose build swoole && DOCKER_BUILDKIT=0 docker compose build tests && cd ci
+ cd .. && DOCKER_BUILDKIT=0 docker compose -f docker-compose.yml -f docker-compose.build.yml build swoole && DOCKER_BUILDKIT=0 docker compose -f docker-compose.yml -f docker-compose.build.yml build tests && cd ci
lint:
docker run -v ${PWD}/../:/src/kolab.orig -t kolab-tests /lint.sh
test:
- docker run --network=host -v ${PWD}/../src:/src/kolabsrc.orig -t kolab-tests /init.sh
+ docker run --network=kolab_kolab -v ${PWD}/../src:/src/kolabsrc.orig -t kolab-tests /init.sh
all: configure setup build lint test
diff --git a/ci/env.local b/ci/env.local
--- a/ci/env.local
+++ b/ci/env.local
@@ -1,4 +1,4 @@
-MFA_DSN=mysql://root:Welcome2KolabSystems@127.0.0.1/roundcube
+MFA_DSN=mysql://root:Welcome2KolabSystems@mariadb/roundcube
APP_DOMAIN={{ host }}
APP_WEBSITE_DOMAIN={{ host }}
APP_KEY=base64:FG6ECzyAMSmyX+eYwO/FW3bwnarbKkBhqtO65vlMb1E=
@@ -9,10 +9,16 @@
MEET_WEBRTC_LISTEN_IP='{{ public_ip }}'
MEET_PUBLIC_DOMAIN={{ host }}
MEET_SERVER_URLS=https://{{ host }}/meetmedia/api/
+MEET_LISTENING_HOST=172.18.0.1
WEBMAIL_URL=/roundcubemail
APP_URL=https://{{ host }}
ASSET_URL=https://{{ host }}
+DB_HOST=mariadb
+REDIS_HOST=redis
+IMAP_URI=ssl://kolab:11993
+LDAP_HOSTS=kolab
+
MOLLIE_KEY=
STRIPE_KEY=
STRIPE_PUBLIC_KEY=
@@ -39,8 +45,5 @@
KOLAB_SSL_CERTIFICATE_FULLCHAIN=/etc/pki/tls/certs/kolab.hosted.com.chain.pem
KOLAB_SSL_CERTIFICATE_KEY=/etc/pki/tls/certs/kolab.hosted.com.key
-PROXY_SSL_CERTIFICATE=/etc/pki/tls/certs/imap.hosted.com.cert
-PROXY_SSL_CERTIFICATE_KEY=/etc/pki/tls/certs/imap.hosted.com.key
-
-NGINX_SSL_CERTIFICATE=/etc/pki/tls/certs/imap.hosted.com.cert
-NGINX_SSL_CERTIFICATE_KEY=/etc/pki/tls/certs/imap.hosted.com.key
+PROXY_SSL_CERTIFICATE=/etc/certs/imap.hosted.com.cert
+PROXY_SSL_CERTIFICATE_KEY=/etc/certs/imap.hosted.com.key
diff --git a/docker-compose.build.yml b/docker-compose.build.yml
new file mode 100644
--- /dev/null
+++ b/docker-compose.build.yml
@@ -0,0 +1,12 @@
+version: '3'
+services:
+ swoole:
+ build:
+ context: ./docker/swoole/
+ container_name: kolab-swoole
+ image: apheleia/swoole:4.8.x
+ tests:
+ build:
+ context: ./docker/tests/
+ container_name: kolab-tests
+ image: kolab-tests
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
new file mode 100644
--- /dev/null
+++ b/docker-compose.local.yml
@@ -0,0 +1,21 @@
+version: '3'
+services:
+ kolab:
+ ports:
+ - "389:389"
+ - "8880:8880"
+ - "8443:8443"
+ - "10143:10143"
+ - "10587:10587"
+ - "11143:11143"
+ - "11993:11993"
+ - "12143:12143"
+ mariadb:
+ ports:
+ - "3306:3306"
+ redis:
+ ports:
+ - "6379:6379"
+ proxy:
+ extra_hosts:
+ - "webapp:127.0.0.1"
diff --git a/docker-compose.yml b/docker-compose.yml
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -26,10 +26,15 @@
depends_on:
mariadb:
condition: service_healthy
+ pdns:
+ condition: service_healthy
extra_hosts:
- "kolab.mgmt.com:127.0.0.1"
environment:
- - DB_HOST=${DB_HOST}
+ - LDAP_HOST=127.0.0.1
+ - LDAP_ADMIN_BIND_DN="cn=Directory Manager"
+ - LDAP_ADMIN_BIND_PW=Welcome2KolabSystems
+ - DB_HOST=mariadb
- DB_ROOT_PASSWORD=Welcome2KolabSystems
- DB_HKCCP_DATABASE=${DB_DATABASE}
- DB_HKCCP_USERNAME=${DB_USERNAME}
@@ -48,12 +53,20 @@
- MAIL_PORT=10587
healthcheck:
interval: 10s
- test: test -f /tmp/kolab-init.done
+ test: "systemctl is-active kolab-init || exit 1"
timeout: 5s
retries: 30
+ start_period: 5m
+ # This makes docker's dns, resolve via pdns for this container.
+ # Please note it does not affect /etc/resolv.conf
+ dns: 172.18.0.11
hostname: kolab.mgmt.com
image: kolab
- network_mode: host
+ networks:
+ kolab:
+ ipv4_address: 172.18.0.5
+ ports:
+ - "12143:12143"
tmpfs:
- /run
- /tmp
@@ -65,24 +78,36 @@
- /etc/letsencrypt/:/etc/letsencrypt/:ro
- ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro
- ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro
- - ./docker/certs/kolab.hosted.com.cert:/etc/pki/tls/certs/kolab.hosted.com.cert
- - ./docker/certs/kolab.hosted.com.chain.pem:/etc/pki/tls/certs/kolab.hosted.com.chain.pem
- - ./docker/certs/kolab.hosted.com.key:/etc/pki/tls/certs/kolab.hosted.com.key
+ - ./docker/certs/kolab.hosted.com.cert:${KOLAB_SSL_CERTIFICATE:?err}
+ - ./docker/certs/kolab.hosted.com.chain.pem:${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?err}
+ - ./docker/certs/kolab.hosted.com.key:${KOLAB_SSL_CERTIFICATE_KEY:?err}
- ./docker/kolab/utils:/root/utils:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro
+ - imap:/imapdata
+ - ldap:/ldapdata
mariadb:
container_name: kolab-mariadb
environment:
- MYSQL_ROOT_PASSWORD: Welcome2KolabSystems
- TZ: "+02:00"
+ - MARIADB_ROOT_PASSWORD=Welcome2KolabSystems
+ - TZ="+02:00"
+ - DB_HKCCP_DATABASE=${DB_DATABASE}
+ - DB_HKCCP_USERNAME=${DB_USERNAME}
+ - DB_HKCCP_PASSWORD=${DB_PASSWORD}
healthcheck:
interval: 10s
test: test -e /var/run/mysqld/mysqld.sock
timeout: 5s
retries: 30
- image: mariadb
- network_mode: host
+ image: mariadb:latest
+ networks:
+ - kolab
+ volumes:
+ - ./docker/mariadb/mysql-init/:/docker-entrypoint-initdb.d/
+ - mariadb:/var/lib/mysql
haproxy:
+ depends_on:
+ proxy:
+ condition: service_healthy
build:
context: ./docker/haproxy/
healthcheck:
@@ -93,7 +118,8 @@
container_name: kolab-haproxy
hostname: haproxy.hosted.com
image: kolab-haproxy
- network_mode: host
+ networks:
+ - kolab
tmpfs:
- /run
- /tmp
@@ -107,6 +133,7 @@
build:
context: ./docker/pdns/
container_name: kolab-pdns
+ hostname: pdns
depends_on:
mariadb:
condition: service_healthy
@@ -115,9 +142,10 @@
test: "systemctl status pdns || exit 1"
timeout: 5s
retries: 30
- hostname: pdns
- image: apheleia/kolab-pdns
- network_mode: host
+ image: kolab-pdns
+ networks:
+ kolab:
+ ipv4_address: 172.18.0.11
tmpfs:
- /run
- /tmp
@@ -127,6 +155,11 @@
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
proxy:
+ depends_on:
+ kolab:
+ condition: service_healthy
+ webapp:
+ condition: service_healthy
build:
context: ./docker/proxy/
args:
@@ -139,9 +172,13 @@
timeout: 5s
retries: 30
container_name: kolab-proxy
- hostname: ${APP_WEBSITE_DOMAIN:?err}
+ hostname: proxy
image: kolab-proxy
- network_mode: host
+ extra_hosts:
+ - "meet:${MEET_LISTENING_HOST}"
+ networks:
+ kolab:
+ ipv4_address: 172.18.0.7
tmpfs:
- /run
- /tmp
@@ -151,6 +188,13 @@
volumes:
- ./docker/certs/:/etc/certs/:ro
- /etc/letsencrypt/:/etc/letsencrypt/:ro
+ ports:
+ # - "80:80"
+ - "443:443"
+ - "465:465"
+ - "587:587"
+ - "143:143"
+ - "993:993"
redis:
build:
context: ./docker/redis/
@@ -162,14 +206,12 @@
container_name: kolab-redis
hostname: redis
image: redis
- network_mode: host
+ networks:
+ - kolab
volumes:
- ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro
- swoole:
- build:
- context: ./docker/swoole/
- container_name: kolab-swoole
- image: apheleia/swoole:4.8.x
+ # ports:
+ # - "6379:6379"
webapp:
build:
context: ./docker/webapp/
@@ -180,35 +222,31 @@
test: "/src/kolabsrc/artisan octane:status || exit 1"
timeout: 5s
retries: 30
+ start_period: 5m
depends_on:
kolab:
condition: service_healthy
- network_mode: host
- volumes:
- - ./src:/src/kolabsrc.orig:ro
- tests:
- build:
- context: ./docker/tests/
- container_name: kolab-tests
- image: kolab-tests
- depends_on:
- kolab:
+ redis:
condition: service_healthy
- network_mode: host
+ networks:
+ - kolab
volumes:
- ./src:/src/kolabsrc.orig:ro
+ ports:
+ - "8000:8000"
meet:
build:
context: ./docker/meet/
healthcheck:
interval: 10s
- test: "curl --insecure -H 'X-AUTH-TOKEN: ${MEET_SERVER_TOKEN}' --fail https://localhost:12443/meetmedia/api/health || exit 1"
+ test: "curl --insecure -H 'X-AUTH-TOKEN: ${MEET_SERVER_TOKEN}' --fail https://${MEET_LISTENING_HOST}:12443/meetmedia/api/health || exit 1"
timeout: 5s
retries: 30
+ start_period: 5m
environment:
- WEBRTC_LISTEN_IP=${MEET_WEBRTC_LISTEN_IP:?err}
- PUBLIC_DOMAIN=${MEET_PUBLIC_DOMAIN:?err}
- - LISTENING_HOST=0.0.0.0
+ - LISTENING_HOST=${MEET_LISTENING_HOST:?err}
- LISTENING_PORT=12443
- TURN_SERVER=${MEET_TURN_SERVER}
- TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
@@ -224,3 +262,13 @@
- ./meet/server:/src/meet/:ro
- ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.cert:/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN}.cert
- ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.key:/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN}.key
+networks:
+ kolab:
+ driver: bridge
+ ipam:
+ config:
+ - subnet: "172.18.0.0/24"
+volumes:
+ mariadb:
+ imap:
+ ldap:
diff --git a/docker/haproxy/haproxy.cfg b/docker/haproxy/haproxy.cfg
--- a/docker/haproxy/haproxy.cfg
+++ b/docker/haproxy/haproxy.cfg
@@ -73,4 +73,4 @@
stick store-request src
stick-table type ip size 200k expire 30m
# NGINX imap with proxy protocol enabled
- server s1 127.0.0.1:144 check send-proxy-v2
+ server s1 proxy:144 check send-proxy-v2
diff --git a/docker/kolab/Dockerfile b/docker/kolab/Dockerfile
--- a/docker/kolab/Dockerfile
+++ b/docker/kolab/Dockerfile
@@ -15,6 +15,7 @@
epel-release epel-next-release && \
dnf -y module enable 389-directory-server:stable/default && \
dnf -y module enable mariadb:10.3 && \
+ dnf -y install iputils vim-enhanced bind-utils && \
dnf clean all
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
@@ -28,28 +29,44 @@
COPY kolab-init.service /etc/systemd/system/kolab-init.service
COPY kolab-setenv.service /etc/systemd/system/kolab-setenv.service
-COPY kolab-vlv.service /etc/systemd/system/kolab-vlv.service
COPY utils /root/utils
RUN rm -rf /etc/systemd/system/multi-user.target.wants/{avahi-daemon,sshd}.* && \
ln -s /etc/systemd/system/kolab-init.service \
/etc/systemd/system/multi-user.target.wants/kolab-init.service && \
ln -s /etc/systemd/system/kolab-setenv.service \
- /etc/systemd/system/multi-user.target.wants/kolab-setenv.service && \
- ln -s /etc/systemd/system/kolab-vlv.service \
- /etc/systemd/system/multi-user.target.wants/kolab-vlv.service
+ /etc/systemd/system/multi-user.target.wants/kolab-setenv.service
-RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || :
+RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || :
RUN sed -i -r -e 's/^Listen 80$/Listen 9080/g' /etc/httpd/conf/httpd.conf
#RUN sed -i -r -e 's/^Listen 443$/Listen 9443/g' /etc/httpd/conf/httpd.conf
COPY kolab-init.sh /usr/local/sbin/
RUN chmod 750 /usr/local/sbin/kolab-init.sh
-COPY kolab-vlv.sh /usr/local/sbin/
-RUN chmod 750 /usr/local/sbin/kolab-vlv.sh
+
+COPY kolab.conf /etc/kolab/kolab.conf
+COPY cyrus.conf /etc/cyrus.conf
+COPY imapd.conf /etc/imapd.conf
+COPY imapd.annotations.conf /etc/imapd.annotations.conf
+COPY guam.conf /etc/guam/sys.config
+
+
+RUN mkdir -p /imapdata/{spool,lib} && \
+ rm -rf /var/spool/imap && ln -s /imapdata/spool /var/spool/imap && \
+ mv /var/lib/imap /var/lib/imap-bak && ln -s /imapdata/lib /var/lib/imap && \
+ chmod -R 777 /imapdata && \
+ chown cyrus:mail /var/spool/imap /var/lib/imap
+
+RUN mkdir -p /ldapdata/{config,ssca,run} /var/run/dirsrv && \
+ ln -s /ldapdata/config /etc/dirsrv/slapd-kolab && \
+ ln -s /ldapdata/ssca /etc/dirsrv/ssca && \
+ ln -s /ldapdata/run /var/run/dirsrv && \
+ chmod -R 777 /ldapdata /etc/dirsrv
VOLUME [ "/sys/fs/cgroup" ]
+VOLUME [ "/imapdata" ]
+VOLUME [ "/ldapdata" ]
WORKDIR /root/
diff --git a/docker/kolab/cyrus.conf b/docker/kolab/cyrus.conf
new file mode 100644
--- /dev/null
+++ b/docker/kolab/cyrus.conf
@@ -0,0 +1,46 @@
+# standard standalone server implementation
+
+START {
+ # do not delete this entry!
+ recover cmd="ctl_cyrusdb -r"
+
+ idled cmd="idled"
+}
+
+# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
+SERVICES {
+ nginx cmd="imapd" listen=0.0.0.0:12143 prefork=1
+ guam cmd="imapd" listen=0.0.0.0:13143 prefork=1
+ imap cmd="imapd" listen=0.0.0.0:11143 prefork=1
+ imaps cmd="imapd -s" listen=0.0.0.0:11993 prefork=5
+
+ sieve cmd="timsieved" listen="sieve" prefork=0
+
+ ptloader cmd="ptloader" listen="/var/lib/imap/socket/ptsock" prefork=0
+
+ lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
+
+ notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1
+}
+
+EVENTS {
+ # this is required
+ checkpoint cmd="ctl_cyrusdb -c" period=30
+
+ # this is only necessary if using duplicate delivery suppression,
+ # Sieve or NNTP
+ duplicateprune cmd="cyr_expire -E 3" at=0400
+
+ # Expire data older then 69 days. Two full months of 31 days
+ # each includes two full backup cycles, plus 1 week margin
+ # because we run our full backups on the first sat/sun night
+ # of each month.
+ deleteprune cmd="cyr_expire -E 4 -D 69" at=0430
+ expungeprune cmd="cyr_expire -E 4 -X 69" at=0445
+
+ # this is only necessary if caching TLS sessions
+ tlsprune cmd="tls_prune" at=0400
+
+ # Create search indexes regularly (remove -s for cyrus 3+)
+ #squatter cmd="squatter -s -i" at=0530
+}
diff --git a/docker/kolab/utils/10-change-port-numbers.sh b/docker/kolab/guam.conf
old mode 100755
new mode 100644
rename from docker/kolab/utils/10-change-port-numbers.sh
rename to docker/kolab/guam.conf
--- a/docker/kolab/utils/10-change-port-numbers.sh
+++ b/docker/kolab/guam.conf
@@ -1,75 +1,3 @@
-#!/bin/bash
-
-cat ${SSL_CERTIFICATE} ${SSL_CERTIFICATE_FULLCHAIN} ${SSL_CERTIFICATE_KEY} > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
-chown cyrus:mail /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
-
-cp /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem /etc/pki/tls/private/postfix.pem
-chown postfix:mail /etc/pki/tls/private/postfix.pem
-chmod 655 /etc/pki/tls/private/postfix.pem
-
-sed -i "s/tls_server_cert:.*/tls_server_cert: \/etc\/pki\/cyrus-imapd\/cyrus-imapd.bundle.pem/" /etc/imapd.conf
-sed -i "s/tls_server_key:.*/tls_server_key: \/etc\/pki\/cyrus-imapd\/cyrus-imapd.bundle.pem/" /etc/imapd.conf
-sed -i "s/tls_server_ca_file:.*/tls_server_ca_file: \/etc\/pki\/cyrus-imapd\/cyrus-imapd.bundle.pem/" /etc/imapd.conf
-
-sed -i "s/smtpd_tls_key_file =.*/smtpd_tls_key_file = \/etc\/pki\/tls\/private\/postfix.pem/" /etc/postfix/main.cf
-sed -i "s/smtpd_tls_cert_file =.*/smtpd_tls_cert_file = \/etc\/pki\/tls\/private\/postfix.pem/" /etc/postfix/main.cf
-
-sed -i -r \
- -e '/allowplaintext/ a\
-guam_allowplaintext: yes' \
- -e '/allowplaintext/ a\
-nginx_allowplaintext: yes' \
- /etc/imapd.conf
-
-sed -i \
- -e '/SERVICES/ a\
- nginx cmd="imapd" listen=127.0.0.1:12143 prefork=1' \
- -e '/SERVICES/ a\
- guam cmd="imapd" listen=127.0.0.1:13143 prefork=1' \
- -e '/SERVICES/ a\
- imap cmd="imapd" listen=127.0.0.1:11143 prefork=1' \
- -e 's/listen="127.0.0.1:9993"/listen=127.0.0.1:11993/g' \
- /etc/cyrus.conf
-
-systemctl restart cyrus-imapd
-
-# Remove the submission block, by matching from submission until the next empty line
-sed -i -e '/submission inet/,/^$/d' /etc/postfix/master.cf
-
-# Insert a new submission block with a modified port
-cat >> /etc/postfix/master.cf << EOF
-127.0.0.1:10587 inet n - n - - smtpd
- -o cleanup_service_name=cleanup_submission
- -o syslog_name=postfix/submission
- #-o smtpd_tls_security_level=encrypt
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_sasl_authenticated_header=yes
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- -o smtpd_data_restrictions=\$submission_data_restrictions
- -o smtpd_recipient_restrictions=\$submission_recipient_restrictions
- -o smtpd_sender_restrictions=\$submission_sender_restrictions
-
-127.0.0.1:10465 inet n - n - - smtpd
- -o cleanup_service_name=cleanup_submission
- -o rewrite_service_name=rewrite_submission
- -o syslog_name=postfix/smtps
- -o mydestination=
- -o local_recipient_maps=
- -o relay_domains=
- -o relay_recipient_maps=
- #-o smtpd_tls_wrappermode=yes
- -o smtpd_sasl_auth_enable=yes
- -o smtpd_sasl_authenticated_header=yes
- -o smtpd_client_restrictions=permit_sasl_authenticated,reject
- -o smtpd_sender_restrictions=\$submission_sender_restrictions
- -o smtpd_recipient_restrictions=\$submission_recipient_restrictions
- -o smtpd_data_restrictions=\$submission_data_restrictions
-EOF
-
-systemctl restart postfix
-
-cat > /etc/guam/sys.config << EOF
-%% Example configuration for Guam.
[
{
kolab_guam, [
@@ -158,6 +86,3 @@
]
}
].
-EOF
-
-systemctl restart guam
diff --git a/docker/kolab/imapd.annotations.conf b/docker/kolab/imapd.annotations.conf
new file mode 100644
--- /dev/null
+++ b/docker/kolab/imapd.annotations.conf
@@ -0,0 +1,11 @@
+/vendor/kolab/activesync,mailbox,string,backend,value.priv,r
+/vendor/kolab/color,mailbox,string,backend,value.shared value.priv,a
+/vendor/kolab/displayname,mailbox,string,backend,value.shared value.priv,a
+/vendor/kolab/folder-test,mailbox,string,backend,value.shared value.priv,a
+/vendor/kolab/folder-type,mailbox,string,backend,value.shared value.priv,a
+/vendor/kolab/incidences-for,mailbox,string,backend,value.shared value.priv,a
+/vendor/kolab/pxfb-readable-for,mailbox,string,backend,value.shared value.priv,a
+/vendor/kolab/uniqueid,mailbox,string,backend,value.shared value.priv,a
+/vendor/kolab/h-share-attr-desc,mailbox,string,backend,value.shared value.priv,a
+/vendor/horde/share-params,mailbox,string,backend,value.shared value.priv,a
+/vendor/x-toltec/test,mailbox,string,backend,value.shared value.priv,a
diff --git a/docker/kolab/imapd.conf b/docker/kolab/imapd.conf
new file mode 100644
--- /dev/null
+++ b/docker/kolab/imapd.conf
@@ -0,0 +1,58 @@
+defaultpartition: default
+configdirectory: /var/lib/imap/
+partition-default: /var/spool/imap/
+admins: cyrus-admin
+sievedir: /var/lib/imap/sieve/
+sendmail: /usr/sbin/sendmail
+sasl_pwcheck_method: saslauthd
+sasl_mech_list: PLAIN LOGIN
+allowplaintext: no
+guam_allowplaintext: yes
+nginx_allowplaintext: yes
+tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
+tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
+# uncomment this if you're operating in a DSCP environment (RFC-4594)
+# qosmarking: af13
+auth_mech: pts
+pts_module: ldap
+ptloader_sock: /var/lib/imap/socket/ptsock
+ldap_uri: ldap://127.0.0.1:389
+ldap_sasl: 0
+ldap_base: dc=hosted,dc=com
+ldap_bind_dn: uid=kolab-service,ou=Special Users,dc=mgmt,dc=com
+ldap_password: Welcome2KolabSystems
+ldap_filter: (|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@%d)(mail=%U@%r))(objectclass=kolabinetorgperson)))
+ldap_user_attribute: mail
+ldap_group_base: dc=mgmt,dc=com
+ldap_group_filter: (&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))
+ldap_group_scope: one
+ldap_member_base: dc=mgmt,dc=com
+ldap_member_method: attribute
+ldap_member_attribute: nsrole
+ldap_restart: 1
+ldap_timeout: 10
+ldap_time_limit: 10
+unixhierarchysep: 1
+virtdomains: userid
+annotation_definitions: /etc/imapd.annotations.conf
+sieve_extensions: fileinto reject envelope body vacation imapflags notify include regex subaddress relational copy date index
+allowallsubscribe: 0
+allowusermoves: 1
+altnamespace: 1
+hashimapspool: 1
+anysievefolder: 1
+fulldirhash: 0
+sieveusehomedir: 0
+sieve_allowreferrals: 0
+lmtp_downcase_rcpt: 1
+lmtp_fuzzy_mailbox_match: 1
+username_tolower: 1
+deletedprefix: DELETED
+delete_mode: delayed
+expunge_mode: delayed
+postuser: shared
+# on systems with cyrus 3+ specify search engine
+# search_engine: squat
+ldap_domain_base_dn: ou=Domains,dc=mgmt,dc=com
+chatty: 1
+debug: 1
diff --git a/docker/kolab/kolab-init.service b/docker/kolab/kolab-init.service
--- a/docker/kolab/kolab-init.service
+++ b/docker/kolab/kolab-init.service
@@ -1,12 +1,13 @@
[Unit]
Description=Kolab Setup Service
Requires=kolab-setenv.service
-After=kolab-setenv.service
+After=kolab-setenv.service ldapdata.mount imapdata.mount
[Service]
Type=oneshot
EnvironmentFile=/etc/openshift-environment
ExecStart=/usr/local/sbin/kolab-init.sh
+RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
diff --git a/docker/kolab/kolab-init.sh b/docker/kolab/kolab-init.sh
--- a/docker/kolab/kolab-init.sh
+++ b/docker/kolab/kolab-init.sh
@@ -1,38 +1,15 @@
#!/bin/bash
-if [ -d "/etc/dirsrv/slapd-kolab/" ]; then
- exit 0
-fi
-
-cp -av /bin/true /usr/sbin/ds_systemd_ask_password_acl
-
pushd /root/utils/
./01-reverse-etc-hosts.sh && echo "01 done"
./02-write-my.cnf.sh && echo "02 done"
-./03-setup-kolab.sh && echo "03 done"
+./03-setup-ldap.sh && echo "03 ldap done"
+./03-setup-kolab.sh && echo "03 kolab done"
./04-reset-mysql-kolab-password.sh && echo "04 done"
-./05-replace-localhost.sh && echo "05 done"
-./06-mysql-for-kolabdev.sh && echo "06 done"
-./07-adjust-base-dns.sh && echo "07 done"
-./08-disable-amavisd.sh && echo "08 done"
-./09-enable-debugging.sh && echo "09 done"
-./10-change-port-numbers.sh && echo "10 done"
+./05-adjust-configs.sh && echo "05 done"
./10-reset-kolab-service-password.sh && echo "10 done"
./11-reset-cyrus-admin-password.sh && echo "11 done"
-./12-create-hosted-kolab-service.sh && echo "12 done"
-./13-create-ou-domains.sh && echo "13 done"
-./14-create-management-domain.sh && echo "14 done"
-./15-create-hosted-domain.sh && echo "15 done"
-./16-remove-cn-kolab-cn-config.sh && echo "16 done"
-./17-remove-hosted-service-access-from-mgmt-domain.sh && echo "17 done"
-./18-adjust-kolab-conf.sh && echo "18 done"
-./19-turn-on-vlv-in-roundcube.sh && echo "19 done"
-./20-add-alias-attribute-index.sh && echo "20 done"
-./21-adjust-postfix-config.sh && echo "21 done"
-# FIXME we can only create the resource once the owner exists
-#./22-create-resource.sh && echo "22 done"
./23-patch-system.sh && echo "23 done"
-./24-roundcubeconfig.sh && echo "24 done"
touch /tmp/kolab-init.done
diff --git a/docker/kolab/kolab-vlv.service b/docker/kolab/kolab-vlv.service
deleted file mode 100644
--- a/docker/kolab/kolab-vlv.service
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=Kolab VLV and SSS Service
-
-[Service]
-Type=oneshot
-ExecStart=/usr/local/sbin/kolab-vlv.sh
-
-[Install]
-WantedBy=multi-user.target
diff --git a/docker/kolab/kolab-vlv.sh b/docker/kolab/kolab-vlv.sh
deleted file mode 100755
--- a/docker/kolab/kolab-vlv.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-pushd /root/utils/
-
-while [ ! -f /tmp/kolab-init.done ]; do
- sleep 5
-done
-
-./50-add-vlv-searches.sh
-./51-add-vlv-indexes.sh
-./52-run-vlv-index-tasks.sh
diff --git a/docker/kolab/kolab.conf b/docker/kolab/kolab.conf
new file mode 100644
--- /dev/null
+++ b/docker/kolab/kolab.conf
@@ -0,0 +1,83 @@
+[kolab]
+primary_domain = mgmt.com
+auth_mechanism = ldap
+imap_backend = cyrus-imap
+default_locale = en_US
+sync_interval = 300
+domain_sync_interval = 600
+policy_uid = %(surname)s.lower()
+daemon_rcpt_policy = False
+[imap]
+virtual_domains = userid
+
+[ldap]
+ldap_uri = ldap://127.0.0.1:389
+timeout = 10
+supported_controls = 0,2,3
+base_dn = dc=mgmt,dc=com
+bind_dn = cn=Directory Manager
+bind_pw = Welcome2KolabSystems
+service_bind_dn = uid=kolab-service,ou=Special Users,dc=mgmt,dc=com
+service_bind_pw = Welcome2KolabSystems
+user_base_dn = dc=hosted,dc=com
+user_scope = sub
+user_filter = (objectclass=inetorgperson)
+kolab_user_base_dn = dc=hosted,dc=com
+kolab_user_filter = (objectclass=kolabinetorgperson)
+group_base_dn = dc=hosted,dc=com
+group_filter = (|(objectclass=groupofuniquenames)(objectclass=groupofurls))
+group_scope = sub
+kolab_group_filter = (|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgroupofurls))
+sharedfolder_base_dn = dc=hosted,dc=com
+sharedfolder_filter = (objectclass=kolabsharedfolder)
+sharedfolder_acl_entry_attribute = acl
+resource_base_dn = dc=hosted,dc=com
+resource_filter = (|%(group_filter)s(objectclass=kolabsharedfolder))
+domain_base_dn = ou=Domains,dc=mgmt,dc=com
+domain_filter = (&(associatedDomain=*))
+domain_name_attribute = associateddomain
+domain_rootdn_attribute = inetdomainbasedn
+quota_attribute = mailquota
+modifytimestamp_format = %Y%m%d%H%M%SZ
+unique_attribute = nsuniqueid
+mail_attributes = mail, alias
+mailserver_attribute = mailhost
+auth_attributes = mail, uid
+
+[kolab_smtp_access_policy]
+cache_uri = mysql://kolab:Welcome2KolabSystems@mariadb/kolab
+cache_retention = 86400
+address_search_attrs = mail, alias
+delegate_sender_header = True
+alias_sender_header = True
+sender_header = True
+xsender_header = True
+empty_sender_hosts = 3.2.1.0/24, 6.6.6.0/24
+
+[kolab_wap]
+mgmt_root_dn = dc=mgmt,dc=com
+hosted_root_dn = dc=hosted,dc=com
+api_url = http://127.0.0.1:9080/kolab-webadmin/api
+skin = default
+sql_uri = mysql://kolab:Welcome2KolabSystems@mariadb/kolab
+ssl_verify_peer = false
+ssl_verify_host = false
+
+[cyrus-imap]
+uri = imaps://127.0.0.1:11993
+admin_login = cyrus-admin
+admin_password = Welcome2KolabSystems
+
+[cyrus-sasl]
+result_attribute = mail
+
+[wallace]
+webmail_url = https://%(domain)s/roundcubemail
+modules = resources, invitationpolicy
+kolab_invitation_policy = ACT_ACCEPT_IF_NO_CONFLICT:example.org, ACT_MANUAL
+invitationpolicy_autoupdate_other_attendees_on_reply = false
+resource_calendar_expire_days = 100
+
+[mgmt.com]
+default_quota = 1048576
+daemon_rcpt_policy = False
diff --git a/docker/kolab/utils/02-write-my.cnf.sh b/docker/kolab/utils/02-write-my.cnf.sh
--- a/docker/kolab/utils/02-write-my.cnf.sh
+++ b/docker/kolab/utils/02-write-my.cnf.sh
@@ -2,7 +2,7 @@
cat > /root/.my.cnf << EOF
[client]
-host=${DB_HOST:-127.0.0.1}
+host=${DB_HOST}
user=root
password=${DB_ROOT_PASSWORD}
EOF
diff --git a/docker/kolab/utils/03-setup-kolab.sh b/docker/kolab/utils/03-setup-kolab.sh
--- a/docker/kolab/utils/03-setup-kolab.sh
+++ b/docker/kolab/utils/03-setup-kolab.sh
@@ -2,20 +2,6 @@
. ./settings.sh
-if [ -f /root/kolab.conf.template ]; then
- eval "echo \"$(cat /root/kolab.conf.template)\"" > /root/kolab.conf.ref
- KOLAB_CONFIG_REF="--config=/root/kolab.conf.ref"
- cp -f ${KOLAB_CONFIG_REF#--config=} /etc/kolab/kolab.conf
-fi
-
-CMD="$(which setup-kolab) \
- --default ${LDAP_HOST+--without-ldap} ${KOLAB_CONFIG_REF} \
- --fqdn=kolab.${domain} \
- --timezone=Europe/Zurich \
- --mysqlhost=${DB_HOST:-127.0.0.1} \
- --mysqlserver=existing \
- --mysqlrootpw=${DB_ROOT_PASSWORD:-Welcome2KolabSystems} \
- --directory-manager-pwd=${LDAP_ADMIN_BIND_PW:-Welcome2KolabSystems}"
echo ${CMD} | tee -a /root/setup-kolab.log
echo -n "Wait for MariaDB container: " | tee -a /root/setup-kolab.log
@@ -25,14 +11,76 @@
done | tee -a /root/setup-kolab.log
echo "OK!" | tee -a /root/setup-kolab.log
-if [ ! -z "${LDAP_HOST}" ]; then
- echo -n "Wait for DS389 container: " | tee -a /root/setup-kolab.log
- while ! ldapsearch -h ${LDAP_HOST} -D "${LDAP_ADMIN_BIND_DN}" -w "${LDAP_ADMIN_BIND_PW}" -b "" -s base > /dev/null 2>&1 ; do
- echo -n '.'
- sleep 3
- done | tee -a /root/setup-kolab.log
- echo "OK!" | tee -a /root/setup-kolab.log
+echo -n "Wait for DS389 container: " | tee -a /root/setup-kolab.log
+while ! ldapsearch -h ${LDAP_HOST} -D "${LDAP_ADMIN_BIND_DN}" -w "${LDAP_ADMIN_BIND_PW}" -b "" -s base > /dev/null 2>&1 ; do
+ echo -n '.'
+ sleep 3
+done | tee -a /root/setup-kolab.log
+echo "OK!" | tee -a /root/setup-kolab.log
+
+
+cat > /tmp/kolab-setup-my.cnf << EOF
+[client]
+host=${DB_HOST}
+user=root
+password=${DB_ROOT_PASSWORD}
+EOF
+
+
+CMD="$(which setup-kolab) mta \
+ --default"
+${CMD} 2>&1 | tee -a /root/setup-kolab.log
+
+
+
+CMD="$(which setup-kolab) php \
+ --default \
+ --timezone=Europe/Zurich"
+${CMD} 2>&1 | tee -a /root/setup-kolab.log
+
+# setup imap
+if [ -f "/var/lib/imap/db" ]; then
+ echo "IMAP directory exists, nothing to do"
+else
+ echo "Initializing IMAP volume"
+ cp -ar /var/lib/imap-bak/* /var/lib/imap/
+ systemctl start cyrus-imapd
fi
+systemctl stop saslauthd
+systemctl start kolab-saslauthd
+systemctl enable kolab-saslauthd
+#Setup guam
+systemctl start guam
+systemctl enable guam
+
+
+#TODO just add /etc/kolab-freebusy/
+# CMD="$(which setup-kolab) freebusy \
+# --default"
+# ${CMD} 2>&1 | tee -a /root/setup-kolab.log
+
+cat > /tmp/kolab-setup-my.cnf << EOF
+[client]
+host=${DB_HOST}
+user=root
+password=${DB_ROOT_PASSWORD}
+EOF
+
+# Configure roundcube and setup db
+# The db setup will just fail if the db already exists,
+# but no harm done
+CMD="$(which setup-kolab) roundcube \
+ --default"
+${CMD} 2>&1 | tee -a /root/setup-kolab.log
+
+cat > /tmp/kolab-setup-my.cnf << EOF
+[client]
+host=${DB_HOST}
+user=root
+password=${DB_ROOT_PASSWORD}
+EOF
+CMD="$(which setup-kolab) syncroton \
+ --default"
${CMD} 2>&1 | tee -a /root/setup-kolab.log
diff --git a/docker/kolab/utils/03-setup-ldap.sh b/docker/kolab/utils/03-setup-ldap.sh
new file mode 100755
--- /dev/null
+++ b/docker/kolab/utils/03-setup-ldap.sh
@@ -0,0 +1,259 @@
+#!/bin/bash
+
+. ./settings.sh
+
+cp -av /bin/true /usr/sbin/ds_systemd_ask_password_acl
+
+if [ -f "/etc/dirsrv/slapd-kolab/dse.ldif" ]; then
+ echo "LDAP directory exists, nothing to do"
+
+ mkdir -p /var/log/dirsrv/slapd-kolab/
+ chmod 777 /var/log/dirsrv/slapd-kolab/
+ systemctl start dirsrv@kolab
+ mkdir /run/dirsrv
+ chmod 777 /run/dirsrv
+ mkdir -p /run/lock/dirsrv/slapd-kolab/
+ chmod 777 /run/lock/dirsrv/slapd-kolab/
+ mkdir -p /var/lib/dirsrv/slapd-kolab
+ chown dirsrv:dirsrv /var/lib/dirsrv/slapd-kolab
+
+ systemctl start dirsrv@kolab
+else
+ sed -i -e 's/sys.exit/print("exit") #sys.exit/' /usr/lib/python3.6/site-packages/pykolab/setup/setup_ldap.py
+
+ echo "LDAP directory does not exist, setting it up."
+ CMD="$(which setup-kolab) ldap \
+ --default ${LDAP_HOST} \
+ --fqdn=kolab.${domain} \
+ --directory-manager-pwd=${LDAP_ADMIN_BIND_PW}"
+ ${CMD} 2>&1 | tee -a /root/setup-kolab.log
+
+
+ # Create hosted kolab service
+ (
+ echo "dn: uid=hosted-kolab-service,ou=Special Users,${rootdn}"
+ echo "objectclass: top"
+ echo "objectclass: inetorgperson"
+ echo "objectclass: person"
+ echo "uid: hosted-kolab-service"
+ echo "cn: Hosted Kolab Service Account"
+ echo "sn: Service Account"
+ echo "givenname: Hosted Kolab"
+ echo "userpassword: ${hosted_kolab_service_pw}"
+ echo ""
+ ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
+
+ # Create ou domain
+ (
+ echo "dn: ou=Domains,${rootdn}"
+ echo "ou: Domains"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+ ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
+
+ # Create management domain
+ (
+ echo "dn: associateddomain=${domain},${domain_base_dn}"
+ echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///${rootdn}??sub?(objectclass=*)\");)"
+ echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
+ echo "inetDomainStatus: active"
+ echo "objectClass: top"
+ echo "objectClass: domainrelatedobject"
+ echo "objectClass: inetdomain"
+ echo "associatedDomain: ${domain}"
+ echo ""
+ ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
+
+
+ # Create hosted domains
+ (
+ echo "dn: associateddomain=${hosted_domain},${domain_base_dn}"
+ echo "objectclass: top"
+ echo "objectclass: domainrelatedobject"
+ echo "objectclass: inetdomain"
+ echo "inetdomainstatus: active"
+ echo "associateddomain: ${hosted_domain}"
+ echo "inetdomainbasedn: ${hosted_domain_rootdn}"
+ echo ""
+ ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
+
+ (
+ echo "dn: cn=$(echo ${hosted_domain} | sed -e 's/\./_/g'),cn=ldbm database,cn=plugins,cn=config"
+ echo "objectClass: top"
+ echo "objectClass: extensibleobject"
+ echo "objectClass: nsbackendinstance"
+ echo "cn: $(echo ${hosted_domain} | sed -e 's/\./_/g')"
+ echo "nsslapd-suffix: ${hosted_domain_rootdn}"
+ echo "nsslapd-cachesize: -1"
+ echo "nsslapd-cachememsize: 10485760"
+ echo "nsslapd-readonly: off"
+ echo "nsslapd-require-index: off"
+ echo "nsslapd-directory: /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME:-$(hostname -s)}/db/$(echo ${hosted_domain} | sed -e 's/\./_/g')"
+ echo "nsslapd-dncachememsize: 10485760"
+ echo ""
+ ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
+
+ (
+ #On centos7
+ #echo "dn: cn=$(echo ${hosted_domain_rootdn} | sed -e 's/=/\\3D/g' -e 's/,/\\2D/g'),cn=mapping tree,cn=config"
+ #On centos8
+ echo "dn: cn=\"${hosted_domain_rootdn}\",cn=mapping tree,cn=config"
+ echo "objectClass: top"
+ echo "objectClass: extensibleObject"
+ echo "objectClass: nsMappingTree"
+ echo "nsslapd-state: backend"
+ echo "cn: ${hosted_domain_rootdn}"
+ echo "nsslapd-backend: $(echo ${hosted_domain} | sed -e 's/\./_/g')"
+ echo ""
+ ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
+
+ (
+ echo "dn: ${hosted_domain_rootdn}"
+ echo "aci: (targetattr=\"carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier\")(version 3.0; acl \"Enable self write for common attributes\"; allow (write) userdn=\"ldap:///self\";)"
+ echo "aci: (targetattr =\"*\")(version 3.0;acl \"Directory Administrators Group\";allow (all) (groupdn=\"ldap:///cn=Directory Administrators,${hosted_domain_rootdn}\" or roledn=\"ldap:///cn=kolab-admin,${hosted_domain_rootdn}\");)"
+ echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";)"
+ echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";)"
+ echo "aci: (targetattr = \"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-$(hostname -s),cn=389 Directory Server,cn=Server Group,cn=$(hostname -f),ou=${domain},o=NetscapeRoot\";)"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///${hosted_domain_rootdn}??sub?(objectclass=*)\");)"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Service Search Access\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)"
+ echo "objectClass: top"
+ echo "objectClass: domain"
+ echo "dc: $(echo ${hosted_domain} | cut -d'.' -f 1)"
+ echo ""
+ ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
+
+ (
+ for role in "2fa-user" "activesync-user" "imap-user"; do
+ echo "dn: cn=${role},${hosted_domain_rootdn}"
+ echo "cn: ${role}"
+ echo "description: ${role} role"
+ echo "objectclass: top"
+ echo "objectclass: ldapsubentry"
+ echo "objectclass: nsmanagedroledefinition"
+ echo "objectclass: nsroledefinition"
+ echo "objectclass: nssimpleroledefinition"
+ echo ""
+ done
+
+ echo "dn: ou=Groups,${hosted_domain_rootdn}"
+ echo "ou: Groups"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+
+ echo "dn: ou=People,${hosted_domain_rootdn}"
+ echo "aci: (targetattr = \"*\") (version 3.0;acl \"Hosted Kolab Services\";allow (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
+ echo "ou: People"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+
+ echo "dn: ou=Special Users,${hosted_domain_rootdn}"
+ echo "ou: Special Users"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+
+ echo "dn: ou=Resources,${hosted_domain_rootdn}"
+ echo "ou: Resources"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+
+ echo "dn: ou=Shared Folders,${hosted_domain_rootdn}"
+ echo "ou: Shared Folders"
+ echo "objectClass: top"
+ echo "objectClass: organizationalunit"
+ echo ""
+
+ echo "dn: uid=cyrus-admin,ou=Special Users,${hosted_domain_rootdn}"
+ echo "sn: Administrator"
+ echo "uid: cyrus-admin"
+ echo "objectClass: top"
+ echo "objectClass: person"
+ echo "objectClass: inetorgperson"
+ echo "objectClass: organizationalperson"
+ echo "givenName: Cyrus"
+ echo "cn: Cyrus Administrator"
+ echo ""
+
+ ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
+
+
+ # Remove cn kolab cn config
+ (
+ echo "associateddomain=${domain},cn=kolab,cn=config"
+ echo "cn=kolab,cn=config"
+ ) | ldapdelete -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
+
+
+ # Remove hosted service access from mgmt domain
+ (
+ echo "dn: associateddomain=${domain},ou=Domains,${rootdn}"
+ echo "changetype: modify"
+ echo "replace: aci"
+ echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///${rootdn}??sub?(objectclass=*)\");)"
+ echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
+ echo ""
+ ) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
+
+
+ # Add alias attribute index
+ #
+ export index_attr=alias
+
+ (
+ echo "dn: cn=${index_attr},cn=index,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config"
+ echo "objectclass: top"
+ echo "objectclass: nsindex"
+ echo "cn: ${index_attr}"
+ echo "nsSystemIndex: false"
+ echo "nsindextype: pres"
+ echo "nsindextype: eq"
+ echo "nsindextype: sub"
+
+ ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
+
+
+ (
+ echo "dn: cn=${hosted_domain_db} ${index_attr} index,cn=index,cn=tasks,cn=config"
+ echo "objectclass: top"
+ echo "objectclass: extensibleObject"
+ echo "cn: ${hosted_domain_db} ${index_attr} index"
+ echo "nsinstance: ${hosted_domain_db}"
+ echo "nsIndexAttribute: ${index_attr}:pres"
+ echo "nsIndexAttribute: ${index_attr}:eq"
+ echo "nsIndexAttribute: ${index_attr}:sub"
+ echo ""
+ ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
+
+ ldap_complete=0
+
+ while [ ${ldap_complete} -ne 1 ]; do
+ result=$(
+ ldapsearch \
+ -x \
+ -h "${ldap_host}" \
+ -D "${ldap_binddn}" \
+ -w "${ldap_bindpw}" \
+ -c \
+ -LLL \
+ -b "cn=${hosted_domain_db} ${index_attr} index,cn=index,cn=tasks,cn=config" \
+ '(!(nstaskexitcode=0))' \
+ -s base 2>/dev/null
+ )
+ if [ -z "$result" ]; then
+ ldap_complete=1
+ echo ""
+ else
+ echo -n "."
+ sleep 1
+ fi
+ done
+
+ ./50-add-vlv-searches.sh
+ ./51-add-vlv-indexes.sh
+ ./52-run-vlv-index-tasks.sh
+fi
+
diff --git a/docker/kolab/utils/04-reset-mysql-kolab-password.sh b/docker/kolab/utils/04-reset-mysql-kolab-password.sh
--- a/docker/kolab/utils/04-reset-mysql-kolab-password.sh
+++ b/docker/kolab/utils/04-reset-mysql-kolab-password.sh
@@ -18,3 +18,5 @@
mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \
-e "SET PASSWORD FOR '${DB_RC_USERNAME}'@'%' = PASSWORD('${DB_RC_PASSWORD}');"
+mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \
+ -e "GRANT ALL PRIVILEGES ON roundcube.* TO '${DB_RC_USERNAME}'@'%' IDENTIFIED BY '${DB_RC_PASSWORD}';"
diff --git a/docker/kolab/utils/05-adjust-configs.sh b/docker/kolab/utils/05-adjust-configs.sh
new file mode 100755
--- /dev/null
+++ b/docker/kolab/utils/05-adjust-configs.sh
@@ -0,0 +1,166 @@
+#!/bin/bash
+
+# Replace localhost
+sed -i -e "/hosts/s/localhost/${LDAP_HOST}/" /etc/iRony/dav.inc.php
+sed -i -e "/host/s/localhost/${LDAP_HOST}/g" \
+ -e "/fbsource/s/localhost/${IMAP_HOST}/g" /etc/kolab-freebusy/config.ini
+#sed -i -e "s/server_host.*/server_host = ${LDAP_HOST}/g" /etc/postfix/ldap/*
+sed -i -e "/password_ldap_host/s/localhost/${LDAP_HOST}/" /etc/roundcubemail/password.inc.php
+sed -i -e "/hosts/s/localhost/${LDAP_HOST}/" /etc/roundcubemail/kolab_auth.inc.php
+sed -i -e "s#.*db_dsnw.*# \$config['db_dsnw'] = 'mysql://${DB_RC_USERNAME}:${DB_RC_PASSWORD}@${DB_HOST}/roundcube';#" \
+ -e "/default_host/s|= .*$|= 'ssl://${IMAP_HOST}';|" \
+ -e "/default_port/s|= .*$|= ${IMAP_PORT};|" \
+ -e "/smtp_server/s|= .*$|= 'tls://${MAIL_HOST}';|" \
+ -e "/smtp_port/s/= .*$/= ${MAIL_PORT};/" \
+ -e "/hosts/s/localhost/${LDAP_HOST}/" /etc/roundcubemail/config.inc.php
+sed -i -e "/hosts/s/localhost/${LDAP_HOST}/" /etc/roundcubemail/calendar.inc.php
+
+
+. ./settings.sh
+
+#Adjust basedn
+sed -i -r \
+ -e "s/(\s+)base => '.*',$/\1base => '${hosted_domain_rootdn}',/g" \
+ -e "/\\\$mydomain = / a\
+\$myhostname = '${HOSTNAME:-kolab}.${DOMAIN:-mgmt.com}';" \
+ -e "s/^base_dn = .*$/base_dn = ${hosted_domain_rootdn}/g" \
+ -e "s/^search_base = .*$/search_base = ${hosted_domain_rootdn}/g" \
+ -e "s/(\s+)'base_dn'(\s+)=> '.*',/\1'base_dn'\2=> '${hosted_domain_rootdn}',/g" \
+ -e "s/(\s+)'search_base_dn'(\s+)=> '.*',/\1'search_base_dn'\2=> '${hosted_domain_rootdn}',/g" \
+ -e "s/(\s+)'user_specific'(\s+)=> false,/\1'user_specific'\2=> true,/g" \
+ /etc/amavisd/amavisd.conf \
+ /etc/kolab-freebusy/config.ini \
+ /etc/postfix/ldap/*.cf \
+ /etc/roundcubemail/config.inc.php \
+ /etc/roundcubemail/calendar.inc.php \
+ /etc/roundcubemail/kolab_auth.inc.php
+
+sed -i -r \
+ -e "s/^search_base = .*$/search_base = ${domain_base_dn}/g" \
+ /etc/postfix/ldap/mydestination.cf
+
+
+#Disable amavisd
+postconf -e content_filter='smtp-wallace:[127.0.0.1]:10026'
+
+systemctl stop amavisd
+systemctl disable amavisd
+
+systemctl stop clamd@amavisd
+systemctl disable clamd@amavisd
+
+
+# Change port numbers
+cat ${SSL_CERTIFICATE} ${SSL_CERTIFICATE_FULLCHAIN} ${SSL_CERTIFICATE_KEY} > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
+chown cyrus:mail /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
+
+cp /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem /etc/pki/tls/private/postfix.pem
+chown postfix:mail /etc/pki/tls/private/postfix.pem
+chmod 655 /etc/pki/tls/private/postfix.pem
+
+sed -i "s/smtpd_tls_key_file =.*/smtpd_tls_key_file = \/etc\/pki\/tls\/private\/postfix.pem/" /etc/postfix/main.cf
+sed -i "s/smtpd_tls_cert_file =.*/smtpd_tls_cert_file = \/etc\/pki\/tls\/private\/postfix.pem/" /etc/postfix/main.cf
+
+# Remove the submission block, by matching from submission until the next empty line
+sed -i -e '/submission inet/,/^$/d' /etc/postfix/master.cf
+
+# Insert a new submission block with a modified port
+cat >> /etc/postfix/master.cf << EOF
+127.0.0.1:10587 inet n - n - - smtpd
+ -o cleanup_service_name=cleanup_submission
+ -o syslog_name=postfix/submission
+ #-o smtpd_tls_security_level=encrypt
+ -o smtpd_sasl_auth_enable=yes
+ -o smtpd_sasl_authenticated_header=yes
+ -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+ -o smtpd_data_restrictions=\$submission_data_restrictions
+ -o smtpd_recipient_restrictions=\$submission_recipient_restrictions
+ -o smtpd_sender_restrictions=\$submission_sender_restrictions
+
+127.0.0.1:10465 inet n - n - - smtpd
+ -o cleanup_service_name=cleanup_submission
+ -o rewrite_service_name=rewrite_submission
+ -o syslog_name=postfix/smtps
+ -o mydestination=
+ -o local_recipient_maps=
+ -o relay_domains=
+ -o relay_recipient_maps=
+ #-o smtpd_tls_wrappermode=yes
+ -o smtpd_sasl_auth_enable=yes
+ -o smtpd_sasl_authenticated_header=yes
+ -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+ -o smtpd_sender_restrictions=\$submission_sender_restrictions
+ -o smtpd_recipient_restrictions=\$submission_recipient_restrictions
+ -o smtpd_data_restrictions=\$submission_data_restrictions
+EOF
+
+
+sed -i -r \
+ -e "s/'vlv'(\s+)=> false,/'vlv'\1=> true,/g" \
+ -e "s/'vlv_search'(\s+)=> false,/'vlv_search'\1=> true,/g" \
+ -e "s/inetOrgPerson/inetorgperson/g" \
+ -e "s/kolabInetOrgPerson/inetorgperson/g" \
+ /etc/roundcubemail/*.inc.php
+
+
+# Adjust postfix
+
+# new: (inetdomainstatus:1.2.840.113556.1.4.803:=1)
+# active: (inetdomainstatus:1.2.840.113556.1.4.803:=2)
+# suspended: (inetdomainstatus:1.2.840.113556.1.4.803:=4)
+# deleted: (inetdomainstatus:1.2.840.113556.1.4.803:=8)
+# confirmed: (inetdomainstatus:1.2.840.113556.1.4.803:=16)
+# verified: (inetdomainstatus:1.2.840.113556.1.4.803:=32)
+# ready: (inetdomainstatus:1.2.840.113556.1.4.803:=64)
+
+sed -i -r \
+ -e 's/^query_filter.*$/query_filter = (\&(associatedDomain=%s)(inetdomainstatus:1.2.840.113556.1.4.803:=18)(!(inetdomainstatus:1.2.840.113556.1.4.803:=4)))/g' \
+ /etc/postfix/ldap/mydestination.cf
+
+# new: (inetuserstatus:1.2.840.113556.1.4.803:=1)
+# active: (inetuserstatus:1.2.840.113556.1.4.803:=2)
+# suspended: (inetuserstatus:1.2.840.113556.1.4.803:=4)
+# deleted: (inetuserstatus:1.2.840.113556.1.4.803:=8)
+# ldapready: (inetuserstatus:1.2.840.113556.1.4.803:=16)
+# imapready: (inetuserstatus:1.2.840.113556.1.4.803:=32)
+
+sed -i -r \
+ -e 's/^query_filter.*$/query_filter = (\&(|(mail=%s)(alias=%s))(|(objectclass=kolabinetorgperson)(|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgroupofurls))(|(|(objectclass=groupofuniquenames)(objectclass=groupofurls))(objectclass=kolabsharedfolder))(objectclass=kolabsharedfolder))(!(inetuserstatus:1.2.840.113556.1.4.803:=4)))/g' \
+ /etc/postfix/ldap/local_recipient_maps.cf
+
+systemctl restart postfix
+
+
+
+sed -i -r -e "s|$config\['kolab_files_url'\] = .*$|$config['kolab_files_url'] = 'https://' \. \$_SERVER['HTTP_HOST'] . '/chwala/';|g" /etc/roundcubemail/kolab_files.inc.php
+
+sed -i -r -e "s|$config\['kolab_invitation_calendars'\] = .*$|$config['kolab_invitation_calendars'] = true;|g" /etc/roundcubemail/calendar.inc.php
+
+sed -i -r -e "/^.*'contextmenu',$/a 'enigma'," /etc/roundcubemail/config.inc.php
+
+sed -i -r -e "s|$config\['enigma_passwordless'\] = .*$|$config['enigma_passwordless'] = true;|g" /etc/roundcubemail/enigma.inc.php
+sed -i -r -e "s|$config\['enigma_multihost'\] = .*$|$config['enigma_multihost'] = true;|g" /etc/roundcubemail/enigma.inc.php
+
+echo "\$config['enigma_woat'] = true;" >> /etc/roundcubemail/enigma.inc.php
+
+# Run it over haproxy then nginx for 2fa. We need to use startls because otherwise the proxy protocol doesn't work.
+sed -i -r -e "s|$config\['default_host'\] = .*$|$config['default_host'] = 'tls://haproxy';|g" /etc/roundcubemail/config.inc.php
+sed -i -r -e "s|$config\['default_port'\] = .*$|$config['default_port'] = 145;|g" /etc/roundcubemail/config.inc.php
+
+# So we can just append
+sed -i "s/?>//g" /etc/roundcubemail/config.inc.php
+
+# Enable the PROXY protocol
+cat << EOF >> /etc/roundcubemail/config.inc.php
+ \$config['imap_conn_options'] = Array(
+ 'ssl' => Array(
+ 'verify_peer_name' => false,
+ 'verify_peer' => false,
+ 'allow_self_signed' => true
+ ),
+ 'proxy_protocol' => 2
+ );
+ \$config['proxy_whitelist'] = array('127.0.0.1', '172.18.0.7');
+EOF
+
+echo "?>" >> /etc/roundcubemail/config.inc.php
diff --git a/docker/kolab/utils/05-replace-localhost.sh b/docker/kolab/utils/05-replace-localhost.sh
deleted file mode 100755
--- a/docker/kolab/utils/05-replace-localhost.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash
-
-if [[ ${DB_HOST} == "localhost" || ${DB_HOST} == "127.0.0.1" ]]; then
- mysql -h ${DB_HOST} -u root --password=${DB_ROOT_PASSWORD} \
- -e "UPDATE mysql.db SET Host = '127.0.0.1' WHERE Host = 'localhost';"
-
- mysql -h ${DB_HOST} -u root --password=${DB_ROOT_PASSWORD} \
- -e "FLUSH PRIVILEGES;"
-fi
-
-sed -i -e "s#^ldap_servers:.*#ldap_servers: ldap://${LDAP_HOST:-127.0.0.1}:389#" /etc/imapd.conf
-sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/iRony/dav.inc.php
-sed -i -e "s#^ldap_uri.*#ldap_uri = ldap://${LDAP_HOST:-127.0.0.1}:389#" \
- -e "s#^cache_uri.*mysql://\(.*\):\(.*\)@\(.*\)\/\(.*\)#cache_uri = mysql://${DB_KOLAB_USERNAME}:${DB_KOLAB_PASSWORD}@${DB_HOST}/${DB_KOLAB_DATABASE}#" \
- -e "s#^sql_uri.*mysql://\(.*\):\(.*\)@\(.*\)\/\(.*\)#sql_uri = mysql://${DB_KOLAB_USERNAME}:${DB_KOLAB_PASSWORD}@${DB_HOST}/${DB_KOLAB_DATABASE}#" \
- -e "s#^uri.*#uri = imaps://${IMAP_HOST:-127.0.0.1}:11993#" /etc/kolab/kolab.conf
-sed -i -e "/host/s/localhost/${LDAP_HOST:-127.0.0.1}/g" \
- -e "/fbsource/s/localhost/${IMAP_HOST:-127.0.0.1}/g" /etc/kolab-freebusy/config.ini
-#sed -i -e "s/server_host.*/server_host = ${LDAP_HOST:-127.0.0.1}/g" /etc/postfix/ldap/*
-sed -i -e "/password_ldap_host/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/password.inc.php
-sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/kolab_auth.inc.php
-sed -i -e "s#.*db_dsnw.*# \$config['db_dsnw'] = 'mysql://${DB_RC_USERNAME}:${DB_RC_PASSWORD}@${DB_HOST}/roundcube';#" \
- -e "/default_host/s|= .*$|= 'ssl://${IMAP_HOST:-127.0.0.1}';|" \
- -e "/default_port/s|= .*$|= ${IMAP_PORT:-11993};|" \
- -e "/smtp_server/s|= .*$|= 'tls://${MAIL_HOST:-127.0.0.1}';|" \
- -e "/smtp_port/s/= .*$/= ${MAIL_PORT:-10587};/" \
- -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/config.inc.php
-sed -i -e "/hosts/s/localhost/${LDAP_HOST:-127.0.0.1}/" /etc/roundcubemail/calendar.inc.php
-
-systemctl restart cyrus-imapd postfix
diff --git a/docker/kolab/utils/06-mysql-for-kolabdev.sh b/docker/kolab/utils/06-mysql-for-kolabdev.sh
deleted file mode 100755
--- a/docker/kolab/utils/06-mysql-for-kolabdev.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \
- -e "CREATE DATABASE IF NOT EXISTS ${DB_HKCCP_DATABASE};"
-
-mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \
- -e "GRANT ALL PRIVILEGES ON ${DB_HKCCP_DATABASE}.* TO '${DB_HKCCP_USERNAME}'@'%' IDENTIFIED BY '${DB_HKCCP_PASSWORD}';"
-
-mysql -h ${DB_HOST:-127.0.0.1} -u root --password=${DB_ROOT_PASSWORD} \
- -e "FLUSH PRIVILEGES;"
-
diff --git a/docker/kolab/utils/07-adjust-base-dns.sh b/docker/kolab/utils/07-adjust-base-dns.sh
deleted file mode 100755
--- a/docker/kolab/utils/07-adjust-base-dns.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-
-. ./settings.sh
-
-echo "ldap_domain_base_dn: ${domain_base_dn}" >> /etc/imapd.conf
-
-sed -i -r \
- -e "s/^ldap_base: .*$/ldap_base: ${hosted_domain_rootdn}/g" \
- /etc/imapd.conf
-
-sed -i -r \
- -e "s/(\s+)base => '.*',$/\1base => '${hosted_domain_rootdn}',/g" \
- -e "/\\\$mydomain = / a\
-\$myhostname = '${HOSTNAME:-kolab}.${DOMAIN:-mgmt.com}';" \
- -e "s/^base_dn = .*$/base_dn = ${hosted_domain_rootdn}/g" \
- -e "s/^search_base = .*$/search_base = ${hosted_domain_rootdn}/g" \
- -e "s/(\s+)'base_dn'(\s+)=> '.*',/\1'base_dn'\2=> '${hosted_domain_rootdn}',/g" \
- -e "s/(\s+)'search_base_dn'(\s+)=> '.*',/\1'search_base_dn'\2=> '${hosted_domain_rootdn}',/g" \
- -e "s/(\s+)'user_specific'(\s+)=> false,/\1'user_specific'\2=> true,/g" \
- /etc/amavisd/amavisd.conf \
- /etc/kolab-freebusy/config.ini \
- /etc/postfix/ldap/*.cf \
- /etc/roundcubemail/config.inc.php \
- /etc/roundcubemail/calendar.inc.php \
- /etc/roundcubemail/kolab_auth.inc.php
-
-sed -i -r \
- -e "s/^search_base = .*$/search_base = ${domain_base_dn}/g" \
- /etc/postfix/ldap/mydestination.cf
-
-systemctl restart cyrus-imapd postfix
diff --git a/docker/kolab/utils/08-disable-amavisd.sh b/docker/kolab/utils/08-disable-amavisd.sh
deleted file mode 100755
--- a/docker/kolab/utils/08-disable-amavisd.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-postconf -e content_filter='smtp-wallace:[127.0.0.1]:10026'
-
-systemctl restart postfix
-
-systemctl stop amavisd
-systemctl disable amavisd
-
-systemctl stop clamd@amavisd
-systemctl disable clamd@amavisd
diff --git a/docker/kolab/utils/12-create-hosted-kolab-service.sh b/docker/kolab/utils/12-create-hosted-kolab-service.sh
deleted file mode 100755
--- a/docker/kolab/utils/12-create-hosted-kolab-service.sh
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/bin/bash
-
-. ./settings.sh
-
-(
- echo "dn: uid=hosted-kolab-service,ou=Special Users,${rootdn}"
- echo "objectclass: top"
- echo "objectclass: inetorgperson"
- echo "objectclass: person"
- echo "uid: hosted-kolab-service"
- echo "cn: Hosted Kolab Service Account"
- echo "sn: Service Account"
- echo "givenname: Hosted Kolab"
- echo "userpassword: ${hosted_kolab_service_pw}"
- echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
diff --git a/docker/kolab/utils/13-create-ou-domains.sh b/docker/kolab/utils/13-create-ou-domains.sh
deleted file mode 100755
--- a/docker/kolab/utils/13-create-ou-domains.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
- . ./settings.sh
-
-(
- echo "dn: ou=Domains,${rootdn}"
- echo "ou: Domains"
- echo "objectClass: top"
- echo "objectClass: organizationalunit"
- echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
diff --git a/docker/kolab/utils/14-create-management-domain.sh b/docker/kolab/utils/14-create-management-domain.sh
deleted file mode 100755
--- a/docker/kolab/utils/14-create-management-domain.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash
-
-. ./settings.sh
-
-(
- echo "dn: associateddomain=${domain},${domain_base_dn}"
- echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///${rootdn}??sub?(objectclass=*)\");)"
- echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
- echo "inetDomainStatus: active"
- echo "objectClass: top"
- echo "objectClass: domainrelatedobject"
- echo "objectClass: inetdomain"
- echo "associatedDomain: ${domain}"
- echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
diff --git a/docker/kolab/utils/15-create-hosted-domain.sh b/docker/kolab/utils/15-create-hosted-domain.sh
deleted file mode 100755
--- a/docker/kolab/utils/15-create-hosted-domain.sh
+++ /dev/null
@@ -1,116 +0,0 @@
-#!/bin/bash
-
-. ./settings.sh
-
- (
- echo "dn: associateddomain=${hosted_domain},${domain_base_dn}"
- echo "objectclass: top"
- echo "objectclass: domainrelatedobject"
- echo "objectclass: inetdomain"
- echo "inetdomainstatus: active"
- echo "associateddomain: ${hosted_domain}"
- echo "inetdomainbasedn: ${hosted_domain_rootdn}"
- echo ""
- ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
- (
- echo "dn: cn=$(echo ${hosted_domain} | sed -e 's/\./_/g'),cn=ldbm database,cn=plugins,cn=config"
- echo "objectClass: top"
- echo "objectClass: extensibleobject"
- echo "objectClass: nsbackendinstance"
- echo "cn: $(echo ${hosted_domain} | sed -e 's/\./_/g')"
- echo "nsslapd-suffix: ${hosted_domain_rootdn}"
- echo "nsslapd-cachesize: -1"
- echo "nsslapd-cachememsize: 10485760"
- echo "nsslapd-readonly: off"
- echo "nsslapd-require-index: off"
- echo "nsslapd-directory: /var/lib/dirsrv/slapd-${DS_INSTANCE_NAME:-$(hostname -s)}/db/$(echo ${hosted_domain} | sed -e 's/\./_/g')"
- echo "nsslapd-dncachememsize: 10485760"
- echo ""
- ) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
-(
- #On centos7
- #echo "dn: cn=$(echo ${hosted_domain_rootdn} | sed -e 's/=/\\3D/g' -e 's/,/\\2D/g'),cn=mapping tree,cn=config"
- #On centos8
- echo "dn: cn=\"${hosted_domain_rootdn}\",cn=mapping tree,cn=config"
- echo "objectClass: top"
- echo "objectClass: extensibleObject"
- echo "objectClass: nsMappingTree"
- echo "nsslapd-state: backend"
- echo "cn: ${hosted_domain_rootdn}"
- echo "nsslapd-backend: $(echo ${hosted_domain} | sed -e 's/\./_/g')"
- echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
-(
- echo "dn: ${hosted_domain_rootdn}"
- echo "aci: (targetattr=\"carLicense || description || displayName || facsimileTelephoneNumber || homePhone || homePostalAddress || initials || jpegPhoto || labeledURI || mobile || pager || photo || postOfficeBox || postalAddress || postalCode || preferredDeliveryMethod || preferredLanguage || registeredAddress || roomNumber || secretary || seeAlso || st || street || telephoneNumber || telexNumber || title || userCertificate || userPassword || userSMIMECertificate || x500UniqueIdentifier\")(version 3.0; acl \"Enable self write for common attributes\"; allow (write) userdn=\"ldap:///self\";)"
- echo "aci: (targetattr =\"*\")(version 3.0;acl \"Directory Administrators Group\";allow (all) (groupdn=\"ldap:///cn=Directory Administrators,${hosted_domain_rootdn}\" or roledn=\"ldap:///cn=kolab-admin,${hosted_domain_rootdn}\");)"
- echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrators Group\"; allow (all) groupdn=\"ldap:///cn=Configuration Administrators,ou=Groups,ou=TopologyManagement,o=NetscapeRoot\";)"
- echo "aci: (targetattr=\"*\")(version 3.0; acl \"Configuration Administrator\"; allow (all) userdn=\"ldap:///uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot\";)"
- echo "aci: (targetattr = \"*\")(version 3.0; acl \"SIE Group\"; allow (all) groupdn = \"ldap:///cn=slapd-$(hostname -s),cn=389 Directory Server,cn=Server Group,cn=$(hostname -f),ou=${domain},o=NetscapeRoot\";)"
- echo "aci: (targetattr = \"*\") (version 3.0;acl \"Search Access\";allow (read,compare,search)(userdn = \"ldap:///${hosted_domain_rootdn}??sub?(objectclass=*)\");)"
- echo "aci: (targetattr = \"*\") (version 3.0;acl \"Service Search Access\";allow (read,compare,search)(userdn = \"ldap:///uid=kolab-service,ou=Special Users,${rootdn}\");)"
- echo "objectClass: top"
- echo "objectClass: domain"
- echo "dc: $(echo ${hosted_domain} | cut -d'.' -f 1)"
- echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
-
-(
- for role in "2fa-user" "activesync-user" "imap-user"; do
- echo "dn: cn=${role},${hosted_domain_rootdn}"
- echo "cn: ${role}"
- echo "description: ${role} role"
- echo "objectclass: top"
- echo "objectclass: ldapsubentry"
- echo "objectclass: nsmanagedroledefinition"
- echo "objectclass: nsroledefinition"
- echo "objectclass: nssimpleroledefinition"
- echo ""
- done
-
- echo "dn: ou=Groups,${hosted_domain_rootdn}"
- echo "ou: Groups"
- echo "objectClass: top"
- echo "objectClass: organizationalunit"
- echo ""
-
- echo "dn: ou=People,${hosted_domain_rootdn}"
- echo "aci: (targetattr = \"*\") (version 3.0;acl \"Hosted Kolab Services\";allow (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
- echo "ou: People"
- echo "objectClass: top"
- echo "objectClass: organizationalunit"
- echo ""
-
- echo "dn: ou=Special Users,${hosted_domain_rootdn}"
- echo "ou: Special Users"
- echo "objectClass: top"
- echo "objectClass: organizationalunit"
- echo ""
-
- echo "dn: ou=Resources,${hosted_domain_rootdn}"
- echo "ou: Resources"
- echo "objectClass: top"
- echo "objectClass: organizationalunit"
- echo ""
-
- echo "dn: ou=Shared Folders,${hosted_domain_rootdn}"
- echo "ou: Shared Folders"
- echo "objectClass: top"
- echo "objectClass: organizationalunit"
- echo ""
-
- echo "dn: uid=cyrus-admin,ou=Special Users,${hosted_domain_rootdn}"
- echo "sn: Administrator"
- echo "uid: cyrus-admin"
- echo "objectClass: top"
- echo "objectClass: person"
- echo "objectClass: inetorgperson"
- echo "objectClass: organizationalperson"
- echo "givenName: Cyrus"
- echo "cn: Cyrus Administrator"
- echo ""
-
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
diff --git a/docker/kolab/utils/16-remove-cn-kolab-cn-config.sh b/docker/kolab/utils/16-remove-cn-kolab-cn-config.sh
deleted file mode 100755
--- a/docker/kolab/utils/16-remove-cn-kolab-cn-config.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-. ./settings.sh
-
-(
- echo "associateddomain=${domain},cn=kolab,cn=config"
- echo "cn=kolab,cn=config"
-) | ldapdelete -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
diff --git a/docker/kolab/utils/17-remove-hosted-service-access-from-mgmt-domain.sh b/docker/kolab/utils/17-remove-hosted-service-access-from-mgmt-domain.sh
deleted file mode 100755
--- a/docker/kolab/utils/17-remove-hosted-service-access-from-mgmt-domain.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-. ./settings.sh
-
-(
- echo "dn: associateddomain=${domain},ou=Domains,${rootdn}"
- echo "changetype: modify"
- echo "replace: aci"
- echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Rest\";deny (all)(userdn != \"ldap:///uid=kolab-service,ou=Special Users,${rootdn} || ldap:///${rootdn}??sub?(objectclass=*)\");)"
- echo "aci: (targetattr = \"*\")(version 3.0;acl \"Deny Hosted Kolab\";deny (all)(userdn = \"ldap:///uid=hosted-kolab-service,ou=Special Users,${rootdn}\");)"
- echo ""
-) | ldapmodify -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
diff --git a/docker/kolab/utils/18-adjust-kolab-conf.sh b/docker/kolab/utils/18-adjust-kolab-conf.sh
deleted file mode 100755
--- a/docker/kolab/utils/18-adjust-kolab-conf.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-
-. ./settings.sh
-
-sed -r -i \
- -e "s/^base_dn.*$/base_dn = ${rootdn}/g" \
- -e "s/^domain_base_dn.*$/domain_base_dn = ${domain_base_dn}/g" \
- -e "s/^user_base_dn.*$/user_base_dn = ${hosted_domain_rootdn}/g" \
- -e "s/^kolab_user_base_dn.*$/kolab_user_base_dn = ${hosted_domain_rootdn}/g" \
- -e "s/^group_base_dn.*$/group_base_dn = ${hosted_domain_rootdn}/g" \
- -e "s/^sharedfolder_base_dn.*$/sharedfolder_base_dn = ${hosted_domain_rootdn}/g" \
- -e "s/^resource_base_dn.*$/resource_base_dn = ${hosted_domain_rootdn}/g" \
- -e '/^primary_mail/ a\
-daemon_rcpt_policy = False' \
- -e '/^primary_mail/d' \
- -e '/secondary_mail/,+10d' \
- -e '/autocreate_folders/,+77d' \
- -e "/^\[kolab_wap\]/ a\
-mgmt_root_dn = ${rootdn}" \
- -e "/^\[kolab_wap\]/ a\
-hosted_root_dn = ${hosted_domain_rootdn}" \
- -e "/^\[kolab_wap\]/ a\
-api_url = http://127.0.0.1:9080/kolab-webadmin/api" \
- -e 's/^auth_attributes.*$/auth_attributes = mail, uid/g' \
- -e 's|^uri = imaps.*$|uri = imaps://127.0.0.1:11993|g' \
- -e "/^\[wallace\]/ a\
-webmail_url = https://%(domain)s/roundcubemail" \
- /etc/kolab/kolab.conf
-
-systemctl restart kolabd
-systemctl restart kolab-saslauthd
diff --git a/docker/kolab/utils/19-turn-on-vlv-in-roundcube.sh b/docker/kolab/utils/19-turn-on-vlv-in-roundcube.sh
deleted file mode 100755
--- a/docker/kolab/utils/19-turn-on-vlv-in-roundcube.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-sed -i -r \
- -e "s/'vlv'(\s+)=> false,/'vlv'\1=> true,/g" \
- -e "s/'vlv_search'(\s+)=> false,/'vlv_search'\1=> true,/g" \
- -e "s/inetOrgPerson/inetorgperson/g" \
- -e "s/kolabInetOrgPerson/inetorgperson/g" \
- /etc/roundcubemail/*.inc.php
diff --git a/docker/kolab/utils/20-add-alias-attribute-index.sh b/docker/kolab/utils/20-add-alias-attribute-index.sh
deleted file mode 100755
--- a/docker/kolab/utils/20-add-alias-attribute-index.sh
+++ /dev/null
@@ -1,55 +0,0 @@
-#!/bin/bash
-
-. ./settings.sh
-
-export index_attr=alias
-
-(
- echo "dn: cn=${index_attr},cn=index,cn=${hosted_domain_db},cn=ldbm database,cn=plugins,cn=config"
- echo "objectclass: top"
- echo "objectclass: nsindex"
- echo "cn: ${index_attr}"
- echo "nsSystemIndex: false"
- echo "nsindextype: pres"
- echo "nsindextype: eq"
- echo "nsindextype: sub"
-
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
-
-
-(
- echo "dn: cn=${hosted_domain_db} ${index_attr} index,cn=index,cn=tasks,cn=config"
- echo "objectclass: top"
- echo "objectclass: extensibleObject"
- echo "cn: ${hosted_domain_db} ${index_attr} index"
- echo "nsinstance: ${hosted_domain_db}"
- echo "nsIndexAttribute: ${index_attr}:pres"
- echo "nsIndexAttribute: ${index_attr}:eq"
- echo "nsIndexAttribute: ${index_attr}:sub"
- echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}" -c
-
-ldap_complete=0
-
-while [ ${ldap_complete} -ne 1 ]; do
- result=$(
- ldapsearch \
- -x \
- -h ${ldap_host} \
- -D "${ldap_binddn}" \
- -w "${ldap_bindpw}" \
- -c \
- -LLL \
- -b "cn=${hosted_domain_db} ${index_attr} index,cn=index,cn=tasks,cn=config" \
- '(!(nstaskexitcode=0))' \
- -s base 2>/dev/null
- )
- if [ -z "$result" ]; then
- ldap_complete=1
- echo ""
- else
- echo -n "."
- sleep 1
- fi
-done
-
diff --git a/docker/kolab/utils/21-adjust-postfix-config.sh b/docker/kolab/utils/21-adjust-postfix-config.sh
deleted file mode 100755
--- a/docker/kolab/utils/21-adjust-postfix-config.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-
-# new: (inetdomainstatus:1.2.840.113556.1.4.803:=1)
-# active: (inetdomainstatus:1.2.840.113556.1.4.803:=2)
-# suspended: (inetdomainstatus:1.2.840.113556.1.4.803:=4)
-# deleted: (inetdomainstatus:1.2.840.113556.1.4.803:=8)
-# confirmed: (inetdomainstatus:1.2.840.113556.1.4.803:=16)
-# verified: (inetdomainstatus:1.2.840.113556.1.4.803:=32)
-# ready: (inetdomainstatus:1.2.840.113556.1.4.803:=64)
-
-sed -i -r \
- -e 's/^query_filter.*$/query_filter = (\&(associatedDomain=%s)(inetdomainstatus:1.2.840.113556.1.4.803:=18)(!(inetdomainstatus:1.2.840.113556.1.4.803:=4)))/g' \
- /etc/postfix/ldap/mydestination.cf
-
-# new: (inetuserstatus:1.2.840.113556.1.4.803:=1)
-# active: (inetuserstatus:1.2.840.113556.1.4.803:=2)
-# suspended: (inetuserstatus:1.2.840.113556.1.4.803:=4)
-# deleted: (inetuserstatus:1.2.840.113556.1.4.803:=8)
-# ldapready: (inetuserstatus:1.2.840.113556.1.4.803:=16)
-# imapready: (inetuserstatus:1.2.840.113556.1.4.803:=32)
-
-sed -i -r \
- -e 's/^query_filter.*$/query_filter = (\&(|(mail=%s)(alias=%s))(|(objectclass=kolabinetorgperson)(|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgroupofurls))(|(|(objectclass=groupofuniquenames)(objectclass=groupofurls))(objectclass=kolabsharedfolder))(objectclass=kolabsharedfolder))(!(inetuserstatus:1.2.840.113556.1.4.803:=4)))/g' \
- /etc/postfix/ldap/local_recipient_maps.cf
-
-systemctl restart postfix
diff --git a/docker/kolab/utils/22-create-resource.sh b/docker/kolab/utils/22-create-resource.sh
deleted file mode 100755
--- a/docker/kolab/utils/22-create-resource.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-
- . ./settings.sh
-
-(
- echo "dn: cn=TestResource,ou=Resources,ou=kolab.org,${hosted_domain_rootdn}"
- echo "cn: TestResource"
- echo "owner: uid=jack@kolab.org,ou=People,ou=kolab.org,${hosted_domain_rootdn}"
- echo "kolabTargetFolder: shared/Resources/TestResource@kolab.org"
- echo "mail: resource-confroom-testresource@kolab.org"
- echo "objectClass: top"
- echo "objectClass: kolabsharedfolder"
- echo "objectClass: kolabresource"
- echo "objectClass: mailrecipient"
- echo "kolabFolderType: event"
- echo "kolabInvitationPolicy: ACT_STORE_AND_NOTIFY"
- echo ""
-) | ldapadd -x -h ${ldap_host} -D "${ldap_binddn}" -w "${ldap_bindpw}"
diff --git a/docker/kolab/utils/24-roundcubeconfig.sh b/docker/kolab/utils/24-roundcubeconfig.sh
deleted file mode 100755
--- a/docker/kolab/utils/24-roundcubeconfig.sh
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/bash
-
-sed -i -r -e "s|$config\['kolab_files_url'\] = .*$|$config['kolab_files_url'] = 'https://' \. \$_SERVER['HTTP_HOST'] . '/chwala/';|g" /etc/roundcubemail/kolab_files.inc.php
-
-sed -i -r -e "s|$config\['kolab_invitation_calendars'\] = .*$|$config['kolab_invitation_calendars'] = true;|g" /etc/roundcubemail/calendar.inc.php
-
-sed -i -r -e "/^.*'contextmenu',$/a 'enigma'," /etc/roundcubemail/config.inc.php
-
-sed -i -r -e "s|$config\['enigma_passwordless'\] = .*$|$config['enigma_passwordless'] = true;|g" /etc/roundcubemail/enigma.inc.php
-sed -i -r -e "s|$config\['enigma_multihost'\] = .*$|$config['enigma_multihost'] = true;|g" /etc/roundcubemail/enigma.inc.php
-
-echo "\$config['enigma_woat'] = true;" >> /etc/roundcubemail/enigma.inc.php
-
-# Run it over haproxy then nginx for 2fa. We need to use startls because otherwise the proxy protocol doesn't work.
-sed -i -r -e "s|$config\['default_host'\] = .*$|$config['default_host'] = 'tls://127.0.0.1';|g" /etc/roundcubemail/config.inc.php
-sed -i -r -e "s|$config\['default_port'\] = .*$|$config['default_port'] = 145;|g" /etc/roundcubemail/config.inc.php
-
-# So we can just append
-sed -i "s/?>//g" /etc/roundcubemail/config.inc.php
-
-# Enable the PROXY protocol
-cat << EOF >> /etc/roundcubemail/config.inc.php
- \$config['imap_conn_options'] = Array(
- 'ssl' => Array(
- 'verify_peer_name' => false,
- 'verify_peer' => false,
- 'allow_self_signed' => true
- ),
- 'proxy_protocol' => 2
- );
- \$config['proxy_whitelist'] = array('127.0.0.1');
-EOF
-
-echo "?>" >> /etc/roundcubemail/config.inc.php
-
-
-# Send dns queries over powerdns
-rm -f /etc/resolv.conf
-echo "nameserver 127.0.0.1:9953" > /etc/resolv.conf
diff --git a/docker/kolab/utils/settings.sh b/docker/kolab/utils/settings.sh
--- a/docker/kolab/utils/settings.sh
+++ b/docker/kolab/utils/settings.sh
@@ -3,13 +3,13 @@
export rootdn=${LDAP_ADMIN_ROOT_DN:-"dc=mgmt,dc=com"}
export domain=${DOMAIN:-"mgmt.com"}
export domain_db=${DOMAIN_DB:-"mgmt_com"}
-export ldap_host=${LDAP_HOST:-"127.0.0.1"}
+export ldap_host=${LDAP_HOST}
export ldap_binddn=${LDAP_ADMIN_BIND_DN:-"cn=Directory Manager"}
export ldap_bindpw=${LDAP_ADMIN_BIND_PW:-"Welcome2KolabSystems"}
export cyrus_admin=${IMAP_ADMIN_LOGIN:-"cyrus-admin"}
-export imap_host=${IMAP_HOST:-"127.0.0.1"}
+export imap_host=${IMAP_HOST}
export cyrus_admin_pw=${IMAP_ADMIN_PASSWORD:-"Welcome2KolabSystems"}
export kolab_service_pw=${LDAP_SERVICE_BIND_PW:-"Welcome2KolabSystems"}
diff --git a/docker/mariadb/mysql-init/80-add-users.sh b/docker/mariadb/mysql-init/80-add-users.sh
deleted file mode 100644
--- a/docker/mariadb/mysql-init/80-add-users.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-create_arbitrary_users() {
-
- # Do not care what option is compulsory here, just create what is specified
- log_info "Creating user specified by (${2}) ..."
-mysql $mysql_flags <<EOSQL
- CREATE USER '${2}'@'${4}' IDENTIFIED BY '${3}';
-EOSQL
-
- log_info "Granting privileges to user ${2} for ${1} ..."
-mysql $mysql_flags <<EOSQL
- GRANT ALL ON \`${1}\`.* TO '${2}'@'${4}' ;
- FLUSH PRIVILEGES ;
-EOSQL
-}
-
-DB_NO=1
-while [[ ${DB_NO} -ne 0 ]]; do
- DB_CUR="DB_${DB_NO}"
- if [[ -n $(eval echo '${!'${DB_CUR}'*}') ]]; then
- NAME="${DB_CUR}_NAME"
- USER="${DB_CUR}_USER"
- PASS="${DB_CUR}_PASS"
- HOST="${DB_CUR}_HOST"
- create_arbitrary_users ${!NAME} ${!USER} ${!PASS:-Welcome2KolabSystems} ${!HOST:-127.0.0.1} || true
- let "DB_NO+=1"
- else
- DB_NO=0
- fi
-done
diff --git a/docker/mariadb/mysql-init/81-update-root-user.sh b/docker/mariadb/mysql-init/81-update-root-user.sh
deleted file mode 100644
--- a/docker/mariadb/mysql-init/81-update-root-user.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-if [ ! -v ${MYSQL_ROOT_PASSWORD} ]; then
- log_info "Update root user for host 127.0.0.1 ..."
-mysql $mysql_flags <<EOSQL
- UPDATE mysql.user SET Password = PASSWORD('${MYSQL_ROOT_PASSWORD}') WHERE User = 'root' AND Host = '127.0.0.1';
- FLUSH PRIVILEGES;
-EOSQL
-fi
-
diff --git a/docker/mariadb/mysql-init/setup.sh b/docker/mariadb/mysql-init/setup.sh
new file mode 100755
--- /dev/null
+++ b/docker/mariadb/mysql-init/setup.sh
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+MYSQL_PWD=$MARIADB_ROOT_PASSWORD mysql --protocol=socket -uroot -hlocalhost --socket="/run/mysqld/mysqld.sock" << EOF
+CREATE DATABASE IF NOT EXISTS ${DB_HKCCP_DATABASE};
+CREATE USER '${DB_HKCCP_USERNAME}'@'%' IDENTIFIED BY '${DB_HKCCP_PASSWORD}';
+GRANT ALL PRIVILEGES ON ${DB_HKCCP_DATABASE}.* TO '${DB_HKCCP_USERNAME}'@'%' IDENTIFIED BY '${DB_HKCCP_PASSWORD}';
+FLUSH PRIVILEGES;
+EOF
+
+# Powerdns setup according to https://github.com/PowerDNS/pdns/blob/master/modules/gmysqlbackend/schema.mysql.sql
+# Required for the first boot, afterwards the laravel migration will take over.
+# This is only required so pdns can start cleanly, indexes etc are handled by the laravel migration.
+MYSQL_PWD=$MARIADB_ROOT_PASSWORD mysql --protocol=socket -uroot -hlocalhost --socket="/run/mysqld/mysqld.sock" ${DB_HKCCP_DATABASE} << EOF
+CREATE TABLE powerdns_domains (
+ id INT AUTO_INCREMENT,
+ name VARCHAR(255) NOT NULL,
+ master VARCHAR(128) DEFAULT NULL,
+ last_check INT DEFAULT NULL,
+ type VARCHAR(8) NOT NULL,
+ notified_serial INT UNSIGNED DEFAULT NULL,
+ account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
+ options VARCHAR(64000) DEFAULT NULL,
+ catalog VARCHAR(255) DEFAULT NULL,
+ PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE TABLE powerdns_records (
+ id BIGINT AUTO_INCREMENT,
+ domain_id INT DEFAULT NULL,
+ name VARCHAR(255) DEFAULT NULL,
+ type VARCHAR(10) DEFAULT NULL,
+ content VARCHAR(64000) DEFAULT NULL,
+ ttl INT DEFAULT NULL,
+ prio INT DEFAULT NULL,
+ disabled TINYINT(1) DEFAULT 0,
+ ordername VARCHAR(255) BINARY DEFAULT NULL,
+ auth TINYINT(1) DEFAULT 1,
+ PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE TABLE powerdns_masters (
+ ip VARCHAR(64) NOT NULL,
+ nameserver VARCHAR(255) NOT NULL,
+ account VARCHAR(40) CHARACTER SET 'utf8' NOT NULL,
+ PRIMARY KEY (ip, nameserver)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+CREATE TABLE powerdns_comments (
+ id INT AUTO_INCREMENT,
+ domain_id INT NOT NULL,
+ name VARCHAR(255) NOT NULL,
+ type VARCHAR(10) NOT NULL,
+ modified_at INT NOT NULL,
+ account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL,
+ comment TEXT CHARACTER SET 'utf8' NOT NULL,
+ PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+
+CREATE TABLE powerdns_cryptokeys (
+ id INT AUTO_INCREMENT,
+ domain_id INT NOT NULL,
+ flags INT NOT NULL,
+ active BOOL,
+ published BOOL DEFAULT 1,
+ content TEXT,
+ PRIMARY KEY(id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+
+CREATE TABLE powerdns_tsigkeys (
+ id INT AUTO_INCREMENT,
+ name VARCHAR(255),
+ algorithm VARCHAR(50),
+ secret VARCHAR(255),
+ PRIMARY KEY (id)
+) Engine=InnoDB CHARACTER SET 'latin1';
+
+EOF
diff --git a/docker/pdns/Dockerfile b/docker/pdns/Dockerfile
--- a/docker/pdns/Dockerfile
+++ b/docker/pdns/Dockerfile
@@ -6,9 +6,9 @@
RUN dnf -y install \
--setopt 'tsflags=nodocs' \
bind-utils \
- cronie \
iproute \
iptables \
+ iputils \
net-tools \
pdns \
pdns-backend-mysql \
@@ -23,7 +23,7 @@
COPY pdns.conf /etc/pdns/pdns.conf
COPY recursor.conf /etc/pdns-recursor/recursor.conf
-RUN systemctl enable pdns && systemctl enable pdns-recursor
+RUN systemctl disable systemd-resolved && systemctl enable pdns && systemctl enable pdns-recursor
# This is how we could run pdns without systemd
# ENV PDNS_guardian=yes \
@@ -34,4 +34,4 @@
# CMD ["/usr/sbin/pdns_server", "--guardian=no", "--daemon=no", "--disable-syslog", "--log-timestamp=no", "--write-pid=no"]
CMD ["/lib/systemd/systemd", "--system"]
-EXPOSE 9953 9953/udp
+EXPOSE 53 53/udp
diff --git a/docker/pdns/pdns.conf b/docker/pdns/pdns.conf
--- a/docker/pdns/pdns.conf
+++ b/docker/pdns/pdns.conf
@@ -2,11 +2,11 @@
log-dns-details
query-logging=yes
-local-address=127.0.0.1:5300, [::1]:5300
+local-address=127.0.0.1:5300
edns-subnet-processing
-gmysql-host=127.0.0.1
+gmysql-host=mariadb
gmysql-dbname=kolabdev
gmysql-password=kolab
gmysql-user=kolabdev
diff --git a/docker/pdns/recursor.conf b/docker/pdns/recursor.conf
--- a/docker/pdns/recursor.conf
+++ b/docker/pdns/recursor.conf
@@ -1,4 +1,6 @@
-local-address=127.0.0.1
-local-port=9953
+local-address=0.0.0.0
+local-port=53
allow-from=0.0.0.0/0
forward-zones=_woat.kolab.org=127.0.0.1:5300
+# Forward everything else to the docker resolver, so we can still resolve other containers when using pdns
+forward-zones-recurse=.=127.0.0.11
diff --git a/docker/proxy/Dockerfile b/docker/proxy/Dockerfile
--- a/docker/proxy/Dockerfile
+++ b/docker/proxy/Dockerfile
@@ -26,4 +26,4 @@
CMD ["nginx", "-g", "daemon off;"]
-EXPOSE 80/tcp 443/tcp 110/tcp 143/tcp 993/tcp 995/tcp
+EXPOSE 80/tcp 443/tcp 465/tcp 587/tcp 143/tcp 144/tcp 993/tcp
diff --git a/docker/proxy/rootfs/etc/nginx/nginx.conf b/docker/proxy/rootfs/etc/nginx/nginx.conf
--- a/docker/proxy/rootfs/etc/nginx/nginx.conf
+++ b/docker/proxy/rootfs/etc/nginx/nginx.conf
@@ -55,7 +55,7 @@
include /etc/nginx/default.d/*.conf;
location / {
- proxy_pass http://127.0.0.1:8000;
+ proxy_pass http://webapp:8000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
@@ -69,7 +69,7 @@
}
location /meetmedia {
- proxy_pass https://127.0.0.1:12443;
+ proxy_pass https://meet:12443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
@@ -77,7 +77,7 @@
}
location /meetmedia/api {
- proxy_pass https://127.0.0.1:12443;
+ proxy_pass https://meet:12443;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
@@ -89,7 +89,7 @@
}
location /roundcubemail {
- proxy_pass http://127.0.0.1:9080;
+ proxy_pass http://kolab:9080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
@@ -101,7 +101,7 @@
}
location /kolab-webadmin {
- proxy_pass http://127.0.0.1:9080;
+ proxy_pass http://kolab:9080;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
@@ -116,7 +116,7 @@
auth_request /auth;
#auth_request_set $auth_status $upstream_status;
- proxy_pass http://127.0.0.1:9080;
+ proxy_pass http://kolab:9080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -127,7 +127,7 @@
}
location ~* ^/\\.well-known/(caldav|carddav) {
- proxy_pass http://127.0.0.1:9080;
+ proxy_pass http://kolab:9080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -137,7 +137,7 @@
auth_request /auth;
#auth_request_set $auth_status $upstream_status;
- proxy_pass http://127.0.0.1:9080;
+ proxy_pass http://kolab:9080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -145,7 +145,7 @@
location = /auth {
internal;
- proxy_pass http://127.0.0.1:8000/api/webhooks/nginx-httpauth;
+ proxy_pass http://webapp:8000/api/webhooks/nginx-httpauth;
proxy_pass_request_body off;
proxy_set_header Host services.APP_WEBSITE_DOMAIN;
proxy_set_header Content-Length "";
@@ -169,7 +169,7 @@
mail {
server_name imap.hosted.com;
- auth_http 127.0.0.1:8000/api/webhooks/nginx;
+ auth_http webapp:8000/api/webhooks/nginx;
auth_http_header Host services.APP_WEBSITE_DOMAIN;
proxy_pass_error_message on;
@@ -193,7 +193,7 @@
listen 144 proxy_protocol;
protocol imap;
- auth_http 127.0.0.1:8000/api/webhooks/nginx-roundcube;
+ auth_http webapp:8000/api/webhooks/nginx-roundcube;
proxy on;
starttls on;
diff --git a/docker/redis/Dockerfile b/docker/redis/Dockerfile
--- a/docker/redis/Dockerfile
+++ b/docker/redis/Dockerfile
@@ -1,7 +1,6 @@
-FROM fedora:34
+FROM fedora:35
ENV container docker
-ENV SYSTEMD_PAGER=''
RUN dnf -y install \
--setopt 'tsflags=nodocs' \
@@ -12,16 +11,15 @@
net-tools \
procps-ng \
redis \
- suricata \
vim-enhanced \
wget \
which && \
dnf clean all
-COPY redis.conf /etc/redis.conf
-
-RUN systemctl enable redis
+COPY redis.conf /etc/redis/redis.conf
WORKDIR /root/
-CMD ["/usr/bin/redis-server"]
+CMD ["/usr/bin/redis-server", "/etc/redis/redis.conf"]
+
+EXPOSE 6379/tcp
diff --git a/docker/redis/redis.conf b/docker/redis/redis.conf
--- a/docker/redis/redis.conf
+++ b/docker/redis/redis.conf
@@ -61,7 +61,7 @@
# Examples:
#
# bind 192.168.1.100 10.0.0.1
-bind 127.0.0.1
+#bind 127.0.0.1
# Specify the path for the Unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
@@ -825,3 +825,6 @@
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
aof-rewrite-incremental-fsync yes
+
+# We need to connect over non-localhost
+protected-mode no
diff --git a/docker/webapp/init.sh b/docker/webapp/init.sh
--- a/docker/webapp/init.sh
+++ b/docker/webapp/init.sh
@@ -24,11 +24,6 @@
PASSPORT_PUBLIC_KEY="$(cat storage/oauth-public.key)"
EOF
-if rpm -qv chromium 2>/dev/null; then
- chver=$(rpmquery --queryformat="%{VERSION}" chromium | awk -F'.' '{print $1}')
- ./artisan dusk:chrome-driver ${chver}
-fi
-
if [ ! -f 'resources/countries.php' ]; then
./artisan data:countries
fi
diff --git a/src/.env.example b/src/.env.example
--- a/src/.env.example
+++ b/src/.env.example
@@ -2,11 +2,11 @@
APP_ENV=local
APP_KEY=
APP_DEBUG=true
-APP_URL=http://127.0.0.1:8000
+APP_URL=https://kolab.local
#APP_PASSPHRASE=
-APP_PUBLIC_URL=
-APP_DOMAIN=kolabnow.com
-APP_WEBSITE_DOMAIN=kolabnow.com
+APP_PUBLIC_URL=https://kolab.local
+APP_DOMAIN=kolab.local
+APP_WEBSITE_DOMAIN=kolab.local
APP_THEME=default
APP_TENANT_ID=5
APP_LOCALE=en
@@ -23,9 +23,9 @@
SIGNUP_LIMIT_EMAIL=0
SIGNUP_LIMIT_IP=0
-ASSET_URL=http://127.0.0.1:8000
+ASSET_URL=https://kolab.local
-WEBMAIL_URL=/apps
+WEBMAIL_URL=/roundcubemail/
SUPPORT_URL=/support
SUPPORT_EMAIL=
@@ -36,7 +36,7 @@
DB_CONNECTION=mysql
DB_DATABASE=kolabdev
-DB_HOST=127.0.0.1
+DB_HOST=mariadb
DB_PASSWORD=kolab
DB_PORT=3306
DB_USERNAME=kolabdev
@@ -51,12 +51,13 @@
OPENEXCHANGERATES_API_KEY="from openexchangerates.org"
-MFA_DSN=mysql://roundcube:Welcome2KolabSystems@127.0.0.1/roundcube
+MFA_DSN=mysql://roundcube:Welcome2KolabSystems@mariadb/roundcube
MFA_TOTP_DIGITS=6
MFA_TOTP_INTERVAL=30
MFA_TOTP_DIGEST=sha1
-IMAP_URI=ssl://127.0.0.1:11993
+IMAP_URI=ssl://kolab:11993
+IMAP_HOST=172.18.0.5
IMAP_ADMIN_LOGIN=cyrus-admin
IMAP_ADMIN_PASSWORD=Welcome2KolabSystems
IMAP_VERIFY_HOST=false
@@ -64,7 +65,7 @@
LDAP_BASE_DN="dc=mgmt,dc=com"
LDAP_DOMAIN_BASE_DN="ou=Domains,dc=mgmt,dc=com"
-LDAP_HOSTS=127.0.0.1
+LDAP_HOSTS=kolab
LDAP_PORT=389
LDAP_SERVICE_BIND_DN="uid=kolab-service,ou=Special Users,dc=mgmt,dc=com"
LDAP_SERVICE_BIND_PW="Welcome2KolabSystems"
@@ -81,22 +82,24 @@
LDAP_HOSTED_BIND_PW="Welcome2KolabSystems"
LDAP_HOSTED_ROOT_DN="dc=hosted,dc=com"
-COTURN_PUBLIC_IP=127.0.0.1
+COTURN_PUBLIC_IP='172.18.0.1'
COTURN_STATIC_SECRET="Welcome2KolabSystems"
MEET_WEBHOOK_TOKEN=Welcome2KolabSystems
MEET_SERVER_TOKEN=Welcome2KolabSystems
-MEET_SERVER_URLS=https://localhost:12443/meetmedia/api/
-MEET_SERVER_VERIFY_TLS=true
+MEET_SERVER_URLS=https://kolab.local/meetmedia/api/
+MEET_SERVER_VERIFY_TLS=false
-MEET_WEBRTC_LISTEN_IP=
-MEET_PUBLIC_DOMAIN=127.0.0.1:12443
-MEET_TURN_SERVER='turn:127.0.0.1:3478?transport=tcp'
+MEET_WEBRTC_LISTEN_IP='172.18.0.1'
+MEET_PUBLIC_DOMAIN=kolab.local
+MEET_TURN_SERVER='turn:172.18.0.1:3478'
+MEET_LISTENING_HOST=172.18.0.1
-PGP_ENABLED=
-PGP_BINARY=
-PGP_AGENT=
-PGP_GPGCONF=
+
+PGP_ENABLE=true
+PGP_BINARY=/usr/bin/gpg
+PGP_AGENT=/usr/bin/gpg-agent
+PGP_GPGCONF=/usr/bin/gpgconf
PGP_LENGTH=
# Set these to IP addresses you serve WOAT with.
@@ -104,7 +107,7 @@
WOAT_NS1=ns01.domain.tld
WOAT_NS2=ns02.domain.tld
-REDIS_HOST=127.0.0.1
+REDIS_HOST=redis
REDIS_PASSWORD=null
REDIS_PORT=6379
@@ -117,6 +120,7 @@
STRIPE_PUBLIC_KEY=
STRIPE_WEBHOOK_SECRET=
+MAIL_DRIVER=log
MAIL_MAILER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
@@ -179,13 +183,5 @@
KOLAB_SSL_CERTIFICATE_FULLCHAIN=/etc/pki/tls/certs/kolab.hosted.com.chain.pem
KOLAB_SSL_CERTIFICATE_KEY=/etc/pki/tls/certs/kolab.hosted.com.key
-PROXY_SSL_CERTIFICATE=/etc/pki/tls/certs/imap.hosted.com.cert
-PROXY_SSL_CERTIFICATE_KEY=/etc/pki/tls/certs/imap.hosted.com.key
-
-NGINX_SSL_CERTIFICATE=/etc/pki/tls/certs/imap.hosted.com.cert
-NGINX_SSL_CERTIFICATE_KEY=/etc/pki/tls/certs/imap.hosted.com.key
-
-PGP_ENABLE=true
-PGP_BINARY=/usr/bin/gpg
-PGP_AGENT=/usr/bin/gpg-agent
-PGP_GPGCONF=/usr/bin/gpgconf
+PROXY_SSL_CERTIFICATE=/etc/certs/imap.hosted.com.cert
+PROXY_SSL_CERTIFICATE_KEY=/etc/certs/imap.hosted.com.key
diff --git a/src/config/imap.php b/src/config/imap.php
--- a/src/config/imap.php
+++ b/src/config/imap.php
@@ -1,12 +1,12 @@
<?php
return [
- 'uri' => env('IMAP_URI', '127.0.0.1'),
+ 'uri' => env('IMAP_URI', 'ssl://kolab:11993'),
'admin_login' => env('IMAP_ADMIN_LOGIN', 'cyrus-admin'),
'admin_password' => env('IMAP_ADMIN_PASSWORD', null),
'verify_peer' => env('IMAP_VERIFY_PEER', true),
'verify_host' => env('IMAP_VERIFY_HOST', true),
- 'host' => env('IMAP_HOST', '127.0.0.1'),
+ 'host' => env('IMAP_HOST', '172.18.0.5'),
'imap_port' => env('IMAP_PORT', 12143),
'guam_port' => env('IMAP_GUAM_PORT', 9143),
];
diff --git a/src/config/smtp.php b/src/config/smtp.php
--- a/src/config/smtp.php
+++ b/src/config/smtp.php
@@ -1,6 +1,6 @@
<?php
return [
- 'host' => env('SMTP_HOST', '127.0.0.1'),
+ 'host' => env('SMTP_HOST', '172.18.0.5'),
'port' => env('SMTP_PORT', 10465),
];
diff --git a/src/database/migrations/2020_06_04_115409_create_powerdns_tables.php b/src/database/migrations/2020_06_04_115409_create_powerdns_tables.php
--- a/src/database/migrations/2020_06_04_115409_create_powerdns_tables.php
+++ b/src/database/migrations/2020_06_04_115409_create_powerdns_tables.php
@@ -14,6 +14,15 @@
*/
public function up()
{
+ //Drop the tables from the mysql initialization
+ Schema::dropIfExists('powerdns_domains');
+ Schema::dropIfExists('powerdns_records');
+ Schema::dropIfExists('powerdns_masters');
+ Schema::dropIfExists('powerdns_comments');
+ Schema::dropIfExists('powerdns_domain_settings');
+ Schema::dropIfExists('powerdns_cryptokeys');
+ Schema::dropIfExists('powerdns_tsigkeys');
+
Schema::create(
'powerdns_domains',
function (Blueprint $table) {

File Metadata

Mime Type
text/plain
Expires
Mon, Mar 30, 11:27 AM (1 w, 1 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18806217
Default Alt Text
D3845.1774870030.diff (96 KB)

Event Timeline