No OneTemporary
Actions

Authored By

Unknown

Size

16 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/docker-compose.yml b/docker-compose.yml
	index 8043862b..fcd80c29 100644
	--- a/docker-compose.yml
	+++ b/docker-compose.yml
	@@ -1,222 +1,224 @@
	version: '3'
	services:
	coturn:
	build:
	context: ./docker/coturn/
	container_name: kolab-coturn
	healthcheck:
	interval: 10s
	test: "kill -0 $$(cat /tmp/turnserver.pid)"
	timeout: 5s
	retries: 30
	environment:
	- TURN_PUBLIC_IP=${COTURN_PUBLIC_IP}
	- TURN_LISTEN_PORT=3478
	- TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
	hostname: sturn.mgmt.com
	image: kolab-coturn
	network_mode: host
	restart: on-failure
	roundcube:
	build:
	context: ./docker/roundcube/
	container_name: kolab-roundcube
	hostname: roundcube.hosted.com
	restart: on-failure
	depends_on:
	mariadb:
	condition: service_healthy
	pdns:
	condition: service_healthy
	environment:
	- APP_DOMAIN=${APP_DOMAIN}
	- DB_HOST=mariadb
	- DB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
	- DB_RC_DATABASE=roundcube
	- DB_RC_USERNAME=roundcube
	- DB_RC_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"}
	- IMAP_HOST=imap
	- IMAP_PORT=11143
	- IMAP_ADMIN_LOGIN=${IMAP_ADMIN_LOGIN}
	- IMAP_ADMIN_PASSWORD=${IMAP_ADMIN_PASSWORD}
	- MAIL_HOST=postfix
	- MAIL_PORT=10587
	healthcheck:
	interval: 10s
	test: "kill -0 $$(cat /run/httpd/httpd.pid)"
	timeout: 5s
	retries: 30
	# This makes docker's dns, resolve via pdns for this container.
	# Please note it does not affect /etc/resolv.conf
	dns: 172.18.0.11
	image: roundcube
	networks:
	kolab:
	ipv4_address: 172.18.0.9
	ports:
	- "8080:8080"
	tmpfs:
	- /tmp
	- /var/tmp
	volumes:
	- ./ext/:/src.orig/:ro
	+ - roundcube:/data
	mariadb:
	container_name: kolab-mariadb
	restart: on-failure
	environment:
	- MARIADB_ROOT_PASSWORD=${DB_ROOT_PASSWORD}
	- TZ="+02:00"
	- DB_HKCCP_DATABASE=${DB_DATABASE}
	- DB_HKCCP_USERNAME=${DB_USERNAME}
	- DB_HKCCP_PASSWORD=${DB_PASSWORD}
	- DB_KOLAB_DATABASE=kolab
	- DB_KOLAB_USERNAME=kolab
	- DB_KOLAB_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"}
	healthcheck:
	interval: 10s
	test: test -e /var/run/mysqld/mysqld.sock
	timeout: 5s
	retries: 30
	image: mariadb:10.9
	networks:
	kolab:
	ipv4_address: 172.18.0.3
	volumes:
	- ./docker/mariadb/mysql-init/:/docker-entrypoint-initdb.d/
	- ./docker/mariadb/mysql-update/:/always-initdb.d/
	- mariadb:/var/lib/mysql
	pdns:
	build:
	context: ./docker/pdns/
	container_name: kolab-pdns
	restart: on-failure
	tty: true
	hostname: pdns
	depends_on:
	mariadb:
	condition: service_healthy
	healthcheck:
	interval: 10s
	test: "pdns_control rping \|\| exit 1"
	timeout: 5s
	retries: 30
	image: kolab-pdns
	environment:
	- ROLE=both
	- DB_HOST=mariadb
	- DB_DATABASE=${DB_DATABASE:?DB_DATABASE}
	- DB_USERNAME=${DB_USERNAME:?DB_USERNAME}
	- DB_PASSWORD=${DB_PASSWORD:?DB_PASSWORD}
	networks:
	kolab:
	ipv4_address: 172.18.0.11
	tmpfs:
	- /run
	- /tmp
	- /var/run
	- /var/tmp
	volumes:
	- /sys/fs/cgroup:/sys/fs/cgroup:ro
	redis:
	build:
	context: ./docker/redis/
	healthcheck:
	interval: 10s
	test: "redis-cli ping \|\| exit 1"
	timeout: 5s
	retries: 30
	container_name: kolab-redis
	restart: on-failure
	hostname: redis
	image: redis
	networks:
	- kolab
	volumes:
	- ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro
	webapp:
	build:
	context: ./docker/webapp/
	args:
	GIT_REF: ${KOLAB_GIT_REF:-master}
	container_name: kolab-webapp
	restart: on-failure
	image: kolab-webapp
	healthcheck:
	interval: 10s
	test: "./artisan octane:status \|\| exit 1"
	timeout: 5s
	retries: 30
	start_period: 5m
	depends_on:
	redis:
	condition: service_healthy
	networks:
	kolab:
	ipv4_address: 172.18.0.4
	volumes:
	- ./src:/src/kolabsrc.orig:ro
	ports:
	- "8000:8000"
	meet:
	build:
	context: ./docker/meet/
	args:
	GIT_REF: ${KOLAB_GIT_REF:-master}
	container_name: kolab-meet
	restart: on-failure
	healthcheck:
	interval: 10s
	test: "curl --insecure -H 'X-AUTH-TOKEN: ${MEET_SERVER_TOKEN}' --fail https://${MEET_LISTENING_HOST}:12443/meetmedia/api/health \|\| exit 1"
	timeout: 5s
	retries: 30
	start_period: 5m
	environment:
	- WEBRTC_LISTEN_IP=${MEET_WEBRTC_LISTEN_IP:?err}
	- PUBLIC_DOMAIN=${MEET_PUBLIC_DOMAIN:?err}
	- LISTENING_HOST=${MEET_LISTENING_HOST:?err}
	- LISTENING_PORT=12443
	- TURN_SERVER=${MEET_TURN_SERVER}
	- TURN_STATIC_SECRET=${COTURN_STATIC_SECRET}
	- AUTH_TOKEN=${MEET_SERVER_TOKEN:?err}
	- WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN:?err}
	- WEBHOOK_URL=${APP_PUBLIC_URL:?err}/api/webhooks/meet
	- SSL_CERT=/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN:?err}.cert
	- SSL_KEY=/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN:?err}.key
	network_mode: host
	image: kolab-meet
	volumes:
	- ./meet/server:/src/meet/:ro
	- ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.cert:/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN}.cert
	- ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.key:/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN}.key
	minio:
	container_name: kolab-minio
	restart: on-failure
	healthcheck:
	interval: 10s
	test: "mc ready local \|\| exit 1"
	timeout: 5s
	retries: 30
	start_period: 5m
	environment:
	- MINIO_ROOT_USER=${MINIO_USER}
	- MINIO_ROOT_PASSWORD=${MINIO_PASSWORD}
	image: minio/minio
	networks:
	kolab:
	ipv4_address: 172.18.0.14
	ports:
	- "9000:9000"
	- "9001:9001"
	entrypoint: sh
	command: -c 'mkdir -p /data/${MINIO_BUCKET} && minio server /data --console-address ":9001"'
	volumes:
	- minio:/data
	networks:
	kolab:
	driver: bridge
	ipam:
	config:
	- subnet: "172.18.0.0/24"
	volumes:
	mariadb:
	minio:
	+ roundcube:
	diff --git a/docker/roundcube/Dockerfile b/docker/roundcube/Dockerfile
	index 037eaf26..a6d4f196 100644
	--- a/docker/roundcube/Dockerfile
	+++ b/docker/roundcube/Dockerfile
	@@ -1,91 +1,95 @@
	FROM quay.io/centos/centos:stream9

	MAINTAINER Christian Mollekopf <mollekopf@apheleia-it.ch>

	ENV HOME=/opt/app-root/src

	LABEL io.k8s.description="Platform for serving PHP roundcube applications" \
	io.k8s.display-name="Roundcube" \
	io.openshift.expose-services="80:http" \
	io.openshift.tags="builder,php,apache"

	RUN dnf -y update

	# Add EPEL.
	RUN dnf -y install 'dnf-command(config-manager)' && \
	dnf config-manager --set-enabled crb && \
	dnf -y install \
	epel-release epel-next-release && \
	dnf clean all

	# Add the EPEL key.
	RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9


	# Add kolab
	RUN rpm --import https://mirror.apheleia-it.ch/repos/Kolab:/16/key.asc && \
	rpm -Uvh https://mirror.apheleia-it.ch/repos/Kolab:/16/kolab-16-for-el9stream.rpm

	# Install php modules
	RUN sed -i -e '/^ssl/d' /etc/yum.repos.d/kolab*.repo && \
	dnf config-manager --enable kolab-16-testing &&\
	dnf -y --setopt tsflags= install php-kolab php-kolabformat &&\
	dnf clean all

	RUN dnf -y install \
	composer \
	diffutils \
	file \
	git \
	make \
	unzip \
	curl-minimal \
	mariadb \
	which \
	rsync \
	openssl-devel \
	httpd \
	patch \
	php-cli \
	php-common \
	php-devel \
	php-ldap \
	php-opcache \
	php-pecl-apcu \
	php-mysqlnd \
	php-gd \
	php-fpm \
	php-pear \
	ImageMagick \
	re2c \
	npm \
	wget && \
	dnf -y install procps-ng iputils bind-utils sudo telnet && \
	dnf clean all


	RUN npm install -g less less-plugin-clean-css

	WORKDIR ${HOME}

	COPY /rootfs /
	RUN /opt/app-root/src/build.sh

	+VOLUME /data
	+
	RUN chgrp -R 0 /opt/app-root/src && \
	chmod -R g=u /opt/app-root/src

	RUN mkdir -p /run/php-fpm && \
	chmod 777 /run/php-fpm && \
	mkdir -p /run/httpd && \
	chmod 777 /run/httpd && \
	- chmod -R 777 /etc/httpd /var/log/httpd /var/lib/httpd
	+ mkdir -p /data && \
	+ chmod 777 /data && \
	+ chmod -R 777 /etc/httpd /var/log/httpd /var/lib/httpd /data

	-RUN chown -R 1001:0 /opt/app-root/src
	+RUN chown -R 1001:0 /opt/app-root/src /data
	USER 1001

	EXPOSE 8080

	# https://httpd.apache.org/docs/2.4/stopping.html#gracefulstop
	STOPSIGNAL SIGWINCH

	CMD [ "/opt/app-root/src/init.sh" ]
	diff --git a/docker/roundcube/rootfs/opt/app-root/src/build.sh b/docker/roundcube/rootfs/opt/app-root/src/build.sh
	index 3e4ade20..44d38e8c 100755
	--- a/docker/roundcube/rootfs/opt/app-root/src/build.sh
	+++ b/docker/roundcube/rootfs/opt/app-root/src/build.sh
	@@ -1,61 +1,56 @@
	#!/bin/bash
	set -e
	set -x

	pushd /opt/app-root/src/

	# Clone what we don't find (roundcubemail-skin-elastic is not publicly available, so can't be included this way)
	if [ ! -d roundcubemail ]; then
	git clone --branch dev/kolab-1.5 https://git.kolab.org/source/roundcubemail.git roundcubemail
	fi
	if [ ! -d roundcubemail-plugins-kolab ]; then
	git clone --branch master https://git.kolab.org/diffusion/RPK/roundcubemail-plugins-kolab.git roundcubemail-plugins-kolab
	fi
	if [ ! -d syncroton ]; then
	git clone --branch master https://git.kolab.org/diffusion/S/syncroton.git syncroton
	fi
	if [ ! -d iRony ]; then
	git clone --branch master https://git.kolab.org/source/iRony.git iRony
	fi
	if [ ! -d chwala ]; then
	git clone --branch master https://git.kolab.org/diffusion/C/chwala.git chwala
	fi
	if [ ! -d autoconf ]; then
	git clone --branch master https://git.kolab.org/diffusion/AC/autoconf.git autoconf
	fi
	if [ ! -d freebusy ]; then
	git clone --branch master https://git.kolab.org/diffusion/F/freebusy.git freebusy
	fi


	pushd roundcubemail
	cp /opt/app-root/src/composer.json composer.json
	rm -rf vendor/ composer.lock
	php -dmemory_limit=-1 $(command -v composer) install

	cd /opt/app-root/src/
	./update.sh
	cd /opt/app-root/src/roundcubemail

	# Adjust the configs

	sed -i -r \
	-e "s/'vlv'(\s+)=> false,/'vlv'\1=> true,/g" \
	-e "s/'vlv_search'(\s+)=> false,/'vlv_search'\1=> true,/g" \
	-e "s/inetOrgPerson/inetorgperson/g" \
	-e "s/kolabInetOrgPerson/inetorgperson/g" \
	config/*.inc.php

	-sed -i -r -e "s\|\$config\['enigma_pgp_homedir'\] = .*$\|\$config['enigma_pgp_homedir'] = '/tmp/';\|g" config/enigma.inc.php
	-sed -i -r -e "s\|\$config\['enigma_passwordless'\] = .*$\|\$config['enigma_passwordless'] = true;\|g" config/enigma.inc.php
	-sed -i -r -e "s\|\$config\['enigma_multihost'\] = .*$\|\$config['enigma_multihost'] = true;\|g" config/enigma.inc.php
	-echo "\$config['enigma_woat'] = true;" >> config/enigma.inc.php
	-
	sed -i -r -e "s\|\$config\['managesieve_host'\] = .*$\|\$config['managesieve_host'] = 'kolab';\|g" config/managesieve.inc.php

	popd

	# Set the php timezone
	sed -i -r -e 's\|^(;)date\.timezone.$\|date.timezone = Europe/Zurich\|g' /etc/php.ini
	# Allow environment variables from fpm
	sed -i -e "s/;clear_env/clear_env/" /etc/php-fpm.d/www.conf
	diff --git a/docker/roundcube/rootfs/opt/app-root/src/init.sh b/docker/roundcube/rootfs/opt/app-root/src/init.sh
	index 5706d143..a10c34ea 100755
	--- a/docker/roundcube/rootfs/opt/app-root/src/init.sh
	+++ b/docker/roundcube/rootfs/opt/app-root/src/init.sh
	@@ -1,69 +1,72 @@
	#!/bin/bash

	echo "Starting"
	set -e
	set -x

	+mkdir -p /data/pgp-home
	+chmod 777 /data/pgp-home
	+
	pushd /opt/app-root/src/
	pushd roundcubemail

	## Copy our configs over the default ones
	cp /opt/app-root/src/roundcubemail-config-templates/* config/

	DES_KEY=$(openssl rand -base64 24);
	sed -i -r -e "s\|\$config\['des_key'\] = .*$\|\$config['des_key'] = \"$DES_KEY\";\|g" config/config.inc.php

	# Initialize the db
	cat > /tmp/kolab-setup-my.cnf << EOF
	[client]
	host=${DB_HOST}
	user=root
	password=${DB_ROOT_PASSWORD}
	EOF

	mysql --defaults-file=/tmp/kolab-setup-my.cnf <<EOF
	CREATE DATABASE IF NOT EXISTS $DB_RC_DATABASE CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
	CREATE USER IF NOT EXISTS $DB_RC_USERNAME@'%' IDENTIFIED BY '$DB_RC_PASSWORD';
	ALTER USER $DB_RC_USERNAME@'%' IDENTIFIED BY '$DB_RC_PASSWORD';
	GRANT ALL PRIVILEGES ON $DB_RC_DATABASE.* TO $DB_RC_USERNAME@'%';
	FLUSH PRIVILEGES;
	EOF

	# Run roundcube and plugin database initializations
	echo "Initializing tables..."
	bin/initdb.sh --dir SQL/ \|\| :

	for plugin in $(find plugins -mindepth 1 -maxdepth 1 -type d \| sort); do
	if [ ! -z "$(find ${plugin} -type d -name SQL)" ]; then
	for dir in $(find plugins/$(basename ${plugin})/ -type d -name SQL); do
	# Skip plugins with multiple drivers and no kolab driver
	if [ ! -z "$(echo $dir \| grep driver)" ]; then
	if [ -z "$(echo $dir \| grep kolab)" ]; then
	continue
	fi
	fi

	bin/initdb.sh \
	--dir $dir \
	--package $(basename ${plugin}) \
	>/dev/null 2>&1 \|\| :
	done
	fi
	done

	popd

	roundcubemail/bin/initdb.sh --dir syncroton/docs/SQL/ \|\| :
	roundcubemail/bin/initdb.sh --dir chwala/doc/SQL/ \|\| :

	echo "Updating tables..."
	roundcubemail/bin/updatedb.sh --dir syncroton/docs/SQL/ --package syncroton \|\| :
	roundcubemail/bin/updatedb.sh --dir roundcubemail/SQL/ --package roundcube \|\| :
	roundcubemail/bin/updatedb.sh --dir roundcubemail/plugins/libkolab/SQL/ --package libkolab \|\| :
	roundcubemail/bin/updatedb.sh --dir roundcubemail/plugins/kolab-calendar/SQL/ --package calendar-kolab \|\| :

	echo ""
	echo "Done, starting httpd..."

	/usr/sbin/php-fpm
	exec httpd -DFOREGROUND
	diff --git a/docker/roundcube/rootfs/opt/app-root/src/roundcubemail-config-templates/enigma.inc.php b/docker/roundcube/rootfs/opt/app-root/src/roundcubemail-config-templates/enigma.inc.php
	new file mode 100644
	index 00000000..7accf1e4
	--- /dev/null
	+++ b/docker/roundcube/rootfs/opt/app-root/src/roundcubemail-config-templates/enigma.inc.php
	@@ -0,0 +1,71 @@
	+<?php
	+
	+ // Enigma Plugin options
	+ // --------------------
	+
	+ // A driver to use for PGP. Default: "gnupg".
	+ $config['enigma_pgp_driver'] = 'gnupg';
	+
	+ // A driver to use for S/MIME. Default: "phpssl".
	+ $config['enigma_smime_driver'] = 'phpssl';
	+
	+ $config['enigma_multihost'] = true;
	+
	+ // Enables logging of enigma operations (including Crypt_GPG debug info)
	+ $config['enigma_debug'] = false;
	+
	+ // Keys directory for all users. Default 'enigma/home'.
	+ // Must be writeable by PHP process
	+ $config['enigma_pgp_homedir'] = "/data/pgp-home";
	+
	+ // Location of gpg binary. By default it will be auto-detected.
	+ // This is also a way to force gpg2 use if there are both 1.x and 2.x on the system.
	+ $config['enigma_pgp_binary'] = '';
	+
	+ // Location of gpg-agent binary. By default it will be auto-detected.
	+ // It's used with GnuPG 2.x.
	+ $config['enigma_pgp_agent'] = '';
	+
	+ // Location of gpgconf binary. By default it will be auto-detected.
	+ // It's used with GnuPG >= 2.1.
	+ $config['enigma_pgp_gpgconf'] = '';
	+
	+ // Enables signatures verification feature.
	+ $config['enigma_signatures'] = true;
	+
	+ // Enables messages decryption feature.
	+ $config['enigma_decryption'] = true;
	+
	+ // Enables messages encryption and signing feature.
	+ $config['enigma_encryption'] = true;
	+
	+ // Enable signing all messages by default
	+ $config['enigma_sign_all'] = false;
	+
	+ // Enable encrypting all messages by default
	+ $config['enigma_encrypt_all'] = false;
	+
	+ // Enable attaching a public key to all messages by default
	+ $config['enigma_attach_pubkey'] = true;
	+
	+ // Default for how long to store private key passwords (in minutes).
	+ // When set to 0 passwords will be stored for the whole session.
	+ $config['enigma_password_time'] = 5;
	+
	+ // With this option you can lock composing options
	+ // of the plugin forcing the user to use configured settings.
	+ // The array accepts: 'sign', 'encrypt', 'pubkey'.
	+ //
	+ // For example, to force your users to sign every email,
	+ // you should set:
	+ // - enigma_sign_all = true
	+ // - enigma_options_lock = array('sign')
	+ // - dont_override = array('enigma_sign_all')
	+ $config['enigma_options_lock'] = array();
	+
	+ $config['enigma_passwordless'] = true;
	+ $config['enigma_woat'] = true;
	+
	+ if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] . '/' . basename(__FILE__))) {
	+ include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] . '/' . basename(__FILE__));
	+ }

File Metadata

Mime Type: text/x-diff
Expires: Sun, Apr 5, 10:32 PM (2 w, 3 d ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18831438
Default Alt Text: (16 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions