diff --git a/config.demo/docker-compose.override.yml b/config.demo/docker-compose.override.yml
index d31d5ce1..57d2728f 100644
--- a/config.demo/docker-compose.override.yml
+++ b/config.demo/docker-compose.override.yml
@@ -1,198 +1,200 @@
version: '3'
services:
roundcube:
environment:
- MAIL_HOST=postfix
- MAIL_PORT=10587
proxy:
depends_on:
imap:
condition: service_healthy
postfix:
condition: service_healthy
webapp:
condition: service_healthy
build:
context: ./docker/proxy/
healthcheck:
interval: 10s
test: "kill -0 $$(cat /run/nginx.pid)"
timeout: 5s
retries: 30
environment:
- APP_WEBSITE_DOMAIN=${APP_WEBSITE_DOMAIN:?err}
- SSL_CERTIFICATE=${PROXY_SSL_CERTIFICATE:?err}
- SSL_CERTIFICATE_KEY=${PROXY_SSL_CERTIFICATE_KEY:?err}
container_name: kolab-proxy
restart: on-failure
hostname: proxy
image: kolab-proxy
extra_hosts:
- "meet:${MEET_LISTENING_HOST}"
networks:
kolab:
ipv4_address: 172.18.0.7
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- ./docker/certs/:/etc/certs/:ro
- /etc/letsencrypt/:/etc/letsencrypt/:ro
ports:
# - "25:25"
# - "80:80"
- "443:443"
- "465:465"
- "587:587"
- "143:143"
- "993:993"
imap:
build:
context: ./docker/imap/
environment:
- APP_DOMAIN=${APP_DOMAIN}
- SERVICES_PORT=8000
- IMAP_ADMIN_LOGIN=${IMAP_ADMIN_LOGIN}
- IMAP_ADMIN_PASSWORD=${IMAP_ADMIN_PASSWORD}
- SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE:?"KOLAB_SSL_CERTIFICATE is missing"}
- SSL_CERTIFICATE_FULLCHAIN=${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?"KOLAB_SSL_CERTIFICATE_FULLCHAIN is missing"}
- SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY:?"KOLAB_SSL_CERTIFICATE_KEY is missing"}
healthcheck:
interval: 10s
test: "kill -0 1"
timeout: 5s
retries: 30
container_name: kolab-imap
restart: on-failure
hostname: imap
image: kolab-imap
networks:
kolab:
ipv4_address: 172.18.0.12
extra_hosts:
- "kolab.mgmt.com:127.0.0.1"
- "services.${APP_DOMAIN}:172.18.0.4"
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- ./docker/certs/:/etc/certs/:ro
- /etc/letsencrypt/:/etc/letsencrypt/:ro
- imap-spool:/var/spool/imap
- imap-lib:/var/lib/imap
ports:
- "11080:11080"
- "11143:11143"
- "11024:11024"
postfix:
build:
context: ./docker/postfix/
healthcheck:
interval: 10s
test: "kill -0 1"
timeout: 5s
retries: 30
environment:
- APP_DOMAIN=${APP_DOMAIN}
- SERVICES_PORT=8000
- DB_HOST=mariadb
- DB_USERNAME=${DB_USERNAME}
- DB_PASSWORD=${DB_PASSWORD}
- DB_DATABASE=${DB_DATABASE}
- LMTP_DESTINATION=imap:11024
- SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE:?"KOLAB_SSL_CERTIFICATE is missing"}
- SSL_CERTIFICATE_FULLCHAIN=${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?"KOLAB_SSL_CERTIFICATE_FULLCHAIN is missing"}
- SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY:?"KOLAB_SSL_CERTIFICATE_KEY is missing"}
container_name: kolab-postfix
restart: on-failure
hostname: postfix
image: kolab-postfix
networks:
kolab:
ipv4_address: 172.18.0.13
extra_hosts:
- "kolab.mgmt.com:127.0.0.1"
- "services.${APP_DOMAIN}:172.18.0.4"
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- ./docker/certs/:/etc/certs/:ro
- /etc/letsencrypt/:/etc/letsencrypt/:ro
- postfix-spool:/var/spool/postfix
- postfix-lib:/var/lib/postfix
ports:
- "10587:10587"
- "10025:10025"
amavis:
build:
context: ./docker/amavis/
# healthcheck:
# interval: 10s
# test: "$(echo | nc 127.0.0.1 10024) | grep "220""
# timeout: 5s
# retries: 30
environment:
- APP_DOMAIN=${APP_DOMAIN}
- DB_HOST=mariadb
- DB_USERNAME=${DB_USERNAME}
- DB_PASSWORD=${DB_PASSWORD}
- DB_DATABASE=${DB_DATABASE}
container_name: kolab-amavis
restart: on-failure
hostname: amavis
image: kolab-amavis
networks:
kolab:
ipv4_address: 172.18.0.15
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
#Volumes for clamav and spamassassin?
# volumes:
# - postfix-spool:/var/spool/postfix
# - postfix-lib:/var/lib/postfix
ports:
- "13024:13024"
collabora:
build:
context: ./docker/collabora/
args:
REPOSITORY: "https://www.collaboraoffice.com/repos/CollaboraOnline/23.05/customer-rpm-Kolab-7537e68e8a07cf290a8c6cfcf4205db05b560582/"
# healthcheck:
# interval: 10s
# test: "$(echo | nc 127.0.0.1 10024) | grep "220""
# timeout: 5s
# retries: 30
container_name: kolab-collabora
restart: on-failure
hostname: collabora
image: kolab-collabora
+ environment:
+ - ALLOWED_HOSTS=${APP_DOMAIN}
networks:
kolab:
ipv4_address: 172.18.0.17
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
# ports:
# - "13024:13024"
volumes:
postfix-spool:
postfix-lib:
imap-spool:
imap-lib:
diff --git a/docker/collabora/Dockerfile b/docker/collabora/Dockerfile
index d2389fa7..7ecf369d 100644
--- a/docker/collabora/Dockerfile
+++ b/docker/collabora/Dockerfile
@@ -1,67 +1,70 @@
FROM almalinux:8
LABEL maintainer="contact@apheleia-it.ch"
LABEL dist=centos8
LABEL tier=${TIER}
ENV DISTRO=centos8
ENV LANG=en_US.utf8
ENV LC_ALL=en_US.utf8
# Add EPEL.
RUN dnf -y install dnf-plugin-config-manager && \
dnf config-manager --set-enabled powertools && \
dnf -y install epel-release && \
dnf -y install iputils vim-enhanced bind-utils && \
dnf clean all
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
ARG REPOSITORY
RUN id cool || (groupadd -g 1001 cool && useradd -d /opt/cool/ -u 1001 -g 1001 cool)
RUN rpm --import "$REPOSITORY/repodata/repomd.xml.key" && \
dnf config-manager --add-repo "$REPOSITORY" && \
dnf -y --setopt tsflags= install \
openssl \
xmlstarlet \
collabora-online-brand \
coolwsd \
collaboraoffice-dict-de \
collaboraofficebasis-de \
collaboraoffice-dict-en \
collaboraofficebasis-en-GB \
collaboraoffice-dict-es \
collaboraofficebasis-es \
collaboraoffice-dict-fr \
collaboraofficebasis-fr \
collaboraoffice-dict-it \
collaboraofficebasis-it \
collaboraoffice-dict-nl \
collaboraofficebasis-nl \
collaboraoffice-dict-pt-BR \
collaboraofficebasis-pt-BR \
collaboraoffice-dict-pt-PT \
collaboraofficebasis-pt \
collaboraoffice-dict-ru \
collaboraofficebasis-ru && \
dnf clean all
RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || :
RUN setcap cap_fowner,cap_chown,cap_mknod,cap_sys_chroot=ep /usr/bin/coolforkit && \
setcap cap_sys_admin=ep /usr/bin/coolmount
WORKDIR /opt/cool/
ADD init.sh /init.sh
ADD coolwsd.xml /etc/coolwsd/coolwsd.xml
RUN chown -R 1001:0 /etc/coolwsd /opt/ && \
chmod -R g=u /etc/coolwsd /opt/
USER 1001
+#Space separated list of hosts (where the service is running)
+ENV ALLOWED_HOSTS="\.\*"
+
CMD ["/init.sh"]
EXPOSE 9980
diff --git a/docker/collabora/coolwsd.xml b/docker/collabora/coolwsd.xml
index 69e766fc..a9565395 100644
--- a/docker/collabora/coolwsd.xml
+++ b/docker/collabora/coolwsd.xml
@@ -1,303 +1,301 @@
false
de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru
false
false
1
4
5
false
96
3600
30
300
false
0
8000
0
0
100
5
100
500
5000
10000
60
300
3072
85
120
true
120
900
true
warning
trace
notice
fatal
false
-INFO-WARN
/var/log/coolwsd.log
never
timestamp
true
10 days
10
true
false
false
82589933
false
false
/var/log/coolwsd.trace.json
false
false
all
any
192\.168\.[0-9]{1,3}\.[0-9]{1,3}
::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}
127\.0\.0\.1
::ffff:127\.0\.0\.1
::1
172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}
::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}
172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}
::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}
172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}
::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}
10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
false
true
/etc/coolwsd/cert.pem
/etc/coolwsd/key.pem
/etc/coolwsd/ca-chain.cert.pem
1000
false
31536000
true
true
1800
false
1
false
false
default
true
0
900
-
-
- .*
-
+
+ ALLOWED_HOSTS_GROUPS
true
false
false
true
true
true
true
false
false
log
localhost
10\.0-9{1,3}\.0-9{1,3}\.0-9{1,3}
172\.301\.0-9{1,3}\.0-9{1,3}
false
.uno:DataDataPilotRun .uno:RecalcPivotTable .uno:DeletePivotTable .uno:SamplingDialog .uno:DescriptiveStatisticsDialog .uno:AnalysisOfVarianceDialog .uno:CorrelationDialog .uno:CovarianceDialog .uno:ExponentialSmoothingDialog .uno:MovingAverageDialog .uno:RegressionDialog .uno:TTestDialog .uno:FTestDialog .uno:ZTestDialog .uno:ChiSquareTestDialog .uno:FourierAnalysisDialog .uno:Validation .uno:DataFilterSpecialFilter .uno:TrackChanges .uno:AcceptTrackedChanges .uno:InsertReferenceField .uno:Watermark .uno:InsertIndexesEntry .uno:InsertMultiIndex .uno:SlideMasterPage exportepub downloadas-rtf masterslidebutton
Unlock your potential
https://www.collaboraoffice.com/subscriptions/
Head over to the details page and discover all the features:
Review and write with ease
Get a better picture of your data
Nail your next presentation
Draw and get organized
true
https://help.collaboraoffice.com/help.html?
true
diff --git a/docker/collabora/init.sh b/docker/collabora/init.sh
index 04016b43..6b289e32 100755
--- a/docker/collabora/init.sh
+++ b/docker/collabora/init.sh
@@ -1,25 +1,31 @@
#!/bin/sh
+GROUPSSTRING=""
+for HOST in $ALLOWED_HOSTS; do
+ GROUPSSTRING="$GROUPSSTRING$HOST\n"
+done
+
+sed -i -e "s|ALLOWED_HOSTS_GROUPS|$GROUPSSTRING|" /etc/coolwsd/coolwsd.xml
+
mkdir -p /tmp/ssl/
pushd /tmp/ssl/
mkdir -p certs/ca
openssl rand -writerand /opt/cool/.rnd
openssl genrsa -out certs/ca/root.key.pem 2048
openssl req -x509 -new -nodes -key certs/ca/root.key.pem -days 9131 -out certs/ca/root.crt.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=Dummy Authority"
-mkdir -p certs/servers
mkdir -p certs/tmp
mkdir -p certs/servers/localhost
openssl genrsa -out certs/servers/localhost/privkey.pem 2048
if test "${cert_domain-set}" = set; then
-openssl req -key certs/servers/localhost/privkey.pem -new -sha256 -out certs/tmp/localhost.csr.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost"
+ openssl req -key certs/servers/localhost/privkey.pem -new -sha256 -out certs/tmp/localhost.csr.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=localhost"
else
-openssl req -key certs/servers/localhost/privkey.pem -new -sha256 -out certs/tmp/localhost.csr.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=${cert_domain}"
+ openssl req -key certs/servers/localhost/privkey.pem -new -sha256 -out certs/tmp/localhost.csr.pem -subj "/C=DE/ST=BW/L=Stuttgart/O=Dummy Authority/CN=${cert_domain}"
fi
openssl x509 -req -in certs/tmp/localhost.csr.pem -CA certs/ca/root.crt.pem -CAkey certs/ca/root.key.pem -CAcreateserial -out certs/servers/localhost/cert.pem -days 9131
mv -f certs/servers/localhost/privkey.pem /etc/coolwsd/key.pem
mv -f certs/servers/localhost/cert.pem /etc/coolwsd/cert.pem
mv -f certs/ca/root.crt.pem /etc/coolwsd/ca-chain.cert.pem
popd
exec /usr/bin/coolwsd --version --o:sys_template_path=/opt/cool/systemplate --o:child_root_path=/opt/cool/child-roots --o:file_server_root_path=/usr/share/coolwsd --o:logging.color=false --o:stop_on_config_change=true