diff --git a/config.demo/docker-compose.override.yml b/config.demo/docker-compose.override.yml index d8ea83ec..c6311c4a 100644 --- a/config.demo/docker-compose.override.yml +++ b/config.demo/docker-compose.override.yml @@ -1,204 +1,205 @@ version: '3' services: roundcube: environment: - MAIL_HOST=postfix - MAIL_PORT=10587 - FILEAPI_WOPI_OFFICE=https://kolab.local - CALENDAR_CALDAV_SERVER=http://imap:11080/dav - KOLAB_ADDRESSBOOK_CARDDAV_SERVER=http://imap:11080/dav proxy: depends_on: imap: condition: service_healthy postfix: condition: service_healthy webapp: condition: service_healthy build: context: ./docker/proxy/ healthcheck: interval: 10s test: "kill -0 $$(cat /run/nginx.pid)" timeout: 5s retries: 30 environment: - APP_WEBSITE_DOMAIN=${APP_WEBSITE_DOMAIN:?err} - SSL_CERTIFICATE=${PROXY_SSL_CERTIFICATE:?err} - SSL_CERTIFICATE_KEY=${PROXY_SSL_CERTIFICATE_KEY:?err} container_name: kolab-proxy restart: on-failure hostname: proxy image: kolab-proxy extra_hosts: - "meet:${MEET_LISTENING_HOST}" networks: kolab: ipv4_address: 172.18.0.7 tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: - ./docker/certs/:/etc/certs/:ro - /etc/letsencrypt/:/etc/letsencrypt/:ro ports: # - "25:25" # - "80:80" - "443:6443" - "465:6465" - "587:6587" - "143:6143" - "993:6993" imap: build: context: ./docker/imap/ environment: - APP_SERVICES_DOMAIN=services.${APP_DOMAIN} - SERVICES_PORT=8000 - IMAP_ADMIN_LOGIN=${IMAP_ADMIN_LOGIN} - IMAP_ADMIN_PASSWORD=${IMAP_ADMIN_PASSWORD} - SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE:?"KOLAB_SSL_CERTIFICATE is missing"} - SSL_CERTIFICATE_FULLCHAIN=${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?"KOLAB_SSL_CERTIFICATE_FULLCHAIN is missing"} - SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY:?"KOLAB_SSL_CERTIFICATE_KEY is missing"} healthcheck: interval: 10s test: "test -e /run/saslauthd/mux && kill -0 $$(cat /var/run/master.pid)" timeout: 5s retries: 30 container_name: kolab-imap restart: on-failure hostname: imap image: kolab-imap networks: kolab: ipv4_address: 172.18.0.12 extra_hosts: - "kolab.mgmt.com:127.0.0.1" - "services.${APP_DOMAIN}:172.18.0.4" tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: - ./docker/certs/:/etc/certs/:ro - /etc/letsencrypt/:/etc/letsencrypt/:ro - imap-spool:/var/spool/imap - imap-lib:/var/lib/imap + - ./ext/:/src.orig/:ro ports: - "11080:11080" - "11143:11143" - "11024:11024" postfix: build: context: ./docker/postfix/ healthcheck: interval: 10s test: "test -e /run/saslauthd/mux && kill -0 $$(cat /var/spool/postfix/pid/master.pid)" timeout: 5s retries: 30 environment: - APP_SERVICES_DOMAIN=services.${APP_DOMAIN} - APP_DOMAIN=${APP_DOMAIN} - SERVICES_PORT=8000 - DB_HOST=mariadb - DB_USERNAME=${DB_USERNAME} - DB_PASSWORD=${DB_PASSWORD} - DB_DATABASE=${DB_DATABASE} - LMTP_DESTINATION=imap:11024 - SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE:?"KOLAB_SSL_CERTIFICATE is missing"} - SSL_CERTIFICATE_FULLCHAIN=${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?"KOLAB_SSL_CERTIFICATE_FULLCHAIN is missing"} - SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY:?"KOLAB_SSL_CERTIFICATE_KEY is missing"} container_name: kolab-postfix restart: on-failure hostname: postfix image: kolab-postfix networks: kolab: ipv4_address: 172.18.0.13 extra_hosts: - "kolab.mgmt.com:127.0.0.1" - "services.${APP_DOMAIN}:172.18.0.4" tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: - ./docker/certs/:/etc/certs/:ro - /etc/letsencrypt/:/etc/letsencrypt/:ro - postfix-spool:/var/spool/postfix - postfix-lib:/var/lib/postfix ports: - "10587:10587" - "10025:10025" amavis: build: context: ./docker/amavis/ # healthcheck: # interval: 10s # test: "$(echo | nc 127.0.0.1 10024) | grep "220"" # timeout: 5s # retries: 30 environment: - APP_DOMAIN=${APP_DOMAIN} - DB_HOST=mariadb - DB_USERNAME=${DB_USERNAME} - DB_PASSWORD=${DB_PASSWORD} - DB_DATABASE=${DB_DATABASE} container_name: kolab-amavis restart: on-failure hostname: amavis image: kolab-amavis networks: kolab: ipv4_address: 172.18.0.15 tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true #Volumes for clamav and spamassassin? # volumes: # - postfix-spool:/var/spool/postfix # - postfix-lib:/var/lib/postfix ports: - "13024:13024" collabora: build: context: ./docker/collabora/ args: REPOSITORY: "https://www.collaboraoffice.com/repos/CollaboraOnline/23.05/customer-rpm-Kolab-7537e68e8a07cf290a8c6cfcf4205db05b560582/" # healthcheck: # interval: 10s # test: "$(echo | nc 127.0.0.1 10024) | grep "220"" # timeout: 5s # retries: 30 container_name: kolab-collabora restart: on-failure hostname: collabora image: kolab-collabora environment: - ALLOWED_HOSTS=${APP_DOMAIN} extra_hosts: - "${APP_DOMAIN}:172.18.0.7" networks: kolab: ipv4_address: 172.18.0.17 tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: postfix-spool: postfix-lib: imap-spool: imap-lib: diff --git a/docker/imap/Dockerfile b/docker/imap/Dockerfile index d6e204ba..40399b0f 100644 --- a/docker/imap/Dockerfile +++ b/docker/imap/Dockerfile @@ -1,44 +1,41 @@ FROM apheleia/almalinux8 WORKDIR /root/ RUN dnf -y group install "Development Tools" && \ - dnf -y install git autoconf automake bison cyrus-sasl-devel flex gcc gperf jansson-devel libbsd-devel libtool libicu-devel libuuid-devel openssl-devel pkgconfig sqlite-devel brotli-devel libical-devel libxml2-devel libnghttp2-devel shapelib zlib-devel pcre-devel perl-devel cyrus-imapd cyrus-sasl cyrus-sasl-plain && \ + dnf -y install git autoconf automake bison cyrus-sasl-devel flex gcc gperf jansson-devel libbsd-devel libtool libicu-devel libuuid-devel openssl-devel pkgconfig sqlite-devel brotli-devel libical-devel libxml2-devel libnghttp2-devel shapelib zlib-devel pcre-devel perl-devel cyrus-imapd cyrus-sasl cyrus-sasl-plain rsync && \ dnf clean all ARG GIT_REF=dev/mollekopf ARG GIT_REMOTE=https://git.kolab.org/source/cyrus-imapd ADD build.sh /build.sh RUN /build.sh -COPY cyrus.conf /etc/cyrus.conf -COPY imapd.conf /etc/imapd.conf -COPY imapd.annotations.conf /etc/imapd.annotations.conf -COPY saslauthd.conf /etc/saslauthd.conf - -ADD init.sh /init.sh +COPY /rootfs / VOLUME [ "/var/spool/imap" ] VOLUME [ "/var/lib/imap" ] -RUN id default || (groupadd -g 1001 default && useradd -u 1001 -g 1001 default) +RUN id default || (groupadd -g 1001 default && useradd -d /opt/app-root/ -u 1001 -g 1001 default) -RUN PATHS=(/run /run/saslauthd /var/run /var/lib/imap /var/spool/imap /etc/pki/cyrus-imapd) && \ +RUN mkdir -p /opt/app-root/src +RUN PATHS=(/run /run/saslauthd /var/run /var/lib/imap /var/spool/imap /etc/pki/cyrus-imapd /opt/app-root/src /usr /usr/lib64 /usr/bin /usr/sbin) && \ mkdir -p ${PATHS[@]} && \ chmod 777 ${PATHS[@]} && \ chown -R 1001:0 ${PATHS[@]} && \ chmod -R g=u ${PATHS[@]} RUN PATHS=(/etc /etc/passwd /etc/saslauthd.conf /etc/cyrus.conf /etc/imapd.conf) && \ chown 1001:0 ${PATHS[@]} && \ chmod g=u ${PATHS[@]} USER 1001 +WORKDIR /opt/app-root/src ENV SERVICES_PORT=8000 # ENV APP_SERVICES_DOMAIN CMD ["/init.sh"] EXPOSE 11143/tcp 11993/tcp 11080/tcp 11443/tcp 11024/tcp 4190/tcp diff --git a/docker/imap/kolab.hosted.com.cert b/docker/imap/kolab.hosted.com.cert deleted file mode 100644 index 8f8a52a2..00000000 --- a/docker/imap/kolab.hosted.com.cert +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE8jCCAtqgAwIBAgIUPetq90+aimhTrG2eRliFXaWLW14wDQYJKoZIhvcNAQEL -BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMjA5MzAxNTA2MzRaFw0yMjEw -MjgxNTA2MzRaMDAxEzARBgNVBAoMCkV4YW1wbGUgQ0ExGTAXBgNVBAMMEGtvbGFi -Lmhvc3RlZC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxL844 -iQMUTX43YWQ+U/eDgc5z0kMIFfPayhkL5UFgmefZ8zwii5EwK7KuLd0NK4qFKJOF -RRkphLWAYuhEem7jfbRqrxcKuZdyY67pEWIlVe/9ha9RaAa2ET9utyredFk5MwgQ -ujQA37cpeKRFZQ96YFhZtGGH17x+sbeZQfUQ6Qwoxdc4ZDFj1tQ4WCghTHSlRII4 -VKEA6PRyBBjUyYLrCjyBVijiqV6zb+/5biHxb5ChtDceD+gtAWrGRpQHs2WsSH1M -s7FbT8S2sXT5bg1BNZZRSrcLmLaD62GOmbxiG1V3qU+iJ311FwsUVo6xMfuKmcPI -5X5BC2atQe1zWRzfyM076z+6vBsUjie9skz81CY841PKgx/6VPeCpETYv2kaYqdS -6ASdVVKv/UFU2TAbwUppo2rD10gPaVH4thTDOH68Z5wV5yTeWSJzn7Kqj8ILLQ6c -EPWr1vXqXDnir0bFDhpprqwMkDxbZ2NkVI9gIOsZcEIyvJV5/9pjTdbKWPCUrBDX -iJAlyTx95M/B9UK9h98ZixnpOcDGY2gNhGiWSGANlXnhfIrpra03ov2GXmFnzSez -3mH5vqvufRZvEcBmDW/VUdVADh2bm6UVHAfrjSrlrnSIEPRMplyWJ0VwyG7UUsjp -k81Q1PU/WSmkMyo5an/pwvxXYTjAOm+CVhR1kwIDAQABox8wHTAbBgNVHREEFDAS -ghBrb2xhYi5ob3N0ZWQuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBSA4QSLZMaDq0f -rnc/nEAKZrHz0UTMqZLY+dlKn6TRqIlNrSa1VV3koPnyF1VxU/3JVJsoqiDJ4f5B -jSPoURUUGLc5/fpUuZfXyOrpjlSAmLFhEZMZi98XSJeB4kt7/s+Fs851OteKQZq2 -8TQPlfTc69FIpgypUYI7Nf6fQY2mf92RoFVRlBu0NR41wt0xrfTVU29tv4EDFQNA -Z+1yPfQt6NjwzILPnHBivyUFG8JIxsuXWUiPQ04qv34iq16jyquhK3EQ7ylCnmrO -6Yd+bROj5VwblcF+hBl28Jcpr2q8/pSv1GtkU+Yw0yFjqYqXAmtZoJYapITY0CDs -kP+XEbHNMkxz0SC7ua2BMRtbPRjAqNkU9V8tZJla+HiVUL1bJHHPtrrJ27e6Nbv+ -2QpW8zqD/EmIAjMBFr0v/VlE4mlm7G6bOOiIppkpe9ZSvBoKCpCPoIyYgflOzkr5 -Myl8p7mAN8CeXgyzOwVFVaYjhGVDBxArcFAwhwdj7RJLHnIholbWEUGGak8yJjGj -RayqSQZxUa1fTqsQwtjOnhFpnl4wsKIDq/6BavUxrcKJdJOz44KDS61l7i5YAYbl -FRr9kUFaw9sZqx0EQI+cbeDdBrdh7XsMTNQ17SZrb6Ck5KqUZ7SYUIKHWvudQlpd -GYjxjUbNtebeeSMAdS7C3FtwBFIxhw== ------END CERTIFICATE----- diff --git a/docker/imap/kolab.hosted.com.chain.pem b/docker/imap/kolab.hosted.com.chain.pem deleted file mode 100644 index 13e8193d..00000000 --- a/docker/imap/kolab.hosted.com.chain.pem +++ /dev/null @@ -1,58 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIE8jCCAtqgAwIBAgIUPetq90+aimhTrG2eRliFXaWLW14wDQYJKoZIhvcNAQEL -BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMjA5MzAxNTA2MzRaFw0yMjEw -MjgxNTA2MzRaMDAxEzARBgNVBAoMCkV4YW1wbGUgQ0ExGTAXBgNVBAMMEGtvbGFi -Lmhvc3RlZC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxL844 -iQMUTX43YWQ+U/eDgc5z0kMIFfPayhkL5UFgmefZ8zwii5EwK7KuLd0NK4qFKJOF -RRkphLWAYuhEem7jfbRqrxcKuZdyY67pEWIlVe/9ha9RaAa2ET9utyredFk5MwgQ -ujQA37cpeKRFZQ96YFhZtGGH17x+sbeZQfUQ6Qwoxdc4ZDFj1tQ4WCghTHSlRII4 -VKEA6PRyBBjUyYLrCjyBVijiqV6zb+/5biHxb5ChtDceD+gtAWrGRpQHs2WsSH1M -s7FbT8S2sXT5bg1BNZZRSrcLmLaD62GOmbxiG1V3qU+iJ311FwsUVo6xMfuKmcPI -5X5BC2atQe1zWRzfyM076z+6vBsUjie9skz81CY841PKgx/6VPeCpETYv2kaYqdS -6ASdVVKv/UFU2TAbwUppo2rD10gPaVH4thTDOH68Z5wV5yTeWSJzn7Kqj8ILLQ6c -EPWr1vXqXDnir0bFDhpprqwMkDxbZ2NkVI9gIOsZcEIyvJV5/9pjTdbKWPCUrBDX -iJAlyTx95M/B9UK9h98ZixnpOcDGY2gNhGiWSGANlXnhfIrpra03ov2GXmFnzSez -3mH5vqvufRZvEcBmDW/VUdVADh2bm6UVHAfrjSrlrnSIEPRMplyWJ0VwyG7UUsjp -k81Q1PU/WSmkMyo5an/pwvxXYTjAOm+CVhR1kwIDAQABox8wHTAbBgNVHREEFDAS -ghBrb2xhYi5ob3N0ZWQuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQBSA4QSLZMaDq0f -rnc/nEAKZrHz0UTMqZLY+dlKn6TRqIlNrSa1VV3koPnyF1VxU/3JVJsoqiDJ4f5B -jSPoURUUGLc5/fpUuZfXyOrpjlSAmLFhEZMZi98XSJeB4kt7/s+Fs851OteKQZq2 -8TQPlfTc69FIpgypUYI7Nf6fQY2mf92RoFVRlBu0NR41wt0xrfTVU29tv4EDFQNA -Z+1yPfQt6NjwzILPnHBivyUFG8JIxsuXWUiPQ04qv34iq16jyquhK3EQ7ylCnmrO -6Yd+bROj5VwblcF+hBl28Jcpr2q8/pSv1GtkU+Yw0yFjqYqXAmtZoJYapITY0CDs -kP+XEbHNMkxz0SC7ua2BMRtbPRjAqNkU9V8tZJla+HiVUL1bJHHPtrrJ27e6Nbv+ -2QpW8zqD/EmIAjMBFr0v/VlE4mlm7G6bOOiIppkpe9ZSvBoKCpCPoIyYgflOzkr5 -Myl8p7mAN8CeXgyzOwVFVaYjhGVDBxArcFAwhwdj7RJLHnIholbWEUGGak8yJjGj -RayqSQZxUa1fTqsQwtjOnhFpnl4wsKIDq/6BavUxrcKJdJOz44KDS61l7i5YAYbl -FRr9kUFaw9sZqx0EQI+cbeDdBrdh7XsMTNQ17SZrb6Ck5KqUZ7SYUIKHWvudQlpd -GYjxjUbNtebeeSMAdS7C3FtwBFIxhw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFCzCCAvOgAwIBAgIUEvYwMxnGZGbpNdlgadZ/BTZhQaswDQYJKoZIhvcNAQEL -BQAwFTETMBEGA1UECgwKRXhhbXBsZSBDQTAeFw0yMDEyMjkxODU0MDdaFw0zMDEy -MjcxODU0MDdaMBUxEzARBgNVBAoMCkV4YW1wbGUgQ0EwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDHK/c0eG4e1/cAIHmfPKQkt3p+P2+nsXypGEKTNoHj -77vUZzuyafnO+dSW3pHVw1UV1T28a+SWdpC2DCSxD/2JQ0upybilZVRWTuL6AZjC -iIV2yyd662H39/IJz3aQuHMwbgRM4ISzoODqUMWcAUhIYEJcXwG8FYDAhgNbW1sq -DTnnpJmeD87F8mZS4cOz+dZ1bcAkaqGNye4oLjlnkvRmsUMnHeLMhS0I7R0aeca1 -xq/8CnZApnUrHHYiVPhEZqz78/lUlNIb2Gu5U0buhGoQDpeLHpeJmTdFOxtHXic4 -pGczJiEPgpPMECCiPQu6kmerm6/85v10jQNwcQZOvYbpKrow26RRyPV92QfLY5uS -Cnxq51cjefXcRNAs47rBSsJ3ZnLJcTF1BpD69ckPUDobg7vNGwtpMtmi+xyCOxYb -M03v4GyCvEXIQHm6oafcu6yoGPRGH9eR7qrrYA9+laMZFuKhdXxcXPXUgQufL6U6 -cnGIG+31wFYMn2wKufYy+3or73zE45Hzo/lBStI/U6Mkn5jBEsOErNZlAD0zt8Pa -Jw6szEK2r9IXeuv++S4ASxduOZJVQo0NIwjt3AvP/J7TenJ52FawBKM5Qx8UsC/s -cqk0SlLYRCK98dFRc5GEYVXH9WgFeJqVz/Syc73WDzrspF0G0xKIyCst80pQvAlH -wwIDAQABo1MwUTAdBgNVHQ4EFgQUDKT/J+566qUX9mufxvdWiG6o24IwHwYDVR0j -BBgwFoAUDKT/J+566qUX9mufxvdWiG6o24IwDwYDVR0TAQH/BAUwAwEB/zANBgkq -hkiG9w0BAQsFAAOCAgEAaJ+oOp8rHoIEt5qCuoNKb/VlR8sX7YpzfqLb+6W0QoKP -KQjHMVi2z+uwMPjCjJSSm0AYVVVAWcWI/kIW7WJ9vaFQVuutWLF00xL/yYgFcG25 -3qML8BBncHanD6EXanRXoPE/aLXnEgOHYNhg/z94hQ2JNn97UpECbzzQBqPHTC8C -CcmZXM6slYYqoylZIOqU28d7Xo6ElJEQ7AxObwMaCUXid5rUceDwZSi+9OG49kmE -Q9MNZ+d4WSnarZLHAEQh/4bdBVUln5h4l2fqQrQLDMUj2oXPwRxXk57AW+zLFtrS -lC552wbWza6IIf8SJZDy8q47/WfKD1YDmy0NfFZxEf+ZG/7zh5fjm1qlKVoAjxI9 -quG+wK27rhMn6Ddo/DDpQ7+VaszZP+TZol5Hifda3cOPoTpoA/n77L/iVynGXtD8 -dhfAfVqRWhR3JgrQWmOyJ2SAc6Z1Ao68qBG+q9HXdIPjKS3Pj/EexMMVL0Qfbtfz -y26ZSlgQPSc9qmKcAYb9babzdf8ioq0f0UheM4QW0g4u5/TNpa+QcSCmdp5GfqMb -eeCXzExsrvcCUp0bPiXwLYCLYTZNgYW2wMsQVJDmlZuTTWikEcPG6QJYgMUPGyCH -UsAua3te00Dj9ikR8bMaXJc9ZEFPZzLyz1IbDyiRfBLVCKX+dH3VXQ7l0BnBmB8= ------END CERTIFICATE----- diff --git a/docker/imap/kolab.hosted.com.key b/docker/imap/kolab.hosted.com.key deleted file mode 100644 index 3dcac097..00000000 --- a/docker/imap/kolab.hosted.com.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEAsS/OOIkDFE1+N2FkPlP3g4HOc9JDCBXz2soZC+VBYJnn2fM8 -IouRMCuyri3dDSuKhSiThUUZKYS1gGLoRHpu4320aq8XCrmXcmOu6RFiJVXv/YWv -UWgGthE/brcq3nRZOTMIELo0AN+3KXikRWUPemBYWbRhh9e8frG3mUH1EOkMKMXX -OGQxY9bUOFgoIUx0pUSCOFShAOj0cgQY1MmC6wo8gVYo4qles2/v+W4h8W+QobQ3 -Hg/oLQFqxkaUB7NlrEh9TLOxW0/EtrF0+W4NQTWWUUq3C5i2g+thjpm8YhtVd6lP -oid9dRcLFFaOsTH7ipnDyOV+QQtmrUHtc1kc38jNO+s/urwbFI4nvbJM/NQmPONT -yoMf+lT3gqRE2L9pGmKnUugEnVVSr/1BVNkwG8FKaaNqw9dID2lR+LYUwzh+vGec -Feck3lkic5+yqo/CCy0OnBD1q9b16lw54q9GxQ4aaa6sDJA8W2djZFSPYCDrGXBC -MryVef/aY03WyljwlKwQ14iQJck8feTPwfVCvYffGYsZ6TnAxmNoDYRolkhgDZV5 -4XyK6a2tN6L9hl5hZ80ns95h+b6r7n0WbxHAZg1v1VHVQA4dm5ulFRwH640q5a50 -iBD0TKZclidFcMhu1FLI6ZPNUNT1P1kppDMqOWp/6cL8V2E4wDpvglYUdZMCAwEA -AQKCAgACxLx0Ja/moU9Xji4Cy00SwPR42tAxUCZ/RKkfhnV/DOiSfzpxT7z1A7nG -/vB1RDjl27xyWKIMBAbR+rmmWENjSpOHFzVE9aFoKCaTfbIK40zcqToUC4wPTDWx -hSsmTqsWObXmjQJDATvbagcnDm0vfFHlFOxxMu2/DQfRXTZ3DS0jdfPm7anX5YNr -XfVCj+9Cpc9jEe9yFDG9llLNAFkLUx2e57m70Omp5BXbz9y36QZZgHdcAOOf0GXa -sz+c3zC3gGp0yFn9E0H/mMY7H30Vh8DRhFlX1QsFBKiBkeVfow2y0PJtljBfo/yI -VNHl8uH7SGvGt89BNOxlyKHtK3dIASx3z2E+hJMHIVrxReJS1ySf+cnhfONkCx6g -R+HcvD9dMyJtpyrTQmFsVaYBXWoJMYoRuEbXtYT7JwA2PWPcSr66J8S3WrkbbrWW -pI8gHofJrz63AJ7l3Da/90hNCrqd6AzlLmaK3q2Ev2Fd0sLrQ6a3fnZDyyLZwUyv -0IHwR1lnzLUHGh4QevMTOmU3aqUYt+dCXSG8uD9U3N0SFTpAE5q/AcQJciqxcdqW -J0kWfwVHA7OQIgGFdCk9ZbL/uOrUQ+3yPBJwbYaHk9GXkEekolEmbg2ZcUJ1fql+ -vX2prJkb7Zy4F5CiI5hBaI/VS5Fb3ysCqT+lExsMJXsbN+BgAQKCAQEA6QnAWhfT -gHMgoaPlDweDMKf3mNxhKXgACEopOo/yfZhCoSF1rwGA3c/1m4afFZzVT94m0XUt -/pJkQVCFmGapBVqfUUQZ15VVA6D0pOTs6LoryIUgkRm3H+wQl/IRWXm4iZU/Jx8z -5WSf6EX2l/DAv8SMGUOC3+HeIrJB5Vlew0JTBjeFTNNVkS7pJHDh3g68RsVn3OhA -k0koDZiZqsDiE3/m9c2CQ9rrSM2o9g2w2zsr5Zbn5JW1xYqdttJFnAdoj8E+SCaK -2uzvQ4JlIbMLT+QZxF/fjfcPZ0BxeAmQ74Y3tCrVjwE1zd/o0p8H6/IfNAPxCrUg -PvtqApI7kslNdwKCAQEAwqU8muRtx0UG0/8wbl9LRaB9sACXqG++rAJ/ySu+usp7 -IZ2q0uSBKlcMnST06LmfjJtyO9GWwYmAKSojtyeujGLjdqA0M3H/YUAocVySPQ3R -om/rqmJV7+LOQja8k+Lj2dHbtJ6HXL7gRZYgtG8dvKfEC44fgwpi04vaHA05Q0J4 -HqRecnIp9yoJYkJsIBMqARsglSsyJ3RXSVO3RpJgvit/fumRq6cXQd2ONSBjfDS5 -qOvWlWJmjXTtCirOexWxzSEMiIOVNXNlwdfXgoelv9ScHRLIzAOM91zK8CIVSDZ6 -8HSm8p2t+HwWUjslbY4+FMODp7OicjWGFg0aBGUvxQKCAQB5EoDmDdTrumSsthru -mQeWwt2HhI/SXK8fn3AWJe1lRTLwxhJ/TvelxkKjf+is8ON+cDuYvRmdVm9R48TU -7hlIV9HIBeqrL8GQdhJEjU9shjTzI/9Mg6C5rAre9nv/EZdHm8vIxpROzN2rbpX0 -ULfDqhjjk0iuiom/Wv+TacArEA1UgIn35SBioo2sSh1/Iga9ehhBFEVggDSYA71q -knWijePvtsrD+DwfggITe/9zlyVyTdnCz+k1bZQNBOf3bX3smgiCscuYfFq+p0Nl -o8Dvy+F7PhhGiKJvEXMiW036s6/DIjH77zQF9xveOZODCTMe8iFMX9gWAMcN+O2M -kJt3AoIBAQCxPPz+ndpIhVY+XDShjCxibk2EokV2nqokvvHVIPw/4nhUl9kgx+nF -wBZAUZKhB8V8p19RkPuRp78HvNNgx8VtF+6/6gkef0NoLp+k+gI/jgHBw9/3+ir+ -kKv4Jxd4IjYP9cP1qBTiIvzc4GNPaY7OZoVhcDzJef+bWdF1kaT+1dvDKzDFTadg -5Oo+ivUiD9FDyIvWyMqWmp2Qq6ZLoKZvA/TIf66hezj2RORlA+UTCH+2jWmMBVoU -nM/rXic+dPa+LsXW2NpZHYcfB4e52ALZtqOg5aXp/6Gw7NHt71spslIn+lC6w1HS -3ksE/c6K/+cPyShs4GmfTZWXJr72GZ1xAoIBAAK7gQb3/WCQpTiPh/v7Qnl6hQZD -y+T8fprWBXskU5A7NbIE44DdltPe4LLsVMHpNlqRpYCz+3bHTmPDHd+IHJHZm9Ik -4gUXjPMzzkF9qQ2lyNWvnH2bHlSeHUg/3ZCXpmc8l0pmAeRxhOxzBaFgjt8N3Z5n -FIc25xJ9ki3stySf6baWmTWFscCFn8eBJrQ8mNLXpBM2iXM1e5D8Bu2VZK6nJGtz -QCChvsHspsTmRsGvemBk27gkvKAG0K8u84T5XBRwog7MWx8XThVqNcns6kejeYQs -CNRvuLj7gEQwMPzW2p/tLbSU82oDKQTICeyPwfS/fMl/6NYRaTdABc6KIME= ------END RSA PRIVATE KEY----- diff --git a/docker/imap/cyrus.conf b/docker/imap/rootfs/etc/cyrus.conf similarity index 85% rename from docker/imap/cyrus.conf rename to docker/imap/rootfs/etc/cyrus.conf index 663ff99d..4ef209c2 100644 --- a/docker/imap/cyrus.conf +++ b/docker/imap/rootfs/etc/cyrus.conf @@ -1,41 +1,41 @@ START { # do not delete this entry! recover cmd="ctl_cyrusdb -r" statscleanup cmd="promstatsd -c" #mupdatepush cmd="ctl_mboxlist -m" } SERVICES { http cmd="httpd" listen=0.0.0.0:11080 proto="tcp" prefork=5 imap cmd="imapd" listen=0.0.0.0:11143 proto="tcp" prefork=5 - https cmd="httpd -s" listen=0.0.0.0:11443 proto="tcp" prefork=5 - imaps cmd="imapd -s" listen=0.0.0.0:11993 proto="tcp" prefork=1 + # https cmd="httpd -s" listen=0.0.0.0:11443 proto="tcp" prefork=5 + # imaps cmd="imapd -s" listen=0.0.0.0:11993 proto="tcp" prefork=1 sieve cmd="timsieved" listen=0.0.0.0:4190 proto="tcp" prefork=0 # lmtp without authentication required (-a) lmtp cmd="lmtpd -a" listen=0.0.0.0:11024 proto="tcp" prefork=1 } EVENTS { # this is required checkpoint cmd="ctl_cyrusdb -c" period="39" # Expire deleted folders older than 28 days. deleteprune cmd="cyr_expire -E 4 -D 28" at="0400" # Expire deleted messages older than 28 days. expungeprune cmd="cyr_expire -E 4 -X 28" at="0132" # this is only necessary if caching TLS sessions tlsprune cmd="tls_prune" at="0400" # this is only necessary if using duplicate delivery suppression delprune cmd="cyr_expire -E 3" at="0400" } DAEMON { # this is only necessary if using idled for IMAP IDLE idled cmd="idled" promstatsd cmd="promstatsd" } diff --git a/docker/imap/imapd.annotations.conf b/docker/imap/rootfs/etc/imapd.annotations.conf similarity index 100% rename from docker/imap/imapd.annotations.conf rename to docker/imap/rootfs/etc/imapd.annotations.conf diff --git a/docker/imap/imapd.conf b/docker/imap/rootfs/etc/imapd.conf similarity index 88% rename from docker/imap/imapd.conf rename to docker/imap/rootfs/etc/imapd.conf index d8fe038b..2595b837 100644 --- a/docker/imap/imapd.conf +++ b/docker/imap/rootfs/etc/imapd.conf @@ -1,111 +1,111 @@ servername: imap-backend configdirectory: /var/lib/imap defaultpartition: default metapartition_files: annotations cache expunge header index partition-default: /var/spool/imap/ metapartition-default: /var/spool/imap/ sievedir: /var/lib/imap/sieve annotation_definitions: /etc/imapd.annotations.conf autocreate_quota: 5242880 autocreate_inbox_folders: Drafts | Trash | Sent autocreate_subscribe_folders: Drafts | Trash | Sent # Set specialuse flags xlist-drafts: Drafts xlist-sent: Sent xlist-trash: Trash idlesocket: /var/lib/imap/socket/idle disable_shared_namespace: 0 disable_user_namespace: 0 duplicate_db_path: /run/cyrus/db/deliver.db mboxname_lockpath: /run/cyrus/lock proc_path: /run/cyrus/proc # Apparently does not work ##ptscache_db_path: /var/tmp/cyrus-imapd/ptscache.db statuscache_db_path: /run/cyrus/db/statuscache.db temp_path: /tmp tls_sessions_db_path: /run/cyrus/db/tls_sessions.db sendmail: /usr/sbin/sendmail admins: IMAP_ADMIN_LOGIN sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN sasl_saslauthd_path: /run/saslauthd/mux allowplaintext: yes lmtp_over_quota_perm_failure: 1 #tls_server_cert: /etc/pki/tls/private/aphy.app.pem #tls_server_key: /etc/pki/tls/private/aphy.app.pem #tls_server_ca_file: /etc/pki/tls/certs/zrh1.infra.aphy.app.ca.cert -tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem -tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem +# tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem +# tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem -tls_client_certs: off +# tls_client_certs: off -tls_ciphers: kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES +# tls_ciphers: kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES -tls_prefer_server_ciphers: 1 -tls_versions: tls1_3 +# tls_prefer_server_ciphers: 1 +# tls_versions: tls1_3 maxlogins_per_user: 50 proxyd_disable_mailbox_referrals: 0 httpmodules: caldav carddav domainkey freebusy ischedule rss webdav prometheus caldav_allowcalendaradmin: 1 unixhierarchysep: 1 virtdomains: userid sieve_extensions: fileinto reject envelope body vacation imap4flags include regex subaddress relational copy date allowallsubscribe: 0 anyoneuseracl: 0 allowusermoves: 1 altnamespace: 1 disconnect_on_vanished_mailbox: 1 hashimapspool: 1 anysievefolder: 1 fulldirhash: 0 sieve_maxscripts: 150 sieve_maxscriptsize: 128 sieveusehomedir: 0 sieve_allowreferrals: 0 sieve_utf8fileinto: 1 lmtp_downcase_rcpt: 1 lmtp_fuzzy_mailbox_match: 1 username_tolower: 1 deletedprefix: DELETED delete_mode: delayed expunge_mode: delayed postuser: shared tcp_keepalive: 1 prometheus_enabled: 1 syslog_prefix: cyrus-imapd calendar_default_displayname: Calendar addressbook_default_displayname: Addressbook # mupdate is enabled # mupdate_config: standard # mupdate_server: imap-mupdate # mupdate_port: 3905 # mupdate_authname: IMAP_ADMIN_LOGIN # mupdate_username: IMAP_ADMIN_LOGIN # mupdate_password: IMAP_ADMIN_PASSWORD # proxy authentication for these users # proxyservers: IMAP_ADMIN_LOGIN # sync is enabled #sync_try_imap: 0 #sync_log_chain: false #sync_authname: cyrus #sync_password: simple123 #sync_log: 1 #sync_repeat_interval: 10 #sync_shutdown_file: /var/lib/imap/sync_shutdown debug: 0 chatty: 1 diff --git a/docker/imap/saslauthd.conf b/docker/imap/rootfs/etc/saslauthd.conf similarity index 100% rename from docker/imap/saslauthd.conf rename to docker/imap/rootfs/etc/saslauthd.conf diff --git a/docker/imap/init.sh b/docker/imap/rootfs/init.sh similarity index 100% rename from docker/imap/init.sh rename to docker/imap/rootfs/init.sh diff --git a/docker/imap/rootfs/opt/app-root/src/reload.sh b/docker/imap/rootfs/opt/app-root/src/reload.sh new file mode 100755 index 00000000..2bd257b9 --- /dev/null +++ b/docker/imap/rootfs/opt/app-root/src/reload.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +kill -SIGHUP 1 diff --git a/docker/imap/rootfs/opt/app-root/src/update-from-source.sh b/docker/imap/rootfs/opt/app-root/src/update-from-source.sh new file mode 100755 index 00000000..602ed765 --- /dev/null +++ b/docker/imap/rootfs/opt/app-root/src/update-from-source.sh @@ -0,0 +1,19 @@ +#!/bin/bash +#Update from source (rather than via composer which updates to the latest commit) + +rsync -av \ + --no-links \ + --exclude=.git \ + --exclude='*.o' \ + --exclude='*.Plo' \ + --exclude='*.lo' \ + /src.orig/cyrus-imapd/ /opt/app-root/src/cyrus-imapd + +pushd /opt/app-root/src/cyrus-imapd +autoreconf -i +./configure CFLAGS="-W -Wno-unused-parameter -g -O0 -Wall -Wextra -Werror -fPIC" --enable-murder --enable-http --enable-calalarmd --enable-autocreate --enable-idled --with-openssl=yes --enable-replication --prefix=/usr +make -j6 +make install +popd + +./reload.sh