diff --git a/docker-compose.yml b/docker-compose.yml index 05436d73..404632f4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,300 +1,302 @@ version: '3' services: coturn: build: context: ./docker/coturn/ container_name: kolab-coturn healthcheck: interval: 10s test: "kill -0 $$(cat /tmp/turnserver.pid)" timeout: 5s retries: 30 environment: - TURN_PUBLIC_IP=${COTURN_PUBLIC_IP} - TURN_LISTEN_PORT=3478 - TURN_STATIC_SECRET=${COTURN_STATIC_SECRET} hostname: sturn.mgmt.com image: kolab-coturn network_mode: host restart: on-failure kolab: build: context: ./docker/kolab/ args: DB_KOLAB_DATABASE: kolab DB_KOLAB_USERNAME: kolab DB_KOLAB_PASSWORD: ${DB_PASSWORD:?"DB_PASSWORD is missing"} container_name: kolab privileged: true restart: on-failure depends_on: mariadb: condition: service_healthy pdns: condition: service_healthy extra_hosts: - "kolab.mgmt.com:127.0.0.1" - "services.${APP_DOMAIN}:172.18.0.4" environment: - APP_DOMAIN=${APP_DOMAIN} - LDAP_HOST=127.0.0.1 - LDAP_ADMIN_BIND_DN=${LDAP_ADMIN_BIND_DN} - LDAP_ADMIN_BIND_PW=${LDAP_ADMIN_BIND_PW} - LDAP_SERVICE_BIND_PW=${LDAP_SERVICE_BIND_PW} - LDAP_HOSTED_BIND_PW=${LDAP_HOSTED_BIND_PW} - DB_HOST=mariadb - DB_ROOT_PASSWORD=${DB_ROOT_PASSWORD} - DB_HKCCP_DATABASE=${DB_DATABASE} - DB_HKCCP_USERNAME=${DB_USERNAME} - DB_HKCCP_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"} - DB_KOLAB_DATABASE=kolab - DB_KOLAB_USERNAME=kolab - DB_KOLAB_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"} - SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE:?"KOLAB_SSL_CERTIFICATE is missing"} - SSL_CERTIFICATE_FULLCHAIN=${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?"KOLAB_SSL_CERTIFICATE_FULLCHAIN is missing"} - SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY:?"KOLAB_SSL_CERTIFICATE_KEY is missing"} - IMAP_HOST=127.0.0.1 - IMAP_PORT=11993 - IMAP_ADMIN_LOGIN=${IMAP_ADMIN_LOGIN} - IMAP_ADMIN_PASSWORD=${IMAP_ADMIN_PASSWORD} - MAIL_HOST=127.0.0.1 - MAIL_PORT=10587 healthcheck: interval: 10s test: "systemctl is-active kolab-init || exit 1" timeout: 5s retries: 30 start_period: 5m # This makes docker's dns, resolve via pdns for this container. # Please note it does not affect /etc/resolv.conf dns: 172.18.0.11 hostname: kolab.mgmt.com image: kolab networks: kolab: ipv4_address: 172.18.0.5 ports: - "12143:12143" tmpfs: - /run - /tmp - /var/run - /var/tmp volumes: - ./ext/:/src/:ro - /etc/letsencrypt/:/etc/letsencrypt/:ro - ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro - ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro - ./docker/certs/kolab.hosted.com.cert:${KOLAB_SSL_CERTIFICATE:?err} - ./docker/certs/kolab.hosted.com.chain.pem:${KOLAB_SSL_CERTIFICATE_FULLCHAIN:?err} - ./docker/certs/kolab.hosted.com.key:${KOLAB_SSL_CERTIFICATE_KEY:?err} - ./docker/kolab/utils:/root/utils:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro - imap:/imapdata - ldap:/ldapdata roundcube: build: context: ./docker/roundcube/ container_name: roundcube hostname: roundcube.hosted.com restart: on-failure depends_on: mariadb: condition: service_healthy pdns: condition: service_healthy kolab: condition: service_healthy environment: - APP_DOMAIN=${APP_DOMAIN} - LDAP_HOST=kolab - LDAP_ADMIN_BIND_DN=${LDAP_ADMIN_BIND_DN} - LDAP_ADMIN_BIND_PW=${LDAP_ADMIN_BIND_PW} - LDAP_SERVICE_BIND_PW=${LDAP_SERVICE_BIND_PW} - LDAP_HOSTED_BIND_PW=${LDAP_HOSTED_BIND_PW} - DB_HOST=mariadb - DB_ROOT_PASSWORD=${DB_ROOT_PASSWORD} - DB_RC_DATABASE=roundcube - DB_RC_USERNAME=roundcube - DB_RC_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"} - IMAP_HOST=tls://haproxy - IMAP_PORT=145 - IMAP_ADMIN_LOGIN=${IMAP_ADMIN_LOGIN} - IMAP_ADMIN_PASSWORD=${IMAP_ADMIN_PASSWORD} - MAIL_HOST=tls://kolab - MAIL_PORT=10587 healthcheck: interval: 10s test: "kill -0 $$(cat /run/httpd/httpd.pid)" timeout: 5s retries: 30 # This makes docker's dns, resolve via pdns for this container. # Please note it does not affect /etc/resolv.conf dns: 172.18.0.11 image: roundcube networks: kolab: ipv4_address: 172.18.0.9 ports: - "8001:80" tmpfs: - /run - /tmp - /var/run - /var/tmp volumes: - ./ext/:/src.orig/:ro mariadb: container_name: kolab-mariadb restart: on-failure environment: - MARIADB_ROOT_PASSWORD=${DB_ROOT_PASSWORD} - TZ="+02:00" - DB_HKCCP_DATABASE=${DB_DATABASE} - DB_HKCCP_USERNAME=${DB_USERNAME} - DB_HKCCP_PASSWORD=${DB_PASSWORD} healthcheck: interval: 10s test: test -e /var/run/mysqld/mysqld.sock timeout: 5s retries: 30 image: mariadb:latest networks: - - kolab + kolab: + ipv4_address: 172.18.0.3 volumes: - ./docker/mariadb/mysql-init/:/docker-entrypoint-initdb.d/ - mariadb:/var/lib/mysql haproxy: build: context: ./docker/haproxy/ healthcheck: interval: 10s test: "kill -0 $$(cat /var/run/haproxy.pid)" timeout: 5s retries: 30 container_name: kolab-haproxy restart: on-failure hostname: haproxy.hosted.com image: kolab-haproxy networks: - - kolab + kolab: + ipv4_address: 172.18.0.6 tmpfs: - /run - /tmp - /var/run - /var/tmp volumes: - ./docker/certs/:/etc/certs/:ro - /etc/letsencrypt/:/etc/letsencrypt/:ro pdns: build: context: ./docker/pdns/ args: DB_HOST: mariadb DB_DATABASE: ${DB_DATABASE:?DB_DATABASE} DB_USERNAME: ${DB_USERNAME:?DB_USERNAME} DB_PASSWORD: ${DB_PASSWORD:?DB_PASSWORD} container_name: kolab-pdns restart: on-failure hostname: pdns depends_on: mariadb: condition: service_healthy healthcheck: interval: 10s test: "systemctl status pdns || exit 1" timeout: 5s retries: 30 image: kolab-pdns networks: kolab: ipv4_address: 172.18.0.11 tmpfs: - /run - /tmp - /var/run - /var/tmp volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro redis: build: context: ./docker/redis/ healthcheck: interval: 10s test: "redis-cli ping || exit 1" timeout: 5s retries: 30 container_name: kolab-redis restart: on-failure hostname: redis image: redis networks: - kolab volumes: - ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro webapp: build: context: ./docker/webapp/ container_name: kolab-webapp restart: on-failure image: kolab-webapp healthcheck: interval: 10s test: "/src/kolabsrc/artisan octane:status || exit 1" timeout: 5s retries: 30 start_period: 5m depends_on: kolab: condition: service_healthy redis: condition: service_healthy roundcube: condition: service_healthy networks: kolab: ipv4_address: 172.18.0.4 volumes: - ./src:/src/kolabsrc.orig:ro ports: - "8000:8000" meet: build: context: ./docker/meet/ container_name: kolab-meet restart: on-failure healthcheck: interval: 10s test: "curl --insecure -H 'X-AUTH-TOKEN: ${MEET_SERVER_TOKEN}' --fail https://${MEET_LISTENING_HOST}:12443/meetmedia/api/health || exit 1" timeout: 5s retries: 30 start_period: 5m environment: - WEBRTC_LISTEN_IP=${MEET_WEBRTC_LISTEN_IP:?err} - PUBLIC_DOMAIN=${MEET_PUBLIC_DOMAIN:?err} - LISTENING_HOST=${MEET_LISTENING_HOST:?err} - LISTENING_PORT=12443 - TURN_SERVER=${MEET_TURN_SERVER} - TURN_STATIC_SECRET=${COTURN_STATIC_SECRET} - AUTH_TOKEN=${MEET_SERVER_TOKEN:?err} - WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN:?err} - WEBHOOK_URL=${APP_PUBLIC_URL:?err}/api/webhooks/meet - SSL_CERT=/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN:?err}.cert - SSL_KEY=/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN:?err}.key network_mode: host container_name: kolab-meet image: kolab-meet volumes: - ./meet/server:/src/meet/:ro - ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.cert:/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN}.cert - ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.key:/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN}.key networks: kolab: driver: bridge ipam: config: - subnet: "172.18.0.0/24" volumes: mariadb: imap: ldap: diff --git a/docker/kolab/Dockerfile b/docker/kolab/Dockerfile index 9c6369f8..c37e4d58 100644 --- a/docker/kolab/Dockerfile +++ b/docker/kolab/Dockerfile @@ -1,83 +1,83 @@ FROM quay.io/centos/centos:stream8 LABEL maintainer="contact@apheleia-it.ch" LABEL dist=centos8 LABEL tier=${TIER} ENV SYSTEMD_PAGER='' ENV DISTRO=centos8 ENV LANG=en_US.utf8 ENV LC_ALL=en_US.utf8 # Add EPEL. RUN dnf config-manager --set-enabled powertools && \ dnf -y install \ epel-release epel-next-release && \ dnf -y module enable 389-directory-server:stable/default && \ dnf -y module enable mariadb:10.3 && \ dnf -y install iputils vim-enhanced bind-utils && \ dnf clean all RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 # Install kolab RUN rpm --import https://mirror.apheleia-it.ch/repos/Kolab:/16/key.asc && \ rpm -Uvh https://mirror.apheleia-it.ch/repos/Kolab:/16/kolab-16-for-el8stream.rpm RUN sed -i -e '/^ssl/d' /etc/yum.repos.d/kolab*.repo && \ dnf config-manager --enable kolab-16-testing &&\ dnf -y --setopt tsflags= install kolab patch &&\ dnf clean all COPY kolab-init.service /etc/systemd/system/kolab-init.service COPY kolab-setenv.service /etc/systemd/system/kolab-setenv.service COPY utils /root/utils RUN rm -rf /etc/systemd/system/multi-user.target.wants/{avahi-daemon,sshd}.* && \ ln -s /etc/systemd/system/kolab-init.service \ /etc/systemd/system/multi-user.target.wants/kolab-init.service && \ ln -s /etc/systemd/system/kolab-setenv.service \ /etc/systemd/system/multi-user.target.wants/kolab-setenv.service RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || : COPY /rootfs / COPY kolab-init.sh /usr/local/sbin/ RUN chmod 750 /usr/local/sbin/kolab-init.sh COPY kolab.conf /etc/kolab/kolab.conf COPY cyrus.conf /etc/cyrus.conf COPY imapd.conf /etc/imapd.conf COPY imapd.annotations.conf /etc/imapd.annotations.conf COPY guam.conf /etc/guam/sys.config ARG DB_KOLAB_DATABASE ARG DB_KOLAB_USERNAME ARG DB_KOLAB_PASSWORD RUN sed -i -r \ -e "s|DB_KOLAB_DATABASE|$DB_KOLAB_DATABASE|g" \ -e "s|DB_KOLAB_USERNAME|$DB_KOLAB_USERNAME|g" \ -e "s|DB_KOLAB_PASSWORD|$DB_KOLAB_PASSWORD|g" \ /etc/kolab/kolab.conf RUN mkdir -p /imapdata/{spool,lib} && \ rm -rf /var/spool/imap && ln -s /imapdata/spool /var/spool/imap && \ mv /var/lib/imap /var/lib/imap-bak && ln -s /imapdata/lib /var/lib/imap && \ chmod -R 777 /imapdata && \ chown cyrus:mail /var/spool/imap /var/lib/imap RUN mkdir -p /ldapdata/{config,ssca,run} /var/run/dirsrv && \ ln -s /ldapdata/config /etc/dirsrv/slapd-kolab && \ ln -s /ldapdata/ssca /etc/dirsrv/ssca && \ ln -s /ldapdata/run /var/run/dirsrv && \ chmod -R 777 /ldapdata /etc/dirsrv VOLUME [ "/sys/fs/cgroup" ] VOLUME [ "/imapdata" ] VOLUME [ "/ldapdata" ] WORKDIR /root/ CMD ["/lib/systemd/systemd"] -EXPOSE 21/tcp 22/tcp 25/tcp 53/tcp 53/udp 110/tcp 389/tcp 443/tcp 995/tcp 10143/tcp 10465/tcp 10587/tcp 11143/tcp 11993/tcp +EXPOSE 10143/tcp 10465/tcp 10587/tcp 11143/tcp 11993/tcp