diff --git a/docker-compose.yml b/docker-compose.yml index bdbc91fc..3ee4879c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,226 +1,229 @@ version: '3' services: coturn: build: context: ./docker/coturn/ container_name: kolab-coturn healthcheck: interval: 10s test: "kill -0 $$(cat /tmp/turnserver.pid)" timeout: 5s retries: 30 environment: - TURN_PUBLIC_IP=${COTURN_PUBLIC_IP} - TURN_LISTEN_PORT=3478 - TURN_STATIC_SECRET=${COTURN_STATIC_SECRET} hostname: sturn.mgmt.com image: kolab-coturn network_mode: host restart: on-failure roundcube: build: context: ./docker/roundcube/ container_name: kolab-roundcube hostname: roundcube.hosted.com restart: on-failure depends_on: mariadb: condition: service_healthy pdns: condition: service_healthy environment: - APP_DOMAIN=${APP_DOMAIN} - DB_HOST=mariadb - DB_ROOT_PASSWORD=${DB_ROOT_PASSWORD} - DB_RC_DATABASE=roundcube - DB_RC_USERNAME=roundcube - DB_RC_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"} - IMAP_HOST=imap - IMAP_PORT=11143 - IMAP_ADMIN_LOGIN=${IMAP_ADMIN_LOGIN} - IMAP_ADMIN_PASSWORD=${IMAP_ADMIN_PASSWORD} - MAIL_HOST=postfix - MAIL_PORT=10587 healthcheck: interval: 10s test: "kill -0 $$(cat /run/httpd/httpd.pid)" timeout: 5s retries: 30 # This makes docker's dns, resolve via pdns for this container. # Please note it does not affect /etc/resolv.conf dns: 172.18.0.11 image: roundcube extra_hosts: - "${APP_DOMAIN}:172.18.0.7" networks: kolab: ipv4_address: 172.18.0.9 ports: - "8080:8080" tmpfs: - /tmp - /var/tmp volumes: - ./ext/:/src.orig/:ro - roundcube:/data mariadb: container_name: kolab-mariadb restart: on-failure environment: - MARIADB_ROOT_PASSWORD=${DB_ROOT_PASSWORD} - TZ="+02:00" - DB_HKCCP_DATABASE=${DB_DATABASE} - DB_HKCCP_USERNAME=${DB_USERNAME} - DB_HKCCP_PASSWORD=${DB_PASSWORD} - DB_KOLAB_DATABASE=kolab - DB_KOLAB_USERNAME=kolab - DB_KOLAB_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"} + - DB_RC_DATABASE=roundcube + - DB_RC_USERNAME=roundcube + - DB_RC_PASSWORD=${DB_PASSWORD:?"DB_PASSWORD is missing"} healthcheck: interval: 10s test: test -e /var/run/mysqld/mysqld.sock timeout: 5s retries: 30 image: mariadb:10.9 networks: kolab: ipv4_address: 172.18.0.3 volumes: - ./docker/mariadb/mysql-init/:/docker-entrypoint-initdb.d/ - ./docker/mariadb/mysql-update/:/always-initdb.d/ - mariadb:/var/lib/mysql pdns: build: context: ./docker/pdns/ container_name: kolab-pdns restart: on-failure tty: true hostname: pdns depends_on: mariadb: condition: service_healthy healthcheck: interval: 10s test: "pdns_control rping || exit 1" timeout: 5s retries: 30 image: kolab-pdns environment: - ROLE=both - DB_HOST=mariadb - DB_DATABASE=${DB_DATABASE:?DB_DATABASE} - DB_USERNAME=${DB_USERNAME:?DB_USERNAME} - DB_PASSWORD=${DB_PASSWORD:?DB_PASSWORD} networks: kolab: ipv4_address: 172.18.0.11 tmpfs: - /run - /tmp - /var/run - /var/tmp volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro redis: build: context: ./docker/redis/ healthcheck: interval: 10s test: "redis-cli ping || exit 1" timeout: 5s retries: 30 container_name: kolab-redis restart: on-failure hostname: redis image: redis networks: - kolab volumes: - ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro webapp: build: context: ./docker/webapp/ args: GIT_REF: ${KOLAB_GIT_REF:-master} container_name: kolab-webapp restart: on-failure image: kolab-webapp healthcheck: interval: 10s test: "./artisan octane:status || exit 1" timeout: 5s retries: 30 start_period: 5m depends_on: redis: condition: service_healthy networks: kolab: ipv4_address: 172.18.0.4 volumes: - ./src:/src/kolabsrc.orig:ro ports: - "8000:8000" meet: build: context: ./docker/meet/ args: GIT_REF: ${KOLAB_GIT_REF:-master} container_name: kolab-meet restart: on-failure healthcheck: interval: 10s test: "curl --insecure -H 'X-AUTH-TOKEN: ${MEET_SERVER_TOKEN}' --fail https://${MEET_LISTENING_HOST}:12443/meetmedia/api/health || exit 1" timeout: 5s retries: 30 start_period: 5m environment: - WEBRTC_LISTEN_IP=${MEET_WEBRTC_LISTEN_IP:?err} - PUBLIC_DOMAIN=${MEET_PUBLIC_DOMAIN:?err} - LISTENING_HOST=${MEET_LISTENING_HOST:?err} - LISTENING_PORT=12443 - TURN_SERVER=${MEET_TURN_SERVER} - TURN_STATIC_SECRET=${COTURN_STATIC_SECRET} - AUTH_TOKEN=${MEET_SERVER_TOKEN:?err} - WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN:?err} - WEBHOOK_URL=${APP_PUBLIC_URL:?err}/api/webhooks/meet - SSL_CERT=/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN:?err}.cert - SSL_KEY=/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN:?err}.key network_mode: host image: kolab-meet volumes: - ./meet/server:/src/meet/:ro - ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.cert:/etc/pki/tls/certs/meet.${APP_WEBSITE_DOMAIN}.cert - ./docker/certs/meet.${APP_WEBSITE_DOMAIN}.key:/etc/pki/tls/private/meet.${APP_WEBSITE_DOMAIN}.key minio: container_name: kolab-minio restart: on-failure healthcheck: interval: 10s test: "mc ready local || exit 1" timeout: 5s retries: 30 start_period: 5m environment: - MINIO_ROOT_USER=${MINIO_USER} - MINIO_ROOT_PASSWORD=${MINIO_PASSWORD} image: minio/minio networks: kolab: ipv4_address: 172.18.0.14 ports: - "9000:9000" - "9001:9001" entrypoint: sh command: -c 'mkdir -p /data/${MINIO_BUCKET} && minio server /data --console-address ":9001"' volumes: - minio:/data networks: kolab: driver: bridge ipam: config: - subnet: "172.18.0.0/24" volumes: mariadb: minio: roundcube: diff --git a/docker/mariadb/mysql-init/setup.sh b/docker/mariadb/mysql-init/setup.sh index b97243c9..932db6d6 100755 --- a/docker/mariadb/mysql-init/setup.sh +++ b/docker/mariadb/mysql-init/setup.sh @@ -1,87 +1,147 @@ #!/bin/bash MYSQL_PWD=$MARIADB_ROOT_PASSWORD mysql --protocol=socket -uroot -hlocalhost --socket="/run/mysqld/mysqld.sock" << EOF CREATE DATABASE ${DB_HKCCP_DATABASE}; CREATE USER '${DB_HKCCP_USERNAME}'@'%' IDENTIFIED BY '${DB_HKCCP_PASSWORD}'; GRANT ALL PRIVILEGES ON ${DB_HKCCP_DATABASE}.* TO '${DB_HKCCP_USERNAME}'@'%' IDENTIFIED BY '${DB_HKCCP_PASSWORD}'; FLUSH PRIVILEGES; EOF MYSQL_PWD=$MARIADB_ROOT_PASSWORD mysql --protocol=socket -uroot -hlocalhost --socket="/run/mysqld/mysqld.sock" << EOF CREATE DATABASE ${DB_KOLAB_DATABASE}; CREATE USER ${DB_KOLAB_USERNAME}@'%' IDENTIFIED BY '${DB_KOLAB_PASSWORD}'; GRANT ALL PRIVILEGES ON ${DB_KOLAB_DATABASE}.* TO ${DB_KOLAB_USERNAME}@'%' IDENTIFIED BY '${DB_KOLAB_PASSWORD}'; FLUSH PRIVILEGES; EOF +MYSQL_PWD=$MARIADB_ROOT_PASSWORD mysql --protocol=socket -uroot -hlocalhost --socket="/run/mysqld/mysqld.sock" << EOF +CREATE DATABASE IF NOT EXISTS $DB_RC_DATABASE CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; +CREATE USER IF NOT EXISTS $DB_RC_USERNAME@'%' IDENTIFIED BY '$DB_RC_PASSWORD'; +ALTER USER $DB_RC_USERNAME@'%' IDENTIFIED BY '$DB_RC_PASSWORD'; +GRANT ALL PRIVILEGES ON $DB_RC_DATABASE.* TO $DB_RC_USERNAME@'%'; +FLUSH PRIVILEGES; +EOF + +MYSQL_PWD=$DB_RC_PASSWORD mysql --protocol=socket -uroot -hlocalhost --socket="/run/mysqld/mysqld.sock" ${DB_RC_USERNAME}<< EOF +CREATE TABLE users ( + user_id int(10) UNSIGNED NOT NULL AUTO_INCREMENT, + username varchar(128) BINARY NOT NULL, + mail_host varchar(128) NOT NULL, + created datetime NOT NULL DEFAULT '1000-01-01 00:00:00', + last_login datetime DEFAULT NULL, + failed_login datetime DEFAULT NULL, + failed_login_counter int(10) UNSIGNED DEFAULT NULL, + language varchar(16), + preferences longtext, + PRIMARY KEY(user_id), + UNIQUE username (username, mail_host) +) ROW_FORMAT=DYNAMIC ENGINE=INNODB CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; + + +CREATE TABLE identities ( + identity_id int(10) UNSIGNED NOT NULL AUTO_INCREMENT, + user_id int(10) UNSIGNED NOT NULL, + changed datetime NOT NULL DEFAULT '1000-01-01 00:00:00', + del tinyint(1) NOT NULL DEFAULT '0', + standard tinyint(1) NOT NULL DEFAULT '0', + name varchar(128) NOT NULL, + organization varchar(128) NOT NULL DEFAULT '', + email varchar(128) NOT NULL, + reply-to varchar(128) NOT NULL DEFAULT '', + bcc varchar(128) NOT NULL DEFAULT '', + signature longtext, + html_signature tinyint(1) NOT NULL DEFAULT '0', + PRIMARY KEY(identity_id), + CONSTRAINT user_id_fk_identities FOREIGN KEY (user_id) + REFERENCES users(user_id) ON DELETE CASCADE ON UPDATE CASCADE, + INDEX user_identities_index (user_id, del), + INDEX email_identities_index (email, del) +) ROW_FORMAT=DYNAMIC ENGINE=INNODB CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; + + +CREATE TABLE filestore ( + file_id int(10) UNSIGNED NOT NULL AUTO_INCREMENT, + user_id int(10) UNSIGNED NOT NULL, + context varchar(32) NOT NULL, + filename varchar(128) NOT NULL, + mtime int(10) NOT NULL, + data longtext NOT NULL, + PRIMARY KEY (file_id), + CONSTRAINT user_id_fk_filestore FOREIGN KEY (user_id) + REFERENCES users (user_id) ON DELETE CASCADE ON UPDATE CASCADE, + UNIQUE uniqueness (user_id, context, filename) +) ROW_FORMAT=DYNAMIC ENGINE=INNODB CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; + +EOF + # Powerdns setup according to https://github.com/PowerDNS/pdns/blob/master/modules/gmysqlbackend/schema.mysql.sql # Required for the first boot, afterwards the laravel migration will take over. # This is only required so pdns can start cleanly, indexes etc are handled by the laravel migration. MYSQL_PWD=$MARIADB_ROOT_PASSWORD mysql --protocol=socket -uroot -hlocalhost --socket="/run/mysqld/mysqld.sock" ${DB_HKCCP_DATABASE} << EOF CREATE TABLE powerdns_domains ( id INT AUTO_INCREMENT, name VARCHAR(255) NOT NULL, master VARCHAR(128) DEFAULT NULL, last_check INT DEFAULT NULL, type VARCHAR(8) NOT NULL, notified_serial INT UNSIGNED DEFAULT NULL, account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL, options VARCHAR(64000) DEFAULT NULL, catalog VARCHAR(255) DEFAULT NULL, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE TABLE powerdns_records ( id BIGINT AUTO_INCREMENT, domain_id INT DEFAULT NULL, name VARCHAR(255) DEFAULT NULL, type VARCHAR(10) DEFAULT NULL, content VARCHAR(64000) DEFAULT NULL, ttl INT DEFAULT NULL, prio INT DEFAULT NULL, disabled TINYINT(1) DEFAULT 0, ordername VARCHAR(255) BINARY DEFAULT NULL, auth TINYINT(1) DEFAULT 1, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE TABLE powerdns_masters ( ip VARCHAR(64) NOT NULL, nameserver VARCHAR(255) NOT NULL, account VARCHAR(40) CHARACTER SET 'utf8' NOT NULL, PRIMARY KEY (ip, nameserver) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE TABLE powerdns_comments ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, name VARCHAR(255) NOT NULL, type VARCHAR(10) NOT NULL, modified_at INT NOT NULL, account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL, comment TEXT CHARACTER SET 'utf8' NOT NULL, PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE TABLE powerdns_cryptokeys ( id INT AUTO_INCREMENT, domain_id INT NOT NULL, flags INT NOT NULL, active BOOL, published BOOL DEFAULT 1, content TEXT, PRIMARY KEY(id) ) Engine=InnoDB CHARACTER SET 'latin1'; CREATE TABLE powerdns_tsigkeys ( id INT AUTO_INCREMENT, name VARCHAR(255), algorithm VARCHAR(50), secret VARCHAR(255), PRIMARY KEY (id) ) Engine=InnoDB CHARACTER SET 'latin1'; EOF