diff --git a/bin/quickstart.sh b/bin/quickstart.sh index 84ce7c0a..c9b24d37 100755 --- a/bin/quickstart.sh +++ b/bin/quickstart.sh @@ -1,96 +1,96 @@ #!/bin/bash set -e function die() { echo "$1" exit 1 } rpm -qv composer >/dev/null 2>&1 || \ test ! -z "$(which composer 2>/dev/null)" || \ die "Is composer installed?" rpm -qv docker-compose >/dev/null 2>&1 || \ test ! -z "$(which docker-compose 2>/dev/null)" || \ die "Is docker-compose installed?" rpm -qv npm >/dev/null 2>&1 || \ test ! -z "$(which npm 2>/dev/null)" || \ die "Is npm installed?" rpm -qv php >/dev/null 2>&1 || \ test ! -z "$(which php 2>/dev/null)" || \ die "Is php installed?" rpm -qv php-ldap >/dev/null 2>&1 || \ test ! -z "$(php --ini | grep ldap)" || \ die "Is php-ldap installed?" rpm -qv php-mysqlnd >/dev/null 2>&1 || \ test ! -z "$(php --ini | grep mysql)" || \ die "Is php-mysqlnd installed?" test ! -z "$(php --modules | grep swoole)" || \ die "Is swoole installed?" base_dir=$(dirname $(dirname $0)) docker pull docker.io/kolab/centos7:latest docker-compose down --remove-orphans docker-compose build pushd ${base_dir}/src/ if [ ! -f ".env" ]; then cp .env.example .env fi if [ -f ".env.local" ]; then # Ensure there's a line ending echo "" >> .env cat .env.local >> .env fi popd bin/regen-certs docker-compose up -d coturn kolab mariadb openvidu kurento-media-server proxy redis pushd ${base_dir}/src/ rm -rf vendor/ composer.lock php -dmemory_limit=-1 /bin/composer install npm install find bootstrap/cache/ -type f ! -name ".gitignore" -delete ./artisan key:generate ./artisan jwt:secret -f ./artisan clear-compiled ./artisan cache:clear ./artisan horizon:install if [ ! -z "$(rpm -qv chromium 2>/dev/null)" ]; then chver=$(rpmquery --queryformat="%{VERSION}" chromium | awk -F'.' '{print $1}') ./artisan dusk:chrome-driver ${chver} fi if [ ! -f 'resources/countries.php' ]; then ./artisan data:countries fi npm run dev popd -docker-compose up -d worker +docker-compose up -d worker nginx pushd ${base_dir}/src/ rm -rf database/database.sqlite ./artisan db:ping --wait php -dmemory_limit=512M ./artisan migrate:refresh --seed ./artisan data:import ./artisan swoole:http stop >/dev/null 2>&1 || : ./artisan swoole:http start popd diff --git a/bin/regen-certs b/bin/regen-certs index ee277724..005a8765 100755 --- a/bin/regen-certs +++ b/bin/regen-certs @@ -1,72 +1,72 @@ #!/bin/bash base_dir=$(dirname $(dirname $0)) cert_dir="${base_dir}/docker/certs/" if [ ! -d "${cert_dir}" ]; then mkdir -p ${cert_dir} fi if [ ! -f "${cert_dir}/ca.key" ]; then openssl genrsa -out ${cert_dir}/ca.key 4096 openssl req \ -new \ -x509 \ -nodes \ -days 3650 \ -key ${cert_dir}/ca.key \ -out ${cert_dir}/ca.cert \ -subj '/O=Example CA/' fi if [ -f /etc/pki/tls/openssl.cnf ]; then openssl_cnf="/etc/pki/tls/openssl.cnf" elif [ -f /etc/ssl/openssl.cnf ]; then openssl_cnf="/etc/ssl/openssl.cnf" else echo "No openssl.cnf" exit 1 fi export $(cat ${base_dir}/src/.env | xargs) >/dev/null 2>&1 -for name in kolab.mgmt.com kolab.hosted.com {{admin,meet}.,}${APP_DOMAIN}; do +for name in kolab.mgmt.com kolab.hosted.com imap.hosted.com {{admin,meet}.,}${APP_DOMAIN}; do openssl genrsa -out ${cert_dir}/${name}.key 4096 openssl req \ -new \ -key ${cert_dir}/${name}.key \ -out ${cert_dir}/${name}.csr \ -subj "/O=Example CA/CN=${name}/" \ -reqexts SAN \ -config <(cat ${openssl_cnf} \ <(printf "[SAN]\nsubjectAltName=DNS:${name}")) openssl x509 \ -req \ -in ${cert_dir}/${name}.csr \ -CA ${cert_dir}/ca.cert \ -CAkey ${cert_dir}/ca.key \ -CAcreateserial \ -out ${cert_dir}/${name}.cert \ -days 28 \ -extfile <(cat ${openssl_cnf} \ <(printf "[SAN]\nsubjectAltName=DNS:${name}")) \ -extensions SAN # 'cause java ... openssl pkcs8 \ -topk8 \ -inform pem \ -in ${cert_dir}/${name}.key \ -outform pem \ -nocrypt \ -out ${cert_dir}/${name}_p8.key cat ${cert_dir}/${name}.cert \ ${cert_dir}/ca.cert > ${cert_dir}/${name}.chain.pem chmod 644 ${cert_dir}/*.{cert,key,pem} done diff --git a/docker-compose.yml b/docker-compose.yml index 058d0fcd..04eb9c1b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,154 +1,177 @@ version: '3' services: coturn: container_name: kolab-coturn environment: - DB_NAME=${OPENVIDU_COTURN_REDIS_DATABASE} - DB_PASSWORD=${OPENVIDU_COTURN_REDIS_PASSWORD} - REDIS_IP=${OPENVIDU_COTURN_REDIS_IP} - TURN_PUBLIC_IP=${OPENVIDU_COTURN_IP} - TURN_LISTEN_PORT=3478 hostname: sturn.mgmt.com image: openvidu/openvidu-coturn:1.0.0 network_mode: host restart: on-failure tty: true kolab: build: context: ./docker/kolab/ container_name: kolab depends_on: - mariadb extra_hosts: - "kolab.mgmt.com:127.0.0.1" environment: - DB_HOST=${DB_HOST} - DB_ROOT_PASSWORD=Welcome2KolabSystems healthcheck: interval: 10s test: test -f /tmp/kolab-init.done timeout: 5s retries: 30 hostname: kolab.mgmt.com image: kolab network_mode: host tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: - /etc/letsencrypt/:/etc/letsencrypt/:ro - ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro - ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro - ./docker/certs/kolab.hosted.com.cert:/etc/pki/tls/certs/kolab.hosted.com.cert - ./docker/certs/kolab.hosted.com.key:/etc/pki/tls/certs/kolab.hosted.com.key - ./docker/certs/kolab.mgmt.com.cert:/etc/pki/tls/certs/kolab.mgmt.com.cert - ./docker/certs/kolab.mgmt.com.key:/etc/pki/tls/certs/kolab.mgmt.com.key - ./docker/kolab/utils:/root/utils:ro - ./src/.env:/.dockerenv:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro kurento-media-server: build: context: ./docker/kurento-media-server/ container_name: kolab-kurento-media-server environment: - GST_DEBUG=3,Kurento*:4,kms*:4,sdp*:4,webrtc*:4,*rtpendpoint:4,rtp*handler:4,rtpsynchronizer:4,agnosticbin:4 hostname: kurento-media-server.hosted.com image: apheleia/kurento-media-server:6.15.0 network_mode: host mariadb: container_name: kolab-mariadb environment: MYSQL_ROOT_PASSWORD: Welcome2KolabSystems TZ: "+02:00" healthcheck: interval: 10s test: test -e /var/run/mysqld/mysqld.sock timeout: 5s retries: 30 image: mariadb network_mode: host openvidu: build: context: ./docker/openvidu/ container_name: kolab-openvidu depends_on: - kurento-media-server environment: - APP_DOMAIN=${APP_DOMAIN} - CERTIFICATE_TYPE=letsencrypt - COTURN_IP=${OPENVIDU_COTURN_IP} - COTURN_REDIS_DBNAME=${OPENVIDU_COTURN_REDIS_DATABASE} - COTURN_REDIS_PASSWORD=${OPENVIDU_COTURN_REDIS_PASSWORD} - COTURN_REDIS_IP=${OPENVIDU_COTURN_REDIS_IP} - DOMAIN_OR_PUBLIC_IP=${OPENVIDU_PUBLIC_IP} - SERVER_PORT=${OPENVIDU_SERVER_PORT} - KMS_STUN_IP=${OPENVIDU_COTURN_IP} - KMS_STUN_PORT=3478 - KMS_URIS=["ws://localhost:8888/kurento", "ws://localhost:8889/kurento"] - OPENVIDU_SECRET=${OPENVIDU_API_PASSWORD} - OPENVIDU_WEBHOOK=${OPENVIDU_WEBHOOK} - OPENVIDU_WEBHOOK_ENDPOINT=${OPENVIDU_WEBHOOK_ENDPOINT} - SERVER_SSL_ENABLED=false hostname: openvidu.hosted.com image: apheleia/openvidu:2.18.0 network_mode: host tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: - /etc/letsencrypt/:/etc/letsencrypt/:ro + nginx: + build: + context: ./docker/nginx/ + args: + NGINX_AUTH_WEBHOOK: ${APP_DOMAIN}/api/webhooks/nginx + container_name: kolab-nginx + depends_on: + kolab: + condition: service_healthy + hostname: nginx.hosted.com + image: kolab-nginx + network_mode: host + tmpfs: + - /run + - /tmp + - /var/run + - /var/tmp + tty: true + volumes: + - /etc/letsencrypt/:/etc/letsencrypt/:ro + - ./docker/certs/imap.hosted.com.cert:/etc/pki/tls/certs/imap.hosted.com.cert + - ./docker/certs/imap.hosted.com.key:/etc/pki/tls/private/imap.hosted.com.key + - /sys/fs/cgroup:/sys/fs/cgroup:ro proxy: build: context: ./docker/proxy/ container_name: kolab-proxy hostname: kanarip.internet-box.ch image: kolab-proxy network_mode: host tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: - ./docker/certs/:/etc/certs/:ro - /etc/letsencrypt/:/etc/letsencrypt/:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro redis: build: context: ./docker/redis/ container_name: kolab-redis hostname: redis image: redis network_mode: host volumes: - ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro swoole: build: context: ./docker/swoole/ container_name: kolab-swoole image: apheleia/swoole:4.6.x worker: build: context: ./docker/worker/ container_name: kolab-worker depends_on: - kolab hostname: worker image: kolab-worker network_mode: host tmpfs: - /run - /tmp - /var/run - /var/tmp tty: true volumes: - ./src:/home/worker/src.orig:ro - /sys/fs/cgroup:/sys/fs/cgroup:ro diff --git a/docker/kolab/Dockerfile b/docker/kolab/Dockerfile index 2d5278ca..898b0525 100644 --- a/docker/kolab/Dockerfile +++ b/docker/kolab/Dockerfile @@ -1,80 +1,80 @@ FROM centos:7 LABEL maintainer="contact@kolabsystems.com" LABEL dist=centos7 LABEL tier=${TIER} ENV container docker ENV SYSTEMD_PAGER='' ENV DISTRO=centos7 ENV LANG=en_US.utf8 ENV LC_ALL=en_US.utf8 RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ rm -f /lib/systemd/system/multi-user.target.wants/*; \ rm -f /etc/systemd/system/*.wants/*; \ rm -f /lib/systemd/system/local-fs.target.wants/*; \ rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ rm -f /lib/systemd/system/basic.target.wants/*; \ rm -f /lib/systemd/system/anaconda.target.wants/*; # To speed things up, disable fastestmirror. RUN sed -r -i \ -e 's/^enabled.*$/enabled = 0/g' \ /etc/yum/pluginconf.d/fastestmirror.conf # Avoid using a mirrorlist (use a transparent proxy and cache everything instead). RUN sed -r -i \ -e 's/^mirrorlist/#mirrorlist/g' \ -e 's/^#baseurl/baseurl/g' \ /etc/yum.repos.d/*.repo RUN sed -i -e '/tsflags=nodocs/d' /etc/yum.conf # Add EPEL. RUN yum -y install \ epel-release && \ yum clean all # Add the EPEL key. RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 RUN rpm --import https://mirror.kolabenterprise.com/maipo.asc RUN yum -y install https://mirror.kolabenterprise.com/kolab-16-for-el7.rpm && \ yum -y install kolab-16-release-development && \ yum clean all RUN yum -y --setopt tsflags= install kolab COPY kolab-init.service /etc/systemd/system/kolab-init.service COPY kolab-setenv.service /etc/systemd/system/kolab-setenv.service COPY kolab-vlv.service /etc/systemd/system/kolab-vlv.service COPY utils /root/utils RUN rm -rf /etc/systemd/system/multi-user.target.wants/{avahi-daemon,sshd}.* && \ ln -s /etc/systemd/system/kolab-init.service \ /etc/systemd/system/multi-user.target.wants/kolab-init.service && \ ln -s /etc/systemd/system/kolab-setenv.service \ /etc/systemd/system/multi-user.target.wants/kolab-setenv.service && \ ln -s /etc/systemd/system/kolab-vlv.service \ /etc/systemd/system/multi-user.target.wants/kolab-vlv.service RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || : RUN sed -i -r -e 's/^Listen 80$/Listen 9080/g' /etc/httpd/conf/httpd.conf #RUN sed -i -r -e 's/^Listen 443$/Listen 9443/g' /etc/httpd/conf/httpd.conf COPY kolab-init.sh /usr/local/sbin/ RUN chmod 750 /usr/local/sbin/kolab-init.sh COPY kolab-vlv.sh /usr/local/sbin/ RUN chmod 750 /usr/local/sbin/kolab-vlv.sh VOLUME [ "/sys/fs/cgroup" ] WORKDIR /root/ CMD ["/lib/systemd/systemd"] -EXPOSE 21/tcp 22/tcp 25/tcp 53/tcp 53/udp 80/tcp 110/tcp 143/tcp 389/tcp 443/tcp 465/tcp 587/tcp 993/tcp 995/tcp 5353/udp 8880/tcp 8443/tcp 8447/tcp +EXPOSE 21/tcp 22/tcp 25/tcp 53/tcp 53/udp 80/tcp 110/tcp 389/tcp 443/tcp 995/tcp 5353/udp 8880/tcp 8443/tcp 8447/tcp 10143/tcp 10465/tcp 10587/tcp 11143/tcp 11993/tcp diff --git a/docker/kolab/kolab-init.sh b/docker/kolab/kolab-init.sh index d3dac5c8..8119adf7 100755 --- a/docker/kolab/kolab-init.sh +++ b/docker/kolab/kolab-init.sh @@ -1,33 +1,34 @@ #!/bin/bash if [ -d "/etc/dirsrv/slapd-kolab/" ]; then exit 0 fi cp -av /bin/true /usr/sbin/ds_systemd_ask_password_acl pushd /root/utils/ ./01-reverse-etc-hosts.sh && echo "01 done" ./02-write-my.cnf.sh && echo "02 done" ./03-setup-kolab.sh && echo "03 done" ./04-reset-mysql-kolab-password.sh && echo "04 done" ./05-replace-localhost.sh && echo "05 done" ./06-mysql-for-kolabdev.sh && echo "06 done" ./07-adjust-base-dns.sh && echo "07 done" ./08-disable-amavisd.sh && echo "08 done" ./09-enable-debugging.sh && echo "09 done" +./10-change-port-numbers.sh && echo "10 done" ./10-reset-kolab-service-password.sh && echo "10 done" ./11-reset-cyrus-admin-password.sh && echo "11 done" ./12-create-hosted-kolab-service.sh && echo "12 done" ./13-create-ou-domains.sh && echo "13 done" ./14-create-management-domain.sh && echo "14 done" ./15-create-hosted-domain.sh && echo "15 done" ./16-remove-cn-kolab-cn-config.sh && echo "16 done" ./17-remove-hosted-service-access-from-mgmt-domain.sh && echo "17 done" ./18-adjust-kolab-conf.sh && echo "18 done" ./19-turn-on-vlv-in-roundcube.sh && echo "19 done" ./20-add-alias-attribute-index.sh && echo "20 done" ./21-adjust-postfix-config.sh && echo "21 done" touch /tmp/kolab-init.done diff --git a/docker/kolab/utils/10-change-port-numbers.sh b/docker/kolab/utils/10-change-port-numbers.sh new file mode 100755 index 00000000..7646d5a2 --- /dev/null +++ b/docker/kolab/utils/10-change-port-numbers.sh @@ -0,0 +1,143 @@ +#!/bin/bash + +sed -i -r \ + -e '/allowplaintext/ a\ +guam_allowplaintext: yes' \ + -e '/allowplaintext/ a\ +nginx_allowplaintext: yes' \ + /etc/imapd.conf + +sed -i \ + -e '/SERVICES/ a\ + nginx cmd="imapd" listen=127.0.0.1:12143 prefork=1' \ + -e '/SERVICES/ a\ + guam cmd="imapd" listen=127.0.0.1:13143 prefork=1' \ + -e '/SERVICES/ a\ + imap cmd="imapd" listen=127.0.0.1:11143 prefork=1' \ + -e 's/listen="127.0.0.1:9993"/listen=127.0.0.1:11993/g' \ + /etc/cyrus.conf + +systemctl restart cyrus-imapd + +sed -i -e '/submission/,10d' /etc/postfix/master.cf + +cat >> /etc/postfix/master.cf << EOF +127.0.0.1:10587 inet n - n - - smtpd + -o cleanup_service_name=cleanup_submission + -o syslog_name=postfix/submission + #-o smtpd_tls_security_level=encrypt + -o smtpd_sasl_auth_enable=yes + -o smtpd_sasl_authenticated_header=yes + -o smtpd_client_restrictions=permit_sasl_authenticated,reject + -o smtpd_data_restrictions=\$submission_data_restrictions + -o smtpd_recipient_restrictions=\$submission_recipient_restrictions + -o smtpd_sender_restrictions=\$submission_sender_restrictions + +127.0.0.1:10465 inet n - n - - smtpd + -o cleanup_service_name=cleanup_submission + -o rewrite_service_name=rewrite_submission + -o syslog_name=postfix/smtps + -o mydestination= + -o local_recipient_maps= + -o relay_domains= + -o relay_recipient_maps= + #-o smtpd_tls_wrappermode=yes + -o smtpd_sasl_auth_enable=yes + -o smtpd_sasl_authenticated_header=yes + -o smtpd_client_restrictions=permit_sasl_authenticated,reject + -o smtpd_sender_restrictions=\$submission_sender_restrictions + -o smtpd_recipient_restrictions=\$submission_recipient_restrictions + -o smtpd_data_restrictions=\$submission_data_restrictions +EOF + +systemctl restart postfix + +cat > /etc/guam/sys.config << EOF +%% Example configuration for Guam. +[ + { + kolab_guam, [ + { + imap_servers, [ + { + imap, [ + { host, "127.0.0.1" }, + { port, 13143 }, + { tls, no } + ] + }, + { + imaps, [ + { host, "127.0.0.1" }, + { port, 11993 }, + { tls, true } + ] + } + ] + }, + { + listeners, [ + { + imap, [ + { port, 9143 }, + { imap_server, imap }, + { + rules, [ + { filter_groupware, [] } + ] + }, + { + tls_config, [ + { certfile, "/etc/pki/cyrus-imapd/cyrus-imapd.pem" } + ] + } + ] + }, + { + imaps, [ + { port, 9993 }, + { implicit_tls, true }, + { imap_server, imaps }, + { + rules, [ + { filter_groupware, [] } + ] + }, + { + tls_config, [ + { certfile, "/etc/pki/cyrus-imapd/cyrus-imapd.pem" } + ] + } + ] + } + ] + } + ] + }, + + { + lager, [ + { + handlers, [ + { lager_console_backend, warning }, + { lager_file_backend, [ { file, "log/error.log"}, { level, error } ] }, + { lager_file_backend, [ { file, "log/console.log"}, { level, info } ] } + ] + } + ] + }, + + %% SASL config + { + sasl, [ + { sasl_error_logger, { file, "log/sasl-error.log" } }, + { errlog_type, error }, + { error_logger_mf_dir, "log/sasl" }, % Log directory + { error_logger_mf_maxbytes, 10485760 }, % 10 MB max file size + { error_logger_mf_maxfiles, 5 } % 5 files max + ] + } +]. +EOF + +systemctl restart guam diff --git a/docker/kolab/utils/18-adjust-kolab-conf.sh b/docker/kolab/utils/18-adjust-kolab-conf.sh index ce29f5cc..8a1c9115 100755 --- a/docker/kolab/utils/18-adjust-kolab-conf.sh +++ b/docker/kolab/utils/18-adjust-kolab-conf.sh @@ -1,23 +1,24 @@ #!/bin/bash . ./settings.sh sed -r -i \ -e "s/^domain_base_dn.*$/domain_base_dn = ${domain_base_dn}/g" \ -e '/^primary_mail/ a\ daemon_rcpt_policy = False' \ -e '/^primary_mail/d' \ -e '/secondary_mail/,+10d' \ -e '/autocreate_folders/,+77d' \ -e "/^\[kolab_wap\]/ a\ mgmt_root_dn = ${rootdn}" \ -e "/^\[kolab_wap\]/ a\ hosted_root_dn = ${hosted_root_dn}" \ -e "/^\[kolab_wap\]/ a\ api_url = http://127.0.0.1/kolab-webadmin/api" \ -e 's/^auth_attributes.*$/auth_attributes = mail, uid/g' \ + -e 's|^uri = imaps.*$|uri = imaps://127.0.0.1:11993|g' \ /etc/kolab/kolab.conf service kolabd restart service kolab-saslauthd restart diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile new file mode 100644 index 00000000..55f55686 --- /dev/null +++ b/docker/nginx/Dockerfile @@ -0,0 +1,54 @@ +FROM fedora:31 + +MAINTAINER Jeroen van Meeuwen + +ENV container docker +ENV SYSTEMD_PAGER='' + +ARG NGINX_AUTH_WEBHOOK + +RUN dnf -y install \ + --setopt 'tsflags=nodocs' \ + bash-completion \ + bind-utils \ + certbot \ + curl \ + dhcp-client \ + git \ + iproute \ + iptraf-ng \ + iputils \ + less \ + lsof \ + mtr \ + net-tools \ + NetworkManager \ + NetworkManager-tui \ + network-scripts \ + nginx \ + nginx-mod-mail \ + nmap-ncat \ + openssh-clients \ + openssh-server \ + procps-ng \ + python3-certbot-nginx \ + strace \ + systemd-udev \ + tcpdump \ + telnet \ + traceroute \ + vim-enhanced \ + wget && \ + dnf clean all + +RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || : + +COPY nginx.conf /etc/nginx/nginx.conf +RUN sed -i -r -e "s|^.*auth_http.*$| auth_http $NGINX_AUTH_WEBHOOK;|g" /etc/nginx/nginx.conf + +RUN systemctl enable nginx + +CMD ["/lib/systemd/systemd", "--system"] +ENTRYPOINT "/lib/systemd/systemd" + +EXPOSE 110/tcp 143/tcp 993/tcp 995/tcp diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf new file mode 100644 index 00000000..ca6d7a9d --- /dev/null +++ b/docker/nginx/nginx.conf @@ -0,0 +1,72 @@ +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log debug; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +mail { + server_name imap.hosted.com; + auth_http 127.0.0.1:8000/api/webhooks/nginx; + + proxy_pass_error_message on; + + server { + listen 143; + protocol imap; + + proxy on; + starttls on; + + ssl_certificate /etc/pki/tls/certs/imap.hosted.com.cert; + ssl_certificate_key /etc/pki/tls/private/imap.hosted.com.key; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + } + + server { + listen 465 ssl; + protocol smtp; + + proxy on; + + ssl_certificate /etc/pki/tls/certs/imap.hosted.com.cert; + ssl_certificate_key /etc/pki/tls/private/imap.hosted.com.key; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + } + + server { + listen 587; + protocol smtp; + + proxy on; + starttls on; + + ssl_certificate /etc/pki/tls/certs/imap.hosted.com.cert; + ssl_certificate_key /etc/pki/tls/private/imap.hosted.com.key; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + } + + server { + listen 993 ssl; + protocol imap; + + proxy on; + + ssl_certificate /etc/pki/tls/certs/imap.hosted.com.cert; + ssl_certificate_key /etc/pki/tls/private/imap.hosted.com.key; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + } +} diff --git a/src/.env.example b/src/.env.example index 4e98b688..b084509e 100644 --- a/src/.env.example +++ b/src/.env.example @@ -1,162 +1,162 @@ APP_NAME=Kolab APP_ENV=local APP_KEY= APP_DEBUG=true APP_URL=http://127.0.0.1:8000 #APP_PASSPHRASE= APP_PUBLIC_URL= APP_DOMAIN=kolabnow.com APP_THEME=default APP_TENANT_ID=5 APP_LOCALE=en APP_LOCALES=en,de APP_WITH_ADMIN=1 APP_WITH_RESELLER=1 APP_WITH_SERVICES=1 ASSET_URL=http://127.0.0.1:8000 WEBMAIL_URL=/apps SUPPORT_URL=/support SUPPORT_EMAIL= LOG_CHANNEL=stack LOG_SLOW_REQUESTS=5 DB_CONNECTION=mysql DB_DATABASE=kolabdev DB_HOST=127.0.0.1 DB_PASSWORD=kolab DB_PORT=3306 DB_USERNAME=kolabdev BROADCAST_DRIVER=redis CACHE_DRIVER=redis QUEUE_CONNECTION=redis SESSION_DRIVER=file SESSION_LIFETIME=120 OPENEXCHANGERATES_API_KEY="from openexchangerates.org" MFA_DSN=mysql://roundcube:Welcome2KolabSystems@127.0.0.1/roundcube MFA_TOTP_DIGITS=6 MFA_TOTP_INTERVAL=30 MFA_TOTP_DIGEST=sha1 -IMAP_URI=ssl://127.0.0.1:993 +IMAP_URI=ssl://127.0.0.1:11993 IMAP_ADMIN_LOGIN=cyrus-admin IMAP_ADMIN_PASSWORD=Welcome2KolabSystems IMAP_VERIFY_HOST=false IMAP_VERIFY_PEER=false LDAP_BASE_DN="dc=mgmt,dc=com" LDAP_DOMAIN_BASE_DN="ou=Domains,dc=mgmt,dc=com" LDAP_HOSTS=127.0.0.1 LDAP_PORT=389 LDAP_SERVICE_BIND_DN="uid=kolab-service,ou=Special Users,dc=mgmt,dc=com" LDAP_SERVICE_BIND_PW="Welcome2KolabSystems" LDAP_USE_SSL=false LDAP_USE_TLS=false # Administrative LDAP_ADMIN_BIND_DN="cn=Directory Manager" LDAP_ADMIN_BIND_PW="Welcome2KolabSystems" LDAP_ADMIN_ROOT_DN="dc=mgmt,dc=com" # Hosted (public registration) LDAP_HOSTED_BIND_DN="uid=hosted-kolab-service,ou=Special Users,dc=mgmt,dc=com" LDAP_HOSTED_BIND_PW="Welcome2KolabSystems" LDAP_HOSTED_ROOT_DN="dc=hosted,dc=com" OPENVIDU_API_PASSWORD=MY_SECRET OPENVIDU_API_URL=http://localhost:8080/api/ OPENVIDU_API_USERNAME=OPENVIDUAPP OPENVIDU_API_VERIFY_TLS=true OPENVIDU_COTURN_IP=127.0.0.1 OPENVIDU_COTURN_REDIS_DATABASE=2 OPENVIDU_COTURN_REDIS_IP=127.0.0.1 OPENVIDU_COTURN_REDIS_PASSWORD=turn # Used as COTURN_IP, TURN_PUBLIC_IP, for KMS_TURN_URL OPENVIDU_PUBLIC_IP=127.0.0.1 OPENVIDU_PUBLIC_PORT=3478 OPENVIDU_SERVER_PORT=8080 OPENVIDU_WEBHOOK=true OPENVIDU_WEBHOOK_ENDPOINT=http://127.0.0.1:8000/webhooks/meet/openvidu # "CDR" events, see https://docs.openvidu.io/en/2.13.0/reference-docs/openvidu-server-cdr/ #OPENVIDU_WEBHOOK_EVENTS=[sessionCreated,sessionDestroyed,participantJoined,participantLeft,webrtcConnectionCreated,webrtcConnectionDestroyed,recordingStatusChanged,filterEventDispatched,mediaNodeStatusChanged] #OPENVIDU_WEBHOOK_HEADERS=[\"Authorization:\ Basic\ SOMETHING\"] PGP_ENABLED= PGP_BINARY= PGP_AGENT= PGP_GPGCONF= PGP_LENGTH= REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null REDIS_PORT=6379 SWOOLE_HOT_RELOAD_ENABLE=true SWOOLE_HTTP_ACCESS_LOG=true SWOOLE_HTTP_HOST=127.0.0.1 SWOOLE_HTTP_PORT=8000 SWOOLE_HTTP_REACTOR_NUM=1 SWOOLE_HTTP_WEBSOCKET=true SWOOLE_HTTP_WORKER_NUM=1 SWOOLE_OB_OUTPUT=true PAYMENT_PROVIDER= MOLLIE_KEY= STRIPE_KEY= STRIPE_PUBLIC_KEY= STRIPE_WEBHOOK_SECRET= MAIL_DRIVER=smtp MAIL_HOST=smtp.mailtrap.io MAIL_PORT=2525 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null MAIL_FROM_ADDRESS="noreply@example.com" MAIL_FROM_NAME="Example.com" MAIL_REPLYTO_ADDRESS="replyto@example.com" MAIL_REPLYTO_NAME=null DNS_TTL=3600 DNS_SPF="v=spf1 mx -all" DNS_STATIC="%s. MX 10 ext-mx01.mykolab.com." DNS_COPY_FROM=null AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= AWS_DEFAULT_REGION=us-east-1 AWS_BUCKET= PUSHER_APP_ID= PUSHER_APP_KEY= PUSHER_APP_SECRET= PUSHER_APP_CLUSTER=mt1 MIX_ASSET_PATH='/' MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}" MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}" JWT_SECRET= JWT_TTL=60 COMPANY_NAME= COMPANY_ADDRESS= COMPANY_DETAILS= COMPANY_EMAIL= COMPANY_LOGO= COMPANY_FOOTER= VAT_COUNTRIES=CH,LI VAT_RATE=7.7 KB_ACCOUNT_DELETE= KB_ACCOUNT_SUSPENDED=