Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F2513041
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Flag For Later
Award Token
Size
27 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/bin/quickstart.sh b/bin/quickstart.sh
index 84ce7c0a..c9b24d37 100755
--- a/bin/quickstart.sh
+++ b/bin/quickstart.sh
@@ -1,96 +1,96 @@
#!/bin/bash
set -e
function die() {
echo "$1"
exit 1
}
rpm -qv composer >/dev/null 2>&1 || \
test ! -z "$(which composer 2>/dev/null)" || \
die "Is composer installed?"
rpm -qv docker-compose >/dev/null 2>&1 || \
test ! -z "$(which docker-compose 2>/dev/null)" || \
die "Is docker-compose installed?"
rpm -qv npm >/dev/null 2>&1 || \
test ! -z "$(which npm 2>/dev/null)" || \
die "Is npm installed?"
rpm -qv php >/dev/null 2>&1 || \
test ! -z "$(which php 2>/dev/null)" || \
die "Is php installed?"
rpm -qv php-ldap >/dev/null 2>&1 || \
test ! -z "$(php --ini | grep ldap)" || \
die "Is php-ldap installed?"
rpm -qv php-mysqlnd >/dev/null 2>&1 || \
test ! -z "$(php --ini | grep mysql)" || \
die "Is php-mysqlnd installed?"
test ! -z "$(php --modules | grep swoole)" || \
die "Is swoole installed?"
base_dir=$(dirname $(dirname $0))
docker pull docker.io/kolab/centos7:latest
docker-compose down --remove-orphans
docker-compose build
pushd ${base_dir}/src/
if [ ! -f ".env" ]; then
cp .env.example .env
fi
if [ -f ".env.local" ]; then
# Ensure there's a line ending
echo "" >> .env
cat .env.local >> .env
fi
popd
bin/regen-certs
docker-compose up -d coturn kolab mariadb openvidu kurento-media-server proxy redis
pushd ${base_dir}/src/
rm -rf vendor/ composer.lock
php -dmemory_limit=-1 /bin/composer install
npm install
find bootstrap/cache/ -type f ! -name ".gitignore" -delete
./artisan key:generate
./artisan jwt:secret -f
./artisan clear-compiled
./artisan cache:clear
./artisan horizon:install
if [ ! -z "$(rpm -qv chromium 2>/dev/null)" ]; then
chver=$(rpmquery --queryformat="%{VERSION}" chromium | awk -F'.' '{print $1}')
./artisan dusk:chrome-driver ${chver}
fi
if [ ! -f 'resources/countries.php' ]; then
./artisan data:countries
fi
npm run dev
popd
-docker-compose up -d worker
+docker-compose up -d worker nginx
pushd ${base_dir}/src/
rm -rf database/database.sqlite
./artisan db:ping --wait
php -dmemory_limit=512M ./artisan migrate:refresh --seed
./artisan data:import
./artisan swoole:http stop >/dev/null 2>&1 || :
./artisan swoole:http start
popd
diff --git a/bin/regen-certs b/bin/regen-certs
index ee277724..005a8765 100755
--- a/bin/regen-certs
+++ b/bin/regen-certs
@@ -1,72 +1,72 @@
#!/bin/bash
base_dir=$(dirname $(dirname $0))
cert_dir="${base_dir}/docker/certs/"
if [ ! -d "${cert_dir}" ]; then
mkdir -p ${cert_dir}
fi
if [ ! -f "${cert_dir}/ca.key" ]; then
openssl genrsa -out ${cert_dir}/ca.key 4096
openssl req \
-new \
-x509 \
-nodes \
-days 3650 \
-key ${cert_dir}/ca.key \
-out ${cert_dir}/ca.cert \
-subj '/O=Example CA/'
fi
if [ -f /etc/pki/tls/openssl.cnf ]; then
openssl_cnf="/etc/pki/tls/openssl.cnf"
elif [ -f /etc/ssl/openssl.cnf ]; then
openssl_cnf="/etc/ssl/openssl.cnf"
else
echo "No openssl.cnf"
exit 1
fi
export $(cat ${base_dir}/src/.env | xargs) >/dev/null 2>&1
-for name in kolab.mgmt.com kolab.hosted.com {{admin,meet}.,}${APP_DOMAIN}; do
+for name in kolab.mgmt.com kolab.hosted.com imap.hosted.com {{admin,meet}.,}${APP_DOMAIN}; do
openssl genrsa -out ${cert_dir}/${name}.key 4096
openssl req \
-new \
-key ${cert_dir}/${name}.key \
-out ${cert_dir}/${name}.csr \
-subj "/O=Example CA/CN=${name}/" \
-reqexts SAN \
-config <(cat ${openssl_cnf} \
<(printf "[SAN]\nsubjectAltName=DNS:${name}"))
openssl x509 \
-req \
-in ${cert_dir}/${name}.csr \
-CA ${cert_dir}/ca.cert \
-CAkey ${cert_dir}/ca.key \
-CAcreateserial \
-out ${cert_dir}/${name}.cert \
-days 28 \
-extfile <(cat ${openssl_cnf} \
<(printf "[SAN]\nsubjectAltName=DNS:${name}")) \
-extensions SAN
# 'cause java ...
openssl pkcs8 \
-topk8 \
-inform pem \
-in ${cert_dir}/${name}.key \
-outform pem \
-nocrypt \
-out ${cert_dir}/${name}_p8.key
cat ${cert_dir}/${name}.cert \
${cert_dir}/ca.cert > ${cert_dir}/${name}.chain.pem
chmod 644 ${cert_dir}/*.{cert,key,pem}
done
diff --git a/docker-compose.yml b/docker-compose.yml
index 058d0fcd..04eb9c1b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,154 +1,177 @@
version: '3'
services:
coturn:
container_name: kolab-coturn
environment:
- DB_NAME=${OPENVIDU_COTURN_REDIS_DATABASE}
- DB_PASSWORD=${OPENVIDU_COTURN_REDIS_PASSWORD}
- REDIS_IP=${OPENVIDU_COTURN_REDIS_IP}
- TURN_PUBLIC_IP=${OPENVIDU_COTURN_IP}
- TURN_LISTEN_PORT=3478
hostname: sturn.mgmt.com
image: openvidu/openvidu-coturn:1.0.0
network_mode: host
restart: on-failure
tty: true
kolab:
build:
context: ./docker/kolab/
container_name: kolab
depends_on:
- mariadb
extra_hosts:
- "kolab.mgmt.com:127.0.0.1"
environment:
- DB_HOST=${DB_HOST}
- DB_ROOT_PASSWORD=Welcome2KolabSystems
healthcheck:
interval: 10s
test: test -f /tmp/kolab-init.done
timeout: 5s
retries: 30
hostname: kolab.mgmt.com
image: kolab
network_mode: host
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- /etc/letsencrypt/:/etc/letsencrypt/:ro
- ./docker/certs/ca.cert:/etc/pki/tls/certs/ca.cert:ro
- ./docker/certs/ca.cert:/etc/pki/ca-trust/source/anchors/ca.cert:ro
- ./docker/certs/kolab.hosted.com.cert:/etc/pki/tls/certs/kolab.hosted.com.cert
- ./docker/certs/kolab.hosted.com.key:/etc/pki/tls/certs/kolab.hosted.com.key
- ./docker/certs/kolab.mgmt.com.cert:/etc/pki/tls/certs/kolab.mgmt.com.cert
- ./docker/certs/kolab.mgmt.com.key:/etc/pki/tls/certs/kolab.mgmt.com.key
- ./docker/kolab/utils:/root/utils:ro
- ./src/.env:/.dockerenv:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro
kurento-media-server:
build:
context: ./docker/kurento-media-server/
container_name: kolab-kurento-media-server
environment:
- GST_DEBUG=3,Kurento*:4,kms*:4,sdp*:4,webrtc*:4,*rtpendpoint:4,rtp*handler:4,rtpsynchronizer:4,agnosticbin:4
hostname: kurento-media-server.hosted.com
image: apheleia/kurento-media-server:6.15.0
network_mode: host
mariadb:
container_name: kolab-mariadb
environment:
MYSQL_ROOT_PASSWORD: Welcome2KolabSystems
TZ: "+02:00"
healthcheck:
interval: 10s
test: test -e /var/run/mysqld/mysqld.sock
timeout: 5s
retries: 30
image: mariadb
network_mode: host
openvidu:
build:
context: ./docker/openvidu/
container_name: kolab-openvidu
depends_on:
- kurento-media-server
environment:
- APP_DOMAIN=${APP_DOMAIN}
- CERTIFICATE_TYPE=letsencrypt
- COTURN_IP=${OPENVIDU_COTURN_IP}
- COTURN_REDIS_DBNAME=${OPENVIDU_COTURN_REDIS_DATABASE}
- COTURN_REDIS_PASSWORD=${OPENVIDU_COTURN_REDIS_PASSWORD}
- COTURN_REDIS_IP=${OPENVIDU_COTURN_REDIS_IP}
- DOMAIN_OR_PUBLIC_IP=${OPENVIDU_PUBLIC_IP}
- SERVER_PORT=${OPENVIDU_SERVER_PORT}
- KMS_STUN_IP=${OPENVIDU_COTURN_IP}
- KMS_STUN_PORT=3478
- KMS_URIS=["ws://localhost:8888/kurento", "ws://localhost:8889/kurento"]
- OPENVIDU_SECRET=${OPENVIDU_API_PASSWORD}
- OPENVIDU_WEBHOOK=${OPENVIDU_WEBHOOK}
- OPENVIDU_WEBHOOK_ENDPOINT=${OPENVIDU_WEBHOOK_ENDPOINT}
- SERVER_SSL_ENABLED=false
hostname: openvidu.hosted.com
image: apheleia/openvidu:2.18.0
network_mode: host
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- /etc/letsencrypt/:/etc/letsencrypt/:ro
+ nginx:
+ build:
+ context: ./docker/nginx/
+ args:
+ NGINX_AUTH_WEBHOOK: ${APP_DOMAIN}/api/webhooks/nginx
+ container_name: kolab-nginx
+ depends_on:
+ kolab:
+ condition: service_healthy
+ hostname: nginx.hosted.com
+ image: kolab-nginx
+ network_mode: host
+ tmpfs:
+ - /run
+ - /tmp
+ - /var/run
+ - /var/tmp
+ tty: true
+ volumes:
+ - /etc/letsencrypt/:/etc/letsencrypt/:ro
+ - ./docker/certs/imap.hosted.com.cert:/etc/pki/tls/certs/imap.hosted.com.cert
+ - ./docker/certs/imap.hosted.com.key:/etc/pki/tls/private/imap.hosted.com.key
+ - /sys/fs/cgroup:/sys/fs/cgroup:ro
proxy:
build:
context: ./docker/proxy/
container_name: kolab-proxy
hostname: kanarip.internet-box.ch
image: kolab-proxy
network_mode: host
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- ./docker/certs/:/etc/certs/:ro
- /etc/letsencrypt/:/etc/letsencrypt/:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro
redis:
build:
context: ./docker/redis/
container_name: kolab-redis
hostname: redis
image: redis
network_mode: host
volumes:
- ./docker/redis/redis.conf:/usr/local/etc/redis/redis.conf:ro
swoole:
build:
context: ./docker/swoole/
container_name: kolab-swoole
image: apheleia/swoole:4.6.x
worker:
build:
context: ./docker/worker/
container_name: kolab-worker
depends_on:
- kolab
hostname: worker
image: kolab-worker
network_mode: host
tmpfs:
- /run
- /tmp
- /var/run
- /var/tmp
tty: true
volumes:
- ./src:/home/worker/src.orig:ro
- /sys/fs/cgroup:/sys/fs/cgroup:ro
diff --git a/docker/kolab/Dockerfile b/docker/kolab/Dockerfile
index 2d5278ca..898b0525 100644
--- a/docker/kolab/Dockerfile
+++ b/docker/kolab/Dockerfile
@@ -1,80 +1,80 @@
FROM centos:7
LABEL maintainer="contact@kolabsystems.com"
LABEL dist=centos7
LABEL tier=${TIER}
ENV container docker
ENV SYSTEMD_PAGER=''
ENV DISTRO=centos7
ENV LANG=en_US.utf8
ENV LC_ALL=en_US.utf8
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*; \
rm -f /etc/systemd/system/*.wants/*; \
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*; \
rm -f /lib/systemd/system/anaconda.target.wants/*;
# To speed things up, disable fastestmirror.
RUN sed -r -i \
-e 's/^enabled.*$/enabled = 0/g' \
/etc/yum/pluginconf.d/fastestmirror.conf
# Avoid using a mirrorlist (use a transparent proxy and cache everything instead).
RUN sed -r -i \
-e 's/^mirrorlist/#mirrorlist/g' \
-e 's/^#baseurl/baseurl/g' \
/etc/yum.repos.d/*.repo
RUN sed -i -e '/tsflags=nodocs/d' /etc/yum.conf
# Add EPEL.
RUN yum -y install \
epel-release && \
yum clean all
# Add the EPEL key.
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
RUN rpm --import https://mirror.kolabenterprise.com/maipo.asc
RUN yum -y install https://mirror.kolabenterprise.com/kolab-16-for-el7.rpm && \
yum -y install kolab-16-release-development && \
yum clean all
RUN yum -y --setopt tsflags= install kolab
COPY kolab-init.service /etc/systemd/system/kolab-init.service
COPY kolab-setenv.service /etc/systemd/system/kolab-setenv.service
COPY kolab-vlv.service /etc/systemd/system/kolab-vlv.service
COPY utils /root/utils
RUN rm -rf /etc/systemd/system/multi-user.target.wants/{avahi-daemon,sshd}.* && \
ln -s /etc/systemd/system/kolab-init.service \
/etc/systemd/system/multi-user.target.wants/kolab-init.service && \
ln -s /etc/systemd/system/kolab-setenv.service \
/etc/systemd/system/multi-user.target.wants/kolab-setenv.service && \
ln -s /etc/systemd/system/kolab-vlv.service \
/etc/systemd/system/multi-user.target.wants/kolab-vlv.service
RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || :
RUN sed -i -r -e 's/^Listen 80$/Listen 9080/g' /etc/httpd/conf/httpd.conf
#RUN sed -i -r -e 's/^Listen 443$/Listen 9443/g' /etc/httpd/conf/httpd.conf
COPY kolab-init.sh /usr/local/sbin/
RUN chmod 750 /usr/local/sbin/kolab-init.sh
COPY kolab-vlv.sh /usr/local/sbin/
RUN chmod 750 /usr/local/sbin/kolab-vlv.sh
VOLUME [ "/sys/fs/cgroup" ]
WORKDIR /root/
CMD ["/lib/systemd/systemd"]
-EXPOSE 21/tcp 22/tcp 25/tcp 53/tcp 53/udp 80/tcp 110/tcp 143/tcp 389/tcp 443/tcp 465/tcp 587/tcp 993/tcp 995/tcp 5353/udp 8880/tcp 8443/tcp 8447/tcp
+EXPOSE 21/tcp 22/tcp 25/tcp 53/tcp 53/udp 80/tcp 110/tcp 389/tcp 443/tcp 995/tcp 5353/udp 8880/tcp 8443/tcp 8447/tcp 10143/tcp 10465/tcp 10587/tcp 11143/tcp 11993/tcp
diff --git a/docker/kolab/kolab-init.sh b/docker/kolab/kolab-init.sh
index d3dac5c8..8119adf7 100755
--- a/docker/kolab/kolab-init.sh
+++ b/docker/kolab/kolab-init.sh
@@ -1,33 +1,34 @@
#!/bin/bash
if [ -d "/etc/dirsrv/slapd-kolab/" ]; then
exit 0
fi
cp -av /bin/true /usr/sbin/ds_systemd_ask_password_acl
pushd /root/utils/
./01-reverse-etc-hosts.sh && echo "01 done"
./02-write-my.cnf.sh && echo "02 done"
./03-setup-kolab.sh && echo "03 done"
./04-reset-mysql-kolab-password.sh && echo "04 done"
./05-replace-localhost.sh && echo "05 done"
./06-mysql-for-kolabdev.sh && echo "06 done"
./07-adjust-base-dns.sh && echo "07 done"
./08-disable-amavisd.sh && echo "08 done"
./09-enable-debugging.sh && echo "09 done"
+./10-change-port-numbers.sh && echo "10 done"
./10-reset-kolab-service-password.sh && echo "10 done"
./11-reset-cyrus-admin-password.sh && echo "11 done"
./12-create-hosted-kolab-service.sh && echo "12 done"
./13-create-ou-domains.sh && echo "13 done"
./14-create-management-domain.sh && echo "14 done"
./15-create-hosted-domain.sh && echo "15 done"
./16-remove-cn-kolab-cn-config.sh && echo "16 done"
./17-remove-hosted-service-access-from-mgmt-domain.sh && echo "17 done"
./18-adjust-kolab-conf.sh && echo "18 done"
./19-turn-on-vlv-in-roundcube.sh && echo "19 done"
./20-add-alias-attribute-index.sh && echo "20 done"
./21-adjust-postfix-config.sh && echo "21 done"
touch /tmp/kolab-init.done
diff --git a/docker/kolab/utils/10-change-port-numbers.sh b/docker/kolab/utils/10-change-port-numbers.sh
new file mode 100755
index 00000000..7646d5a2
--- /dev/null
+++ b/docker/kolab/utils/10-change-port-numbers.sh
@@ -0,0 +1,143 @@
+#!/bin/bash
+
+sed -i -r \
+ -e '/allowplaintext/ a\
+guam_allowplaintext: yes' \
+ -e '/allowplaintext/ a\
+nginx_allowplaintext: yes' \
+ /etc/imapd.conf
+
+sed -i \
+ -e '/SERVICES/ a\
+ nginx cmd="imapd" listen=127.0.0.1:12143 prefork=1' \
+ -e '/SERVICES/ a\
+ guam cmd="imapd" listen=127.0.0.1:13143 prefork=1' \
+ -e '/SERVICES/ a\
+ imap cmd="imapd" listen=127.0.0.1:11143 prefork=1' \
+ -e 's/listen="127.0.0.1:9993"/listen=127.0.0.1:11993/g' \
+ /etc/cyrus.conf
+
+systemctl restart cyrus-imapd
+
+sed -i -e '/submission/,10d' /etc/postfix/master.cf
+
+cat >> /etc/postfix/master.cf << EOF
+127.0.0.1:10587 inet n - n - - smtpd
+ -o cleanup_service_name=cleanup_submission
+ -o syslog_name=postfix/submission
+ #-o smtpd_tls_security_level=encrypt
+ -o smtpd_sasl_auth_enable=yes
+ -o smtpd_sasl_authenticated_header=yes
+ -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+ -o smtpd_data_restrictions=\$submission_data_restrictions
+ -o smtpd_recipient_restrictions=\$submission_recipient_restrictions
+ -o smtpd_sender_restrictions=\$submission_sender_restrictions
+
+127.0.0.1:10465 inet n - n - - smtpd
+ -o cleanup_service_name=cleanup_submission
+ -o rewrite_service_name=rewrite_submission
+ -o syslog_name=postfix/smtps
+ -o mydestination=
+ -o local_recipient_maps=
+ -o relay_domains=
+ -o relay_recipient_maps=
+ #-o smtpd_tls_wrappermode=yes
+ -o smtpd_sasl_auth_enable=yes
+ -o smtpd_sasl_authenticated_header=yes
+ -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+ -o smtpd_sender_restrictions=\$submission_sender_restrictions
+ -o smtpd_recipient_restrictions=\$submission_recipient_restrictions
+ -o smtpd_data_restrictions=\$submission_data_restrictions
+EOF
+
+systemctl restart postfix
+
+cat > /etc/guam/sys.config << EOF
+%% Example configuration for Guam.
+[
+ {
+ kolab_guam, [
+ {
+ imap_servers, [
+ {
+ imap, [
+ { host, "127.0.0.1" },
+ { port, 13143 },
+ { tls, no }
+ ]
+ },
+ {
+ imaps, [
+ { host, "127.0.0.1" },
+ { port, 11993 },
+ { tls, true }
+ ]
+ }
+ ]
+ },
+ {
+ listeners, [
+ {
+ imap, [
+ { port, 9143 },
+ { imap_server, imap },
+ {
+ rules, [
+ { filter_groupware, [] }
+ ]
+ },
+ {
+ tls_config, [
+ { certfile, "/etc/pki/cyrus-imapd/cyrus-imapd.pem" }
+ ]
+ }
+ ]
+ },
+ {
+ imaps, [
+ { port, 9993 },
+ { implicit_tls, true },
+ { imap_server, imaps },
+ {
+ rules, [
+ { filter_groupware, [] }
+ ]
+ },
+ {
+ tls_config, [
+ { certfile, "/etc/pki/cyrus-imapd/cyrus-imapd.pem" }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ },
+
+ {
+ lager, [
+ {
+ handlers, [
+ { lager_console_backend, warning },
+ { lager_file_backend, [ { file, "log/error.log"}, { level, error } ] },
+ { lager_file_backend, [ { file, "log/console.log"}, { level, info } ] }
+ ]
+ }
+ ]
+ },
+
+ %% SASL config
+ {
+ sasl, [
+ { sasl_error_logger, { file, "log/sasl-error.log" } },
+ { errlog_type, error },
+ { error_logger_mf_dir, "log/sasl" }, % Log directory
+ { error_logger_mf_maxbytes, 10485760 }, % 10 MB max file size
+ { error_logger_mf_maxfiles, 5 } % 5 files max
+ ]
+ }
+].
+EOF
+
+systemctl restart guam
diff --git a/docker/kolab/utils/18-adjust-kolab-conf.sh b/docker/kolab/utils/18-adjust-kolab-conf.sh
index ce29f5cc..8a1c9115 100755
--- a/docker/kolab/utils/18-adjust-kolab-conf.sh
+++ b/docker/kolab/utils/18-adjust-kolab-conf.sh
@@ -1,23 +1,24 @@
#!/bin/bash
. ./settings.sh
sed -r -i \
-e "s/^domain_base_dn.*$/domain_base_dn = ${domain_base_dn}/g" \
-e '/^primary_mail/ a\
daemon_rcpt_policy = False' \
-e '/^primary_mail/d' \
-e '/secondary_mail/,+10d' \
-e '/autocreate_folders/,+77d' \
-e "/^\[kolab_wap\]/ a\
mgmt_root_dn = ${rootdn}" \
-e "/^\[kolab_wap\]/ a\
hosted_root_dn = ${hosted_root_dn}" \
-e "/^\[kolab_wap\]/ a\
api_url = http://127.0.0.1/kolab-webadmin/api" \
-e 's/^auth_attributes.*$/auth_attributes = mail, uid/g' \
+ -e 's|^uri = imaps.*$|uri = imaps://127.0.0.1:11993|g' \
/etc/kolab/kolab.conf
service kolabd restart
service kolab-saslauthd restart
diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
new file mode 100644
index 00000000..55f55686
--- /dev/null
+++ b/docker/nginx/Dockerfile
@@ -0,0 +1,54 @@
+FROM fedora:31
+
+MAINTAINER Jeroen van Meeuwen <vanmeeuwen@kolabsys.com>
+
+ENV container docker
+ENV SYSTEMD_PAGER=''
+
+ARG NGINX_AUTH_WEBHOOK
+
+RUN dnf -y install \
+ --setopt 'tsflags=nodocs' \
+ bash-completion \
+ bind-utils \
+ certbot \
+ curl \
+ dhcp-client \
+ git \
+ iproute \
+ iptraf-ng \
+ iputils \
+ less \
+ lsof \
+ mtr \
+ net-tools \
+ NetworkManager \
+ NetworkManager-tui \
+ network-scripts \
+ nginx \
+ nginx-mod-mail \
+ nmap-ncat \
+ openssh-clients \
+ openssh-server \
+ procps-ng \
+ python3-certbot-nginx \
+ strace \
+ systemd-udev \
+ tcpdump \
+ telnet \
+ traceroute \
+ vim-enhanced \
+ wget && \
+ dnf clean all
+
+RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || :
+
+COPY nginx.conf /etc/nginx/nginx.conf
+RUN sed -i -r -e "s|^.*auth_http.*$| auth_http $NGINX_AUTH_WEBHOOK;|g" /etc/nginx/nginx.conf
+
+RUN systemctl enable nginx
+
+CMD ["/lib/systemd/systemd", "--system"]
+ENTRYPOINT "/lib/systemd/systemd"
+
+EXPOSE 110/tcp 143/tcp 993/tcp 995/tcp
diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
new file mode 100644
index 00000000..ca6d7a9d
--- /dev/null
+++ b/docker/nginx/nginx.conf
@@ -0,0 +1,72 @@
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log debug;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+ worker_connections 1024;
+}
+
+mail {
+ server_name imap.hosted.com;
+ auth_http 127.0.0.1:8000/api/webhooks/nginx;
+
+ proxy_pass_error_message on;
+
+ server {
+ listen 143;
+ protocol imap;
+
+ proxy on;
+ starttls on;
+
+ ssl_certificate /etc/pki/tls/certs/imap.hosted.com.cert;
+ ssl_certificate_key /etc/pki/tls/private/imap.hosted.com.key;
+
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ }
+
+ server {
+ listen 465 ssl;
+ protocol smtp;
+
+ proxy on;
+
+ ssl_certificate /etc/pki/tls/certs/imap.hosted.com.cert;
+ ssl_certificate_key /etc/pki/tls/private/imap.hosted.com.key;
+
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ }
+
+ server {
+ listen 587;
+ protocol smtp;
+
+ proxy on;
+ starttls on;
+
+ ssl_certificate /etc/pki/tls/certs/imap.hosted.com.cert;
+ ssl_certificate_key /etc/pki/tls/private/imap.hosted.com.key;
+
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ }
+
+ server {
+ listen 993 ssl;
+ protocol imap;
+
+ proxy on;
+
+ ssl_certificate /etc/pki/tls/certs/imap.hosted.com.cert;
+ ssl_certificate_key /etc/pki/tls/private/imap.hosted.com.key;
+
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers HIGH:!aNULL:!MD5;
+ }
+}
diff --git a/src/.env.example b/src/.env.example
index 4e98b688..b084509e 100644
--- a/src/.env.example
+++ b/src/.env.example
@@ -1,162 +1,162 @@
APP_NAME=Kolab
APP_ENV=local
APP_KEY=
APP_DEBUG=true
APP_URL=http://127.0.0.1:8000
#APP_PASSPHRASE=
APP_PUBLIC_URL=
APP_DOMAIN=kolabnow.com
APP_THEME=default
APP_TENANT_ID=5
APP_LOCALE=en
APP_LOCALES=en,de
APP_WITH_ADMIN=1
APP_WITH_RESELLER=1
APP_WITH_SERVICES=1
ASSET_URL=http://127.0.0.1:8000
WEBMAIL_URL=/apps
SUPPORT_URL=/support
SUPPORT_EMAIL=
LOG_CHANNEL=stack
LOG_SLOW_REQUESTS=5
DB_CONNECTION=mysql
DB_DATABASE=kolabdev
DB_HOST=127.0.0.1
DB_PASSWORD=kolab
DB_PORT=3306
DB_USERNAME=kolabdev
BROADCAST_DRIVER=redis
CACHE_DRIVER=redis
QUEUE_CONNECTION=redis
SESSION_DRIVER=file
SESSION_LIFETIME=120
OPENEXCHANGERATES_API_KEY="from openexchangerates.org"
MFA_DSN=mysql://roundcube:Welcome2KolabSystems@127.0.0.1/roundcube
MFA_TOTP_DIGITS=6
MFA_TOTP_INTERVAL=30
MFA_TOTP_DIGEST=sha1
-IMAP_URI=ssl://127.0.0.1:993
+IMAP_URI=ssl://127.0.0.1:11993
IMAP_ADMIN_LOGIN=cyrus-admin
IMAP_ADMIN_PASSWORD=Welcome2KolabSystems
IMAP_VERIFY_HOST=false
IMAP_VERIFY_PEER=false
LDAP_BASE_DN="dc=mgmt,dc=com"
LDAP_DOMAIN_BASE_DN="ou=Domains,dc=mgmt,dc=com"
LDAP_HOSTS=127.0.0.1
LDAP_PORT=389
LDAP_SERVICE_BIND_DN="uid=kolab-service,ou=Special Users,dc=mgmt,dc=com"
LDAP_SERVICE_BIND_PW="Welcome2KolabSystems"
LDAP_USE_SSL=false
LDAP_USE_TLS=false
# Administrative
LDAP_ADMIN_BIND_DN="cn=Directory Manager"
LDAP_ADMIN_BIND_PW="Welcome2KolabSystems"
LDAP_ADMIN_ROOT_DN="dc=mgmt,dc=com"
# Hosted (public registration)
LDAP_HOSTED_BIND_DN="uid=hosted-kolab-service,ou=Special Users,dc=mgmt,dc=com"
LDAP_HOSTED_BIND_PW="Welcome2KolabSystems"
LDAP_HOSTED_ROOT_DN="dc=hosted,dc=com"
OPENVIDU_API_PASSWORD=MY_SECRET
OPENVIDU_API_URL=http://localhost:8080/api/
OPENVIDU_API_USERNAME=OPENVIDUAPP
OPENVIDU_API_VERIFY_TLS=true
OPENVIDU_COTURN_IP=127.0.0.1
OPENVIDU_COTURN_REDIS_DATABASE=2
OPENVIDU_COTURN_REDIS_IP=127.0.0.1
OPENVIDU_COTURN_REDIS_PASSWORD=turn
# Used as COTURN_IP, TURN_PUBLIC_IP, for KMS_TURN_URL
OPENVIDU_PUBLIC_IP=127.0.0.1
OPENVIDU_PUBLIC_PORT=3478
OPENVIDU_SERVER_PORT=8080
OPENVIDU_WEBHOOK=true
OPENVIDU_WEBHOOK_ENDPOINT=http://127.0.0.1:8000/webhooks/meet/openvidu
# "CDR" events, see https://docs.openvidu.io/en/2.13.0/reference-docs/openvidu-server-cdr/
#OPENVIDU_WEBHOOK_EVENTS=[sessionCreated,sessionDestroyed,participantJoined,participantLeft,webrtcConnectionCreated,webrtcConnectionDestroyed,recordingStatusChanged,filterEventDispatched,mediaNodeStatusChanged]
#OPENVIDU_WEBHOOK_HEADERS=[\"Authorization:\ Basic\ SOMETHING\"]
PGP_ENABLED=
PGP_BINARY=
PGP_AGENT=
PGP_GPGCONF=
PGP_LENGTH=
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379
SWOOLE_HOT_RELOAD_ENABLE=true
SWOOLE_HTTP_ACCESS_LOG=true
SWOOLE_HTTP_HOST=127.0.0.1
SWOOLE_HTTP_PORT=8000
SWOOLE_HTTP_REACTOR_NUM=1
SWOOLE_HTTP_WEBSOCKET=true
SWOOLE_HTTP_WORKER_NUM=1
SWOOLE_OB_OUTPUT=true
PAYMENT_PROVIDER=
MOLLIE_KEY=
STRIPE_KEY=
STRIPE_PUBLIC_KEY=
STRIPE_WEBHOOK_SECRET=
MAIL_DRIVER=smtp
MAIL_HOST=smtp.mailtrap.io
MAIL_PORT=2525
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
MAIL_FROM_ADDRESS="noreply@example.com"
MAIL_FROM_NAME="Example.com"
MAIL_REPLYTO_ADDRESS="replyto@example.com"
MAIL_REPLYTO_NAME=null
DNS_TTL=3600
DNS_SPF="v=spf1 mx -all"
DNS_STATIC="%s. MX 10 ext-mx01.mykolab.com."
DNS_COPY_FROM=null
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=
PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1
MIX_ASSET_PATH='/'
MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
JWT_SECRET=
JWT_TTL=60
COMPANY_NAME=
COMPANY_ADDRESS=
COMPANY_DETAILS=
COMPANY_EMAIL=
COMPANY_LOGO=
COMPANY_FOOTER=
VAT_COUNTRIES=CH,LI
VAT_RATE=7.7
KB_ACCOUNT_DELETE=
KB_ACCOUNT_SUSPENDED=
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Apr 18, 8:24 AM (1 h, 4 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
435648
Default Alt Text
(27 KB)
Attached To
Mode
R2 kolab
Attached
Detach File
Event Timeline
Log In to Comment