Kopano Docker

hkaiser

Hi All,

Wanted to test the K’opano_core docker image at DockerHub. So i downloaded the image and after starting it I get the error “Unable to setup ssl context: Can’t read CA PEM file”. So for fast testing i only want to deactivate ssl. How can i do this in this docker image? Thanks for your help.

with best regards
HK

fbartels

Hi @hkaiser,

seeing the image name I guess you are referring to https://hub.docker.com/r/kopano/kopano_core/ ?

These images are just uploaded to this account for convenience and not meant for actual use. The images have been built while trying out https://github.com/zokradonh/kopano-docker. In that github repo you will also find more instructions on using these images.

PS: for “fast testing” the univention app appliances available from https://www.univention.com/products/univention-app-center/app-catalog/kopano-core/ are also quite good.

hkaiser

HI @fbartels,

Thanks very much for your answer. In the moment we are using univention, but we are not satisfied. So I would like to use a own docker image and having the possibility to install other docker images also without appcenter. So you have at github your own repository, which contains a kopano docker image building script. Sadly if i start build.sh, it asks for /common/common.sh which seams not to be present.

But could this image been used if /common/common.sh would be present? Thanks in advance.

with best regrads,
HK

hkaiser

If someone want to build this docker images with CentOS 7, please update git.

sudo yum install https://centos7.iuscommunity.org/ius-release.rpm

sudo yum swap git git2u

docker build https://github.com/zokradonh/kopano-docker.git#:core

fbartels

@hkaiser said in Kopano Docker:

we are using univention, but we are not satisfied

My first question then would be: what you are missing in the Univention integration?

The integration takes care of automatic configuration of all Kopano applications and even though we do not update the app with each Kopano release there is an easy way to enable access to our package repositories from within the apps settings.

@hkaiser said in Kopano Docker:

Sadly if i start build.sh, it asks for /common/common.sh which seams not to be present.

I recently did some reorg to introduce a Makefile in the repo, during this the script in question was renamed and moved to a different location. I pushed a commit to fix the build.sh script this morning.

@hkaiser said in Kopano Docker:

other docker images also without appcenter

you can also still do that on Univention. I’m doing it like this to have Bitwarden running on Univention.

hkaiser

HI @fbartels,

There is no problem with Kopano in Univention! We lost a lot of apps since we started with Univention.(No system updates with Kivitendo, Odoo, Now Kix 2017) So I’am thinking about another approach, only webmin and docker.

Now I can build the docker images.Thanks a lot.

with best regards
HK

fbartels

As far as I could see with the docker files in that repo they are really targeted to be used with docker-compose. I’ve started to rework the example docker-compose at https://github.com/fbartels/kopano-docker/tree/compose, but am not finished with that yet.

If you have other changes or suggestions prs are welcome.

ngulden

Hello @hkaiser,

sad to hear about the disappointing experiences around Univention App Center. Let me give some insight on the reasons:

• Kivitendo: It was the vendor’s decision to cease the maintenance of the app.
• Odoo: The maintainer stopped to provide updates. Odoo is still on our list to bring it back to the App Center, because there is interest for the app.
• KIX 2017: It is still available on UCS 4.2 and the vendor is working on an update for UCS 4.3.

Since the App Center exists, there have been some app providers that decided to stop development. In many cases the reason was missing user interest and revenue. Customers did not obtain a subscription something similar.

From your posting I assume there is interest in KIX 2017 on UCS 4.3. I suggest to let the vendor know about your need and contact them.

Best regards,
Nico Gulden
Product Manager Apps, Univention

hkaiser

Hi @nguiden,

To say the truth, I understand your problem, but Univention must also understand that business continuity is the most important thing!

Hi @fbartels,

So the buidl process rans smoothly. When I start the docker container i get the following errors:

kopano_mta | Error: Unless using LDAP, you need at least 1 email account to start the server.
kopano_mta | Error: Please fix your configuration. Exiting…

Oct 24 22:04:48 Configure core service ‘dagent’
kopano_search | import kopano_search
kopano_search | File “/usr/lib/python2.7/dist-packages/kopano_search/init.py”, line 24, in <module>
kopano_search | import kopano
kopano_search | ImportError: No module named kopano

kopano_gateway | [crit ] Config error: Unknown option “pop3_enable” found!
kopano_gateway | [crit ] Config error: Unknown option “imaps_enable” found!
kopano_gateway | [crit ] Config error: Unknown option “imap_enable” found!
kopano_gateway | /usr/sbin/kopano-gateway: Startup failed: call failed (80004005). Please check the logfile (-) for details.

kopano_gateway exited with code 1
kopano_search exited with code 1

Please be aware that I tried to disable everything want was possible in the compose process. Here the docker-compose.yml:

version: ‘3’

services:

kserver:
image: zokradonh/kopano_core
hostname: kserver
container_name: kopano_server
links:
- db
depends_on:
- “kssl”
environment:
- SERVICE_TO_START=server
- TZ=Europe/Berlin
- KCCONF_SERVER_COREDUMP_ENABLED=no
- KCCONF_SERVER_LOG_LEVEL=4
- KCCONF_SERVER_MYSQL_HOST=db
- KCCONF_SERVER_MYSQL_PORT=3306
- KCCONF_SERVER_MYSQL_DATABASE=kopano
- KCCONF_SERVER_MYSQL_USER=root
- KCCONF_SERVER_MYSQL_PASSWORD=mypassword
- KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
- KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
- KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
- KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=system@mydomain.com
- KCCONF_SERVER_DISABLED_FEATURES=pop3
- KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/
- KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport #change here
- KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER #change here
- KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld #change here
- KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
- KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
networks:
- kopanonet
volumes:
- data:/kopano/data
- sslcerts:/kopano/ssl

kdagent:
image: zokradonh/kopano_core
container_name: kopano_dagent
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=dagent
- TZ=Europe/Berlin
- KCCONF_DAGENT_LOG_LEVEL=6
- KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/
- KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
networks:
- kopanonet

kgateway:
image: zokradonh/kopano_core
container_name: kopano_gateway
links:
- kserver
volumes:
- ./gatewaycerts/:/kopano/certs/
environment:
- SERVICE_TO_START=gateway
- TZ=Europe/Berlin
- KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
- KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs//server.key # change here
- KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/server.pem # change here
networks:
- kopanonet

kical:
image: zokradonh/kopano_core
container_name: kopano_ical
links:
- kserver
environment:
- SERVICE_TO_START=ical
- TZ=Europe/Berlin
- KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
networks:
- kopanonet

kmonitor:
image: zokradonh/kopano_core
container_name: kopano_monitor
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=monitor
- TZ=Europe/Berlin
- KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/
- KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem
networks:
- kopanonet

ksearch:
image: zokradonh/kopano_core
container_name: kopano_search
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=search
- TZ=Europe/Berlin
- KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380
- KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/
- KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem
networks:
- kopanonet

kspooler:
image: zokradonh/kopano_core
container_name: kopano_spooler
links:
- kserver
volumes:
- sslcerts:/kopano/ssl
environment:
- SERVICE_TO_START=spooler
- TZ=Europe/Berlin
- KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/
- KCCONF_SPOOLER_LOG_LEVEL=4
- KCCONF_SPOOLER_SMTP_SERVER=kmta
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
networks:
- kopanonet

kwebapp:
image: zokradonh/kopano_webapp
hostname: kwebapp
container_name: kopano_webapp
links:
- kserver
ports:
- “8236:80”
- “8237:443”
volumes:
- syncstates:/var/lib/z-push/
- sslcerts:/kopano/ssl
environment:
- TZ=Europe/Berlin
- KCCONF_SERVERHOSTNAME=kserver
- KCCONF_SERVERPORT=237
networks:
- web
- kopanonet

kssl:
image: zokradonh/kopano_ssl
container_name: kopano_ssl
volumes:
- sslcerts:/kopano/ssl

kmta:
image: tvial/docker-mailserver:latest
hostname: sems
domainname: mydomain.com
dns: 192.168.0.191
container_name: kopano_mta
#links:
# - adtunnel
ports:
- “25:25”
#- “143:143”
- “587:587”
# - “993:993”
volumes:
- tmpmaildata:/var/mail
- tmpmailstate:/var/mail-state
- ./mtaconfig/:/tmp/docker-mailserver/ # create this dir
environment:
- TZ=Europe/Berlin
- ENABLE_SPAMASSASSIN=0
- ENABLE_CLAMAV=0
- ENABLE_FAIL2BAN=0
- ENABLE_POSTGREY=0
- TLS_LEVEL=intermediate
- POSTGREY_DELAY=10
- ONE_DIR=1
- DMS_DEBUG=0
- ENABLE_LDAP=0
- LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here
- LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
- LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here
- LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s)))
- LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
- LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
- LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=@%s)(otherMailbox=@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group)))
- ENABLE_SASLAUTHD=0
- SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here
- SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
- SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER #change here
- SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
- SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
- SASLAUTHD_MECHANISMS=ldap
- POSTMASTER_ADDRESS=postmaster@domain.tld #change here
- SMTP_ONLY=0
- PERMIT_DOCKER=network
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
- POSTFIX_DAGENT=lmtp:kdagent:2003
- REPORT_RECIPIENT=1
networks:
- kopanonet
cap_add:
- NET_ADMIN
- SYS_PTRACE

db:
image: mariadb
restart: always
container_name: kopano_db
volumes:
- db:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=mypassword
- MYSQL_PASSWORD=mypassword
- MYSQL_DATABASE=kopano
- MYSQL_USER=kopano
networks:
- kopanonet

volumes:
db:
data:
syncstates:
sslcerts:
tmpmaildata:
tmpmailstate:
networks:
web: # this requires an external docker container that is a http reverse proxy (e.g. haproxy)
external:
name: web
kopanonet:
driver: bridge

VERSION:
CORE_VERSION=8.7.80.12_0+11
WEBAPP_VERSION=3.4.24.1909+1060

SMTP_ONLY=1 did not work for me, because amavis always crashed. But this seems to be a Centos problem! LDAP and SASLAUTHD only because of testing

The most important part of my information is why I get a ImportError for a module kopano in the search module and why the option “pop3_enable” is unknown in the gateway module.

thanks in advance

with best regards
HK

hkaiser

This post is deleted!

fbartels

@hkaiser said in Kopano Docker:

kopano_gateway | [crit ] Config error: Unknown option “pop3_enable” found!
kopano_gateway | [crit ] Config error: Unknown option “imaps_enable” found!
kopano_gateway | [crit ] Config error: Unknown option “imap_enable” found!

yes, these options don’t exist in core:master anymore

@hkaiser said in Kopano Docker:

kopano_search | import kopano_search
kopano_search | File “/usr/lib/python2.7/dist-packages/kopano_search/init.py”, line 24, in <module>
kopano_search | import kopano
kopano_search | ImportError: No module named kopano

probably something broken in master. for a production environment you should use our final packages (the build.sh script makes that possible, the makefile currently doesn’t).

hkaiser

Hi @fbartels ,

Thanks a lot everything works only webapp has some problems. Interessting thing is that in univention and in CentOS I have the same problem. If I start webapp trough my browser, I get the following error.

Not Found: PHP mapi extension not found
If you have upgraded Kopano Core, please restart Apache
Kopano WebApp can’t start because of incompatible configuration.
Please correct above errors, a good start is by checking your ‘/etc/php.ini’ file.You can disable this configuration check by editing the file ‘/usr/share/kopano-webapp/config.php’, but this is not recommended.

If i start php through the console i get the follwoing errror:

PHP Warning: PHP Startup: Unable to load dynamic library ‘/usr/lib64/php/modules/mapi.so’ - /usr/lib64/php/modules/mapi.so: undefined symbol: zend_hash_num_elements in Unknown on line 0

My Question is now, do I need mapi.so. I thought this module will only be used for connecting to Outlook?
Thanks in advance, for your help

with best regards
Herbert Kaiser

fbartels

@hkaiser said in Kopano Docker:

My Question is now, do I need mapi.so. I thought this module will only be used for connecting to Outlook?

this is the php module that is required to run WebApp and Z-Push. Yes, you need it if you want to run either of the two.

fbartels

@hkaiser the docker images that you have previously played with have matured quite a bit. running it with our nightly builds works out of the box, when running this with 8.6 some config changes are probably required in the compose file (alternatively you could go for our pre-final repo which should not require any config changes)
Instructions to get the images going is at https://github.com/zokradonh/kopano-docker