Kopano Docker



  • Hi All,

    Wanted to test the K’opano_core docker image at DockerHub. So i downloaded the image and after starting it I get the error “Unable to setup ssl context: Can’t read CA PEM file”. So for fast testing i only want to deactivate ssl. How can i do this in this docker image? Thanks for your help.

    with best regards
    HK


  • Kopano

    Hi @hkaiser,

    seeing the image name I guess you are referring to https://hub.docker.com/r/kopano/kopano_core/ ?

    These images are just uploaded to this account for convenience and not meant for actual use. The images have been built while trying out https://github.com/zokradonh/kopano-docker. In that github repo you will also find more instructions on using these images.

    PS: for “fast testing” the univention app appliances available from https://www.univention.com/products/univention-app-center/app-catalog/kopano-core/ are also quite good.



  • HI @fbartels,

    Thanks very much for your answer. In the moment we are using univention, but we are not satisfied. So I would like to use a own docker image and having the possibility to install other docker images also without appcenter. So you have at github your own repository, which contains a kopano docker image building script. Sadly if i start build.sh, it asks for /common/common.sh which seams not to be present.

    But could this image been used if /common/common.sh would be present? Thanks in advance.

    with best regrads,
    HK



  • If someone want to build this docker images with CentOS 7, please update git.

    sudo yum install https://centos7.iuscommunity.org/ius-release.rpm

    sudo yum swap git git2u

    docker build https://github.com/zokradonh/kopano-docker.git#:core


  • Kopano

    @hkaiser said in Kopano Docker:

    we are using univention, but we are not satisfied

    My first question then would be: what you are missing in the Univention integration?

    The integration takes care of automatic configuration of all Kopano applications and even though we do not update the app with each Kopano release there is an easy way to enable access to our package repositories from within the apps settings.

    @hkaiser said in Kopano Docker:

    Sadly if i start build.sh, it asks for /common/common.sh which seams not to be present.

    I recently did some reorg to introduce a Makefile in the repo, during this the script in question was renamed and moved to a different location. I pushed a commit to fix the build.sh script this morning.

    @hkaiser said in Kopano Docker:

    other docker images also without appcenter

    you can also still do that on Univention. I’m doing it like this to have Bitwarden running on Univention.



  • HI @fbartels,

    There is no problem with Kopano in Univention! We lost a lot of apps since we started with Univention.(No system updates with Kivitendo, Odoo, Now Kix 2017) So I’am thinking about another approach, only webmin and docker.

    Now I can build the docker images.Thanks a lot.

    with best regards
    HK


  • Kopano

    As far as I could see with the docker files in that repo they are really targeted to be used with docker-compose. I’ve started to rework the example docker-compose at https://github.com/fbartels/kopano-docker/tree/compose, but am not finished with that yet.

    If you have other changes or suggestions prs are welcome.



  • Hello @hkaiser,

    sad to hear about the disappointing experiences around Univention App Center. Let me give some insight on the reasons:

    • Kivitendo: It was the vendor’s decision to cease the maintenance of the app.
    • Odoo: The maintainer stopped to provide updates. Odoo is still on our list to bring it back to the App Center, because there is interest for the app.
    • KIX 2017: It is still available on UCS 4.2 and the vendor is working on an update for UCS 4.3.

    Since the App Center exists, there have been some app providers that decided to stop development. In many cases the reason was missing user interest and revenue. Customers did not obtain a subscription something similar.

    From your posting I assume there is interest in KIX 2017 on UCS 4.3. I suggest to let the vendor know about your need and contact them.

    Best regards,
    Nico Gulden
    Product Manager Apps, Univention



  • Hi @nguiden,

    To say the truth, I understand your problem, but Univention must also understand that business continuity is the most important thing!

    Hi @fbartels,

    So the buidl process rans smoothly. When I start the docker container i get the following errors:

    kopano_mta | Error: Unless using LDAP, you need at least 1 email account to start the server.
    kopano_mta | Error: Please fix your configuration. Exiting…

    Oct 24 22:04:48 Configure core service ‘dagent’
    kopano_search | import kopano_search
    kopano_search | File “/usr/lib/python2.7/dist-packages/kopano_search/init.py”, line 24, in <module>
    kopano_search | import kopano
    kopano_search | ImportError: No module named kopano

    kopano_gateway | [crit ] Config error: Unknown option “pop3_enable” found!
    kopano_gateway | [crit ] Config error: Unknown option “imaps_enable” found!
    kopano_gateway | [crit ] Config error: Unknown option “imap_enable” found!
    kopano_gateway | /usr/sbin/kopano-gateway: Startup failed: call failed (80004005). Please check the logfile (-) for details.

    kopano_gateway exited with code 1
    kopano_search exited with code 1

    Please be aware that I tried to disable everything want was possible in the compose process. Here the docker-compose.yml:

    version: ‘3’

    services:

    kserver:
    image: zokradonh/kopano_core
    hostname: kserver
    container_name: kopano_server
    links:
    - db
    depends_on:
    - “kssl”
    environment:
    - SERVICE_TO_START=server
    - TZ=Europe/Berlin
    - KCCONF_SERVER_COREDUMP_ENABLED=no
    - KCCONF_SERVER_LOG_LEVEL=4
    - KCCONF_SERVER_MYSQL_HOST=db
    - KCCONF_SERVER_MYSQL_PORT=3306
    - KCCONF_SERVER_MYSQL_DATABASE=kopano
    - KCCONF_SERVER_MYSQL_USER=root
    - KCCONF_SERVER_MYSQL_PASSWORD=mypassword
    - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
    - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
    - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
    - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=system@mydomain.com
    - KCCONF_SERVER_DISABLED_FEATURES=pop3
    - KCCONF_SERVER_SEARCH_SOCKET=http://ksearch:2380/
    - KCCONF_LDAP_LDAP_URI=ldaps://ldapserver:ldapport #change here
    - KCCONF_LDAP_LDAP_BIND_USER=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
    - KCCONF_LDAP_LDAP_BIND_PASSWD=PASSWORD_OF_STANDARD_USER #change here
    - KCCONF_LDAP_LDAP_SEARCH_BASE=OU=MyUsers,dc=domain,dc=tld #change here
    - KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
    - KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
    networks:
    - kopanonet
    volumes:
    - data:/kopano/data
    - sslcerts:/kopano/ssl

    kdagent:
    image: zokradonh/kopano_core
    container_name: kopano_dagent
    links:
    - kserver
    volumes:
    - sslcerts:/kopano/ssl
    environment:
    - SERVICE_TO_START=dagent
    - TZ=Europe/Berlin
    - KCCONF_DAGENT_LOG_LEVEL=6
    - KCCONF_DAGENT_SERVER_SOCKET=https://kserver:237/
    - KCCONF_DAGENT_SSLKEY_FILE=/kopano/ssl/kdagent.pem
    networks:
    - kopanonet

    kgateway:
    image: zokradonh/kopano_core
    container_name: kopano_gateway
    links:
    - kserver
    volumes:
    - ./gatewaycerts/:/kopano/certs/
    environment:
    - SERVICE_TO_START=gateway
    - TZ=Europe/Berlin
    - KCCONF_GATEWAY_SERVER_SOCKET=http://kserver:236/
    - KCCONF_GATEWAY_SSL_PRIVATE_KEY_FILE=/kopano/certs//server.key # change here
    - KCCONF_GATEWAY_SSL_CERTIFICATE_FILE=/kopano/certs/server.pem # change here
    networks:
    - kopanonet

    kical:
    image: zokradonh/kopano_core
    container_name: kopano_ical
    links:
    - kserver
    environment:
    - SERVICE_TO_START=ical
    - TZ=Europe/Berlin
    - KCCONF_ICAL_SERVER_SOCKET=http://kserver:236/
    networks:
    - kopanonet

    kmonitor:
    image: zokradonh/kopano_core
    container_name: kopano_monitor
    links:
    - kserver
    volumes:
    - sslcerts:/kopano/ssl
    environment:
    - SERVICE_TO_START=monitor
    - TZ=Europe/Berlin
    - KCCONF_MONITOR_SERVER_SOCKET=https://kserver:237/
    - KCCONF_MONITOR_SSLKEY_FILE=/kopano/ssl/kmonitor.pem
    networks:
    - kopanonet

    ksearch:
    image: zokradonh/kopano_core
    container_name: kopano_search
    links:
    - kserver
    volumes:
    - sslcerts:/kopano/ssl
    environment:
    - SERVICE_TO_START=search
    - TZ=Europe/Berlin
    - KCCONF_SEARCH_SERVER_BIND_NAME=http://ksearch:2380
    - KCCONF_SEARCH_SERVER_SOCKET=https://kserver:237/
    - KCCONF_SEARCH_SSLKEY_FILE=/kopano/ssl/ksearch.pem
    networks:
    - kopanonet

    kspooler:
    image: zokradonh/kopano_core
    container_name: kopano_spooler
    links:
    - kserver
    volumes:
    - sslcerts:/kopano/ssl
    environment:
    - SERVICE_TO_START=spooler
    - TZ=Europe/Berlin
    - KCCONF_SPOOLER_SERVER_SOCKET=https://kserver:237/
    - KCCONF_SPOOLER_LOG_LEVEL=4
    - KCCONF_SPOOLER_SMTP_SERVER=kmta
    - KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kspooler.pem
    networks:
    - kopanonet

    kwebapp:
    image: zokradonh/kopano_webapp
    hostname: kwebapp
    container_name: kopano_webapp
    links:
    - kserver
    ports:
    - “8236:80”
    - “8237:443”
    volumes:
    - syncstates:/var/lib/z-push/
    - sslcerts:/kopano/ssl
    environment:
    - TZ=Europe/Berlin
    - KCCONF_SERVERHOSTNAME=kserver
    - KCCONF_SERVERPORT=237
    networks:
    - web
    - kopanonet

    kssl:
    image: zokradonh/kopano_ssl
    container_name: kopano_ssl
    volumes:
    - sslcerts:/kopano/ssl

    kmta:
    image: tvial/docker-mailserver:latest
    hostname: sems
    domainname: mydomain.com
    dns: 192.168.0.191
    container_name: kopano_mta
    #links:
    # - adtunnel
    ports:
    - “25:25”
    #- “143:143”
    - “587:587”
    # - “993:993”
    volumes:
    - tmpmaildata:/var/mail
    - tmpmailstate:/var/mail-state
    - ./mtaconfig/:/tmp/docker-mailserver/ # create this dir
    environment:
    - TZ=Europe/Berlin
    - ENABLE_SPAMASSASSIN=0
    - ENABLE_CLAMAV=0
    - ENABLE_FAIL2BAN=0
    - ENABLE_POSTGREY=0
    - TLS_LEVEL=intermediate
    - POSTGREY_DELAY=10
    - ONE_DIR=1
    - DMS_DEBUG=0
    - ENABLE_LDAP=0
    - LDAP_SERVER_HOST=ldaps://ldapserver:ldapport #change here
    - LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
    - LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
    - LDAP_BIND_PW=PASSWORD_OF_SOME_STANDARD_USER #change here
    - LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s)))
    - LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
    - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
    - LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=@%s)(otherMailbox=@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group)))
    - ENABLE_SASLAUTHD=0
    - SASLAUTHD_LDAP_SERVER=ldaps://ldapserver:ldapport #change here
    - SASLAUTHD_LDAP_BIND_DN=cn=SOME_STANDARD_USER,OU=MyUsers,DC=domain,DC=tld #change here
    - SASLAUTHD_LDAP_PASSWORD=PASSWORD_OF_SOME_STANDARD_USER #change here
    - SASLAUTHD_LDAP_SEARCH_BASE=OU=MyUsers,DC=domain,DC=tld #change here
    - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
    - SASLAUTHD_MECHANISMS=ldap
    - POSTMASTER_ADDRESS=postmaster@domain.tld #change here
    - SMTP_ONLY=0
    - PERMIT_DOCKER=network
    - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
    - POSTFIX_DAGENT=lmtp:kdagent:2003
    - REPORT_RECIPIENT=1
    networks:
    - kopanonet
    cap_add:
    - NET_ADMIN
    - SYS_PTRACE

    db:
    image: mariadb
    restart: always
    container_name: kopano_db
    volumes:
    - db:/var/lib/mysql
    environment:
    - MYSQL_ROOT_PASSWORD=mypassword
    - MYSQL_PASSWORD=mypassword
    - MYSQL_DATABASE=kopano
    - MYSQL_USER=kopano
    networks:
    - kopanonet

    volumes:
    db:
    data:
    syncstates:
    sslcerts:
    tmpmaildata:
    tmpmailstate:
    networks:
    web: # this requires an external docker container that is a http reverse proxy (e.g. haproxy)
    external:
    name: web
    kopanonet:
    driver: bridge

    VERSION:
    CORE_VERSION=8.7.80.12_0+11
    WEBAPP_VERSION=3.4.24.1909+1060

    SMTP_ONLY=1 did not work for me, because amavis always crashed. But this seems to be a Centos problem! LDAP and SASLAUTHD only because of testing

    The most important part of my information is why I get a ImportError for a module kopano in the search module and why the option “pop3_enable” is unknown in the gateway module.

    thanks in advance

    with best regards
    HK



  • This post is deleted!

  • Kopano

    @hkaiser said in Kopano Docker:

    kopano_gateway | [crit ] Config error: Unknown option “pop3_enable” found!
    kopano_gateway | [crit ] Config error: Unknown option “imaps_enable” found!
    kopano_gateway | [crit ] Config error: Unknown option “imap_enable” found!

    yes, these options don’t exist in core:master anymore

    @hkaiser said in Kopano Docker:

    kopano_search | import kopano_search
    kopano_search | File “/usr/lib/python2.7/dist-packages/kopano_search/init.py”, line 24, in <module>
    kopano_search | import kopano
    kopano_search | ImportError: No module named kopano

    probably something broken in master. for a production environment you should use our final packages (the build.sh script makes that possible, the makefile currently doesn’t).



  • Hi @fbartels ,

    Thanks a lot everything works only webapp has some problems. Interessting thing is that in univention and in CentOS I have the same problem. If I start webapp trough my browser, I get the following error.

    Not Found: PHP mapi extension not found
    If you have upgraded Kopano Core, please restart Apache
    Kopano WebApp can’t start because of incompatible configuration.
    Please correct above errors, a good start is by checking your ‘/etc/php.ini’ file.You can disable this configuration check by editing the file ‘/usr/share/kopano-webapp/config.php’, but this is not recommended.

    If i start php through the console i get the follwoing errror:

    PHP Warning: PHP Startup: Unable to load dynamic library ‘/usr/lib64/php/modules/mapi.so’ - /usr/lib64/php/modules/mapi.so: undefined symbol: zend_hash_num_elements in Unknown on line 0

    My Question is now, do I need mapi.so. I thought this module will only be used for connecting to Outlook?
    Thanks in advance, for your help

    with best regards
    Herbert Kaiser


  • Kopano

    @hkaiser said in Kopano Docker:

    My Question is now, do I need mapi.so. I thought this module will only be used for connecting to Outlook?

    this is the php module that is required to run WebApp and Z-Push. Yes, you need it if you want to run either of the two.


  • Kopano

    @hkaiser the docker images that you have previously played with have matured quite a bit. running it with our nightly builds works out of the box, when running this with 8.6 some config changes are probably required in the compose file (alternatively you could go for our pre-final repo which should not require any config changes)
    Instructions to get the images going is at https://github.com/zokradonh/kopano-docker


Log in to reply