├── Dockerfile
├── LICENSE
├── README.md
├── configure_ssl.sh
├── roundcubemailconfig.inc.php
├── start.sh
└── stop.sh
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM centos:centos6
2 | ADD hostname /root/hostname
3 |
4 | RUN mv /etc/localtime /etc/localtime.old; ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
5 | RUN sed -i "/HOSTNAME/c\HOSTNAME=`cat /root/hostname`" /etc/sysconfig/network
6 | RUN localedef -v -c -i en_US -f UTF-8 en_US.UTF-8; $(exit 0)
7 | RUN localedef -v -c -i de_DE -f UTF-8 de_DE.UTF-8; $(exit 0)
8 | ENV LANG de_DE.UTF-8
9 |
10 | RUN yum -y update
11 | RUN yum -y install wget yum-downloadonly
12 | RUN rpm -Uhv http://ftp-stud.hs-esslingen.de/pub/epel/6/i386/epel-release-6-8.noarch.rpm
13 | WORKDIR /etc/yum.repos.d
14 | RUN wget http://obs.kolabsys.com/repositories/Kolab:/3.3/CentOS_6/Kolab:3.3.repo
15 | RUN wget http://obs.kolabsys.com/repositories/Kolab:/3.3:/Updates/CentOS_6/Kolab:3.3:Updates.repo
16 | RUN gpg --keyserver pgp.mit.edu --recv-key 0x446D5A45
17 | RUN gpg --export --armor devel@lists.kolab.org > devel.asc
18 | RUN rpm --import devel.asc
19 | RUN rm devel.asc
20 |
21 | # Also install docfiles as they contain important files for the setup-kolab
22 | # script
23 | RUN sed -i '/excludedocs/d' /etc/rpm/macros.imgcreate
24 | RUN sed -i '/nodocs/d' /etc/yum.conf
25 |
26 | # Install kolab
27 | RUN yum --enablerepo=centosplus install -y kolab
28 |
29 | RUN touch /var/log/kolab/pykolab.log
30 |
31 | # Set hostnames manually, because they are somehow wrong inside the container
32 | RUN sed -i '/$myhostname = '"'host.example.com'"';/c\\\$myhostname = '"'`cat /root/hostname`';" /usr/share/kolab/templates/amavisd.conf.tpl
33 | RUN sed -i -e "/myhostname = host.domain.tld/c\myhostname = `cat /root/hostname`" /etc/postfix/main.cf
34 |
35 | # Install SSL packages
36 | RUN yum -y install openssl mod_ssl
37 |
38 | # Add domain certificates and CA
39 | ADD domain.key /etc/pki/tls/private/domain.key
40 | RUN chmod 600 /etc/pki/tls/private/domain.key
41 | ADD domain.crt /etc/pki/tls/certs/domain.crt
42 | ADD ca.pem /etc/pki/tls/certs/ca.pem
43 |
44 | # Create certificate bundles
45 | RUN cat /etc/pki/tls/certs/domain.crt /etc/pki/tls/private/domain.key /etc/pki/tls/certs/ca.pem > /etc/pki/tls/private/domain.bundle.pem
46 | RUN cat /etc/pki/tls/certs/ca.pem > /etc/pki/tls/certs/domain.ca-chain.pem
47 |
48 | # Set access rights
49 | RUN chown -R root:mail /etc/pki/tls/private
50 | RUN chmod 750 /etc/pki/tls/private
51 | RUN chmod 640 /etc/pki/tls/private/*
52 |
53 | # Add CA to system’s CA bundle
54 | RUN cat /etc/pki/tls/certs/ca.pem >> /etc/pki/tls/certs/ca-bundle.crt
55 |
56 | # Add SSL postconfig files
57 | ADD configure_ssl.sh /root/configure_ssl.sh
58 | ADD roundcubemailconfig.inc.php /root/roundcubemailconfig.inc.php
59 |
60 | # Add start and stop scripts
61 | ADD start.sh /root/start.sh
62 | ADD stop.sh /root/stop.sh
63 |
64 | # Ports: SMTP, IMAP, HTTPS, SUBMISSION, SIEVE
65 | EXPOSE 25 143 443 587 4190
66 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | CC0 1.0 Universal
2 |
3 | Statement of Purpose
4 |
5 | The laws of most jurisdictions throughout the world automatically confer
6 | exclusive Copyright and Related Rights (defined below) upon the creator and
7 | subsequent owner(s) (each and all, an "owner") of an original work of
8 | authorship and/or a database (each, a "Work").
9 |
10 | Certain owners wish to permanently relinquish those rights to a Work for the
11 | purpose of contributing to a commons of creative, cultural and scientific
12 | works ("Commons") that the public can reliably and without fear of later
13 | claims of infringement build upon, modify, incorporate in other works, reuse
14 | and redistribute as freely as possible in any form whatsoever and for any
15 | purposes, including without limitation commercial purposes. These owners may
16 | contribute to the Commons to promote the ideal of a free culture and the
17 | further production of creative, cultural and scientific works, or to gain
18 | reputation or greater distribution for their Work in part through the use and
19 | efforts of others.
20 |
21 | For these and/or other purposes and motivations, and without any expectation
22 | of additional consideration or compensation, the person associating CC0 with a
23 | Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
24 | and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
25 | and publicly distribute the Work under its terms, with knowledge of his or her
26 | Copyright and Related Rights in the Work and the meaning and intended legal
27 | effect of CC0 on those rights.
28 |
29 | 1. Copyright and Related Rights. A Work made available under CC0 may be
30 | protected by copyright and related or neighboring rights ("Copyright and
31 | Related Rights"). Copyright and Related Rights include, but are not limited
32 | to, the following:
33 |
34 | i. the right to reproduce, adapt, distribute, perform, display, communicate,
35 | and translate a Work;
36 |
37 | ii. moral rights retained by the original author(s) and/or performer(s);
38 |
39 | iii. publicity and privacy rights pertaining to a person's image or likeness
40 | depicted in a Work;
41 |
42 | iv. rights protecting against unfair competition in regards to a Work,
43 | subject to the limitations in paragraph 4(a), below;
44 |
45 | v. rights protecting the extraction, dissemination, use and reuse of data in
46 | a Work;
47 |
48 | vi. database rights (such as those arising under Directive 96/9/EC of the
49 | European Parliament and of the Council of 11 March 1996 on the legal
50 | protection of databases, and under any national implementation thereof,
51 | including any amended or successor version of such directive); and
52 |
53 | vii. other similar, equivalent or corresponding rights throughout the world
54 | based on applicable law or treaty, and any national implementations thereof.
55 |
56 | 2. Waiver. To the greatest extent permitted by, but not in contravention of,
57 | applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
58 | unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
59 | and Related Rights and associated claims and causes of action, whether now
60 | known or unknown (including existing as well as future claims and causes of
61 | action), in the Work (i) in all territories worldwide, (ii) for the maximum
62 | duration provided by applicable law or treaty (including future time
63 | extensions), (iii) in any current or future medium and for any number of
64 | copies, and (iv) for any purpose whatsoever, including without limitation
65 | commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
66 | the Waiver for the benefit of each member of the public at large and to the
67 | detriment of Affirmer's heirs and successors, fully intending that such Waiver
68 | shall not be subject to revocation, rescission, cancellation, termination, or
69 | any other legal or equitable action to disrupt the quiet enjoyment of the Work
70 | by the public as contemplated by Affirmer's express Statement of Purpose.
71 |
72 | 3. Public License Fallback. Should any part of the Waiver for any reason be
73 | judged legally invalid or ineffective under applicable law, then the Waiver
74 | shall be preserved to the maximum extent permitted taking into account
75 | Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
76 | is so judged Affirmer hereby grants to each affected person a royalty-free,
77 | non transferable, non sublicensable, non exclusive, irrevocable and
78 | unconditional license to exercise Affirmer's Copyright and Related Rights in
79 | the Work (i) in all territories worldwide, (ii) for the maximum duration
80 | provided by applicable law or treaty (including future time extensions), (iii)
81 | in any current or future medium and for any number of copies, and (iv) for any
82 | purpose whatsoever, including without limitation commercial, advertising or
83 | promotional purposes (the "License"). The License shall be deemed effective as
84 | of the date CC0 was applied by Affirmer to the Work. Should any part of the
85 | License for any reason be judged legally invalid or ineffective under
86 | applicable law, such partial invalidity or ineffectiveness shall not
87 | invalidate the remainder of the License, and in such case Affirmer hereby
88 | affirms that he or she will not (i) exercise any of his or her remaining
89 | Copyright and Related Rights in the Work or (ii) assert any associated claims
90 | and causes of action with respect to the Work, in either case contrary to
91 | Affirmer's express Statement of Purpose.
92 |
93 | 4. Limitations and Disclaimers.
94 |
95 | a. No trademark or patent rights held by Affirmer are waived, abandoned,
96 | surrendered, licensed or otherwise affected by this document.
97 |
98 | b. Affirmer offers the Work as-is and makes no representations or warranties
99 | of any kind concerning the Work, express, implied, statutory or otherwise,
100 | including without limitation warranties of title, merchantability, fitness
101 | for a particular purpose, non infringement, or the absence of latent or
102 | other defects, accuracy, or the present or absence of errors, whether or not
103 | discoverable, all to the greatest extent permissible under applicable law.
104 |
105 | c. Affirmer disclaims responsibility for clearing rights of other persons
106 | that may apply to the Work or any use thereof, including without limitation
107 | any person's Copyright and Related Rights in the Work. Further, Affirmer
108 | disclaims responsibility for obtaining any necessary consents, permissions
109 | or other rights required for any use of the Work.
110 |
111 | d. Affirmer understands and acknowledges that Creative Commons is not a
112 | party to this document and has no duty or obligation with respect to this
113 | CC0 or use of the Work.
114 |
115 | For more information, please see
116 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Install Kolab 3.3 in a Docker container
2 |
3 | This guide shows you how to set up Kolab 3.3 in a Docker container. I use this setup for my family, but it might also work for a small business.
4 |
5 | This guide is partly based on the following guides:
6 |
7 | http://kolab.org/blog/timotheus-pokorra/2014/03/26/building-docker-container-kolab-jiffybox
8 |
9 | http://kolab.org/blog/staffe/2014/06/05/mit-dem-eigenen-vpsroot-server-weg-von-google-centos-6.5-kolab-3.2-owncloud-6
10 |
11 | ## Build the Kolab container
12 |
13 | **For all instructions: Replace host.mydomain.tld with the FQDN of your server**
14 |
15 | Create a file containing your FQDN in the build directory
16 | ```bash
17 | echo host.mydomain.tld > hostname
18 | ```
19 |
20 | Copy your SSL certificates into the build directory and name them as follows:
21 |
22 | `domain.crt` Your signed certificate
23 |
24 | `domain.key` Your private key
25 |
26 | `ca.pem` Certificate of the CA that signed your certificate
27 |
28 |
29 | Before you start the build process you might want to change time zone and locale in the `Dockerfile`, by default they are set to `Europe/Berlin` and `de_DE.UTF-8`.
30 |
31 | Then build the container with (use whatever username you want as you will not upload any of the images created here because they contain your SSL keys):
32 | ```bash
33 | docker build -t dockerusername/kolab:v1 .
34 | ```
35 |
36 | ## Set up the Kolab server
37 | Create the container and attach:
38 | ```bash
39 | docker run --name kolab -p 25:25 -p 143:143 -p 443:443 -p 587:587 -p 4190:4190 -h host.mydomain.tld -d -t -i dockerusername/kolab:v1 /bin/bash
40 | docker attach kolab
41 | ```
42 |
43 | In the container run:
44 | ```bash
45 | setup-kolab
46 | /root/stop.sh
47 | /root/configure_ssl.sh
48 | exit
49 | ```
50 |
51 | Then restart the container and re-attach:
52 | ```bash
53 | docker start kolab
54 | docker attach kolab
55 | ```
56 |
57 | If your server only has 1GB of RAM (like mine), you might want to disable virus detection by uncommenting the following line in `/etc/amavisd/amavisd.conf` (in the container)
58 | ```
59 | @bypass_virus_checks_maps = (1); # controls running of anti-virus code
60 | ```
61 |
62 | You also need to change `/root/start.sh` and comment out:
63 | ```
64 | #service clamd start
65 | ```
66 |
67 |
68 | Then start your services:
69 | ```bash
70 | /root/start.sh
71 | ```
72 |
73 | The server should now be up and running and you can continue creating users on the kolab webadmin page
74 | https://host.mydomain.tld/kolab-webadmin (log in with user name `cn=Directory Manager` and the password defined when running `setup-kolab`)
75 |
76 | Afterwards you can log in to roundcubemail on:
77 | https://host.mydomain.tld/roundcubemail
78 |
79 | ## Change default addresses
80 | If you run the Kolab server for your family as I do, you might want to have email addresses like firstname@lastname.tld. You can achieve this by changing some default settings in `/etc/kolab/kolab.conf`:
81 |
82 | In the section [mydomain.tld] change primary mail to:
83 | ```
84 | primary_mail = %(givenname)s@%(domain)s
85 | ```
86 |
87 | In section [kolab] change secondary mail to:
88 | ```
89 | secondary_mail = {
90 | 0: {
91 | "{0}@{1}": "format('%(uid)s', '%(domain)s')"
92 | },
93 | 1: {
94 | "{0}@{1}": "format('%(givenname)s.%(surname)s', '%(domain)s')"
95 | }
96 | }
97 | ```
98 |
99 | In section [kolab] change primary_mail to:
100 | ```
101 | primary_mail = %(givenname)s@%(domain)s
102 | ```
103 |
104 | In section [kolab] change policy_uid to:
105 | ```
106 | policy_uid = %(givenname)s.lower()
107 | ```
108 |
109 | In section [kolab] you can also change the default locale:
110 | ```
111 | default_locale = de_DE
112 | ```
113 |
114 | Restart the kolab service to apply the changes:
115 | ```bash
116 | service kolabd restart
117 | ```
118 |
119 | ## Change sender addresses and storage limit
120 | By default, the sender addresses will be something like user@host.mydomain.tld.
121 | You probably want to change this to user@mydomain.tld. This can be achieved by
122 | uncommenting the following line in `/etc/postfix/main.cf`:
123 | ```
124 | myorigin = $mydomain
125 | ```
126 | You might also want to change the size limit of incoming mails. This can be
127 | changed by adding the following to `/etc/postfix/main.cf`:
128 | ```
129 | message_size_limit =
130 | ```
131 |
132 | For the changes to take effect you need to restart postfix:
133 | ```
134 | service postfix restart
135 | ```
136 |
137 | ## Catch-all addresses for subdomains
138 | If you want to have catch-all addresses for subdomains, you can use the following steps:
139 |
140 | Edit `/etc/postfix/main.cf` and add to the end of virtual_alias_maps:
141 | ```
142 | hash:/etc/postfix/virtual
143 | ```
144 |
145 | Add to /etc/postfix/virtual:
146 | ```
147 | @subdomain1.mydomain.tld user1@mydomain.tld
148 | @subdomain2.mydomain.tld user1@mydomain.tld
149 | @subdomain3.mydomain.tld user1@mydomain.tld
150 | @subdomain4.mydomain.tld user2@mydomain.tld
151 | @subdomain5.mydomain.tld user3@mydomain.tld
152 | ```
153 |
154 | Then run:
155 | ```
156 | postmap /etc/postfix/virtual
157 | service postfix restart
158 | ```
159 |
160 | ## Allow secondary addresses as sender addresses
161 | Edit `/etc/kolab/kolab.conf` and change address_search_attrs in section [kolab_smtp_access_policy] to:
162 | ```
163 | address_search_attrs = mail, alias, mailalternateaddress
164 | ```
165 |
166 |
167 | ## Settings for CalDAV client
168 | Use URL:
169 | https://host.mydomain.tld/iRony/calendars/user1@mydomain.tld/Calendar
170 |
171 | ## Settings for CardDAV client
172 | Use URL:
173 | https://host.mydomain.tld/iRony/addressbooks/user1@mydomain.tld/Contacts
174 |
175 | ## Settings for WebDAV
176 | Use URL:
177 | https://host.mydomain.tld/iRony/files
178 |
179 | ## Settings for Android
180 |
181 | Create a *Corporate* account with type *Exchange* and use the following settings:
182 |
183 | User name: *your user id*
184 |
185 | Server: `host.mydomain.tld`
186 |
187 | Port: `443`
188 |
189 | Security type: `SSL/TLS`
190 |
191 |
--------------------------------------------------------------------------------
/configure_ssl.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | #Configure Apache for SSL
3 | sed -i -e '/SSLCertificateFile \/etc\/pki/c\SSLCertificateFile /etc/pki/tls/certs/domain.crt' /etc/httpd/conf.d/ssl.conf
4 | sed -i -e '/SSLCertificateKeyFile \/etc\/pki/c\SSLCertificateKeyFile /etc/pki/tls/private/domain.key' /etc/httpd/conf.d/ssl.conf
5 | sed -i -e '/SSLCertificateChainFile \/etc\/pki/c\SSLCertificateChainFile /etc/pki/tls/certs/domain.ca-chain.pem' /etc/httpd/conf.d/ssl.conf
6 | sed -i '//a Include conf.d/roundcubemail.conf' /etc/httpd/conf.d/ssl.conf
7 |
8 | #Configure Cyrus for SSL
9 | sed -r -i \
10 | -e 's|^tls_cert_file:.*|tls_cert_file: /etc/pki/tls/certs/domain.crt|g' \
11 | -e 's|^tls_key_file:.*|tls_key_file: /etc/pki/tls/private/domain.key|g' \
12 | -e 's|^tls_ca_file:.*|tls_ca_file: /etc/pki/tls/certs/domain.ca-chain.pem|g' \
13 | /etc/imapd.conf
14 |
15 | #Configure Postfix for SSL
16 | postconf -e smtpd_tls_key_file=/etc/pki/tls/private/domain.key
17 | postconf -e smtpd_tls_cert_file=/etc/pki/tls/certs/domain.crt
18 | postconf -e smtpd_tls_CAfile=/etc/pki/tls/certs/domain.ca-chain.pem
19 |
20 | #Configure kolab-cli for SSL
21 | sed -r -i \
22 | -e '/api_url/d' \
23 | -e "s#\[kolab_wap\]#[kolab_wap]\napi_url = https://`cat /root/hostname`/kolab-webadmin/api#g" \
24 | /etc/kolab/kolab.conf
25 |
26 |
27 | #Configure Roundcube for SSL
28 | sed -i -e '/kolab_ssl/d' /etc/roundcubemail/libkolab.inc.php
29 | sed -i -e 's/http:/https:/' /etc/roundcubemail/libkolab.inc.php
30 | sed -i -e 's/http:/https:/' /etc/roundcubemail/kolab_files.inc.php
31 | sed -i -e '/^?>/d' /etc/roundcubemail/config.inc.php
32 | cat < /root/roundcubemailconfig.inc.php >> /etc/roundcubemail/config.inc.php
33 |
--------------------------------------------------------------------------------
/roundcubemailconfig.inc.php:
--------------------------------------------------------------------------------
1 | $config['kolab_http_request'] = array(
2 | 'ssl_verify_peer' => true,
3 | 'ssl_verify_host' => true,
4 | 'ssl_cafile' => '/etc/pki/tls/certs/ca-bundle.crt'
5 | );
6 |
7 | # caldav/webdav
8 | $config['calendar_caldav_url'] = "https://%h/iRony/calendars/%u/%i";
9 | $config['kolab_addressbook_carddav_url'] = 'https://%h/iRony/addressbooks/%u/%i';
10 |
11 | # Force https redirect for http requests
12 | $config['force_https'] = true;
13 | ?>
14 |
--------------------------------------------------------------------------------
/start.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | service rsyslog start
3 | service postfix start
4 | service httpd start
5 | service mysqld start
6 | service dirsrv start
7 | service cyrus-imapd start
8 | service amavisd start
9 | service clamd start
10 | service wallace start
11 | sleep 10
12 | service kolabd start
13 | service kolab-saslauthd start
14 |
--------------------------------------------------------------------------------
/stop.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | service kolabd stop
3 | service kolab-saslauthd stop
4 | sleep 2
5 | service postfix stop
6 | service httpd stop
7 | service mysqld stop
8 | service dirsrv stop
9 | service cyrus-imapd stop
10 | service amavisd stop
11 | service clamd stop
12 | service wallace stop
13 | service rsyslog stop
14 |
--------------------------------------------------------------------------------