Demo setup with defaults does not work
Opened this issue · 6 comments
Describe the bug
Demo setup with default settings is unable to produce a working environment on a fresh OS isntallation.
To Reproduce
- Install fresh debian 11 (netinst)
- apt install docker docker-compose git
- git clone ...
- cd kopano-docker
- ./setup.sh (All default options)
- docker-compose up
Expected behavior
Working demo environment. But website is not accessible.
Logs
I assume the culprit is somehow this:
mail_1 | Error: sed -i /^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org// /etc/postfix/main.cf
mail_1 | [ WARNING ] No DKIM key provided. Check the documentation on how to get your keys.
mail_1 | Nameservers 127.0.0.11
mail_1 | [ FATAL ] TLS Setup [SSL_TYPE=self-signed] | File /tmp/docker-mailserver/ssl/mail.kopano.demo-key.pem or /tmp/docker-mailserver/ssl/mail.kopano.demo-cert.pem does not exist!
mail_1 | [ ERROR ] Shutting down..
mail_1 | 2022-08-20 12:40:37,577 WARN received SIGTERM indicating exit request
kopano_spooler_1 | 2022/08/20 12:40:39 Waiting for tcp://mail:25: dial tcp 172.20.0.4:25: connect: connection refused.
Full logs
Mailserver log
root@debian:~# docker version
Client:
Version: 20.10.5+dfsg1
API version: 1.41
Go version: go1.15.15
Git commit: 55c4c88
Built: Mon May 30 18:34:49 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server:
Engine:
Version: 20.10.5+dfsg1
API version: 1.41 (minimum version 1.12)
Go version: go1.15.15
Git commit: 363e9a8
Built: Mon May 30 18:34:49 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.4.13~ds1
GitCommit: 1.4.13~ds1-1~deb11u2
runc:
Version: 1.0.0~rc93+ds1
GitCommit: 1.0.0~rc93+ds1-5+deb11u2
docker-init:
Version: 0.19.0
GitCommit:
root@debian:~# docker-compose version
docker-compose version 1.25.0, build unknown
docker-py version: 4.1.0
CPython version: 3.9.2
OpenSSL version: OpenSSL 1.1.1n 15 Mar 2022
Same setup, same error. I can confirm that bug.
It looks like SSL_TYPE=self-signed
is not supported on docker-mailserver
anymore. At least since docker-mailserver/docker-mailserver@c851f5b
The new alternative seems to be SSL_TYPE=snakeoil
for testing purposes.
Please change docker-compose.mail.yml
SSL_TYPE
to snakeoil
and test if demo setup is now running.
Yes, by changing that line the mailserver is able to start up and the spooler is able to connect. I can access the webpage.
kopano_spooler_1 | 2022/08/24 13:21:21 Waiting for tcp://mail:25: dial tcp 172.20.0.3:25: connect: connection refused.
kopano_spooler_1 | 2022/08/24 13:21:22 Waiting for tcp://mail:25: dial tcp 172.20.0.3:25: connect: connection refused.
kopano_spooler_1 | 2022/08/24 13:21:23 Waiting for tcp://mail:25: dial tcp 172.20.0.3:25: connect: connection refused.
mail_1 | Aug 24 13:21:24 mail postfix/master[2339]: daemon started -- version 3.5.6, configuration /etc/postfix
mail_1 | Aug 24 13:21:24 mail postfix/pickup[2342]: 44D83141192: uid=0 from=<root>
mail_1 | Aug 24 13:21:24 mail postfix/cleanup[2346]: 44D83141192: message-id=<20220824112124.44D83141192@mail.kopano.demo>
mail_1 | Aug 24 13:21:24 mail opendkim[1115]: 44D83141192: no signing table match for 'root@mail.kopano.demo'
mail_1 | Aug 24 13:21:24 mail opendkim[1115]: 44D83141192: no signature data
mail_1 | Aug 24 13:21:24 mail postfix/qmgr[2343]: 44D83141192: from=<root@mail.kopano.demo>, size=729, nrcpt=1 (queue active)
kopano_spooler_1 | 2022/08/24 13:21:24 Ready: tcp://mail:25.
kopano_spooler_1 | [=======] Starting kopano-spooler version 11.0.0 (pid 6 uid 0)
mail_1 | Aug 24 13:21:24 mail postfix/postscreen[2362]: cache btree:/var/lib/postfix/postscreen_cache full cleanup: retained=0 dropped=0 entries
mail_1 | Aug 24 13:21:24 mail postfix/postscreen[2362]: CONNECT from [172.20.0.7]:44952 to [172.20.0.3]:25
mail_1 | Aug 24 13:21:24 mail postfix/postscreen[2362]: WHITELISTED [172.20.0.7]:44952
kopano_spooler_1 | [=======] Starting kopano-spooler version 11.0.0 (pid 6 uid 999)
mail_1 | Aug 24 13:21:24 mail postfix/smtpd[2363]: connect from kopano_kopano_spooler_1.kopano_kopano-net[172.20.0.7]
mail_1 | Aug 24 13:21:24 mail opendmarc[1126]: ignoring connection from kopano_kopano_spooler_1.kopano_kopano-net
mail_1 | Aug 24 13:21:24 mail postfix/smtpd[2363]: lost connection after CONNECT from kopano_kopano_spooler_1.kopano_kopano-net[172.20.0.7]
mail_1 | Aug 24 13:21:24 mail postfix/smtpd[2363]: disconnect from kopano_kopano_spooler_1.kopano_kopano-net[172.20.0.7] commands=0/0
docker-compose.mail.yml
as copy&paste for convinience:
version: "3.5"
services:
mail:
image: mailserver/docker-mailserver:10
restart: unless-stopped
hostname: mail # hostname and domainname may need to be commented on some platforms (e.g. ChromeOS)
domainname: ${LDAP_DOMAIN}
container_name: ${COMPOSE_PROJECT_NAME}_mail
ports:
- "${SMTPPORT:-25}:25"
- "${SMTPSPORT:-465}:465"
- "${MSAPORT:-587}:587"
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- maillogs:/var/log/mail
- mtaconfig:/tmp/docker-mailserver/
environment:
- DMS_DEBUG=0
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_LDAP=1
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
- ENABLE_POSTGREY=1
- ENABLE_SASLAUTHD=1
- ENABLE_SPAMASSASSIN=1
- LDAP_BIND_DN=${LDAP_BIND_DN}
- LDAP_BIND_PW=${LDAP_BIND_PW}
- LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
- LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
- LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
- LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER}
- LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- LDAP_SERVER_HOST=${LDAP_SERVER}
- ONE_DIR=1
- PERMIT_DOCKER=connected-networks
- POSTFIX_DAGENT=lmtp:kopano_dagent:2003
- PFLOGSUMM_TRIGGER=logrotate
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
- SASLAUTHD_LDAP_BIND_DN=${LDAP_BIND_DN}
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
- SASLAUTHD_LDAP_PASSWORD=${LDAP_BIND_PW}
- SASLAUTHD_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- SASLAUTHD_LDAP_SERVER=${LDAP_HOST}
- SASLAUTHD_MECHANISMS=rimap
- SASLAUTHD_MECH_OPTIONS=kopano_gateway
- SMTP_ONLY=1
- SPAMASSASSIN_SPAM_TO_INBOX=1
- SSL_TYPE=snakeoil
- TZ=${TZ}
env_file:
- mail.env
networks:
- kopano-net
# dns: 1.1.1.1 # using Google DNS can lead to lookup errors uncomment this option and
# set to the ip of a trusted dns service (Cloudflare is given as an example).
# See https://github.com/zokradonh/kopano-docker/issues/52 for more information.
cap_add:
- NET_ADMIN
- SYS_PTRACE
kopano_spooler:
depends_on:
- mail
volumes:
maildata:
mailstate:
maillogs:
mtaconfig:
And .env
generated by setup.sh
, just in case, as reference:
# please consult https://github.com/zokradonh/kopano-docker
# for possible configuration values and their impact
CORE_VERSION=latest
WEBAPP_VERSION=latest
ZPUSH_VERSION=latest
KONNECT_VERSION=latest
KWM_VERSION=latest
MEET_VERSION=latest
KDAV_VERSION=latest
KAPPS_VERSION=latest
LDAP_CONTAINER=kopano_ldap_demo
LDAP_ORGANISATION="Kopano Demo"
LDAP_DOMAIN=kopano.demo
LDAP_BASE_DN=dc=kopano,dc=demo
LDAP_SERVER=ldap://ldap:389
LDAP_HOST=ldap:389
LDAP_ADMIN_PASSWORD=P05ZPCijJtslpv2xPhEE4olNUeUH7mnE
LDAP_READONLY_USER_PASSWORD=gsCH4GLworsjlNULytdu5eqZfRGraVQN
LDAP_BIND_DN=cn=readonly,dc=kopano,dc=demo
LDAP_BIND_PW=gsCH4GLworsjlNULytdu5eqZfRGraVQN
LDAP_SEARCH_BASE=dc=kopano,dc=demo
# LDAP query filters
LDAP_QUERY_FILTER_USER=(&(kopanoAccount=1)(mail=%s))
LDAP_QUERY_FILTER_GROUP=(&(objectclass=kopano-group)(mail=%s))
LDAP_QUERY_FILTER_ALIAS=(&(kopanoAccount=1)(kopanoAliases=%s))
LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(kopanoAliases=*@%s)))
SASLAUTHD_LDAP_FILTER=(&(kopanoAccount=1)(uid=%s))
# LDAP user password self-service reset settings
SELF_SERVICE_SECRETEKEY=V339QJmge49oxXlaUuQ3LHCOte67O49W
SELF_SERVICE_PASSWORD_MIN_LENGTH=5
SELF_SERVICE_PASSWORD_MAX_LENGTH=0
SELF_SERVICE_PASSWORD_MIN_LOWERCASE=0
SELF_SERVICE_PASSWORD_MIN_UPPERCASE=0
SELF_SERVICE_PASSWORD_MIN_DIGIT=1
SELF_SERVICE_PASSWORD_MIN_SPECIAL=1
# switch the value of these two variables to use the activedirectory configuration
KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg
KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg
MYSQL_HOST=db
MYSQL_ROOT_PASSWORD=4OII0t4bPkReacmEVUbY86xREN5dkbUm
MYSQL_USER=kopano
MYSQL_PASSWORD=ZBlaDovYP9RyGcDxgBTjIwEKadm3kmVw
MYSQL_DATABASE=kopano
KCCONF_SERVER_SERVER_NAME=Kopano
POSTMASTER_ADDRESS=postmaster@kopano.demo
MAILBOXLANG=en_US.UTF-8
TZ=Europe/Berlin
# Defines how Kopano can be accessed from the outside world
FQDN=kopano.demo
FQDNCLEANED=kopano.demo
DEFAULTREDIRECT=/webapp
EMAIL=self_signed
CADDY=2015
HTTP=80
HTTPS=443
LDAPPORT=389
SMTPPORT=25
SMTPSPORT=465
MSAPORT=587
IMAPPORT=143
ICALPORT=8080
KOPANOPORT=236
KOPANOSPORT=237
# Settings for test environments
INSECURE=yes
# Docker and docker-compose settings
# Docker Repository to push to/pull from
docker_repo=zokradonh
COMPOSE_PROJECT_NAME=kopano
COMPOSE_FILE=docker-compose.yml:docker-compose.ports.yml:docker-compose.db.yml:docker-compose.ldap.yml:docker-compose.mail.yml
# Modify below to build a different version, than the Kopano nightly release
# credentials for repositories are handled through a file called apt_auth.conf (which will be created through setup.sh or Makefile)
#KOPANO_CORE_REPOSITORY_URL=https://download.kopano.io/supported/core:/8.7/Debian_10/
#KOPANO_KAPPS_REPOSITORY_URL=https://download.kopano.io/supported/kapps:/master/Debian_10/
#KOPANO_MEET_REPOSITORY_URL=https://download.kopano.io/supported/meet:/final/Debian_10/
#KOPANO_WEBAPP_FILES_REPOSITORY_URL=https://download.kopano.io/supported/files:/pre-final/Debian_10/
#KOPANO_WEBAPP_MDM_REPOSITORY_URL=https://download.kopano.io/supported/mdm:/final/Debian_10/
#KOPANO_WEBAPP_REPOSITORY_URL=https://download.kopano.io/supported/webapp:/final/Debian_10/
#KOPANO_WEBAPP_SMIME_REPOSITORY_URL=https://download.kopano.io/supported/smime:/final/Debian_10/
#KOPANO_ZPUSH_REPOSITORY_URL=https://download.kopano.io/zhub/z-push:/final/Debian_10/
#DOWNLOAD_COMMUNITY_PACKAGES=0
# Remove this variable to not push versioned containers with the :latest tag
PUBLISHLATEST=yes
# Additional packages to install
ADDITIONAL_KOPANO_PACKAGES=""
ADDITIONAL_KOPANO_WEBAPP_PLUGINS=""
Thanks.
thanks for the workarround. is it normal that the container kopano_kopano_ssl_1 cannot be started?
docker logs of this container shows only the following:
errexit on
noglob off
ignoreeof off
monitor off
noexec off
xtrace off
verbose off
noclobber off
allexport off
notify off
nounset on
vi off
pipefail off
SSL certs:
-rw-r--r-- 1 root root 3054 Aug 31 06:51 /kopano/ssl/admin.pem
-rw-r--r-- 1 root root 1338 Aug 31 06:51 /kopano/ssl/ca.pem
-rw-r--r-- 1 nobody nobody 227 Sep 1 08:27 /kopano/ssl/ecparam.pem
-rw-r--r-- 1 root root 129 Aug 31 06:51 /kopano/ssl/kapid-pubs-secret.key
-rw-r--r-- 1 root root 32 Aug 31 06:51 /kopano/ssl/konnectd-encryption.key
-rw-r--r-- 1 nobody nobody 491 Sep 1 08:27 /kopano/ssl/konnectd-identifier-registration.yaml
-rw-r--r-- 1 root root 3272 Aug 31 06:51 /kopano/ssl/konnectd-tokens-signing-key.pem
-rw-r--r-- 1 root root 3082 Aug 31 06:51 /kopano/ssl/kopano_dagent.pem
-rw-r--r-- 1 root root 3086 Aug 31 06:51 /kopano/ssl/kopano_monitor.pem
-rw-r--r-- 1 root root 3090 Aug 31 06:51 /kopano/ssl/kopano_search.pem
-rw-r--r-- 1 root root 3086 Aug 31 06:51 /kopano/ssl/kopano_server.pem
-rw-r--r-- 1 root root 3098 Aug 31 06:51 /kopano/ssl/kopano_server_2.pem
-rw-r--r-- 1 root root 3090 Aug 31 06:51 /kopano/ssl/kopano_spooler.pem
-rw-r--r-- 1 root root 3086 Aug 31 06:51 /kopano/ssl/kopano_webapp.pem
-rw-r--r-- 1 nobody nobody 227 Sep 1 08:27 /kopano/ssl/meet-kwmserver.pem
Client public keys:
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/admin-public.pem
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/kopano_dagent-public.pem
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/kopano_monitor-public.pem
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/kopano_search-public.pem
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/kopano_server-public.pem
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/kopano_server_2-public.pem
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/kopano_spooler-public.pem
-rw-r--r-- 1 root root 451 Aug 31 06:51 /kopano/ssl/clients/kopano_webapp-public.pem
It starts successfully and fullfills its job to create the certificates if they don't exist. Afterwards it closes immediately. This is normal.