At current time this image has the potential of making you cry - Do not use for production use. I am not a Kopano expert yet using this opportunity to understand the ins and outs of the software to potentially use for a non-profit educational institution. I am constantly relying on the expertise of the community in the Kopano.io Community forums and the manuals, and still have a long way to go
This Container uses a customized Debian Linux base which includes s6 overlay enabled for PID 1 Init capabilities, zabbix-agent for individual container monitoring, Cron also installed along with other tools (bash,curl, less, logrotate, nano, vim) for easier management. It also supports sending to external SMTP servers.
This container also relies on customized Nginx base and a customized PHP-FPM base. Each of the above images have their own unique configuration settings that are carried over to this image.
This is an incredibly complex piece of software that will tries to get you up and running with sane defaults, you will need to switch eventually over to manually configuring the configuration file when depending on your usage case. My defaults do not necessary follow the normal defaults as per the instruction manuals. This is intended as a preview for peer review
You will also need an external MySQL/MariaDB Container.
Installation
Automated builds of the image are available on Docker Hub and is the recommended
method of installation.
docker pull tiredofit/kopano:latest
Quick Start
The quickest way to get started is using docker-compose. See the examples folder for a working docker-compose.yml that can be modified for development or production use.
Map persistent storage for access to configuration and data files for backup.
Configuration
Persistent Storage
The following directories are used for configuration and can be mapped for persistent storage.
Directory
Description
/certs
Certificates for services and CA. Do not mount your external certificates here say from Letsencrypt
/config/
If you wish to use your own configuration files with SETUP_TYPE=MANUAL map this.
/data/
Persistent Data for services
/logs/
Logfiles for various services (Fail2ban, Kopano, Nginx, Z-Push)
Environment Variables
Along with the Environment Variables from the Base image, Nginx image, and PHP-FPM,below is the complete list of available options that can be used to customize your installation.
There are over 550 environment variables that can be set - They will be added/updated as image becomes stable.
General Options
Parameter
Description
Default
SETUP_TYPE
MANUAL or AUTO to auto generate cofniguration for services on bootup, otherwise let admin control configuration.
AUTO
MODE
Container Mode - Which services to use - Multiple modes can occur by seperating with comma e.g. DAGENT,SPAMD
CORE
Options (not all will work on their own, you may need multiple modes defined):
AIO All in one - Kopano Core, Webapp, Zpush, Konnect, Meet
Depending on your LDAP Server type (Active Directory) or OpenLDAP this tool will generate specific options for the schema. Below are the standard settings regardless of LDAP Type.
This image also works well with the Fusion Directory Plugin which uses OpenLDAP as a backend. Choosing this option with LDAP_TYPE will set values that are compatible with this plugin.
Parameter
Description
Default
LDAP_TYPE
Type of LDAP Server for defaults ADOPENLDAPFUSIONDIRECTORY
Override master LOG_LEVEL environment for this specific service
BACKUP_SOCKET_SERVER
What should service use to contact server
${SOCKET_SERVER}
BACKUP_SSL_CERT_FILE
Backup SSL Certificate File
/certs/core/backup.crt
BACKUP_SSL_KEY_FILE
Backup SSL Key File
/certs/core/backup.pem
BACKUP_WORKER_PROCESSES
Amount of processes for backup
1
LOG_FILE_BACKUP
Logfile Name
backup.log
Calendar Options (needs work)
Parameter
Description
Default
CALENDAR_WEBROOT
/usr/share/kopano-calendar/calendar-webapp
DAgent Options (needs work)
Parameter
Description
Default
ENABLE_DAGENT
Enable Service
TRUE
DAGENT_ARCHIVE_ON_DELIVERY
Archive messages on Delivery
FALSE
DAGENT_ENABLE_FORWARD_WHITELIST
Enable Forwarding to specific domains functionality via rules
FALSE
DAGENT_ENABLE_PLUGIN
Enable Plugin functionality
FALSE
DAGENT_FORWARD_WHITELIST_DOMAINS_MESSAGE
Rejection message to send when domain not in whitelist
The Kopano mail system has rejected your request to forward your e-mail with subject %subject (via mail filters) to %sender: the operation is not permitted.\n\nRemove the rule or contact your administrator about the forward_whitelist_domains setting.
DAGENT_FORWARD_WHITELIST_DOMAINS_SUBJECT
Subject when message forwearded not to whitelisted domain
REJECT: %subject not forwarded (administratively blocked)
DAGENT_FORWARD_WHITELIST_DOMAINS
Space seperated list of domains to allow automatic forwarding
*
DAGENT_INSECURE_HTML_JOIN
FALSE
DAGENT_LISTEN_HOST
LMTP Listen address (insecure)
*
DAGENT_LISTEN_PORT
LMTP Listen port (insecure)
2003
DAGENT_LMTP_MAX_THREADS
Maximum Threads to use for DAgent
20
DAGENT_LOG_LEVEL
Override master LOG_LEVEL environment for this specific service
DAGENT_LOG_RAW_MESSAGES
Log Raw Messages
FALSE
DAGENT_NO_DOUBLE_FORWARD
Do not create forward loops
TRUE
DAGENT_PATH_PLUGIN
Plugins Path
/data/dagent/plugins/
DAGENT_PATH_RAW_MESSAGES
Where to store logs for raw messages
/data/dagent/raw_messages
DAGENT_SET_RULE_HEADERS
FALSE
DAGENT_SOCKET_SERVER
What should service use to contact server
${SOCKET_SERVER}
DAGENT_SPAM_HEADER_NAME
What header to read for upstream Spam filtering
X-Spam-Status
DAGENT_SSL_CERT_FILE
DAgent SSL Certificate File
/certs/core/dagent.crt
DAGENT_SSL_KEY_FILE
DAgent SSL Key File
/certs/core/dagent.pem
DAGENT_INHIBIT_FORWARD_HEADERS
Inhibit forwarding with these headers seperated by space
Override master LOG_LEVEL environment for this specific service
GATEWAY_SOCKET_SERVER
What should service use to contact server
${SOCKET_SERVER}
GATEWAY_SSL_CERT_FILE
Gateway SSL Certificate File
/certs/core/gateway.crt
GATEWAY_SSL_KEY_FILE
Gateway SSL Key File
/certs/core/gateway.pem
GATEWAY_SSL_PREFER_SERVER_CIPHERS
Prefer Server Ciphers when using SSL
TRUE
GATEWAY_SSL_REQUIRE_PLAINTEXT_AUTH
Require SSL when using AUTHPLAIN
TRUE
LOG_FILE_GATEWAY
Logfile Name
gateway.log
Gateway Migrator Mode Options
When enabling MODE=migrator you can spawn a seperate local copy of Kopano Gateway that skips authentication checks on any user in order to perform migration tasks moving messages from a remote store to the locally stored database. All options above are the same with the exception of the following that are hardcoded. Perform your migration work with the included kopano-migration-imap script included in image.
Parameter
Description
Hardcoded
GATEWAY_BYPASS_AUTHENTICATION_ADMIN
Bypass authentication for Admins on local socket
TRUE
GATEWAY_LISTEN_PORT_IMAP_SECURE
Listen port (insecure)
9993
GATEWAY_LISTEN_PORT_IMAP
Listen port (insecure)
1143
GATEWAY_IMAP_MAX_MESSAGE_SIZE
Maximum Message Size to Process for POP3/IMAP
100M
LOG_FILE_MIGRATOR
Logfile Name
migrator.log
SERVER_SOCKET
Server Socket
file:///var/run/kopano/server.sock
ICAL Options (needs work)
Parameter
Description
Default
ENABLE_ICAL
Enable Service
TRUE
ICAL_ENABLE_HTTP
Enable HTTP
TRUE
ICAL_ENABLE_HTTPS
Enable HTTPS
TRUE
ICAL_ENABLE_ICAL_GET
Enable GET functionaluty
TRUE
ICAL_LISTEN_HOST
Listen address (insecure)
*
ICAL_LISTEN_HOST_SECURE
Listen address (secure)
*
ICAL_LISTEN_PORT
Listen port (insecure)
8080
ICAL_LISTEN_PORT_SECURE
Listen port (insecure)
8443
ICAL_LOG_LEVEL
Override master LOG_LEVEL environment for this specific service
ICAL_SOCKET_SERVER
What should service use to contact server
${SOCKET_SERVER}
ICAL_SSL_CERT_FILE
ICAL SSL Certificate File
/certs/core/ical.crt
ICAL_SSL_KEY_FILE
ICAL SSL Key File
/certs/core/ical.pem
LOG_FILE_ICAL
Logfile Name
ical.log
KDAV Options (needs work)
Parameter
Description
Default
ENABLE_KDAV
Enable Service
TRUE
KDAV_CONFIG_FILE
Configuration File
kdav.php
KDAV_DEVELOPER_MODE
Utilize Developer mode
TRUE
KDAV_HOSTNAME
DAV Service Hostname
dav.example.com
KDAV_LISTEN_PORT
Listening Port for KDAV Services
80
KDAV_LOG_LEVEL
Override master LOG_LEVEL environment for this specific service
KDAV_MAX_SYNC_ITEMS
Maximum items to sync at once
1000
KDAV_PATH
Where data files are stored
/data/kdav/
KDAV_REALM
KDAV Realm
Kopano DAV
KDAV_ROOT_URI
Root URI
/
KDAV_SOCKET_SERVER
What should service use to contact server
${SOCKET_SERVER}
KDAV_SYNC_DB
Filename of Sync State
syncdate.db
LOG_FILE_KDAV
Logfile Name
kdav.log
Monitor Options
Parameter
Description
Default
ENABLE_MONITOR
Enable Service
TRUE
MONITOR_LOG_LEVEL
Override master LOG_LEVEL environment for this specific service
MONITOR_QUOTA_CHECK_INTERVAL
Check Quotas in minutes interval
15
MONITOR_QUOTA_RESEND_INTERVAL
Resend Notifications in dats interval
1
MONITOR_SSL_CERT_FILE
Monitor SSL Certificate File
/certs/core/monitor.crt
MONTIOR_SSL_KEY_FILE
Monitor SSL Key File
/certs/core/monitor.pem
MONITOR_SOCKET_SERVER
What should service use to contact server
${SOCKET_SERVER}
LOG_FILE_MONITOR
Logfile Name
monitor.log
TEMPLATE_MONITOR_COMPANY_QUOTA
Template: Company exceeded Quota
companywarning.mail
TEMPLATE_MONITOR_PATH
Where to find templates
/data/templates/quotas
TEMPLATE_MONITOR_USER_QUOTA
Template: User exceeded Quota
userwarning.mail
TEMPLATE_MONITOR_USER_HARD_QUOTA
Template: User exceeded Quota Hard
userhard.mail
TEMPLATE_MONITOR_USER_SOFT_QUOTA
Template: User exceeded Quota Soft
usersoft.mail
Prometheus Exporter Options
Parameter
Description
Default
ENABLE_PROMETHEUS_EXPORTER
Enable Service
TRUE
PROMETHEUS_EXPORTER_LISTEN_HOST
Listen Host for HTTP Exporter
127.0.0.1
PROMETHEUS_EXPORTER_LISTEN_PORT
Listening Port for HTTP Exporter
6231
PROMETHEUS_EXPORTER_LISTEN_PROTOCOL
Listening Port for HTTP Exporter
http
LOG_FILE_PROMETHEUS_EXPORTER
Logfile Name
prometheus-exporter.log
PROMETHEUS_EXPORTER_SOCKET
Socket to point Kopano Server to for stats export
/var/run/kopano/prometheus-export.sock
Search Options
Parameter
Description
Default
ENABLE_SEARCH
Enable Search Service
TRUE
LOG_FILE_SEARCH
Logfile Name
search.log
SEARCH_CACHE_SIZE_TERM
Cache Size
256M
SEARCH_ENABLE_HTTP
Enable HTTP Communications to Search Socket
FALSE
SEARCH_ENABLE_HTTPS
Enable TLS Communications to Search Socket
FALSE
SEARCH_INDEX_ATTACHMENTS
Index File Attachments
FALSE
SEARCH_INDEX_ATTACHMENTS_MAX_SIZE
Only index files under this value
5
SEARCH_INDEX_DRAFTS
Index Drafts Folder
TRUE
SEARCH_INDEX_JUNK
Index Junk Folder
TRUE
SEARCH_INDEX_PATH
Data storage for service
/data/search/
SEARCH_INDEX_PROCESSES
How many processes to run concurrently
1
SEARCH_LIMIT_RESULTS
Limit Results returned
1000
SEARCH_LISTEN_HOST
Listen address
0.0.0.0
SEARCH_LISTEN_PORT
Listen address
1238
SEARCH_LOG_LEVEL
Override master LOG_LEVEL environment for this specific service
SEARCH_SOCKET_SERVER
What should service use to contact server
${SOCKET_SERVER}
SEARCH_SSL_CERT_FILE
Search SSL Certificate File
/certs/core/search.crt
SEARCH_SSL_KEY_FILE
Search SSL Key File
/certs/core/search.pem
SEARCH_SSL_LISTEN_CERT_FILE
Search Listen SSL Certificate File
/certs/core/search-listen.crt
SEARCH_SSL_LISTEN_KEY_FILE
Search Listen SSL Key File
/certs/core/search-listen.pem
SEARCH_SUGGESTIONS
Respond with suggestions
FALSE
SEARCH_TIMEOUT
Timeout in seconds
10
SOCKET_SEARCH
Search Socket
Dependent on options above enabling HTTP or HTTPS this will auto populate with a default.
Maximum results for Global Address Book 0 to disable
0
WEBAPP_OIDC_CLIENT_ID
OIDC Client ID
WEBAPP_OIDC_ISS
OIDC Provider
WEBAPP_OIDC_SCOPE
OIDC Scope or Attributes
openid profile email kopano/gc
WEBAPP_PLUGIN_SMIME_ENABLE_OCSP
TRUE
WEBAPP_POWERPASTE_ALLOW_LOCAL_IMAGES
TRUE
WEBAPP_POWERPASTE_HTML_IMPORT
merge
WEBAPP_POWERPASTE_WORD_IMPORT
merge
WEBAPP_PREFETCH_EMAIL_COUNT
10
WEBAPP_PREFETCH_EMAIL_INTERVAL
How often to fetch new mail in seconds
30
WEBAPP_REDIRECT_ALLOWED_DOMAINS
WEBAPP_SHARED_STORE_POLLING_INTERVAL
15
WEBAPP_SOCKET_SERVER
What should service use to contact server
${SOCKET_SERVER}
WEBAPP_STATE_FILE_MAX_LIFETIME
28*60*60
WEBAPP_THEME
Set Default Theme
WEBAPP_TITLE
Browser Title of WebApp
Kopano WebApp
WEBAPP_TMP_PATH
Temporary Files path
/var/lib/kopano-webapp/tmp
WEBAPP_UPLOADED_ATTACHMENT_MAX_LIFETIME
6*60*60
Webapp Plugins
Webapp Plugin: Contact Fax Options
Parameter
Description
Default
WEBAPP_PLUGIN_ENABLE_CONTACT_FAX
Enable Plugin
TRUE
WEBAPP_PLUGIN_CONTACT_FAX_DEFAULT_USER
Auto Enable for new users
FALSE
WEBAPP_PLUGIN_CONTACT_FAX_DOMAIN_NAME
Domain name to append
officefax.net
Webapp Plugin: Files Options
This plugin requires an IV and Key (3.x) or Secret (> 4.x) to encrypt credentials for users to access services. If the env vars do not exist, a random 8 char IV and 16 char KEY or 24 char secret will be generated and stored in ${CONFIG_PATH}webapp/key-files and reloaded on each container start.
Parameter
Description
Default
WEBAPP_PLUGIN_ENABLE_FILES
Enable Files Plugin
TRUE
WEBAPP_PLUGIN_ENABLE_FILES_BACKEND_OWNCLOUD
Enable Owncloud Backend Plugin
TRUE
WEBAPP_PLUGIN_ENABLE_FILES_BACKEND_SEAFILE
Enable Seafile Backend Plugin
TRUE
WEBAPP_PLUGIN_ENABLE_FILES_BACKEND_SMB
Enable SMB Backed Plugin
TRUE
WEBAPP_PLUGIN_FILES_DEFAULT_USER
Auto Enable for new users
TRUE
WEBAPP_PLUGIN_FILES_ASK_BEFORE_DELETE
Ask users before deleting files
TRUE
WEBAPP_PLUGIN_FILES_CACHE_DIR
Files cache directory
/data/cache/webapp/plugin_files
WEBAPP_PLUGIN_FILES_LOG_LEVEL
Override master LOG_LEVEL environment for this specific service
WEBAPP_PLUGIN_FILES_PASSWORD_IV
8 character IV (Legacy)
(random)
WEBAPP_PLUGIN_FILES_PASSWORD_KEY
16 character IV (Legacy
(random)
WEBAPP_PLUGIN_FILES_PASSWORD_SECRET
24 character Secret
(random)
Webapp Plugin: HTML Editor Jodit
Parameter
Description
Default
WEBAPP_PLUGIN_ENABLE_HTMLEDITOR_JODIT
Enable Plugin
TRUE
Webapp Plugin: HTML Editor Quill
Parameter
Description
Default
WEBAPP_PLUGIN_ENABLE_HTMLEDITOR_QUILL
Enable Plugin
TRUE
Webapp Plugin: Intranet Options
Add multiple Intranet Tabs by adding WEBAPP_PLUGIN_INTRANET(x)_*
