summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2016-03-09 11:09:42 +0100
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2016-03-09 11:09:42 +0100
commitff1c994f7282eb05a817eee364d7b86aba49f3a0 (patch)
tree07b0e93ae4639bb3d9026da7bca29d80d114f786
parent5d387349195dc0f82cc73815749e246793c8a194 (diff)
downloaddocker-ucs-4.1/kolab-16.tar.gz
Refresh and clean up, adding a 99-ucs-4.1 set of Docker filesucs-4.1/kolab-16
-rw-r--r--99-ucs-4.1/Dockerfile29
-rw-r--r--99-ucs-4.1/LICENSE22
-rw-r--r--99-ucs-4.1/README.md199
-rw-r--r--99-ucs-4.1/configs/supervisord.conf29
-rwxr-xr-x99-ucs-4.1/entrypoint.sh588
-rwxr-xr-x99-ucs-4.1/service-wrapper.sh22
6 files changed, 889 insertions, 0 deletions
diff --git a/99-ucs-4.1/Dockerfile b/99-ucs-4.1/Dockerfile
new file mode 100644
index 0000000..7ece0bf
--- /dev/null
+++ b/99-ucs-4.1/Dockerfile
@@ -0,0 +1,29 @@
+FROM kolab/base:16
+MAINTAINER Kolab Systems AG <contact@kolabsystems.com>
+
+# Install kolab
+RUN yum -y install \
+ httpd && \
+ yum -y install \
+ expect \
+ kolab-conf \
+ kolab-imap \
+ kolab-mta \
+ kolab-webclient \
+ mariadb-server \
+ mod_ssl \
+ supervisor && \
+ yum -y reinstall --setopt=tsflags= \
+ chwala \
+ roundcubemail && \
+ yum clean all
+
+EXPOSE 25 80 110 143 443 587 993 995 4190 8080
+VOLUME ["/data"]
+
+ADD /entrypoint.sh /entrypoint.sh
+RUN chmod a+x /entrypoint.sh
+
+# Add config and setup script, run it
+ADD service-wrapper.sh /bin/service-wrapper.sh
+ADD configs/supervisord.conf /etc/supervisord.conf
diff --git a/99-ucs-4.1/LICENSE b/99-ucs-4.1/LICENSE
new file mode 100644
index 0000000..60827a3
--- /dev/null
+++ b/99-ucs-4.1/LICENSE
@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 kvaps
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
diff --git a/99-ucs-4.1/README.md b/99-ucs-4.1/README.md
new file mode 100644
index 0000000..32e46a6
--- /dev/null
+++ b/99-ucs-4.1/README.md
@@ -0,0 +1,199 @@
+Kolab 3.4 in a Docker
+=====================
+
+![Kolab Logo](https://github.com/kvaps/docker-kolab/blob/img/kolab.png?raw=true)
+
+This is Kolab image for docker.
+
+Installation is supports automatic configuration **kolab**, **nginx**, **opendkim**, **fail2ban** and more...
+
+ - [GitHub](https://github.com/kvaps/docker-kolab)
+ - [DockerHub](https://hub.docker.com/r/kvaps/kolab/)
+
+Quick start
+-----------
+
+Run command:
+```bash
+docker run \
+ --name kolab \
+ -h mail.example.org \
+ -v /etc/localtime:/etc/localtime:ro \
+ -v /lib/modules:/lib/modules:ro \
+ -v /opt/kolab:/data:rw \
+ -e TZ=Europe/Moscow \
+ -e LDAP_ADMIN_PASS=<password> \
+ -e LDAP_MANAGER_PASS=<password> \
+ -e LDAP_CYRUS_PASS=<password> \
+ -e LDAP_KOLAB_PASS=<password> \
+ -e MYSQL_ROOT_PASS=<password> \
+ -e MYSQL_KOLAB_PASS=<password> \
+ -e MYSQL_ROUNDCUBE_PASS=<password> \
+ -p 80:80 \
+ -p 443:443 \
+ -p 25:25 \
+ -p 587:587 \
+ -p 110:110 \
+ -p 995:995 \
+ -p 143:143 \
+ -p 993:993 \
+ -p 4190:4190 \
+ --cap-add=NET_ADMIN \
+ --entrypoint=/bin/bash \
+ kvaps/kolab
+```
+It should be noted that the `--cap-add=NET_ADMIN` and `-v /lib/modules:/lib/modules:ro` option is necessary only for **Fail2ban**, if you do not plan to use **Fail2ban**, you can exclude it.
+
+You can also more integrate Kolab to your system, simply replace `-v` options like this:
+```bash
+ -v /etc/kolab:/data/etc:rw \
+ -v /var/spool/kolab:/data/var/spool:rw \
+ -v /var/lib/kolab:/data/var/lib:rw \
+ -v /var/log/kolab:/data/var/log:rw \
+```
+
+Docker-compose
+--------------
+
+You can use the docker-compose for this image is really simplify your life:
+
+```yaml
+kolab:
+ restart: always
+ image: kvaps/kolab
+ hostname: mail
+ domainname: example.org
+ volumes:
+ - /etc/localtime:/etc/localtime:ro
+ - /lib/modules:/lib/modules:ro
+ - ./kolab:/data:rw
+ environment:
+ - TZ=Europe/Moscow
+ - LDAP_ADMIN_PASS=<password>
+ - LDAP_MANAGER_PASS=<password>
+ - LDAP_CYRUS_PASS=<password>
+ - LDAP_KOLAB_PASS=<password>
+ - MYSQL_ROOT_PASS=<password>
+ - MYSQL_KOLAB_PASS=<password>
+ - MYSQL_ROUNDCUBE_PASS=<password>
+ - KOLAB_DEFAULT_LOCALE=ru_RU
+ - ROUNDCUBE_SKIN=larry
+ ports:
+ - 80:80
+ - 443:443
+ - "25:25"
+ - 587:587
+ - 110:110
+ - 995:995
+ - 143:143
+ - 993:993
+ - 4190:4190
+ - 389:389
+ cap_add:
+ - NET_ADMIN
+```
+
+Configuration
+-------------
+
+#### SSL-certificates
+
+Put your key and certificates to `/opt/kolab/etc/pki/tls/kolab`
+Alternative you can use [kvaps/letsencrypt-webroot](https://github.com/kvaps/docker-letsencrypt-webroot) image,
+In this case, be sure to specify these options:
+```bash
+ -e 'CERT_PATH=/etc/letsencrypt/live'
+ -e 'LE_RENEW_HOOK=docker restart @CONTAINER_NAME@' \
+```
+*Note: Nginx in this image is already configured for use `/tmp/letsencrypt` as directory for letsencrypt checks*
+
+#### Available Configuration Parameters
+
+*Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose.*
+
+Below is the complete list of available options that can be used to customize your kolab installation.
+
+##### Basic options
+
+ - **TZ**: Sets the timezone. Defaults to `UTC`.
+ - **WEBSERVER**: Choose the backend. May be `apache` or `nginx`. Defaults to `nginx`.
+ - **FORCE_HTTPS** Sets webserver for force redirect to https. Defaults to `true`.
+ - **NGINX_CACHE** Enable nginx and fastcgi cacheing. Defaults to `false`.
+ - **SPAM_SIEVE**: Sets the global sieve script to place mail marked as spam into Spam folder. Defaults to `true`.
+ - **SPAM_SIEVE_TIMEOUT** : Sets how often to run a check of global sieve script for users. Defaults to `15m`.
+ - **FAIL2BAN**: Enables Fail2Ban. Defaults to `true`.
+ - **DKIM**: Enables DKIM signing. Defaults to `true`.
+ - **CERT_PATH**: Path to the certificates. Defaults to `true`.
+
+##### Set the passwords
+
+By default passwords generates automatically and printing at the end of the installation script. You can specify the passwords you want to use.
+
+ - **LDAP_ADMIN_PASS**: supply a password for the LDAP administrator user 'admin', used to login to the graphical console of 389 Directory server. Defaults to `random`.
+ - **LDAP_MANAGER_PASS**: supply a password for the LDAP Directory Manager user, which is the administrator user you will be using to at least initially log in to the Web Admin, and that Kolab uses to perform administrative tasks. Defaults to `random`.
+ - **LDAP_CYRUS_PASS**: supply a Cyrus Administrator password. This password is used by Kolab to execute administrative tasks in Cyrus IMAP. You may also need the password yourself to troubleshoot Cyrus IMAP and/or perform other administrative tasks against Cyrus IMAP directly. Defaults to `random`.
+ - **LDAP_KOLAB_PASS**: supply a Kolab Service account password. This account is used by various services such as Postfix, and Roundcube, as anonymous binds to the LDAP server will not be allowed. Defaults to `random`.
+ - **MYSQL_ROOT_PASS**: supply the root password for MySQL, so we can set up user accounts for other components that use MySQL. Defaults to `random`.
+ - **MYSQL_KOLAB_PASS**: supply a password for the MySQL user 'kolab'. This password will be used by Kolab services, such as the Web Administration Panel. Defaults to `random`.
+ - **MYSQL_ROUNDCUBE_PASS**: supply a password for the MySQL user 'roundcube'. This password will be used by the Roundcube webmail interface. Defaults to `random`.
+
+##### Advanced configuration
+
+ - **KOLAB_RCPT_POLICY**: Enables the Recipient policy. Defaults to `false`.
+ - **KOLAB_DEFAULT_LOCALE**: Sets default locale for Kolab. Defaults to `en_US`.
+ - **MAX_MEMORY_SIZE**: Sets the maximum memory size for php. Defaults to `256M`.
+ - **MAX_FILE_SIZE**: Sets the max upload size. Defaults to `30M`.
+ - **MAX_MAIL_SIZE**: Sets the max letter size. Defaults to `30M`.
+ - **MAX_MAILBOX_SIZE**: Sets the posfix mailbox size. Defaults to `50M`.
+ - **MAX_BODY_SIZE**: Sets the the max body size for nginx. Defaults to `50M`.
+ - **ROUNDCUBE_SKIN**: Sets the skin for roundcube, may be `larry` or `chameleon`. Defaults to `chameleon`.
+ - **ROUNDCUBE_ZIPDOWNLOAD**: Enables zipdownload plugin. Defaults to `true`.
+ - **ROUNDCUBE_TRASH**: Sets how delete mails. May be `flag` or `trash`. Defaults to `trash`.
+
+##### Configuring another milter,
+
+This settings disables amavis with clamd and configures another milter
+
+ - **EXT_MILTER_ADDR**: Sets the milter address and port. Example to `inet:rmilter:11339`.
+ - **EXT_MILTER_PROTO**: Sets the milter protocol. Defaults to `4`.
+
+Multi-instances
+---------------
+
+I use [pipework](https://hub.docker.com/r/dreamcat4/pipework/) image for passthrough external ethernet cards into docker container.
+
+See [examples](https://github.com/dreamcat4/docker-images/blob/master/pipework/3.%20Examples.md), that's realy simple!
+
+Update notes
+------------
+
+For update from previous versions of my docker image, please follow these simple steps:
+
+ - 2015-11-03: Update supervisord config:
+
+```bash
+# –°heck which services is startup (not commented)
+cat /data/etc/supervisord.conf
+# Make the same
+vi /etc/supervisord.conf
+# Replace your file with a new
+cp -f /etc/supervisord.conf /data/etc/supervisord.conf
+```
+
+
+
+ - 2015-01-24: If you have not default.bc script:
+
+```bash
+# Create default sieve script
+mkdir -p /data/var/lib/imap/sieve/global/
+cat > /data/var/lib/imap/sieve/global/default.script << EOF
+require "fileinto";
+if header :contains "X-Spam-Flag" "YES"
+{
+ fileinto "Spam";
+}
+EOF
+# Compile it
+/usr/lib/cyrus-imapd/sievec /data/var/lib/imap/sieve/global/default.script /data/var/lib/imap/sieve/global/default.bc
+```
diff --git a/99-ucs-4.1/configs/supervisord.conf b/99-ucs-4.1/configs/supervisord.conf
new file mode 100644
index 0000000..1984a9f
--- /dev/null
+++ b/99-ucs-4.1/configs/supervisord.conf
@@ -0,0 +1,29 @@
+[supervisord]
+nodaemon=true
+
+[program:rsyslog]
+command=/bin/service-wrapper.sh rsyslog '/var/log/messages' 'rsyslogd:'
+
+[program:httpd]
+command=/bin/service-wrapper.sh httpd '/var/log/httpd/error_log'
+
+[program:mysqld]
+command=/bin/service-wrapper.sh mysqld '/var/log/mysqld.log'
+
+[program:postfix]
+command=/bin/service-wrapper.sh postfix '/var/log/maillog' 'postfix.*\[.*\]:'
+
+[program:cyrus-imapd]
+command=/bin/service-wrapper.sh cyrus-imapd '/var/log/maillog' '[master\|pop3\|imap].*\[.*\]:'
+
+[program:amavisd]
+command=/bin/service-wrapper.sh amavisd '/var/log/maillog' 'amavis.*\[.*\]:'
+
+[program:clamd]
+command=/bin/service-wrapper.sh clamd '/var/log/clamav/clamd.log'
+
+[program:wallace]
+command=/bin/service-wrapper.sh wallace
+
+[program:kolab-saslauthd]
+command=/bin/service-wrapper.sh kolab-saslauthd
diff --git a/99-ucs-4.1/entrypoint.sh b/99-ucs-4.1/entrypoint.sh
new file mode 100755
index 0000000..aaba9c3
--- /dev/null
+++ b/99-ucs-4.1/entrypoint.sh
@@ -0,0 +1,588 @@
+#!/bin/bash
+
+. /functions.sh
+
+#check_vars \
+# DOMAIN \
+# LDAP_HOSTNAME \
+# LDAP_PORT \
+# CYRUS_ADMIN_PASSWORD \
+# KOLAB_SERVICE_PASSWORD \
+# || exit 1
+
+check_var TIMEZONE && configure_timezone ${TIMEZONE}
+
+datadirs=(
+ /etc/httpd
+ /etc/my.cnf
+ /etc/cyrus.conf
+ /etc/imapd.conf
+ /etc/imapd.annotations.conf
+ /etc/kolab
+ /etc/kolab-freebusy
+ /etc/php.d
+ /etc/php.ini
+ /etc/postfix
+ /etc/roundcubemail
+ /etc/supervisord.conf
+ /etc/clamd.conf
+ /etc/clamd.d
+ /etc/iRony
+ /etc/mail
+ /etc/pki
+ /var/lib/mysql
+ /var/lib/imap
+ /var/lib/spamassassin
+ /var/lib/clamav
+ /var/spool/amavisd
+ /var/spool/imap
+ /var/spool/postfix
+ /var/spool/pykolab
+ /var/log/chwala
+ /var/log/clamav
+ /var/log/httpd
+ /var/log/iRony
+ /var/log/kolab
+ /var/log/kolab-freebusy
+ /var/log/kolab-syncroton
+ /var/log/maillog
+ /var/log/messages
+ /var/log/mysqld.log
+ /var/log/roundcubemail
+ /var/log/supervisor
+)
+
+move_dirs()
+{
+ echo "info: start moving lib and log folders to /data volume"
+
+ for i in "${dir[@]}"; do mkdir -p /data$(dirname $i) ; done
+ for i in "${dir[@]}"; do mv $i /data$i; done
+
+ echo "info: finished moving lib and log folders to /data volume"
+}
+
+link_dirs()
+{
+ echo "info: start linking default lib and log folders to /data volume"
+
+ for i in "${dir[@]}"; do rm -rf $i && ln -s /data$i $i ; done
+
+ #Need for dirsrv
+ mkdir /var/lock/dirsrv/slapd-$(hostname -s)/
+ chown dirsrv: /var/run/dirsrv /var/lock/dirsrv/slapd-$(hostname -s)/
+
+ echo "info: finished linking default lib and log folders to /data volume"
+}
+
+configure_kolab()
+{
+ if [ ! -d /etc/dirsrv/slapd-* ] ; then
+ echo "info: start configuring Kolab"
+
+ chk_var LDAP_ADMIN_PASS
+ chk_var LDAP_MANAGER_PASS
+ chk_var LDAP_CYRUS_PASS
+ chk_var LDAP_KOLAB_PASS
+ chk_var MYSQL_ROOT_PASS
+ chk_var MYSQL_KOLAB_PASS
+ chk_var MYSQL_ROUNDCUBE_PASS
+
+ #Fix apache symlinks
+ rm -f /etc/httpd/modules && ln -s /usr/lib64/httpd/modules /etc/httpd/modules
+ rm -f /etc/httpd/logs && ln -s /var/log/httpd /etc/httpd/logs
+ rm -f /etc/httpd/run && ln -s /var/run /etc/httpd/run
+
+ expect <<EOF
+spawn setup-kolab --fqdn=$(hostname -f) --timezone=$TZ
+set timeout 300
+expect "Administrator password *:"
+send "$LDAP_ADMIN_PASS\r"
+expect "Confirm Administrator password:"
+send "$LDAP_ADMIN_PASS\r"
+expect "Directory Manager password *:"
+send "$LDAP_MANAGER_PASS\r"
+expect "Confirm Directory Manager password:"
+send "$LDAP_MANAGER_PASS\r"
+expect "User *:"
+send "dirsrv\r"
+expect "Group *:"
+send "dirsrv\r"
+expect "Please confirm this is the appropriate domain name space"
+send "yes\r"
+expect "The standard root dn we composed for you follows"
+send "yes\r"
+expect "Cyrus Administrator password *:"
+send "$LDAP_CYRUS_PASS\r"
+expect "Confirm Cyrus Administrator password:"
+send "$LDAP_CYRUS_PASS\r"
+expect "Kolab Service password *:"
+send "$LDAP_KOLAB_PASS\r"
+expect "Confirm Kolab Service password:"
+send "$LDAP_KOLAB_PASS\r"
+expect "What MySQL server are we setting up"
+send "2\r"
+expect "MySQL root password *:"
+send "$MYSQL_ROOT_PASS\r"
+expect "Confirm MySQL root password:"
+send "$MYSQL_ROOT_PASS\r"
+expect "MySQL kolab password *:"
+send "$MYSQL_KOLAB_PASS\r"
+expect "Confirm MySQL kolab password:"
+send "$MYSQL_KOLAB_PASS\r"
+expect "MySQL roundcube password *:"
+send "$MYSQL_ROUNDCUBE_PASS\r"
+expect "Confirm MySQL roundcube password:"
+send "$MYSQL_ROUNDCUBE_PASS\r"
+expect "Starting kolabd:"
+exit 0
+EOF
+
+ # Redirect to /webmail/ in apache
+ sed -i 's/^\(DocumentRoot \).*/\1"\/usr\/share\/roundcubemail\/public_html"/' /etc/httpd/conf/httpd.conf
+
+ #fix: Certificates changed by default from localhost.pem to key and crt
+ postconf -e smtpd_tls_key_file=/etc/pki/tls/private/localhost.key
+ postconf -e smtpd_tls_cert_file=/etc/pki/tls/certs/localhost.crt
+
+ echo "info: finished configuring Kolab"
+ else
+ echo "warn: Kolab already configured, skipping..."
+ fi
+
+}
+
+configure_nginx()
+{
+ if [ "$(grep -c "^[^;]*nginx" /etc/supervisord.conf)" == "0" ] ; then
+ echo "info: start configuring nginx"
+
+ sed -i '/^\[kolab_wap\]/,/^\[/ { x; /^$/ !{ x; H }; /^$/ { x; h; }; d; }; x; /^\[kolab_wap\]/ { s/\(\n\+[^\n]*\)$/\napi_url = https:\/\/'$(hostname -f)'\/kolab-webadmin\/api\1/; p; x; p; x; d }; x' /etc/kolab/kolab.conf
+
+ sed -i "s/\$config\['assets_path'\] = '.*';/\$config\['assets_path'\] = '\/assets\/';/g" /etc/roundcubemail/config.inc.php
+
+ # Comment apache
+ sed -i --follow-symlinks '/^[^;]*httpd/s/^/;/' /etc/supervisord.conf
+ # Uncoment nginx and php-fpm
+ sed -i --follow-symlinks '/^;.*nginx/s/^;//' /etc/supervisord.conf
+ sed -i --follow-symlinks '/^;.*php-fpm/s/^;//' /etc/supervisord.conf
+
+ sed -i -e "/server_name /c\ server_name $(hostname -f);" /etc/nginx/conf.d/default.conf
+
+ echo "info: finished configuring nginx"
+ else
+ echo "warn: nginx already configured, skipping..."
+ fi
+}
+
+configure_nginx_cache()
+{
+ if [[ $(grep -c open_file_cache /etc/nginx/nginx.conf) == 0 ]] ; then
+ echo "info: start configuring nginx cacheing"
+
+ #Adding open file cache to nginx
+ sed -i '/include \/etc\/nginx\/conf\.d\/\*.conf;/{
+ a \ open_file_cache max=16384 inactive=5m;
+ a \ open_file_cache_valid 90s;
+ a \ open_file_cache_min_uses 2;
+ a \ open_file_cache_errors on;
+ }' /etc/nginx/nginx.conf
+
+ sed -i '/include \/etc\/nginx\/conf\.d\/\*.conf;/{
+ a \ fastcgi_cache_key "$scheme$request_method$host$request_uri";
+ a \ fastcgi_cache_use_stale error timeout invalid_header http_500;
+ a \ fastcgi_cache_valid 200 302 304 10m;
+ a \ fastcgi_cache_valid 301 1h;
+ a \ fastcgi_cache_min_uses 2;
+ }' /etc/nginx/nginx.conf
+
+ sed -i '1ifastcgi_cache_path /var/lib/nginx/fastcgi/ levels=1:2 keys_zone=key-zone-name:16m max_size=256m inactive=1d;' /etc/nginx/conf.d/default.conf
+
+ sed -i '/error_log/a \ fastcgi_cache key-zone-name;' /etc/nginx/conf.d/default.conf
+
+ echo "info: finished configuring nginx caching"
+ else
+ echo "warn: nginx cacheing already configured, skipping..."
+ fi
+}
+
+configure_spam_sieve()
+{
+ if [[ $(grep -c \$final_spam_destiny.*D_PASS /etc/amavisd/amavisd.conf) == 0 ]] ; then
+ echo "info: start configuring spam sieve"
+
+ sed -i '/^[^#]*$sa_spam_subject_tag/s/^/#/' /etc/amavisd/amavisd.conf
+ sed -i 's/^\($final_spam_destiny.*= \).*/\1D_PASS;/' /etc/amavisd/amavisd.conf
+
+ # Create default sieve script
+ mkdir -p /var/lib/imap/sieve/global/
+ cat > /var/lib/imap/sieve/global/default.script << EOF
+require "fileinto";
+if header :contains "X-Spam-Flag" "YES"
+{
+ fileinto "Spam";
+}
+EOF
+ # Compile it
+ /usr/lib/cyrus-imapd/sievec /var/lib/imap/sieve/global/default.script /var/lib/imap/sieve/global/default.bc
+
+ # Uncoment set_default_sieve
+ sed -i --follow-symlinks '/^;.*set_default_sieve/s/^;//' /etc/supervisord.conf
+
+ echo "info: finished configuring amavis"
+ else
+ echo "warn: spam sieve already configured, skipping..."
+ fi
+}
+
+configure_certs()
+{
+ if [ `find $CERT_PATH -prune -empty` ] ; then
+ echo "warn: no certificates found in $CERT_PATH fallback to /etc/pki/tls/kolab"
+ export CERT_PATH="/etc/pki/tls/kolab"
+ domain_cers=${CERT_PATH}/$(hostname -f)
+ else
+ domain_cers=`echo ${CERT_PATH}/* | awk '{print $1}'`
+ fi
+
+ certificate_path=${domain_cers}/cert.pem
+ privkey_path=${domain_cers}/privkey.pem
+ chain_path=${domain_cers}/chain.pem
+ fullchain_path=${domain_cers}/fullchain.pem
+
+ if [ ! -f "$certificate_path" ] || [ ! -f "$privkey_path" ] ; then
+ echo "info: start generating certificate"
+ mkdir -p ${domain_cers}
+
+ # Generate key and certificate
+ openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 \
+ -subj "/CN=$(hostname -f)" \
+ -keyout $privkey_path \
+ -out $certificate_path
+
+ # Set access rights
+ chown -R root:mail ${domain_cers}
+ chmod 750 ${domain_cers}
+ chmod 640 ${domain_cers}/*
+
+ echo "info: generating certificate finished"
+ fi
+
+ # Configure apache for SSL
+ sed -i -e "/[^#]SSLCertificateFile /c\SSLCertificateFile $certificate_path" /etc/httpd/conf.d/ssl.conf
+ sed -i -e "/[^#]SSLCertificateKeyFile /c\SSLCertificateKeyFile $privkey_path" /etc/httpd/conf.d/ssl.conf
+ if [ -f "$chain_path" ]; then
+ if `sed 's/#.*$//g' /etc/httpd/conf.d/ssl.conf | grep -q SSLCertificateChainFile` ; then
+ sed -e "/[^#]*SSLCertificateChainFile: /cSSLCertificateChainFile: $chain_path" /etc/httpd/conf.d/ssl.conf
+ else
+ sed -i -e "/[^#]*SSLCertificateFile/aSSLCertificateChainFile: $chain_path" /etc/httpd/conf.d/ssl.conf
+ fi
+ else
+ sed -i -e "/SSLCertificateChainFile/d" /etc/httpd/conf.d/ssl.conf
+ fi
+
+ # Configuration nginx for SSL
+ if [ -f "$fullchain_path" ]; then
+ sed -i -e "/ssl_certificate /c\ ssl_certificate $fullchain_path;" /etc/nginx/conf.d/default.conf
+ else
+ sed -i -e "/ssl_certificate /c\ ssl_certificate $certificate_path;" /etc/nginx/conf.d/default.conf
+ fi
+ sed -i -e "/ssl_certificate_key/c\ ssl_certificate_key $privkey_path;" /etc/nginx/conf.d/default.conf
+
+ #Configure Cyrus for SSL
+ sed -r -i --follow-symlinks \
+ -e "s|^tls_server_cert:.*|tls_server_cert: $certificate_path|g" \
+ -e "s|^tls_server_key:.*|tls_server_key: $privkey_path|g" \
+ /etc/imapd.conf
+
+ if [ -f "$chain_path" ]; then
+ if grep -q tls_server_ca_file /etc/imapd.conf ; then
+ sed -i --follow-symlinks -e "s|^tls_server_ca_file:.*|tls_server_ca_file: $chain_path|g" /etc/imapd.conf
+ else
+ sed -i --follow-symlinks -e "/tls_server_cert/atls_server_ca_file: $chain_path" /etc/imapd.conf
+ fi
+ else
+ sed -i --follow-symlinks -e "/^tls_server_ca_file/d" /etc/httpd/conf.d/ssl.conf
+ fi
+
+ #Configure Postfix for SSL
+ postconf -e smtpd_tls_key_file=$privkey_path
+ postconf -e smtpd_tls_cert_file=$certificate_path
+ if [ -f "$chain_path" ]; then
+ postconf -e smtpd_tls_CAfile=$chain_path
+ else
+ postconf -e smtpd_tls_CAfile=
+ fi
+
+}
+
+configure_force_https()
+{
+ if [ "$(grep -c 'RewriteRule ^(.*)$ https://%{HTTP_HOST}' /etc/httpd/conf/httpd.conf)" == "0" ] ; then
+ echo "info: start configuring force https"
+
+ cat >> /etc/httpd/conf/httpd.conf << EOF
+
+<VirtualHost _default_:80>
+ RewriteEngine On
+ RewriteRule ^(.*)$ https://%{HTTP_HOST}\$1 [R=301,L]
+</VirtualHost>
+EOF
+
+ #sed -i -z 's|include /etc/nginx/kolab.conf;|location / {\n return 301 https://$server_name$request_uri;\n }|' /etc/nginx/conf.d/default.conf
+ sed -i -e '10s|include /etc/nginx/kolab.conf;|location / {\n return 301 https://$server_name$request_uri;\n }|' /etc/nginx/conf.d/default.conf
+
+ echo "info: finished configuring force https"
+ else
+ echo "warn: force https already configured, skipping..."
+ fi
+
+ echo "info: start configuring SSL"
+ #Configure kolab-cli for SSL
+ sed -r -i \
+ -e '/api_url/d' \
+ -e "s#\[kolab_wap\]#[kolab_wap]\napi_url = https://$(hostname -f)/kolab-webadmin/api#g" \
+ /etc/kolab/kolab.conf
+
+ #Configure Roundcube for SSL
+ sed -i -e 's/http:/https:/' /etc/roundcubemail/libkolab.inc.php
+ sed -i -e 's/http:/https:/' /etc/roundcubemail/kolab_files.inc.php
+ sed -i -e '/^?>/d' /etc/roundcubemail/config.inc.php
+
+ # Tell the webclient the SSL iRony URLs for CalDAV and CardDAV
+ if [ "$(grep -c "calendar_caldav_url" /etc/roundcubemail/config.inc.php)" == "0" ] ; then
+ cat >> /etc/roundcubemail/config.inc.php << EOF
+# caldav/webdav
+\$config['calendar_caldav_url'] = "https://%h/iRony/calendars/%u/%i";
+\$config['kolab_addressbook_carddav_url'] = 'https://%h/iRony/addressbooks/%u/%i';
+EOF
+ fi
+
+ if [ "$(grep -c "force_https" /etc/roundcubemail/config.inc.php)" == "0" ] ; then
+ # Redirect all http traffic to https
+ cat >> /etc/roundcubemail/config.inc.php << EOF
+# Force https redirect for http requests
+\$config['force_https'] = true;
+EOF
+ fi
+
+ echo "info: finished configuring SSL"
+}
+
+configure_fail2ban()
+{
+ if [ "$(grep -c "^[^;]*fail2ban" /etc/supervisord.conf)" == "0" ] ; then
+ echo "info: start configuring Fail2ban"
+
+ touch /var/log/kolab-syncroton/userlogins
+ touch /var/log/chwala/userlogins
+ touch /var/log/iRony/userlogins
+
+ # Uncoment fail2ban
+ sed -i --follow-symlinks '/^;.*fail2ban/s/^;//' /etc/supervisord.conf
+
+ echo "info: finished configuring Fail2ban"
+ else
+ echo "warn: Fail2ban already configured, skipping..."
+ fi
+}
+
+configure_dkim()
+{
+ if [ "$(grep -c -ve "^#\|^[[:space:]]*$" /etc/opendkim/KeyTable )" == "0" ] ; then
+ echo "info: start configuring OpenDKIM"
+
+ opendkim-genkey -D /etc/opendkim/keys/ -d $(hostname -d) -s $(hostname -s)
+
+ chgrp opendkim /etc/opendkim/keys/*
+ chmod g+r /etc/opendkim/keys/*
+
+ sed -i "/^127\.0\.0\.1\:[10025|10027].*smtpd/a \ -o receive_override_options=no_milters" /etc/postfix/master.cf
+
+ sed -i --follow-symlinks 's/^\(^Mode\).*/\1 sv/' /etc/opendkim.conf
+
+ cat >> /etc/opendkim.conf <<EOF
+KeyTable /etc/opendkim/KeyTable
+SigningTable /etc/opendkim/SigningTable
+X-Header yes
+EOF
+
+ echo $(hostname -f | sed s/\\./._domainkey./) $(hostname -d):$(hostname -s):$(ls /etc/opendkim/keys/*.private) | cat >> /etc/opendkim/KeyTable
+ echo $(hostname -d) $(echo $(hostname -f) | sed s/\\./._domainkey./) | cat >> /etc/opendkim/SigningTable
+
+ postconf -e milter_default_action=accept
+ postconf -e milter_protocol=2
+ postconf -e smtpd_milters=inet:localhost:8891
+ postconf -e non_smtpd_milters=inet:localhost:8891
+
+ # Uncoment opendkim
+ sed -i --follow-symlinks '/^;.*opendkim/s/^;//' /etc/supervisord.conf
+
+ echo "info: finished configuring OpenDKIM"
+ else
+ echo "warn: OpenDKIM already configured, skipping..."
+ fi
+}
+
+kolab_rcpt_policy_off()
+{
+ if [ "$(grep -c "daemon_rcpt_policy = False" /etc/kolab/kolab.conf)" == "0" ] ; then
+
+ echo "info: start disabling recipient policy"
+ if [ "$(grep -c "daemon_rcpt_policy" /etc/kolab/kolab.conf)" == "0" ] ; then
+ sed -i -e '/\[kolab\]/a\daemon_rcpt_policy = False' /etc/kolab/kolab.conf
+ else
+ sed -i -e '/daemon_rcpt_policy/c\daemon_rcpt_policy = False' /etc/kolab/kolab.conf
+ fi
+ echo "info: finished disabling recipient policy"
+ fi
+}
+
+kolab_default_locale()
+{
+ echo "info: start configuring kolab default locale"
+ sed -i -e '/default_locale/c\default_locale = '$KOLAB_DEFAULT_LOCALE /etc/kolab/kolab.conf
+ echo "info: finished configuring kolab default locale"
+}
+
+configure_size()
+{
+ echo "info: start configuring sizes"
+ sed -i --follow-symlinks -e '/memory_limit/c\memory_limit = '$MAX_MEMORY_SIZE /etc/php.ini
+ sed -i --follow-symlinks -e '/upload_max_filesize/c\upload_max_filesize = '$MAX_FILE_SIZE /etc/php.ini
+ sed -i --follow-symlinks -e '/post_max_size/c\post_max_size = '$MAX_MAIL_SIZE /etc/php.ini
+ #sed -i -e '/php_value post_max_size/c\php_value post_max_size '$MAX_MAIL_SIZE /usr/share/chwala/public_html/.htaccess
+ #sed -i -e '/php_value upload_max_filesize/c\php_value upload_max_filesize '$MAX_FILE_SIZE /usr/share/chwala/public_html/.htaccess
+ sed -i -e '/client_max_body_size/c\ client_max_body_size '$MAX_BODY_SIZE';' /etc/nginx/conf.d/default.conf
+
+ # Convert megabytes to bytes for postfix
+ if [[ $MAX_MAIL_SIZE == *"M" ]] ; then MAX_MAIL_SIZE=$[($(echo $MAX_MAIL_SIZE | sed 's/[^0-9]//g'))*1024*1024] ; fi
+ if [[ $MAX_MAILBOX_SIZE == *"M" ]] ; then MAX_MAILBOX_SIZE=$[($(echo $MAX_MAILBOX_SIZE | sed 's/[^0-9]//g'))*1024*1024] ; fi
+ postconf -e message_size_limit=$MAX_MAIL_SIZE
+ postconf -e mailbox_size_limit=$MAX_MAILBOX_SIZE
+ echo "info: finished configuring sizes"
+}
+
+roundcube_skin()
+{
+ echo "info: start configuring roundcube skin"
+ sed -i "s/\$config\['skin'\] = '.*';/\$config\['$ROUNDCUBE_SKIN'\] = 'larry';/g" /etc/roundcubemail/config.inc.php
+ echo "info: finished configuring roundcube skin"
+}
+
+roundcube_zipdownload()
+{
+ if [ "$(grep -c "zipdownload" /etc/roundcubemail/config.inc.php)" == "0" ] ; then
+ echo "info: start configuring zipdownload plugin"
+ sed -i "/'contextmenu',/a \ 'zipdownload'," /etc/roundcubemail/config.inc.php
+ echo "info: finished configuring zipdownload plugin"
+ else
+ echo "warn: zipdownload plugin already configured, skipping..."
+ fi
+}
+
+roundcube_trash_folder()
+{
+ echo "info: start configuring trash folder istead flaging"
+ sed -i "s/\$config\['skip_deleted'\] = '.*';/\$config\['skip_deleted'\] = 'false';/g" /etc/roundcubemail/config.inc.php
+ sed -i "s/\$config\['flag_for_deletion'\] = '.*';/\$config\['flag_for_deletion'\] = 'false';/g" /etc/roundcubemail/config.inc.php
+ echo "info: finished configuring trash folder istead flaging"
+}
+
+postfix_milter()
+{
+ if [ "$(grep "smtpd_milters" /etc/postfix/main.cf | grep -cv localhost)" == "0" ] ; then
+
+ echo "info: start configuring another milter"
+
+ #Reconfigure OpenDKIM
+ if [ "$(postconf smtpd_milters | grep -c inet:localhost:8891)" != "0" ] && [ "$(grep -c "smtpd_milters=inet:localhost:8891" /etc/postfix/master.cf)" == "0" ] ; then
+ sed -i "/^127\.0\.0\.1\:10027.*smtpd/a \ -o smtpd_milters=inet:localhost:8891" /etc/postfix/master.cf
+ sed -i "/^127\.0\.0\.1\:10027.*smtpd/a \ -o milter_protocol=2" /etc/postfix/master.cf
+ fi
+
+ postconf -e milter_protocol=$EXT_MILTER_PROTO
+ postconf -e smtpd_milters=$EXT_MILTER_ADDR
+ postconf -e non_smtpd_milters=$EXT_MILTER_ADDR
+ postconf -e content_filter=smtp-wallace:[127.0.0.1]:10026
+
+ #Disable amavis
+ awk '/smtp-amavis/{f=1} !NF{f=0} f{$0="#" $0} 1' /etc/postfix/master.cf > /tmp/master.cf.tmp
+ awk '/127.0.0.1:10025/{f=1} !NF{f=0} f{$0="#" $0} 1' /tmp/master.cf.tmp > /etc/postfix/master.cf
+ rm -f /tmp/master.cf.tmp
+
+ sed -i '/^[^#].*receive_override_options=no_milters/d' /etc/postfix/master.cf
+
+ # Comment amavis and clamd
+ sed -i --follow-symlinks '/^[^;]*amavisd/s/^/;/' /etc/supervisord.conf
+ sed -i --follow-symlinks '/^[^;]*clamd/s/^/;/' /etc/supervisord.conf
+
+ echo "info: finished configuring another milter"
+ fi
+}
+
+stop_services()
+{
+ echo "info: stopping services"
+ services=(
+ amavisd
+ clamd
+ cyrus-imapd
+ dirsrv
+ fail2ban
+ httpd
+ kolabd
+ kolab-saslauthd
+ mysqld
+ nginx
+ opendkim
+ php-fpm
+ postfix
+ rsyslog
+ wallace
+ )
+ for i in "${services[@]}"; do service $i stop; done
+
+ #Kill Apache
+ pkill httpd
+
+ echo "info: finished stopping services"
+}
+
+start_services()
+{
+ echo "info: Starting services"
+ crond
+ tail -f -n 0 /var/log/maillog &
+ /usr/bin/supervisord
+}
+
+if [ 0 -ne 0 ]; then
+
+ [ -d /data/etc/dirsrv/slapd-* ] || export FIRST_SETUP=true #Check for first setup
+
+ load_defaults
+ set_timezone
+ [ "$FIRST_SETUP" = true ] && move_dirs
+ link_dirs
+ [ "$FIRST_SETUP" = true ] && configure_kolab
+
+ [ "$WEBSERVER" = "nginx" ] && configure_nginx
+ [ "$NGINX_CACHE" = true ] && configure_nginx_cache
+ [ "$SPAM_SIEVE" = true ] && configure_spam_sieve
+ configure_certs
+ [ "$FORCE_HTTPS" = true ] && configure_force_https
+ [ "$FAIL2BAN" = true ] && configure_fail2ban
+ [ "$DKIM" = true ] && configure_dkim
+ [ "$KOLAB_RCPT_POLICY" = false ] && kolab_rcpt_policy_off
+ [ ! -z "$KOLAB_DEFAULT_LOCALE" ] && kolab_default_locale
+ configure_size
+ [ ! -z "$ROUNDCUBE_SKIN" ] && roundcube_skin
+ [ "$ROUNDCUBE_ZIPDOWNLOAD" = true ] && roundcube_zipdownload
+ [ "$ROUNDCUBE_TRASH" = true ] && roundcube_trash_folder
+ [ ! -z "$EXT_MILTER_ADDR" ] && postfix_milter
+ [ "$FIRST_SETUP" = true ] && stop_services
+
+ start_services
+
+fi
diff --git a/99-ucs-4.1/service-wrapper.sh b/99-ucs-4.1/service-wrapper.sh
new file mode 100755
index 0000000..64d1df5
--- /dev/null
+++ b/99-ucs-4.1/service-wrapper.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Check first parameter
+if [ -z $1 ]; then
+ echo "Service is not set"
+ exit 1
+fi
+
+# Set trap and start service
+trap "{ service $1 stop; exit 0; }" EXIT
+service $1 start
+
+# Set output to log-file and grep it
+if [ -z $2 ]; then
+ sleep infinity
+else
+ if [ -z $3 ]; then
+ tail -f -n1 $2
+ else
+ tail -f -n1 $2 | grep $3
+ fi
+fi