github.com/tiredofit/docker-kopano

About

This will build a container for the Kopano Core Groupware suite.

Automatic configuration of various services
Automatic certificate and CA generation
Configured for LDAP usage, no other backend
Kopano Core (backup, dagent, gateway, ical, monitor, server, spamd, spooler, webapp)
Various Webapp plugins installed
Prometheus Exporter included for statistics
Z-Push for CalDAV,CardDAV
Fail2ban included for blocking attackers
Everything configurable via environment variables
This Container uses a customized Debian Linux base which includes s6 overlay enabled for PID 1 Init capabilities, zabbix-agent for individual container monitoring, Cron also installed along with other tools (bash,curl, less, logrotate, nano) for easier management. It also supports sending to external SMTP servers.
This container also relies on customized Nginx base and a customized PHP-FPM base. Each of the above images have their own unique configuration settings that are carried over to this image.

This is an incredibly complex piece of software that will tries to get you up and running with sane defaults, you will need to switch eventually over to manually configuring the configuration file when depending on your usage case. My defaults do not necessary follow the normal defaults as per the instruction manuals. This is intended as a preview for peer review

Changelog

Maintainer

Dave Conroy

Introduction
- Changelog
Prerequisites
Installation
Quick Start
Configuration
Maintenance
- Shell Access

Prerequisites and Assumptions

This image assumes that you are using a reverse proxy such as jwilder/nginx-proxy and optionally the Let's Encrypt Proxy Companion @ https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion, or Traefik (preferred) in order to serve your pages. However, it will run just fine on it's own if you map appropriate ports.

You will also need an external MySQL/MariaDB Container.

Installation

Automated builds of the image are available on Docker Hub and is the recommended method of installation.

docker pull tiredofit/kopano:latest

Quick Start

The quickest way to get started is using docker-compose. See the examples folder for a working docker-compose.yml that can be modified for development or production use.
Set various environment variables to understand the capabiltiies of this image.
Map persistent storage for access to configuration and data files for backup.

Configuration

Persistent Storage

The following directories are used for configuration and can be mapped for persistent storage.

Directory	Description
`/certs`	Certificates for services and CA. Do not mount your external certificates here say from Letsencrypt
`/config/`	If you wish to use your own configuration files with `SETUP_TYPE=MANUAL` map this.
`/data/`	Persistent Data for services
`/logs/`	Logfiles for various services (Fail2ban, Kopano, Nginx, Z-Push)

Environment Variables

Along with the Environment Variables from the Base image, Nginx image, and PHP-FPM,below is the complete list of available options that can be used to customize your installation.

There are over 550 environment variables that can be set - They will be added/updated as image becomes stable.

General Options

Parameter	Description	Default
`SETUP_TYPE`	`MANUAL` or `AUTO` to auto generate cofniguration for services on bootup, otherwise let admin control configuration.	`AUTO`
`MODE`	Container Mode - Which services to use - Multiple modes can occur by seperating with comma e.g. `DAGENT,SPAMD`	`CORE`
	Options (not all will work on their own, you may need multiple modes defined):
	`AIO` All in one - Kopano Core, Webapp, Zpush, Konnect
	`Core` Autorespond, Backup, Dagent, Gateway, ICAL, KDAV, Monitor, Server, Spamd, Spooler, Webapp, Z-Push
	`WEB` Webapp, Z-Push
	`AUTORESPOND` - Autoresponder
	`BACKUP` - Backup
	`DAGENT` - DAgent
	`GATEWAY` - Gateway
	`ICAL` - ICAL
	`KDAV` - KDAV
	`MIGRATOR` - Gateway with Migration mode active (no authentication)
	`MONITOR` - Monitor
	`SERVER` - Server
	`PROMETHEUS_EXPORTER` - Prometheus Exporter
	`SPAMD` - Spamd
	`SPOOLER` - Spooler
	`WEBAPP` - Webapp
	`ZPUSH` - ZPush
	`ZPUSH_AUTODISCOVER` - ZPush
`CONFIG_PATH`	Where to store configuration files	`/config/`
`ENABLE_COREDUMPS`	Enable Coredumps for services	`FALSE`
`STATS_INTERVAL`	If sending statistics to StatsD or using Prometheus Exporter, interval to send in seconds	`59`

Logging Options

Parameter	Description	Default
`LOG_PATH_KOPANO`	Logfiles for Kopano Services	`/logs/kopano/`
`LOG_PATH_WEBAPP`	Logfiles for Kopano Webapp Users	`/logs/kopano/webapp-users`
`LOG_PATH_ZPUSH`	Logfiles for Z-Push	`/logs/zpush/`
`LOG_TYPE`	Log to `FILE` or `CONSOLE`	`FILE`
`LOG_TIMESTAMPS`	Include timestamps in logs	`TRUE`
`LOG_LEVEL`	Logging Level `NONE` `CRITICAL` `ERROR` `WARN` `NOTICE` `INFO` `DEBUG` `ERROR`	`INFO`

LDAP Settings

Depending on your LDAP Server type (Active Directory) or OpenLDAP this tool will generate specific options for the schema. Below are the standard settings regardless of LDAP Type.

This image also works well with the Fusion Directory Plugin which uses OpenLDAP as a backend. Choosing this option with LDAP_TYPE will set values that are compatible with this plugin.

Parameter	Description	Default
`LDAP_TYPE`	Type of LDAP Server for defaults `AD` `OPENLDAP` `FUSIONDIRECTORY`	`OPENLDAP`
`LDAP_ATTRIBUTE_ADDRESSBOOK_HIDDEN`		`kopanoHidden`
`LDAP_ATTRIBUTE_ADDRESSLIST_FILTER`		`kopanoFilter`
`LDAP_ATTRIBUTE_ADDRESSLIST_NAME`		`cn`
`LDAP_ATTRIBUTE_ADDRESSLIST_SEARCH_BASE`		`kopanoBase`
`LDAP_ATTRIBUTE_COMPANY_ADMIN_RELATION`		``
`LDAP_ATTRIBUTE_COMPANY_ADMIN`		`kopanoAdminPrivilege`
`LDAP_ATTRIBUTE_COMPANY_NAME`		`ou`
`LDAP_ATTRIBUTE_COMPANY_SYSADMIN_RELATION`		``
`LDAP_ATTRIBUTE_COMPANY_SYSADMIN`		`kopanoSystemAdmin`
`LDAP_ATTRIBUTE_COMPANY_VIEW`		`kopanoViewPrivilege`
`LDAP_ATTRIBUTE_COMPANY_VIEW`		`kopanoViewPrivilege`
`LDAP_ATTRIBUTE_DYNAMICGROUP_FILTER`		`kopanoFilter`
`LDAP_ATTRIBUTE_DYNAMICGROUP_NAME`		`cn`
`LDAP_ATTRIBUTE_DYNAMICGROUP_SEARCH_BASE`		`kopanoBase`
`LDAP_ATTRIBUTE_DYNAMICGROUP_UNIQUE`		`cn`
`LDAP_ATTRIBUTE_EMAIL_ADDRESS`		`mail`
`LDAP_ATTRIBUTE_FULLNAME`		`cn`
`LDAP_ATTRIBUTE_GROUP_NAME`		`cn`
`LDAP_ATTRIBUTE_ISADMIN`		`kopanoAdmin`
`LDAP_ATTRIBUTE_MULTIUSER_ADDRESS`		`ipHostNumber`
`LDAP_ATTRIBUTE_MULTIUSER_COMPANY_SERVER`		`kopanoCompanyServer`
`LDAP_ATTRIBUTE_MULTIUSER_LDAP_SERVER_CONTAINS_PUBLIC`		`kopanoContainsPublic`
`LDAP_ATTRIBUTE_MULTIUSER_LDAP_SERVER_FILE_PATH`		`kopanoFilePath`
`LDAP_ATTRIBUTE_MULTIUSER_LDAP_SERVER_HTTP_PORT`		`kopanoHttpPort`
`LDAP_ATTRIBUTE_MULTIUSER_LDAP_SERVER_HTTPS_PORT`		`kopanoSslPort`
`LDAP_ATTRIBUTE_MULTIUSER_LDAP_SERVER_PROXY_URL`		`kopanoProxyURL`
`LDAP_ATTRIBUTE_MULTIUSER_USER_SERVER`		`kopanoUserServer`
`LDAP_ATTRIBUTE_NONACTIVE`		`kopanoSharedStoreOnly`
`LDAP_ATTRIBUTE_QUOTA_COMPANYWARNING_RECIPIENTS_RELATION`		``
`LDAP_ATTRIBUTE_QUOTA_COMPANYWARNING_RECIPIENTS`		`kopanoQuotaCompanyWarningRecipients`
`LDAP_ATTRIBUTE_QUOTA_HARD`		`kopanoQuotaHard`
`LDAP_ATTRIBUTE_QUOTA_OVERRIDE`		`kopanoQuotaOverride`
`LDAP_ATTRIBUTE_QUOTA_SOFT`		`kopanoQuotaSoft`
`LDAP_ATTRIBUTE_QUOTA_USERDEFAULT_HARD`		`kopanoUserDefaultQuotaHard`
`LDAP_ATTRIBUTE_QUOTA_USERDEFAULT_OVERRIDE`		`kopanoDefaultQuotaOverride`
`LDAP_ATTRIBUTE_QUOTA_USERDEFAULT_SOFT`		`kopanoUserDefaultQuotaSoft`
`LDAP_ATTRIBUTE_QUOTA_USERDEFAULT_WARN`		`kopanoUserDefaultQuotaWarn`
`LDAP_ATTRIBUTE_QUOTA_USERWARNING_RECIPIENTS_RELATION`		``
`LDAP_ATTRIBUTE_QUOTA_USERWARNING_RECIPIENTS`		`kopanoQuotaUserWarningRecipients`
`LDAP_ATTRIBUTE_QUOTA_WARN`		`kopanoQuotaWarn`
`LDAP_ATTRIBUTE_QUOTA_WARN`		`kopanoQuotaWarn`
`LDAP_ATTRIBUTE_RESOURCECAPACITY`		`kopanoResourceCapacity`
`LDAP_ATTRIBUTE_RESOURCETYPE`		`kopanoResourceType`
`LDAP_ATTRIBUTE_SENDAS`		`kopanoSendAsPrivilege`
`LDAP_ATTRIBUTE_TYPE_ADDRESSLIST_UNIQUE`		`text`
`LDAP_ATTRIBUTE_TYPE_DYNAMICGROUP_UNIQUE`		`text`
`LDAP_ATTRIBUTE_USER_UNIQUE`	Unique ID for user
`LDAP_AUTHENTICATION_METHOD`		`bind`
`LDAP_BASE_DN`	Base Distringuished Name
`LDAP_BIND_DN`	User to Bind to LDAP
`LDAP_BIND_PASS`	Password for Above Bind User
`LDAP_FILE_PROPMAP`		`ldap-propmap.cfg`
`LDAP_FILTER_ADDRESSLIST_SEARCH`		``
`LDAP_FILTER_CUTOFF_ELEMENTS`		`1000`
`LDAP_FILTER_DYNAMICGROUP_SEARCH`		``
`LDAP_FILTER_USER_SEARCH`	Filter for searching for a user
`LDAP_HOST`	URI for LDAP Server - Can include port number
`LDAP_OBJECT_ATTRIBUTE_TYPE_ADDRESSLIST`		`kopano-addresslist`
`LDAP_OBJECT_ATTRIBUTE_TYPE_COMPANY`		`organizationalUnit`
`LDAP_OBJECT_ATTRIBUTE_TYPE_GROUP`	Object Name for Kopano Users	``
`LDAP_OBJECT_ATTRIBUTE_TYPE_USER`	Object Name for Kopano Users	`kopano-user`
`LDAP_OBJECT_ATTRIBUTE_TYPE`		`objectClass`
`LDAP_PAGE_SIZE`	Page size for LDAP Operations	`1000`
`LDAP_QUOTA_MULTIPLIER`		`1048576`
`LDAP_SCOPE`	Scope of searches	`sub`
`LDAP_STARTTLS`	Use StartTLS when connecting to `LDAP_HOST`	`FALSE`
`LDAP_TIMEOUT`	Timeout in seconds for operations	`30`

Active Directory

Parameter	Description	Default
`LDAP_ATTRIBUTE_ADDRESSLIST_UNIQUE`		`cn`
`LDAP_ATTRIBUTE_COMPANY_ADMIN`		`dn`
`LDAP_ATTRIBUTE_COMPANY_UNIQUE`		`objectGUID`
`LDAP_ATTRIBUTE_EMAIL_ALIASES`		`otherMailbox`
`LDAP_ATTRIBUTE_GROUP_MEMBERS_RELATION`		``
`LDAP_ATTRIBUTE_GROUP_MEMBERS`		`member`
`LDAP_ATTRIBUTE_GROUP_SECURITY`		`groupType`
`LDAP_ATTRIBUTE_GROUP_UNIQUE`		`objectSid`
`LDAP_ATTRIBUTE_LAST_MODIFICATION`		`uSNChanged`
`LDAP_ATTRIBUTE_LOGINNAME`		`sAMAccountName`
`LDAP_ATTRIBUTE_PASSWORD`		`unicodePwd`
`LDAP_ATTRIBUTE_SENDAS_RELATION`		`distinguishedName`
`LDAP_ATTRIBUTE_TYPE_COMPANY_SYSADMIN`		`dn`
`LDAP_ATTRIBUTE_TYPE_COMPANY_UNIQUE`		`binary`
`LDAP_ATTRIBUTE_TYPE_COMPANY_VIEW`		`dn`
`LDAP_ATTRIBUTE_TYPE_GROUP_MEMBERS`		`binary`
`LDAP_ATTRIBUTE_TYPE_GROUP_SECURITY`		`ads`
`LDAP_ATTRIBUTE_TYPE_GROUP_UNIQUE`		`binary`
`LDAP_ATTRIBUTE_TYPE_QUOTA_COMPANYWARNING_RECIPIENTS`		`dn`
`LDAP_ATTRIBUTE_TYPE_QUOTA_USERWARNING_RECIPIENTS`		`dn`
`LDAP_ATTRIBUTE_TYPE_SENDAS`		`dn`
`LDAP_ATTRIBUTE_TYPE_USER_UNIQUE`		`binary`
`LDAP_ATTRIBUTE_USER_CERTIFICATE`		`userCertificate`
`LDAP_ATTRIBUTE_USER_UNIQUE`		`objectGUID`
`LDAP_OBJECT_ATTRIBUTE_TYPE_CONTACT`		`contact`
`LDAP_OBJECT_ATTRIBUTE_TYPE_DYNAMICGROUP`		`kopanoDyanmicGroup`
`LDAP_OBJECT_ATTRIBUTE_TYPE_GROUP`		`group`
`LDAP_OBJECT_ATTRIBUTE_TYPE_SERVER`		`computer`
`LDAP_OBJECT_ATTRIBUTE_TYPE_USER`		`user`
`LDAP_QUOTA_MULTIPLIER`		`1048576`

OpenLDAP

Parameter	Description	Default
`LDAP_ATTRIBUTE_ADDRESSLIST_UNIQUE`		`cn`
`LDAP_ATTRIBUTE_COMPANY_UNIQUE`		`ou`
`LDAP_ATTRIBUTE_EMAIL_ALIASES`		`kopanoAliases`
`LDAP_ATTRIBUTE_GROUP_MEMBERS_RELATION`		`uid`
`LDAP_ATTRIBUTE_GROUP_MEMBERS`		`memberUid`
`LDAP_ATTRIBUTE_GROUP_SECURITY`		`kopanoSecurityGroup`
`LDAP_ATTRIBUTE_GROUP_UNIQUE`		`gidNumber`
`LDAP_ATTRIBUTE_LAST_MODIFICATION`		`modifyTimestamp`
`LDAP_ATTRIBUTE_LOGINNAME`		`uid`
`LDAP_ATTRIBUTE_MULTIUSER_SERVER_UNIQUE`		`CN`
`LDAP_ATTRIBUTE_MULTIUSER_SERVER_UNIQUE`		`cn`
`LDAP_ATTRIBUTE_PASSWORD`		`userPassword`
`LDAP_ATTRIBUTE_SENDAS_RELATION`		``
`LDAP_ATTRIBUTE_TYPE_COMPANY_ADMIN`		`text`
`LDAP_ATTRIBUTE_TYPE_COMPANY_SYSADMIN`		`text`
`LDAP_ATTRIBUTE_TYPE_COMPANY_UNIQUE`		`text`
`LDAP_ATTRIBUTE_TYPE_COMPANY_VIEW`		`text`
`LDAP_ATTRIBUTE_TYPE_GROUP_MEMBERS`		`text`
`LDAP_ATTRIBUTE_TYPE_GROUP_SECURITY`		`boolean`
`LDAP_ATTRIBUTE_TYPE_GROUP_UNIQUE`		`text`
`LDAP_ATTRIBUTE_TYPE_QUOTA_COMPANYWARNING_RECIPIENTS`		`text`
`LDAP_ATTRIBUTE_TYPE_QUOTA_USERWARNING_RECIPIENTS`		`text`
`LDAP_ATTRIBUTE_TYPE_SENDAS`		`text`
`LDAP_ATTRIBUTE_TYPE_USER_UNIQUE`		`text`
`LDAP_ATTRIBUTE_USER_CERTIFICATE`		`userCertificate;binary`
`LDAP_ATTRIBUTE_USER_UNIQUE`		`uidNumber`
`LDAP_FILTER_COMPANY_SEARCH`		``
`LDAP_FILTER_GROUP_SEARCH`		``
`LDAP_FILTER_MULTIUSER_SERVER_SEARCH`		``
`LDAP_FILTER_USER_SEARCH`		``
`LDAP_OBJECT_ATTRIBUTE_TYPE_CONTACT`		`kopano-contact`
`LDAP_OBJECT_ATTRIBUTE_TYPE_DYNAMICGROUP`		`kopano-dynamicgroup`
`LDAP_OBJECT_ATTRIBUTE_TYPE_GROUP`		`posixGroup`
`LDAP_OBJECT_ATTRIBUTE_TYPE_SERVER`		`ipHost`
`LDAP_OBJECT_ATTRIBUTE_TYPE_USER`		`posixAccount`
`LDAP_QUOTA_MULTIPLIER`		`1`

Fusion Directory (Openldap with custom values) (needs work)

In order to work with the Fusion Directory Plugin the following values are hardcoded:

Parameter	Description	Default
`LDAP_ATTRIBUTE_ADDRESSLIST_UNIQUE`		`entryUUID`
`LDAP_ATTRIBUTE_COMPANY_NAME`		`o`
`LDAP_ATTRIBUTE_COMPANY_UNIQUE`		`entryUUID`
`LDAP_ATTRIBUTE_DYNAMICGROUP_UNIQUE`		`entryUUID`
`LDAP_ATTRIBUTE_GROUP_MEMBERS`		`member`
`LDAP_ATTRIBUTE_GROUP_UNIQUE`		`entryUUID`
`LDAP_ATTRIBUTE_USER_UNIQUE`		`entryUUID`
`LDAP_FILTER_ADDRESSLIST_SEARCH`		`(&(objectClass=kopano-addresslist)(kopanoAccount=1))`
`LDAP_FILTER_COMPANY_SEARCH`		`(&(objectClass=kopano-company))`
`LDAP_FILTER_DYNAMICGROUP_SEARCH`		`(&(objectClass=kopano-dyanmicgroup)(kopanoAccount=1))`
`LDAP_FILTER_GROUP_SEARCH`		`(&(objectClass=kopano-group)(kopanoAccount=1))`
`LDAP_FILTER_MULTIUSER_SERVER_SEARCH`		`(&(objectClass=kopano-server))`
`LDAP_FILTER_USER_SEARCH`		`(&(objectClass=kopano-user)(kopanoAccount=1))`
`LDAP_OBJECT_ATTRIBUTE_TYPE_GROUP`		`kopano-group`
`LDAP_OBJECT_ATTRIBUTE_TYPE_USER`		`kopano-user`

Kopano Core

Autorespond Options

Parameter	Description	Default
`AUTORESPOND_AUTORESPOND_BCC`	Autorespond if on BCC	`FALSE`
`AUTORESPOND_AUTORESPOND_CC`	Autorespond if on CC	`FALSE`
`AUTORESPOND_AUTORESPOND_NORECIPIENTS`	Autorespond if no recipients visible	`FALSE`
`AUTORESPOND_COPY_TO_SENTMAIL`	Automatically copy autoresponse to Sent Mail	`TRUE`
`AUTORESPOND_FILE`	Autoresponder database	`autorespond.db`
`AUTORESPOND_PATH`	Where to store Autoresponder data	`/data/autorespond/`

Backup Options

Parameter	Description	Default
`BACKUP_LOG_LEVEL`	Override master `LOG_LEVEL` environment for this specific service
`BACKUP_SOCKET_SERVER`	What should service use to contact server	`${SOCKET_SERVER}`
`BACKUP_SSL_CERT_FILE`	Backup SSL Certificate File	`/certs/core/backup.crt`
`BACKUP_SSL_KEY_FILE`	Backup SSL Key File	`/certs/core/backup.pem`
`BACKUP_WORKER_PROCESSES`	Amount of processes for backup	`1`
`LOG_FILE_BACKUP`	Logfile Name	`backup.log`

Calendar Options (needs work)

Parameter	Description	Default
`CALENDAR_WEBROOT`		`/usr/share/kopano-calendar/calendar-webapp`

DAgent Options (needs work)

Parameter	Description	Default
`ENABLE_DAGENT`	Enable Service	`TRUE`
`DAGENT_ARCHIVE_ON_DELIVERY`	Archive messages on Delivery	`FALSE`
`DAGENT_ENABLE_FORWARD_WHITELIST`	Enable Forwarding to specific domains functionality via rules	`FALSE`
`DAGENT_ENABLE_PLUGIN`	Enable Plugin functionality	`FALSE`
`DAGENT_FORWARD_WHITELIST_DOMAINS_MESSAGE`	Rejection message to send when domain not in whitelist	`The Kopano mail system has rejected your request to forward your e-mail with subject %subject (via mail filters) to %sender: the operation is not permitted.\n\nRemove the rule or contact your administrator about the forward_whitelist_domains setting.`
`DAGENT_FORWARD_WHITELIST_DOMAINS_SUBJECT`	Subject when message forwearded not to whitelisted domain	`REJECT: %subject not forwarded (administratively blocked)`
`DAGENT_FORWARD_WHITELIST_DOMAINS`	Space seperated list of domains to allow automatic forwarding	`*`
`DAGENT_INSECURE_HTML_JOIN`		`FALSE`
`DAGENT_LISTEN_HOST`	LMTP Listen address (insecure)	`*`
`DAGENT_LISTEN_PORT`	LMTP Listen port (insecure)	`2003`
`DAGENT_LMTP_MAX_THREADS`	Maximum Threads to use for DAgent	`20`
`DAGENT_LOG_LEVEL`	Override master `LOG_LEVEL` environment for this specific service
`DAGENT_LOG_RAW_MESSAGES`	Log Raw Messages	`FALSE`
`DAGENT_NO_DOUBLE_FORWARD`	Do not create forward loops	`TRUE`
`DAGENT_PATH_PLUGIN`	Plugins Path	`/data/dagent/plugins/`
`DAGENT_PATH_RAW_MESSAGES`	Where to store logs for raw messages	`/data/dagent/raw_messages`
`DAGENT_SET_RULE_HEADERS`		`FALSE`
`DAGENT_SOCKET_SERVER`	What should service use to contact server	`${SOCKET_SERVER}`
`DAGENT_SPAM_HEADER_NAME`	What header to read for upstream Spam filtering	`X-Spam-Status`
`DAGENT_SSL_CERT_FILE`	DAgent SSL Certificate File	`/certs/core/dagent.crt`
`DAGENT_SSL_KEY_FILE`	DAgent SSL Key File	`/certs/core/dagent.pem`
`DAGENT_INHIBIT_FORWARD_HEADERS`	Inhibit forwarding with these headers seperated by space	`X-Kopano-Vacation Auto-Submitted`
`DAGENT_INHIBIT_AUTOREPLY_HEADERS`	Inhibit Autoreply with these headers message	See Below
	`X-Kopano-Vacation Auto-Submitted Precedence List-Id List-Help List-Subscribe`
	`List-Unsubscribe List-Post List-Owner List-Archive "X-Spam-Flag: YES" "X-Is-Junk: YES" X-AMAZON* X-LinkedIn*`

Database Options

Parameter	Description	Default
`DB_HOST`	Host or container name of MariaDB Server
`DB_PORT`	MariaDB Port	`3306`
`DB_NAME`	MariaDB Database name
`DB_USER`	MariaDB Username for above Database
`DB_PASS`	MariaDB Password for above Database

Gateway Options (needs work)

Parameter	Description	Default
`ENABLE_GATEWAY`	Enable Service	`TRUE`
`GATEWAY_BYPASS_AUTHENTICATION_ADMIN`	Bypass authentication for Admins on local socket	`FALSE`
`GATEWAY_ENABLE_IMAP_SECURE`	Enable IMAP (secure)	`TRUE`
`GATEWAY_ENABLE_IMAP`	Enable IMAP (insecure)	`FALSE`
`GATEWAY_ENABLE_POP3`	Enable POP3 (insecure)	`FALSE`
`GATEWAY_ENABLE_POP3S`	Enable POP3 (secure)	`TRUE`
`GATEWAY_GREETING_SHOW_HOSTNAME`	Show hostiname in greeting	`FALSE`
`GATEWAY_HOSTNAME`	Greeting Hostname	`example.com`
`GATEWAY_IMAP_MAX_MESSAGE_SIZE`	Maximum Message Size to Process for POP3/IMAP	`25M`
`GATEWAY_IMAP_MAX_FAIL_COMMANDS`	Maximum Fail Commands	`5`
`GATEWAY_IMAP_ONLY_MAIL_FOLDERS`	Show only mail folders in IMAP folder lookup	`TRUE`
`GATEWAY_IMAP_SHOW_PUBLIC_FOLDERS`	Show Public folders available to sync	`TRUE`
`GATEWAY_LISTEN_HOST_IMAP_SECURE`	Listen address (secure)	`*`
`GATEWAY_LISTEN_HOST_IMAP`	Listen address (insecure)	`*`
`GATEWAY_LISTEN_HOST_POP3_SECURE`	Listen address (secure)	`*`
`GATEWAY_LISTEN_HOST_POP3`	Listen address (insecure)	`*`
`GATEWAY_LISTEN_PORT_IMAP_SECURE`	Listen port (insecure)	`993`
`GATEWAY_LISTEN_PORT_IMAP`	Listen port (insecure)	`143`
`GATEWAY_LISTEN_PORT_POP3_SECURE`	Listen port (insecure)	`995`
`GATEWAY_LISTEN_PORT_POP3`	Listen port (insecure)	`143`
`GATEWAY_LOG_LEVEL`	Override master `LOG_LEVEL` environment for this specific service
`GATEWAY_SOCKET_SERVER`	What should service use to contact server	`${SOCKET_SERVER}`
`GATEWAY_SSL_CERT_FILE`	Gateway SSL Certificate File	`/certs/core/gateway.crt`
`GATEWAY_SSL_KEY_FILE`	Gateway SSL Key File	`/certs/core/gateway.pem`
`GATEWAY_SSL_PREFER_SERVER_CIPHERS`	Prefer Server Ciphers when using SSL	`TRUE`
`GATEWAY_SSL_REQUIRE_PLAINTEXT_AUTH`	Require SSL when using AUTHPLAIN	`TRUE`
`LOG_FILE_GATEWAY`	Logfile Name	`gateway.log`

Gateway Migrator Mode Options

When enabling MODE=migrator you can spawn a seperate local copy of Kopano Gateway that skips authentication checks on any user in order to perform migration tasks moving messages from a remote store to the locally stored database. All options above are the same with the exception of the following that are hardcoded. Perform your migration work with the included kopano-migration-imap script included in image.

Parameter	Description	Hardcoded
`GATEWAY_BYPASS_AUTHENTICATION_ADMIN`	Bypass authentication for Admins on local socket	`TRUE`
`GATEWAY_LISTEN_PORT_IMAP_SECURE`	Listen port (insecure)	`9993`
`GATEWAY_LISTEN_PORT_IMAP`	Listen port (insecure)	`1143`
`GATEWAY_IMAP_MAX_MESSAGE_SIZE`	Maximum Message Size to Process for POP3/IMAP	`100M`
`LOG_FILE_MIGRATOR`	Logfile Name	`migrator.log`
`SERVER_SOCKET`	Server Socket	`file:///var/run/kopano/server.sock`

ICAL Options (needs work)

Parameter	Description	Default
`ENABLE_ICAL`	Enable Service	`TRUE`
`ICAL_ENABLE_HTTP`	Enable HTTP	`TRUE`
`ICAL_ENABLE_HTTPS`	Enable HTTPS	`TRUE`
`ICAL_ENABLE_ICAL_GET`	Enable GET functionaluty	`TRUE`
`ICAL_LISTEN_HOST`	Listen address (insecure)	`*`
`ICAL_LISTEN_HOST_SECURE`	Listen address (secure)	`*`
`ICAL_LISTEN_PORT`	Listen port (insecure)	`8080`
`ICAL_LISTEN_PORT_SECURE`	Listen port (insecure)	`8443`
`ICAL_LOG_LEVEL`	Override master `LOG_LEVEL` environment for this specific service
`ICAL_SOCKET_SERVER`	What should service use to contact server	`${SOCKET_SERVER}`
`ICAL_SSL_CERT_FILE`	ICAL SSL Certificate File	`/certs/core/ical.crt`
`ICAL_SSL_KEY_FILE`	ICAL SSL Key File	`/certs/core/ical.pem`
`LOG_FILE_ICAL`	Logfile Name	`ical.log`

KDAV Options (needs work)

Parameter	Description	Default
`ENABLE_KDAV`	Enable Service	`TRUE`
`KDAV_CONFIG_FILE`	Configuration File	`kdav.php`
`KDAV_DEVELOPER_MODE`	Utilize Developer mode	`TRUE`
`KDAV_HOSTNAME`	DAV Service Hostname	`dav.example.com`
`KDAV_LISTEN_PORT`	Listening Port for KDAV Services	`80`
`KDAV_LOG_LEVEL`	Override master `LOG_LEVEL` environment for this specific service
`KDAV_MAX_SYNC_ITEMS`	Maximum items to sync at once	`1000`
`KDAV_PATH`	Where data files are stored	`/data/kdav/`
`KDAV_REALM`	KDAV Realm	`Kopano DAV`
`KDAV_ROOT_URI`	Root URI	`/`
`KDAV_SOCKET_SERVER`	What should service use to contact server	`${SOCKET_SERVER}`
`KDAV_SYNC_DB`	Filename of Sync State	`syncdate.db`
`LOG_FILE_KDAV`	Logfile Name	`kdav.log`

Monitor Options

Parameter	Description	Default
`ENABLE_MONITOR`	Enable Service	`TRUE`
`MONITOR_LOG_LEVEL`	Override master `LOG_LEVEL` environment for this specific service
`MONITOR_QUOTA_CHECK_INTERVAL`	Check Quotas in minutes interval	`15`
`MONITOR_QUOTA_RESEND_INTERVAL`	Resend Notifications in dats interval	`1`
`MONITOR_SSL_CERT_FILE`	Monitor SSL Certificate File	`/certs/core/monitor.crt`
`MONTIOR_SSL_KEY_FILE`	Monitor SSL Key File	`/certs/core/monitor.pem`
`MONITOR_SOCKET_SERVER`	What should service use to contact server	`${SOCKET_SERVER}`
`LOG_FILE_MONITOR`	Logfile Name	`monitor.log`
`TEMPLATE_MONITOR_COMPANY_QUOTA`	Template: Company exceeded Quota	`companywarning.mail`
`TEMPLATE_MONITOR_PATH`	Where to find templates	`/data/templates/quotas`
`TEMPLATE_MONITOR_USER_QUOTA`	Template: User exceeded Quota	`userwarning.mail`
`TEMPLATE_MONITOR_USER_HARD_QUOTA`	Template: User exceeded Quota Hard	`userhard.mail`
`TEMPLATE_MONITOR_USER_SOFT_QUOTA`	Template: User exceeded Quota Soft	`usersoft.mail`

Prometheus Exporter Options

Parameter	Description	Default
`ENABLE_PROMETHEUS_EXPORTER`	Enable Service	`TRUE`
`PROMETHEUS_EXPORTER_LISTEN_HOST`	Listen Host for HTTP Exporter	`127.0.0.1`
`PROMETHEUS_EXPORTER_LISTEN_PORT`	Listening Port for HTTP Exporter	`6231`
`PROMETHEUS_EXPORTER_LISTEN_PROTOCOL`	Listening Port for HTTP Exporter	`http`
`LOG_FILE_PROMETHEUS_EXPORTER`	Logfile Name	`prometheus-exporter.log`
`PROMETHEUS_EXPORTER_SOCKET`	Socket to point Kopano Server to for stats export	`/var/run/kopano/prometheus-export.sock`

Search Options

Parameter	Description	Default
`ENABLE_SEARCH`	Enable Search Service	`TRUE`
`LOG_FILE_SEARCH`	Logfile Name	`search.log`
`SEARCH_CACHE_SIZE_TERM`	Cache Size	`256M`
`SEARCH_ENABLE_HTTP`	Enable HTTP Communications to Search Socket	`FALSE`
`SEARCH_ENABLE_HTTPS`	Enable TLS Communications to Search Socket	`FALSE`
`SEARCH_INDEX_ATTACHMENTS`	Index File Attachments	`FALSE`
`SEARCH_INDEX_ATTACHMENTS_MAX_SIZE`	Only index files under this value	`5`
`SEARCH_INDEX_DRAFTS`	Index Drafts Folder	`TRUE`
`SEARCH_INDEX_JUNK`	Index Junk Folder	`TRUE`
`SEARCH_INDEX_PATH`	Data storage for service	`/data/search/`
`SEARCH_INDEX_PROCESSES`	How many processes to run concurrently	`1`
`SEARCH_LIMIT_RESULTS`	Limit Results returned	`1000`
`SEARCH_LISTEN_HOST`	Listen address	`0.0.0.0`
`SEARCH_LISTEN_PORT`	Listen address	`1238`
`SEARCH_LOG_LEVEL`	Override master `LOG_LEVEL` environment for this specific service
`SEARCH_SOCKET_SERVER`	What should service use to contact server	`${SOCKET_SERVER}`
`SEARCH_SSL_CERT_FILE`	Search SSL Certificate File	`/certs/core/search.crt`
`SEARCH_SSL_KEY_FILE`	Search SSL Key File	`/certs/core/search.pem`
`SEARCH_SSL_LISTEN_CERT_FILE`	Search Listen SSL Certificate File	`/certs/core/search-listen.crt`
`SEARCH_SSL_LISTEN_KEY_FILE`	Search Listen SSL Key File	`/certs/core/search-listen.pem`
`SEARCH_SUGGESTIONS`	Respond with suggestions	`FALSE`
`SEARCH_TIMEOUT`	Timeout in seconds	`10`
`SOCKET_SEARCH`	Search Socket
	Dependent on options above enabling HTTP or HTTPS this will auto populate with a default.
	ENABLE_HTTP = `http://search:${SEARCH_LISTEN_PORT}`
	ENABLE_HTTPS = `https://search:${SEARCH_LISTEN_PORT}`
	None of above = `file:///var/run/kopano-search/search.sock`

Server Options (needs work)

Parameter	Description	Default
`ENABLE_SERVER`	Enable Service	`TRUE`
`LOG_FILE_SERVER`	Logfile Name	`server.log`
`SERVER_ALLOW_LOCAL_USERS`	Allow local users to utilize Kopano cli tools	`TRUE`
`SERVER_ATTACHMENT_BACKEND_FILES_FSYNC`	Use FSync when storing files on filesystem	`TRUE`
`SERVER_ATTACHMENT_BACKEND_FILES_PATH`	Where to store attachments	`/data/attachments/`
`SERVER_ATTACHMENT_BACKEND_S3_PATH`	Path on S3 Bucket to store attachments	`attachments`
`SERVER_ATTACHMENT_BACKEND`	Files Backend `FILES` `FILES_V2` `S3`	`files_v2`
`SERVER_ATTACHMENT_COMPRESSION`	Level of Gzip Compression for Attachments	`6`
`SERVER_ATTACHMENT_S3_PROTOCOL`	Protocol to use for connecting to S3 service	`HTTPS`
`SERVER_CACHE_ACL`	Access Control List Values	`1M`
`SERVER_CACHE_CELL`	Main Cache in Kopano	`256M`
`SERVER_CACHE_INDEXED_OBJECT`	Unique IDs of Objects	`16M`
`SERVER_CACHE_OBJECT`	Objects and Folder Hierarchy	`5M`
`SERVER_CACHE_QUOTA_LIFETIME`	Lifetime for Quota Details	`1`
`SERVER_CACHE_QUOTA`	Quota Values of Users	`1M`
`SERVER_CACHE_SERVER_LIFETIME`	Lifetime for Server Locations	`30`
`SERVER_CACHE_SERVER`	Multiserver Only - Server Locations	`1M`
`SERVER_CACHE_STORE`	ID Values	`1M`
`SERVER_CACHE_USERDETAILS_LIFETIME`	Lifetime for User Details	`0`
`SERVER_CACHE_USERDETAILS`	User Details Values	`3M`
`SERVER_CACHE_USER`	User ID Values	`1M`
`SERVER_CUSTOM_USERSCRIPT_CREATECOMPANY`		`default`
`SERVER_CUSTOM_USERSCRIPT_CREATEGROUP`		`default`
`SERVER_CUSTOM_USERSCRIPT_CREATEUSER`		`default`
`SERVER_CUSTOM_USERSCRIPT_DELETECOMPANY`		`default`
`SERVER_CUSTOM_USERSCRIPT_DELETEGROUP`		`default`
`SERVER_CUSTOM_USERSCRIPT_DELETEUSER`		`default`
`SERVER_CUSTOM_USERSCRIPT_PATH`	Where to find user scripts for performing add/del user actions	`/etc/kopano/userscripts/`
`SERVER_DISABLED_FEATURES`
`SERVER_ENABLE_CUSTOM_USERSCRIPTS`	Enable Custom Userscripts in /config/userscripts	`TRUE`
`SERVER_ENABLE_GAB`	Enable Global Address Book	`TRUE`
`SERVER_ENABLE_HTTPS`	Enable TLS Communications to Server Socket	`FALSE`
`SERVER_ENABLE_HTTP`	Enable HTTP Communications to Server Socket	`FALSE`
`SERVER_ENABLE_MULTI_TENANT`	Enable Multi Server Mode	`FALSE`
`SERVER_ENABLE_MULTI_TENANT`	Enable Multi Tenant Mode	`FALSE`
`SERVER_ENABLE_OPTIMIZED_SQL`	Use Optimized MariaDB statements	`TRUE`
`SERVER_ENABLE_SEARCH`	Enable Search Functionality	`TRUE`
`SERVER_ENABLE_SSO`	Enable SSO Functionality w/Server	`FALSE`
`SERVER_GAB_HIDE_EVERYONE`	Hide everyone from GAB	`FALSE`
`SERVER_GAB_HIDE_SYSTEM`	Hide System Account from GAB	`FALSE`
`SERVER_GAB_SYNC_REALTIME`	Perform Lookups against LDAP server when user uses GAB	`TRUE`
`SERVER_HOSTNAME`	Server Hostname (multi tenant)	``
`SERVER_LISTEN_HOST`	Listen Interface for Server	`*%lo`
`SERVER_LISTEN_PORT_SECURE`	Listen Interface for Secure Server	`237`
`SERVER_LISTEN_PORT`	Listen Port for Server	`236`
`SERVER_LOG_LEVEL`	Override master `LOG_LEVEL` environment for this specific service
`SERVER_LOCAL_ADMIN_USERS`	Admin users on console that do not require authentication	`root kopano`
`SERVER_MULTI_TENANT_LOGINNAME_FORMAT`		`%u`
`SERVER_MULTI_TENANT_STORENAME_FORMAT`		`%f_%c`
`SERVER_OIDC_DISABLE_TLS_VALIDATION`		`FALSE`
`SERVER_OIDC_IDENTIFIER`	URL to OIDC Provider
`SERVER_OIDC_TIMEOUT_INITIALIZE`	Timeout for OIDC functionality in seconds	`60`
`SERVER_PIPE_NAME`	Server Pipe Name	`/var/run/kopano/server.sock`
`SERVER_PIPE_PRIORITY_NAME`	Prioritized Server Pipe Name	`/var/run/kopano/prio.sock`
`SERVER_PURGE_SOFTDELETE`	Delete files from trash after (x) days	`30`
`SERVER_QUOTA_COMPANY_WARN`		`0`
`SERVER_QUOTA_HARD`	Hard (No send or recieve) default Quota in MB	`1024`
`SERVER_QUOTA_SOFT`	Soft (No Send) default Quota in MB	`950`
`SERVER_QUOTA_WARN`	Send Warning default Quota in MB	`900`
`SERVER_SERVER_NAME`	Kopano Server Name	`Kopano`
`SERVER_SSL_CERT_FILE`	Server SSL Certificate File	`/certs/core/server.crt`
`SERVER_SSL_KEY_FILE`	Server SSL Key File	`/certs/core/server.pem`
`SERVER_SSL_KEY_PASS`	Set password set on SSL Key
`SERVER_SSL_PUBLIC_PATH`	Where to store public keys for SSL	`/certs/core/core/public/`
`SERVER_SYSTEM_EMAIL_ADDRESS`	System Email Address	`[email protected]`
`SERVER_THREADS`	Amount of Threads Server should use	`8`
`SERVER_TIMEOUT_RECIEVE`		`5`
`SERVER_TIMEOUT_SEND`		`60`
`SERVER_TLS_MIN_PROTOCOL`	Minimum TLS Protocol accepted	`tls1.2`
`SERVER_USER_PLUGIN`	User backend selection	`ldap`
`SERVER_USER_SAFE_MODE`		`FALSE`
`SERVER_WATCHDOG_FREQUENCY`		`1`
`SERVER_WATCHDOG_MAX_AGE`		`500`
`SEVER_ADDITIONAL_ARGS`	Pass additional arguments to server process

Spamd Options

Parameter	Description	Default
`ENABLE_SPAMD`	Enable Service	`TRUE`
`LOG_FILE_SPAMD`	Logfile Name	`spamd.log`
`SPAMD_FILES_HAM_PATH`	Where to store HAM files for training	`/data/spamd/ham/`
`SPAMD_FILES_SPAM_PATH`	Where to store SPAM files for training	`/data/spamd/spam/`
`SPAMD_FILES_DB_PATH`	Where to store learned SPAM DB	`/data/spamd/`
`SPAMD_FILES_DB_FILE`	Learned SPAM DB	`spam.db`
`SPAMD_LOG_LEVEL`	Override master `LOG_LEVEL` environment for this specific service
`SPAMD_SA_GROUP`	Spamassassin Group	`kopano`
`SPAMD_SOCKET_SERVER`	What should service use to contact server	`${SOCKET_SERVER}`
`SPAMD_SSL_CERT_FILE`	SpamD SSL Certificate File	`/certs/core/spamd.crt`
`SPAMD_SSL_KEY_FILE`	SpamD SSL Key File	`/certs/core/spamd.pem`

Spooler Options (needs work)

Parameter	Description	Default
`ENABLE_SPOOLER`	Enable Service	`TRUE`
`LOG_FILE_SPOOLER`	Logfile Name	`spooler.log`
`SPOOLER_ALLOW_DELEGATE_MEETING_REQUEST`	Allow delegates to send meeting requests	`TRUE`
`SPOOLER_ALLOW_REDIRECT_SPOOFING`	Allow redirect rule to change from email address	`TRUE`
`SPOOLER_ALLOW_SEND_TO_EVERYONE`	Allow to send to everyone group	`TRUE`
`SPOOLER_ALWAYS_SEND_DELEGATES`	Always send delegate "On behalf of" headers	`FALSE`
`SPOOLER_ENABLE_DSN`	Allow fo forward upstream MTA Delivery Status Notes	`TRUE`
`SPOOLER_EXPAND_GROUPS`	Expand group members inside of headers	`FALSE`
`SPOOLER_LOG_LEVEL`	Override master `LOG_LEVEL` environment for this specific service
`SPOOLER_LOG_RAW_MESSAGE_STAGE1`		`FALSE`
`SPOOLER_MAX_THREADS`	Maximum Threads to use for Spooler	`5`
`SPOOLER_PATH_PLUGIN`	Path for Spooler Plugins	`/data/spooler/plugins/`
`SPOOLER_PATH_RAW_MESSAGES`	Path for Raw Message logging	`/data/spooler/raw_messages/`
`SPOOLER_PLUGIN_ENABLED`	Enable Spooler Plugin Support	`FALSE`
`SPOOLER_SMTP_HOST`	Host that can provide outbound MTA functionality	`localhost`
`SPOOLER_SMTP_PORT`	Port to connect to on `SMTP_HOST`	25
`SPOOLER_SOCKET_SERVER`	What should service use to contact server	`${SOCKET_SERVER}`
`SPOOLER_SSL_CERT_FILE`	Spooler SSL Certificate File	`/certs/core/spooler.crt`
`SPOOLER_SSL_KEY_FILE`	Spooler SSL Key File	`/certs/core/spooler.pem`

Webapp Options (needs work)

Parameter	Description	Default
`WEBAPP_BLOCK_SIZE`	Block Size for buffering data	`1048576`
`WEBAPP_CLIENT_TIMEOUT`	Timeout from Session	`0`
`WEBAPP_CONFIG_CHECK_COOKIES_HTTP`	Check to see if HTTP (insecure) cookies being used	`FALSE`
`WEBAPP_CONFIG_CHECK_COOKIES_SSL`	Check to see if SSL cookies are being used	`FALSE`
`WEBAPP_CONFIG_CHECK`	Perform Configuration Sanity Check	`TRUE`
`WEBAPP_COOKIE_NAME`	Cookie Name	`KOPANO_WEBAPP`
`WEBAPP_CROSS_DOMAIN_AUTHENTICATION_ALLOWED_DOMAINS`	Cross Domain Authentication Domains
`WEBAPP_ENABLED_LANGUAGES`	Enabled Languages	`cs_CZ;da_DK;de_DE;en_GB;en_US;es_CA;es_ES;fi_FI;fr_FR;hu_HU;it_IT;ja_JP;nb_NO;nl_NL;pl_PL;pt_BR;ru_RU;sl_SI;tr_TR;zh_TW`
`WEBAPP_ENABLE_ADVANCED_SETTINGS`	Enable Advanced Settings	`FALSE`
`WEBAPP_ENABLE_DEFAULT_SOFT_DELETE`	Enable Soft Deletion	`FALSE`
`WEBAPP_ENABLE_DIRECT_BOOKING`	Enable Direct Booking or Meeting Requests	`TRUE`
`WEBAPP_ENABLE_DOMPURIFY_FILTER`	Enable Javascript purification for messages	`FALSE`
`WEBAPP_ENABLE_FILE_PREVIEWER`	Enable File Previewer	`TRUE`
`WEBAPP_ENABLE_FULL_GAB`	Enable/Disable Global Address Book Display	`TRUE`
`WEBAPP_ENABLE_ICONSETS`	Enable user selection of Iconsets	`TRUE`
`WEBAPP_ENABLE_PLUGINS`	Enable Webapp Plugins	`TRUE`
`WEBAPP_ENABLE_PUBLIC_CONTACT_FOLDERS`	Enable/Disable Public Contact Folders	`FALSE`
`WEBAPP_ENABLE_PUBLIC_FOLDERS`	Enable Display of Public Folders	`TRUE`
`WEBAPP_ENABLE_REMOTE_PASSWORD`	Perform hack to allow $_SERVER_REMOTE_PASS to auto login user	`FALSE`
`WEBAPP_ENABLE_REMOTE_USER_LOGIN`	Allow REMOTE_USER header to login (SSO)	`FALSE`
`WEBAPP_ENABLE_RESPONSE_COMPRESSION`	Enable GZIP Compression	`TRUE`
`WEBAPP_ENABLE_SHARED_CONTACT_FOLDERS`	Enable/Disable Shared Contacts	`FALSE`
`WEBAPP_ENABLE_SHARED_RULES`	Enable Shared Message Rules	`FALSE`
`WEBAPP_ENABLE_THEMES`	Enable User Theme Selection	`TRUE`
`WEBAPP_ENABLE_WELCOME_SCREEN`	Show Welcome Screen on first login	`TRUE`
`WEBAPP_ENABLE_WHATS_NEW_DIALOG`	Show What's New Dialog on login	`FALSE`
`WEBAPP_ENABLE_WIDGETS`	Enable Today / Sidebar Widgets	`TRUE`
`WEBAPP_EXPIRES_TIME`		`606024713`
`WEBAPP_FREEBUSY_LOAD_END_OFFSET`		`90`
`WEBAPP_FREEBUSY_LOAD_START_OFFSET`		`7`
`WEBAPP_HOSTNAME`	Hostname of Webmail service	`webapp.example.com`
`WEBAPP_ICONSET`	Set Default Icons	`breeze`
`WEBAPP_INSECURE_COOKIES`	Allow Insecure Cookies	`FALSE`
`WEBAPP_LOGINNAME_STRIP_DOMAIN`	Strip Doman/Prefix from username
`WEBAPP_LOG_LEVEL`	Override master `LOG_LEVEL` environment for this specific service
`WEBAPP_LOG_SUCCESSFUL_LOGINS`		`FALSE`
`WEBAPP_LOG_USERS`
`WEBAPP_MANUAL_URL`	URL to Load for Manual	`https://documentation.kopano.io/user_manual_webapp/`
`WEBAPP_MAX_EML_FILES_IN_ZIP`	Maximum files in a Zip file to allow	`50`
`WEBAPP_MAX_GAB_RESULTS`	Maximum results for Global Address Book `0` to disable	`0`
`WEBAPP_OIDC_CLIENT_ID`	OIDC Client ID
`WEBAPP_OIDC_ISS`	OIDC Provider
`WEBAPP_OIDC_SCOPE`	OIDC Scope or Attributes	`openid profile email kopano/gc`
`WEBAPP_PLUGIN_SMIME_ENABLE_OCSP`		`TRUE`
`WEBAPP_POWERPASTE_ALLOW_LOCAL_IMAGES`		`TRUE`
`WEBAPP_POWERPASTE_HTML_IMPORT`		`merge`
`WEBAPP_POWERPASTE_WORD_IMPORT`		`merge`
`WEBAPP_PREFETCH_EMAIL_COUNT`		`10`
`WEBAPP_PREFETCH_EMAIL_INTERVAL`	How often to fetch new mail in seconds	`30`
`WEBAPP_REDIRECT_ALLOWED_DOMAINS`
`WEBAPP_SHARED_STORE_POLLING_INTERVAL`		`15`
`WEBAPP_SOCKET_SERVER`	What should service use to contact server	`${SOCKET_SERVER}`
`WEBAPP_STATE_FILE_MAX_LIFETIME`		`286060`
`WEBAPP_THEME`	Set Default Theme
`WEBAPP_TITLE`	Browser Title of WebApp	`Kopano WebApp`
`WEBAPP_TMP_PATH`	Temporary Files path	`/var/lib/kopano-webapp/tmp`
`WEBAPP_UPLOADED_ATTACHMENT_MAX_LIFETIME`		`66060`

Webapp Plugins

Webapp Plugin: Contact Fax Options

Parameter	Description	Default
`WEBAPP_PLUGIN_ENABLE_CONTACT_FAX`	Enable Plugin	`TRUE`
`WEBAPP_PLUGIN_CONTACT_FAX_DEFAULT_USER`	Auto Enable for new users	`FALSE`
`WEBAPP_PLUGIN_CONTACT_FAX_DOMAIN_NAME`	Domain name to append	`officefax.net`

Webapp Plugin: Files Options

This plugin requires an IV and Key (3.x) or Secret (> 4.x) to encrypt credentials for users to access services. If the env vars do not exist, a random 8 char IV and 16 char KEY or 24 char secret will be generated and stored in ${CONFIG_PATH}webapp/key-files and reloaded on each container start.

Parameter	Description	Default
`WEBAPP_PLUGIN_ENABLE_FILES`	Enable Files Plugin	`TRUE`
`WEBAPP_PLUGIN_ENABLE_FILES_BACKEND_OWNCLOUD`	Enable Owncloud Backend Plugin	`TRUE`
`WEBAPP_PLUGIN_ENABLE_FILES_BACKEND_SEAFILE`	Enable Seafile Backend Plugin	`TRUE`
`WEBAPP_PLUGIN_ENABLE_FILES_BACKEND_SMB`	Enable SMB Backed Plugin	`TRUE`
`WEBAPP_PLUGIN_FILES_DEFAULT_USER`	Auto Enable for new users	`TRUE`
`WEBAPP_PLUGIN_FILES_ASK_BEFORE_DELETE`	Ask users before deleting files	`TRUE`
`WEBAPP_PLUGIN_FILES_CACHE_DIR`	Files cache directory	`/data/cache/webapp/plugin_files`
`WEBAPP_PLUGIN_FILES_LOG_LEVEL`	Override master `LOG_LEVEL` environment for this specific service
`WEBAPP_PLUGIN_FILES_PASSWORD_IV`	8 character IV (Legacy)	(random)
`WEBAPP_PLUGIN_FILES_PASSWORD_KEY`	16 character IV (Legacy	(random)
`WEBAPP_PLUGIN_FILES_PASSWORD_SECRET`	24 character Secret	(random)

Webapp Plugin: HTML Editor Jodit

Parameter	Description	Default
`WEBAPP_PLUGIN_ENABLE_HTMLEDITOR_JODIT`	Enable Plugin	`TRUE`

Webapp Plugin: HTML Editor Quill

Parameter	Description	Default
`WEBAPP_PLUGIN_ENABLE_HTMLEDITOR_QUILL`	Enable Plugin	`TRUE`

Webapp Plugin: Intranet Options

Add multiple Intranet Tabs by adding WEBAPP_PLUGIN_INTRANET(x)_*

Parameter	Description	Default
`WEBAPP_PLUGIN_ENABLE_INTRANET`	Enable Intranet Plugin	`TRUE`
`WEBAPP_PLUGIN_INTRANET_DEFAULT_USER`	Auto Enable for new users	`TRUE`
`WEBAPP_PLUGIN_INTRANET1_TITLE`	Service Name to appear in Header Bar
`WEBAPP_PLUGIN_INTRANET1_URL`	URL to load for service
`WEBAPP_PLUGIN_INTRANET1_AUTOSTART`	Auto start service upon login
`WEBAPP_PLUGIN_INTRANET1_ICON`	Icon to load for service

Webapp Plugin: Jitsi Meet Options

Parameter	Description	Default
`WEBAPP_PLUGIN_JITSIMEET_HOSTNAME`	Host where to find Jitsi Meet implementation	`https://meet.jit.si`
`WEBAPP_PLUGIN_ENABLE_JITSIMEET`	Enable Plugin	`FALSE`
`WEBAPP_PLUGIN_JITSIMEET_DEFAULT_USER`	Auto Enable for new users	`TRUE`
`WEBAPP_PLUGIN_JITSIMEET_DEFAULT_OPEN`	Default opening behaviour `webapp` `browser` `popup`	`popup`
`WEBAPP_PLUGIN_JITSIMEET_DEFAULT_HIDE_MAINTOOLBAR`	Hide the Main Toolbar by default	`FALSE`
`WEBAPP_PLUGIN_JITSIMEET_DISABLE_LOCATION_ADDITION`	Disable Appending Meeting URL to locaton bar	`FALSE`
`WEBAPP_PLUGIN_JITSIMEET_DISABLE_LOCATION_REMOVAL_PROTECTION`	Disable Meeting URL location removal protection	`FALSE`
`WEBAPP_PLUGIN_JITSIMEET_DISABLE_MSG_TEMPLATE`	Disable Sending Message Template	`FALSE`

Message template will be auto generated for you and saved in ${CONFIG_PATH}/webapp/jitsimeet.template

Webapp Plugin: Mattermost Options

Parameter	Description	Default
`WEBAPP_PLUGIN_ENABLE_MANUAL`	Enable Webapp Mattermost Plugin	`TRUE`
`WEBAPP_PLUGIN_MATTERMOST_DEFAULT_USER`	Auto Enable for new users	`FALSE`
`WEBAPP_PLUGIN_MATTERMOST_HOST`	Hostname to mattermost installation
`WEBAPP_PLUGIN_MATTERMOST_AUTOSTART`	Autostart Mattermost upon login	`FALSE`

Webapp Plugin: Mobile Device Manager Options

Parameter	Description	Default
`WEBAPP_PLUGIN_ENABLE_MDM`	Enable Plugin	`TRUE`
`WEBAPP_PLUGIN_MDM_DEFAULT_USER`	Auto Enable for new users	`TRUE`
`WEBAPP_PLUGIN_MDM_SERVER_SSL`	Whether to use SSL to connect to Z-Push server	`TRUE`
`ZPUSH_HOSTNAME`	Hostname of Z-Push server	`${WEBAPP_HOSTNAME}`

Webapp Plugin: Meet Options

Parameter	Description	Default
`WEBAPP_PLUGIN_ENABLE_MEET`	Enable Plugin	`TRUE`
`WEBAPP_PLUGIN_MEET_DEFAULT_USER`	Auto Enable for new users	`TRUE`
`MEET_HOSTNAME`	Hostname of meet server	`meet.example.com`

Webapp Plugin: PIM Options

Parameter	Description	Default
`WEBAPP_PLUGIN_ENABLE_PIM_FOLDER`	Enable Plugin	`TRUE`
`WEBAPP_PLUGIN_PIM_DEFAULT_USER`	Auto Enable for new users	`FALSE`

Webapp Plugin: Rocketchat Options

Parameter	Description	Default
`WEBAPP_PLUGIN_ENABLE_ROCKETCHAT`	Enable Plugin	`TRUE`
`WEBAPP_PLUGIN_ROCKETCHAT_DEFAULT_USER`	Auto Enable for new users	`TRUE`
`WEBAPP_PLUGIN_ROCKETCHAT_TITLE`	Service Name to appear in Header Bar	`Rocketchat`
`WEBAPP_PLUGIN_ROCKETCHAT_HOST`	Host of Rocketchat Server (no http/https://)	`rocketchat.example.com`
`WEBAPP_PLUGIN_ROCKETCHAT_HOST`	Use if service has subfolder
`WEBAPP_PLUGIN_ROCKETCHAT_AUTOSTART`	Auto start service upon login
`WEBAPP_PLUGIN_ROCKETCHAT_ICON`	Icon to load for service	`resources/icons/icon_default.png`

Webapp Plugin: S/MIME Options

Parameter	Description	Default
`WEBAPP_PLUGIN_ENABLE_SMIME`	Enable Plugin	`TRUE`
`WEBAPP_PLUGIN_SMIME_DEFAULT_USER`	Auto Enable for new users	`FALSE`
`WEBAPP_PLUGIN_SMIME_CACERTS_LOCATION`	Location of CA Certs	`/etc/ssl/certs`
`WEBAPP_PLUGIN_SMIME_CIPHER`	OpenSSL Ciphers to use	`OPENSSL_CIPHER_AES_128_CBC`
`WEBAPP_PLUGIN_SMIME_BROWSER_REMEMBER_PASSPHRASE`	Allow browser to remember Passphrase	`FALSE`
`WEBAPP_PLUGIN_SMIME_ENABLE_OCSP`	Utilize OCSP Stapling	`TRUE`

Webapp Plugin: Text Templates Options

Parameter	Description	Default
`WEBAPP_PLUGIN_ENABLE_TEXTTEMPLATES`	Enable Plugin	`FALSE`

Z-Push Activesync

Z-Push Database Options

Parameter	Description	Default
`ZPUSH_DB_HOST`	Host or container name of MariaDB Server	`${DB_HOST}`
`ZPUSH_DB_PORT`	MariaDB Port	`3306`
`ZPUSH_DB_NAME`	MariaDB Database name	`zpush`
`ZPUSH_DB_USER`	MariaDB Username for above Database	`${DB_USER}`
`ZPUSH_DB_PASS`	MariaDB Password for above Database	`${DB_PASS}`
`ZPUSH_DB_TYPE`	Type of Database `mysql`	`mysql`

Z-Push Options

Parameter	Description	Default
`ENABLE_ZPUSH`	Enable Service	`TRUE`
`LOG_FILE_ZPUSH`	Log File	`zpush.log`
`LOG_FILE_ZPUSH_AUTODISCOVER`	Autodiscover Log File	`autodiscover.log`
`LOG_FILE_ZPUSH_AUTODISCOVER_ERROR`	Autodiscover Error Log File	`autodiscover-error.log`
`LOG_FILE_ZPUSH_ERROR`	Error Log File	`zpush-error.log`
`LOG_ZPUSH_AUTH_FAIL`	Log authentication errors	`TRUE`
`TEMPLATE_ZPUSH_NOTIFY`	Template: Notifications on errors	`notify.mail`
`TEMPLATE_ZPUSH_PATH`	Where to find templates	`/data/templates/zpush/`
`ZPUSH_AUTODISCOVER_LISTEN_PORT`	Listen Port for Z-Push autodiscover services if seperate from Webapp Hostname	`80`
`ZPUSH_AUTODISCOVER_LOGIN_TYPE`		`AUTODISCOVER_LOGIN_EMAIL`
`ZPUSH_BACKEND_PROVIDER`	Backend Provider for synchronization	`BackendKopano`
`ZPUSH_CONFIG_AUTODISCOVER_FILE`	Autodiscover Source	`zpush-config-autodiscover.php`
`ZPUSH_CONFIG_FILE`	Config File	`zpush-config.php`
`ZPUSH_CONFIG_GAB2CONTACTS_FILE`	GAB2Contacts File	`zpush-config-gab2contacts.php`
`ZPUSH_CONFIG_GABSYNC_FILE`	GABSync File	`zpush-config-gabsync.php`
`ZPUSH_CONFIG_KOPANO_FILE`	Kopano Backend Configuration	`zpush-config-kopano.php`
`ZPUSH_CONFIG_MEMCACHED_FILE`	Memcached Configuration	`zpush-config-memcached.php`
`ZPUSH_CONFIG_SQL_FILE`	SQL State Configuration	`zpush-config-sql.php`
`ZPUSH_CONFLICT_HANDLER`	Conflict Resoltuion Methodology	`SYNC_CONFLICT_OVERWRITE_PIM`
`ZPUSH_CONTACT_FILE_ORDER`	How to file Cotacts	`SYNC_FILEAS_LASTFIRST`
`ZPUSH_CONTENT_BODY_SIZE`	How large can messages be (Max message size * 1.3)	`GATEWAY_IMAP_MAX_MESSAGE_SIZE`
`ZPUSH_CUSTOM_INDEX_FILE`	Custom Index file when developer mode on	`/assets/zpush/templates/index.html`
`ZPUSH_ENABLE_AUTODISCOVER`	Enable ZPush Autodiscover functionality	`TRUE`
`ZPUSH_ENABLE_CUSTOM_INDEX`	Enable Custom Index file	`TRUE`
`ZPUSH_ENABLE_PROVISIONING`	Enable Provisioning	`TRUE`
`ZPUSH_ENABLE_WEBSERVICE_USERS_ACCESS`		`FALSE`
`ZPUSH_HOSTNAME`	Hostname of Z-Push Server	`$WEBAPP_HOSTNAME`
`ZPUSH_IPC_PROVIDER`		`SHARED`
`ZPUSH_LISTEN_PORT`	Listen Port for Z-Push services if seperate from Webapp Hostname	`80`
`ZPUSH_LOGIN_EMAIL`		`TRUE`
`ZPUSH_LOG_LEVEL`	Override master `LOG_LEVEL` environment for this specific service
`ZPUSH_LOGIN_USE_EMAIL`	Use full email address for login	`FALSE`
`ZPUSH_MEMCACHED_BLOCK_WAIT`		`10`
`ZPUSH_MEMCACHED_LOCK_EXPIRATION`	Memcached Lock Expiration	`30`
`ZPUSH_MEMCACHED_PORT`	Memcached Port	`11211`
`ZPUSH_MEMCACHED_TIMEOUT_MUTEX`		`5`
`ZPUSH_MEMCACHED_TIMEOUT`	Memcached Timeout	`100`
`ZPUSH_OUTLOOK_ENABLE_GAB`	Enable syncing of GAB	`TRUE`
`ZPUSH_OUTLOOK_ENABLE_IMPERSONATE`	Enable Impersonation	`TRUE`
`ZPUSH_OUTLOOK_ENABLE_NOTES`	Enable Syncing of Notes	`TRUE`
`ZPUSH_OUTLOOK_ENABLE_OUT_OF_OFFICE_TIMES`	Enable Syncing Out of Office Times	`TRUE`
`ZPUSH_OUTLOOK_ENABLE_OUT_OF_OFFICE`	Enable Syncing Out of Office	`TRUE`
`ZPUSH_OUTLOOK_ENABLE_RECEIPTS`	Enable Read Receipts	`TRUE`
`ZPUSH_OUTLOOK_ENABLE_RECEIVE_FLAGS`		`TRUE`
`ZPUSH_OUTLOOK_ENABLE_SECONDARY_CONTACTS`		`TRUE`
`ZPUSH_OUTLOOK_ENABLE_SEND_AS`	Enable Send as Capability	`TRUE`
`ZPUSH_OUTLOOK_ENABLE_SEND_FLAGS`		`TRUE`
`ZPUSH_OUTLOOK_ENABLE_SHARED_FOLDERS`	Enable Shared Folders	`TRUE`
`ZPUSH_OUTLOOK_ENABLE_SIGNATURES`	Enable Signatures	`TRUE`
`ZPUSH_OUTLOOK_GAB_FOLDERID`
`ZPUSH_OUTLOOK_GAB_NAME`	Z -Push Global Address Name	`Z-Push-KOE-GAB`
`ZPUSH_OUTLOOK_GAB_STORE`	Where to store GAB	`SYSTEM`
`ZPUSH_PING_INTERVAL`		`30`
`ZPUSH_PING_LIFETIME_HIGHER`		`FALSE`
`ZPUSH_PING_LIFETIME_LOWER`		`FALSE`
`ZPUSH_PROVISIONING_FILE_POLICY`	Z-Push Prvosioning policy File	`zpush-policies.ini`
`ZPUSH_PROVISIONING_LOOSE`	Allow provisioning for older devices that may not support features required	`FALSE`
`ZPUSH_READ_ONLY_NOTIFY_DATE_FORMAT`	Date Format	`%d.%m.%Y`
`ZPUSH_READ_ONLY_NOTIFY_LOST_DATA`		`TRUE`
`ZPUSH_READ_ONLY_NOTIFY_NO_NOTIFY`		``
`ZPUSH_READ_ONLY_NOTIFY_SUBJECT`		`Sync - Writing operation not permitted - data reset`
`ZPUSH_READ_ONLY_NOTIFY_TIME_FORMAT`		`%H:%M:%S`
`ZPUSH_READ_ONLY_NOTIFY_YOUR_DATA`		`Your data`
`ZPUSH_SEARCH_MAX_RESULTS`	Search Results	`10`
`ZPUSH_SEARCH_PROVIDER`	Backend Search Provider	`BackendKopano`
`ZPUSH_SEARCH_TIME`	Search Timeout	`10`
`ZPUSH_SOCKET_SERVER`	What should service use to contact server	`${SOCKET_SERVER}`
`ZPUSH_STATE_FILE_PATH`	WWhere to store sync states when type `FILE`	`/data/zpush/`
`ZPUSH_STATE_TYPE`	State Type	`FILE`
`ZPUSH_SYNC_ENABLE_PARTIAL_FOLDERSYNC`	Allow Partial Folder Synchronization	`FALSE`
`ZPUSH_SYNC_MAX_CONTACTS_PICTURE_SIZE`	Max size for Contacts Picture	`5242880`
`ZPUSH_SYNC_MAX_FILTERTIME`		`SYNC_FILTERTYPE_ALL`
`ZPUSH_SYNC_MAX_ITEMS`	Maximum items to sync at once	`512`
`ZPUSH_SYNC_RETRY_DELAY`	Retry when failure in seconds	`300`
`ZPUSH_SYNC_TIMEOUT_DEVICETYPES_LONG`	Show leniency for these devices	`iPod, iPad, iPhone, WP, WindowsOutlook, WindowsMail`
`ZPUSH_SYNC_TIMEOUT_DEVICETYPES_MEDIUM`	Show medium leniency for these devices	`SAMSUNGTI`
`ZPUSH_SYNC_UNSET_UNDEFINED_PROPERTIES`	Should we unset ndefined MAPI properties	`FALSE`

Networking

The following ports are exposed.

Port	Description
`80`	HTTP
`110`	Gateway - POP3
`143`	Gateway - IMAP
`236`	Server
`237`	Server - Secure
`993`	Gateway - IMAPs
`995`	Gateway - POPs
`1238`	Search
`2003`	DAgent LMTP
`8080`	ICal
`8443`	ICal - Secure

Maintenance

To be added when image is stable

Shell Access

For debugging and maintenance purposes you may want access the containers shell.

docker exec -it (whatever your container name is e.g.) kopano bash

tiredofit/docker-kopano

tiredofit

Reviews

Repository Details