egroupware/doc/docker/README.md

13 KiB

Running EGroupware in Docker

This is NOT the recommended way of installing EGroupware on a Linux server! Please consult the installation instructions in our wiki.

Quick instructions

curl https://raw.githubusercontent.com/EGroupware/egroupware/master/doc/docker/docker-compose.yml > docker-compose.yml
curl https://raw.githubusercontent.com/EGroupware/egroupware/master/doc/docker/nginx.conf > nginx.conf
# edit docker-compose.yml or nginx.conf, by default it will run on http://localhost:8080/
# create a few directories upfront, otherwise the containers won't start up:
mkdir data # this is where egroupware data is stored, it's by default a subdir of the directory of docker-compose.yml
mkdir -p data/default/loolwsd # this is where collabora config is stored
mkdir -p data/default/rocketchat/dump # rocket.chat dumps
mkdir -p data/default/rocketchat/uploads # rocket.chat uploads
mkdir sources # egroupware sources will show up in this folder
docker-compose up -d

More information

The provided docker-compose.yml will run the following container:

  • egroupware running latest PHP 8.1 as FPM (see fpm subdirectory for more information)
  • egroupware-push running PHP 8.1 Swoole Alpine image for websocket connections
  • egroupware-nginx running Nginx as webserver (by default http only on port 8080)
  • egroupware-db latest MariaDB 10.6
  • egroupware-watchtower updating all above container automatically daily at 4am
  • collabora-key Collabora Online Office
  • collabora-init Collabora init container to generate the configuration once
  • rocketchat Rocket.Chat server
  • rocketchat-mongodb MongoDB for Rocket.Chat
  • portainer Portainer Docker GUI
version: '3'
volumes:
  # NOTE: all directories referenced by "device" entries below need to be created manually before starting the containers
  # egroupware sources
  sources:
    driver_opts:
      type: none
      o: bind
      device: $PWD/sources/
  # sources for push server, swoolepush is a subdirectory of egroupware sources (within volume "sources")
  sources-push:
    driver_opts:
      type: none
      o: bind
      device: $PWD/sources/swoolepush
  db:
  data:
    driver_opts:
      type: none
      o: bind
      # to upgrade an existing non-docker installation most easy is to use the existing
      # data directory /var/lib/egroupware AND the host database see below
      #device: /var/lib/egroupware
      # otherwise data is stored in data subdirectory of the current directory
      device: $PWD/data
  # extra sources with apps not part of egroupware container
  #extra:
  #  driver_opts:
  #    type: none
  #    o: bind
  #    # location of deprecated EGroupware packages like Wiki, SiteMgr, KnowledgeBase
  #    device: /usr/share/egroupware
  #    #device: $PWD/extra
  # volume to store config.inc.php file / token shared between egroupware and push container
  push-config:
  sessions:
  # collabora-config directory, initially filled by collabora-init container
  # additionally some more configuration files are needed in order for collabora to work, which are _not_ generated by the collabora-init container
  collabora-config:
    driver_opts:
      type: none
      o: bind
      # to upgrade an existing non-docker installation most easy is to use the existing
      # data directory /var/lib/egroupware AND the host database see below
      #device: /var/lib/egroupware/default/loolwsd
      # otherwise data is stored in data subdirectory of the current directory
      device: $PWD/data/default/loolwsd
  # store Rocket.Chat MongoDB on an (internal) Volume
  mongo:
  # directory to store MongoDB dumps
  rocketchat-dumps:
    driver_opts:
      type: none
      o: bind
      device: $PWD/data/default/rocketchat/dump
  rocketchat-uploads:
    driver_opts:
      type: none
      o: bind
      device: $PWD/data/default/rocketchat/uploads
services:
  egroupware:
    image: egroupware/egroupware:latest
    # EPL image: download.egroupware.org/egroupware/epl:20.1
    # setting a default language for a new installation
    #environment:
    #- LANG=de
    volumes:
    - sources:/usr/share/egroupware
    # extra-sources rsync from entry-point into sources
    #- extra:/usr/share/egroupware-extra
    - data:/var/lib/egroupware
    - sessions:/var/lib/php/sessions
    - push-config:/var/lib/egroupware-push
    # if you want to use the host database:
    # 1. comment out the whole db service below AND
    # 2. set EGW_DB_HOST=localhost AND
    # 3. uncomment the next line and modify the host path (first one), it depends on your distro:
    #    - RHEL/CentOS   /var/lib/mysql/mysql.sock:/var/run/mysqld/mysqld.sock
    #    - openSUSE/SLE  /var/run/mysql/mysql.sock:/var/run/mysqld/mysqld.sock
    #    - Debian/Ubuntu /var/run/mysqld:/var/run/mysqld
    #- /var/run/mysqld:/var/run/mysqld
    # private CA so egroupware can validate your certificate to talk to Collabora or Rocket.Chat
    # multiple certificates (eg. a chain) have to be single files in a directory, with one named private-ca.crt!
    #- /etc/egroupware-docker/private-ca.crt:/usr/local/share/ca-certificates/private-ca.crt:ro
    environment:
    # MariaDB/MySQL host to use: for internal service use "db", for host database (socket bind-mounted into container) use "localhost"
    - EGW_DB_HOST=db
    # grant host is needed for NOT using localhost / unix domain socket for MySQL/MariaDB
    - EGW_DB_GRANT_HOST=172.%
    # for internal db service you should to specify a root password here AND in db service
    # a database "egroupware" with a random password is created for you on installation (password is stored in header.inc.php in data directory)
    #- EGW_DB_ROOT=root
    - EGW_DB_ROOT_PW=secret
    # alternativly you can specify an already existing database with full right by the given user!
    #- EGW_DB_NAME=egroupware
    #- EGW_DB_USER=egroupware
    #- EGW_DB_PASS=
    # further post_install.php arguments can be passed as a single enviroment variable with space separated assignments
    # "<name1>=<value1> <name2>=<value2>" see https://github.com/EGroupware/egroupware/blob/master/doc/rpm-build/post_install.php#L17
    # to configure eg. LDAP for authentication and account storage use
    #- EGW_POST_INSTALL='account-auth=ldap,ldap ldap_base=ou=egroupware,dc=example,dc=org ldap_host=tls://ldap.example.org ldap_admin=cn=admin,$base ldap_admin_pw=secret ldap_context=cn=users,$base ldap_group_context=cn=groups,$base'
    restart: always
    depends_on:
    - db
    container_name: egroupware
    # set the ip-address of your docker host AND your official DNS name so EGroupware
    # can access Rocket.Chat or Collabora without the need to go over your firewall
    #extra_hosts:
    #- "my.host.name:ip-address"

  # push server using phpswoole
  push:
    image: phpswoole/swoole:php8.1-alpine
    command:
      - /var/www/server.php
    environment:
      EGW_MAX_PUSH_USERS: 1024
    volumes:
      - sources-push:/var/www
      - sessions:/var/lib/php/sessions
      - push-config:/var/lib/egroupware-push
    container_name: egroupware-push
    restart: always
    # as we get our sources from there
    depends_on:
      - egroupware

  nginx:
    image: nginx:stable-alpine
    volumes:
    - sources:/usr/share/egroupware:ro
    # to add a certificate create a certificate.pem containing (in that order)
    # 1. private key
    # 2. public key
    # 3. (optional) chain certificates
    # uncomment to the next line
    # ./certificate.pem:/etc/ssl/private/certificate.pem
    # AND uncomment the three lines starting with "listen 443", "ssl_certificate", "ssl_certificate_key" in nginx.conf
    - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
    ports:
    # if no webserver is running on the host, change (first) number to 80 or 443
    - "8080:80"
    - "4443:443"
    depends_on:
    - egroupware
    - collabora-key
    - rocketchat
    container_name: egroupware-nginx

  # run an own MariaDB:10.4 (you can use EGroupware's database backup and restore to add your existing database)
  db:
    image: mariadb:10.6
    environment:
    #- MYSQL_ROOT=root
    - MYSQL_ROOT_PASSWORD=secret
    - MARIADB_AUTO_UPGRADE=true
    volumes:
    - db:/var/lib/mysql
    container_name: egroupware-db

  # automatic updates of all containers daily at 4am
  # see https://containrrr.github.io/watchtower for more information
  watchtower:
    image: containrrr/watchtower
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    # For automatic EPL Updates (not necessary for CE!) you need to pass docker
    # credentials into watchtower after running: docker login download.egroupware.org
    #- /root/.docker/config.json:/config.json:ro
    environment:
    - WATCHTOWER_CLEANUP=true # delete old image after update to not fill up the disk
    # for email notifications add your email and mail-server here
    #- WATCHTOWER_NOTIFICATIONS=email
    #- WATCHTOWER_NOTIFICATIONS_LEVEL=info # possible values: panic, fatal, error, warn, info or debug
    #- WATCHTOWER_NOTIFICATION_EMAIL_FROM=watchtower@my-domain.com
    #- WATCHTOWER_NOTIFICATION_EMAIL_TO=me@my-domain.com"
    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER=mail.my-domain.com # if you give your MX here, you need no user/password
    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=25
    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=watchtower@my-domain.com
    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD="secret"
    command: --schedule "0 0 4 * * *"
    container_name: egroupware-watchtower
    restart: always

  # Collabora Online Office
  collabora-key:
    image: "quay.io/egroupware/collabora-key:stable"
    #image: collabora/code:latest
    volumes:
      - collabora-config:/etc/coolwsd
    restart: always
    container_name: collabora-key
    # set the ip-address of your docker host AND your official DNS name so Collabora
    # can access EGroupware without the need to go over your firewall
    #extra_hosts:
    #- "my.host.name:ip-address"
    depends_on:
      - collabora-init

  # initialise the collabora-config volume
  collabora-init:
    image: "quay.io/egroupware/collabora-key:latest"
    command:  bash -c 'test -f /tmp/coolwsd/coolwsd.xml || (cp -p /etc/coolwsd/* /tmp/coolwsd/; sed "s/<enable type=\"bool\" desc=\"Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable.\" default=\"true\">true</<enable type=\"bool\" desc=\"Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable.\" default=\"true\">false</g" < /etc/coolwsd/coolwsd.xml > /tmp/coolwsd/coolwsd.xml)'
    volumes:
      - collabora-config:/tmp/coolwsd

  # Rocket.Chat server
  rocketchat:
    image: rocketchat/rocket.chat:latest
    command: bash -c 'for i in `seq 1 30`; do node main.js && s=$$? && break || s=$$?; echo "Tried $$i times. Waiting 5 secs..."; sleep 5; done; (exit $$s)'
    restart: unless-stopped
    volumes:
      - rocketchat-uploads:/app/uploads
    # if EGroupware uses a certificate from a private CA, OAuth authentication will fail, you need to:
    # - have the CA certificate stored at /etc/egroupware-docker/private-ca.crt
    # - uncomment the next 2 lines about the private CA:
    # - /etc/egroupware-docker/private-ca.crt:/usr/local/share/ca-certificates/private-ca.crt:ro
    environment:
      # - NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/private-ca.crt
      # IMPORTANT: change ROOT_URL to your actual url eg. https://domain.com/rocketchat
      - ROOT_URL=http://localhost/rocketchat
      - PORT=3000
      - MONGO_URL=mongodb://mongo:27017/rocketchat
      - MONGO_OPLOG_URL=mongodb://mongo:27017/local
    #     - HTTP_PROXY=http://proxy.domain.com
    #     - HTTPS_PROXY=http://proxy.domain.com
    depends_on:
      - mongo
    container_name: rocketchat
    # set the ip-address of your docker host AND your official DNS name so Rocket.Chat
    # can access EGroupware without the need to go over your firewall
    #extra_hosts:
    #- "my.host.name:ip-address"

  # MongoDB for Rocket.Chat
  mongo:
    image: mongo:4.0
    restart: unless-stopped
    volumes:
      - mongo:/data/db
      - rocketchat-dumps:/dump
    command: mongod --smallfiles --oplogSize 128 --replSet rs0 --storageEngine=mmapv1
    container_name: rocketchat-mongo
  # this container's job is just run the command to initialize the replica set.
  # it will run the command and remove himself (it will not stay running)
  mongo-init-replica:
    image: mongo:4.0
    command: 'bash -c "for i in `seq 1 30`; do mongo mongo/rocketchat --eval \"rs.initiate({ _id: ''rs0'', members: [ { _id: 0, host: ''localhost:27017'' } ]})\" && s=$$? && break || s=$$?; echo \"Tried $$i times. Waiting 5 secs...\"; sleep 5; done; (exit $$s)"'
    depends_on:
      - mongo

  # Portainer: Docker GUI (needs to be enabled in nginx.conf too!)
#   portainer:
#    image: portainer/portainer
#    command: -H unix:///var/run/docker.sock
#    restart: always
#    ports:
#      - 9000:9000
#      - 8000:8000
#    volumes:
#      - /var/run/docker.sock:/var/run/docker.sock
#      - portainer_data:/data
#    container_name: portainer