From 939402bd348ebc14ce09271d64595c698f4c1254 Mon Sep 17 00:00:00 2001
From: Marcel Beyer <marcel.beyer@disqu.de>
Date: Sun, 31 Aug 2025 21:45:28 +0200
Subject: [PATCH] init

---
 Dockerfile          |  16 +++++
 README.md           |  11 ++++
 SOGo.list           |   1 +
 docker-compose.yaml |  40 ++++++++++++
 nginx.conf          | 105 ++++++++++++++++++++++++++++++
 sogo.conf           | 151 ++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 324 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 README.md
 create mode 100644 SOGo.list
 create mode 100644 docker-compose.yaml
 create mode 100644 nginx.conf
 create mode 100644 sogo.conf

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..4ccfcd0
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,16 @@
+FROM ubuntu:noble
+#ARG SOGO_VERSION="5.10.0"
+
+RUN apt-get update && apt-get install -y apt-transport-https wget gnupg
+RUN wget -O- "https://keys.openpgp.org/vks/v1/by-fingerprint/74FFC6D72B925A34B5D356BDF8A27B36A6E2EAE9" | gpg --dearmor | apt-key add -
+COPY SOGo.list /etc/apt/sources.list.d/SOGo.list
+RUN apt-get update && apt-get install -y sope4.9-gdl1-postgresql sogo
+
+VOLUME /usr/lib/GNUstep/SOGo/WebServerResources
+EXPOSE 20000
+
+# setup user
+RUN id -u sogo &>/dev/null || useradd sogo
+USER sogo
+
+CMD [ "sogod", "-WONoDetach", "YES", "-WOPort", "0.0.0.0:20000", "-WOLogFile", "-", "-WOPidFile", "/tmp/sogo.pid"]
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..e698ec5
--- /dev/null
+++ b/README.md
@@ -0,0 +1,11 @@
+# DISQU SOGo Container
+
+Das `Dockerfile` in diesem Repo baut einen Container für die Groupware SOGo.
+Basis ist das Ubuntu-Containerimage, in welchem SOGo aus dem offiziellem SOGo-Repo installiert wird.
+Da nur das Nightly-Repo ohne Subskription verfügbar ist, wird beim Bauen des Containers automatisch die neuste Version von SOGo installiert.
+Entsprechend müssen wir nach dem Bauen des Containers diesen selbst mit einer passenden Versionsnummer taggen und auf unsere Registry hochladen.
+
+Bei Kundeninstallationen verwenden wir dann die so gebaute Version des Containerimages.
+
+Die beiliegende `docker-compose.yml` zeigt beispielhalf, wie der SOGo-Container genutzt werden kann.
+Es wird beispielsweise ein Webserver benötigt, welcher die statischen Assets ausliefert.
diff --git a/SOGo.list b/SOGo.list
new file mode 100644
index 0000000..dd49efe
--- /dev/null
+++ b/SOGo.list
@@ -0,0 +1 @@
+deb https://packages.sogo.nu/nightly/5/ubuntu/ noble noble
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..0d3f3da
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,40 @@
+
+version: '2'
+
+services:
+   sogo:
+      build:
+         context: .
+         args:
+         # replace by your desired  version
+            version: 5.10.0
+#      links:
+#         - db
+      volumes:
+         # replace by your own file
+         - ./sogo.conf:/etc/sogo/sogo.conf
+      environment:
+         - "TZ=Europe/Berlin"
+   db:
+      image: postgres:17.6
+      environment:
+        POSTGRES_USER: postgres
+        POSTGRES_PASSWORD: postgres
+        POSTGRES_DB: postgres
+      # for debug purpose only: reach the database from outside
+      #ports:
+      #   - "5432"
+#   memcached:
+#      image: memcached:1.6-alpine
+   nginx:
+      image: nginx
+      links:
+         - sogo
+      volumes_from:
+         # you will be able to serve assets from sogo image
+         - sogo:ro
+      ports:
+          # publish on port 8003
+          - "8003:80"
+      volumes:
+         - ./nginx.conf:/etc/nginx/nginx.conf:ro
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..08e61e3
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,105 @@
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+    error_log   /var/log/nginx/error.log;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    gzip  off;
+
+
+
+
+   server
+   {
+      listen      80 default;
+
+      root /usr/lib/GNUstep/SOGo/WebServerResources/;
+
+      ## requirement to create new calendars in Thunderbird ##
+      proxy_http_version 1.1;
+
+      location = /
+      {
+         absolute_redirect off;
+         return 301 /SOGo;
+         allow all;
+      }
+      # For IOS 7
+
+      location = /principals/
+      {
+         rewrite ^ `https://$server_name/SOGo/dav`;
+         allow all;
+      }
+      location ^~/SOGo
+      {
+         proxy_pass http://sogo:20000;
+         proxy_redirect `http://sogo:20000` default;
+         # forward user's IP address
+         proxy_set_header X-Real-IP $remote_addr;
+         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+         proxy_set_header Host $host;
+         proxy_set_header x-webobjects-server-protocol HTTP/1.0;
+         proxy_set_header x-webobjects-remote-host 127.0.0.1;
+         proxy_set_header x-webobjects-server-name $server_name;
+         proxy_set_header x-webobjects-server-url $scheme://$host;
+         proxy_set_header x-webobjects-server-port $server_port;
+         proxy_connect_timeout 90;
+         proxy_send_timeout 90;
+         proxy_read_timeout 90;
+         proxy_buffer_size 4k;
+         proxy_buffers 4 32k;
+         proxy_busy_buffers_size 64k;
+         proxy_temp_file_write_size 64k;
+         client_max_body_size 50m;
+         client_body_buffer_size 128k;
+         break;
+      }
+
+      location /SOGo.woa/WebServerResources/
+      {
+         alias /usr/lib/GNUstep/SOGo/WebServerResources/;
+         allow all;
+      }
+
+      location /SOGo/WebServerResources/
+      {
+         alias /usr/lib/GNUstep/SOGo/WebServerResources/;
+         allow all;
+      }
+
+      location (^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$)
+      {
+         alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
+      }
+
+      location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$)
+      {
+         alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
+      }
+   }
+}
diff --git a/sogo.conf b/sogo.conf
new file mode 100644
index 0000000..fb50a9d
--- /dev/null
+++ b/sogo.conf
@@ -0,0 +1,151 @@
+{
+  /* *********************  Main SOGo configuration file  **********************
+   *                                                                           *
+   * Since the content of this file is a dictionary in OpenStep plist format,  *
+   * the curly braces enclosing the body of the configuration are mandatory.   *
+   * See the Installation Guide for details on the format.                     *
+   *                                                                           *
+   * C and C++ style comments are supported.                                   *
+   *                                                                           *
+   * This example configuration contains only a subset of all available        *
+   * configuration parameters. Please see the installation guide more details. *
+   *                                                                           *
+   * ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this file,    *
+   * make sure to move it away to avoid unwanted parameter overrides.          *
+   *                                                                           *
+   * **************************************************************************/
+
+  /* Database configuration (mysql:// or postgresql://) */
+  SOGoProfileURL = "postgresql://postgres:postgres@db:5432/postgres/sogo_user_profile";
+  OCSFolderInfoURL = "postgresql://postgres:postgres@db:5432/postgres/sogo_folder_info";
+  OCSSessionsFolderURL = "postgresql://postgres:postgres@db:5432/postgres/sogo_sessions_folder";
+
+  /* Mail */
+  //SOGoDraftsFolderName = Drafts;
+  //SOGoSentFolderName = Sent;
+  //SOGoTrashFolderName = Trash;
+  SOGoIMAPServer = "imaps://mail.beyerm.de:143/?tls=yes";
+  SOGoSieveServer = sieve://mail.beyerm.de:4190;
+  SOGoSMTPServer = mail.beyerm.de;
+  SOGoMailDomain = disqu.de;
+  SOGoMailingMechanism = smtp;
+  SOGoForceExternalLoginWithEmail = YES;
+  SOGoSMTPAuthenticationType = PLAIN;
+  SOGoForceExternalLoginWithEmail = YES;
+  //SOGoMailSpoolPath = /var/spool/sogo;
+  //NGImap4ConnectionStringSeparator = "/";
+
+  /* Notifications */
+  //SOGoAppointmentSendEMailNotifications = NO;
+  //SOGoACLsSendEMailNotifications = NO;
+  //SOGoFoldersSendEMailNotifications = NO;
+
+  /* Authentication */
+  SOGoPasswordChangeEnabled = NO;
+
+  /* LDAP authentication example */
+  /* LDAP authentication example */
+  SOGoUserSources = (
+    {
+      type = ldap;
+      CNFieldName = cn;
+      UIDFieldName = uid;
+      IDFieldName = uid; // first field of the DN for direct binds
+      MailFieldNames = (mail);
+      bindFields = (uid, mail); //(uid, mail); // array of fields to use for indirect binds
+      baseDN = "ou=people,dc=office,dc=disqu,dc=de";
+      bindDN = "cn=sogo,ou=people,dc=office,dc=disqu,dc=de";
+      bindPassword = sogotopsecretpassword;
+      canAuthenticate = YES;
+      displayName = "Shared Addresses";
+      hostname = ldap://172.17.0.1:3890;
+      id = public;
+      isAddressBook = YES;
+      passwordPolicy = NO;
+    }
+  );
+
+  /* LDAP AD/Samba4 example */
+  //SOGoUserSources = (
+  //  {
+  //    type = ldap;
+  //    CNFieldName = cn;
+  //    UIDFieldName = sAMAccountName;
+  //    baseDN = "CN=users,dc=domain,dc=tld";
+  //    bindDN = "CN=sogo,CN=users,DC=domain,DC=tld";
+  //    bindFields = (sAMAccountName, mail);
+  //    bindPassword = password;
+  //    canAuthenticate = YES;
+  //    displayName = "Public";
+  //    hostname = ldap://127.0.0.1:389;
+  //    filter = "mail = '*'";
+  //    id = directory;
+  //    isAddressBook = YES;
+  //  }
+  //);
+
+
+  /* SQL authentication example */
+  /*  These database columns MUST be present in the view/table:
+   *    c_uid - will be used for authentication -  it's the username or username@domain.tld)
+   *    c_name - which can be identical to c_uid -  will be used to uniquely identify entries
+   *    c_password - password of the user, plain-text, md5 or sha encoded for now
+   *    c_cn - the user's common name - such as "John Doe"
+   *    mail - the user's mail address
+   *  See the installation guide for more details
+   */
+  //SOGoUserSources =
+  //  (
+  //    {
+  //      type = sql;
+  //      id = directory;
+  //      viewURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_view";
+  //      canAuthenticate = YES;
+  //      isAddressBook = YES;
+  //      userPasswordAlgorithm = md5;
+  //    }
+  //  );
+
+  /* Web Interface */
+  //SOGoPageTitle = SOGo;
+  //SOGoVacationEnabled = YES;
+  //SOGoForwardEnabled = YES;
+  //SOGoSieveScriptsEnabled = YES;
+  //SOGoMailAuxiliaryUserAccountsEnabled = YES;
+  //SOGoTrustProxyAuthentication = NO;
+  //SOGoXSRFValidationEnabled = YES;
+
+  /* General */
+  //SOGoLanguage = English;
+  //SOGoTimeZone = America/Montreal;
+  //SOGoCalendarDefaultRoles = (
+  //  PublicDAndTViewer,
+  //  ConfidentialDAndTViewer
+  //);
+  //SOGoSuperUsernames = (sogo1, sogo2); // This is an array - keep the parens!
+  //SxVMemLimit = 384;
+  //WOPidFile = "/var/run/sogo/sogo.pid";
+
+
+  // reach memcached through docker
+  SOGoMemcachedHost = "memcached";
+
+  // this has a great impact on performance: you should adjust the number
+  // of workers according to the number of users and the performance of your
+  // machine
+  WorkersCount = 4;
+
+
+
+
+  /* Debug */
+  //SOGoDebugRequests = YES;
+  //SoDebugBaseURL = YES;
+  //ImapDebugEnabled = YES;
+  //LDAPDebugEnabled = YES;
+  //PGDebugEnabled = YES;
+  //MySQL4DebugEnabled = YES;
+  //SOGoUIxDebugEnabled = YES;
+  //WODontZipResponse = YES;
+  //WOLogFile = /var/log/sogo/sogo.log;
+}