Mysql database integration

copper-server/kubernetes/README.md

@@ -185,11 +185,19 @@ In copper Email solution we are using rainloop web client.So we have to implemen
   cd copperclient
   // Build the docker image
   docker build -t webmail .
+  // use bellow command to run it using docker  (Testing perposes only).
+  docker run --name webmail -d webmail
+
 
   // Buld the kubernetes pod
   Kubectl create -f copperclient/webmail.yaml
 
-  //
+  // Deleting the service
+   kubectl delete service webmail --namespace=monitoring
+  kubectl delete deployment webmail --namespace=monitoring
+
+   // login in to webmail client
+  kubectl exec webmail-6f46b7cfbb-l9d8w --namespace=monitoring --stdin --tty -c webmail /bin/sh
 
 ```
 Once you deploy the webmail client then you have to configure it for accessing the emailserver.

copper-server/kubernetes/copperclient/Dockerfile

@@ -1,48 +1,189 @@
-FROM ubuntu:14.04
-MAINTAINER LSF <[email protected]>
+#https://medium.com/@meeramarygeorge/create-php-mysql-apache-development-environment-using-docker-in-windows-9beeba6985
+#https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04
+#https://loige.co/using-lets-encrypt-and-certbot-to-automate-the-creation-of-certificates-for-openvpn/
+#FROM ubuntu:latest
+FROM ubuntu:18.04
 
-RUN apt-get update
+MAINTAINER Name<[email protected]>
+
+ENV DEBIAN_FRONTEND noninteractive
+ENV DOMAIN=${DOMAIN}
+
+# Install basics
+
+#RUN apt-get update
+RUN apt-get update --fix-missing && apt-get -y purge exim4*
 RUN apt-get -y upgrade
+RUN apt-get -y install apt-utils
+# installing netstat command
+RUN apt-get -y install net-tools
+# installing ping command
+RUN apt-get install -y iputils-ping
+# install mail until for testing functions
+RUN apt-get -y install mailutils
+# installing lsof command
 RUN apt-get -y install lsof
 RUN apt-get -y install telnet
 RUN apt-get -y install nano
-# Install apache, PHP, and supplimentary programs. curl and lynx-cur are for debugging the container.
-RUN DEBIAN_FRONTEND=noninteractive apt-get -y install apache2 libapache2-mod-php5 php5-mysql php5-gd php-pear php-apc php5-curl php5-ldap curl lynx-cur
+RUN apt-get -y install letsencrypt openssl
+
+RUN apt-get install -y software-properties-common && \
+
+add-apt-repository ppa:ondrej/php && apt-get update
+
+#RUN apt-get install -y — force-yes curl
+RUN apt-get install -y curl
+
+# installing ping command
+RUN apt-get install -y iputils-ping
+
+RUN apt-get update
+
+# Install PHP 5.6
+
+#RUN apt-get install -y — allow-unauthenticated php5.6 php5.6-mysql php5.6-mcrypt php5.6-cli php5.6-gd php5.6-curl
+RUN apt-get install -y php5.6 php5.6-mysql php5.6-mcrypt php5.6-cli php5.6-gd php5.6-curl
 
 # Enable apache mods.
-RUN php5enmod openssl
-RUN a2enmod php5
+
+RUN a2enmod php5.6
+
 RUN a2enmod rewrite
 
 # Update the PHP.ini file, enable <? ?> tags and quieten logging.
-RUN sed -i "s/short_open_tag = Off/short_open_tag = On/" /etc/php5/apache2/php.ini
-RUN sed -i "s/error_reporting = .*$/error_reporting = E_ERROR | E_WARNING | E_PARSE/" /etc/php5/apache2/php.ini
+
+RUN sed -i "s/short_open_tag = Off/short_open_tag = On/" /etc/php/5.6/apache2/php.ini
+
+RUN sed -i "s/error_reporting = .*$/error_reporting = E_ERROR | E_WARNING | E_PARSE/" /etc/php/5.6/apache2/php.ini
+
+
 
 # Manually set up the apache environment variables
-ENV APACHE_RUN_USER www-data
-ENV APACHE_RUN_GROUP www-data
+
 ENV APACHE_LOG_DIR /var/log/apache2
+
 ENV APACHE_LOCK_DIR /var/lock/apache2
+
 ENV APACHE_PID_FILE /var/run/apache2.pid
 
-#EXPOSE 443
-EXPOSE 80
-#EXPOSE 8080
+# Manually set up the apache environment variables
+ENV APACHE_RUN_USER www-data
+
+ENV APACHE_RUN_GROUP www-data
+
+
+
+# Expose to letsencript key generation ACME test
+#EXPOSE 80 
+# Expose for non secured access (without https) for testing perposes
+EXPOSE 89
+# primary https port
+EXPOSE 443
+# secondary https port
+EXPOSE 433
+
 
 
-# Copy site into place.
-ADD ./app/ /var/www/site/app
-#RUN chown -R www-data:www-data /var/www/site/app .
+
+
+#EXPOSE 3306
 
 # Update the default apache site with the config we created.
-ADD ./apache-config.conf /etc/apache2/sites-enabled/000-default.conf
-ADD ./fqdn /etc/apache2/conf.d/fqdn
-ADD ./hosts /etc/hosts
-ADD ./apache2.conf /etc/apache2/apache2.conf
-ADD ./servername.conf /etc/apache2/conf-available/servername.conf
-ADD ./servername.conf /etc/apache2/sites-enabled/servername.conf
-
-# By default, simply start apache.
-RUN chmod -R 777 /var/www/site/app/data/
+
+#ADD ./config/apache-config.conf /etc/apache2/sites-enabled/000-default.conf
+ADD ./config/hosts /etc/hosts
+
+# Copy site into place.
+
+ADD ./app/ /var/www/html/site/
+#RUN  copy cert files
+#ADD ./tls/cert.pem /etc/ssl/certs/copper.opensource.lk.cert.pem
+ADD ./tls/cert.pem /etc/ssl/certs/cert.pem
+#ADD ./tls/privkey.pem /etc/ssl/private/copper.opensource.lk.privkey.pem
+ADD ./tls/privkey.pem /etc/ssl/private/privkey.pem
+
+#ADD ssl certificate list als
+ADD ./tls/copper.opensource.lk.crt /etc/ssl/certs/copper.opensource.lk.crt
+ADD ./tls/copper.opensource.lk.key /etc/ssl/private/copper.opensource.lk.key
+
+#RUN chmod -R 777 /var/www/html/site/app
+
+ RUN chown -R www-data:www-data /var/www/html/site/
+
+ # Update the default apache site with the config we created.
+#ADD ./config/apache-config.conf /etc/apache2/sites-enabled/example.com.conf
+
+RUN apt-get -y install nano
+
+# Lets encript 
+
+# First, add the repository:
+RUN add-apt-repository -y ppa:certbot/certbot 2> /dev/null || true
+
+#Install Certbot's Apache package with apt:
+RUN apt install -y python-certbot-apache
+
+# reload the configuration
+#RUN systemctl reload apache2
+
+# manual lets encript key generation tool
+#certbot --apache -d example.com -d www.example.com
+#CMD certbot --apache -d copper.opensource.lk -d copper.opensource.lk
+
+
+# with certbot-auto
+#https://www.exratione.com/2016/06/a-simple-setup-and-installation-script-for-lets-encrypt-ssl-certificates/
+RUN apt-get install -y wget
+RUN wget https://dl.eff.org/certbot-auto
+RUN chmod a+x certbot-auto
+RUN mv certbot-auto /usr/local/bin
+RUN certbot-auto --noninteractive --os-packages-only 2> /dev/null || true
+# Use this command if a webserver is already running with the webroot
+# at /var/www/html.
+#RUN certbot-auto certonly \
+RUN certbot-auto \
+  --non-interactive \
+  --agree-tos \
+  --text \
+  --rsa-key-size 4096 \
+  --email [email protected] \
+  --domains copper.opensource.lk \
+  --webroot-path /var/www/html/site/ \
+  #--apache \
+  --apache 2> /dev/null || true
+  #--help plugins \
+
+
+
+
+
+#RUN cp /etc/letsencrypt/live/copper.opensource.lk/fullchain.pem /etc/ssl/certs/copper.opensource.lk.fullchain.pem
+#RUN cp /etc/letsencrypt/live/copper.opensource.lk/privkey.pem /etc/ssl/private/copper.opensource.lk.privkey.pem
+#RUN cp ./tls/cert.pem /etc/ssl/certs/copper.opensource.lk.cert.pem
+#RUN cp ./tls/privkey.pem /etc/ssl/private/copper.opensource.lk.privkey.pem
+
+# this for copper live server
+ADD ./config/copper.http.conf /etc/apache2/sites-enabled/copper.http.conf
+ADD ./config/copper.https.conf /etc/apache2/sites-enabled/copper.https.conf
+# coppies port configuration
+ADD ./config/ports.conf /etc/apache2/ports.conf
+
+# adding ports.conf file to the image
+ADD ./config/ports.conf  /etc/apache2/
+
+RUN certbot renew --dry-run
+# By default start up apache in the foreground, override with /bin/bash for interative.
+#CMD chmod -R 777 /var/www/html/data/
+
+# Attempting to copy to host file to container or change the content
+# adding host file
+ADD ./config/hosts /etc/hosts
+# put new entry to the host file
+RUN echo "127.0.0.1  copper.opensource.lk copper" >> /etc/hosts
+#RUN sed -i "s/127.0.0.1 = .*$/127.0.0.1 = copper.opensource.lk/" /etc/hosts
+
+# enable https in apache
+RUN a2enmod ssl
+
 CMD /usr/sbin/apache2ctl -D FOREGROUND
-# RUN service apache2 restart
+

copper-server/kubernetes/copperclient/INFORMATION.md

@@ -0,0 +1,141 @@
+
+## Creating frontend https server with ingress
+
+  '''kubectl create -f frontend.yaml'''
+
+### TLS secreet creation ######
+'''kubectl create secret generic tls-certs --from-file=tls/''''
+
+
+// kubernetes with postfix
+https://www.tauceti.blog/post/run-postfix-in-kubernetes/
+
+# Apache web server with https with docker and kubernetes
+https://manual.seafile.com/deploy/https_with_apache.html
+https://www.digicert.com/csr-ssl-installation/apache-openssl.htm
+https://www.tecmint.com/install-rainloop-webmail-in-arch-linux/
+
+// building new docker for 
+docker build -t homail .
+docker build -t webmail .
+
+// run the homail image as homail container
+docker run --name homail -d homail
+
+//login to server for further modifications.
+docker exec -it homail /bin/bash
+
+## Port congiguration
+// if you want to change to port use
+nano /etc/apache2/ports.conf
+By default, Apache web server is instructed to listen for incoming connection and bind on port 80. If you opt for the TLS configuration, the server will listen for secure connections on port 443.
+
+In order to instruct Apache web server to bind and listen for web traffic on other ports than the standard web ports, you need to add a new statement containing the newly port for future bindings.
+
+'''
+ nano /etc/apache2/ports.conf     [On Debian/Ubuntu]
+ nano /etc/httpd/conf/httpd.conf  [On RHEL/CentOS]
+'''
+
+ add 89 for listning port
+
+ After you’ve added the above line, you need to create or alter an Apache virtual host in Debian/Ubuntu based distribution in order to start the binding process, specific to your own vhost requirements.
+
+In CentOS/RHEL distributions, the change is applied directly into default virtual host. In the below sample, we’ll modify the default virtual host of the web server and instruct Apache to listen for web traffic from 80 port to 8081 port.
+
+'''nano /etc/apache2/sites-enabled/000-default.conf '''
+
+*** After correct configuration in ports.conf and vertual hosts you may access these sites from curl command
+
+// get ports.conf
+docker cp homail:/etc/apache2/ports.conf ~/Documents/copper/copper/copper-server/core/rainloop/config
+
+
+
+// coppy files from docer container to machine. (like host file)
+docker cp homail:/etc/hosts ~/Documents/copper/copper/copper-server/core/rainloop
+
+
+
+// docker file you should have expose the port
+
+
+// And when you run the container use bellow command you have to bind docker EXPOSED port to host port ( EXPOSE 89).
+
+Ex :
+
+'''docker run -p 89:89 --name homail -d homail'''
+
+
+## Now converting the site to https
+
+
+// open the 443 port in docker file
+'''EXPOSE 443'''
+
+// Create the vertual host file
+
+
+// run the docker image opening the https port 443
+'''docker run -p 80:80 -p 89:89 -p 443:443 -p 433:433 --name homail -d homail'''
+
+// then login to the homail container and test the apache congiguration
+'''apachectl configtest
+AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
+Syntax OK
+'''
+
+This is a warning message to remove this warning following line added.
+
+/etc/apache2# nano apache2.conf
+
+''' ServerName copper.opensource.lk '''
+
+Then the error was removed.
+'''# apachectl configtest
+Syntax OK
+'''
+
+
+On many systems (Ubuntu, Suse, Debian, ...) run the following command to enable Apache's SSL mod:
+
+'''sudo a2enmod ssl
+// but in docker container
+   a2enmod ssl '''
+
+
+
+On CentOS 7 installing the package "mod_ssl" and restarting the apache server worked for me:
+
+'''yum install mod_ssl
+systemctl restart httpd'''
+
+// command to add entry to the host file in ubunut
+'''echo "127.0.0.1  copper.opensource.lk copper" >> /etc/hosts'''
+
+
+# ERRORS
+
+1. An error occurred during a connection to localhost. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG 
+
+** if browser gives above error it means browser is expecting https encrypted data but web server send unencripted data. you may check it by typing the url without https.
+
+Ex : http://localhost:443
+
+The web server is sending non-secure (HTTP) data where secure (HTTPS) data is expected by Firefox. This can be confirmed by going to http://server-name:443 instead of https://server-name.
+Solution
+
+Check the configuration of the server to ensure that SSL has been configured correctly. This most commonly occurs when using Apache or Tomcat as the web server, though it can certainly occur in other server types. Points to consider when troubleshooting this error in either Apache or Tomcat:
+
+In Apache, check that the Listen <port> directive matches the port number in the VirtualHost directive for the website being secured, and that the SSL configuration statements (SSLEngine On, SSLCertificateFile <filename> and so on) appear in the VirtualHost directive for the website or in the SSL configuration file for the server.
+
+'''SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/cert.pem
+  SSLCertificateKeyFile /etc/ssl/private/privkey.pem'''
+
+In Tomcat, check that the connector in server.xml is configured to use SSL (there should be scheme="https" secure="true", as well as keystoreFile and keystorePass statements) and that the port number listed in the connector is what is expected -- if using the default port (8443), it needs to be specified as part of the URL or be appropriately redirected on the server. Tomcat may also be switching to non-secure mode for a connector where the keystore is corrupt; try creating a new keystore and replacing the SSL certificate.
+
+
+
+
+