Skip to content

Deploying Zimbra on Docker Host

Jump to bottom
Sascha Falk edited this page Oct 15, 2019 · 1 revision

Overview

This howto describes how to bring up the Zimbra container on a regular Docker host.

Howto

Step 1 - Configuring a User-Defined Network

If you do not already have an user-defined network for public services, you can create a simple bridge network (called frontend in the example below) and define the subnets, from which docker will allocate ip addresses for containers. Most probably you will have only one IPv4 address for your server, so you should choose a subnet from the site-local ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). Docker takes care of connecting published services to the public IPv4 address of the server. Any IPv6 enabled server today has at least a /64 subnet assigned, so any single container can have its own IPv6 address, network address translation (NAT) is not necessary. Therefore you should choose an IPv6 subnet that is part of the subnet assigned to your server. Docker recommends to use a subnet of at least /80, so it can assign IP addresses by ORing the (virtual) MAC address of the container with the specified subnet.

docker network create -d bridge \
  --subnet 192.168.0.0/24 \
  --subnet 2001:xxxx:xxxx:xxxx::/80 \
  --ipv6 \
  frontend

Step 2 - Create a Volume for the Zimbra Container

The zimbra container installs a minimalistic Ubuntu 18.04 LTS and Zimbra onto a docker volume. You can create a named volume using the following command:

docker volume create zimbra-data

Step 3 - Install Zimbra

Before installing Zimbra, you should ensure that your DNS contains the following records:

  • An A record mapping the FQDN of the Zimbra container to the public IPv4 address of the docker host (e.g. zimbra.my-domain.com), the docker host maps the service ports to the container.
  • An AAAA record mapping the FQDN of the Zimbra container to its public IPv6 address (e.g. zimbra.my-domain.com)
  • A MX record with the hostname of the Zimbra container (as specified by the A/AAAA records)

The following command will install Zimbra onto the created volume. You will have the chance to customize Zimbra using Zimbra's menu-driven installation script. You can install all features except the DNS Cache as it will interfere with the DNS cache shipped with the container. Please replace the hostname with the hostname you specified in the A/AAAA DNS records. Since the IPv4 address via which the container will be publicly accessable, is actually assigned to the docker host, the installation script will complain that there is a problem with the DNS. Just ignore the warning and proceed. It will be working at the end.

docker run -it \
           --rm \
           --ip6=2001:xxxx:xxxx:xxxx::2 \
           --network frontend \
           --hostname zimbra.my-domain.com \
           -p 25:25 \
           -p 80:80 \
           -p 110:110 \
           -p 143:143 \
           -p 443:443 \
           -p 465:465 \
           -p 587:587 \
           -p 993:993 \
           -p 995:995 \
           -p 5222:5222 \
           -p 5223:5223 \
           -p 7071:7071 \
           --volume zimbra-data:/data \
           --cap-add NET_ADMIN \
           --cap-add SYS_ADMIN \
           --cap-add SYS_PTRACE \
           --security-opt apparmor=unconfined \
           griffinplus/zimbra \
           run-and-enter

The container needs a few additional capabilities to work properly. The NET_ADMIN capability is needed to configure network interfaces and the iptables firewall. The SYS_ADMIN capability is needed to set up the chrooted environment where Zimbra is working. The SYS_PTRACE capability is needed to get rsyslog to start/stop properly. Furthermore AppArmor protection must be disabled to set up the chrooted environment as well.

The command run-and-enter tells the container to open a shell within the container at the end. You can also directly enter the Ubuntu installation with Zimbra specifying run-and-enter-zimbra. The default command is run. It simply kicks off a script that initializes the container and waits for the container being stopped to initiate shutting down Zimbra (and related services) gracefully.

As soon as the manual configuration is done, you will most probably only run the container in background using the run command:

docker run --name zimbra \ 
           --detach \
           --rm \
           --ip6=2001:xxxx:xxxx:xxxx::2 \
           --network frontend \
           --hostname zimbra.my-domain.com \
           -p 25:25 \
           -p 80:80 \
           -p 110:110 \
           -p 143:143 \
           -p 443:443 \
           -p 465:465 \
           -p 587:587 \
           -p 993:993 \
           -p 995:995 \
           -p 5222:5222 \
           -p 5223:5223 \
           -p 7071:7071 \
           --volume zimbra-data:/data \
           --cap-add NET_ADMIN \
           --cap-add SYS_ADMIN \
           --cap-add SYS_PTRACE \
           --security-opt apparmor=unconfined \
           griffinplus/zimbra \
           run
Clone this wiki locally