English Β· Π ΡΡΡΠΊΠΈΠΉ
Join our Telegram channel for updates, announcements, and community support:
Kerio Updates Mirror is a solution for local caching and mirroring of updates for Kerio Control and Kerio Connect products, which allows you to:
- Reduce internet traffic and speed up the update process
- Provide updates for isolated networks or systems with limited internet access
- Automatically download and update antivirus databases, IPS/IDS Snort databases, and other security components
| Component | Version |
|---|---|
| Ubuntu | 24.04.1 |
| Windows Server | 2012 R2 |
| Windows 11 | 24H2 |
| Kerio Connect | 10.0.6.8504 |
| Kerio Control | 9.4.5.8526 |
- Docker and Docker Compose (installation guide)
Please note: the Docker image version may differ from the mirror version - this is normal. The image is only updated when necessary (for example, when dependencies change) and is not synchronised with each version of a mirror.
If you install a mirror in any other way, the version of Docker's image will be the same as the current one.
- Download Docker images
- Load images from archives:
sudo docker load -i tor_v1.1.2.tar sudo docker load -i mirror_v2.1.0.tar
- Download or clone the repository:
git clone https://github.com/cnekTep/kerio-updates-mirror.git cd kerio-updates-mirror - Make necessary configurations
- Start the containers:
sudo docker-compose up -d
- Download or clone the repository:
git clone https://github.com/cnekTep/kerio-updates-mirror.git cd kerio-updates-mirror - Make necessary configurations
- Start building and deploying containers:
sudo docker-compose up -d
This option provides a fully configured out-of-the-box solution, ideal for quick deployment.
- Download the Virtual Machine
- Import the image into your virtualization system (Hyper-V, VMWare - OVF Template)
- Start the virtual machine
π Hyper-V Import Instructions
- Open Hyper-V Manager
- In the Action menu, select New β Virtual Machine
- In the creation wizard:
- Enter a name for the virtual machine (for example, "Kerio Updates Mirror")
- If needed, change the VM file location
- Click Next
- Important: In the generation selection section, choose Generation 1
- Specify the amount of RAM (512-1024 MB recommended)
- Configure network connection (select an existing virtual switch)
- At the virtual hard disk configuration step:
- Select Use an existing virtual hard disk
- Click Browse and specify the path to the downloaded
.vhdxfile - Click Next
- Review the parameter summary and click Finish
π VMware Import Instructions
- Launch VMware Workstation or VMware Player
- Select File β Open
- Find and select the
.ovffile from the unpacked archive - In the import dialog:
- Specify the virtual machine name (for example, "Kerio Updates Mirror")
- If needed, change the virtual machine location
- Click Import
- Wait for the import process to complete
- Log in to the VMware ESXi or vSphere web interface
- Navigate to the Virtual Machines section
- Click Create/Register Virtual Machine
- Select Deploy a virtual machine from OVF or OVA file
- Specify the virtual machine name
- Drag and drop the OVF and VMDK files to the upload area or use the file selection button
- Select storage for the VM placement
- Select a network for connection
- Click Next and then Finish
π Virtual Machine Specifications and Setup
- Operating System: Debian 12 (minimal installation)
- Resource Requirements: 512-1024 MB RAM, 1 CPU, 10 GB storage
- Pre-installed Software: SSH, Midnight Commander, htop, Docker, Docker Compose
- Docker Containers: Portainer, Kerio Updates Mirror
- Default Credentials:
- Username:
root - Password:
root
- Username:
- Connect to the virtual machine via SSH (port 22)
- Strongly recommended to change the root password:
passwd
- Configure the correct timezone:
dpkg-reconfigure tzdata
- Check the current IP address (DHCP is used by default):
ip a
To change network parameters:
- Edit network interfaces:
nano /etc/network/interfaces # or mc # then navigate to /etc/network/interfaces
- Configure DNS servers:
nano /etc/resolv.conf # or mc # then navigate to /etc/resolv.conf
The virtual machine includes pre-installed Portainer for convenient Docker container management:
- URL:
https://VIRTUAL_MACHINE_IP:9443 - Credentials:
- Username:
admin - Password:
admin
- Username:
Note: It is recommended to change the Portainer admin password after first login.
If you don't want to use Docker, you can run Kerio Updates Mirror without it. To do this, you will need to manually install all the dependencies and configure the system. However, it can be more difficult and take more time. It is recommended to use Docker to simplify the installation and management process.
- There is no built-in TOR support
- There is no built-in proxy server
- Difficulties with activating Kerio Connect antispam (for more information, see Configuring Kerio Connect antispam)
Prepared exe file
Link to download the assembly of the finished exe file: Kerio Updates Mirror
- Download and unzip the archive
- Run the file
app.exe
NSSM (Non-Sucking Service Manager) β is a handy tool for running arbitrary .exe files in the background as Windows services.
Download the latest version: https://nssm.cc/download
- Unpack the archive.
- Go to the folder
win64(orwin32for 32-bit systems). - Copy path to
nssm.exe.
Open the command prompt as an administrator and run:
cd "path_to_nssm_folder"
nssm install kerio-updates-mirrorThe NSSM configuration window will appear.
| Field | Value |
|---|---|
| Path | C:\kerio-updates-mirror v.x.y.z\app.exe |
| Startup dir | C:\kerio-updates-mirror v.x.y.z |
Please note that everyone has their own path.
After filling in the form, click Install service.
After installing the service, run it:
net start kerio-updates-mirrorIf everything is specified correctly, the service will launch your application in the background.
To delete a service:
nssm remove kerio-updates-mirror confirmRunning the Python script
-
Make sure you have Python 3.x installed
-
Download or clone the repository:
git clone https://github.com/cnekTep/kerio-updates-mirror.git cd kerio-updates-mirror -
Create a virtual environment:
python -m venv venv
-
Activate the virtual environment:
venv\Scripts\activate
-
Install the necessary dependencies:
pip install -r requirements.txt
-
Run the script:
python app.py
To configure updates through the local mirror in Kerio Connect, you need to specify an HTTP proxy server in the settings:
Kerio Connect Configuration (click to expand)
- Go to Configuration β Advanced Options β HTTP Proxy
- Specify:
- Address: 172.222.0.5
- Port: 8118
Server runs on Windows or a distributed infrastructure is used (Kerio Connect and Docker containers are located on different servers)
- Go to Configuration β Advanced Options β HTTP Proxy
- Specify:
- Address: IP_address_of_server_with_Docker_containers
- Port: 8118
To configure updates through the local mirror in Kerio Control, you need to add DNS records:
Kerio Control Configuration (click to expand)
- Go to Configuration β DNS β Local DNS Lookup
- Add the following records (where Update_server_IP is the IP address of the server with the mirror):
| IP Address | Hostname | Description |
|---|---|---|
| Update_server_IP | bda-update.kerio.com | kerio-updates-mirror |
| Update_server_IP | bdupdate.kerio.com | kerio-updates-mirror |
| Update_server_IP | ids-update.kerio.com | kerio-updates-mirror |
| Update_server_IP | prod-update.kerio.com | kerio-updates-mirror |
| Update_server_IP | update.kerio.com | kerio-updates-mirror |
| Update_server_IP | wf-activation.kerio.com | kerio-updates-mirror |
n the non-Docker version, for Kerio Control and Kerio Connect updates to work correctly, you must manually specify the local mirror address for the respective hosts (see the table above).
- For Kerio Connect, you can configure the DNS server so that it resolves the specified domains via Kerio Control. This can be done by specifying the IP address of the server with the mirror in the DNS settings.
- Alternatively, you can add the necessary domain matches and mirror IP addresses to the
hostsfile on the server with Kerio Connect.
This will ensure that update requests are redirected to your local mirror.
There are two options for configuring antispam:
-
Via VPN (recommended):
-
Direct traffic to the following hosts via VPN:
upgrade-please-change-me.cdn.bitdefender.net patches-please-change-me.cdn.bitdefender.net nimbus.bitdefender.net
-
In this case, both antivirus and antispam will work.
-
-
Through an external proxy:
- Temporarily configure Kerio Connect to work via an external proxy server
- Wait for antispam activation
- Disable the proxy
- After that, both components will work: antivirus and antispam
Note: When using a proxy, the antivirus will temporarily stop working, but it will recover after disabling the proxy.
Antispam will work until the server is restarted.
-
For Kerio Connect:
- Automatic downloading of antivirus databases when accessing the mirror
- Support for anti-spam functionality
-
For Kerio Control:
- Automatic downloading of antivirus databases when accessing the mirror
- Scheduled updates for:
- IPS/IDS Snort databases
- GeoIP databases
- Lists of compromised addresses
- Ability to retrieve GeoIP databases from external sources on the GitHub platform
TOR bridges are used to ensure reliable access to updates even in case of access restrictions:
- TOR bridges configuration file:
_tor/config/bridges.config - When the
USE_CHECK_TOR=trueparameter is enabled indocker-compose.yml, the system automatically checks internet accessibility through TOR and updates bridges if necessary - New bridges can be obtained from the official website or via Telegram bot
The default time zone is UTC
- The time zone can be changed in the
.envfile - After changing the time zone, you need to rebuild the container using the
docker compose up -dcommand
- Access to the web management interface, depending on the settings in docker-compose.yml:
- Only port 9980 is published and only Kerio Connect is updated:
http://SERVER_IP:9980 - Ports 80, 443 are published and Kerio Control is updated:
http://SERVER_IP:80
- Only port 9980 is published and only Kerio Connect is updated: