EGroupWare

From M1Research

(Difference between revisions)

Latest revision as of 16:59, 10 January 2008

WEB server setup from scratch

We assume that all compiled software from sources will installed in /usr/local/web/<PRODUCT>.

mysql

Download mysql source from http://dev.mysql.com/downloads/mysql/5.0.html. Unpack and configure:

./configure \
--prefix=/usr/local/web/mysql5 \
--with-mysqld-user=mysql5 \
--with-extra-charsets=all \
--with-big-table \
--with-openssl

If configure exit successfully build it and install:

make ; make install

Configure executables path. .bash_profile:

[...]
PATH=$PATH:$HOME/bin:/usr/local/web/mysql5/bin
[...]

Configure libraries path. /etc/ld.so.conf

[...]
/usr/local/web/mysql5/lib
[...]

and update lib paths:

ldconfig

Add approriate system user mysql5 for mysql deamon.

/etc/passwd:

[...]
mysql5:x:98:98:Mysql:/usr/local/web/mysql5:/sbin/nologin
[...]

/etc/shadow:

[...]
mysql5:*:12764:0:99999:7:::
[...]

/etc/group:

[...]
mysql5:x:98:
[...]

Install initial database:

/usr/local/web/mysql5/bin/mysql_install_db

Change mysql binaries and data ownerships:

chown -R mysql5.mysql5 /usr/local/web/mysql5

Create symlink to start script:

ln -s /usr/local/web/mysql5/share/mysql/mysql.server /etc/rc.d/init.d/mysql5

Start mysql5 service:

service mysql5 start

Setup root's password

/usr/local/web/mysql5/bin/mysqladmin -u root password 'new-root-password'

Try to login to check if everything is OK:

[root@dev-2 mysql5]# /usr/local/web/mysql5/bin/mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.0.51 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| test               |
+--------------------+
3 rows in set (0.00 sec)

mysql>

apache

Download apache sources from http://httpd.apache.org/.

Unpack, configure:

./configure \
--enable-deflate \
--prefix=/usr/local/web/apache2 \
--enable-so \
--enable-modules=all \
--enable-mods-shared=all \
--enable-suexec \
--with-suexec-caller=apache2 \
--with-suexec-docroot=/var/web \
--with-ssl \
--enable-ssl

Make and make install:

make ; make install

Add approriate system user apache2 for apache deamon.

/etc/passwd:

[...]
apache2:x:97:97:Apache:/usr/local/web/apache2:/sbin/nologin
[...]

/etc/shadow:

[...]
apache2:*:12764:0:99999:7:::
[...]

/etc/group:

[...]
apache2:x:97:
[...]

Create symlink to start script:

ln -s /usr/local/web/apache2/bin/apachectl /etc/rc.d/init.d/apachectl

mod_perl

Download latest version from http://perl.apache.org/

Unpack and build:

perl Makefile.PL MP_APXS=/usr/local/web/apache2/bin/apxs

make and install

make ; make install

mod_auth_kerb

Download source from http://modauthkerb.sourceforge.net/.

Unpack and configure:

./configure --with-apache=/usr/local/web/apache2 --with-krb4=no

. Make and install

make ; make install

php

imap

imap support for PHP required imap-2007 package from ftp://ftp.cac.washington.edu/imap/. Download and unpack package:

gzip -cd imap-2007.tar.Z | tar xf -
cd imap-2007

Look at Makefile for appropriate build argument for your distro. We will use command to build:

make lfd IP6=4

Installation been done manualy

[root@dev-2 imap-2007]# mkdir -p /usr/local/web/imap-2007/lib
[root@dev-2 imap-2007]# mkdir -p /usr/local/web/imap-2007/include
[root@dev-2 imap-2007]# cp c-client/*.h /usr/local/web/imap-2007/include
[root@dev-2 imap-2007]# cp c-client/*.a /usr/local/web/imap-2007/lib
[root@dev-2 imap-2007]# cp c-client/*.c /usr/local/web/imap-2007/lib

One more article for installation process description http://www.directadmin.com/forum/showthread.php?s=&threadid=12430

libmbfl

libmbfl will be required as external if you need KOI8-U support for mbstring operation (please check PHP's included libmbfl for koi8-u files before).

Download libmbfl from svn:

svn checkout http://svn.sourceforge.jp/svnroot/php-i18n/libmbfl/trunk libmbfl

Download koi8-u (RFC2319) support patch Media:libmbfl.koi8-u.against-r467.v3.patch

Patch sources (check before if this patch was not applied before against trunk):

patch -p0 < libmbfl.koi8-u.against-r467.v3.patch

Build and install

./buildconf; ./configure --prefix=/usr/local/web/libmbfl ; make; make install

libmcrypt

Download source from http://mcrypt.sourceforge.net/. Unpack, configure and install:

./configure --prefix=/usr/local/web/libmcrypt
make ; make install

libmhash

Download source from http://mhash.sourceforge.net/. Unpack, configure and install:

./configure --prefix=/usr/local/web/libmhash
make ; make install

php

Add paths of external libraries: /etc/ld.so.conf:

[...]
/usr/local/web/libmbfl/lib
/usr/local/web/libmcrypt/lib
/usr/local/web/libmhash/lib
[...]

Execute update script:

ldconfig

Download PHP source code from http://www.php.net/downloads.php. Unpack and configure:

./configure \
--prefix=/usr/local/web/php5 \
--with-apxs2=/usr/local/web/apache2/bin/apxs \
--with-mysql=/usr/local/web/mysql5 \
--with-gd=/usr \
--enable-gd-native-ttf=/usr \
--enable-ftp \
--with-zlib=/usr \
--with-openssl=/usr \
--with-jpeg-dir=/usr \
--with-png-dir=/usr \
--with-freetype-dir=/usr \
--enable-ftp \
--enable-mbstring \
--with-libmbfl=/usr/local/web/libmbfl \
--enable-mbregex \
--enable-dba=shared \
--with-gdbm=/usr \
--with-db4=/usr \
--with-libxml-dir=/usr \
--with-imap=/usr/local/web/imap-2007 \
--with-ldap \
--with-pear \
--with-mcrypt=/usr/local/web/libmcrypt \
--with-mhash=/usr/local/web/libmhash \
--with-iconv

Make and install

make ; make install

EGroupWare setup

Web server global configuration

Check if all required modules present in config file /usr/local/web/apache2/conf/httpd.conf

[...]
LoadModule php5_module        modules/libphp5.so
LoadModule auth_kerb_module   modules/mod_auth_kerb.so
LoadModule ssl_module         modules/mod_ssl.so
LoadModule perl_module        modules/mod_perl.so
[...]

Check if httpd to be run as apache2 user:

[...]
User apache2
Group apache2
[...]

Add mod_php5.c and mod_deflate.c additional configuration to config /usr/local/web/apache2/conf/httpd.conf

[...]
Include /var/web/addons.conf
[...]

/var/web/addons.conf

[...]
<IfModule mod_deflate.c>
    SetOutputFilter DEFLATE
    DeflateCompressionLevel 9
    DeflateFilterNote Input instream
    DeflateFilterNote Output outstream
    DeflateFilterNote Ratio ratio
    LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
</IfModule>


<IfModule mod_php5.c>
    AddType application/x-httpd-php .php
    php_admin_flag  engine Off
</IfModule>

<IfModule !mod_php5.c>
    <Files ~ '\.php$'>
        Order allow,deny
        Deny from all
        Allow from none
    </Files>
    <Files ~ '\.phps'>
        Order deny,allow
        Allow from all
    </Files>
</IfModule>

<Directory "/var/web">
    DirectoryIndex index.html index.php
#    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>
[...]

Doc root / home dir

We add user webmail to system. /etc/passwd:

[...]
webmail:x:501:501::/var/web/webmail:/bin/false
[...]

/etc/shadow:

[...]
webmail:*:12764:0:99999:7:::
[...]

/etc/group:

[...]
webmail:x:501
[...]

Create Appropriate directories for home, document root and datas and logs:

/var/web/webmail
|-- data
|   `-- egroupware
|       |-- db_backup
|       `-- files
|-- doc_root
|-- logs
|-- session
`-- tmp

Download eGroupWare and eGroupWare-egw-pear packages from http://www.egroupware.org/download. Unpack both packages to /var/web/webmail/doc_root.

Change owner/group and attributes on doc root:

chown -R webmail.apache2 /var/web/webmail
chmod -R u=rwx,g=rwx,o= /var/web/webmail

Virtual hosts configuration

We assume that web host name for will be mail.yourcomp.com.

First we will create a self-signed key+seritificate for operating with ssl mode (see [] for more details and other options):

openssl req -new -x509 -nodes -out /var/web/webmail/mail.yourcomp.com.crt -keyout /var/web/webmail/mail.yourcomp.com.key

Add mail.yourcomp.com custom additional configuration to config /usr/local/web/apache2/conf/httpd.conf

[...]
Include /var/web/webmail/mail.yourcomp.com.conf
[...]

/var/web/webmail/mail.yourcomp.com.conf :

# Non-secured virtual host will be used to redirect all
# requests to secured host
#
NameVirtualHost *:80
<VirtualHost *:80>
    SuexecUserGroup webmail webmail
    ServerAdmin root@yourcomp.com

    DocumentRoot /var/web/webmail/doc_root
    ServerName mail.yourcomp.com

    ErrorLog  /var/web/webmail/logs/error_log
    CustomLog /var/web/webmail/logs/access_log common

    <Directory /var/web/webmail/doc_root/>
        AllowOverride None
    </Directory>

    RewriteEngine On
    RewriteRule (.*)  https://%{SERVER_NAME}/ [L,R]

</VirtualHost>

# Secured host configuration
#
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
    SuexecUserGroup webmail webmail
    ServerAdmin root@yourcomp.com

    DocumentRoot /var/web/webmail/doc_root
    ServerName mail.yourcomp.com

    ErrorLog  /var/web/webmail/logs/error_log
    CustomLog /var/web/webmail/logs/access_log common

    <Directory /var/web/webmail/doc_root/>
        AllowOverride All
        Options +Includes +ExecCGI
    </Directory>

    <IfModule mod_deflate.c>
        CustomLog /var/web/webmail/logs/access_log-a deflate
    </IfModule>

    <IfModule ssl_module>
        SSLEngine On
        SSLProtocol all
        SSLVerifyClient none
        SSLCipherSuite HIGH:MEDIUM
        SSLCertificateFile    /var/web/webmail/mail.yourcomp.com.crt
        SSLCertificateKeyFile /var/web/webmail/mail.yourcomp.com.key
    </IfModule>

    <IfModule mod_php5.c>
        php_admin_flag  engine On
        php_admin_flag  safe_mode Off

        php_admin_value include_path ".:/var/web/webmail/doc_root/egroupware/egw-pear:/usr/local/web/php5/lib/php/PEAR:/usr/local/web/php5/lib/php"
        php_admin_value open_basedir "/var/web/webmail:/usr/local/web/php5/lib/php:/usr/local/web/php5/etc"

        php_admin_value doc_root "/var/web/webmail/doc_root"
        php_admin_flag  file_uploads On
        php_admin_value upload_tmp_dir "/var/web/webmail/tmp"
        php_admin_value upload_max_filesize "5000000"
        php_admin_value user_dir "/var/web/webmail"
        php_admin_value safe_mode_exec_dir "/var/web/webmail/bin"
        php_admin_flag  expose_php Off
        php_admin_value max_execution_time "300"
        php_admin_value session.save_path "/var/web/webmail/session"

    </IfModule>

</VirtualHost>

eGroupWare

mysql

Add mysql database and user for operating of eGroupWare:

[root@dev-2 webmail]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.0.51 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database egroupware_main_db;
Query OK, 1 row affected (0.08 sec)

mysql> GRANT ALL ON egroupware_main_db.* TO 'egroupware_user'@'localhost' IDENTIFIED BY 'PASSWORD_HERE';
Query OK, 0 rows affected (0.08 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

mysql> Bye
[root@dev-2 webmail]#

header setup

Start web service:

[root@dev-2 webmail]# service apachectl start

Visit address http://mail.yourcomp.com/egroupware

After first start you will be proposed to check you installation. Goto Run installation tests point to check if all paths correct and required modules installed.

After you check installation goto Continue to the Header Admin. Set database connection attributes and Header/Config admin user/password pairs:

After all required fields compleated push Write button.

Next step is Setup. Goto to setup menu, login using ConfigAdmin account:

Step 1 - Simple Application Management

Install application. Choose charset and push install all button:

Step 2 - Configuration

Setup paths where data and doc_root located:

Host information:

Write you own addresses of IMAP and SMTP servers:

Auth setup:

We will authentificate against mail server.
New users account will be stored in database and will not be deleted.
All new users got Deny Access. ACL will be configured by Admin group's users.

Step 3 - Admin Account

Add user account name to admin users group:

next....

Next steps are very specific to your setup and well described in docs. See for more....

EGroupWare

From M1Research

Latest revision as of 16:59, 10 January 2008

Contents

WEB server setup from scratch

mysql

apache

mod_perl

mod_auth_kerb

php

imap

libmbfl

libmcrypt

libmhash

php

EGroupWare setup

Web server global configuration

Doc root / home dir

Virtual hosts configuration

eGroupWare

mysql

header setup

Step 1 - Simple Application Management

Step 2 - Configuration

Step 3 - Admin Account

next....

Views

Personal tools

Navigation

Search

Toolbox

@@ Line 129: / Line 129: @@
 ====libmbfl====
-libmbfl will be required as external if you need KOI8-U support for mbstring operation.
+libmbfl will be required as external if you need KOI8-U support for mbstring operation (please check PHP's included libmbfl for koi8-u files before).
 Download libmbfl from svn:<pre>svn checkout http://svn.sourceforge.jp/svnroot/php-i18n/libmbfl/trunk libmbfl</pre>
 Download koi8-u ([http://www.ietf.org/rfc/rfc2319.txt RFC2319]) support patch [[Media:libmbfl.koi8-u.against-r467.v3.patch]]
-Patch sources: <pre>patch -p0 < libmbfl.koi8-u.against-r467.v3.patch</pre>
+Patch sources (check before if this patch was not applied before against trunk): <pre>patch -p0 < libmbfl.koi8-u.against-r467.v3.patch</pre>
 Build and install<pre>./buildconf; ./configure --prefix=/usr/local/web/libmbfl ; make; make install</pre>
@@ Line 144: / Line 144: @@
 ====php====
-Add paths to external libraries: <code>/etc/ld.so.conf:</code><pre>[...]
+Add paths of external libraries: <code>/etc/ld.so.conf:</code><pre>[...]
 /usr/local/web/libmbfl/lib
 /usr/local/web/libmcrypt/lib
@@ Line 176: / Line 176: @@
 --with-mhash=/usr/local/web/libmhash \
 --with-iconv</pre>
+Make and install<pre>make ; make install</pre>
 ==EGroupWare setup ==
+=== Web server global configuration ===
+Check if all required modules present in config file <code>/usr/local/web/apache2/conf/httpd.conf</code><pre>[...]
+LoadModule php5_module        modules/libphp5.so
+LoadModule auth_kerb_module   modules/mod_auth_kerb.so
+LoadModule ssl_module         modules/mod_ssl.so
+LoadModule perl_module        modules/mod_perl.so
+[...]</pre>
+Check if <b>httpd</b> to be run as <b>apache2</b> user:<pre>[...]
+User apache2
+Group apache2
+[...]</pre>
+Add <i>mod_php5.c</i> and <i>mod_deflate.c</i> additional configuration to config <code>/usr/local/web/apache2/conf/httpd.conf</code><pre>[...]
+Include /var/web/addons.conf
+[...]</pre>
+<code>/var/web/addons.conf</code><pre>[...]
+<IfModule mod_deflate.c>
+    SetOutputFilter DEFLATE
+    DeflateCompressionLevel 9
+    DeflateFilterNote Input instream
+    DeflateFilterNote Output outstream
+    DeflateFilterNote Ratio ratio
+    LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
+</IfModule>
+<IfModule mod_php5.c>
+    AddType application/x-httpd-php .php
+    php_admin_flag  engine Off
+</IfModule>
+<IfModule !mod_php5.c>
+    <Files ~ '\.php$'>
+        Order allow,deny
+        Deny from all
+        Allow from none
+    </Files>
+    <Files ~ '\.phps'>
+        Order deny,allow
+        Allow from all
+    </Files>
+</IfModule>
+<Directory "/var/web">
+    DirectoryIndex index.html index.php
+#    Options Indexes FollowSymLinks
+    AllowOverride All
+    Order allow,deny
+    Allow from all
+</Directory>
+[...]</pre>
+=== Doc root / home dir ===
+We add user <b>webmail</b> to system. <code>/etc/passwd</code>:<pre>[...]
+webmail:x:501:501::/var/web/webmail:/bin/false
+[...]</pre>
+<code>/etc/shadow</code>:<pre>[...]
+webmail:*:12764:0:99999:7:::
+[...]</pre>
+<code>/etc/group</code>:<pre>[...]
+webmail:x:501
+[...]</pre>
+Create Appropriate directories for home, document root and datas and logs:<pre>/var/web/webmail
+|-- data
+|   `-- egroupware
+|       |-- db_backup
+|       `-- files
+|-- doc_root
+|-- logs
+|-- session
+`-- tmp</pre>
+Download eGroupWare and eGroupWare-egw-pear packages from [http://www.egroupware.org/download http://www.egroupware.org/download]. Unpack both packages to <code>/var/web/webmail/doc_root</code>.
+Change owner/group and attributes on doc root:<pre>chown -R webmail.apache2 /var/web/webmail
+chmod -R u=rwx,g=rwx,o= /var/web/webmail</pre>
+=== Virtual hosts configuration ===
+We assume that web host name for will be <b>mail.yourcomp.com</b>.
+First we will create a self-signed key+seritificate for operating with ssl mode (see [] for more details and other options):<pre>openssl req -new -x509 -nodes -out /var/web/webmail/mail.yourcomp.com.crt -keyout /var/web/webmail/mail.yourcomp.com.key</pre>
+Add <b>mail.yourcomp.com</b> custom additional configuration to config <code>/usr/local/web/apache2/conf/httpd.conf</code><pre>[...]
+Include /var/web/webmail/mail.yourcomp.com.conf
+[...]</pre>
+<code>/var/web/webmail/mail.yourcomp.com.conf</code> :<pre>
+# Non-secured virtual host will be used to redirect all
+# requests to secured host
+#
+NameVirtualHost *:80
+<VirtualHost *:80>
+    SuexecUserGroup webmail webmail
+    ServerAdmin root@yourcomp.com
+    DocumentRoot /var/web/webmail/doc_root
+    ServerName mail.yourcomp.com
+    ErrorLog  /var/web/webmail/logs/error_log
+    CustomLog /var/web/webmail/logs/access_log common
+    <Directory /var/web/webmail/doc_root/>
+        AllowOverride None
+    </Directory>
+    RewriteEngine On
+    RewriteRule (.*)  https://%{SERVER_NAME}/ [L,R]
+</VirtualHost>
+# Secured host configuration
+#
+Listen 443
+NameVirtualHost *:443
+<VirtualHost *:443>
+    SuexecUserGroup webmail webmail
+    ServerAdmin root@yourcomp.com
+    DocumentRoot /var/web/webmail/doc_root
+    ServerName mail.yourcomp.com
+    ErrorLog  /var/web/webmail/logs/error_log
+    CustomLog /var/web/webmail/logs/access_log common
+    <Directory /var/web/webmail/doc_root/>
+        AllowOverride All
+        Options +Includes +ExecCGI
+    </Directory>
+    <IfModule mod_deflate.c>
+        CustomLog /var/web/webmail/logs/access_log-a deflate
+    </IfModule>
+    <IfModule ssl_module>
+        SSLEngine On
+        SSLProtocol all
+        SSLVerifyClient none
+        SSLCipherSuite HIGH:MEDIUM
+        SSLCertificateFile    /var/web/webmail/mail.yourcomp.com.crt
+        SSLCertificateKeyFile /var/web/webmail/mail.yourcomp.com.key
+    </IfModule>
+    <IfModule mod_php5.c>
+        php_admin_flag  engine On
+        php_admin_flag  safe_mode Off
+        php_admin_value include_path ".:/var/web/webmail/doc_root/egroupware/egw-pear:/usr/local/web/php5/lib/php/PEAR:/usr/local/web/php5/lib/php"
+        php_admin_value open_basedir "/var/web/webmail:/usr/local/web/php5/lib/php:/usr/local/web/php5/etc"
+        php_admin_value doc_root "/var/web/webmail/doc_root"
+        php_admin_flag  file_uploads On
+        php_admin_value upload_tmp_dir "/var/web/webmail/tmp"
+        php_admin_value upload_max_filesize "5000000"
+        php_admin_value user_dir "/var/web/webmail"
+        php_admin_value safe_mode_exec_dir "/var/web/webmail/bin"
+        php_admin_flag  expose_php Off
+        php_admin_value max_execution_time "300"
+        php_admin_value session.save_path "/var/web/webmail/session"
+    </IfModule>
+</VirtualHost>
+</pre>
+=== eGroupWare ===
+==== mysql ====
+Add mysql database and user for operating of eGroupWare:<pre>[root@dev-2 webmail]# mysql -u root -p
+Enter password:
+Welcome to the MySQL monitor.  Commands end with ; or \g.
+Your MySQL connection id is 8
+Server version: 5.0.51 Source distribution
+Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
+mysql> create database egroupware_main_db;
+Query OK, 1 row affected (0.08 sec)
+mysql> GRANT ALL ON egroupware_main_db.* TO 'egroupware_user'@'localhost' IDENTIFIED BY 'PASSWORD_HERE';
+Query OK, 0 rows affected (0.08 sec)
+mysql> FLUSH PRIVILEGES;
+Query OK, 0 rows affected (0.00 sec)
+mysql> Bye
+[root@dev-2 webmail]#</pre>
+==== header setup ====
+Start web service:<pre>[root@dev-2 webmail]# service apachectl start</pre>
+Visit address <code>http://mail.yourcomp.com/egroupware</code>
+After first start you will be proposed to check you installation. Goto <b>Run installation tests</b> point to check if all paths correct and required modules installed.
+After you check installation goto <b>Continue to the Header Admin</b>. Set database connection attributes and Header/Config admin user/password pairs:
+[[image:eGroupWare_header_setup.png]]
+After all required fields compleated push <b>Write</b> button.
+Next step is <b>Setup</b>. Goto to setup menu, login using ConfigAdmin account:
+[[image:eGroupWare_config_login.png]]
+==== Step 1 - Simple Application Management ====
+Install application. Choose charset and push install all button:
+[[image:eGroupWare_config_1_app_setup.png]]
+==== Step 2 - Configuration ====
+Setup paths where data and doc_root located:
+[[image:eGroupWare_config_2_paths.png]]
+Host information:
+[[image:eGroupWare_config_2_host_info.png]]
+Write you own addresses of IMAP and SMTP servers:
+[[image:eGroupWare_config_2_mail_serv.png]]
+Auth setup:
+*We will authentificate against mail server.
+*New users account will be stored in database and will not be deleted.
+*All new users got <b>Deny Access</b>. ACL will be configured by Admin group's users.
+[[image:eGroupWare_config_2_auth.png]]
+==== Step 3 - Admin Account ====
+Add user account name to admin users group:
+[[image:eGroupWare_config_3_admin_user.png]]
+==== next.... ====
+Next steps are very specific to your setup and well described in docs. See for more....