EGroupWare

From M1Research

(Difference between revisions)
Jump to: navigation, search
(Virtual hosts configuration)
(Virtual hosts configuration)
Line 267: Line 267:
[...]</pre>
[...]</pre>
-
<code>/var/web/webmail/mail.yourcomp.com.conf</code> should content:
+
<code>/var/web/webmail/mail.yourcomp.com.conf</code> :<pre>
 +
# Non-secured virtual host will be used to redirect all
 +
# requests to secured host
 +
#
 +
NameVirtualHost *:80
 +
<VirtualHost *:80>
 +
    SuexecUserGroup webmail webmail
 +
    ServerAdmin root@yourcomp.com
 +
 
 +
    DocumentRoot /var/web/webmail/doc_root
 +
    ServerName mail.yourcomp.com
 +
 
 +
    ErrorLog  /var/web/webmail/logs/error_log
 +
    CustomLog /var/web/webmail/logs/access_log common
 +
 
 +
    <Directory /var/web/webmail/doc_root/>
 +
        AllowOverride None
 +
    </Directory>
 +
 
 +
    RewriteEngine On
 +
    RewriteRule (.*)  https://%{SERVER_NAME}/ [L,R]
 +
 
 +
</VirtualHost>
 +
 
 +
# Secured host configuration
 +
#
 +
Listen 443
 +
NameVirtualHost *:443
 +
<VirtualHost *:443>
 +
    SuexecUserGroup webmail webmail
 +
    ServerAdmin root@yourcomp.com
 +
 
 +
    DocumentRoot /var/web/webmail/doc_root
 +
    ServerName mail.yourcomp.com
 +
 
 +
    ErrorLog  /var/web/webmail/logs/error_log
 +
    CustomLog /var/web/webmail/logs/access_log common
 +
 
 +
    <Directory /var/web/webmail/doc_root/>
 +
        AllowOverride All
 +
        Options +Includes +ExecCGI
 +
    </Directory>
 +
 
 +
    <IfModule mod_deflate.c>
 +
        CustomLog /var/web/webmail/logs/access_log-a deflate
 +
    </IfModule>
 +
 
 +
    <IfModule ssl_module>
 +
        SSLEngine On
 +
        SSLProtocol all
 +
        SSLVerifyClient none
 +
        SSLCipherSuite HIGH:MEDIUM
 +
        SSLCertificateFile    /var/web/webmail/mail.yourcomp.com.crt
 +
        SSLCertificateKeyFile /var/web/webmail/mail.yourcomp.com.key
 +
    </IfModule>
 +
 
 +
    <IfModule mod_php5.c>
 +
        php_admin_flag  engine On
 +
        php_admin_flag  safe_mode Off
 +
 
 +
        php_admin_value include_path ".:/var/web/webmail/doc_root/egroupware/egw-pear:/usr/local/web/php5/lib/php/PEAR:/usr/local/web/php5/lib/php"
 +
        php_admin_value open_basedir "/var/web/webmail:/usr/local/web/php5/lib/php"
 +
 
 +
        php_admin_value doc_root "/var/web/webmail/doc_root"
 +
        php_admin_flag  file_uploads On
 +
        php_admin_value upload_tmp_dir "/var/web/webmail/tmp"
 +
        php_admin_value upload_max_filesize "5000000"
 +
        php_admin_value user_dir "/var/web/webmail"
 +
        php_admin_value safe_mode_exec_dir "/var/web/webmail/bin"
 +
        php_admin_flag  expose_php Off
 +
        php_admin_value max_execution_time "300"
 +
        php_admin_value session.save_path "/var/web/webmail/session"
 +
 
 +
    </IfModule>
 +
 
 +
</VirtualHost>
 +
 
 +
</pre>
=== eGroupWare ===
=== eGroupWare ===

Revision as of 15:22, 10 January 2008

Contents

WEB server setup from scratch

We assume that all compiled software from sources will installed in /usr/local/web/<PRODUCT>.

mysql

Download mysql source from http://dev.mysql.com/downloads/mysql/5.0.html. Unpack and configure: 

./configure \
--prefix=/usr/local/web/mysql5 \
--with-mysqld-user=mysql5 \
--with-extra-charsets=all \
--with-big-table \
--with-openssl

If configure exit successfully build it and install: 

make ; make install
Configure executables path. .bash_profile:
[...]
PATH=$PATH:$HOME/bin:/usr/local/web/mysql5/bin
[...]
Configure libraries path. /etc/ld.so.conf
[...]
/usr/local/web/mysql5/lib
[...]
and update lib paths:
ldconfig

Add approriate system user mysql5 for mysql deamon.

/etc/passwd:
[...]
mysql5:x:98:98:Mysql:/usr/local/web/mysql5:/sbin/nologin
[...]
/etc/shadow:
[...]
mysql5:*:12764:0:99999:7:::
[...]
/etc/group:
[...]
mysql5:x:98:
[...]
Install initial database:
/usr/local/web/mysql5/bin/mysql_install_db
Change mysql binaries and data ownerships:
chown -R mysql5.mysql5 /usr/local/web/mysql5
Create symlink to start script:
ln -s /usr/local/web/mysql5/share/mysql/mysql.server /etc/rc.d/init.d/mysql5
Start mysql5 service:
service mysql5 start
Setup root's password
/usr/local/web/mysql5/bin/mysqladmin -u root password 'new-root-password'
Try to login to check if everything is OK:
[root@dev-2 mysql5]# /usr/local/web/mysql5/bin/mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.0.51 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| test               |
+--------------------+
3 rows in set (0.00 sec)

mysql>

apache

Download apache sources from http://httpd.apache.org/.

Unpack, configure:
./configure \
--enable-deflate \
--prefix=/usr/local/web/apache2 \
--enable-so \
--enable-modules=all \
--enable-mods-shared=all \
--enable-suexec \
--with-suexec-caller=apache2 \
--with-suexec-docroot=/var/web \
--with-ssl \
--enable-ssl
Make and make install:
make ; make install

Add approriate system user apache2 for apache deamon.

/etc/passwd:
[...]
apache2:x:97:97:Apache:/usr/local/web/apache2:/sbin/nologin
[...]
/etc/shadow:
[...]
apache2:*:12764:0:99999:7:::
[...]
/etc/group:
[...]
apache2:x:97:
[...]
Create symlink to start script:
ln -s /usr/local/web/apache2/bin/apachectl /etc/rc.d/init.d/apachectl

mod_perl

Download latest version from http://perl.apache.org/

Unpack and build:
perl Makefile.PL MP_APXS=/usr/local/web/apache2/bin/apxs
make and install 
make ; make install

mod_auth_kerb

Download source from http://modauthkerb.sourceforge.net/.

Unpack and configure:
./configure --with-apache=/usr/local/web/apache2 --with-krb4=no
. Make and install 
make ; make install

php

imap

imap support for PHP required imap-2007 package from ftp://ftp.cac.washington.edu/imap/. Download and unpack package:
gzip -cd imap-2007.tar.Z | tar xf -
cd imap-2007
Look at Makefile for appropriate build argument for your distro. We will use command to build:
make lfd IP6=4
Installation been done manualy
[root@dev-2 imap-2007]# mkdir -p /usr/local/web/imap-2007/lib
[root@dev-2 imap-2007]# mkdir -p /usr/local/web/imap-2007/include
[root@dev-2 imap-2007]# cp c-client/*.h /usr/local/web/imap-2007/include
[root@dev-2 imap-2007]# cp c-client/*.a /usr/local/web/imap-2007/lib
[root@dev-2 imap-2007]# cp c-client/*.c /usr/local/web/imap-2007/lib

One more article for installation process description http://www.directadmin.com/forum/showthread.php?s=&threadid=12430

libmbfl

libmbfl will be required as external if you need KOI8-U support for mbstring operation (please check PHP's included libmbfl for koi8-u files before).

Download libmbfl from svn:
svn checkout http://svn.sourceforge.jp/svnroot/php-i18n/libmbfl/trunk libmbfl

Download koi8-u (RFC2319) support patch Media:libmbfl.koi8-u.against-r467.v3.patch

Patch sources (check before if this patch was not applied before against trunk): 
patch -p0 < libmbfl.koi8-u.against-r467.v3.patch
Build and install
./buildconf; ./configure --prefix=/usr/local/web/libmbfl ; make; make install

libmcrypt

Download source from http://mcrypt.sourceforge.net/. Unpack, configure and install:
./configure --prefix=/usr/local/web/libmcrypt
make ; make install

libmhash

Download source from http://mhash.sourceforge.net/. Unpack, configure and install:
./configure --prefix=/usr/local/web/libmhash
make ; make install

php

Add paths of external libraries: /etc/ld.so.conf:
[...]
/usr/local/web/libmbfl/lib
/usr/local/web/libmcrypt/lib
/usr/local/web/libmhash/lib
[...]
Execute update script:
ldconfig
Download PHP source code from http://www.php.net/downloads.php. Unpack and configure:
./configure \
--prefix=/usr/local/web/php5 \
--with-apxs2=/usr/local/web/apache2/bin/apxs \
--with-mysql=/usr/local/web/mysql5 \
--with-gd=/usr \
--enable-gd-native-ttf=/usr \
--enable-ftp \
--with-zlib=/usr \
--with-openssl=/usr \
--with-jpeg-dir=/usr \
--with-png-dir=/usr \
--with-freetype-dir=/usr \
--enable-ftp \
--enable-mbstring \
--with-libmbfl=/usr/local/web/libmbfl \
--enable-mbregex \
--enable-dba=shared \
--with-gdbm=/usr \
--with-db4=/usr \
--with-libxml-dir=/usr \
--with-imap=/usr/local/web/imap-2007 \
--with-ldap \
--with-pear \
--with-mcrypt=/usr/local/web/libmcrypt \
--with-mhash=/usr/local/web/libmhash \
--with-iconv
Make and install
make ; make install

EGroupWare setup

Web server global configuration

Check if all required modules present in config file /usr/local/web/apache2/conf/httpd.conf
[...]
LoadModule php5_module        modules/libphp5.so
LoadModule auth_kerb_module   modules/mod_auth_kerb.so
LoadModule ssl_module         modules/mod_ssl.so
LoadModule perl_module        modules/mod_perl.so
[...]
Check if httpd to be run as apache2 user:
[...]
User apache2
Group apache2
[...]
Add mod_php5.c and mod_deflate.c additional configuration to config /usr/local/web/apache2/conf/httpd.conf
[...]
Include /var/web/addons.conf
[...]
/var/web/addons.conf
[...]
<IfModule mod_deflate.c>
    SetOutputFilter DEFLATE
    DeflateCompressionLevel 9
    DeflateFilterNote Input instream
    DeflateFilterNote Output outstream
    DeflateFilterNote Ratio ratio
    LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
</IfModule>


<IfModule mod_php5.c>
    AddType application/x-httpd-php .php
    php_admin_flag  engine Off
</IfModule>

<IfModule !mod_php5.c>
    <Files ~ '\.php$'>
        Order allow,deny
        Deny from all
        Allow from none
    </Files>
    <Files ~ '\.phps'>
        Order deny,allow
        Allow from all
    </Files>
</IfModule>

<Directory "/home/www">
    DirectoryIndex index.html index.php
#    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>
[...]

Doc root / home dir

We add user webmail to system. /etc/passwd:
[...]
webmail:x:501:501::/var/web/webmail:/bin/false
[...]
/etc/shadow:
[...]
webmail:*:12764:0:99999:7:::
[...]
/etc/group:
[...]
webmail:x:501
[...]
Create Appropriate directories for home, document root and datas and logs:
/var/web/webmail
|-- data
|   `-- egroupware
|       |-- db_backup
|       `-- files
|-- doc_root
|-- session
`-- tmp

Download eGroupWare and eGroupWare-egw-pear packages from http://www.egroupware.org/download. Unpack both packages to /var/web/webmail/doc_root.

Change owner/group and attributes on doc root:
chown -R webmail.apache2 /var/web/webmail
chmod -R u=rwx,g=rwx,o= /var/web/webmail

Virtual hosts configuration

We assume that web host name for will be mail.yourcomp.com.

First we will create a self-signed key+seritificate for operating with ssl mode (see [] for more details and other options):
openssl req -new -x509 -nodes -out /var/web/webmail/mail.yourcomp.com.crt -keyout /var/web/webmail/mail.yourcomp.com.key
Add mail.yourcomp.com custom additional configuration to config /usr/local/web/apache2/conf/httpd.conf
[...]
Include /var/web/webmail/mail.yourcomp.com.conf
[...]
/var/web/webmail/mail.yourcomp.com.conf :
# Non-secured virtual host will be used to redirect all
# requests to secured host
#
NameVirtualHost *:80
<VirtualHost *:80>
    SuexecUserGroup webmail webmail
    ServerAdmin root@yourcomp.com

    DocumentRoot /var/web/webmail/doc_root
    ServerName mail.yourcomp.com

    ErrorLog  /var/web/webmail/logs/error_log
    CustomLog /var/web/webmail/logs/access_log common

    <Directory /var/web/webmail/doc_root/>
        AllowOverride None
    </Directory>

    RewriteEngine On
    RewriteRule (.*)  https://%{SERVER_NAME}/ [L,R]

</VirtualHost>

# Secured host configuration
#
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
    SuexecUserGroup webmail webmail
    ServerAdmin root@yourcomp.com

    DocumentRoot /var/web/webmail/doc_root
    ServerName mail.yourcomp.com

    ErrorLog  /var/web/webmail/logs/error_log
    CustomLog /var/web/webmail/logs/access_log common

    <Directory /var/web/webmail/doc_root/>
        AllowOverride All
        Options +Includes +ExecCGI
    </Directory>

    <IfModule mod_deflate.c>
        CustomLog /var/web/webmail/logs/access_log-a deflate
    </IfModule>

    <IfModule ssl_module>
        SSLEngine On
        SSLProtocol all
        SSLVerifyClient none
        SSLCipherSuite HIGH:MEDIUM
        SSLCertificateFile    /var/web/webmail/mail.yourcomp.com.crt
        SSLCertificateKeyFile /var/web/webmail/mail.yourcomp.com.key
    </IfModule>

    <IfModule mod_php5.c>
        php_admin_flag  engine On
        php_admin_flag  safe_mode Off

        php_admin_value include_path ".:/var/web/webmail/doc_root/egroupware/egw-pear:/usr/local/web/php5/lib/php/PEAR:/usr/local/web/php5/lib/php"
        php_admin_value open_basedir "/var/web/webmail:/usr/local/web/php5/lib/php"

        php_admin_value doc_root "/var/web/webmail/doc_root"
        php_admin_flag  file_uploads On
        php_admin_value upload_tmp_dir "/var/web/webmail/tmp"
        php_admin_value upload_max_filesize "5000000"
        php_admin_value user_dir "/var/web/webmail"
        php_admin_value safe_mode_exec_dir "/var/web/webmail/bin"
        php_admin_flag  expose_php Off
        php_admin_value max_execution_time "300"
        php_admin_value session.save_path "/var/web/webmail/session"

    </IfModule>

</VirtualHost>

eGroupWare

Retrieved from "http://research.m1stereo.tv/wiki/index.php/EGroupWare"
Personal tools