EGroupWare

From M1Research

(Difference between revisions)
Jump to: navigation, search
(Virtual hosts configuration)
(Step 2 - Configuration)
 
(10 intermediate revisions not shown)
Line 224: Line 224:
</IfModule>
</IfModule>
-
<Directory "/home/www">
+
<Directory "/var/web">
     DirectoryIndex index.html index.php
     DirectoryIndex index.html index.php
#    Options Indexes FollowSymLinks
#    Options Indexes FollowSymLinks
Line 250: Line 250:
|      `-- files
|      `-- files
|-- doc_root
|-- doc_root
 +
|-- logs
|-- session
|-- session
`-- tmp</pre>
`-- tmp</pre>
Line 259: Line 260:
=== Virtual hosts configuration ===
=== Virtual hosts configuration ===
 +
We assume that web host name for will be <b>mail.yourcomp.com</b>.
 +
 +
First we will create a self-signed key+seritificate for operating with ssl mode (see [] for more details and other options):<pre>openssl req -new -x509 -nodes -out /var/web/webmail/mail.yourcomp.com.crt -keyout /var/web/webmail/mail.yourcomp.com.key</pre>
 +
 +
Add <b>mail.yourcomp.com</b> custom additional configuration to config <code>/usr/local/web/apache2/conf/httpd.conf</code><pre>[...]
 +
Include /var/web/webmail/mail.yourcomp.com.conf
 +
[...]</pre>
 +
 +
<code>/var/web/webmail/mail.yourcomp.com.conf</code> :<pre>
 +
# Non-secured virtual host will be used to redirect all
 +
# requests to secured host
 +
#
 +
NameVirtualHost *:80
 +
<VirtualHost *:80>
 +
    SuexecUserGroup webmail webmail
 +
    ServerAdmin root@yourcomp.com
 +
 +
    DocumentRoot /var/web/webmail/doc_root
 +
    ServerName mail.yourcomp.com
 +
 +
    ErrorLog  /var/web/webmail/logs/error_log
 +
    CustomLog /var/web/webmail/logs/access_log common
 +
 +
    <Directory /var/web/webmail/doc_root/>
 +
        AllowOverride None
 +
    </Directory>
 +
 +
    RewriteEngine On
 +
    RewriteRule (.*)  https://%{SERVER_NAME}/ [L,R]
 +
 +
</VirtualHost>
 +
 +
# Secured host configuration
 +
#
 +
Listen 443
 +
NameVirtualHost *:443
 +
<VirtualHost *:443>
 +
    SuexecUserGroup webmail webmail
 +
    ServerAdmin root@yourcomp.com
 +
 +
    DocumentRoot /var/web/webmail/doc_root
 +
    ServerName mail.yourcomp.com
 +
 +
    ErrorLog  /var/web/webmail/logs/error_log
 +
    CustomLog /var/web/webmail/logs/access_log common
 +
 +
    <Directory /var/web/webmail/doc_root/>
 +
        AllowOverride All
 +
        Options +Includes +ExecCGI
 +
    </Directory>
 +
 +
    <IfModule mod_deflate.c>
 +
        CustomLog /var/web/webmail/logs/access_log-a deflate
 +
    </IfModule>
 +
 +
    <IfModule ssl_module>
 +
        SSLEngine On
 +
        SSLProtocol all
 +
        SSLVerifyClient none
 +
        SSLCipherSuite HIGH:MEDIUM
 +
        SSLCertificateFile    /var/web/webmail/mail.yourcomp.com.crt
 +
        SSLCertificateKeyFile /var/web/webmail/mail.yourcomp.com.key
 +
    </IfModule>
 +
 +
    <IfModule mod_php5.c>
 +
        php_admin_flag  engine On
 +
        php_admin_flag  safe_mode Off
 +
 +
        php_admin_value include_path ".:/var/web/webmail/doc_root/egroupware/egw-pear:/usr/local/web/php5/lib/php/PEAR:/usr/local/web/php5/lib/php"
 +
        php_admin_value open_basedir "/var/web/webmail:/usr/local/web/php5/lib/php:/usr/local/web/php5/etc"
 +
 +
        php_admin_value doc_root "/var/web/webmail/doc_root"
 +
        php_admin_flag  file_uploads On
 +
        php_admin_value upload_tmp_dir "/var/web/webmail/tmp"
 +
        php_admin_value upload_max_filesize "5000000"
 +
        php_admin_value user_dir "/var/web/webmail"
 +
        php_admin_value safe_mode_exec_dir "/var/web/webmail/bin"
 +
        php_admin_flag  expose_php Off
 +
        php_admin_value max_execution_time "300"
 +
        php_admin_value session.save_path "/var/web/webmail/session"
 +
 +
    </IfModule>
 +
 +
</VirtualHost>
 +
 +
</pre>
=== eGroupWare ===
=== eGroupWare ===
 +
 +
==== mysql ====
 +
Add mysql database and user for operating of eGroupWare:<pre>[root@dev-2 webmail]# mysql -u root -p
 +
Enter password:
 +
Welcome to the MySQL monitor.  Commands end with ; or \g.
 +
Your MySQL connection id is 8
 +
Server version: 5.0.51 Source distribution
 +
 +
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
 +
 +
mysql> create database egroupware_main_db;
 +
Query OK, 1 row affected (0.08 sec)
 +
 +
mysql> GRANT ALL ON egroupware_main_db.* TO 'egroupware_user'@'localhost' IDENTIFIED BY 'PASSWORD_HERE';
 +
Query OK, 0 rows affected (0.08 sec)
 +
 +
mysql> FLUSH PRIVILEGES;
 +
Query OK, 0 rows affected (0.00 sec)
 +
 +
mysql> Bye
 +
[root@dev-2 webmail]#</pre>
 +
 +
==== header setup ====
 +
Start web service:<pre>[root@dev-2 webmail]# service apachectl start</pre>
 +
 +
Visit address <code>http://mail.yourcomp.com/egroupware</code>
 +
 +
After first start you will be proposed to check you installation. Goto <b>Run installation tests</b> point to check if all paths correct and required modules installed.
 +
 +
After you check installation goto <b>Continue to the Header Admin</b>. Set database connection attributes and Header/Config admin user/password pairs:
 +
 +
[[image:eGroupWare_header_setup.png]]
 +
 +
After all required fields compleated push <b>Write</b> button.
 +
 +
Next step is <b>Setup</b>. Goto to setup menu, login using ConfigAdmin account:
 +
 +
[[image:eGroupWare_config_login.png]]
 +
 +
==== Step 1 - Simple Application Management ====
 +
 +
Install application. Choose charset and push install all button:
 +
 +
[[image:eGroupWare_config_1_app_setup.png]]
 +
 +
==== Step 2 - Configuration ====
 +
 +
Setup paths where data and doc_root located:
 +
 +
[[image:eGroupWare_config_2_paths.png]]
 +
 +
Host information:
 +
 +
[[image:eGroupWare_config_2_host_info.png]]
 +
 +
Write you own addresses of IMAP and SMTP servers:
 +
 +
[[image:eGroupWare_config_2_mail_serv.png]]
 +
 +
Auth setup:
 +
*We will authentificate against mail server.
 +
*New users account will be stored in database and will not be deleted.
 +
*All new users got <b>Deny Access</b>. ACL will be configured by Admin group's users.
 +
 +
[[image:eGroupWare_config_2_auth.png]]
 +
 +
==== Step 3 - Admin Account ====
 +
 +
Add user account name to admin users group:
 +
 +
[[image:eGroupWare_config_3_admin_user.png]]
 +
 +
==== next.... ====
 +
 +
Next steps are very specific to your setup and well described in docs. See for more....

Latest revision as of 16:59, 10 January 2008

Contents

WEB server setup from scratch

We assume that all compiled software from sources will installed in /usr/local/web/<PRODUCT>.

mysql

Download mysql source from http://dev.mysql.com/downloads/mysql/5.0.html. Unpack and configure:

./configure \
--prefix=/usr/local/web/mysql5 \
--with-mysqld-user=mysql5 \
--with-extra-charsets=all \
--with-big-table \
--with-openssl

If configure exit successfully build it and install:

make ; make install
Configure executables path. .bash_profile:
[...]
PATH=$PATH:$HOME/bin:/usr/local/web/mysql5/bin
[...]
Configure libraries path. /etc/ld.so.conf
[...]
/usr/local/web/mysql5/lib
[...]
and update lib paths:
ldconfig

Add approriate system user mysql5 for mysql deamon.

/etc/passwd:
[...]
mysql5:x:98:98:Mysql:/usr/local/web/mysql5:/sbin/nologin
[...]
/etc/shadow:
[...]
mysql5:*:12764:0:99999:7:::
[...]
/etc/group:
[...]
mysql5:x:98:
[...]
Install initial database:
/usr/local/web/mysql5/bin/mysql_install_db
Change mysql binaries and data ownerships:
chown -R mysql5.mysql5 /usr/local/web/mysql5
Create symlink to start script:
ln -s /usr/local/web/mysql5/share/mysql/mysql.server /etc/rc.d/init.d/mysql5
Start mysql5 service:
service mysql5 start
Setup root's password
/usr/local/web/mysql5/bin/mysqladmin -u root password 'new-root-password'
Try to login to check if everything is OK:
[root@dev-2 mysql5]# /usr/local/web/mysql5/bin/mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.0.51 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| test               |
+--------------------+
3 rows in set (0.00 sec)

mysql>

apache

Download apache sources from http://httpd.apache.org/.

Unpack, configure:
./configure \
--enable-deflate \
--prefix=/usr/local/web/apache2 \
--enable-so \
--enable-modules=all \
--enable-mods-shared=all \
--enable-suexec \
--with-suexec-caller=apache2 \
--with-suexec-docroot=/var/web \
--with-ssl \
--enable-ssl
Make and make install:
make ; make install

Add approriate system user apache2 for apache deamon.

/etc/passwd:
[...]
apache2:x:97:97:Apache:/usr/local/web/apache2:/sbin/nologin
[...]
/etc/shadow:
[...]
apache2:*:12764:0:99999:7:::
[...]
/etc/group:
[...]
apache2:x:97:
[...]
Create symlink to start script:
ln -s /usr/local/web/apache2/bin/apachectl /etc/rc.d/init.d/apachectl

mod_perl

Download latest version from http://perl.apache.org/

Unpack and build:
perl Makefile.PL MP_APXS=/usr/local/web/apache2/bin/apxs
make and install
make ; make install

mod_auth_kerb

Download source from http://modauthkerb.sourceforge.net/.

Unpack and configure:
./configure --with-apache=/usr/local/web/apache2 --with-krb4=no
. Make and install
make ; make install

php

imap

imap support for PHP required imap-2007 package from ftp://ftp.cac.washington.edu/imap/. Download and unpack package:
gzip -cd imap-2007.tar.Z | tar xf -
cd imap-2007
Look at Makefile for appropriate build argument for your distro. We will use command to build:
make lfd IP6=4
Installation been done manualy
[root@dev-2 imap-2007]# mkdir -p /usr/local/web/imap-2007/lib
[root@dev-2 imap-2007]# mkdir -p /usr/local/web/imap-2007/include
[root@dev-2 imap-2007]# cp c-client/*.h /usr/local/web/imap-2007/include
[root@dev-2 imap-2007]# cp c-client/*.a /usr/local/web/imap-2007/lib
[root@dev-2 imap-2007]# cp c-client/*.c /usr/local/web/imap-2007/lib

One more article for installation process description http://www.directadmin.com/forum/showthread.php?s=&threadid=12430

libmbfl

libmbfl will be required as external if you need KOI8-U support for mbstring operation (please check PHP's included libmbfl for koi8-u files before).

Download libmbfl from svn:
svn checkout http://svn.sourceforge.jp/svnroot/php-i18n/libmbfl/trunk libmbfl

Download koi8-u (RFC2319) support patch Media:libmbfl.koi8-u.against-r467.v3.patch

Patch sources (check before if this patch was not applied before against trunk):
patch -p0 < libmbfl.koi8-u.against-r467.v3.patch
Build and install
./buildconf; ./configure --prefix=/usr/local/web/libmbfl ; make; make install

libmcrypt

Download source from http://mcrypt.sourceforge.net/. Unpack, configure and install:
./configure --prefix=/usr/local/web/libmcrypt
make ; make install

libmhash

Download source from http://mhash.sourceforge.net/. Unpack, configure and install:
./configure --prefix=/usr/local/web/libmhash
make ; make install

php

Add paths of external libraries: /etc/ld.so.conf:
[...]
/usr/local/web/libmbfl/lib
/usr/local/web/libmcrypt/lib
/usr/local/web/libmhash/lib
[...]
Execute update script:
ldconfig
Download PHP source code from http://www.php.net/downloads.php. Unpack and configure:
./configure \
--prefix=/usr/local/web/php5 \
--with-apxs2=/usr/local/web/apache2/bin/apxs \
--with-mysql=/usr/local/web/mysql5 \
--with-gd=/usr \
--enable-gd-native-ttf=/usr \
--enable-ftp \
--with-zlib=/usr \
--with-openssl=/usr \
--with-jpeg-dir=/usr \
--with-png-dir=/usr \
--with-freetype-dir=/usr \
--enable-ftp \
--enable-mbstring \
--with-libmbfl=/usr/local/web/libmbfl \
--enable-mbregex \
--enable-dba=shared \
--with-gdbm=/usr \
--with-db4=/usr \
--with-libxml-dir=/usr \
--with-imap=/usr/local/web/imap-2007 \
--with-ldap \
--with-pear \
--with-mcrypt=/usr/local/web/libmcrypt \
--with-mhash=/usr/local/web/libmhash \
--with-iconv
Make and install
make ; make install

EGroupWare setup

Web server global configuration

Check if all required modules present in config file /usr/local/web/apache2/conf/httpd.conf
[...]
LoadModule php5_module        modules/libphp5.so
LoadModule auth_kerb_module   modules/mod_auth_kerb.so
LoadModule ssl_module         modules/mod_ssl.so
LoadModule perl_module        modules/mod_perl.so
[...]
Check if httpd to be run as apache2 user:
[...]
User apache2
Group apache2
[...]
Add mod_php5.c and mod_deflate.c additional configuration to config /usr/local/web/apache2/conf/httpd.conf
[...]
Include /var/web/addons.conf
[...]
/var/web/addons.conf
[...]
<IfModule mod_deflate.c>
    SetOutputFilter DEFLATE
    DeflateCompressionLevel 9
    DeflateFilterNote Input instream
    DeflateFilterNote Output outstream
    DeflateFilterNote Ratio ratio
    LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
</IfModule>


<IfModule mod_php5.c>
    AddType application/x-httpd-php .php
    php_admin_flag  engine Off
</IfModule>

<IfModule !mod_php5.c>
    <Files ~ '\.php$'>
        Order allow,deny
        Deny from all
        Allow from none
    </Files>
    <Files ~ '\.phps'>
        Order deny,allow
        Allow from all
    </Files>
</IfModule>

<Directory "/var/web">
    DirectoryIndex index.html index.php
#    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>
[...]

Doc root / home dir

We add user webmail to system. /etc/passwd:
[...]
webmail:x:501:501::/var/web/webmail:/bin/false
[...]
/etc/shadow:
[...]
webmail:*:12764:0:99999:7:::
[...]
/etc/group:
[...]
webmail:x:501
[...]
Create Appropriate directories for home, document root and datas and logs:
/var/web/webmail
|-- data
|   `-- egroupware
|       |-- db_backup
|       `-- files
|-- doc_root
|-- logs
|-- session
`-- tmp

Download eGroupWare and eGroupWare-egw-pear packages from http://www.egroupware.org/download. Unpack both packages to /var/web/webmail/doc_root.

Change owner/group and attributes on doc root:
chown -R webmail.apache2 /var/web/webmail
chmod -R u=rwx,g=rwx,o= /var/web/webmail

Virtual hosts configuration

We assume that web host name for will be mail.yourcomp.com.

First we will create a self-signed key+seritificate for operating with ssl mode (see [] for more details and other options):
openssl req -new -x509 -nodes -out /var/web/webmail/mail.yourcomp.com.crt -keyout /var/web/webmail/mail.yourcomp.com.key
Add mail.yourcomp.com custom additional configuration to config /usr/local/web/apache2/conf/httpd.conf
[...]
Include /var/web/webmail/mail.yourcomp.com.conf
[...]
/var/web/webmail/mail.yourcomp.com.conf :
# Non-secured virtual host will be used to redirect all
# requests to secured host
#
NameVirtualHost *:80
<VirtualHost *:80>
    SuexecUserGroup webmail webmail
    ServerAdmin root@yourcomp.com

    DocumentRoot /var/web/webmail/doc_root
    ServerName mail.yourcomp.com

    ErrorLog  /var/web/webmail/logs/error_log
    CustomLog /var/web/webmail/logs/access_log common

    <Directory /var/web/webmail/doc_root/>
        AllowOverride None
    </Directory>

    RewriteEngine On
    RewriteRule (.*)  https://%{SERVER_NAME}/ [L,R]

</VirtualHost>

# Secured host configuration
#
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
    SuexecUserGroup webmail webmail
    ServerAdmin root@yourcomp.com

    DocumentRoot /var/web/webmail/doc_root
    ServerName mail.yourcomp.com

    ErrorLog  /var/web/webmail/logs/error_log
    CustomLog /var/web/webmail/logs/access_log common

    <Directory /var/web/webmail/doc_root/>
        AllowOverride All
        Options +Includes +ExecCGI
    </Directory>

    <IfModule mod_deflate.c>
        CustomLog /var/web/webmail/logs/access_log-a deflate
    </IfModule>

    <IfModule ssl_module>
        SSLEngine On
        SSLProtocol all
        SSLVerifyClient none
        SSLCipherSuite HIGH:MEDIUM
        SSLCertificateFile    /var/web/webmail/mail.yourcomp.com.crt
        SSLCertificateKeyFile /var/web/webmail/mail.yourcomp.com.key
    </IfModule>

    <IfModule mod_php5.c>
        php_admin_flag  engine On
        php_admin_flag  safe_mode Off

        php_admin_value include_path ".:/var/web/webmail/doc_root/egroupware/egw-pear:/usr/local/web/php5/lib/php/PEAR:/usr/local/web/php5/lib/php"
        php_admin_value open_basedir "/var/web/webmail:/usr/local/web/php5/lib/php:/usr/local/web/php5/etc"

        php_admin_value doc_root "/var/web/webmail/doc_root"
        php_admin_flag  file_uploads On
        php_admin_value upload_tmp_dir "/var/web/webmail/tmp"
        php_admin_value upload_max_filesize "5000000"
        php_admin_value user_dir "/var/web/webmail"
        php_admin_value safe_mode_exec_dir "/var/web/webmail/bin"
        php_admin_flag  expose_php Off
        php_admin_value max_execution_time "300"
        php_admin_value session.save_path "/var/web/webmail/session"

    </IfModule>

</VirtualHost>

eGroupWare

mysql

Add mysql database and user for operating of eGroupWare:
[root@dev-2 webmail]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.0.51 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database egroupware_main_db;
Query OK, 1 row affected (0.08 sec)

mysql> GRANT ALL ON egroupware_main_db.* TO 'egroupware_user'@'localhost' IDENTIFIED BY 'PASSWORD_HERE';
Query OK, 0 rows affected (0.08 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

mysql> Bye
[root@dev-2 webmail]#

header setup

Start web service:
[root@dev-2 webmail]# service apachectl start

Visit address http://mail.yourcomp.com/egroupware

After first start you will be proposed to check you installation. Goto Run installation tests point to check if all paths correct and required modules installed.

After you check installation goto Continue to the Header Admin. Set database connection attributes and Header/Config admin user/password pairs:

EGroupWare header setup.png

After all required fields compleated push Write button.

Next step is Setup. Goto to setup menu, login using ConfigAdmin account:

EGroupWare config login.png

Step 1 - Simple Application Management

Install application. Choose charset and push install all button:

EGroupWare config 1 app setup.png

Step 2 - Configuration

Setup paths where data and doc_root located:

EGroupWare config 2 paths.png

Host information:

EGroupWare config 2 host info.png

Write you own addresses of IMAP and SMTP servers:

EGroupWare config 2 mail serv.png

Auth setup:

  • We will authentificate against mail server.
  • New users account will be stored in database and will not be deleted.
  • All new users got Deny Access. ACL will be configured by Admin group's users.

EGroupWare config 2 auth.png

Step 3 - Admin Account

Add user account name to admin users group:

EGroupWare config 3 admin user.png

next....

Next steps are very specific to your setup and well described in docs. See for more....

Personal tools