Kopano: Difference between revisions

From Alpine Linux
mNo edit summary
(fix openrc command names)
 
(5 intermediate revisions by one other user not shown)
Line 4: Line 4:
It comes with its own mysql based storage and CALDAV, IMAP, POP3, and SMTP gateways, and a web based interface to access the service.
It comes with its own mysql based storage and CALDAV, IMAP, POP3, and SMTP gateways, and a web based interface to access the service.
It implements support for quotas, internationalization, automatic archiving, backups, integrated file sharing over webdav, owncloud, or smb/cifs, and spam filtering.
It implements support for quotas, internationalization, automatic archiving, backups, integrated file sharing over webdav, owncloud, or smb/cifs, and spam filtering.
[https://pkgs.alpinelinux.org/packages?name=kopano-*&branch=edge Packages]


Currently, kopano is not available on riscv64, ppc64le, or mips64, because some dependencies of kopano-core, the server component, are not yet available on those platforms.
Currently, kopano is not available on riscv64, ppc64le, or mips64, because some dependencies of kopano-core, the server component, are not yet available on those platforms.
Line 12: Line 10:


The default values for all ACLs and users should work OOTB.
The default values for all ACLs and users should work OOTB.
By default, the users for kopano-server, -gateway, -ical, z-push, and the webapp are different from each other. *They are also different from the ones used in upstream kopano*.
'''By default, the users for kopano-server, -gateway, -ical, z-push, and the webapp are different from each other. They are also different from the ones used in upstream kopano'''.
This is done so each service can only access those resources it needs.
This is done so each service can only access those resources it needs.


Authentication against kopano-server is done via a user whitelist (root, kopano can auth as admin), when the UNIX socket is used, and via the selected user backend (unix system passwd, database, ldap).
Authentication against kopano-server is done via a user whitelist (root, same user as the daemon can auth as admin. This is hardcoded.), if the UNIX socket is used, and via the selected user backend (unix system passwd, database, ldap) depending on if the corresponding authentication plugin is configured independent on the socket used (can be disabled for the unix socket).


The manual at https://documentation.kopano.io/ covers all topics. This article only contains Alpine Linux specifics.
kopano can be integrated into an Active Directory (AD).


'''The manual at https://documentation.kopano.io/ covers all topics. This article only contains Alpine Linux specifics.
'''
== Services ==
== Services ==


Line 28: Line 28:
* Web    - web server via php  - tcp 443
* Web    - web server via php  - tcp 443
* activesync - zpush            - tcp 443
* activesync - zpush            - tcp 443
== Available Plugins ==
Currently the following plugins are packaged, each as its own package:
* desktopnotifications
* fetchmail
* filepreviewer
* files
* intranet
* mdm
* smime
* spellchecker
For the files plugin, the following backends are packaged:
* files-backend-owncloud
* files-backend-smb
For the spellchecker plugin, the following languagepacks are packaged:
* de-at
* de-ch
* de-de
* en-gb
* en-us
* es-es
* fr-fr
* it-it
* nl-nl
* pl-pl


== Installation ==
== Installation ==
Line 35: Line 64:
{{Cmd|apk add kopano-core kopano-core-doc kopano-webapp z-push}}
{{Cmd|apk add kopano-core kopano-core-doc kopano-webapp z-push}}


You also need a CGI capable webserver, like apache or nginx.
You also need a CGI capable webserver, like [[apache]] or [[nginx]].


2) Configuring mariadb
2) Configuring mariadb
Line 88: Line 117:
Example configuration files for nginx and apache are available in the /etc/webapps/ directories for z-push and kopano-webapp.
Example configuration files for nginx and apache are available in the /etc/webapps/ directories for z-push and kopano-webapp.
The configuration files for apache and nginx are just locations, not complete vhosts. Thus they need to be integrated into a vhost first.
The configuration files for apache and nginx are just locations, not complete vhosts. Thus they need to be integrated into a vhost first.
It is strongly advised to copy the complete files and not include them from their original location so the web server does not need to be able to access any configuration directories of kopano.
Make sure the user of the web server is part of the http group. This group is the owner of the unix sockets used by php-fpm for kopano-webapp and z-push.
Make sure the user of the web server is part of the http group. This group is the owner of the unix sockets used by php-fpm for kopano-webapp and z-push.


Line 96: Line 126:
{{Cmd|service php-fpm7 start}}
{{Cmd|service php-fpm7 start}}


8) Enabling the services
9) Starting the services


openrc units for kopano-dagent, -gateway, -ical, -monitor, -search, -server, -spamd, and -spooler are provided. Their dependencies to each other are expressed within the openrc files and should work OOTB.
openrc units for kopano-dagent, -gateway, -ical, -monitor, -search, -server, -spamd, and -spooler are provided. Their dependencies to each other are expressed within the openrc files and should work OOTB.


{{Cmd|for i in dagent gateway ical monitor search server spamd spooler; do
{{Cmd|for i in dagent gateway ical monitor search server spamd spooler; do
update-rc add kopano-$i default  
rc-service kopano-$i start
done
}}
 
 
10) Enabling the services
 
{{Cmd|for i in dagent gateway ical monitor search server spamd spooler; do
rc-update add kopano-$i default  
done
done
}}
}}

Latest revision as of 09:39, 17 November 2023

Kopano is a primarily Microsoft Outlook compatible groupware. It comes with its own mysql based storage and CALDAV, IMAP, POP3, and SMTP gateways, and a web based interface to access the service. It implements support for quotas, internationalization, automatic archiving, backups, integrated file sharing over webdav, owncloud, or smb/cifs, and spam filtering.

Currently, kopano is not available on riscv64, ppc64le, or mips64, because some dependencies of kopano-core, the server component, are not yet available on those platforms. kopano-webapp and z-push are currently build and tested against php7 on Alpine Linux. If it is upgraded to php8 or later, the configuration of parts like php-fpm8 (used by -webapp) will need to be updated to start automatically (using openrc). Management of kopano is possible via CLI using kopano-admin.

The default values for all ACLs and users should work OOTB. By default, the users for kopano-server, -gateway, -ical, z-push, and the webapp are different from each other. They are also different from the ones used in upstream kopano. This is done so each service can only access those resources it needs.

Authentication against kopano-server is done via a user whitelist (root, same user as the daemon can auth as admin. This is hardcoded.), if the UNIX socket is used, and via the selected user backend (unix system passwd, database, ldap) depending on if the corresponding authentication plugin is configured independent on the socket used (can be disabled for the unix socket).

kopano can be integrated into an Active Directory (AD).

The manual at https://documentation.kopano.io/ covers all topics. This article only contains Alpine Linux specifics.

Services

  • CALDAV - kopano-ical - tcp 443
  • MAPI - kopano-server - tcp 443
  • IMAPS - kopano-gateway - tcp 143, 993
  • POP3S - kopano-gateway - tcp 110, 995
  • SMTPS - postfix or other MTA - tcp 25,465,587
  • Web - web server via php - tcp 443
  • activesync - zpush - tcp 443


Available Plugins

Currently the following plugins are packaged, each as its own package:

  • desktopnotifications
  • fetchmail
  • filepreviewer
  • files
  • intranet
  • mdm
  • smime
  • spellchecker

For the files plugin, the following backends are packaged:

  • files-backend-owncloud
  • files-backend-smb

For the spellchecker plugin, the following languagepacks are packaged:

  • de-at
  • de-ch
  • de-de
  • en-gb
  • en-us
  • es-es
  • fr-fr
  • it-it
  • nl-nl
  • pl-pl

Installation

1) Install the packages

apk add kopano-core kopano-core-doc kopano-webapp z-push

You also need a CGI capable webserver, like apache or nginx.

2) Configuring mariadb

Configure mariadb and create a database "kopano" that is going to hold kopano's data. Create a user "kopano-core" that is going to be able to administrate that database. kopano-core will populate the database with the necessary data.

In a mysql shell (replace password with a random password used for the kopano user):

START TRANSACTION; CREATE DATABASE kopano; GRANT ALTER, CREATE, CREATE ROUTINE, DELETE, DROP, INDEX, INSERT, LOCK TABLES, \ SELECT, UPDATE ON kopano.* TO 'kopano'@'localhost' IDENTIFIED BY 'password'; COMMIT;

3) Preparing your MTA

kopano requires an MTA to deliver emails to the Internet. It is only capable of sending emails to a single host using a specific SMTP address.

For receiving emails, kopano-dagent needs to be integrated with postfix. For sending emails, kopano-spooler needs to be integrated with postfix. kopano-dagent can be integrated using lmtp. kopano-spooler can be integrated using an smtp socket on loopback, for example.

4) Configuring kopano-core

The configuration directory /etc/kopano/ is not populated with any configuration files by default. The default ones for Alpine Linux, meaning they are not the default ones, are available in `/usr/share/doc/kopano/example-config/`. Copy all of them to /etc/kopano/.

cp /usr/share/doc/kopano/example-config/*.cnf /etc/kopano/

In `/etc/kopano/server.conf`, put in the details to connect to your mariadb server in the mysql_* variables declared in the file, and configure any other necessary details, for example the TLS certificate and certificate chain.

Natively, kopano-core uses berkeley db (bsddb) to store some information used by kopano-search and some tools. Because Alpine Linux does not support bsddb anymore, this was patched to use mdbx instead.

5) configuring kopano-webapp

The directory /etc/webapps/kopano-webapp contains the configuration for kopano-webapp. The configuration files for the different plugins are provided to the application using a symlink for ease of administration. The default values were adjusted for Alpine Linux and should be fine.

6) configuring z-push

The directory /etc/webapps/z-push contains the configuration for z-push. The default values were adjusted for Alpine Linux and should be fine.

7) Configuring the web server

Example configuration files for nginx and apache are available in the /etc/webapps/ directories for z-push and kopano-webapp. The configuration files for apache and nginx are just locations, not complete vhosts. Thus they need to be integrated into a vhost first. It is strongly advised to copy the complete files and not include them from their original location so the web server does not need to be able to access any configuration directories of kopano. Make sure the user of the web server is part of the http group. This group is the owner of the unix sockets used by php-fpm for kopano-webapp and z-push.

8) configuring php-fpm

php-fpm should not require any additional configuration, except starting of the php-fpm daemon. kopano-webapp and z-push ship with php-fpm7 configuration files with the correct configuration for the group http to access the unix sockets they use.

service php-fpm7 start

9) Starting the services

openrc units for kopano-dagent, -gateway, -ical, -monitor, -search, -server, -spamd, and -spooler are provided. Their dependencies to each other are expressed within the openrc files and should work OOTB.

for i in dagent gateway ical monitor search server spamd spooler; do rc-service kopano-$i start done


10) Enabling the services

for i in dagent gateway ical monitor search server spamd spooler; do rc-update add kopano-$i default done