Kopano: Difference between revisions

From Alpine Linux
(Initial version)
 
mNo edit summary
Line 101: Line 101:
openrc units for kopano-dagent, -gateway, -ical, -monitor, -search, -server, -spamd, and -spooler are provided. Their dependencies to each other are expressed within the openrc files and should work OOTB.
openrc units for kopano-dagent, -gateway, -ical, -monitor, -search, -server, -spamd, and -spooler are provided. Their dependencies to each other are expressed within the openrc files and should work OOTB.


{{Cmd|update-rc.d add default }}
{{Cmd|for i in dagent gateway ical monitor search server spamd spooler; do
update-rc add kopano-$i default  
done
}}

Revision as of 04:36, 20 August 2021

Kopano is a primarily Microsoft Outlook compatible groupware. It comes with its own mysql based storage and CALDAV, IMAP, POP3, and SMTP gateways, and a web based interface to access the service. It implements support for quotas, internationalization, automatic archiving, backups, integrated file sharing over webdav, owncloud, or smb/cifs, and spam filtering.

Packages

Currently, kopano is not available on riscv64, ppc64le, or mips64, because some dependencies of kopano-core, the server component, are not yet available on those platforms. kopano-webapp and z-push are currently build and tested against php7 on Alpine Linux. If it is upgraded to php8 or later, the configuration of parts like php-fpm8 (used by -webapp) will need to be updated to start automatically (using openrc). Management of kopano is possible via CLI using kopano-admin.

The default values for all ACLs and users should work OOTB. By default, the users for kopano-server, -gateway, -ical, z-push, and the webapp are different from each other. *They are also different from the ones used in upstream kopano*. This is done so each service can only access those resources it needs.

Authentication against kopano-server is done via a user whitelist (root, kopano can auth as admin), when the UNIX socket is used, and via the selected user backend (unix system passwd, database, ldap).

The manual at https://documentation.kopano.io/ covers all topics. This article only contains Alpine Linux specifics.

Services

  • CALDAV - kopano-ical - tcp 443
  • MAPI - kopano-server - tcp 443
  • IMAPS - kopano-gateway - tcp 143, 993
  • POP3S - kopano-gateway - tcp 110, 995
  • SMTPS - postfix or other MTA - tcp 25,465,587
  • Web - web server via php - tcp 443
  • activesync - zpush - tcp 443

Installation

1) Install the packages

apk add kopano-core kopano-core-doc kopano-webapp z-push

You also need a CGI capable webserver, like apache or nginx.

2) Configuring mariadb

Configure mariadb and create a database "kopano" that is going to hold kopano's data. Create a user "kopano-core" that is going to be able to administrate that database. kopano-core will populate the database with the necessary data.

In a mysql shell (replace password with a random password used for the kopano user):

START TRANSACTION; CREATE DATABASE kopano; GRANT ALTER, CREATE, CREATE ROUTINE, DELETE, DROP, INDEX, INSERT, LOCK TABLES, \ SELECT, UPDATE ON kopano.* TO 'kopano'@'localhost' IDENTIFIED BY 'password'; COMMIT;

3) Preparing your MTA

kopano requires an MTA to deliver emails to the Internet. It is only capable of sending emails to a single host using a specific SMTP address.

For receiving emails, kopano-dagent needs to be integrated with postfix. For sending emails, kopano-spooler needs to be integrated with postfix. kopano-dagent can be integrated using lmtp. kopano-spooler can be integrated using an smtp socket on loopback, for example.

4) Configuring kopano-core

The configuration directory /etc/kopano/ is not populated with any configuration files by default. The default ones for Alpine Linux, meaning they are not the default ones, are available in `/usr/share/doc/kopano/example-config/`. Copy all of them to /etc/kopano/.

cp /usr/share/doc/kopano/example-config/*.cnf /etc/kopano/

In `/etc/kopano/server.conf`, put in the details to connect to your mariadb server in the mysql_* variables declared in the file, and configure any other necessary details, for example the TLS certificate and certificate chain.

If you want to use kopano-ical, configure ical.cfg apropriately. If you want to use kopano-gateway, configure kopano-gateway apropriately.

Natively, kopano-core uses berkeley db (bsddb) to store some information used by kopano-search and some tools. Because Alpine Linux does not support bsddb anymore, this was patched to use mdbx instead.

5) configuring kopano-webapp

The directory /etc/webapps/kopano-webapp contains the configuration for kopano-webapp. The configuration files for the different plugins are provided using a symlink for ease of administration. The default values were adjusted for Alpine Linux and should be fine.

6) configuring z-push

The directory /etc/webapps/z-push contains the configuration for z-push. The default values were adjusted for Alpine Linux and should be fine.

7) Configuring the web server

Example configuration files for nginx and apache are available in the /etc/webapps/ directories for z-push and kopano-webapp. The configuration files for apache and nginx are just locations, not complete vhosts. Thus they need to be integrated into a vhost first.

8) configuring php-fpm

php-fpm should not require any additional configuration, except starting of the php-fpm daemon

service php-fpm7 start

8) Enabling the services

openrc units for kopano-dagent, -gateway, -ical, -monitor, -search, -server, -spamd, and -spooler are provided. Their dependencies to each other are expressed within the openrc files and should work OOTB.

for i in dagent gateway ical monitor search server spamd spooler; do update-rc add kopano-$i default done