Kopano
Kopano is a primarily Microsoft Outlook compatible groupware. It comes with its own mysql based storage and CALDAV, IMAP, POP3, and SMTP gateways, and a web based interface to access the service. It implements support for quotas, internationalization, automatic archiving, backups, integrated file sharing over webdav, owncloud, or smb/cifs, and spam filtering.
Currently, kopano is not available on riscv64, ppc64le, or mips64, because some dependencies of kopano-core, the server component, are not yet available on those platforms. kopano-webapp and z-push are currently build and tested against php7 on Alpine Linux. If it is upgraded to php8 or later, the configuration of parts like php-fpm8 (used by -webapp) will need to be updated to start automatically (using openrc). Management of kopano is possible via CLI using kopano-admin.
The default values for all ACLs and users should work OOTB. By default, the users for kopano-server, -gateway, -ical, z-push, and the webapp are different from each other. *They are also different from the ones used in upstream kopano*. This is done so each service can only access those resources it needs.
Authentication against kopano-server is done via a user whitelist (root, kopano can auth as admin), when the UNIX socket is used, and via the selected user backend (unix system passwd, database, ldap).
The manual at https://documentation.kopano.io/ covers all topics. This article only contains Alpine Linux specifics.
Services
- CALDAV - kopano-ical - tcp 443
- MAPI - kopano-server - tcp 443
- IMAPS - kopano-gateway - tcp 143, 993
- POP3S - kopano-gateway - tcp 110, 995
- SMTPS - postfix or other MTA - tcp 25,465,587
- Web - web server via php - tcp 443
- activesync - zpush - tcp 443
Installation
1) Install the packages
apk add kopano-core kopano-core-doc kopano-webapp z-push
You also need a CGI capable webserver, like apache or nginx.
2) Configuring mariadb
Configure mariadb and create a database "kopano" that is going to hold kopano's data. Create a user "kopano-core" that is going to be able to administrate that database. kopano-core will populate the database with the necessary data.
In a mysql shell (replace password with a random password used for the kopano user):
START TRANSACTION; CREATE DATABASE kopano; GRANT ALTER, CREATE, CREATE ROUTINE, DELETE, DROP, INDEX, INSERT, LOCK TABLES, \ SELECT, UPDATE ON kopano.* TO 'kopano'@'localhost' IDENTIFIED BY 'password'; COMMIT;
3) Preparing your MTA
kopano requires an MTA to deliver emails to the Internet. It is only capable of sending emails to a single host using a specific SMTP address.
For receiving emails, kopano-dagent needs to be integrated with postfix. For sending emails, kopano-spooler needs to be integrated with postfix. kopano-dagent can be integrated using lmtp. kopano-spooler can be integrated using an smtp socket on loopback, for example.
4) Configuring kopano-core
The configuration directory /etc/kopano/ is not populated with any configuration files by default. The default ones for Alpine Linux, meaning they are not the default ones, are available in `/usr/share/doc/kopano/example-config/`. Copy all of them to /etc/kopano/.
cp /usr/share/doc/kopano/example-config/*.cnf /etc/kopano/
In `/etc/kopano/server.conf`, put in the details to connect to your mariadb server in the mysql_* variables declared in the file, and configure any other necessary details, for example the TLS certificate and certificate chain.
If you want to use kopano-ical, configure ical.cfg apropriately. If you want to use kopano-gateway, configure kopano-gateway apropriately.
Natively, kopano-core uses berkeley db (bsddb) to store some information used by kopano-search and some tools. Because Alpine Linux does not support bsddb anymore, this was patched to use mdbx instead.
5) configuring kopano-webapp
The directory /etc/webapps/kopano-webapp contains the configuration for kopano-webapp. The configuration files for the different plugins are provided using a symlink for ease of administration. The default values were adjusted for Alpine Linux and should be fine.
6) configuring z-push
The directory /etc/webapps/z-push contains the configuration for z-push. The default values were adjusted for Alpine Linux and should be fine.
7) Configuring the web server
Example configuration files for nginx and apache are available in the /etc/webapps/ directories for z-push and kopano-webapp. The configuration files for apache and nginx are just locations, not complete vhosts. Thus they need to be integrated into a vhost first.
8) configuring php-fpm
php-fpm should not require any additional configuration, except starting of the php-fpm daemon
service php-fpm7 start
8) Enabling the services
openrc units for kopano-dagent, -gateway, -ical, -monitor, -search, -server, -spamd, and -spooler are provided. Their dependencies to each other are expressed within the openrc files and should work OOTB.
update-rc.d add default