Page tree
Skip to end of metadata
Go to start of metadata

Install WebApp

Debian and Ubuntu RHEL and CentOS SUSE

Install  Nginx and php-fpm

Debian Ubuntu RHEL and CentOS SUSE


Add a new pool in fpm for webapp

This is just an example. You need to adjust the child processes for you environment

listen =
user = www-data
group = www-data
listen.allowed_clients =
pm = dynamic
pm.max_children = 150
pm.start_servers = 35
pm.min_spare_servers = 20
pm.max_spare_servers = 50
pm.max_requests = 200
listen.backlog = -1
request_terminate_timeout = 120s
rlimit_files = 131072
rlimit_core = unlimited
catch_workers_output = yes

Restart FPM


$ sudo systemctl restart php5-fpm


$ sudo systemctl restart php-fpm

Nginx site

Depending on your distribution you need to create a new file in /etc/nginx/site-available or  /etc/nginx/conf.d

Change the servername, ssl_certificate and ssl_certificate_key

upstream php-handler {
    #server unix:/var/run/php5-fpm.sock;
	#server unix:/var/run/php7-fpm.sock;

 	listen 80;
	charset utf-8;
  	listen [::]:80;
  	server_name _;

  	location / {
    	rewrite   ^(.*)   https://$server_name$1 permanent;


server {
	charset utf-8;
    listen 443;
	listen [::]:443 ssl;
    server_name _;
    ssl on;
	client_max_body_size 1024m;
	ssl_certificate /path/to/fullchain.pem;
	ssl_certificate_key /path/to/privkey.pem;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    # ssl_dhparam require you to create a dhparam.pem, this takes a long time
    # ssl_dhparam /etc/ssl/certs/dhparam.pem;

	# add headers
	server_tokens off;
	add_header X-Frame-Options SAMEORIGIN;
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";

    location /webapp {
        alias /usr/share/kopano-webapp/;
        index index.php;
	location ~ /webapp/presence/ {
                rewrite ^/webapp/presence(/.*)$ $1 break;
                proxy_pass http://localhost:1234;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_http_version 1.1;


    location ~* ^/webapp/(.+\.php)$ {
        alias /usr/share/kopano-webapp/;

        # deny access to .htaccess files
        location ~ /\.ht {
                    deny all;

        fastcgi_param PHP_VALUE "
        fastcgi_param PHP_VALUE "post_max_size=31M

        include fastcgi_params;
        fastcgi_index index.php;
        #fastcgi_param HTTPS on;
        fastcgi_param SCRIPT_FILENAME $document_root$1;
        fastcgi_pass php-handler;
        access_log /var/log/nginx/kopano-webapp-access.log;
        error_log /var/log/nginx/kopano-webapp-error.log;

        # CSS and Javascript
        location ~* \.(?:css|js)$ {
            expires 1y;
            access_log off;
            add_header Cache-Control "public";

        # All (static) resources set to 2 months expiration time.
        location ~* \.(?:jpg|gif|png)$ {
            expires 2M;
            access_log off;
            add_header Cache-Control "public";

        # enable gzip compression
        gzip on;
        gzip_min_length  1100;
        gzip_buffers  4 32k;
        gzip_types    text/plain application/x-javascript text/xml text/css application/json;
        gzip_vary on;


map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;

To generate self-signed SSL keys

$ sudo mkdir -p /etc/nginx/ssl
$ sudo openssl req -new -x509 -days 365 -nodes -out /etc/nginx/ssl/nginx.pem -keyout /etc/nginx/ssl/nginx.key

Then optionally generate a dhparam.pem file (this is going to take a long time):

$ sudo cd /etc/ssl/certs && sudo openssl dhparam -out dhparam.pem 4096

And then uncomment the following line in your configuration file:

ssl_dhparam /etc/ssl/certs/dhparam.pem;

Enable the WebApp site

$ sudo ln -s /etc/nginx/sites-available/webapp.conf /etc/nginx/sites-enabled/

Check if the config is sane

$ sudo nginx  -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Reload NGINX with the new site

$ sudo systemctl reload nginx


Go to the url entered in the WebApp site (server_name)

  • No labels