Nginx - Apache setup

Install nginx

Debian Ubuntu RHEL CentOS SUSE

Versions that are shipped with Debian/Ubuntu

OS	Nginx version
Debian 7	1.2.1-2
Debian 8	1.6.2-5
Debian 9	1.10.3-1
Ubuntu 14.04	1.4.6-1
Ubuntu 16.04	1.10.3

We are not covering the installation of Nginx through the repository of Nginx itself (Needed for Debian 7) See the howto on http://nginx.org/en/linux_packages.html for that.

$ sudo apt-get install nginx-light

To verify that we have the a version an above 1.4 run dpkg -l

Example output of Debian 8

$ sudo dpkg -l | grep nginx 
ii  nginx-common                    1.6.2-5+deb8u4            all          small, powerful, scalable web/proxy server - common files
ii  nginx-light                     1.6.2-5+deb8u4            amd64        nginx web/proxy server (standard version)

CentOS doesn't have Nginx by default so we using the Nginx repository.

Version	link
CentOS 6	http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
CentOS 7	http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

Install Nginx

install on CentOS 7

$ sudo rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

$ sudo yum install nginx-light

Install Nginx from the SUSE repository

$ sudo zypper install nginx

We wil now install kopano-webmeetings and kopano-webapp-plugin-meetings

Debian and Ubuntu RHEL and CentOS SUSE

Create a file called kopano.list in /etc/apt/sources.list.d/ and add the following.

Take note that the following is an example for Debian 8. Adjust them according to your specific distribution if needed, such as Ubuntu_16.04

#Core
deb https://serial:<INSERT_SERIALKEY>@download.kopano.io/supported/webmeetings:/final/Debian_8.0/ ./

Our packages are signed so we need to add the key as well.

$ sudo curl https://serial:<INSERT_SERIALKEY>@download.kopano.io/supported/webmeetings:/final/Debian_8.0/Release.key | apt-key add -

All our packages are signed by the same key so you only need to add the key once

Now install kopano-webmeetings

$ sudo apt-get update
$ sudo apt-get install kopano-webmeetings kopano-webapp-plugin-meetings

Create a file called kopano.repo in /etc/yum.repos.d/kopano.repo and add the following.

Take note that the following is an example for RHEL 7 and CentOS 7. Adjust them according to your specific distribution if needed

[Kopano-webmeetings] 
name=Final repository for Kopano-webmeetings (RHEL_7) 
type=rpm-md 
baseurl=https://serial:<INSERT_SERIALKEY>@download.kopano.io/supported/webmeetings:/final/RHEL_7/
gpgcheck=1
gpgkey=https://serial:<INSERT_SERIALKEY>@download.kopano.io/supported/webmeetings:/final/RHEL_7/repodata/repomd.xml.key
enabled=1

$ sudo yum update
$ sudo yum install kopano-webmeetings kopano-webapp-plugin-meetings

Create a file called kopano.repo in /etc/zypp/repos.d/kopano.repo and add the following.

Take note that the following is an example for SLE 12. Adjust them according to your specific distribution if needed.

[Kopano-webmeetings] 
enabled=1
autorefresh=0
baseurl=https://serial:<INSERT_SERIALKEY>@download.kopano.io/supported/webmeetings:/final/SLE_12/
gpgcheck=1
gpgkey=https://serial:<INSERT_SERIALKEY>@download.kopano.io/supported/webmeetings:/final/SLE_12/repodata/repomd.xml.key
type=rpm-md

$ sudo zypper update
$ sudo  zypper install kopano-webmeetings kopano-webapp-plugin-meetings

Configure Apache

We need to change to listen port of apache as they being used by Nginx

Debian and Ubuntu RHEL and CentOS SUSE

Edit /etc/apache2/ports.conf

NameVirtualHost *:8000 
Listen 127.0.0.1:8000

Disable the ssl module

$ sudo a2dismod ssl

To enable presence add te following to you apache webapp site /etc/apache2/sites-available/kopano-webapp.conf

Alias /webapp /usr/share/kopano-webapp
ProxyPass /webapp/presence http://localhost:1234/
ProxyPassReverse /webapp/presence http://localhost:1234/

Enable the proxy mod

$sudo a2enmod proxy
$sudo a2enmod proxy_http

Restart Apache

$ sudo service apache2 restart

Or use systemd

$ sudo systemctl restart apache2

Replace the listen value in

NameVirtualHost *:8000
Listen 127.0.0.1:8000

To enable presence add te following to you apache webapp site /etc/httpd/conf.d/kopano-webapp.conf

Alias /webapp /usr/share/kopano-webapp
ProxyPass /webapp/presence http://localhost:1234/
ProxyPassReverse /webapp/presence http://localhost:1234/

Restart Httpd

$ sudo service httpd restart

Or use systemd

$ sudo systemctl restart httpd

Edit /etc/apache2/listen.conf

NameVirtualHost *:8000 
Listen 127.0.0.1:8000

To enable presence add te following to you apache webapp site /etc/apache2/conf.d/kopano-webapp.conf

Alias /webapp /usr/share/kopano-webapp
ProxyPass /webapp/presence http://localhost:1234/
ProxyPassReverse /webapp/presence http://localhost:1234/

Enable the proxy mod

$sudo a2enmod proxy

Restart Apache

$ sudo service apache2 restart

Or use systemd

$ sudo systemctl restart apache2

Nginx configuration

Add the followin in a new set in you nginx site (/etc/nginx/site-sites-available or /etc/nginx/conf.d depending on your OS)

     server {
        listen 443 ssl;
        server_name _;
        ssl on;
        ssl_certificate /path/to/fullchain.pem;
    	ssl_certificate_key /path/to/privkey.pem;e
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256:AES128:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK ;
        ssl_prefer_server_ciphers on;
        #
        # ssl_dhparam require you to create a dhparam.pem, this takes a long time
        #ssl_dhparam /etc/ssl/certs/dhparam.pem;
        #
        location /webmeetings {
                proxy_pass http://localhost:8090;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
        location /webapp {
                proxy_pass http://localhost:8000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}
map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
}
proxy_buffering on;
proxy_ignore_client_abort off;
proxy_redirect off;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;

Add your certificate and certificate key at 'the ssl_certificate' and 'ssl_certificate_key ' parameters.

Make sure you have a dhparam.pem file in /etc/ssl/certs/ if not execute the following (this is going to take a long time)

cd /etc/ssl/certs && openssl dhparam -out dhparam.pem 4096

Verify if the Nginx config is valid

$ sudo nginx -t 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Now reload Nginx to use the new config

$ sudo systemctl reload nginx

Configure WebMeetings

We need 2 secret keys that are 32 bytes long

xxd -ps -l 32 -c 32 /dev/random

In this example we will use the following keys

webmeetings shared secret = 423f4308d0ffbb8e6a589894f6eda003addf6da40932105991e1867a5bd9bdf6
presence shared secret = 8fb26dc0adccc82fcbc5c46f59973bbf83413c3a42e328de1214333b1815f422

Add the webmeetings key in /etc/kopano/webmeetings.cfg

sharedsecret_secret = 423f4308d0ffbb8e6a589894f6eda003addf6da40932105991e1867a5bd9bdf6

Add the presence key in /etc/kopano/presence.cfg

server_secret_key = 8fb26dc0adccc82fcbc5c46f59973bbf83413c3a42e328de1214333b1815f422

Add both keys in /etc/kopano/webapp/config-meetings.php

/etc/kopano/webapp/config-meetings.php

DEFINE('PLUGIN_SPREEDWEBRTC_USER_DEFAULT_ENABLE', true);

DEFINE('PLUGIN_SPREEDWEBRTC_WEBMEETINGS_SHARED_SECRET', '423f4308d0ffbb8e6a589894f6eda003addf6da40932105991e1867a5bd9bdf6');

DEFINE('PLUGIN_SPREEDWEBRTC_PRESENCE_SHARED_SECRET', '8fb26dc0adccc82fcbc5c46f59973bbf83413c3a42e328de1214333b1815f422');

Open Kopano Webapp and you should be able to see this icon

If not please enable the plugin first in WebApp settings.

Click on the icon and you should see the following

Page tree

Nginx - Apache setup

Configure Apache

Nginx configuration

Configure WebMeetings