Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Tabs group
contentcolorgray-light


Debian Ubuntu

Versions that are shipped with Debian/Ubuntu

OSNginx version
Debian 71.2.1-2
Debian 81.6.2-5
Debian 91.10.3-1
Ubuntu 14.041.4.6-1
Ubuntu 16.041.10.3


We are not covering the installation of Nginx through the repository of Nginx itself (Needed for Debian 7) See the howto on http://nginx.org/en/linux_packages.html for that.


To verify that we have the a version an above 1.4 run dpkg -l

Example output of Debian 8



RHEL CentOS

CentOS doesn't have Nginx by default so we using the Nginx repository.

Versionlink
CentOS 6http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
CentOS 7

http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm


Install Nginx

bashinstall on CentOS 7




SUSE

Install Nginx from the SUSE repository




We wil now install kopano-webmeetings and kopano-webapp-plugin-meetings

Tabs group
bordervertical-sides
contentcolorgray-light
navcolornavy


Debian and Ubuntu

Create a file called kopano.list in /etc/apt/sources.list.d/  and add the following.

Take note that the following is an example for Debian 8. Adjust them according to your specific distribution if needed, such as Ubuntu_16.04

Our packages are signed so we need to add the key as well.

bash


All our packages are signed by the same key so you only need to add the key once


Now install kopano-webmeetings



RHEL and CentOS

Create a file called kopano.repo in /etc/yum.repos.d/kopano.repo and add the following.

Take note that the following is an example for RHEL 7 and CentOS 7. Adjust them according to your specific distribution if needed




SUSE

Create a file called kopano.repo in /etc/zypp/repos.d/kopano.repo and add the following.

Take note that the following is an example for SLE 12. Adjust them according to your specific distribution if needed.





Nginx configuration 

Depending on your Webapp configuration  you can run nginx infront of Apache or run a Nginx only setup

At the following part to the webapp site in nginx (/etc/nginx/site-sites-available or /etc/nginx/conf.d depending on you OS)

Code Block
       location /webmeetings {
                proxy_pass http://localhost:8090;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
				
				proxy_buffering on;
				proxy_ignore_client_abort off;
				proxy_redirect off;
				proxy_connect_timeout 90;
				proxy_send_timeout 90;
				proxy_read_timeout 90;
				proxy_buffer_size 4k;
				proxy_buffers 4 32k;
				proxy_busy_buffers_size 64k;
				proxy_temp_file_write_size 64k;
				proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
        }

Make sure this part is outside you server part

Code Block
map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
}

A full Webapp Webmeetings example

Code Block
collapsetrue
upstream php-handler {
    server 127.0.0.1:9002;
}



server {
	charset utf-8;
    listen 443 ssl;
    server_name _;
    ssl on;
	client_max_body_size 1024m;
	ssl_certificate /path/to/fullchain.pem;
	ssl_certificate_key /path/to/privkey.pem;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256:AES128:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK ;
    ssl_prefer_server_ciphers on;
    #
    # ssl_dhparam require you to create a dhparam.pem, this takes a long time
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    #
   
    location /webmeetings {
    	proxy_pass http://localhost:8090;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    

    location /webapp {
    	alias /usr/share/kopano-webapp/;
        index index.php;
	
		location ~ /webapp/presence/ {
    		rewrite ^/webapp/presence(/.*)$ $1 break;
	        proxy_pass http://localhost:1234;
    	    proxy_set_header Upgrade $http_upgrade;
        	proxy_set_header Connection "upgrade";
	        proxy_http_version 1.1;
        }

    }

    location ~* ^/webapp/(.+\.php)$ {
    	alias /usr/share/kopano-webapp/;


        # deny access to .htaccess files
        location ~ /\.ht {
        	deny all;
        }


        fastcgi_param PHP_VALUE "
        	register_globals=off
	        magic_quotes_gpc=off
	        magic_quotes_runtime=off
    	    post_max_size=31M
	        upload_max_filesize=30M
        ";
        
		fastcgi_param PHP_VALUE "post_max_size=31M
                 upload_max_filesize=30M
                 max_execution_time=3660
        ";

        include fastcgi_params;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$1;
        fastcgi_pass php-handler;
        access_log /var/log/nginx/kopano-webapp-access.log;
        error_log /var/log/nginx/kopano-webapp-error.log;

        # CSS and Javascript
        location ~* \.(?:css|js)$ {
            expires 1y;
            access_log off;
            add_header Cache-Control "public";
        }

        # All (static) resources set to 2 months expiration time.
        location ~* \.(?:jpg|gif|png)$ {
            expires 2M;
            access_log off;
            add_header Cache-Control "public";
        }

        # enable gzip compression
        gzip on;
        gzip_min_length  1100;
        gzip_buffers  4 32k;
        gzip_types    text/plain application/x-javascript text/xml text/css application/json;
        gzip_vary on;
        }

}

map $http_upgrade $connection_upgrade {	
	default upgrade;
    '' close;
}


Verify that the nginx config if valid

Code Block
$ sudo nginx -t 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Now reload Nginx to use the new config

Code Block
$ sudo systemctl reload nginx



Configure WebMeetings

We need 2 secret keys that are 32 bytes long

Code Block
xxd -ps -l 32 -c 32 /dev/random

In this example we will use the following keys

Code Block
webmeetings shared secret = 423f4308d0ffbb8e6a589894f6eda003addf6da40932105991e1867a5bd9bdf6
presence shared secret = 8fb26dc0adccc82fcbc5c46f59973bbf83413c3a42e328de1214333b1815f422


Add the webmeetings  key in /etc/kopano/webmeetings.cfg 

Code Block
sharedsecret_secret = 423f4308d0ffbb8e6a589894f6eda003addf6da40932105991e1867a5bd9bdf6


Add the presence key in /etc/kopano/presence.cfg

Code Block
server_secret_key = 8fb26dc0adccc82fcbc5c46f59973bbf83413c3a42e328de1214333b1815f422


Add both keys in /etc/kopano/webapp/config-meetings.php

Code Block
DEFINE('PLUGIN_SPREEDWEBRTC_USER_DEFAULT_ENABLE', true);

DEFINE('PLUGIN_SPREEDWEBRTC_WEBMEETINGS_SHARED_SECRET', '423f4308d0ffbb8e6a589894f6eda003addf6da40932105991e1867a5bd9bdf6');

DEFINE('PLUGIN_SPREEDWEBRTC_PRESENCE_SHARED_SECRET', '8fb26dc0adccc82fcbc5c46f59973bbf83413c3a42e328de1214333b1815f422');

Open Kopano Webapp and you should be able to see this icon 

If not please enable the plugin first in WebApp settings.

Click on the icon and you should see the following