Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Introduction

This document is intended as a base to quickly install Kopano Server and WebApp You will need a server with a supported distribution, i.e. Debian 7 and 8, Ubuntu 14.04 and 16.04, RHEL 6 and 7, CentOS 6 and 7 and SLES 12, and install Kopano Server packages, Kopano WebApp, Apache webserver and MySQL server.

(warning) To install Kopano on Univention, installation can be done via the marketplace.

Installation

Add repositories

Our repositories are available at https://download.kopano.io/supported/ for customers and partners with a valid subscription. The serial is needed to access these repositories.
Debian and Ubuntu RHEL and CentOS Suse 12

Install Kopano packages 

Core

We will now install kopano-server-packages and the MySQL server.

kopano-server-packages is a meta package that has a dependency to the basic kopano-core packages

The following is installed with kopano-server-packages

  • kopano-backup
  • kopano-dagent
  • kopano-gateway
  • kopano-ical
  • kopano-monitor
  • kopano-presence
  • kopano-search
  • kopano-server
  • kopano-spooler
  • kopano-utils
  • (and their dependencies)

Install Kopano and MySQL/MariaDB

Debian 8 RHEL/CentOS 7 Suse 12



Now create a Kopano user in the MySQL server.

$ sudo mysql -u root -p   
mysql> CREATE USER 'kopano'@'localhost' IDENTIFIED BY '<password>'; 
mysql> GRANT ALL PRIVILEGES ON kopano.* TO 'kopano'@'localhost';


Change the MySQL password in the /etc/kopano/server.cfg

/etc/kopano/server.cfg
# The user under which we connect with MySQL 
mysql_user = kopano 
# The password for the user (leave empty for no password)
mysql_password = <kopano-user-password>

 

There are several user plugins in Kopano, in this example we will use the ldap plugin.

If you don't have a working ldap enviroment then please read Install Kopano Core on Debian or Ubuntu with OpenLDAP

Change the user_plugin in the server.cfg 

user_plugin             = ldap

A example ldap config is located in /usr/share/doc/kopano/example-config

copy the example ldap.cfg

cp /usr/share/doc/kopano/example-config/ldap.cfg /etc/kopano/

Change the ldap.cfg

ldap.cfg
##############################################################
#  LDAP DIRECTORY USER PLUGIN SETTINGS
#

# Select implementation.
# If you have any reason to override settings from /usr/share/kopano/*.cfg,
# do so at the end of this (/etc-resident) config file.
#
!include /usr/share/kopano/ldap.openldap.cfg
#!include /usr/share/kopano/ldap.active-directory.cfg

# LDAP host name/IP address
ldap_host = <IP>

# LDAP port
# Optional, default = 389
# Use 636 for ldaps
#ldap_port = 389

# LDAP protocol
# Optional, default = ldap
# use 'ldaps' for Implicit SSL encryption. Make sure /etc/ldap/ldap.conf is
# configured correctly with TLS_CACERT
#ldap_protocol = ldap

# LDAP URI
# Optional, override ldap_host, ldap_port and ldap_protocol if set
# e.g. ldaps://servername:port. You may also specify multiple space-separated
# URIs
#ldap_uri =

# The charset that strings are stored in on the LDAP server. Normally this
# is utf-8, but this can differ according to your setup. The charset specified
# here must be supported by your iconv(1) setup. See iconv -l for all charset
#ldap_server_charset = utf-8

# The DN of the user to bind as for normal operations (not used for
# authentication if ldap_authentication_method is set to "bind".
# When empty, uses anonymous binding.
# The userPassword attribute must be readable for this user if the
# ldap_authentication_method option is set to password.
ldap_bind_user = <USER>

# LDAP bind password
ldap_bind_passwd = <PASSWORD>

# The timeout for network operations in seconds
#ldap_network_timeout = 30

# ldap_page_size limits the number of results from a query that will be downloaded at a time.
# Default ADS MaxPageSize is 1000.
#ldap_page_size = 1000

##########
# Object settings

# Top level search base, every object should be available under this tree
ldap_search_base = <SEARCH-BASE>

# Use custom defined LDAP property mappings
# This is not a requirement for most environments but allows custom mappings of
# special LDAP properties to custom MAPI attributes
#!propmap /etc/kopano/ldap.propmap.cfg



 

 

Now start  the kopano-server

$ sudo systemctl start kopano-server

To see if the kopano-server is started and contains users, use kopano-admin -l 

$ sudo kopano-admin -l
User list for Default(34):
	Username	Fullname			Homeserver	
	----------------------------------------------------------------
	SYSTEM		SYSTEM				Kopano	
	user2		Timmothy Schöwalter			
	user5		Joep Goderts				
	user6		Roy Pettersen				
	user7		Lívia Rocha				
	user8		Joakim Lunde				
	user9		स्‍वीकृती तिवारी			
	user10		红梅 容					
	user11		雪 何					
	user12		श्‍यामा श्रेष्ठ				
	user13		Klaus Dieter Segebahn			
	user14		Aleksandra Kade				
	user15		Alford Predovic				
	user16		Roberto Collins				
	user17		Owen Koster				
	user18		Florian de Roo				
	user19		Leopoldine Sauer			
	user20		Niko Liebelt				
	user21		建军 任					
	user22		Juliana Langern				
	user23		Katarina NO PUB CERT Sager		
	beamer		beamer					
	trainingroom	trainingroom				
	sharedbox	sharedbox				
	user4		चिरनजीवी र‌जितकार			
	user3		Marijn Peters				
	admin		admin					

Please check server.log in /var/log/kopano if you get the following error.

$ sudo kopano-admin -l
Unable to open Admin session: network error (0x80040115)
The server is not running, or not accessible through "default:".
Using the -v option (possibly multiple times) may give more hints.

 

WebApp

 

We will now install the main client of Kopano; WebApp

We already added the repository before so we only need to install it.

We will use NGINX as webserver because we also want to install Kopano WebMeetings 

Install WebApp

We will only install kopano-webapp, to see all available plugins use the command 'apt-cache search kopano-webapp' 

$ sudo apt install kopano-webapp


Install NGINX

We will use the version that is included in Debian

$ sudo apt install nginx-full php5-fpm

 

Add to this to /etc/nginx/sites-available/

change the servername, ssl_certificate and ssl_certificate_key

webapp.conf
server {
        listen 443 ssl;
		listen [::]:443 ssl;
        server_name <servername>;
        ssl on;
		client_max_body_size 1024m;
		ssl_certificate /path/to/certificate;
		ssl_certificate_key /path/to/private_key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256:AES128:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK ;
        ssl_prefer_server_ciphers on;
        #
        # ssl_dhparam require you to create a dhparam.pem, this takes a long time
        #ssl_dhparam /etc/ssl/certs/dhparam.pem;
        #

   
    	location /webapp {
        	alias /usr/share/kopano-webapp/;
	        index index.php;

    	}

	    location ~* ^/webapp/(.+\.php)$ {
    	    alias /usr/share/kopano-webapp/;


        	# deny access to .htaccess files
     	    location ~ /\.ht {
                    deny all;
        	}


        	fastcgi_param PHP_VALUE "
            	register_globals=off
	            magic_quotes_gpc=off
    	        magic_quotes_runtime=off
        	    post_max_size=31M
            	upload_max_filesize=30M
	        ";
    	    fastcgi_param PHP_VALUE "post_max_size=31M
                 upload_max_filesize=30M
                 max_execution_time=3660
        	";

	        include fastcgi_params;
    	    fastcgi_index index.php;
        	#fastcgi_param HTTPS on;
	        fastcgi_param SCRIPT_FILENAME $document_root$1;
    	    fastcgi_pass unix:/var/run/php5-fpm.sock;
        	access_log /var/log/nginx/kopano-webapp-access.log;
	        error_log /var/log/nginx/kopano-webapp-error.log;

	        # CSS and Javascript
	        location ~* \.(?:css|js)$ {
    	        expires 1y;
        	    access_log off;
            	add_header Cache-Control "public";
	        }

    	    # All (static) resources set to 2 months expiration time.
        	location ~* \.(?:jpg|gif|png)$ {
            	expires 2M;
	            access_log off;
    	        add_header Cache-Control "public";
        	}

	        # enable gzip compression
    	    gzip on;
	        gzip_min_length  1100;
    	    gzip_buffers  4 32k;
        	gzip_types    text/plain application/x-javascript text/xml text/css application/json;
	        gzip_vary on;	
	}

}

To generate self-signed SSL keys

$ sudo mkdir -p /etc/nginx/ssl
$ sudo openssl req -new -x509 -days 365 -nodes -out /etc/nginx/ssl/nginx.pem -keyout /etc/nginx/ssl/nginx.key


Then optionally generate a 
dhparam.pem file (this is going to take a long time):

$ sudo cd /etc/ssl/certs && sudo openssl dhparam -out dhparam.pem 4096

 

And then uncomment the following line in your configuration file:

/etc/nginx/sites-available/webapp.conf
ssl_dhparam /etc/ssl/certs/dhparam.pem;

Enable the WebApp site

$ sudo ln -s /etc/nginx/sites-available/webapp.conf /etc/nginx/sites-enabled/


Check if the config is sane

$ sudo nginx  -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Reload NGINX with the new site

$ sudo systemctl reload nginx

 

Go to the url entered in the WebApp site (server_name)

WebMeetings

We will now install Kopano WebMeetings.

We need an NGINX version >= 1.4  (NGINX supplied by Debian is 1.6)

$ sudo dpkg -l | grep nginx 
ii  nginx-common                    1.6.2-5+deb8u4            all          small, powerful, scalable web/proxy server - common files
ii  nginx-full                      1.6.2-5+deb8u4            amd64        nginx web/proxy server (standard version)

We wil now install kopano-webmeetings and kopano-webapp-plugin-meetings

$ sudo apt install kopano-webmeetings kopano-webapp-plugin-meetings

Add the following to /etc/nginx/sites-available/webapp.conf between the brackets " server { " and the closing " } "

       location /webmeetings {
                proxy_pass http://localhost:8090;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
				
				proxy_buffering on;
				proxy_ignore_client_abort off;
				proxy_redirect off;
				proxy_connect_timeout 90;
				proxy_send_timeout 90;
				proxy_read_timeout 90;
				proxy_buffer_size 4k;
				proxy_buffers 4 32k;
				proxy_busy_buffers_size 64k;
				proxy_temp_file_write_size 64k;
				proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;
        }

add this at the end of the config

map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
}

Full  webapp.conf example 

example site
server {
        listen 443 ssl;
		listen [::]:443 ssl;
        server_name webapp.example.com;
        ssl on;
		client_max_body_size 1024m;
		ssl_certificate /etc/nginx/ssl/nginx.pem;
		ssl_certificate_key /etc/nginx/ssl/nginx.pem;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout 5m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES128-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256:AES128:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK ;
        ssl_prefer_server_ciphers on;
        #
        # ssl_dhparam require you to create a dhparam.pem, this takes a long time
        #ssl_dhparam /etc/ssl/certs/dhparam.pem;
        #

   
    	location /webapp {
        	alias /usr/share/kopano-webapp/;
	        index index.php;

    	}

	    location ~* ^/webapp/(.+\.php)$ {
    	    alias /usr/share/kopano-webapp/;


        	# deny access to .htaccess files
     	    location ~ /\.ht {
                    deny all;
        	}


        	fastcgi_param PHP_VALUE "
            	register_globals=off
	            magic_quotes_gpc=off
    	        magic_quotes_runtime=off
        	    post_max_size=31M
            	upload_max_filesize=30M
	        ";
    	    fastcgi_param PHP_VALUE "post_max_size=31M
                 upload_max_filesize=30M
                 max_execution_time=3660
        	";

	        include fastcgi_params;
    	    fastcgi_index index.php;
        	#fastcgi_param HTTPS on;
	        fastcgi_param SCRIPT_FILENAME $document_root$1;
    	    fastcgi_pass unix:/var/run/php5-fpm.sock;
        	access_log /var/log/nginx/kopano-webapp-access.log;
	        error_log /var/log/nginx/kopano-webapp-error.log;

	        # CSS and Javascript
	        location ~* \.(?:css|js)$ {
    	        expires 1y;
        	    access_log off;
            	add_header Cache-Control "public";
	        }

    	    # All (static) resources set to 2 months expiration time.
        	location ~* \.(?:jpg|gif|png)$ {
            	expires 2M;
	            access_log off;
    	        add_header Cache-Control "public";
        	}

	        # enable gzip compression
    	    gzip on;
	        gzip_min_length  1100;
    	    gzip_buffers  4 32k;
        	gzip_types    text/plain application/x-javascript text/xml text/css application/json;
	        gzip_vary on;	
	}
 
    location /webmeetings {
                proxy_pass http://localhost:8090;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
				
				proxy_buffering on;
				proxy_ignore_client_abort off;
				proxy_redirect off;
				proxy_connect_timeout 90;
				proxy_send_timeout 90;
				proxy_read_timeout 90;
				proxy_buffer_size 4k;
				proxy_buffers 4 32k;
				proxy_busy_buffers_size 64k;
				proxy_temp_file_write_size 64k;
				proxy_next_upstream error timeout invalid_header http_502 http_503 http_504;	
	}


}

map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
}


Verify the configuration and restart NGINX

$ sudo nginx -t
$ sudo systemctl reload nginx

 

We need 2 secret keys that are 32 bytes long

xxd -ps -l 32 -c 32 /dev/random

In this example we will use the following keys

webmeetings shared secret = 423f4308d0ffbb8e6a589894f6eda003addf6da40932105991e1867a5bd9bdf6
presence shared secret = 8fb26dc0adccc82fcbc5c46f59973bbf83413c3a42e328de1214333b1815f422
 

 

Add the webmeetings  key in /etc/kopano/webmeetings.cfg 

sharedsecret_secret = 423f4308d0ffbb8e6a589894f6eda003addf6da40932105991e1867a5bd9bdf6

 

Add the presence key in /etc/kopano/presence.cfg

server_secret_key = 8fb26dc0adccc82fcbc5c46f59973bbf83413c3a42e328de1214333b1815f422

 

Add both keys in /etc/kopano/webapp/config-meetings.php

DEFINE('PLUGIN_SPREEDWEBRTC_USER_DEFAULT_ENABLE', true);

DEFINE('PLUGIN_SPREEDWEBRTC_WEBMEETINGS_SHARED_SECRET', '423f4308d0ffbb8e6a589894f6eda003addf6da40932105991e1867a5bd9bdf6');

DEFINE('PLUGIN_SPREEDWEBRTC_PRESENCE_SHARED_SECRET', '8fb26dc0adccc82fcbc5c46f59973bbf83413c3a42e328de1214333b1815f422');

 

You need to add a TURN server if you want to  be able to have people outside of your network connect to Webmeetings.

To simplify your setup Kopano provides a TURN service. Please fill out the form at https://portal.kopano.com/content/turn-server-access-request to obtain your personal credentials, a valid subscription is needed


Enable the TURN service

DEFINE('PLUGIN_SPREEDWEBRTC_TURN_USE_KOPANO_SERVICE', true);
DEFINE('PLUGIN_SPREEDWEBRTC_TURN_AUTHENTICATION_URL', 'https://turnauth.kopano.com/turnserverauth/');
DEFINE('PLUGIN_SPREEDWEBRTC_TURN_AUTHENTICATION_USER', 'turn-server-account-provided-by-kopano');
DEFINE('PLUGIN_SPREEDWEBRTC_TURN_AUTHENTICATION_PASSWORD', 'turn-server-password-provided-by-kopano');

Restart kopano-webmeetings and kopano-presence

$ sudo systemctl restart kopano-webmeetings
$ sudo systemctl restart kopano-presence

 

Open Kopano Webapp and you should be able to see this icon 

If not please enable the plugin first in WebApp settings.

Click on the icon and you should see the following

 

 

 

 


  • No labels