Nextcloud and Open-Xchange: Difference between pages
(Difference between pages)
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
[https://wiki.open-xchange.com/wiki/index.php?title=AppSuite:Open-Xchange_Installation_Guide_for_RHEL8 AppSuite:Open-Xchange Installation Guide for RHEL8 & Derivatives] | |||
<pre> | <pre> | ||
#!/bin/bash | |||
# Enter domain, mx(local postfix), imap server, postmaster account password, and ox/mysql administrative password | |||
DOMAIN=domain.tld | |||
MX=localhost.localdomain | |||
IMAP=mx.domain.tld | |||
POSTMASTERPW=postpass | |||
MYSQLPW=mysqlpw | |||
[ ! $DOMAIN ] && echo "No domain" && exit 1 | |||
echo $DOMAIN | |||
[ ! $MX ] && echo "No mx" && exit 1 | |||
echo $MX | |||
[ ! $IMAP ] && echo "No mx" && exit 1 | |||
echo $IMAP | |||
[ ! $POSTMASTERPW ] && echo "No postmaster password" && exit 1 | |||
echo $POSTMASTERPW | |||
[ ! $MYSQLPW ] && echo "No MySQL/OX admin password" && exit 1 | |||
echo $MYSQLPW | |||
echo -e "[client]\nuser=root\npassword=$MYSQLPW\nhost=localhost" > $credfile | echo -e "[client]\nuser=root\npassword=$MYSQLPW\nhost=localhost" > $credfile | ||
# Disable SELinux | |||
setenforce 0 && sed -i -e 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config && getenforce | |||
# Open necessary firewall port, and disable selinux | |||
TAB="$(printf '\t')" && GREEN=$(tput setaf 2) && RED=$(tput setaf 1) && NORMAL=$(tput sgr0) && \ | |||
systemctl start firewalld && systemctl enable firewalld && \ | |||
ports=(80 443 3306) && \ | |||
for index in ${!ports[*]}; do echo -n "Opening port: ${ports[$index]} : ";tput setaf 2;firewall-cmd --zone=public --add-port=${ports[$index]}/tcp \ | |||
--permanent;tput sgr0; done && firewall-cmd --zone=public --add-port=53/udp --permanent && \ | |||
echo -n "Reload firewall settings : " && tput setaf 2 && firewall-cmd --reload && tput sgr0 | |||
dnf -y install mysql-server httpd postfix rsyslog | |||
systemctl enable --now httpd mysqld | |||
postconf maillog_file=/var/log/maillog | |||
systemctl enable --now postfix | |||
mysqladmin -uroot password $MYSQLPW | |||
mysqladmin --defaults-extra-file=$credfile reload | |||
mysqladmin --defaults-extra-file=$credfile refresh | |||
# Create OX repo | |||
OXREPO=/etc/yum.repos.d/ox.repo | |||
tee -a $OXREPO <<END | |||
[ox-appsuiteui] | |||
name=Open-Xchange-appsuiteui | |||
baseurl=https://software.open-xchange.com/products/appsuite/stable/appsuiteui/RHEL8/ | |||
gpgkey=https://software.open-xchange.com/0xDFD4BCF6-oxbuildkey.pub | |||
enabled=1 | |||
gpgcheck=1 | |||
metadata_expire=0m | |||
[ox-backend] | |||
name=Open-Xchange-backend | |||
baseurl=https://software.open-xchange.com/products/appsuite/stable/backend/RHEL8/ | |||
gpgkey=https://software.open-xchange.com/0xDFD4BCF6-oxbuildkey.pub | |||
enabled=1 | |||
gpgcheck=1 | |||
metadata_expire=0m | |||
# if you have a valid maintenance subscription, please uncomment the | |||
# following and add the ldb account data to the url so that the most recent | |||
# packages get installed | |||
[ox-updates-appsuiteui] | |||
name=Open-Xchange Updates-appsuiteui | |||
baseurl=https://LDBACCOUNT:LDBPASSWORD@software.open-xchange.com/products/appsuite/stable/appsuiteui/updates/RHEL8/ | |||
gpgkey=https://software.open-xchange.com/oxbuildkey.pub | |||
enabled=0 | |||
gpgcheck=1 | |||
metadata_expire=0m | |||
[ox-updates-backend] | |||
name=Open-Xchange Updates-backend | |||
baseurl=https://LDBACCOUNT:LDBPASSWORD@software.open-xchange.com/products/appsuite/stable/backend/updates/RHEL8/ | |||
gpgkey=https://software.open-xchange.com/oxbuildkey.pub | |||
enabled=0 | |||
gpgcheck=1 | |||
metadata_expire=0m | |||
END | |||
# Install Open Xchange | |||
dnf install open-xchange \ | |||
open-xchange-authentication-database \ | |||
open-xchange-grizzly open-xchange-admin \ | |||
open-xchange-appsuite open-xchange-appsuite-backend \ | |||
open-xchange-appsuite-manifest | |||
echo PATH=$PATH:/opt/open-xchange/sbin/ >> ~/.bashrc && . ~/.bashrc | |||
mysql --defaults-extra-file=/root/sql.cnf -e "CREATE USER 'openexchange'@'localhost' IDENTIFIED BY '$MYSQLPW'" | |||
mysql --defaults-extra-file=/root/sql.cnf -e "GRANT ALL PRIVILEGES ON *.* TO openexchange@localhost" | |||
/opt/open-xchange/sbin/initconfigdb --configdb-pass=$MYSQLPW | |||
/opt/open-xchange/sbin/oxinstaller --no-license --servername=oxserver --configdb-pass=$MYSQLPW \ | |||
--master-pass=$MYSQLPW --network-listener-host=localhost --servermemory 2048 | |||
systemctl enable --now open-xchange | |||
systemctl status open-xchange | |||
mkdir /var/opt/filestore | |||
chown open-xchange:open-xchange /var/opt/filestore | |||
/opt/open-xchange/sbin/registerfilestore -A oxadminmaster -P $MYSQLPW -t file:/var/opt/filestore -s 1000000 | |||
/opt/open-xchange/sbin/registerdatabase -A oxadminmaster -P $MYSQLPW -n oxdatabase -p $MYSQLPW -m true | |||
mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.bak | |||
# OX Apache configuration & proxy | |||
OXPROXY=/etc/httpd/conf.d/proxy_http.conf | |||
OXCONF=/etc/httpd/conf.d/ox.conf | |||
tee -a $OXPROXY <<END | |||
LoadModule proxy_http_module modules/mod_proxy_http.so | |||
<IfModule mod_proxy_http.c> | |||
ProxyRequests Off | |||
ProxyStatus On | |||
# When enabled, this option will pass the Host: line from the incoming request to the proxied host. | |||
ProxyPreserveHost On | |||
# Please note that the servlet path to the soap API has changed: | |||
<Location /webservices> | |||
# restrict access to the soap provisioning API | |||
Order Deny,Allow | |||
Deny from all | |||
Allow from 127.0.0.1 | |||
# you might add more ip addresses / networks here | |||
# Allow from 192.168 10 172.16 | |||
</Location> | |||
# The old path is kept for compatibility reasons | |||
<Location /servlet/axis2/services> | |||
Order Deny,Allow | |||
Deny from all | |||
Allow from 127.0.0.1 | |||
</Location> | |||
# Enable the balancer manager mentioned in | |||
# https://oxpedia.org/wiki/index.php?title=AppSuite:Running_a_cluster#Updating_a_Cluster | |||
<IfModule mod_status.c> | |||
<Location /balancer-manager> | |||
SetHandler balancer-manager | |||
Order Deny,Allow | |||
Deny from all | |||
Allow from 127.0.0.1 | |||
</Location> | |||
</IfModule> | |||
<Proxy balancer://oxcluster> | |||
Order deny,allow | |||
Allow from all | |||
# multiple server setups need to have the hostname inserted instead localhost | |||
BalancerMember http://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1 | |||
# Enable and maybe add additional hosts running OX here | |||
# BalancerMember http://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2 | |||
ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On | |||
SetEnv proxy-initial-not-pooled | |||
SetEnv proxy-sendchunked | |||
</Proxy> | |||
# The standalone documentconverter(s) within your setup (if installed) | |||
# Make sure to restrict access to backends only | |||
# See: http://httpd.apache.org/docs/$YOUR_VERSION/mod/mod_authz_host.html#allow for more infos | |||
#<Proxy balancer://oxcluster_docs> | |||
# Order Deny,Allow | |||
# Deny from all | |||
# Allow from backend1IP | |||
# BalancerMember http://converter_host:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 keepalive=On route=APP3 | |||
# ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On | |||
# SetEnv proxy-initial-not-pooled | |||
# SetEnv proxy-sendchunked | |||
#</Proxy> | |||
# Define another Proxy Container with different timeout for the sync clients. Microsoft recommends a minimum value of 15 minutes. | |||
# Setting the value lower than the one defined as com.openexchange.usm.eas.ping.max_heartbeat in eas.properties will lead to connection | |||
# timeouts for clients. See http://support.microsoft.com/?kbid=905013 for additional information. | |||
# | |||
# NOTE for Apache versions < 2.4: | |||
# When using a single node system or using BalancerMembers that are assigned to other balancers please add a second hostname for that | |||
# BalancerMember's IP so Apache can treat it as additional BalancerMember with a different timeout. | |||
# | |||
# Example from /etc/hosts: 127.0.0.1 localhost localhost_sync | |||
# | |||
# Alternatively select one or more hosts of your cluster to be restricted to handle only eas/usm requests | |||
<Proxy balancer://eas_oxcluster> | |||
Order deny,allow | |||
Allow from all | |||
# multiple server setups need to have the hostname inserted instead localhost | |||
BalancerMember http://localhost_sync:8009 timeout=1900 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1 | |||
# Enable and maybe add additional hosts running OX here | |||
# BalancerMember http://oxhost2:8009 timeout=1900 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2 | |||
ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On | |||
SetEnv proxy-initial-not-pooled | |||
SetEnv proxy-sendchunked | |||
</Proxy> | |||
# When specifying additional mappings via the ProxyPass directive be aware that the first matching rule wins. Overlapping urls of | |||
# mappings have to be ordered from longest URL to shortest URL. | |||
# | |||
# Example: | |||
# ProxyPass /ajax balancer://oxcluster_with_100s_timeout/ajax | |||
# ProxyPass /ajax/test balancer://oxcluster_with_200s_timeout/ajax/test | |||
# | |||
# Requests to /ajax/test would have a timeout of 100s instead of 200s | |||
# | |||
# See: | |||
# - http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass Ordering ProxyPass Directives | |||
# - http://httpd.apache.org/docs/current/mod/mod_proxy.html#workers Worker Sharing | |||
ProxyPass /ajax balancer://oxcluster/ajax | |||
ProxyPass /appsuite/api balancer://oxcluster/ajax | |||
ProxyPass /drive balancer://oxcluster/drive | |||
ProxyPass /infostore balancer://oxcluster/infostore | |||
ProxyPass /realtime balancer://oxcluster/realtime | |||
ProxyPass /servlet balancer://oxcluster/servlet | |||
ProxyPass /webservices balancer://oxcluster/webservices | |||
#ProxyPass /documentconverterws balancer://oxcluster_docs/documentconverterws | |||
ProxyPass /usm-json balancer://eas_oxcluster/usm-json | |||
ProxyPass /Microsoft-Server-ActiveSync balancer://eas_oxcluster/Microsoft-Server-ActiveSync | |||
</IfModule> | |||
END | |||
tee -a $OXCONF <<END | |||
<VirtualHost *:80> | |||
ServerAdmin webmaster@localhost | |||
DocumentRoot /var/www/html/ | |||
<Directory /var/www/html/> | |||
Options -Indexes +FollowSymLinks +MultiViews | |||
AllowOverride None | |||
Order allow,deny | |||
allow from all | |||
RedirectMatch ^/$ /appsuite/ | |||
</Directory> | |||
<Directory /var/www/html/appsuite> | |||
Options None +SymLinksIfOwnerMatch | |||
AllowOverride Indexes FileInfo | |||
</Directory> | |||
</VirtualHost> | |||
END | |||
systemctl restart httpd | |||
# Create context | |||
/opt/open-xchange/sbin/createcontext -A oxadminmaster -P $MYSQLPW -c 1 -u oxadmin -d "Cntxt Admin" -g Admin \ | |||
-s User -p $MYSQLPW -L defaultcontext -e oxadmin@${DOMAIN} -q 1024 --access-combination-name=groupware_standard | |||
# Create user with above context | |||
/opt/open-xchange/sbin/createuser -c 1 -A oxadmin -P $MYSQLPW -u postmaster -d "Postmaster ($DOMAIN)" -g $DOMAIN \ | |||
-s User -p $POSTMASTERPW -e postmaster@${DOMAIN} --imaplogin postmaster@${DOMAIN} --imapserver $IMAP --smtpserver $MX | |||
</pre> | </pre> |
Revision as of 13:39, 27 March 2024
AppSuite:Open-Xchange Installation Guide for RHEL8 & Derivatives
#!/bin/bash # Enter domain, mx(local postfix), imap server, postmaster account password, and ox/mysql administrative password DOMAIN=domain.tld MX=localhost.localdomain IMAP=mx.domain.tld POSTMASTERPW=postpass MYSQLPW=mysqlpw [ ! $DOMAIN ] && echo "No domain" && exit 1 echo $DOMAIN [ ! $MX ] && echo "No mx" && exit 1 echo $MX [ ! $IMAP ] && echo "No mx" && exit 1 echo $IMAP [ ! $POSTMASTERPW ] && echo "No postmaster password" && exit 1 echo $POSTMASTERPW [ ! $MYSQLPW ] && echo "No MySQL/OX admin password" && exit 1 echo $MYSQLPW echo -e "[client]\nuser=root\npassword=$MYSQLPW\nhost=localhost" > $credfile # Disable SELinux setenforce 0 && sed -i -e 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config && getenforce # Open necessary firewall port, and disable selinux TAB="$(printf '\t')" && GREEN=$(tput setaf 2) && RED=$(tput setaf 1) && NORMAL=$(tput sgr0) && \ systemctl start firewalld && systemctl enable firewalld && \ ports=(80 443 3306) && \ for index in ${!ports[*]}; do echo -n "Opening port: ${ports[$index]} : ";tput setaf 2;firewall-cmd --zone=public --add-port=${ports[$index]}/tcp \ --permanent;tput sgr0; done && firewall-cmd --zone=public --add-port=53/udp --permanent && \ echo -n "Reload firewall settings : " && tput setaf 2 && firewall-cmd --reload && tput sgr0 dnf -y install mysql-server httpd postfix rsyslog systemctl enable --now httpd mysqld postconf maillog_file=/var/log/maillog systemctl enable --now postfix mysqladmin -uroot password $MYSQLPW mysqladmin --defaults-extra-file=$credfile reload mysqladmin --defaults-extra-file=$credfile refresh # Create OX repo OXREPO=/etc/yum.repos.d/ox.repo tee -a $OXREPO <<END [ox-appsuiteui] name=Open-Xchange-appsuiteui baseurl=https://software.open-xchange.com/products/appsuite/stable/appsuiteui/RHEL8/ gpgkey=https://software.open-xchange.com/0xDFD4BCF6-oxbuildkey.pub enabled=1 gpgcheck=1 metadata_expire=0m [ox-backend] name=Open-Xchange-backend baseurl=https://software.open-xchange.com/products/appsuite/stable/backend/RHEL8/ gpgkey=https://software.open-xchange.com/0xDFD4BCF6-oxbuildkey.pub enabled=1 gpgcheck=1 metadata_expire=0m # if you have a valid maintenance subscription, please uncomment the # following and add the ldb account data to the url so that the most recent # packages get installed [ox-updates-appsuiteui] name=Open-Xchange Updates-appsuiteui baseurl=https://LDBACCOUNT:LDBPASSWORD@software.open-xchange.com/products/appsuite/stable/appsuiteui/updates/RHEL8/ gpgkey=https://software.open-xchange.com/oxbuildkey.pub enabled=0 gpgcheck=1 metadata_expire=0m [ox-updates-backend] name=Open-Xchange Updates-backend baseurl=https://LDBACCOUNT:LDBPASSWORD@software.open-xchange.com/products/appsuite/stable/backend/updates/RHEL8/ gpgkey=https://software.open-xchange.com/oxbuildkey.pub enabled=0 gpgcheck=1 metadata_expire=0m END # Install Open Xchange dnf install open-xchange \ open-xchange-authentication-database \ open-xchange-grizzly open-xchange-admin \ open-xchange-appsuite open-xchange-appsuite-backend \ open-xchange-appsuite-manifest echo PATH=$PATH:/opt/open-xchange/sbin/ >> ~/.bashrc && . ~/.bashrc mysql --defaults-extra-file=/root/sql.cnf -e "CREATE USER 'openexchange'@'localhost' IDENTIFIED BY '$MYSQLPW'" mysql --defaults-extra-file=/root/sql.cnf -e "GRANT ALL PRIVILEGES ON *.* TO openexchange@localhost" /opt/open-xchange/sbin/initconfigdb --configdb-pass=$MYSQLPW /opt/open-xchange/sbin/oxinstaller --no-license --servername=oxserver --configdb-pass=$MYSQLPW \ --master-pass=$MYSQLPW --network-listener-host=localhost --servermemory 2048 systemctl enable --now open-xchange systemctl status open-xchange mkdir /var/opt/filestore chown open-xchange:open-xchange /var/opt/filestore /opt/open-xchange/sbin/registerfilestore -A oxadminmaster -P $MYSQLPW -t file:/var/opt/filestore -s 1000000 /opt/open-xchange/sbin/registerdatabase -A oxadminmaster -P $MYSQLPW -n oxdatabase -p $MYSQLPW -m true mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.bak # OX Apache configuration & proxy OXPROXY=/etc/httpd/conf.d/proxy_http.conf OXCONF=/etc/httpd/conf.d/ox.conf tee -a $OXPROXY <<END LoadModule proxy_http_module modules/mod_proxy_http.so <IfModule mod_proxy_http.c> ProxyRequests Off ProxyStatus On # When enabled, this option will pass the Host: line from the incoming request to the proxied host. ProxyPreserveHost On # Please note that the servlet path to the soap API has changed: <Location /webservices> # restrict access to the soap provisioning API Order Deny,Allow Deny from all Allow from 127.0.0.1 # you might add more ip addresses / networks here # Allow from 192.168 10 172.16 </Location> # The old path is kept for compatibility reasons <Location /servlet/axis2/services> Order Deny,Allow Deny from all Allow from 127.0.0.1 </Location> # Enable the balancer manager mentioned in # https://oxpedia.org/wiki/index.php?title=AppSuite:Running_a_cluster#Updating_a_Cluster <IfModule mod_status.c> <Location /balancer-manager> SetHandler balancer-manager Order Deny,Allow Deny from all Allow from 127.0.0.1 </Location> </IfModule> <Proxy balancer://oxcluster> Order deny,allow Allow from all # multiple server setups need to have the hostname inserted instead localhost BalancerMember http://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1 # Enable and maybe add additional hosts running OX here # BalancerMember http://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2 ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On SetEnv proxy-initial-not-pooled SetEnv proxy-sendchunked </Proxy> # The standalone documentconverter(s) within your setup (if installed) # Make sure to restrict access to backends only # See: http://httpd.apache.org/docs/$YOUR_VERSION/mod/mod_authz_host.html#allow for more infos #<Proxy balancer://oxcluster_docs> # Order Deny,Allow # Deny from all # Allow from backend1IP # BalancerMember http://converter_host:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 keepalive=On route=APP3 # ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On # SetEnv proxy-initial-not-pooled # SetEnv proxy-sendchunked #</Proxy> # Define another Proxy Container with different timeout for the sync clients. Microsoft recommends a minimum value of 15 minutes. # Setting the value lower than the one defined as com.openexchange.usm.eas.ping.max_heartbeat in eas.properties will lead to connection # timeouts for clients. See http://support.microsoft.com/?kbid=905013 for additional information. # # NOTE for Apache versions < 2.4: # When using a single node system or using BalancerMembers that are assigned to other balancers please add a second hostname for that # BalancerMember's IP so Apache can treat it as additional BalancerMember with a different timeout. # # Example from /etc/hosts: 127.0.0.1 localhost localhost_sync # # Alternatively select one or more hosts of your cluster to be restricted to handle only eas/usm requests <Proxy balancer://eas_oxcluster> Order deny,allow Allow from all # multiple server setups need to have the hostname inserted instead localhost BalancerMember http://localhost_sync:8009 timeout=1900 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1 # Enable and maybe add additional hosts running OX here # BalancerMember http://oxhost2:8009 timeout=1900 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2 ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On SetEnv proxy-initial-not-pooled SetEnv proxy-sendchunked </Proxy> # When specifying additional mappings via the ProxyPass directive be aware that the first matching rule wins. Overlapping urls of # mappings have to be ordered from longest URL to shortest URL. # # Example: # ProxyPass /ajax balancer://oxcluster_with_100s_timeout/ajax # ProxyPass /ajax/test balancer://oxcluster_with_200s_timeout/ajax/test # # Requests to /ajax/test would have a timeout of 100s instead of 200s # # See: # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass Ordering ProxyPass Directives # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#workers Worker Sharing ProxyPass /ajax balancer://oxcluster/ajax ProxyPass /appsuite/api balancer://oxcluster/ajax ProxyPass /drive balancer://oxcluster/drive ProxyPass /infostore balancer://oxcluster/infostore ProxyPass /realtime balancer://oxcluster/realtime ProxyPass /servlet balancer://oxcluster/servlet ProxyPass /webservices balancer://oxcluster/webservices #ProxyPass /documentconverterws balancer://oxcluster_docs/documentconverterws ProxyPass /usm-json balancer://eas_oxcluster/usm-json ProxyPass /Microsoft-Server-ActiveSync balancer://eas_oxcluster/Microsoft-Server-ActiveSync </IfModule> END tee -a $OXCONF <<END <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html/ <Directory /var/www/html/> Options -Indexes +FollowSymLinks +MultiViews AllowOverride None Order allow,deny allow from all RedirectMatch ^/$ /appsuite/ </Directory> <Directory /var/www/html/appsuite> Options None +SymLinksIfOwnerMatch AllowOverride Indexes FileInfo </Directory> </VirtualHost> END systemctl restart httpd # Create context /opt/open-xchange/sbin/createcontext -A oxadminmaster -P $MYSQLPW -c 1 -u oxadmin -d "Cntxt Admin" -g Admin \ -s User -p $MYSQLPW -L defaultcontext -e oxadmin@${DOMAIN} -q 1024 --access-combination-name=groupware_standard # Create user with above context /opt/open-xchange/sbin/createuser -c 1 -A oxadmin -P $MYSQLPW -u postmaster -d "Postmaster ($DOMAIN)" -g $DOMAIN \ -s User -p $POSTMASTERPW -e postmaster@${DOMAIN} --imaplogin postmaster@${DOMAIN} --imapserver $IMAP --smtpserver $MX