|
|
| Line 1: |
Line 1: |
| [https://wiki.open-xchange.com/wiki/index.php?title=AppSuite:Open-Xchange_Installation_Guide_for_RHEL8 AppSuite:Open-Xchange Installation Guide for RHEL8 & Derivatives] | | 'On destination host' |
| <pre>
| | Install Rocky [[Rocky,_Alma,_Springdale_8_QT_Install|8]] or [[Rocky,_Alma,_Springdale_9_QT_Install|9]] |
| #!/bin/bash
| | qmailctl stop && systemctl stop dovecot |
|
| |
|
| # Enter domain, mx(local postfix), imap server, postmaster account password, and ox/mysql administrative password
| | On source host |
| DOMAIN=domain.tld
| | dhost=192.168.1.3 (change to suit) |
| MX=localhost.localdomain
| | ssh-keygen |
| IMAP=mx.domain.tld
| | ssh-copy-id $dhost |
| POSTMASTERPW=postpass
| | ssh $dhost (test, no password should be required) |
| MYSQLPW=mysqlpw
| |
|
| |
|
| [ ! $DOMAIN ] && echo "No domain" && exit 1
| | # The first rsync migrates the bulk of the email database except those queued during sync |
| echo $DOMAIN
| | rsync --progress -zv -are ssh /home/vpopmail/domains/ root@$dhost:/home/vpopmail/domains |
| [ ! $MX ] && echo "No mx" && exit 1
| |
| echo $MX
| |
| [ ! $IMAP ] && echo "No mx" && exit 1
| |
| echo $IMAP
| |
| [ ! $POSTMASTERPW ] && echo "No postmaster password" && exit 1
| |
| echo $POSTMASTERPW
| |
| [ ! $MYSQLPW ] && echo "No MySQL/OX admin password" && exit 1
| |
| echo $MYSQLPW
| |
|
| |
|
| echo -e "[client]\nuser=root\npassword=$MYSQLPW\nhost=localhost" > $credfile
| | qmailctl stop && systemctl stop dovecot |
|
| |
|
| # Disable SELinux
| | mysqldump -u root -p vpopmail > vpopmail.sql |
| setenforce 0 && sed -i -e 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config && getenforce
| | scp vpopmail.sql root@$dhost:/root |
|
| |
|
| # Open necessary firewall port, and disable selinux | | # The second rsync, services stopped, migrates the balance of the email database |
| TAB="$(printf '\t')" && GREEN=$(tput setaf 2) && RED=$(tput setaf 1) && NORMAL=$(tput sgr0) && \
| | # and control files |
| systemctl start firewalld && systemctl enable firewalld && \ | | rsync --progress -zv -are ssh /home/vpopmail/domains/ root@$dhost:/home/vpopmail/domains |
| ports=(80 443 3306) && \ | | rsync --progress -zv -are ssh /var/qmail/control/ root@$dhost:/var/qmail/control |
| for index in ${!ports[*]}; do echo -n "Opening port: ${ports[$index]} : ";tput setaf 2;firewall-cmd --zone=public --add-port=${ports[$index]}/tcp \ | | rsync --progress -zv -are ssh /var/qmail/users/ root@$dhost:/var/qmail/users |
| --permanent;tput sgr0; done && firewall-cmd --zone=public --add-port=53/udp --permanent && \ | | rsync --progress -zv -are ssh /etc/tcprules.d/ root@$dhost:/etc/tcprules.d |
| echo -n "Reload firewall settings : " && tput setaf 2 && firewall-cmd --reload && tput sgr0 | | rsync --progress -zv -are ssh /etc/dovecot/toaster.conf root@$dhost:/etc/dovecot |
| | rsync --progress -zv -are ssh /etc/dovecot/local.conf root@$dhost:/etc/dovecot |
|
| |
|
| dnf -y install mysql-server httpd postfix rsyslog
| | # Not necessary to the migration |
| systemctl enable --now httpd mysqld
| | rsync --progress -zv -are ssh /usr/share/toaster/include/admin.pass root@$dhost:/usr/share/toaster/include |
| postconf maillog_file=/var/log/maillog
| | rsync --progress -zv -are ssh /usr/share/toaster/include/admin.htpasswd root@$dhost:/usr/share/toaster/include |
| systemctl enable --now postfix
| | rsync --progress -zv -are ssh /usr/share/squirrelmail/plugins/ root@$dhost:/usr/share/squirrelmail/plugins |
| mysqladmin -uroot password $MYSQLPW
| | rsync --progress -zv -are ssh /etc/spamassassin/.spamassassin/ root@$dhost:/etc/spamassassin/.spamassassin |
| mysqladmin --defaults-extra-file=$credfile reload
| | rsync --progress -zv -are ssh /etc/spamassassin/local.cf root@$dhost:/etc/spamassassin |
| mysqladmin --defaults-extra-file=$credfile refresh
| | rsync --progress -zv -are ssh /var/lib/squirrelmail/prefs/ root@$dhost:/var/lib/squirrelmail/prefs |
|
| |
|
| # Create OX repo
| | On destination host |
| OXREPO=/etc/yum.repos.d/ox.repo
| | mysql -u root -p vpopmail < vpopmail.sql |
| tee -a $OXREPO <<END
| | qmailctl cdb && qmailctl start && sleep 2s && systemctl start dovecot && toaststat |
| [ox-appsuiteui]
| |
| name=Open-Xchange-appsuiteui
| |
| baseurl=https://software.open-xchange.com/products/appsuite/stable/appsuiteui/RHEL8/
| |
| gpgkey=https://software.open-xchange.com/0xDFD4BCF6-oxbuildkey.pub
| |
| enabled=1
| |
| gpgcheck=1
| |
| metadata_expire=0m
| |
|
| |
|
| [ox-backend]
| |
| name=Open-Xchange-backend
| |
| baseurl=https://software.open-xchange.com/products/appsuite/stable/backend/RHEL8/
| |
| gpgkey=https://software.open-xchange.com/0xDFD4BCF6-oxbuildkey.pub
| |
| enabled=1
| |
| gpgcheck=1
| |
| metadata_expire=0m
| |
|
| |
|
| # if you have a valid maintenance subscription, please uncomment the
| | Questions, comments, suggestions, corrections...contact Eric on the QMT list |
| # following and add the ldb account data to the url so that the most recent
| |
| # packages get installed
| |
| | |
| [ox-updates-appsuiteui]
| |
| name=Open-Xchange Updates-appsuiteui
| |
| baseurl=https://LDBACCOUNT:LDBPASSWORD@software.open-xchange.com/products/appsuite/stable/appsuiteui/updates/RHEL8/
| |
| gpgkey=https://software.open-xchange.com/oxbuildkey.pub
| |
| enabled=0
| |
| gpgcheck=1
| |
| metadata_expire=0m
| |
| | |
| [ox-updates-backend]
| |
| name=Open-Xchange Updates-backend
| |
| baseurl=https://LDBACCOUNT:LDBPASSWORD@software.open-xchange.com/products/appsuite/stable/backend/updates/RHEL8/
| |
| gpgkey=https://software.open-xchange.com/oxbuildkey.pub
| |
| enabled=0
| |
| gpgcheck=1
| |
| metadata_expire=0m
| |
| END
| |
| | |
| # Install Open Xchange
| |
| dnf install open-xchange \
| |
| open-xchange-authentication-database \
| |
| open-xchange-grizzly open-xchange-admin \
| |
| open-xchange-appsuite open-xchange-appsuite-backend \
| |
| open-xchange-appsuite-manifest
| |
| | |
| echo PATH=$PATH:/opt/open-xchange/sbin/ >> ~/.bashrc && . ~/.bashrc
| |
| mysql --defaults-extra-file=/root/sql.cnf -e "CREATE USER 'openexchange'@'localhost' IDENTIFIED BY '$MYSQLPW'"
| |
| mysql --defaults-extra-file=/root/sql.cnf -e "GRANT ALL PRIVILEGES ON *.* TO openexchange@localhost"
| |
| | |
| /opt/open-xchange/sbin/initconfigdb --configdb-pass=$MYSQLPW
| |
| /opt/open-xchange/sbin/oxinstaller --no-license --servername=oxserver --configdb-pass=$MYSQLPW \
| |
| --master-pass=$MYSQLPW --network-listener-host=localhost --servermemory 2048
| |
| | |
| systemctl enable --now open-xchange
| |
| systemctl status open-xchange
| |
| | |
| mkdir /var/opt/filestore
| |
| chown open-xchange:open-xchange /var/opt/filestore
| |
| /opt/open-xchange/sbin/registerfilestore -A oxadminmaster -P $MYSQLPW -t file:/var/opt/filestore -s 1000000
| |
| /opt/open-xchange/sbin/registerdatabase -A oxadminmaster -P $MYSQLPW -n oxdatabase -p $MYSQLPW -m true
| |
| | |
| mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.bak
| |
| | |
| # OX Apache configuration & proxy
| |
| OXPROXY=/etc/httpd/conf.d/proxy_http.conf
| |
| OXCONF=/etc/httpd/conf.d/ox.conf
| |
| tee -a $OXPROXY <<END
| |
| LoadModule proxy_http_module modules/mod_proxy_http.so
| |
| | |
| <IfModule mod_proxy_http.c>
| |
| ProxyRequests Off
| |
| ProxyStatus On
| |
| # When enabled, this option will pass the Host: line from the incoming request to the proxied host.
| |
| ProxyPreserveHost On
| |
| # Please note that the servlet path to the soap API has changed:
| |
| <Location /webservices>
| |
| # restrict access to the soap provisioning API
| |
| Order Deny,Allow
| |
| Deny from all
| |
| Allow from 127.0.0.1
| |
| # you might add more ip addresses / networks here
| |
| # Allow from 192.168 10 172.16
| |
| </Location>
| |
| | |
| # The old path is kept for compatibility reasons
| |
| <Location /servlet/axis2/services>
| |
| Order Deny,Allow
| |
| Deny from all
| |
| Allow from 127.0.0.1
| |
| </Location>
| |
| | |
| # Enable the balancer manager mentioned in
| |
| # https://oxpedia.org/wiki/index.php?title=AppSuite:Running_a_cluster#Updating_a_Cluster
| |
| <IfModule mod_status.c>
| |
| <Location /balancer-manager>
| |
| SetHandler balancer-manager
| |
| Order Deny,Allow
| |
| Deny from all
| |
| Allow from 127.0.0.1
| |
| </Location>
| |
| </IfModule>
| |
| | |
| <Proxy balancer://oxcluster>
| |
| Order deny,allow
| |
| Allow from all
| |
| # multiple server setups need to have the hostname inserted instead localhost
| |
| BalancerMember http://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1
| |
| # Enable and maybe add additional hosts running OX here
| |
| # BalancerMember http://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2
| |
| ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
| |
| SetEnv proxy-initial-not-pooled
| |
| SetEnv proxy-sendchunked
| |
| </Proxy>
| |
| | |
| # The standalone documentconverter(s) within your setup (if installed)
| |
| # Make sure to restrict access to backends only
| |
| # See: http://httpd.apache.org/docs/$YOUR_VERSION/mod/mod_authz_host.html#allow for more infos
| |
| #<Proxy balancer://oxcluster_docs>
| |
| # Order Deny,Allow
| |
| # Deny from all
| |
| # Allow from backend1IP
| |
| # BalancerMember http://converter_host:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 keepalive=On route=APP3
| |
| # ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
| |
| # SetEnv proxy-initial-not-pooled
| |
| # SetEnv proxy-sendchunked
| |
| #</Proxy>
| |
| # Define another Proxy Container with different timeout for the sync clients. Microsoft recommends a minimum value of 15 minutes.
| |
| # Setting the value lower than the one defined as com.openexchange.usm.eas.ping.max_heartbeat in eas.properties will lead to connection
| |
| # timeouts for clients. See http://support.microsoft.com/?kbid=905013 for additional information.
| |
| #
| |
| # NOTE for Apache versions < 2.4:
| |
| # When using a single node system or using BalancerMembers that are assigned to other balancers please add a second hostname for that
| |
| # BalancerMember's IP so Apache can treat it as additional BalancerMember with a different timeout.
| |
| #
| |
| # Example from /etc/hosts: 127.0.0.1 localhost localhost_sync
| |
| #
| |
| # Alternatively select one or more hosts of your cluster to be restricted to handle only eas/usm requests
| |
| <Proxy balancer://eas_oxcluster>
| |
| Order deny,allow
| |
| Allow from all
| |
| # multiple server setups need to have the hostname inserted instead localhost
| |
| BalancerMember http://localhost_sync:8009 timeout=1900 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1
| |
| # Enable and maybe add additional hosts running OX here
| |
| # BalancerMember http://oxhost2:8009 timeout=1900 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2
| |
| ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
| |
| SetEnv proxy-initial-not-pooled
| |
| SetEnv proxy-sendchunked
| |
| </Proxy>
| |
| | |
| # When specifying additional mappings via the ProxyPass directive be aware that the first matching rule wins. Overlapping urls of
| |
| # mappings have to be ordered from longest URL to shortest URL.
| |
| #
| |
| # Example:
| |
| # ProxyPass /ajax balancer://oxcluster_with_100s_timeout/ajax
| |
| # ProxyPass /ajax/test balancer://oxcluster_with_200s_timeout/ajax/test
| |
| #
| |
| # Requests to /ajax/test would have a timeout of 100s instead of 200s
| |
| #
| |
| # See:
| |
| # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass Ordering ProxyPass Directives
| |
| # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#workers Worker Sharing
| |
| ProxyPass /ajax balancer://oxcluster/ajax
| |
| ProxyPass /appsuite/api balancer://oxcluster/ajax
| |
| ProxyPass /drive balancer://oxcluster/drive
| |
| ProxyPass /infostore balancer://oxcluster/infostore
| |
| ProxyPass /realtime balancer://oxcluster/realtime
| |
| ProxyPass /servlet balancer://oxcluster/servlet
| |
| ProxyPass /webservices balancer://oxcluster/webservices
| |
| | |
| #ProxyPass /documentconverterws balancer://oxcluster_docs/documentconverterws
| |
| | |
| ProxyPass /usm-json balancer://eas_oxcluster/usm-json
| |
| ProxyPass /Microsoft-Server-ActiveSync balancer://eas_oxcluster/Microsoft-Server-ActiveSync
| |
| | |
| </IfModule>
| |
| END
| |
| tee -a $OXCONF <<END
| |
| <VirtualHost *:80>
| |
| ServerAdmin webmaster@localhost
| |
| | |
| DocumentRoot /var/www/html/
| |
| <Directory /var/www/html/>
| |
| Options -Indexes +FollowSymLinks +MultiViews
| |
| AllowOverride None
| |
| Order allow,deny
| |
| allow from all
| |
| RedirectMatch ^/$ /appsuite/
| |
| </Directory>
| |
| | |
| <Directory /var/www/html/appsuite>
| |
| Options None +SymLinksIfOwnerMatch
| |
| AllowOverride Indexes FileInfo
| |
| </Directory>
| |
| </VirtualHost>
| |
| END
| |
| | |
| systemctl restart httpd
| |
| | |
| # Create context
| |
| /opt/open-xchange/sbin/createcontext -A oxadminmaster -P $MYSQLPW -c 1 -u oxadmin -d "Cntxt Admin" -g Admin \
| |
| -s User -p $MYSQLPW -L defaultcontext -e oxadmin@${DOMAIN} -q 1024 --access-combination-name=groupware_standard
| |
| | |
| # Create user with above context
| |
| /opt/open-xchange/sbin/createuser -c 1 -A oxadmin -P $MYSQLPW -u postmaster -d "Postmaster ($DOMAIN)" -g $DOMAIN \
| |
| -s User -p $POSTMASTERPW -e postmaster@${DOMAIN} --imaplogin postmaster@${DOMAIN} --imapserver $IMAP --smtpserver $MX
| |
| </pre>
| |