@nexttoyou said in Request for feedback: easily run Kopano through Docker:
But it seems to be more complicated than imagined:
The easiest explanation for the shown logging is that you simply did not add the z-push repository to your local system. But this strays further away from the original topic of this thread. I would recommend to make a dedicated thread for this.
just browsing through the Linode page it is not 100% clear to me what the mentioned service includes. If you manage to convince the Linode team to setup and maintain (what is imho the definition of a “managed service”) your Kopano installation for you it should work.
I’d rather recommend to get in contact with the collar support over this. From your description is sounds like the unique user Id of that store changes when this “rewriting of config” happens.
The store creation error I would explain in the way that the server recognises that it has created a store previously for the same user details. (so rather a symptom instead of the cause).
@burgessja said in Possible to create multiple Global Address Books, or push contact lists to certain users?:
The only thing missing
its there once you enable it in the config.php of webapp:
// Set true to hide public contact folders in address-book folder list,
// false will show public contact folders in address-book folder list.
Ok, for the certificates, you have multiple options here, this is a bit how you want to use it.
You did not mention you os, so i’ll show the debian steps.
If you dont have official certificates, i do suggest you use LetEncrypt Certificates.
If you have other certificates just look what i do here. ;-) and repeat this with your certificates.
I’ll show the debian steps for letsencrypt
apt-get install ca-certificates letsencrypt
letsencrypt certonly --standalone -d mail.example.com
you can add other domainnames for example also, again adjust to your needs.
letsencrypt certonly --standalone -d example.com -d www.example.com -d mail.example.com
The command starts an interactive configuration script which will ask a couple of questions to setup the certificate correctly.
Select Yes to use the default vhost file and specify the settings manually.
Enter the email server’s domain name like mail.example.com.
On the first installation on any specific host, you’ll need to enter a contact email. ( firstname.lastname@example.org )
Next, read the Let’s Encrypt Terms of Service and select Agree to continue.
Then select whether you wish to use both HTTP and HTTPS or to require all traffic
to use encryption by highlighting either the Easy or the Secure option and selecting OK.
If its correct you now have a webserver with https (mail.example.com)
Tip: look at /etc/letsencrypt/options-ssl-apache.conf
You can automatic include these in you apache ssl vhost with. ( if its not already in there. )
IncludeOptional or Include /etc/letsencrypt/options-ssl-apache.conf
IncludeOptional does not make apache complain if the file is missing then its starting
apache, but then it starts without these settings, so use with care.
Configure your postfix to use these certs.
sudo postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem'
sudo postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem'
configure postfix to use the TLS encryptions
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
And we now can restart these services.
systemctl restart postfix apache2
check your logs of its all correct.
Now you kopano outlook client. ! Do note, this might be a bit different from the official doc.
But it works great.
ln -s /etc/letsencrypt/live/mail.example.com/privkey.pem /etc/kopano/ssl/privkey.pem
ln -s /etc/letsencrypt/live/mail.example.com/cert.pem /etc/kopano/ssl/server.pem
I use symlinks here so you van use the default settings from server.conf.
Now for the setting server_ssl_ca_ ( file or path )
For _file, the default can be result for that run :
ln -s /etc/ssl/certs/ca-certificates.crt /etc/kopano/ssl/cacert.pem
Or use for _path
server_ssl_ca_path = /etc/ssl/certs
both should work fine.
Tip: here, if you have your own CA Root. Have a look here:
ln -s /etc/letsencrypt/live/mail.example.com/privkey.pem /etc/kopano/gateway/privkey.pem
ln -s /etc/letsencrypt/live/mail.example.com/cert.pem /etc/kopano/gateway/cert.pem
Since the is a mail setup and you want to protect your mail.
i’ve changed the kopano server.cfg and gateway.conf defaults to :
server_ssl_protocols = !SSLv3 !TLSv1 TLSv1.1
server_ssl_ciphers = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
server_ssl_prefer_server_ciphers = yes
Now i suggest, start with these requirements for above setup.
Postfix: setup and A PTR and MX record in the dns for mail.example.com
Apache: configure a vhost with the servername mail.example.com ( use this one for your webapp and z-push also )
I don’t know vTiger but generally speaking there are multiple ways how you can approach this:
If vTiger is able to send invites, you can use the mr-processing capabilities to automatically accept (and for example automatically decline by collision, etc.), you can find the MR setup here: https://documentation.kopano.io/kopanocore_administrator_manual/user_management.html#resource-configuration
Generally speaking, this approach limits you to resource mailboxes and this might not be what you want.
You can use python (and python-kopano) to create a script for example to import these events on a regular basis from vTiger. Again, I don’t know the exact specifics on vTiger side, but I can give you an entry point with python-kopano here: https://documentation.kopano.io/kopano_python_kopano/
You could use our experimental REST interface we are working on which is deemed also to be used for such use cases in the future. We are still working on documentation, but I can tell you for the moment the best entrypoints are https://stash.kopano.io/projects/KC/repos/kopanocore/browse/ECtools/rest and https://github.com/microsoftgraph/microsoft-graph-docs/tree/master/api-reference/v1.0/api to have a look at and how to get going. You will need some skills in API development though to be able to work on it for the moment. We can tell for the moment that calendaring is in a good shape and should fulfill your requirements already today - if you should hit any obstacles please let us know.
Hope this helps to get started.
Hi @ckruijntjens ,
from the moment an item is deleted from the store (even if its still in soft delete) it won’t be part of any run of kopano-backup anymore. These items however are still included in previous runs of kopano-backup, this is what the switches
--deletes=YESNO store/restore deleted items/folders
--purge=N purge items/folders deleted more than N
I was unable to get the ol-schema-migrate.pl script to work in my case, it seemed like the syntax for 389ds had changed since that script was written, but that was just a guess. The script ran fine, but 389ds complained about invalid characters and spacing. In my case, I effectively just did all the steps from the script manually.
The changes that I made to the postfix config files may have only been a requirement of FreeIPA., not 389ds. Without the bind username and password, Postfix was unable to find the user accounts.