Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Z-Push 2.4.0 - nginx configuration file

    General usage of Z-Push
    5
    24
    6720
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • milauria
      milauria last edited by milauria

      You are right … to make sure that php-fpm can write its logs, I did:

      semanage fcontext -a -t httpd_sys_rw_content_t /var/log/z-push
      restorecon -v /var/log/z-push
      

      Then I am still checking if the logrotate needs the var_log_t context for the same directory to be able to read/write for file rotation … and i yes I need to find a way to make both php-fpm and logrotate work with selinux on the same directory … no idea how!

      1 Reply Last reply Reply Quote 0
      • milauria
        milauria last edited by milauria

        Hi to all – to make z-push work with nginx and Centos 7, after each time I update or install z-push (yum install z-push-common z-push-ipc-sharedmemory) I always run a small script to make permissions suitable for nginx:

        chown root:nginx /etc/z-push/* 
        chown -R nginx:nginx /var/lib/z-push 
        chown -R nginx:nginx /var/log/z-push
        

        To make it work with nginx … I also edited the /etc/logrotate.d/z-push.lr to remove the line

        create apache apache
        

        Otherwise z-push creates log files owned by apache:apache that cannot be written by nginx and this permission mismatch blocks the syncing

        This is just FYI in case other users are having troubles under nginx … cheers

        fbartels 1 Reply Last reply Reply Quote 0
        • fbartels
          fbartels Kopano @milauria last edited by

          Hi @milauria ,

          which version of z-push are you running? Z-Push 2.4 introduces a nginx config package which should make those steps obsolete https://jira.z-hub.io/browse/ZP-1162

          Regards Felix

          Resources:
          https://kopano.com/blog/how-to-get-kopano/
          https://documentation.kopano.io/
          https://kb.kopano.io/

          Support overview:
          https://kopano.com/support/

          1 Reply Last reply Reply Quote 0
          • milauria
            milauria last edited by milauria

            Hi for the moment I am sticking with production version 2.3.9. I did not try the 2.4 beta yet … I was waiting to see the final release of 2.4 making sure it works with the backend I need (Zimbra)

            It would be useful to know what the installation exactly does other than creating the .conf described here [https://forum.kopano.io/topic/133/nginx-configuration-file/4](link url).

            My concern is to make sure that all the permissions are set properly (/etc/z-push … /var/lib/z-push … /logrotate.d/z-push.lr … etc)

            Thanks

            1 Reply Last reply Reply Quote 0
            • fbartels
              fbartels Kopano last edited by

              @milauria there are quite some pull requests attached to the ticket I’ve linked you. if you login at jira.z-hub.io then you can see all the changes that have been done.

              Regards Felix

              Resources:
              https://kopano.com/blog/how-to-get-kopano/
              https://documentation.kopano.io/
              https://kb.kopano.io/

              Support overview:
              https://kopano.com/support/

              1 Reply Last reply Reply Quote 0
              • milauria
                milauria last edited by milauria

                Now that Z-push 2.4 has been released as official … I may suggest that when installing the z-push-config-nginx module the following permissions are also set during installation:

                /var/lib/z-push/* must be owned by nginx : z-push (not apache:z-push)
                /etc/logrotate.d/z-push.lr should remove “create apache apache”

                I am running on Centos 7 with Nginx
                thanks

                1 Reply Last reply Reply Quote 0
                • Sebastian
                  Sebastian Kopano last edited by

                  Hi, thanks for the report. I’ve created an issue for it https://jira.z-hub.io/browse/ZP-1375
                  I am not sure why we didn’t see this/create the ticket before, but we will fix asap.

                  Cheers, Sebastian

                  1 Reply Last reply Reply Quote 0
                  • Sebastian
                    Sebastian Kopano last edited by

                    @milauria we have fixed ZP-1375 and it’s released in Z-Push 2.4.1 beta1.
                    Could you try to install/update to this version and report back? Thank you!

                    1 Reply Last reply Reply Quote 0
                    • milauria
                      milauria last edited by milauria

                      With the Z-Push 2.4.1 beta1 installed I see that now the logrotate contains “create root z-push” which also does not work for me.

                      I need to be “create nginx z-push” to make let z-push write its log file … or just delete the “create” statement so that it inherits the permission from its folder

                      Basically to make it work I need both /var/log/z-push and /var/lib/z-push to be owned by the “nginx” user

                      1 Reply Last reply Reply Quote 0
                      • Manfred
                        Manfred Kopano last edited by

                        Hi milauria,

                        are there any errors? z-push group does have the right permissions for both folders, doesn’t it?

                        Manfred

                        1 Reply Last reply Reply Quote 0
                        • milauria
                          milauria last edited by milauria

                          Hi manfred,
                          seems to be the file owner the problem, not the file group

                          The /var/lib/z-push owner needs to be “nginx”. The z-push install I think defaults the owner as “root” and in that case I get the below fatal error. After I did the “chown nginx” the error went away.

                          [FATAL] Exception: (FatalMisconfigurationException) - Not possible to write to the configured state directory.
                          [FATAL] FatalMisconfigurationException: Not possible to write to the configured state directory. - code: 0 - file: /usr/share/z-push/lib/default/filestatemachine.php:63

                          Similarly /var/log/z-push needs to owned by nginx AND needs to be writable only by the user.
                          The error I get: “parent directory has insecure permissions (It’s world writable or writable by group which is not “root”)”
                          I also removed altogether the “create” statement in the z-push.lr so that every new log is created with the same folder permission

                          Cheers

                          1 Reply Last reply Reply Quote 0
                          • Manfred
                            Manfred Kopano last edited by

                            Hi milauria,

                            could you post the output of

                            groups nginx
                            

                            ?

                            With the current spec file configuration it’s not so trivial to change the ownership to user nginx. That’s why we introduced the z-push group which has the right permissions.

                            Manfred

                            1 Reply Last reply Reply Quote 0
                            • milauria
                              milauria last edited by

                              groups nginx
                              nginx : nginx z-push

                              thanks for looking into this

                              1 Reply Last reply Reply Quote 0
                              • milauria
                                milauria last edited by

                                Just to report that I have installed 2.4.1 final and all works fine with the only modification needed for the /var/log that I had to change as follow:

                                drwxr-x—. 2 nginx z-push 4096 Apr 11 19:21 z-push

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post