[SOLVED] MDM Plugin Webapp - Ubuntu 18.04
-
Hi hispeed,
stupid question - but do you have z-push installed?
If yes - ist it working?
Z-push shows some logs that might help.
best regards -
Yes Z-Push is running fine. I made it working today. Where is the log from Z-Push?
My other thread for 18.04 and postfix with smarthosts. I can now use everything except send e-mails is not working. https://forum.kopano.io/topic/1358/concept-configuration-of-postfix-with-smarthosts/37
Yes I have a self-signed certificate and ssl :S!! I see… I get in trouble ^^…
@fbartels I just saw this is the wrong section :(.
-
Is your /etc/kopano/webapp/config-mdm.php configured correctly?
-
Right now it looks like that:
<?php define('PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM', false); define('PLUGIN_MDM_SERVER', '127.0.0.1'); define('PLUGIN_MDM_SERVER_SSL', true); ?>But yes I have a self-signed certificate at the moment.
-
so is your apache/nginx also listening on 127.0.0.1 ?
My config contains the external name - the same url I browse the webapp -
On the same machine, you can set the PLUGIN_MDM_SERVER_SSL to false. This avoids all certificate issues.
I recommend to use the server name from the webserver configuration (vhost) instead of the localhost address.Why are you using a self-signed certificate? LetsEncrypt is activated in a few minutes and accepted on the most devices out-of-the-box.
-
Hi AnotherAndy and eli,
I have in the Apache Config: ServerName https://kopanotest.topleveldomain.ch
This Servername without https:// i have writen into the MDM config. I have also tested it with https://
I also set PLUGIN_MDM_SERVER_SSL to fals but it doesn’t help.Where do I see if apache is listening on 127.0.0.1 ? I didn’t find in the apache2.conf .
Yes I will try with LetsEncrypt today evening or tomorrow to install it and get it working.
-
what do you see if you run : apache2ctl -S
-
I see this:
root@svgwma-kopa-02:/# apache2ctl -S VirtualHost configuration: *:80 kopanotest.XXXXX.XX (/etc/apache2/sites-enabled/000-default.conf:1) *:443 kopanotest.XXXXX.XX> (/etc/apache2/sites-enabled/000-default.conf:18) ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex ssl-cache: using_defaults Mutex default: dir="/var/run/apache2/" mechanism=default Mutex mpm-accept: using_defaults Mutex watchdog-callback: using_defaults Mutex ssl-stapling-refresh: using_defaults Mutex ssl-stapling: using_defaults PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="www-data" id=33 Group: name="www-data" id=33 You have new mail in /var/mail/rootkopanotest.XXXXX.XX <- this I wrote in the mdm config!
-
means your apache is listening on every interface available.
But with the config
.
<?php
define(‘PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM’, false);
define(‘PLUGIN_MDM_SERVER’, kopanotest.topleveldomain.ch’);
define(‘PLUGIN_MDM_SERVER_SSL’, true);
?>
it should work…if not check the z-push logs if you can find anything or the kopano logs -
No luck at the moment. Updated Webapp restartet everything. configured like you said but still the same error.
Log Level - Debug
root@svgwma-kopa-02:/var/log/z-push# nano z-push-error.lorg <- No entries
root@svgwma-kopa-02:/var/log/z-push# nano z-push.log - No entriesAlso no Kopano log entries…
I found something in the webapp and look at the version. I can’t see the Z-Push Version! maybe there I have something wrong?
Z-Push: Version nicht verfügbar / Z-Push Version not available
-
ok…no more ideas.
maybe you can check:
https://help.univention.com/t/nach-update-auf-ucs4-2-bzw-kopano-8-2-1-530-keine-verbindung-mehr-zu-z-push/5408/16 -
ok, so you did not configure your apache.
You “should” see something like this.apache2ctl -S VirtualHost configuration: [::1]:80 is a NameVirtualHost default server localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3) port 80 namevhost localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3) port 80 namevhost localhost (/etc/apache2/sites-enabled/002-localhost.conf:20) alias 127.0.0.1 alias [::1] alias ip6-localhost alias ip6-loopback 192.168.0.100:80 is a NameVirtualHost default server 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:1) port 80 namevhost 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:1) port 80 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:1) 192.168.0.100:443 is a NameVirtualHost default server 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:12) port 443 namevhost 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:12) port 443 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:27) 127.0.0.1:80 is a NameVirtualHost default server localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3) port 80 namevhost localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3) port 80 namevhost localhost (/etc/apache2/sites-enabled/002-localhost.conf:20) alias 127.0.0.1 alias [::1] alias ip6-localhost alias ip6-loopback 1.2.3.4 :80 is a NameVirtualHost default server 1.2.3.4 (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:1) port 80 namevhost 1.2.3.4 (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:1) port 80 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:1) 1.2.3.4 :443 is a NameVirtualHost default server 1.2.3.4 (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:15) port 443 namevhost 1.2.3.4 (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:15) port 443 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:27)A sample what creates this, can be found here.
https://raw.githubusercontent.com/thctlo/debian-scripts/master/setup-apache2-vhost-defaults.shThis catches every IP and hostname and makes sure NONE of you vhost can get abused.
all my IP hosts havea sample of the IP cert.
# A self-signed certificate, use the IP adres for CN (Common Name) # mkdir -p /etc/ssl/local/{certs,private} # openssl req -new -x509 -days 365 -nodes -out /etc/ssl/local/certs/ip-wan.cert.pem -keyout /etc/ssl/local/private/ip-wan.key.pem # chown root:www-data /etc/ssl/local/certs/ip-wan.cert.pem # chown root:www-data /etc/ssl/local/private/ip-wan.key.pem # chmod 644 /etc/ssl/local/certs/ip-wan.cert.pem # chmod 640 /etc/ssl/local/private/ip-wan.key.pemand optional add one of these or create an index that people should use a hostname and not an ipadres.
Bots/script kiddies use ipadress. point your fail2ban to these logs and bye bye script kiddie.# We dont allow anyone on the external ip, normal persons types a name and not ip. <Location /> Require all denied </Location> #or choose to redirect the request to your webserver. #Redirect permanent / https://www.example.com/ -
@eli have a look here.
https://forum.kopano.io/topic/1453/kopano-and-outlook-integration/6
That might help also in setting up correctly.
Combine that one with this post and you have all the correct info. -
@thctlo I have tried to do your steps for the certificates and apache vhost.
unfortunately at the moment the webapp is not available anymore.When I go to: https://192.168.0.80/webapp i will be redirected to: https://www./webapp
root@svgwma-kopa-02:/etc/apache2/conf-enabled# apache2ctl -S VirtualHost configuration: [::1]:80 is a NameVirtualHost default server 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2) port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2) port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:19) alias localhost alias [::1] alias localhost-ip6 alias ip6-loopback alias localhost.localdomain 192.168.0.80:80 is a NameVirtualHost default server 192.168.0.80 (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:1) port 80 namevhost 192.168.0.80 (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:1) port 80 namevhost www. (/etc/apache2/sites-enabled/000-www..conf:1) port 80 namevhost mail. (/etc/apache2/sites-enabled/001-mail..conf:1) 127.0.0.1:80 is a NameVirtualHost default server 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2) port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2) port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:19) alias localhost alias [::1] alias localhost-ip6 alias ip6-loopback alias localhost.localdomain *:443 is a NameVirtualHost default server kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:13) port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:13) port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-www..conf:12) port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/001-mail..conf:11) ServerRoot: "/etc/apache2" Main DocumentRoot: "/var/www/html" Main ErrorLog: "/var/log/apache2/error.log" Mutex default: dir="/var/run/apache2/" mechanism=default Mutex mpm-accept: using_defaults Mutex watchdog-callback: using_defaults Mutex ssl-stapling-refresh: using_defaults Mutex ssl-stapling: using_defaults Mutex ssl-cache: using_defaults PidFile: "/var/run/apache2/apache2.pid" Define: DUMP_VHOSTS Define: DUMP_RUN_CFG User: name="www-data" id=33 Group: name="www-data" id=33/etc/apache2/sites-enabled/000-localhost.conf
Looks like that:# Default ipv4 localhost <VirtualHost 127.0.0.1:80 [::1]:80> # Default ip vhost for localhost ipv4 and ipv6 ServerAdmin webmaster@localhost ServerName 127.0.0.1 DocumentRoot /var/www/localhost ErrorLog ${APACHE_LOG_DIR}/localhost-error.log CustomLog ${APACHE_LOG_DIR}/localhost-access.log combined </VirtualHost> # # Vhost example for localhost. # # IP Based Virtual Host examples. # Both ipv4 and ipv6 localhost <VirtualHost 127.0.0.1:80 [::1]:80> # or #<VirtualHost localhost:80> # # Only ipv6 localhost #<VirtualHost ip6-localhost:80> # or #<VirtualHost [::1]:80> # # Only ipv4 localhost #<VirtualHost 127.0.0.1:80> # # Name Based Virtual Host #<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName 127.0.0.1 # For the Aliases, check you "/etc/hosts" file and make sure you have all in here. # Default ipv4+ipv6 ServerAlias localhost [::1] localhost-ip6 ip6-loopback localhost.localdomain DocumentRoot /var/www/localhost DocumentRoot /var/www/localhost ErrorLog ${APACHE_LOG_DIR}/localhost-error.log CustomLog ${APACHE_LOG_DIR}/localhost-access.log combined <Directory /> AllowOverride None Require all denied </Directory> <Directory /var/www/> AllowOverride None Require all denied </Directory> <Directory /var/www/localhost> AllowOverride None Require all granted </Directory> <Location "/server-status"> SetHandler server-status Require host localhost </Location> </VirtualHost>Here is my hosts configuration:
/etc/hosts127.0.0.1 kopanotest.mydomain.ch localhost ::1 localhost6.localdomain6 localhost6 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhostsProbably there are some errors in all of those configs…
Can you help me with fixing that?
-
hi @hispeed
ist you server running on a LAN or with a public IP?
https://forum.kopano.io/topic/1042/mdm-plugin-not-working/17
this guy had a smiliar problem -his problem was the apache config. -
Hi,
It’s just a testserver behind my pfsense at home. I recieve and send (sending -> it doesn’t work yet) mails via SMARTHOSTS. The server doesn’t have a public IP. My pfsense is forwarding everything.
So SSL is secondary but nice to have because the server is reachable from outside for webapp and z-push.EDIT:
Maybe I should use this VHOST config on this post?
https://forum.kopano.io/topic/1042/mdm-plugin-not-working/14
-
hi,
now I understand. So what happens, if your do a
curl https://externalURL/Microsoft-Server-ActiveSync on the bash of the Server?
you should get
<html>
<header>
<title>Z-Push ActiveSync</title>
</header>
<body>
<font face=“verdana”>
<h2>Z-Push - Open Source ActiveSync</h2>
<b>Version 2.4.2+0-0</b><br>
<h3>AuthenticationRequiredException</h3> <pre>Access denied. Please send authorisation information</pre><br>
<br><br>
More information about Z-Push can be found at:<br>
<a href=“http://z-push.org/”>Z-Push homepage</a><br>
<a href=“http://z-push.org/download”>Z-Push download page</a><br>
<a href=“https://jira.z-hub.io/browse/ZP”>Z-Push Bugtracker</a><br>
<a href=“https://wiki.z-hub.io/display/ZP”>Z-Push Wiki</a> and <a href=" https://wiki.z-hub.io/display/ZP/Roadmap">Roadmap</a><br>
<br>
All modifications to this sourcecode must be published and returned to t he community.<br>
Please see <a href=“http://www.gnu.org/licenses/agpl-3.0.html”>AGPLv3 Li cense</a> for details.<br>
</font face=“verdana”>
</body>- you also can try http://localhost/Microsoft-Server-ActiveSync - it should get the same
-
Yes this works but without SSL. so just curl http://
I also have my Iphone connected which is working fine, so Z-Push is probably fine. -
wow…running out of ideas…can you check the apache access logs, if the kopano webapp MDM tries to access the z-push url?
