Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    [SOLVED] MDM Plugin Webapp - Ubuntu 18.04

    Plugins for Kopano WebApp
    4
    26
    3732
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • AnotherAndy
      AnotherAndy last edited by

      Is your /etc/kopano/webapp/config-mdm.php configured correctly?

      1 Reply Last reply Reply Quote 0
      • hispeed
        hispeed last edited by

        Right now it looks like that:

        <?php
        define('PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM', false);
        define('PLUGIN_MDM_SERVER', '127.0.0.1');
        define('PLUGIN_MDM_SERVER_SSL', true);
        ?>
        

        But yes I have a self-signed certificate at the moment.

        1 Reply Last reply Reply Quote 0
        • AnotherAndy
          AnotherAndy last edited by AnotherAndy

          so is your apache/nginx also listening on 127.0.0.1 ?
          My config contains the external name - the same url I browse the webapp

          1 Reply Last reply Reply Quote 0
          • eli
            eli last edited by

            On the same machine, you can set the PLUGIN_MDM_SERVER_SSL to false. This avoids all certificate issues.
            I recommend to use the server name from the webserver configuration (vhost) instead of the localhost address.

            Why are you using a self-signed certificate? LetsEncrypt is activated in a few minutes and accepted on the most devices out-of-the-box.

            thctlo 1 Reply Last reply Reply Quote 0
            • hispeed
              hispeed last edited by

              Hi AnotherAndy and eli,

              I have in the Apache Config: ServerName https://kopanotest.topleveldomain.ch
              This Servername without https:// i have writen into the MDM config. I have also tested it with https://
              I also set PLUGIN_MDM_SERVER_SSL to fals but it doesn’t help.

              Where do I see if apache is listening on 127.0.0.1 ? I didn’t find in the apache2.conf .

              Yes I will try with LetsEncrypt today evening or tomorrow to install it and get it working.

              1 Reply Last reply Reply Quote 0
              • thctlo
                thctlo last edited by

                what do you see if you run : apache2ctl -S

                1 Reply Last reply Reply Quote 0
                • hispeed
                  hispeed last edited by

                  I see this:

                  root@svgwma-kopa-02:/# apache2ctl -S
                  VirtualHost configuration:
                  *:80                   kopanotest.XXXXX.XX (/etc/apache2/sites-enabled/000-default.conf:1)
                  *:443                  kopanotest.XXXXX.XX> (/etc/apache2/sites-enabled/000-default.conf:18)
                  ServerRoot: "/etc/apache2"
                  Main DocumentRoot: "/var/www/html"
                  Main ErrorLog: "/var/log/apache2/error.log"
                  Mutex ssl-cache: using_defaults
                  Mutex default: dir="/var/run/apache2/" mechanism=default
                  Mutex mpm-accept: using_defaults
                  Mutex watchdog-callback: using_defaults
                  Mutex ssl-stapling-refresh: using_defaults
                  Mutex ssl-stapling: using_defaults
                  PidFile: "/var/run/apache2/apache2.pid"
                  Define: DUMP_VHOSTS
                  Define: DUMP_RUN_CFG
                  User: name="www-data" id=33
                  Group: name="www-data" id=33
                  You have new mail in /var/mail/root
                  

                  kopanotest.XXXXX.XX <- this I wrote in the mdm config!

                  1 Reply Last reply Reply Quote 0
                  • AnotherAndy
                    AnotherAndy last edited by

                    means your apache is listening on every interface available.
                    But with the config
                    .
                    <?php
                    define(‘PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM’, false);
                    define(‘PLUGIN_MDM_SERVER’, kopanotest.topleveldomain.ch’);
                    define(‘PLUGIN_MDM_SERVER_SSL’, true);
                    ?>
                    it should work…if not check the z-push logs if you can find anything or the kopano logs

                    1 Reply Last reply Reply Quote 0
                    • hispeed
                      hispeed last edited by hispeed

                      No luck at the moment. Updated Webapp restartet everything. configured like you said but still the same error.

                      Log Level - Debug
                      root@svgwma-kopa-02:/var/log/z-push# nano z-push-error.lorg <- No entries
                      root@svgwma-kopa-02:/var/log/z-push# nano z-push.log - No entries

                      Also no Kopano log entries…

                      I found something in the webapp and look at the version. I can’t see the Z-Push Version! maybe there I have something wrong?

                      Z-Push: Version nicht verfügbar / Z-Push Version not available

                      1 Reply Last reply Reply Quote 0
                      • AnotherAndy
                        AnotherAndy last edited by

                        ok…no more ideas.
                        maybe you can check:
                        https://help.univention.com/t/nach-update-auf-ucs4-2-bzw-kopano-8-2-1-530-keine-verbindung-mehr-zu-z-push/5408/16

                        1 Reply Last reply Reply Quote 0
                        • thctlo
                          thctlo last edited by thctlo

                          ok, so you did not configure your apache.
                          You “should” see something like this.

                          apache2ctl -S
                          VirtualHost configuration:
                          [::1]:80               is a NameVirtualHost
                                   default server localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
                                   port 80 namevhost localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
                                   port 80 namevhost localhost (/etc/apache2/sites-enabled/002-localhost.conf:20)
                                           alias 127.0.0.1
                                           alias [::1]
                                           alias ip6-localhost
                                           alias ip6-loopback
                          192.168.0.100:80     is a NameVirtualHost
                                   default server 192.168.0.100  (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:1)
                                   port 80 namevhost 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:1)
                                   port 80 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:1)
                          192.168.0.100:443    is a NameVirtualHost
                                   default server 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:12)
                                   port 443 namevhost 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:12)
                                   port 443 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:27)
                          127.0.0.1:80           is a NameVirtualHost
                                   default server localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
                                   port 80 namevhost localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
                                   port 80 namevhost localhost (/etc/apache2/sites-enabled/002-localhost.conf:20)
                                           alias 127.0.0.1
                                           alias [::1]
                                           alias ip6-localhost
                                           alias ip6-loopback
                          1.2.3.4 :80     is a NameVirtualHost
                                   default server 1.2.3.4  (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:1)
                                   port 80 namevhost 1.2.3.4 (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:1)
                                   port 80 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:1)
                          1.2.3.4 :443    is a NameVirtualHost
                                   default server 1.2.3.4  (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:15)
                                   port 443 namevhost 1.2.3.4 (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:15)
                                   port 443 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:27)
                          

                          A sample what creates this, can be found here.
                          https://raw.githubusercontent.com/thctlo/debian-scripts/master/setup-apache2-vhost-defaults.sh

                          This catches every IP and hostname and makes sure NONE of you vhost can get abused.
                          all my IP hosts have

                          a sample of the IP cert.

                            #   A self-signed certificate, use the IP adres for CN (Common Name)
                              # mkdir -p /etc/ssl/local/{certs,private}
                              # openssl req -new -x509 -days 365 -nodes -out /etc/ssl/local/certs/ip-wan.cert.pem -keyout /etc/ssl/local/private/ip-wan.key.pem
                              # chown root:www-data /etc/ssl/local/certs/ip-wan.cert.pem
                              # chown root:www-data /etc/ssl/local/private/ip-wan.key.pem
                              # chmod 644 /etc/ssl/local/certs/ip-wan.cert.pem
                              # chmod 640 /etc/ssl/local/private/ip-wan.key.pem
                          

                          and optional add one of these or create an index that people should use a hostname and not an ipadres.
                          Bots/script kiddies use ipadress. point your fail2ban to these logs and bye bye script kiddie.

                              # We dont allow anyone on the external ip, normal persons types a name and not ip.
                              <Location />
                                Require all denied
                              </Location>
                          
                              #or choose to redirect the request to your webserver.
                              #Redirect permanent / https://www.example.com/
                          
                          1 Reply Last reply Reply Quote 0
                          • thctlo
                            thctlo @eli last edited by thctlo

                            @eli have a look here.
                            https://forum.kopano.io/topic/1453/kopano-and-outlook-integration/6
                            That might help also in setting up correctly.
                            Combine that one with this post and you have all the correct info.

                            1 Reply Last reply Reply Quote 0
                            • hispeed
                              hispeed last edited by

                              @thctlo I have tried to do your steps for the certificates and apache vhost.
                              unfortunately at the moment the webapp is not available anymore.

                              When I go to: https://192.168.0.80/webapp i will be redirected to: https://www./webapp

                              root@svgwma-kopa-02:/etc/apache2/conf-enabled# apache2ctl -S
                              VirtualHost configuration:
                              [::1]:80               is a NameVirtualHost
                                       default server 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
                                       port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
                                       port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:19)
                                               alias localhost
                                               alias [::1]
                                               alias localhost-ip6
                                               alias ip6-loopback
                                               alias localhost.localdomain
                              192.168.0.80:80        is a NameVirtualHost
                                       default server 192.168.0.80 (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:1)
                                       port 80 namevhost 192.168.0.80 (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:1)
                                       port 80 namevhost www. (/etc/apache2/sites-enabled/000-www..conf:1)
                                       port 80 namevhost mail. (/etc/apache2/sites-enabled/001-mail..conf:1)
                              127.0.0.1:80           is a NameVirtualHost
                                       default server 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
                                       port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
                                       port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:19)
                                               alias localhost
                                               alias [::1]
                                               alias localhost-ip6
                                               alias ip6-loopback
                                               alias localhost.localdomain
                              *:443                  is a NameVirtualHost
                                       default server kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:13)
                                       port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:13)
                                       port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-www..conf:12)
                                       port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/001-mail..conf:11)
                              ServerRoot: "/etc/apache2"
                              Main DocumentRoot: "/var/www/html"
                              Main ErrorLog: "/var/log/apache2/error.log"
                              Mutex default: dir="/var/run/apache2/" mechanism=default
                              Mutex mpm-accept: using_defaults
                              Mutex watchdog-callback: using_defaults
                              Mutex ssl-stapling-refresh: using_defaults
                              Mutex ssl-stapling: using_defaults
                              Mutex ssl-cache: using_defaults
                              PidFile: "/var/run/apache2/apache2.pid"
                              Define: DUMP_VHOSTS
                              Define: DUMP_RUN_CFG
                              User: name="www-data" id=33
                              Group: name="www-data" id=33
                              

                              /etc/apache2/sites-enabled/000-localhost.conf
                              Looks like that:

                              # Default ipv4 localhost
                              <VirtualHost 127.0.0.1:80 [::1]:80>
                              # Default ip vhost for localhost ipv4 and ipv6
                                  ServerAdmin webmaster@localhost
                                  ServerName 127.0.0.1
                              
                                  DocumentRoot /var/www/localhost
                              
                                  ErrorLog  ${APACHE_LOG_DIR}/localhost-error.log
                                  CustomLog ${APACHE_LOG_DIR}/localhost-access.log combined
                              
                              </VirtualHost>
                              
                              #
                              # Vhost example for localhost.
                              #
                              # IP Based Virtual Host examples.
                              # Both ipv4 and ipv6 localhost
                              <VirtualHost 127.0.0.1:80 [::1]:80>
                              # or
                              #<VirtualHost localhost:80>
                              #
                              # Only ipv6 localhost
                              #<VirtualHost ip6-localhost:80>
                              # or
                              #<VirtualHost [::1]:80>
                              #
                              # Only ipv4 localhost
                              #<VirtualHost 127.0.0.1:80>
                              #
                              # Name Based Virtual Host
                              #<VirtualHost *:80>
                              
                                  ServerAdmin webmaster@localhost
                              
                                  ServerName 127.0.0.1
                              
                                  # For the Aliases, check you "/etc/hosts" file and make sure you have all in here.
                                  # Default ipv4+ipv6
                                  ServerAlias localhost [::1] localhost-ip6 ip6-loopback localhost.localdomain
                              
                                  DocumentRoot /var/www/localhost
                              
                                  DocumentRoot /var/www/localhost
                              
                                  ErrorLog  ${APACHE_LOG_DIR}/localhost-error.log
                                  CustomLog ${APACHE_LOG_DIR}/localhost-access.log combined
                              
                                  <Directory />
                                      AllowOverride None
                                      Require all denied
                                  </Directory>
                              
                                  <Directory /var/www/>
                                      AllowOverride None
                                      Require all denied
                                  </Directory>
                              
                                  <Directory /var/www/localhost>
                                      AllowOverride None
                                      Require all granted
                                  </Directory>
                              
                                  <Location "/server-status">
                                      SetHandler server-status
                                      Require host localhost
                                  </Location>
                              
                              </VirtualHost>
                              

                              Here is my hosts configuration:
                              /etc/hosts

                              127.0.0.1       kopanotest.mydomain.ch      localhost
                              ::1             localhost6.localdomain6 localhost6
                              
                              # The following lines are desirable for IPv6 capable hosts
                              ::1     localhost ip6-localhost ip6-loopback
                              fe00::0 ip6-localnet
                              ff02::1 ip6-allnodes
                              ff02::2 ip6-allrouters
                              ff02::3 ip6-allhosts
                              

                              Probably there are some errors in all of those configs…

                              Can you help me with fixing that?

                              1 Reply Last reply Reply Quote 0
                              • AnotherAndy
                                AnotherAndy last edited by

                                hi @hispeed
                                ist you server running on a LAN or with a public IP?
                                https://forum.kopano.io/topic/1042/mdm-plugin-not-working/17
                                this guy had a smiliar problem -his problem was the apache config.

                                1 Reply Last reply Reply Quote 0
                                • hispeed
                                  hispeed last edited by hispeed

                                  Hi,

                                  It’s just a testserver behind my pfsense at home. I recieve and send (sending -> it doesn’t work yet) mails via SMARTHOSTS. The server doesn’t have a public IP. My pfsense is forwarding everything.
                                  So SSL is secondary but nice to have because the server is reachable from outside for webapp and z-push.

                                  EDIT:

                                  Maybe I should use this VHOST config on this post?

                                  https://forum.kopano.io/topic/1042/mdm-plugin-not-working/14

                                  1 Reply Last reply Reply Quote 0
                                  • AnotherAndy
                                    AnotherAndy last edited by

                                    hi,
                                    now I understand. So what happens, if your do a
                                    curl https://externalURL/Microsoft-Server-ActiveSync on the bash of the Server?
                                    you should get
                                    <html>
                                    <header>
                                    <title>Z-Push ActiveSync</title>
                                    </header>
                                    <body>
                                    <font face=“verdana”>
                                    <h2>Z-Push - Open Source ActiveSync</h2>
                                    <b>Version 2.4.2+0-0</b><br>
                                    <h3>AuthenticationRequiredException</h3> <pre>Access denied. Please send authorisation information</pre><br>
                                    <br><br>
                                    More information about Z-Push can be found at:<br>
                                    <a href=“http://z-push.org/”>Z-Push homepage</a><br>
                                    <a href=“http://z-push.org/download”>Z-Push download page</a><br>
                                    <a href=“https://jira.z-hub.io/browse/ZP”>Z-Push Bugtracker</a><br>
                                    <a href=“https://wiki.z-hub.io/display/ZP”>Z-Push Wiki</a> and <a href=" https://wiki.z-hub.io/display/ZP/Roadmap">Roadmap</a><br>
                                    <br>
                                    All modifications to this sourcecode must be published and returned to t he community.<br>
                                    Please see <a href=“http://www.gnu.org/licenses/agpl-3.0.html”>AGPLv3 Li cense</a> for details.<br>
                                    </font face=“verdana”>
                                    </body>

                                    • you also can try http://localhost/Microsoft-Server-ActiveSync - it should get the same
                                    1 Reply Last reply Reply Quote 0
                                    • hispeed
                                      hispeed last edited by

                                      Yes this works but without SSL. so just curl http://
                                      I also have my Iphone connected which is working fine, so Z-Push is probably fine.

                                      1 Reply Last reply Reply Quote 0
                                      • AnotherAndy
                                        AnotherAndy last edited by

                                        wow…running out of ideas…can you check the apache access logs, if the kopano webapp MDM tries to access the z-push url?

                                        1 Reply Last reply Reply Quote 0
                                        • thctlo
                                          thctlo last edited by

                                          This is pretty simple guys, make sure you resolving is correct thats it.
                                          Then test with names and not ipadresses.
                                          That is key if you use SSL, if you want to use ip adressen, then setup without ssl.

                                          What i posted is correct and is in production over 2 years, but i made sure the resolving is correct.
                                          You have the solutions, now fix you dns/resolving to make it work.

                                          1 Reply Last reply Reply Quote 0
                                          • thctlo
                                            thctlo last edited by thctlo

                                            This :

                                            /etc/hosts
                                            127.0.0.1       kopanotest.mydomain.ch      localhost
                                            ::1             localhost6.localdomain6 localhost6
                                            

                                            is wrong, now your “localhost” resolves to kopanotest.mydomain.ch
                                            yes, this is possbile, but correct would be localhost.mydomain.ch
                                            Not that i advice that.

                                            /etc/hosts
                                            127.0.0.1       localhost localhost.localdomain
                                            ::1             localhost localhost6.localdomain6 localhost6
                                            192.168.1.1 kopanotest.mydomain.ch       kopanotest
                                            

                                            That should be a correct hosts file. (correct the ip of kopanotest)

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post