Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    [SOLVED] MDM Plugin Webapp - Ubuntu 18.04

    Plugins for Kopano WebApp
    4
    26
    3683
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • AnotherAndy
      AnotherAndy last edited by

      ok…no more ideas.
      maybe you can check:
      https://help.univention.com/t/nach-update-auf-ucs4-2-bzw-kopano-8-2-1-530-keine-verbindung-mehr-zu-z-push/5408/16

      1 Reply Last reply Reply Quote 0
      • thctlo
        thctlo last edited by thctlo

        ok, so you did not configure your apache.
        You “should” see something like this.

        apache2ctl -S
        VirtualHost configuration:
        [::1]:80               is a NameVirtualHost
                 default server localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
                 port 80 namevhost localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
                 port 80 namevhost localhost (/etc/apache2/sites-enabled/002-localhost.conf:20)
                         alias 127.0.0.1
                         alias [::1]
                         alias ip6-localhost
                         alias ip6-loopback
        192.168.0.100:80     is a NameVirtualHost
                 default server 192.168.0.100  (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:1)
                 port 80 namevhost 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:1)
                 port 80 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:1)
        192.168.0.100:443    is a NameVirtualHost
                 default server 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:12)
                 port 443 namevhost 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:12)
                 port 443 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:27)
        127.0.0.1:80           is a NameVirtualHost
                 default server localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
                 port 80 namevhost localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
                 port 80 namevhost localhost (/etc/apache2/sites-enabled/002-localhost.conf:20)
                         alias 127.0.0.1
                         alias [::1]
                         alias ip6-localhost
                         alias ip6-loopback
        1.2.3.4 :80     is a NameVirtualHost
                 default server 1.2.3.4  (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:1)
                 port 80 namevhost 1.2.3.4 (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:1)
                 port 80 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:1)
        1.2.3.4 :443    is a NameVirtualHost
                 default server 1.2.3.4  (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:15)
                 port 443 namevhost 1.2.3.4 (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:15)
                 port 443 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:27)
        

        A sample what creates this, can be found here.
        https://raw.githubusercontent.com/thctlo/debian-scripts/master/setup-apache2-vhost-defaults.sh

        This catches every IP and hostname and makes sure NONE of you vhost can get abused.
        all my IP hosts have

        a sample of the IP cert.

          #   A self-signed certificate, use the IP adres for CN (Common Name)
            # mkdir -p /etc/ssl/local/{certs,private}
            # openssl req -new -x509 -days 365 -nodes -out /etc/ssl/local/certs/ip-wan.cert.pem -keyout /etc/ssl/local/private/ip-wan.key.pem
            # chown root:www-data /etc/ssl/local/certs/ip-wan.cert.pem
            # chown root:www-data /etc/ssl/local/private/ip-wan.key.pem
            # chmod 644 /etc/ssl/local/certs/ip-wan.cert.pem
            # chmod 640 /etc/ssl/local/private/ip-wan.key.pem
        

        and optional add one of these or create an index that people should use a hostname and not an ipadres.
        Bots/script kiddies use ipadress. point your fail2ban to these logs and bye bye script kiddie.

            # We dont allow anyone on the external ip, normal persons types a name and not ip.
            <Location />
              Require all denied
            </Location>
        
            #or choose to redirect the request to your webserver.
            #Redirect permanent / https://www.example.com/
        
        1 Reply Last reply Reply Quote 0
        • thctlo
          thctlo @eli last edited by thctlo

          @eli have a look here.
          https://forum.kopano.io/topic/1453/kopano-and-outlook-integration/6
          That might help also in setting up correctly.
          Combine that one with this post and you have all the correct info.

          1 Reply Last reply Reply Quote 0
          • hispeed
            hispeed last edited by

            @thctlo I have tried to do your steps for the certificates and apache vhost.
            unfortunately at the moment the webapp is not available anymore.

            When I go to: https://192.168.0.80/webapp i will be redirected to: https://www./webapp

            root@svgwma-kopa-02:/etc/apache2/conf-enabled# apache2ctl -S
            VirtualHost configuration:
            [::1]:80               is a NameVirtualHost
                     default server 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
                     port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
                     port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:19)
                             alias localhost
                             alias [::1]
                             alias localhost-ip6
                             alias ip6-loopback
                             alias localhost.localdomain
            192.168.0.80:80        is a NameVirtualHost
                     default server 192.168.0.80 (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:1)
                     port 80 namevhost 192.168.0.80 (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:1)
                     port 80 namevhost www. (/etc/apache2/sites-enabled/000-www..conf:1)
                     port 80 namevhost mail. (/etc/apache2/sites-enabled/001-mail..conf:1)
            127.0.0.1:80           is a NameVirtualHost
                     default server 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
                     port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
                     port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:19)
                             alias localhost
                             alias [::1]
                             alias localhost-ip6
                             alias ip6-loopback
                             alias localhost.localdomain
            *:443                  is a NameVirtualHost
                     default server kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:13)
                     port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:13)
                     port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-www..conf:12)
                     port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/001-mail..conf:11)
            ServerRoot: "/etc/apache2"
            Main DocumentRoot: "/var/www/html"
            Main ErrorLog: "/var/log/apache2/error.log"
            Mutex default: dir="/var/run/apache2/" mechanism=default
            Mutex mpm-accept: using_defaults
            Mutex watchdog-callback: using_defaults
            Mutex ssl-stapling-refresh: using_defaults
            Mutex ssl-stapling: using_defaults
            Mutex ssl-cache: using_defaults
            PidFile: "/var/run/apache2/apache2.pid"
            Define: DUMP_VHOSTS
            Define: DUMP_RUN_CFG
            User: name="www-data" id=33
            Group: name="www-data" id=33
            

            /etc/apache2/sites-enabled/000-localhost.conf
            Looks like that:

            # Default ipv4 localhost
            <VirtualHost 127.0.0.1:80 [::1]:80>
            # Default ip vhost for localhost ipv4 and ipv6
                ServerAdmin webmaster@localhost
                ServerName 127.0.0.1
            
                DocumentRoot /var/www/localhost
            
                ErrorLog  ${APACHE_LOG_DIR}/localhost-error.log
                CustomLog ${APACHE_LOG_DIR}/localhost-access.log combined
            
            </VirtualHost>
            
            #
            # Vhost example for localhost.
            #
            # IP Based Virtual Host examples.
            # Both ipv4 and ipv6 localhost
            <VirtualHost 127.0.0.1:80 [::1]:80>
            # or
            #<VirtualHost localhost:80>
            #
            # Only ipv6 localhost
            #<VirtualHost ip6-localhost:80>
            # or
            #<VirtualHost [::1]:80>
            #
            # Only ipv4 localhost
            #<VirtualHost 127.0.0.1:80>
            #
            # Name Based Virtual Host
            #<VirtualHost *:80>
            
                ServerAdmin webmaster@localhost
            
                ServerName 127.0.0.1
            
                # For the Aliases, check you "/etc/hosts" file and make sure you have all in here.
                # Default ipv4+ipv6
                ServerAlias localhost [::1] localhost-ip6 ip6-loopback localhost.localdomain
            
                DocumentRoot /var/www/localhost
            
                DocumentRoot /var/www/localhost
            
                ErrorLog  ${APACHE_LOG_DIR}/localhost-error.log
                CustomLog ${APACHE_LOG_DIR}/localhost-access.log combined
            
                <Directory />
                    AllowOverride None
                    Require all denied
                </Directory>
            
                <Directory /var/www/>
                    AllowOverride None
                    Require all denied
                </Directory>
            
                <Directory /var/www/localhost>
                    AllowOverride None
                    Require all granted
                </Directory>
            
                <Location "/server-status">
                    SetHandler server-status
                    Require host localhost
                </Location>
            
            </VirtualHost>
            

            Here is my hosts configuration:
            /etc/hosts

            127.0.0.1       kopanotest.mydomain.ch      localhost
            ::1             localhost6.localdomain6 localhost6
            
            # The following lines are desirable for IPv6 capable hosts
            ::1     localhost ip6-localhost ip6-loopback
            fe00::0 ip6-localnet
            ff02::1 ip6-allnodes
            ff02::2 ip6-allrouters
            ff02::3 ip6-allhosts
            

            Probably there are some errors in all of those configs…

            Can you help me with fixing that?

            1 Reply Last reply Reply Quote 0
            • AnotherAndy
              AnotherAndy last edited by

              hi @hispeed
              ist you server running on a LAN or with a public IP?
              https://forum.kopano.io/topic/1042/mdm-plugin-not-working/17
              this guy had a smiliar problem -his problem was the apache config.

              1 Reply Last reply Reply Quote 0
              • hispeed
                hispeed last edited by hispeed

                Hi,

                It’s just a testserver behind my pfsense at home. I recieve and send (sending -> it doesn’t work yet) mails via SMARTHOSTS. The server doesn’t have a public IP. My pfsense is forwarding everything.
                So SSL is secondary but nice to have because the server is reachable from outside for webapp and z-push.

                EDIT:

                Maybe I should use this VHOST config on this post?

                https://forum.kopano.io/topic/1042/mdm-plugin-not-working/14

                1 Reply Last reply Reply Quote 0
                • AnotherAndy
                  AnotherAndy last edited by

                  hi,
                  now I understand. So what happens, if your do a
                  curl https://externalURL/Microsoft-Server-ActiveSync on the bash of the Server?
                  you should get
                  <html>
                  <header>
                  <title>Z-Push ActiveSync</title>
                  </header>
                  <body>
                  <font face=“verdana”>
                  <h2>Z-Push - Open Source ActiveSync</h2>
                  <b>Version 2.4.2+0-0</b><br>
                  <h3>AuthenticationRequiredException</h3> <pre>Access denied. Please send authorisation information</pre><br>
                  <br><br>
                  More information about Z-Push can be found at:<br>
                  <a href=“http://z-push.org/”>Z-Push homepage</a><br>
                  <a href=“http://z-push.org/download”>Z-Push download page</a><br>
                  <a href=“https://jira.z-hub.io/browse/ZP”>Z-Push Bugtracker</a><br>
                  <a href=“https://wiki.z-hub.io/display/ZP”>Z-Push Wiki</a> and <a href=" https://wiki.z-hub.io/display/ZP/Roadmap">Roadmap</a><br>
                  <br>
                  All modifications to this sourcecode must be published and returned to t he community.<br>
                  Please see <a href=“http://www.gnu.org/licenses/agpl-3.0.html”>AGPLv3 Li cense</a> for details.<br>
                  </font face=“verdana”>
                  </body>

                  • you also can try http://localhost/Microsoft-Server-ActiveSync - it should get the same
                  1 Reply Last reply Reply Quote 0
                  • hispeed
                    hispeed last edited by

                    Yes this works but without SSL. so just curl http://
                    I also have my Iphone connected which is working fine, so Z-Push is probably fine.

                    1 Reply Last reply Reply Quote 0
                    • AnotherAndy
                      AnotherAndy last edited by

                      wow…running out of ideas…can you check the apache access logs, if the kopano webapp MDM tries to access the z-push url?

                      1 Reply Last reply Reply Quote 0
                      • thctlo
                        thctlo last edited by

                        This is pretty simple guys, make sure you resolving is correct thats it.
                        Then test with names and not ipadresses.
                        That is key if you use SSL, if you want to use ip adressen, then setup without ssl.

                        What i posted is correct and is in production over 2 years, but i made sure the resolving is correct.
                        You have the solutions, now fix you dns/resolving to make it work.

                        1 Reply Last reply Reply Quote 0
                        • thctlo
                          thctlo last edited by thctlo

                          This :

                          /etc/hosts
                          127.0.0.1       kopanotest.mydomain.ch      localhost
                          ::1             localhost6.localdomain6 localhost6
                          

                          is wrong, now your “localhost” resolves to kopanotest.mydomain.ch
                          yes, this is possbile, but correct would be localhost.mydomain.ch
                          Not that i advice that.

                          /etc/hosts
                          127.0.0.1       localhost localhost.localdomain
                          ::1             localhost localhost6.localdomain6 localhost6
                          192.168.1.1 kopanotest.mydomain.ch       kopanotest
                          

                          That should be a correct hosts file. (correct the ip of kopanotest)

                          1 Reply Last reply Reply Quote 0
                          • hispeed
                            hispeed last edited by hispeed

                            Hi @thctlo

                            After spending hours of trying and fixing the virtual host file of apache I can now connect again to Kopano.

                            EDIT 2:
                            Unfortunately right now I can’t access via LAN because I only allow domain names. I have a pfsense what do I need to do, or do I have to reconfigure virtual host file from apache2?
                            –> This is fixed via Pfsense and DNS Resolver!

                            Yes I have succesfully installed certbot and I got a certificate which I also set up like you explained.

                            Here is my virtualHost config:

                            # Non SSL
                             <VirtualHost kopanotest.mydomain.ch:80>
                            
                                ServerAdmin name@mydomain.ch
                                ServerName kopanotest.mydomain.ch
                                    # Note autodiscover, works only if you use a wildcard, ! Lets Encrypt does not support wildards yet.
                                    # you may put this (autodisover) also in www or toplevel vhost config.
                                ServerAlias autodiscover.mydomain.ch mail autodiscover
                            
                                DocumentRoot /usr/share/kopano-webapp/
                                ServerSignature Off
                                <Directory "/usr/share/kopano-webapp">
                                    Require all denied
                                    AllowOverride All
                               </Directory>
                            
                                ErrorLog ${APACHE_LOG_DIR}/mail-error.log
                                CustomLog ${APACHE_LOG_DIR}/mail-access.log combined
                            
                                ## kopano settings.
                                    ## by default a2enmod enables for all sites, i dont like that.
                                    ## so i run a2disconf kopano-webapp and include the config.
                                Include /etc/apache2/sites-enabled/kopano-webapp.conf
                            
                                # Make sure that your using ssl.
                                RewriteEngine   On
                                RewriteCond     %{HTTPS}        off
                                RewriteRule     ^(.*)$          https://kopanotest.mydomain.ch/%{REQUEST_URI} [L,R]
                            
                             </VirtualHost>
                            # SSL
                             <VirtualHost kopanotest.mydomain.ch:443>
                            
                                ServerAdmin name@mydomain.ch
                                ServerName kopanotest.mydomain.ch
                                    # Note, this only works if you use a wildcard ssl.
                                # ServerAlias autodiscover.example.com
                            
                                DocumentRoot /usr/share/kopano-webapp
                                ErrorLog ${APACHE_LOG_DIR}/mail1-internal-ssl-error.log
                                CustomLog ${APACHE_LOG_DIR}/mail1-internal-ssl-access.log combined
                                ServerSignature Off
                            
                                <IfModule mod_ssl.c>
                                    SSLEngine on
                                            # Do change these to your own certs.
                                    SSLCertificateFile      /etc/kopano/ssl/cert.pem
                                    SSLCertificateKeyFile   /etc/kopano/ssl/privkey.pem
                                    SSLCACertificateFile    /etc/kopano/ssl/server.pem
                            
                                    # Add the following to your Apache config.
                                            # ! Note Debian 8 may not like this.
                                    #SSLOpenSSLConfCmd DHParameters "/etc/ssl/dh/dh4096.pem"
                            
                                            # adviced to use only tls1.2
                                    # SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
                                            SSLProtocol TLSv1.2
                                    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA$
                            
                                    SSLHonorCipherOrder On
                                    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
                                    Header always set X-Frame-Options DENY
                                    Header always set X-Content-Type-Options nosniff
                            
                                    SSLHonorCipherOrder On
                            
                                    SSLStrictSNIVHostCheck Off
                                    SSLCompression Off
                            
                                    </IfModule>
                            
                                    ## kopano settings.
                                    Include /etc/apache2/sites-enabled/kopano-webapp.conf
                            
                                    Include /etc/apache2/conf-available/z-push.conf
                                    #    Include /etc/apache2/conf-available/z-push-autodiscover.conf
                            
                              </VirtualHost>
                            

                            I will test later if MDM is working and If I can send mails now or not.

                            EDIT:
                            MDM is not working yet. Can I remove it and install it again?

                            1 Reply Last reply Reply Quote 0
                            • hispeed
                              hispeed last edited by hispeed

                              If you have this problem you have to reconfigure correctly your apache vhost configuration and also get a proper certificate.

                              Then you have to adjust the config from mdm to:

                              <?php
                              define(‘PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM’, true);
                              define(‘PLUGIN_MDM_SERVER’, subdomain.topleveldomain.ch’);
                              define(‘PLUGIN_MDM_SERVER_SSL’, true);
                              ?>
                              

                              This is what I need to do after I have reconfigured my apache vhost config. The problem is solved.

                              1 Reply Last reply Reply Quote 0
                              • thctlo
                                thctlo last edited by

                                Hi, good to hear this is fixed.
                                A correct resolving is so important.

                                And sorry for the late reply, there was a lot going on the last 3 months.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post