[SOLVED] MDM Plugin Webapp - Ubuntu 18.04

Hi,

I try to use on Ubuntu Server 18.04 with a new Kopano installation the MDM Plugin. I can see it in the webapp. But when I activate it:

I used the Ubuntu 16.04 version of MDM. I have modified the config file. I tried with: localhost, 127.0.0.1 and the FQN. Unfortunately I had no luck. Is there something else which could be wrong?

I recieve this error:

Konnte nicht mit dem Z-Push Server verbinden. Konnte keine Verbindung zum Host herstellen.

0_1528227297408_webapp_mdm.png

Yes I know it’s not supported yet. Maybe someone can reproduce ?

Thanks
hispeed!

Hi hispeed,
stupid question - but do you have z-push installed?
If yes - ist it working?
Z-push shows some logs that might help.
best regards

Yes Z-Push is running fine. I made it working today. Where is the log from Z-Push?

My other thread for 18.04 and postfix with smarthosts. I can now use everything except send e-mails is not working. https://forum.kopano.io/topic/1358/concept-configuration-of-postfix-with-smarthosts/37

Yes I have a self-signed certificate and ssl :S!! I see… I get in trouble ^^…

@fbartels I just saw this is the wrong section :(.

Is your /etc/kopano/webapp/config-mdm.php configured correctly?

Right now it looks like that:

<?php
define('PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM', false);
define('PLUGIN_MDM_SERVER', '127.0.0.1');
define('PLUGIN_MDM_SERVER_SSL', true);
?>

But yes I have a self-signed certificate at the moment.

so is your apache/nginx also listening on 127.0.0.1 ?
My config contains the external name - the same url I browse the webapp

On the same machine, you can set the PLUGIN_MDM_SERVER_SSL to false. This avoids all certificate issues.
I recommend to use the server name from the webserver configuration (vhost) instead of the localhost address.

Why are you using a self-signed certificate? LetsEncrypt is activated in a few minutes and accepted on the most devices out-of-the-box.

Hi AnotherAndy and eli,

I have in the Apache Config: ServerName https://kopanotest.topleveldomain.ch
This Servername without https:// i have writen into the MDM config. I have also tested it with https://
I also set PLUGIN_MDM_SERVER_SSL to fals but it doesn’t help.

Where do I see if apache is listening on 127.0.0.1 ? I didn’t find in the apache2.conf .

Yes I will try with LetsEncrypt today evening or tomorrow to install it and get it working.

what do you see if you run : apache2ctl -S

I see this:

root@svgwma-kopa-02:/# apache2ctl -S
VirtualHost configuration:
*:80                   kopanotest.XXXXX.XX (/etc/apache2/sites-enabled/000-default.conf:1)
*:443                  kopanotest.XXXXX.XX> (/etc/apache2/sites-enabled/000-default.conf:18)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33
You have new mail in /var/mail/root

kopanotest.XXXXX.XX <- this I wrote in the mdm config!

means your apache is listening on every interface available.
But with the config
.
<?php
define(‘PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM’, false);
define(‘PLUGIN_MDM_SERVER’, kopanotest.topleveldomain.ch’);
define(‘PLUGIN_MDM_SERVER_SSL’, true);
?>
it should work…if not check the z-push logs if you can find anything or the kopano logs

No luck at the moment. Updated Webapp restartet everything. configured like you said but still the same error.

Log Level - Debug
root@svgwma-kopa-02:/var/log/z-push# nano z-push-error.lorg <- No entries
root@svgwma-kopa-02:/var/log/z-push# nano z-push.log - No entries

Also no Kopano log entries…

I found something in the webapp and look at the version. I can’t see the Z-Push Version! maybe there I have something wrong?

Z-Push: Version nicht verfügbar / Z-Push Version not available

ok, so you did not configure your apache.
You “should” see something like this.

apache2ctl -S
VirtualHost configuration:
[::1]:80               is a NameVirtualHost
         default server localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
         port 80 namevhost localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
         port 80 namevhost localhost (/etc/apache2/sites-enabled/002-localhost.conf:20)
                 alias 127.0.0.1
                 alias [::1]
                 alias ip6-localhost
                 alias ip6-loopback
192.168.0.100:80     is a NameVirtualHost
         default server 192.168.0.100  (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:1)
         port 80 namevhost 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:1)
         port 80 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:1)
192.168.0.100:443    is a NameVirtualHost
         default server 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:12)
         port 443 namevhost 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:12)
         port 443 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:27)
127.0.0.1:80           is a NameVirtualHost
         default server localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
         port 80 namevhost localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
         port 80 namevhost localhost (/etc/apache2/sites-enabled/002-localhost.conf:20)
                 alias 127.0.0.1
                 alias [::1]
                 alias ip6-localhost
                 alias ip6-loopback
1.2.3.4 :80     is a NameVirtualHost
         default server 1.2.3.4  (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:1)
         port 80 namevhost 1.2.3.4 (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:1)
         port 80 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:1)
1.2.3.4 :443    is a NameVirtualHost
         default server 1.2.3.4  (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:15)
         port 443 namevhost 1.2.3.4 (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:15)
         port 443 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:27)

A sample what creates this, can be found here.
https://raw.githubusercontent.com/thctlo/debian-scripts/master/setup-apache2-vhost-defaults.sh

This catches every IP and hostname and makes sure NONE of you vhost can get abused.
all my IP hosts have

a sample of the IP cert.

  #   A self-signed certificate, use the IP adres for CN (Common Name)
    # mkdir -p /etc/ssl/local/{certs,private}
    # openssl req -new -x509 -days 365 -nodes -out /etc/ssl/local/certs/ip-wan.cert.pem -keyout /etc/ssl/local/private/ip-wan.key.pem
    # chown root:www-data /etc/ssl/local/certs/ip-wan.cert.pem
    # chown root:www-data /etc/ssl/local/private/ip-wan.key.pem
    # chmod 644 /etc/ssl/local/certs/ip-wan.cert.pem
    # chmod 640 /etc/ssl/local/private/ip-wan.key.pem

and optional add one of these or create an index that people should use a hostname and not an ipadres.
Bots/script kiddies use ipadress. point your fail2ban to these logs and bye bye script kiddie.

    # We dont allow anyone on the external ip, normal persons types a name and not ip.
    <Location />
      Require all denied
    </Location>

    #or choose to redirect the request to your webserver.
    #Redirect permanent / https://www.example.com/

@eli have a look here.
https://forum.kopano.io/topic/1453/kopano-and-outlook-integration/6
That might help also in setting up correctly.
Combine that one with this post and you have all the correct info.

@thctlo I have tried to do your steps for the certificates and apache vhost.
unfortunately at the moment the webapp is not available anymore.

When I go to: https://192.168.0.80/webapp i will be redirected to: https://www./webapp

root@svgwma-kopa-02:/etc/apache2/conf-enabled# apache2ctl -S
VirtualHost configuration:
[::1]:80               is a NameVirtualHost
         default server 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
         port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
         port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:19)
                 alias localhost
                 alias [::1]
                 alias localhost-ip6
                 alias ip6-loopback
                 alias localhost.localdomain
192.168.0.80:80        is a NameVirtualHost
         default server 192.168.0.80 (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:1)
         port 80 namevhost 192.168.0.80 (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:1)
         port 80 namevhost www. (/etc/apache2/sites-enabled/000-www..conf:1)
         port 80 namevhost mail. (/etc/apache2/sites-enabled/001-mail..conf:1)
127.0.0.1:80           is a NameVirtualHost
         default server 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
         port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
         port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:19)
                 alias localhost
                 alias [::1]
                 alias localhost-ip6
                 alias ip6-loopback
                 alias localhost.localdomain
*:443                  is a NameVirtualHost
         default server kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:13)
         port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:13)
         port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-www..conf:12)
         port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/001-mail..conf:11)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

/etc/apache2/sites-enabled/000-localhost.conf
Looks like that:

# Default ipv4 localhost
<VirtualHost 127.0.0.1:80 [::1]:80>
# Default ip vhost for localhost ipv4 and ipv6
    ServerAdmin webmaster@localhost
    ServerName 127.0.0.1

    DocumentRoot /var/www/localhost

    ErrorLog  ${APACHE_LOG_DIR}/localhost-error.log
    CustomLog ${APACHE_LOG_DIR}/localhost-access.log combined

</VirtualHost>

#
# Vhost example for localhost.
#
# IP Based Virtual Host examples.
# Both ipv4 and ipv6 localhost
<VirtualHost 127.0.0.1:80 [::1]:80>
# or
#<VirtualHost localhost:80>
#
# Only ipv6 localhost
#<VirtualHost ip6-localhost:80>
# or
#<VirtualHost [::1]:80>
#
# Only ipv4 localhost
#<VirtualHost 127.0.0.1:80>
#
# Name Based Virtual Host
#<VirtualHost *:80>

    ServerAdmin webmaster@localhost

    ServerName 127.0.0.1

    # For the Aliases, check you "/etc/hosts" file and make sure you have all in here.
    # Default ipv4+ipv6
    ServerAlias localhost [::1] localhost-ip6 ip6-loopback localhost.localdomain

    DocumentRoot /var/www/localhost

    DocumentRoot /var/www/localhost

    ErrorLog  ${APACHE_LOG_DIR}/localhost-error.log
    CustomLog ${APACHE_LOG_DIR}/localhost-access.log combined

    <Directory />
        AllowOverride None
        Require all denied
    </Directory>

    <Directory /var/www/>
        AllowOverride None
        Require all denied
    </Directory>

    <Directory /var/www/localhost>
        AllowOverride None
        Require all granted
    </Directory>

    <Location "/server-status">
        SetHandler server-status
        Require host localhost
    </Location>

</VirtualHost>

Here is my hosts configuration:
/etc/hosts

127.0.0.1       kopanotest.mydomain.ch      localhost
::1             localhost6.localdomain6 localhost6

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Probably there are some errors in all of those configs…

Can you help me with fixing that?

hi @hispeed
ist you server running on a LAN or with a public IP?
https://forum.kopano.io/topic/1042/mdm-plugin-not-working/17
this guy had a smiliar problem -his problem was the apache config.

Hi,

It’s just a testserver behind my pfsense at home. I recieve and send (sending -> it doesn’t work yet) mails via SMARTHOSTS. The server doesn’t have a public IP. My pfsense is forwarding everything.
So SSL is secondary but nice to have because the server is reachable from outside for webapp and z-push.

EDIT:

Maybe I should use this VHOST config on this post?

https://forum.kopano.io/topic/1042/mdm-plugin-not-working/14

hi,
now I understand. So what happens, if your do a
curl https://externalURL/Microsoft-Server-ActiveSync on the bash of the Server?
you should get
<html>
<header>
<title>Z-Push ActiveSync</title>
</header>
<body>
<font face=“verdana”>
<h2>Z-Push - Open Source ActiveSync</h2>
<b>Version 2.4.2+0-0</b><br>
<h3>AuthenticationRequiredException</h3> <pre>Access denied. Please send authorisation information</pre><br>
<br><br>
More information about Z-Push can be found at:<br>
<a href=“http://z-push.org/”>Z-Push homepage</a><br>
<a href=“http://z-push.org/download”>Z-Push download page</a><br>
<a href=“https://jira.z-hub.io/browse/ZP”>Z-Push Bugtracker</a><br>
<a href=“https://wiki.z-hub.io/display/ZP”>Z-Push Wiki</a> and <a href=" https://wiki.z-hub.io/display/ZP/Roadmap">Roadmap</a><br>
<br>
All modifications to this sourcecode must be published and returned to t he community.<br>
Please see <a href=“http://www.gnu.org/licenses/agpl-3.0.html”>AGPLv3 Li cense</a> for details.<br>
</font face=“verdana”>
</body>

Yes this works but without SSL. so just curl http://
I also have my Iphone connected which is working fine, so Z-Push is probably fine.