[SOLVED] MDM Plugin Webapp - Ubuntu 18.04



  • Hi,

    I try to use on Ubuntu Server 18.04 with a new Kopano installation the MDM Plugin. I can see it in the webapp. But when I activate it:

    I used the Ubuntu 16.04 version of MDM. I have modified the config file. I tried with: localhost, 127.0.0.1 and the FQN. Unfortunately I had no luck. Is there something else which could be wrong?

    I recieve this error:

    Konnte nicht mit dem Z-Push Server verbinden. Konnte keine Verbindung zum Host herstellen.
    

    0_1528227297408_webapp_mdm.png

    Yes I know it’s not supported yet. Maybe someone can reproduce ?

    Thanks
    hispeed!



  • Hi hispeed,
    stupid question - but do you have z-push installed?
    If yes - ist it working?
    Z-push shows some logs that might help.
    best regards



  • Yes Z-Push is running fine. I made it working today. Where is the log from Z-Push?

    My other thread for 18.04 and postfix with smarthosts. I can now use everything except send e-mails is not working. https://forum.kopano.io/topic/1358/concept-configuration-of-postfix-with-smarthosts/37

    Yes I have a self-signed certificate and ssl :S!! I see… I get in trouble ^^…

    @fbartels I just saw this is the wrong section :(.



  • Is your /etc/kopano/webapp/config-mdm.php configured correctly?



  • Right now it looks like that:

    <?php
    define('PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM', false);
    define('PLUGIN_MDM_SERVER', '127.0.0.1');
    define('PLUGIN_MDM_SERVER_SSL', true);
    ?>
    

    But yes I have a self-signed certificate at the moment.



  • so is your apache/nginx also listening on 127.0.0.1 ?
    My config contains the external name - the same url I browse the webapp



  • On the same machine, you can set the PLUGIN_MDM_SERVER_SSL to false. This avoids all certificate issues.
    I recommend to use the server name from the webserver configuration (vhost) instead of the localhost address.

    Why are you using a self-signed certificate? LetsEncrypt is activated in a few minutes and accepted on the most devices out-of-the-box.



  • Hi AnotherAndy and eli,

    I have in the Apache Config: ServerName https://kopanotest.topleveldomain.ch
    This Servername without https:// i have writen into the MDM config. I have also tested it with https://
    I also set PLUGIN_MDM_SERVER_SSL to fals but it doesn’t help.

    Where do I see if apache is listening on 127.0.0.1 ? I didn’t find in the apache2.conf .

    Yes I will try with LetsEncrypt today evening or tomorrow to install it and get it working.



  • what do you see if you run : apache2ctl -S



  • I see this:

    root@svgwma-kopa-02:/# apache2ctl -S
    VirtualHost configuration:
    *:80                   kopanotest.XXXXX.XX (/etc/apache2/sites-enabled/000-default.conf:1)
    *:443                  kopanotest.XXXXX.XX> (/etc/apache2/sites-enabled/000-default.conf:18)
    ServerRoot: "/etc/apache2"
    Main DocumentRoot: "/var/www/html"
    Main ErrorLog: "/var/log/apache2/error.log"
    Mutex ssl-cache: using_defaults
    Mutex default: dir="/var/run/apache2/" mechanism=default
    Mutex mpm-accept: using_defaults
    Mutex watchdog-callback: using_defaults
    Mutex ssl-stapling-refresh: using_defaults
    Mutex ssl-stapling: using_defaults
    PidFile: "/var/run/apache2/apache2.pid"
    Define: DUMP_VHOSTS
    Define: DUMP_RUN_CFG
    User: name="www-data" id=33
    Group: name="www-data" id=33
    You have new mail in /var/mail/root
    

    kopanotest.XXXXX.XX <- this I wrote in the mdm config!



  • means your apache is listening on every interface available.
    But with the config
    .
    <?php
    define(‘PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM’, false);
    define(‘PLUGIN_MDM_SERVER’, kopanotest.topleveldomain.ch’);
    define(‘PLUGIN_MDM_SERVER_SSL’, true);
    ?>
    it should work…if not check the z-push logs if you can find anything or the kopano logs



  • No luck at the moment. Updated Webapp restartet everything. configured like you said but still the same error.

    Log Level - Debug
    root@svgwma-kopa-02:/var/log/z-push# nano z-push-error.lorg <- No entries
    root@svgwma-kopa-02:/var/log/z-push# nano z-push.log - No entries

    Also no Kopano log entries…

    I found something in the webapp and look at the version. I can’t see the Z-Push Version! maybe there I have something wrong?

    Z-Push: Version nicht verfügbar / Z-Push Version not available





  • ok, so you did not configure your apache.
    You “should” see something like this.

    apache2ctl -S
    VirtualHost configuration:
    [::1]:80               is a NameVirtualHost
             default server localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
             port 80 namevhost localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
             port 80 namevhost localhost (/etc/apache2/sites-enabled/002-localhost.conf:20)
                     alias 127.0.0.1
                     alias [::1]
                     alias ip6-localhost
                     alias ip6-loopback
    192.168.0.100:80     is a NameVirtualHost
             default server 192.168.0.100  (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:1)
             port 80 namevhost 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:1)
             port 80 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:1)
    192.168.0.100:443    is a NameVirtualHost
             default server 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:12)
             port 443 namevhost 192.168.0.100 (/etc/apache2/sites-enabled/001-default-vhost-ip-lan.conf:12)
             port 443 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:27)
    127.0.0.1:80           is a NameVirtualHost
             default server localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
             port 80 namevhost localhost.localdomain (/etc/apache2/sites-enabled/002-localhost.conf:3)
             port 80 namevhost localhost (/etc/apache2/sites-enabled/002-localhost.conf:20)
                     alias 127.0.0.1
                     alias [::1]
                     alias ip6-localhost
                     alias ip6-loopback
    1.2.3.4 :80     is a NameVirtualHost
             default server 1.2.3.4  (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:1)
             port 80 namevhost 1.2.3.4 (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:1)
             port 80 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:1)
    1.2.3.4 :443    is a NameVirtualHost
             default server 1.2.3.4  (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:15)
             port 443 namevhost 1.2.3.4 (/etc/apache2/sites-enabled/000-default-vhost-ip-wan.conf:15)
             port 443 namevhost mail.example.com (/etc/apache2/sites-enabled/003-mail.example.com.conf:27)
    

    A sample what creates this, can be found here.
    https://raw.githubusercontent.com/thctlo/debian-scripts/master/setup-apache2-vhost-defaults.sh

    This catches every IP and hostname and makes sure NONE of you vhost can get abused.
    all my IP hosts have

    a sample of the IP cert.

      #   A self-signed certificate, use the IP adres for CN (Common Name)
        # mkdir -p /etc/ssl/local/{certs,private}
        # openssl req -new -x509 -days 365 -nodes -out /etc/ssl/local/certs/ip-wan.cert.pem -keyout /etc/ssl/local/private/ip-wan.key.pem
        # chown root:www-data /etc/ssl/local/certs/ip-wan.cert.pem
        # chown root:www-data /etc/ssl/local/private/ip-wan.key.pem
        # chmod 644 /etc/ssl/local/certs/ip-wan.cert.pem
        # chmod 640 /etc/ssl/local/private/ip-wan.key.pem
    

    and optional add one of these or create an index that people should use a hostname and not an ipadres.
    Bots/script kiddies use ipadress. point your fail2ban to these logs and bye bye script kiddie.

        # We dont allow anyone on the external ip, normal persons types a name and not ip.
        <Location />
          Require all denied
        </Location>
    
        #or choose to redirect the request to your webserver.
        #Redirect permanent / https://www.example.com/
    


  • @eli have a look here.
    https://forum.kopano.io/topic/1453/kopano-and-outlook-integration/6
    That might help also in setting up correctly.
    Combine that one with this post and you have all the correct info.



  • @thctlo I have tried to do your steps for the certificates and apache vhost.
    unfortunately at the moment the webapp is not available anymore.

    When I go to: https://192.168.0.80/webapp i will be redirected to: https://www./webapp

    root@svgwma-kopa-02:/etc/apache2/conf-enabled# apache2ctl -S
    VirtualHost configuration:
    [::1]:80               is a NameVirtualHost
             default server 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
             port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
             port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:19)
                     alias localhost
                     alias [::1]
                     alias localhost-ip6
                     alias ip6-loopback
                     alias localhost.localdomain
    192.168.0.80:80        is a NameVirtualHost
             default server 192.168.0.80 (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:1)
             port 80 namevhost 192.168.0.80 (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:1)
             port 80 namevhost www. (/etc/apache2/sites-enabled/000-www..conf:1)
             port 80 namevhost mail. (/etc/apache2/sites-enabled/001-mail..conf:1)
    127.0.0.1:80           is a NameVirtualHost
             default server 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
             port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:2)
             port 80 namevhost 127.0.0.1 (/etc/apache2/sites-enabled/000-localhost.conf:19)
                     alias localhost
                     alias [::1]
                     alias localhost-ip6
                     alias ip6-loopback
                     alias localhost.localdomain
    *:443                  is a NameVirtualHost
             default server kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:13)
             port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-default-vhost-ips-0.conf:13)
             port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/000-www..conf:12)
             port 443 namevhost kopanotest.mydomain.ch> (/etc/apache2/sites-enabled/001-mail..conf:11)
    ServerRoot: "/etc/apache2"
    Main DocumentRoot: "/var/www/html"
    Main ErrorLog: "/var/log/apache2/error.log"
    Mutex default: dir="/var/run/apache2/" mechanism=default
    Mutex mpm-accept: using_defaults
    Mutex watchdog-callback: using_defaults
    Mutex ssl-stapling-refresh: using_defaults
    Mutex ssl-stapling: using_defaults
    Mutex ssl-cache: using_defaults
    PidFile: "/var/run/apache2/apache2.pid"
    Define: DUMP_VHOSTS
    Define: DUMP_RUN_CFG
    User: name="www-data" id=33
    Group: name="www-data" id=33
    

    /etc/apache2/sites-enabled/000-localhost.conf
    Looks like that:

    # Default ipv4 localhost
    <VirtualHost 127.0.0.1:80 [::1]:80>
    # Default ip vhost for localhost ipv4 and ipv6
        ServerAdmin webmaster@localhost
        ServerName 127.0.0.1
    
        DocumentRoot /var/www/localhost
    
        ErrorLog  ${APACHE_LOG_DIR}/localhost-error.log
        CustomLog ${APACHE_LOG_DIR}/localhost-access.log combined
    
    </VirtualHost>
    
    #
    # Vhost example for localhost.
    #
    # IP Based Virtual Host examples.
    # Both ipv4 and ipv6 localhost
    <VirtualHost 127.0.0.1:80 [::1]:80>
    # or
    #<VirtualHost localhost:80>
    #
    # Only ipv6 localhost
    #<VirtualHost ip6-localhost:80>
    # or
    #<VirtualHost [::1]:80>
    #
    # Only ipv4 localhost
    #<VirtualHost 127.0.0.1:80>
    #
    # Name Based Virtual Host
    #<VirtualHost *:80>
    
        ServerAdmin webmaster@localhost
    
        ServerName 127.0.0.1
    
        # For the Aliases, check you "/etc/hosts" file and make sure you have all in here.
        # Default ipv4+ipv6
        ServerAlias localhost [::1] localhost-ip6 ip6-loopback localhost.localdomain
    
        DocumentRoot /var/www/localhost
    
        DocumentRoot /var/www/localhost
    
        ErrorLog  ${APACHE_LOG_DIR}/localhost-error.log
        CustomLog ${APACHE_LOG_DIR}/localhost-access.log combined
    
        <Directory />
            AllowOverride None
            Require all denied
        </Directory>
    
        <Directory /var/www/>
            AllowOverride None
            Require all denied
        </Directory>
    
        <Directory /var/www/localhost>
            AllowOverride None
            Require all granted
        </Directory>
    
        <Location "/server-status">
            SetHandler server-status
            Require host localhost
        </Location>
    
    </VirtualHost>
    

    Here is my hosts configuration:
    /etc/hosts

    127.0.0.1       kopanotest.mydomain.ch      localhost
    ::1             localhost6.localdomain6 localhost6
    
    # The following lines are desirable for IPv6 capable hosts
    ::1     localhost ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    

    Probably there are some errors in all of those configs…

    Can you help me with fixing that?



  • hi @hispeed
    ist you server running on a LAN or with a public IP?
    https://forum.kopano.io/topic/1042/mdm-plugin-not-working/17
    this guy had a smiliar problem -his problem was the apache config.



  • Hi,

    It’s just a testserver behind my pfsense at home. I recieve and send (sending -> it doesn’t work yet) mails via SMARTHOSTS. The server doesn’t have a public IP. My pfsense is forwarding everything.
    So SSL is secondary but nice to have because the server is reachable from outside for webapp and z-push.

    EDIT:

    Maybe I should use this VHOST config on this post?

    https://forum.kopano.io/topic/1042/mdm-plugin-not-working/14



  • hi,
    now I understand. So what happens, if your do a
    curl https://externalURL/Microsoft-Server-ActiveSync on the bash of the Server?
    you should get
    <html>
    <header>
    <title>Z-Push ActiveSync</title>
    </header>
    <body>
    <font face=“verdana”>
    <h2>Z-Push - Open Source ActiveSync</h2>
    <b>Version 2.4.2+0-0</b><br>
    <h3>AuthenticationRequiredException</h3> <pre>Access denied. Please send authorisation information</pre><br>
    <br><br>
    More information about Z-Push can be found at:<br>
    <a href=“http://z-push.org/”>Z-Push homepage</a><br>
    <a href=“http://z-push.org/download”>Z-Push download page</a><br>
    <a href=“https://jira.z-hub.io/browse/ZP”>Z-Push Bugtracker</a><br>
    <a href=“https://wiki.z-hub.io/display/ZP”>Z-Push Wiki</a> and <a href=" https://wiki.z-hub.io/display/ZP/Roadmap">Roadmap</a><br>
    <br>
    All modifications to this sourcecode must be published and returned to t he community.<br>
    Please see <a href=“http://www.gnu.org/licenses/agpl-3.0.html”>AGPLv3 Li cense</a> for details.<br>
    </font face=“verdana”>
    </body>



  • Yes this works but without SSL. so just curl http://
    I also have my Iphone connected which is working fine, so Z-Push is probably fine.