[SOLVED] MDM Plugin Webapp - Ubuntu 18.04

hi @hispeed
ist you server running on a LAN or with a public IP?
https://forum.kopano.io/topic/1042/mdm-plugin-not-working/17
this guy had a smiliar problem -his problem was the apache config.

Hi,

It’s just a testserver behind my pfsense at home. I recieve and send (sending -> it doesn’t work yet) mails via SMARTHOSTS. The server doesn’t have a public IP. My pfsense is forwarding everything.
So SSL is secondary but nice to have because the server is reachable from outside for webapp and z-push.

EDIT:

Maybe I should use this VHOST config on this post?

https://forum.kopano.io/topic/1042/mdm-plugin-not-working/14

hi,
now I understand. So what happens, if your do a
curl https://externalURL/Microsoft-Server-ActiveSync on the bash of the Server?
you should get
<html>
<header>
<title>Z-Push ActiveSync</title>
</header>
<body>
<font face=“verdana”>
<h2>Z-Push - Open Source ActiveSync</h2>
<b>Version 2.4.2+0-0</b><br>
<h3>AuthenticationRequiredException</h3> <pre>Access denied. Please send authorisation information</pre><br>
<br><br>
More information about Z-Push can be found at:<br>
<a href=“http://z-push.org/”>Z-Push homepage</a><br>
<a href=“http://z-push.org/download”>Z-Push download page</a><br>
<a href=“https://jira.z-hub.io/browse/ZP”>Z-Push Bugtracker</a><br>
<a href=“https://wiki.z-hub.io/display/ZP”>Z-Push Wiki</a> and <a href=" https://wiki.z-hub.io/display/ZP/Roadmap">Roadmap</a><br>
<br>
All modifications to this sourcecode must be published and returned to t he community.<br>
Please see <a href=“http://www.gnu.org/licenses/agpl-3.0.html”>AGPLv3 Li cense</a> for details.<br>
</font face=“verdana”>
</body>

Yes this works but without SSL. so just curl http://
I also have my Iphone connected which is working fine, so Z-Push is probably fine.

wow…running out of ideas…can you check the apache access logs, if the kopano webapp MDM tries to access the z-push url?

This is pretty simple guys, make sure you resolving is correct thats it.
Then test with names and not ipadresses.
That is key if you use SSL, if you want to use ip adressen, then setup without ssl.

What i posted is correct and is in production over 2 years, but i made sure the resolving is correct.
You have the solutions, now fix you dns/resolving to make it work.

This :

/etc/hosts
127.0.0.1       kopanotest.mydomain.ch      localhost
::1             localhost6.localdomain6 localhost6

is wrong, now your “localhost” resolves to kopanotest.mydomain.ch
yes, this is possbile, but correct would be localhost.mydomain.ch
Not that i advice that.

/etc/hosts
127.0.0.1       localhost localhost.localdomain
::1             localhost localhost6.localdomain6 localhost6
192.168.1.1 kopanotest.mydomain.ch       kopanotest

That should be a correct hosts file. (correct the ip of kopanotest)

Hi @thctlo

After spending hours of trying and fixing the virtual host file of apache I can now connect again to Kopano.

EDIT 2:
Unfortunately right now I can’t access via LAN because I only allow domain names. I have a pfsense what do I need to do, or do I have to reconfigure virtual host file from apache2?
–> This is fixed via Pfsense and DNS Resolver!

Yes I have succesfully installed certbot and I got a certificate which I also set up like you explained.

Here is my virtualHost config:

# Non SSL
 <VirtualHost kopanotest.mydomain.ch:80>

    ServerAdmin name@mydomain.ch
    ServerName kopanotest.mydomain.ch
        # Note autodiscover, works only if you use a wildcard, ! Lets Encrypt does not support wildards yet.
        # you may put this (autodisover) also in www or toplevel vhost config.
    ServerAlias autodiscover.mydomain.ch mail autodiscover

    DocumentRoot /usr/share/kopano-webapp/
    ServerSignature Off
    <Directory "/usr/share/kopano-webapp">
        Require all denied
        AllowOverride All
   </Directory>

    ErrorLog ${APACHE_LOG_DIR}/mail-error.log
    CustomLog ${APACHE_LOG_DIR}/mail-access.log combined

    ## kopano settings.
        ## by default a2enmod enables for all sites, i dont like that.
        ## so i run a2disconf kopano-webapp and include the config.
    Include /etc/apache2/sites-enabled/kopano-webapp.conf

    # Make sure that your using ssl.
    RewriteEngine   On
    RewriteCond     %{HTTPS}        off
    RewriteRule     ^(.*)$          https://kopanotest.mydomain.ch/%{REQUEST_URI} [L,R]

 </VirtualHost>
# SSL
 <VirtualHost kopanotest.mydomain.ch:443>

    ServerAdmin name@mydomain.ch
    ServerName kopanotest.mydomain.ch
        # Note, this only works if you use a wildcard ssl.
    # ServerAlias autodiscover.example.com

    DocumentRoot /usr/share/kopano-webapp
    ErrorLog ${APACHE_LOG_DIR}/mail1-internal-ssl-error.log
    CustomLog ${APACHE_LOG_DIR}/mail1-internal-ssl-access.log combined
    ServerSignature Off

    <IfModule mod_ssl.c>
        SSLEngine on
                # Do change these to your own certs.
        SSLCertificateFile      /etc/kopano/ssl/cert.pem
        SSLCertificateKeyFile   /etc/kopano/ssl/privkey.pem
        SSLCACertificateFile    /etc/kopano/ssl/server.pem

        # Add the following to your Apache config.
                # ! Note Debian 8 may not like this.
        #SSLOpenSSLConfCmd DHParameters "/etc/ssl/dh/dh4096.pem"

                # adviced to use only tls1.2
        # SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
                SSLProtocol TLSv1.2
        SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA$

        SSLHonorCipherOrder On
        Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
        Header always set X-Frame-Options DENY
        Header always set X-Content-Type-Options nosniff

        SSLHonorCipherOrder On

        SSLStrictSNIVHostCheck Off
        SSLCompression Off

        </IfModule>

        ## kopano settings.
        Include /etc/apache2/sites-enabled/kopano-webapp.conf

        Include /etc/apache2/conf-available/z-push.conf
        #    Include /etc/apache2/conf-available/z-push-autodiscover.conf

  </VirtualHost>

I will test later if MDM is working and If I can send mails now or not.

EDIT:
MDM is not working yet. Can I remove it and install it again?

If you have this problem you have to reconfigure correctly your apache vhost configuration and also get a proper certificate.

Then you have to adjust the config from mdm to:

<?php
define(‘PLUGIN_MDM_USER_DEFAULT_ENABLE_MDM’, true);
define(‘PLUGIN_MDM_SERVER’, subdomain.topleveldomain.ch’);
define(‘PLUGIN_MDM_SERVER_SSL’, true);
?>

This is what I need to do after I have reconfigured my apache vhost config. The problem is solved.

Hi, good to hear this is fixed.
A correct resolving is so important.

And sorry for the late reply, there was a lot going on the last 3 months.