• Re: Multi Tenancy

    Reading up on the github repo I see it’s possible to install Z-push in multiple directories. In my case, I’d like a Debian (Ubuntu) rollout. I’m looking at the debian build directories to spot the build, which seems quite straightforward.

    I’d like to write a script (maybe an ansible playbook) that sets up a per-domain z-push instance that can be configured to the nextcloud instance for that domain. Any hints, tips, bewares or caveats that should be taken into account? Could we share some resources or would it be wiser to keep all instances strictly separated?

  • Kopano

    Hi @Luke1982,

    normally you don’t even need multiple z-push installations for multiple tenants (if all these tenants are using the same data source), but with different caldav/carddav backends it is indeed probably the easiest to install z-push multiple times.

    Since there could be overlapping user ids between the different Nextcloud instances I would recommend to have separate data storage per installation.


  • Hi @fbartels,

    Yeah I really want to setup separate nextcloud instances on a per-company base to keep it nice and separated. Am I right to assume that the master branch on github is frozen at the latest final release? I noticed the latest commit on the master and the latest release date are on the same date.

    Any specific reason for the symlinks to the /etc/z-push folder for for instance the config files?


  • OK, so I got a first thing working so I’ll share that here for self-reference as well:

    Firstly I decided to stick to the usr/share/ structure but setting up a directory per domain, git controlled. So in /usr/share/z-push (create the z-push directory!) I executed

    sudo git clone --single-branch --branch=master https://github.com/Z-Hub/Z-Push mydomain.nl
    

    giving me the source in a folder named after the domain you’re setting this up for. That means that the apache configurations (assuming you use Apache) need to be altered a bit. I will only show the altered lines here, keep in mind this is not the entire config:

    Activesync config

    Alias /Microsoft-Server-ActiveSync /usr/share/z-push/mydomain.nl/src/index.php
    <Directory /usr/share/z-push/mydomain.nl/src>
    

    Autodiscovery config

        Alias /AutoDiscover/AutoDiscover.xml "/usr/share/z-push/mydomain.nl/src/autodiscover/autodiscover.php"
        Alias /Autodiscover/Autodiscover.xml "/usr/share/z-push/mydomain.nl/src/autodiscover/autodiscover.php"
        Alias /autodiscover/autodiscover.xml "/usr/share/z-push/mydomain.nl/src/autodiscover/autodiscover.php"
    

    Do make sure you install the correct PHP modules (php-imap, php-mapi, and so on).

    Logs
    Normally the package manager would create the log files and manage the properties. You have to do that yourself, so create /var/log/z-push as root, create (in that directory):

    • autodiscover-error.log
    • autodiscover.log
    • z-push.log
    • z-push-error.log

    and make sure your z-push instance can write to it. Normally, the apache user (httpd or www-data) would need user or group write access, but in php-fpm that could be the user (or if you use something like mpm_itk).

    Now, you also need a directory called /var/lib/z-push and give it some permission that will allow z-push to do something. Again, this needs to be accessible by z-push. How you do that is up to you.

    Configuration is the same as it normally is, only everything is in a /usr/share/z-push/mydomain.nl/src folder instead of /usr/share/z-push.

    Now I’ve only done a quick IMAP test so far, need to do caldav and carddav now and then do some rigorous testing.


  • Caldav
    Caldav will complain it’s missing XMLDocument.php from the libawl-php package. Even when it’s installed, you’ll get that message since the default include_path is pointing towards Kopano. The way I fixed it (would love to hear a better one) is to change the Apache conf, inside the <Directory /usr/share/z-push/mydomain.nl/src> directive, set

    AllowOverride none
    

    to

    AllowOverride all
    

    and then inside /usr/share/z-push/mydomain.nl/src create a .htaccess file with

    php_value include_path ".:/usr/share/awl/inc"
    

    in it.


  • To keep noting my progress for anyone interested or stumbling on the same. Of course Outlook is the eternal problemchild, so I figured out some extra PHP settings that make it work. Kind of

    • Reduce SYNC_MAX_ITEMS to something like 100 in /usr/share/mydomain.nl/src/config.php
    • Increase the max_execution_time and max_input_time for PHP to at least an hour
    • Increase the PHP memorylimit, something like 512M or even higher

    Android clients work fine with ActiveSync, of cource it’s the horror that is Outlook that crashes and burns. This is quite a large mailbox, needs to be said.