# $OpenBSD: README,v 1.18 2015/07/17 21:23:08 ajacoutot Exp $
+-----------------------------------------------------------------------
| Running ${FULLPKGNAME} on OpenBSD
+-----------------------------------------------------------------------
General setup and configuration information about SOGo can be found
in ${TRUEPREFIX}/share/doc/sogo/.
SOGo is designed with scalability in mind. All of the dependent components
like mail-, database-, or web server can run on different hosts, and
you can even choose to install your preferred software to fulfill those tasks.
You have to install those components manually on the servers where you
want to run them. An overview is given in the list below.
For your SOGo installation you would need the following components installed
somewhere. Either on the same host where you install SOGo, or distributed
over multiple systems, related to your needs:
- Memcached to speed up SOGo:
* install the memcached package
- Web Server:
* you can install nginx or the apache-httpd-openbsd package
- Database Server:
* install postgresql-server package
- or install mariadb-server package
- LDAP Server for user authentication shared addressbooks:
* install openldap-server package
- or use ldapd from base
- IMAP Server:
* install cyrus-imapd package
- or install dovecot package
- or install courier-imap package
- or install imap-uw package
- SMTP Server or local sendmail compatible binary:
* install postfix package
- or use smtpd from base
- or install sendmail package
The alternatives marked with * are recommended. They are tested and verified
to work together by the SOGo port maintainer.
For the configuration of those components you should take a look at their
respective documentation.
The SOGo system user
====================
The system user and group intended to run the SOGo application server
is called _sogo. The users home directory is ${VARBASE}/sogo.
The SOPE database adaptor
=========================
The SOPE PostgreSQL database adaptor is automatically installed.
If you want to use a MySQL database as backend, you have to install
the sope-mysql package on the host where SOPE and SOGo are installed.
SOGo with nginx
===============
Since nginx configuration is not explained in the SOGo Manual, here is an example.
It's assumed that nginx(8) and SOGo run on the same host. Nginx(8) listens on port 80,
and SOGo is listening on its default port 20000.
Nginx runs in a chroot environment on OpenBSD, therefore you have to
copy some files into the server's chroot environment:
# mkdir -p ${VARBASE}/www/lib/sogo
# cp -R ${TRUEPREFIX}/lib/GNUstep/SOGo/WebServerResources ${VARBASE}/www/lib/sogo/www
Edit /etc/nginx/nginx.conf
server {
listen 80;
root ${VARBASE}/www/lib/sogo/www/;
proxy_http_version 1.1;
location = /
{
rewrite ^ http://$server_name/SOGo;
allow all;
}
# For IOS 7
location = /principals/
{
rewrite ^ http://$server_name/SOGo/dav;
allow all;
}
location = /.well-known/caldav/
{
rewrite ^ http://$server_name/SOGo/dav;
}
location = /.well-known/carddav/
{
rewrite ^ http://$server_name/SOGo/dav;
allow all;
}
location ^~/SOGo
{
proxy_pass http://127.0.0.1:20000;
proxy_redirect http://127.0.0.1:20000 default;
# forward user's IP address
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
proxy_set_header x-webobjects-remote-host 127.0.0.1;
proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $scheme://$host;
proxy_set_header x-webobjects-server-port $server_port;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
client_max_body_size 50m;
client_body_buffer_size 128k;
break;
}
location /SOGo.woa/WebServerResources/
{
alias ${VARBASE}/www/lib/sogo/www/;
allow all;
}
location /SOGo/WebServerResources/
{
alias ${VARBASE}/www/lib/sogo/www/;
allow all;
}
location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$
{
alias ${VARBASE}/www/lib/sogo/$1.SOGo/Resources/$2;
}
location ^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$
{
alias ${VARBASE}/www/lib/sogo/$1.SOGo/Resources/$2;
}
}
SOGo with OpenBSD apache-httpd-openbsd package
==============================================
Since the httpd 1.3 configuration is slightly different than the Apache 2
configuration explained in the SOGo Manual, here is an example. It's assumed
that the httpd and SOGo run on the same host. The httpd listens on port 80,
and SOGo is listening on its default port 20000.
The OpenBSD httpd runs in a chroot environment, therefore you have to
copy some files into the server's chroot environment:
# mkdir -p ${VARBASE}/www/lib/sogo
# cp -R ${TRUEPREFIX}/lib/GNUstep/SOGo/WebServerResources ${VARBASE}/www/lib/sogo/www
Edit ${VARBASE}/www/conf/httpd.conf:
You should make sure the proxy and header modules are loaded:
LoadModule proxy_module ${TRUEPREFIX}/lib/apache/modules/libproxy.so
LoadModule headers_module ${TRUEPREFIX}/apache/modules/mod_headers.so
Alias /SOGo.woa/WebServerResources/ \
/lib/sogo/www/
Alias /SOGo/WebServerResources/ \
/lib/sogo/www/
AliasMatch /SOGo/so/ControlPanel/Products/(.*)/Resources/(.*) \
/lib/sogo/$1.SOGo/Resources/$2
<LocationMatch "^/SOGo/so/ControlPanel/Products/.*UI/Resources/.*\.(jpg|png|gif|css|js)">
SetHandler default-handler
</LocationMatch>
## Uncomment the following to enable proxy-side authentication, you will then
## need to set the "SOGoTrustProxyAuthentication" SOGo user default to YES and
## adjust the "x-webobjects-remote-user" proxy header in the "Proxy" section
## below.
#<Location /SOGo>
# AuthType XXX
# Require valid-user
# SetEnv proxy-nokeepalive 1
# Allow from all
#</Location>
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
# When using CAS, you should uncomment this and install cas-proxy-validate.py
# in ${VARBASE}/www/cgi-bin to reduce server overloading
#
# ProxyPass /SOGo/casProxy http://localhost/cgi-bin/cas-proxy-validate.py
# <Proxy http://localhost/app/cas-proxy-validate.py>
# Order deny,allow
# Allow from your-cas-host-addr
# </Proxy>
ProxyPass /SOGo http://127.0.0.1:20000/SOGo
ProxyPassReverse /SOGo http://127.0.0.1:20000/SOGo
RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "127.0.0.1"
RequestHeader set "x-webobjects-server-url" "http://127.0.0.1"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
RequestHeader set "x-webobjects-remote-host" "127.0.0.1"
AddDefaultCharset UTF-8
# To be able to use iPhone a vhost on port 8800 should be
# configured and those redirects must be set
RedirectMatch ^/principals/users/(.*)$ http://127.0.0.1:8800/SOGo/dav/$1
RedirectMatch ^/principals/$ http://127.0.0.1:8800/SOGo/dav/
RedirectMatch ^/.well-known/(caldav|carddav)$ http://127.0.0.1:8800/SOGo/dav/
A note on using CAS
===================
Using CAS with the base httpd is not tested by the maintainer. You
have to copy ${TRUEPREFIX}/share/doc/sogo/cas-proxy-validate.py to
${VARBASE}/www/cgi-bin. Within the script, you have to edit the config
array and the path to your python to fit your configurtaion. Since
the httpd runs in a chroot environment you at least have to copy Python
and its dependencies into the chroot environment. Further you have to
make sure the following python modules are also available in the
chroot environment: cgi, memcache, os, sys. For the memcache
module you have to install the py-memcached package.
A note on using Thunderbird integrator
======================================
If you are going to use Thunderbird integrator you will need the php
script installed on ${TRUEPREFIX}/share/doc/sogo/updates.php.
You should copy it under ${VARBASE}/www/htdocs, install the php package and
follow the instuctions under ${TRUEPREFIX}/share/doc/sogo/SOGo_Mozilla_Thunderbird_Configuration.odt.
SOGo configuration example
==========================
Below you see an example SOGo configuration. The example assumes you have
the recommended server components installed as mentioned above.
You have to apply them as user _sogo using the defaults command, i.e:
defaults write sogod <key> <value>
In the example below it is assumed that all components run on the same host.
For details to each of the defaults consult the SOGo Administration manual.
sogod SOGoUserSources '(
{
CNFieldName = cn;
IDFieldName = uid;
IMAPHostFieldName = mailHost;
UIDFieldName = uid;
baseDN = "ou=people,dc=intern";
bindDN = "cn=Manager,dc=intern";
bindPassword = ManagerLDAPPassword;
canAuthenticate = YES;
displayName = "SOGo Accounts";
hostname = localhost;
id = public;
isAddressBook = YES;
port = 389;
}
)'
sogod SOGoSMTPServer localhost
sogod SOGoIMAPServer localhost
sogod SOGoLanguage English
sogod SOGoTimeZone Europe/Berlin
sogod SOGoFoldersSendEMailNotifications YES
sogod SOGoMemcachedHost localhost
sogod SOGoMailingMechanism smtp
sogod WOLogFile ${VARBASE}/log/sogo/sogod.log
sogod WOPidFile ${VARBASE}/sogo/sogod.pid
sogod SOGoMailDomain my-domain.com
sogod OCSFolderInfoURL postgresql://_sogo:sogo@localhost:5432/sogo/sogo_folder_info
sogod SOGoProfileURL postgresql://_sogo:sogo@localhost:5432/sogo/sogo_user_profile
sogod OCSSessionsFolderURL postgresql://_sogo:sogo@localhost:5432/sogo/sogo_sessions_folder
sogod SOGoACLsSendEMailNotifications YES
sogod SOGoAppointmentSendEMailNotifications YES
sogod WOWorkersCount 4
sogod SOGoDraftsFolderName INBOX.Drafts
sogod SOGoTrashFolderName INBOX.Trash
sogod SOGoSentFolderName INBOX.Sent
sogod SOGoZipPath ${LOCALBASE}/bin/zip
Upgrading from older SOGo versions
==================================
Update the files in the chroot environment of apache as root:
# rm -rf ${VARBASE}/www/lib/sogo
# mkdir -p ${VARBASE}/www/lib/sogo
# cp -R ${TRUEPREFIX}/lib/GNUstep/SOGo/WebServerResources ${VARBASE}/www/lib/sogo/www
Upgrade SOGo from < 1.3.5
=========================
Since version 1.3.5, SOGo requires to have a OCSSessionsFolderURL default set,
which you need to create. For example run the following command as user _sogo:
$ defaults write sogod OCSSessionsFolderURL \
postgresql://_sogo:sogo@localhost:5432/sogo/sogo_sessions_folder
Upgrade SOGo from < 1.3.12
==========================
With version 1.3.12, the database schema got some enhancements, for example
to permit syncs of cards with big photos in them.
Run one of the following scripts as the SOGo system user _sogo. Depending on
the database you use, choose the postgres or mysql variant. The scripts
will ask you for the database credentials.
# su _sogo -c "${TRUEPREFIX}/share/doc/sogo/sql-update-1.3.11_to_1.3.12-postgres.sh"
# su _sogo -c "${TRUEPREFIX}/share/doc/sogo/sql-update-1.3.11_to_1.3.12-mysql.sh"
Upgrade SOGo from < 1.3.16
==========================
New password schemes were introduced. You may want to set the
userPasswordAlgorithm default, i.e.:
# su _sogo "defaults write sogod userPasswordAlgorithm ssha"
Upgrade SOGo from < 1.3.17
==========================
With version 1.3.17, the "cycle info" field of the calendar tables
was enlarged.
Run one of the following scripts as the SOGo system user _sogo. Depending on
the database you use, choose the postgres or mysql variant. The scripts
will ask you for the database credentials.
# su _sogo "${TRUEPREFIX}/share/doc/sogo/sql-update-1.3.16_to_1.3.17-postgres.sh"
# su _sogo "${TRUEPREFIX}/share/doc/sogo/sql-update-1.3.16_to_1.3.17-mysql.sh"
Upgrade SOGo from < 2.1.1
=========================
With version 2.1.0, the WOPort default changed from listening on *:20000
to 127.0.0.1:20000. To get back the old behaviour, run the following
command:
# su _sogo "defaults write sogod WOPort *:20000"
