# Install SOGo groupware on CentOS 6 with iRedMail (MySQL backend)

[TOC]

## Requirements

* A working iRedMail server (MySQL backend) on CentOS 6.

## Install SOGo

* Make sure you have EPEL repo enabled, if not, please follow [this wiki
tutorial](https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F)
to enable it.

```
# yum repolist | grep -i 'epel'
epel              Extra Packages for Enterprise Linux 6 - x86_64          11,109
```

* Add yum repo file `/etc/yum.repos.d/sogo.repo`:

```
[SOGo]
name=Inverse SOGo Repository
baseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearch
gpgcheck=0
```

* Install SOGo and dependences:

```
# yum install sogo sope49-gdl1-mysql sogo-activesync sogo-ealarms-notify sogo-tool
```

* Append an alias entry in Postfix config file `/etc/postfix/aliases`, so that
  notifications of cron jobs will be sent to mail server administrator.

```
# Part of file: /etc/postfix/aliases

sogo: root
```

Execute command to update alias db:

```
# postalias /etc/postfix/aliases
```

## Create required SQL database

SOGo will store some data (e.g. user preferences, sieve rules) in SQL database,
so we need to create a database for it.

```
$ mysql -u root -p

mysql> CREATE DATABASE sogo CHARSET='UTF8';
mysql> GRANT ALL ON sogo.* TO sogo@localhost IDENTIFIED BY 'password';

mysql> GRANT SELECT ON vmail.mailbox TO sogo@localhost;

mysql> CREATE VIEW sogo.users (c_uid, c_name, c_password, c_cn, mail, home) AS SELECT username, username, password, name, username, CONCAT(storagebasedirectory, '/', storagenode, '/', maildir) FROM vmail.mailbox WHERE active=1;
```

Note: SOGo will create required SQL tables automatically, we don't need to
create them manually.

## Configure SOGo

Default SOGo config file is `/etc/sogo/sogo.conf`. We have a sample config file
for you, just replace MySQL username/password in this file, then it's done.

With below config file, SOGo will listen on address `127.0.0.1`, port `20000`.

```
{
    // Official SOGo documents:
    //  - http://www.sogo.nu/english/support/documentation.html
    //  - http://wiki.sogo.nu
    //
    // Mailing list:
    //  - http://www.sogo.nu/english/support/community.html

    // Enable verbose logging. Reference:
    // http://www.sogo.nu/nc/support/faq/article/how-to-enable-more-verbose-logging-in-sogo.html
    //ImapDebugEnabled = YES;
    //LDAPDebugEnabled = YES;
    //MySQL4DebugEnabled = YES;
    //PGDebugEnabled = YES;

    // Daemon address and port
    WOPort = 127.0.0.1:20000;

    // PID file
    //WOPidFile = /var/log/sogo/sogo.log;

    // IMAP connection pool.
    // Your performance will slightly increase, as you won't open a new
    // connection for every access to your IMAP server.
    // But you will get a lot of simultaneous open connections to your IMAP
    // server, so make sure he can handle them.
    // For debugging it is reasonable to turn pooling off.
    //NGImap4DisableIMAP4Pooling = NO;

    SOGoProfileURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_user_profile";
    OCSFolderInfoURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_folder_info";
    OCSSessionsFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_sessions_folder";

    // Default language in the web interface
    SOGoLanguage = English;

    // Specify which module to show after login: Calendar, Mail, Contacts.
    SOGoLoginModule = Mail;

    // Must login with full email address
    SOGoForceExternalLoginWithEmail = YES;

    // Allow user to change full name and email address.
    SOGoMailCustomFromEnabled = YES;

    // Enable email-based alarms on events and tasks.
    SOGoEnableEMailAlarms = YES;
    OCSEMailAlarmsFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_alarms_folder";

    // IMAP server
    //SOGoIMAPServer = "imaps://127.0.0.1:143/?tls=YES";
    // Local connection is considered as secure by Dovecot.
    SOGoIMAPServer = "imap://127.0.0.1:143/";

    // SMTP server
    SOGoMailingMechanism = smtp;
    SOGoSMTPServer = 127.0.0.1;
    //SOGoSMTPAuthenticationType = PLAIN;

    // Enable managesieve service
    //
    // WARNING: Sieve scripts generated by SOGo is not compatible with Roundcube
    //          webmail, don't use sieve service in both webmails, otherwise
    //          it will be messy.
    //
    //SOGoSieveServer = sieve://127.0.0.1:4190;
    //SOGoSieveScriptsEnabled = YES;
    //SOGoVacationEnabled = YES;
    //SOGoForwardEnabled = YES;

    // Memcached
    SOGoMemcachedHost = 127.0.0.1;

    SOGoTimeZone = "America/New_York";

    SOGoFirstDayOfWeek = 1;

    SOGoRefreshViewCheck = every_5_minutes;
    SOGoMailReplyPlacement = below;

    SOGoAppointmentSendEMailNotifications = YES;
    SOGoFoldersSendEMailNotifications = YES;
    SOGoACLsSendEMailNotifications = YES;

    // PostgreSQL cannot update view
    SOGoPasswordChangeEnabled = YES;

    // Authentication using SQL
    SOGoUserSources = (
        {
            type = sql;
            id = vmail_mailbox;
            viewURL = "mysql://sogo:password@127.0.0.1:3306/sogo/users";
            canAuthenticate = YES;

            // Default algorithm used when changing passwords.
            userPasswordAlgorithm = ssha;
            prependPasswordScheme = YES;

            // Use vmail.mailbox as global address book.
            // WARNING: This will search all user accounts, not just accounts
            // under same domain as login user.
            //isAddressBook = YES;
            //displayName = "Global Address Book";
        }
    );
}
```

## Configure web server

To access SOGo groupware (webmail/calendar/contact), we need to configure
web server.

### Apache web server

SOGo installs config file `/etc/httpd/conf.d/SOGo.conf` by default, please
open it and find below lines:

```
#ProxyPass /Microsoft-Server-ActiveSync \
# http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
# retry=60 connectiontimeout=5 timeout=360
```

Remove `#` at the beginning to enable ActiveSync support:

```
ProxyPass /Microsoft-Server-ActiveSync \
 http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
 retry=60 connectiontimeout=5 timeout=360
```

### Nginx web server

If you're running Nginx web server configured by iRedMail, please open file
`/etc/nginx/conf.d/default.conf`, add some lines in `server {}` configured for
HTTPS:

```
server {
    listen 443;
    ...

    # Add below lines for SOGo
    # SOGo
    location ~ ^/sogo { rewrite ^ https://$host/SOGo; }
    location ~ ^/SOGO { rewrite ^ https://$host/SOGo; }

    # For IOS 7
    location = /principals/ {
        rewrite ^ https://$server_name/SOGo/dav;
        allow all;
    }

    location ^~ /SOGo {
        proxy_pass http://127.0.0.1:20000;
        #proxy_redirect http://127.0.0.1:20000/SOGo/ /SOGo;
        # forward user's IP address
        #proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_set_header Host $host;
        proxy_set_header x-webobjects-server-protocol HTTP/1.0;
        #proxy_set_header x-webobjects-remote-host 127.0.0.1;
        #proxy_set_header x-webobjects-server-name $server_name;
        #proxy_set_header x-webobjects-server-url $scheme://$host;
    }

    location ^~ /Microsoft-Server-ActiveSync {
        proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
        proxy_redirect http://127.0.0.1:20000/Microsoft-Server-ActiveSync /;
    }

    location ^~ /SOGo/Microsoft-Server-ActiveSync {
        proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
        proxy_redirect http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync /;
    }

    location /SOGo.woa/WebServerResources/ {
        alias /usr/lib64/GNUstep/SOGo/WebServerResources/;
    }
    location /SOGo/WebServerResources/ {
        alias /usr/lib64/GNUstep/SOGo/WebServerResources/;
    }
    location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ {
        alias /usr/lib64/GNUstep/SOGo/$1.SOGo/Resources/$2;
    }
}
```

__Important note__: You must replace path `/usr/lib/GNUstep/SOGo` with
the real directory which contains SOGo files:

* on i386 platform, it's `/usr/lib/GNUstep/SOGo`.
* on x86_64, it's `/usr/lib64/GNUstep/SOGo`.

## Start SOGo and dependent services

```
# service httpd restart     # <- restart 'nginx' service if you're running Nginx
# service memcached restart
# service sogod restart
```

## Add Dovecot Master User, used for vacation message expiration

## Add required cron jobs
Please add below cron jobs for SOGo daemon user `sogo`. You can add them with
command: `crontab -l -u sogo`

```
# iRedMail: SOGo email reminder, should be run every minute.
*   *   *   *   *   /usr/sbin/sogo-ealarms-notify

# iRedMail: SOGo session cleanup, should be run every minute.
# Ajust the [X]Minutes parameter to suit your needs
# Example: Sessions without activity since 30 minutes will be dropped:
*   *   *   *   *   /usr/sbin/sogo-tool expire-sessions 30

# iRedMail: SOGo vacation messages expiration
# The credentials file should contain the sieve admin credentials (username:passwd)
0   0   *   *   *   /usr/sbin/sogo-tool expire-autoreply -p /etc/sogo/sieve.cred
```

## Access SOGo from web browser

Open your favourite web browser, access URL: `https://[your_server]/SOGo` (the
word `SOGo` is case-sensitive), you can login with your email account credential.

## Configure your mail clients or mobile devices to use CalDav/CardDAV services

Please check our documents [here](./index.html#configure-mail-client-applications)
to configure your mail clients or mobile devices.

## TODO

* Add Dovecot Master User, for vacation message expiration