425 lines
17 KiB
HTML
425 lines
17 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title>Install SOGo groupware on CentOS 6 with iRedMail (MySQL backend)</title>
|
|
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
|
</head>
|
|
<body>
|
|
|
|
<div id="navigation">
|
|
<a href="https://www.iredmail.org" target="_blank">
|
|
<img alt="iRedMail web site"
|
|
src="./images/logo-iredmail.png"
|
|
style="vertical-align: middle; height: 30px;"
|
|
/>
|
|
<span>iRedMail</span>
|
|
</a>
|
|
// <a href="./index.html">Document Index</a></div><h1 id="install-sogo-groupware-on-centos-6-with-iredmail-mysql-backend">Install SOGo groupware on CentOS 6 with iRedMail (MySQL backend)</h1>
|
|
<div class="toc">
|
|
<ul>
|
|
<li><a href="#install-sogo-groupware-on-centos-6-with-iredmail-mysql-backend">Install SOGo groupware on CentOS 6 with iRedMail (MySQL backend)</a><ul>
|
|
<li><a href="#requirements">Requirements</a></li>
|
|
<li><a href="#install-sogo">Install SOGo</a></li>
|
|
<li><a href="#create-required-sql-database">Create required SQL database</a></li>
|
|
<li><a href="#configure-sogo">Configure SOGo</a></li>
|
|
<li><a href="#configure-web-server">Configure web server</a><ul>
|
|
<li><a href="#apache-web-server">Apache web server</a></li>
|
|
<li><a href="#nginx-web-server">Nginx web server</a></li>
|
|
</ul>
|
|
</li>
|
|
<li><a href="#start-sogo-and-dependent-services">Start SOGo and dependent services</a></li>
|
|
<li><a href="#add-dovecot-master-user-used-for-vacation-message-expiration">Add Dovecot Master User, used for vacation message expiration</a></li>
|
|
<li><a href="#add-required-cron-jobs">Add required cron jobs</a></li>
|
|
<li><a href="#access-sogo-from-web-browser">Access SOGo from web browser</a></li>
|
|
<li><a href="#configure-your-mail-clients-or-mobile-devices-to-use-caldavcarddav-services">Configure your mail clients or mobile devices to use CalDav/CardDAV services</a></li>
|
|
<li><a href="#references">References</a></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
<h2 id="requirements">Requirements</h2>
|
|
<ul>
|
|
<li>A working iRedMail server (MySQL backend) on CentOS 6.</li>
|
|
</ul>
|
|
<h2 id="install-sogo">Install SOGo</h2>
|
|
<ul>
|
|
<li>Make sure you have EPEL repo enabled, if not, please follow <a href="https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F">this wiki
|
|
tutorial</a>
|
|
to enable it.</li>
|
|
</ul>
|
|
<pre><code># yum repolist | grep -i 'epel'
|
|
epel Extra Packages for Enterprise Linux 6 - x86_64 11,109
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Add yum repo file <code>/etc/yum.repos.d/sogo.repo</code>:</li>
|
|
</ul>
|
|
<pre><code>[SOGo]
|
|
name=Inverse SOGo Repository
|
|
baseurl=http://packages.inverse.ca/SOGo/nightly/3/rhel/6/$basearch
|
|
enabled=1
|
|
gpgcheck=0
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Install SOGo and dependences:</li>
|
|
</ul>
|
|
<pre><code># yum install sogo sope49-gdl1-mysql sogo-activesync sogo-ealarms-notify sogo-tool
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Append an alias entry in Postfix config file <code>/etc/postfix/aliases</code>, so that
|
|
notifications of cron jobs will be sent to mail server administrator.</li>
|
|
</ul>
|
|
<pre><code># Part of file: /etc/postfix/aliases
|
|
|
|
sogo: root
|
|
</code></pre>
|
|
|
|
<p>Execute command to update alias db:</p>
|
|
<pre><code># postalias /etc/postfix/aliases
|
|
</code></pre>
|
|
|
|
<h2 id="create-required-sql-database">Create required SQL database</h2>
|
|
<p>SOGo will store some data (e.g. user preferences, sieve rules) in SQL database,
|
|
so we need to create a database for it. Please login to SQL server as <code>root</code>
|
|
user, then execute SQL commands below:</p>
|
|
<pre><code>CREATE DATABASE sogo CHARSET='UTF8';
|
|
GRANT ALL ON sogo.* TO sogo@localhost IDENTIFIED BY 'password';
|
|
|
|
GRANT SELECT ON vmail.mailbox TO sogo@localhost;
|
|
|
|
CREATE VIEW sogo.users (c_uid, c_name, c_password, c_cn, mail, domain) AS SELECT username, username, password, name, username, domain FROM vmail.mailbox WHERE enablesogo=1 AND active=1;
|
|
</code></pre>
|
|
|
|
<div class="admonition note">
|
|
<p class="admonition-title">Note</p>
|
|
<ul>
|
|
<li>SOGo will create required SQL tables automatically, we don't need to
|
|
import a SQL template file or create them manually.</li>
|
|
<li>SQL column <code>mailbox.enablesogo</code> is available since iRedMail-0.9.5, if you
|
|
don't have it, it's safe to remove this SQL condition (<code>enablesogo=1</code>).</li>
|
|
</ul>
|
|
</div>
|
|
<h2 id="configure-sogo">Configure SOGo</h2>
|
|
<p>Default SOGo config file is <code>/etc/sogo/sogo.conf</code>. We have a sample config file
|
|
for you, just replace MySQL username/password in this file, then it's done.</p>
|
|
<p>With below config file, SOGo will listen on address <code>127.0.0.1</code>, port <code>20000</code>.</p>
|
|
<div class="admonition warning">
|
|
<p class="admonition-title">Warning</p>
|
|
<p>Sample config file below may be out of date, please check the <a href="https://github.com/iredmail/iRedMail/blob/1.0/samples/sogo/sogo.conf">latest one
|
|
in iRedMail source code repository</a>.</p>
|
|
</div>
|
|
<pre><code>{
|
|
// Official SOGo documents:
|
|
// - http://www.sogo.nu/english/support/documentation.html
|
|
// - http://wiki.sogo.nu
|
|
//
|
|
// Mailing list:
|
|
// - http://www.sogo.nu/english/support/community.html
|
|
|
|
// Enable verbose logging. Reference:
|
|
// http://www.sogo.nu/nc/support/faq/article/how-to-enable-more-verbose-logging-in-sogo.html
|
|
//ImapDebugEnabled = YES;
|
|
//LDAPDebugEnabled = YES;
|
|
//MySQL4DebugEnabled = YES;
|
|
//PGDebugEnabled = YES;
|
|
|
|
// Daemon address and port
|
|
WOPort = 127.0.0.1:20000;
|
|
|
|
// PID file
|
|
//WOPidFile = /var/run/sogo/sogo.log;
|
|
|
|
// Log file
|
|
//WOLogFile = /var/log/sogo/sogo.log;
|
|
|
|
// IMAP connection pool.
|
|
// Your performance will slightly increase, as you won't open a new
|
|
// connection for every access to your IMAP server.
|
|
// But you will get a lot of simultaneous open connections to your IMAP
|
|
// server, so make sure he can handle them.
|
|
// For debugging it is reasonable to turn pooling off.
|
|
//NGImap4DisableIMAP4Pooling = NO;
|
|
|
|
SOGoProfileURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_user_profile";
|
|
OCSFolderInfoURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_folder_info";
|
|
OCSSessionsFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_sessions_folder";
|
|
OCSEMailAlarmsFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_alarms_folder";
|
|
|
|
// With 3 parameters below, SOGo requires only 9 SQL tables in total
|
|
// instead of creating 4 SQL tables for each user.
|
|
OCSCacheFolderURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_cache_folder";
|
|
OCSStoreURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_store";
|
|
OCSAclURL = "mysql://sogo:password@127.0.0.1:3306/sogo/sogo_acl";
|
|
|
|
// Default language in the web interface
|
|
SOGoLanguage = English;
|
|
|
|
// Specify which module to show after login: Calendar, Mail, Contacts.
|
|
SOGoLoginModule = Mail;
|
|
|
|
// Must login with full email address
|
|
SOGoForceExternalLoginWithEmail = YES;
|
|
|
|
// Allow user to change full name and email address.
|
|
SOGoMailCustomFromEnabled = YES;
|
|
|
|
// Enable email-based alarms on events and tasks.
|
|
SOGoEnableEMailAlarms = YES;
|
|
|
|
// IMAP server
|
|
//SOGoIMAPServer = "imaps://127.0.0.1:143/?tls=YES";
|
|
// Local connection is considered as secure by Dovecot.
|
|
SOGoIMAPServer = "imap://127.0.0.1:143/";
|
|
|
|
// SMTP server
|
|
SOGoMailingMechanism = smtp;
|
|
SOGoSMTPServer = 127.0.0.1;
|
|
//SOGoSMTPAuthenticationType = PLAIN;
|
|
|
|
// Enable managesieve service
|
|
//
|
|
// WARNING: Sieve scripts generated by SOGo is not compatible with Roundcube
|
|
// webmail, don't use sieve service in both webmails, otherwise
|
|
// it will be messy.
|
|
//
|
|
//SOGoSieveServer = sieve://127.0.0.1:4190;
|
|
//SOGoSieveScriptsEnabled = YES;
|
|
//SOGoVacationEnabled = YES;
|
|
//SOGoForwardEnabled = YES;
|
|
|
|
// Memcached
|
|
SOGoMemcachedHost = 127.0.0.1;
|
|
|
|
SOGoTimeZone = "America/New_York";
|
|
|
|
SOGoFirstDayOfWeek = 1;
|
|
|
|
SOGoRefreshViewCheck = every_5_minutes;
|
|
SOGoMailReplyPlacement = below;
|
|
|
|
SOGoAppointmentSendEMailNotifications = YES;
|
|
SOGoFoldersSendEMailNotifications = YES;
|
|
SOGoACLsSendEMailNotifications = YES;
|
|
|
|
// PostgreSQL cannot update view
|
|
SOGoPasswordChangeEnabled = YES;
|
|
|
|
// Authentication using SQL
|
|
SOGoUserSources = (
|
|
{
|
|
type = sql;
|
|
id = vmail_mailbox;
|
|
viewURL = "mysql://sogo:password@127.0.0.1:3306/sogo/users";
|
|
canAuthenticate = YES;
|
|
|
|
// Default algorithm used when changing passwords.
|
|
userPasswordAlgorithm = ssha;
|
|
prependPasswordScheme = YES;
|
|
|
|
// Use vmail.mailbox as global address book.
|
|
// WARNING: This will search all user accounts, not just accounts
|
|
// under same domain as login user.
|
|
//isAddressBook = YES;
|
|
//displayName = "Global Address Book";
|
|
}
|
|
);
|
|
}
|
|
</code></pre>
|
|
|
|
<p>Important note: sieve rules generated by SOGo is not compatible with Roundcube
|
|
webmail, so if you're running both Roundcube and SOGo, you must disable sieve
|
|
support (including forwarding and vacation support) in one of them to avoid
|
|
incompatible sieve rules. if you choose to run only SOGo, you can enable sieve
|
|
support by removing comment mark of below lines in above configuration:</p>
|
|
<pre><code> SOGoSieveServer = sieve://127.0.0.1:4190;
|
|
SOGoSieveScriptsEnabled = YES;
|
|
SOGoVacationEnabled = YES;
|
|
SOGoForwardEnabled = YES;
|
|
</code></pre>
|
|
|
|
<h2 id="configure-web-server">Configure web server</h2>
|
|
<p>To access SOGo groupware (webmail/calendar/contact), we need to configure
|
|
web server.</p>
|
|
<h3 id="apache-web-server">Apache web server</h3>
|
|
<ul>
|
|
<li>SOGo installs Apache config file <code>/etc/httpd/conf.d/SOGo.conf</code> by default,
|
|
please open it, comment out 2 <code>ProxyPass</code> directives as shown below:</li>
|
|
</ul>
|
|
<pre><code>#ProxyPass /Microsoft-Server-ActiveSync ...
|
|
#ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Add 2 <code>ProxyPass</code> directives in <code>/etc/httpd/conf.d/ssl.conf</code>, so that SOGo
|
|
is only accessible via https.</li>
|
|
</ul>
|
|
<pre><code>ProxyPass /Microsoft-Server-ActiveSync \
|
|
http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
|
|
retry=60 connectiontimeout=5 timeout=360
|
|
|
|
ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Open <code>/etc/httpd/conf.d/SOGo.conf</code> again, find 3 <code>RequestHeader</code> directives
|
|
like below:</li>
|
|
</ul>
|
|
<pre><code> RequestHeader set "x-webobjects-server-port" ...
|
|
RequestHeader set "x-webobjects-server-name" ...
|
|
RequestHeader set "x-webobjects-server-url" ...
|
|
</code></pre>
|
|
|
|
<p>Replace them by below settings:</p>
|
|
<pre><code> RequestHeader set "x-webobjects-server-port" "443"
|
|
RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e" env=HTTP_HOST
|
|
RequestHeader set "x-webobjects-server-url" "https://%{HTTP_HOST}e" env=HTTP_HOST
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Append line below in <code>/etc/httpd/conf.d/SOGo.conf</code>, no matter upper or lower
|
|
case letters of <code>SOGo</code> in the url, Apache will always to https:</li>
|
|
</ul>
|
|
<pre><code>RedirectMatch ^/[Ss][Oo][Gg][Oo](.*) /SOGo$1
|
|
</code></pre>
|
|
|
|
<ul>
|
|
<li>Restart Apache service.</li>
|
|
</ul>
|
|
<h3 id="nginx-web-server">Nginx web server</h3>
|
|
<p>If you're running Nginx web server configured by iRedMail, please open file
|
|
<code>/etc/nginx/conf.d/default.conf</code>, add some lines in <code>server {}</code> configured for
|
|
HTTPS:</p>
|
|
<pre><code>server {
|
|
listen 443;
|
|
...
|
|
|
|
#
|
|
# Add lines below for SOGo
|
|
#
|
|
location ~ ^/sogo { rewrite ^ https://$host/SOGo; }
|
|
location ~ ^/SOGO { rewrite ^ https://$host/SOGo; }
|
|
|
|
# For IOS 7
|
|
rewrite ^/.well-known/caldav /SOGo/dav permanent;
|
|
rewrite ^/.well-known/carddav /SOGo/dav permanent;
|
|
rewrite ^/principals /SOGo/dav permanent;
|
|
|
|
location ^~ /SOGo {
|
|
proxy_pass http://127.0.0.1:20000;
|
|
|
|
# forward user's IP address
|
|
#proxy_set_header X-Real-IP $remote_addr;
|
|
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
#proxy_set_header Host $host;
|
|
|
|
proxy_set_header x-webobjects-server-port 443;
|
|
proxy_set_header x-webobjects-server-name $host;
|
|
proxy_set_header x-webobjects-server-url $scheme://$host;
|
|
|
|
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
|
|
}
|
|
|
|
location ^~ /Microsoft-Server-ActiveSync {
|
|
proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
|
|
|
|
proxy_connect_timeout 360;
|
|
proxy_send_timeout 360;
|
|
proxy_read_timeout 360;
|
|
}
|
|
|
|
location ^~ /SOGo/Microsoft-Server-ActiveSync {
|
|
proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync;
|
|
|
|
proxy_connect_timeout 360;
|
|
proxy_send_timeout 360;
|
|
proxy_read_timeout 360;
|
|
}
|
|
|
|
location /SOGo.woa/WebServerResources/ {
|
|
alias /usr/lib64/GNUstep/SOGo/WebServerResources/;
|
|
}
|
|
location /SOGo/WebServerResources/ {
|
|
alias /usr/lib64/GNUstep/SOGo/WebServerResources/;
|
|
}
|
|
location ^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ {
|
|
alias /usr/lib64/GNUstep/SOGo/$1.SOGo/Resources/$2;
|
|
}
|
|
}
|
|
</code></pre>
|
|
|
|
<p><strong>Important note</strong>: You must replace path <code>/usr/lib/GNUstep/SOGo</code> with
|
|
the real directory which contains SOGo files:</p>
|
|
<ul>
|
|
<li>on i386 platform, it's <code>/usr/lib/GNUstep/SOGo</code>.</li>
|
|
<li>on x86_64, it's <code>/usr/lib64/GNUstep/SOGo</code>.</li>
|
|
</ul>
|
|
<h2 id="start-sogo-and-dependent-services">Start SOGo and dependent services</h2>
|
|
<pre><code># service httpd restart # <- restart 'nginx' service if you're running Nginx
|
|
# service memcached restart
|
|
# service sogod restart
|
|
</code></pre>
|
|
|
|
<h2 id="add-dovecot-master-user-used-for-vacation-message-expiration">Add Dovecot Master User, used for vacation message expiration</h2>
|
|
<p>SOGo need a Dovecot Master User to cleanup vacation expiration, please follow
|
|
our tutorial to add a Dovecot Master User for this purpose: <a href="./dovecot.master.user.html">Dovecot Master User</a>.</p>
|
|
<p>After added a Dovecot Master User for SOGo, we must store its username and
|
|
plain password in a separate file used by SOGo, we use <code>/etc/sogo/sieve.cred</code>
|
|
here for example.</p>
|
|
<p>Create file <code>/etc/sogo/sieve.cred</code>, write Dovecot Master User in this file in
|
|
format: <code>username:password</code>. For example:</p>
|
|
<pre><code>my_master_user@non-exist.com:my_master_password
|
|
</code></pre>
|
|
|
|
<p>Set strict file owner and permission:</p>
|
|
<pre><code># chown sogo:sogo /etc/sogo/sieve.cred
|
|
# chmod 0400 /etc/sogo/sieve.cred
|
|
</code></pre>
|
|
|
|
<h2 id="add-required-cron-jobs">Add required cron jobs</h2>
|
|
<p>Please add below cron jobs for SOGo daemon user <code>sogo</code>. You can add them with
|
|
command: <code>crontab -l -u sogo</code></p>
|
|
<pre><code># 1) SOGo email reminder, should be run every minute.
|
|
# 2) SOGo session cleanup, should be run every minute.
|
|
# Ajust the [X]Minutes parameter to suit your needs
|
|
# Example: Sessions without activity since 30 minutes will be dropped:
|
|
* * * * * /usr/sbin/sogo-ealarms-notify; /usr/sbin/sogo-tool expire-sessions 30
|
|
|
|
# 3) SOGo vacation messages expiration
|
|
# The credentials file should contain the sieve admin credentials (username:passwd)
|
|
0 0 * * * /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.cred
|
|
</code></pre>
|
|
|
|
<h2 id="access-sogo-from-web-browser">Access SOGo from web browser</h2>
|
|
<p>Open your favourite web browser, access URL: <code>https://[your_server]/SOGo</code> (the
|
|
word <code>SOGo</code> is case-sensitive), you can login with your email account credential.</p>
|
|
<h2 id="configure-your-mail-clients-or-mobile-devices-to-use-caldavcarddav-services">Configure your mail clients or mobile devices to use CalDav/CardDAV services</h2>
|
|
<p>Please check our documents <a href="./index.html#configure-mail-client-applications">here</a>
|
|
to configure your mail clients or mobile devices.</p>
|
|
<h2 id="references">References</h2>
|
|
<ul>
|
|
<li><a href="http://sogo.nu">SOGo web site</a></li>
|
|
<li>Outlook plugins:<ul>
|
|
<li>
|
|
<p><a href="https://github.com/aluxnimm/outlookcaldavsynchronizer">Outlook CalDav Synchronizer</a></p>
|
|
<blockquote>
|
|
<p>Outlook Plugin, which synchronizes events, tasks and contacts(beta) between Outlook and Google, SOGo, Horde or any other CalDAV or CardDAV server. Supported Outlook versions are 2016, 2013, 2010 and 2007.</p>
|
|
</blockquote>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul><div class="footer">
|
|
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
|
|
</div>
|
|
<!-- Global site tag (gtag.js) - Google Analytics -->
|
|
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
|
|
<script>
|
|
window.dataLayer = window.dataLayer || [];
|
|
function gtag(){dataLayer.push(arguments);}
|
|
gtag('js', new Date());
|
|
|
|
gtag('config', 'UA-3293801-21');
|
|
</script>
|
|
</body></html> |