From 0899952fe1e227ae32a76cd7eb744fdbe6496f30 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 16:24:29 +0200 Subject: [PATCH 01/63] initial owncloud port, untested and unfinished --- conf/nginx.conf | 50 +++++++++++++++++++++++++++++++++++------------ setup/owncloud.sh | 46 +++++++++++++++++++++++++++++++++++++++++++ setup/start.sh | 2 +- 3 files changed, 85 insertions(+), 13 deletions(-) create mode 100644 setup/owncloud.sh diff --git a/conf/nginx.conf b/conf/nginx.conf index eb9a6335..df689722 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -26,27 +26,53 @@ server { root $ROOT; index index.html index.htm; - # Roundcube Webmail configuration. - rewrite ^/mail$ /mail/ redirect; - rewrite ^/mail/$ /mail/index.php; - location /mail/ { + # ownCloud configuration + # TODO: we should support owncloud to be loaded from www root, but for now we dont :-) + client_max_body_size 10G; # set max upload size + fastcgi_buffers 64 4K; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + error_page 403 /owncloud/core/templates/403.php; + error_page 404 /owncloud/core/templates/404.php; + + rewrite ^/caldav(.*)$ /owncloud/remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /owncloud/remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /owncloud/remote.php/webdav$1 redirect; + rewrite ^/owncloud$ /owncloud/ redirect; + rewrite ^/owncloud/$ /owncloud/index.php; + + location /owncloud/ { index index.php; - alias /usr/local/lib/roundcubemail/; + alias /usr/local/lib/owncloud/; } - location ~ /mail/config/.* { - # A ~-style location is needed to give this precedence over the next block. - return 403; - } - location ~ /mail/.*\.php { + + location ~ /owncloud/.*\.php { include fastcgi_params; - fastcgi_split_path_info ^/mail(/.*)()$; + fastcgi_split_path_info ^/owncloud(/.*)()$; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name; + fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$fastcgi_script_name; fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; client_max_body_size 20M; } + location ~ ^/(data|config|\.ht|db_structure\.xml|README) { + deny all; + } + + # Optional: set long EXPIRES header on static assets + location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { + expires 30d; + # Optional: Don't log access to assets + access_log off; + } + # Webfinger configuration. + # TODO: fix this for owncloud: http://doc.owncloud.org/server/5.0/admin_manual/installation/installation_others.html location = /.well-known/webfinger { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-webfinger.php; diff --git a/setup/owncloud.sh b/setup/owncloud.sh new file mode 100644 index 00000000..99a5b722 --- /dev/null +++ b/setup/owncloud.sh @@ -0,0 +1,46 @@ +# Owncloud +########################## + +# TODO: Write documentation on what we're doing here :-) + +source setup/functions.sh # load our functions +source /etc/mailinabox.conf # load global vars + +apt_install \ + dbconfig-common \ + php5-cli php5-sqlite php5-gd php5-curl php5-common php5-cgi sqlite3 php-pear php-apc curl libapr1 libtool curl libcurl4-openssl-dev php-xml-parser \ + php5 php5-dev php5-gd php5-fpm memcached php5-memcache unzip + +apt-get purge -qq -y owncloud* + +# Install ownCloud from source if it is not already present +# TODO: Check version? +if [ ! -d /usr/local/lib/owncloud ]; then + rm -f /tmp/owncloud.zip + wget -qO /tmp/owncloud.zip https://download.owncloud.org/community/owncloud-7.0.1.zip + unzip /tmp/owncloud.zip -d /usr/local/lib + rm -f /tmp/owncloud.zip +fi + +# Create a configuration file. +# TODO: + +# Set permissions +mkdir -p $STORAGE_ROOT/owncloud +chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud + +# Download and install the mail app +if [ ! -d /usr/local/lib/owncloud/apps/mail ]; then + rm -f /tmp/owncloud_mail.zip + wget -qO /tmp/owncloud_mail.zip https://github.com/owncloud/mail/archive/master.zip + unzip /tmp/owncloud_mail.zip -d /usr/local/lib/owncloud/apps + mv /usr/local/lib/owncloud/apps/mail-master /usr/local/lib/owncloud/apps/mail + rm -f /tmp/owncloud.zip +fi + +# Currently the mail app dosnt ship with the dependencies, so we need to install them +cd /usr/local/lib/owncloud/apps/mail +curl -sS https://getcomposer.org/installer | php +php composer.phar install + +# TODO: enable mail app in ownCloud config? diff --git a/setup/start.sh b/setup/start.sh index 0b06c9ea..39987401 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -273,7 +273,7 @@ EOF . setup/dkim.sh . setup/spamassassin.sh . setup/web.sh -. setup/webmail.sh +. setup/owncloud.sh . setup/zpush.sh . setup/management.sh From a801bf2a30e789db556951715b388a1b08a961f5 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 16:30:39 +0200 Subject: [PATCH 02/63] white spaces argh. --- conf/nginx.conf | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index df689722..7f19de92 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -29,21 +29,21 @@ server { # ownCloud configuration # TODO: we should support owncloud to be loaded from www root, but for now we dont :-) client_max_body_size 10G; # set max upload size - fastcgi_buffers 64 4K; + fastcgi_buffers 64 4K; - location = /robots.txt { + location = /robots.txt { allow all; - log_not_found off; - access_log off; - } + log_not_found off; + access_log off; + } - error_page 403 /owncloud/core/templates/403.php; - error_page 404 /owncloud/core/templates/404.php; + error_page 403 /owncloud/core/templates/403.php; + error_page 404 /owncloud/core/templates/404.php; - rewrite ^/caldav(.*)$ /owncloud/remote.php/caldav$1 redirect; - rewrite ^/carddav(.*)$ /owncloud/remote.php/carddav$1 redirect; - rewrite ^/webdav(.*)$ /owncloud/remote.php/webdav$1 redirect; - rewrite ^/owncloud$ /owncloud/ redirect; + rewrite ^/caldav(.*)$ /owncloud/remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /owncloud/remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /owncloud/remote.php/webdav$1 redirect; + rewrite ^/owncloud$ /owncloud/ redirect; rewrite ^/owncloud/$ /owncloud/index.php; location /owncloud/ { @@ -61,15 +61,15 @@ server { } location ~ ^/(data|config|\.ht|db_structure\.xml|README) { - deny all; - } + deny all; + } # Optional: set long EXPIRES header on static assets - location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { - expires 30d; - # Optional: Don't log access to assets - access_log off; - } + location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { + expires 30d; + # Optional: Don't log access to assets + access_log off; + } # Webfinger configuration. # TODO: fix this for owncloud: http://doc.owncloud.org/server/5.0/admin_manual/installation/installation_others.html From d324f0981ad40851f9486311a6f90beb534742cd Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 17:08:13 +0200 Subject: [PATCH 03/63] cleanup owncloud.sh --- setup/owncloud.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 99a5b722..242a4fc4 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -8,7 +8,7 @@ source /etc/mailinabox.conf # load global vars apt_install \ dbconfig-common \ - php5-cli php5-sqlite php5-gd php5-curl php5-common php5-cgi sqlite3 php-pear php-apc curl libapr1 libtool curl libcurl4-openssl-dev php-xml-parser \ + php5-cli php5-sqlite php5-gd php5-curl php-pear php-apc curl libapr1 libtool libcurl4-openssl-dev php-xml-parser \ php5 php5-dev php5-gd php5-fpm memcached php5-memcache unzip apt-get purge -qq -y owncloud* @@ -39,8 +39,7 @@ if [ ! -d /usr/local/lib/owncloud/apps/mail ]; then fi # Currently the mail app dosnt ship with the dependencies, so we need to install them -cd /usr/local/lib/owncloud/apps/mail -curl -sS https://getcomposer.org/installer | php -php composer.phar install +curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/lib/owncloud/apps/mail +php /usr/local/lib/owncloud/apps/mail/composer.phar install # TODO: enable mail app in ownCloud config? From 51bb781ffd15b8674e089c758385664e643276df Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 17:44:30 +0200 Subject: [PATCH 04/63] fix composer.phar not finding the composer.json file --- setup/owncloud.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 242a4fc4..6801681f 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -40,6 +40,6 @@ fi # Currently the mail app dosnt ship with the dependencies, so we need to install them curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/lib/owncloud/apps/mail -php /usr/local/lib/owncloud/apps/mail/composer.phar install +php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/local/lib/owncloud/apps/mail # TODO: enable mail app in ownCloud config? From bc0c0bf0fb854dff193aeb9a878dd254b4fea76d Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 17:53:01 +0200 Subject: [PATCH 05/63] owncloud config.php markup --- setup/owncloud.sh | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 6801681f..183ad2de 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -23,7 +23,37 @@ if [ ! -d /usr/local/lib/owncloud ]; then fi # Create a configuration file. -# TODO: +cat - > /usr/local/lib/owncloud/config/config.php < '$STORAGE_ROOT/owncloud', +\ array ( +\ 0 => +\ array ( +\ 'class' => 'OC_User_IMAP', +\ 'arguments' => +\ array ( +\ 0 => '{localhost:993/imap/ssl/novalidate-cert}', +\ ), +\ ), +\ ), +\); +EOF + +# Insert the following above (owncloud config generation) when we found a good solution: +# 'mail_smtpmode' => 'smtp', +# 'mail_smtpsecure' => 'ssl', +# 'mail_from_address' => '**** need to figure this one out, nornamly: @. ****', +# 'mail_domain' => '**** need to figure this one out, nornamly: . ****', +# 'mail_smtpauthtype' => 'LOGIN', +# 'mail_smtpauth' => true, +# 'mail_smtphost' => 'localhost', +# 'mail_smtpport' => '587', +# 'mail_smtpname' => '**** need to figure this one out, nornamly: @. ****', +# 'mail_smtppassword' => '**** need to figure this one out ****', # Set permissions mkdir -p $STORAGE_ROOT/owncloud From 3540a1677d2644fe76bce021510004acbd77fb0b Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 17:59:04 +0200 Subject: [PATCH 06/63] install php5-imap, restart php service --- setup/owncloud.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 183ad2de..4f4192d0 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -8,7 +8,7 @@ source /etc/mailinabox.conf # load global vars apt_install \ dbconfig-common \ - php5-cli php5-sqlite php5-gd php5-curl php-pear php-apc curl libapr1 libtool libcurl4-openssl-dev php-xml-parser \ + php5-cli php5-sqlite php5-gd php5-imap php5-curl php-pear php-apc curl libapr1 libtool libcurl4-openssl-dev php-xml-parser \ php5 php5-dev php5-gd php5-fpm memcached php5-memcache unzip apt-get purge -qq -y owncloud* @@ -73,3 +73,6 @@ curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/lib php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/local/lib/owncloud/apps/mail # TODO: enable mail app in ownCloud config? + +php5enmod imap +restart_service php-fastcgi \ No newline at end of file From 20b494c3ac90123d30fb7f929fd4dcdd924e936b Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 18:46:39 +0200 Subject: [PATCH 07/63] attempting to fix broken static files etc --- conf/nginx.conf | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 7f19de92..8cfc8831 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -51,13 +51,16 @@ server { alias /usr/local/lib/owncloud/; } - location ~ /owncloud/.*\.php { + location ~ ^/owncloud/(.+?\.php)/? { + fastcgi_split_path_info ^/owncloud/(.+?\.php)(/?.*)$; + set $path_info $fastcgi_path_info; +# try_files $fastcgi_script_name = 404; include fastcgi_params; - fastcgi_split_path_info ^/owncloud(/.*)()$; - fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + fastcgi_param HTTPS on; + fastcgi_param SCRIPT_NAME /owncloud/$fastcgi_script_name; fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; - client_max_body_size 20M; } location ~ ^/(data|config|\.ht|db_structure\.xml|README) { From d53cb88a923ac181b4246c75b166fb3cac1fcf10 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 19:08:02 +0200 Subject: [PATCH 08/63] update z-push with carddav and caldav support --- conf/zpush_backend_combined.php | 103 ++++++++++++++++++++++++++++++++ setup/zpush.sh | 34 ++++++++--- 2 files changed, 128 insertions(+), 9 deletions(-) create mode 100644 conf/zpush_backend_combined.php diff --git a/conf/zpush_backend_combined.php b/conf/zpush_backend_combined.php new file mode 100644 index 00000000..47550c31 --- /dev/null +++ b/conf/zpush_backend_combined.php @@ -0,0 +1,103 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +class BackendCombinedConfig { + + // ************************* + // BackendCombined settings + // ************************* + /** + * Returns the configuration of the combined backend + * + * @access public + * @return array + * + */ + public static function GetBackendCombinedConfig() { + //use a function for it because php does not allow + //assigning variables to the class members (expecting T_STRING) + return array( + //the order in which the backends are loaded. + //login only succeeds if all backend return true on login + //sending mail: the mail is sent with first backend that is able to send the mail + 'backends' => array( + 'i' => array( + 'name' => 'BackendIMAP', + ), + 'c' => array( + 'name' => 'BackendCalDAV', + ), + 'd' => array( + 'name' => 'BackendCardDAV', + ), + ), + 'delimiter' => '/', + //force one type of folder to one backend + //it must match one of the above defined backends + 'folderbackend' => array( + SYNC_FOLDER_TYPE_INBOX => 'i', + SYNC_FOLDER_TYPE_DRAFTS => 'i', + SYNC_FOLDER_TYPE_WASTEBASKET => 'i', + SYNC_FOLDER_TYPE_SENTMAIL => 'i', + SYNC_FOLDER_TYPE_OUTBOX => 'i', + SYNC_FOLDER_TYPE_TASK => 'c', + SYNC_FOLDER_TYPE_APPOINTMENT => 'c', + SYNC_FOLDER_TYPE_CONTACT => 'd', + SYNC_FOLDER_TYPE_NOTE => 'c', + SYNC_FOLDER_TYPE_JOURNAL => 'c', + SYNC_FOLDER_TYPE_OTHER => 'i', + SYNC_FOLDER_TYPE_USER_MAIL => 'i', + SYNC_FOLDER_TYPE_USER_APPOINTMENT => 'c', + SYNC_FOLDER_TYPE_USER_CONTACT => 'd', + SYNC_FOLDER_TYPE_USER_TASK => 'c', + SYNC_FOLDER_TYPE_USER_JOURNAL => 'c', + SYNC_FOLDER_TYPE_USER_NOTE => 'c', + SYNC_FOLDER_TYPE_UNKNOWN => 'i', + ), + //creating a new folder in the root folder should create a folder in one backend + 'rootcreatefolderbackend' => 'i', + ); + } +} +?> \ No newline at end of file diff --git a/setup/zpush.sh b/setup/zpush.sh index 32135495..23dd578e 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -19,25 +19,41 @@ apt_install \ php5enmod imap # Copy Z-Push into place. - if [ ! -d /usr/local/lib/z-push ]; then - ZPUSH=z-push-2.1.3-1892 - wget -qO /tmp/zpush.tgz http://download.z-push.org/final/2.1/$ZPUSH.tar.gz - tar -C /tmp -zxf /tmp/zpush.tgz - mv /tmp/$ZPUSH /usr/local/lib/z-push + rm -f /tmp/zpush.zip + wget -qO /tmp/zpush.zip https://github.com/fmbiete/Z-Push-contrib/archive/master.zip + unzip /tmp/zpush.zip -d /usr/local/lib/ + mv /usr/local/lib/Z-Push-contrib-master /usr/local/lib/z-push ln -s /usr/local/lib/z-push/z-push-admin.php /usr/sbin/z-push-admin ln -s /usr/local/lib/z-push/z-push-top.php /usr/sbin/z-push-top - rm /tmp/zpush.tgz; + rm /tmp/zpush.zip; fi -# Configure. Tell is to connect to email via IMAP using SSL. Since we connect on +# Configure default config +# TODO: Add timezone etc? +sed -i "s/define('BACKEND_PROVIDER', .*/define('BACKEND_PROVIDER', 'BackendCombined');/" /usr/local/lib/z-push/config.php + +# Configure BACKEND +rm -f /usr/local/lib/z-push/backend/combined/config.php +cp conf/zpush_backend_combined.php /usr/local/lib/z-push/backend/combined/config.php + +# Configure IMAP. Tell is to connect to email via IMAP using SSL. Since we connect on # localhost, the certificate won't match (it may be self-signed and invalid anyway) # so don't check the cert. -sed -i "s/define('BACKEND_PROVIDER', .*/define('BACKEND_PROVIDER', 'BackendIMAP');/" /usr/local/lib/z-push/config.php -#sed -i "s/define('IMAP_SERVER', .*/define('IMAP_SERVER', '$PRIMARY_HOSTNAME');/" /usr/local/lib/z-push/backend/imap/config.php +sed -i "s/define('IMAP_SERVER', .*/define('IMAP_SERVER', 'localhost');/" /usr/local/lib/z-push/backend/imap/config.php sed -i "s/define('IMAP_PORT', .*/define('IMAP_PORT', 993);/" /usr/local/lib/z-push/backend/imap/config.php sed -i "s/define('IMAP_OPTIONS', .*/define('IMAP_OPTIONS', '\/ssl\/norsh\/novalidate-cert');/" /usr/local/lib/z-push/backend/imap/config.php +# Configure CardDav +sed -i "s/define('CARDDAV_PROTOCOL', .*/define('CARDDAV_PROTOCOL', 'https');/" /usr/local/lib/z-push/backend/carddav/config.php +sed -i "s/define('CARDDAV_SERVER', .*/define('CARDDAV_SERVER', 'localhost');/" /usr/local/lib/z-push/backend/carddav/config.php +sed -i "s/define('CARDDAV_PORT', .*/define('CARDDAV_PORT', '443');/" /usr/local/lib/z-push/backend/carddav/config.php +sed -i "s/define('CARDDAV_PATH', .*/define('CARDDAV_PATH', '/remote.php/carddav/addressbooks/%u/');/" /usr/local/lib/z-push/backend/carddav/config.php + +# Configure CalDav +sed -i "s/define('CALDAV_SERVER', .*/define('CALDAV_SERVER', 'https://localhost');/" /usr/local/lib/z-push/backend/caldav/config.php +sed -i "s/define('CALDAV_PORT', .*/define('CALDAV_PORT', '443');/" /usr/local/lib/z-push/backend/caldav/config.php +sed -i "s/define('CALDAV_PATH', .*/define('CALDAV_PATH', '/remote.php/caldav/calendars/%u/');/" /usr/local/lib/z-push/backend/caldav/config.php # Some directories it will use. From cc8e1fa7b76bcc807c5bf9659f00d733b075bb84 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 19:09:42 +0200 Subject: [PATCH 09/63] set working dir for composer --- setup/owncloud.sh | 2 +- setup/webmail.sh | 103 ---------------------------------------------- 2 files changed, 1 insertion(+), 104 deletions(-) delete mode 100755 setup/webmail.sh diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 4f4192d0..76395d7e 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -43,7 +43,7 @@ cat - > /usr/local/lib/owncloud/config/config.php < 'smtp', # 'mail_smtpsecure' => 'ssl', # 'mail_from_address' => '**** need to figure this one out, nornamly: @. ****', diff --git a/setup/webmail.sh b/setup/webmail.sh deleted file mode 100755 index 93e79889..00000000 --- a/setup/webmail.sh +++ /dev/null @@ -1,103 +0,0 @@ -# Webmail: Using roundcube -########################## - -source setup/functions.sh # load our functions -source /etc/mailinabox.conf # load global vars - -# Ubuntu's roundcube-core has dependencies on Apache & MySQL, which we don't want, so we can't -# install roundcube directly via apt-get install. -# -# Additionally, the Roundcube shipped with Ubuntu is consistently out of date. -# -# And it's packaged incorrectly --- it seems to be missing a directory of files. -# -# So we'll use apt-get to manually install the dependencies of roundcube that we know we need, -# and then we'll manually install roundcube from source. - -# These dependencies are from 'apt-cache showpkg roundcube-core'. -apt_install \ - dbconfig-common \ - php5 php5-sqlite php5-mcrypt php5-intl php5-json php5-common php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg php5-gd php5-pspell \ - tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 - -# We used to install Roundcube from Ubuntu, without triggering the dependencies -# on Apache and MySQL, by downloading the debs and installing them manually. -# Now that we're beyond that, get rid of those debs before installing from source. -apt-get purge -qq -y roundcube* - -# Install Roundcube from source if it is not already present. -# TODO: Check version? -if [ ! -d /usr/local/lib/roundcubemail ]; then - rm -f /tmp/roundcube.tgz - wget -qO /tmp/roundcube.tgz http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/1.0.1/roundcubemail-1.0.1.tar.gz - tar -C /usr/local/lib -zxf /tmp/roundcube.tgz - mv /usr/local/lib/roundcubemail-1.0.1/ /usr/local/lib/roundcubemail - rm -f /tmp/roundcube.tgz -fi - -# Generate a safe 24-character secret key of safe characters. -SECRET_KEY=$(dd if=/dev/random bs=20 count=1 2>/dev/null | base64 | fold -w 24 | head -n 1) - -# Create a configuration file. -# -# For security, temp and log files are not stored in the default locations -# which are inside the roundcube sources directory. We put them instead -# in normal places. -cat - > /usr/local/lib/roundcubemail/config/config.inc.php < -EOF - -# Create writable directories. -mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube -chown -R www-data.www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube - -# Password changing plugin settings -# The config comes empty by default, so we need the settings -# we're not planning to change in config.inc.dist... -cp /usr/local/lib/roundcubemail/plugins/password/config.inc.php.dist \ - /usr/local/lib/roundcubemail/plugins/password/config.inc.php - -tools/editconf.py /usr/local/lib/roundcubemail/plugins/password/config.inc.php \ - "\$config['password_minimum_length']=6;" \ - "\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \ - "\$config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \ - "\$config['password_dovecotpw']='/usr/bin/doveadm pw';" \ - "\$config['password_dovecotpw_method']='SHA512-CRYPT';" \ - "\$config['password_dovecotpw_with_method']=true;" - -# so PHP can use doveadm, for the password changing plugin -usermod -a -G dovecot www-data - -# set permissions so that PHP can use users.sqlite -# could use dovecot instead of www-data, but not sure it matters -chown root.www-data $STORAGE_ROOT/mail -chmod 775 $STORAGE_ROOT/mail -chown root.www-data $STORAGE_ROOT/mail/users.sqlite -chmod 664 $STORAGE_ROOT/mail/users.sqlite - -# Enable PHP modules. -php5enmod mcrypt -restart_service php-fastcgi \ No newline at end of file From 1621a2940f99a8a6812245fbd30b65f64f6aa5db Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 19:31:05 +0200 Subject: [PATCH 10/63] use sub dir --- setup/zpush.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/zpush.sh b/setup/zpush.sh index 23dd578e..0393ac39 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -48,12 +48,12 @@ sed -i "s/define('IMAP_OPTIONS', .*/define('IMAP_OPTIONS', '\/ssl\/norsh\/novali sed -i "s/define('CARDDAV_PROTOCOL', .*/define('CARDDAV_PROTOCOL', 'https');/" /usr/local/lib/z-push/backend/carddav/config.php sed -i "s/define('CARDDAV_SERVER', .*/define('CARDDAV_SERVER', 'localhost');/" /usr/local/lib/z-push/backend/carddav/config.php sed -i "s/define('CARDDAV_PORT', .*/define('CARDDAV_PORT', '443');/" /usr/local/lib/z-push/backend/carddav/config.php -sed -i "s/define('CARDDAV_PATH', .*/define('CARDDAV_PATH', '/remote.php/carddav/addressbooks/%u/');/" /usr/local/lib/z-push/backend/carddav/config.php +sed -i "s/define('CARDDAV_PATH', .*/define('CARDDAV_PATH', '/owncloud/remote.php/carddav/addressbooks/%u/');/" /usr/local/lib/z-push/backend/carddav/config.php # Configure CalDav sed -i "s/define('CALDAV_SERVER', .*/define('CALDAV_SERVER', 'https://localhost');/" /usr/local/lib/z-push/backend/caldav/config.php sed -i "s/define('CALDAV_PORT', .*/define('CALDAV_PORT', '443');/" /usr/local/lib/z-push/backend/caldav/config.php -sed -i "s/define('CALDAV_PATH', .*/define('CALDAV_PATH', '/remote.php/caldav/calendars/%u/');/" /usr/local/lib/z-push/backend/caldav/config.php +sed -i "s/define('CALDAV_PATH', .*/define('CALDAV_PATH', '/owncloud/remote.php/caldav/calendars/%u/');/" /usr/local/lib/z-push/backend/caldav/config.php # Some directories it will use. From a80c076d8f515fd32eb31a797eb7c9558d48574b Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 19:42:52 +0200 Subject: [PATCH 11/63] safe apphroach, sid dosnt like special characters like % --- conf/zpush/backend_caldav.php | 66 ++++++++ conf/zpush/backend_carddav.php | 108 +++++++++++++ .../backend_combined.php} | 0 conf/zpush/backend_imap.php | 145 ++++++++++++++++++ setup/zpush.sh | 22 +-- 5 files changed, 327 insertions(+), 14 deletions(-) create mode 100644 conf/zpush/backend_caldav.php create mode 100644 conf/zpush/backend_carddav.php rename conf/{zpush_backend_combined.php => zpush/backend_combined.php} (100%) create mode 100644 conf/zpush/backend_imap.php diff --git a/conf/zpush/backend_caldav.php b/conf/zpush/backend_caldav.php new file mode 100644 index 00000000..4170fed4 --- /dev/null +++ b/conf/zpush/backend_caldav.php @@ -0,0 +1,66 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +// ************************ +// BackendCalDAV settings +// ************************ + +// Server address +define('CALDAV_SERVER', 'https://localhost'); + +// Port +define('CALDAV_PORT', '443'); + +// Path +define('CALDAV_PATH', '/remote.php/caldav/calendars/%u/'); + +// Personal CalDAV folder (calendar folder/principal) +define('CALDAV_PERSONAL', ''); + +// If the CalDAV server supports the sync-collection operation +// DAViCal and SOGo support it +// Setting this to false will work with most servers, but it will be slower +define('CALDAV_SUPPORTS_SYNC', false); + + +?> \ No newline at end of file diff --git a/conf/zpush/backend_carddav.php b/conf/zpush/backend_carddav.php new file mode 100644 index 00000000..0e91f2a6 --- /dev/null +++ b/conf/zpush/backend_carddav.php @@ -0,0 +1,108 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +// ************************ +// BackendCardDAV settings +// ************************ + +// Server protocol: http or https +define('CARDDAV_PROTOCOL', 'https'); + +// Server name +define('CARDDAV_SERVER', 'localhost'); + +// Server port +define('CARDDAV_PORT', '443'); + +// Server path to the addressbook, or the principal with the addressbooks +// If your user has more than 1 addressbook point it to the principal. +// Example: user test@domain.com will have 2 addressbooks +// http://localhost/caldav.php/test@domain.com/addresses/personal +// http://localhost/caldav.php/test@domain.com/addresses/work +// You set the CARDDAV_PATH to '/caldav.php/%u/addresses/' and personal and work will be autodiscovered +// %u: replaced with the username +// %d: replaced with the domain +// Add the trailing / +define('CARDDAV_PATH', '/remote.php/carddav/addressbooks/%u/'); + + +// Server path to the default addressbook +// Mobile device will create new contacts here. It must be under CARDDAV_PATH +// %u: replaced with the username +// %d: replaced with the domain +// Add the trailing / +define('CARDDAV_DEFAULT_PATH', '/remote.php/carddav/addressbooks/%u/contacts/'); + +// Server path to the GAL addressbook. This addressbook is readonly and searchable by the user, but it will NOT be synced. +// If you don't want GAL, comment it +// %u: replaced with the username +// %d: replaced with the domain +// Add the trailing / +define('CARDDAV_GAL_PATH', '/caldav.php/%d/GAL/'); + +// Minimal length for the search pattern to do the real search. +define('CARDDAV_GAL_MIN_LENGTH', 5); + +// Addressbook display name, the name showed in the mobile device +// %u: replaced with the username +// %d: replaced with the domain +define('CARDDAV_CONTACTS_FOLDER_NAME', '%u Addressbook'); + + +// If the CardDAV server supports the sync-collection operation +// DAViCal supports it, but SabreDav, Owncloud, SOGo don't +// Setting this to false will work with most servers, but it will be slower: 1 petition for the href of vcards, and 1 petition for each vcard +define('CARDDAV_SUPPORTS_SYNC', false); + + +// If the CardDAV server supports the FN attribute for searches +// DAViCal supports it, but SabreDav, Owncloud and SOGo don't +// Setting this to true will search by FN. If false will search by sn, givenName and email +// It's safe to leave it as false +define('CARDDAV_SUPPORTS_FN_SEARCH', false); + + +// If your carddav server needs to use file extension to recover a vcard. +// Davical needs it +// SOGo official demo online needs it, but some SOGo installation don't need it, so test it +define('CARDDAV_URL_VCARD_EXTENSION', '.vcf'); \ No newline at end of file diff --git a/conf/zpush_backend_combined.php b/conf/zpush/backend_combined.php similarity index 100% rename from conf/zpush_backend_combined.php rename to conf/zpush/backend_combined.php diff --git a/conf/zpush/backend_imap.php b/conf/zpush/backend_imap.php new file mode 100644 index 00000000..3d5743b6 --- /dev/null +++ b/conf/zpush/backend_imap.php @@ -0,0 +1,145 @@ +. +* +* Consult LICENSE file for details +************************************************/ + +// ************************ +// BackendIMAP settings +// ************************ + +// Defines the server to which we want to connect +define('IMAP_SERVER', 'localhost'); + +// connecting to default port (143) +define('IMAP_PORT', 993); + +// best cross-platform compatibility (see http://php.net/imap_open for options) +define('IMAP_OPTIONS', '/ssl/norsh/novalidate-cert'); + +// overwrite the "from" header with some value +// options: +// '' - do nothing, use the From header +// 'username' - the username will be set (usefull if your login is equal to your emailaddress) +// 'domain' - the value of the "domain" field is used +// 'sql' - the username will be the result of a sql query. REMEMBER TO INSTALL PHP-PDO AND PHP-DATABASE +// 'ldap' - the username will be the result of a ldap query. REMEMBER TO INSTALL PHP-LDAP!! +// '@mydomain.com' - the username is used and the given string will be appended +define('IMAP_DEFAULTFROM', ''); + +// DSN: formatted PDO connection string +// mysql:host=xxx;port=xxx;dbname=xxx +// USER: username to DB +// PASSWORD: password to DB +// OPTIONS: array with options needed +// QUERY: query to execute +// FIELDS: columns in the query +// FROM: string that will be the from, replacing the column names with the values +define('IMAP_FROM_SQL_DSN', ''); +define('IMAP_FROM_SQL_USER', ''); +define('IMAP_FROM_SQL_PASSWORD', ''); +define('IMAP_FROM_SQL_OPTIONS', serialize(array(PDO::ATTR_PERSISTENT => true))); +define('IMAP_FROM_SQL_QUERY', "select first_name, last_name, mail_address from users where mail_address = '#username@#domain'"); +define('IMAP_FROM_SQL_FIELDS', serialize(array('first_name', 'last_name', 'mail_address'))); +define('IMAP_FROM_SQL_FROM', '#first_name #last_name <#mail_address>'); + +// SERVER: ldap server +// SERVER_PORT: ldap port +// USER: dn to use for connecting +// PASSWORD: password +// QUERY: query to execute +// FIELDS: columns in the query +// FROM: string that will be the from, replacing the field names with the values +define('IMAP_FROM_LDAP_SERVER', 'localhost'); +define('IMAP_FROM_LDAP_SERVER_PORT', '389'); +define('IMAP_FROM_LDAP_USER', 'cn=zpush,ou=servers,dc=zpush,dc=org'); +define('IMAP_FROM_LDAP_PASSWORD', 'password'); +define('IMAP_FROM_LDAP_BASE', 'dc=zpush,dc=org'); +define('IMAP_FROM_LDAP_QUERY', '(mail=#username@#domain)'); +define('IMAP_FROM_LDAP_FIELDS', serialize(array('givenname', 'sn', 'mail'))); +define('IMAP_FROM_LDAP_FROM', '#givenname #sn <#mail>'); + + +// copy outgoing mail to this folder. If not set z-push will try the default folders +define('IMAP_SENTFOLDER', ''); + +// forward messages inline (default true - inlined) +define('IMAP_INLINE_FORWARD', true); + +// list of folders we want to exclude from sync. Names, or part of it, separated by | +// example: dovecot.sieve|archive|spam +define('IMAP_EXCLUDED_FOLDERS', ''); + + +// Method used for sending mail +// mail => mail() php function +// sendmail => sendmail executable +// smtp => direct connection against SMTP +define('IMAP_SMTP_METHOD', 'mail'); + +global $imap_smtp_params; +// SMTP Parameters +// mail : no params +$imap_smtp_params = array(); +// sendmail +//$imap_smtp_params = array('sendmail_path' => '/usr/bin/sendmail', 'sendmail_args' => '-i'); +// smtp +// "host" - The server to connect. Default is localhost. +// "port" - The port to connect. Default is 25. +// "auth" - Whether or not to use SMTP authentication. Default is FALSE. +// "username" - The username to use for SMTP authentication. "imap_username" for using the same username as the imap server +// "password" - The password to use for SMTP authentication. "imap_password" for using the same password as the imap server +// "localhost" - The value to give when sending EHLO or HELO. Default is localhost +// "timeout" - The SMTP connection timeout. Default is NULL (no timeout). +// "verp" - Whether to use VERP or not. Default is FALSE. +// "debug" - Whether to enable SMTP debug mode or not. Default is FALSE. +// "persist" - Indicates whether or not the SMTP connection should persist over multiple calls to the send() method. +// "pipelining" - Indicates whether or not the SMTP commands pipelining should be used. +//$imap_smtp_params = array('host' => 'localhost', 'port' => 25, 'auth' => false); +// If you want to use SSL with port 25 or port 465 you must preppend "ssl://" before the hostname or IP of your SMTP server +// IMPORTANT: To use SSL you must use PHP 5.1 or later, install openssl libs and use ssl:// within the host variable +//$imap_smtp_params = array('host' => 'ssl://localhost', 'port' => 465, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password'); + + +// If you are using IMAP_SMTP_METHOD = mail or sendmail and your sent messages are not correctly displayed you can change this to "\n". +// BUT, it doesn't with RFC 2822 and will break if using smp method +define('MAIL_MIMEPART_CRLF', "\r\n"); + +?> \ No newline at end of file diff --git a/setup/zpush.sh b/setup/zpush.sh index 0393ac39..3ec36b15 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -35,25 +35,19 @@ sed -i "s/define('BACKEND_PROVIDER', .*/define('BACKEND_PROVIDER', 'BackendCombi # Configure BACKEND rm -f /usr/local/lib/z-push/backend/combined/config.php -cp conf/zpush_backend_combined.php /usr/local/lib/z-push/backend/combined/config.php +cp conf/zpush/backend_combined.php /usr/local/lib/z-push/backend/combined/config.php -# Configure IMAP. Tell is to connect to email via IMAP using SSL. Since we connect on -# localhost, the certificate won't match (it may be self-signed and invalid anyway) -# so don't check the cert. -sed -i "s/define('IMAP_SERVER', .*/define('IMAP_SERVER', 'localhost');/" /usr/local/lib/z-push/backend/imap/config.php -sed -i "s/define('IMAP_PORT', .*/define('IMAP_PORT', 993);/" /usr/local/lib/z-push/backend/imap/config.php -sed -i "s/define('IMAP_OPTIONS', .*/define('IMAP_OPTIONS', '\/ssl\/norsh\/novalidate-cert');/" /usr/local/lib/z-push/backend/imap/config.php +# Configure IMAP +rm -f /usr/local/lib/z-push/backend/imap/config.php +cp conf/zpush/backend_imap.php /usr/local/lib/z-push/backend/imap/config.php # Configure CardDav -sed -i "s/define('CARDDAV_PROTOCOL', .*/define('CARDDAV_PROTOCOL', 'https');/" /usr/local/lib/z-push/backend/carddav/config.php -sed -i "s/define('CARDDAV_SERVER', .*/define('CARDDAV_SERVER', 'localhost');/" /usr/local/lib/z-push/backend/carddav/config.php -sed -i "s/define('CARDDAV_PORT', .*/define('CARDDAV_PORT', '443');/" /usr/local/lib/z-push/backend/carddav/config.php -sed -i "s/define('CARDDAV_PATH', .*/define('CARDDAV_PATH', '/owncloud/remote.php/carddav/addressbooks/%u/');/" /usr/local/lib/z-push/backend/carddav/config.php +rm -f /usr/local/lib/z-push/backend/carddav/config.php +cp conf/zpush/backend_carddav.php /usr/local/lib/z-push/backend/carddav/config.php # Configure CalDav -sed -i "s/define('CALDAV_SERVER', .*/define('CALDAV_SERVER', 'https://localhost');/" /usr/local/lib/z-push/backend/caldav/config.php -sed -i "s/define('CALDAV_PORT', .*/define('CALDAV_PORT', '443');/" /usr/local/lib/z-push/backend/caldav/config.php -sed -i "s/define('CALDAV_PATH', .*/define('CALDAV_PATH', '/owncloud/remote.php/caldav/calendars/%u/');/" /usr/local/lib/z-push/backend/caldav/config.php +rm -f /usr/local/lib/z-push/backend/caldav/config.php +cp conf/zpush/backend_caldav.php /usr/local/lib/z-push/backend/caldav/config.php # Some directories it will use. From b5928de7402f21da8c58018e0442e5aefddcdbc6 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 19:43:27 +0200 Subject: [PATCH 12/63] use subdir --- conf/zpush/backend_caldav.php | 2 +- conf/zpush/backend_carddav.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/zpush/backend_caldav.php b/conf/zpush/backend_caldav.php index 4170fed4..45fb03fa 100644 --- a/conf/zpush/backend_caldav.php +++ b/conf/zpush/backend_caldav.php @@ -52,7 +52,7 @@ define('CALDAV_SERVER', 'https://localhost'); define('CALDAV_PORT', '443'); // Path -define('CALDAV_PATH', '/remote.php/caldav/calendars/%u/'); +define('CALDAV_PATH', '/owncloud/remote.php/caldav/calendars/%u/'); // Personal CalDAV folder (calendar folder/principal) define('CALDAV_PERSONAL', ''); diff --git a/conf/zpush/backend_carddav.php b/conf/zpush/backend_carddav.php index 0e91f2a6..206fcc5d 100644 --- a/conf/zpush/backend_carddav.php +++ b/conf/zpush/backend_carddav.php @@ -71,7 +71,7 @@ define('CARDDAV_PATH', '/remote.php/carddav/addressbooks/%u/'); // %u: replaced with the username // %d: replaced with the domain // Add the trailing / -define('CARDDAV_DEFAULT_PATH', '/remote.php/carddav/addressbooks/%u/contacts/'); +define('CARDDAV_DEFAULT_PATH', '/owncloud/remote.php/carddav/addressbooks/%u/contacts/'); // Server path to the GAL addressbook. This addressbook is readonly and searchable by the user, but it will NOT be synced. // If you don't want GAL, comment it From 44fcdc20669875231e849bfceb04d517df5157e5 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 20:17:38 +0200 Subject: [PATCH 13/63] owncloud properly working, but not in sub dir anymore --- conf/nginx.conf | 65 ++++++++++++++++++---------------- conf/zpush/backend_caldav.php | 2 +- conf/zpush/backend_carddav.php | 2 +- 3 files changed, 37 insertions(+), 32 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 8cfc8831..f7ddb6df 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -23,59 +23,64 @@ server { include /etc/nginx/nginx-ssl.conf; # Expose this directory as static files. - root $ROOT; + # TODO: This is bad, we shouldnt hack it like this. + root /usr/local/lib/owncloud;; index index.html index.htm; # ownCloud configuration - # TODO: we should support owncloud to be loaded from www root, but for now we dont :-) client_max_body_size 10G; # set max upload size fastcgi_buffers 64 4K; + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + index index.php; + error_page 403 /core/templates/403.php; + error_page 404 /core/templates/404.php; + location = /robots.txt { allow all; log_not_found off; access_log off; } - error_page 403 /owncloud/core/templates/403.php; - error_page 404 /owncloud/core/templates/404.php; - - rewrite ^/caldav(.*)$ /owncloud/remote.php/caldav$1 redirect; - rewrite ^/carddav(.*)$ /owncloud/remote.php/carddav$1 redirect; - rewrite ^/webdav(.*)$ /owncloud/remote.php/webdav$1 redirect; - rewrite ^/owncloud$ /owncloud/ redirect; - rewrite ^/owncloud/$ /owncloud/index.php; - - location /owncloud/ { - index index.php; - alias /usr/local/lib/owncloud/; - } - - location ~ ^/owncloud/(.+?\.php)/? { - fastcgi_split_path_info ^/owncloud/(.+?\.php)(/?.*)$; - set $path_info $fastcgi_path_info; -# try_files $fastcgi_script_name = 404; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - fastcgi_param HTTPS on; - fastcgi_param SCRIPT_NAME /owncloud/$fastcgi_script_name; - fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; - } - location ~ ^/(data|config|\.ht|db_structure\.xml|README) { deny all; } + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + + try_files $uri $uri/ index.php; + } + + location ~ ^(.+?\.php)(/.*)?$ { + try_files $1 = 404; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$1; + fastcgi_param PATH_INFO $2; + fastcgi_param HTTPS on; + fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; + } + # Optional: set long EXPIRES header on static assets - location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { + location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { expires 30d; # Optional: Don't log access to assets access_log off; } # Webfinger configuration. - # TODO: fix this for owncloud: http://doc.owncloud.org/server/5.0/admin_manual/installation/installation_others.html + # TODO: fix this for owncloud location = /.well-known/webfinger { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-webfinger.php; diff --git a/conf/zpush/backend_caldav.php b/conf/zpush/backend_caldav.php index 45fb03fa..4170fed4 100644 --- a/conf/zpush/backend_caldav.php +++ b/conf/zpush/backend_caldav.php @@ -52,7 +52,7 @@ define('CALDAV_SERVER', 'https://localhost'); define('CALDAV_PORT', '443'); // Path -define('CALDAV_PATH', '/owncloud/remote.php/caldav/calendars/%u/'); +define('CALDAV_PATH', '/remote.php/caldav/calendars/%u/'); // Personal CalDAV folder (calendar folder/principal) define('CALDAV_PERSONAL', ''); diff --git a/conf/zpush/backend_carddav.php b/conf/zpush/backend_carddav.php index 206fcc5d..0e91f2a6 100644 --- a/conf/zpush/backend_carddav.php +++ b/conf/zpush/backend_carddav.php @@ -71,7 +71,7 @@ define('CARDDAV_PATH', '/remote.php/carddav/addressbooks/%u/'); // %u: replaced with the username // %d: replaced with the domain // Add the trailing / -define('CARDDAV_DEFAULT_PATH', '/owncloud/remote.php/carddav/addressbooks/%u/contacts/'); +define('CARDDAV_DEFAULT_PATH', '/remote.php/carddav/addressbooks/%u/contacts/'); // Server path to the GAL addressbook. This addressbook is readonly and searchable by the user, but it will NOT be synced. // If you don't want GAL, comment it From f287ca3b6cf42fb727cc33a330b1522361fd41a4 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 23:01:18 +0200 Subject: [PATCH 14/63] dont replace owncloud config if it exists (we dont want this as it will contain vital data) --- setup/owncloud.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 76395d7e..ecc74bba 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -23,11 +23,10 @@ if [ ! -d /usr/local/lib/owncloud ]; then fi # Create a configuration file. -cat - > /usr/local/lib/owncloud/config/config.php < /usr/local/lib/owncloud/config/config.php < '$STORAGE_ROOT/owncloud', \ array ( @@ -41,7 +40,9 @@ cat - > /usr/local/lib/owncloud/config/config.php < EOF +fi # TODO: Insert the following above (owncloud config generation) when we found a good solution: # 'mail_smtpmode' => 'smtp', From 64b1db4c30c0eb8213352bc2a9da49888a36774d Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 23:41:38 +0200 Subject: [PATCH 15/63] include_path to include php-libawl and use php-fpm instead of cgi --- conf/nginx.conf | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index f7ddb6df..041e7514 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -2,6 +2,10 @@ ## Do not edit this file. It will be replaced each time ## Mail-in-a-Box needs up update the web configuration. +upstream php-fpm { + server unix:/var/run/php5-fpm.sock; +} + # Redirect all HTTP to HTTPS. server { listen 80; @@ -69,7 +73,7 @@ server { fastcgi_param SCRIPT_FILENAME $document_root$1; fastcgi_param PATH_INFO $2; fastcgi_param HTTPS on; - fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; + fastcgi_pass php-fpm; } # Optional: set long EXPIRES header on static assets @@ -84,21 +88,22 @@ server { location = /.well-known/webfinger { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-webfinger.php; - fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; + fastcgi_pass php-fpm; } # Microsoft Exchange autodiscover.xml for email location /autodiscover/autodiscover.xml { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-exchange-autodiscover.php; - fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; + fastcgi_pass php-fpm; } # Z-Push (Microsoft Exchange ActiveSync) location /Microsoft-Server-ActiveSync { - include /etc/nginx/fastcgi_params; + include /etc/nginx/fastcgi_params; + fastcgi_param PHP_VALUE "include_path=/usr/share/awl/inc"; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php; - fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; + fastcgi_pass php-fpm; } # ADDITIONAL DIRECTIVES HERE From 54fe92615b5a76356c9e73fc1001d738c1df7360 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 23:43:16 +0200 Subject: [PATCH 16/63] include php-libawl and cleanup --- conf/zpush/backend_caldav.php | 1 - conf/zpush/backend_carddav.php | 4 +++- conf/zpush/backend_combined.php | 1 + setup/zpush.sh | 2 +- 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/conf/zpush/backend_caldav.php b/conf/zpush/backend_caldav.php index 4170fed4..7ad76426 100644 --- a/conf/zpush/backend_caldav.php +++ b/conf/zpush/backend_caldav.php @@ -62,5 +62,4 @@ define('CALDAV_PERSONAL', ''); // Setting this to false will work with most servers, but it will be slower define('CALDAV_SUPPORTS_SYNC', false); - ?> \ No newline at end of file diff --git a/conf/zpush/backend_carddav.php b/conf/zpush/backend_carddav.php index 0e91f2a6..eca3c533 100644 --- a/conf/zpush/backend_carddav.php +++ b/conf/zpush/backend_carddav.php @@ -105,4 +105,6 @@ define('CARDDAV_SUPPORTS_FN_SEARCH', false); // If your carddav server needs to use file extension to recover a vcard. // Davical needs it // SOGo official demo online needs it, but some SOGo installation don't need it, so test it -define('CARDDAV_URL_VCARD_EXTENSION', '.vcf'); \ No newline at end of file +define('CARDDAV_URL_VCARD_EXTENSION', '.vcf'); + +?> \ No newline at end of file diff --git a/conf/zpush/backend_combined.php b/conf/zpush/backend_combined.php index 47550c31..f02bac6b 100644 --- a/conf/zpush/backend_combined.php +++ b/conf/zpush/backend_combined.php @@ -100,4 +100,5 @@ class BackendCombinedConfig { ); } } + ?> \ No newline at end of file diff --git a/setup/zpush.sh b/setup/zpush.sh index 3ec36b15..c9e0efb5 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -14,7 +14,7 @@ source /etc/mailinabox.conf # load global vars # Prereqs. apt_install \ - php-soap php5-imap + php-soap php5-imap libawl-php php5enmod imap From 7f01146c3d2534313ff35f71786e1e2eb752c31b Mon Sep 17 00:00:00 2001 From: jkaberg Date: Mon, 11 Aug 2014 23:51:24 +0200 Subject: [PATCH 17/63] enable large file uploads in nginx --- conf/nginx.conf | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 041e7514..5fcb632e 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -26,13 +26,12 @@ server { ssl_certificate_key $SSL_KEY; include /etc/nginx/nginx-ssl.conf; - # Expose this directory as static files. # TODO: This is bad, we shouldnt hack it like this. root /usr/local/lib/owncloud;; index index.html index.htm; # ownCloud configuration - client_max_body_size 10G; # set max upload size + client_max_body_size 16G; # set max upload size fastcgi_buffers 64 4K; rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; @@ -69,6 +68,11 @@ server { location ~ ^(.+?\.php)(/.*)?$ { try_files $1 = 404; + # PHP specific configuration to deal with large file uploads + fastcgi_param PHP_VALUE "upload_max_filesize = 16G"; + fastcgi_param PHP_VALUE "post_max_size = 16G"; + fastcgi_param PHP_VALUE "output_buffering = 16384"; + include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$1; fastcgi_param PATH_INFO $2; From 881b693cd41658bf2a464667acbbed967fda7026 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 00:10:52 +0200 Subject: [PATCH 18/63] use memcache with owncloud --- setup/owncloud.sh | 22 +++++++++++++--------- setup/zpush.sh | 1 + 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index ecc74bba..916c6e38 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -16,6 +16,7 @@ apt-get purge -qq -y owncloud* # Install ownCloud from source if it is not already present # TODO: Check version? if [ ! -d /usr/local/lib/owncloud ]; then + echo Installing ownCloud... rm -f /tmp/owncloud.zip wget -qO /tmp/owncloud.zip https://download.owncloud.org/community/owncloud-7.0.1.zip unzip /tmp/owncloud.zip -d /usr/local/lib @@ -32,13 +33,16 @@ if [ ! -f "/usr/local/lib/owncloud/config/config.php" ]; then \ array ( \ 0 => \ array ( -\ 'class' => 'OC_User_IMAP', -\ 'arguments' => -\ array ( -\ 0 => '{localhost:993/imap/ssl/novalidate-cert}', +\ 'class' => 'OC_User_IMAP', +\ 'arguments' => +\ array ( +\ 0 => '{localhost:993/imap/ssl/novalidate-cert}', +\ ), \ ), \ ), -\ ), +\ "memcached_servers" => array ( +\ array('localhost', 11211), +\ ), \); ?> EOF @@ -63,15 +67,15 @@ chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud # Download and install the mail app if [ ! -d /usr/local/lib/owncloud/apps/mail ]; then rm -f /tmp/owncloud_mail.zip - wget -qO /tmp/owncloud_mail.zip https://github.com/owncloud/mail/archive/master.zip - unzip /tmp/owncloud_mail.zip -d /usr/local/lib/owncloud/apps + hide_output wget -qO /tmp/owncloud_mail.zip https://github.com/owncloud/mail/archive/master.zip + hide_output unzip /tmp/owncloud_mail.zip -d /usr/local/lib/owncloud/apps mv /usr/local/lib/owncloud/apps/mail-master /usr/local/lib/owncloud/apps/mail rm -f /tmp/owncloud.zip fi # Currently the mail app dosnt ship with the dependencies, so we need to install them -curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/lib/owncloud/apps/mail -php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/local/lib/owncloud/apps/mail +hide_output curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/lib/owncloud/apps/mail +hide_output php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/local/lib/owncloud/apps/mail # TODO: enable mail app in ownCloud config? diff --git a/setup/zpush.sh b/setup/zpush.sh index c9e0efb5..964c1492 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -21,6 +21,7 @@ php5enmod imap # Copy Z-Push into place. if [ ! -d /usr/local/lib/z-push ]; then rm -f /tmp/zpush.zip + echo Installing z-push... wget -qO /tmp/zpush.zip https://github.com/fmbiete/Z-Push-contrib/archive/master.zip unzip /tmp/zpush.zip -d /usr/local/lib/ mv /usr/local/lib/Z-Push-contrib-master /usr/local/lib/z-push From ecfabd2dad9067564ca47916f9d015b0b33f30fe Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 00:32:16 +0200 Subject: [PATCH 19/63] use smtp for z-push --- conf/zpush/backend_imap.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/zpush/backend_imap.php b/conf/zpush/backend_imap.php index 3d5743b6..66dee2b7 100644 --- a/conf/zpush/backend_imap.php +++ b/conf/zpush/backend_imap.php @@ -112,7 +112,7 @@ define('IMAP_EXCLUDED_FOLDERS', ''); // mail => mail() php function // sendmail => sendmail executable // smtp => direct connection against SMTP -define('IMAP_SMTP_METHOD', 'mail'); +define('IMAP_SMTP_METHOD', 'smtp'); global $imap_smtp_params; // SMTP Parameters @@ -135,7 +135,7 @@ $imap_smtp_params = array(); //$imap_smtp_params = array('host' => 'localhost', 'port' => 25, 'auth' => false); // If you want to use SSL with port 25 or port 465 you must preppend "ssl://" before the hostname or IP of your SMTP server // IMPORTANT: To use SSL you must use PHP 5.1 or later, install openssl libs and use ssl:// within the host variable -//$imap_smtp_params = array('host' => 'ssl://localhost', 'port' => 465, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password'); +$imap_smtp_params = array('host' => 'ssl://localhost', 'port' => 587, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password'); // If you are using IMAP_SMTP_METHOD = mail or sendmail and your sent messages are not correctly displayed you can change this to "\n". From 0bb257db2ad146aa4a853d6a24b8c48cf0d81dee Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 00:32:56 +0200 Subject: [PATCH 20/63] forgot to commit --- conf/zpush/backend_imap.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/zpush/backend_imap.php b/conf/zpush/backend_imap.php index 66dee2b7..4095e1d9 100644 --- a/conf/zpush/backend_imap.php +++ b/conf/zpush/backend_imap.php @@ -117,7 +117,7 @@ define('IMAP_SMTP_METHOD', 'smtp'); global $imap_smtp_params; // SMTP Parameters // mail : no params -$imap_smtp_params = array(); +//$imap_smtp_params = array(); // sendmail //$imap_smtp_params = array('sendmail_path' => '/usr/bin/sendmail', 'sendmail_args' => '-i'); // smtp From bc48e7d871b60e5052d03aadead6843b3fd0797d Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 00:33:13 +0200 Subject: [PATCH 21/63] proper indentation --- setup/owncloud.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 916c6e38..6c75e7b7 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -33,11 +33,11 @@ if [ ! -f "/usr/local/lib/owncloud/config/config.php" ]; then \ array ( \ 0 => \ array ( -\ 'class' => 'OC_User_IMAP', -\ 'arguments' => -\ array ( -\ 0 => '{localhost:993/imap/ssl/novalidate-cert}', -\ ), +\ 'class' => 'OC_User_IMAP', +\ 'arguments' => +\ array ( +\ 0 => '{localhost:993/imap/ssl/novalidate-cert}', +\ ), \ ), \ ), \ "memcached_servers" => array ( From 1e91cb0683f470b2b2d50400f58a5188885f89a7 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 00:44:54 +0200 Subject: [PATCH 22/63] well that didnt work.. --- setup/owncloud.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 6c75e7b7..51bda1ee 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -74,8 +74,8 @@ if [ ! -d /usr/local/lib/owncloud/apps/mail ]; then fi # Currently the mail app dosnt ship with the dependencies, so we need to install them -hide_output curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/lib/owncloud/apps/mail -hide_output php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/local/lib/owncloud/apps/mail +curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/lib/owncloud/apps/mail +php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/local/lib/owncloud/apps/mail # TODO: enable mail app in ownCloud config? From bfbd85183e4deadf647910e6d52ad6d4c794cf85 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 00:49:26 +0200 Subject: [PATCH 23/63] hide_output dosnt work --- setup/owncloud.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 51bda1ee..29d1c085 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -67,8 +67,8 @@ chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud # Download and install the mail app if [ ! -d /usr/local/lib/owncloud/apps/mail ]; then rm -f /tmp/owncloud_mail.zip - hide_output wget -qO /tmp/owncloud_mail.zip https://github.com/owncloud/mail/archive/master.zip - hide_output unzip /tmp/owncloud_mail.zip -d /usr/local/lib/owncloud/apps + wget -qO /tmp/owncloud_mail.zip https://github.com/owncloud/mail/archive/master.zip + unzip /tmp/owncloud_mail.zip -d /usr/local/lib/owncloud/apps mv /usr/local/lib/owncloud/apps/mail-master /usr/local/lib/owncloud/apps/mail rm -f /tmp/owncloud.zip fi From 21d59862de04165f47154006fd7f76d263bf8086 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 00:49:33 +0200 Subject: [PATCH 24/63] typo --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 5fcb632e..4f0b0ecc 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -27,7 +27,7 @@ server { include /etc/nginx/nginx-ssl.conf; # TODO: This is bad, we shouldnt hack it like this. - root /usr/local/lib/owncloud;; + root /usr/local/lib/owncloud; index index.html index.htm; # ownCloud configuration From 01d7d4e8600270fa472e92ce3b11cc8ceaa45bc8 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 01:15:17 +0200 Subject: [PATCH 25/63] restart using php5-fpm --- setup/owncloud.sh | 34 +++++++++++++++++----------------- setup/zpush.sh | 2 +- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 29d1c085..07d0a944 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -28,22 +28,22 @@ if [ ! -f "/usr/local/lib/owncloud/config/config.php" ]; then cat - > /usr/local/lib/owncloud/config/config.php < '$STORAGE_ROOT/owncloud', -\ array ( -\ 0 => -\ array ( -\ 'class' => 'OC_User_IMAP', -\ 'arguments' => -\ array ( -\ 0 => '{localhost:993/imap/ssl/novalidate-cert}', -\ ), -\ ), -\ ), -\ "memcached_servers" => array ( -\ array('localhost', 11211), -\ ), -\); +$CONFIG = array ( + 'datadirectory' => '$STORAGE_ROOT/owncloud', + array ( + 0 => + array ( + 'class' => 'OC_User_IMAP', + 'arguments' => + array ( + 0 => '{localhost:993/imap/ssl/novalidate-cert}', + ), + ), + ), + "memcached_servers" => array ( + array('localhost', 11211), + ), +); ?> EOF fi @@ -80,4 +80,4 @@ php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/l # TODO: enable mail app in ownCloud config? php5enmod imap -restart_service php-fastcgi \ No newline at end of file +restart_service php5-fpm \ No newline at end of file diff --git a/setup/zpush.sh b/setup/zpush.sh index 964c1492..bcb01c5c 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -61,4 +61,4 @@ chown www-data:www-data /var/lib/z-push # Restart service. -restart_service php-fastcgi +restart_service php5-fpm From 2d74fad94794dd144c1f038d953ca7af062cb00d Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 01:26:51 +0200 Subject: [PATCH 26/63] restart using php5-fpm --- setup/web.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/web.sh b/setup/web.sh index 383bea48..be5a8580 100755 --- a/setup/web.sh +++ b/setup/web.sh @@ -49,7 +49,7 @@ chown -R $STORAGE_USER $STORAGE_ROOT/webfinger # Start services. restart_service nginx -restart_service php-fastcgi +restart_service php5-fpm # Open ports. ufw_allow http From 7b5ebb093f02938fb14776b853dbbaf28d6e3d3e Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 02:04:38 +0200 Subject: [PATCH 27/63] properly chmod HTMLPurifier --- setup/owncloud.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 07d0a944..5f083739 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -76,6 +76,7 @@ fi # Currently the mail app dosnt ship with the dependencies, so we need to install them curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/lib/owncloud/apps/mail php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/local/lib/owncloud/apps/mail +chmod -R 777 /usr/local/lib/owncloud/apps/mail/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer # TODO: enable mail app in ownCloud config? From d60abd0f9289b798ba7cc3eb320c68fddf7bcac3 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 09:11:55 +0200 Subject: [PATCH 28/63] bump (php) ram limit to 512MB --- conf/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/conf/nginx.conf b/conf/nginx.conf index 4f0b0ecc..20be9e26 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -72,6 +72,7 @@ server { fastcgi_param PHP_VALUE "upload_max_filesize = 16G"; fastcgi_param PHP_VALUE "post_max_size = 16G"; fastcgi_param PHP_VALUE "output_buffering = 16384"; + fastcgi_param PHP_VALUE "memory_limit = 512M"; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$1; From 17c4edb58d91e34a6690bb2d0d77f5c4e4a46427 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 09:24:49 +0200 Subject: [PATCH 29/63] add cron job for owncloud --- setup/owncloud.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 5f083739..3bd75c72 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -1,8 +1,6 @@ # Owncloud ########################## -# TODO: Write documentation on what we're doing here :-) - source setup/functions.sh # load our functions source /etc/mailinabox.conf # load global vars @@ -78,6 +76,10 @@ curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/lib php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/local/lib/owncloud/apps/mail chmod -R 777 /usr/local/lib/owncloud/apps/mail/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer +# Use Crontab instead of AJAX/webcron in ownCloud +# TODO: somehow change the cron option in admin settings, not exposed afaik? +(crontab -u www-user -l; echo "*/15 * * * * php -f /usr/local/lib/owncloud/cron.php" ) | crontab -u www-user - + # TODO: enable mail app in ownCloud config? php5enmod imap From a6ba2da68b43cf4f190e5c48a1aab3303b33d007 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 10:09:44 +0200 Subject: [PATCH 30/63] create an no-reply user to use with SMTP from ownCloud --- setup/owncloud.sh | 23 ++++++++++------------- setup/start.sh | 7 +++++++ 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 3bd75c72..aca99632 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -41,23 +41,20 @@ $CONFIG = array ( "memcached_servers" => array ( array('localhost', 11211), ), + 'mail_smtpmode' => 'smtp', + 'mail_smtpsecure' => 'ssl', + 'mail_from_address' => 'no-reply@$PRIMARY_HOSTNAME', + 'mail_domain' => '$PRIMARY_HOSTNAME', + 'mail_smtpauthtype' => 'LOGIN', + 'mail_smtpauth' => true, + 'mail_smtphost' => 'localhost', + 'mail_smtpport' => '587', + 'mail_smtpname' => 'no-reply@$PRIMARY_HOSTNAME', + 'mail_smtppassword' => '$SECRET_PASSWORD', ); ?> EOF fi - -# TODO: Insert the following above (owncloud config generation) when we found a good solution: -# 'mail_smtpmode' => 'smtp', -# 'mail_smtpsecure' => 'ssl', -# 'mail_from_address' => '**** need to figure this one out, nornamly: @. ****', -# 'mail_domain' => '**** need to figure this one out, nornamly: . ****', -# 'mail_smtpauthtype' => 'LOGIN', -# 'mail_smtpauth' => true, -# 'mail_smtphost' => 'localhost', -# 'mail_smtpport' => '587', -# 'mail_smtpname' => '**** need to figure this one out, nornamly: @. ****', -# 'mail_smtppassword' => '**** need to figure this one out ****', - # Set permissions mkdir -p $STORAGE_ROOT/owncloud chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud diff --git a/setup/start.sh b/setup/start.sh index 39987401..26a081d1 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -250,11 +250,15 @@ if [ -z "$STORAGE_ROOT" ]; then chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version fi +# Generate a secret password to use with no-reply user (mainly for ownCloud SMTP atm) +SECRET_PASSWORD=$(dd if=/dev/random bs=20 count=1 2>/dev/null | base64 | fold -w 24 | head -n 1) + # Save the global options in /etc/mailinabox.conf so that standalone # tools know where to look for data. cat > /etc/mailinabox.conf << EOF; STORAGE_USER=$STORAGE_USER STORAGE_ROOT=$STORAGE_ROOT +SECRET_PASSWORD=$SECRET_PASSWORD PRIMARY_HOSTNAME=$PRIMARY_HOSTNAME PUBLIC_IP=$PUBLIC_IP PUBLIC_IPV6=$PUBLIC_IPV6 @@ -319,5 +323,8 @@ if [ -z "`tools/mail.py user`" ]; then # Create an alias to which we'll direct all automatically-created administrative aliases. tools/mail.py alias add administrator@$PRIMARY_HOSTNAME $EMAIL_ADDR + + # Create an no-reply user to use with ownCloud + tools/mail.py user add no-reply@$PRIMARY_HOSTNAME $SECRET_PASSWORD fi From 9d415302328eb72a2cf96ac1416756009c514ee3 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 10:10:53 +0200 Subject: [PATCH 31/63] clarifications --- setup/owncloud.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index aca99632..d482b2b2 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -55,6 +55,7 @@ $CONFIG = array ( ?> EOF fi + # Set permissions mkdir -p $STORAGE_ROOT/owncloud chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud @@ -74,10 +75,10 @@ php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/l chmod -R 777 /usr/local/lib/owncloud/apps/mail/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer # Use Crontab instead of AJAX/webcron in ownCloud -# TODO: somehow change the cron option in admin settings, not exposed afaik? +# TODO: somehow change the cron option in ownClouds config, not exposed afaik? (crontab -u www-user -l; echo "*/15 * * * * php -f /usr/local/lib/owncloud/cron.php" ) | crontab -u www-user - -# TODO: enable mail app in ownCloud config? +# TODO: enable mail app in ownCloud config, not exposed afaik? php5enmod imap restart_service php5-fpm \ No newline at end of file From 7ba79effae4d7a4b702be91f78caddfc6f160b62 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 11:02:13 +0200 Subject: [PATCH 32/63] moved TODO --- setup/owncloud.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index d482b2b2..dce52c6a 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -61,6 +61,7 @@ mkdir -p $STORAGE_ROOT/owncloud chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud # Download and install the mail app +# TODO: enable mail app in ownCloud config, not exposed afaik? if [ ! -d /usr/local/lib/owncloud/apps/mail ]; then rm -f /tmp/owncloud_mail.zip wget -qO /tmp/owncloud_mail.zip https://github.com/owncloud/mail/archive/master.zip @@ -78,7 +79,5 @@ chmod -R 777 /usr/local/lib/owncloud/apps/mail/vendor/ezyang/htmlpurifier/librar # TODO: somehow change the cron option in ownClouds config, not exposed afaik? (crontab -u www-user -l; echo "*/15 * * * * php -f /usr/local/lib/owncloud/cron.php" ) | crontab -u www-user - -# TODO: enable mail app in ownCloud config, not exposed afaik? - php5enmod imap restart_service php5-fpm \ No newline at end of file From e8a1837d02e42bda57e6c3c829ab319c51521f2f Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 12:01:18 +0200 Subject: [PATCH 33/63] properly set correct timezone --- setup/owncloud.sh | 6 ++++-- setup/zpush.sh | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index dce52c6a..88054a76 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -22,11 +22,12 @@ if [ ! -d /usr/local/lib/owncloud ]; then fi # Create a configuration file. +TIMEZONE=`cat /etc/timezone` if [ ! -f "/usr/local/lib/owncloud/config/config.php" ]; then cat - > /usr/local/lib/owncloud/config/config.php < '$STORAGE_ROOT/owncloud', array ( 0 => @@ -43,7 +44,7 @@ $CONFIG = array ( ), 'mail_smtpmode' => 'smtp', 'mail_smtpsecure' => 'ssl', - 'mail_from_address' => 'no-reply@$PRIMARY_HOSTNAME', + 'mail_from_address' => 'no-reply', 'mail_domain' => '$PRIMARY_HOSTNAME', 'mail_smtpauthtype' => 'LOGIN', 'mail_smtpauth' => true, @@ -51,6 +52,7 @@ $CONFIG = array ( 'mail_smtpport' => '587', 'mail_smtpname' => 'no-reply@$PRIMARY_HOSTNAME', 'mail_smtppassword' => '$SECRET_PASSWORD', + 'logtimezone' => '$TIMEZONE', ); ?> EOF diff --git a/setup/zpush.sh b/setup/zpush.sh index bcb01c5c..7e2c0cf2 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -31,7 +31,8 @@ if [ ! -d /usr/local/lib/z-push ]; then fi # Configure default config -# TODO: Add timezone etc? +TIMEZONE=`cat /etc/timezone` +sed -i "s/define('TIMEZONE', .*/define('TIMEZONE', '$TIMEZONE');/" /usr/local/lib/z-push/config.php sed -i "s/define('BACKEND_PROVIDER', .*/define('BACKEND_PROVIDER', 'BackendCombined');/" /usr/local/lib/z-push/config.php # Configure BACKEND From 5cf2965633c5bdc5303b65cc2e0f06f8acd2d5fa Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 12:04:27 +0200 Subject: [PATCH 34/63] tls instead of ssl --- setup/owncloud.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 88054a76..9e7a7561 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -43,7 +43,7 @@ if [ ! -f "/usr/local/lib/owncloud/config/config.php" ]; then array('localhost', 11211), ), 'mail_smtpmode' => 'smtp', - 'mail_smtpsecure' => 'ssl', + 'mail_smtpsecure' => 'tls', 'mail_from_address' => 'no-reply', 'mail_domain' => '$PRIMARY_HOSTNAME', 'mail_smtpauthtype' => 'LOGIN', From 9f5fd6b474c53ca1d643a5251573f4be9c7b7267 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 12:33:42 +0200 Subject: [PATCH 35/63] fix user_backends array --- setup/owncloud.sh | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 9e7a7561..99445442 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -7,7 +7,7 @@ source /etc/mailinabox.conf # load global vars apt_install \ dbconfig-common \ php5-cli php5-sqlite php5-gd php5-imap php5-curl php-pear php-apc curl libapr1 libtool libcurl4-openssl-dev php-xml-parser \ - php5 php5-dev php5-gd php5-fpm memcached php5-memcache unzip + php5 php5-dev php5-gd php5-fpm memcached php5-memcache unzip sqlite apt-get purge -qq -y owncloud* @@ -29,15 +29,11 @@ if [ ! -f "/usr/local/lib/owncloud/config/config.php" ]; then \$CONFIG = array ( 'datadirectory' => '$STORAGE_ROOT/owncloud', - array ( - 0 => - array ( - 'class' => 'OC_User_IMAP', - 'arguments' => - array ( - 0 => '{localhost:993/imap/ssl/novalidate-cert}', - ), - ), + 'user_backends' => array( + array( + 'class'=>'OC_User_IMAP', + 'arguments'=>array('{localhost:993/imap/ssl/novalidate-cert}') + ) ), "memcached_servers" => array ( array('localhost', 11211), From 31dda3b42523e0c49ce350b859cb0046781bfd08 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 12:34:02 +0200 Subject: [PATCH 36/63] update readme to advise user on what to do next --- README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/README.md b/README.md index 6f96c13c..766b7164 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,18 @@ In short, it's like this: cd mailinabox sudo setup/start.sh +Then run the post-install checklist command to see what you need to do next: + + sudo management/whats_next.py + +In addition to above once finished you need to: + + Goto https://., and make a admin account. By default you don't need to edit the advanced settings + Once logged in, click the "Files" link beside the cloud in the top left corner and then click Apps button + Goto the "External user support" and activate it, do the same thing with the mail app + +Congratulations! You should now have a working setup. Feel free to login with your mail credentials created earlier in the setup + **Status**: This is a work in progress. It works for what it is, but it is missing such things as quotas, backup/restore, etc. The Goals From 7b81ea183463ed4d4085c8bd48345cb036135503 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Tue, 12 Aug 2014 11:12:10 +0000 Subject: [PATCH 37/63] simplify zpush configuration files, no need to preserve copyright message --- conf/zpush/backend_caldav.php | 49 +------------- conf/zpush/backend_carddav.php | 81 ++---------------------- conf/zpush/backend_combined.php | 57 +---------------- conf/zpush/backend_imap.php | 109 +------------------------------- 4 files changed, 9 insertions(+), 287 deletions(-) diff --git a/conf/zpush/backend_caldav.php b/conf/zpush/backend_caldav.php index 7ad76426..ebe27ac2 100644 --- a/conf/zpush/backend_caldav.php +++ b/conf/zpush/backend_caldav.php @@ -3,58 +3,11 @@ * File : config.php * Project : Z-Push * Descr : CalDAV backend configuration file -* -* Created : 27.11.2012 -* -* Copyright 2007 - 2013 Zarafa Deutschland GmbH -* -* This program is free software: you can redistribute it and/or modify -* it under the terms of the GNU Affero General Public License, version 3, -* as published by the Free Software Foundation with the following additional -* term according to sec. 7: -* -* According to sec. 7 of the GNU Affero General Public License, version 3, -* the terms of the AGPL are supplemented with the following terms: -* -* "Zarafa" is a registered trademark of Zarafa B.V. -* "Z-Push" is a registered trademark of Zarafa Deutschland GmbH -* The licensing of the Program under the AGPL does not imply a trademark license. -* Therefore any rights, title and interest in our trademarks remain entirely with us. -* -* However, if you propagate an unmodified version of the Program you are -* allowed to use the term "Z-Push" to indicate that you distribute the Program. -* Furthermore you may use our trademarks where it is necessary to indicate -* the intended purpose of a product or service provided you use it in accordance -* with honest practices in industrial or commercial matters. -* If you want to propagate modified versions of the Program under the name "Z-Push", -* you may only do so if you have a written permission by Zarafa Deutschland GmbH -* (to acquire a permission please contact Zarafa at trademark@zarafa.com). -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU Affero General Public License for more details. -* -* You should have received a copy of the GNU Affero General Public License -* along with this program. If not, see . -* -* Consult LICENSE file for details ************************************************/ -// ************************ -// BackendCalDAV settings -// ************************ - -// Server address define('CALDAV_SERVER', 'https://localhost'); - -// Port define('CALDAV_PORT', '443'); - -// Path define('CALDAV_PATH', '/remote.php/caldav/calendars/%u/'); - -// Personal CalDAV folder (calendar folder/principal) define('CALDAV_PERSONAL', ''); // If the CalDAV server supports the sync-collection operation @@ -62,4 +15,4 @@ define('CALDAV_PERSONAL', ''); // Setting this to false will work with most servers, but it will be slower define('CALDAV_SUPPORTS_SYNC', false); -?> \ No newline at end of file +?> diff --git a/conf/zpush/backend_carddav.php b/conf/zpush/backend_carddav.php index eca3c533..4dd1a741 100644 --- a/conf/zpush/backend_carddav.php +++ b/conf/zpush/backend_carddav.php @@ -3,89 +3,16 @@ * File : config.php * Project : Z-Push * Descr : CardDAV backend configuration file -* -* Created : 16.03.2013 -* -* Copyright 2007 - 2013 Zarafa Deutschland GmbH -* -* This program is free software: you can redistribute it and/or modify -* it under the terms of the GNU Affero General Public License, version 3, -* as published by the Free Software Foundation with the following additional -* term according to sec. 7: -* -* According to sec. 7 of the GNU Affero General Public License, version 3, -* the terms of the AGPL are supplemented with the following terms: -* -* "Zarafa" is a registered trademark of Zarafa B.V. -* "Z-Push" is a registered trademark of Zarafa Deutschland GmbH -* The licensing of the Program under the AGPL does not imply a trademark license. -* Therefore any rights, title and interest in our trademarks remain entirely with us. -* -* However, if you propagate an unmodified version of the Program you are -* allowed to use the term "Z-Push" to indicate that you distribute the Program. -* Furthermore you may use our trademarks where it is necessary to indicate -* the intended purpose of a product or service provided you use it in accordance -* with honest practices in industrial or commercial matters. -* If you want to propagate modified versions of the Program under the name "Z-Push", -* you may only do so if you have a written permission by Zarafa Deutschland GmbH -* (to acquire a permission please contact Zarafa at trademark@zarafa.com). -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU Affero General Public License for more details. -* -* You should have received a copy of the GNU Affero General Public License -* along with this program. If not, see . -* -* Consult LICENSE file for details ************************************************/ -// ************************ -// BackendCardDAV settings -// ************************ -// Server protocol: http or https -define('CARDDAV_PROTOCOL', 'https'); - -// Server name +define('CARDDAV_PROTOCOL', 'https'); /* http or https */ define('CARDDAV_SERVER', 'localhost'); - -// Server port define('CARDDAV_PORT', '443'); - -// Server path to the addressbook, or the principal with the addressbooks -// If your user has more than 1 addressbook point it to the principal. -// Example: user test@domain.com will have 2 addressbooks -// http://localhost/caldav.php/test@domain.com/addresses/personal -// http://localhost/caldav.php/test@domain.com/addresses/work -// You set the CARDDAV_PATH to '/caldav.php/%u/addresses/' and personal and work will be autodiscovered -// %u: replaced with the username -// %d: replaced with the domain -// Add the trailing / define('CARDDAV_PATH', '/remote.php/carddav/addressbooks/%u/'); - - -// Server path to the default addressbook -// Mobile device will create new contacts here. It must be under CARDDAV_PATH -// %u: replaced with the username -// %d: replaced with the domain -// Add the trailing / -define('CARDDAV_DEFAULT_PATH', '/remote.php/carddav/addressbooks/%u/contacts/'); - -// Server path to the GAL addressbook. This addressbook is readonly and searchable by the user, but it will NOT be synced. -// If you don't want GAL, comment it -// %u: replaced with the username -// %d: replaced with the domain -// Add the trailing / -define('CARDDAV_GAL_PATH', '/caldav.php/%d/GAL/'); - -// Minimal length for the search pattern to do the real search. +define('CARDDAV_DEFAULT_PATH', '/remote.php/carddav/addressbooks/%u/contacts/'); /* subdirectory of the main path */ +define('CARDDAV_GAL_PATH', '/caldav.php/%d/GAL/'); /* readonly, searchable, not syncd */ define('CARDDAV_GAL_MIN_LENGTH', 5); - -// Addressbook display name, the name showed in the mobile device -// %u: replaced with the username -// %d: replaced with the domain define('CARDDAV_CONTACTS_FOLDER_NAME', '%u Addressbook'); @@ -107,4 +34,4 @@ define('CARDDAV_SUPPORTS_FN_SEARCH', false); // SOGo official demo online needs it, but some SOGo installation don't need it, so test it define('CARDDAV_URL_VCARD_EXTENSION', '.vcf'); -?> \ No newline at end of file +?> diff --git a/conf/zpush/backend_combined.php b/conf/zpush/backend_combined.php index f02bac6b..9d5aea24 100644 --- a/conf/zpush/backend_combined.php +++ b/conf/zpush/backend_combined.php @@ -4,63 +4,11 @@ * Project : Z-Push * Descr : configuration file for the * combined backend. -* -* Created : 29.11.2010 -* -* Copyright 2007 - 2013 Zarafa Deutschland GmbH -* -* This program is free software: you can redistribute it and/or modify -* it under the terms of the GNU Affero General Public License, version 3, -* as published by the Free Software Foundation with the following additional -* term according to sec. 7: -* -* According to sec. 7 of the GNU Affero General Public License, version 3, -* the terms of the AGPL are supplemented with the following terms: -* -* "Zarafa" is a registered trademark of Zarafa B.V. -* "Z-Push" is a registered trademark of Zarafa Deutschland GmbH -* The licensing of the Program under the AGPL does not imply a trademark license. -* Therefore any rights, title and interest in our trademarks remain entirely with us. -* -* However, if you propagate an unmodified version of the Program you are -* allowed to use the term "Z-Push" to indicate that you distribute the Program. -* Furthermore you may use our trademarks where it is necessary to indicate -* the intended purpose of a product or service provided you use it in accordance -* with honest practices in industrial or commercial matters. -* If you want to propagate modified versions of the Program under the name "Z-Push", -* you may only do so if you have a written permission by Zarafa Deutschland GmbH -* (to acquire a permission please contact Zarafa at trademark@zarafa.com). -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU Affero General Public License for more details. -* -* You should have received a copy of the GNU Affero General Public License -* along with this program. If not, see . -* -* Consult LICENSE file for details ************************************************/ class BackendCombinedConfig { - - // ************************* - // BackendCombined settings - // ************************* - /** - * Returns the configuration of the combined backend - * - * @access public - * @return array - * - */ public static function GetBackendCombinedConfig() { - //use a function for it because php does not allow - //assigning variables to the class members (expecting T_STRING) return array( - //the order in which the backends are loaded. - //login only succeeds if all backend return true on login - //sending mail: the mail is sent with first backend that is able to send the mail 'backends' => array( 'i' => array( 'name' => 'BackendIMAP', @@ -73,8 +21,6 @@ class BackendCombinedConfig { ), ), 'delimiter' => '/', - //force one type of folder to one backend - //it must match one of the above defined backends 'folderbackend' => array( SYNC_FOLDER_TYPE_INBOX => 'i', SYNC_FOLDER_TYPE_DRAFTS => 'i', @@ -95,10 +41,9 @@ class BackendCombinedConfig { SYNC_FOLDER_TYPE_USER_NOTE => 'c', SYNC_FOLDER_TYPE_UNKNOWN => 'i', ), - //creating a new folder in the root folder should create a folder in one backend 'rootcreatefolderbackend' => 'i', ); } } -?> \ No newline at end of file +?> diff --git a/conf/zpush/backend_imap.php b/conf/zpush/backend_imap.php index 4095e1d9..252814a7 100644 --- a/conf/zpush/backend_imap.php +++ b/conf/zpush/backend_imap.php @@ -3,75 +3,14 @@ * File : config.php * Project : Z-Push * Descr : IMAP backend configuration file -* -* Created : 27.11.2012 -* -* Copyright 2007 - 2013 Zarafa Deutschland GmbH -* -* This program is free software: you can redistribute it and/or modify -* it under the terms of the GNU Affero General Public License, version 3, -* as published by the Free Software Foundation with the following additional -* term according to sec. 7: -* -* According to sec. 7 of the GNU Affero General Public License, version 3, -* the terms of the AGPL are supplemented with the following terms: -* -* "Zarafa" is a registered trademark of Zarafa B.V. -* "Z-Push" is a registered trademark of Zarafa Deutschland GmbH -* The licensing of the Program under the AGPL does not imply a trademark license. -* Therefore any rights, title and interest in our trademarks remain entirely with us. -* -* However, if you propagate an unmodified version of the Program you are -* allowed to use the term "Z-Push" to indicate that you distribute the Program. -* Furthermore you may use our trademarks where it is necessary to indicate -* the intended purpose of a product or service provided you use it in accordance -* with honest practices in industrial or commercial matters. -* If you want to propagate modified versions of the Program under the name "Z-Push", -* you may only do so if you have a written permission by Zarafa Deutschland GmbH -* (to acquire a permission please contact Zarafa at trademark@zarafa.com). -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -* GNU Affero General Public License for more details. -* -* You should have received a copy of the GNU Affero General Public License -* along with this program. If not, see . -* -* Consult LICENSE file for details ************************************************/ -// ************************ -// BackendIMAP settings -// ************************ - -// Defines the server to which we want to connect define('IMAP_SERVER', 'localhost'); - -// connecting to default port (143) define('IMAP_PORT', 993); - -// best cross-platform compatibility (see http://php.net/imap_open for options) define('IMAP_OPTIONS', '/ssl/norsh/novalidate-cert'); - -// overwrite the "from" header with some value -// options: -// '' - do nothing, use the From header -// 'username' - the username will be set (usefull if your login is equal to your emailaddress) -// 'domain' - the value of the "domain" field is used -// 'sql' - the username will be the result of a sql query. REMEMBER TO INSTALL PHP-PDO AND PHP-DATABASE -// 'ldap' - the username will be the result of a ldap query. REMEMBER TO INSTALL PHP-LDAP!! -// '@mydomain.com' - the username is used and the given string will be appended define('IMAP_DEFAULTFROM', ''); -// DSN: formatted PDO connection string -// mysql:host=xxx;port=xxx;dbname=xxx -// USER: username to DB -// PASSWORD: password to DB -// OPTIONS: array with options needed -// QUERY: query to execute -// FIELDS: columns in the query -// FROM: string that will be the from, replacing the column names with the values +// not used define('IMAP_FROM_SQL_DSN', ''); define('IMAP_FROM_SQL_USER', ''); define('IMAP_FROM_SQL_PASSWORD', ''); @@ -79,15 +18,7 @@ define('IMAP_FROM_SQL_OPTIONS', serialize(array(PDO::ATTR_PERSISTENT => true))); define('IMAP_FROM_SQL_QUERY', "select first_name, last_name, mail_address from users where mail_address = '#username@#domain'"); define('IMAP_FROM_SQL_FIELDS', serialize(array('first_name', 'last_name', 'mail_address'))); define('IMAP_FROM_SQL_FROM', '#first_name #last_name <#mail_address>'); - -// SERVER: ldap server -// SERVER_PORT: ldap port -// USER: dn to use for connecting -// PASSWORD: password -// QUERY: query to execute -// FIELDS: columns in the query -// FROM: string that will be the from, replacing the field names with the values -define('IMAP_FROM_LDAP_SERVER', 'localhost'); +define('IMAP_FROM_LDAP_SERVER', ''); define('IMAP_FROM_LDAP_SERVER_PORT', '389'); define('IMAP_FROM_LDAP_USER', 'cn=zpush,ou=servers,dc=zpush,dc=org'); define('IMAP_FROM_LDAP_PASSWORD', 'password'); @@ -99,47 +30,13 @@ define('IMAP_FROM_LDAP_FROM', '#givenname #sn <#mail>'); // copy outgoing mail to this folder. If not set z-push will try the default folders define('IMAP_SENTFOLDER', ''); - -// forward messages inline (default true - inlined) define('IMAP_INLINE_FORWARD', true); - -// list of folders we want to exclude from sync. Names, or part of it, separated by | -// example: dovecot.sieve|archive|spam define('IMAP_EXCLUDED_FOLDERS', ''); - - -// Method used for sending mail -// mail => mail() php function -// sendmail => sendmail executable -// smtp => direct connection against SMTP define('IMAP_SMTP_METHOD', 'smtp'); global $imap_smtp_params; -// SMTP Parameters -// mail : no params -//$imap_smtp_params = array(); -// sendmail -//$imap_smtp_params = array('sendmail_path' => '/usr/bin/sendmail', 'sendmail_args' => '-i'); -// smtp -// "host" - The server to connect. Default is localhost. -// "port" - The port to connect. Default is 25. -// "auth" - Whether or not to use SMTP authentication. Default is FALSE. -// "username" - The username to use for SMTP authentication. "imap_username" for using the same username as the imap server -// "password" - The password to use for SMTP authentication. "imap_password" for using the same password as the imap server -// "localhost" - The value to give when sending EHLO or HELO. Default is localhost -// "timeout" - The SMTP connection timeout. Default is NULL (no timeout). -// "verp" - Whether to use VERP or not. Default is FALSE. -// "debug" - Whether to enable SMTP debug mode or not. Default is FALSE. -// "persist" - Indicates whether or not the SMTP connection should persist over multiple calls to the send() method. -// "pipelining" - Indicates whether or not the SMTP commands pipelining should be used. -//$imap_smtp_params = array('host' => 'localhost', 'port' => 25, 'auth' => false); -// If you want to use SSL with port 25 or port 465 you must preppend "ssl://" before the hostname or IP of your SMTP server -// IMPORTANT: To use SSL you must use PHP 5.1 or later, install openssl libs and use ssl:// within the host variable $imap_smtp_params = array('host' => 'ssl://localhost', 'port' => 587, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password'); - -// If you are using IMAP_SMTP_METHOD = mail or sendmail and your sent messages are not correctly displayed you can change this to "\n". -// BUT, it doesn't with RFC 2822 and will break if using smp method define('MAIL_MIMEPART_CRLF', "\r\n"); -?> \ No newline at end of file +?> From 654c2007098c1fac2f9e37863cb609982f0ffe1c Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 13:12:57 +0200 Subject: [PATCH 38/63] properly escape $ --- setup/zpush.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/zpush.sh b/setup/zpush.sh index 7e2c0cf2..6786fdbe 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -32,7 +32,7 @@ fi # Configure default config TIMEZONE=`cat /etc/timezone` -sed -i "s/define('TIMEZONE', .*/define('TIMEZONE', '$TIMEZONE');/" /usr/local/lib/z-push/config.php +sed -i "s/define('TIMEZONE', .*/define('TIMEZONE', '\$TIMEZONE');/" /usr/local/lib/z-push/config.php sed -i "s/define('BACKEND_PROVIDER', .*/define('BACKEND_PROVIDER', 'BackendCombined');/" /usr/local/lib/z-push/config.php # Configure BACKEND From cf4f519cc051966aa58b3f2c1ac6fb674461f279 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Tue, 12 Aug 2014 11:18:45 +0000 Subject: [PATCH 39/63] zpush/owncloud: inject mail using 'sendmail' not SMTP --- conf/zpush/backend_imap.php | 2 +- setup/owncloud.sh | 20 ++++++++++---------- setup/start.sh | 7 ------- 3 files changed, 11 insertions(+), 18 deletions(-) diff --git a/conf/zpush/backend_imap.php b/conf/zpush/backend_imap.php index 252814a7..45594092 100644 --- a/conf/zpush/backend_imap.php +++ b/conf/zpush/backend_imap.php @@ -32,7 +32,7 @@ define('IMAP_FROM_LDAP_FROM', '#givenname #sn <#mail>'); define('IMAP_SENTFOLDER', ''); define('IMAP_INLINE_FORWARD', true); define('IMAP_EXCLUDED_FOLDERS', ''); -define('IMAP_SMTP_METHOD', 'smtp'); +define('IMAP_SMTP_METHOD', 'sendmail'); global $imap_smtp_params; $imap_smtp_params = array('host' => 'ssl://localhost', 'port' => 587, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password'); diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 99445442..12059fff 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -38,16 +38,16 @@ if [ ! -f "/usr/local/lib/owncloud/config/config.php" ]; then "memcached_servers" => array ( array('localhost', 11211), ), - 'mail_smtpmode' => 'smtp', - 'mail_smtpsecure' => 'tls', - 'mail_from_address' => 'no-reply', - 'mail_domain' => '$PRIMARY_HOSTNAME', + 'mail_smtpmode' => 'sendmail', + 'mail_smtpsecure' => '', 'mail_smtpauthtype' => 'LOGIN', - 'mail_smtpauth' => true, - 'mail_smtphost' => 'localhost', - 'mail_smtpport' => '587', - 'mail_smtpname' => 'no-reply@$PRIMARY_HOSTNAME', - 'mail_smtppassword' => '$SECRET_PASSWORD', + 'mail_smtpauth' => false, + 'mail_smtphost' => '', + 'mail_smtpport' => '', + 'mail_smtpname' => '', + 'mail_smtppassword' => '', + 'mail_from_address' => 'owncloud', + 'mail_domain' => '$PRIMARY_HOSTNAME', 'logtimezone' => '$TIMEZONE', ); ?> @@ -78,4 +78,4 @@ chmod -R 777 /usr/local/lib/owncloud/apps/mail/vendor/ezyang/htmlpurifier/librar (crontab -u www-user -l; echo "*/15 * * * * php -f /usr/local/lib/owncloud/cron.php" ) | crontab -u www-user - php5enmod imap -restart_service php5-fpm \ No newline at end of file +restart_service php5-fpm diff --git a/setup/start.sh b/setup/start.sh index 26a081d1..39987401 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -250,15 +250,11 @@ if [ -z "$STORAGE_ROOT" ]; then chown $STORAGE_USER.$STORAGE_USER $STORAGE_ROOT/mailinabox.version fi -# Generate a secret password to use with no-reply user (mainly for ownCloud SMTP atm) -SECRET_PASSWORD=$(dd if=/dev/random bs=20 count=1 2>/dev/null | base64 | fold -w 24 | head -n 1) - # Save the global options in /etc/mailinabox.conf so that standalone # tools know where to look for data. cat > /etc/mailinabox.conf << EOF; STORAGE_USER=$STORAGE_USER STORAGE_ROOT=$STORAGE_ROOT -SECRET_PASSWORD=$SECRET_PASSWORD PRIMARY_HOSTNAME=$PRIMARY_HOSTNAME PUBLIC_IP=$PUBLIC_IP PUBLIC_IPV6=$PUBLIC_IPV6 @@ -323,8 +319,5 @@ if [ -z "`tools/mail.py user`" ]; then # Create an alias to which we'll direct all automatically-created administrative aliases. tools/mail.py alias add administrator@$PRIMARY_HOSTNAME $EMAIL_ADDR - - # Create an no-reply user to use with ownCloud - tools/mail.py user add no-reply@$PRIMARY_HOSTNAME $SECRET_PASSWORD fi From 7396785a9aad6c824bcc532ac62b26baa8f26a2f Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 13:22:34 +0200 Subject: [PATCH 40/63] install php5-xsl as carddav is dependent on it --- setup/zpush.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/zpush.sh b/setup/zpush.sh index 6786fdbe..7d793311 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -14,7 +14,7 @@ source /etc/mailinabox.conf # load global vars # Prereqs. apt_install \ - php-soap php5-imap libawl-php + php-soap php5-imap libawl-php php5-xsl php5enmod imap From afb09a84b7754937db90a3b4055c66548bba5b1a Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 14:00:28 +0200 Subject: [PATCH 41/63] use tools/editconf.py to edit php.ini for large file uploads --- conf/nginx.conf | 6 ------ setup/owncloud.sh | 7 +++++++ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 20be9e26..411dfe85 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -68,12 +68,6 @@ server { location ~ ^(.+?\.php)(/.*)?$ { try_files $1 = 404; - # PHP specific configuration to deal with large file uploads - fastcgi_param PHP_VALUE "upload_max_filesize = 16G"; - fastcgi_param PHP_VALUE "post_max_size = 16G"; - fastcgi_param PHP_VALUE "output_buffering = 16384"; - fastcgi_param PHP_VALUE "memory_limit = 512M"; - include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$1; fastcgi_param PATH_INFO $2; diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 99445442..e3c125c9 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -58,6 +58,13 @@ fi mkdir -p $STORAGE_ROOT/owncloud chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud +# Set PHP FPM values to support large file uploads +tools/editconf.py /etc/php5/fpm/php.ini \ + upload_max_filesize=16G \ + post_max_size=16G \ + output_buffering=16384 \ + memory_limit=512M + # Download and install the mail app # TODO: enable mail app in ownCloud config, not exposed afaik? if [ ! -d /usr/local/lib/owncloud/apps/mail ]; then From 52c50621cde04a1169604cf4aa8be04800a5dd04 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 15:11:33 +0200 Subject: [PATCH 42/63] use x-accel-redirect for faster larg file downloads --- conf/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/conf/nginx.conf b/conf/nginx.conf index 411dfe85..2ec8e03e 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -70,6 +70,7 @@ server { include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$1; + fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; fastcgi_param PATH_INFO $2; fastcgi_param HTTPS on; fastcgi_pass php-fpm; From 57a441a547b5100669ff6ab0abcc1b6ec33ad4b6 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 15:27:37 +0200 Subject: [PATCH 43/63] small script to update the mail app --- setup/owncloud.sh | 2 +- setup/zpush.sh | 2 +- tools/update_mail_app.sh | 17 +++++++++++++++++ 3 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 tools/update_mail_app.sh diff --git a/setup/owncloud.sh b/setup/owncloud.sh index e3c125c9..59f3fbbf 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -14,7 +14,7 @@ apt-get purge -qq -y owncloud* # Install ownCloud from source if it is not already present # TODO: Check version? if [ ! -d /usr/local/lib/owncloud ]; then - echo Installing ownCloud... + echo installing ownCloud... rm -f /tmp/owncloud.zip wget -qO /tmp/owncloud.zip https://download.owncloud.org/community/owncloud-7.0.1.zip unzip /tmp/owncloud.zip -d /usr/local/lib diff --git a/setup/zpush.sh b/setup/zpush.sh index 7d793311..e18c0b20 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -21,7 +21,7 @@ php5enmod imap # Copy Z-Push into place. if [ ! -d /usr/local/lib/z-push ]; then rm -f /tmp/zpush.zip - echo Installing z-push... + echo installing z-push... wget -qO /tmp/zpush.zip https://github.com/fmbiete/Z-Push-contrib/archive/master.zip unzip /tmp/zpush.zip -d /usr/local/lib/ mv /usr/local/lib/Z-Push-contrib-master /usr/local/lib/z-push diff --git a/tools/update_mail_app.sh b/tools/update_mail_app.sh new file mode 100644 index 00000000..61cff821 --- /dev/null +++ b/tools/update_mail_app.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +# Simple script to update the mail app in ownCloud, not needed once it reaches beta+ + +echo installing mail app... +rm -f /tmp/owncloud_mail.zip +wget -qO /tmp/owncloud_mail.zip https://github.com/owncloud/mail/archive/master.zip +unzip /tmp/owncloud_mail.zip -d /usr/local/lib/owncloud/apps +mv /usr/local/lib/owncloud/apps/mail-master /usr/local/lib/owncloud/apps/mail +rm -f /tmp/owncloud.zip + +echo installing php composer and mail app dependencies... +curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/lib/owncloud/apps/mail +php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/local/lib/owncloud/apps/mail +chmod -R 777 /usr/local/lib/owncloud/apps/mail/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer + +echo DONE! :-) \ No newline at end of file From 36654bb5b46e6a30cf5c8bdbf1669325dd5843dd Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 15:28:15 +0200 Subject: [PATCH 44/63] quotes --- tools/update_mail_app.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/update_mail_app.sh b/tools/update_mail_app.sh index 61cff821..32fd564f 100644 --- a/tools/update_mail_app.sh +++ b/tools/update_mail_app.sh @@ -2,16 +2,16 @@ # Simple script to update the mail app in ownCloud, not needed once it reaches beta+ -echo installing mail app... +echo "installing mail app..." rm -f /tmp/owncloud_mail.zip wget -qO /tmp/owncloud_mail.zip https://github.com/owncloud/mail/archive/master.zip unzip /tmp/owncloud_mail.zip -d /usr/local/lib/owncloud/apps mv /usr/local/lib/owncloud/apps/mail-master /usr/local/lib/owncloud/apps/mail rm -f /tmp/owncloud.zip -echo installing php composer and mail app dependencies... +echo "installing php composer and mail app dependencies..." curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/lib/owncloud/apps/mail php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/local/lib/owncloud/apps/mail chmod -R 777 /usr/local/lib/owncloud/apps/mail/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer -echo DONE! :-) \ No newline at end of file +echo "DONE! :-)" \ No newline at end of file From 9d6dc78b15f694fbf7281f5b853ad34f85d95407 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Tue, 12 Aug 2014 11:36:40 +0000 Subject: [PATCH 45/63] keep Roundcube working too, put owncloud at /cloud rather than at / --- README.md | 2 +- conf/nginx.conf | 111 +++++++++++++++------------------ conf/zpush/backend_caldav.php | 2 +- conf/zpush/backend_carddav.php | 6 +- setup/start.sh | 1 + setup/webmail.sh | 103 ++++++++++++++++++++++++++++++ 6 files changed, 160 insertions(+), 65 deletions(-) create mode 100755 setup/webmail.sh diff --git a/README.md b/README.md index 766b7164..c5dfb496 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Then run the post-install checklist command to see what you need to do next: In addition to above once finished you need to: - Goto https://., and make a admin account. By default you don't need to edit the advanced settings + Goto https://./cloud, and make an ownCloud admin account. By default you don't need to edit the advanced settings Once logged in, click the "Files" link beside the cloud in the top left corner and then click Apps button Goto the "External user support" and activate it, do the same thing with the mail app diff --git a/conf/nginx.conf b/conf/nginx.conf index 20be9e26..9f83d014 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -2,10 +2,6 @@ ## Do not edit this file. It will be replaced each time ## Mail-in-a-Box needs up update the web configuration. -upstream php-fpm { - server unix:/var/run/php5-fpm.sock; -} - # Redirect all HTTP to HTTPS. server { listen 80; @@ -26,89 +22,84 @@ server { ssl_certificate_key $SSL_KEY; include /etc/nginx/nginx-ssl.conf; - # TODO: This is bad, we shouldnt hack it like this. - root /usr/local/lib/owncloud; + # Expose this directory as static files. + root $ROOT; index index.html index.htm; - # ownCloud configuration - client_max_body_size 16G; # set max upload size - fastcgi_buffers 64 4K; - - rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; - rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; - rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; - - index index.php; - error_page 403 /core/templates/403.php; - error_page 404 /core/templates/404.php; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; + # Roundcube Webmail configuration. + rewrite ^/mail$ /mail/ redirect; + rewrite ^/mail/$ /mail/index.php; + location /mail/ { + index index.php; + alias /usr/local/lib/roundcubemail/; + } + location ~ /mail/config/.* { + # A ~-style location is needed to give this precedence over the next block. + return 403; + } + location ~ /mail/.*\.php { + # note: ~ has precendence over a regular location block + include fastcgi_params; + fastcgi_split_path_info ^/mail(/.*)()$; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name; + fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; + client_max_body_size 20M; } - location ~ ^/(data|config|\.ht|db_structure\.xml|README) { - deny all; + # ownCloud configuration. + rewrite ^/caldav(.*)$ /cloud/remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /cloud/remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /cloud/remote.php/webdav$1 redirect; + rewrite ^/cloud$ /cloud/ redirect; + rewrite ^/cloud/$ /cloud/index.php; + rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html; + location /cloud/ { + alias /usr/local/lib/owncloud/; + location ~ ^/(data|config|\.ht|db_structure\.xml|README) { + deny all; + } } - - location / { - # The following 2 rules are only needed with webfinger - rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; - rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; - - rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; - - try_files $uri $uri/ index.php; - } - - location ~ ^(.+?\.php)(/.*)?$ { - try_files $1 = 404; - - # PHP specific configuration to deal with large file uploads + location ~ ^(/cloud)(/.+\.php)(/.*)?$ { + # note: ~ has precendence over a regular location block + include fastcgi_params; fastcgi_param PHP_VALUE "upload_max_filesize = 16G"; fastcgi_param PHP_VALUE "post_max_size = 16G"; fastcgi_param PHP_VALUE "output_buffering = 16384"; fastcgi_param PHP_VALUE "memory_limit = 512M"; - - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$1; - fastcgi_param PATH_INFO $2; - fastcgi_param HTTPS on; + fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2; + fastcgi_param SCRIPT_NAME $1$2; + fastcgi_param PATH_INFO $3; fastcgi_pass php-fpm; + error_page 403 /cloud/core/templates/403.php; + error_page 404 /cloud/core/templates/404.php; + client_max_body_size 1G; + fastcgi_buffers 64 4K; } - - # Optional: set long EXPIRES header on static assets - location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { - expires 30d; - # Optional: Don't log access to assets - access_log off; - } + rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect; # Webfinger configuration. - # TODO: fix this for owncloud location = /.well-known/webfinger { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-webfinger.php; - fastcgi_pass php-fpm; + fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; } # Microsoft Exchange autodiscover.xml for email location /autodiscover/autodiscover.xml { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-exchange-autodiscover.php; - fastcgi_pass php-fpm; + fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; } # Z-Push (Microsoft Exchange ActiveSync) location /Microsoft-Server-ActiveSync { - include /etc/nginx/fastcgi_params; - fastcgi_param PHP_VALUE "include_path=/usr/share/awl/inc"; + include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php; - fastcgi_pass php-fpm; + fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; } # ADDITIONAL DIRECTIVES HERE diff --git a/conf/zpush/backend_caldav.php b/conf/zpush/backend_caldav.php index ebe27ac2..309a1813 100644 --- a/conf/zpush/backend_caldav.php +++ b/conf/zpush/backend_caldav.php @@ -7,7 +7,7 @@ define('CALDAV_SERVER', 'https://localhost'); define('CALDAV_PORT', '443'); -define('CALDAV_PATH', '/remote.php/caldav/calendars/%u/'); +define('CALDAV_PATH', '/caldav/calendars/%u/'); define('CALDAV_PERSONAL', ''); // If the CalDAV server supports the sync-collection operation diff --git a/conf/zpush/backend_carddav.php b/conf/zpush/backend_carddav.php index 4dd1a741..f3e89371 100644 --- a/conf/zpush/backend_carddav.php +++ b/conf/zpush/backend_carddav.php @@ -9,9 +9,9 @@ define('CARDDAV_PROTOCOL', 'https'); /* http or https */ define('CARDDAV_SERVER', 'localhost'); define('CARDDAV_PORT', '443'); -define('CARDDAV_PATH', '/remote.php/carddav/addressbooks/%u/'); -define('CARDDAV_DEFAULT_PATH', '/remote.php/carddav/addressbooks/%u/contacts/'); /* subdirectory of the main path */ -define('CARDDAV_GAL_PATH', '/caldav.php/%d/GAL/'); /* readonly, searchable, not syncd */ +define('CARDDAV_PATH', '/carddav/addressbooks/%u/'); +define('CARDDAV_DEFAULT_PATH', '/carddav/addressbooks/%u/contacts/'); /* subdirectory of the main path */ +define('CARDDAV_GAL_PATH', ''); /* readonly, searchable, not syncd */ define('CARDDAV_GAL_MIN_LENGTH', 5); define('CARDDAV_CONTACTS_FOLDER_NAME', '%u Addressbook'); diff --git a/setup/start.sh b/setup/start.sh index 39987401..469f6162 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -273,6 +273,7 @@ EOF . setup/dkim.sh . setup/spamassassin.sh . setup/web.sh +. setup/webmail.sh . setup/owncloud.sh . setup/zpush.sh . setup/management.sh diff --git a/setup/webmail.sh b/setup/webmail.sh new file mode 100755 index 00000000..fbb489f4 --- /dev/null +++ b/setup/webmail.sh @@ -0,0 +1,103 @@ +# Webmail: Using roundcube +########################## + +source setup/functions.sh # load our functions +source /etc/mailinabox.conf # load global vars + +# Ubuntu's roundcube-core has dependencies on Apache & MySQL, which we don't want, so we can't +# install roundcube directly via apt-get install. +# +# Additionally, the Roundcube shipped with Ubuntu is consistently out of date. +# +# And it's packaged incorrectly --- it seems to be missing a directory of files. +# +# So we'll use apt-get to manually install the dependencies of roundcube that we know we need, +# and then we'll manually install roundcube from source. + +# These dependencies are from 'apt-cache showpkg roundcube-core'. +apt_install \ + dbconfig-common \ + php5 php5-sqlite php5-mcrypt php5-intl php5-json php5-common php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg php5-gd php5-pspell \ + tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 + +# We used to install Roundcube from Ubuntu, without triggering the dependencies +# on Apache and MySQL, by downloading the debs and installing them manually. +# Now that we're beyond that, get rid of those debs before installing from source. +apt-get purge -qq -y roundcube* + +# Install Roundcube from source if it is not already present. +# TODO: Check version? +if [ ! -d /usr/local/lib/roundcubemail ]; then + rm -f /tmp/roundcube.tgz + wget -qO /tmp/roundcube.tgz http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/1.0.1/roundcubemail-1.0.1.tar.gz + tar -C /usr/local/lib -zxf /tmp/roundcube.tgz + mv /usr/local/lib/roundcubemail-1.0.1/ /usr/local/lib/roundcubemail + rm -f /tmp/roundcube.tgz +fi + +# Generate a safe 24-character secret key of safe characters. +SECRET_KEY=$(dd if=/dev/random bs=20 count=1 2>/dev/null | base64 | fold -w 24 | head -n 1) + +# Create a configuration file. +# +# For security, temp and log files are not stored in the default locations +# which are inside the roundcube sources directory. We put them instead +# in normal places. +cat - > /usr/local/lib/roundcubemail/config/config.inc.php < +EOF + +# Create writable directories. +mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube +chown -R www-data.www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube + +# Password changing plugin settings +# The config comes empty by default, so we need the settings +# we're not planning to change in config.inc.dist... +cp /usr/local/lib/roundcubemail/plugins/password/config.inc.php.dist \ + /usr/local/lib/roundcubemail/plugins/password/config.inc.php + +tools/editconf.py /usr/local/lib/roundcubemail/plugins/password/config.inc.php \ + "\$config['password_minimum_length']=6;" \ + "\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \ + "\$config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \ + "\$config['password_dovecotpw']='/usr/bin/doveadm pw';" \ + "\$config['password_dovecotpw_method']='SHA512-CRYPT';" \ + "\$config['password_dovecotpw_with_method']=true;" + +# so PHP can use doveadm, for the password changing plugin +usermod -a -G dovecot www-data + +# set permissions so that PHP can use users.sqlite +# could use dovecot instead of www-data, but not sure it matters +chown root.www-data $STORAGE_ROOT/mail +chmod 775 $STORAGE_ROOT/mail +chown root.www-data $STORAGE_ROOT/mail/users.sqlite +chmod 664 $STORAGE_ROOT/mail/users.sqlite + +# Enable PHP modules. +php5enmod mcrypt +restart_service php5-fpm From 4d64246b2203026e73a9d9e10880e06717ca854c Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Tue, 12 Aug 2014 12:03:36 +0000 Subject: [PATCH 46/63] tweak z-push/owncloud installation scripts: hide output, check if z-push needs an update, dont use /etc/timezone because its contents would need to be escaped before being passed into sed --- setup/owncloud.sh | 4 ++-- setup/zpush.sh | 21 +++++++++++++++------ 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 12059fff..a1ee73c7 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -17,7 +17,7 @@ if [ ! -d /usr/local/lib/owncloud ]; then echo Installing ownCloud... rm -f /tmp/owncloud.zip wget -qO /tmp/owncloud.zip https://download.owncloud.org/community/owncloud-7.0.1.zip - unzip /tmp/owncloud.zip -d /usr/local/lib + unzip -q /tmp/owncloud.zip -d /usr/local/lib rm -f /tmp/owncloud.zip fi @@ -75,7 +75,7 @@ chmod -R 777 /usr/local/lib/owncloud/apps/mail/vendor/ezyang/htmlpurifier/librar # Use Crontab instead of AJAX/webcron in ownCloud # TODO: somehow change the cron option in ownClouds config, not exposed afaik? -(crontab -u www-user -l; echo "*/15 * * * * php -f /usr/local/lib/owncloud/cron.php" ) | crontab -u www-user - +(crontab -u www-data -l; echo "*/15 * * * * php -f /usr/local/lib/owncloud/cron.php" ) | crontab -u www-data - php5enmod imap restart_service php5-fpm diff --git a/setup/zpush.sh b/setup/zpush.sh index 7e2c0cf2..8acd4690 100755 --- a/setup/zpush.sh +++ b/setup/zpush.sh @@ -19,20 +19,29 @@ apt_install \ php5enmod imap # Copy Z-Push into place. -if [ ! -d /usr/local/lib/z-push ]; then +needs_update=0 +if [ ! -f /usr/local/lib/z-push/version ]; then + needs_update=1 +elif [[ `curl -s https://api.github.com/repos/fmbiete/Z-Push-contrib/git/refs/heads/master` != `cat /usr/local/lib/z-push/version` ]]; then + # checks if the version + needs_update=1 +fi +if [ $needs_update == 1 ]; then + rm -rf /usr/local/lib/z-push rm -f /tmp/zpush.zip - echo Installing z-push... + echo Installing z-push \(fmbiete fork\)... wget -qO /tmp/zpush.zip https://github.com/fmbiete/Z-Push-contrib/archive/master.zip - unzip /tmp/zpush.zip -d /usr/local/lib/ + unzip -q /tmp/zpush.zip -d /usr/local/lib/ mv /usr/local/lib/Z-Push-contrib-master /usr/local/lib/z-push + rm -f /usr/sbin/z-push-{admin,top} ln -s /usr/local/lib/z-push/z-push-admin.php /usr/sbin/z-push-admin ln -s /usr/local/lib/z-push/z-push-top.php /usr/sbin/z-push-top rm /tmp/zpush.zip; + curl -s https://api.github.com/repos/fmbiete/Z-Push-contrib/git/refs/heads/master > /usr/local/lib/z-push/version fi -# Configure default config -TIMEZONE=`cat /etc/timezone` -sed -i "s/define('TIMEZONE', .*/define('TIMEZONE', '$TIMEZONE');/" /usr/local/lib/z-push/config.php +# Configure default config. +sed -i "s/define('TIMEZONE', .*/define('TIMEZONE', 'Etc\/UTC');/" /usr/local/lib/z-push/config.php sed -i "s/define('BACKEND_PROVIDER', .*/define('BACKEND_PROVIDER', 'BackendCombined');/" /usr/local/lib/z-push/config.php # Configure BACKEND From 791e68a3af748434f4a8d13235467b8f833c2253 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Tue, 12 Aug 2014 13:25:38 +0000 Subject: [PATCH 47/63] automate more of the initial configuration --- README.md | 4 +--- setup/owncloud.sh | 26 ++++++++++++++++++++++---- 2 files changed, 23 insertions(+), 7 deletions(-) mode change 100644 => 100755 setup/owncloud.sh diff --git a/README.md b/README.md index c5dfb496..cc34ff59 100644 --- a/README.md +++ b/README.md @@ -31,9 +31,7 @@ Then run the post-install checklist command to see what you need to do next: In addition to above once finished you need to: - Goto https://./cloud, and make an ownCloud admin account. By default you don't need to edit the advanced settings - Once logged in, click the "Files" link beside the cloud in the top left corner and then click Apps button - Goto the "External user support" and activate it, do the same thing with the mail app + Goto https://./cloud, and make an ownCloud admin account. Don't edit the advanced settings. Congratulations! You should now have a working setup. Feel free to login with your mail credentials created earlier in the setup diff --git a/setup/owncloud.sh b/setup/owncloud.sh old mode 100644 new mode 100755 index a1ee73c7..de196f0f --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -23,12 +23,27 @@ fi # Create a configuration file. TIMEZONE=`cat /etc/timezone` -if [ ! -f "/usr/local/lib/owncloud/config/config.php" ]; then - cat - > /usr/local/lib/owncloud/config/config.php </dev/null | sha1sum | fold -w 30 | head -n 1) +cat - > /usr/local/lib/owncloud/config/config.php < true, + + 'version' => '7.0.1.1', + 'datadirectory' => '$STORAGE_ROOT/owncloud', + 'dbtype' => 'sqlite3', + + 'instanceid' => '$instanceid', + 'passwordsalt' => '$passwordsalt', + 'trusted_domains' => + array ( + 0 => '$PRIMARY_HOSTNAME', + ), + + 'overwritewebroot' => '/cloud', 'user_backends' => array( array( 'class'=>'OC_User_IMAP', @@ -52,7 +67,6 @@ if [ ! -f "/usr/local/lib/owncloud/config/config.php" ]; then ); ?> EOF -fi # Set permissions mkdir -p $STORAGE_ROOT/owncloud @@ -63,7 +77,7 @@ chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud if [ ! -d /usr/local/lib/owncloud/apps/mail ]; then rm -f /tmp/owncloud_mail.zip wget -qO /tmp/owncloud_mail.zip https://github.com/owncloud/mail/archive/master.zip - unzip /tmp/owncloud_mail.zip -d /usr/local/lib/owncloud/apps + unzip -q /tmp/owncloud_mail.zip -d /usr/local/lib/owncloud/apps mv /usr/local/lib/owncloud/apps/mail-master /usr/local/lib/owncloud/apps/mail rm -f /tmp/owncloud.zip fi @@ -77,5 +91,9 @@ chmod -R 777 /usr/local/lib/owncloud/apps/mail/vendor/ezyang/htmlpurifier/librar # TODO: somehow change the cron option in ownClouds config, not exposed afaik? (crontab -u www-data -l; echo "*/15 * * * * php -f /usr/local/lib/owncloud/cron.php" ) | crontab -u www-data - +# Enable apps. +hide_output php /usr/local/lib/owncloud/console.php app:enable user_external +hide_output php /usr/local/lib/owncloud/console.php app:enable mail + php5enmod imap restart_service php5-fpm From b92033cafe743b7e79d9a7718f711098b317e731 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 15:39:45 +0200 Subject: [PATCH 48/63] install fpm instead of cgi --- setup/web.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/web.sh b/setup/web.sh index be5a8580..f6be664c 100755 --- a/setup/web.sh +++ b/setup/web.sh @@ -5,7 +5,7 @@ source setup/functions.sh # load our functions source /etc/mailinabox.conf # load global vars -apt_install nginx php5-cgi +apt_install nginx php5-fpm rm -f /etc/nginx/sites-enabled/default From e828dd63e12a0e264f17770e1ea29dbb18b0a057 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Tue, 12 Aug 2014 16:45:36 +0200 Subject: [PATCH 49/63] auto enable apps in owncloud (FINAL COMMIT!) --- setup/owncloud.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 59f3fbbf..0e4652f1 100644 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -7,7 +7,7 @@ source /etc/mailinabox.conf # load global vars apt_install \ dbconfig-common \ php5-cli php5-sqlite php5-gd php5-imap php5-curl php-pear php-apc curl libapr1 libtool libcurl4-openssl-dev php-xml-parser \ - php5 php5-dev php5-gd php5-fpm memcached php5-memcache unzip sqlite + php5 php5-dev php5-gd php5-fpm memcached php5-memcache unzip apt-get purge -qq -y owncloud* @@ -84,5 +84,9 @@ chmod -R 777 /usr/local/lib/owncloud/apps/mail/vendor/ezyang/htmlpurifier/librar # TODO: somehow change the cron option in ownClouds config, not exposed afaik? (crontab -u www-user -l; echo "*/15 * * * * php -f /usr/local/lib/owncloud/cron.php" ) | crontab -u www-user - +# Enable apps. +hide_output php /usr/local/lib/owncloud/console.php app:enable user_external +hide_output php /usr/local/lib/owncloud/console.php app:enable mail + php5enmod imap restart_service php5-fpm \ No newline at end of file From d03bc0cefaaff95c65c439a4a3cb5c1c1180f977 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Wed, 13 Aug 2014 00:30:09 +0000 Subject: [PATCH 50/63] more owncloud configuration tweaks --- conf/nginx.conf | 8 +++++--- setup/owncloud.sh | 8 ++++---- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index eb05b634..ff184ca2 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -46,9 +46,6 @@ server { } # ownCloud configuration. - rewrite ^/caldav(.*)$ /cloud/remote.php/caldav$1 redirect; - rewrite ^/carddav(.*)$ /cloud/remote.php/carddav$1 redirect; - rewrite ^/webdav(.*)$ /cloud/remote.php/webdav$1 redirect; rewrite ^/cloud$ /cloud/ redirect; rewrite ^/cloud/$ /cloud/index.php; rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html; @@ -71,6 +68,11 @@ server { client_max_body_size 1G; fastcgi_buffers 64 4K; } + location ~ ^/((caldav|carddav|webdav).*)$ { + # Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either. + # Properly proxying like this seems to work fine. + proxy_pass https://$HOSTNAME/cloud/remote.php/$1; + } rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect; diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 5429de49..4e164d91 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -93,16 +93,16 @@ fi curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/lib/owncloud/apps/mail php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/local/lib/owncloud/apps/mail chmod -R 777 /usr/local/lib/owncloud/apps/mail/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer +chown -R www-data.www-data /usr/local/lib/owncloud/apps/mail/ # Use Crontab instead of AJAX/webcron in ownCloud # TODO: somehow change the cron option in ownClouds config, not exposed afaik? (crontab -u www-data -l; echo "*/15 * * * * php -f /usr/local/lib/owncloud/cron.php" ) | crontab -u www-data - -# Enable apps. -hide_output php /usr/local/lib/owncloud/console.php app:enable user_external -hide_output php /usr/local/lib/owncloud/console.php app:enable mail +# This seems to need to be disabled or things just don't work right. Josh gets an empty modal box and can't use the site. +hide_output php /usr/local/lib/owncloud/console.php app:disable firstrunwizard -# Enable apps. +# Enable apps. These don't seem to work until after the administrator account is created, which we haven't done here. hide_output php /usr/local/lib/owncloud/console.php app:enable user_external hide_output php /usr/local/lib/owncloud/console.php app:enable mail From 7024b428ad9f83cfccaa8d39cae525b010cf461b Mon Sep 17 00:00:00 2001 From: jkaberg Date: Wed, 13 Aug 2014 07:30:32 +0200 Subject: [PATCH 51/63] increased timeouts so that owncloud properly loads with larger db --- conf/nginx.conf | 7 ++++++- setup/owncloud.sh | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index ff184ca2..25da4064 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -31,10 +31,12 @@ server { index index.php; alias /usr/local/lib/roundcubemail/; } + location ~ /mail/config/.* { # A ~-style location is needed to give this precedence over the next block. return 403; } + location ~ /mail/.*\.php { # note: ~ has precendence over a regular location block include fastcgi_params; @@ -62,6 +64,7 @@ server { fastcgi_param SCRIPT_NAME $1$2; fastcgi_param PATH_INFO $3; fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; + fastcgi_read_timeout 630; fastcgi_pass php-fpm; error_page 403 /cloud/core/templates/403.php; error_page 404 /cloud/core/templates/404.php; @@ -73,6 +76,7 @@ server { # Properly proxying like this seems to work fine. proxy_pass https://$HOSTNAME/cloud/remote.php/$1; } + rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect; @@ -94,8 +98,9 @@ server { # Z-Push (Microsoft Exchange ActiveSync) location /Microsoft-Server-ActiveSync { - include /etc/nginx/fastcgi_params; + include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php; + fastcgi_read_timeout 630; fastcgi_pass php-fpm; } diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 4e164d91..d232fb72 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -77,7 +77,9 @@ tools/editconf.py /etc/php5/fpm/php.ini \ upload_max_filesize=16G \ post_max_size=16G \ output_buffering=16384 \ - memory_limit=512M + memory_limit=512M \ + max_execution_time=600 \ + short_open_tag=On # Download and install the mail app # TODO: enable mail app in ownCloud config, not exposed afaik? From 59c1c670b5dd9e361283dd45da927168ff927101 Mon Sep 17 00:00:00 2001 From: jkaberg Date: Wed, 13 Aug 2014 08:10:53 +0200 Subject: [PATCH 52/63] x-accel-redirect dosn't need to process files in ownCloud data directory. TODO: fix for autogeneration --- conf/nginx.conf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/conf/nginx.conf b/conf/nginx.conf index 25da4064..a16e1372 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -57,6 +57,7 @@ server { deny all; } } + location ~ ^(/cloud)(/.+\.php)(/.*)?$ { # note: ~ has precendence over a regular location block include fastcgi_params; @@ -71,12 +72,20 @@ server { client_max_body_size 1G; fastcgi_buffers 64 4K; } + location ~ ^/((caldav|carddav|webdav).*)$ { # Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either. # Properly proxying like this seems to work fine. proxy_pass https://$HOSTNAME/cloud/remote.php/$1; } +# location ^~ /cloud/data { +# internal; +# # Set 'alias' if not using the default 'datadirectory' +# # TODO: Since this is auto generated, we need a better approach! +# alias /home/user-data/owncloud; +# } + rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect; From a10b828d5c2b33849cdf06aeed5db3cb32a0d899 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Fri, 15 Aug 2014 18:29:05 -0400 Subject: [PATCH 53/63] when modifying php.ini, use ; as the comment char not # because php emits horrid deprecation warnings otherwise --- setup/owncloud.sh | 4 +++- tools/editconf.py | 15 ++++++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 4e164d91..f3655668 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -1,3 +1,4 @@ +#!/bin/bash # Owncloud ########################## @@ -73,7 +74,8 @@ mkdir -p $STORAGE_ROOT/owncloud chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud # Set PHP FPM values to support large file uploads -tools/editconf.py /etc/php5/fpm/php.ini \ +# (semicolon is the comment character in this file, hashes produce deprecation warnings) +tools/editconf.py /etc/php5/fpm/php.ini -c ';' \ upload_max_filesize=16G \ post_max_size=16G \ output_buffering=16384 \ diff --git a/tools/editconf.py b/tools/editconf.py index e6e7c68d..7bc3d190 100755 --- a/tools/editconf.py +++ b/tools/editconf.py @@ -33,6 +33,7 @@ settings = sys.argv[2:] delimiter = "=" delimiter_re = r"\s*=\s*" +comment_char = "#" folded_lines = False testing = False while settings[0][0] == "-" and settings[0] != "--": @@ -42,7 +43,11 @@ while settings[0][0] == "-" and settings[0] != "--": delimiter = " " delimiter_re = r"\s+" elif opt == "-w": + # Line folding is possible in this file. folded_lines = True + elif opt == "-c": + # Specifies a different comment character. + comment_char = settings.pop(0) elif opt == "-t": testing = True else: @@ -60,7 +65,7 @@ while len(input_lines) > 0: # If this configuration file uses folded lines, append any folded lines # into our input buffer. - if folded_lines and line[0] not in ("#", " ", ""): + if folded_lines and line[0] not in (comment_char, " ", ""): while len(input_lines) > 0 and input_lines[0][0] in " \t": line += input_lines.pop(0) @@ -68,7 +73,11 @@ while len(input_lines) > 0: for i in range(len(settings)): # Check that this line contain this setting from the command-line arguments. name, val = settings[i].split("=", 1) - m = re.match("(\s*)(#\s*)?" + re.escape(name) + delimiter_re + "(.*?)\s*$", line, re.S) + m = re.match( + "(\s*)" + + "(" + re.escape(comment_char) + "\s*)?" + + re.escape(name) + delimiter_re + "(.*?)\s*$", + line, re.S) if not m: continue indent, is_comment, existing_val = m.groups() @@ -83,7 +92,7 @@ while len(input_lines) > 0: # comment-out the existing line (also comment any folded lines) if is_comment is None: - buf += "#" + line.rstrip().replace("\n", "\n#") + "\n" + buf += comment_char + line.rstrip().replace("\n", "\n" + comment_char) + "\n" else: # the line is already commented, pass it through buf += line From ca45c88a32f34725b3f54dcdb79f20bf41e1aa2a Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Wed, 13 Aug 2014 19:27:14 +0000 Subject: [PATCH 54/63] owncloud: set forcessl to be true to get the corret HSTS header (would be better if we could prevent ownCloud from sending one) --- setup/owncloud.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 23641ff1..d19798a8 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -43,6 +43,7 @@ cat - > /usr/local/lib/owncloud/config/config.php < '$PRIMARY_HOSTNAME', ), + 'forcessl' => true, # if unset/false, ownCloud sends a HSTS=0 header, which conflicts with nginx config 'overwritewebroot' => '/cloud', 'user_backends' => array( From 398b538e2b48c3764f67d75804af65bdb8b101d2 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Fri, 15 Aug 2014 23:07:20 +0000 Subject: [PATCH 55/63] owncloud: automatically set it up with an administrator account that even the box owner doesn't have access to, because we do not want to have the user hit ownCloud's setup page on first visit --- setup/owncloud.sh | 45 ++++++++++++++++++++++++++++++++------------- 1 file changed, 32 insertions(+), 13 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index d19798a8..5512e07d 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -25,20 +25,13 @@ fi # Create a configuration file. TIMEZONE=`cat /etc/timezone` instanceid=oc$(echo $PRIMARY_HOSTNAME | sha1sum | fold -w 10 | head -n 1) -passwordsalt=$(dd if=/dev/random bs=40 count=1 2>/dev/null | sha1sum | fold -w 30 | head -n 1) cat - > /usr/local/lib/owncloud/config/config.php < true, - - 'version' => '7.0.1.1', - 'datadirectory' => '$STORAGE_ROOT/owncloud', - 'dbtype' => 'sqlite3', 'instanceid' => '$instanceid', - 'passwordsalt' => '$passwordsalt', + 'trusted_domains' => array ( 0 => '$PRIMARY_HOSTNAME', @@ -70,10 +63,37 @@ cat - > /usr/local/lib/owncloud/config/config.php < EOF +# Create an auto-configuration file to fill in database settings. +adminpassword=$(dd if=/dev/random bs=40 count=1 2>/dev/null | sha1sum | fold -w 30 | head -n 1) +cat - > /usr/local/lib/owncloud/config/autoconfig.php < '$STORAGE_ROOT/owncloud', + 'dbtype' => 'sqlite3', + + # create an administrator account with a random password so that + # the user does not have to enter anything on first load of ownCloud + 'adminlogin' => 'root', + 'adminpass' => '$adminpassword', +); +?> +EOF + # Set permissions mkdir -p $STORAGE_ROOT/owncloud chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud +# Execute ownCloud's setup step, which creates the ownCloud sqlite database. +# It also wipes it if it exists. And it deletes the autoconfig.php file. +(cd /usr/local/lib/owncloud; sudo -u www-data php /usr/local/lib/owncloud/index.php;) + +# Enable/disable apps. Note that this must be done after the ownCloud setup. +# The firstrunwizard gave Josh all sorts of problems, so disabling that. +# user_external is what allows ownCloud to use IMAP for login. +hide_output php /usr/local/lib/owncloud/console.php app:disable firstrunwizard +hide_output php /usr/local/lib/owncloud/console.php app:enable user_external + # Set PHP FPM values to support large file uploads # (semicolon is the comment character in this file, hashes produce deprecation warnings) tools/editconf.py /etc/php5/fpm/php.ini -c ';' \ @@ -84,6 +104,8 @@ tools/editconf.py /etc/php5/fpm/php.ini -c ';' \ max_execution_time=600 \ short_open_tag=On +# MAIL + # Download and install the mail app # TODO: enable mail app in ownCloud config, not exposed afaik? if [ ! -d /usr/local/lib/owncloud/apps/mail ]; then @@ -104,12 +126,9 @@ chown -R www-data.www-data /usr/local/lib/owncloud/apps/mail/ # TODO: somehow change the cron option in ownClouds config, not exposed afaik? (crontab -u www-data -l; echo "*/15 * * * * php -f /usr/local/lib/owncloud/cron.php" ) | crontab -u www-data - -# This seems to need to be disabled or things just don't work right. Josh gets an empty modal box and can't use the site. -hide_output php /usr/local/lib/owncloud/console.php app:disable firstrunwizard - -# Enable apps. These don't seem to work until after the administrator account is created, which we haven't done here. -hide_output php /usr/local/lib/owncloud/console.php app:enable user_external +# Enable mail app. hide_output php /usr/local/lib/owncloud/console.php app:enable mail +# Finished. php5enmod imap restart_service php5-fpm From 8c9f2781669cf18c6e693eb157c9d013d536b00b Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Fri, 15 Aug 2014 23:10:05 +0000 Subject: [PATCH 56/63] owncloud: support MOD_X_ACCEL_REDIRECT_ENABLED This lets downloads from the file app work. --- conf/nginx.conf | 15 ++++++++------- management/web_update.py | 1 + 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index a16e1372..e7aa501a 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -72,6 +72,14 @@ server { client_max_body_size 1G; fastcgi_buffers 64 4K; } + location ^~ /cloud/data { + # In order to support MOD_X_ACCEL_REDIRECT_ENABLED, we need to expose + # the data directory but only allow 'internal' redirects within nginx + # so that this is not exposed to the world. + internal; + alias $STORAGE_ROOT/owncloud; + } + location ~ ^/((caldav|carddav|webdav).*)$ { # Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either. @@ -79,13 +87,6 @@ server { proxy_pass https://$HOSTNAME/cloud/remote.php/$1; } -# location ^~ /cloud/data { -# internal; -# # Set 'alias' if not using the default 'datadirectory' -# # TODO: Since this is auto generated, we need a better approach! -# alias /home/user-data/owncloud; -# } - rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect; diff --git a/management/web_update.py b/management/web_update.py index 0704c262..0665156b 100644 --- a/management/web_update.py +++ b/management/web_update.py @@ -79,6 +79,7 @@ def make_domain_config(domain, template, env): # Replace substitution strings in the template & return. nginx_conf = template + nginx_conf = nginx_conf.replace("$STORAGE_ROOT", env['STORAGE_ROOT']) nginx_conf = nginx_conf.replace("$HOSTNAME", domain) nginx_conf = nginx_conf.replace("$ROOT", root) nginx_conf = nginx_conf.replace("$SSL_KEY", ssl_key) From 6fdef379adfdeac86cc2220209bdf4eb9562268d Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Fri, 15 Aug 2014 23:17:16 +0000 Subject: [PATCH 57/63] owncloud: fix regex in nginx config /cloud/index.php/apps/files/ajax/scan.php would not be parsed right because of two .php's --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index e7aa501a..3ed75560 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -58,7 +58,7 @@ server { } } - location ~ ^(/cloud)(/.+\.php)(/.*)?$ { + location ~ ^(/cloud)(/[^/]+\.php)(/.*)?$ { # note: ~ has precendence over a regular location block include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2; From ce4505b72bd31c90b4bd07bd9f4dba1b1c8d8baf Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 16 Aug 2014 12:14:57 +0000 Subject: [PATCH 58/63] remove owncloud step from README, no longer needed since 398b538e2b48c3764f67d75804af65bdb8b101d2 --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index cc34ff59..8b5e6885 100644 --- a/README.md +++ b/README.md @@ -29,10 +29,6 @@ Then run the post-install checklist command to see what you need to do next: sudo management/whats_next.py -In addition to above once finished you need to: - - Goto https://./cloud, and make an ownCloud admin account. Don't edit the advanced settings. - Congratulations! You should now have a working setup. Feel free to login with your mail credentials created earlier in the setup **Status**: This is a work in progress. It works for what it is, but it is missing such things as quotas, backup/restore, etc. From 277f98aac892e895ad4faf3a2915811aed34a56b Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 16 Aug 2014 12:18:05 +0000 Subject: [PATCH 59/63] drop the owncloud mail app for now --- setup/owncloud.sh | 21 --------------------- tools/update_mail_app.sh | 17 ----------------- 2 files changed, 38 deletions(-) delete mode 100644 tools/update_mail_app.sh diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 5512e07d..a1e8b3a4 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -104,31 +104,10 @@ tools/editconf.py /etc/php5/fpm/php.ini -c ';' \ max_execution_time=600 \ short_open_tag=On -# MAIL - -# Download and install the mail app -# TODO: enable mail app in ownCloud config, not exposed afaik? -if [ ! -d /usr/local/lib/owncloud/apps/mail ]; then - rm -f /tmp/owncloud_mail.zip - wget -qO /tmp/owncloud_mail.zip https://github.com/owncloud/mail/archive/master.zip - unzip -q /tmp/owncloud_mail.zip -d /usr/local/lib/owncloud/apps - mv /usr/local/lib/owncloud/apps/mail-master /usr/local/lib/owncloud/apps/mail - rm -f /tmp/owncloud.zip -fi - -# Currently the mail app dosnt ship with the dependencies, so we need to install them -curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/lib/owncloud/apps/mail -php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/local/lib/owncloud/apps/mail -chmod -R 777 /usr/local/lib/owncloud/apps/mail/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer -chown -R www-data.www-data /usr/local/lib/owncloud/apps/mail/ - # Use Crontab instead of AJAX/webcron in ownCloud # TODO: somehow change the cron option in ownClouds config, not exposed afaik? (crontab -u www-data -l; echo "*/15 * * * * php -f /usr/local/lib/owncloud/cron.php" ) | crontab -u www-data - -# Enable mail app. -hide_output php /usr/local/lib/owncloud/console.php app:enable mail - # Finished. php5enmod imap restart_service php5-fpm diff --git a/tools/update_mail_app.sh b/tools/update_mail_app.sh deleted file mode 100644 index 32fd564f..00000000 --- a/tools/update_mail_app.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -# Simple script to update the mail app in ownCloud, not needed once it reaches beta+ - -echo "installing mail app..." -rm -f /tmp/owncloud_mail.zip -wget -qO /tmp/owncloud_mail.zip https://github.com/owncloud/mail/archive/master.zip -unzip /tmp/owncloud_mail.zip -d /usr/local/lib/owncloud/apps -mv /usr/local/lib/owncloud/apps/mail-master /usr/local/lib/owncloud/apps/mail -rm -f /tmp/owncloud.zip - -echo "installing php composer and mail app dependencies..." -curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/lib/owncloud/apps/mail -php /usr/local/lib/owncloud/apps/mail/composer.phar install --working-dir=/usr/local/lib/owncloud/apps/mail -chmod -R 777 /usr/local/lib/owncloud/apps/mail/vendor/ezyang/htmlpurifier/library/HTMLPurifier/DefinitionCache/Serializer - -echo "DONE! :-)" \ No newline at end of file From 6e380ade1768c8062a4e5da1ce8ce991bec1aa0f Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 16 Aug 2014 12:33:10 +0000 Subject: [PATCH 60/63] owncloud will only let users access it from the PRIMARY_HOSTNAME (due to its trusted_domains option being set statically), so only include /cloud in the nginx configuration for PRIMARY_HOSTNAME --- conf/nginx-primaryonly.conf | 41 ++++++++++++++++++++++++++++++++ conf/nginx.conf | 47 ------------------------------------- management/web_update.py | 21 ++++++++++------- 3 files changed, 54 insertions(+), 55 deletions(-) create mode 100644 conf/nginx-primaryonly.conf diff --git a/conf/nginx-primaryonly.conf b/conf/nginx-primaryonly.conf new file mode 100644 index 00000000..d7457ed6 --- /dev/null +++ b/conf/nginx-primaryonly.conf @@ -0,0 +1,41 @@ + # ownCloud configuration. + rewrite ^/cloud$ /cloud/ redirect; + rewrite ^/cloud/$ /cloud/index.php; + rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html; + location /cloud/ { + alias /usr/local/lib/owncloud/; + location ~ ^/(data|config|\.ht|db_structure\.xml|README) { + deny all; + } + } + location ~ ^(/cloud)(/[^/]+\.php)(/.*)?$ { + # note: ~ has precendence over a regular location block + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2; + fastcgi_param SCRIPT_NAME $1$2; + fastcgi_param PATH_INFO $3; + fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; + fastcgi_read_timeout 630; + fastcgi_pass php-fpm; + error_page 403 /cloud/core/templates/403.php; + error_page 404 /cloud/core/templates/404.php; + client_max_body_size 1G; + fastcgi_buffers 64 4K; + } + location ^~ /cloud/data { + # In order to support MOD_X_ACCEL_REDIRECT_ENABLED, we need to expose + # the data directory but only allow 'internal' redirects within nginx + # so that this is not exposed to the world. + internal; + alias $STORAGE_ROOT/owncloud; + } + location ~ ^/((caldav|carddav|webdav).*)$ { + # Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either. + # Properly proxying like this seems to work fine. + proxy_pass https://$HOSTNAME/cloud/remote.php/$1; + } + rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect; + diff --git a/conf/nginx.conf b/conf/nginx.conf index 3ed75560..4f343c5a 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -31,12 +31,10 @@ server { index index.php; alias /usr/local/lib/roundcubemail/; } - location ~ /mail/config/.* { # A ~-style location is needed to give this precedence over the next block. return 403; } - location ~ /mail/.*\.php { # note: ~ has precendence over a regular location block include fastcgi_params; @@ -47,51 +45,6 @@ server { client_max_body_size 20M; } - # ownCloud configuration. - rewrite ^/cloud$ /cloud/ redirect; - rewrite ^/cloud/$ /cloud/index.php; - rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html; - location /cloud/ { - alias /usr/local/lib/owncloud/; - location ~ ^/(data|config|\.ht|db_structure\.xml|README) { - deny all; - } - } - - location ~ ^(/cloud)(/[^/]+\.php)(/.*)?$ { - # note: ~ has precendence over a regular location block - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2; - fastcgi_param SCRIPT_NAME $1$2; - fastcgi_param PATH_INFO $3; - fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; - fastcgi_read_timeout 630; - fastcgi_pass php-fpm; - error_page 403 /cloud/core/templates/403.php; - error_page 404 /cloud/core/templates/404.php; - client_max_body_size 1G; - fastcgi_buffers 64 4K; - } - location ^~ /cloud/data { - # In order to support MOD_X_ACCEL_REDIRECT_ENABLED, we need to expose - # the data directory but only allow 'internal' redirects within nginx - # so that this is not exposed to the world. - internal; - alias $STORAGE_ROOT/owncloud; - } - - - location ~ ^/((caldav|carddav|webdav).*)$ { - # Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either. - # Properly proxying like this seems to work fine. - proxy_pass https://$HOSTNAME/cloud/remote.php/$1; - } - - rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last; - rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last; - rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect; - rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect; - # Webfinger configuration. location = /.well-known/webfinger { include fastcgi_params; diff --git a/management/web_update.py b/management/web_update.py index 0665156b..3ef28560 100644 --- a/management/web_update.py +++ b/management/web_update.py @@ -43,9 +43,10 @@ def do_web_update(env): nginx_conf = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-top.conf")).read() # Add configuration for each web domain. - template = open(os.path.join(os.path.dirname(__file__), "../conf/nginx.conf")).read() + template1 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx.conf")).read() + template2 = open(os.path.join(os.path.dirname(__file__), "../conf/nginx-primaryonly.conf")).read() for domain in get_web_domains(env): - nginx_conf += make_domain_config(domain, template, env) + nginx_conf += make_domain_config(domain, template1, template2, env) # Did the file change? If not, don't bother writing & restarting nginx. nginx_conf_fn = "/etc/nginx/conf.d/local.conf" @@ -63,7 +64,7 @@ def do_web_update(env): return "web updated\n" -def make_domain_config(domain, template, env): +def make_domain_config(domain, template, template_for_primaryhost, env): # How will we configure this domain. # Where will its root directory be for static files? @@ -77,8 +78,13 @@ def make_domain_config(domain, template, env): # available. Make a self-signed one now if one doesn't exist. ensure_ssl_certificate_exists(domain, ssl_key, ssl_certificate, csr_path, env) + # Put pieces together. + nginx_conf_parts = re.split("\s*# ADDITIONAL DIRECTIVES HERE\s*", template) + nginx_conf = nginx_conf_parts[0] + "\n" + if domain == env['PRIMARY_HOSTNAME']: + nginx_conf += template_for_primaryhost + "\n" + # Replace substitution strings in the template & return. - nginx_conf = template nginx_conf = nginx_conf.replace("$STORAGE_ROOT", env['STORAGE_ROOT']) nginx_conf = nginx_conf.replace("$HOSTNAME", domain) nginx_conf = nginx_conf.replace("$ROOT", root) @@ -86,17 +92,16 @@ def make_domain_config(domain, template, env): nginx_conf = nginx_conf.replace("$SSL_CERTIFICATE", ssl_certificate) # Add in any user customizations. - nginx_conf_parts = re.split("(# ADDITIONAL DIRECTIVES HERE\n)", nginx_conf) nginx_conf_custom_fn = os.path.join(env["STORAGE_ROOT"], "www/custom.yaml") if os.path.exists(nginx_conf_custom_fn): yaml = rtyaml.load(open(nginx_conf_custom_fn)) if domain in yaml: yaml = yaml[domain] if "proxy" in yaml: - nginx_conf_parts[1] += "\tlocation / {\n\t\tproxy_pass %s;\n\t}\n" % yaml["proxy"] + nginx_conf += "\tlocation / {\n\t\tproxy_pass %s;\n\t}\n" % yaml["proxy"] - # Put it all together. - nginx_conf = "".join(nginx_conf_parts) + # Ending. + nginx_conf += nginx_conf_parts[1] return nginx_conf From 9e86c67534a24c491b79ad4603ce8cf4a0849ea8 Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 16 Aug 2014 12:38:03 +0000 Subject: [PATCH 61/63] make setup/owncloud.sh idempotent: don't wreck user data on second run --- setup/owncloud.sh | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index a1e8b3a4..4f01141b 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -22,10 +22,13 @@ if [ ! -d /usr/local/lib/owncloud ]; then rm -f /tmp/owncloud.zip fi -# Create a configuration file. -TIMEZONE=`cat /etc/timezone` -instanceid=oc$(echo $PRIMARY_HOSTNAME | sha1sum | fold -w 10 | head -n 1) -cat - > /usr/local/lib/owncloud/config/config.php < /usr/local/lib/owncloud/config/config.php < '$STORAGE_ROOT/owncloud', @@ -63,9 +66,11 @@ cat - > /usr/local/lib/owncloud/config/config.php < EOF -# Create an auto-configuration file to fill in database settings. -adminpassword=$(dd if=/dev/random bs=40 count=1 2>/dev/null | sha1sum | fold -w 30 | head -n 1) -cat - > /usr/local/lib/owncloud/config/autoconfig.php </dev/null | sha1sum | fold -w 30 | head -n 1) + cat - > /usr/local/lib/owncloud/config/autoconfig.php < /usr/local/lib/owncloud/config/autoconfig.php < EOF -# Set permissions -mkdir -p $STORAGE_ROOT/owncloud -chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud + # Create user data directory and set permissions + mkdir -p $STORAGE_ROOT/owncloud + chown -R www-data.www-data $STORAGE_ROOT/owncloud /usr/local/lib/owncloud -# Execute ownCloud's setup step, which creates the ownCloud sqlite database. -# It also wipes it if it exists. And it deletes the autoconfig.php file. -(cd /usr/local/lib/owncloud; sudo -u www-data php /usr/local/lib/owncloud/index.php;) + # Execute ownCloud's setup step, which creates the ownCloud sqlite database. + # It also wipes it if it exists. And it deletes the autoconfig.php file. + (cd /usr/local/lib/owncloud; sudo -u www-data php /usr/local/lib/owncloud/index.php;) +fi # Enable/disable apps. Note that this must be done after the ownCloud setup. # The firstrunwizard gave Josh all sorts of problems, so disabling that. From ae1e69a5e38b62ad6bea859f6c5a51b5ce39782a Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 16 Aug 2014 12:59:29 +0000 Subject: [PATCH 62/63] ownCloud: code a way to add admins from our users table, but dont use it --- setup/owncloud.sh | 7 +++++++ tools/mail.py | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 4f01141b..07085ddf 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -114,6 +114,13 @@ tools/editconf.py /etc/php5/fpm/php.ini -c ';' \ # TODO: somehow change the cron option in ownClouds config, not exposed afaik? (crontab -u www-data -l; echo "*/15 * * * * php -f /usr/local/lib/owncloud/cron.php" ) | crontab -u www-data - +## Ensure all system admins are ownCloud admins. +## Actually we don't do this. There's nothing much of interest that the user could +## change from the ownCloud admin, and there's a lot they could mess up. +#for user in $(tools/mail.py user admins); do +# sqlite3 $STORAGE_ROOT/owncloud/owncloud.db "INSERT OR IGNORE INTO oc_group_user VALUES ('admin', '$user')" +#done + # Finished. php5enmod imap restart_service php5-fpm diff --git a/tools/mail.py b/tools/mail.py index ab54b750..ce2d3e46 100755 --- a/tools/mail.py +++ b/tools/mail.py @@ -51,6 +51,7 @@ if len(sys.argv) < 2: print(" tools/mail.py user remove user@domain.com") print(" tools/mail.py user make-admin user@domain.com") print(" tools/mail.py user remove-admin user@domain.com") + print(" tools/mail.py user admins (lists admins)") print(" tools/mail.py alias (lists aliases)") print(" tools/mail.py alias add incoming.name@domain.com sent.to@other.domain.com") print(" tools/mail.py alias remove incoming.name@domain.com") @@ -92,6 +93,13 @@ elif sys.argv[1] == "user" and sys.argv[2] in ("make-admin", "remove-admin") and action = "remove" print(mgmt("/mail/users/privileges/" + action, { "email": sys.argv[3], "privilege": "admin" })) +elif sys.argv[1] == "user" and sys.argv[2] == "admins": + # Dump a list of admin users. + users = mgmt("/mail/users?format=json", is_json=True) + for user in users: + if "admin" in user['privileges']: + print(user['email']) + elif sys.argv[1] == "alias" and len(sys.argv) == 2: print(mgmt("/mail/aliases")) From bbd35f49067f4e477600bbefbc63720a3df30bdc Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Sat, 16 Aug 2014 13:00:36 +0000 Subject: [PATCH 63/63] ownCloud: do cron the same way we do the others --- setup/owncloud.sh | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/setup/owncloud.sh b/setup/owncloud.sh index 07085ddf..7b63034a 100755 --- a/setup/owncloud.sh +++ b/setup/owncloud.sh @@ -110,9 +110,13 @@ tools/editconf.py /etc/php5/fpm/php.ini -c ';' \ max_execution_time=600 \ short_open_tag=On -# Use Crontab instead of AJAX/webcron in ownCloud -# TODO: somehow change the cron option in ownClouds config, not exposed afaik? -(crontab -u www-data -l; echo "*/15 * * * * php -f /usr/local/lib/owncloud/cron.php" ) | crontab -u www-data - +# Set up a cron job for owncloud. +cat > /etc/cron.hourly/mailinabox-owncloud << EOF; +#!/bin/bash +# Mail-in-a-Box +sudo -u www-data php -f /usr/local/lib/owncloud/cron.php +EOF +chmod +x /etc/cron.hourly/mailinabox-owncloud ## Ensure all system admins are ownCloud admins. ## Actually we don't do this. There's nothing much of interest that the user could