bashclub/zamba-lxc-toolbox
2
0
Fork 1
mirror of https://github.com/bashclub/zamba-lxc-toolbox.git synced 2025-11-04 00:02:26 +01:00
Code Issues Projects Releases Wiki Activity

Kopano-core_0.11

Browse Source
This commit is contained in:
DerFossibaer
2022-02-12 12:50:27 +01:00
parent 638621d16e
commit c1e483c1df
2 changed files with 192 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
conf/zamba.conf.example
View File

@@ -147,3 +147,15 @@ CMK_ADMIN_PW='Start!123'
# raw = completely free # raw = completely free
# free = limited version of the enterprise edition (25 hosts, 1 instance) # free = limited version of the enterprise edition (25 hosts, 1 instance)
CMK_EDITION=raw CMK_EDITION=raw
############### Kopano-Section ###############
# Define the FQDN of your Nextcloud server
KOPANO_FQDN="kopano.zmb.rocks"
# Defines the trusted reverse proxy, which will enable the detection of source ip to fail2ban
KOPANO_MAILGW="192.168.100.254"
# Kopano test- or subscription-key offerd from
# https://kopano.com/downloads-demo/?demo=Kopano+Groupware&headline=Packages&target=Debian+10
KOPANO_REPKEY="1234567890abcdefghijklmno"

181
src/kopano-core/install-service.sh
View File

@@ -84,11 +84,190 @@ apt update && apt full-upgrade -y
DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends kopano-server-packages kopano-webapp \ DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt install -y -qq --no-install-recommends kopano-server-packages kopano-webapp \
z-push-kopano z-push-config-nginx kopano-webapp-plugin-mdm kopano-webapp-plugin-files z-push-kopano z-push-config-nginx kopano-webapp-plugin-mdm kopano-webapp-plugin-files
#### Adjust kopano settings ####
cat > /etc/kopano/ldap.cfg << EOF
!include /usr/share/kopano/ldap.active-directory.cfg
ldap_uri = ldap://10.10.81.12:389
ldap_bind_user = cn=zmb-ldap,cn=Users,dc=zmb,dc=rocks
ldap_bind_passwd = Start123!
ldap_search_base = dc=zmb,dc=rocks
#ldap_user_search_filter = (kopanoAccount=1)
EOF
cat > /etc/kopano/server.cfg << EOF
server_listen = *:236
local_admin_users = root kopano
#database_engine = mysql
#mysql_host = localhost
#mysql_port = 3306
mysql_user = $MARIA_DB_USER
mysql_password = $MARIA_USER_PWD
mysql_database = $MARIA_DB_NAME
user_plugin = ldap
user_plugin_config = /etc/kopano/ldap.cfg
EOF
#### Adjust php settings ####
sed -i "s/define('LANG', 'en_US.UTF-8')/define('LANG', 'de_DE.UTF-8')/" /etc/kopano/webapp/config.php
cat > /etc/php/7.3/fpm/pool.d/webapp.conf << EOF
[webapp]
listen = 127.0.0.1:9002
user = www-data
group = www-data
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 150
pm.start_servers = 35
pm.min_spare_servers = 20
pm.max_spare_servers = 50
pm.max_requests = 200
listen.backlog = -1
request_terminate_timeout = 120s
rlimit_files = 131072
rlimit_core = unlimited
catch_workers_output = yes
EOF
sed -i "s/define('LANG', 'en_US.UTF-8')/define('LANG', 'de_DE.UTF-8')/" /etc/kopano/webapp/config.php
#### Adjust nginx settings #### #### Adjust nginx settings ####
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/kopano.key -out /etc/ssl/certs/kopano.crt -subj "/CN=$KOPANO_FQDN" -addext "subjectAltName=DNS:$KOPANO_FQDN" openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/kopano.key -out /etc/ssl/certs/kopano.crt -subj "/CN=$KOPANO_FQDN" -addext "subjectAltName=DNS:$KOPANO_FQDN"
openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096 openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak #mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
cat > /etc/nginx/sites-available/webapp.conf << EOF
upstream php-handler {
server 127.0.0.1:9002;
#server unix:/var/run/php5-fpm.sock;
#server unix:/var/run/php/php7.3-fpm.sock;
}
server{
listen 80;
charset utf-8;
listen [::]:80;
server_name _;
location / {
rewrite ^(.*) https://\$server_name\$1 permanent;
}
}
server {
charset utf-8;
listen 443;
listen [::]:443 ssl;
server_name _;
ssl on;
client_max_body_size 1024m;
ssl_certificate /etc/ssl/certs/kopano.crt;
ssl_certificate_key /etc/ssl/private/kopano.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_prefer_server_ciphers on;
#
# ssl_dhparam require you to create a dhparam.pem, this takes a long time
ssl_dhparam /etc/ssl/certs/dhparam.pem;
#
# add headers
server_tokens off;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
location /webapp {
alias /usr/share/kopano-webapp/;
index index.php;
location ~ /webapp/presence/ {
rewrite ^/webapp/presence(/.*)$ \$1 break;
proxy_pass http://localhost:1234;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
}
}
location ~* ^/webapp/(.+\.php)$ {
alias /usr/share/kopano-webapp/;
# deny access to .htaccess files
location ~ /\.ht {
deny all;
}
fastcgi_param PHP_VALUE "
register_globals=off
magic_quotes_gpc=off
magic_quotes_runtime=off
post_max_size=31M
upload_max_filesize=30M
";
fastcgi_param PHP_VALUE "post_max_size=31M
upload_max_filesize=30M
max_execution_time=3660
";
include fastcgi_params;
fastcgi_index index.php;
#fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME \$document_root\$1;
fastcgi_pass php-handler;
access_log /var/log/nginx/kopano-webapp-access.log;
error_log /var/log/nginx/kopano-webapp-error.log;
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
# All (static) resources set to 2 months expiration time.
location ~* \.(?:jpg|gif|png)\$ {
expires 2M;
access_log off;
add_header Cache-Control "public";
}
# enable gzip compression
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/xml text/css application/json;
gzip_vary on;
}
}
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
EOF
ln -s /etc/nginx/sites-available/webapp.conf /etc/nginx/sites-enabled/
systemctl restart nginx