Dovecot Baikal Z-Push

From fakedWiki
Jump to: navigation, search

Introduction

I was asked by somebody if i could share my configuration for Z-Push, which i am using with Dovecot as the IMAP backend and Baikal Server (v0.2.7, NOT 2.0) as the CardDAV and CalDAV backend.

Some of these configuration settings may be deprecated or renamed in the future, as Z-Push is constantly being improved, but they work fine right now (May 2015), and should give you a general guide how to get it running yourself.

I'll assume you already have working Dovecot and Baikal setups running, so i'll skip those parts and go straight to the Z-Push configurations.

Webserver

My box runs Apache2 with FPM (don't ask...), which explains why my vHost config looks a bit different, but as long as you have a webserver with PHP support and some general understanding of how Rewrites and/or Aliases work, you should be able to get to the same result as me.

When in doubt, consult the respective setup instructions. The following config only serves to explain my folder structure.

sites-available/push.faked.org.conf

<VirtualHost *:80>
  ServerName push.faked.org
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
  ServerName push.faked.org
  ServerAdmin jan@faked.org

  SSLEngine on
  SSLCertificateFile /etc/ssl/local/wildcard.faked.org.cert
  SSLCertificateKeyFile /etc/ssl/private/wildcard.faked.org.key
  SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2

  RewriteEngine On
  RewriteRule /.well-known/carddav /card.php [R,L]
  RewriteRule /.well-known/caldav /cal.php [R,L]

  RewriteRule .* - [E=HTTP_MS_ASPROTOCOLVERSION:%{HTTP:Ms-Asprotocolversion}]
  RewriteRule .* - [E=HTTP_X_MS_POLICYKEY:%{HTTP:X-Ms-Policykey}]
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

  ProxyPassMatch ^(?i)/(.*\.php(/.*)?)$ fcgi://127.0.0.1:5080/srv/www/push.faked.org/baikal/html/$1
  ProxyPassMatch ^(?i)/autodiscover/autodiscover.xml$ fcgi://127.0.0.1:5080/srv/www/push.faked.org/z-push/autodiscover/autodiscover.php
  ProxyPassMatch ^(?i)/microsoft-server-activesync$ fcgi://127.0.0.1:5080/srv/www/push.faked.org/z-push/index.php
  ProxyPassMatch ^(?i)/microsoft-server-activesync$ fcgi://127.0.0.1:5080/srv/www/push.faked.org/baikal/html/card.php

  <Directory /srv/www/push.faked.org/>
    Options -Indexes
    AllowOverride all
    Require all granted
  </Directory>

  DocumentRoot /srv/www/push.faked.org/baikal/html

  <Directory />
    Options FollowSymLinks
    AllowOverride All
  </Directory>
  <Directory /srv/www/push.faked.org/baikal/html/>
    Options FollowSymLinks MultiViews
    AllowOverride All
    Require all granted
  </Directory>

  ErrorLog /var/log/apache2/error.log
  CustomLog /var/log/apache2/push-access.log combined

</VirtualHost>
</IfModule>

So as you can see, Z-Push is installed to /srv/www/push.faked.org/z-push, and Baikal to /srv/www/push.faked.org/baikal, with the DocumentRoot pointing to /srv/www/push.faked.org/baikal/html

Z-Push

Checkout the master branch of Z-Push from Github and make sure that's it accessible on your webserver. Basically follow the provided installation instructions so that it's theoretically usable, maybe take it for a spin with just the IMAP backend.

Below are only the settings i changed from their defaults, without comments.

config.php

I am using SQL for the State Machine, but FILE should work just as well. Ignore those SQL-related settings if you stick to the default. 

define('USE_FULLEMAIL_FOR_LOGIN', true);
define('PRE_AUTHORIZE_USERS', true);
define('PRE_AUTHORIZE_NEW_USERS', true);
define('PRE_AUTHORIZE_NEW_DEVICES', true);
define('STATE_MACHINE', 'SQL');
define('STATE_SQL_DSN', 'mysql:host=localhost;port=3306;dbname=z-push');
define('STATE_SQL_USER', 'z-push');
define('STATE_SQL_PASSWORD', '<password>');
define('LOGLEVEL', LOGLEVEL_WARN);
define('LOGAUTHFAIL', true);
define('LOOSE_PROVISIONING', true);
define('BACKEND_PROVIDER', 'BackendCombined');

backend/combined/config.php

SYNC_FOLDER_TYPE_TASK => 'c',
SYNC_FOLDER_TYPE_APPOINTMENT => 'c',
SYNC_FOLDER_TYPE_CONTACT => 'd',
SYNC_FOLDER_TYPE_NOTE => 'c',
SYNC_FOLDER_TYPE_JOURNAL => 'c',
SYNC_FOLDER_TYPE_USER_APPOINTMENT => 'c',
SYNC_FOLDER_TYPE_USER_CONTACT => 'd',
SYNC_FOLDER_TYPE_USER_TASK => 'c',
SYNC_FOLDER_TYPE_USER_JOURNAL => 'c',
SYNC_FOLDER_TYPE_USER_NOTE => 'c',
SYNC_FOLDER_TYPE_UNKNOWN => 'i',

backend/imap/config.php

define('IMAP_FOLDER_CONFIGURED', true);
define('IMAP_FOLDER_SPAM', 'JUNK');
define('IMAP_INLINE_FORWARD', false);
define('IMAP_EXCLUDED_FOLDERS', 'sieve');
define('IMAP_SMTP_METHOD', 'smtp');
$imap_smtp_params = array('host' => 'localhost', 'port' => 587, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password');

backend/caldav/config.php

define('CALDAV_SERVER', 'https://push.faked.org');
define('CALDAV_PORT', '443');
define('CALDAV_PATH', '/cal.php/calendars/%u/');
define('CALDAV_PERSONAL', 'default');

backend/carddav/config.php

define('CARDDAV_SERVER', 'push.faked.org');
define('CARDDAV_PATH', '/card.php/addressbooks/%u/');
define('CARDDAV_DEFAULT_PATH', '/card.php/addressbooks/%u/default/');

Bonus ProTip

Z-Push comes with two administrative tools, z-push-admin.php and z-push-top.php. You need to run them on the CLI, so why not symlink them to ~/bin or /usr/local/bin (preferably without the .php extension).

  • z-push-top: gives you a top-like overview of what users/devices are currently connected, and what they are doing - VERY handy!
  • z-push-admin: allows you to (surprise!) perform administrative tasks per device, user or globally. Great for removing state data while testing, but be careful with that 'wipe' action.
Retrieved from "https://wiki.faked.org/index.php?title=Dovecot_Baikal_Z-Push&oldid=111"