Dovecot Baikal Z-Push: Difference between revisions
From fakedWiki
No edit summary |
m (5 revisions imported) |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
I'll assume you already have working Dovecot and Baikal setups running, so i'll skip those parts and go straight to the Z-Push configurations. | I'll assume you already have working Dovecot and Baikal setups running, so i'll skip those parts and go straight to the Z-Push configurations. | ||
= Webserver = | |||
My box runs Apache2 with FPM (don't ask...), which explains why my vHost config looks a bit different, but as long as you have a webserver with PHP support and some general understanding of how Rewrites and/or Aliases work, you should be able to get to the same result as me. | |||
When in doubt, consult the respective setup instructions. The following config only serves to explain my folder structure. | |||
== sites-available/push.faked.org.conf == | |||
<nowiki> | |||
<VirtualHost *:80> | |||
ServerName push.faked.org | |||
RewriteEngine On | |||
RewriteCond %{HTTPS} !=on | |||
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L] | |||
</VirtualHost> | |||
<IfModule mod_ssl.c> | |||
<VirtualHost *:443> | |||
ServerName push.faked.org | |||
ServerAdmin jan@faked.org | |||
SSLEngine on | |||
SSLCertificateFile /etc/ssl/local/wildcard.faked.org.cert | |||
SSLCertificateKeyFile /etc/ssl/private/wildcard.faked.org.key | |||
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 | |||
RewriteEngine On | |||
RewriteRule /.well-known/carddav /card.php [R,L] | |||
RewriteRule /.well-known/caldav /cal.php [R,L] | |||
RewriteRule .* - [E=HTTP_MS_ASPROTOCOLVERSION:%{HTTP:Ms-Asprotocolversion}] | |||
RewriteRule .* - [E=HTTP_X_MS_POLICYKEY:%{HTTP:X-Ms-Policykey}] | |||
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | |||
ProxyPassMatch ^(?i)/(.*\.php(/.*)?)$ fcgi://127.0.0.1:5080/srv/www/push.faked.org/baikal/html/$1 | |||
ProxyPassMatch ^(?i)/autodiscover/autodiscover.xml$ fcgi://127.0.0.1:5080/srv/www/push.faked.org/z-push/autodiscover/autodiscover.php | |||
ProxyPassMatch ^(?i)/microsoft-server-activesync$ fcgi://127.0.0.1:5080/srv/www/push.faked.org/z-push/index.php | |||
ProxyPassMatch ^(?i)/microsoft-server-activesync$ fcgi://127.0.0.1:5080/srv/www/push.faked.org/baikal/html/card.php | |||
<Directory /srv/www/push.faked.org/> | |||
Options -Indexes | |||
AllowOverride all | |||
Require all granted | |||
</Directory> | |||
DocumentRoot /srv/www/push.faked.org/baikal/html | |||
<Directory /> | |||
Options FollowSymLinks | |||
AllowOverride All | |||
</Directory> | |||
<Directory /srv/www/push.faked.org/baikal/html/> | |||
Options FollowSymLinks MultiViews | |||
AllowOverride All | |||
Require all granted | |||
</Directory> | |||
ErrorLog /var/log/apache2/error.log | |||
CustomLog /var/log/apache2/push-access.log combined | |||
</VirtualHost> | |||
</IfModule></nowiki> | |||
So as you can see, Z-Push is installed to '''/srv/www/push.faked.org/z-push''', and Baikal to '''/srv/www/push.faked.org/baikal''', with the DocumentRoot pointing to '''/srv/www/push.faked.org/baikal/html''' | |||
= Z-Push = | = Z-Push = | ||
Checkout the [https://github.com/fmbiete/Z-Push-contrib master branch] of Z-Push from Github and make sure that's it accessible on your webserver. Basically follow the provided installation instructions so that it's theoretically usable, maybe take it for a spin with just the IMAP backend. | Checkout the [https://github.com/fmbiete/Z-Push-contrib master branch] of Z-Push from Github and make sure that's it accessible on your webserver. Basically follow the provided installation instructions so that it's theoretically usable, maybe take it for a spin with just the IMAP backend. | ||
Below are only the settings i changed from their defaults, without comments. | |||
== config.php == | |||
I am using '''SQL''' for the State Machine, but '''FILE''' should work just as well. Ignore those SQL-related settings if you stick to the default. | |||
define('USE_FULLEMAIL_FOR_LOGIN', true); | |||
define('PRE_AUTHORIZE_USERS', true); | |||
define('PRE_AUTHORIZE_NEW_USERS', true); | |||
define('PRE_AUTHORIZE_NEW_DEVICES', true); | |||
define('STATE_MACHINE', 'SQL'); | |||
define('STATE_SQL_DSN', 'mysql:host=localhost;port=3306;dbname=z-push'); | |||
define('STATE_SQL_USER', 'z-push'); | |||
define('STATE_SQL_PASSWORD', '<password>'); | |||
define('LOGLEVEL', LOGLEVEL_WARN); | |||
define('LOGAUTHFAIL', true); | |||
define('LOOSE_PROVISIONING', true); | |||
define('BACKEND_PROVIDER', 'BackendCombined'); | |||
== backend/combined/config.php == | |||
SYNC_FOLDER_TYPE_TASK => 'c', | |||
SYNC_FOLDER_TYPE_APPOINTMENT => 'c', | |||
SYNC_FOLDER_TYPE_CONTACT => 'd', | |||
SYNC_FOLDER_TYPE_NOTE => 'c', | |||
SYNC_FOLDER_TYPE_JOURNAL => 'c', | |||
SYNC_FOLDER_TYPE_USER_APPOINTMENT => 'c', | |||
SYNC_FOLDER_TYPE_USER_CONTACT => 'd', | |||
SYNC_FOLDER_TYPE_USER_TASK => 'c', | |||
SYNC_FOLDER_TYPE_USER_JOURNAL => 'c', | |||
SYNC_FOLDER_TYPE_USER_NOTE => 'c', | |||
SYNC_FOLDER_TYPE_UNKNOWN => 'i', | |||
== backend/imap/config.php == | |||
define('IMAP_FOLDER_CONFIGURED', true); | |||
define('IMAP_FOLDER_SPAM', 'JUNK'); | |||
define('IMAP_INLINE_FORWARD', false); | |||
define('IMAP_EXCLUDED_FOLDERS', 'sieve'); | |||
define('IMAP_SMTP_METHOD', 'smtp'); | |||
$imap_smtp_params = array('host' => 'localhost', 'port' => 587, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password'); | |||
== backend/caldav/config.php == | |||
define('CALDAV_SERVER', 'https://push.faked.org'); | |||
define('CALDAV_PORT', '443'); | |||
define('CALDAV_PATH', '/cal.php/calendars/%u/'); | |||
define('CALDAV_PERSONAL', 'default'); | |||
== backend/carddav/config.php == | |||
define('CARDDAV_SERVER', 'push.faked.org'); | |||
define('CARDDAV_PATH', '/card.php/addressbooks/%u/'); | |||
define('CARDDAV_DEFAULT_PATH', '/card.php/addressbooks/%u/default/'); | |||
= Bonus ProTip = | |||
Z-Push comes with two administrative tools, '''z-push-admin.php''' and '''z-push-top.php'''. You need to run them on the CLI, so why not symlink them to ~/bin or /usr/local/bin (preferably without the .php extension). | |||
* z-push-top: gives you a top-like overview of what users/devices are currently connected, and what they are doing - VERY handy! | |||
* z-push-admin: allows you to (surprise!) perform administrative tasks per device, user or globally. Great for removing state data while testing, but be careful with that 'wipe' action. | |||
Latest revision as of 20:10, 26 August 2016
Introduction
I was asked by somebody if i could share my configuration for Z-Push, which i am using with Dovecot as the IMAP backend and Baikal Server (v0.2.7, NOT 2.0) as the CardDAV and CalDAV backend.
Some of these configuration settings may be deprecated or renamed in the future, as Z-Push is constantly being improved, but they work fine right now (May 2015), and should give you a general guide how to get it running yourself.
I'll assume you already have working Dovecot and Baikal setups running, so i'll skip those parts and go straight to the Z-Push configurations.
Webserver
My box runs Apache2 with FPM (don't ask...), which explains why my vHost config looks a bit different, but as long as you have a webserver with PHP support and some general understanding of how Rewrites and/or Aliases work, you should be able to get to the same result as me.
When in doubt, consult the respective setup instructions. The following config only serves to explain my folder structure.
sites-available/push.faked.org.conf
<VirtualHost *:80>
ServerName push.faked.org
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName push.faked.org
ServerAdmin jan@faked.org
SSLEngine on
SSLCertificateFile /etc/ssl/local/wildcard.faked.org.cert
SSLCertificateKeyFile /etc/ssl/private/wildcard.faked.org.key
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
RewriteEngine On
RewriteRule /.well-known/carddav /card.php [R,L]
RewriteRule /.well-known/caldav /cal.php [R,L]
RewriteRule .* - [E=HTTP_MS_ASPROTOCOLVERSION:%{HTTP:Ms-Asprotocolversion}]
RewriteRule .* - [E=HTTP_X_MS_POLICYKEY:%{HTTP:X-Ms-Policykey}]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
ProxyPassMatch ^(?i)/(.*\.php(/.*)?)$ fcgi://127.0.0.1:5080/srv/www/push.faked.org/baikal/html/$1
ProxyPassMatch ^(?i)/autodiscover/autodiscover.xml$ fcgi://127.0.0.1:5080/srv/www/push.faked.org/z-push/autodiscover/autodiscover.php
ProxyPassMatch ^(?i)/microsoft-server-activesync$ fcgi://127.0.0.1:5080/srv/www/push.faked.org/z-push/index.php
ProxyPassMatch ^(?i)/microsoft-server-activesync$ fcgi://127.0.0.1:5080/srv/www/push.faked.org/baikal/html/card.php
<Directory /srv/www/push.faked.org/>
Options -Indexes
AllowOverride all
Require all granted
</Directory>
DocumentRoot /srv/www/push.faked.org/baikal/html
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /srv/www/push.faked.org/baikal/html/>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/push-access.log combined
</VirtualHost>
</IfModule>
So as you can see, Z-Push is installed to /srv/www/push.faked.org/z-push, and Baikal to /srv/www/push.faked.org/baikal, with the DocumentRoot pointing to /srv/www/push.faked.org/baikal/html
Z-Push
Checkout the master branch of Z-Push from Github and make sure that's it accessible on your webserver. Basically follow the provided installation instructions so that it's theoretically usable, maybe take it for a spin with just the IMAP backend.
Below are only the settings i changed from their defaults, without comments.
config.php
I am using SQL for the State Machine, but FILE should work just as well. Ignore those SQL-related settings if you stick to the default.
define('USE_FULLEMAIL_FOR_LOGIN', true);
define('PRE_AUTHORIZE_USERS', true);
define('PRE_AUTHORIZE_NEW_USERS', true);
define('PRE_AUTHORIZE_NEW_DEVICES', true);
define('STATE_MACHINE', 'SQL');
define('STATE_SQL_DSN', 'mysql:host=localhost;port=3306;dbname=z-push');
define('STATE_SQL_USER', 'z-push');
define('STATE_SQL_PASSWORD', '<password>');
define('LOGLEVEL', LOGLEVEL_WARN);
define('LOGAUTHFAIL', true);
define('LOOSE_PROVISIONING', true);
define('BACKEND_PROVIDER', 'BackendCombined');
backend/combined/config.php
SYNC_FOLDER_TYPE_TASK => 'c', SYNC_FOLDER_TYPE_APPOINTMENT => 'c', SYNC_FOLDER_TYPE_CONTACT => 'd', SYNC_FOLDER_TYPE_NOTE => 'c', SYNC_FOLDER_TYPE_JOURNAL => 'c', SYNC_FOLDER_TYPE_USER_APPOINTMENT => 'c', SYNC_FOLDER_TYPE_USER_CONTACT => 'd', SYNC_FOLDER_TYPE_USER_TASK => 'c', SYNC_FOLDER_TYPE_USER_JOURNAL => 'c', SYNC_FOLDER_TYPE_USER_NOTE => 'c', SYNC_FOLDER_TYPE_UNKNOWN => 'i',
backend/imap/config.php
define('IMAP_FOLDER_CONFIGURED', true);
define('IMAP_FOLDER_SPAM', 'JUNK');
define('IMAP_INLINE_FORWARD', false);
define('IMAP_EXCLUDED_FOLDERS', 'sieve');
define('IMAP_SMTP_METHOD', 'smtp');
$imap_smtp_params = array('host' => 'localhost', 'port' => 587, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password');
backend/caldav/config.php
define('CALDAV_SERVER', 'https://push.faked.org');
define('CALDAV_PORT', '443');
define('CALDAV_PATH', '/cal.php/calendars/%u/');
define('CALDAV_PERSONAL', 'default');
backend/carddav/config.php
define('CARDDAV_SERVER', 'push.faked.org');
define('CARDDAV_PATH', '/card.php/addressbooks/%u/');
define('CARDDAV_DEFAULT_PATH', '/card.php/addressbooks/%u/default/');
Bonus ProTip
Z-Push comes with two administrative tools, z-push-admin.php and z-push-top.php. You need to run them on the CLI, so why not symlink them to ~/bin or /usr/local/bin (preferably without the .php extension).
- z-push-top: gives you a top-like overview of what users/devices are currently connected, and what they are doing - VERY handy!
- z-push-admin: allows you to (surprise!) perform administrative tasks per device, user or globally. Great for removing state data while testing, but be careful with that 'wipe' action.