Kolab2 Integration with another running Apache2 server
From Kolab wiki
This is an howto on using another running Apache2 server in front of Kolab's server. This was tested on a Debian 4.0 running Apache 2.2.8 and Kolab 2.2rc3 (OpenPKG).
We supposed that we need to access to Kolab with a specific virtualhost (different to machine's hostname), and that Apache2 WEB servers are running on the same machine. In this howto, we will use these values :
Machine hostname: machine.domain1.com Access virtualhost: kolab.domain2.org Mail domain: domain2.org
Contents |
Configure Kolab's Apache server
Our servers are running on the same machine, so we must change Kolab's server ports. It's not necessary to keep SSL dialog between the local servers. In this howto, we only bind Kolab's server on port 81.
Deactivate SSL
In /kolab/etc/kolab/templates/httpd.conf.template, remove (or comment) all lines used for SSL configuration, it meens all lines containing :
SSLVerifyClient SSLCACertificateFile SSLSessionCache SSLSessionCacheTimeout SSLMutex SSLRandomSeed SSLRandomSeed SSLEngine SSLCipherSuite SSLCertificateFile SSLCertificateKeyFile SSLOptions SSLRequireSSL
Modify ports bindings
We only need to bind Kolab's server on port 81, so in /kolab/etc/kolab/templates/httpd.conf.template replace this
<VirtualHost _default_:443>
by that
<VirtualHost _default_:81>
and replace this
@@@if bind_any@@@ Listen 80 Listen 443 @@@else@@@ Listen @@@bind_addr@@@:80 Listen @@@bind_addr@@@:443 @@@endif@@@
by that
@@@if bind_any@@@ Listen 81 @@@else@@@ Listen @@@bind_addr@@@:81 @@@endif@@@
Reload configuration
We need to regenerate apache.conf and restart Apache2
#~ /kolab/sbin/kolabconf #~ /kolab/bin/openpkg rc apache restart
Configure front Apache2 server
Configure Apache2 modules
The module proxy_html is not installed by default with Apache2. Under Debian systems, install this module and its dependancies by using :
#~ apt-get install libapache2-mod-proxy-html libxml2
If not already done, enable all the needed modules for our configuration :
#~ a2enmod rewrite #~ a2enmod proxy #~ a2enmod proxy_http #~ a2enmod proxy_html #~ a2enmod ssl #~ a2enmod headers
We need to configure proxy_html to analyse some additional HTML tags. In /etc/apache2/mods-available/proxy_html.conf, we need to replace this
ProxyHTMLLinks input src usemap
by this
ProxyHTMLLinks input src usemap value
We need to support transitionnal HTML and XHTML, so at the end of this config file, uncomment these lines
ProxyHTMLLinks frame src longdesc ProxyHTMLLinks iframe src longdesc ProxyHTMLLinks body background ProxyHTMLLinks applet codebase
In /etc/apache2/mods-available/proxy_html.load, check that libxml2 is loaded at Apache2 startup
LoadFile /usr/lib/libxml2.so.2
Configure virtualhost to access to Kolab
Create /etc/apache2/sites-available/kolab.domain2.org and paste these lines :
<VirtualHost *:80>
ServerAdmin webmaster@domain2.org
ServerName kolab.domain2.org
# Logging configuration
CustomLog /var/log/apache2/kolab.domain2.org_access.log combined
ErrorLog /var/log/apache2/kolab.domain2.org_error.log
LogLevel warn
# Always redirect HTTP to HTTPS
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://kolab.domain2.org$1 [L,R]
ServerSignature On
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@domain2.org
ServerName kolab.domain2.org
# Logging configuration
CustomLog /var/log/apache2/kolab.domain2.org_access.ssl.log combined
ErrorLog /var/log/apache2/kolab.domain2.org_error.ssl.log
LogLevel warn
# Content filter declaration
# Note: If you want to use deflate module, see dedicated section (5. Annex)
SetOutputFilter proxy-html
# Proxy-HTTP configuration
ProxyPass / http://127.0.0.1:81/
ProxyPassReverse / http://127.0.0.1:81/
RequestHeader unset Accept-Encoding
# Proxy-HTML configuration
ProxyHTMLExtended On
ProxyHTMLDoctype XHTML Legacy
ProxyHTMLMeta On
ProxyHTMLURLMap http://127.0.0.1:81/ /
ProxyHTMLURLMap http%3A%2F%2F127.0.0.1%3A81%2F https%3A%2F%2Fkolab.domain2.org%2F
# Proxy permissions
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Rewrite configuration
# By default, if no location is specified, redirect to Horde
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^(.*)$ https://%{SERVER_NAME}/horde/ [L,R]
# SSL configuration
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /kolab/etc/kolab/cert.pem
SSLCertificateKeyFile /kolab/etc/kolab/key.pem
ServerSignature On
</VirtualHost>
You have to create a virtualhost for SSL in the default configuration. Edit /etc/apache2/sites-available/default and add these lines in *:80 and *:443 virtualhosts:
RewriteEngine On RewriteRule ^/freebusy/([^/]+)\.ifb https://kolab.domain2.org/freebusy/freebusy.php?uid=$1 [L,R] RewriteRule ^/freebusy/([^/]+)\.vfb https://kolab.domain2.org/freebusy/freebusy.php?uid=$1 [L,R] RewriteRule ^/freebusy/([^/]+)\.xfb https://kolab.domain2.org/freebusy/freebusy.php?uid=$1&extended=1 [L,R] RewriteRule ^/freebusy/trigger/(.+)\.pfb https://kolab.domain2.org/freebusy/pfb.php?folder=$1&cache=0 [L,R] RewriteRule ^/freebusy/(.+)\.pfb https://kolab.domain2.org/freebusy/pfb.php?folder=$1&cache=1 [L,R] RewriteRule ^/freebusy/(.+)\.pxfb https://kolab.domain2.org/freebusy/pfb.php?folder=$1&cache=1&extended=1 [L,R]
This configuration is needed in the default virtual host because Kolab is using 127.0.0.1 or its machine hostname (machine.domain1.com) to access Freebusy informations. When Kolab uses these URLs, virtual host that matches to the request in Apache2 is the default virtual host.
Enable Kolab's new virtualhost :
#~ a2ensite kolab.domain2.org
Then restart Apache2 :
#~ /etc/init.d/apache2 restart
Configure Kolab's cookies domains
In /kolab/etc/kolab/templates/fbview-horde-conf.template, replace this :
$conf['cookie']['domain'] = '@@@fqdnhostname@@@';
by that :
$conf['cookie']['domain'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
Then, in /kolab/etc/kolab/templates/horde-kolab-conf.template, replace this :
$conf['cookie']['domain'] = '@@@fqdnhostname@@@';
by that :
$conf['cookie']['domain'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
Finally, run kolabconf to apply modification :
/kolab/sbin/kolabconf
Configure Freebusy access
Integration with another Apache2 server makes some bugs appear with Freebusy. For example, the URL https://kolab.domain2.org/freebusy/someuseraccount@domain2.org.xfb returns a blank page. Some modifications are needed to access to Freebusy data.
Edit /kolab/lib/php/Kolab/Freebusy/Page.php, and find the line /* Ensure that the data doesn't get cached along the way */ (around line 570). Then add lines starting with the '+' symbol :
} else {
$send_content_disposition = false;
}
+ /* EDIT START */
+ $domain = ereg(".*@(.*)\.vfb", $content, $regs);
+ $domain = "kolab.".$regs[1];
+ $this->_vfb = str_replace("127.0.0.1", $domain, $this->_vfb);
+ /* EDIT END */
+
/* Ensure that the data doesn't get cached along the way */
As you can see, with this code your virtual host must start with kolab.. After that, the URL https://kolab.domain2.org/freebusy/someuseraccount@domain2.org.xfb shows (without carrier return):
BEGIN:VCALENDAR VERSION:2.0 PRODID:-//proko2//freebusy 1.0//EN METHOD:PUBLISH BEGIN:VFREEBUSY ORGANIZER;cn=Some USERACCOUNT:MAILTO:someuseraccount@domain2.org DTSTAMP:20080610T225216Z URL:http://kolab.domain2.org/freebusy/someuseraccount@domain2.org.xfb COMMENT:This is a dummy vfreebusy that indicates an empty calendar FREEBUSY:19700101T000000Z/19700101T000000Z END:VFREEBUSY END:VCALENDAR
Annex : How to use this configuration working with deflate Apache2 module
The deflate Apache2 module is use to compress text, HTML and XML data to reduce bandwith consumption. When you use it, the Apache2 output filter is set to DEFLATE. Kolab needs the 'proxy-html' output filter, but when SetOutputFilter is set to proxy-html in /etc/apache2/sites-available/kolab.domain2.org, it overrides DEFLATE. So proxy-html receives gzipped data and cannot do the specified HTML subsitutions. Here is the trick to use DEFLATE and proxy-html for kolab virtualhost.
In /etc/apache2/sites-available/kolab.domain2.org, remove the line :
SetOutputFilter proxy-html
Then, create the file /etc/apache2/conf.d/deflate.conf, and copy/paste these lines :
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml
DeflateBufferSize 16192
DeflateCompressionLevel 1
# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
BrowserMatch \bMSIE !no-gzip gzip-only-text/html
# Don't compress images
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|pdf|xls|doc)$ no-gzip dont-vary
<Location />
SetOutputFilter DEFLATE
</Location>
<Location /horde>
SetOutputFilter DEFLATE;proxy-html
</Location>
<Location /fbview>
SetOutputFilter DEFLATE;proxy-html
</Location>
<Location /freebusy>
SetOutputFilter DEFLATE;proxy-html
</Location>
# The following lines are used to configure an alternative log format to 'combined'
# Replace 'combined' with 'combined_with_deflate_ratio' to see compression ratio in your Apache2 log files
<IfModule log_config_module>
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" (%{ratio}n)" combined_with_deflate_ratio
</IfModule>
</IfModule>
The result is that Apache2 will uncompress gzipped data before calling proxy-html, only for Kolab services (HTML substitution is not needed for the admin section).
Multiple virtual hosts
If you want to create multiple Kolab virtual hosts, for example one per mail domain,
domain1.com => kolab.domain1.com domain2.org => kolab.domain2.org domain3.net => kolab.domain3.net
this configuration works. After having applied this howto to a domain, you just have to :
- Add your new mail domain on the Kolab Admin interface
- Duplicate
/etc/apache2/sites-available/kolab.domain2.org - Replace all the
domain2.orgwith your new mail domain - Enable the virtualhost with
a2ensite - Reload Apache2
