AppSuite:Open-Xchange Installation Guide for Amazon Linux 2
Open-Xchange App Suite on Amazon Linux 2
This article will guide you through the installation of OX App Suite, it describes the basic configuration and software requirements. As it is intended as a quick walk-through it assumes an existing installation of the operating system and requires average system administration skills. More, this guide will show you how to setup a basic installation with none of the typically used distributed environment settings. The objective of this guide is:
- To setup a single server installation
- To setup a database for a single database service, no replication
- To setup a single Open-Xchange instance, no cluster
- To provide a basic configuration setup, no mailserver configuration
- Plain installed AL2 with latest updates
- A configured internet connection
httpd- Apache web server
- A supported Java Virtual Machine (learn more)
Now as the Open-Xchange Server has been set up and the database is running, we have to configure the Apache webserver and the mod_proxy_http module to access the groupware frontend. To gain better GUI performance, the usage of mod_expires and mod_deflate is strongly recommended. Those modules will limit the amount of client requests and compress the delivered content.
The default installation of the Apache webserver on Amazon Linux 2 provides a welcome screen which is not necessary for server operation, it can be removed by deleting the corresponding configuration file:
$ rm /etc/httpd/conf.d/welcome.conf
Configure the mod_proxy_http module by creating a new Apache configuration file.
$ vim /etc/httpd/conf.d/proxy_http.conf
LoadModule proxy_http_module modules/mod_proxy_http.so <IfModule mod_proxy_http.c> ProxyRequests Off ProxyStatus On # When enabled, this option will pass the Host: line from the incoming request to the proxied host. ProxyPreserveHost On # Please note that the servlet path to the soap API has changed: <Location /webservices> # restrict access to the soap provisioning API Order Deny,Allow Deny from all Allow from 127.0.0.1 # you might add more ip addresses / networks here # Allow from 192.168 10 172.16 </Location> # The old path is kept for compatibility reasons <Location /servlet/axis2/services> Order Deny,Allow Deny from all Allow from 127.0.0.1 </Location> # Enable the balancer manager mentioned in # https://oxpedia.org/wiki/index.php?title=AppSuite:Running_a_cluster#Updating_a_Cluster <IfModule mod_status.c> <Location /balancer-manager> SetHandler balancer-manager Order Deny,Allow Deny from all Allow from 127.0.0.1 </Location> </IfModule> <Proxy balancer://oxcluster> Order deny,allow Allow from all # multiple server setups need to have the hostname inserted instead localhost BalancerMember http://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1 # Enable and maybe add additional hosts running OX here # BalancerMember http://oxhost2:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2 ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On SetEnv proxy-initial-not-pooled SetEnv proxy-sendchunked </Proxy> # The standalone documentconverter(s) within your setup (if installed) # Make sure to restrict access to backends only # See: http://httpd.apache.org/docs/$YOUR_VERSION/mod/mod_authz_host.html#allow for more infos #<Proxy balancer://oxcluster_docs> # Order Deny,Allow # Deny from all # Allow from backend1IP # BalancerMember http://converter_host:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 keepalive=On route=APP3 # ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On # SetEnv proxy-initial-not-pooled # SetEnv proxy-sendchunked #</Proxy> # Define another Proxy Container with different timeout for the sync clients. Microsoft recommends a minimum value of 15 minutes. # Setting the value lower than the one defined as com.openexchange.usm.eas.ping.max_heartbeat in eas.properties will lead to connection # timeouts for clients. See http://support.microsoft.com/?kbid=905013 for additional information. # # NOTE for Apache versions < 2.4: # When using a single node system or using BalancerMembers that are assigned to other balancers please add a second hostname for that # BalancerMember's IP so Apache can treat it as additional BalancerMember with a different timeout. # # Example from /etc/hosts: 127.0.0.1 localhost localhost_sync # # Alternatively select one or more hosts of your cluster to be restricted to handle only eas/usm requests <Proxy balancer://eas_oxcluster> Order deny,allow Allow from all # multiple server setups need to have the hostname inserted instead localhost BalancerMember http://localhost_sync:8009 timeout=1900 smax=0 ttl=60 retry=60 loadfactor=50 route=APP1 # Enable and maybe add additional hosts running OX here # BalancerMember http://oxhost2:8009 timeout=1900 smax=0 ttl=60 retry=60 loadfactor=50 route=APP2 ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On SetEnv proxy-initial-not-pooled SetEnv proxy-sendchunked </Proxy> # When specifying additional mappings via the ProxyPass directive be aware that the first matching rule wins. Overlapping urls of # mappings have to be ordered from longest URL to shortest URL. # # Example: # ProxyPass /ajax balancer://oxcluster_with_100s_timeout/ajax # ProxyPass /ajax/test balancer://oxcluster_with_200s_timeout/ajax/test # # Requests to /ajax/test would have a timeout of 100s instead of 200s # # See: # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass Ordering ProxyPass Directives # - http://httpd.apache.org/docs/current/mod/mod_proxy.html#workers Worker Sharing ProxyPass /ajax balancer://oxcluster/ajax ProxyPass /appsuite/api balancer://oxcluster/ajax ProxyPass /drive balancer://oxcluster/drive ProxyPass /infostore balancer://oxcluster/infostore ProxyPass /realtime balancer://oxcluster/realtime ProxyPass /servlet balancer://oxcluster/servlet ProxyPass /webservices balancer://oxcluster/webservices #ProxyPass /documentconverterws balancer://oxcluster_docs/documentconverterws ProxyPass /usm-json balancer://eas_oxcluster/usm-json ProxyPass /Microsoft-Server-ActiveSync balancer://eas_oxcluster/Microsoft-Server-ActiveSync </IfModule>
Modify the default website settings to display the Open-Xchange GUI
$ vim /etc/httpd/conf.d/ox.conf
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html <Directory /var/www/html> Options -Indexes +FollowSymLinks +MultiViews AllowOverride None Order allow,deny allow from all RedirectMatch ^/$ /appsuite/ </Directory> <Directory /var/www/html/appsuite> Options None +SymLinksIfOwnerMatch AllowOverride Indexes FileInfo </Directory> </VirtualHost>
If you want to secure your Apache setup via HTTPS (which is highly recommended) or if you have proxies in front of your Apache please follow the instructions at:
to properly instruct the backend about the security status of the connection and the remote IP used to contact the backend.
After the configuration is done, restart the Apache webserver
$ systemctl start httpd
Apache Setting for more concurrent Connections
By default apache2 is configured to support 150 concurrent connections. This forces all parallel requests beyond that limit to wait. Especially if, for example, active sync clients maintain a permanent connection for push events to arrive. The following article explains how that can be done
Adding services to runlevels
The new services are now installed and configured, but to make them start up on a server boot, they need to be added to some runlevels:
$ systemctl enable mariadb $ systemctl enable httpd $ systemctl enable open-xchange
Creating contexts and users
Now as the whole setup is complete and you already should get a login screen when accessing the server with a webbrowser, we have to setup a context and a default user as the last step of this tutorial.
The mapping defaultcontext will allow you to set this context as the default one of the entire system so that users which will be created within this context can login into Open-Xchange Server without specifying their domain at the login screen. Only one context can be specified as defaultcontext. The oxadmin user that will be created by this command is the default admin of the created context. This account will gather additional functions that are also described in the administration manual. The context id parameter must to be unique and numeric, otherwise the server will complain when you try to create a context. New contexts must be created by the oxadminmaster user, user accounts inside a context are created with the credentials of the contexts oxadmin account. The access-combination-name property defines the set of available modules and functions for users of the context.
$ /opt/open-xchange/sbin/createcontext -A oxadminmaster -P admin_master_password -c 1 \ -u oxadmin -d "Context Admin" -g Admin -s User -p admin_password -L defaultcontext \ -e firstname.lastname@example.org -q 1024 --access-combination-name=groupware_standard
To create a user for testing purposes (Make sure the password you use here for the user is the same password as your email account or you will not be able to use the email module until it is set right):
$ /opt/open-xchange/sbin/createuser -c 1 -A oxadmin -P admin_password -u testuser \ -d "Test User" -g Test -s User -p secret -e email@example.com \ --imaplogin testuser --imapserver 127.0.0.1 --smtpserver 127.0.0.1
Now connect to the server with a webbrowser and login using the credentials testuser / secret.
A complete overview about the different parameter is provided at the permission matrix
If you need to migrate a batch of users and contexts at once, check the CSV Batch Import documentation page.
Log files and issue tracking
Default logging mechanism
Whenever unexpected or erroneous behavior takes place, it will be logged depending on the configured loglevel. All logfiles are stored at the operating systems default location. Events triggered by the Open-Xchange Groupware services are logged to a rotating file open-xchange.log.0. Those files are the very first place to monitor.
$ tail -f -n200 /var/log/open-xchange/open-xchange.log.0
Alternative logging mechanisms
Apart from the default file logging mechanism, Open-Xchange supports logging via logback framework and therefore via syslog and/or logstash. This makes it possible to directly log to a local or remote syslog daemon or other services. Logback is highly customizable, please see the documentation below.