Raspberry Pi SOGo Groupware: Difference between revisions

From WickyWiki
← Older edit
 
Line 45: Line 45:


* You already have a root password set, so you can safely answer 'n'.
* You already have a root password set, so you can safely answer 'n'.
* Switch to unix_socket authentication [Y/n] n
* Change the root password? [Y/n] n
* Change the root password? [Y/n] n
* Remove anonymous users? [Y/n] Y
* Remove anonymous users? [Y/n] Y

Latest revision as of 10:14, 15 August 2024


Start

SOGo is a groupware server that allows you to share agenda and contacts with others within your own private network. There are good alternatives, however, SOGo proved to be relatively easy to setup, I like it and am using it for some time now.

SOGo nightly builds are freely available for the public but there are no binaries or configurations available for the ARM architecture as are needed for the Raspberry Pi. Therefore we need to compile, build and install the application manually and then solve some problems.

For additional settings see:

Changes SOGo 3.x, 4.x -> 5.x

Most changes have been incorporated in the instruction and are not explicitly included here.

Configuring with '--prefix=/usr/System' as with previous versions would result in an error so we will leave that out. 

 ./configure --with-gnustep --enable-debug --disable-strip --prefix=/usr/System

As a result many directory locations will have changed. For example the location of the service will be in a 'local' folder: 

 /usr/sbin/sogod -->  /usr/local/sbin/sogod

Libraries will be in: 

 /usr/lib/sogo/* -->  /usr/local/lib/sogo/*
  • The webserver configuration needs to modified according to these changed locations
  • The database from version 3.x to 4.x has some changes. See troubleshooting.

Preparation

Install MariaDB database

sudo apt install mariadb-server -y
sudo systemctl start mariadb
sudo systemctl enable mariadb
systemctl status mariadb
sudo mysql_secure_installation
  • You already have a root password set, so you can safely answer 'n'.
  • Switch to unix_socket authentication [Y/n] n
  • Change the root password? [Y/n] n
  • Remove anonymous users? [Y/n] Y
  • Disallow root login remotely? [Y/n] Y
  • Remove test database and access to it? [Y/n] Y
  • Reload privilege tables now? [Y/n] Y

Install Nginx webserver

sudo apt install nginx -y
sudo systemctl start nginx
sudo systemctl enable nginx
systemctl status nginx

SOGo download, compile, build and install

Download source-code

Get and extract source-code of SOPE and SOGo (the version used here is 5.8.2, March 23, 2023):

Look here: 

cd ~
wget https://packages.sogo.nu/sources/SOPE-5.8.2.tar.gz
tar -xvzf sope*.tar.gz
wget https://packages.sogo.nu/sources/SOGo-5.8.2.tar.gz
tar -xvzf sogo*.tar.gz
mv SOGo-* SOGo

SOPE: Install needed packages

# other
sudo apt-get install pkg-config
# the GNU Objective-C compiler (gcc-objc)
sudo apt-get install make gnustep-make gnustep-core-devel
# the libxml2 development headers
sudo apt-get install libxml2-dev libwbxml2-dev 
# the OpenLDAP development headers
sudo apt-get install libldap2-dev
# the OpenSSL development headers
sudo apt-get install libssl-dev 
# the PostgreSQL development headers
sudo apt-get install libpq-dev
# the MySql (MariaDB) development headers 
# sudo apt-cache search mysql | grep "dev"
sudo apt-get install libmariadbclient-dev-compat

SOPE: Compile and install

Compiling (make) will take up to 10 minutes, depending on the hardware and will show some warnings which we can hopefully ignore. 

cd ../sope
./configure --with-gnustep --enable-debug --disable-strip

sudo make uninstall
make clean
make
sudo make install

SOGo: Install additional needed packages

# the libmemcached development headers
sudo apt install -y libmemcached-dev
sudo apt install -y memcached
# the libcurl development headers
sudo apt install -y libcurl4-openssl-dev
# libsodium (encryption) development headers (added for SOGo 5.1)
sudo apt install -y libsodium-dev 
# libzip development headers (added for SOGo 5.1)
sudo apt install -y libzip-dev
#Yerases TNEF Stream Reader
sudo apt install -y libytnef0-dev

SOGo: Compile and install

Compiling (make) will take up to 5 minutes, depending on the hardware and will show quite some warnings which we can hopefully ignore. 

cd ../sogo
./configure --enable-debug --disable-strip

sudo make uninstall
make clean
make
sudo make install

Post installation

Note: if this is an upgrade everything should be ok, you can start the SOGo service to give it a try.

The install script silently fails to execute some tasks, probably because there are no specific instructions for the Raspbian OS and ARM architecture. The following statements are based on the install scripts and documentation:

Create user and group 'sogo'

#Create group
sudo addgroup sogo
#Add new user 'sogo' to group 'sogo' (error if user sogo exists)
sudo useradd -g sogo sogo
#Add existing user 'sogo' to group 'sogo'
sudo adduser sogo sogo

Copy some files to the right places

cd ~/SOGo
sudo install -D -m 644 Scripts/sogo-default /etc/default/sogo
sudo install -D -m 644 packaging/debian/sogo.overrides /usr/share/lintian/overrides/sogo	
sudo install -D -m 644 Apache/SOGo.conf /etc/apache2/conf-available/SOGo.conf
sudo install -D -m 644 Scripts/sogo.cron /etc/cron.d/sogo
sudo install -D -m 644 Scripts/logrotate /etc/logrotate.d/sogo
sudo install -d -m 750 /etc/sogo/
sudo install -D -m 640 Scripts/sogo.conf /etc/sogo/sogo.conf

Apply owner and group information

sudo mkdir /var/log/sogo
sudo mkdir /var/run/sogo
sudo chown -R sogo:sogo /var/run/sogo
sudo chown -R sogo:sogo /var/log/sogo
sudo chown -R sogo:sogo /etc/sogo
sudo chown -R sogo:sogo /usr/local/lib/GNUstep/SOGo

Provide the new location of the shared libraries

Create this file with one line of text: 

sudo nano /etc/ld.so.conf.d/sogo.conf
 /usr/local/lib/sogo

Reload the configuration: 

sudo ldconfig

SOGo database and sogo.conf settings

Go here: SOGo

Import sogo mariaDb database

sudo mysql -u root -p
sql> source /home/pi/sogo.sql

See: https://wjv.duckdns.org/mediawiki/index.php/MySQL#Restore_one_database

Install and start the service

For installation of the service we use and modify the file './SOGo/Scripts/sogo-systemd-redhat': 

cd ~/SOGo
sudo install -D -m 644 Scripts/sogo-systemd-redhat /lib/systemd/system/sogo.service
sudo systemctl daemon-reload
sudo systemctl enable sogo
sudo service sogo restart

Configure Nginx webserver

See also: 

cd /etc/nginx/sites-available/
sudo nano sogo
server
{
   listen      80 default;
   server_name 192.168.1.14;
   # redirect http to https
   rewrite     ^ https://$server_name$request_uri? permanent; 
}
server
{
   listen 443;
   server_name 192.168.1.14;
   root /usr/local/lib/GNUstep/SOGo/WebServerResources/; 
   ssl on;
   ssl_certificate /etc/nginx/ssl/server.cer;
   ssl_certificate_key /etc/nginx/ssl/server.key;
   # requirement to create new calendars in Thunderbird
   proxy_http_version 1.1;
   
   # Message size limit
   client_max_body_size 50m;
   client_body_buffer_size 128k;
   
   location = /
   {
	  rewrite ^ https://$server_name/SOGo; 
	  allow all; 
   }

   # For iOS 7
   location = /principals/
   {
	  rewrite ^ https://$server_name/SOGo/dav; 
	  allow all; 
   }
   location ^~/SOGo
   {
	  proxy_pass http://127.0.0.1:20000; 
	  proxy_redirect http://127.0.0.1:20000 default; 
	  # forward user's IP address 
	  proxy_set_header X-Real-IP $remote_addr; 
	  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
	  proxy_set_header Host $host; 
	  proxy_set_header x-webobjects-server-protocol HTTP/1.0; 
	  proxy_set_header x-webobjects-remote-host 127.0.0.1; 
	  proxy_set_header x-webobjects-server-name $server_name; 
	  proxy_set_header x-webobjects-server-url $scheme://$host; 
	  proxy_set_header x-webobjects-server-port $server_port; 
	  proxy_connect_timeout 90;
	  proxy_send_timeout 90;
	  proxy_read_timeout 90;
	  proxy_buffer_size 4k;
	  proxy_buffers 4 32k;
	  proxy_busy_buffers_size 64k;
	  proxy_temp_file_write_size 64k;
	  break;
   }
   location /SOGo.woa/WebServerResources/
   {
	  alias /usr/local/lib/GNUstep/SOGo/WebServerResources/;
	  allow all;
	  expires max;
   }

   location /SOGo/WebServerResources/
   {
	  alias /usr/local/lib/GNUstep/SOGo/WebServerResources/; 
	  allow all;
	  expires max;
   }

   location (^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$)
   {
	  alias /usr/local/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
	  expires max;
   }

   location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$)
   {
	  alias /usr/local/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
	  expires max;
   }
  }

Enable site: 

sudo ln -s /etc/nginx/sites-available/sogo /etc/nginx/sites-enabled/

Test and start: 

sudo nginx -t
sudo systemctl restart nginx

Cleanup

Remove development packages: 

sudo apt purge -y --auto-remove pkg-config make gnustep-make gnustep-core-devel libxml2-dev libwbxml2-dev 
sudo apt purge -y --auto-remove libldap2-dev libssl-dev libpq-dev libmariadbclient-dev-compat
sudo apt purge -y --auto-remove libmemcached-dev libcurl4-openssl-dev libsodium-dev libzip-dev libytnef0-dev
sudo apt autoremove --purge

Add required libraries (removed as dependencies of the above): 

sudo apt install -y gnustep-base-runtime memcached libmemcached11 libzip4 libytnef0

Troubleshooting

During make of SOGo we get this error /usr/bin/ld: cannot find -lSOGo

This was caused by a missing library, earlier in the log we could find an other error: 

 error: /usr/bin/ld: cannot find -lytnef

This expects there to be a file "libytnef.so" .

A bit of research leads to ytnef-tools, we need the development package: 

#Yerases TNEF Stream Reader
sudo apt-get install libytnef0-dev

Failed to acquire channel for URL: mysql://sogo

You need a sogo database and a sogo database user.

ExecutionFailed REASON:Unknown column c_hascertificate

You need to upgrade the database from 3.x to 4.x. 

sudo /home/pi/SOGo/Scripts/sql-update-3.2.10_to_4.0.0-mysql.sh

Provide the sogo database user and password.

No such file or directory /var/run/sogo/sogo.pid

In my case the directory /var/run/sogo is an in-memory folder (tmpfs), it is gone after reboot resulting in the above error. This might be fixed in later editions, for now we will edit systemd sogo.service file to create the directory at startup of the sogo service.

In this script 'mkdir' is allowed to fail (directory exists), by prefixing it with '-'. The option 'PermissionsStartOnly=true' is added to execute the 'ExecStartPre' commands as root. The 'ExecStart' command will still be executed as the configured user ('sogo').

Note: we also lowered PREFORK from 3 to 2 here.

More info: 

sudo nano /lib/systemd/system/sogo.service
[Unit]
Description=SOGo groupware server
After=network.target
After=mariadb.service

[Service]
Type=forking
User=sogo
Environment="PREFORK=2"
EnvironmentFile=-/etc/sysconfig/sogo
# Create /var/run/sogo, as root and ignore mkdir error
PermissionsStartOnly=true
# exec with prefix - to ignore errors
ExecStartPre=-/bin/mkdir -p /var/run/sogo
ExecStartPre=/bin/chown -R sogo:sogo /var/run/sogo
# Start sogo
ExecStart=/usr/local/sbin/sogod -WOWorkersCount ${PREFORK} -WOPidFile /var/run/sogo/sogo.pid -WOLogFile /var/log/so$
PIDFile=/var/run/sogo/sogo.pid

[Install]
WantedBy=multi-user.target

Restart the service: 

sudo systemctl daemon-reload
sudo systemctl restart sogo
sudo systemctl status sogo

Access denied /etc/sogo/sogo.conf

This file needs to be readable by user 'sogo', but not by others. If you edit this file as root you might need to reapply owner and group: 

sudo chown -R sogo:sogo /etc/sogo

An error occurred when caching value for key

an error occurred when caching value for key ... SERVER HAS FAILED AND IS DISABLED UNTIL TIMED RETRY

Make sure is installed: 

sudo apt install memcached

The setting of SOGoMemcachedHost is "localhost" by default and may be the problem, fix this by configuring: 

sudo nano /etc/sogo/sogo.conf
 ..
 SOGoMemcachedHost = "127.0.0.1";
 ..

Restart: 

sudo service sogo restart


Webinterface session lost after exactly five minutes

More info:

It seems that "Cache Cleanup" (by default every 300 seconds) leads to the end of the session. This is a workaround to give you somewhat more time. You might need better solution if you have more users and activity. 

sudo nano /etc/sogo/sogo.conf
 ..
 SOGoCacheCleanupInterval = 3600.0;
 ..

Restart: 

sudo service sogo restart

Login failed (1)

tail -60 /var/log/sogo/sogo.log
  • ERROR GCSSessionsFolder GCSSessionsFolder writeRecordForEntryWithID:value:creationDate:lastSeenDate cannot write record MySQL4Exception NAME ExecutionFailed REASON Data too long for column 'c_value'
  • SOGoRootPage Login from for user might not have worked password policy 65535

It has something to do with increased cookie size.

Drop this table, it will be recreated: 

sudo mysql -u root -p
sql> use sogo
sql> drop table sogo_sessions_folder
sql> exit

Make sure there is enough buffer in de webserver proxy: 

sudo nano /etc/nginx/sites-available/raspberrypi*
 ...
 proxy_buffer_size          128k;
 proxy_buffers              4 256k;
 proxy_busy_buffers_size    256k;
 proxy_temp_file_write_size 256k;
 ...

Login failed (2)

In /var/log/sogo/sogo.log:

  • ERROR SOGoUserManager addressbook source 'directory' has no displayname

We need to provide a displayName: 

sudo nano /etc/sogo/sogo.conf

  ...
  SOGoUserSources = (     
  	...
  	displayName = "Global Address Book";
  	...
  	)
  ...

Logging

SOGo service status: 

service sogo status

Config files: 

sudo ls -l /etc/sogo

SOGo log: 

sudo tail -20 /var/log/sogo/sogo.log

Apache2 modules (not updated)

Make sure you have enabled all necessary modules. 

sudo a2enmod headers
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod headers
sudo a2enmod rewrite
sudo a2enmod ssl

If there is some sort of problem with the web service it could pay off to temporary increase the log level. For example, with the Apache configuration file 'raspberrypi.conf': 

sudo nano /etc/apache2/sites-available/raspberrypi.conf
...
LogLevel debug
...
sudo service apache2 restart

More info:

Note that locations have changed from /usr/ to usr/local/

Retrieved from "https://wjv.duckdns.org/mediawiki/index.php?title=Raspberry_Pi_SOGo_Groupware&oldid=3707"