aklwebhost.com<\/a><\/strong><\/span>\u00a0panel.<\/li>\n<\/ul>\nPreparing the server (VPS)<\/h3>\n
Start by deploying your aklwebhost.com server instance. I chose 1 GB VPS running CentOS 6, 32-bit. When the installation is finished, we prepare the server to become a mail server.<\/p>\n
In the “My Servers” screen of the server control panel, click on the “Manage” link next to your newly created server. On the page that opens, you can see the details for your server. Click on the IPv4 tab, then click the blue “Update” button. A text input field appears and it is pre-set with something like “.aklwebhost.com”. Replace that entry with the full domain name of your server (example: pegasus.example.com) and press the blue “Update” button.<\/p>\n
Now it’s time to log into the new server. Open your ssh terminal and connect to your server. Alternatively, you can click the blue “View Console” button to get browser window with the login screen of your server.<\/p>\n
ssh root@your_ip_address\r\n<\/code><\/pre>\nThe “your_ip_address<\/code>” part is the main IP address as listed in the server control panel. If you use the browser to connect to your server, then simply login as root with your root password.<\/p>\nFirst, we setup the correct domain name. Open the network configuration file.<\/p>\n
nano \/etc\/sysconfig\/network\r\n<\/code><\/pre>\nReplace “aklwebhost.guest” with the full domain name of your server (Example: pegasus.example.com). Save the file with\u00a0Ctrl + X<\/strong>, then\u00a0Y<\/strong>.<\/p>\nThe second spot we change is the\u00a0\/etc\/hosts<\/code>\u00a0file.<\/p>\nnano \/etc\/hosts\r\n<\/code><\/pre>\nAdd the following line. It can be at the top of the file or the second line.<\/p>\n
127.0.1.1 pegasus.example.com pegasus\r\n<\/code><\/pre>\nSave the file with\u00a0Ctrl + X<\/strong>, then\u00a0Y<\/strong>. I like to make sure that everything works after a reboot, so I reboot the VPS after those changes.<\/p>\nreboot\r\n<\/code><\/pre>\nGive the machine a moment to reboot, then connect again.<\/p>\n
ssh root@your_ip_address\r\n<\/code><\/pre>\nYaffas and Zarafa need the EPEL repository, which is already installed in the sources on aklwebhost.com servers. They need the RPMforge repository too. Issue the following command to install that repository.<\/p>\n
32-Bit Systems:<\/strong><\/p>\nrpm -Uvh http:\/\/packages.sw.be\/rpmforge-release\/rpmforge-release-0.5.2-2.el6.rf.i686.rpm\r\n<\/code><\/pre>\n64-Bit Systems:<\/strong><\/p>\nrpm -Uvh http:\/\/packages.sw.be\/rpmforge-release\/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm\r\n<\/code><\/pre>\nNext, we add the Yaffas repository.<\/p>\n
nano \/etc\/yum.repos.d\/yaffas.repo\r\n<\/code><\/pre>\nPaste the following text into the newly created file:<\/p>\n
[yaffas]\r\nname = yaffas $releasever\r\nbaseurl = http:\/\/repo.yaffas.org\/releases\/latest\/rhel\/$releasever\r\nenabled = 1\r\nprotect = 0\r\ngpgcheck = 1\r\npriority = 1\r\n<\/code><\/pre>\nSave the file with\u00a0Ctrl + X<\/strong>, then\u00a0Y<\/strong>.<\/p>\nTo avoid compatibility issues, we need to exclude some items from the EPEL repository. Open the repository file.<\/p>\n
nano \/etc\/yum.repos.d\/epel.repo\r\n<\/code><\/pre>\nThen in the\u00a0[epel]<\/code>\u00a0section, right below the “gpgkey” line, enter the following.<\/p>\nexclude=clamav* clamd* amavisd* libvmime libical libvmime-devel libical-devel php-mapi zarafa*\r\n<\/code><\/pre>\nThe complete section will look like this:<\/p>\n
[epel]\r\nname=Extra Packages for Enterprise Linux 6 - $basearch\r\n#baseurl=http:\/\/download.fedoraproject.org\/pub\/epel\/6\/$basearch\r\nmirrorlist=https:\/\/mirrors.fedoraproject.org\/metalink?repo=epel-6&arch=$basearch\r\nfailovermethod=priority\r\nenabled=1 \r\ngpgcheck=1\r\ngpgkey=file:\/\/\/etc\/pki\/rpm-gpg\/RPM-GPG-KEY-EPEL-6\r\nexclude=clamav* clamd* amavisd* libvmime libical libvmime-devel libical-devel php-mapi zarafa*\r\n<\/code><\/pre>\nSave the file with\u00a0Ctrl + X<\/strong>, then\u00a0Y<\/strong>.<\/p>\nImport the GPG key for the Yaffas repository:<\/p>\n
rpm --import http:\/\/repo.yaffas.org\/repo.rpm.key\r\n<\/code><\/pre>\nNow, let’s clean up yum.<\/p>\n
yum clean all\r\n<\/code><\/pre>\nAt this point, we should be all set for the Yaffas installation. Install it by simply entering this command.<\/p>\n
yum install yaffas\r\n<\/code><\/pre>\nYum will check the dependencies and give you a summary.<\/p>\n
Install 359 Package(s)\r\n\r\nTotal download size: 260 M\r\nInstalled size: 639 M\r\nIs this ok [y\/N]:\r\n<\/code><\/pre>\nPress\u00a0Y<\/strong>, then\u00a0Enter\/Return<\/strong>\u00a0to start the installation.<\/p>\nInstallation will take a while, so treat yourself to a coffee and cookie while waiting for the installation to finish.<\/p>\n
MySQL<\/h3>\n
Before we can start the final setup, we have to configure MySQL. Start MySQL and begin the secure setup.<\/p>\n
service mysqld restart\r\nmysql_secure_installation\r\n<\/code><\/pre>\nIn order to log into MySQL to secure it, we’ll need the current password for the root user. If you’ve just installed MySQL, and you haven’t set the root password yet, the password will be blank, so you should just press\u00a0Enter\/Return<\/strong>\u00a0here.<\/p>\nEnter current password for root (enter for none): **{press Enter\/Return}**\r\n\r\n[...]\r\n\r\nSetting the root password ensures that nobody can log into the MySQL\r\nroot user without the proper authorisation.\r\n\r\nSet root password? [Y\/n] **Y**\r\n\r\nNew password: **{enter super secret password}**\r\nRe-enter new password: **{enter super secret password again}**\r\n\r\nRemove anonymous user? [Y\/n] **Y**\r\n\r\nDisallow root login remotely? [Y\/n] **Y**\r\n\r\nRemove test database and access to it? [Y\/n] **Y**\r\n\r\nReload privilege tables now? [Y\/n] **Y**\r\n<\/code><\/pre>\nConfiguration<\/h3>\n
Open a web browser and go to the following URL.<\/p>\n
http:\/\/your_ip_address:10000\r\n\r\n#If you have a DNS entry already, use this instead.\r\nhttp:\/\/server.example.com:10000\r\n<\/code><\/pre>\nThe initial username is\u00a0admin<\/code>\u00a0with password\u00a0yaffas<\/code>.<\/p>\nAfter logging in, you will see the setup wizard. It has 5 steps. Press “Next” to start.<\/p>\n
The first step is to enter a new admin password. Enter the new password twice. Make sure it is complicated enough to be safe, but don’t forget it. Then click “Next”.<\/p>\n
The next screen configures the MySQL backend. The only thing that you need to enter is the password you created for the MySQL root user.<\/p>\n
On the 4th screen, setup your mail domain. Enter “example.com” in the primary mail domain field. This\u00a0must<\/strong>\u00a0be your own domain. Press “Next”.<\/p>\nI believe the 5th screen is optional, but just to be on the safe side, create a user account who will be the LDAP admin, then click “Finish”.<\/p>\n
It will take a while until the setup finishes. Once it completes, a popup appears that tells you everything was successful. Click the “OK” button. After a moment, you will see the login screen again. You can login as admin with the new password that you created during the setup.<\/p>\n
During the installation, some general self-signed certificates for the app are generated and installed. Personally, I prefer to have my own self-signed certificates to show the values that I entered and I also want to make sure that all requests are sent over HTTPS.<\/p>\n
Zarafa comes with a few scripts to generate your own certificates. These are of course self-signed certificates.<\/p>\n
Let’s make a home for the certificate authority.<\/p>\n
mkdir -p \/etc\/zarafa\/ssl\r\nchmod 700 \/etc\/zarafa\/ssl\r\ncd \/etc\/zarafa\/ssl\r\n<\/code><\/pre>\n… then run the script:<\/p>\n
sh \/usr\/share\/doc\/zarafa\/ssl-certificates.sh server\r\n<\/code><\/pre>\nThe parameter “server” means the certificate we create will be called\u00a0server.pem<\/code>.<\/p>\nYou will be greeted with the following message.<\/p>\n
No Certificate Authority Root found in current directory.\r\nPress enter to create, or ctrl-c to exit.\r\n<\/code><\/pre>\nPress\u00a0Enter<\/strong>\u00a0or\u00a0Return<\/strong>.<\/p>\nThe next message that appears is:<\/p>\n
CA certificate filename (or enter to create)\r\n<\/code><\/pre>\nPress\u00a0Enter<\/strong>\u00a0or\u00a0Return<\/strong>\u00a0to continue and create the CA Certificate.<\/p>\nAfter a little activity on the screen, you will get a prompt to enter the PEM passphrase. Enter any passphrase for the CA certificate, but make sure that you don’t forget it, as you will need it later. For simplicity’s sake, let’s assume we chose the passphrase “ca-root-pem”.<\/p>\n
Answer the questions to generate the certificate. The answers here are my examples, so replace them with the correct values for yourself.<\/p>\n
Country Name (2 letter code) [XX]: **MY**\r\nState or Province Name (full name) []:**Selangor**\r\nLocality Name (eg, city) [Default City]: **Shah Alam**\r\nOrganization Name (eg, company) [Default Company Ltd]: **ELMIMA-Systems**\r\nOrganizational Unit Name (eg, section) []: **Certificate Authority**\r\nCommon Name (eg, your name or your server's hostname) []:**server.example.com** **Must be the full domain name of your server**\r\nEmail Address []: **admin@example.com**\r\n\r\nPlease enter the following 'extra' attributes\r\nto be sent with your certificate request\r\nA challenge password []: **Enter\/Return**\r\nAn optional company name []: **Enter\/Return**\r\n<\/code><\/pre>\nNext, it will ask you for the passphrase of the\u00a0cakey.pem<\/code>\u00a0file. This is the passphrase that you created earlier.<\/p>\nEnter pass phrase for \/etc\/pki\/CA\/private\/.\/cakey.pem:ca-root-pem\r\n<\/code><\/pre>\nYou will see a little activity on the screen, then it will prompt you for a PEM passphrase. This is the passphrase for the\u00a0server.pem<\/code>\u00a0file we created. Enter anything that you would like, but make sure that you don’t forget it. For simplicity we will use “server-pem-phrase”.<\/p>\nEnter PEM pass phrase:**server-pem-phrase**\r\nVerifying - Enter PEM pass phrase:**server-pem-phrase**\r\n<\/code><\/pre>\nTime to enter the values for the\u00a0server.pem<\/code>\u00a0file.<\/p>\nCountry Name (2 letter code) [XX]: **MY**\r\nState or Province Name (full name) []:**Selangor **\r\nLocality Name (eg, city) [Default City]: **Shah Alam**\r\nOrganization Name (eg, company) [Default Company Ltd]: **ELMIMA-Systems**\r\nOrganizational Unit Name (eg, section) []: **Server SSL Certificate**\r\nCommon Name (eg, your name or your server's hostname) []: **server.example.com** **Must be the full domain name of your server**\r\nEmail Address []: admin@example.com\r\n\r\n\r\nPlease enter the following 'extra' attributes\r\nto be sent with your certificate request\r\nA challenge password []: **Enter\/Return**\r\nAn optional company name []: **Enter\/Return**\r\n\r\nEnter pass phrase for \/etc\/pki\/CA\/private\/cakey.pem:ca-root-pem **Replace with your own passphrase**\r\n<\/code><\/pre>\nSome activity on the screen shows that the certificate is generated.<\/p>\n
Sign the certificate? [y\/n]:\r\n<\/code><\/pre>\nEnter\u00a0Y<\/strong>\u00a0and press\u00a0Enter\/Return<\/strong>.<\/p>\n1 out of 1 certificate requests certified, commit? [y\/n]\r\n<\/code><\/pre>\nEnter\u00a0Y<\/strong>\u00a0and press\u00a0Enter\/Return<\/strong>.<\/p>\nCreate public key from this certificate? [y]\r\n<\/code><\/pre>\nWe don’t really need it but I guess it doesn’t hurt to create it. Simply press\u00a0Enter\/Return<\/strong>.<\/p>\nEnter pass phrase for server.pem: **server-pem-phrase**\r\n<\/code><\/pre>\nNow it’s time to configure the\u00a0server.cfg<\/code>\u00a0file for Zarafa.<\/p>\nnano \/etc\/zarafa\/server\/cfg\r\n<\/code><\/pre>\nFind the entry\u00a0server_ssl_enabled<\/code><\/strong>\u00a0and change its value to “yes” (without the quotes).<\/p>\nFind the entry\u00a0server_ssl_port<\/code><\/strong>\u00a0and confirm that it is 237.<\/p>\nFind the entry\u00a0server_ssl_key_file<\/code><\/strong>\u00a0and set its value to “\/etc\/zarafa\/ssl\/server.pem<\/code>” (without the quotes).<\/p>\nCreate the entry\u00a0server_ssl_key_pass<\/code><\/strong>\u00a0use the passphrase that you created for the\u00a0server.pem<\/code>\u00a0file (example: server-pem-phrase) as its value.<\/p>\nFind the entry\u00a0server_ssl_ca_file<\/code><\/strong>. The original documentation for Zarafa assumes that the path is\u00a0\/etc\/zarafa\/ssl\/demoCA\/cacert.pem<\/code>, however on CentOS, the path is\u00a0\/etc\/pki\/CA\/cacert.pem<\/code>. Update this value accordingly.<\/p>\nserver_ssl_ca_file = \/etc\/pki\/CA\/cacert.pem\r\n<\/code><\/pre>\nRestart the Zarafa server.<\/p>\n
service zarafa restart\r\n<\/code><\/pre>\nLet’s generate the certificate for Apache.<\/p>\n
cd \/etc\/zarafa\/ssl\r\nopenssl req -nodes -newkey rsa:2048 -keyout zarafa-ssl.key -out zarafa-ssl.csr\r\n<\/code><\/pre>\nWe get another form to create a certificate.<\/p>\n
Country Name (2 letter code) [XX]: **MY **\r\nState or Province Name (full name) []: **Selangor**\r\nLocality Name (eg, city) [Default City]: **Shah Alam**\r\nOrganization Name (eg, company) [Default Company Ltd]: **ELMIMA-Systems**\r\nOrganizational Unit Name (eg, section) []: **Zarafa Web Services**\r\nCommon Name (eg, your name or your server's hostname) []: **server.example.com** **Must be the full domain name of your server**\r\nEmail Address []: **admin@example.com**\r\n<\/code><\/pre>\nThen, sign the certificate.<\/p>\n
openssl x509 -req -in .\/zarafa-ssl.csr -signkey zarafa-ssl.key -out zarafa-ssl.crt -days 9999\r\n<\/code><\/pre>\n… and add it to Apache.<\/p>\n
cd \/etc\/httpd\/conf.d\r\nnano ssl.conf\r\n<\/code><\/pre>\nFind the line “SSLCertificateFile \/opt\/yaffas\/etc\/ssl\/certs\/zarafa-webaccess.crt” and change it to “SSLCertificateFile \/etc\/zarafa\/ssl\/zarafa-ssl.crt”.<\/p>\n
Find the line “SSLCertificateKeyFile \/opt\/yaffas\/etc\/ssl\/certs\/zarafa-webaccess.key” and change it to “SSLCertificateKeyFile \/etc\/zarafa\/ssl\/zarafa-ssl.key”<\/p>\n
Save the file and quit.<\/p>\n
Now, open the\u00a0zarafa-webapp.conf<\/code>\u00a0file.<\/p>\nnano \/etc\/httpd\/zarafa-webapp.conf\r\n<\/code><\/pre>\nFind the following 2 lines and uncomment them.<\/p>\n
#php_flag session.cookie_secure on\r\n#php_flag session.cookie_httponly on\r\n<\/code><\/pre>\nAdd the following lines.<\/p>\n
RewriteEngine On\r\nRewriteCond % !=on\r\nRewriteRule (.*) https:\/\/pegasus.example.com\/webapp\/ [R] (Of course use your own real domain here)\r\n<\/code><\/pre>\nSave the file and quit. Then restart Apache.<\/p>\n
service httpd restart\r\n<\/code><\/pre>\nNow the web app will always use HTTPS. You can do the same for\u00a0zarafa-webapp.conf<\/code>.<\/p>\nWhen testing the installation on CentOS, I noticed some error messages due to missing folders. You can fix it with the following commands.<\/p>\n
mkdir -p \/var\/run\/policyd-weight\/cores\/master\r\nmkdir -p \/var\/run\/policyd-weight\/cores\/cache\r\nchown -R polw \/var\/run\/policyd-weight\r\n<\/code><\/pre>\nTo use your new Zarafa server as the mail server for your domain, you will need to setup both an A record and an MX record for your domain. If desired, you can use your favorite search engine to find an SPF Wizard, which makes it easy to create an SPF record for your domain.<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","format":"standard","manualknowledgebasecat":[242,388],"manual_kb_tag":[474],"_links":{"self":[{"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb\/2957"}],"collection":[{"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb"}],"about":[{"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/types\/manual_kb"}],"author":[{"embeddable":true,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/comments?post=2957"}],"version-history":[{"count":2,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb\/2957\/revisions"}],"predecessor-version":[{"id":2959,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb\/2957\/revisions\/2959"}],"wp:attachment":[{"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/media?parent=2957"}],"wp:term":[{"taxonomy":"manualknowledgebasecat","embeddable":true,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manualknowledgebasecat?post=2957"},{"taxonomy":"manual_kb_tag","embeddable":true,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb_tag?post=2957"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}