This manual is deprecated. Please visit https://groupoffice.readthedocs.io for the latest documentation.

Group-Office on separate mail- and webserver howto

From Group-Office Groupware and CRM Documentation
Revision as of 18:02, 30 November 2010 by Admin (Talk | contribs) (Install the mailserver)

Jump to: navigation, search

I'm going to show an ideal setup of a separate mailserver and Group-Office server.

On both servers we'll install a minimal Debian 6.

Secure access

First we'll secure the remote access on both servers:

Install fail2ban. This is a program that will monitor various log files and blocks users who make more then 3 failed login attempts.

apt-get install fail2ban

Install sudo to allow normal users to execute root commands:

apt-get install sudo

Then add a personal user:

adduser <username>
adduser <username> sudo

Generate an ssh keypair for your username on your own machine. We don't cover this here.

Add the public key to:

/home/<username>/.ssh/authorized_keys

Set the right permissions:

chmod 700 /home/<username>/.ssh/
chmod 600 /home/<username>/.ssh/authorized_keys

Now test the SSH login with your keypair and make sure it works because we're going to disable any other login method. Make sure this user can use sudo too.

When this works disable root login through SSH and disable login with normal passwords:

Change /etc/ssh/sshd_config:

PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no

Add Group-Office repository

You can do that easily by executing the following command in the terminal:

echo -e "\n## Group-Office repository\ndeb http://repos.groupoffice.eu/ threesix main" | tee -a /etc/apt/sources.list

To authenticate the packages you need to import the public key by running the following commands:

gpg --keyserver hkp://keyserver.ubuntu.com:11371 --recv-keys 01F1AE44
gpg --export --armor 01F1AE44 | apt-key add -

Update APT:

apt-get update

Install the mailserver

apt-get install groupoffice-mailserver

Install the webserver

Enabling SSL

This is for a self-signed certificate. You probably want to purchase a real one.

mkdir /etc/apache2/ssl && /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

Edit /etc/apache2/sites-enabled/000-default:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem

Change the VirtualHost port from *:80 to *:443.