Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende ÜberarbeitungLetzte ÜberarbeitungBeide Seiten der Revision | ||
centos:mail_c7:horde_1 [11.09.2014 07:41. ] – [Horde s unter CentOS 7.x - Grundinstallation und Konfiguration] django | centos:mail_c7:horde_1 [29.09.2014 13:16. ] – [fehlende PECL-Pakete installieren] django | ||
---|---|---|---|
Zeile 1330: | Zeile 1330: | ||
/ | / | ||
</ | </ | ||
+ | |||
+ | ==== fehlende PECL-Pakete installieren ==== | ||
+ | Gemäß den Empfehlungen aus der [[http:// | ||
+ | |||
+ | Zum Manipulieren von Graphiken wird vom Horde-Team empfohlen (siehe [[http:// | ||
+ | |||
+ | Die Installation des benötigten Paketes holen wir nun noch nach. | ||
+ | # yum install php-pecl-imagick -y | ||
+ | |||
+ | Ferner wird noch laut der [[http:// | ||
+ | |||
+ | <WRAP center round info> | ||
+ | Bis des Horde-Maintainer [[remi@fedoraproject.org|Remi Collet]] das RPM in's offizielle EPEL-Repository aufgenimmt, greifen wir auf die Vorabversion((Stand 15. September '14)) zurück. | ||
+ | </ | ||
+ | |||
+ | # yum localinstall http:// | ||
+ | |||
+ | Anschließend starten wir unseren http-Daemon 1x durch. | ||
+ | # systemctl restart httpd.service | ||
+ | |||
+ | ===== Dokumentation ===== | ||
+ | ==== Installation ==== | ||
+ | |||
+ | # cat / | ||
+ | |||
+ | <file / | ||
+ | | ||
+ | ============================== | ||
+ | |||
+ | :Contact: horde@lists.horde.org | ||
+ | |||
+ | .. contents:: Contents | ||
+ | .. section-numbering:: | ||
+ | |||
+ | This document contains instructions for installing the Horde Framework on your | ||
+ | system. | ||
+ | |||
+ | The Horde Framework, by itself, does not provide any significant end user | ||
+ | functionality; | ||
+ | developers. When you have installed Horde as described below, you will | ||
+ | probably want to install some of the available Horde applications, | ||
+ | IMP_ (a webmail client), or Kronolith_ (a calendar). There is a list of Horde | ||
+ | applications and projects at http:// | ||
+ | |||
+ | If you are interested in developing applications for Horde, there is developer | ||
+ | documentation and references available at http:// | ||
+ | tutorials and papers on Horde available at | ||
+ | http:// | ||
+ | |||
+ | For information on the capabilities and features of Horde, see the file | ||
+ | README_ in the top-level directory of the Horde distribution. | ||
+ | |||
+ | .. _IMP: http:// | ||
+ | .. _Kronolith: http:// | ||
+ | |||
+ | |||
+ | Quick Install | ||
+ | ============= | ||
+ | |||
+ | These are very terse instructions how to install Horde and its prerequisites | ||
+ | on a LAMP_ (Linux, Apache, MySQL, PHP) sytem. | ||
+ | experienced administrators who know exactly what they are doing. | ||
+ | detailed instructions, | ||
+ | |||
+ | 1. Compiling PHP for Apache 2:: | ||
+ | |||
+ | cd php-x.x.x/ | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | make | ||
+ | make install | ||
+ | |||
+ | 2. Restart Apache. | ||
+ | |||
+ | 3. Make sure your PEAR package is up-to-date:: | ||
+ | |||
+ | pear upgrade PEAR | ||
+ | |||
+ | 4. Register Horde PEAR channel:: | ||
+ | |||
+ | pear channel-discover pear.horde.org | ||
+ | |||
+ | 5. Set Horde installation directory:: | ||
+ | |||
+ | pear install horde/ | ||
+ | pear run-scripts horde/ | ||
+ | |||
+ | 6. Install Horde:: | ||
+ | |||
+ | pear install -a -B horde/horde | ||
+ | |||
+ | 7. Configure Horde:: | ||
+ | |||
+ | cd config/ | ||
+ | cp conf.php.dist conf.php | ||
+ | |||
+ | 8. Finish configuration:: | ||
+ | |||
+ | | ||
+ | |||
+ | Go to Administration => Configuration => Horde | ||
+ | (Or navigate to http:// | ||
+ | |||
+ | 9. Create database tables | ||
+ | |||
+ | Go to Administration => Configuration. Click ``Update All DB Schemas``. | ||
+ | |||
+ | 10. Test Horde (optional) | ||
+ | |||
+ | | ||
+ | ``PHP Settings`` section, or edit ``horde/ | ||
+ | | ||
+ | |||
+ | Go to:: | ||
+ | |||
+ | | ||
+ | |||
+ | .. Important:: Disable the test script again after you are done. | ||
+ | |||
+ | .. _LAMP: http:// | ||
+ | |||
+ | |||
+ | Prerequisites | ||
+ | ============= | ||
+ | |||
+ | The following prerequisites are **REQUIRED** for Horde to function properly. | ||
+ | |||
+ | 1. A webserver that supports PHP. | ||
+ | |||
+ | Horde is primarily developed under the Apache and Lighttpd webservers, | ||
+ | which we recommend. | ||
+ | |||
+ | - http:// | ||
+ | - http:// | ||
+ | |||
+ | 2. PHP 5.3.0 or above. | ||
+ | |||
+ | PHP is the interpreted language in which Horde is written. | ||
+ | |||
+ | You can obtain PHP sources at:: | ||
+ | |||
+ | http:// | ||
+ | |||
+ | .. Note:: Although the PHP 5.3 API is supported, for stability, performance, | ||
+ | and security reasons it is **HIGHLY RECOMMENDED** to use a version of | ||
+ | PHP >= 5.4.0. | ||
+ | |||
+ | .. Note:: While it may be possible to install PHP using the package manager | ||
+ | for your operating system, it is not recommended to do so if your | ||
+ | distribution (e.g. Debian) does NOT update the actual PHP version in | ||
+ | its package updates. Otherwise, you will be stuck with a PHP version that | ||
+ | does not contain the most recent bug and security patches. On these | ||
+ | systems, it is **HIGHLY RECOMMENDED** to either install PHP from source | ||
+ | OR use a 3rd party package repository that contains the most recently | ||
+ | released PHP version on the branch (5.4, 5.5, etc.) that you want to use. | ||
+ | |||
+ | | ||
+ | you use Apache, be sure to build PHP as a library with one of the following | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | The following PHP extensions respective options are **REQUIRED** by Horde | ||
+ | | ||
+ | the required libraries and tools can be obtained as packages from your | ||
+ | | ||
+ | |||
+ | a. Gettext support. ``--with-gettext`` | ||
+ | |||
+ | Gettext is the GNU Translation Project' | ||
+ | Horde uses gettext to provide local translations of text displayed by | ||
+ | applications. Information on obtaining the gettext package is available | ||
+ | at | ||
+ | |||
+ | | ||
+ | |||
+ | See also note below on configuring Translations_. | ||
+ | |||
+ | All Horde translations are stored in UTF-8, so your underlying system | ||
+ | MUST support UTF-8 for all locales that you wish to provide translation | ||
+ | support for. | ||
+ | |||
+ | b. XML and DOM support. | ||
+ | |||
+ | XML and DOM support are enabled in PHP 5 by default. You only have to | ||
+ | make sure that you do **not** use ``--disable-dom``, | ||
+ | ``--disable-simplexml``, | ||
+ | |||
+ | Make sure you are using a newer (v2.7 or greater) version of libxml. | ||
+ | Older versions of libxml are broken when handling certain charsets. | ||
+ | |||
+ | The following PHP options are **RECOMMENDED** to enable advanced features in | ||
+ | | ||
+ | |||
+ | a. File Upload Support | ||
+ | |||
+ | File upload support is **REQUIRED** by many applications to allow | ||
+ | advanced features to work. To enable file upload support: | ||
+ | |||
+ | 1. In your php.ini file, the following line **must** be present:: | ||
+ | |||
+ | file_uploads = On | ||
+ | |||
+ | 2. Your temporary upload directory **must** be writable to the user | ||
+ | the web server is running as. If you leave the configuration | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | 3. Set the maximum size of the uploaded files via the | ||
+ | | ||
+ | | ||
+ | your ``php.ini`` file:: | ||
+ | |||
+ | upload_max_filesize = 5M | ||
+ | |||
+ | If either ``file_uploads`` is turned off, or your temporary upload | ||
+ | | ||
+ | | ||
+ | the user. | ||
+ | |||
+ | See the `File Uploads`_ FAQ entry for further information. | ||
+ | |||
+ | b. A preferences container. | ||
+ | |||
+ | Horde applications can store user preferences in an SQL database, an | ||
+ | LDAP directory, an IMSP server, a Kolab server, or in PHP sessions. | ||
+ | |||
+ | For SQL database preferences storage, Horde is thoroughly tested on | ||
+ | MySQL(i) (``--with-mysql(i)``) and PostgreSQL (``--with-pgsql``), | ||
+ | been reported to work with SQLite (enabled by default). | ||
+ | |||
+ | Preferences can also be stored via LDAP (``--with-ldap``), | ||
+ | (``--with-ldap``), | ||
+ | |||
+ | Alternatively, | ||
+ | requires no external programs or configure options, but which will not | ||
+ | maintain preferences between sessions. | ||
+ | |||
+ | While the LDAP, database, Kolab, or IMSP server need not be running on | ||
+ | the machine onto which you are installing Horde, the appropriate | ||
+ | client libraries to access the server must be available locally. | ||
+ | |||
+ | If a preference container is not configured, no preference options | ||
+ | will be configurable via Horde' | ||
+ | stored in each applications ``config/ | ||
+ | |||
+ | c. Multibyte character support (mbstring and iconv extensions) ``--enable-mbstring`` | ||
+ | |||
+ | If these extensions are enabled, Horde can better support multibyte | ||
+ | character sets. | ||
+ | |||
+ | For iconv support you should use the GNU libiconv library, which is more | ||
+ | stable and supports more charsets, compared to other iconv | ||
+ | implementations, | ||
+ | |||
+ | Iconv support is enabled by default in PHP 5. You only have to make sure | ||
+ | that you do **not** use ``--without-iconv`` | ||
+ | |||
+ | d. GD support ``--with-gd`` | ||
+ | |||
+ | Horde will use the GD extension to perform manipulations on image data | ||
+ | through the Horde_Image library. | ||
+ | |||
+ | If you want GD to be able to work with PNG images, you should use the | ||
+ | ``--with-png-dir`` option to make sure PHP can find the PNG libraries | ||
+ | it needs to compile. | ||
+ | |||
+ | If you want GD to be able to work with JPEG images, you should use the | ||
+ | ``--with-jpeg-dir`` option to make sure PHP can find the JPEG libraries | ||
+ | it needs to compile. | ||
+ | |||
+ | You can also use the imagick_ extension or the ImageMagick_ package to do | ||
+ | these manipulations instead. The imagick_ extension is the recommended | ||
+ | method for image manipulation. See the ``Image Manipulation`` tab of the | ||
+ | Horde configuration for more details. ImageMagick version 6.5.7 or better | ||
+ | is recommended. | ||
+ | |||
+ | .. _imagick: http:// | ||
+ | .. _ImageMagick: | ||
+ | |||
+ | e. tidy ``--with-tidy`` | ||
+ | |||
+ | The tidy PHP extension is required to sanitize HTML data. | ||
+ | |||
+ | .. Important:: Additionally, | ||
+ | or **RECOMMEND** other options to be built into PHP | ||
+ | also. Please check ``docs/ | ||
+ | wish to use to see if other PHP options are needed. | ||
+ | |||
+ | f. fileinfo | ||
+ | |||
+ | Allows Horde applications to guess the MIME type of files by analyzing | ||
+ | their contents. | ||
+ | |||
+ | This extension is automatically enabled by default. | ||
+ | |||
+ | g. intl | ||
+ | |||
+ | The intl extension is required to handle display of Internationalized | ||
+ | Domain Names (see RFC 3490), e.g in e-mail addresses. | ||
+ | |||
+ | This extension can be enabled by adding the ``--enable-intl`` option | ||
+ | when compiling PHP. | ||
+ | |||
+ | h. _`curl` ``--with-curl`` | ||
+ | |||
+ | The `curl extension`_, | ||
+ | fopen() when retrieving data from external HTTP servers (remote | ||
+ | calendars, web APIs, etc.). This is much more reliable and flexible, so | ||
+ | it is recommended to either enable it or install the http_ extension. | ||
+ | |||
+ | This extension can be enabled by adding the ``--with-curl`` option when | ||
+ | compiling PHP. | ||
+ | |||
+ | 3. PEAR Modules | ||
+ | |||
+ | PEAR is short for "PHP Extension and Application Repository" | ||
+ | PEAR is to provide a means of distributing reusable code. | ||
+ | |||
+ | For more information, | ||
+ | |||
+ | .. Important:: Make sure you are running a supported (i.e. new enough) | ||
+ | version of PEAR: use the test script described below under | ||
+ | " | ||
+ | from ftp.horde.org. | ||
+ | |||
+ | Check that the path where the PEAR packages are installed are part of the | ||
+ | | ||
+ | |||
+ | Run the command:: | ||
+ | |||
+ | pear config-show | ||
+ | |||
+ | You will see something like:: | ||
+ | |||
+ | PEAR directory | ||
+ | |||
+ | Now open the php.ini file of your system, for example ``/ | ||
+ | find the ``include_path`` and make sure that ``/ | ||
+ | the list. If you had to change that value, restart the web server after | ||
+ | | ||
+ | |||
+ | .. Important:: If you are going to install Horde the recommended way, | ||
+ | i.e. using the PEAR installer, you can skip the remainder of | ||
+ | this section. Installing Horde through PEAR will | ||
+ | automatically download and install all required PEAR | ||
+ | packages. | ||
+ | |||
+ | These PEAR packages are **RECOMMENDED** to be installed: | ||
+ | |||
+ | a. Net_DNS2 | ||
+ | |||
+ | If installed, it will be used instead of the built-in PHP function | ||
+ | gethostbyaddr() for host name lookups. This has the advantage that | ||
+ | Net_DNS2 has configurable timeouts and retries. | ||
+ | To install, enter the following at the command prompt:: | ||
+ | |||
+ | pear install Net_DNS2 | ||
+ | |||
+ | b. Services_Weather (>= 1.3.1) | ||
+ | |||
+ | **REQUIRED** only if you wish to use the weather.com block on the portal | ||
+ | page. | ||
+ | To install, enter the following at the command prompt:: | ||
+ | |||
+ | pear install Services_Weather | ||
+ | |||
+ | Additional steps are required if you want use the METAR weather block on | ||
+ | the portal page. See the file ``data/ | ||
+ | in your PEAR directory for details. | ||
+ | |||
+ | c. File_Fstab | ||
+ | |||
+ | | ||
+ | To install, enter the following at the command prompt:: | ||
+ | |||
+ | pear install File_Fstab | ||
+ | |||
+ | This method of installing PEAR packages requires that you have a PHP version | ||
+ | that has been compiled as a static binary. | ||
+ | both a SAPI module (Apache, CGI, etc.) and a command-line (CLI) binary. | ||
+ | Check if you have a php binary in ``/ | ||
+ | | ||
+ | |||
+ | For more detailed directions on installing PEAR packages, see the PEAR | ||
+ | | ||
+ | |||
+ | 4. PECL Modules | ||
+ | |||
+ | PECL is short for "PHP Extension Community Library" | ||
+ | to provide a means of easily distributing PHP extensions. | ||
+ | |||
+ | For more information, | ||
+ | |||
+ | PECL is the " | ||
+ | | ||
+ | PEAR instructions above. | ||
+ | |||
+ | When you install a PECL extension, you have to add it to your ``php.ini`` | ||
+ | so it gets loaded. | ||
+ | the extension (the extension should be installed in the directory specified | ||
+ | by the ``extension_dir`` option in ``php.ini``):: | ||
+ | |||
+ | | ||
+ | |||
+ | Or on Windows:: | ||
+ | |||
+ | | ||
+ | |||
+ | After that, restart your webserver. | ||
+ | |||
+ | These PECL packages are **RECOMMENDED** to be installed: | ||
+ | |||
+ | a. imagick | ||
+ | |||
+ | The imagick extension can be used by Horde' | ||
+ | image manipulations. | ||
+ | |||
+ | To install, enter the following at the command prompt:: | ||
+ | |||
+ | pecl install imagick | ||
+ | |||
+ | The imagick extension **must** be compiled against ImageMagick version | ||
+ | 6.2.9 or better, though version 6.5.7 or better is recommended. | ||
+ | |||
+ | b. horde_lz4 | ||
+ | |||
+ | If the horde_lz4 extension is available, Horde can perform real-time | ||
+ | compression on data, resulting in reduced storage load on the server for | ||
+ | things like cache storage and session data. It is highly recommended. | ||
+ | |||
+ | To install, enter the following at the command prompt:: | ||
+ | |||
+ | pecl install horde_lz4 | ||
+ | |||
+ | c. memcache | ||
+ | |||
+ | If using memcache, the memcache PECL extension must be installed. | ||
+ | |||
+ | To install, enter the following at the command prompt:: | ||
+ | |||
+ | pecl install memcache | ||
+ | |||
+ | d. _`http` | ||
+ | |||
+ | The `http extension`_, | ||
+ | fopen() when retrieving data from external HTTP servers (remote | ||
+ | calendars, web APIs, etc.). This is much more reliable and flexible, so | ||
+ | it recommended to either install this or enable the curl_ extension. | ||
+ | |||
+ | To install, enter the following at the command prompt:: | ||
+ | |||
+ | pecl install http | ||
+ | |||
+ | For additional help on using the pear command-line program to install PECL | ||
+ | | ||
+ | |||
+ | |||
+ | The following non-PHP prerequisites are **RECOMMENDED**. | ||
+ | |||
+ | 1. aspell - Spelling Checker | ||
+ | |||
+ | | ||
+ | You must install and configure aspell to use Horde' | ||
+ | |||
+ | | ||
+ | |||
+ | You can obtain aspell from: | ||
+ | |||
+ | http:// | ||
+ | |||
+ | |||
+ | The following non-PHP prerequisites are optional. | ||
+ | |||
+ | 1. Sendmail. | ||
+ | |||
+ | It is highly **RECOMMENDED** that Horde be configured to use SMTP for | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | exim, among others). However, local use of sendmail binaries to send mail | ||
+ | is discouraged due to authentication/ | ||
+ | | ||
+ | | ||
+ | API across platforms/ | ||
+ | |||
+ | |||
+ | Installing Horde | ||
+ | ================ | ||
+ | |||
+ | The **RECOMMENDED** way to install Horde is using the PEAR installer. | ||
+ | Alternatively, | ||
+ | latest not yet released fixes, you can install Horde from Git. | ||
+ | |||
+ | |||
+ | Installing with PEAR | ||
+ | ~~~~~~~~~~~~~~~~~~~~ | ||
+ | |||
+ | Before beginning, make sure your PEAR package is up-to-date:: | ||
+ | |||
+ | pear upgrade PEAR | ||
+ | |||
+ | Next, you need to register the Horde PEAR channel server to your local PEAR | ||
+ | system. This has to be done only **once** ever on a single PEAR system:: | ||
+ | |||
+ | pear channel-discover pear.horde.org | ||
+ | |||
+ | Next install a so-called " | ||
+ | installed. This should be a directory in your web server' | ||
+ | ``/ | ||
+ | a single PEAR system:: | ||
+ | |||
+ | pear install horde/ | ||
+ | pear run-scripts horde/ | ||
+ | |||
+ | When installing Horde through PEAR now, the installer will automatically | ||
+ | install any dependencies of Horde too. If you want to install Horde with all | ||
+ | optional dependencies, | ||
+ | compiled, specify both the ``-a`` and the ``-B`` flag:: | ||
+ | |||
+ | pear install -a -B horde/horde | ||
+ | |||
+ | By default, only the required dependencies will be installed:: | ||
+ | |||
+ | pear install horde/horde | ||
+ | |||
+ | If you want to install Horde even with all binary dependencies, | ||
+ | remove the ``-B`` flag. Please note that this might also try to install PHP | ||
+ | extensions through PECL that might need further configuration or activation in | ||
+ | your PHP configuration:: | ||
+ | |||
+ | pear install -a horde/horde | ||
+ | |||
+ | |||
+ | Installing into separate PEAR | ||
+ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
+ | |||
+ | .. Warning:: Unless you really know **why** you want to do this, you probably | ||
+ | do **not** want to do this. Use the general PEAR installation | ||
+ | | ||
+ | |||
+ | If you want to create a separate PEAR installation for installing Horde, | ||
+ | independent from the system-wide PEAR installation, | ||
+ | following commands (in this example, ``/ | ||
+ | location of the web-accessible horde directory):: | ||
+ | |||
+ | mkdir / | ||
+ | pear config-create / | ||
+ | pear -c / | ||
+ | |||
+ | Then follow the regular installation steps, but use the ``pear`` command from | ||
+ | the PEAR installation you just created, e.g.:: | ||
+ | |||
+ | / | ||
+ | | ||
+ | |||
+ | Finally configure your web server in some way to point PHP's ``include_path`` | ||
+ | setting to the PEAR installation and the ``PHP_PEAR_SYSCONF_DIR`` environment | ||
+ | variable to the web root:: | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | It is recommended to not use the .htaccess file in ``/ | ||
+ | these values because it will be overwritten with every further update. | ||
+ | |||
+ | |||
+ | Installing from Git | ||
+ | ~~~~~~~~~~~~~~~~~~~ | ||
+ | |||
+ | See http:// | ||
+ | |||
+ | |||
+ | Configuring Horde | ||
+ | ================= | ||
+ | |||
+ | 1. Configuring the web server | ||
+ | |||
+ | Horde requires the following webserver settings. Examples shown are for | ||
+ | | ||
+ | |||
+ | a. PHP interpretation for files matching ``*.php``:: | ||
+ | |||
+ | | ||
+ | |||
+ | .. Note:: The above instructions may not work if you have specified PHP | ||
+ | as an output filter with ``SetOutputFilter`` directive in | ||
+ | Apache 2.x versions. | ||
+ | Apache 2.x RPMS have the output filter set, and **MUST NOT** | ||
+ | have the above ``AddType`` directive added. | ||
+ | |||
+ | b. ``index.php`` as an index file (brought up when a user requests a URL for | ||
+ | a directory):: | ||
+ | |||
+ | | ||
+ | |||
+ | c. If you plan to provide ActiveSync support to your users, you have to | ||
+ | create an alias of the ``/ | ||
+ | ``/ | ||
+ | |||
+ | c. If you plan to provide CardDAV support to users with iOS devices, you | ||
+ | have to create an alias of the ``/ | ||
+ | ``/ | ||
+ | |||
+ | 2. Configuring Horde | ||
+ | |||
+ | To configure Horde, change to the ``config/`` directory of the installed | ||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | <?php | ||
+ | $_prefs[' | ||
+ | $_prefs[' | ||
+ | |||
+ | This works with any configuration file. | ||
+ | |||
+ | .. Warning:: All configuration files in Horde are PHP scripts that are | ||
+ | executed by the web server. If you make an error in one of | ||
+ | these files, Horde might stop working. Thus it is always a good | ||
+ | idea to test the configuration files after you edited them. If | ||
+ | you want to test mime_drivers.local.php for example run:: | ||
+ | |||
+ | php -l mime_drivers.local.php | ||
+ | |||
+ | 3. Completing Configuration | ||
+ | |||
+ | You can now access Horde without a password, and you will be logged in as | ||
+ | an administrator. | ||
+ | |||
+ | .. Important:: You should first configure a real authentication | ||
+ | backend and designate which accounts in your real | ||
+ | backend will be administrator accounts. | ||
+ | **NOT** have a default administrator account - all | ||
+ | users, including administrators, | ||
+ | actual authentication backend. | ||
+ | in the ``Administration`` menu and configure Horde. | ||
+ | Start in the ``Authentication`` tab. | ||
+ | |||
+ | Here is an example for configuring authentication against a remote IMAP | ||
+ | | ||
+ | | ||
+ | |||
+ | a. In the ``Which users should be treated as administrators`` field enter a | ||
+ | comma separated list of user names of your choosing. This will control | ||
+ | who is allowed to make configuration changes, see passwords, potentially | ||
+ | add users, etc. | ||
+ | |||
+ | b. In the ``What backend should we use for authenticating users to Horde`` | ||
+ | pulldown menu select ``IMAP authentication``. The page will reload and | ||
+ | you will have specific options for IMAP authentication. | ||
+ | |||
+ | c. In the ``Configuration type`` pulldown menu select ``Separate values``. | ||
+ | The page will reload with additional options. Fill in the remaining | ||
+ | three fields appropriately: | ||
+ | |||
+ | - IP name/number of the IMAP server | ||
+ | - For a secure connection, select port 993. | ||
+ | - Select the secure connection protocol to use, if desired. | ||
+ | |||
+ | | ||
+ | | ||
+ | that you probably want to configure is the ``Database Settings``, which | ||
+ | | ||
+ | | ||
+ | |||
+ | .. Important:: By default Horde will be using database backends for most | ||
+ | sub-systems. If you do not plan to use a database with Horde, | ||
+ | you need to go through all tabs of the configuration screen | ||
+ | and change the configuration for those systems from ``SQL`` | ||
+ | to a suitable alternative. | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | list in the ``Authentication`` tab of the Horde configuration. | ||
+ | |||
+ | The other files in that directory need only be modified if you wish to | ||
+ | | ||
+ | | ||
+ | |||
+ | 4. Creating databases | ||
+ | |||
+ | Once you created the database configuration in the previous step, you can | ||
+ | | ||
+ | in the configuration screen. | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | If you installed Horde into the global PEAR system, this script should be in | ||
+ | your command path. If the script cannot be found in your path, you need to | ||
+ | | ||
+ | |||
+ | / | ||
+ | |||
+ | You can use the ``pear`` command to find the place where the script has been | ||
+ | | ||
+ | |||
+ | pear config-get bin_dir | ||
+ | |||
+ | If you installed into a local PEAR installation, | ||
+ | PEAR where to find the installation and the script, e.g.:: | ||
+ | |||
+ | PHP_PEAR_SYSCONF_DIR=/ | ||
+ | -d include_path=/ | ||
+ | / | ||
+ | |||
+ | 5. Setting up alarm emails | ||
+ | |||
+ | If you want your users to be able to receive emails from the Horde_Alarm | ||
+ | | ||
+ | must have at least one administrator specified in the Horde configuration, | ||
+ | and you must have the PHP CLI installed (a CGI binary is not supported - | ||
+ | ``php -v`` will report what kind of PHP binary you have). | ||
+ | |||
+ | | ||
+ | |||
+ | # Horde Alarms | ||
+ | */5 * * * * / | ||
+ | |||
+ | If not installing Horde through PEAR or if PEAR's ``bin_dir`` configuration | ||
+ | | ||
+ | path to the ``horde-alarms`` script in your Horde installation. | ||
+ | |||
+ | 6. Testing Horde | ||
+ | |||
+ | Once you have configured your webserver, PHP, and Horde, bring up the | ||
+ | | ||
+ | | ||
+ | URL to the test page would be:: | ||
+ | |||
+ | http:// | ||
+ | |||
+ | The test script is disabled by default for security reasons. To enable | ||
+ | set the ' | ||
+ | | ||
+ | |||
+ | Check that your PHP and PEAR versions are acceptably recent, that all | ||
+ | | ||
+ | is set to ``Off``. Then note the ``Session counter: 1`` line under ``PHP | ||
+ | | ||
+ | |||
+ | If you get a warning like ``Failed opening '/ | ||
+ | | ||
+ | | ||
+ | |||
+ | 7. Securing Horde | ||
+ | |||
+ | a. Passwords | ||
+ | |||
+ | Some of Horde' | ||
+ | could use to access your database. | ||
+ | least the Horde configuration files (in ``config/ | ||
+ | system users. | ||
+ | directories that do not need to be accessed directly; before relying on | ||
+ | those, ensure that your webserver supports ``.htaccess`` and is | ||
+ | configured to use them, and that the files in those directories are in | ||
+ | fact inaccessible via the browser. | ||
+ | |||
+ | An additional approach is to make Horde' | ||
+ | the user ``root`` and by a group which only the webserver user belongs | ||
+ | to, and then making them readable only to owner and group. | ||
+ | if your webserver runs as ``www.www``, | ||
+ | |||
+ | chown -R root.www config/* | ||
+ | find config/ -type f -exec chmod 0440 ' | ||
+ | |||
+ | b. Sessions | ||
+ | |||
+ | Session data -- including hashed versions of your users' passwords, in | ||
+ | some applications -- may not be stored as securely as necessary. | ||
+ | |||
+ | If you are using file-based PHP sessions (which are the default), be | ||
+ | sure that session files are not being written into ``/tmp`` with | ||
+ | permissions that allow other users to read them. Ideally, change the | ||
+ | ``session.save_path`` setting in ``php.ini`` to a directory only | ||
+ | readable and writeable by your webserver. | ||
+ | |||
+ | Additionally, | ||
+ | storage backend requested (e.g. SQL database) via the ``Custom Session | ||
+ | Handler`` tab in the Horde configuration. | ||
+ | |||
+ | For more information about securing your webserver, PHP and Horde, see the | ||
+ | | ||
+ | |||
+ | |||
+ | Dynamic View Troubleshooting | ||
+ | ============================ | ||
+ | |||
+ | Horde' | ||
+ | that they require javascript support; in fact, javascript performs the bulk of | ||
+ | the page display. | ||
+ | with other Horde applications. | ||
+ | |||
+ | If you run into problems with the dynamic view, first follow the | ||
+ | troubleshooting steps for Horde - namely checking PHP error logs and Horde | ||
+ | debug logs to determine if the problem is located there. | ||
+ | will be logged in the traditional manner. | ||
+ | |||
+ | Only if traditional debugging is unsuccessful will you need to move to | ||
+ | javascript debugging. | ||
+ | the `Firebug`_ extension installed in order to better track javascript | ||
+ | errors - it is what the developers use and makes deciphering error codes and | ||
+ | error line numbers much easier. | ||
+ | caching, if on, in ``horde/ | ||
+ | |||
+ | If you do find a javascript error, it would be great if you could fix the | ||
+ | issue and provide a patch :) Absent that, before reporting to the mailing | ||
+ | list, IRC room, or bug tracker make sure you have a valid javascript error, | ||
+ | the file the error is being caused in, the line number of the error, and a | ||
+ | reliable way to reproduce the error. | ||
+ | be much more likely to help you if all this information is provided. | ||
+ | |||
+ | |||
+ | Configuring Applications | ||
+ | ======================== | ||
+ | |||
+ | A list of available Horde applications can be found at | ||
+ | |||
+ | | ||
+ | |||
+ | Instructions on configuring Horde applications can be found in the ``INSTALL`` | ||
+ | file in the application' | ||
+ | |||
+ | |||
+ | Temporary Files | ||
+ | =============== | ||
+ | |||
+ | Various Horde applications will generate temporary files in PHP's temporary | ||
+ | directory (see the ``General`` tab in the Horde configuration). | ||
+ | reasons, some of these files may not be removed when the user's session | ||
+ | ends. To reclaim this disk space, it may be necessary to periodically delete | ||
+ | these old temporary files. | ||
+ | |||
+ | An example cron-based solution can be found at | ||
+ | ``horde/ | ||
+ | possible solution is to use utilities like ``tmpwatch``, | ||
+ | anything similar to remove old files. | ||
+ | |||
+ | Stale sessions are automatically pruned by PHP according to the | ||
+ | `session.gc_probability`_, | ||
+ | `session.gc_maxlifetime`_ settings located in ``php.ini``. | ||
+ | |||
+ | |||
+ | Translations | ||
+ | ============ | ||
+ | |||
+ | Note for international users: Horde uses GNU gettext to provide local | ||
+ | translations of text displayed by applications; | ||
+ | the po/ directory. | ||
+ | you wish to create one), or if you're having trouble using a provided | ||
+ | translation, | ||
+ | |||
+ | |||
+ | Obtaining Support | ||
+ | ================= | ||
+ | |||
+ | If you encounter problems with Horde, help is available! | ||
+ | |||
+ | The Horde Frequently Asked Questions List (FAQ), available on the Web at | ||
+ | |||
+ | http:// | ||
+ | |||
+ | The Horde Project runs a number of mailing lists, for individual applications | ||
+ | and for issues relating to the project as a whole. Information, | ||
+ | subscription information can be found at | ||
+ | |||
+ | http:// | ||
+ | |||
+ | Lastly, Horde developers, contributors and users may also be found on IRC, | ||
+ | on the channel #horde on the Freenode Network (irc.freenode.net). | ||
+ | |||
+ | Please keep in mind that Horde is free software written by volunteers. | ||
+ | For information on reasonable support expectations, | ||
+ | |||
+ | http:// | ||
+ | |||
+ | Thanks for using Horde! | ||
+ | |||
+ | The Horde Team | ||
+ | |||
+ | |||
+ | .. _README: README | ||
+ | .. _docs/ | ||
+ | .. _docs/ | ||
+ | .. _`curl extension`: http:// | ||
+ | .. _`http extension`: http:// | ||
+ | .. _`File Uploads`: http:// | ||
+ | .. _`Firebug`: http:// | ||
+ | .. _`session.gc_probability`: | ||
+ | .. _`session.gc_divisor`: | ||
+ | .. _`session.gc_maxlifetime`: | ||
+ | </ | ||
+ | |||
+ | ==== Sicherheit ==== | ||
+ | # cat / | ||
+ | |||
+ | <file / | ||
+ | Horde Security Notes | ||
+ | ====================== | ||
+ | |||
+ | :Contact: horde@lists.horde.org | ||
+ | |||
+ | .. contents:: Contents | ||
+ | .. section-numbering:: | ||
+ | |||
+ | |||
+ | Temporary files | ||
+ | =============== | ||
+ | |||
+ | Horde applications make extensive use of temporary files. | ||
+ | sure these files are secure, you should make sure your installation meets the | ||
+ | following criteria. | ||
+ | |||
+ | Sites may gain increased security by defining a temporary directory in the | ||
+ | Horde configuration which is writable by the web server, but not writable by | ||
+ | other users. | ||
+ | is best to also make these file unreadable by other users. | ||
+ | be made readable and writable only by the web server user. | ||
+ | |||
+ | |||
+ | PHP Sessions | ||
+ | ============ | ||
+ | |||
+ | For the most security, you should enable PHP session cookies by enabling the | ||
+ | PHP setting ``session.use_cookies``. When doing so, be sure to set an | ||
+ | appropriate cookie path and cookie domain in the Horde configuration also to | ||
+ | secure your cookies. You should even force session cookie usage in the Horde | ||
+ | configuration, | ||
+ | |||
+ | If you want to use HTTPS connections, | ||
+ | Horde configuration. This will force cookies to be sent over secure connections | ||
+ | only and helps to prevent sidejacking. | ||
+ | |||
+ | If PHP sessions are set to use the ``files`` save_handler, | ||
+ | should be secured properly. Sites can increase security by setting the PHP | ||
+ | setting ``session.save_path`` to a directory that is only readable and | ||
+ | writable by the web server process. | ||
+ | |||
+ | Sites with a large user base should consider setting the | ||
+ | ``session.entropy_file`` and ``session.entropy_length`` to appropriate values. | ||
+ | |||
+ | Horde will encrypt the user credentials before storing them in the session. | ||
+ | Thus, a compromised sessions will not reveal the user's stored credentials. | ||
+ | |||
+ | |||
+ | Default database passwords | ||
+ | ========================== | ||
+ | |||
+ | The Horde documentation and sample database creation scripts create a default | ||
+ | user and password for accessing the horde database. | ||
+ | production environment is a security hole, since an attacker will easily guess | ||
+ | it. | ||
+ | |||
+ | It is very important that sites change at least the password to something | ||
+ | secure. | ||
+ | |||
+ | |||
+ | Prevent configuration file reading and writing | ||
+ | ============================================== | ||
+ | |||
+ | The configuration files may contain sensitive data (such as database | ||
+ | passwords) that should not be read or written by local system users or remote | ||
+ | web users. | ||
+ | |||
+ | If you use a Unix system, one way to make the configuration files and | ||
+ | directories accessible only to the web server is as follows. | ||
+ | that the web server runs as the user ``apache`` and the files are located in | ||
+ | ``/ | ||
+ | |||
+ | $ chown -R apache / | ||
+ | $ chown -R apache / | ||
+ | $ chmod -R go-rwx / | ||
+ | $ chmod -R go-rwx / | ||
+ | |||
+ | For completely fascist permissions, | ||
+ | inaccessible by anyone except the web server user (and root):: | ||
+ | |||
+ | $ chown -R apache / | ||
+ | $ chmod -R go-rwx | ||
+ | $ chmod -R a-w / | ||
+ | |||
+ | Note that the last line makes all files unwritable by any user (only root can | ||
+ | override this). | ||
+ | administrate. | ||
+ | configuration interface, forcing you to update the Horde configuration files | ||
+ | manually (as per the INSTALL_ instructions). | ||
+ | |||
+ | The above will not secure the files if other user's on the same machine can | ||
+ | run scripts as the apache user. If you need to protect against this you | ||
+ | should make other user's scripts run under their own account with some | ||
+ | facility such as apache' | ||
+ | cgi scripts, but also for other modules like mod_php, mod_perl, mod_python, | ||
+ | etc. that may be in use on your server. | ||
+ | |||
+ | .. _INSTALL: ? | ||
+ | |||
+ | |||
+ | Restricting the test script | ||
+ | =========================== | ||
+ | |||
+ | The test script (``horde/ | ||
+ | be used against the site by attackers. | ||
+ | this reason. | ||
+ | |||
+ | This script is configured via the ' | ||
+ | |||
+ | After manually enabling the script, and once you have confirmed that | ||
+ | everything is working, you should disable access to the test script. | ||
+ | |||
+ | |||
+ | Preventing Apache from serving configuration and source files | ||
+ | ============================================================== | ||
+ | |||
+ | The Horde configuration files may contain sensitive data (such as database | ||
+ | passwords) that should not be served by the web server. Other directories | ||
+ | contain PHP source code that isn't intended for viewing by end-users. The | ||
+ | Horde group has provided ``.htaccess`` files in various directories to help | ||
+ | protect these files. | ||
+ | ``.htacess`` files (which is a performance hit, and may not be available in | ||
+ | all web servers). | ||
+ | |||
+ | An Apache site can also prevent the web server from serving these | ||
+ | files by adding sections to ``httpd.conf`` such as the following:: | ||
+ | |||
+ | < | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | </ | ||
+ | < | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | </ | ||
+ | < | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | </ | ||
+ | < | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | </ | ||
+ | < | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | </ | ||
+ | < | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | </ | ||
+ | |||
+ | Repeat this pattern for each Horde application. | ||
+ | would then add:: | ||
+ | |||
+ | < | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | </ | ||
+ | < | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | </ | ||
+ | < | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | </ | ||
+ | < | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | </ | ||
+ | < | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | </ | ||
+ | < | ||
+ | order deny,allow | ||
+ | deny from all | ||
+ | </ | ||
+ | |||
+ | |||
+ | Setup scripts | ||
+ | ============= | ||
+ | |||
+ | There are various scripts use to setup or configure Horde. | ||
+ | users on the web server machine, you should protect these files from being | ||
+ | accessed by them. On a unix system, you might restrict these files to root | ||
+ | access by using the following type of commands:: | ||
+ | |||
+ | $ chown -R root / | ||
+ | $ chown -R root / | ||
+ | $ chmod -R go-rwx / | ||
+ | $ chmod -R go-rwx / | ||
+ | |||
+ | |||
+ | Using a chroot web server setup | ||
+ | =============================== | ||
+ | |||
+ | Unix users may want to consider using a chroot environment for their web | ||
+ | server. | ||
+ | information exists on the world wide web and/or in your server documentation | ||
+ | to complete this task. | ||
+ | |||
+ | |||
+ | Hiding PHP info from the user | ||
+ | ============================= | ||
+ | |||
+ | You should consider setting the following PHP variables in your ``php.ini`` | ||
+ | file to prevent information leak to the user, or global insertion by the | ||
+ | user:: | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | You should also set up error logging (using the PHP ``error_log`` variable) | ||
+ | to log to a file, syslog, or other log destination. | ||
+ | |||
+ | |||
+ | Using a secure web server | ||
+ | ========================= | ||
+ | |||
+ | Horde depends on passing sensitive information (such as passwords and session | ||
+ | information) between the web server and the web client. | ||
+ | (SSL-enabled) web server will help protect this information as it traversing | ||
+ | the network. | ||
+ | |||
+ | |||
+ | Using a secure POP3/IMAP server | ||
+ | =============================== | ||
+ | |||
+ | If you are using a POP3/IMAP server with Horde (e.g. for authentication or for | ||
+ | IMP) then Horde is passing the user's login credentials between the web server | ||
+ | and the mail server. | ||
+ | |||
+ | If your web server and IMAP server are on the same host, you can increase | ||
+ | security by forcing all traffic over the loopback or localhost interface so | ||
+ | that it is not exposed to your network. | ||
+ | |||
+ | In cases where that is not possible, we recommend using a secure mail | ||
+ | connection such as IMAP-SSL or POP3-SSL to ensure that passwords remain safe. | ||
+ | |||
+ | |||
+ | LDAP Security | ||
+ | ============= | ||
+ | |||
+ | LDAP security is similar to the above POP3/IMAP server security issue. | ||
+ | are using LDAP, you should make sure that you are not exposing ldap passwords | ||
+ | or any sensitive data in your LDAP database. | ||
+ | |||
+ | |||
+ | Database socket security | ||
+ | ======================== | ||
+ | |||
+ | If your database (e.g. MySQL or PostgreSQL) is on the same host as your web | ||
+ | server, you may use unix sockets rather than tcp connections to help improve | ||
+ | your security (and performance). | ||
+ | achieve some better security by restricting the tcp support to the loopback or | ||
+ | localhost interface. | ||
+ | |||
+ | If the database keeps its socket file (e.g. ``mysql.sock``) in a directory | ||
+ | like ``/tmp`` or ``/ | ||
+ | that local users (if you have any) can't delete the socket. | ||
+ | bit should already be sent on the temporary directory itself, but you also | ||
+ | need to make sure the socket itself isn't writable by " | ||
+ | delete it. | ||
+ | |||
+ | You might consider moving the socket file to another location such as | ||
+ | ``/ | ||
+ | ``/ | ||
+ | |||
+ | |||
+ | Sendmail or SMTP considerations | ||
+ | =============================== | ||
+ | |||
+ | In some cases, you can increase security by sending mail via the local | ||
+ | command-line sendmail program on your web server, rather than using SMTP. | ||
+ | However, there may be reasons to use SMTP instead, such as if your smtp server | ||
+ | does spam or virus checking which would be skipped using the local sendmail | ||
+ | program. | ||
+ | |||
+ | |||
+ | Additional Notes | ||
+ | ================ | ||
+ | |||
+ | This is by far not a complete security HOWTO. This is just a compiled list of | ||
+ | what people have contributed so far. If you have tips, ideas, suggestions or | ||
+ | anything else that you think could help others in securing their Horde | ||
+ | installation, | ||
+ | </ | ||
+ | http:// | ||
+ | |||
+ | ==== Performance ==== | ||
+ | # cat / | ||
+ | |||
+ | <file / | ||
+ | Horde Performance Guide | ||
+ | ========================= | ||
+ | |||
+ | :Contact: horde@lists.horde.org | ||
+ | |||
+ | .. contents:: Contents | ||
+ | |||
+ | |||
+ | Some tips on performance tuning systems for Horde. | ||
+ | hardware tuning or even low level system (network, filesystem, etc) tuning. | ||
+ | |||
+ | Don't apply the following tuning hints blindly. | ||
+ | and after the changes under the conditions that are important for you. For | ||
+ | some people it's more important to make them as fast as possible for a small | ||
+ | user base, others require the applications to scale well under a high load. | ||
+ | Some of these hints might even make the applications slower under certain | ||
+ | conditions or using a certain hardware. | ||
+ | |||
+ | |||
+ | Linux Tuning | ||
+ | ============ | ||
+ | |||
+ | * Recompile RPMS for your architecture (e.g. i586, i686, athlon, etc). | ||
+ | This applies most to your Apache, PHP, IMAP, and POP3 packages. | ||
+ | |||
+ | |||
+ | Webserver/ | ||
+ | ==================== | ||
+ | |||
+ | * Consider a PHP accelerator program. | ||
+ | Suite`_, the `Alternative PHP Cache`_, eAccelerator_, | ||
+ | accelerators speed up access by caching the compiled PHP code, eliminating | ||
+ | the need to recompile the code for every single page load. **This is probably | ||
+ | the easiest way to improve the performance of Horde**. See Autoloading_ | ||
+ | further down to get even more out of some of those accelerators. | ||
+ | |||
+ | * Enable PHP output compression in the Horde configuration. Do not enable | ||
+ | compression in the PHP configuration (i.e. in ``php.ini``), | ||
+ | scripts don't work well with compression and Horde takes care of disabling | ||
+ | compression conditionally. | ||
+ | |||
+ | * Keep the include path defined in ``php.ini`` as short as possible, with the | ||
+ | most frequently used library paths first. | ||
+ | local directory ``.`` because Horde always uses full paths instead of | ||
+ | relative paths. | ||
+ | |||
+ | * Use an optimized ``php.ini``: | ||
+ | dsitribution. | ||
+ | |||
+ | * Don't run PHP session garbage collection too often if using a slow storage | ||
+ | medium (like SQL). (See ``session.gc_probability`` in ``php.ini``) | ||
+ | |||
+ | * If you have a large number of sessions and are using PHP's default file | ||
+ | based session handler, consider storing them in hashed directory levels. | ||
+ | (See ``session.save_path`` at http:// | ||
+ | |||
+ | * Consider using a faster storage medium for sessions, such as a tmpfs | ||
+ | (if storing sessions locally) or memcache (for storing session information | ||
+ | that can be accessed by multiple servers). | ||
+ | |||
+ | * Only load as many Apache and PHP extensions as needed (to reduce memory | ||
+ | usage). | ||
+ | |||
+ | * Use statically compiled Apache modules, including the PHP module. | ||
+ | |||
+ | * Use compiler optimizations (--prefer-non-pic, | ||
+ | -mmmx, -mfpmath=sse, | ||
+ | |||
+ | * If using SSL with a large site, consider a hardware SSL accelerator. | ||
+ | |||
+ | * Use shared memory for the Apache SSL cache if possible. | ||
+ | |||
+ | * To improve caching of static content if accessing Apache SSL with Internet | ||
+ | Explorer, try setting longer expiration periods:: | ||
+ | |||
+ | ExpiresActive On | ||
+ | ExpiresByType image/png "now plus 1 month" | ||
+ | ExpiresByType image/gif "now plus 1 month" | ||
+ | ExpiresByType text/ | ||
+ | ExpiresByType application/ | ||
+ | ExpiresByType text/css "now plus 1 month" | ||
+ | |||
+ | .. Note:: You must compile the ``mod_expires`` extension into Apache in | ||
+ | order to use these directives. | ||
+ | |||
+ | .. Warning:: This might cause problems if you upgrade Horde and the users' | ||
+ | | ||
+ | |||
+ | * Disable DNS lookups in your Apache logging, or use a caching DNS server on | ||
+ | the web server host. | ||
+ | |||
+ | * Enable Apache keepalives. | ||
+ | |||
+ | * You can configure Horde to serve all images, style sheets and/or static | ||
+ | javascript files from a different server. This could be a very lightweight | ||
+ | server without PHP (and other CGI modules) builtin. If using SSL to serve | ||
+ | all pages, the images/js server will also have to serve SSL content or else | ||
+ | browsers will complain about non-secure content in a secure page. Since this | ||
+ | server does not need to handle dynamic content, it would be wise to use a | ||
+ | high-performance server with low memory and/or system resource requirements | ||
+ | (this `IBM Article`_ can provide further information). You need to set | ||
+ | the ``themesuri`` and/or ``jsuri`` parameters in ``config/ | ||
+ | all applications and copy all ``themes`` and/or ``js`` directories in the | ||
+ | same directory layout to the other server. | ||
+ | |||
+ | * Your webserver should use Expires headers to make sure static content can | ||
+ | be cached on the user's browser. | ||
+ | expiration date on all graphics, javascript files, and stylesheets, | ||
+ | the following to ``lighttpd.conf``:: | ||
+ | |||
+ | $HTTP[" | ||
+ | expire.url = ( "" | ||
+ | } | ||
+ | |||
+ | * Enable caching in horde. Several applications make heavy use of caching and, | ||
+ | if enabled, you will see a significant increase in performance. | ||
+ | |||
+ | * Enable caching/ | ||
+ | which concludes that " | ||
+ | impact on reducing response time". Caching via filesystem is HIGHLY | ||
+ | RECOMMENDED: | ||
+ | browsers. Caching can also be done via horde caching, but the | ||
+ | cache-busters used to generate unique URLs when the cached content changes | ||
+ | do not work 100% reliably across all browsers. | ||
+ | |||
+ | * It is highly recommended to install the horde_lz4 package to activate | ||
+ | compression for Horde data. horde_lz4 is a minimal package that does | ||
+ | real-time compression. On modern CPUs, this compression is as fast as an | ||
+ | (unoptimized) memcpy action, making the compression essentially ' | ||
+ | compared to uncompressed data. horde_lz4 can be installed via PECL (see | ||
+ | INSTALL for further details). | ||
+ | |||
+ | .. _`The Zend Performance Suite`: http:// | ||
+ | .. _`Alternative PHP Cache`: http:// | ||
+ | .. _eAccelerator: | ||
+ | .. _XCache: http:// | ||
+ | .. _`IBM Article`: http:// | ||
+ | .. _`Yahoo' | ||
+ | |||
+ | |||
+ | Sending Mail | ||
+ | ============ | ||
+ | |||
+ | * Generally using a local sendmail command to send mail will result in better | ||
+ | peformance than using a SMTP connection. | ||
+ | |||
+ | * Some MTA servers may be faster or more efficient than others. | ||
+ | switching to a faster format if needed. | ||
+ | |||
+ | |||
+ | PostgreSQL tuning | ||
+ | ================= | ||
+ | |||
+ | * Do a ``VACUUM`` command periodically to tune your database. | ||
+ | |||
+ | * Increase ``shared_buffers`` and ``sort_mem`` memory settings. | ||
+ | |||
+ | * If web server and database is on the same unix host, use unix sockets | ||
+ | instead of network connections for database access. | ||
+ | |||
+ | |||
+ | MySQL tuning | ||
+ | ============ | ||
+ | |||
+ | * If web server and database is on the same unix host, use unix sockets | ||
+ | instead of network connections for database access. | ||
+ | |||
+ | * Enable mysql query cache if you have sufficient RAM. Edit your ``my.cnf`` | ||
+ | file and add the following to the ``[mysqld]`` section (change the memory | ||
+ | size to meet your needs):: | ||
+ | |||
+ | set-variable = query_cache_size=128M | ||
+ | |||
+ | |||
+ | Horde tuning | ||
+ | ============ | ||
+ | |||
+ | Autoloading | ||
+ | ----------- | ||
+ | |||
+ | * Horde automatically loads PHP source files on demand which relies on the PHP | ||
+ | autoloading feature introduced with PHP 5 and the Horde Autoloader library. | ||
+ | Both allow to limit the set of source code files pulled into the system to | ||
+ | the minimal amount required to answer the current request. This saves memory | ||
+ | and time but at the same time the Autoloader library has to map each class | ||
+ | name to the path of the corresponding PHP file that holds the class | ||
+ | definition. This procedure is expensive and can slow the system down. | ||
+ | Fortunately the mapping is fixed unless files are added or removed which | ||
+ | usually only happens during an upgrade. | ||
+ | |||
+ | Thus Autoloading is amenable to caching and an easy way to improve the | ||
+ | performance of the Horde Autoloader library, is to install the Autoloader | ||
+ | Cache extension:: | ||
+ | |||
+ | pear install horde/ | ||
+ | |||
+ | This library is not installed by default because it will unconditionally use | ||
+ | any of the following cache backends and does not allow for any further | ||
+ | configuration: | ||
+ | temporary filesystem. | ||
+ | |||
+ | It also doesn' | ||
+ | Horde changes. In this case you either need to use the provided script to | ||
+ | empty the cache:: | ||
+ | |||
+ | | ||
+ | |||
+ | or empty the cache manually, e.g. by restarting the web server or deleting | ||
+ | the cache file from the temporary directory. | ||
+ | |||
+ | VFS | ||
+ | --- | ||
+ | |||
+ | * Try to avoid using a SQL backend for VFS. Many databases require binary data | ||
+ | to be heavily escaped, resulting in storage sizes that are many times | ||
+ | greater than the actual size of the data. File system VFS will normally | ||
+ | provide much improved performance. | ||
+ | |||
+ | |||
+ | Application tuning | ||
+ | ================== | ||
+ | |||
+ | * Some applications contain advanced features that might have a certain impact | ||
+ | on the performance. | ||
+ | application' | ||
+ | performance hit in the configuration web frontend. | ||
+ | </ | ||
+ | |||
+ | ===== Konfiguration ===== | ||
+ | ==== PHP Einstellungen ==== | ||
+ | Gemäß den Angaben in der Installationsdokumentation // | ||
+ | |||
+ | # vim / | ||
+ | <code php / | ||
+ | |||
+ | ; Django : 2010-09-15 | ||
+ | ; default: session.gc_divisor = 1000 | ||
+ | ; PHP automatically garbage collects old session information, | ||
+ | ; (and session.gc_probability) are set to non-zero. It is recommended that this value | ||
+ | ; be " | ||
+ | session.gc_divisor = 10000 | ||
+ | |||
+ | ... | ||
+ | </ | ||
+ | |||
+ | Den Hinweisen aus der Sicherheitsdokumentation // | ||
+ | # vim / | ||
+ | <code php / | ||
+ | |||
+ | ; Decides whether PHP may expose the fact that it is installed on the server | ||
+ | ; (e.g. by adding its signature to the Web server header). | ||
+ | ; threat in any way, but it makes it possible to determine whether you use PHP | ||
+ | ; on your server or not. | ||
+ | ; http:// | ||
+ | ; Django : 2014-09-19 | ||
+ | ; horde' | ||
+ | ; default: expose_php = On | ||
+ | expose_php = Off | ||
+ | |||
+ | ... | ||
+ | </ | ||
+ | |||
+ | Zur Aktivierung der Anpassungen führen wir einen Reload des Apache-Daemon durch. | ||
+ | # systemctl reload httpd.service | ||
+ | |||
+ | ===== Apache vHost ===== | ||
+ | ==== vHost Definition ==== | ||
+ | Für unsere WEB-Applikation richten wir uns nun einen geeigneten **[[centos: | ||
+ | Im Konfigurationsverzeichnis unseres [[centos: | ||
+ | # vim / | ||
+ | |||
+ | <file apache / | ||
+ | # horde.sec-mail.guru (Horde Groupware Version 5) | ||
+ | # | ||
+ | < | ||
+ | ServerAdmin webmaster@nausch.org | ||
+ | ServerName horde.sec-mail.guru | ||
+ | ServerAlias xn--bro-hoa.sec-mail.guru | ||
+ | ServerPath / | ||
+ | |||
+ | < | ||
+ | Options -Indexes +FollowSymLinks | ||
+ | Require all granted | ||
+ | </ | ||
+ | |||
+ | RewriteEngine on | ||
+ | RewriteCond %{HTTPS} off | ||
+ | RewriteRule (.*) https:// | ||
+ | |||
+ | DirectoryIndex index.php | ||
+ | |||
+ | ErrorLog logs/ | ||
+ | CustomLog logs/ | ||
+ | </ | ||
+ | < | ||
+ | ServerAdmin webmaster@nausch.org | ||
+ | ServerName horde.sec-mail.guru | ||
+ | ServerAlias xn--bro-hoa.sec-mail.guru | ||
+ | ServerPath / | ||
+ | DocumentRoot "/ | ||
+ | |||
+ | < | ||
+ | SSLEngine on | ||
+ | SSLProtocol -ALL +SSLv3 +TLSv1 | ||
+ | SSLCipherSuite EECDH+AES256: | ||
+ | SSLHonorCipherOrder on | ||
+ | SSLCertificateFile / | ||
+ | SSLCertificateKeyFile / | ||
+ | SSLCertificateChainFile / | ||
+ | |||
+ | </ | ||
+ | |||
+ | < | ||
+ | GnuTLSEnable on | ||
+ | GnuTLSPriorities SECURE:!MD5 | ||
+ | # # | ||
+ | GnuTLSCertificateFile / | ||
+ | GnuTLSKeyFile / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/ | ||
+ | AddOutputFilterByType DEFLATE application/ | ||
+ | < | ||
+ | < | ||
+ | SetOutputFilter DEFLATE | ||
+ | BrowserMatch ^Mozilla/4 gzip-only-text/ | ||
+ | BrowserMatch ^Mozilla/ | ||
+ | BrowserMatch \bMSIE !no-gzip !gzip-only-text/ | ||
+ | SetEnvIfNoCase Request_URI \.(?: | ||
+ | </ | ||
+ | < | ||
+ | Header append Vary User-Agent env=!dont-vary | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | |||
+ | AddType application/ | ||
+ | |||
+ | # Link to system Javascript Libraries | ||
+ | Alias / | ||
+ | Alias / | ||
+ | Alias / | ||
+ | |||
+ | # Link to Micro$oft stuff | ||
+ | Alias / | ||
+ | Alias / | ||
+ | |||
+ | < | ||
+ | # **IMPORTANT** By default, everyone accessing Horde is automatically logged | ||
+ | # in as ' | ||
+ | # you change the authentication backend under the ' | ||
+ | # For this reason, Horde is currently only accessible from localhost. | ||
+ | < | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | Require all granted | ||
+ | </ | ||
+ | |||
+ | # Django : 2014-09-19 | ||
+ | # aus der Konfigurationsdatei php-horde-kronolith.conf übernommen | ||
+ | < | ||
+ | RewriteEngine On | ||
+ | RewriteBase | ||
+ | RewriteCond | ||
+ | RewriteCond | ||
+ | RewriteRule ^(.*)$ rampage.php [QSA,L] | ||
+ | </ | ||
+ | |||
+ | Options +FollowSymLinks | ||
+ | #Options All | ||
+ | # | ||
+ | |||
+ | # Rewrite the requestet URI, when it is with german " | ||
+ | RewriteEngine On | ||
+ | RewriteCond %{REQUEST_URI} ^/$ | ||
+ | RewriteCond %{HTTP_HOST} ^xn--bro-hoa.sec-mail.guru$ [NC] | ||
+ | RewriteRule ^$ https:// | ||
+ | |||
+ | # Exclude file from password protection | ||
+ | SetEnvIf Request_URI " | ||
+ | SetEnvIf Request_URI " | ||
+ | SetEnvIf Request_URI " | ||
+ | SetEnvIf Request_URI " | ||
+ | SetEnvIf Request_URI " | ||
+ | SetEnvIf Request_URI " | ||
+ | |||
+ | # ActiveSync | ||
+ | RewriteEngine On | ||
+ | RewriteRule ^/ | ||
+ | RewriteRule .* - [E=HTTP_MS_ASPROTOCOLVERSION: | ||
+ | RewriteRule .* - [E=HTTP_X_MS_POLICYKEY: | ||
+ | RewriteRule .* - [E=HTTP_AUTHORIZATION: | ||
+ | </ | ||
+ | |||
+ | # Deny access to the test.php files except from localhost | ||
+ | <Files " | ||
+ | # Django : 2014-09-19 | ||
+ | # Zugriff generell verbieten | ||
+ | # Require all denied | ||
+ | # Zugriff nur vom Host vml000010.dmz.nausch.org aus erlauben | ||
+ | Require host vml000010.dmz.nausch.org | ||
+ | </ | ||
+ | |||
+ | # Those directories should not be viewed by Web clients. | ||
+ | < | ||
+ | Require all denied | ||
+ | </ | ||
+ | < | ||
+ | Require all denied | ||
+ | </ | ||
+ | |||
+ | |||
+ | < | ||
+ | < | ||
+ | RewriteEngine On | ||
+ | RewriteCond | ||
+ | RewriteCond | ||
+ | RewriteRule | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | # Django : 2014-09-19 | ||
+ | # aus der Konfigurationsdatei php-horde-content.conf übernommen | ||
+ | < | ||
+ | < | ||
+ | RewriteEngine On | ||
+ | RewriteCond | ||
+ | RewriteCond | ||
+ | RewriteRule ^(.*)$ index.php [QSA,L] | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | # Django : 2014-09-19 | ||
+ | # aus der Konfigurationsdatei php-horde-kronolith.conf übernommen | ||
+ | < | ||
+ | < | ||
+ | RewriteEngine On | ||
+ | RewriteCond | ||
+ | RewriteCond | ||
+ | RewriteRule | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | DirectoryIndex index.php | ||
+ | ErrorLog logs/ | ||
+ | CustomLog logs/ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | <WRAP round important> | ||
+ | |||
+ | Solange wir unseren vHost noch nicht in der Produktionsumgebung steht und fertig konfiguriert wurde, beschränken wir den Zugriff auf den vHost noch. Hierzu tragen wir in der **Directive // | ||
+ | <code apache> | ||
+ | < | ||
+ | # Access-stuff (Zugriff von überall erlauben.) | ||
+ | #Require all granted | ||
+ | # Access-stuff (Zugriff nur vom Admin-Netz aus!) | ||
+ | Require host nausch.org | ||
+ | </ | ||
+ | ... | ||
+ | </ | ||
+ | Nach erfolgter Konfiguration, | ||
+ | <code apache> | ||
+ | < | ||
+ | # Access-stuff (Zugriff von überall erlauben.) | ||
+ | Require all granted | ||
+ | # Access-stuff (Zugriff nur vom Admin-Netz aus!) | ||
+ | #Require host nausch.org | ||
+ | </ | ||
+ | ... | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ==== Konfiguration aktivieren ==== | ||
+ | Bevor unseren Webserver starten, damit der neue vHost auch bedient werden kann, überprüfen wir die Konfiguration noch auf syntaktische Fehler. | ||
+ | # apachectl -t | ||
+ | |||
+ | | ||
+ | |||
+ | Abschließend führen wir einen Reload sdes Daemon durch. | ||
+ | # systemctl reload httpd.service | ||
+ | |||
+ | Bei Bedarf können wir auch den Status des Apche Webservers abfragen. | ||
+ | # systemctl status httpd.service | ||
+ | |||
+ | < | ||
+ | | ||
+ | | ||
+ | Process: 20019 ExecStop=/ | ||
+ | Process: 22718 ExecReload=/ | ||
+ | Main PID: 20024 (httpd) | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | Sep 10 19:45:20 vml000097.dmz.nausch.org systemd[1]: Reloading The Apache HTTP Server. | ||
+ | Sep 10 19:45:21 vml000097.dmz.nausch.org systemd[1]: Reloaded The Apache HTTP Server. | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | ===== mySQL Datenbank ===== | ||
+ | Ein Großteil der Benutzer-Konfigurationsdaten werden in einer **[[centos: | ||
+ | |||
+ | ==== Datenbank anlegen ==== | ||
+ | Diese **[[centos: | ||
+ | |||
+ | Wir melden uns also als berechtigter Datenbankuser an der mySQL-Datenbank an. | ||
+ | # mysql -h mysql.dmz.nausch.org -u root -p | ||
+ | |||
+ | < | ||
+ | Welcome to the MySQL monitor. | ||
+ | Your MySQL connection id is 217075 | ||
+ | Server version: 5.1.73 Source distribution | ||
+ | |||
+ | Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. | ||
+ | |||
+ | Oracle is a registered trademark of Oracle Corporation and/or its | ||
+ | affiliates. Other names may be trademarks of their respective | ||
+ | owners. | ||
+ | |||
+ | Type ' | ||
+ | |||
+ | mysql> | ||
+ | </ | ||
+ | Dort legen wir als aller erst einmal eine Datenbank mit dem Namen **horde** an. | ||
+ | | ||
+ | |||
+ | Query OK, 1 row affected (0.00 sec) | ||
+ | |||
+ | ==== Datenbankuser anlegen ==== | ||
+ | Anschließend legen wir uns einen Datenbankuser an, denen wir entsprechende Rechte an der, gerade angelegten Datenbank **horde** einräumen. Als Namen nehme wir einfach **hode_admin_user**. | ||
+ | |||
+ | | ||
+ | |||
+ | Query OK, 0 rows affected (0.00 sec) | ||
+ | |||
+ | und | ||
+ | | ||
+ | |||
+ | Query OK, 0 rows affected (0.00 sec) | ||
+ | |||
+ | ==== Nutzerberechtigungen setzen ==== | ||
+ | Dem gerade angelebtem Datenbankuser für **[[http:// | ||
+ | | ||
+ | |||
+ | |||
+ | Query OK, 0 rows affected (0.00 sec) | ||
+ | |||
+ | und | ||
+ | | ||
+ | |||
+ | Query OK, 0 rows affected (0.00 sec) | ||
+ | |||
+ | ==== Nutzerberechtigungen zuweisen ==== | ||
+ | Zum Ende unserer mySQL-Userkonfiguration weisen wir unserem Nutzer die Berechtigungen zu. | ||
+ | | ||
+ | |||
+ | Query OK, 0 rows affected (0.00 sec) | ||
+ | |||
+ | Wir können uns nun vom Datenbank-Server wieder abmelden. | ||
+ | | ||
+ | |||
+ | Bye | ||
+ | |||
+ | ==== Zugriff testen ==== | ||
+ | Als nächstes überprüfen wir, ob der zuvor angelegt User/Zugang vom WEB-Server aus auch funktioniert. | ||
+ | # mysql -D horde5 -h mysql.dmz.nausch.org -u horde_admin_user -p | ||
+ | < | ||
+ | Welcome to the MariaDB monitor. | ||
+ | Your MySQL connection id is 217265 | ||
+ | Server version: 5.1.73 Source distribution | ||
+ | |||
+ | Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others. | ||
+ | |||
+ | Type ' | ||
+ | |||
+ | MySQL [horde5]> | ||
+ | </ | ||
+ | Die Verbindung klappt schon mal, daher lassen wir uns mal ansehen, welche Datenbanken der administrative Horde-User sehen kann. | ||
+ | |||
+ | |||
+ | MySQL [horde5]> | ||
+ | < | ||
+ | | Database | ||
+ | +--------------------+ | ||
+ | | information_schema | | ||
+ | | horde5 | ||
+ | +--------------------+ | ||
+ | 2 rows in set (0.01 sec) | ||
+ | |||
+ | MySQL [horde5]> | ||
+ | </ | ||
+ | Auch dieser Test fiel positiv aus, wir können uns daher die Verbindung zum Datenbank-Server beenden und uns der weiteren konfiguration widmen. | ||
+ | MySQL [horde5]> | ||
+ | |||
+ | Bye | ||
+ | |||
+ | ===== weitere Schritte zur Einrichtung ===== | ||
+ | Nach der erfolgreichen Einrichtung des [[centos: | ||
+ | |||
+ | ====== Links ====== | ||
+ | * **⇒ [[centos: | ||
+ | * **[[centos: | ||
+ | * **[[wiki: | ||
+ | * **[[http:// | ||
+ | |||
+ | ~~DISCUSSION~~ | ||