I decided to switch to nginx instead of apache2 because of a bit more performance.
Following the instructions on http://kolab.org/blog/grote/2013/07/08/using-kolab-3-nginx and https://docs.kolab.org/howtos/nginx-webserver.html I have a working setup on my Raspberry Pi.
The main purpose of this config is, that all services are redirected to SSL (port 443) and roundcubemail is bound to the domain itself (https://example.org)
Also the BOSH http-bind is proxied with nginx to eJabberd.
Of course you need nginx :-) and for PHP you need php-fpm and php-apc.
apt-get install nginx php5-fpm php-apcActivate APC in /etc/php5/mods-available/apcu.ini
extension=apc.soNow delete the default WWW pool
; enable APC
apc.enabled=1
; The number of shared memory segments
apc.shm_segments=1
; The size of each shared memory segment
apc.shm_size=64
; The number of seconds a cache entry is allowed to idle in a slot in case this
; cache entry slot is needed by another entry.
apc.ttl=7200
rm -f /etc/php5/fpm/pool.d/www.confCreate the directories for the sockets:
mkdir -p /var/lib/nginx/fastcgi/tmp/
chmod 700 /var/lib/nginx/fastcgi/tmp/
mkdir /var/run/php-fpm
chown -R www-data:www-data /var/lib/nginx/fastcgi/
chmod 700 /var/lib/nginx/fastcgi/
chown -R www-data:www-data /var/run/php-fpm
chmod +s /var/run/php-fpm
Now create the following files in /etc/php5/fpm/pool.d
chwala.confchwala.conf
iRony.con
kolab-freebusy.conf
kolab-syncroton.conf
kolab-webadmin.conf
roundcubemail.conf
[example.org_chwala]
user = www-data
group = www-data
listen = /var/run/php-fpm/example.org_chwala.sock
pm = dynamic
pm.max_children = 20
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
chdir = /
iRony.conf
[example.org_iRony]
user = www-data
group = www-data
listen = /var/run/php-fpm/example.org_iRony.sock
pm = dynamic
pm.max_children = 20
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
chdir = /
kolab-freebusy.conf
[example.org_kolab-freebusy]kolab-syncroton.conf
user = www-data
group = www-data
listen = /var/run/php-fpm/example.org_kolab-freebusy.sock
pm = dynamic
pm.max_children = 20
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
chdir = /
[example.org_kolab-syncroton]kolab-webadmin.conf
user = www-data
group = www-data
listen = /var/run/php-fpm/example.org_kolab-syncroton.sock
pm = dynamic
pm.max_children = 20
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
chdir = /
php_flag[suhosin.session.encrypt] = Off
[example.org_kolab-webadmin]
user = www-data
group = www-data
listen = /var/run/php-fpm/example.org_kolab-webadmin.sock
pm = dynamic
pm.max_children = 20
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
chdir = /
roundcubemail.conf
[example.org_roundcubemail]
user = www-data
group = www-data
listen = /var/run/php-fpm/example.org_roundcubemail.sock
pm = dynamic
pm.max_children = 20
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2
chdir = /
# Derived from .htaccess of roundcube
php_flag[display_errors] = Off
php_flag[log_errors] = On
php_value[upload_max_filesize] = 30M
php_value[post_max_size] = 30M
php_flag[zlib.output_compression] = Off
php_flag[magic_quotes_gpc] = Off
php_flag[magic_quotes_runtime] = Off
php_flag[zend.ze1_compatibility_mode] = Off
php_flag[suhosin.session.encrypt] = Off
php_flag[session.auto_start] = Off
php_value[session.gc_maxlifetime] = 21600
php_value[session.gc_divisor] = 500
php_value[session.gc_probability] = 1
# http://bugs.php.net/bug.php?id=30766
php_value[mbstring.func_overload] = 0
And now the nginx config:
fastcgi_cache_path /var/lib/nginx/fastcgi/ levels=1:2 keys_zone=example.org:16m max_size=256m inactive=1d;
fastcgi_temp_path /var/lib/nginx/fastcgi/tmp 1 2;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;
server {
listen 80 default_server;
server_name example.org;
rewrite ^ https://$server_name$request_uri permanent; # enforce https
}
server {
listen 443 ssl;
server_name .example.org;
access_log /var/log/nginx/example.org-access_log;
error_log /var/log/nginx/example.org-error_log;
ssl on;
ssl_certificate /etc/nginx/ssl/ssl-unified.crt;
ssl_certificate_key /etc/nginx/ssl/ssl.key;
open_file_cache max=1024 inactive=1m;
open_file_cache_valid 90s;
open_file_cache_min_uses 2;
fastcgi_param HTTPS on;
fastcgi_keep_conn on;
fastcgi_cache example.org;
fastcgi_cache_valid 200 302 304 10m;
fastcgi_cache_valid 301 1h;
fastcgi_cache_min_uses 2;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 8k;
fastcgi_temp_file_write_size 8k;
location /http-bind {
proxy_pass http://localhost:5280/http-bind;
proxy_set_header Host $host;
proxy_buffering off;
tcp_nodelay on;
}
##
## Chwala
##
location /chwala {
index index.php;
alias /usr/share/chwala/public_html;
client_max_body_size 30M; # set maximum upload size
# enable php
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm/example.org_chwala.sock;
fastcgi_param SCRIPT_FILENAME $request_filename;
# Without this, PHPSESSION is replaced by webadmin-api X-Session-Token
fastcgi_param PHP_VALUE "session.auto_start=0
session.use_cookies=0";
fastcgi_pass_header X-Session-Token;
}
}
##
## iRony
##
location /iRony {
alias /usr/share/iRony/public_html/index.php;
client_max_body_size 30M; # set maximum upload size
# Make Apple Calendar.app and Contacts.app happy:
rewrite ^/.well-known/caldav / last;
rewrite ^/.well-known/carddav / last;
# If Nginx was built with http_dav_module:
dav_methods PUT DELETE MKCOL COPY MOVE; # PROPFIND;
# Required Nginx to be built with nginx-dav-ext-module:
dav_ext_methods PROPFIND OPTIONS;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm/example.org_iRony.sock;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
#-------------------------------------------------
# roundcube mail
#-------------------------------------------------
location / {
index index.php;
root /usr/share/roundcubemail;
client_max_body_size 30M; # set maximum upload size for mail attachments
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Host $host;
proxy_read_timeout 120;
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ ^/(README(.md)?|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/(bin|SQL|config|logs)/ {
deny all;
}
location ~^/program/(include|lib|localization|steps)/ {
deny all;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# enable php
location ~ \.php$ {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_pass unix:/var/run/php-fpm/example.org_roundcubemail.sock;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
}
##
## Kolab Web Administration Panel (WAP) and API
##
location /kolab-webadmin {
index index.php;
alias /usr/share/kolab-webadmin/public_html;
rewrite ^/kolab-webadmin/api/(.*)\.(.*)$ /kolab-webadmin/api/index.php?service=$1&method=$2 last;
# enable php
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/var/run/php-fpm/example.org_kolab-webadmin.sock;
fastcgi_param SCRIPT_FILENAME $request_filename;
# Without this, PHPSESSION is replaced by webadmin-api X-Session-Token
fastcgi_param PHP_VALUE "session.auto_start=0
session.use_cookies=0";
fastcgi_pass_header X-Session-Token;
}
}
##
## Kolab syncroton ActiveSync
##
location /Microsoft-Server-ActiveSync {
alias /usr/share/kolab-syncroton/index.php;
client_max_body_size 30M; # set maximum upload size for mail attachments
include fastcgi_params;
fastcgi_index index.php;
fastcgi_read_timeout 150;
fastcgi_pass unix:/var/run/php-fpm/example.org_kolab-syncroton.sock;
fastcgi_param SCRIPT_FILENAME /usr/share/kolab-syncroton/index.php;
}
##
## Kolab Free/Busy
##
location /freebusy {
alias /usr/share/kolab-freebusy/public_html/index.php;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php-fpm/example.org_kolab-freebusy.sock;
fastcgi_param SCRIPT_FILENAME /usr/share/kolab-freebusy/public_html/index.php;
}
}
Keine Kommentare:
Kommentar veröffentlichen