3. Configuration¶
Note
WebApp depends on php-mapi, that is part of kopano-core. Documentation can be found here.
Note
These configuration are examples. Your configuration may differ.
Note
This chapter is under construction.
3.1. Webserver¶
The files are by default installed in /usr/share/kopano-webapp/. By default the login page can be opened by browsing to the following url:
http://<ip-address server>/webapp/
If the login page is not shown, the webserver needs to be configured to let it access the correct directory. The following example shows a configuration for Apache2:
Alias /webapp /usr/share/kopano-webapp/
<Directory /usr/share/kopano-webapp/>
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Make sure the correct directory holding the PHP WebApp files is typed. The following command will tell apache2 to re-read its config file:
/etc/init.d/apache2 reload
7 When leaving the configuration at this point, Apache will request the browsers to cache all files as long as they see fit. This may mean that users are still seeing the old interface while the WebApp package on the server has been upgraded. To fix this, the package comes with an example configuration that includes instructions to the browsers on how long WebApp resources may be kept around.
Using this, we are saying that Javascript and CSS files need to be checked against the server versions very often, but Apache can serve these files very quickly from the filesystem. For images, we allow the clients to keep using them for a much longer period (2 months). For this, we use the FileETag setting of Apache to generate a unique identifier for each served static file. To use this, the Apache modules mod_expires and mod_headers need to be loaded.
The following can be included in the Apache configuration within the <Directory> directive as described above:
FileETag All
ExpiresActive On
<filesMatch "\.(jpg|gif|png)$">
ExpiresDefault "access plus 2 months"
Header append Cache-Control "public"
</filesMatch>
<FilesMatch "\.(js|css)$">
ExpiresDefault "access plus 2 weeks"
Header append Cache-Control "no-cache, must-revalidate"
</FilesMatch>
3.2. Intranet plugin configuration¶
Apache
Header set X-Frame-Options "ALLOW-FROM https:<yourserver> <https:<yourserver>"
Header edit Content-Security-Policy ^(.*)$ "$1;frame-ancestors 'self' https:<yourserver> <https:<yourserver>
Nginx
proxy_hide_header Content-Security-Policy;
add_header X-Frame-Options "ALLOW-FROM https:<yourserver> <https<yourserver>";
add_header Content-Security-Policy "frame-ancestors 'self' https:<yourserver> <https<yourserver>";