RPM/Fedora7

From Davical
< RPM
Jump to navigationJump to search

How to setup DAViCal on Fedora 7 for newbies

This document contains a brief command-by-command instructions how to setup rscds on Fedora system, including postgresql setup. I tested it on actual (September 5th, 2007) Fedora 7, maybe it will work on other versions too, only package names can be different.

Note: if not stated otherwise, be a root when running commands below.

Requirements

  1. Apache 2.0 (httpd-2.2.4-4.1.fc7)
  2. PHP5 (php-5.2.2-3)
  3. postgresql (postgresql-8.2.4-1.fc7)
  4. possibly some packages to let work these programs together

Downloading and installing DAViCal packages

Follow link below and choose version of rscds and libawl you like to install. You should probably use the most recent versions available from http://sourceforge.net/projects/rscds .

I used the awl version 0.19 from August 20, 2007 and rscds version 0.8.0 from June 1, 2007. Download rpm versions of these packages (for me it's libawl-php-0.19-2.noarch.rpm and rscds-0.8.0-2.noarch.rpm). Become root and install these packages, libawl first:

$ rpm -Uvh libawl-php-0.19-2.noarch.rpm
$ rpm -Uvh rscds-0.8.0-2.noarch.rpm 

Note: After this install there should be something in /usr/share/awl/ and in /usr/share/rscds/.

Setup PostgreSQL

Became a postgres user, for example with command (when logged as root) $ su - postgres

There should be a "general" role in posgresql, which DAViCal uses, so create one with command (not necessary from version 0.9.3 on, which will create this role when creating the database):

$ createuser --no-createdb --no-createrole general

It will ask you a question "Shall the new role be a superuser? (y/n)" and it's preferred to answer "N"o, because this is creating a role for the webserver to use to connect to the database which will be granted the minimum necessary permissions. So it will have no permission to create databases, roles, tables, etc, because the webserver should not be able to do that stuff. It's for security reasons. It should say "CREATE ROLE" when there was no such role (or it will claim that the role already exists, if you did it before).

Now go to /usr/share/rscds and run a script, which will create rscds database for us. Note: you can pass an 'admin' password to this script as the second parameter. If you don't, the script generates an admin's password for you and print it on the console. It is important to remember this password, we will need it later (see Force Admin Password if you do miss it). The first parameter is always a name of database to create, if you will omit the parameter, it will create database with name 'rscds', but if you need to change password, then the database name is required. I will suppose that we created the database with a default name 'rscds'.

$ cd /usr/share/rscds
$ dba/create-database.sh

There should be no error message in the output of the last command. If you get errors regarding the Perl YAML library not being available or that install_driver(Pg) has failed, ensure that you have the following packages installed: perl-YAML and perl-DBD-Pg.

When you try to list a known databases for postgresql, then there should be our new database.

$ psql -l 
List of databases 
  Name    |  Owner   | Encoding  
postgres  | postgres | UTF8
davical   | postgres | UTF8
template0 | postgres | UTF8
template1 | postgres | UTF8 
(4 rows) 

We should setup privileges for our general user in pgsql, which we do by editing file /var/lib/pgsql/data/pg_hba.conf and add there this line:

local   rscds       general   trust

This line should not be as a last line in a file (because the last line is usually some catchall). It's ok when you put it right under the line:

# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD

Note: This is saying that we trust any connection using unix sockets for this user. So it isn't using a CIDR (internet) address, because unix sockets can only be local. If your webserver is connecting from a different computer you will need it to be a "public" address, so change our line based on the comments in that file (/var/lib/pgsql/data/pg_hba.conf).

We should reload postgresql now, to let postgresql take our changes:

$ /etc/init.d/postgresql reload 

Configure DAViCal

There is a sample configure file for DAViCal available at this address [1]

You can download it and place to /etc/davical with a name based on the host name of your server, something like this /etc/davical/www.example.com-conf.php. The Config file is very well documented and there is usually no need to change it too much. Look at the comments there to see what you need to change. You should probably only change the admin_email variable to reflect your actual email.

Configure Apache

Note: for a simplicity, we create a rscds as a subdirectory of the existing www server at /var/www/html/, which is a default place for your www content. You can also configure Apache to provide rscds as a virtual host, but it is out of scope of this document.

Create a symlink in /var/www/html/ to /usr/share/rscds/htdocs, like this:

$ cd /var/www/html/
$ ln -s /usr/share/rscds/htdocs rscds 

now open a browser and try to go to this location, like http://www.example.com/rscds . If everything goes fine, then you will see "Log On Please" page of "DAViCal CalDAV Server" and you can skip to next chapter.

When you got an empty page, then in /var/log/httpd/error_log is written what's going wrong. I faced one problem with libawl, it wasn't in the include path for PHP. My error line starts like this:

PHP Fatal error:  require_once() [<a href='function.require'>function.require</a> Failed opening required 'AWLUtilities.php' (include_path='../inc:.:/usr/share/pear:/usr/share/php') in /usr/share/rscds/inc/always.php

Open /etc/php.ini and find line with a key "include_path" and add to the end ":/usr/share/awl/inc". (I had the line commented, so I uncommented it and copied the value from error_log with an awl include, so it became like this: include_path = "../inc:.:/usr/share/pear:/usr/share/php:/usr/share/awl/inc"). The main configuration page suggests a different way of setting the include_path if you use a virtual host setup.

We should restart Apache now, like this:

$ /sbin/service httpd restart

And try if the page will work now. Probably it will. Otherwise look at the error_log and try to solve the problem it claims about.

Configure ModSecurity

When you have installed mod_security for Apache, then it will probably claim when you will try to add an event from CalDAV capable client. There will be an error line in /var/log/httpd/error_log claiming something like this:

ModSecurity: Access denied with code 501 (phase 1)...

I believe there is some cleaner solution to go around this, but I simply commented some lines in mod_security config file in this way: Open file /etc/httpd/modsecurity.d/modsecurity_crs_30_http_policy.conf and comment these lines:

SecRule REQUEST_METHOD "!^((?:(?:POS|GE)T|OPTIONS|HEAD))$" \ 
"phase:1,log,auditlog,status:501,msg:'Method is not allowed by policy', severity:'2',id:'960032'" 
...
SecRule REQUEST_METHOD "!^(?:get|head|propfind|options)$" \ 
"chain, t:lowercase, deny,log,auditlog,status:501,msg:'Request content encoding is not allowed by policy',id:'960010',severity:'4'" 
...
SecRule REQUEST_HEADERS:Content-Type "!(?:^(?:application/x-www-form-urlencoded$|multipart/form-data;)|text/xml)" 

You can logout root from the console.

Administrating DAViCal in a browser

Hopefully we have everything running, we see page "Log On Please" when we access " http://www.example.com/rscds". We are almost at the end. You only have to create a user, and then connect to it via CalDAV. Login as an 'admin' with a password you did setup above (or you saw above, if you kept it from the script that generated one for you). Go to the tab "Users" and choose sub tab "New user". Fill everything that is supposed to be filled (user name, password, full name, email and that the user is active), and click "Create" at the bottom of the page. You can see after the creation that the user has been added and at the bottom of the page you can see his/her collections, which is used to access users calendar from the CalDAV capable software with a URL "http://www.example.com/rscds/caldav.php/<username>/home/".

And that's all

If everything goes fine, then you can now open your CalDAV capable software, fill there your user name and password to access the CalDAV store and use URL like this http://www.example.com/rscds/caldav.php/<username>/home/ and you are probably able to manage your calendar. If something goes wrong, then look at apache error_log to see, if it's there.

Some Other Stuff

Sometimes you may need to drop the rscds database for any reason (usually to clear after uninstall or something), then here is how to do that:

Dropping DAViCal database

Became root and 'su' as postgres user, like this command:

$ su - postgres

With command psql -l you should see a list of known databases in postgresql, where one line should look like the list given above.

Run PostgreSQL interactive terminal with command

$ psql

and drop the rscds database by command

postgres=# drop database davical;

it should return something like "DROP DATABASE" and the database is gone. Now you can quit psql by postgres=# \q

The command psql -l should list databases without our 'davical' database. Logout postgres and root user.

Note: To make it uninstall completely (get a state like before the first step in this manual), one should go through this document in reverse order and try to revert all changes we did to let it work, but it's a bit out of scope of this document.