Difference between revisions of "Debian shared"

From Davical
Jump to navigationJump to search
(Install guide)
(Updated for Debian 10)
Line 1: Line 1:
This guide is intended to systems where can be more than one DAViCal installation, and permissions are not open to other users in the system or in Apache websites.
+
References:
 +
* [https://en.wikipedia.org/wiki/DAViCal Encyclopedia article]
 +
* [https://www.davical.org/ Official website]
  
'''Systems tested:'''
+
== Base to proceed ==
* Debian 9
+
* Web server. This guide is intended to environments where there can be more than one DAViCal instance, and permissions are not open to other users in the system or in Apache websites.
* See for other [[Debian]] versions
+
* Disk requirements (OS+software+data): Minimum?, Recommended?
 +
* Memory requirements: Minimum?, Recommended?
 +
* Example public URL is https://calendar.example.net/
 +
* Basic steps taken from https://www.davical.org/installation.php
  
'''Software versions tested:'''
+
* Tested in Debian 10, with repositories DAViCal 1.1.8
* DAViCal 1.1.7
 
* PostgreSql 9.6
 
  
== Install guide ==
+
==== If server lacks of web service ====
Install HTTP service:
 
 
  sudo apt update
 
  sudo apt update
 
  sudo apt install task-web-server
 
  sudo apt install task-web-server
  
Install DAViCal (includes postgresql and php by dependencies):
+
== Procedure ==
sudo apt --install-recommends install davical davical-doc
 
# You can need to specify version if you want latest DAViCal:
 
sudo apt --install-recommends install davical=1.1.7-1~bpo9+1 libawl-php=0.59-1~bpo9+1 davical-doc
 
  
Prepare the DAViCal database values
+
* Install packages:
 +
apt update
 +
apt install davical
 +
 
 +
* Prepare the DAViCal database values
 
  DatabaseName=mycaldb
 
  DatabaseName=mycaldb
 
  DBUsername_dba=mycaluser_dba
 
  DBUsername_dba=mycaluser_dba
Line 26: Line 29:
 
  AdminPassword=1234
 
  AdminPassword=1234
  
Add open permissions temporarily for the installation scripts:
+
* Add open permissions temporarily for the installation scripts:
  MediumPgVersion="$(psql --version | grep -ie "sql" | tr -s " " "\n" | tail --lines=1 | cut -f 1,2 -d ".")"
+
  PgMainVersion="$(psql --version | grep -ie "sql" | tr -s " " "\n" | tail --lines=1 | cut -f 1 -d ".")"
  PgConfig="/etc/postgresql/${MediumPgVersion}/main/pg_hba.conf"
+
  PgConfig="$(ls /etc/postgresql/${PgMainVersion}*/main/pg_hba.conf)"
  sudo mv "$PgConfig" "${PgConfig}.davical-bak"
+
  sudo cp -a "$PgConfig" "${PgConfig}.davical-bak"
sudo cp -a "${PgConfig}.davical-bak" "$PgConfig"
 
 
  echo "# Permissions for the DAViCal CMS" | sudo tee "$PgConfig"
 
  echo "# Permissions for the DAViCal CMS" | sudo tee "$PgConfig"
 
  echo "local $DatabaseName $DBUsername_dba trust" | sudo tee -a "$PgConfig"
 
  echo "local $DatabaseName $DBUsername_dba trust" | sudo tee -a "$PgConfig"
Line 36: Line 38:
 
  echo "" | sudo tee -a "$PgConfig"
 
  echo "" | sudo tee -a "$PgConfig"
 
  sudo cat "${PgConfig}.davical-bak" | sudo tee -a "$PgConfig"
 
  sudo cat "${PgConfig}.davical-bak" | sudo tee -a "$PgConfig"
# Service name can be only "postgresql" or more:
 
 
  sudo systemctl reload postgresql
 
  sudo systemctl reload postgresql
  
Apply a temporary patch to creation script:
+
* Apply a temporary patch to creation script:
  CScript="/usr/share/davical/dba/create-database.sh"
+
  CScript="$(ls /usr/share/davical/dba/create-database.sh)"
  sudo mv "$CScript" "${CScript}.davical-bak"
+
  sudo dpkg-divert --local --rename --add "$CScript"
  sudo cp -a "${CScript}.davical-bak" "$CScript"
+
  sudo cp -a "${CScript}.distrib" "$CScript"
  cat "${CScript}.davical-bak" | sed -e "s/DBNAME=.*/DBNAME=${DatabaseName}/g" | sed -e "s/AWL_DBAUSER=.*/AWL_DBAUSER=${DBUsername_dba}/g" | sed -e "s/AWL_APPUSER=.*/AWL_APPUSER=${DBUsername_app}/g" | sudo tee "$CScript"
+
  sudo sed -i "s/DBNAME=.*/DBNAME=${DatabaseName}/g" "$CScript"
 +
sudo sed -i "s/AWL_DBAUSER=.*/AWL_DBAUSER=${DBUsername_dba}/g" "$CScript"
 +
sudo sed -i "s/AWL_APPUSER=.*/AWL_APPUSER=${DBUsername_app}/g" "$CScript"
  
Apply a temporary patch to update script:
+
* Apply a temporary patch to update script:
  UScript="/usr/share/davical/dba/update-davical-database"
+
  UScript="$(ls /usr/share/davical/dba/update-davical-database)"
  sudo mv "$UScript" "${UScript}.davical-bak"
+
  sudo dpkg-divert --local --rename --add "$UScript"
  sudo cp -a "${UScript}.davical-bak" "$UScript"
+
  sudo cp -a "${UScript}.distrib" "$UScript"
  cat "${UScript}.davical-bak" | sed -e "s/\$dbname = .*/\$dbname = \"${DatabaseName}\";/g" | sed -e "s/\$dbuser = .*/\$dbuser = \"${DBUsername_dba}\";/g" | sed -e "s/\$appuser = .*/\$appuser = \"${DBUsername_app}\";/g" | sed -e "s/\$dbpass = .*/\$dbpass = \"${DBPassword}\";/g" | sudo tee "$UScript"
+
  sudo sed -i "s/\$dbname = .*/\$dbname = \"${DatabaseName}\";/g" "$UScript"
 +
sudo sed -i "s/\$dbuser = .*/\$dbuser = \"${DBUsername_dba}\";/g" "$UScript"
 +
sudo sed -i "s/\$appuser = .*/\$appuser = \"${DBUsername_app}\";/g" "$UScript"
 +
sudo sed -i "s/\$dbpass = .*/\$dbpass = \"${DBPassword}\";/g" "$UScript"
  
'''(only fresh install)''' Run main installation script and take note of the shown password for the 'admin' user:
+
* '''(only fresh install)''' Run main installation script and take note of the shown password for the 'admin' user:
 
  sudo su -l postgres -c "$CScript" "$DatabaseName" "$AdminPassword"
 
  sudo su -l postgres -c "$CScript" "$DatabaseName" "$AdminPassword"
  
'''(only restoration of a backup)''' Restore data and run update script:
+
* '''(only restoration of a backup)''' Restore data and run update script:
 
  echo "DROP DATABASE IF EXISTS mycaldb;" | sudo su -l postgres -c psql
 
  echo "DROP DATABASE IF EXISTS mycaldb;" | sudo su -l postgres -c psql
 
  echo "DROP USER IF EXISTS mycaluser_dba;" | sudo su -l postgres -c psql
 
  echo "DROP USER IF EXISTS mycaluser_dba;" | sudo su -l postgres -c psql
Line 63: Line 69:
 
  sudo su -l postgres -c "$UScript"
 
  sudo su -l postgres -c "$UScript"
  
Restore installation scripts to original:
+
* Restore installation scripts to original paths:
  sudo mv "${UScript}.davical-bak" "$UScript"
+
  sudo rm "$UScript"
  sudo mv "${CScript}.davical-bak" "$CScript"
+
sudo dpkg-divert --local --rename --remove "$UScript"
 +
  sudo rm "$CScript"
 +
sudo dpkg-divert --local --rename --remove "$CScript"
  
 
'''(only fresh install)''' Set password authentication for the database:
 
'''(only fresh install)''' Set password authentication for the database:
Line 71: Line 79:
 
  echo "ALTER USER $DBUsername_app WITH PASSWORD '${DBPassword}';" | sudo su -l postgres -c psql
 
  echo "ALTER USER $DBUsername_app WITH PASSWORD '${DBPassword}';" | sudo su -l postgres -c psql
  
Allow these authenticated access to PostgreSql:
+
* Move configuration file to not be overwritten on package updates:
  echo "# Permissions for the DAViCal CMS" | sudo tee "$PgConfig"
+
  sudo dpkg-divert --local --rename --add /etc/davical/config.php
echo "local $DatabaseName $DBUsername_dba password" | sudo tee -a "$PgConfig"
+
  sudo cp -a /etc/davical/config.php.distrib /etc/davical/config.php
echo "local $DatabaseName $DBUsername_app password" | sudo tee -a "$PgConfig"
 
  echo "" | sudo tee -a "$PgConfig"
 
sudo cat "${PgConfig}.davical-bak" | sudo tee -a "$PgConfig"
 
# Service name can be only "postgresql" or more:
 
sudo systemctl reload postgresql
 
  
Setup CMS parameters at /etc/davical/config.php
+
* Reconfigure local CMS parameters at /etc/davical/config.php
* Pending to check if package updates overwrite config.php
+
$c->pg_connect[] = "dbname='''DatabaseName''' user='''DBUsername_app''' password='''DBPassword'''";
 +
And at least:
 +
system_name
 +
admin_email
 +
restrict_setup_to_admin
 +
default_privileges
 +
template_usr
 +
http_auth_mode
 +
default_locale
 +
enable_scheduling
 +
trust_x_forwarded
  
Create or restore Apache virtualhost with its profile content as in this example:
+
* Following are value examples for Apache virtualhost:
 
  <VirtualHost *:80 *:8008 *:8800>
 
  <VirtualHost *:80 *:8008 *:8800>
 
  ServerName caldav.example.net
 
  ServerName caldav.example.net
Line 104: Line 117:
 
(Apache may need to be configured in ports.conf to listen also ports 8008 and 8800)
 
(Apache may need to be configured in ports.conf to listen also ports 8008 and 8800)
  
Enable Apache website:
+
* Enable Apache website if it wasn't:
  sudo a2ensite caldav.example.net
+
  sudo a2ensite calendar.example.net
 +
sudo apachectl graceful
 +
 
 +
* Admin email address will be shown in clear on some public pages. If you waht to filter this, you can enable "substitute" module on apache:
 +
sudo a2enmod substitute
 +
systemctl restart apache2
 +
And add a directive like this to Apache's virtualhost:
 +
<Location "/">
 +
AddOutputFilterByType SUBSTITUTE text/html
 +
Substitute "s/admin@example.net/admin AT example.net/ni"
 +
</Location>
  
 
==== Login to DAViCAL Admin ====
 
==== Login to DAViCAL Admin ====
Line 111: Line 134:
 
If all is going well you should now be able to browse to the site pages and log in as 'admin' with the password set during installation.
 
If all is going well you should now be able to browse to the site pages and log in as 'admin' with the password set during installation.
  
== Backup all data ==
+
== Usual administration tasks ==
 +
==== Reset the admin password ====
 +
Useful after an installation, when we want to be sure of our wanted password (example for database name "MyCalendars" and password "1234")
 +
echo "UPDATE usr SET password = '**1234' WHERE user_no=1;" | sudo su -l postgres -c "psql --dbname MyCalendars"
 +
 
 +
==== Backup all data ====
 
* Database (example for accessing mycaldb with user "mycaluser" and password "12345")
 
* Database (example for accessing mycaldb with user "mycaluser" and password "12345")
 
  env PGPASSWORD=12345 pg_dump --create --inserts --attribute-inserts --disable-dollar-quoting --username=mycaluser -f "mycaldb.pgdump" mycaldb
 
  env PGPASSWORD=12345 pg_dump --create --inserts --attribute-inserts --disable-dollar-quoting --username=mycaluser -f "mycaldb.pgdump" mycaldb
Line 129: Line 157:
 
  /etc/apache2/sites-available/caldav.example.net
 
  /etc/apache2/sites-available/caldav.example.net
  
== Additional tips ==
+
== Pending to implement or fix = to do ==
 
+
*  
==== Reset the admin password ====
 
Useful after an installation, when we want to be sure of our wanted password (example for database name "mycaldb" and password "1234")
 
echo "UPDATE usr SET password = '**1234' WHERE user_no=1;" | sudo su -l postgres -c "psql --dbname mycaldb"
 
  
==== TroubleShooting ====
+
== TroubleShooting ==
  
 
See [[Problems and Solutions]] and [[Frequently Asked Questions]]
 
See [[Problems and Solutions]] and [[Frequently Asked Questions]]
  
 
[[Category:Debian]]
 
[[Category:Debian]]

Revision as of 15:39, 2 June 2021

References:

Base to proceed

  • Web server. This guide is intended to environments where there can be more than one DAViCal instance, and permissions are not open to other users in the system or in Apache websites.
  • Disk requirements (OS+software+data): Minimum?, Recommended?
  • Memory requirements: Minimum?, Recommended?
  • Example public URL is https://calendar.example.net/
  • Basic steps taken from https://www.davical.org/installation.php
  • Tested in Debian 10, with repositories DAViCal 1.1.8

If server lacks of web service

sudo apt update
sudo apt install task-web-server

Procedure

  • Install packages:
apt update
apt install davical
  • Prepare the DAViCal database values
DatabaseName=mycaldb
DBUsername_dba=mycaluser_dba
DBUsername_app=mycaluser_app
DBPassword=12345
AdminPassword=1234
  • Add open permissions temporarily for the installation scripts:
PgMainVersion="$(psql --version | grep -ie "sql" | tr -s " " "\n" | tail --lines=1 | cut -f 1 -d ".")"
PgConfig="$(ls /etc/postgresql/${PgMainVersion}*/main/pg_hba.conf)"
sudo cp -a "$PgConfig" "${PgConfig}.davical-bak"
echo "# Permissions for the DAViCal CMS" | sudo tee "$PgConfig"
echo "local $DatabaseName $DBUsername_dba trust" | sudo tee -a "$PgConfig"
echo "local $DatabaseName $DBUsername_app trust" | sudo tee -a "$PgConfig"
echo "" | sudo tee -a "$PgConfig"
sudo cat "${PgConfig}.davical-bak" | sudo tee -a "$PgConfig"
sudo systemctl reload postgresql
  • Apply a temporary patch to creation script:
CScript="$(ls /usr/share/davical/dba/create-database.sh)"
sudo dpkg-divert --local --rename --add "$CScript"
sudo cp -a "${CScript}.distrib" "$CScript"
sudo sed -i "s/DBNAME=.*/DBNAME=${DatabaseName}/g" "$CScript"
sudo sed -i "s/AWL_DBAUSER=.*/AWL_DBAUSER=${DBUsername_dba}/g" "$CScript"
sudo sed -i "s/AWL_APPUSER=.*/AWL_APPUSER=${DBUsername_app}/g" "$CScript"
  • Apply a temporary patch to update script:
UScript="$(ls /usr/share/davical/dba/update-davical-database)"
sudo dpkg-divert --local --rename --add "$UScript"
sudo cp -a "${UScript}.distrib" "$UScript"
sudo sed -i "s/\$dbname = .*/\$dbname = \"${DatabaseName}\";/g" "$UScript"
sudo sed -i "s/\$dbuser = .*/\$dbuser = \"${DBUsername_dba}\";/g" "$UScript"
sudo sed -i "s/\$appuser = .*/\$appuser = \"${DBUsername_app}\";/g" "$UScript"
sudo sed -i "s/\$dbpass = .*/\$dbpass = \"${DBPassword}\";/g" "$UScript"
  • (only fresh install) Run main installation script and take note of the shown password for the 'admin' user:
sudo su -l postgres -c "$CScript" "$DatabaseName" "$AdminPassword"
  • (only restoration of a backup) Restore data and run update script:
echo "DROP DATABASE IF EXISTS mycaldb;" | sudo su -l postgres -c psql
echo "DROP USER IF EXISTS mycaluser_dba;" | sudo su -l postgres -c psql
sudo su -l postgres -c "psql --quiet --file mycaluser_dba.pgdump"
echo "DROP USER IF EXISTS mycaluser_app;" | sudo su -l postgres -c psql
sudo su -l postgres -c "psql --quiet --file mycaluser_app.pgdump"
sudo su -l postgres -c "psql --quiet --file mycaldb.pgdump"
sudo su -l postgres -c "$UScript"
  • Restore installation scripts to original paths:
sudo rm "$UScript"
sudo dpkg-divert --local --rename --remove "$UScript"
sudo rm "$CScript"
sudo dpkg-divert --local --rename --remove "$CScript"

(only fresh install) Set password authentication for the database:

echo "ALTER USER $DBUsername_dba WITH PASSWORD '${DBPassword}';" | sudo su -l postgres -c psql
echo "ALTER USER $DBUsername_app WITH PASSWORD '${DBPassword}';" | sudo su -l postgres -c psql
  • Move configuration file to not be overwritten on package updates:
sudo dpkg-divert --local --rename --add /etc/davical/config.php
sudo cp -a /etc/davical/config.php.distrib /etc/davical/config.php
  • Reconfigure local CMS parameters at /etc/davical/config.php
$c->pg_connect[] = "dbname=DatabaseName user=DBUsername_app password=DBPassword";

And at least:

system_name
admin_email
restrict_setup_to_admin
default_privileges
template_usr
http_auth_mode
default_locale
enable_scheduling
trust_x_forwarded
  • Following are value examples for Apache virtualhost:
<VirtualHost *:80 *:8008 *:8800>
	ServerName	caldav.example.net
	DocumentRoot	/usr/share/davical/htdocs
	DirectoryIndex	index.php index.html
	Alias	/images/ /usr/share/davical/htdocs/images/
	<Directory /usr/share/davical/htdocs/>
		AllowOverride None
		Order allow,deny
		Allow from all
	</Directory>
	php_value include_path	/usr/share/awl/inc
	php_value magic_quotes_gpc	0
	php_value magic_quotes_runtime	0
	php_value register_globals	0
	php_value error_reporting	"E_ALL & ~E_NOTICE"
	php_value default_charset	"utf-8"
	php_admin_value open_basedir    /usr/share/davical/:/usr/share/awl/inc/:/etc/davical/
</VirtualHost>

(Apache may need to be configured in ports.conf to listen also ports 8008 and 8800)

  • Enable Apache website if it wasn't:
sudo a2ensite calendar.example.net
sudo apachectl graceful
  • Admin email address will be shown in clear on some public pages. If you waht to filter this, you can enable "substitute" module on apache:
sudo a2enmod substitute
systemctl restart apache2

And add a directive like this to Apache's virtualhost:

<Location "/">
	AddOutputFilterByType SUBSTITUTE text/html
	Substitute "s/admin@example.net/admin AT example.net/ni"
</Location>

Login to DAViCAL Admin

If all is going well you should now be able to browse to the site pages and log in as 'admin' with the password set during installation.

Usual administration tasks

Reset the admin password

Useful after an installation, when we want to be sure of our wanted password (example for database name "MyCalendars" and password "1234")

echo "UPDATE usr SET password = '**1234' WHERE user_no=1;" | sudo su -l postgres -c "psql --dbname MyCalendars"

Backup all data

  • Database (example for accessing mycaldb with user "mycaluser" and password "12345")
env PGPASSWORD=12345 pg_dump --create --inserts --attribute-inserts --disable-dollar-quoting --username=mycaluser -f "mycaldb.pgdump" mycaldb
  • PostgreSql users/roles (example for mycaluser_dba + mycaluser_app)
cat /dev/null > mycaluser_dba.pgdump
sudo su -l postgres -c "pg_dumpall --roles-only" | grep -e " ROLE mycaluser_dba;" >> mycaluser_dba.pgdump
sudo su -l postgres -c "pg_dumpall --roles-only" | grep -e " ROLE mycaluser_dba " >> mycaluser_dba.pgdump
cat /dev/null > mycaluser_app.pgdump
sudo su -l postgres -c "pg_dumpall --roles-only" | grep -e " ROLE mycaluser_app;" >> mycaluser_app.pgdump
sudo su -l postgres -c "pg_dumpall --roles-only" | grep -e " ROLE mycaluser_app " >> mycaluser_app.pgdump
  • CMS configuration:
/etc/davical/caldav.example.net-conf.php
  • Apache site profile:
/etc/apache2/sites-available/caldav.example.net

Pending to implement or fix = to do

TroubleShooting

See Problems and Solutions and Frequently Asked Questions