Debian shared

From Davical
Jump to navigationJump to search

References:

Base to proceed

  • Web server. This guide is intended to environments where there can be more than one DAViCal instance, and permissions are not open to other users in the system or in Apache websites.
  • Disk requirements (OS+software+data): Minimum?, Recommended?
  • Memory requirements: Minimum?, Recommended?
  • Example public URL is https://calendar.example.net/
  • Basic steps taken from https://www.davical.org/installation.php
  • Tested in Debian 10, with repositories DAViCal 1.1.8

If server lacks of web service

sudo apt update
sudo apt install task-web-server

Procedure

Installation

  • Install packages:
apt update
apt install davical
  • Prepare the DAViCal database values
DatabaseName=mycaldb
DBUsername_dba=mycaluser_dba
DBUsername_app=mycaluser_app
DBPassword=12345
AdminPassword=1234
  • Add open permissions temporarily for the installation scripts:
PgMainVersion="$(psql --version | grep -ie "sql" | tr -s " " "\n" | tail --lines=1 | cut -f 1 -d ".")"
PgConfig="$(ls /etc/postgresql/${PgMainVersion}*/main/pg_hba.conf)"
sudo cp -a "$PgConfig" "${PgConfig}.davical-bak"
echo "# Permissions for the DAViCal CMS" | sudo tee "$PgConfig"
echo "local $DatabaseName $DBUsername_dba trust" | sudo tee -a "$PgConfig"
echo "local $DatabaseName $DBUsername_app trust" | sudo tee -a "$PgConfig"
echo "" | sudo tee -a "$PgConfig"
sudo cat "${PgConfig}.davical-bak" | sudo tee -a "$PgConfig"
sudo systemctl reload postgresql
  • Apply a temporary patch to creation script:
CScript="$(ls /usr/share/davical/dba/create-database.sh)"
sudo dpkg-divert --local --rename --add "$CScript"
sudo cp -a "${CScript}.distrib" "$CScript"
sudo sed -i "s/DBNAME=.*/DBNAME=${DatabaseName}/g" "$CScript"
sudo sed -i "s/AWL_DBAUSER=.*/AWL_DBAUSER=${DBUsername_dba}/g" "$CScript"
sudo sed -i "s/AWL_APPUSER=.*/AWL_APPUSER=${DBUsername_app}/g" "$CScript"
  • Apply a temporary patch to update script:
UScript="$(ls /usr/share/davical/dba/update-davical-database)"
sudo dpkg-divert --local --rename --add "$UScript"
sudo cp -a "${UScript}.distrib" "$UScript"
sudo sed -i "s/\$dbname = .*/\$dbname = \"${DatabaseName}\";/g" "$UScript"
sudo sed -i "s/\$dbuser = .*/\$dbuser = \"${DBUsername_dba}\";/g" "$UScript"
sudo sed -i "s/\$appuser = .*/\$appuser = \"${DBUsername_app}\";/g" "$UScript"
sudo sed -i "s/\$dbpass = .*/\$dbpass = \"${DBPassword}\";/g" "$UScript"
  • (only fresh install) Run main installation script and take note of the shown password for the 'admin' user:
sudo su -l postgres -c "$CScript" "$DatabaseName" "$AdminPassword"
  • (only restoration of a backup) Restore data and run update script:
echo "DROP DATABASE IF EXISTS mycaldb;" | sudo su -l postgres -c psql
echo "DROP USER IF EXISTS mycaluser_dba;" | sudo su -l postgres -c psql
sudo su -l postgres -c "psql --quiet --file mycaluser_dba.pgdump"
echo "DROP USER IF EXISTS mycaluser_app;" | sudo su -l postgres -c psql
sudo su -l postgres -c "psql --quiet --file mycaluser_app.pgdump"
sudo su -l postgres -c "psql --quiet --file mycaldb.pgdump"
sudo su -l postgres -c "$UScript"
  • Restore installation scripts to original paths:
sudo rm "$UScript"
sudo dpkg-divert --local --rename --remove "$UScript"
sudo rm "$CScript"
sudo dpkg-divert --local --rename --remove "$CScript"

(only fresh install) Set password authentication for the database:

echo "ALTER USER $DBUsername_dba WITH PASSWORD '${DBPassword}';" | sudo su -l postgres -c psql
echo "ALTER USER $DBUsername_app WITH PASSWORD '${DBPassword}';" | sudo su -l postgres -c psql
  • Create local configuration file to not be overwritten on package updates (FQDN calendar.example.net assumed here):
sudo cp -a /etc/davical/config.php /etc/davical/calendar.example.net.org-conf.php

Site configuration

  • Reconfigure local CMS parameters at /etc/davical/config.php
$c->pg_connect[] = "dbname=DatabaseName user=DBUsername_app password=DBPassword";

And at least:

system_name
admin_email
restrict_setup_to_admin
default_privileges
template_usr
http_auth_mode
default_locale
enable_scheduling
trust_x_forwarded
  • Following are value examples for Apache virtualhost:
<VirtualHost ...>
	DocumentRoot	/usr/share/davical/htdocs
	
	RewriteEngine On
	# Filter paths with no known file extension
	RewriteCond %{REQUEST_URI} !\.css
	RewriteCond %{REQUEST_URI} !\.gif
	RewriteCond %{REQUEST_URI} !\.jpg
	RewriteCond %{REQUEST_URI} !\.png
	RewriteCond %{REQUEST_URI} !\.js
	RewriteCond %{REQUEST_URI} !\.php
	RewriteCond %{REQUEST_URI} !\.html
	RewriteCond %{REQUEST_URI} !\.txt
	RewriteCond %{REQUEST_URI} ^/..*/
	# and redirect them to our caldav.php
	RewriteRule ^(.*)$ /caldav.php/$1 [NC,L]
	
	php_value include_path	/usr/share/awl/inc
	php_value magic_quotes_gpc	0
	php_value magic_quotes_runtime	0
	php_value register_globals	0
	php_value default_charset	"utf-8"
	php_admin_value open_basedir    /usr/share/davical/:/usr/share/awl/inc/:/etc/davical/
</VirtualHost>

(Apache may need to be configured in ports.conf to listen also ports 8008 and 8800)

  • Content-Security-Policy: If HTTP headers are working for a strict CSP-SOP, script-src needs to include a 'unsafe-inline' value.
  • Enable Apache website if it wasn't:
sudo a2ensite calendar.example.net
sudo apachectl graceful
  • Admin email address will be shown in clear on some public pages. If you waht to filter this, you can enable "substitute" module on apache:
sudo a2enmod substitute
systemctl restart apache2

And add a directive like this to Apache's virtualhost:

<Location "/">
	AddOutputFilterByType SUBSTITUTE text/html
	Substitute "s/admin@example.net/admin AT example.net/ni"
</Location>

Login to DAViCAL Admin

If all is going well you should now be able to browse to the site pages and log in as 'admin' with the password set during installation.

Usual administration tasks

Reset the admin password

Useful after an installation, when we want to be sure of our wanted password (example for database name "MyCalendars" and password "1234")

echo "UPDATE usr SET password = '**1234' WHERE user_no=1;" | sudo su -l postgres -c "psql --dbname MyCalendars"

Backup all data

  • Database (example for accessing mycaldb with user "mycaluser" and password "12345")
env PGPASSWORD=12345 pg_dump --create --inserts --attribute-inserts --disable-dollar-quoting --username=mycaluser -f "mycaldb.pgdump" mycaldb
  • PostgreSql users/roles (example for mycaluser_dba + mycaluser_app)
cat /dev/null > mycaluser_dba.pgdump
sudo su -l postgres -c "pg_dumpall --roles-only" | grep -e " ROLE mycaluser_dba;" >> mycaluser_dba.pgdump
sudo su -l postgres -c "pg_dumpall --roles-only" | grep -e " ROLE mycaluser_dba " >> mycaluser_dba.pgdump
cat /dev/null > mycaluser_app.pgdump
sudo su -l postgres -c "pg_dumpall --roles-only" | grep -e " ROLE mycaluser_app;" >> mycaluser_app.pgdump
sudo su -l postgres -c "pg_dumpall --roles-only" | grep -e " ROLE mycaluser_app " >> mycaluser_app.pgdump
  • CMS configuration:
/etc/davical/calendar.example.net-conf.php
  • Apache site profile:
/etc/apache2/sites-available/calendar.example.net

Pending to implement or fix = to do

TroubleShooting

See Problems and Solutions and Frequently Asked Questions