SlideShare a Scribd company logo

DORS/CLUC How to setup Kolab and Seafile as your personal secure data bank

Download as ODP, PDF
H
hcderaad

Hosting your own servers for groupware and filestorage can be very compelling because of a number of reasons. But doing it right can be quite a tedious job. This workshop, which was given at the DORS/CLUC conference in Zagreb will guide you through installing the Kolab groupware solution and integrate the Seafile filesyncing application with it, creating your own personal data bank!

Software
1 of 56
info@hcderaad.nl www.hcderaad.nl Open source, secure and private file-, and datasharing FTW! Hans de Raad OpenNovations DORS / CLUC 20th May 2015 #dorscluc
info@hcderaad.nl www.hcderaad.nl Great to (still!) be here! ● Many thanks to the organization! – Svebor (and friends) you guys (and girls) ROCK!
info@hcderaad.nl www.hcderaad.nl Whoami? ● OpenNovations – Current company of Hans de Raad – Partner of Kolab Systems AG ● Chamber of commerce registration states: – “The goal of the company is to deliver products and services in all aspects of the competence-, personal interest-, and area's of expertise of the owner”. ● In other words, its mainly a vehicle to do something usefull and nice and charging money for that. ● Some areas of interest: – Information, communication, technology, workshops and consultancy. ● Do I stick to that?
info@hcderaad.nl www.hcderaad.nl Why host this yourself? ● Pay with money instead of your data ● On premise availability, sense of your data under your control ● Make it just that tiny little bit harder for information harvesting companies and governments to profile you. ● Some information you just want to keep for yourself. – Why? Well, why not?!
info@hcderaad.nl www.hcderaad.nl Law beats technology ● Chances are, your local privacy legislation is quite a lot better than the US laws – Because, well..... There are none.... ● Regardless of the recent scandals, governments still have to comply to legislation. – If they don't you can sue. ● Companies only have to listen to shareholders ● Which would you prefer, democratic or shareholder controlled governance models? – Or, roll your own?
info@hcderaad.nl www.hcderaad.nl But do it right ● Make sure you know what you are doing – Hosting and systems management is a specialization. ● Or hire someone to do it for you – When cooperating with a group of people, this can be very cost effective ● Don't host your own just because....
info@hcderaad.nl www.hcderaad.nl Kolab ● Created by German Bundesambt fur Sicherheit-, und Informationstechnik in 2001 – Because they needed something they could trust themselves. ● Groupware platform with: – Email, calendar, todo/tasks, contacts, filestorage ● Clients – Roundcube, KDE Kontact – And Thunderbird, or even Outlook....
info@hcderaad.nl www.hcderaad.nl Seafile ● Filestorage and syncing ● Client apps on desktop, mobile, web ● End to end encrypted file storage (and sharing) ● Integrates with Kolab LDAP and webclient.
info@hcderaad.nl www.hcderaad.nl Other components ● The usual suspects: – Apache Webserver ● Or NGINX – Postfix SMTP Server – Cyrus IMAP Server – MariaDB / MySQL databaseserver
info@hcderaad.nl www.hcderaad.nl Architecture
info@hcderaad.nl www.hcderaad.nl Planning setup ● Single machine? – Failover? Fallback scenario? – A-synchronous backups? ● Multi machine redundancy – Replication?
info@hcderaad.nl www.hcderaad.nl Acces vs Sync ● When does Syncing make sense? – Relatively small teams – Relatively small amounts of documents ● When does Acces-only makes sense? – Large teams/organizations ● High number of document edits – Large amounts of frequently changing documents ● Don't ddos your own network.
info@hcderaad.nl www.hcderaad.nl Expectation management ● This workshops demo only targets a very simple SOHO single machine solution. ● However we will go over some of the considerations for more complex scenarios. – But really, if you need something like that, hire a professional. – The info in this presentation is provided as is, without any warrantly, etc, etc, etc, etc....
info@hcderaad.nl www.hcderaad.nl Decoupling and redundancy ● Key element of making a platform resilient: Have more than 1 instance/copy running – Easy for webservers – MariaDB supports it natively – Cyrus Murder for IMAP ● Or use file or block level synchronization – For relatively simple setups, this is usually enough
info@hcderaad.nl www.hcderaad.nl HA or HR? ● Do you really need High Availability – Which implies a fully redundant, multi-server, multi-geo- location setup? ● Or is what you want actually High Recoverability? – Difference in costs is quite significant. ● Basically, it boils down to: – How many hours of business can you survive without your files or mails? ● If this is counted in < Minutes, go HA ● If this is counted in > Hours, go HR
info@hcderaad.nl www.hcderaad.nl Redundancy: Application level ● MySQL / MariaDB clustering ● Cyrus Murder ● LDAP replication ● Postfix SMTP ● Apache webserver
info@hcderaad.nl www.hcderaad.nl Application level: Database ● Maria DB clustering – Usefulness is limited, because applications don't use Maria DB that much ● Indexing for Seafile ● User preferences for Roundcube (Kolab). – Basically most of the info in the Kolab/Seafile setup is related to the files (or emails) in the system anyway. ● So it doesn't really make sense to separate this in a redundant setup.
info@hcderaad.nl www.hcderaad.nl Application level: IMAP server ● Cyrus Murder – Usefulness can be quite high, but setup can be costly. ● Need for several servers, configuration work, etc. – For the combination of Kolab and Seafile this would not be enough. ● For Kolab alone, this is a very reasonable step, since it stores everything in IMAP anyway. – Besides making backups of configuration of course. – But also, this implies more application levels (LDAP, etc) are implemented redundantly as well.
info@hcderaad.nl www.hcderaad.nl Application level: Identity management ● LDAP replication – Availability is crucial, if no LDAP, not a single application can be used. – Can be a business demand anyway (master/slave with external LDAP server). – Setup varies per server type (OpenLdap, 389- server, etc).
info@hcderaad.nl www.hcderaad.nl Application level: SMTP frontends ● Postfix SMTP server: – Decide what you actually want to prevent or achieve ● Mail loss – Setup a spare/backup MX with a large enough disk to queue messages until the primary MX is back online. – This is always a GOOD IDEA tm ● Mail availability – Then postfix (or the SMTP frontend) is probably the least of your challenges. – Mail (and file) storage and distribution in the backend is.
info@hcderaad.nl www.hcderaad.nl Application level: Webserver ● Apache webserver – Load balancing ● The webserver should be almost the “dumbest” component in the stack. ● No data is stored, no data operations are being performed. – No webserver means no access ● Which is annoying, but not fatal. – But setup 2 apache instances and put a Vagrant or Nginx proxy in front of it, and you're done.
info@hcderaad.nl www.hcderaad.nl Redundant setup: data sync ● Block level sync vs File level sync vs Object storage – All: ● Setup multiple instances of exactly the same data. ● Span acros multiple machines. – Block level sync: DRDB – File level sync: GlusterFS – Object storage: Ceph
info@hcderaad.nl www.hcderaad.nl Data sync: Pick your tools wisely ● For very simple setups DRDB suits just fine. – Handles filesystem block level updates and stores it across multiple instances. – Can be used with almost any type of data (because it handles the lowest possible level, block level). ● GlusterFS is especially useful for syncing files (like IMAP mail messages) – Less ideal for large files like databases or mail index files. ● Ceph handles it all, but might be a bit overkill....
info@hcderaad.nl www.hcderaad.nl But what about a simple snapshot? ● Sure, why not? – But be prepared to accept data loss on system failure ● This can be somewhat mitigated by using frequent IMAPsyncs and/or DRDB for some filesystem partitions. ● Keep a bare/minimal clone of the original VPS/VM at hand at all times. – Or orchestrate the whole setup with Puppet/Chef/Ansible/etc.
info@hcderaad.nl www.hcderaad.nl Back to reality ● There are a zillion considerations for setting up a failover/HA/redundant setup. – “There is no special ingredient”. ● Let's setup the server.
info@hcderaad.nl www.hcderaad.nl Setup requirements ● Have a VPS ready – Or a VirtualBox/KVM/Xen/whatever ● Software: – Ubuntu 14.04 LTS ● http://www.ubuntu.com/download/server/ – Seafile 4.1.2 ● http://seafile.com/en/download/ – Kolab ● Repositories added later
info@hcderaad.nl www.hcderaad.nl Why Ubuntu and not openSUSE/CentOS, etc, etc, etc ● Well..... Quite arbitrary actually. – It's the reference platform for Seafile, and Kolab works well on it. ● Ubuntu is pretty well supported by VPS hosting providers ● All the Kool kids use it.... – /me running away
info@hcderaad.nl www.hcderaad.nl Install OS (1/2) ● Install Ubuntu 14.04 LTS – Provide a hostname (dcdemo) – Provide a username (dcuser) ● And a password (dcpass01) – Encrypt your home directory ● If on VPS or laptop: YES – Or use Encrypted LVM later in the partitioning setup – But beware of the performance penalty ● And don't forget this when rebooting the server (automatic updates?).
info@hcderaad.nl www.hcderaad.nl Install OS (2/2) ● During OS install – OpenSSH and LAMP Server. – MySQL Root user password (dcsql01) ● You will need that for Kolab and Seafile setup ● After OS Install – sudo apt-get update && sudo apt-get upgrade – sudo apt-get install ethtool ● Be sure to add an extra network interface (bridged) in Promiscuous mode “All”. – /etc/network/interfaces ● auto eth1 ● iface eth1 inet dhcp
info@hcderaad.nl www.hcderaad.nl Install and enable mod_ssl ● Install the Apache mod_ssl module – sudo a2enmod ssl – sudo a2ensite default-ssl – sudo service apache2 restart ● NB You should install your own certificate on your domain!
info@hcderaad.nl www.hcderaad.nl Change firewall rules ● ONLY open up TLS/SSL secured ports (and SMTP). – sudo ufw allow ssh/tcp – sudo ufw logging on – sudo ufw enable – sudo ufw allow smtp – sudo ufw allow https – sudo ufw allow 587/tcp – sudo ufw allow 993/tcp ● Check this with: sudo ufw status
info@hcderaad.nl www.hcderaad.nl Install Kolab (1/4) ● Add repo's: – https://docs.kolab.org/installation-guide/ubuntu.html – Add file: sudo vim /etc/apt/sources.list.d/kolab.list – Add contents: ● deb http://obs.kolabsys.com/repositories/Kolab:/3.4/Ubuntu_14.04/ ./ deb http://obs.kolabsys.com/repositories/Kolab:/3.4:/Updates/Ubuntu_14.04/ ./ – Add GPG key ● gpg --search devel@lists.kolab.org – If finding the keyserver fails at first, try again ● gpg --export --armor devel@lists.kolab.org > devel@lists.kolab.org.key ● sudo apt-key add devel@lists.kolab.org.key
info@hcderaad.nl www.hcderaad.nl Install Kolab (2/4) ● Change repo priority: – Add file: sudo vim /etc/apt/preferences.d/kolab – Add file contents: ● Package: * Pin: origin obs.kolabsys.com Pin-Priority: 501 ● Make sure that the Fully Qualified Domain Name is set correctly (you should not have to perform this on a VPS). – Run: hostname -f – Output should be: servername.domainname – Else change the hostname.
info@hcderaad.nl www.hcderaad.nl Install Kolab (3/4) Check / change hostname ● Get the systems IP by running: ifconfig ● Edit: sudo vim /etc/hosts – And add the hostname following this pattern: ● IP-Address-of-system hostname.domainname.TLD hostname – 123.123.123.1 dcdemo.localdomain.local dcdemo ● Make sure to comment the 127.0.0.1 HOSTNAME entry. ● Edit: sudo vim /etc/hostname – dcdemo ● Restart service: – sudo /etc/init.d/networking restart
info@hcderaad.nl www.hcderaad.nl Install Kolab (4/4) ● Run: sudo apt-get update && sudo aptitude install kolab – Select “No configuration” for mailserver setup, setup-kolab will to this later ● Run: sudo setup-kolab – Choose new (or note down) all the passwords (!!!) – Make sure the FQDN is exactly as entered in /etc/hosts ● Reboot the machine – you shouldn't see any errors ● Test kolab by visiting the kolab-webadmin and roundcubemail. – Remember “https”
info@hcderaad.nl www.hcderaad.nl Setup IMAP TLS ● Add cyrus to ssl group – sudo usermod -a -G ssl-cert cyrus ● Configure cyrus to use the snakeoil tls certs: – Edit: sudo vim /etc/imapd.conf – Add or change the following lines: ● tls_server_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem ● tls_server_key: /etc/ssl/private/ssl-cert-snakeoil.key ● tls_server_ca_file: /etc/ssl/certs/ssl-cert-snakeoil.pem ● tls_client_ca_file: /etc/ssl/certs/ssl-cert-snakeoil.pem ● NB You should install your own certificates here.
info@hcderaad.nl www.hcderaad.nl Add a user to Kolab ● Log into the kolab-webadmin – Username cn=Directory Administrator – Password noted on installation ● Goto Users – Add a user of type kolab-user ● Test this by login into roundcubemail with the user account – Send some emails, and test IMAP connectivity as well. ● Congratulations, you've got a working Kolab setup!
info@hcderaad.nl www.hcderaad.nl Yay moment!
info@hcderaad.nl www.hcderaad.nl Seafile install (1/7) ● Install the prerequisites for the server: – sudo apt-get install python2.7 python-setuptools python-simplejson python-imaging python- mysqldb ● Create a user to run seafile as (do NOT run Seafile as root). – sudo adduser seafile ● Choose a password that you will remember – su seafile – cd /home/seafile ● Download the installer on the server: – Wget <URL TO LATEST SEAFILE SERVER VERSION> – You can find the latest version on: ● http://seafile.com/en/download/ ● Unpack the archive. – tar xfz <NAME OF SEAFILE ARCHIVE>
info@hcderaad.nl www.hcderaad.nl Seafile install (2/7) ● Go into the “seafile-server-x.x.x” directory and run: – ./setup-seafile-mysql.sh – Enter the server name and the ip address when prompted, leave the other settings as default ● Create new MySQL databases. ● Make a new MySQL user for seafile (DON'T use root), like “seafileuser” (with a password) ● After the installation, go to the seafile-server-latest folder (in /home/seafile/) check if seafile will start – ./seafile.sh start – ./seahub.sh start ● You will be asked to enter an admin user account name and password. ● Exit from the seafile user.
info@hcderaad.nl www.hcderaad.nl Seafile install (3/7) ● Now setup init scripts so that Seafile will be started on system boot. – Install: sudo apt-get install sysv-rc-conf – Create a file (contents on next slide): ● sudo vim /etc/init.d/seafile – Make it executable: sudo chmod +x /etc/init.d/seafile – Turn on the service: sudo sysv-rc-conf seafile on – Check the status: sudo /etc/init.d/seafile restart ● Open port 8000 in the firewall (we will close this later) to test the web interface. – sudo ufw allow 8000/tcp – http://SERVERNAMEORIP:8000 – The Seafile Interface should now pop up.
info@hcderaad.nl www.hcderaad.nl #!/bin/sh #chkconfig: 345 99 10 #description: Seafile auto start-stop script. # source function library . /lib/lsb/init-functions start() { echo "Starting Seafile server..." su - seafile -c "seafile-server-latest/seafile.sh start" su - seafile -c "seafile-server-latest/seafile.sh start" #su - seafile -c "seafile-server-latest/seahub.sh start-fastcgi" } stop() { echo "Stopping Seafile process..." su - seafile -c "seafile-server-latest/seafile.sh stop" su - seafile -c "seafile-server-latest/seahub.sh stop" } restart() { echo "Stopping Seafile process..." su - seafile -c "seafile-server-latest/seafile.sh stop" su - seafile -c "seafile-server-latest/seahub.sh stop" echo "Starting Seafile server..." su - seafile -c "seafile-server-latest/seafile.sh start" su - seafile -c "seafile-server-latest/seafile.sh start" #su - seafile -c "seafile-server-latest/seahub.sh start-fastcgi" } case "$1" in start) start ;; stop) stop ;; restart) restart ;; *) echo "Usage: $0 start stop restart" ;; esac
info@hcderaad.nl www.hcderaad.nl Seafile install (4/7) ● Now connect Seafile to the Kolab LDAP server – Su into the seafile user again – Open /home/seafile/seafile-server-latest/ccnet/ccnet.conf – Add the following lines (change to your setup) [LDAP] HOST = ldap://127.0.0.1 BASE = ou=People,dc=dcdemo,dc=localdomain,dc=local USER_DN = uid=kolab-service,ou=Special Users,dc=dcdemo,dc=localdomain,dc=local PASSWORD = SECRET! LOGIN_ATTR = mail – You can also copy the ldap configuration from the Roundcube config file (/etc/roundcube/kolab_auth_inc.php or config.inc.php) – Restart seafile after applying the changes ● sudo /etc/init.d/seafile restart – Test the login in the web interface
info@hcderaad.nl www.hcderaad.nl Seafile install (5/7) ● Now setup Seafile to use (the SSL enabled) Apache as frontend. – Install and enable prerequisites: ● sudo apt-get install python-flup libapache2-mod-fastcgi ● sudo a2enmod proxy_http && sudo service apache2 restart – Open the file (sudo vim) /etc/apache2/apache2.conf ● Add the following line at the end of the file: – FastCGIExternalServer /var/www/seahub.fcgi -host 127.0.0.1:8000 – Modify the enabled default site: ● Make a backup of the old default site – sudo mv etc/apache2/sites-enabled/000-default.conf /etc/apache2/sites-enabled/000-default.bak ● sudo vim /etc/apache2/sites-enabled/000-default.conf – Replace its content the content from the next slide
info@hcderaad.nl www.hcderaad.nl <VirtualHost *:80> #ServerName www.myseafile.com # Use "DocumentRoot /var/www/html" for Centos/Fedora # Use "DocumentRoot /var/www" for Ubuntu/Debian DocumentRoot /var/www Alias /media /home/seafile/seafile-server-latest/seahub/media RewriteEngine On # For apache2.2, you may need to change to # <Location /media> # Order allow,deny # Allow from all # </Location> <Location /media> Require all granted </Location> # # seafile fileserver # ProxyPass /seafhttp http://127.0.0.1:8082 ProxyPassReverse /seafhttp http://127.0.0.1:8082 RewriteRule ^/seafhttp - [QSA,L] # For apache2.2, you may need to add # <Location /seafhttp> # Order allow,deny # Allow from all # </Location> # # seahub # RewriteRule ^/(media.*)$ /$1 [QSA,L,PT] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ /seahub.fcgi$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] </VirtualHost>
info@hcderaad.nl www.hcderaad.nl Seafile install (6/7) ● Now open the init script and modify the 2 commented “start” commands for seahub to use the fastcgi commands (comment out the non fastcgi seahub start commands). – sudo vim /etc/init.d/seafile ● Open port 80 in the firewall (we will close this later). ● Log into the seafile user again: su seafile – Edit the seahub_settings.py file in /home/seafile ● Add the following line (hint: QUOTES!) FILE_SERVER_ROOT = 'http://SERVERNAMEORIP' – Edit the ccnet.conf file in /home/seafile/ccnet (hint: NO quotes!) ● SERVICE_URL = http://SERVERNAMEORIP ● Restart seafile and apache – sudo /etc/init.d/seafile restart && sudo service apache2 restart ● Open the root of the server in a web browser – It should show the login form for Seafile
info@hcderaad.nl www.hcderaad.nl Seafile install (7/7) ● Now let's put it behind SSL. – Open /etc/apache2/sites-enabled/default-ssl.conf ● Change the contents of the file to the text in the following slide ● Restart seafile and apache – sudo /etc/init.d/seafile restart && sudo service apache2 restart ● Open the main page in the browser, but this time with the https link.
info@hcderaad.nl www.hcderaad.nl <VirtualHost *:443> #ServerName www.myseafile.com DocumentRoot /var/www Alias /media /home/seafile/seafile-server-latest/seahub/media <Location /media> Require all granted </Location> SSLEngine On SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key RewriteEngine On # # seafile fileserver # ProxyPass /seafhttp http://127.0.0.1:8082 ProxyPassReverse /seafhttp http://127.0.0.1:8082 RewriteRule ^/seafhttp - [QSA,L] # # seahub # RewriteRule ^/(media.*)$ /$1 [QSA,L,PT] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_URI} !^/roundcubemail.* RewriteCond %{REQUEST_URI} !^/Microsoft.* RewriteCond %{REQUEST_URI} !^/iRony.* RewriteCond %{REQUEST_URI} !^/chwala.* RewriteCond %{REQUEST_URI} !^/kolab.* RewriteRule ^(.*)$ /seahub.fcgi$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] </VirtualHost>
info@hcderaad.nl www.hcderaad.nl Setup Roundcube/Chwala (1/2) ● Change the Roundcube config file: – sudo vim /etc/roundcube/config.inc.php – Add to the end of the file: ● $config['fileapi_backend'] = 'kolab'; ● $config['fileapi_drivers'] = array('seafile'); ● $config['fileapi_seafile_host'] = "https://localhost"; ● $config['fileapi_seafile_ssl_verify_peer'] = false; ● $config['fileapi_seafile_ssl_verify_host'] = false; ● # Change the following basing on how much time you want data from Seafile cached ● $config['fileapi_seafile_cache'] = '14d'; ● $config['fileapi_seafile_debug'] = true; – What “localhost”? Yes, Seafile is on the same server, and this saves some roundtrips. – The last one, debugging is just for testing purposes, set to false after succesfully testing the setup.
info@hcderaad.nl www.hcderaad.nl Setup Roundcube/Chwala (2/2) ● Open the Roundcube web interface – Go to Files – Click on the “gear” button (lower left corner) ● Add storage – Name: Seafile – Server: https://localhost – Username: Roundcube/Kolab user (email address) – Password: VERYSECRET ● Click Add – You now also have a Seafile list item in your file folders!
info@hcderaad.nl www.hcderaad.nl Close firewall ports ● Close the firewall ports we've opened for testing: – Get the numbered firewall rules ● sudo ufw status numbered ● You must check the numbers after every rule deletion! – Then one by one delete the rules for http(NO s)/80 and 8000 ● sudo ufw delete RULENUMBER ● Make sure you've also deleted the IPv6 entries. – Check, check, double check with: ● sudo ufw status
info@hcderaad.nl www.hcderaad.nl Yay moment number 2!
info@hcderaad.nl www.hcderaad.nl Questions? ¿
info@hcderaad.nl www.hcderaad.nl Just one more thing! ● Roundcube Next! – The worlds most used open source web client – Fundraiser for the next iteration of the platform ● Already > $ 25.000,- raised! – Help to shape the future of email! https://roundcu.be/next
info@hcderaad.nl www.hcderaad.nl Whoami again? Hans de Raad info@hcderaad.nl www.opennovations.nl linkedin.com/in/hansderaad
info@hcderaad.nl www.hcderaad.nl Thanks for coming! Have an awesome conference!!!

Recommended

Secure and private collaboration - LinuxDays 2015 Kolab and Univention
Secure and private collaboration - LinuxDays 2015 Kolab and UniventionSecure and private collaboration - LinuxDays 2015 Kolab and Univention
Secure and private collaboration - LinuxDays 2015 Kolab and Univentionhcderaad
 
Auto Europe's ongoing journey with MariaDB and open source
Auto Europe's ongoing journey with MariaDB and open sourceAuto Europe's ongoing journey with MariaDB and open source
Auto Europe's ongoing journey with MariaDB and open sourceMariaDB plc
 
Writing powerful stored procedures in PL/SQL
Writing powerful stored procedures in PL/SQLWriting powerful stored procedures in PL/SQL
Writing powerful stored procedures in PL/SQLMariaDB plc
 
How to migrate from Oracle Database with ease
How to migrate from Oracle Database with easeHow to migrate from Oracle Database with ease
How to migrate from Oracle Database with easeMariaDB plc
 
What’s new in Galera 4
What’s new in Galera 4What’s new in Galera 4
What’s new in Galera 4MariaDB plc
 
MariaDB ColumnStore
MariaDB ColumnStoreMariaDB ColumnStore
MariaDB ColumnStoreMariaDB plc
 
Global Data Replication with Galera for Ansell Guardian®
Global Data Replication with Galera for Ansell Guardian®Global Data Replication with Galera for Ansell Guardian®
Global Data Replication with Galera for Ansell Guardian®MariaDB plc
 
Big Data - Big Pitfalls.
Big Data - Big Pitfalls.Big Data - Big Pitfalls.
Big Data - Big Pitfalls.Roman Nikitchenko
 

Recommended

Secure and private collaboration - LinuxDays 2015 Kolab and Univention
Secure and private collaboration - LinuxDays 2015 Kolab and UniventionSecure and private collaboration - LinuxDays 2015 Kolab and Univention
Secure and private collaboration - LinuxDays 2015 Kolab and Univentionhcderaad
 
Auto Europe's ongoing journey with MariaDB and open source
Auto Europe's ongoing journey with MariaDB and open sourceAuto Europe's ongoing journey with MariaDB and open source
Auto Europe's ongoing journey with MariaDB and open sourceMariaDB plc
 
Writing powerful stored procedures in PL/SQL
Writing powerful stored procedures in PL/SQLWriting powerful stored procedures in PL/SQL
Writing powerful stored procedures in PL/SQLMariaDB plc
 
How to migrate from Oracle Database with ease
How to migrate from Oracle Database with easeHow to migrate from Oracle Database with ease
How to migrate from Oracle Database with easeMariaDB plc
 
What’s new in Galera 4
What’s new in Galera 4What’s new in Galera 4
What’s new in Galera 4MariaDB plc
 
MariaDB ColumnStore
MariaDB ColumnStoreMariaDB ColumnStore
MariaDB ColumnStoreMariaDB plc
 
Global Data Replication with Galera for Ansell Guardian®
Global Data Replication with Galera for Ansell Guardian®Global Data Replication with Galera for Ansell Guardian®
Global Data Replication with Galera for Ansell Guardian®MariaDB plc
 
Big Data - Big Pitfalls.
Big Data - Big Pitfalls.Big Data - Big Pitfalls.
Big Data - Big Pitfalls.Roman Nikitchenko
 
Software Development with Apache Cassandra
Software Development with Apache CassandraSoftware Development with Apache Cassandra
Software Development with Apache Cassandrazznate
 
Choosing the right high availability strategy
Choosing the right high availability strategyChoosing the right high availability strategy
Choosing the right high availability strategyMariaDB plc
 
Ceph as storage for CloudStack
Ceph as storage for CloudStack Ceph as storage for CloudStack
Ceph as storage for CloudStack Ceph Community
 
Redis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech TalkRedis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech TalkRed Hat Developers
 
Monitoring Cassandra with graphite using Yammer Coda-Hale Library
Monitoring Cassandra with graphite using Yammer Coda-Hale LibraryMonitoring Cassandra with graphite using Yammer Coda-Hale Library
Monitoring Cassandra with graphite using Yammer Coda-Hale LibraryNader Ganayem
 
Scalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsScalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsJonas Bonér
 
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedIn
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedInJay Kreps on Project Voldemort Scaling Simple Storage At LinkedIn
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedInLinkedIn
 
M|18 Scalability via Expendable Resources: Containers at BlaBlaCar
M|18 Scalability via Expendable Resources: Containers at BlaBlaCarM|18 Scalability via Expendable Resources: Containers at BlaBlaCar
M|18 Scalability via Expendable Resources: Containers at BlaBlaCarMariaDB plc
 
How THINQ runs both transactions and analytics at scale
How THINQ runs both transactions and analytics at scaleHow THINQ runs both transactions and analytics at scale
How THINQ runs both transactions and analytics at scaleMariaDB plc
 
Getting the most out of MariaDB MaxScale
Getting the most out of MariaDB MaxScaleGetting the most out of MariaDB MaxScale
Getting the most out of MariaDB MaxScaleMariaDB plc
 
ApacheCon 2020 - Flink SQL in 2020: Time to show off!
ApacheCon 2020 - Flink SQL in 2020: Time to show off!ApacheCon 2020 - Flink SQL in 2020: Time to show off!
ApacheCon 2020 - Flink SQL in 2020: Time to show off!Timo Walther
 
NewSQL overview, Feb 2015
NewSQL overview, Feb 2015NewSQL overview, Feb 2015
NewSQL overview, Feb 2015Ivan Glushkov
 
Migrating from InnoDB and HBase to MyRocks at Facebook
Migrating from InnoDB and HBase to MyRocks at FacebookMigrating from InnoDB and HBase to MyRocks at Facebook
Migrating from InnoDB and HBase to MyRocks at FacebookMariaDB plc
 
MariaDB Performance Tuning and Optimization
MariaDB Performance Tuning and OptimizationMariaDB Performance Tuning and Optimization
MariaDB Performance Tuning and OptimizationMariaDB plc
 
Scylla Summit 2016: Using ScyllaDB for a Microservice-based Pipeline in Go
Scylla Summit 2016: Using ScyllaDB for a Microservice-based Pipeline in GoScylla Summit 2016: Using ScyllaDB for a Microservice-based Pipeline in Go
Scylla Summit 2016: Using ScyllaDB for a Microservice-based Pipeline in GoScyllaDB
 
How to use Hadoop for operational and transactional purposes by RODRIGO MERI...
How to use Hadoop for operational and transactional purposes by RODRIGO MERI... How to use Hadoop for operational and transactional purposes by RODRIGO MERI...
How to use Hadoop for operational and transactional purposes by RODRIGO MERI...Big Data Spain
 
Voldemort : Prototype to Production
Voldemort : Prototype to ProductionVoldemort : Prototype to Production
Voldemort : Prototype to ProductionVinoth Chandar
 
Configuring workload-based storage and topologies
Configuring workload-based storage and topologiesConfiguring workload-based storage and topologies
Configuring workload-based storage and topologiesMariaDB plc
 
Get the most out of Oracle Data Guard - OOW version
Get the most out of Oracle Data Guard - OOW versionGet the most out of Oracle Data Guard - OOW version
Get the most out of Oracle Data Guard - OOW versionLudovico Caldara
 
MariaDB Server Performance Tuning & Optimization
MariaDB Server Performance Tuning & OptimizationMariaDB Server Performance Tuning & Optimization
MariaDB Server Performance Tuning & OptimizationMariaDB plc
 
BDM37: Hadoop in production – the war stories by Nikolaï Grigoriev, Principal...
BDM37: Hadoop in production – the war stories by Nikolaï Grigoriev, Principal...BDM37: Hadoop in production – the war stories by Nikolaï Grigoriev, Principal...
BDM37: Hadoop in production – the war stories by Nikolaï Grigoriev, Principal...Big Data Montreal
 
Deploying Perl apps on dotCloud
Deploying Perl apps on dotCloudDeploying Perl apps on dotCloud
Deploying Perl apps on dotClouddaoswald
 

More Related Content

What's hot

Software Development with Apache Cassandra
Software Development with Apache CassandraSoftware Development with Apache Cassandra
Software Development with Apache Cassandrazznate
 
Choosing the right high availability strategy
Choosing the right high availability strategyChoosing the right high availability strategy
Choosing the right high availability strategyMariaDB plc
 
Ceph as storage for CloudStack
Ceph as storage for CloudStack Ceph as storage for CloudStack
Ceph as storage for CloudStack Ceph Community
 
Redis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech TalkRedis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech TalkRed Hat Developers
 
Monitoring Cassandra with graphite using Yammer Coda-Hale Library
Monitoring Cassandra with graphite using Yammer Coda-Hale LibraryMonitoring Cassandra with graphite using Yammer Coda-Hale Library
Monitoring Cassandra with graphite using Yammer Coda-Hale LibraryNader Ganayem
 
Scalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsScalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsJonas Bonér
 
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedIn
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedInJay Kreps on Project Voldemort Scaling Simple Storage At LinkedIn
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedInLinkedIn
 
M|18 Scalability via Expendable Resources: Containers at BlaBlaCar
M|18 Scalability via Expendable Resources: Containers at BlaBlaCarM|18 Scalability via Expendable Resources: Containers at BlaBlaCar
M|18 Scalability via Expendable Resources: Containers at BlaBlaCarMariaDB plc
 
How THINQ runs both transactions and analytics at scale
How THINQ runs both transactions and analytics at scaleHow THINQ runs both transactions and analytics at scale
How THINQ runs both transactions and analytics at scaleMariaDB plc
 
Getting the most out of MariaDB MaxScale
Getting the most out of MariaDB MaxScaleGetting the most out of MariaDB MaxScale
Getting the most out of MariaDB MaxScaleMariaDB plc
 
ApacheCon 2020 - Flink SQL in 2020: Time to show off!
ApacheCon 2020 - Flink SQL in 2020: Time to show off!ApacheCon 2020 - Flink SQL in 2020: Time to show off!
ApacheCon 2020 - Flink SQL in 2020: Time to show off!Timo Walther
 
NewSQL overview, Feb 2015
NewSQL overview, Feb 2015NewSQL overview, Feb 2015
NewSQL overview, Feb 2015Ivan Glushkov
 
Migrating from InnoDB and HBase to MyRocks at Facebook
Migrating from InnoDB and HBase to MyRocks at FacebookMigrating from InnoDB and HBase to MyRocks at Facebook
Migrating from InnoDB and HBase to MyRocks at FacebookMariaDB plc
 
MariaDB Performance Tuning and Optimization
MariaDB Performance Tuning and OptimizationMariaDB Performance Tuning and Optimization
MariaDB Performance Tuning and OptimizationMariaDB plc
 
Scylla Summit 2016: Using ScyllaDB for a Microservice-based Pipeline in Go
Scylla Summit 2016: Using ScyllaDB for a Microservice-based Pipeline in GoScylla Summit 2016: Using ScyllaDB for a Microservice-based Pipeline in Go
Scylla Summit 2016: Using ScyllaDB for a Microservice-based Pipeline in GoScyllaDB
 
How to use Hadoop for operational and transactional purposes by RODRIGO MERI...
How to use Hadoop for operational and transactional purposes by RODRIGO MERI... How to use Hadoop for operational and transactional purposes by RODRIGO MERI...
How to use Hadoop for operational and transactional purposes by RODRIGO MERI...Big Data Spain
 
Voldemort : Prototype to Production
Voldemort : Prototype to ProductionVoldemort : Prototype to Production
Voldemort : Prototype to ProductionVinoth Chandar
 
Configuring workload-based storage and topologies
Configuring workload-based storage and topologiesConfiguring workload-based storage and topologies
Configuring workload-based storage and topologiesMariaDB plc
 
Get the most out of Oracle Data Guard - OOW version
Get the most out of Oracle Data Guard - OOW versionGet the most out of Oracle Data Guard - OOW version
Get the most out of Oracle Data Guard - OOW versionLudovico Caldara
 
MariaDB Server Performance Tuning & Optimization
MariaDB Server Performance Tuning & OptimizationMariaDB Server Performance Tuning & Optimization
MariaDB Server Performance Tuning & OptimizationMariaDB plc
 

What's hot (20)

Software Development with Apache Cassandra
Software Development with Apache CassandraSoftware Development with Apache Cassandra
Software Development with Apache Cassandra
 
Choosing the right high availability strategy
Choosing the right high availability strategyChoosing the right high availability strategy
Choosing the right high availability strategy
 
Ceph as storage for CloudStack
Ceph as storage for CloudStack Ceph as storage for CloudStack
Ceph as storage for CloudStack
 
Redis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech TalkRedis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech Talk
 
Monitoring Cassandra with graphite using Yammer Coda-Hale Library
Monitoring Cassandra with graphite using Yammer Coda-Hale LibraryMonitoring Cassandra with graphite using Yammer Coda-Hale Library
Monitoring Cassandra with graphite using Yammer Coda-Hale Library
 
Scalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsScalability, Availability & Stability Patterns
Scalability, Availability & Stability Patterns
 
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedIn
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedInJay Kreps on Project Voldemort Scaling Simple Storage At LinkedIn
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedIn
 
M|18 Scalability via Expendable Resources: Containers at BlaBlaCar
M|18 Scalability via Expendable Resources: Containers at BlaBlaCarM|18 Scalability via Expendable Resources: Containers at BlaBlaCar
M|18 Scalability via Expendable Resources: Containers at BlaBlaCar
 
How THINQ runs both transactions and analytics at scale
How THINQ runs both transactions and analytics at scaleHow THINQ runs both transactions and analytics at scale
How THINQ runs both transactions and analytics at scale
 
Getting the most out of MariaDB MaxScale
Getting the most out of MariaDB MaxScaleGetting the most out of MariaDB MaxScale
Getting the most out of MariaDB MaxScale
 
ApacheCon 2020 - Flink SQL in 2020: Time to show off!
ApacheCon 2020 - Flink SQL in 2020: Time to show off!ApacheCon 2020 - Flink SQL in 2020: Time to show off!
ApacheCon 2020 - Flink SQL in 2020: Time to show off!
 
NewSQL overview, Feb 2015
NewSQL overview, Feb 2015NewSQL overview, Feb 2015
NewSQL overview, Feb 2015
 
Migrating from InnoDB and HBase to MyRocks at Facebook
Migrating from InnoDB and HBase to MyRocks at FacebookMigrating from InnoDB and HBase to MyRocks at Facebook
Migrating from InnoDB and HBase to MyRocks at Facebook
 
MariaDB Performance Tuning and Optimization
MariaDB Performance Tuning and OptimizationMariaDB Performance Tuning and Optimization
MariaDB Performance Tuning and Optimization
 
Scylla Summit 2016: Using ScyllaDB for a Microservice-based Pipeline in Go
Scylla Summit 2016: Using ScyllaDB for a Microservice-based Pipeline in GoScylla Summit 2016: Using ScyllaDB for a Microservice-based Pipeline in Go
Scylla Summit 2016: Using ScyllaDB for a Microservice-based Pipeline in Go
 
How to use Hadoop for operational and transactional purposes by RODRIGO MERI...
How to use Hadoop for operational and transactional purposes by RODRIGO MERI... How to use Hadoop for operational and transactional purposes by RODRIGO MERI...
How to use Hadoop for operational and transactional purposes by RODRIGO MERI...
 
Voldemort : Prototype to Production
Voldemort : Prototype to ProductionVoldemort : Prototype to Production
Voldemort : Prototype to Production
 
Configuring workload-based storage and topologies
Configuring workload-based storage and topologiesConfiguring workload-based storage and topologies
Configuring workload-based storage and topologies
 
Get the most out of Oracle Data Guard - OOW version
Get the most out of Oracle Data Guard - OOW versionGet the most out of Oracle Data Guard - OOW version
Get the most out of Oracle Data Guard - OOW version
 
MariaDB Server Performance Tuning & Optimization
MariaDB Server Performance Tuning & OptimizationMariaDB Server Performance Tuning & Optimization
MariaDB Server Performance Tuning & Optimization
 

Similar to DORS/CLUC How to setup Kolab and Seafile as your personal secure data bank

BDM37: Hadoop in production – the war stories by Nikolaï Grigoriev, Principal...
BDM37: Hadoop in production – the war stories by Nikolaï Grigoriev, Principal...BDM37: Hadoop in production – the war stories by Nikolaï Grigoriev, Principal...
BDM37: Hadoop in production – the war stories by Nikolaï Grigoriev, Principal...Big Data Montreal
 
Deploying Perl apps on dotCloud
Deploying Perl apps on dotCloudDeploying Perl apps on dotCloud
Deploying Perl apps on dotClouddaoswald
 
Visual Mapping of Clickstream Data
Visual Mapping of Clickstream DataVisual Mapping of Clickstream Data
Visual Mapping of Clickstream DataDataWorks Summit
 
Hadoop operations
Hadoop operationsHadoop operations
Hadoop operationsMarc Cluet
 
The Nuts and Bolts of Hadoop and it's Ever-changing Ecosystem, Presented by J...
The Nuts and Bolts of Hadoop and it's Ever-changing Ecosystem, Presented by J...The Nuts and Bolts of Hadoop and it's Ever-changing Ecosystem, Presented by J...
The Nuts and Bolts of Hadoop and it's Ever-changing Ecosystem, Presented by J...NashvilleTechCouncil
 
Integrating CloudStack & Ceph
Integrating CloudStack & CephIntegrating CloudStack & Ceph
Integrating CloudStack & CephShapeBlue
 
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
5 Critical Steps to Clean Your Data Swamp When Migrating Off of HadoopDatabricks
 
Flume-based Independent News Aggregator
Flume-based Independent News AggregatorFlume-based Independent News Aggregator
Flume-based Independent News AggregatorMário Almeida
 
StripeEu Twistedbytes Presentation
StripeEu Twistedbytes PresentationStripeEu Twistedbytes Presentation
StripeEu Twistedbytes Presentationtwistedbytes
 
Optimizing Dell PowerEdge Configurations for Hadoop
Optimizing Dell PowerEdge Configurations for HadoopOptimizing Dell PowerEdge Configurations for Hadoop
Optimizing Dell PowerEdge Configurations for HadoopMike Pittaro
 
[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...
[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...
[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...Wong Hoi Sing Edison
 
Hong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13thHong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13thWong Hoi Sing Edison
 
AWS Big Data Demystified #1: Big data architecture lessons learned
AWS Big Data Demystified #1: Big data architecture lessons learned AWS Big Data Demystified #1: Big data architecture lessons learned
AWS Big Data Demystified #1: Big data architecture lessons learned Omid Vahdaty
 
Challenges behind the scenes of the large Swiss e-Commerce shop apfelkiste.ch...
Challenges behind the scenes of the large Swiss e-Commerce shop apfelkiste.ch...Challenges behind the scenes of the large Swiss e-Commerce shop apfelkiste.ch...
Challenges behind the scenes of the large Swiss e-Commerce shop apfelkiste.ch...nine
 
Hortonworks Technical Workshop - Operational Best Practices Workshop
Hortonworks Technical Workshop - Operational Best Practices WorkshopHortonworks Technical Workshop - Operational Best Practices Workshop
Hortonworks Technical Workshop - Operational Best Practices WorkshopHortonworks
 
Running Dataproc At Scale in production - Searce Talk at GDG Delhi
Running Dataproc At Scale in production - Searce Talk at GDG DelhiRunning Dataproc At Scale in production - Searce Talk at GDG Delhi
Running Dataproc At Scale in production - Searce Talk at GDG DelhiSearce Inc
 

Similar to DORS/CLUC How to setup Kolab and Seafile as your personal secure data bank (20)

BDM37: Hadoop in production – the war stories by Nikolaï Grigoriev, Principal...
BDM37: Hadoop in production – the war stories by Nikolaï Grigoriev, Principal...BDM37: Hadoop in production – the war stories by Nikolaï Grigoriev, Principal...
BDM37: Hadoop in production – the war stories by Nikolaï Grigoriev, Principal...
 
Deploying Perl apps on dotCloud
Deploying Perl apps on dotCloudDeploying Perl apps on dotCloud
Deploying Perl apps on dotCloud
 
Scaling PHP apps
Scaling PHP appsScaling PHP apps
Scaling PHP apps
 
Visual Mapping of Clickstream Data
Visual Mapping of Clickstream DataVisual Mapping of Clickstream Data
Visual Mapping of Clickstream Data
 
Hadoop operations
Hadoop operationsHadoop operations
Hadoop operations
 
The Nuts and Bolts of Hadoop and it's Ever-changing Ecosystem, Presented by J...
The Nuts and Bolts of Hadoop and it's Ever-changing Ecosystem, Presented by J...The Nuts and Bolts of Hadoop and it's Ever-changing Ecosystem, Presented by J...
The Nuts and Bolts of Hadoop and it's Ever-changing Ecosystem, Presented by J...
 
Integrating CloudStack & Ceph
Integrating CloudStack & CephIntegrating CloudStack & Ceph
Integrating CloudStack & Ceph
 
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
 
Flume-based Independent News Aggregator
Flume-based Independent News AggregatorFlume-based Independent News Aggregator
Flume-based Independent News Aggregator
 
StripeEu Twistedbytes Presentation
StripeEu Twistedbytes PresentationStripeEu Twistedbytes Presentation
StripeEu Twistedbytes Presentation
 
Scaling symfony apps
Scaling symfony appsScaling symfony apps
Scaling symfony apps
 
Optimizing Dell PowerEdge Configurations for Hadoop
Optimizing Dell PowerEdge Configurations for HadoopOptimizing Dell PowerEdge Configurations for Hadoop
Optimizing Dell PowerEdge Configurations for Hadoop
 
2014 hadoop wrocław jug
2014 hadoop wrocław jug2014 hadoop wrocław jug
2014 hadoop wrocław jug
 
[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...
[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...
[HKOSCON][20180616][Containerized High Availability Virtual Hosting Deploymen...
 
Hong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13thHong Kong Drupal User Group - Sep 13th
Hong Kong Drupal User Group - Sep 13th
 
AWS Big Data Demystified #1: Big data architecture lessons learned
AWS Big Data Demystified #1: Big data architecture lessons learned AWS Big Data Demystified #1: Big data architecture lessons learned
AWS Big Data Demystified #1: Big data architecture lessons learned
 
Challenges behind the scenes of the large Swiss e-Commerce shop apfelkiste.ch...
Challenges behind the scenes of the large Swiss e-Commerce shop apfelkiste.ch...Challenges behind the scenes of the large Swiss e-Commerce shop apfelkiste.ch...
Challenges behind the scenes of the large Swiss e-Commerce shop apfelkiste.ch...
 
Hortonworks Technical Workshop - Operational Best Practices Workshop
Hortonworks Technical Workshop - Operational Best Practices WorkshopHortonworks Technical Workshop - Operational Best Practices Workshop
Hortonworks Technical Workshop - Operational Best Practices Workshop
 
Hadoop in a Windows Shop - CHUG - 20120416
Hadoop in a Windows Shop - CHUG - 20120416Hadoop in a Windows Shop - CHUG - 20120416
Hadoop in a Windows Shop - CHUG - 20120416
 
Running Dataproc At Scale in production - Searce Talk at GDG Delhi
Running Dataproc At Scale in production - Searce Talk at GDG DelhiRunning Dataproc At Scale in production - Searce Talk at GDG Delhi
Running Dataproc At Scale in production - Searce Talk at GDG Delhi
 

More from hcderaad

Keeping your employees knowledge up to date and qualification management
Keeping your employees knowledge up to date and qualification managementKeeping your employees knowledge up to date and qualification management
Keeping your employees knowledge up to date and qualification managementhcderaad
 
Data security, privacy and patient safety in the 21st century
Data security, privacy and patient safety in the 21st centuryData security, privacy and patient safety in the 21st century
Data security, privacy and patient safety in the 21st centuryhcderaad
 
Open source privacy respecting websites FTW Linux Days 2015 - Drupal and Piwik
Open source privacy respecting websites FTW Linux Days 2015 - Drupal and PiwikOpen source privacy respecting websites FTW Linux Days 2015 - Drupal and Piwik
Open source privacy respecting websites FTW Linux Days 2015 - Drupal and Piwikhcderaad
 
ODFPlugfest 2015 Kolab, WebODF, Pleio
ODFPlugfest 2015 Kolab, WebODF, PleioODFPlugfest 2015 Kolab, WebODF, Pleio
ODFPlugfest 2015 Kolab, WebODF, Pleiohcderaad
 
DORS/CLUC Open source privacy respecting websites FTW
DORS/CLUC Open source privacy respecting websites FTWDORS/CLUC Open source privacy respecting websites FTW
DORS/CLUC Open source privacy respecting websites FTWhcderaad
 
GCCS-Unplugged Secure and private communication and collaboration
GCCS-Unplugged Secure and private communication and collaborationGCCS-Unplugged Secure and private communication and collaboration
GCCS-Unplugged Secure and private communication and collaborationhcderaad
 
2015 03 nllgg-event Organizing Duoconferences.
2015 03 nllgg-event Organizing Duoconferences.2015 03 nllgg-event Organizing Duoconferences.
2015 03 nllgg-event Organizing Duoconferences.hcderaad
 
2014 11 20 Drupal 7 -> 8 test migratie
2014 11 20 Drupal 7 -> 8 test migratie2014 11 20 Drupal 7 -> 8 test migratie
2014 11 20 Drupal 7 -> 8 test migratiehcderaad
 

More from hcderaad (8)

Keeping your employees knowledge up to date and qualification management
Keeping your employees knowledge up to date and qualification managementKeeping your employees knowledge up to date and qualification management
Keeping your employees knowledge up to date and qualification management
 
Data security, privacy and patient safety in the 21st century
Data security, privacy and patient safety in the 21st centuryData security, privacy and patient safety in the 21st century
Data security, privacy and patient safety in the 21st century
 
Open source privacy respecting websites FTW Linux Days 2015 - Drupal and Piwik
Open source privacy respecting websites FTW Linux Days 2015 - Drupal and PiwikOpen source privacy respecting websites FTW Linux Days 2015 - Drupal and Piwik
Open source privacy respecting websites FTW Linux Days 2015 - Drupal and Piwik
 
ODFPlugfest 2015 Kolab, WebODF, Pleio
ODFPlugfest 2015 Kolab, WebODF, PleioODFPlugfest 2015 Kolab, WebODF, Pleio
ODFPlugfest 2015 Kolab, WebODF, Pleio
 
DORS/CLUC Open source privacy respecting websites FTW
DORS/CLUC Open source privacy respecting websites FTWDORS/CLUC Open source privacy respecting websites FTW
DORS/CLUC Open source privacy respecting websites FTW
 
GCCS-Unplugged Secure and private communication and collaboration
GCCS-Unplugged Secure and private communication and collaborationGCCS-Unplugged Secure and private communication and collaboration
GCCS-Unplugged Secure and private communication and collaboration
 
2015 03 nllgg-event Organizing Duoconferences.
2015 03 nllgg-event Organizing Duoconferences.2015 03 nllgg-event Organizing Duoconferences.
2015 03 nllgg-event Organizing Duoconferences.
 
2014 11 20 Drupal 7 -> 8 test migratie
2014 11 20 Drupal 7 -> 8 test migratie2014 11 20 Drupal 7 -> 8 test migratie
2014 11 20 Drupal 7 -> 8 test migratie
 

Recently uploaded

Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 

Recently uploaded (20)

Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Odoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting ServiceOdoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting Service
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 

DORS/CLUC How to setup Kolab and Seafile as your personal secure data bank

  • 1. info@hcderaad.nl www.hcderaad.nl Open source, secure and private file-, and datasharing FTW! Hans de Raad OpenNovations DORS / CLUC 20th May 2015 #dorscluc
  • 2. info@hcderaad.nl www.hcderaad.nl Great to (still!) be here! ● Many thanks to the organization! – Svebor (and friends) you guys (and girls) ROCK!
  • 3. info@hcderaad.nl www.hcderaad.nl Whoami? ● OpenNovations – Current company of Hans de Raad – Partner of Kolab Systems AG ● Chamber of commerce registration states: – “The goal of the company is to deliver products and services in all aspects of the competence-, personal interest-, and area's of expertise of the owner”. ● In other words, its mainly a vehicle to do something usefull and nice and charging money for that. ● Some areas of interest: – Information, communication, technology, workshops and consultancy. ● Do I stick to that?
  • 4. info@hcderaad.nl www.hcderaad.nl Why host this yourself? ● Pay with money instead of your data ● On premise availability, sense of your data under your control ● Make it just that tiny little bit harder for information harvesting companies and governments to profile you. ● Some information you just want to keep for yourself. – Why? Well, why not?!
  • 5. info@hcderaad.nl www.hcderaad.nl Law beats technology ● Chances are, your local privacy legislation is quite a lot better than the US laws – Because, well..... There are none.... ● Regardless of the recent scandals, governments still have to comply to legislation. – If they don't you can sue. ● Companies only have to listen to shareholders ● Which would you prefer, democratic or shareholder controlled governance models? – Or, roll your own?
  • 6. info@hcderaad.nl www.hcderaad.nl But do it right ● Make sure you know what you are doing – Hosting and systems management is a specialization. ● Or hire someone to do it for you – When cooperating with a group of people, this can be very cost effective ● Don't host your own just because....
  • 7. info@hcderaad.nl www.hcderaad.nl Kolab ● Created by German Bundesambt fur Sicherheit-, und Informationstechnik in 2001 – Because they needed something they could trust themselves. ● Groupware platform with: – Email, calendar, todo/tasks, contacts, filestorage ● Clients – Roundcube, KDE Kontact – And Thunderbird, or even Outlook....
  • 8. info@hcderaad.nl www.hcderaad.nl Seafile ● Filestorage and syncing ● Client apps on desktop, mobile, web ● End to end encrypted file storage (and sharing) ● Integrates with Kolab LDAP and webclient.
  • 9. info@hcderaad.nl www.hcderaad.nl Other components ● The usual suspects: – Apache Webserver ● Or NGINX – Postfix SMTP Server – Cyrus IMAP Server – MariaDB / MySQL databaseserver
  • 11. info@hcderaad.nl www.hcderaad.nl Planning setup ● Single machine? – Failover? Fallback scenario? – A-synchronous backups? ● Multi machine redundancy – Replication?
  • 12. info@hcderaad.nl www.hcderaad.nl Acces vs Sync ● When does Syncing make sense? – Relatively small teams – Relatively small amounts of documents ● When does Acces-only makes sense? – Large teams/organizations ● High number of document edits – Large amounts of frequently changing documents ● Don't ddos your own network.
  • 13. info@hcderaad.nl www.hcderaad.nl Expectation management ● This workshops demo only targets a very simple SOHO single machine solution. ● However we will go over some of the considerations for more complex scenarios. – But really, if you need something like that, hire a professional. – The info in this presentation is provided as is, without any warrantly, etc, etc, etc, etc....
  • 14. info@hcderaad.nl www.hcderaad.nl Decoupling and redundancy ● Key element of making a platform resilient: Have more than 1 instance/copy running – Easy for webservers – MariaDB supports it natively – Cyrus Murder for IMAP ● Or use file or block level synchronization – For relatively simple setups, this is usually enough
  • 15. info@hcderaad.nl www.hcderaad.nl HA or HR? ● Do you really need High Availability – Which implies a fully redundant, multi-server, multi-geo- location setup? ● Or is what you want actually High Recoverability? – Difference in costs is quite significant. ● Basically, it boils down to: – How many hours of business can you survive without your files or mails? ● If this is counted in < Minutes, go HA ● If this is counted in > Hours, go HR
  • 16. info@hcderaad.nl www.hcderaad.nl Redundancy: Application level ● MySQL / MariaDB clustering ● Cyrus Murder ● LDAP replication ● Postfix SMTP ● Apache webserver
  • 17. info@hcderaad.nl www.hcderaad.nl Application level: Database ● Maria DB clustering – Usefulness is limited, because applications don't use Maria DB that much ● Indexing for Seafile ● User preferences for Roundcube (Kolab). – Basically most of the info in the Kolab/Seafile setup is related to the files (or emails) in the system anyway. ● So it doesn't really make sense to separate this in a redundant setup.
  • 18. info@hcderaad.nl www.hcderaad.nl Application level: IMAP server ● Cyrus Murder – Usefulness can be quite high, but setup can be costly. ● Need for several servers, configuration work, etc. – For the combination of Kolab and Seafile this would not be enough. ● For Kolab alone, this is a very reasonable step, since it stores everything in IMAP anyway. – Besides making backups of configuration of course. – But also, this implies more application levels (LDAP, etc) are implemented redundantly as well.
  • 19. info@hcderaad.nl www.hcderaad.nl Application level: Identity management ● LDAP replication – Availability is crucial, if no LDAP, not a single application can be used. – Can be a business demand anyway (master/slave with external LDAP server). – Setup varies per server type (OpenLdap, 389- server, etc).
  • 20. info@hcderaad.nl www.hcderaad.nl Application level: SMTP frontends ● Postfix SMTP server: – Decide what you actually want to prevent or achieve ● Mail loss – Setup a spare/backup MX with a large enough disk to queue messages until the primary MX is back online. – This is always a GOOD IDEA tm ● Mail availability – Then postfix (or the SMTP frontend) is probably the least of your challenges. – Mail (and file) storage and distribution in the backend is.
  • 21. info@hcderaad.nl www.hcderaad.nl Application level: Webserver ● Apache webserver – Load balancing ● The webserver should be almost the “dumbest” component in the stack. ● No data is stored, no data operations are being performed. – No webserver means no access ● Which is annoying, but not fatal. – But setup 2 apache instances and put a Vagrant or Nginx proxy in front of it, and you're done.
  • 22. info@hcderaad.nl www.hcderaad.nl Redundant setup: data sync ● Block level sync vs File level sync vs Object storage – All: ● Setup multiple instances of exactly the same data. ● Span acros multiple machines. – Block level sync: DRDB – File level sync: GlusterFS – Object storage: Ceph
  • 23. info@hcderaad.nl www.hcderaad.nl Data sync: Pick your tools wisely ● For very simple setups DRDB suits just fine. – Handles filesystem block level updates and stores it across multiple instances. – Can be used with almost any type of data (because it handles the lowest possible level, block level). ● GlusterFS is especially useful for syncing files (like IMAP mail messages) – Less ideal for large files like databases or mail index files. ● Ceph handles it all, but might be a bit overkill....
  • 24. info@hcderaad.nl www.hcderaad.nl But what about a simple snapshot? ● Sure, why not? – But be prepared to accept data loss on system failure ● This can be somewhat mitigated by using frequent IMAPsyncs and/or DRDB for some filesystem partitions. ● Keep a bare/minimal clone of the original VPS/VM at hand at all times. – Or orchestrate the whole setup with Puppet/Chef/Ansible/etc.
  • 25. info@hcderaad.nl www.hcderaad.nl Back to reality ● There are a zillion considerations for setting up a failover/HA/redundant setup. – “There is no special ingredient”. ● Let's setup the server.
  • 26. info@hcderaad.nl www.hcderaad.nl Setup requirements ● Have a VPS ready – Or a VirtualBox/KVM/Xen/whatever ● Software: – Ubuntu 14.04 LTS ● http://www.ubuntu.com/download/server/ – Seafile 4.1.2 ● http://seafile.com/en/download/ – Kolab ● Repositories added later
  • 27. info@hcderaad.nl www.hcderaad.nl Why Ubuntu and not openSUSE/CentOS, etc, etc, etc ● Well..... Quite arbitrary actually. – It's the reference platform for Seafile, and Kolab works well on it. ● Ubuntu is pretty well supported by VPS hosting providers ● All the Kool kids use it.... – /me running away
  • 28. info@hcderaad.nl www.hcderaad.nl Install OS (1/2) ● Install Ubuntu 14.04 LTS – Provide a hostname (dcdemo) – Provide a username (dcuser) ● And a password (dcpass01) – Encrypt your home directory ● If on VPS or laptop: YES – Or use Encrypted LVM later in the partitioning setup – But beware of the performance penalty ● And don't forget this when rebooting the server (automatic updates?).
  • 29. info@hcderaad.nl www.hcderaad.nl Install OS (2/2) ● During OS install – OpenSSH and LAMP Server. – MySQL Root user password (dcsql01) ● You will need that for Kolab and Seafile setup ● After OS Install – sudo apt-get update && sudo apt-get upgrade – sudo apt-get install ethtool ● Be sure to add an extra network interface (bridged) in Promiscuous mode “All”. – /etc/network/interfaces ● auto eth1 ● iface eth1 inet dhcp
  • 30. info@hcderaad.nl www.hcderaad.nl Install and enable mod_ssl ● Install the Apache mod_ssl module – sudo a2enmod ssl – sudo a2ensite default-ssl – sudo service apache2 restart ● NB You should install your own certificate on your domain!
  • 31. info@hcderaad.nl www.hcderaad.nl Change firewall rules ● ONLY open up TLS/SSL secured ports (and SMTP). – sudo ufw allow ssh/tcp – sudo ufw logging on – sudo ufw enable – sudo ufw allow smtp – sudo ufw allow https – sudo ufw allow 587/tcp – sudo ufw allow 993/tcp ● Check this with: sudo ufw status
  • 32. info@hcderaad.nl www.hcderaad.nl Install Kolab (1/4) ● Add repo's: – https://docs.kolab.org/installation-guide/ubuntu.html – Add file: sudo vim /etc/apt/sources.list.d/kolab.list – Add contents: ● deb http://obs.kolabsys.com/repositories/Kolab:/3.4/Ubuntu_14.04/ ./ deb http://obs.kolabsys.com/repositories/Kolab:/3.4:/Updates/Ubuntu_14.04/ ./ – Add GPG key ● gpg --search devel@lists.kolab.org – If finding the keyserver fails at first, try again ● gpg --export --armor devel@lists.kolab.org > devel@lists.kolab.org.key ● sudo apt-key add devel@lists.kolab.org.key
  • 33. info@hcderaad.nl www.hcderaad.nl Install Kolab (2/4) ● Change repo priority: – Add file: sudo vim /etc/apt/preferences.d/kolab – Add file contents: ● Package: * Pin: origin obs.kolabsys.com Pin-Priority: 501 ● Make sure that the Fully Qualified Domain Name is set correctly (you should not have to perform this on a VPS). – Run: hostname -f – Output should be: servername.domainname – Else change the hostname.
  • 34. info@hcderaad.nl www.hcderaad.nl Install Kolab (3/4) Check / change hostname ● Get the systems IP by running: ifconfig ● Edit: sudo vim /etc/hosts – And add the hostname following this pattern: ● IP-Address-of-system hostname.domainname.TLD hostname – 123.123.123.1 dcdemo.localdomain.local dcdemo ● Make sure to comment the 127.0.0.1 HOSTNAME entry. ● Edit: sudo vim /etc/hostname – dcdemo ● Restart service: – sudo /etc/init.d/networking restart
  • 35. info@hcderaad.nl www.hcderaad.nl Install Kolab (4/4) ● Run: sudo apt-get update && sudo aptitude install kolab – Select “No configuration” for mailserver setup, setup-kolab will to this later ● Run: sudo setup-kolab – Choose new (or note down) all the passwords (!!!) – Make sure the FQDN is exactly as entered in /etc/hosts ● Reboot the machine – you shouldn't see any errors ● Test kolab by visiting the kolab-webadmin and roundcubemail. – Remember “https”
  • 36. info@hcderaad.nl www.hcderaad.nl Setup IMAP TLS ● Add cyrus to ssl group – sudo usermod -a -G ssl-cert cyrus ● Configure cyrus to use the snakeoil tls certs: – Edit: sudo vim /etc/imapd.conf – Add or change the following lines: ● tls_server_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem ● tls_server_key: /etc/ssl/private/ssl-cert-snakeoil.key ● tls_server_ca_file: /etc/ssl/certs/ssl-cert-snakeoil.pem ● tls_client_ca_file: /etc/ssl/certs/ssl-cert-snakeoil.pem ● NB You should install your own certificates here.
  • 37. info@hcderaad.nl www.hcderaad.nl Add a user to Kolab ● Log into the kolab-webadmin – Username cn=Directory Administrator – Password noted on installation ● Goto Users – Add a user of type kolab-user ● Test this by login into roundcubemail with the user account – Send some emails, and test IMAP connectivity as well. ● Congratulations, you've got a working Kolab setup!
  • 39. info@hcderaad.nl www.hcderaad.nl Seafile install (1/7) ● Install the prerequisites for the server: – sudo apt-get install python2.7 python-setuptools python-simplejson python-imaging python- mysqldb ● Create a user to run seafile as (do NOT run Seafile as root). – sudo adduser seafile ● Choose a password that you will remember – su seafile – cd /home/seafile ● Download the installer on the server: – Wget <URL TO LATEST SEAFILE SERVER VERSION> – You can find the latest version on: ● http://seafile.com/en/download/ ● Unpack the archive. – tar xfz <NAME OF SEAFILE ARCHIVE>
  • 40. info@hcderaad.nl www.hcderaad.nl Seafile install (2/7) ● Go into the “seafile-server-x.x.x” directory and run: – ./setup-seafile-mysql.sh – Enter the server name and the ip address when prompted, leave the other settings as default ● Create new MySQL databases. ● Make a new MySQL user for seafile (DON'T use root), like “seafileuser” (with a password) ● After the installation, go to the seafile-server-latest folder (in /home/seafile/) check if seafile will start – ./seafile.sh start – ./seahub.sh start ● You will be asked to enter an admin user account name and password. ● Exit from the seafile user.
  • 41. info@hcderaad.nl www.hcderaad.nl Seafile install (3/7) ● Now setup init scripts so that Seafile will be started on system boot. – Install: sudo apt-get install sysv-rc-conf – Create a file (contents on next slide): ● sudo vim /etc/init.d/seafile – Make it executable: sudo chmod +x /etc/init.d/seafile – Turn on the service: sudo sysv-rc-conf seafile on – Check the status: sudo /etc/init.d/seafile restart ● Open port 8000 in the firewall (we will close this later) to test the web interface. – sudo ufw allow 8000/tcp – http://SERVERNAMEORIP:8000 – The Seafile Interface should now pop up.
  • 42. info@hcderaad.nl www.hcderaad.nl #!/bin/sh #chkconfig: 345 99 10 #description: Seafile auto start-stop script. # source function library . /lib/lsb/init-functions start() { echo "Starting Seafile server..." su - seafile -c "seafile-server-latest/seafile.sh start" su - seafile -c "seafile-server-latest/seafile.sh start" #su - seafile -c "seafile-server-latest/seahub.sh start-fastcgi" } stop() { echo "Stopping Seafile process..." su - seafile -c "seafile-server-latest/seafile.sh stop" su - seafile -c "seafile-server-latest/seahub.sh stop" } restart() { echo "Stopping Seafile process..." su - seafile -c "seafile-server-latest/seafile.sh stop" su - seafile -c "seafile-server-latest/seahub.sh stop" echo "Starting Seafile server..." su - seafile -c "seafile-server-latest/seafile.sh start" su - seafile -c "seafile-server-latest/seafile.sh start" #su - seafile -c "seafile-server-latest/seahub.sh start-fastcgi" } case "$1" in start) start ;; stop) stop ;; restart) restart ;; *) echo "Usage: $0 start stop restart" ;; esac
  • 43. info@hcderaad.nl www.hcderaad.nl Seafile install (4/7) ● Now connect Seafile to the Kolab LDAP server – Su into the seafile user again – Open /home/seafile/seafile-server-latest/ccnet/ccnet.conf – Add the following lines (change to your setup) [LDAP] HOST = ldap://127.0.0.1 BASE = ou=People,dc=dcdemo,dc=localdomain,dc=local USER_DN = uid=kolab-service,ou=Special Users,dc=dcdemo,dc=localdomain,dc=local PASSWORD = SECRET! LOGIN_ATTR = mail – You can also copy the ldap configuration from the Roundcube config file (/etc/roundcube/kolab_auth_inc.php or config.inc.php) – Restart seafile after applying the changes ● sudo /etc/init.d/seafile restart – Test the login in the web interface
  • 44. info@hcderaad.nl www.hcderaad.nl Seafile install (5/7) ● Now setup Seafile to use (the SSL enabled) Apache as frontend. – Install and enable prerequisites: ● sudo apt-get install python-flup libapache2-mod-fastcgi ● sudo a2enmod proxy_http && sudo service apache2 restart – Open the file (sudo vim) /etc/apache2/apache2.conf ● Add the following line at the end of the file: – FastCGIExternalServer /var/www/seahub.fcgi -host 127.0.0.1:8000 – Modify the enabled default site: ● Make a backup of the old default site – sudo mv etc/apache2/sites-enabled/000-default.conf /etc/apache2/sites-enabled/000-default.bak ● sudo vim /etc/apache2/sites-enabled/000-default.conf – Replace its content the content from the next slide
  • 45. info@hcderaad.nl www.hcderaad.nl <VirtualHost *:80> #ServerName www.myseafile.com # Use "DocumentRoot /var/www/html" for Centos/Fedora # Use "DocumentRoot /var/www" for Ubuntu/Debian DocumentRoot /var/www Alias /media /home/seafile/seafile-server-latest/seahub/media RewriteEngine On # For apache2.2, you may need to change to # <Location /media> # Order allow,deny # Allow from all # </Location> <Location /media> Require all granted </Location> # # seafile fileserver # ProxyPass /seafhttp http://127.0.0.1:8082 ProxyPassReverse /seafhttp http://127.0.0.1:8082 RewriteRule ^/seafhttp - [QSA,L] # For apache2.2, you may need to add # <Location /seafhttp> # Order allow,deny # Allow from all # </Location> # # seahub # RewriteRule ^/(media.*)$ /$1 [QSA,L,PT] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ /seahub.fcgi$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] </VirtualHost>
  • 46. info@hcderaad.nl www.hcderaad.nl Seafile install (6/7) ● Now open the init script and modify the 2 commented “start” commands for seahub to use the fastcgi commands (comment out the non fastcgi seahub start commands). – sudo vim /etc/init.d/seafile ● Open port 80 in the firewall (we will close this later). ● Log into the seafile user again: su seafile – Edit the seahub_settings.py file in /home/seafile ● Add the following line (hint: QUOTES!) FILE_SERVER_ROOT = 'http://SERVERNAMEORIP' – Edit the ccnet.conf file in /home/seafile/ccnet (hint: NO quotes!) ● SERVICE_URL = http://SERVERNAMEORIP ● Restart seafile and apache – sudo /etc/init.d/seafile restart && sudo service apache2 restart ● Open the root of the server in a web browser – It should show the login form for Seafile
  • 47. info@hcderaad.nl www.hcderaad.nl Seafile install (7/7) ● Now let's put it behind SSL. – Open /etc/apache2/sites-enabled/default-ssl.conf ● Change the contents of the file to the text in the following slide ● Restart seafile and apache – sudo /etc/init.d/seafile restart && sudo service apache2 restart ● Open the main page in the browser, but this time with the https link.
  • 48. info@hcderaad.nl www.hcderaad.nl <VirtualHost *:443> #ServerName www.myseafile.com DocumentRoot /var/www Alias /media /home/seafile/seafile-server-latest/seahub/media <Location /media> Require all granted </Location> SSLEngine On SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key RewriteEngine On # # seafile fileserver # ProxyPass /seafhttp http://127.0.0.1:8082 ProxyPassReverse /seafhttp http://127.0.0.1:8082 RewriteRule ^/seafhttp - [QSA,L] # # seahub # RewriteRule ^/(media.*)$ /$1 [QSA,L,PT] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_URI} !^/roundcubemail.* RewriteCond %{REQUEST_URI} !^/Microsoft.* RewriteCond %{REQUEST_URI} !^/iRony.* RewriteCond %{REQUEST_URI} !^/chwala.* RewriteCond %{REQUEST_URI} !^/kolab.* RewriteRule ^(.*)$ /seahub.fcgi$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] </VirtualHost>
  • 49. info@hcderaad.nl www.hcderaad.nl Setup Roundcube/Chwala (1/2) ● Change the Roundcube config file: – sudo vim /etc/roundcube/config.inc.php – Add to the end of the file: ● $config['fileapi_backend'] = 'kolab'; ● $config['fileapi_drivers'] = array('seafile'); ● $config['fileapi_seafile_host'] = "https://localhost"; ● $config['fileapi_seafile_ssl_verify_peer'] = false; ● $config['fileapi_seafile_ssl_verify_host'] = false; ● # Change the following basing on how much time you want data from Seafile cached ● $config['fileapi_seafile_cache'] = '14d'; ● $config['fileapi_seafile_debug'] = true; – What “localhost”? Yes, Seafile is on the same server, and this saves some roundtrips. – The last one, debugging is just for testing purposes, set to false after succesfully testing the setup.
  • 50. info@hcderaad.nl www.hcderaad.nl Setup Roundcube/Chwala (2/2) ● Open the Roundcube web interface – Go to Files – Click on the “gear” button (lower left corner) ● Add storage – Name: Seafile – Server: https://localhost – Username: Roundcube/Kolab user (email address) – Password: VERYSECRET ● Click Add – You now also have a Seafile list item in your file folders!
  • 51. info@hcderaad.nl www.hcderaad.nl Close firewall ports ● Close the firewall ports we've opened for testing: – Get the numbered firewall rules ● sudo ufw status numbered ● You must check the numbers after every rule deletion! – Then one by one delete the rules for http(NO s)/80 and 8000 ● sudo ufw delete RULENUMBER ● Make sure you've also deleted the IPv6 entries. – Check, check, double check with: ● sudo ufw status
  • 54. info@hcderaad.nl www.hcderaad.nl Just one more thing! ● Roundcube Next! – The worlds most used open source web client – Fundraiser for the next iteration of the platform ● Already > $ 25.000,- raised! – Help to shape the future of email! https://roundcu.be/next
  • 55. info@hcderaad.nl www.hcderaad.nl Whoami again? Hans de Raad info@hcderaad.nl www.opennovations.nl linkedin.com/in/hansderaad

Editor's Notes

  1. Do I stick to that? Also used to business manager of a classical choir, the Bachkoor Holland, and project lead for openSUSE Conference and Kolab Summit. Now also organizing the Huygens Festival in the Netherlands. Dutch technology partner for Kolab Systems AG. So, why should i?