In my previous article, I defined set up and arrange EGroupware by yourself server. It additionally launched the modules and exterior functions of the open supply groupware answer. This article reveals you deal with an present set up and handle backups.
The Admin menu
The central level of administration is the Admin menu within the left sidebar. This is the place you regulate EGroupware’s basic settings, deal with person accounts and passwords, change the house display, view entry logs, clear the net server cache, check the push server, and extra.
In this space, you additionally configure customers and teams, their entry, and permissions. Right-click an entry to open a context menu with fast entry to essential configuration choices. Please be further cautious with the User teams part. Each group has its personal rights, so that is the place you outline entry to particular knowledge. Note that private settings override these of the group, and the person’s entry rights are decided by what is about for the account and its teams.
Tip: You can restrict entry for customers in order that they solely see what the sources really want—preserve their workspaces clear and set smart default settings. For instance, cover these functions and capabilities which confuse much less tech-savvy customers.
Configure computerized upgrades
The entire EGroupware atmosphere mainly consists of a number of Docker containers working hand in hand. As a consequence, taking good care of the set up may be very handy. Apart from delivering an optimally configured atmosphere, the containers additionally ensure it is painless to improve single parts in addition to the complete system and even set up extra functions.
EGroupware makes use of Watchtower to test for container updates. After the builders have revealed a brand new container picture for EGroupware, Watchtower pulls it, gracefully shuts down the operating container, and restarts the up to date model with all needed choices. The test for updates runs each night time at 4 a.m., however you may regulate the schedule by modifying the /and so on/egroupware-docker/docker-compose.override.yml
file.
Add your individual mail server
Up till early 2021, EGroupware’s electronic mail module was a mere mail consumer. These days the builders supply an extra mail server part—excellent for directors who run EGroupware on-prem and need to run their very own MTA. The producer gives the package deal egroupware-mail for Debian and Debian-based distributions, which installs a container with Postfix and Dovecot, together with an extension for push performance within the EGroupware net consumer.
The complete administration of the mail server then runs through EGroupware’s net interface. Every time the admin units up a brand new person account, the corresponding mailboxes are generated mechanically. The configuration for present accounts occurs within the Admin menu (User accounts). Right-click an entry and choose Mail account to arrange identities, signatures, IMAP folder construction, aliases, and forwards.
The Encryption tab means that you can add an S/MIME certificates. Users should set up the open supply Mailvelope browser add-on to make use of PGP encryption. The personal key stays with the proprietor (not with the EGroupware operator!), and customers within the Mail module arrange the general public key.
SSL and 2FA
As famous within the first article, organising SSL certificates is significant. At a naked minimal, admins ought to take the time to arrange an SSL certificates for the reverse proxy (not the EGroupware webserver!)—even when EGroupware runs solely on the native community.
EGroupware helps varied authentication strategies. The default is the native SQL database which shops the customers’ credentials. Alternatively, the groupware authenticates in opposition to LDAP, Active Directory, mail servers, and SAML 2/Shibboleth (Single Sign-On). Administrators can select the popular authentication within the setup dialog (www.example.com/egroupware/setup) instantly after the set up. In this context, they need to limit entry to the setup dialog to native IPs.
Look on the Admin menu, Site configuration, tab Security. This is the place you allow two-factor authentication (2FA), outline guidelines for blocking customers after incorrect password entries, and arrange password insurance policies.
Users of the Enterprise Line (EPL) model can configure a Web Application Firewall (Admin, Applications, EPL-Features, Firewall / 2FA). If solely a small group of customers ought to have entry from exterior networks, you first outline a rule that stops entry for everybody exterior the native community. After that, create a brand new group and add all customers allowed to log in from exterior networks. All firewall guidelines are processed one after the opposite. You can change their order with a drag-and-drop.
The firewall solely handles interactive logins by means of the EGroupware net interface, however not synchronization with exterior shoppers, WebDAV entry, or file shares. Check your firewall guidelines earlier than saving them (button Test), ideally in an incognito tab or one other net browser. Because the firewall solely reacts to the logins, do not shut the present session, so that you stay logged in throughout testing.
Backup and restore
EGroupware provides assist with creating backups, however it’s important to allow this—it is not a part of the default settings. Go to Admin, DB backup and restore to regulate the configuration and entry present backups. In this part, you may outline, amongst different issues, a backup schedule and the variety of copies you need to preserve. Since this can be a easy database dump (with just a few further config information), a backup does not want a lot area and time, so it is okay to maintain 20 variations or extra. Please observe that should you rename a backup on this dialog, it not will get deleted in the course of the computerized cleanup course of.
You can obtain present backups as Bzip2 archives to maintain them secure on exterior storage media. Of course, you may add the backups to a different EGroupware server and restore them there. This even works on totally different Linux distributions.
When planning your backup technique, you may need to contemplate the digital file system wherein EGroupware shops the inner file supervisor’s knowledge. Of course, these information and folders aren’t recorded within the database and are subsequently not backed up mechanically. You can save these information should you tick the Check to backup and restore the information listing… field—this will likely take up quite a lot of disk area, although.
For a full backup, you must also deal with the /var/lib/egroupware listing on the EGroupware server with the backup software program of your alternative. This has one important benefit: In addition to the file supervisor’s knowledge, you protect the header file (with the database passwords), information from exterior functions (e.g., from Guacamole, Rocket.Chat, and Collabora Online), logs from the set up, and so on.
Close collaboration
Taking care of an EGroupware set up is just not significantly tough, nevertheless it must be performed. As an admin, it’s best to familiarize your self with the software program and its configuration. Luckily, the builders comply with the KISS precept (Keep it candy and easy)—all modules collaborate properly, and upgrades are completely examined earlier than they’re launched.
If you run into hassle, the community forum is there to assist. This discussion board can also be the place you hear about upcoming adjustments and different information.