Install Kolab 16 on Ubuntu 18.04 With Let’s Encrypt SSL

Introduction

This guide shows how to install Kolab on Ubuntu 18.04 Bionic Beaver and thereafter securing it via Let’s Encrypt SSL Certificate.

Kolab Groupware is a Free and Open Source collaboration suite. It is secure, scalable, reliable, flexible and full-featured. Kolab Groupware is the glue between the various pieces of software you would choose to Do-It-Yourself (DIY) your own mail server, and adds to that collaboration capabilities, mobile phone synchronization, native integration in to desktop operating system platforms such as Mac OS X, Linux and Windows – in a ready-to-go, integrated offering with a uniquely uniform look and feel.

Before you begin installation update package index:

sudo apt update

Step 1: Set Server hostname

Add hostname(FQDN) to your system

sudo hostnamectl set-hostname kolab.geeksforgeeks.org

Open up /etc/hosts and add your IP and set hostname to your kolab server

sudo vim /etc/hosts

Paste below on the file. Change the IP to your Public One.

192.168.1.30   kolab.geeksforgeeks.org  kolab

Step 2: Add Kolab repositories to APT

Open a new file under /etc/apt/sources.list.d/ and add the repositories as shown below.

sudo tee /etc/apt/sources.list.d/kolab.list <<EOF
deb http://obs.kolabsys.com/repositories/Kolab:/16/Ubuntu_18.04/ ./
deb-src http://obs.kolabsys.com/repositories/Kolab:/16/Ubuntu_18.04/ ./
EOF

Step 3: Import Kolab GPG Key

Import the GPG key used to sign the Kolab packages

wget -q -O- https://ssl.kolabsys.com/community.asc | sudo apt-key add -

Step 4: Set packages priority

To ensure the Kolab packages have priority over the Ubuntu packages, such as must be the case for PHP as well as Cyrus IMAP, please make sure the APT preferences pin the obs.kolabsys.com origin as a preferred source.

Edit and add the following to /etc/apt/preferences.d/kolab file

$ sudo nano /etc/apt/preferences.d/kolab
Package: *
Pin: origin obs.kolabsys.com
Pin-Priority: 501

Step 5: Install Kolab Groupware on Ubuntu 18.04

Update the system

sudo apt update

After that is done, install the package as shown below

sudo apt install kolab

Proceed with the installation:

....
The following packages will be upgraded:
  libc6 libsasl2-2 libsasl2-modules libsasl2-modules-db
4 upgraded, 404 newly installed, 0 to remove and 41 not upgraded.
Need to get 215 MB of archives.
After this operation, 1177 MB of additional disk space will be used.
Do you want to continue? [Y/n] y

Step 6: Set up Kolab on Ubuntu 18.04

Run the command below to setup Kolab on Ubuntu 18.04.

sudo setup-kolab

You will encounter the following questions during set-up, follow the instructions and do not forget the passwords you input

# Please supply a password for the LDAP administrator user ‘admin’, used to login to the graphical console of 389 Directory server.
 Administrator password [ieMeibeong6Kiwu]:
 Confirm Administrator password:
# Please supply a password for the LDAP Directory Manager user, which is the administrator user you will be using to at least initially log in to the Web
 Admin, and that Kolab uses to perform administrative tasks.
 Directory Manager password [eivaiLa9ied9aph]: # Direcory Manager Paswd
 Confirm Directory Manager password:
# Please choose the system user and group the service should use to run under. These should be existing, unprivileged, local system POSIX accounts with no shell.
 User [dirsrv]:
 Group [dirsrv]:
 This setup procedure plans to set up Kolab Groupware for the following domain name space. This domain name is obtained from the reverse DNS entry on your
 network interface. Please confirm this is the appropriate domain name space.
 kolab.geeksforgeeks.org [Y/n]: Y
 The standard root dn we composed for you follows. Please confirm this is the root dn you wish to use.
 dc=neveropen,dc=com [Y/n]: Y
 Setup is now going to set up the 389 Directory Server. This may take a little while (during which period there is no output and no progress indication).
 Created symlink from /etc/systemd/system/multi-user.target.wants/dirsrv.target to /lib/systemd/system/dirsrv.target.
# Please supply a Cyrus Administrator password. This password is used by Kolab to execute administrative tasks in Cyrus IMAP. You may also need the password
 yourself to troubleshoot Cyrus IMAP and/or perform other administrative tasks against Cyrus IMAP directly.
 Cyrus Administrator password [ubFGUk4Hy7bKvwh]:
 Confirm Cyrus Administrator password:

# Please supply a Kolab Service account password. This account is used by various services such as Postfix, and Roundcube, as anonymous binds to the LDAP server
 will not be allowed.
 Kolab Service password [bFGUk4Hyu7bKvwh]:
 Confirm Kolab Service password:
 Database Configuration
 What MySQL server are we setting up?
 – 1: Existing MySQL server (with root password already set).
 – 2: New MySQL server (needs to be initialized).
 Choice: – 1: Existing MySQL server (with root password already set).
 – 2: New MySQL server (needs to be initialized).
 Choice: – 1: Existing MySQL server (with root password already set).
 – 2: New MySQL server (needs to be initialized).
 Choice: 1
# Please supply the root password for MySQL, so we can set up user accounts for other components that use MySQL.
 MySQL root password:
# Please supply a password for the MySQL user ‘kolab’. This password will be used by Kolab services, such as the Web Administration Panel.
 MySQL kolab password [2bFGk4Hy_k4Hyu]:
 Confirm MySQL kolab password:
# Please supply the timezone PHP should be using. You have to use a Continent or Country / City locality name like ‘Europe/Berlin’, but not just ‘CEST’.
 Timezone ID [UTC]: Africa/Nairobi
# Please supply a password for the MySQL user ’roundcube’. This password will be used by the Roundcube webmail interface.
 MySQL roundcube password [k4Hyu7ONPysbKzb]:
 Confirm MySQL roundcube password:

Step 7: Configure Firewall

If you have a firewall that is running, allow HTTPS through the Firewall

As root user do:

$ sudo ufw allow 'Apache Full'
$ ufw status

To                         Action      From
 --                         ------      ----
 Apache Full                ALLOW       Anywhere                  
 22/tcp                     ALLOW       Anywhere                                    
 Apache Full (v6)           ALLOW       Anywhere (v6)             
 22/tcp (v6)                ALLOW       Anywhere (v6)             
 OpenSSH (v6)               ALLOW       Anywhere (v6) 

Step 8: Secure Kolab Groupware on Ubuntu 18.04

Secure your Kolab with Let’s Encrypt. Kolab runs on Apache, so we are going to secure it using Let’s Encrypt for Apache

Install Certbot’s Apache package with apt

sudo apt-get install python-certbot-apache

Step 9: Obtain Let’s Encrypt SSL Certificate

Obtain your Let’s Encrypt SSL Certificate and follow the prompts

$ sudo certbot --apache -d kolab.geeksforgeeks.org

Saving debug log to /var/log/letsencrypt/letsencrypt.log
 Plugins selected: Authenticator apache, Installer apache
 Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected]  # INPUT YOUR EMAIL HERE

Please read the Terms of Service at
 https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
 agree in order to register with the ACME server at
 https://acme-v02.api.letsencrypt.org/directory
 
 (A)gree/(C)ancel: A

 Would you be willing to share your email address with the Electronic Frontier
 Foundation, a founding partner of the Let's Encrypt project and the non-profit
 organization that develops Certbot? We'd like to send you email about our work
 encrypting the web, EFF news, campaigns, and ways to support digital freedom.
 
 (Y)es/(N)o: N

Obtaining a new certificate
 Performing the following challenges:
 http-01 challenge for kolab.geeksforgeeks.org
 Waiting for verification…
 Cleaning up challenges
 Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
 Enabled Apache socache_shmcb module
 Enabled Apache ssl module
 Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
 Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1. No redirect - Make no further changes to the webserver configuration.
2. Redirect - Make all requests redirect to secure HTTPS access. Choose this for
 new sites, or if you're confident your site works on HTTPS. You can undo this
 change by editing your web server's configuration.

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2  # I PERSONALLY LIKE THE REDIRECT OPTION BUT YOU CAN CHOOSE THE ONE YOU LIKE.
 Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf
 
 Congratulations! You have successfully enabled https://kolab.geeksforgeeks.org
 You should test your configuration at:
 https://www.ssllabs.com/ssltest/analyze.html?d=kolab.geeksforgeeks.org

IMPORTANT NOTES:
 Congratulations! Your certificate and chain have been saved at:
 /etc/letsencrypt/live/kolab.geeksforgeeks.org/fullchain.pem
 Your key file has been saved at:
 /etc/letsencrypt/live/kolab.geeksforgeeks.org/privkey.pem
 Your cert will expire on 2019-08-14. To obtain a new or tweaked
 version of this certificate in the future, simply run certbot again
 with the "certonly" option. To non-interactively renew all of
 your certificates, run "certbot renew"
 Your account credentials have been saved in your Certbot
 configuration directory at /etc/letsencrypt. You should make a
 secure backup of this folder now. This configuration directory will
 also contain certificates and private keys obtained by Certbot so
 making regular backups of this folder is ideal.
 If you like Certbot, please consider supporting our work by:
 Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 Donating to EFF:                    https://eff.org/donate-le 
 

Your ssl certificate should be okay now just try to access your Kolab instance e.g

https://<your FQDN>/kolab-webadmin/

The username is cn: Directory Manager and password is the password you set while installing Kolab

Cheers guys. Also check:

• Install Zimbra Mail Server on Ubuntu 18.04
• Install Postal Mail Server on Ubuntu
• Install Latest LibreOffice on Fedora
• Vuls – Best Vulnerability Scanner for Linux / FreeBSD / WordPress / Network
• How to Install Wine on Fedora