Multi-server Installation on RHEL 8 – Carbonio Community Edition | Carbonio CE

Previously, we talked about how to implement a single-server installation of Carbonio on Red Hat Enterprise Linux 8, but this option is more suitable for testing than for a full-fledged product. In the new article, we will talk about how to implement a multi-server installation, which, unlike the single-server option, allows you to distribute the load between different machines.

Important Note:
Currently, CentOS, Rocky Linux, Alma Linux, and Debian are not officially supported operating systems (OS) for Carbonio CE. Therefore, we discourage users to install CE on any unofficial OS due to potential compatibility issues. Referring to the current official documentation and using the supported OS is recommended to avoid complications during installation and post installation experiences.

*** This article is written completely for experimental purposes.

We’ll look at installing Carbonio CE on three servers. At the moment, this is the minimum configuration allowed for testing and use in production. The minimum system requirements for each of the infrastructure nodes include

  • 4 vCPU Intel / AMD,
  • 8 GB RAM,
  • at least 100 GB of free disk space.

Supported virtualization platforms include VMware vSphere 6.x and 7.x, XenServer, and KVM. VirtualBox is also supported but is recommended for testing purposes only.

The breakdown by server will be as follows:

  • Server 1 (Infrastructure node) – it is supposed to host those services that will ensure interaction between various components of the system. This is an LDAP server, Postgresql, and Carbonio Mesh server. All services hosted on this node do not require a public IP address. 
  • Server 2 (Public node) – it is supposed to host those services that should be accessible from the external network. Accordingly, this server must have a public IP address. This is where Carbonio Proxy and MTA will be installed.
  • Server 3 (Mail Node) – it will store email, as well as provide various user services, such as Carbonio Files and Carbonio Docs. This server also does not require a public IP address.

Thus, our installation will have a single entry point on one machine, while the other two nodes, on which the main data is stored, will be hidden behind a reverse proxy and will be inaccessible to attacks from intruders.

General Settings

First of all, the administrator needs to set each server a hostname and FQDN. In our case, the nodes will be called LDAP, proxy, and mailstore. Accordingly, the names for them will be given by the commands:

  1. hostnamectl set-hostname ldap
  2. hostnamectl set-hostname proxy
  3. hostnamectl set-hostname mailstore

We will also add information about each of them to /etc/hosts, simultaneously setting the FQDN for them.

All commands in the instructions are executed as root by default unless otherwise specified.

The entry will be identical for all servers and will look like this:

  • 192.168.0.100 ldap.carbonio.tld ldap
  • 192.168.0.101 proxy.carbonio.tld proxy
  • 192.168.0.102 mailstore.carbonio.tld mailstore

Be sure to disable IPv6 and make sure there are no IPv6 entries in /etc/hosts.

If you plan to receive mail from the external Internet, you should also add an MX record that will lead to a server with an MTA installed.

Also, given that we are talking about RHEL8, to install packages you will need to add the BaseOS and CodeReady repositories:

  • subscription-manager repos –enable=rhel-8-for-x86_64-appstream-rpms
  • subscription-manager repos –enable codeready-builder-for-rhel-8-x86_64-rpms

List of ports that must be open for connections from external networks on the Proxy node:

  • 80 – port for unencrypted connection to the web client
  • 110 – POP3 port
  • 143 – IMAP port
  • 443 – port for encrypted connection to the web client
  • 993 – IMAPS port
  • 995 – POP3S port
  • 6071 – port for encrypted connection to the Admin Console
  • 25 – port for incoming emails
  • 465 – port for SSL-encrypted SMTP connections
  • 587 – port for STARTTLS-encrypted SMTP connections

Also, on each of the servers, you will need to add the official Carbonio repository to the list of repositories. A link to it can be obtained from the Zextras website.

Installing an LDAP Server

1. After completing the preliminary steps, run the PostgreSQL installation on the LDAP server. This is done using the following commands:

dnf -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
dnf -qy module disable postgresql
dnf -y install postgresql12 postgresql12-server

2. After installing PostgreSQL, initialize the creation of a database in it:

dnf -qy module disable postgresql
dnf -y install postgresql12 postgresql12-server

3. Use the password generator to create a complex password that will later be used to access PostgreSQL databases. In our case, it will be 3A3aZl7VYbXw.

4. Create a user and master database for calls from Carbonio using the password you created in step 3:

su - postgres -c "psql --command=\"CREATE ROLE carbonio_adm WITH LOGIN SUPERUSER encrypted password '3A3aZl7VYbXw';\""

su - postgres -c "psql --command=\"CREATE DATABASE carbonio_adm owner carbonio_adm;\""

5. Increase the maximum number of PostgreSQL connections with the following commands:

su - postgres -c "psql --command=\"ALTER SYSTEM SET listen_addresses TO '*';\""
su - postgres -c "psql --command=\"ALTER SYSTEM SET max_connections = 500;\""
su - postgres -c "psql --command=\"ALTER SYSTEM SET shared_buffers = 5000;\""

6. Add the following line to your PostgreSQL settings, replacing 0.0.0.0/0 with your own trusted subnet:

echo "host    all             all             0.0.0.0/0            md5" >> /var/lib/pgsql/12/data/pg_hba.conf

7. Restart PostgreSQL

systemctl restart postgresql-12

8. Install the remaining Carbonio CE components

dnf install service-discover-server  carbonio-directory-server carbonio-files-db carbonio-mailbox-db carbonio-docs-connector-db carbonio-prometheus

9. Start the Carbonio CE setup process

carbonio-bootstrap

During the process, set all the necessary settings. If you plan to enable inter-process encryption, you will need to install the libio-socket-ssl-perl package

10. Setup Carbonio Mesh

service-discover setup-wizard

During configuration, specify the IP address of the network interface to which Carbonio Mesh will bind, as well as the password of Carbonio Mesh.

11. Configure installed components

All settings are performed automatically after entering the appropriate command and entering the Carbonio Mesh password

pending-setups -a

12. Create additional databases in PostgreSQL

PGPASSWORD=3A3aZl7VYbXw carbonio-mailbox-db-bootstrap carbonio_adm 127.0.0.1
PGPASSWORD=3A3aZl7VYbXw carbonio-files-db-bootstrap carbonio_adm 127.0.0.1
PGPASSWORD=3A3aZl7VYbXw carbonio-docs-connector-db-bootstrap carbonio_adm 127.0.0.1

13. Obtain LDAP password to continue installation on other servers

su - zextras -c "zmlocalconfig -s zimbra_ldap_password"

Installing a Proxy Server

1. Add a repository

dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

2. Install the required packages:

dnf install service-discover-agent carbonio-mta carbonio-proxy carbonio-webui carbonio-files-ui carbonio-user-management

3. Start the Carbonio setup process

carbonio-bootstrap

During setup, in all places where it is required, enter the password that you received in step 13 during the installation of the LDAP node. For the LDAP address, specify the hostname (ldap.carbonio.tld in our case). Specifying an IP address as an LDAP server will result in an error.

4. Set up Carbonio Mesh

service-discover setup-wizard

During setup, specify the IP address of the network interface to which Carbonio Mesh will bind, as well as the Carbonio Mesh password that was specified in step 10 during the installation of the LDAP node

5. Configure installed components

All settings are performed automatically after entering the appropriate command and entering the Carbonio Mesh password

pending-setups -a

6. Set up the memcached server

Run the commands below as user zextras (su zextras)

carbonio prov ms $(zmhostname) zimbraMemcachedBindAddress $(hostname -i)

zmmemcachedctl restart

zmproxyctl restart

The memcached server runs on port 11211 and does not support authentication. Therefore, to ensure data security, it is recommended to limit access to this port from the external Internet

Mailstore Server Installation

1. Install the required packages

dnf install service-discover-agent carbonio-preview carbonio-files carbonio-docs-connector carbonio-docs-editor

2. Start the Carbonio setup process

carbonio-bootstrap

During setup, in all places where it is required, enter the password that you received in step 13 during the installation of the LDAP node. For the LDAP address, specify the host name (ldap.carbonio.tld in our case). Specifying an IP address as an LDAP server will result in an error.

3. Set up Carbonio Mesh

service-discover setup-wizard

During setup, specify the IP address of the network interface to which Carbonio Mesh will bind, as well as the Carbonio Mesh password that was specified in step 10 during the installation of the LDAP node

4. Configure installed components

All settings are performed automatically after entering the appropriate command and entering the Carbonio Mesh password

pending-setups -a

5. Set up interaction with the memcached server

Open the /etc/carbonio/preview/config.ini file in any text editor and convert the following lines to the form shown below:

nginx_lookup_server_full_path_urls = https://192.168.0.102:7072
memcached_server_full_path_urls = 192.168.0.101:11211

These settings establish a connection between the mailstore server and the proxy. Accordingly, the first line should indicate the address of the mail server with the https protocol, and the second line should contain the address of the proxy server indicating the port on which the memcached server is running.

6. Set a password for the administrator account

When you install Carbonio, a zextras account is automatically created in the default domain created. It is automatically given global administrator rights but is not given a default password. To use this account to log into the web client, enter the command as user zextras (su zextras)

carbonio prov setPassword zextras@carbonio.tld mPFu96V2keGS

Login to the web client will be available at https://proxy.carbonio.tld, login to the administrator console is at https://proxy.carbonio.tld:6071

Post your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

How to Set Up a Domain Disclaimer in Carbonio Community Edition | Carbonio CE
An In-Depth Look at How Zextras Carbonio Enhances User Experience | Blog