The article has been updated to be compatible with Carbonio CE Release 23.12.0, 24.1.0
Carbonio CE is an emerging email solution platform keeping digital sovereignty in mind. In 2022, digital sovereignty is as important as your other security concerns. But that’s (Digital Sovereignty) for another days discussion. In this article, we will stick to the installation process of Carbonio CE on RHEL8.
Carbonio CE is currently only available for 64-bit CPUs and can be installed on top of the below-mentioned distributions:
- Ubuntu 20.04 LTS
- RHEL 8
Right now, there are no other officially supported distributions for Carbonio CE.
Warning:
Linux distributions compatible with Ubuntu 20.04LTS (e.g., Debian) and RHEL 8 (e.g., AlmaLinux, Rocky Linux, CentOS etc) may be used as base OS for Carbonio CE installation in that case to satisfy all required dependencies, you may need to include adding third-party repositories or annually installing software packages which are not included in the official documentation.
But before proceeding to the main installation steps, you can check out this article where you will get the installation steps of Carbonio CE on Ubuntu as well as have some idea about digital sovereignty.
Nevertheless, you can get all the installation steps/guidelines for all the currently supported distributions in our official documentation.
Additional Requirements
Before entering the main installation phase, these are the additional requirements that you should keep it mind.
- valid DNS resolution for the domain (
MXandArecords) and the FQDN (Arecord) - Python 3, the latest version available on the Operating System chosen
- Perl, the latest version available on the Operating System chosen
Install RHEL 8 On Your Server
You can visit this site and download it.
In this case, we are using 8.1.0 (RHEL8 x86_64) selecting Minimal Install (Basic Functionality) during the installation.
If you use RHEL 8 as a base OS, you should have a subscription (developer/professional) and enable it to resolve all dependencies during installation which will also help you to meet point-2&3 of Additional Requirements.
Set Static IP Address
Set a static IP Address on your server. It can be a private or a public one.
cat /etc/sysconfig/network-scripts/ifcfg-ens160 | tail -9
NAME=ens160
UUID=68aba678-63b0-4f3f-915f-87d16d43b1d8
DEVICE=ens160
ONBOOT=yes
IPADDR=192.168.1.121
PREFIX=24
GATEWAY=192.168.1.1
DNS1=8.8.8.8
IPV6_PRIVACY=no
Configure hostname and hosts file
Configure the hostname of the server in FQDN format.
cat /etc/hostname
mail.example.comModify the /etc/hosts file as follows:
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.1.121 mail.example.com mail
Modify Selinux status
To proceed Carbonio CE Installation on RHEL8, selinux status should be either disabled or permissive.
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targetedModify The Firewall Service Status
Disable firewalld daemon.
sudo sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
sudo systemctl stop firewalld
sudo systemctl disable firewalld
sudo systemctl mask --now firewalld
reboot nowReboot the Server
As we have modified server hostname & selinux configuration it is recommended to reboot the server.
reboot nowEnable/Manage subscription of RHEL
If you have registered for RHEL developer program, then you can register your machine’s OS to that subscription. It will allow you to avail RHEL repositories which is needed during the resolve of dependencies of additional packages.
[root@mail ~]# subscription-manager register
Registering to: subscription.rhsm.redhat.com:443/subscription
Username: XXXXXXXXX
Password: XXXXXXXXX
The system has been registered with ID: 425e04c5-881b-4e8f-bd84-18538ce7a5e5
The registered system name is: mail.example.com
[root@mail ~]# subscription-manager attach --auto
All installed products are covered by valid entitlements. No need to update subscriptions at this time.
Installed Product Current Status:
Product Name: Red Hat Enterprise Linux for x86_64
Status: Not SubscribedNow, your system is ready to add RHEL repositories.
Add RHEL and other repositories
Add required repositories.
subscription-manager repos --enable=rhel-8-for-x86_64-appstream-rpms
Repository 'rhel-8-for-x86_64-appstream-rpms' is enabled for this system.
subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
Repository 'codeready-builder-for-rhel-8-x86_64-rpms' is enabled for this system.
yum -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
yum clean all
yum repolistInstall and configure dnsmasq [Optional]
If you have active resolvable public DNS records, then you can skip this step. But if you do not have any active/resolvable DNS records against the domain you are using, then follow below mentioned instructions:
dnf install dnsmasq -y
vi /etc/dnsmasq.conf
server=1.1.1.1
mx-host=example.com,mail.example.com,50
host-record=example.com,192.168.1.121
host-record=mail.example.com,192.168.1.121Modify the /etc/resolv.conf as follows:
cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 127.0.0.1Now restart dnsmasq service.
systemctl restart dnsmasqManaging Postgres Database in RHEL8
The version of Postgres shipped by RHEL 8 is older than required by Carbonio CE. We need to make sure that Postresql 12 is installed in your system.
yum -y install https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
dnf -qy module disable postgresql
dnf -y install postgresql12 postgresql12-server
/usr/pgsql-12/bin/postgresql-12-setup initdb
Initializing database ... OK
systemctl enable --now postgresql-12
Created symlink /etc/systemd/system/multi-user.target.wants/postgresql-12.service → /usr/lib/systemd/system/postgresql-12.service.
Now, we need to modify one more file before reloading postgresql-12
vi /var/lib/pgsql/12/data/pg_hba.conf
[find the line]
host all all 127.0.0.1/32 ident
[change it to]
host all all 127.0.0.1/32 md5Now reload the postgresql-12
systemctl reload postgresql-12Install wget
Now we need to add zextras repository to the system. For that we need to download the script. For that we need to install wget.
dnf install wgetAdd Carbonio repository to the system
You need to download and add zextras repository in your system in order to install necessary carbonio CE packages.
Head to the Carbonio Community Edition webpage and fill out the form. You will soon receive an e-mail including very easy instructions to add the repository to your operating system.
After you successfully added the repository, upgrade the system.
dnf upgradeInstall Carbonio Packages
dnf install service-discover-server carbonio-directory-server \
carbonio-files-db carbonio-mailbox-db carbonio-docs-connector-db carbonio-tasks-db \
carbonio-proxy \
carbonio-webui carbonio-files-ui carbonio-tasks-ui carbonio-files-public-folder-ui \
carbonio-user-management \
carbonio-mta \
carbonio-appserver \
carbonio-storages-ce carbonio-files-ce carbonio-preview-ce \
carbonio-docs-connector-ce carbonio-tasks-ce \
carbonio-docs-editor \
carbonio-prometheus -yUse the following command to configure and launch Carbonio CE
carbonio-bootstrapSetup Carbonio Mesh & pending setups
service-discover setup-wizard
pending-setupsConfigure Carbonio CE ROLE & DATABASES
read -s -p "Password:" DB_ADM_PWD
su - postgres -c "psql --command=\"CREATE ROLE carbonio_adm WITH LOGIN SUPERUSER encrypted password '$DB_ADM_PWD';\""
su - postgres -c "psql --command=\"CREATE DATABASE carbonio_adm owner carbonio_adm;\""Bootstrap Carbonio CE databases
Now we are going to bootstrap Files and Tasks related databases.
PGPASSWORD=DB_ADM_PWD carbonio-files-db-bootstrap carbonio_adm 127.0.0.1
PGPASSWORD=DB_ADM_PWD carbonio-tasks-db-bootstrap carbonio_adm 127.0.0.1Install and Configure Workstream Collaboration packages.
Install and configure carbonio-message-dispatcher-db
# Set the DB Password one more time
read -s -p "Password:" DB_ADM_PWD
dnf install carbonio-message-dispatcher-db -y
pending-setups -a
PGPASSWORD=$DB_ADM_PWD carbonio-message-dispatcher-db-bootstrap carbonio_adm 127.0.0.1Install and configure carbonio-message-dispatcher
# Set the DB Password one more time
read -s -p "Password:" DB_ADM_PWD
dnf install carbonio-message-dispatcher -y
pending-setups -a
PGPASSWORD=$DB_ADM_PWD carbonio-message-dispatcher-db-bootstrap carbonio_adm 127.78.0.10 20000Install and configure carbonio-message-broker
dnf install carbonio-message-broker -y
pending-setups -a
PGPASSWORD=$DB_ADM_PWD carbonio-ws-collaboration-db-bootstrap carbonio_adm 127.0.0.1Install and configure carbonio-ws-collaboration-db
dnf install carbonio-ws-collaboration-db -y
pending-setups -a
PGPASSWORD=$DB_ADM_PWD carbonio-ws-collaboration-db-bootstrap carbonio_adm 127.0.0.1Install and configure carbonio-ws-collaboration-ce
dnf install carbonio-ws-collaboration-ce -y
pending-setups -aInstall and configure carbonio-videoserver-ce
dnf install carbonio-videoserver-ce -y
pending-setups -a*** During the installation of carbonio-videoserver-ce package, you will be prompted for a bind address for the video server. You should use your server’s public IP address/External Public IP as the binding IP address of your video server.
Install and configure carbonio-ws-collaboration-ui
dnf install carbonio-ws-collaboration-ui -y
su - zextras -c "carbonio prov mc default carbonioFeatureChatsEnabled TRUE"Finish the installation
Reboot the server. After rebooting the server, restart below referred services as per mentioned order:
systemctl restart carbonio-prometheus-nginx-exporter.service
systemctl restart carbonio-tasks
systemctl restart carbonio-message-broker
systemctl restart carbonio-videoserver
systemctl restart carbonio-ws-collaboration
systemctl restart carbonio-message-dispatcherCheck the status of all services.
zextras@mail:~$ zmcontrol -v
Release 24.1.0 Community Edition.
zextras@mail:~$ zmcontrol status
Host mail.oldserver.xyz
amavis Running
antispam Running
antivirus Running
directory-server Running
mailbox Running
memcached Running
mta Running
opendkim Running
proxy Running
service webapp Running
service-discover Running
stats Running
config service Running
root@mail:~# systemctl list-units carbonio*zextras is the default admin account in Carbonio CE server. In this case the account is, zextras@example.com
zextras@mail:~$ carbonio prov sp zextras@oldserver.xyz 123456Congratulations! You have successfully deployed your secure and completely private Carbonio CE server.
You can now access your admin panel using your IP or the domain you chose through port 6071:
https://mail.oldserver.xyz:6071https://yourIP:6071
Similarly, users can access their Carbonio CE without specifying the port as follows:
https://mail.oldserver.xyz/https://yourIP/
And that’s it. 🙂
