kopano-server - Start the Kopano storage server.
The kopano-server is the Zafara storage server. It contacts a database server
and provides services to Kopano clients. The user base can be retrieved from
an external source, like LDAP, or can be setup with a separate list of users.
After starting, the server keeps listening for connections on the configured TCP
port and/or Unix socket.
The storage server program takes the following configuration options:
, -c file
Specify the location of the configuration
Run in the foreground. Normally the server
will daemonize and run in the background.
Rebuild all search folders. This may take some
time and is only needed when your search folders have become out-of-sync with
the actual data in the database. The sync will start synchronously at the
start of the server, and you will have to wait for all searches to complete
before connecting to the server.
Ignore version information from the database.
Kopano will normally not start the server if the database has a newer version
than the kopano-server binary. This makes sure you cannot downgrade your
server binary while keeping the same database. If you know what you're doing,
you can use this option to bypass the start-up version check of the
Override the attachment storage option from
the configuration file. When you change the option of the location where to
store attachments after you've already started the kopano-server once, this
location will conflict. Attachments will not be found when they are stored in
a different location.
When you upgrade/downgrade from/to multiserver
setups, the server will not start, because of database differences. If you
know what you're doing, and want to circumvent this and start the server
anyway, you can use this option.
Forcing the kopano-server do the normal
upgrade as usual. The server will only daemonize when the upgrade is complete.
Simple progress can be followed in the log output of the server.
Print the version and exit.
When invoked with no options, the server will search for a configuration file in
/etc/kopano/server.cfg. If no configuration file is found, default values are
used. See kopano-server.cfg
(5) for all configuration options and their
Starting the server with an alternative configuration:
kopano-server -c /path/to/server.cfg
You may also use the init.d scripts:
The server configuration file.
Configuration options for user plugins are in their respective configuration
file. The name of these files is set in the server.cfg file. See
(5) for information on the server.cfg settings.
If you run into problems, check the log for any errors. If you made a mistake in
the configuration of the log method, this will be reported on standard error.
You can also restart the server with a higher log level. Also, before starting
the server, always make sure the database server is running at the right
location and no other server is listening on the configured TCP port.
For extended diagnostics, there are special extended log options available for
enhanced debugging capabilities. The parameter log_level
or-ed values which can be set to investigate different modules within the
SQL: 0x00010000, User backend: 0x00020000, Server cache: 0x00040000, SOAP:
0x00100000, ICS: 0x00200000
For example, if you are using LDAP as the user plugin, you can set the
to 0x00020006 for extended LDAP logging (the last digit 6
enables extended verbose logging). To enable SQL and LDAP logging at the same
time, set log_level
WARNING: The log options create huge amounts of log entries in production
environments, this results in abnormal large logfiles which can fill up
available disk space very fast. Only use this with extreme caution.
The normal way for user clients to connect to the server is over TCP, either
direct using the Kopano port, or over HTTP when Apache is setup as a proxy.
Users can only login with their username and password.
The normal way for admin clients, like the spooler and admin tool, to connect to
the server is through the Unix socket on Unix type servers. The admin clients
are able to login when they are run as root or as the user the storage server
process is running as. Most of the time this will be root only, since the
storage server process runs as root by default.
As an exception for the dagent, a unix user can also connect to its own store
without a password. Any other store cannot be accessed this way.
Direct SSL connections are also possible. The server needs to be configured to
accept SSL connections on a new port. Login via an SSL key is also possible.
Please read the next section on how to setup SSL.
To accept SSL connections directly by the server, the storage server will need
to listen on a different port to separate the normal connections from the
encrypted connections. This is set in the server_ssl_port
the configuration file.
Then, you must setup a signed SSL certificate. First, we'll create a Certificate
Authority to be able to sign certificate requests. We provide a script which
makes it easy to create certificates on any distribution. This script is
located in /usr/share/kopano, called ssl-certificate.sh. Enter the following
commands to create a certificate for the Kopano server.
mkdir -p /etc/kopano/ssl cd /etc/kopano/ssl sh
Press enter twice to start the creation of a new CA, probably called demoCA.
Enter a password when asked for. This is the password later used to sign
certificate requests. Then enter your certificate information. Do not leave
the Common Name field blank, otherwise the creation will fail. A good example
for the Common Name field is your hostname.
Now that we have a CA, we can create self-signed certificates. The script will
automatically start the creation of this certificate. The CA certificate must
be set in the server.cfg file in the server_ssl_ca_file
need a signed certificate for the server to start with SSL support.
Enter a password for the request, and enter the certificate details. Some
details need to be different from what you typed when creating the CA. Type at
least a different name in the 'Organizational Unit Name' field. The challenge
password at the end may be left empty.
The script will automatically continue with signing this certificate request.
You will need to enter your CA certificate password again to sign this
request. Then you must accept the new certificate into the CA.
After accepting, a new signed certificate is created, with the name server.pem.
This file contains the private key, so keep this file safe.
The script will ask if a public key should also be created. Since we're creating
the certificate for the server, this is not needed. So enter 'n' and press
The server.pem file should be set in the server.cfg file in the
option. See kopano-server.cfg
information on the possible SSL settings. The password of this key needs to be
set in the server_ssl_key_pass
option. Do not forget this password in
the server.cfg file, otherwise the kopano-server program will ask for this
password when an SSL connection is accepted.
To create a new certificate for a client service, run the script again. You can
create one new certificate for all clients, or separate certificates for each
When typing the certificate information, type at least a different
'Organizational Unit Name' field. When asked for a public key, type 'y' and
enter to create the public key.
Install the new service.pem on the server that will be logging in. Install the
service-public.pem file in the /etc/kopano/sslkeys directory:
mkdir /etc/kopano/sslkeys mv service-public.pem /etc/kopano/sslkeys
The remote service, which has the service.pem private key, can now login with
the certificate, because the known public key matches.
With special chars (like umlauts) the sorting is working more the dictionary way
according to DIN 5007-1, section 184.108.40.206.1. Depending on the behaviour wanted,
the collation setting can be changed with the (not per default included)
. When setting this parameter to
de_DE@collation=phonebook for example the sorting will be oriented to the DIN
5007-2, section 220.127.116.11.2 standard which is rather used in phonebooks and
actually decomposes umlauts for sorting inline within non-umlaut based ASCII
The following signals can be sent to the storage server process:
When the HUP signal is received, some options
from the configuration file are reloaded. The reloadable options are listed in
(5) manual page.
Also, when using log_method = file
, the logfile will be closed and a new
logfile will be opened. You can use this signal in your logrotate
To gracefully let the server exit, the normal
TERM signal is used. Because of open sessions by clients it may take up to 60
seconds for the server to completely shutdown.
Written by Kopano.