Roll-out procedure
Install BlueMind on the main server following the usual procedure
The storage space for BlueMind backups must be accessible on this new server at /var/backups/bluemind
Install the subscription on the secondary server as a file
Reminder: the text file for the subscription can be installed manually on a server
- for Ubuntu / Debian as /etc/apt/sources.list.d/bm.list
- for RedHat / CentOS as /etc/yum.repos.d/bm.repo
Installer the package bm-edge-role on the edge server:
Debian/Ubuntu RedHat/CentOSbm35-edge.bluemind.loc:~$ sudo aptitude update bm35-edge.bluemind.loc:~$ sudo aptitude install bm-edge-role
bm35-edge.bluemind.loc:~$ sudo yum makecache bm35-edge.bluemind.loc:~$ sudo yum install bm-edge-role
- Add the smtp relay role to the edge server in the main server's admin panel:
- log into BlueMind on the main server as admin0@global.virt
- browse to System management > Application servers
- click New > Host
- fill in the information for the new server:
- click "Create & edit" or "Create" then click the corresponding row to edit it
- in the Server roles tab, check the Mail relay box then click Save:
- back in the servers list, the server is shown with the mail relay tag mail/smtp-edge:
- Set up the domain so that the edge server is used as a mail relay:
- still signed in as admin0@global.virt, browse to System management > Manage domains
- click the row for the domain you want to configure
- in the Mail system tab, select the edge server you have created as mail server and click Save:
- still signed in as admin0@global.virt, browse to System management > Manage domains
- Set up the server to send outgoing messages through the relay:
- still signed in as admin0@global.virt, browse to System Management > System Configuration
- in the Mail tab, fill in the Relay host field with the IP address or the edge server's host name and click Save:
Nginx
Setting up web access
- Log in as root in the edge server
Browse to the folder
/etc/nginx/sites-available
:bm35-edge.bluemind.loc:~# cd /etc/nginx/sites-available
Create a configuration file
bm-proxy
and edit it, e.g. using vim:bm35-edge.bluemind.loc:/etc/nginx/sites-available# vim bm-proxy
Add the following command lines:
server { listen 80; # <url_externe_bluemind> is the external url users use to connect to server_name <url_externe_bluemind>; location / { return 301 https://<url_externe_bluemind>$request_uri; } } server { listen ssl 443; server_name <url_externe_bluemind>; ssl_certificate /etc/ssl/certs/bm_cert.pem; ssl_certificate_key /etc/ssl/certs/bm_cert.pem; ssl_session_timeout 5m; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'; add_header Strict-Transport-Security max-age=15768000; # six months proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { # <srv_interne> is the main BlueMind server proxy_pass https://<srv_interne>; } location /webmail/ { client_max_body_size 0m; proxy_pass https://<srv_interne>/webmail/; } location /Microsoft-Server-ActiveSync { proxy_pass https://<srv_interne>/Microsoft-Server-ActiveSync; proxy_read_timeout 1200s; proxy_headers_hash_bucket_size 128; proxy_headers_hash_max_size 2048; client_max_body_size 0m; proxy_pass_header Server; } location /eventbus { proxy_pass https://<srv_interne>; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /api/filehosting/ { client_max_body_size 0m; proxy_pass https://<srv_interne>$request_uri; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_buffering off; } location /api/attachment/ { client_max_body_size 0m; proxy_pass https://<srv_interne>$request_uri; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_buffering off; } location /fh/ { proxy_pass https://<srv_interne>/fh/; proxy_http_version 1.1; proxy_buffering off; } }
- Save file and exit the editor
Run the following commands to set up the configuration:
bm35-edge.bluemind.loc:/etc/nginx/sites-available# ln -s /etc/nginx/sites-available/bm-proxy /etc/nginx/sites-enabled/ bm35-edge.bluemind.loc:/etc/nginx/sites-available# rm /etc/nginx/sites-enabled/default
Reload the nginx server configuration:
BlueMind 3.5.x BlueMind 3.0.xbm35-edge.bluemind.loc:/etc/nginx/sites-available# service bm-nginx reload
bm35-edge.bluemind.loc:/etc/nginx/sites-available# service nginx reload
Setting up the mail service
On the edge server, copy the main server's configuration file located at
/etc/nginx/global.d/bm-proxy-mail.conf
. You can use scp to do this:bm35-edge.bluemind.loc:~# scp root@srv1.bluemind.loc:/etc/nginx/global.d/bm-mail-proxy.conf /etc/nginx/global.d/
Edit the file
/etc/nginx/global.d/bm-mail-proxy.conf
on the relay server and replace the IP address in the lineauth_http
by the main server's IP addressReload the nginx configuration:
BlueMind 3.5.x BlueMind 3.0.xbm35-edge.bluemind.loc:~# service bm-nginx reload
bm35-edge.bluemind.loc:~# service nginx reload
Setting up XMPP
For the server to manage the XMPP flow:
create a file
/etc/nginx/global.d/bm-xmpp-proxy.conf
with the following contents:stream { upstream backend_xmpp { least_conn; server 1.2.3.4:5222; server 1.2.3.5:5222 backup; } server { listen 5222; proxy_pass backend_xmpp ; } }
and replacing 1.2.3.4 by the main server's IP address or the server with the XMPP role if appropriate
Reload the nginx configuration:
BlueMind 3.5.x BlueMind 3.0.xbm35-edge.bluemind.loc:~# service bm-nginx reload
bm35-edge.bluemind.loc:~# service nginx reload
Apache
You can also use Apache as a proxy instead of Nginx. To do this, you need a version of Apache equal to or above 2.4 and enable the following modules:
- mod_ssl
- mod_proxy and mod_proxy_wstunnel
- mod_rewrite
VirtualHost example for Apache:
<VirtualHost *:80> Redirect / https://<url_externe_bluemind>/ </VirtualHost> <VirtualHost *:443> SSLEngine On SSLCertificateFile "/etc/ssl/certs/bm_cert.pem" SSLCertificateKeyFile "/etc/ssl/certs/bm_cert.pem" SSLProxyEngine On SSLProxyCheckPeerCN Off SSLProxyCheckPeerName Off SSLProxyVerify none # Websocket proxy RewriteEngine on RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC] RewriteRule .* wss://<srv_interne>%{REQUEST_URI} [P] ProxyPreserveHost On <Location /> ProxyPass https://<srv_interne>/ ProxyPassReverse https://<srv_interne>/ </Location> </VirtualHost>