1   Quick Install

These are very terse instructions how to install Horde Groupware and its prerequisites on a LAMP sytem. They are addressed to experienced administrators who know exactly what they are doing. For more detailed instructions, start reading below at Prerequisites.

1. Compiling PHP for Apache 2:

   cd php-x.x.x/
   ./configure --with-apxs2=/usr/sbin/apxs2 \
               --with-gettext --enable-mbstring=all --enable-mbregex \
               --with-gd --with-png-dir=/usr --with-jpeg-dir=/usr \
               [--with-mysql|--with-pgsql|--with-oci8]
               [--with-tidy]
               [--with-ftp]
   make
   make install
   

2. Restart Apache.

3. Register Horde PEAR channel:

   pear channel-discover pear.horde.org
   

4. Set Horde installation directory:

   pear install horde/horde_role
   pear run-scripts horde/horde_role
   

5. Install Horde Groupware:

   pear install -a -B horde/groupware
   

6. Run installation script:

   groupware-install
   

7. Test Horde Groupware:

   http://your-server/horde/test.php
   

2   Prerequisites

The following prerequisites are REQUIRED for Horde Groupware to function properly.

1. A webserver that supports PHP.

   Horde Groupware is primarily developed under the Apache and Lighttpd webservers, which we recommend. These servers are available from:

   http://httpd.apache.org/ http://www.lighttpd.net/

2. A web server with PATH_INFO support.

   The dynamic interfaces of Horde Groupware requires a web server that correctly sets the PATH_INFO environment variable for all PHP scripts. Every modern web server supports this, but you might have to enable this feature in the web server configuration. e.g. Apache servers require:

   AcceptPathInfo On
   

   Lighttpd servers require:

   "broken-scriptfilename" => "enable"
   

3. PHP 5.3.0 or above.

   PHP is the interpreted language in which Horde Groupware is written.

   Note

   If possible, you should install PHP with your operating system's package manager. Alternatively you build PHP yourself.

   To build PHP from sources, you can obtain it at

   http://www.php.net/

   Follow the instructions in the PHP package to build PHP for your system. If you use Apache, be sure to build PHP as a library with one of the following options:

   --with-apache
   --with-apxs
   --with-apxs2
   

   options to ./configure, and not as a standalone executable.

   The following PHP options are REQUIRED by Horde Groupware (listed with their own prerequisites and configure options). In many cases, the required libraries and tools can be obtained as packages from your operating system vendor.

   1. Gettext support. --with-gettext

      Gettext is the GNU Translation Project's localization library. Horde Groupware uses gettext to provide local translations of text displayed by applications. Information on obtaining the gettext package is available at

      http://www.gnu.org/software/gettext/gettext.html

      See also note below on configuring Translations.

   2. XML and DOMXML support.

      XML and DOM support are enabled in PHP 5 by default. You only have to make sure that you do not use --disable-dom, --disable-simplexml, or --disable-xml.

      Make sure you are using a newer version of libxml. Older version of libxml (e.g. 2.6.26) have been reported to be partially broken when handling certain charsets.

   The following PHP options are RECOMMENDED to enable advanced features in Horde Groupware:

   1. File Upload Support

      File upload support is required to allow various importing features to work. To enable file upload support:

      1. In your php.ini file, the following line must be present:

         file_uploads = On
         

      2. Your temporary upload directory must be writable to the user the web server is running as. If you leave the configuration option upload_tmp_dir blank in php.ini, PHP will use the default directory compiled into it (normally /tmp on Unix-like systems).

      3. Set the maximum size of the uploaded files via the upload_max_filesize configuration option in php.ini. For example, to allow 5 MB attachments, place the following line in your php.ini file:

         upload_max_filesize = 5M
         

      If either file_uploads is turned off, or your temporary upload directory is not writable by the server, all file upload functionality will be disabled by Horde Groupware and will not be available to the user.

      See the File Uploads FAQ entry for further information.

   2. A preferences container.

      Horde Groupware can store user preferences in an SQL database, an LDAP directory, an IMSP server, a Kolab server, or in PHP sessions. An SQL database is used and configured by default.

      For SQL database preferences storage, Horde Groupware is thoroughly tested on MySQL(i) (--with-mysql(i)) and PostgreSQL (--with-pgsql), and has been reported to work with SQLite (enabled by default).

      Preferences can also be stored via LDAP (--with-ldap), Kolab (--with-ldap), and IMSP.

      Alternatively, preferences can be stored in PHP sessions, which requires no external programs or configure options, but which will not maintain preferences between sessions.

      While the LDAP, database, Kolab, or IMSP server need not be running on the machine onto which you are installing Horde Groupware, the appropriate client libraries to access the server must be available locally.

      If a preference container is not configured, no preference options will be configurable via Horde Groupware's web interface - the default values stored in each applications config/prefs.php file will be used.

   3. UTF-8 support (mbstring and iconv extensions) --enable-mbstring

      If these extensions are enabled, Horde Groupware can better support multibyte character sets like UTF-8.

      For iconv support you should use the GNU libiconv library, which is more stable and supports more charsets, compared to other iconv implementations, like Solaris', for example.

      Iconv support is enabled by default in PHP 5. You only have to make sure that you do not use --without-iconv

   4. GD support --with-gd

      Horde Groupware will use the GD extension to perform manipulations on image data through the Horde_Image library.

      If you want GD to be able to work with PNG images, you should use the --with-png-dir option to make sure PHP can find the PNG libraries it needs to compile.

      If you want GD to be able to work with JPEG images, you should use the --with-jpeg-dir option to make sure PHP can find the JPEG libraries it needs to compile.

      You can also use the imagick extension or the ImageMagick package to do these manipulations instead. The imagick extension is the recommended method for image manipulation. See the Image Manipulation tab of the Horde configuration for more details.

   5. tidy --with-tidy

      The tidy PHP extension is required to sanitize HTML data.

6. OpenSSL support --with-openssl

   The OpenSSL PHP extension is used by Horde Groupware to provide S/MIME support. Without the extension, all S/MIME options will be disabled.

   Additionally, the OpenSSL PHP extension is REQUIRED if using TLS or SSL to connect to a server.

   See http://www.php.net/openssl for information on compiling OpenSSL into PHP.

7. fileinfo

   Allows Horde modules to guess the MIME type of files by analyzing their contents.

   This module is automatically enabled by default.

8. intl --enable-intl

   The intl module is required to handle display of Internationalized Domain Names (see RFC 3490), e.g in e-mail addresses.

9. curl --with-curl

   The curl extension, if installed, will be used instead of PHP's fopen() when retrieving data from external HTTP servers (remote calendars, web APIs, etc.). This is much more reliable and flexible, so it is recommended to either enable it or install the http extension.

   This extension can be enabled by adding the --with-curl option when compiling PHP.

10. FTP support --with-ftp

    If using the FTP VFS driver for the file manager, the FTP PHP module is required.

4. PEAR Modules

   PEAR is short for "PHP Extension and Application Repository". The goal of PEAR is to provide a means of distributing reusable code.

   For more information, see http://pear.php.net/

   Important

   Make sure you are running a supported (i.e. new enough) version of PEAR: use the test script described below under "`Testing Horde Groupware`_". Do not use the PEAR version from ftp.horde.org.

   Check that the path where the PEAR packages are installed are part of the include_path parameter that PHP uses to find PEAR packages.

   Run the command:

   pear config-show
   

   You will see something like:

   PEAR directory   php_dir   /usr/share/php
   

   Now open the php.ini file of your system, for example /etc/php.ini, find the include_path and make sure that /usr/share/php is part of the list. If you had to change that value, restart the web server after saving php.ini.

   Important

   If you are going to install Horde the recommended way, i.e. using the PEAR installer, you can skip the remainder of this section. Installing Horde through PEAR will automatically download and install all required PEAR packages.

   These PEAR packages are REQUIRED to be installed:

   1. Date

      Horde Groupware Webmail Edition uses the Date package for various date calculations. To install, enter the following at the command prompt:

      pear install Date
      

   These PEAR packages are RECOMMENDED to be installed:

   1. Net_DNS2

      If installed, it will be used instead of the built-in PHP function gethostbyaddr() for host name lookups. This has the advantage that Net_DNS2 has configurable timeouts and retries. To install, enter the following at the command prompt:

      pear install Net_DNS2
      

   2. Services_Weather (>= 1.3.1)

      REQUIRED only if you wish to use the weather.com block on the portal page. To install, enter the following at the command prompt:

      pear install Services_Weather
      

      Additional steps are required if you want use the METAR weather block on the portal page. See the file data/Services_Weather/buildMetarDB.php in your PEAR directory for details.

   3. File_Fstab

   Required only if you use the localhost driver for the Accounts block. To install, enter the following at the command prompt:

   pear install File_Fstab
   

   These PEAR packages are OPTIONAL to be installed:

   1. Date_Holidays

      Horde Groupware Webmail Edition can use the Date_Holidays package to show several sets of national and religious holidays and memorial days. Since Date_Holidays consists of a number of sub-packages, one for each country, you should install all packages at once:

      pear install Date_Holidays-alpha#all
      

   This method of installing PEAR packages requires that you have a PHP version that has been compiled as a static binary. All versions of PHP build both both a SAPI module (Apache, CGI, etc.) and a command-line (CLI) binary. Check if you have a php binary in /usr/local/bin (/usr/bin if you installed from an operating system package) before recompiling.

   For more detailed directions on installing PEAR packages, see the PEAR documentation at http://pear.php.net/manual/

5. Additional PECL Modules

   PECL is short for "PHP Extension Community Library". The goal of PECL is to provide a means of easily distributing PHP extensions.

   For more information, see http://pecl.php.net/

   When you install a PECL extension, you have to add it to your php.ini so it gets loaded. Add the following line to your php.ini file to load the extension (the extension should be installed in the directory specified by the extension_dir option in php.ini):

   extension=fileinfo.so
   

   Or on Windows:

   extension=fileinfo.dll
   

   After that, restart your webserver.

   These PECL modules are RECOMMENDED to be installed if you need advanced functionality:

   1. imagick

      The imagick module can be used by Horde's image library to provide all kind of image manipulations.

      To install, enter the following at the command prompt:

      pecl install imagick
      

   2. horde_lz4

      If the horde_lz4 extension is available, Horde can perform real-time compression on data, resulting in reduced storage load on the server for things like cache storage and session data. It is highly recommended.

      To install, enter the following at the command prompt:

      pecl install horde/horde_lz4
      

   3. memcache

      If using the memcached SessionHandler, the memcache PECL extension must be installed.

      To install, enter the following at the command prompt:

      pecl install memcache
      

   4. http

      The http extension, if installed, will be used instead of PHP's fopen() when retrieving data from external HTTP servers (remote calendars, web APIs, etc.). This is much more reliable and flexible, so it recommended to either install this or enable the curl extension.

      To install, enter the following at the command prompt:

      pecl install http
      

The following non-PHP prerequisites are RECOMMENDED:

1. aspell - Spelling Checker

   Aspell, a comand-line program, is used as Horde Groupware's spell-checking engine. You must install and configure aspell to use Horde Groupware's spell-check feature.

   Version 0.60 or higher is REQUIRED.

   You can obtain aspell from:

   http://aspell.sourceforge.net/

2. Sendmail or SMTP server.

   Horde Groupware sends mail via either a local sendmail or a remote SMTP server. It is RECOMMENDED that SMTP be used.

3. FTP server.

   If using a FTP backend for the file manager, you must have at least one FTP server.

4. ElasticSearch server.

   An ElasticSearch server or cluster running on localhost can be used to provide indexing of bookmarks data and quick searching of the indexed content.

3   Installing Horde Groupware

The RECOMMENDED way to install Horde Groupware is using the PEAR installer.

pear channel-discover pear.horde.org

pear install horde/horde_role
pear run-scripts horde/horde_role

pear install -a -B horde/groupware

pear install horde/groupware

pear install -a horde/groupware

mkdir /var/www/groupware
pear config-create /var/www/groupware /var/www/groupware/pear.conf
pear -c /var/www/groupware/pear.conf install pear

/var/www/groupware/pear/pear -c /var/www/groupware/pear.conf \
    channel-discover pear.horde.org

php_value include_path /var/www/groupware/pear/php
SetEnv PHP_PEAR_SYSCONF_DIR /var/www/groupware

groupware-install

/var/www/groupware/pear/groupware-install

pear config-get bin_dir

PHP_PEAR_SYSCONF_DIR=/var/www/groupware php \
    -d include_path=/var/www/groupware/pear/php \
    /var/www/groupware/pear/groupware-install

4   Configuring Horde Groupware

1. Configuring the web server

   Horde Groupware requires the following webserver settings. Examples shown are for Apache; other webservers' configurations will differ.

   1. PHP interpretation for files matching *.php:

      AddType application/x-httpd-php .php
      

      Note

      The above instructions may not work if you have specified PHP as an output filter with SetOutputFilter directive in Apache 2.x versions. In particular, Red Hat 8.0 and above Apache 2.x RPMS have the output filter set, and MUST NOT have the above AddType directive added.

   2. index.php as an index file (brought up when a user requests a URL for a directory):

      DirectoryIndex index.php
      

   3. If you plan to provide ActiveSync support to your users, you have to create an alias of the /Microsoft-Servers-ActiveSync URL to /groupware/rpc.php. See http://wiki.horde.org/ActiveSync for details.

2. Configuring Horde Groupware

   Documentation on the format and purpose of the configuration files in the config/ directory can be found in each file. The defaults will be correct for most sites. If you wish to customize Horde Groupware's appearance and behavior, create "local" files for the configuration file you want to change. For example if you want to change the default value and lock a preference, create a config/prefs.local.php file with the following content:

   <?php
   $_prefs['prefname']['value'] = 'somedefault';
   $_prefs['prefname']['locked'] = true;
   

   This works with any configuration file.

   Warning

   All configuration files in Horde Groupware are PHP scripts that are executed by the web server. If you make an error in one of these files, Horde might stop working. Thus it is always a good idea to test the configuration files after you edited them. If you want to test mime_drivers.local.php for example run:

   php -l mime_drivers.local.php
   

   The default configuration stores files uploaded through the file manager in the SQL database. This is the most compatible configuration but doesn't scale well, may hit some database server limits, and may only work for very small installations. You should configure a different backend as soon as possible. See gollem/config/backends.php and gollem/config/backends.d/10-groupware.php for details.

3. Setting up alarm emails

   If you want your users to be able to receive emails from the Horde_Alarm system, you must set up a cron entry for horde-alarms, you must have at least one administrator specified in the Horde configuration, and you must have the PHP CLI installed (a CGI binary is not supported - php -v will report what kind of PHP binary you have).

   Running the job every 5 minutes is recommended:

   # Horde Alarms
   */5 * * * * /usr/bin/horde-alarms
   

   If not installing Horde Groupware through PEAR or if PEAR's bin_dir configuration doesn't point to /usr/bin/, replace /usr/bin/horde-alarms with the path to the horde-alarms script in your Horde installation.

4. Testing Horde Groupware

   Once you have configured your webserver, PHP, and Horde Groupware, bring up the included test page in your web browser to ensure that all necessary prerequisites have been met. If you installed Horde Groupware as described above, the URL to the test page would be:

   http://your-server/groupware/test.php
   

   Check that your PHP version is acceptably recent, that all required module capabilities are present, and that magic_quotes_runtime is set to Off. Then note the Session counter: 1 line under PHP Sessions, and reload the page. The session counter should increment.

   If you get a warning like Failed opening '/path/to/test.php' for inclusion, make sure that the web server has the permission to read the test.php file.

5. Securing Horde Groupware

   1. Global Passwords

      Some of Horde Groupware's configuration files contain passwords which local users could use to access your database. It is recommended to ensure that at least the Horde Groupware configuration files (in config/) are not readable to system users. There are .htaccess files restricting access to directories that do not need to be accessed directly; before relying on those, ensure that your webserver supports .htaccess and is configured to use them, and that the files in those directories are in fact inaccessible via the browser.

      An additional approach is to make Horde Groupware's configuration files owned by the user root and by a group which only the webserver user belongs to, and then making them readable only to owner and group. For example, if your webserver runs as www.www, do as follows:

      chown -R root.www config/*
      find config/ -type f -exec chmod 0440 '{}' \;
      

   2. User Passwords

      Unless steps are taken to avoid it, there are two channels by which Horde Groupware can cause users to pass their IMAP/POP3 passwords across the network unencrypted.

      The first channel is between the browser and the Web server. We strongly recommend using an SSL-capable Web server to give users the option of encrypting communications between their browser and the Web server on which Horde Groupware is running. Some sites may wish to disable non-SSL access entirely.

      The second channel is between the Web server and their authentication backend. The simplest way to avoid this is to have the authentication source running on the same system as the Web server, and configuring Horde Groupware to connect to the backend on localhost instead of on the Internet hostname. In cases where that is not possible, it is highly recommended that the backend be located on a private, secure network. Alternatively, the backend may be accessed via TLS to ensure that users' passwords remain safe after they have entrusted them to Horde Groupware (this is the default configuration).

      Other security steps you can take to increase security include:

      • Use session cookies instead of URL based sessions.
      • Set your php session.entropy_length to a larger value (e.g. 16) and session.entropy_file to a random source (e.g. /dev/urandom)
      • If your database, mail server, and web server are on the same host machine, then:
        • Use unix socket database access and disable TCP database access.
        • Use localhost for all TCP/IP connections to avoid the network, or run all services on a local, private network.

   2. Sessions

      Session data -- including hashed versions of your users' passwords, in some applications -- may not be stored as securely as necessary.

      If you are using file-based PHP sessions (which are the default), be sure that session files are not being written into /tmp with permissions that allow other users to read them. Ideally, change the session.save_path setting in php.ini to a directory only readable and writeable by your webserver.

      Additionally, you can change the session handler of PHP to use any storage backend requested (e.g. SQL database) via the Custom Session Handler tab in the Horde setup.

   For more information about securing your webserver, PHP and Horde Groupware, see the docs/SECURITY file.

5   Temporary Files

Various Horde Groupware applications will generate temporary files in PHP's temporary directory (see the General tab in the Horde setup). For various reasons, some of these files may not be removed when the user's session ends. To reclaim this disk space, it may be necessary to periodically delete these old temporary files.

An example cron-based solution can be found at horde/scripts/temp-cleanup.cron in PEAR's data_dir directory. Another possible solution is to use utilities like tmpwatch, tmpreaper or anything similar to remove old files.

Stale sessions are automatically pruned by PHP according to the session.gc_probability, session.gc_divisor, and session.gc_maxlifetime settings located in php.ini. However, the default settings are very aggressive: the garbage collection routine runs on average 1% of the time a page is loaded. For most installations, a lower garbage collection rate is recommended (setting session.gc_divisor to 10,000 or higher is much more reasonable).

6   Translations

Note for international users: Horde Groupware uses GNU gettext to provide local translations of text displayed by applications; the translations are found in the po/ directory. If a translation is not yet available for your locale (and you wish to create one), or if you're having trouble using a provided translation, please see the docs/TRANSLATIONS file for instructions.

7   Obtaining Support

If you encounter problems with Horde Groupware, help is available!

The Horde Frequently Asked Questions List (FAQ), available on the Web at

http://wiki.horde.org/FAQ

The Horde Project runs a number of mailing lists, for individual applications and for issues relating to the project as a whole. Information, archives, and subscription information can be found at

http://www.horde.org/community/mail

There is no separate mailing list for Horde Groupware, please contact the mailing list of the component you have problems with, or the Horde mailing list for general problems and questions.

Lastly, Horde developers, contributors and users may also be found on IRC, on the channel #horde on the Freenode Network (irc.freenode.net).

Please keep in mind that Horde Groupware is free software written by volunteers. For information on reasonable support expectations, please read

http://www.horde.org/community/support

Thanks for using Horde Groupware!

The Horde Team