Sep 2023
11 / 11
Sep 2023
Sep 2023
David_C_Rankin
Sep '23
1

Ralf, Stefan, All,

I have a strange problem with calendar entries in 23.1 not showing on the calendar until a full reload of the calendar is done. (like hitting F5 in Firefox to reload the page). The entries do appear right away in the list-view of the calendar.

I suspect like Admin View-Sessions, the push isn’t being done, but shouldn’t there be a fallback (like json) that updates the calendar display?

If these issues are not solvable any longer outside a container, then is my best option to downgrade to 17.1-epl?

I could try a docker container for 23.1, but I doubt it would even be capable of running on my old test box (Dell, with 4G and Celeron dual-core) while there are other web applications also running under a normal web install (with both MariaDB and PostgreSQL apps, Avantfax, etc…)? Is there a specification for how much machine is needed for a docker install? (some general guideline for RAM/CPU usage for 10, 20, 100 users, etc…?)

23.1 was looking so good too, I was ready to dump the old PHP off my production box and move it there, but if it no longer has fallbacks to run outside a container, then I’ll need to look at one of the other two options. Let me know. Thanks for your help.

====== Update ======

Following through the code for where this is supposed to happen, I end up at a dead end in /srv/http/htdocs/egroupware/api/js/jsapi/egw_app.ts where the push for add (save) is apparently being passed on to the nextmatch? The snippet at issue is:

         push(pushData : PushData)
        {
                // don't care about other apps data, reimplement if your app does care eg. calendar
        ...
                // Nextmatch does the hard part of updating.  Try to find one.
                let nm = <et2_nextmatch>this.et2?.getDOMWidgetById('nm');
                ...
                // Pass actual refresh on to just nextmatch
                nm.refresh(pushData.id, pushData.type);
        }
...

I believe the `id` in question comes from `/srv/http/htdocs/egroupware/calendar/templates/default/add.xet`, e.g.

```none
<et2-button statustext="saves the changes made" label="Save" id="button[save]" slot="footer" default="true"
></et2-button>

But once I pass the button[save] id on to nm.refresh(...) things get a little murky. Is there any type of code-flow road map or other link that would help chase down where the calendar add push plays out to check on how fallback without swoole is supposed to work?

  • created

    Sep '23

  • last reply

    Sep '23
  • 10

    replies

  • 827

    views

  • 2

    users

  • 8

    links

  • 5
RalfBeckerEGroupware GmbH
Sep '23

There should be a fallback, but there is no more testing, if it really works, as the default installation is with Docker and contains push.

The general push fallback uses Framework::refresh_opener()2 which calls client-side egw.refresh()1, for which an app can implement it’s own reaction to it. Nextmatch refresh / list-view is done automatic.

I don’t think we will find time to look into this on short notice, as it’s only used by a small fraction of our users, unless you’re willing to pay for it getting repaired2, sorry.

If your old box supports Docker, is less a question of it’s power, as of it running a supported Linux OS containing Docker packages, as the overhead of Docker is marginal.

Ralf

David_C_Rankin
Sep '23
1

Believe it or not Ralf – I give… I’ve got docker running and I’ve pulled docker-compose.yml and nginx.conf. My only question here is on Archlinux the web server runs as http, not www-data, so the data and sources directories under /etc/egroupware-docker do they also need to be writable by httpd or by www-data (which isn’t a group on Archlinux? - yes, stupid question, because it will only get written by http on the Archlinux side, but after I fire up docker-compose - who is in control? Logic says it’s still Arch and what is written in the curl requests will use the normal Arch web-user http – but not knowing anything about docker – it’s unfamiliar turf - at least today it is)

After I get that sorted, then can I strip collabra and rocketchat out of the docker-compose.yml before docker-compose up -d or are they critical (I will never use either and would rather minimize the install)

Old dogs new tricks, but I sure like the normal web install. I see problems coming for knowledge base and other legacy-apps that I have data in. But, that’s for later, I want to get the container running and see if it actually works from docker and what the overhead difference does to the response. I ran ubuntu earlier (it’s still running detached), Installed several apps in that container and it was reasonably responsive with the tty interface. That gave me hope I could make egroupware work.

(because the fallback for add (save) new events isn’t working to make new events entered from the web interface show up on the calendar until a full browser reload is done. (as mentioned, they show up in the calendar list-view just fine when entered, they just don’t get written to week-view, month-view, etc… without the browser reload… So docker here we come… – or Framework::refresh_opener() I’ll be debugging you…)

Thank you Ralf!

RalfBeckerEGroupware GmbH
Sep '23

Hi David,

Sad, you use Archlinux, as we have no packages for it, only dep and rpm packages. So you have to use docker-compose manually :frowning:

You have to chown -R 33:33 /usr/share/egroupware/default so that PHP running in the container, mounting that, can read and write the files.

Yes, no problem, just comment them out.

There is a page in the wiki detailing how to install / git clone the legacy app to /usr/share/egroupware on the host and the starting container will integrate that into itself.

Ralf

David_C_Rankin
Sep '23

Yes,… alas… But I have an idea for that. Arch has http:http for 33:33, so my thought is to create a new www-data user nologin and make the user a member of http so anything writable by http on Arch will be writable by www-data if the docker container looks for the user by name on the system. If it just looks by number, it will work without modification due to the UID/GID mapping. We will see if I can make it work, by hook or crook.

At least you have got me pointed in the right direction and the Docker compose installation information seems clear. (until I mess it up)

Thank you again Ralf! Data migration from 1.8 was the big unknown. With that done, we are just figuring out the best wrapper for it. You have done a great job with egroupware. Nothing holds a candle to the egroupware interface and the tight integration global categories provide. (not to mention egroupware still runs circles around nextcloud from a load and responsiveness standpoint on the same hardware)

RalfBeckerEGroupware GmbH
Sep '23

All that is not necessary, the webserver on the host is not used, or only if proxy, where it does not matter with which uid/gid it runs.

We run our own webserver in the container egroupware-nginx.

Ralf

David_C_Rankin
Sep '23

Something is looking up:

docker ps
CONTAINER ID   IMAGE                            COMMAND                  CREATED         STATUS                            PORTS      NAMES
57f2f06feca1   nginx:stable-alpine              "/docker-entrypoint.…"   5 minutes ago   Restarting (1) 44 seconds ago                egroupware-nginx
8eda4f747be0   phpswoole/swoole:latest-alpine   "docker-php-entrypoi…"   5 minutes ago   Restarting (127) 44 seconds ago              egroupware-push
ec2b11011599   egroupware/development:latest    "/entrypoint.sh php-…"   5 minutes ago   Up 5 minutes                      9000/tcp   egroupware
77c44591ad1d   phpmyadmin                       "/docker-entrypoint.…"   5 minutes ago   Up 5 minutes                      80/tcp     phpmyadmin
c78a2ee4cbbb   mariadb:10.6                     "docker-entrypoint.s…"   5 minutes ago   Up 5 minutes                      3306/tcp   egroupware-db
f9a0c089cfce   containrrr/watchtower            "/watchtower --sched…"   5 minutes ago   Up 5 minutes                      8080/tcp   egroupware-watchtower
a6a097297765   ubuntu                           "bash"                   4 hours ago     Up 4 hours                                   compassionate_thompson

I did just comment the collabra and rocketchat installs out. Looks like things are running. Now all I have to do is figure out how to access egroupware – I recall seeing the URL with IP in one of the howtos. If nothing else, we have succeeded in running our first serious docker-compose app :)

RalfBeckerEGroupware GmbH
Sep '23

This is a development install, you want a production one:

https://github.com/EGroupware/egroupware/tree/master/doc/docker1

There are two ways to do that:

  1. Change the port in docker-compose.yml from 4443 to 443 and 8080 to 80 AND stop your webserver on the host.
  2. Or like our Linux packages use a Webserver (Nginx or Apache2) on the host, so you can use Certbot to get a certificate. Configuration files for Nginx or Apache2

Ralf

David_C_Rankin
Sep '23
3

Oh… I pulled the wrong install?

Wait, no, that is the exact page I used for this install?

Well, I have Let’s Encrypt certificates on the host itself. Will requesting another set with certbot for docker on this host mess up my existing certs? My host can’t lose it’s certificates, it has other applications that don’t run in containers that it must serve.

My host certificates are:

l /etc/letsencrypt/archive/3111skyline.com/*6*
-rw-r--r-- 1 root root 1801 Sep 10 17:32 /etc/letsencrypt/archive/3111skyline.com/cert16.pem
-rw-r--r-- 1 root root 3749 Sep 10 17:32 /etc/letsencrypt/archive/3111skyline.com/chain16.pem
-rw-r--r-- 1 root root 5550 Sep 10 17:32 /etc/letsencrypt/archive/3111skyline.com/fullchain16.pem
-rw------- 1 root root 1708 Sep 10 17:32 /etc/letsencrypt/archive/3111skyline.com/privkey16.pem

Is the lack of certificates the problem causing nginx:stable-alpine and phpswoole/swoole:latest-alpine to continually be in restart? E.g.

57f2f06feca1   nginx:stable-alpine              "/docker-entrypoint.…"   16 hours ago     Restarting (1) 7 seconds ago                 egroupware-nginx
8eda4f747be0   phpswoole/swoole:latest-alpine   "docker-php-entrypoi…"   16 hours ago     Restarting (127) 17 seconds ago              egroupware-push

Can I somehow use my existing Let’s Encrypt certificates with egroupware in this docker container?

Everything else seems to be happy. OR is this the result of the failure to pull the Dockerfile per the howto? Running EGroupware in Docker. When I tried:

curl https://raw.githubusercontent.com/EGroupware/egroupware/master/doc/docker/Dockerfile > Dockerfile

It ends up with Dockerfile containing 404: Not Found. I just deleted thatDockerfile`. Is that howto missing a file or has it been superseded and is no longer needed?

What to check to find out why nginx and phpswoole/swoole are not running and continually restarting?

Also, we had a 4 hour power outage today, so the server went down and when it came back up – it came back up in the same state when I start docker. It seem happy except nginx and phpswoole/swoole, e.g.

CONTAINER ID   IMAGE                            COMMAND                  CREATED        STATUS                            PORTS      NAMES
57f2f06feca1   nginx:stable-alpine              "/docker-entrypoint.…"   17 hours ago   Restarting (1) 3 seconds ago                 egroupware-nginx
8eda4f747be0   phpswoole/swoole:latest-alpine   "docker-php-entrypoi…"   17 hours ago   Restarting (127) 13 seconds ago              egroupware-push
ec2b11011599   egroupware/development:latest    "/entrypoint.sh php-…"   17 hours ago   Up 46 minutes                     9000/tcp   egroupware
77c44591ad1d   phpmyadmin                       "/docker-entrypoint.…"   17 hours ago   Up 46 minutes                     80/tcp     phpmyadmin
c78a2ee4cbbb   mariadb:10.6                     "docker-entrypoint.s…"   17 hours ago   Up 46 minutes                     3306/tcp   egroupware-db
f9a0c089cfce   containrrr/watchtower            "/watchtower --sched…"   17 hours ago   Up 46 minutes                     8080/tcp   egroupware-watchtower

The docker-compose.yml with collabra and rocketchat commented (removed below), I used the following:

version: '3'
volumes:
  # data directory: here are the files stored (/var/lib/egroupware by default)
  data:
    driver_opts:
      type: none
      o: bind
      # to upgrade an existing non-docker installation most easy is to use the existing
      # data directory /var/lib/egroupware AND the host database see below
      #device: /var/lib/egroupware
      # otherwise data is stored in data subdirectory of the current directory
      device: $PWD/data
  # sources directory or document root mounted as /var/www inside the container
  sources:
    driver_opts:
      type: none
      o: bind
      # use this if you have an existing document root with an egroupware directory inside
      #device: /var/www
      # otherwise sources/document is stored in sources subdirectory of current directory
      device: $PWD/sources
  # sources for push server, swoolpush subdirectory of egroupware
  sources-push:
    driver_opts:
      type: none
      o: bind
      device: $PWD/sources/egroupware/swoolepush
  # volume to store config.inc.php file / token shared between egroupware and push container
  push-config:
  # for Mac and Windows, do NOT use a directory for the DB, as the Docker host is in a VM!
  db:
  sessions:
  # cache files from compose, npm and yarn (actually /root inside the container)
  cache:

services:
  egroupware:
    # you can also use tags like: 7.4, 8.0 or 8.1 depending on the PHP version you want to use
    image: egroupware/development:latest
    # setting a default language for a new installation
    #environment:
    #- LANG=de
    volumes:
      - $PWD/sources:/var/www
      - $PWD/data:/var/lib/egroupware
      - $PWD/sessions:/var/lib/php/sessions
      - $PWD/cache:/root
      - $PWD/push-config:/var/lib/egroupware-push
    # if you want to use the host database:
    # 1. comment out the whole db service below AND
    # 2. set EGW_DB_HOST=localhost AND
    # 3. uncomment the next line and modify the host path (first one), it depends on your distro:
    #    - RHEL/CentOS   /var/lib/mysql/mysql.sock:/var/run/mysqld/mysqld.sock
    #    - openSUSE/SLE  /var/run/mysql/mysql.sock:/var/run/mysqld/mysqld.sock
    #    - Debian/Ubuntu /var/run/mysqld:/var/run/mysqld
    #- /var/run/mysqld:/var/run/mysqld
    # private CA so egroupware can validate your certificate to talk to Collabora or Rocket.Chat
    # multiple certificates (eg. a chain) have to be single files in a directory, with one named private-ca.crt!
    #- /etc/egroupware-docker/private-ca.crt:/usr/local/share/ca-certificates/private-ca.crt:ro
    environment:
      #
      # MariaDB/MySQL host to use: for internal service use "db", for host database (socket bind-mounted into container) use "localhost"
      - EGW_DB_HOST=db
      # grant host is needed for NOT using localhost / unix domain socket for MySQL/MariaDB
      - EGW_DB_GRANT_HOST=172.%
      # for internal db service you should to specify a root password here AND in db service
      # a database "egroupware" with a random password is created for you on installation (password is stored in header.inc.php in data directory)
      #- EGW_DB_ROOT=root
      - EGW_DB_ROOT_PW=secret
      # alternativly you can specify an already existing database with full right by the given user!
      #- EGW_DB_NAME=egroupware
      #- EGW_DB_USER=egroupware
      #- EGW_DB_PASS=
      #
      # further post_install.php arguments can be passed as a single enviroment variable with space separated assignments
      # "<name1>=<value1> <name2>=<value2>" see https://github.com/EGroupware/egroupware/blob/master/doc/rpm-build/post_install.php#L17
      # to configure eg. LDAP for authentication and account storage use
      #- EGW_POST_INSTALL='account-auth=ldap,ldap ldap_base=ou=egroupware,dc=example,dc=org ldap_host=tls://ldap.example.org ldap_admin=cn=admin,$base ldap_admin_pw=secret ldap_context=cn=users,$base ldap_group_context=cn=groups,$base'
      #
      # extra non-default apps (need to start with EGW_EXTRA_APP!)
      #
      # EPL apps (need extra credentials!)
      #- EGW_EXTRA_APPS_EPL=https://github.com/EGroupwareGmbH/epl.git https://github.com/EGroupwareGmbH/esyncpro.git https://github.com/EGroupwareGmbH/policy.git https://github.com/EGroupwareGmbH/webauthn.git
      # old Wiki
      #- EGW_EXTRA_APP_WIKI=https://github.com/EGroupware/wiki.git
      # old API and eTemplate(1), required for upgrades from before 14.3
      #- EGW_EXTRA_APP_OLDAPI=https://github.com/EGroupware/phpgwapi.git https://github.com/EGroupware/etemplate.git
      #
      # XDEBUG_REMOTE_HOST need to be set, if the host running the IDE is different from 172.17.0.1 (Mac can use docker.for.mac.localhost)
      - XDEBUG_REMOTE_HOST=172.17.0.1
    restart: always
    depends_on:
      - db
    container_name: egroupware
    # set the ip-address of your docker host AND your official DNS name so EGroupware
    # can access Rocket.Chat or Collabora without the need to go over your firewall
    #extra_hosts:
    #- "my.host.name:ip-address"
    extra_hosts:
      - "devbox.egroupware.org:172.17.0.1"

  nginx:
    image: nginx:stable-alpine
    volumes:
      - $PWD/sources:/var/www:ro
      # to add a certificate create a certificate.pem containing (in that order)
      # 1. private key
      # 2. public key
      # 3. (optional) chain certificates
      # uncomment to the next line
      # ./certificate.pem:/etc/ssl/private/certificate.pem
      # AND uncomment the three lines starting with "listen 443", "ssl_certificate", "ssl_certificate_key" in nginx.conf
      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
    ports:
      # if no webserver is running on the host, change (first) number to 80 and 443
      - "8080:80"
      - "4443:443"
    depends_on:
      - egroupware
      - push
##      - collabora-key
##      - rocketchat
    container_name: egroupware-nginx
    restart: always

  # run an own MariaDB:10.6 (you can use EGroupware's database backup and restore to add your existing database)
  db:
    image: mariadb:10.6
    environment:
      #- MYSQL_ROOT=root
      - MYSQL_ROOT_PASSWORD=secret
    #- MARIADB_AUTO_UPGRADE=true
    volumes:
      - db:/var/lib/mysql
    # to add an own persistent configuration
    #- ./mariadb.cnf:/etc/mysql/mariadb.conf.d/egroupware.cnf
    container_name: egroupware-db
    restart: always
    # make mysql also available on the host
    #ports:
    #- "3306:3306"

  # push server using phpswoole
  push:
    image: phpswoole/swoole:latest-alpine
    command:
      - /var/www/server.php
    volumes:
      - $PWD/sources/egroupware/swoolepush:/var/www
      - $PWD/sessions:/var/lib/php/sessions
      - $PWD/push-config:/var/lib/egroupware-push
    container_name: egroupware-push
    restart: always
    depends_on:
      - egroupware

  # automatic updates of all containers daily at 4am
  # see https://containrrr.github.io/watchtower for more information
  watchtower:
    image: containrrr/watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    # For automatic EPL Updates (not necessary for CE!) you need to pass docker
    # credentials into watchtower after running: docker login download.egroupware.org
    #- /root/.docker/config.json:/config.json:ro
    environment:
      - WATCHTOWER_CLEANUP=true # delete old image after update to not fill up the disk
    # for email notifications add your email and mail-server here
    #- WATCHTOWER_NOTIFICATIONS=email
    #- WATCHTOWER_NOTIFICATIONS_LEVEL=info # possible values: panic, fatal, error, warn, info or debug
    #- WATCHTOWER_NOTIFICATION_EMAIL_FROM="watchtower@my-domain.com"
    #- WATCHTOWER_NOTIFICATION_EMAIL_TO="me@my-domain.com"
    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER="mail.my-domain.com" # if you give your MX here, you need no user/password
    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=25
    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER="watchtower@my-domain.com"
    #- WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD="secret"
    command: --schedule "0 0 4 * * *"
    container_name: egroupware-watchtower
    restart: always

  # phpMyAdmin
  phpmyadmin:
    restart: unless-stopped
    image: phpmyadmin
    container_name: phpmyadmin
    hostname: phpmyadmin
    # pre 20.1 installs run MariaDB on the host and need to pass the socket (to use egroupware user and it's password only valid on localhost)
    #volumes:
    #  - /var/run/mysqld/mysqld.sock:/tmp/mysql.sock
    environment:
      # PMA_HOST: use localhost, if you use a socket (pre 20.1 install) or db for 20.1+ installations
      - PMA_HOST=db
      # phpMyAdmin needs the full URL incl. protocol, domain, path and a trailing slash!
      - PMA_ABSOLUTE_URI=http://localhost/phpmyadmin/

Another hurdle is I am setting this up remotely. I don’t know if that matters, but I’m ssh’ed into the test box and attempting to connect to the docker egroupware over the local LAN. I don’t know if that makes a difference for initial setup, but that is how I have always administered servers.

Let me know what to check on nginx/swoole restart and if the remote-admin is a problem. Thank you a lot!

RalfBeckerEGroupware GmbH
Sep '23

Nope, we broke it, when merging Milans JavaScript to TypeScript conversation into master and 23.1.
I hope I find time to fix it in the next days …

About your certs, that’s why our Linux packages uses the webserver on the host as proxy, I send you links to the configuration files.

I can offer you to buy 1 hour of community edition support and convert your installation together with you to a docker-compose one and also explain how it works to you.

Ralf

David_C_Rankin
Sep '23
3

That may be in the cards. I’m not dead broke, but damn close to it after the office burned on June 11. I’m slowly recovering, but any recovery in one of the poorest counties in Texas is SLOW… I’ll take a look at the rates.

And really glad to know I’m not as stupid as I felt trying to get this darn docker install going :)

No rush, I’ve made 1.8.007 work for more than a decade (and work phenomenally it has), but after the office fire, having only 1 server to worry about migrating (and the data from the other later), I decided it was time to move forward and not have to maintain PHP 5.6 any more. (rebuilding with every new bug or ICU change gets old… quick)

Thank you for you efforts, and I’ll let you know if I can buy support. (must check with the boss first, you know how that goes, Birgit, I’m sure, has the last say :)

And so in the long run, I’ll have to remove all existing containers and use docker-compose again once the fix is in? I’m getting the full course of docker all at once. I guess that’s not a bad thing. This test box isn’t public facing (which is why it is a safe test box). If I get the hour of support, I’ll just move ssh to a high port and send you the login and make you part of the wheel group so you can sudo and su without a password. We will cross that bridge when we get to it.

Thanks again.

====== Update ======

While I’m giving everything a thorough run-through in this area, there is one more quirk that is likely related to the same push/fallback in calendar. When you go into the calendar toolbar settings and add [31] Month view to the list of items to display on the toolbar, it is never shown. E.g., toolbar settings

egw-cal-23-toolbar-settings-fs8

But despite having Month view added to the visible actions, it is never actually shown in the toolbar, e.g.

egw-cal-23-toolbar-fs8
egw-cal-23-toolbar-fs8.png1129x49 4.11 KB

(and this is after full browser and server shutdowns, restarts, etc… so it isn’t just a temporary update issue)

I suspect that the toolbar as well relies on swoole push to update the actions that are displayed and if there is a fallback, it too is on the fritz. If I see any other calendar quirks I’ll let you know.

This is small potatoes as you can always use the tripple-dot menu to select it, but it was just strange that the setting didn’t do what I thought it was indicating it would.

I’m enjoying 23, finally, now all I have left is to make docker work and figure out how to access it, etc…and we may emerge from the dark-ages yet :)

====== Update 2 ======

After ‘git pull’ today, the fallback for Admin->sessions is working fine. Only one not working is the calendar Add. Very nice move of Birthdays from full events shown to a little birthday cake in the day heading. Somebody has their thinking-cap on :)