SOGo 6 - process settings
SOGo 6 process settings are mandatory to run the backend server. Keep in mind the modification of those settings will drastically modify SOGo 6 and can provoke irrevocable loss of data. So be sure to understand them and set them once for all.
Note that the process settings also include the Flask settings, the Python framework used for the web server.
Admin Credentials
SOGo 6 has an API and a UI dedicated to Admin for configuration, action(that replace sogo-tool), user’s session…. This part does not rely on your user sources for authentication. By default it will be admin/admin but you change that with
-
SOGO_P_ADMIN: string, Admin username. Default to
admin -
SOGO_P_ADMIN_PWD: string, Admin password. Default to
admin
|
For the alpha, it’s the only way to authenticate. Later you will have an API token management that you will be able to use in your scripts/playbooks/CI… |
Redis Config
Redis is used both as a cache system and as the broker for the Agent (the process for asynchronous task)
|
Even if SOGo 6 has protection and data validation when reading them from Redis, you should think that SOGo 6 sees its Redis server as trusted. Meaning if there is corrupted data or an attack, they may be passed through SOGo. |
Two parameters needed:
-
SOGO_P_REDIS_URL: string, mandatory
It is the URL of your Redis server e.g. redis://my-redis-server:6379.
If you’re using Redis with protected-mode on, use this redis://<username>:<password>@redis:6379
You can use extra param in the query but SOGo 6 will add those by itself:
-
decode_responses="Yes": to receive strings directly instead of bytes. -
protocol=3: ifSOGO_P_REDIS_RESP_3is set to True (see below)
-
SOGO_P_REDIS_RESP_3: bool = True # Version of RESP, 3 is strongly recommended
Client caching allows the client to make a query only if the data has been updated since the last time. Hence, saving time and resources.
Database settings
SOGo 6 needs a database and a user that has the rights on this database to create, modify tables and obviously writing and reading.
SOGo 6 will handle the table creation at init and also updating them if needed after an upgrade.
-
SOGO_P_DB_TYPE: string, can be either "PostgreSQL" or "MySQL".
-
SOGO_P_DB_USER: string, username. E.g. "admin", "sogo".
-
SOGO_P_DB_PASS: string, password. E.g. "password".
-
SOGO_P_DB_HOST: string, hostname or IP of the database. E.g: "my-db", "127.0.0.1".
-
SOGO_P_DB_PORT: int, port of the database. E.g. 5432
-
SOGO_P_DB_SSL: bool, use ssl NOT IMPLEMENTED YET
-
SOGO_P_DB_ENC: string, default to "utf8". Encoding of the database
Database table’s name
SOGo 6 offers default names to its tables, that you can modify before the first init.
|
At the first init, SOGo 6 will create the tables. Any modification of the name afterwards will break it. If you really need to change a table name: * Stop SOGo 6 * Alter your database manually * Change the ENV value * Restart SOGo 6 |
-
SOGO_P_TABLE_SETTINGS: string, default to "sogo6_sogo_settings"
-
SOGO_P_TABLE_DOMAINS: string, default to "sogo6_sogo_settings_domains"
-
SOGO_P_TABLE_RULES: string, default to "sogo6_sogo_settings_rules"
-
SOGO_P_TABLE_USERS: string, default to "sogo6_sogo_user_profiles"
-
SOGO_P_TABLE_CALENDARS: string, default to "sogo6_calendar_calendars"
-
SOGO_P_TABLE_EVENTS: string, default to "sogo6_calendar_events"
-
SOGO_P_TABLE_REMINDERS: string, default to "sogo6_calendar_reminders"
-
SOGO_P_TABLE_TMP_DRAFTS: string, default to "sogo6_tmp_draft"
Secrets
-
SOGO_P_VOUCHER_SECRET: string, must be 32 characters long in utf-8
Secret used to encrypt tokens sent to the UI to identify a user session:
If you change the value, all current user sessions will be lost and the users will have to log in again.
What can a malevolent person do if they get this value: * They will need the JWT token stored in an authenticated user’s browser. * They will be able to decrypt the user_session_id and the user_session_key * They will need to access your Redis, to find the user session with the user_session_id. * Then they can decrypt the user session with the user_session_key
The user session has those data
-
USER_UID: uid of the user
-
USER_PWD: the password of the user
-
USER_DOMAIN: the mail’s domain of the user
-
USER_EMAIL: the mail of the user
-
USER_SRC_ID: the source_id (from which user source the user is from) of the user.
-
SOGO_AES_ENC_KEY: string, must be 32 characters long in utf-8
Secret used to store sensitive data in the database. Such data are: * Password to external account * Password to external calendars or address books * Certificates to sign or encrypt mail
|
The tool to update the secret is not implemented in the alpha version |
If you change the value just like that, all those data will be lost. To change the value:
-
Stop SOGo 6
-
Use the script tool to update the secret value
-
Update
SOGO_AES_ENC_KEYin your ENV -
Restart SOGo 6
Init
-
SOGO_INIT_SYSTEM_SETTINGS_PATH: str = ""
-
SOGO_INIT_DOMAIN_SETTINGS_PATH: str = ""
When you first run SOGo, only the process_settings are needed. But SOGo will be useless as it doesn’t know about your mail server or any user sources.
Indeed, those settings are stored in the database. If the database is empty, SOGo will run in a special state called SOGO_NOT_INIT. Only the Admin API
will be available to login and set the first config.
However, you can set them directly by setting those two parameters above. Each one expects a path to a JSON file, that will fill up SOGo’s database on first init. Just put the file on a path, and set the path above.
|
For alpha version, you can find such files in |