If you can't read please download the document
Funambol on DebianThis document described how I set up Funambol on Debian server. Of course, there are more ways of doing this. I've tried to document the reasons why I've chosen this path. The Configuration and Funambol administration client sections are required for proper operation; at least some of the other staps can probably be omitted, but I haven't tested all possible configuration combinations. I've marked things that may need further improvement, but the text should be usable as-is. If you want to send me improvements to this text, please do so! hakkie42 at gmail free mail 2010-2011 jimbeam. Feel free to (re)use this text, but no warranties, express or implied, are given. Version history: 17 April 2010, jimbeam 12 March 2011, jimbeam Initial version started for Ubuntu Split into Debian version
Table of ContentsFunambol on Debian............................................................................................................................1 Versions and architecture......................................................................................................................2 Preparation............................................................................................................................................2 Installation............................................................................................................................................3 Network...........................................................................................................................................3 Java..................................................................................................................................................3 Apache.............................................................................................................................................3 Funambol.........................................................................................................................................3 Configuration........................................................................................................................................4 Startup on boot.................................................................................................................................6 Ports............................................................................................................................................7 Testing..............................................................................................................................................7 Funambol administration client............................................................................................................7 Server customisation and hardening.....................................................................................................8 Strip out Windows specific files......................................................................................................8 Remove email signature...................................................................................................................8 Replace bundled in Java with native Java.......................................................................................9 Remove bundled admin tool............................................................................................................9 Change log paths............................................................................................................................10 Replace Hypersoniq with Postgresql.............................................................................................12 Prepare your PostgreSQL server...............................................................................................12 Set up Funambol configuration.................................................................................................13 PostgreSQL backups.................................................................................................................16 Remove unused certificates...........................................................................................................16 1
Reverse proxy for easier encrypted connections...........................................................................17 Remove redundant Tomcat connectors.....................................................................................17 Configure Apache web server...................................................................................................18 Internet synchronisation............................................................................................................19 Client authentication using certificates.....................................................................................19 Final steps.................................................................................................................................19 Remove guest user.........................................................................................................................19 Move Funambol to system Tomcat................................................................................................19 Users and clients.................................................................................................................................20 Server configuration......................................................................................................................20 Automatic provisioning.............................................................................................................20 Test and operations.............................................................................................................................20 Troubleshooting..................................................................................................................................21 References..........................................................................................................................................21
Versions and architectureVersions/components used: Virtual machine with 512MB memory, 8GB Disk in DMZ running Debian 6.0/Squeeze (stable) x64 Separate PostgreSQL database server Funambol Community Edition Version 9 all in one install pack; contains Tomcat 6 application server and Java runtime
Purpose: to synchronize contact and address book information for a Small Office/Home Office environment. I will let Funambol store its data in the PostgreSQL database instead of its embedded Hypersonic database because we can more easily backup the data and interface with other systems. I will use the Apache web server to reverse proxy encrypted SSL/TLS connections for synchonizing over the internet, as I've had a rough time wrestling with Tomcat's SSL certificate system. Email is out of scope for now (you can use IMAP servers for shared access to email data). In future, I intend to hook up an IMAP mail server (at least for dummy/local mail) and Sogo groupware to this combination in order to be able to handle scheduling. Sogo will communicate with PostgreSQL and Funambol on the Debian server. In future, an OpenLDAP server will serve as the repository for user information and will be used as much as possible for integrating the components. Using Kerberos with these components could be possible but must be investigated.
PreparationUnless otherwise indicated, all commands below are run with root privileges. Use e.g. su -c to become root. In shell commands or nano editing sessions, I often prefix comments for the reader with #. Likewise -- for database SQL commands. You can omit these comments if you want to; sometimes it make sense to comment your files so you know what you've done. I always comment mine with a rare combination like rao redactedaccordingtolocalorganization ;) so a simple grep -r rao /* will dig out my configuration modifications. 2
To make upgrades easier and installs repeateable, I've included an installation-dependent list of variables in the configuration section, with some suggestions of possible values. You can fill that out when you install Funambol and use it when upgrading, changing config or installing other servers.
InstallationI'm assuming Debian, and PostgreSQL are installed.
NetworkMy network setup is as follows: Funambol host in DMZ so we can use internet sync. Port 5432 tcp/udp for PostgreSQL opened from DMZ to PostgreSQL database server in internal network.
JavaIf Java is not yet installed, do this: Enable non-free repository:nano /etc/apt/sources.list
Add these lines: #rao: added non-free for Sun java:deb http://ftp.debian.nl/debian/ squeeze non-free deb-src http://ftp.debian.nl/debian/ squeeze non-free
Then:aptitude update aptitude install sun-java6-jdk #might have used jre but not sure if this is enoughs update-java-alternatives --set java-6-sun #is this really required?
ApacheIf Apache is not yet installed, do this:aptitude install apache2 update-rc.d apache2 defaults #let apache start on boot
FunambolDownload the 9 Linux x64 all in one installer/bundle to a temporary directory with enough space (about 180 MB):cd /tmp wget http://download.forge.objectweb.org/sync4j/funambol-9.0.0-x64.bin chmod u+x funambol-9.0.0-x64.bin
Run the binary installer:./funambol-9.0.0-x64.bin
Do you agree to the above license terms? [yes or no]yes
Directory to extract Funambol [/opt] ? 3
Extracting... to /opt/Funambol Do you want to start the server? [yes or no]no rm /tmp/funambol-9.0.0-x64.bin
ConfigurationBelow is a table where you can record your specific configuration information. The rest of the guide should explain the meaning of the terms or indicate where you can find more information. Item Install location Suggested value/value /opt/Funambol Description I suggest keeping the default value of /opt/Funambol. We assume you used this setting in the text below. Change to match your own setting if that differs. Host name that will become part of the sync URL. If you don't have proper DNS set up, use the IP address of the server. Port Funambol/Tomcat listens on for sync requests. Configured in /opt/Funambol/tools/tomcat/con f/server.xml Default 8080 Port Funambol/Tomcat listens on for sync requests over SSL/TLS. Configured in /opt/Funambol/tools/tomcat/con f/server.xml Default 8443 Port Funambol/Tomcat listens on for AJP proxy requests. We use this for our Apache web server reverse proxy. Configured in /opt/Funambol/tools/tomcat/con f/server.xml Default 8009 Administrative user used by Funambol Administration tool to manage Funambol (users, devices etc) Password for that user. Good idea to change this! 4
Host
funambolserver
Tomcat HTTP sync port
Tomcat HTTPS sync port
Tomcat AJP port
8009
Funambol admin username
admin
Funambol admin password
sa
Sync URL
https://:8080/funambol/ds or https://serverip/sync
URL that you use on your client devices to synchronize. Consists of hostname Funambol/Tomcat listens on, Tomcat http sync port and /funambol/ds, unless you changed that in the config ;) You can use the shorter form if you use my Apache reverse proxy configuration. Same as Sync URL but for users outside your LAN. Giving a suggested value is impossible as it depends on your external ip address/name. You can also use the shorter form if you use my Apache reverse proxy configuration. Environment variable/location of the Java JDK/JRE/whatever it's called this week. If you strip Java from the Funambol bundle (as I do), Funambol needs to point to the proper JAVA_HOME directory Sync server Java database driver setting in /opt/Funambol/dsserver/install.properties It points to the jar file containing the PostgreSQL driver. Sync server Java database driver setting in /opt/Funambol/dsserver/install.properties Java driver class. Modificaton should be unnecessary, unless you use a non-PostgreSQL database. Sync server Java database driver setting in /opt/Funambol/dsserver/install.properties URL to the Postgresql server and database. Sync server Java database driver setting in
External sync URL
https://:34528/funambol/ds or https://:34528/sync
JAVA_HOME
/usr/lib/jvm/java-6-sun/
jdbc.classpath
/usr/share/java/postgresql.jar
jdbc.driver
org.postgresql.Driver
jdbc.url
jdbc:postgresql://localhost/funambol
jdbc.user, same as funambol funambol user
5
/opt/Funambol/dsserver/install.properties User name for the funambol database on PostgreSQL jdbc.password 4890hjEla#aas&d2sk2 Sync server Java database driver setting in /opt/Funambol/dsserver/install.properties Password for the user connecting to the funambol database on PostgreSQL
For reference, the Funambol readme for 8.0.2 shows this directory structure: BUNDLED_HOME (/opt/Funambol if you followed this guide) + admin + bin + config + ctp-server + ds-server + logs + plug-ins + java-demo -> A sample SyncML PIM graphical tool + tools -> A tools directory, including Hypersonic, JRE and Tomcat -> The graphical admin interface for Funambol Data Synchronization Server -> Starting/Stopping script files -> Configuration files -> The CTP Server -> The SyncML server -> A logs directory
+ inbox-listener -> The InboxListener + pim-listener -> The PIMListener
Startup on bootStart Funambol manually:/opt/Funambol/bin/funambol start
Stop Funambol manually:/opt/Funambol/bin/funambol stop
Do this to run on boot: First edit /opt/Funambol/bin/funambol to enable calls from symlinks:nano /opt/Funambol/bin/funambol
change:cd `dirname $0`
to#rao: hardcoded directory name, so we can call this from a symlink
6
#in startup script directory /etc/init.d #cd `dirname $0` cd /opt/Funambol/bin
Let Funambol start on boot:ln -s /opt/Funambol/bin/funambol /etc/init.d/funambol #Link startup script to funambol-supplied script update-rc.d funambol defaults #Let funambol be run on startup (perform actual link)
PortsFor reference, note the ports the bundled Tomcat server listens on:grep port /opt/Funambol/tools/tomcat/conf/server.xml
should return something like this:Define a non-SSL HTTP/1.1 Connector on port 8080
#and
#with
Easier method, as that is really tiresome: I'd suggest using the Funambol Administration Tool (path ,Server Settings, Logging, Appenders and change all File name properties, e.g from /opt/Funambol/logs/content-provider/content-provider.log to /var/log/funambol/content-provider.log While I was at it, I changed the 100MB file size limit to 20MB, and the rotation file count from 5 to 2. Finally, restart Funambol to see if everything worked: 11
/opt/Funambol/bin/funambol stop /opt/Funambol/bin/funambol start
Check your new log locations for indications of what's going on.
Replace Hypersoniq with PostgresqlHypersonic is a local file based database which works fine on smaller installs. It is simple, works out of the box and you can even read out the actual database data easily as it appears as actual SQL INSERT statements. I wanted to get my data into a client/server database in order to be able to separate Funambol and database server roles if necessary, and because I just love snooping around data with OpenOffice etc. connected to the database ;) I could have chosen MySQL, but prefer PostgreSQL because of its more mature stored procedure and referential integrity support. More importantly, I intend to hook up the Sogo web-based groupware system, which is heavily biased towards PostgreSQL. Note: as Funambol usernames and other details are stored in the database, moving from Hypersonic to another database means you have to migrate your data or re-enter it.
Prepare your PostgreSQL serverConnect to your Postgresql server and create a Funambol user and database:su postgres -c psql #note: if the O/S username of the PostgreSQL db is not postgres, replace postgres with the correct username.
-- We're going to create a Postgresql database user called funambol with a difficult password. Note username and password in configuration overview as we'll need them later on. Of course, substitute the password with one of your own.CREATE USER funambol WITH PASSWORD '4890hjEla#aas&d2sk2';
-- something like 'CREATE ROLE' should appear indicating success. -- make sure password never expires. If your security policy is tighter, change accordingly; also change passwords in the Funambol configs.ALTER USER funambol VALID UNTIL 'infinity'; --password never expires
-- something like 'ALTER ROLE' should appear indicating success. -- Don't allow user to create a database or create other users:ALTER USER funambol NOCREATEDB NOCREATEUSER; --restrict object creation
-- something like 'ALTER ROLE' should appear indicating success. -- Create our database:CREATE DATABASE funambol;
-- something like CREATE DATABASE should appear indicating success. -- Assign all privileges on database funambol to user funambol:GRANT ALL PRIVILEGES ON DATABASE funambol TO funambol; -- allow user full permissions to database
-- something like GRANT should appear indicating success. --Exit out of psql:\q
12
Now, we might need to make sure we can log in with passwords from the localhost. If you Funambol server is different from your PostgreSQL server, you will need to change this to allow the relevant networks to connect as well as let PostgreSQL listen on the proper interface. This is out of scope for this guide. Change 8.4 below to whatever version you're running:nano /etc/postgresql/8.4/main/pg_hba.conf
#verify if there is a line like #Allow all TCP/IP connections from local host to any database using md5 password hashes host all all 127.0.0.1/32 md5 #or more restrictive #Allow TCP/IP connections from funambol user on localhost to funambol database using md5 password hashes host funambol funambol 127.0.0.1/32 md5 See PostgreSQL documentation for more details. Reload PostgreSQL settings:pg_ctl reload
Test logging in to PostgreSQL. Note: by default PostgreSQL tries an ident/unix domain socket login which doesn't allow passwords. So we specify a host to force TCP/IP login:psql -h 127.0.0.1 -d funambol -U funambol -W #Log in via tcp/ip. enter your db password
Make sure you have a PostgreSQL jdbc driver:locate postgresql | grep jar
# should return a path with a .jar file. Note this as we'll need it later on. If this doesn't return any results, install a jdbc driver, e.g. usingaptitude install libpgjava
Some sites suggest making sure the database is VACUUMed regularly (see Funambol Installation and Administration Guide, 9.10 Database maintenance). You could do this in a cron job, I suppose. Or possibly PostgreSQL has gotten so smart that it auto-VACUUMs (see autovacuum parameters in postgresql.conf). I've left the system as is for now.
Set up Funambol configurationThe Funambol Installation and Administration Guide, p. 8 says PostgreSQL 8.3 errors on fast syncs. and suggests adding code to /opt/Funambol/ds-server/default/sql/postgresql/create_engine.ddl However, we're restricting the funambol PostgreSQL user from doing too much, including defining system-level functions, so we'll have to run the commands as the PostgreSQL root user. Note: the instructions in the manual were incorrect because of an extra line break; they generated an error.su postgres -c psql #note: if the O/S username of the PostgreSQL db is not postgres, replace postgres with the correct username.
-- Updated based on Funambol Installation and Administration Guide page 8 for Funambol 8.0.2CREATE FUNCTION pg_catalog.text(bigint) RETURNS text STRICT IMMUTABLE LANGUAGE SQL AS 'SELECT textin(int8out($1));';
-- should return 'CREATE FUNCTION'CREATE CAST (bigint AS text) WITH FUNCTION pg_catalog.text(bigint) AS IMPLICIT;
13
-- should return 'CREATE CAST' -- exit out of psql:\q
Shutdown funambol if it is running. If Funambol complains it can't find Hypersonic: edit Funambol start script to not start Hypersonic this apparently is set by COMED=true around line 44. Source: https://core.forge.funambol.org/wiki/HOWTO64bitMySQLLightHttpd I did this in any case:nano /opt/Funambol/bin/funambol #rao: apparently this controls Hypersonic startup #COMED=true #we use postgresql instead of Hypersonic, so: COMED=false
Configure database usage for sync server: change these settings:nano /opt/Funambol/ds-server/install.properties #rao: changed database from hypersonic to postgresql #dbms=hypersonic dbms=postgresql
Uncomment the following entries for Postgresql and edit (use/update the values mentioned in the configuration section of this guide). Change values per your PostgreSQL installation. If you used the guide example settings, you don't have to change anything. I suggest you do change at least the password.#rao: use postgresql with our setup # jdbc.classpath=/postgresql.jar # jdbc.driver=org.postgresql.Driver # jdbc.url=jdbc:postgresql:///funambol # jdbc.user=funambol # jdbc.password=funambol jdbc.classpath=/usr/share/java/postgresql.jar #explanation: path where your postgres jdbc driver lives jdbc.driver=org.postgresql.Driver #explanation: Java driver class for postgres driver jdbc.url=jdbc:postgresql://localhost/funambol #explanation: location of funambol database and postgresql server. jdbc.user=funambol #explanation: Funambol user in PostgresSQL jdbc.password=4890hjEla#aas&d2sk2 #explanation: password for the Funambol user on PostgreSQL specified above
Comment out the jdbc configuration for Hypersonic further down:#rao: we don't use Hypersonic anymore #jdbc.classpath=../tools/hypersonic/lib/hsqldb.jar #jdbc.driver=org.hsqldb.jdbcDriver #jdbc.url=jdbc:hsqldb:hsql://localhost/funambol #jdbc.user=sa #jdbc.password=
Configure the generic database configuration (don't enter the lines marked #; these are my explanations/comments):nano /opt/Funambol/config/com/funambol/server/db/db.xml
#Change for the database url below this part:
url 14
jdbc:postgresql://localhost/funambol
#likewise for
driverClassName
org.postgresql.Driver
#likewise for username use your own PostgreSQL username (noted in configuration overview as PostgreSQL username funambol
#Likewise for password use your own password (noted in configuration overview as PostgreSQL password 4890hjEla#aas&d2sk2
#end of edit For pim-listener, you need additional config; workaround I'm trying:ln -s /usr/share/java/postgresql.jar /opt/Funambol/pim-listener/lib/
Useful when reviewing other tutorials/guides: for older versions of Funambol you had to edit: /opt/Funambol/inboxlistener/config/com/funambol/email/inboxlistener/InboxListenerConfigurati on.xml /opt/Funambol/pimlistener/config/com/funambol/pimlistener/PIMListenerConfiguration.xml Have Funambol set up the structure of the funambol database: (Note: due to problems with my JAVA_HOME, I first exported it. Don't know if this is the correct workaround:export JAVA_HOME=/usr/lib/jvm/java-6-sun/ cd /opt/Funambol bin/install
You get the following output: [echo] Funambol Data Synchronization Server will be installed on the Tomcat 6.0.x application server [input] The Funambol Data Synchronization Server installation program can now create the database. [input] You can skip this step if you have already a valid database created. 15
[input] If you choose 'y' your existing data will be deleted. [input] Do you want to recreate the database? [input] #choose: yy
(y,n)
a lot more stuff rolls by and you repeatedly get the question whether you want to recreate the database. A lot of SQL errors are generated but in the end you should get something like: [war] Warning: selected war files include a WEB-INF/web.xml which will be ignored (please use webxml attribute to war task) [echo] Remove output dir BUILD SUCCESSFUL Total time: 1 minute 54 seconds Try running funambol to see whether it works.
PostgreSQL backupsLet's try running a backup manually:su postgres -c psql #note: if the O/S username of the PostgreSQL db is not postgres, replace postgres with the correct username.
-- List all databases on the PostgreSQL server; should include the funambol database:SELECT datname FROM pg_database;
-- exit out of psql:\q
Do the actual backup into a file in the /tmp directory:su postgres -c pg_dump funambol | gzip > /tmp/funambol_postgresqldb.backup.gz
To do for the system administrator: integrate PostgreSQL backups into your backup strategy including restore tests (something like psql -d funambol -f funambol_postgresqldb.backup).
Remove unused certificatesWe can remove unused root certificates from your bundled Java/Tomcat install. It makes SSL/TLS connection attempts faster as apparently, all root certificates get passed around over the wire by the funambol server. This only makes sense if you have the original bundled Java and use the HTTPS connector. I suggest you don't and use the Apache web server as a reverse proxy. Originally done on Funambol 6.5 with bundled JRE, untested on newer versions: List the certificates (default password for keystore is changeit please DON'T change this unless 16
you really know what you're doing):cd /opt/Funambol/tools/jre-1.5.0/jre/bin ./keytool -list -keystore /opt/Funambol/tools/jre-1.5.0/jre/lib/security/cacerts
Delete the ones you don't want (use the -alias option to specify it) example for soneraclass1ca:./keytool -delete -keystore /opt/Funambol/tools/jre1.5.0/jre/lib/security/cacerts -storepass changeit -alias soneraclass1ca
Reverse proxy for easier encrypted connectionsWe're going to set up the Apache web server to pass on Funambol sync traffic to the Funambol Tomcat server using the AJP proxy protocol. The advantage is that we can use regular Apache SSL/TLS functionality to encrypt traffic (e.g. on port 443), thereby securing internet synchronisation.
Remove redundant Tomcat connectorsFirst we're going to disable the HTTPS connector on Tomcat as we'll be using Apache for all traffic (simplifies number of ports used, adds another layer between the evil outside world and your sensitive data think mod_secure on Apache ;)). We'll leave HTTP (standard 8080) open for administration using the Funambol Administration Tool:cp /opt/Funambol/tools/tomcat/conf/server.xml /opt/Funambol/tools/tomcat/conf/server.xml.original nano /opt/Funambol/tools/tomcat/conf/server.xml
Edit this entire piece....: -->
so you get something like this:
17
Configure Apache web serverMake sure mod_ssl is enabled:a2enmod ssl
You should get a confirmation message or something like Module ssl already enabled. See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates. I suggest you make sure your cert will work on both your internal network (hostname) and externally reachable hostname; e.g. by having one of the hostnames as your Common Name/CN and adding that and the other hostnames in your certificate SubjectAltName (example: subjectAltName=IP:192.168.7.1,URI:http://localserver,URI:http://*.localserver,URI:http://externals erver,URI:http://*.externalserver Alternatively, for LAN syncs you could just connect out through your firewall/router and back in by specifying the external URL as the sync URL. Make sure you have a virtualhost for port 443 if it isn't set up already (connect to https://serverip and see what happens to check); check what sites you've enabled:ls /etc/apache2/sites-enabled
If necessary, enable the ssl site:cp /etc/apache2/sites-available/default-ssl /etc/apache2/sitesavailable/ssl_and_funambol a2ensite ssl_and_funambol
Make sure the mod_proxy_ajp and mod_proxy modules are enabled these will connect to Tomcat to proxy your sync traffic. Also use mod_rewrite to allow user-friendly sync URLs.a2enmod proxy proxy_ajp rewrite
Edit your Apache config for your site (replace 8009 with your Tomcat AJP port if you've changed that); add the lines below somewhere in the VirtualHost section:nano /etc/apache2/sites-available/ # rao: funambol sync URL should be proxied to Tomcat Funambol server Allow from all ProxyPass ajp://127.0.0.1:8009/funambol/ds #required for funambol pass-through: RewriteEngine on RewriteRule ^/sync(.*)$ /sync/$1 [PT]
And do the same for your SSL site (replace 8009 with your AJP port if you've changed that)nano /etc/apache2/sites-available/
You might want to fiddle with the SSLCipherSuite HIGH:MEDIUM option to make sure you don't allow weak encryption, and generate your own certificates. Please see other documentation for that. 18
Restart Apache:/etc/init.d/apache2 restart
Now we've set up both the regular web server and the https web server to respond to: http[s]:///sync as the internal Funambol sync URL. Please update your notes.
Internet synchronisationYou would probably need to open up a firewall or router to enable access from the internet for sync. See below. If so, I suggest to let Apache listen on another port dedicated to Funambol, so an attacker can't access any internal sites (hints: add port to /etc/apache2/ports.conf, add a different virtual site, have it rewrite to the proxy; ***todo: document/check how to restrict all other access***. Of course, if you enforce HTTPS and mandatory client side certificate authentication, you might think the risk is acceptable. Note the resulting URL in the config table as your external sync URL.
Client authentication using certificatesEdit the SSL virtual server config in the Client Authentication (Type) section: uncomment SSLVerifyClient require, e.g.:SSLVerifyClient require SSLVerifyDepth 5 SSLCACertificateFile conf/ssl.crt/ca.crt SSLCACertificatePath conf/ssl.crt SSLOptions +FakeBasicAuth SSLRequireSSL SSLRequire %{SSL_CLIENT_S_DN_O} eq "Your organisation name" \ and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "DevClient"}
Look at e.g. http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html#allclients for more details. Issue client certificates and install them on the clients (see client section for hints). On Debian, you can use the gnomint program or xca to easily manage certificates, or you can use one of the numerous tutorials on Apache SSL/TLS configuration.
Final stepsRestart Apache and Funambol:/etc/init.d/apache2 restart /etc/init.d/funambol stop /etc/init.d/funambol start
Remove guest userYou can use the Funambol Administration tool to remove the guest user if you want. It does give you a nice way of testing synchronization scenarios though.
Move Funambol to system TomcatI haven't performed this, but it might be a good idea to install a Tomcat 6 server using aptitude/aptget and move the Funambol components over from the custom Tomcat in /opt/Funambol/tools to the new one. This eases updates of the Tomcat application server, which keeps the system more 19
secure. Additionally, you can deploy multiple applications on the Tomcat instance. See this blog http://diaspora.gen.nz/~rodgerd/archives/1332-Funambol-+-C903.html for details (If you want things to use a different Java JDK and Tomcat instance, you can simply set environmental values for the installer, then run the installer thus: export JAVA_HOME=/your/jre/home export J2EE_HOME=/usr/share/tomcat6 $FUNAMBOL_DIR/bin/install
Users and clientsIf you want to synchronize, you need a Funambol user and client software. See the section on the Funambol Adminsitration Tool on creating users. For clients/devices in general: install the Funambol software for your clients if it isn't already (a lot of smartphones/high end phones have sync software built in). If you use your client over the internet, I suggest setting up our Apache reverse proxy, generating your own self-signed SSL root CA and server certificates, and preferably client certificates, too. Install the CA certificate and client certificate on your client; instruct the client to authenticate with the client certificate. Specify the proper External sync URL, username and passwords. Check the Funambol logs on the server and client if something goes wrong. For further details on specific clients, see other documentation, e.g. my Funambol on Ubuntu guide.
Server configurationNo special configuration for clients is necessary as long as you have users defined in Funambol and the clients can communicate with the server..
Automatic provisioningYou can configure Funambol to automatically allow new devices/software to attach and synchronize. If the given user name doesn't exist, Funambol creates one for you. I've not enabled this as I'm dealing with a small environment and don't want anyone who connects to just be able to set up accounts. If you want to, look for the keyword UserProvisioningOfficer in the documentation.
Test and operationsDay to day operations are described in Funambol documentation.
20
TroubleshootingThe following hints may aid you in troubleshooting: What admin/sa /var/log/funambol /opt/Funambol/* /var/log/postgresql/postgresql-8.4-main.log /opt/Funambol/ds-server/install/install.xml:452: org.postgresql.util.PSQLException: Connection refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections. Tomcat's catalina.*.log log files show something like: INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /opt/Funambol/dsserver/lib/linux Description Default admin username and password for Funambol. Funambol logs (if you've moved them using this guide) Original location of Funambol logs Postgresql log (for PostgreSQL 8.4) I had PostgreSQL 8.4 installed next to 8.3. It listened on port 5433, while 8.3 listened on 5432. After removing 8.3, Funambol install couldn't connect to the right port! You can improve performance by installing the native APR library: aptitude install libapr1 libaprutil1 libaprutil1-dbd-pgsql libtcnative-1. However, the bundled install won't use the system apr library. dpkg -L libapr shows the package provides a symlink you can use /usr/lib/libapr-1.so.0. Use similar procedure for aprutil and postgresql driver: mkdir /opt/Funambol/ds-server/lib/linux; ln -s /usr/lib/libapr-1.so.0 /opt/Funambol/dsserver/lib/linux/libapr-1.so.0; ln -s /usr/lib/aprutil-1 /opt/Funambol/ds-server/lib/linux; ln -s /usr/lib/libtcnative-1.so /opt/Funambol/dsserver/lib/libctnative-1.so Server keeps complaining. ***Who knows a solution? Can happen if you run an init.d startup script linked to an unmodified funambol start script (/opt/Funambol/bin/funambol). See relevant section in this guide.
Please set JAVA_HOME to the path of a valid jre when starting funambol
Apache error log shows entries like File does Proxy_ajp/mod_rewrite not configured correctly. not exist: /var/www/sync;jsessionid=6EE5796564281503 F37119353CBD99D6
ReferencesFor more information see:
21
https://wiki.Debian.com/marckaplan/funambol funambol-installation-and-administrationguide.pdf funambol-community-edition-v8sp2-releasenotes.pdf
Marckaplan's Funambol on Debian guide. Covers older versions. Funambol Installation and Administration Guide PDF which you can and should download from the Funambol site. Release notes; review the ones for your version
https://core.forge.funambol.org/wiki/BundleMy HOWTO Configure The Bundled Version To PSSQL Use MySQL Or Postgresql Concerns Funambol 6.4, but the same principles apply for later versions. Used this guide for PostgreSQL (obviously ;) http://diaspora.gen.nz/~rodgerd/archives/1332Funambol-+-C903.html Interesting article on splitting up the Funambol one-click install similar to what this guide does. Also covers running it on an already installed Tomcat server (e.g do export J2EE_HOME=/usr/share/tomcat6 before running bin/install)
https://core.forge.funambol.org/wiki/ChangeLog Log configuration info sPath http://Debianguide.org/wiki/Debian:Gutsy#Usin Some info on Postgresql on Debian g_PostgreSQL_JDBC_driver http://www.cyberciti.biz/faq/howto-addpostgresql-user-account/ Adding databases/users to Postgresql. Too lazy to read the manual, I just Googled for it;)
http://www.postgresql.org/docs/7.4/interactive/a Tsssk, still had to get the manual for info on uth-methods.html#AUTH-PASSWORD password authentication. Is for an older version but couldn't be bothered to get the proper version. https://help.Debian.com/9.10/serverguide/C/http Apache information for Debian, including d.html certificate information http://mail.opengroupware.org/pipermail/sogo/2 Rewrite rules for Apache and AJP connector. 009-November/004193.html https://core.forge.funambol.org/wiki/HOWTO64 Information on JAVA_HOME, external database bitMySQLLightHttpd use.
Thanks to the Funambol and Debian developers and communities for making this work!
22
