Problem statement

A advertising company want to develop and implements their company web pages. As an IT system
consultant you have develop their web pages. Their requirement was for promoting and publicizing
their company and as facilities for receiving suggestion and feedback from their client.

Task
1.Create a web pages.
2. Create company web contents which include the products information and the services offered by
the company.
3. Creates a suggestion and feedback in the web pages.
Introduction
I with my friend have to develop and implements a company web pages. First we must have a server
that control the web. The specifications for the server is intel processer i3, ram 4 GB DDR3, storage
hard disk up to 10 TB, lan Gigabit LAN. The server operating system is linux Ubuntu.

Web content

Installing and configuring File server

1.Install ubuntu server or desktop.

2. Sets root password

open a terminal window and enter :
sudo passwd root

after that enter a new root password

3. Select a Fully Qualified Domain Name for your server.

We will be using ubb01.mydomain.local as our FQDN example in the instructions.
Add the name and IP to your /etc/hosts file as shown below and save the file:

sudo gedit /etc/hosts

Then change the hostname file by opening a terminal window and entering:
sudo su
echo "ubb01.mydomain.local" > /etc/hostname
service hostname restart
exit

4. Configure Network Interfaces

Ubuntu has very good reasons why it prefer we do not do this - but this needs to be done at
some point or someone else will.
Open a Terminal Window and enter the following :
sudo gedit /etc/network/interfaces

Replace the content of the file with the following and save :
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.2
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
dns-nameservers 192.168.0.1, 8.8.8.8
# IPTable rules
post-up iptables-restore < /etc/iptables.up.rules
# The secondary network interface internal
auto eth1
iface eth1 inet static
address 192.168.1.2
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255

Remove Network Manager

Open a Terminal Window and enter the following :
sudo apt-get remove network-manager

5. Edit the DNS configuration - Dnsmasq

Install Dnsmasq. Open a terminal and enter:

sudo apt-get install dnsmasq

Edit the Dnsmasq configuration file by opening a terminal window and entering :

sudo gedit /etc/dnsmasq.conf

Replace the content of the file with the following and save :
# DNS Settings
server=/localnet/192.168.0.2
server=/#/192.168.0.1
server=/#/8.8.8.8
server=/#/8.8.4.4
# Domain Name
domain=mydomain.local
# Server DNS settings... this is required as the server itself will
# not be obtaining it's IP address via DHCP and therefore would
# not be automatically added to the DNS records for forward/reverse
# DNS queries as required by Kerberos
ptr-record=2.0.168.192.in-addr.arpa.,"ubb01.mydomain.local"
address=/ubb01.mydomain.local/192.168.0.2

NOTE: The setup requires that you have your internet router with a fixed IP address
of 192.168.0.1 connected to your LAN Adaptor #1 (eth0) port with a DNS nameserver running on
the router providing internet access.
NOTE: Your outward facing connection is LAN Adaptor #1 (eth0) with IP 192.168.0.2
NOTE: Your inward facing connection is LAN Adaptor #2 (eth1) with IP 192.168.1.2
6. Reboot and check internet connectivity

Reboot and after reboot make sure you are connected to the internet.
7. Add Ubuntu Partner Software Repositories and update software

Make sure that the Ubuntu Partner Repository is active in your /etc/apt/sources.list file and
uncomment if needed or add them manually below.
Open a terminal window and enter :
sudo su
echo "deb http://archive.canonical.com/ubuntu precise partner" >> /etc/apt/sources.list
echo "deb-src http://archive.canonical.com/ubuntu precise partner" >> /etc/apt/sources.list
exit

Update your software sources and software.

sudo apt-get update && sudo apt-get -y dist-upgrade

If there were any kernel upgrades reboot your system to complete the installation process
before continuing.
8. Install support software

We need to install a bit of supporting software and other essentials. Here goes:

Install Linux Server Kernel headers if you are working with the Ubuntu Desktop edition.
Open a terminal window and enter :
sudo apt-get install linux-headers-server linux-image-server linux-server

Install VIM-NOX to fix VI in Ubuntu - this is optional for command line nerds.
sudo apt-get install vim-nox

Install OpenSSH Serve and openSSL.

sudo apt-get install openssh-server openssl

Sync System Clock to internet time server

sudo apt-get install ntp ntpdate

WebMin PERL and Python essentials

sudo apt-get install perl libnet-ssleay-perl libauthen-pam-perl libpam-runtime libio-pty-perl apt-showversions python

Security
sudo apt-get install rkhunter chkrootkit

9. Install and configure transparent proxy cache with reporting - Squid | Sarg

Install Squid.
Open a Terminal Window and enter the following :
sudo apt-get install -y squid3 ccze sarg calamaris

Create the cache folder.

Open a Terminal Window and enter the following :
sudo mkdir /home/cache

sudo chmod 777 /home/cache

sudo chown proxy:proxy /home/cache

Backup the Squid configuration file.

Open a Terminal Window and enter the following :
sudo mv /etc/squid3/squid.conf /etc/squid3/squid.conf.origin
sudo chmod a-w /etc/squid3/squid.conf.origin

Edit the Squid configuration file by opening a terminal window and entering :
sudo gedit /etc/squid3/squid.conf

Replace the content of the file with the following, adapt according to your network and acl
options and save :
#
# NCSA - ncsa_auth : auth_param section
# uncomment the line below to enable - require username and passwrd authentication
#auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd
#
# ACCESS CONTROLS OPTIONS
# ====================
#
acl QUERY urlpath_regex -i cgi-bin ? .php$ .asp$ .shtml$ .cfm$ .cfml$ .phtml$ .php3$ localhost
acl all src
acl localnet src 192.168.1.0/24 # Your internal network here
acl localhost src 127.0.0.1/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 81 3128 1025-65535
acl sslports port 443 563 81 2087 10000
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com
acl ym dstdomain .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com
acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com
acl ym dstdomain .voice.yahoo.com
acl social dstdomain .facebook.com .twitter.com .skype.com
acl ymregex url_regex yupdater.yim ymsgr myspaceim
# NCSA - uncomment the following two lines to enable username and password authentication
#acl ncsa_users proxy_auth REQUIRED
#http_access allow ncsa_users
# HTTP Access
http_access deny ym
http_access deny ymregex
http_access deny social
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge

http_access deny !safeports

http_access deny CONNECT !sslports
http_access allow localhost
http_access allow localnet
http_access deny all
#
# NETWORK OPTIONS
#
#
# NCSA - remove the word 'transparent' from the line below to enable username and password
authentication
http_port 3128 transparent
#
# OPTIONS WHICH AFFECT THE CACHE SIZE
# ==============================
#
cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir aufs /home/cache 10000 14 256
maximum_object_size 128000 KB
cache_swap_low 95
cache_swap_high 99
#
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# ==================================
#
access_log /var/log/squid3/access.log
cache_log /cache/cache.log
#cache_log /dev/null
cache_store_log none
logfile_rotate 5
log_icp_queries off
#
# OPTIONS FOR TUNING THE CACHE
# ========================
#
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080 reload-into-ims
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i .(gif|png|jp?g|ico|bmp|tiff?)$ 10080 95% 43200 override-expire override-lastmod
reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i .(rpm|cab|deb|exe|msi|msu|zip|tar|xz|bz|bz2|lzma|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|
nth|psd|sis)$ 10080 90% 43200 override-expire override-lastmod reload-into-ims ignore-no-cache
ignore-private
refresh_pattern -i .(avi|iso|wav|mid|mp?|mpeg|mov|3gp|wm?|swf|flv|x-flv|axd)$ 43200 95% 432000
override-expire override-lastmod reload-into-ims ignore-no-cache ignore-private
refresh_pattern -i .(html|htm|css|js)$ 1440 75% 40320
refresh_pattern -i .index.(html|htm)$ 0 75% 10080
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 1440 90% 10080
#

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
store_avg_object_size 13 KB
#
# HTTP OPTIONS
# ===========
vary_ignore_expire on
#
# ANONIMITY OPTIONS
# ===============
#
request_header_access From deny all
request_header_access Server deny all
request_header_access Link deny all
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
#
# TIMEOUTS
# =======
#
forward_timeout 240 second
connect_timeout 30 second
peer_connect_timeout 5 second
read_timeout 600 second
request_timeout 60 second
shutdown_lifetime 10 second
#
# ADMINISTRATIVE PARAMETERS
# =====================
#
cache_mgr ninja
cache_effective_user proxy
cache_effective_group proxy
httpd_suppress_version_string on
visible_hostname ubb01.mydomain.local
#
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
#
# DNS OPTIONS
# ==========
#
dns_timeout 10 seconds
dns_nameservers 192.168.0.1 8.8.8.8 8.8.4.4 # DNS Server
#
# MISCELLANEOUS
# ===========
#
memory_pools off
client_db off
reload_into_ims on

coredump_dir /cache
pipeline_prefetch on
offline_mode off
#
#Marking ZPH
#==========
zph_mode tos
zph_local 0x04
zph_parent 0
zph_option 136
### END CONFIGURATION ###

Create SWAP directory for Squid.

Open a Terminal Window and enter the following :
squid3 -z

Configure IP Forwarding.
Open a Terminal Window and enter the following :
sudo su
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf
exit

Setup IPtables rules.

Open a Terminal Window and enter the following :
sudo gedit /etc/iptables.up.rules

Add the following to the end of the file and save.

*nat
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.2:3128
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
COMMIT

Setup NAT routing at startup.

Open a editor and add the following :
sudo gedit /etc/rc.local

Add the following to the /etc/rc.local file BEFORE the exit line
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE

Fix Sarg log file location issue.

Open a Terminal Window and enter the following or change the link in Webmin module
config :

sudo ln -s /var/log/squid3 /var/log/squid

Optional : Username and Password Access Control ( *optional steps from this great Squid
guide)
*You can configure squid to prompt users for a username and
password using ncsa_auth that reads any NCSA-compliant encrypted password file. You can use
the htpasswd program that comes installed with Apache to create your passwords.
sudo touch /etc/squid3/squid_passwd
sudo chmod o+r /etc/squid3/squid_passwd

*Then uncomment the lines in the squid.conf file above to enable NCSA username and
password authentication. (see comments in squid.conf file below. Note there are several options to
enable.)
*To add new users to squid use the htpasswd command (change administrator below for the
username) or use Webmin to add new proxy users:
sudo htpasswd /etc/squid3/squid_passwd administrator

*NOTE: You cannot use the NCSA username and password authentication in combination
with a transparent proxy. So if you do select this option you will need to manualy add 192.168.1.2
(the IP of your internal network adaptor eth1) port 3128 as the http proxy to each client machine
on the network. This is why this option is disabled by default in this setup.
Restart Squid and Networking.
Open a Terminal Window and enter the following :
sudo service squid3 stop
sudo service squid3 start
sudo service networking restart

Optional : Install SquidGuard Blacklist Web Filter Plugin for Squid with this excellent guide
by nixCraft
Optional : Install DansGuardian Dynamic Web Content Filter Plugin for Squid. "It filters the
actual content of pages based on many methods including phrase matching, PICS filtering and URL
filtering. It does not purely filter based on a banned list of sites like lesser totally commercial
filters". To install open a terminal window and enter:
sudo apt-get install dansguardian

10. Install and configure DHCP Server - ISC DHCP

Install a DHCP server to act on the internal network and assign IP, cache and routing
information dynamically to users on the network.
You could assign static IP addresses on the network as well but then you would need to
manually configure the proxy and gateway information on each computer or network device.
Open a Terminal Window and enter the following :

sudo apt-get install isc-dhcp-server

Then we need to edit the DHCP configuration settings.

sudo gedit /etc/dhcp/dhcpd.conf

Add the following to the end of the file and save.

Make sure to change your domain name details as shown in blue below.
Also add other DNS nameservers for your local service provider if needed.
# UBB DHCP settings
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.20 192.168.1.250;
option domain-name "ubb01.mydomain.local";
option routers 192.168.1.2;
option domain-name-servers 192.168.1.2, 8.8.8.8, 196.43.1.11;
option netbios-name-servers 192.168.1.2;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
default-lease-time 600;
max-lease-time 7200;
}

Select network adaptor for DHCP server.

Open a Terminal Window and enter the following :
sudo gedit /etc/default/isc-dhcp-server

Change the value of INTERFACES to INTERFACES="eth1" as shown below and save.

11. Install and configure Samba

Install Samba by opening a terminal window and entering:

sudo apt-get install samba samba-common libpam-smbpass winbind smbclient libcups2

We will be using Samba as a standalone server and set-up as per the brilliant instructions
from HowtoForge

Next we need to edit the /etc/samba/smb.conf file to uncomment security = user. You could
use sed and these three lines to do the search and replace via the command line. Double check as
the spaces in the script could change in future config files.
sudo sed 's/# security = user/security = user/g' /etc/samba/smb.conf > /tmp/.smb.conf
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.backup
sudo mv /tmp/.smb.conf /etc/samba/smb.conf

Create directories for sharing

sudo mkdir -p /home/shares/allusers
sudo chown -R root:users /home/shares/allusers/
sudo chmod -R ug+rwx,o+rx-w /home/shares/allusers/

Then edit smb.conf file.

sudo gedit /etc/samba/smb.conf

Add the following and save

[allusers]
comment = All Users
path = /home/shares/allusers
valid users = @users
force group = users
create mask = 0660
directory mask = 0771
writable = yes
[homes]
comment = Home Directories
browseable = no
valid users = %S
writable = yes
create mask = 0700
directory mask = 0700

Restart Samba server

sudo service smbd restart

Add your admin user to samba users to access allusers folder. We

will add administrator to the Samba share group "users" for this example.
sudo usermod -aG users administrator

Finally set a Samba password for administrator

sudo smbpasswd -a administrator

You should be able to access the allusers folder and login from a client machine with your
administrator username and password at his point by using

smb://ubb01/allusers/

If you have completed step 13. and 14. each user will be able to access their own private home folder
using

smb://ubb01/<username>

12. Install Webmin

Download and install the support software and latest version of Webmin directly from the
website with the commands below .
After installation you will be able to assess webmin via any browser on the network
via https://192.168.0.2:10000 orhttps://ubb01.mydomain.local:10000
Open a Terminal Window and enter the following :
sudo apt-get install webalizer smartmontools vlogger awstats geoip-database

Remove awstats cron jobs

sudo rm /etc/cron.d/awstats

Finally download and install Webmin

cd /tmp
sudo wget http://www.webmin.com/download/deb/webmin-current.deb
sudo dpkg --install webmin-current.deb
sudo rm webmin-current.deb

13. Install AntiVirus and AntiSpam

Open a terminal window and enter:

sudo apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch
lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-stringperl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl

We can stop spamassassin as amavisd loads this internally.

Open a Terminal Window and enter the following :
sudo service spamassassin stop
sudo update-rc.d -f spamassassin remove

14. Install Webserver - Apache | PHP | PHPMyAdmin

Open a terminal window and enter:

sudo apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils
libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap
phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-ruby
php5-dev php-pear make

You will be asked the following questions:

Web server to reconfigure automatically: apache2

Configure database for phpmyadmin with dbconfig-common: No
Then open a Terminal Window and enter the following :
sudo a2enmod suexec rewrite ssl actions include dav_fs dav auth_digest proxy proxy_http headers

Restart Apache :
sudo service apache2 restart

15. Install FTP sever - ProFTP

Open a terminal windows and enter:

sudo apt-get install proftpd proftpd-mod-mysql openssl

You will be asked which mode to run ProFTP - Run proftpd: Standalone
Edit the file /etc/proftpd/proftpd.conf
sudo gedit /etc/proftpd/proftpd.conf

Add the following three lines and save:

Include /etc/proftpd/tls.conf
DefaultRoot ~
ServerIdent on "FTP Server ready."

Create SSL Certificate for TLS FTP support

sudo mkdir /etc/proftpd/ssl
sudo openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout
/etc/proftpd/ssl/proftpd.key.pem

The edit the /etc/proftpd/tls.conf file and add this to the end and save:
<IfModule mod_tls.c>

TLSEngine
on
TLSLog
/var/log/proftpd/tls.log
TLSProtocol
SSLv23
TLSOptions
NoCertRequest AllowClientRenegotiations
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient
off
TLSRequired
off
</IfModule>

Restart ProFTP Server

sudo service proftpd restart

16. Enable and configure Firewall - ufw

ufw firewall is installed by default on Ubuntu 12.04.

gufw is a handy GUI frontends for ufw to manage the firewall.
Install on your system by opening a terminal windows and enter:
sudo apt-get install ufw gufw

Then enabe ufw. Open a terminal window and enter :

sudo ufw enable

Then open ports for various servers and services running on the server.
Enter one at a time from a terminal window to add the rules, or use gufw to open the ports :
sudo ufw allow 21/tcp # ftp
sudo ufw allow 22/tcp # ssh
sudo ufw allow 25/tcp # smtp
sudo ufw allow 53/tcp # domain
sudo ufw allow 80/tcp # http
sudo ufw allow 110/tcp # pop3
sudo ufw allow 139/tcp # netbios-ssn samba
sudo ufw allow 143/tcp # imap
sudo ufw allow 443/tcp # https
sudo ufw allow 445/tcp # microsoft-ds samba
sudo ufw allow 631/tcp # cups
sudo ufw allow 993/tcp # imaps
sudo ufw allow 995/tcp # pop3s
sudo ufw allow 3128/tcp # squid-http
sudo ufw allow 3306/tcp # mysql
sudo ufw allow 4190/tcp # SOGo sieve
sudo ufw allow 5900/tcp # x11vnc
sudo ufw allow 8800/tcp # DAV
sudo ufw allow 10000/tcp # webmin
sudo ufw allow 10024/tcp # smtp amavis
sudo ufw allow 11211/tcp # memcached

sudo ufw allow 20000/tcp # http-proxy

After reboot make sure that ufw is loaded. Open a terminal window and enter :
sudo ufw status

17. Install Groupware Email Contacts and Calander - SOGo

SOGo is a very impressive open source groupware project, with many features and options to
enable mail, contact and calendar sharing support.
Complete setup of SOGo currently falls beyond the scope of this guide due to the vast
configuration options available.
The installation instructions presented here are very specific for using MySQL as database
for SOGo and as an User Source.
Complete documentation available on the SOGo website. And this good SOGo Debian
Wiki guide which these instructions are based on.
Start by adding the software source and install. Open a terminal window and enter:
sudo apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4
sudo su
echo "deb http://inverse.ca/ubuntu precise precise" >> /etc/apt/sources.list
exit
sudo apt-get update
sudo apt-get install sogo sope4.9-gdl1-mysql memcached rpl

Ignore all installation errors and fix some things with the commands below:
sudo rpl 'SHOWWARNING=true' 'SHOWWARNING=false' /etc/tmpreaper.conf # suppress tmpreaper
warnings
sudo rpl '127.0.0.1' localhost /etc/memcached.conf # Fix IPv6 errors
sudo service mysql restart
sudo service memcached restart

Setup the SOGo MySQL database and add some demo users. Change sogopasswd for your
sogo user password:
sudo mysql -u root -p mysql
mysql> CREATE DATABASE `sogo` CHARACTER SET='utf8';
mysql> CREATE USER 'sogo'@'localhost' IDENTIFIED BY 'sogopasswd';
mysql> GRANT ALL PRIVILEGES ON `sogo`.* TO 'sogo'@'localhost' WITH GRANT OPTION;
mysql> USE sogo;
mysql> CREATE TABLE sogo_users (c_uid VARCHAR(60) PRIMARY KEY, c_name
VARCHAR(60), c_password VARCHAR(32), c_cn VARCHAR(128), mail VARCHAR(128));
mysql> INSERT INTO sogo_users VALUES ('paul', 'paul', MD5('zxc'), 'Paul Example',
'paul@mydomain.com');
mysql> INSERT INTO sogo_users VALUES ('piet', 'piet', MD5('zxc'), 'Piet Jansen',
'piet@mydomain.com');
mysql> FLUSH PRIVILEGES;

mysql> quit

Add Apache modules:

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod headers
sudo a2enmod rewrite

Restart Apache
sudo service apache2 restart

Create the SOGo Configuration File changing details according to your setup.
After entering the configuration settings below the complete SOGo configuration file, is
located in/home/sogo/GNUstep/Defaults/.GNUstepDefaults
sudo su sogo
defaults write sogod SOGoTimeZone "Africa/Johannesburg"
defaults write sogod SOGoMailDomain "mydomain.local"
defaults write sogod SOGoLanguage English
defaults write sogod SOGoAppointmentSendEMailNotifications YES
defaults write sogod SOGoFoldersSendEMailNotifications YES
defaults write sogod SOGoACLsSendEMailNotifications YES
defaults write sogod SOGoLoginModule Calendar
defaults write sogod SOGoSieveScriptsEnabled YES
# sometimes Sieve is running on port 2000, port 4190 is relative new:
defaults write sogod SOGoSieveServer sieve://localhost:4190
defaults write sogod SOGoVacationEnabled YES
defaults write sogod SOGoMailMessageCheck every_5_minutes
defaults write sogod SOGoFirstDayOfWeek 1
defaults write sogod SOGoSuperUsernames '( "admin" )'
# MySQL defaults
defaults write sogod OCSFolderInfoURL
"mysql://sogo:sogopasswd@127.0.0.1:3306/sogo/sogo_folder_info"
defaults write sogod SOGoProfileURL
"mysql://sogo:sogopasswd@127.0.0.1:3306/sogo/sogo_user_profile"
defaults write sogod OCSSessionsFolderURL
"mysql://sogo:sogopasswd@127.0.0.1:3306/sogo/sogo_sessions_folder"
# Set MySQL authentication Usersources
defaults write sogod SOGoUserSources '({canAuthenticate = YES;
displayName = "SOGo Users";
id = users;
isAddressBook = YES;
type = sql;
userPasswordAlgorithm = md5;
viewURL ="mysql://sogo:sogopasswd@127.0.0.1:3306/sogo/sogo_users";
})'
# Use SMTP
defaults write sogod SOGoMailingMechanism smtp
defaults write sogod SOGoSMTPServer localhost

#IMAP config
defaults write sogod SOGoDraftsFolderName Drafts
defaults write sogod SOGoSentFolderName Sent
defaults write sogod SOGoTrashFolderName Trash
defaults write sogod SOGoIMAPServer localhost
exit

Restart SOGo
sudo service sogo restart

Create new Virtual Host for SOGo and remove SOGo.conf

sudo mv /etc/apache2/conf.d/SOGo.conf /etc/apache2/conf.d/SOGo.conf-backup
sudo su
echo "# disabled" >> /etc/apache2/conf.d/SOGo.conf
exit

Create a new sogo.mydomain.local virtualhost file:

sudo gedit /etc/apache2/sites-available/sogo.mydomain.local

Then add the following and save.

<VirtualHost *:80>
ServerName sogo.mydomain.local
ServerAlias sogo.local
DocumentRoot /usr/lib/GNUstep/SOGo/WebServerResources/
ErrorLog /var/log/apache2/error.log
Customlog /var/log/apache2/access.log combined
ServerSignature Off
Alias /SOGo.woa/WebServerResources/ /usr/lib/GNUstep/SOGo/WebServerResources/
Alias /SOGo/WebServerResources/ /usr/lib/GNUstep/SOGo/WebServerResources/
AliasMatch /SOGo/so/ControlPanel/Products/(.*)/Resources/(.*) /usr/lib/GNUstep/SOGo/
$1.SOGo/Resources/$2
<Directory /usr/lib/GNUstep/SOGo/>
AllowOverride None
Order deny,allow
Allow from all
</Directory>
<LocationMatch "^/SOGo/so/ControlPanel/Products/.*UI/Resources/.*\.(jpg|png|gif|css|js)">
SetHandler default-handler
</LocationMatch>
ProxyRequests Off

SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
<Proxy http://127.0.0.1:20000/SOGo>
RequestHeader set "x-webobjects-server-port" "80"
RequestHeader set "x-webobjects-server-name" "sogo.mydomain.local"
RequestHeader set "x-webobjects-server-url" "http://sogo.mydomain.local"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
RequestHeader set "x-webobjects-remote-host" %{REMOTE_HOST}e env=REMOTE_HOST
AddDefaultCharset UTF-8
Order allow,deny
Allow from all
</Proxy>
## We use mod_rewrite to pass remote address to the SOGo proxy.
# The remote address will appear in SOGo's log files and in the X-Forward
# header of emails.
RewriteEngine On
RewriteRule ^/SOGo/(.*)$ /SOGo/$1 [env=REMOTE_HOST:%{REMOTE_ADDR},PT]
Redirect permanent /index.html http://sogo.mydomain.local/SOGo
</VirtualHost>
<VirtualHost *:8800>
# this virtualhost is only for carddav on Mac and not tested very well
RewriteEngine Off
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
ProxyPassInterpolateEnv On
ProxyPass /principals http://127.0.0.1:20000/SOGo/dav/ interpolate
ProxyPass /SOGo http://127.0.0.1:20000/SOGo interpolate
ProxyPass / http://127.0.0.1:20000/SOGo/dav/ interpolate
<Location />
Order allow,deny
Allow from all
</Location>
<Proxy http://127.0.0.1:20000>
RequestHeader set "x-webobjects-server-port" "8800"
RequestHeader set "x-webobjects-server-name" "sogo.mydomain.local:8800"
RequestHeader set "x-webobjects-server-url" "https://sogo.mydomain.local:8800"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
RequestHeader set "x-webobjects-remote-host" "127.0.0.1"
AddDefaultCharset UTF-8
</Proxy>
ErrorLog /var/log/apache2/error.log
Customlog /var/log/apache2/access.log combined
</VirtualHost>

Enable the new virtualhost in Apache and restart webserver:

sudo a2ensite sogo.mydomain.local

sudo service apache2 restart

You should be able to login to SOGo web interface with you demo users credentials.
Open a browser and go to:
http://ubb01.mydomain.local/SOGo OR http://sogo.mydomain.local/SOGo