Microsoft 365 open source replacement - Part 1 - Solution Design

-

This is an open source solution as an alternative to Microsoft 365.

Here is the overview of the solution.


Let me introduce the function of each components.

Cloudflare

First of all , we use Cloudflare as our first line of defend. The free plan include SSL certificate , Global CDN and Unmetered mitigation of DDoS attacks with up to 59 Tbps capacity.


 Nginx

Master nginx will act as the reverse proxy for most of the services. So that you wouldn't need to configure ssl certificate for each of the services behind the nginx. And you can configure a lot of settings here, for example, limit service access by incoming ip address , fault tolerance and load balance the service.

This is a example if you need HA or load balance


Authelia

Authelia will work together with Nginx to provide 2FA protection for the services that don't support 2FA. For our case here, Guacamole, Bookstack and LDAP Manager do not have 2FA, so we will shield it with Authelia.

Zimbra

Zimbra Collaboration is a collaborative software suite that includes an email server and a web client. In my solution, we mainly rely on the email server and the web base user friendly admin console.

You can replace it a more simple email server which require less resources and able to run on docker. Please refer to the link below.

Setup mail server with ldap authentication in docker

Nextcloud

The purpose for nextcloud is for user to synchronize their personal file into the server as a backup and also encourage user to make use of the online platform for document editing. Although nextcloud support group folder but that is not encourage.

Onlyoffice

Nextcloud with onlyoffice document server addon, will enable user edit office document store in the nextcloud using browser. Multiple user are able to work on the same at the same time. The free version of onlyoffice document server support up to 20 concurrent connections.

Multiple user able to work on a file at the same time


Collabora Online Development Edition (CODE)

Collabora Online is a powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats, which you can integrate into your own infrastructure. Key features are collaborative editing and excellent office file format support.

The free version of the Collabora Online Development Edition.

You can install only Onlyoffice or Collabora. When you install both, if Onlyoffice is run out of connection, user can still use Collabora for document editing.

Bookstack

BookStack is a simple, self-hosted, easy-to-use platform for organizing and storing information.

I would suggest to store companies information using bookstack so that your user wouldn't take away all your information by just copy files and folder. Bookstack support versioning and access control.

Bookstack also support diagram.net integration, so if you need to draw diagram frequently as part of the documentation, you will like this integration.


LDAP Manager

LDAP manager is just a web interface for administrator to create or modify user account. And user will use this web interface for password changing.

Guacamole

Last but not least , Guacamole for IT guy like us. I found that it is very troublesome to look for SSH or RDP client whenever we need to perform some simple task or troubleshooting issue. So I decided to have Guacamole as my web base ssh client.

Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. They call it clientless because no plugins or client software are required. Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.

This will be the end of part one. I will share the installation of each components in part two.



---

Comments

Post a Comment

Feel free to leave your question or comment here, we will reply you as soon as possible.

Popular posts from this blog

Setup mail server with ldap authentication in docker

-
Getting an email server to run in docker is easy but getting an email server with ldap authentication to run in docker spend me a week to get up and running. Here are the steps that I taken. I will assume you already know how to install docker. Install LDAP. docker run \              --detach \              --restart unless-stopped \              --name openldap \              -e LDAP_ORGANISATION=domain \              -e LDAP_DOMAIN=domain.com \              -e LDAP_ADMIN_PASSWORD=complex-password \              -e LDAP_RFC2307BIS_SCHEMA=true \              -e LDAP_REMOVE_CONFIG_AFTER_SETUP=true \              -e LDAP_TLS=false \              -p 389:389 \              --volume /data/openldap/var_lib_ldap:/var/lib/ldap \              --volume /data/openldap/etc_ldap_slapd.d:/etc/ldap/slapd.d \              osixia/openldap:latest Install postfix-book schema into the ldap. # cd /etc/ldap/schema # apt update # apt install vim wget # wget https://raw.githubusercontent.com/variablenix/ldap-
Read more

How to allow non root user to execute hping command ?

-
If you run hping command without root permission or without sudo and you receive this error : [open_sockraw] socket(): Operation not permitted [main] can't open raw socket This command might be able to help you. sudo setcap cap_net_raw+ep /usr/bin/hping3 (or any location of the hping command) setcap command is to set file capabilities. What are filesystem capabilities?    For the purpose of performing permission checks, traditional Unix implementations distinguish two categories of processes: privileged processes (whose effective user ID is 0, referred to as superuser or root), and unprivileged processes (whose effective UID is non-zero). Privileged processes bypass all kernel permission checks, while unprivileged processes are subject to full permission checking based on the process's credentials (usually: effective UID, effective GID, and supplementary group list).  Starting with kernel 2.2, Linux divides the privileges traditionally associated with super
Read more

Boot Acronis from PXE

-
Image
I found these two articles about booting into acronis environment using PXE. Source : http://thesystemadministrator.com/the_system_administrator/tips_%26_tricks/pxe%2c_aka_pre-execution_environment_-_part_1/ http://thesystemadministrator.com/the_system_administrator/tips_&_tricks/pxe,_aka_pre-execution_environment_and_acronis_-_part_2/ Few days ago, I’ve received 50 new servers without any OS preinstalled. The servers came without floppy drive and CD/DVD. I tried to connect an external CD (USB) or Disk on Key, but servers didn’t start. So, I decided to run PXE Boot . If you don't know what PXE is, here’s what is written in Wikipedia: “The Preboot Execution Environment (PXE, aka Pre-Execution Environment, or 'pixie') is an environment to boot computers using a network interface card independently of available data storage devices (like hard disks) or installed operating systems.” There are several solutions of PXE implementation. Microsoft has its Remote Installation Ser
Read more