- activeCollab System Requirements
- Test if Your Server Meets the System Requirements
- activeCollab Installation
- Upgrade Instructions
- Upgrading from activeCollab Version 2
- Securing Your activeCollab
- Removing /public/index.php from URL-s
- Moving activeCollab to Another Server
- What are Scheduled Tasks? How to set them?
- Outgoing Mail Setup
- Incoming Mail Setup
- What is the Reply To Email tool?
- How to increase the maximum upload size?
- How to resolve an email conflict?
- Improving Search Index
- Debugging activeCollab
- File and Folder Permissions
- How do I fix missing icons and images in activeCollab?
- Solving Memory Problems
- Resolving "Failed to connect to database" Crashes
- Fixing Crashed or Corrupt MySQL Tables
- How to Turn Off eAccelerator or XCache?
- How to Backup and Restore activeCollab?
- How to configure the data cache?
- Custom Login and Logout Page
Securing Your activeCollab
Even if activeCollab is very safe to use, there are a couple of security measures which can be taken in order to reduce unnecessary risk.
Install activeCollab Behind the Document Root #
Installing activeCollab above the site root ensures that only files from the /public folder are publicly available, while all other files are not accessible on the web. Even though the system encodes file names and comes with .htaccess protection by default, for folders with sensitive data (/upload, /thumbnails and other), the best approach is to have them installed above the site root.
The following steps demonstrate how to install activeCollab with the /public folder as a document root:
Define a virtual host where the http://intranet is mapped as public folder of your activeCollab setup. You can do that like this:
1 2 3 4
<VirtualHost *> ServerName intranet DocumentRoot /Library/WebServer/Documents/intranet/public </VirtualHost>
Install activeCollab by visiting http://intranet and starting the activeCollab install utility.
When you confirm that activeCollab is running properly, open config/config.php and add the following line to the block where all other configuration options are defined:
1
define('PUBLIC_AS_DOCUMENT_ROOT', true);
- Sometimes the document root folders are not named public (it can be called public_html, web, etc). In that case, put the content of the /public folder in your document root, run the installer and when you're done open config/config.php and make sure that PUBLIC_FOLDER_NAME is set to the correct value.
- If you are using .htaccess fix to have 100% clean URLs, you will need to put it in /public folder and make appropriate changes to rewrite rules.
- Folders like /cache, /upload, /logs, and similar, are protected by .htaccess file with rules that restrict direct access to files located in these folders. Your server will need to be configured to allow overriding using .htaccess files. To learn more, read the Apache documentation.
Use SSL Encryption #
activeCollab is protocol agnostic, so if your server supports SSL and has proper certificates installed, it will work on HTTPS as well as on HTTP. All you need to do is to run the Installer on the proper protocol and your activeCollab will use the HTTPS URL automatically.
If you already have activeCollab installed on HTTP, and decide to add the certificate later, you need to change the protocol in the config/config.php file and change the line:
1
define('ROOT_URL', 'http://example.com/public')
into:
1
define('ROOT_URL', 'https://example.com/public')
After the update is made don't forget to delete files, except the .htaccess files from the /cache and /compile folders of your activeCollab setup.
