Install EGroupware on Ubuntu 24.04 / Debian 13

EGroupware is an open-source collaboration suite written in PHP that provides calendar, email, contacts, project management, file sharing, and time tracking in a single web-based platform. It supports CalDAV and CardDAV for syncing with mobile devices and desktop clients, making it a solid self-hosted alternative to commercial groupware solutions like Microsoft 365 or Google Workspace.

Original content from computingforgeeks.com - post 52524

This guide walks through installing EGroupware 26.x on Ubuntu 24.04 LTS or Debian 13 (Trixie) using the official DEB packages. The current EGroupware installation method is Docker-based – the DEB package handles Docker setup, container orchestration, and service configuration automatically. You get a production-ready stack with PHP 8.5 FPM, MariaDB 11.8, and Nginx running in containers, managed through standard system packages.

Prerequisites

Before starting the installation, make sure you have the following in place:

• A server running Ubuntu 24.04 LTS or Debian 13 with at least 2 GB RAM and 2 CPU cores
• Root or sudo access to the server
• A registered domain name pointed to your server’s public IP (for SSL and web access)
• Ports 80 (HTTP) and 443 (HTTPS) open in your firewall
• A working internet connection for downloading packages and container images

Step 1: Update System Packages

Start by updating your package index and installing any pending upgrades. This ensures you have the latest security patches and package metadata before adding third-party repositories.

sudo apt update && sudo apt upgrade -y

Install a few utilities needed during the setup process:

sudo apt install -y curl gnupg apt-transport-https software-properties-common

Step 2: Add the EGroupware Repository and Install

EGroupware publishes official packages through the openSUSE Build Service. Add the repository matching your distribution, then import the GPG signing key.

For Ubuntu 24.04

Add the EGroupware repository and its signing key:

echo 'deb http://download.opensuse.org/repositories/server:/eGroupWare/xUbuntu_24.04/ /' | sudo tee /etc/apt/sources.list.d/egroupware.list

wget -nv https://download.opensuse.org/repositories/server:/eGroupWare/xUbuntu_24.04/Release.key -O - | sudo tee /etc/apt/trusted.gpg.d/egroupware.asc

For Debian 13

Add the Debian 13 repository and signing key:

echo 'deb http://download.opensuse.org/repositories/server:/eGroupWare/Debian_13/ /' | sudo tee /etc/apt/sources.list.d/egroupware.list

wget -nv https://download.opensuse.org/repositories/server:/eGroupWare/Debian_13/Release.key -O - | sudo tee /etc/apt/trusted.gpg.d/egroupware.asc

Install EGroupware

Update the package index to pick up the new repository, then install the EGroupware Docker package. This meta-package pulls in Docker, sets up all required containers (PHP 8.5 FPM, MariaDB 11.8, Nginx, push server), and configures them automatically.

sudo apt update
sudo apt install -y egroupware-docker

The installation takes a few minutes as it downloads container images. When it finishes, all EGroupware services start automatically.

Verify that the containers are running:

sudo docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"

You should see containers for egroupware, egroupware-db, egroupware-nginx, egroupware-push, and egroupware-watchtower all showing “Up” status:

NAMES                  STATUS          PORTS
egroupware-nginx       Up 2 minutes    0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp
egroupware             Up 2 minutes    9000/tcp
egroupware-db          Up 2 minutes    3306/tcp
egroupware-push        Up 2 minutes    9501/tcp
egroupware-watchtower  Up 2 minutes

Step 3: Review the Database Configuration

The egroupware-docker package automatically provisions a MariaDB 11.8 instance inside a container. The database credentials are generated during installation and stored in the Docker environment. You do not need to manually create a database or user – the installer handles this entirely.

To view the database credentials that were configured, check the installation log:

sudo cat /var/lib/egroupware/egroupware-docker-install.log

This log contains the MariaDB root password and the EGroupware database credentials. Save these somewhere secure – you will need them if you ever need to access the database directly for maintenance or backups.

You can also connect to the MariaDB container directly for manual operations. If you need to manage MariaDB databases for other applications on the same server, consider running a separate instance outside of Docker.

sudo docker exec -it egroupware-db mariadb -u root -p

Step 4: Run the EGroupware Web Setup Wizard

Open your browser and navigate to your server’s IP address or domain name. The EGroupware setup wizard starts automatically on first access:

http://your-server-ip/egroupware/setup/

The setup wizard walks through these steps:

• Database configuration – The database settings are pre-filled from the Docker setup. Verify the host is egroupware-db, the database name is egroupware, and click “Test connection” to confirm connectivity
• Create database tables – Click “Install” to create all required database tables and populate initial data
• Admin account – Set the administrator username and password. Use a strong password – this account has full control over the entire EGroupware installation
• Language and timezone – Select your preferred language and server timezone
• Application selection – Choose which EGroupware modules to enable. The defaults (Calendar, Addressbook, Mail, InfoLog, Timesheet, Filemanager) cover most use cases. You can enable or disable applications later from the admin panel

After completing the wizard, the setup redirects you to the EGroupware login page. Sign in with the admin credentials you just created.

If you missed the initial setup prompt, check the installation log for auto-generated credentials:

sudo grep -i "admin\|password" /var/lib/egroupware/egroupware-docker-install.log

Step 5: Configure the Web Server

The default installation uses Nginx as a reverse proxy running inside a Docker container. It listens on ports 80 and 443 on the host and forwards requests to the PHP-FPM container.

Using the Default Nginx Setup

The Nginx configuration is managed inside the container and works out of the box. To view or customize the Nginx config:

sudo docker exec egroupware-nginx cat /etc/nginx/conf.d/default.conf

If you need to make changes, edit the config on the host and restart the container:

sudo vi /var/lib/egroupware/nginx.conf

After making changes, restart the Nginx container to apply them:

sudo docker restart egroupware-nginx

Using Apache Instead of Nginx

If you prefer Apache as your web server, install it alongside the EGroupware package. The package detects Apache and configures it as the reverse proxy instead of the Nginx container:

sudo apt install -y egroupware-docker apache2

Enable the required Apache modules for proxying to the Docker containers:

sudo a2enmod proxy proxy_http proxy_fcgi rewrite headers ssl
sudo systemctl restart apache2

When Apache is installed, the egroupware-nginx container is not started. Apache on the host handles all HTTP/HTTPS traffic directly.

Step 6: Configure Email Integration

EGroupware includes a full-featured webmail client. To connect it to your mail server, log in as admin and navigate to Admin > Email > Mail server configuration.

Configure the following settings:

• IMAP Server – Enter your IMAP server hostname (e.g., mail.example.com), port 993 for SSL/TLS or 143 for STARTTLS
• SMTP Server – Enter your SMTP server hostname, port 587 for STARTTLS or 465 for SSL/TLS
• Authentication – Select the authentication method your mail server uses (typically “Username/Password” with the user’s email credentials)
• Sieve – If your mail server supports Sieve filtering (port 4190), enable it for server-side mail rules

Click “Save” and test by sending a message from the Mail application. Each user can also configure their own external mail accounts under Preferences > Mail.

For a complete mail server setup, you can pair EGroupware with Zimbra or any standard IMAP/SMTP server like Postfix and Dovecot.

Step 7: Configure CalDAV and CardDAV Sync

EGroupware supports CalDAV and CardDAV out of the box, allowing you to sync calendars and contacts with mobile devices and desktop clients like Thunderbird, Apple Calendar, and GNOME Calendar.

The sync URLs follow this pattern:

• CalDAV (Calendars): https://your-domain.com/egroupware/groupdav.php/username/calendar/
• CardDAV (Contacts): https://your-domain.com/egroupware/groupdav.php/username/addressbook/
• Auto-discovery URL: https://your-domain.com/egroupware/groupdav.php/

Most modern CalDAV/CardDAV clients support auto-discovery. When adding a new account in your client, enter the auto-discovery URL with your EGroupware username and password. The client will find all available calendars and address books automatically.

Thunderbird Setup

In Thunderbird, install the TbSync and Provider for CalDAV/CardDAV add-ons. Then go to TbSync > Account actions > Add new account > CalDAV/CardDAV. Enter the auto-discovery URL and your credentials. Thunderbird will detect all calendars and address books.

iOS and Android

On iOS, go to Settings > Calendar > Accounts > Add Account > Other > CalDAV. Enter the server URL, username, and password. For Android, use an app like DAVx5 (open source) and add a new account with the auto-discovery URL.

Step 8: Configure the Firewall

Open the required ports for HTTP and HTTPS traffic. If you are running UFW (the default firewall on Ubuntu), allow these ports:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw reload

If UFW is not yet enabled, enable it first. Make sure to allow SSH before enabling the firewall to avoid locking yourself out:

sudo ufw allow 22/tcp
sudo ufw enable

Verify the firewall rules are active:

sudo ufw status verbose

The output should show ports 22, 80, and 443 allowed:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
443/tcp                    ALLOW IN    Anywhere

If you also need CalDAV/CardDAV sync to work through non-standard ports or your mail integration uses specific ports, add those as well. The standard CalDAV/CardDAV traffic goes over HTTPS (port 443), so no extra rules are needed for sync.

Step 9: Enable SSL with Let’s Encrypt

Running EGroupware over HTTPS is essential – it handles login credentials, email, and sensitive collaboration data. Use Let’s Encrypt to get a free SSL certificate.

Install Certbot:

sudo apt install -y certbot

If Using the Default Nginx (Docker)

Stop the Nginx container temporarily so Certbot can bind to port 80 for the domain challenge:

sudo docker stop egroupware-nginx
sudo certbot certonly --standalone -d egroupware.example.com
sudo docker start egroupware-nginx

Replace egroupware.example.com with your actual domain. The certificate files are saved to /etc/letsencrypt/live/egroupware.example.com/.

Next, configure the Nginx container to use the SSL certificate. Edit the Nginx configuration:

sudo vi /var/lib/egroupware/nginx.conf

Add the SSL server block or update the existing one to include:

server {
    listen 443 ssl http2;
    server_name egroupware.example.com;

    ssl_certificate /etc/letsencrypt/live/egroupware.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/egroupware.example.com/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        proxy_pass http://egroupware:9000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Make sure the Let’s Encrypt directory is mounted into the Nginx container. Edit the Docker Compose file:

sudo vi /var/lib/egroupware/docker-compose.yml

Under the egroupware-nginx service, add the Let’s Encrypt volume mount:

    volumes:
      - /etc/letsencrypt:/etc/letsencrypt:ro

Restart the containers to apply the changes:

cd /var/lib/egroupware && sudo docker compose up -d

If Using Apache

If you chose Apache in Step 5, use the Certbot Apache plugin for automatic configuration:

sudo apt install -y python3-certbot-apache
sudo certbot --apache -d egroupware.example.com

Certbot automatically configures the Apache virtual host with SSL and sets up HTTP to HTTPS redirection.

Set Up Auto-Renewal

Let’s Encrypt certificates expire every 90 days. Certbot installs a systemd timer that handles renewal automatically. Verify it is active:

sudo systemctl status certbot.timer

The timer should show active (waiting). Test the renewal process without actually renewing:

sudo certbot renew --dry-run

After SSL is configured, access EGroupware at https://egroupware.example.com/egroupware/. All calendar sync, email, and login traffic is now encrypted.

Conclusion

You now have a working EGroupware 26.x installation on Ubuntu 24.04 or Debian 13 with containerized services, email integration, CalDAV/CardDAV sync, and SSL encryption. The Docker-based architecture simplifies updates – the watchtower container automatically pulls new images as they are released.

For production hardening, set up regular database backups using docker exec egroupware-db mariadb-dump, configure a reverse proxy with rate limiting if the server is internet-facing, and monitor container health with a tool like Prometheus or a simple cron-based health check. Check the official EGroupware installation wiki for advanced configuration options and troubleshooting. For other open-source collaboration tools, explore alternatives like Nextcloud or Zimbra depending on your specific needs.