How To

Install EGroupware on RHEL 10 / Rocky Linux 10

Josphat Mutai Updated Mar 22, 2026 · 7 min read

EGroupware is an open-source collaboration suite written in PHP that brings email, calendar, contacts, project management, file sharing, and time tracking into a single web-based platform. It supports CalDAV and CardDAV sync, integrates with Collabora Online for document editing, and includes Rocket.Chat for team messaging. EGroupware deploys as a set of Docker containers managed through a single package, making installation and updates straightforward.

Original content from computingforgeeks.com - post 51145

This guide walks through installing EGroupware on RHEL 10 or Rocky Linux 10 using the official repository. The installation uses Docker containers behind an Nginx reverse proxy, with MariaDB as the database backend. We also cover firewall configuration, CalDAV/CardDAV setup, and securing the instance with a free Let’s Encrypt SSL certificate.

Prerequisites

Before starting, confirm you have the following in place:

  • A server running RHEL 10 or Rocky Linux 10 with at least 2 GB RAM and 2 CPU cores
  • Root or sudo access to the server
  • A fully qualified domain name (FQDN) pointing to your server’s public IP – for example egroupware.example.com
  • Ports 80, 443, and 8080 available (not occupied by another web server)
  • An active internet connection to pull Docker images and packages

If you are running another web server like Apache or Nginx on ports 80/443, stop it before proceeding. EGroupware ships its own Nginx container.

Step 1: Add the EGroupware Repository

EGroupware packages are hosted on the openSUSE Build Service. Add the official repository that matches your distribution. For Rocky Linux 10 or RHEL 10, run:

sudo dnf install -y 'dnf-command(config-manager)'
sudo dnf config-manager --add-repo https://download.opensuse.org/repositories/server:eGroupWare/RockyLinux_10/server:eGroupWare.repo

Verify the repository was added successfully by listing it:

sudo dnf repolist | grep -i egroupware

You should see the eGroupWare repository in the output, confirming it is enabled and ready to use:

server_eGroupWare          server:eGroupWare (RockyLinux_10)

Step 2: Install EGroupware on RHEL 10 / Rocky Linux 10

The egroupware-docker package installs Docker (if not already present), pulls the required container images, and sets up a systemd service to manage the EGroupware stack. Install it with:

sudo dnf install -y egroupware-docker

This pulls and configures several containers including the EGroupware PHP application, Nginx web server, MariaDB 11.8 database, a push notification server, and Collabora Online for document editing. The installation takes a few minutes depending on your internet speed.

After installation completes, verify that Docker is running:

sudo systemctl status docker

Docker should show as active (running). Next, check the EGroupware containers:

sudo docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}"

You should see containers for egroupware, nginx, db (MariaDB), push server, and collabora – all in a healthy or running state. If any container shows as restarting, wait a minute and check again since some containers depend on the database being ready first.

Step 3: Configure MariaDB Database

EGroupware runs MariaDB 11.8 inside a Docker container with auto-configured credentials. The database container creates the egroupware database automatically on first start. You can verify the database is accessible by connecting to the MariaDB container:

sudo docker exec -it egroupware-db mysql -u root -p -e "SHOW DATABASES;"

When prompted, enter the root password defined in your Docker Compose configuration. The default location for the compose file is /etc/egroupware-docker/docker-compose.yml. You should see the egroupware database listed:

+--------------------+
| Database           |
+--------------------+
| egroupware         |
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+

To check or change the database root password, open the Docker Compose file:

sudo vi /etc/egroupware-docker/docker-compose.yml

Look for the MYSQL_ROOT_PASSWORD or EGW_DB_ROOT_PW environment variable under the db service. If you change this value, restart the stack to apply:

cd /etc/egroupware-docker
sudo docker compose down
sudo docker compose up -d

For production use, set a strong database password and keep it documented securely. The web-based setup wizard (covered in the next step) uses these credentials to initialize the EGroupware schema.

Step 4: Run the EGroupware Web Setup Wizard

Once all containers are running, open your browser and navigate to your server’s IP or domain on port 8080:

http://your-server-ip:8080/egroupware/setup/

The setup wizard walks through the initial configuration in several stages:

  • Database configuration – Enter the MariaDB host as db (the Docker service name), database name egroupware, and the root password from your compose file
  • Create database tables – The wizard creates all required tables in the egroupware database
  • Admin account – Set the administrator username, password, and email address
  • Language and timezone – Select your preferred language and server timezone
  • Application selection – Choose which EGroupware modules to enable (calendar, addressbook, mail, filemanager, projectmanager, timesheet, etc.)

After completing the wizard, the setup redirects you to the EGroupware login page. Sign in with the admin credentials you just created to verify everything works. If you already manage other collaboration tools, EGroupware integrates well alongside them.

Step 5: Configure Apache as Reverse Proxy

EGroupware includes its own Nginx container that listens on ports 8080 (HTTP) and 4443 (HTTPS). If you want to use Apache as a reverse proxy in front of EGroupware – for example to serve it on standard ports alongside other sites – install and configure Apache on the host system.

Install Apache and enable the required modules:

sudo dnf install -y httpd mod_ssl
sudo systemctl enable --now httpd

Create a virtual host configuration file for EGroupware:

sudo vi /etc/httpd/conf.d/egroupware.conf

Add the following virtual host configuration that proxies requests to the EGroupware Nginx container:

<VirtualHost *:80>
    ServerName egroupware.example.com

    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:8080/
    ProxyPassReverse / http://127.0.0.1:8080/

    # WebSocket support for push notifications
    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule ^/?(.*) ws://127.0.0.1:8080/$1 [P,L]

    ErrorLog /var/log/httpd/egroupware_error.log
    CustomLog /var/log/httpd/egroupware_access.log combined
</VirtualHost>

Replace egroupware.example.com with your actual domain name. Test the configuration and restart Apache:

sudo apachectl configtest
sudo systemctl restart httpd

The configtest command should return Syntax OK. You can now access EGroupware at http://egroupware.example.com/egroupware/ through Apache on port 80.

Step 6: Configure CalDAV and CardDAV Sync

EGroupware supports CalDAV and CardDAV out of the box, so you can sync calendars and contacts with mobile devices, Thunderbird, Apple Calendar, and other compatible clients. Both CalDAV and CardDAV use the same base URL for auto-discovery:

https://egroupware.example.com/egroupware/groupdav.php/

To configure a client, provide these connection details:

  • Server URL: https://egroupware.example.com/egroupware/groupdav.php/
  • Username: Your EGroupware login username
  • Password: Your EGroupware login password

For Thunderbird, go to the Calendar section, right-click and select “New Calendar”, choose “On the Network”, then enter the CalDAV URL above. For contacts, install the CardBook add-on and add a new CardDAV address book.

For Android devices, install DAVx5 from the Play Store, add a new account using the base URL, and DAVx5 auto-discovers all calendars and address books. For iOS, go to Settings > Calendar > Accounts > Add Account > Other > Add CalDAV Account.

To manage CalDAV/CardDAV access permissions, log into EGroupware as admin. Navigate to Admin > Site Configuration and look for the GroupDAV settings where you can control which users have sync access.

Step 7: Configure Firewall with firewalld

RHEL 10 and Rocky Linux 10 use firewalld by default. Open the required ports to allow web traffic and EGroupware access. At minimum you need HTTP (TCP 80), HTTPS (TCP 443), and the default EGroupware port (TCP 8080):

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

Verify the firewall rules are applied correctly:

sudo firewall-cmd --list-all

The output should show http and https in the services list and 8080/tcp in the ports list:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: cockpit dhcpv6-client http https ssh
  ports: 8080/tcp
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

If you configured Apache as a reverse proxy in Step 5 and only access EGroupware through Apache on ports 80/443, you can skip opening port 8080 to the public. In that case, only open the http and https services.

Step 8: Secure EGroupware with Let’s Encrypt SSL

For production deployments, enable HTTPS using a free Let’s Encrypt SSL certificate. Install Certbot and the Apache plugin:

sudo dnf install -y certbot python3-certbot-apache

If you are using the Apache reverse proxy from Step 5, request a certificate for your domain:

sudo certbot --apache -d egroupware.example.com

Certbot automatically configures the Apache virtual host with SSL, creates the certificate files, and sets up a redirect from HTTP to HTTPS. Follow the interactive prompts to provide your email and accept the terms of service.

After the certificate is issued, verify it is working by accessing your EGroupware instance over HTTPS:

curl -I https://egroupware.example.com/egroupware/

You should see a 200 OK response with no SSL errors. If you are not using Apache and want to use the built-in Nginx container for SSL instead, place your certificate files in the appropriate directory and update the Nginx configuration in /etc/egroupware-docker/docker-compose.yml. The Nginx container already listens on port 4443 for HTTPS.

Set up automatic certificate renewal by enabling the Certbot timer:

sudo systemctl enable --now certbot-renew.timer

Verify the renewal timer is active and scheduled:

sudo systemctl list-timers | grep certbot

The timer runs twice daily and renews certificates that are within 30 days of expiration. No manual intervention is needed after the initial setup.

Conclusion

EGroupware is now installed and running on your RHEL 10 or Rocky Linux 10 server with a MariaDB database backend, CalDAV/CardDAV sync for mobile and desktop clients, firewall rules in place, and SSL encryption through Let’s Encrypt. For production hardening, configure regular database backups using docker exec to run mysqldump inside the MariaDB container, set up monitoring for container health, and keep the system updated by running dnf update and restarting the Docker stack periodically. The built-in Watchtower container handles automatic EGroupware image updates, but always review changelogs from the official release page before applying major upgrades.

Josphat Mutai

Founder of Computingforgeeks. Expertise in Virtualization, Cloud, Linux/UNIX Administration, Automation,Storage Systems, Containers, Server Clustering e.t.c.

Related Articles

AlmaLinux Create Rocky / Alma / CentOS Templates on Proxmox VE CentOS Install Temurin OpenJDK 17 on CentOS 7|RHEL 7|Oracle Linux 7 RHEl Install FreeIPA Server on Rocky Linux 10 / AlmaLinux 10 / RHEL 10 CentOS How To Install MongoDB 4.4 on RHEL 8 | CentOS 8

Leave a Comment

Press ESC to close