Hello all, just a little tip, it could be useful to someone.
Problem with memcached is that there is no access control. You can force
memcached to bind to 127.0.0.1, but it's a poor option because every
process can access it.
With UNIX socket, you can strictly restrict access to memcached.
Run memcached (use the configuration file of your distrib):
memcached -d -u sogo -s /tmp/memcached.sock -a 0700
And update the configuration of SOGo:
defaults -u sogo write sogod SOGoMemcachedHost /tmp/memcached.sock
You can also use UNIX socket for PostgreSQL. On EL6, by default, the
UNIX socket of PostgreSQL is in /tmp:
/tmp/.s.PGSQL.5432
So, set your configuration as following:
defaults -u sogo write sogod OCSFolderInfoURL
postgresql://%2Ftmp/sogo/sogo_folder_info
defaults -u sogo write sogod OCSSessionsFolderURL
postgresql://%2Ftmp/sogo/sogo_sessions_folder
defaults -u sogo write sogod SOGoProfileURL
postgresql://%2Ftmp/sogo/sogo_user_profile
/!\ WARNING /!\
You can't update the PostgreSQL URL without updating the content of the
table sogo_folder_info.
Please note that:
- thanks to ident, you don't need to specify user and password if the
database owner is "sogo".
- You must only specify the folder containing the socket file,
replacing / with %2F
Greetings.
--
Romain LE DISEZ <[email protected]>
smime.p7s
Description: S/MIME cryptographic signature
