OX Guard Clustering


If nothing else, make sure the oxguardpass file is the same for all Guard servers. This is the local password file that is used to encrypt some database items. If this varies between machines, there will be failures with password recoveries and cached key creation


  • Please make sure that the database is accessible from all of the Guard servers (usernames allow for the Guard IPs)
  • Set up a filestore that can be accessed from all Guard servers. This may be a Networked File Store (NAS), or Amazon



OX Backends

On each OX backend, make sure the packages open-xchange-rest and open-xchange-guard-backend are installed. Edit the /opt/open-xchange/etc/ file to make sure the REST API username and password are configured. Please see the setup instructions for details.

First machine

First, setup the file to the needed settings.

  • Make sure that the setting refers to the NAS
  • Make sure the right username/password for the REST API are set
  • Make sure all database settings are set for names that can be used from all guard servers (i.e. don't use localhost)
  • If installing on the same server as an OX backend, it is possible to use localhost as the restAPIHostname, but if not, make sure goes through the same load balancer or routing as the users
    • Guard uses JSESSIONID, like the user interface, for routing
    • Guard uses the users cookie data to authorize against the backend to retrieve emails, etc.
    • If routed to a different backend than the user, there will be excess sessions created

Run the /opt/open-xchange/sbin/guard --init on the first machine only

Once init is done, the oxguardpass file will be created. This file will need to be copied to all other Guard machines.

Other machines

Copy the oxguardpass file from the first installation into /opt/open-xchange/guard Make sure that the file for that machine is configured with the same required settings as the first. You may be able to just copy the file from the first depending on your setup.


Once above is done, guard can be started.