Difference between revisions of "Roundcube"
From wiki
(Created page with "{{WIP}} == Install == <syntaxhighlight lang="console"> # apt install roundcube roundcube-mysql roundcube-plugins roundcube-plugins-extra apache2- </syntaxhighlight> {{Warning...") |
(Webserver configuration) |
||
Line 17: | Line 17: | ||
[[Category:Email Server]] | [[Category:Email Server]] | ||
[[Category:Linux Server]] | [[Category:Linux Server]] | ||
+ | |||
+ | == Configuration == | ||
+ | |||
+ | === Web Server === | ||
+ | {{Nginx/New Site|domain=mail.example.org|config=server { | ||
+ | include snippets/listen-http.conf; | ||
+ | server_name mail.example.org; | ||
+ | |||
+ | access_log /var/log/nginx/mail.example.org.access.log; | ||
+ | error_log /var/log/nginx/mail.example.org.error.log; | ||
+ | |||
+ | include snippets/https-permanent-redirect.conf; | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | include snippets/listen-https.conf; | ||
+ | server_name mail.example.org; | ||
+ | |||
+ | access_log /var/log/nginx/mail.example.org.access.log; | ||
+ | error_log /var/log/nginx/mail.example.org.error.log; | ||
+ | |||
+ | include snippets/acme-challenge.conf; | ||
+ | #include snippets/ssl.conf; | ||
+ | #ssl_certificate /etc/letsencrypt/live/mail.example.org/fullchain.pem; | ||
+ | #ssl_certificate_key /etc/letsencrypt/live/mail.example.org/privkey.pem; | ||
+ | #include snippets/hsts.conf; | ||
+ | |||
+ | client_max_body_size 10G; # set max upload size | ||
+ | |||
+ | root /var/lib/roundcube/; | ||
+ | |||
+ | |||
+ | location ~ ^/(config{{!}}temp{{!}}logs)/ { | ||
+ | deny all; | ||
+ | } | ||
+ | |||
+ | location ~ /\. { | ||
+ | deny all; | ||
+ | access_log off; | ||
+ | log_not_found off; | ||
+ | } | ||
+ | |||
+ | index index.php; | ||
+ | |||
+ | location ~ \.php$ { | ||
+ | try_files $uri =404; | ||
+ | include fastcgi.conf; | ||
+ | fastcgi_index index.php; | ||
+ | fastcgi_pass php5; | ||
+ | } | ||
+ | } }} |
Revision as of 07:34, 14 June 2016
Warning: | This page is a work in progress and is not completed. Important informations might be missing or wrong. |
Install
# apt install roundcube roundcube-mysql roundcube-plugins roundcube-plugins-extra apache2-
Warning: the apache2- at the end of the list is preventing the automatic installation of Apache. If you have already Apache installed, you need to remove that from the list as it would uninstall it otherwise.
- Configure database for roundcube with dbconfig-common?
- yes
- Database type to be used by roundcube
- mysql
- Password of the database's administrative user
- Provide your MariaDB root password
- MySQL application password for roundcube
- Keep blank
Configuration
Web Server
- Create the config file
/etc/nginx/sites-available/mail.example.org
server { include snippets/listen-http.conf; server_name mail.example.org; access_log /var/log/nginx/mail.example.org.access.log; error_log /var/log/nginx/mail.example.org.error.log; include snippets/https-permanent-redirect.conf; } server { include snippets/listen-https.conf; server_name mail.example.org; access_log /var/log/nginx/mail.example.org.access.log; error_log /var/log/nginx/mail.example.org.error.log; include snippets/acme-challenge.conf; #include snippets/ssl.conf; #ssl_certificate /etc/letsencrypt/live/mail.example.org/fullchain.pem; #ssl_certificate_key /etc/letsencrypt/live/mail.example.org/privkey.pem; #include snippets/hsts.conf; client_max_body_size 10G; # set max upload size root /var/lib/roundcube/; location ~ ^/(config|temp|logs)/ { deny all; } location ~ /\. { deny all; access_log off; log_not_found off; } index index.php; location ~ \.php$ { try_files $uri =404; include fastcgi.conf; fastcgi_index index.php; fastcgi_pass php5; } }
- Activate the configuration with
$ sudo nginx_modsite -e mail.example.org Would you like to reload the Nginx configuration now? (Y/n) Y
- Edit file
/usr/local/etc/certmanage/main.json
and add the following to the list{ "domains": ["mail.example.org"], "reload": [["/bin/systemctl", "reload", "nginx.service"]] }
- Get your certificate
$ sudo /usr/local/sbin/certmanage Renewing certificate for mail.example.org that will expire on 0001-01-01 Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for mail.example.org Using the webroot path /var/www/acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Generating key (2048 bits): /etc/letsencrypt/keys/1764_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/1764_csr-certbot.pem IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/mail.example.org/fullchain.pem. Your cert will expire on 2025-03-23. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le Restarting services: systemctl reload nginx.service
- Uncomment the ssl related lines in
/etc/nginx/sites-available/mail.example.org
and run$ sudo systemctl reload nginx.service