Roundcube

From ArchWiki
(Redirected from Roundcubemail)
Jump to: navigation, search

Roundcube is a full-featured, PHP web-based mail client.

Installation

Install the roundcubemail package. Further you will need a database (e.g. MariaDB) and a web server with PHP-support (this guide will assume the Apache HTTP Server).

Configuration

MariaDB

Here's an example on how you could setup a database for Roundcube with MariaDB called roundcubemail for the user roundcube identified by the password password:

$ mysql -u root -p
CREATE DATABASE roundcubemail;
GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'localhost' IDENTIFIED BY 'password';

For any database you use, you will need to initialize the roundcubemail database tables. Here is an example of how to do this with MariaDB:

$ mysql -u root -p roundcubemail < /usr/share/webapps/roundcubemail/SQL/mysql.initial.sql

SQLite

A SQLite DB will be created automagically by Roundcube. Ensure the file specified in the config is located in a basedir location. Consider adding /var/lib/roundcubemail to your basedir definition. This implies creating the directory and chowning it to http.

Other Databases

Roundcubemail has installation scripts for mssql, Oracle, and Postgres.

Roundcube

Copy the example configuration file and adjust it to your configuration:

# cp /etc/webapps/roundcubemail/config/config.inc.php.sample /etc/webapps/roundcubemail/config/config.inc.php

Set your mail server settings, and set enable_installer to enable the setup wizard:

/etc/webapps/roundcubemail/config/config.inc.php
$config['db_dsnw'] = 'mysql://roundcube:****@localhost/roundcubemail';
$config['default_host'] = 'tls://localhost';
$config['smtp_server'] = 'localhost';
$config['des_key'] = 'some_awesome_long_semi_random_string';
$config['enable_installer'] = true;

PHP

Make sure to adjust following variables to these minimal values in your PHP config:

/etc/php/php.ini
date.timezone = "UTC"

and uncomment

extension=iconv.so


Warning: The distributed Apache conf file includes these directories. Adding to your php.ini will make them apply to all php web apps. See phpsec open_basedir

You also need to make sure that PHP can access /etc/webapps and /usr/share/webapps. Add them to open_basedir in /etc/php/php.ini if open_basedir is not yet configured:

open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/etc/webapps/

Webserver (Apache)

Copy the configuration file for Apache to its configuration directory:

# cp /etc/webapps/roundcubemail/apache.conf /etc/httpd/conf/extra/roundcube.conf

And include it at the bottom of

/etc/httpd/conf/httpd.conf
Include conf/extra/roundcube.conf

Restart Apache (httpd.service).

Webserver (Nginx)

Warning: This is an example config of RoundCube running in an subdirectory of the web root and has been compiled based on experiments with information from multiple sources, proceed with caution
Note: This assumes you already have a working nginx server setup with php-fpm

Add a location block for RoundCube

/etc/nginx.conf
location /webmail {
        alias /usr/share/webapps/roundcubemail;
        access_log /var/log/nginx/roundcube_access.log;
        error_log /var/log/nginx/roundcube_error.log;
        # Favicon
        location ~ ^/webmail/favicon.ico$ {
                root /usr/share/webapps/roundcubemail/skins/classic/images;
                log_not_found off;
                access_log off;
                expires max;
        }
        # Robots file
        location ~ ^/webmail/robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }
        # Deny Protected directories 
        location ~ ^/webmail/(config|temp|logs)/ {
                 deny all;
        }
        location ~ ^/webmail/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
                deny all;
        }
        location ~ ^/webmail/(bin|SQL)/ {
                deny all;
        }
        # Hide .md files
        location ~ ^/webmail/(.+\.md)$ {
                deny all;
        }
        # Hide all dot files
        location ~ ^/webmail/\. {
                deny all;
                access_log off;
                log_not_found off;
        }
        #Roundcube fastcgi config
        location ~ /webmail(/.*\.php)$ {
                include fastcgi_params;
                fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
                fastcgi_split_path_info ^(.+.php)(/.*)$;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME /usr/share/webapps$fastcgi_script_name;
                fastcgi_param PHP_VALUE open_basedir="/tmp/:/var/cache/roundcubemail:/usr/share/webapps/roundcubemail:/etc/webapps/roundcubemail:/usr/share/pear/:/var/log/roundcubemail";
        }
}

Finally restart the nginx.service unit.

Install Roundcube

Finally you can visit the Roundcube installation wizard in your browser: http://localhost/roundcube/installer

For security reasons, you should disable the installer when you have completed the wizard: remove $config['enable_installer'] = true; from config.inc.php.

Because the ~/roundcube/config directory contains sensitive information about your server, it's also a good idea to disallow access to this directory by adding these lines, too.

/etc/httpd/conf/extra/roundcube.conf
  <Directory /usr/share/webapps/roundcubemail/config>
     Options -FollowSymLinks
     AllowOverride None
     Require all denied
  </Directory>

Tips and tricks

Setting Roundcube up for use with an IMAP server that only allows TLS authentication

It's quite common for modern IMAP servers to only allow encrypted authentication, say using STARTTLS. If you are setting Roundcube up for TLS authentication, the web-based installer won't help you. You will need to edit the /etc/webapps/roundcubemail/config/config.inc.php by hand, adding the following lines:

 $config['default_host'] = 'tls://mail.my_domain.org';
 $config['imap_conn_options'] = array(
     'ssl' => array(
       'verify_peer'       => true,
       'allow_self_signed' => true,
       'peer_name'         => 'mail.my_domain.org',
       'ciphers' => 'TLSv1+HIGH:!aNull:@STRENGTH',
       'cafile'  => '/etc/ssl/certs/ssl-cert-cyrus.my_domain.org.pem',
     ),
 );

where mail.my_domain.org is the CN host name in your SSL certificate (i.e. the hostname of your IMAP server), and /etc/ssl/certs/ssl-cert-cyrus.my_domain.org.pem is the path to your SSL certificate. You might need to adjust the ciphers element to correspond to the ciphers allowed by your IMAP server.

A complete list of PHP SSL configuration options can be found here.

PDF and OpenDocument file preview

Following Roundcube extensions enables you to preview PDF or OpenDocument file attachements. Install roundcubemail-plugins-kolabAUR from the AUR and adjust following configuration file to enable the extensions:

/etc/webapps/roundcubemail/config/config.inc.php
$config['plugins'] = array(
    'pdfviewer',
    'odfviewer'
);

If you encounter any file permission issues, than try this command:

chown -R http:http /usr/share/webapps/roundcubemail/plugins/odfviewer/files

Synchronize address book with CardDav contacts

It's useful to use the Roundcube address book to have auto-completion features for address fields etc. If you have your contacts stored somewhere else and the remote application offers a CardDav server for synchronization, then you can use the roundcube-rcmcarddavAUR extension from the AUR to access your remote address book in Roundcube. To enable it, adjust following lines in your config file:

/etc/webapps/roundcubemail/config/config.inc.php
$config['plugins'] = array(
    'carddav'
);

Further usage instructions can be found here.

See also