https://wiki.zhouba.cz/index.php?action=history&feed=atom&title=ZhoubaWiki%3AHowToSetupRoundcubeZhoubaWiki:HowToSetupRoundcube - Revision history2026-04-04T06:54:10ZRevision history for this page on the wikiMediaWiki 1.35.2https://wiki.zhouba.cz/index.php?title=ZhoubaWiki:HowToSetupRoundcube&diff=13&oldid=prevGarak: Created page with "<!-- Category section --> Category:Bugweis <!-- Contents --> {| align="right" | __TOC__ |} '''How to set up Roundcube (en)'''<br><br> The best free webmail interface out..."2021-05-22T16:21:45Z<p>Created page with "<!-- Category section --> <a href="/index.php?title=Category:Bugweis&action=edit&redlink=1" class="new" title="Category:Bugweis (page does not exist)">Category:Bugweis</a> <!-- Contents --> {| align="right" | __TOC__ |} '''How to set up Roundcube (en)'''<br><br> The best free webmail interface out..."</p>
<p><b>New page</b></p><div><!-- Category section --><br />
[[Category:Bugweis]]<br />
<!-- Contents --><br />
{| align="right"<br />
| __TOC__<br />
|}<br />
'''How to set up Roundcube (en)'''<br><br><br />
The best free webmail interface out there at the moment is RoundCube. Download the latest version from http://roundcube.net/download and extract the contents to the <code>/usr/share</code> directory. Change owner and permissions using the following commands:<br />
<br />
<pre><br />
chown -R root:www-data /usr/share/roundcube<br />
find /usr/share/roundcube -type f -exec chmod 640 {} \;<br />
find /usr/share/roundcube -type d -exec chmod 750 {} \;<br />
chmod 770 /usr/share/roundcube/logs<br />
chmod 770 /usr/share/roundcube/temp<br />
</pre><br />
<br />
Also create a new directory called <code>roundcube</code> under the <code>/var/log</code> directory. It needs to be writable by Apache.<br />
<br />
<pre><br />
sudo mkdir /var/log/roundcube<br />
sudo chown www-data:adm /var/log/roundcube<br />
sudo chmod 750 /var/log/roundcube<br />
</pre><br />
<br />
Because we want the communication between user and server to be secure, we'll use a HTTPS virtual host. Let's start by preparing a self-signed SSL certificate.<br />
<br />
<pre><br />
cd /etc/ssl<br />
openssl genrsa -des3 -rand /etc/hosts -out ./private/{hostname}.key 1024<br />
chmod 600 ./private/{hostname}.key<br />
openssl req -new -key ./private/{hostname}.key -out ./private/{hostname}.csr<br />
</pre><br />
<br />
You'll be asked to provide details for the new certificate. These details will be available for anybody to view so be careful not to disclose any sensitive information. The Common Name should always be the exact host name of the webmail system (e.g. mail.moredigital.com). Leave the challenge password empty. Now we need to self-sign the certificate and strip the passphrase.<br />
<br />
<pre><br />
openssl x509 -req -days 3650 -in ./private/{hostname}.csr -signkey ./private/{hostname}.key -out ./certs/{hostname}.crt<br />
openssl rsa -in ./private/{hostname}.key -out ./private/{hostname}.key.unencrypted<br />
mv -f ./private/{hostname}.key.unencrypted ./private/{hostname}.key<br />
chmod 600 ./private/{hostname}.key<br />
rm ./private/{hostname}.csr<br />
</pre><br />
<br />
You should be aware that web browsers won't treat these certificated as trusted and will display a warning. But that's not a big problem for us as our primary goal is to secure the connection and not to validate identity of the server.<br />
<br />
<pre><br />
<VirtualHost 85.118.235.162:80><br />
RewriteEngine On<br />
RewriteCond %{HTTPS} off<br />
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}<br />
</VirtualHost><br />
<br />
<VirtualHost 85.118.235.162:443><br />
ServerName mail.hostname.tld<br />
DocumentRoot /usr/share/roundcubemail-0.3.1<br />
ServerAdmin admin@hostname.tld<br />
<br />
ErrorLog /var/log/roundcube/apache-error.log<br />
CustomLog /var/log/roundcube/apache-access.log combined<br />
<br />
# SSL<br />
SSLEngine On<br />
SSLCertificateFile /etc/ssl/certs/{hostname}.crt<br />
SSLCertificateKeyFile /etc/ssl/private/{hostname}.key<br />
</VirtualHost><br />
</pre><br />
<br />
Roundcube comes with a user friendly installation interface. You can access it by pointing your browser to the /installer sub-path of your newly setup virtual host. Follow the instructions and after your configuration is ready and has been tested, tweak roundcube config file to force HTTPS protocol.<br />
<br />
<pre><br />
$rcmail_config['force_https'] = TRUE;<br />
</pre><br />
<br />
Now you should modify /usr/share/roundcube/config/main.inc.php:<br />
<br />
<pre><br />
$rcmail_config['default_host'] = 'tls://%n';<br />
$rcmail_config['smtp_server'] = 'tls://%h';<br />
$rcmail_config['mail_domain'] = '%d'<br />
</pre><br />
<br />
== Add LDAP Address Book ==<br />
<br />
You must install php5-ldap:<br />
<br />
<pre><br />
aptitude install php5-ldap<br />
</pre><br />
<br />
You must uncomment "ADDRESSBOOK SETTINGS" in /usr/share/roundcube/config/main.inc.php and modify it:<br />
<br />
<pre><br />
$rcmail_config['address_book_type'] = 'ldap';<br />
'name' => 'name',<br />
'hosts' => array('Hostname'),<br />
'port' => Port number,<br />
'base_dn' => 'Base DN',<br />
'bind_dn' => 'Bind DN',<br />
'bind_pass' => 'password',<br />
</pre><br />
<br />
Done!</div>Garak