Install Roundcube Webmail on CentOS 8/RHEL 8 with Apache/Nginx
Roundcube is a free and open source webmail client written in PHP. A webmail is a mail client in your browser, which means instead of reading and sending emails from a desktop mail client like Mozilla Thunderbird, you can access your email from a web browser. Roundcube functionality includes MIME support, address book, folder management, message searching and spell checking. This tutorial is going to show you how to install Roundcube webmail on CentOS 8/RHEL 8 with Apache or Nginx web server.
Roundcube 1.4.2 Release
Roundcube 1.4.2 was released on January 2, 2020. This release features:
- A responsive skin called Elastic with full mobile device support
- Email Resent (Bounce) feature
- Improved Mailvelope integration
- Support for Redis and Memcached cache
- Support for SMTPUTF8 and GSSAPI
- Plus numerous improvements and bug fixes
Prerequisites
To follow this tutorial, it’s assumed that
- Postfix SMTP server and Dovecot IMAP server have been installed on your CentOS 8/RHEL 8 server
- You have already installed a LAMP stack or LEMP stack on CentOS 8/RHEL 8 server.
If not, please click the above links and follow the instructions to complete prerequisites. Now let’s proceed to install Roundcube.
Step 1: Download Roundcube Webmail on CentOS 8/RHEL 8
Log in to your CentOS/RHEL server via SSH, then run the following command to download the latest 1.4.2 stable version from Roundcube Github repository.
wget https://github.com/roundcube/roundcubemail/releases/download/1.4.2/roundcubemail-1.4.2-complete.tar.gz
Note: You can always use the above URL format to download Roundcube from command line. If a new version comes out, simply replace 1.4.2 with the new version number. You can check if there’s new release at Roundcube downloade page.
Extract the tarball, move the newly created folder to web root (/var/www/) and rename it as roundcube at the same time.
tar xvf roundcubemail-1.4.2-complete.tar.gz sudo mkdir /var/www/ sudo mv roundcubemail-1.4.2 /var/www/roundcube
Step 2: Install Dependencies
Roundcube requires the php-imap module to create subfolders in mailboxes, but php-imap isn’t included in the default CentOS 8/RHEL 8 repository, so we need to use the Remi repo to install this PHP module.
Install the Remi Repo.
sudo dnf install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm
Then reset PHP module streams.
sudo dnf module reset php
Enable the php:remi-7.4 module stream.
sudo dnf module enable php:remi-7.4 -y
Then you can run the following command to install PHP modules required or recommended by Roundcube.
sudo dnf install php-ldap php-imagick php-common php-gd php-imap php-json php-curl php-zip php-xml php-mbstring php-bz2 php-intl php-gmp
Step 3: Create a MariaDB Database and User for Roundcube
Log into MariaDB shell as root.
mysql -u root -p
Then create a new database for Roundcube using the following command. This tutorial name it roundcube, you can use whatever name you like for the database.
CREATE DATABASE roundcube DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
Next, create a new database user on localhost using the following command. Again, this tutorial name it roundcubeuser, you can use whatever name you like. Replace password with your preferred password.
CREATE USER roundcubeuser@localhost IDENTIFIED BY 'password';
Then grant all permission of the new database to the new user so later on Roundcube webmail can write to the database.
GRANT ALL PRIVILEGES ON roundcube.* TO roundcubeuser@localhost;
Flush the privileges table for the changes to take effect.
flush privileges;
Exit MariaDB Shell:
exit;
Run the following command to import the initial tables to roundcube database. You need to enter the MariaDB root password.
mysql -u root -p roundcube < /var/www/roundcube/SQL/mysql.initial.sql
Step 4: Create Apache Virtual Host or Nginx Config File for Roundcube
Apache
If you use Apache web server, create a virtual host for Roundcube.
sudo nano /etc/httpd/conf.d/roundcube.conf
Note: If you followed my Postfix/Dovecot tutorial, a virtual host already exists. You should edit the following file.
sudo nano /etc/httpd/conf.d/mail.your-domain.com.conf
Put the following text into the file. Replace mail.your-domain.com with your real domain name and don’t forget to set DNS A record for it.
<VirtualHost *:80>
ServerName mail.your-domain.com
DocumentRoot /var/www/roundcube/
ErrorLog /var/log/httpd/roundcube_error.log
CustomLog /var/log/httpd/roundcube_access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/roundcube/>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Save and close the file. Reload Apache for the changes to take effect.
sudo systemctl reload httpd
Now you should be able to see the Roundcube web-based install wizard at http://mail.your-domain.com/installer.
Nginx
If you use Nginx web server, create a virtual host for Roundcube.
sudo nano /etc/nginx/conf.d/roundcube.conf
Note: If you followed my Postfix/Dovecot tutorial, an virtual host already exists. you should edit the following file.
sudo nano /etc/nginx/conf.d/mail.your-domain.com.conf
Put the following text into the file. Replace the domain name and don’t forget to set DNS A record for it.
server {
listen 80;
server_name mail.your-domain.com;
root /var/www/roundcube/;
index index.php index.html index.htm;
error_log /var/log/nginx/roundcube.error;
access_log /var/log/nginx/roundcube.access;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /.well-known/acme-challenge {
allow all;
}
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/(bin|SQL)/ {
deny all;
}
# A long browser cache lifetime can speed up repeat visits to your page
location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
access_log off;
log_not_found off;
expires 360d;
}
}
Save and close the file. Then test Nginx configurations.
sudo nginx -t
If the test is successful, reload Nginx for the changes to take effect.
sudo systemctl reload nginx
Now you should be able to see the Roundcube web-based install wizard at http://mail.your-domain.com/installer.
Step 5: Enabling HTTPS
It’s highly recommended that you use TLS to encrypt your webmail. We can enable HTTPS by installing a free TLS certificate issued from Let’s Encrypt.
If you use Apache, run this command to obtain and install TLS certificate.
sudo /usr/local/bin/certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d mail.your-domain.com
If you use Nginx, run the following command to obtain and install TLS certificate.
sudo /usr/local/bin/certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email [email protected] -d mail.your-domain.com
Where
--nginx: Use the nginx plugin.--apache: Use the Apache plugin.--agree-tos: Agree to terms of service.--redirect: Force HTTPS by 301 redirect.--hsts: Add the Strict-Transport-Security header to every HTTP response. Forcing browser to always use TLS for the domain. Defends against SSL/TLS Stripping.--staple-ocsp: Enables OCSP Stapling. A valid OCSP response is stapled to the certificate that the server offers during TLS.
The certificate should now be obtained and automatically installed.
Note: If you followed my Postfix/Dovecot tutorial, and now you install Roundcube on the same server, then certbot will probably tell you that a certificate for mail.your-domain.com already exists as shown below, so you can choose to install the existing TLS certificate to your web server configuration file.
Step 6: Setting Up Permissions
First, we need to change the SELinux context of the web directory, so it can be used to serve web content.
sudo chcon -t httpd_sys_content_t /var/www/roundcube/ -R
The web server needs to write to the temp and logs directory. Change the SELinux context to make it writable.
sudo chcon -t httpd_sys_rw_content_t /var/www/roundcube/temp/ /var/www/roundcube/logs/ -R
Then grant write permission to the web server.
Apache:
sudo setfacl -R -m u:apache:rwx /var/www/roundcube/temp/ /var/www/roundcube/logs/
Nginx:
sudo setfacl -R -m u:nginx:rwx /var/www/roundcube/temp/ /var/www/roundcube/logs/
By default, SELinux forbids Apache/Nginx to make network requests to other servers, but later Apache/Nginx needs to request TLS certificate status from Let’s Encrypt CA server for OCSP stapling, so we need to tell SELinux to allow Apache/Nginx with the following command.
sudo setsebool -P httpd_can_network_connect 1
If you use Nginx, then you also need to run the following command to give the nginx user read and write permissions to 3 directories.
sudo setfacl -R -m u:nginx:rwx /var/lib/php/opcache/ /var/lib/php/session/ /var/lib/php/wsdlcache/
Restart Apache/Nginx.
sudo systemctl restart httpd sudo systemctl restart nginx
Step 7: Finish the Installation in Web Browser
In your web browser, go to the Roundcube installer page.
https://mail.your-domain.com/installer
The web installer will first check if PHP extensions, database and 3rd party libraries are installed. If you follow this tutorial, then all requirements should be met.
Click Next button. In the 2nd page, you need to fill in MariaDB database details that you created in step 3.
The IMAP and SMTP section allows you to configure how to receive and submit email. Enter the following values for IMAP.
- IMAP host:
ssl://mail.your-domain.comport:993
Enter the following values for SMTP settings.
- SMTP port:
tls://mail.your-domain.comport:587
Next, you can scroll down to the Plugins section to enable some plugins. For example: the password plugin, mark as junk plugin and so on. I enabled all of them.
Once that’s done, click create config button which will create configuration based on the information you entered. You need to copy the configuration and save it as config.inc.php under the /var/www/roundcube/config/ directory.
Once the config.inc.php file is created, click continue button. In the final step, test your SMTP and IMAP settings by sending a test email and checking IMAP login.
If the test fails, then you can click the 2. Create config link on the top of page to go back to step 2 and recreate the config.inc.php file.
If test is successful, go to your Webmail domain without /installer and login.
Roundcube Webmail interface
Now you should remove the whole installer folder from the document root or make sure that enable_installer option in config.inc.php file is disabled.
sudo rm /var/www/roundcube/installer/ -r
These files may expose sensitive configuration data like server passwords and encryption keys to the public. Make sure you cannot access the installer page from your browser.
Wrapping Up
I hope this tutorial helped you install Roundcube Webmail on CentOS 8/RHEL 8. As always, if you found this post useful, subscribe to our free newsletter to get more tips and tricks 🙂
Gracias por compartir