How to Install Roundcube Webmail on Ubuntu 16.04 with Nginx, MariaDB, PHP7

Roundcube is a free and open source webmail software written in PHP. A webmail is  a mail client in your browser. So instead of reading and sending emails from a desktop mail client like Thunderbird, you can also access your email server from your web browser. This tutorial is going to show you how to install Roundcube webmail on Ubuntu 16.04 VPS with Nginx, MariaDB and PHP7.

Prerequisites

It’s assumed that

If not, please click the above links and follow those instructions to complete prerequisites. While this tutorial is written for Ubuntu 16.04, it can be easily applied to Debian, CentOS, and Arch Linux.

Now proceed to install Roundcube.

Step 1: Download Roundcube Webmail

Although Roundcube is available from Ubuntu repository, but it requires Apache web server as a dependency. We are using Nginx web server, so we download Roundcube from Github and install it without Apache.

Download the latest 1.2.2 stable version.

wget https://github.com/roundcube/roundcubemail/releases/download/1.2.2/roundcubemail-1.2.2.tar.gz

To verify integrity of the package, we need to download the developer’s public key and a signature file. Download Roundcube developer’s GPG key from Roundcube official website.

wget https://roundcube.net/download/pubkey.asc

Import this public key to your GPG keyring.

gpg --import pubkey.asc

Download the signature file and verify it.

wget https://github.com/roundcube/roundcubemail/releases/download/1.2.2/roundcubemail-1.2.2.tar.gz.asc

gpg --verify roundcubemail-1.2.2.tar.gz.asc

You should see “Good signature”, meaning that the package is OK.

gpg: assuming signed data in `roundcubemail-1.2.2.tar.gz'
gpg: Signature made Wed 28 Sep 2016 03:39:30 PM EDT using RSA key ID 09CD56B4
gpg: Good signature from "Roundcube Developers <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F3E4 C04B B3DB 5D42 15C4  5F7F 5AB2 BAA1 41C4 F7D5
     Subkey fingerprint: 8970 E37A 698A F775 D87D  590D C294 6A96 09CD 56B4

Step 2: Install Roundcube Webmail Dependencies

Extract the tarball and move the newly created folder inside Nginx document root.

tar xvf roundcubemail-1.2.2.tar.gz

sudo mv roundcubemail-1.2.2 /usr/share/nginx/roundcubemail

Let’s move into that directory.

cd /usr/share/nginx/roundcubemail

Install Composer which is a dependency manager for PHP.

sudo apt install composer
Rename the composer.json-dist file into composer.json.
mv composer.json-dist composer.json

To use LDAP address books, edit composer.json file.

nano composer.json

Move the items from "suggest" to the "require"section (remove the explanation texts after the version) like below.

roundcube ldap address book

Save and close the file. Then install PHP LDAP extensions.

sudo apt install php-net-ldap2 php-net-ldap3

Next, use Composer to install all needed dependencies (3rd party libraries) for Roundcube Webmail.

composer install --no-dev

Make Nginx user (www-data) as the owner of the temp and logs directory so that Nginx can write to these two directories.

sudo chown www-data:www-data temp/ logs/ -R

Step 3: Create a MariaDB Database and User for Roundcube

Log into MariaDB shell as root.

mysql -u root -p

Then create a new database for Roundcube using the following command. This tutorial name it roundcubemail, you can use whatever name you like for the database.

create database roundcubemail;

Next, create a new database user on localhost using the following command. Again, this tutorial name it roundcubeuser, you can use whatever name you like.

create user roundcubeuser@localhost;

Set a password for the user. Replace your-password with your preferred password.

set password for roundcubeuser@localhost= password("your-password");

Then grant all permission of the new database to the new user so later on Roundcube webmail can write to the database.

grant all privileges on roundcubemail.* to roundcubeuser@localhost identified by 'your-password';

Flush the privileges for the changes to take effect.

flush privileges;

Exit MariaDB Shell:

exit;

Import initial tables to roundcubemail database.

mysql -u roundcubeuser -p roundcubemail < /usr/share/nginx/roundcubemail/SQL/mysql.initial.sql

You need to specify this password later in ‘config/db.inc.php’.

Step 4: Create an Nginx Server Block File for Roundcube

Create a server block file under /etc/nginx/conf.d/ directory.

sudo nano /etc/nginx/conf.d/mail.your-domain.com.conf

Put the following text into the file. Replace the domain name.

server {
 listen 80;
  server_name mail.your-domain.com;
  root /usr/share/nginx/roundcubemail/;
  index index.php index.html index.htm;

  error_log /var/log/nginx/roundcube.error;
  access_log /var/log/nginx/roundcube.access;

  location = /50x.html {
    root /usr/share/nginx/html;
  }
  location / {
    try_files $uri $uri/ /index.php;
  }

  error_page 404 /404.html;
  error_page 500 502 503 504 /50x.html;

  location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
    deny all;
  }
  location ~ ^/(bin|SQL)/ {
    deny all;
  }

  location ~ \.php$ {
   try_files $uri =404;
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }

  location ~ /.well-known/acme-challenge {
    allow all;
  }
}

Save and close the file. Then reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Get a Free TLS Certificate from Let’s Encrypt

It’s highly recommended that you use TLS to encrypt your webmail. If Roundcube, Postfix and Dovecot are installed on the same machine, then you can reuse the TLS certificate you created for Postfix and Dovecot . If Roundcube is installed on a separate machine, then you can always get a new cert for free.

First, install certbot client.

sudo apt install letsencrypt

Then use the webroot plugin to obtain a TLS certificate from Let’s Encrypt.

sudo letsencrypt certonly --webroot --agree-tos --email your-email-address -d mail.your-domain.com -w /usr/share/nginx/roundcubemail/

Your certificate and private key will be saved at /etc/letsencrypt/live/mail.your-domain.com/. Next, configure Nginx to use TLS encryption.

sudo nano /etc/nginx/conf.d/mail.your-domain.com.conf

Change the configuration to the following.

server {
  listen 80;
  server_name mail.your-domain.com;
  return 301 https://mail.your-domain.com/$request_uri;
}

server {
  listen 443 ssl http2;
  server_name mail.your-domain.com;
  root /usr/share/nginx/roundcubemail/;
  index index.php index.html index.htm;

  ssl_certificate /etc/letsencrypt/live/mail.your-domain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/mail.your-domain.com/privkey.pem;

  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;
  ssl_protocols TLSv1.1 TLSv1.2;

  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
  ssl_prefer_server_ciphers on;
  error_log /var/log/nginx/roundcube.error;
  access_log /var/log/nginx/roundcube.access;

  location = /50x.html {
    root /usr/share/nginx/html;
  }
  location / {
    try_files $uri $uri/ /index.php;
  }

  error_page 404 /404.html;
  error_page 500 502 503 504 /50x.html;
 
  location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
    deny all;
  }
  location ~ ^/(bin|SQL)/ { 
    deny all;
   }

 location ~ \.php$ {
   try_files $uri =404;
   fastcgi_pass unix:/run/php/php7.0-fpm.sock;
   fastcgi_index index.php;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   include fastcgi_params;
 }

 location ~ /.well-known/acme-challenge { 
   allow all; 
 } 
}

Save and close the file. Then reload Nginx.

sudo systemctl reload nginx

Finish the Installation in Web Browser

In your web browser, go to

mail.your-domain.com/installer

Please replace the domain name and don’t left /installer out. If you go directly to your domain name, you will see the following error.

CONFIGURATION ERROR
config.inc.php was not found.
Please read the INSTALL instructions!

The web installer will first check if PHP extensions, database and 3rd party libraries are installed.

Roundcube webmail installer ubuntu 16.04

Execute the following command to install all required and optional PHP extensions.

sudo apt install php7.0-mbstring php7.0-xml php7.0-mysql php7.0-common php7.0-gd php7.0-json php7.0-cli php7.0-curl php7.0-intl

Then refresh the page and click Next. In the 2nd step, you need to fill in MariaDB database details that you created earlier.

roundcube webmail mariadb setup

In the IMAP and SMTP section, Enter the details of your own postfix SMTP server and Dovecot IMAP server.  You can also use Gmail, hotmail or any other email service provider. To use SSL/TLS connection on SMTP, enter hostname with prefix ssl:// or tls://. To use SSL/TLS connection on IMAP, enter hostname with prefix ssl://, tls:// or imaps://.

Roundcube Webmail IMAP Settings

Roundcube Webmail SMTP settings

Once that’s done, click create config button which will create configuration based on the information you entered. You need to copy the configuration and save it as config.inc.php within the /usr/share/nginx/roundcube/config/ directory.

roundcube-webmail-config-inc-php

Click continue button. In the final step, test your SMTP and IMAP settings by sending a test email and checking IMAP login.

Roundcube Webmail test config

After the test, go to your Webmail domain without /installer and login.

install roundcube webmail with nginx mariadb php7

Roundcube Webmail interface

install roundcube webmail on ubuntu 16.04 vps

Now you should remove the whole installer folder from the document root or make sure that enable_installer option in config.inc.php is disabled.

sudo rm /usr/share/nginx/roundcubemail/installer/ -r

These files may expose sensitive configuration data like server passwords and encryption keys to the public. Make sure you cannot access this installer from your browser.

That’s it!

I hope this tutorial helped you install Roundcube Webmail on Ubuntu 16.04 with Nginx, MariaDB and PHP7. As always, if you found this post useful,  subscribe to our free newsletter or follow us on Google+Twitter or like our Facebook page.

Rate this tutorial
[Total: 1 Average: 5]
  • Ross Smith

    Hey, can you provide steps for me to install Squirrelmail on Ubuntu?

    I found a tutorial on the Rosehosting blog, but it is intended for Centos. So I don’t think that it will be of use.

    Thank you.