How to Install Roundcube Webmail on Ubuntu 16.04 with Nginx, MariaDB, PHP7
Roundcube is a free and open source webmail software written in PHP. A webmail is a mail client in your browser. So instead of reading and sending emails from a desktop mail client like Thunderbird, you can also access your email server from your web browser. This tutorial is going to show you how to install Roundcube webmail on Ubuntu 16.04 VPS with Nginx, MariaDB and PHP7.
Prerequisites
It’s assumed that
- Postfix SMTP server and Dovecot IMAP server are installed on Ubuntu 16.04
- You have already installed LEMP (Linux, Nginx, MariaDB and PHP7) on Ubuntu 16.04.
If not, please click the above links and follow those instructions to complete prerequisites. While this tutorial is written for Ubuntu 16.04, it can be easily applied to Debian, CentOS, and Arch Linux.
Now proceed to install Roundcube.
Step 1: Download Roundcube Webmail
Although Roundcube is available from Ubuntu repository, but it requires Apache web server as a dependency. We are using Nginx web server, so we download Roundcube from Github and install it without Apache.
Download the latest 1.2.2 stable version.
wget https://github.com/roundcube/roundcubemail/releases/download/1.2.2/roundcubemail-1.2.2.tar.gz
To verify integrity of the package, we need to download the developer’s public key and a signature file. Download Roundcube developer’s GPG key from Roundcube official website.
wget https://roundcube.net/download/pubkey.asc
Import this public key to your GPG keyring.
gpg --import pubkey.asc
Download the signature file and verify it.
wget https://github.com/roundcube/roundcubemail/releases/download/1.2.2/roundcubemail-1.2.2.tar.gz.asc gpg --verify roundcubemail-1.2.2.tar.gz.asc
You should see “Good signature”, meaning that the package is OK.
gpg: assuming signed data in `roundcubemail-1.2.2.tar.gz' gpg: Signature made Wed 28 Sep 2016 03:39:30 PM EDT using RSA key ID 09CD56B4 gpg: Good signature from "Roundcube Developers <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F3E4 C04B B3DB 5D42 15C4 5F7F 5AB2 BAA1 41C4 F7D5 Subkey fingerprint: 8970 E37A 698A F775 D87D 590D C294 6A96 09CD 56B4
Step 2: Install Roundcube Webmail Dependencies
Extract the tarball and move the newly created folder inside Nginx document root.
tar xvf roundcubemail-1.2.2.tar.gz sudo mv roundcubemail-1.2.2 /usr/share/nginx/roundcubemail
Let’s move into that directory.
cd /usr/share/nginx/roundcubemail
Install Composer which is a dependency manager for PHP.
sudo apt install composer
composer.json-dist file into composer.json.mv composer.json-dist composer.json
To use LDAP address books, edit composer.json file.
nano composer.json
Move the items from "suggest" to the "require"section (remove the explanation texts after the version) like below.
Save and close the file. Then install PHP LDAP extensions.
sudo apt install php-net-ldap2 php-net-ldap3
Next, use Composer to install all needed dependencies (3rd party libraries) for Roundcube Webmail.
composer install --no-dev
Make Nginx user (www-data) as the owner of the temp and logs directory so that Nginx can write to these two directories.
sudo chown www-data:www-data temp/ logs/ -R
Step 3: Create a MariaDB Database and User for Roundcube
Log into MariaDB shell as root.
mysql -u root -p
Then create a new database for Roundcube using the following command. This tutorial name it roundcubemail, you can use whatever name you like for the database.
create database roundcubemail;
Next, create a new database user on localhost using the following command. Again, this tutorial name it roundcubeuser, you can use whatever name you like.
create user roundcubeuser@localhost;
Set a password for the user. Replace your-password with your preferred password.
set password for roundcubeuser@localhost= password("your-password");
Then grant all permission of the new database to the new user so later on Roundcube webmail can write to the database.
grant all privileges on roundcubemail.* to roundcubeuser@localhost identified by 'your-password';
Flush the privileges for the changes to take effect.
flush privileges;
Exit MariaDB Shell:
exit;
Import initial tables to roundcubemail database.
mysql -u roundcubeuser -p roundcubemail < /usr/share/nginx/roundcubemail/SQL/mysql.initial.sql
You need to specify this password later in ‘config/db.inc.php’.
Step 4: Create an Nginx Server Block File for Roundcube
Create a server block file under /etc/nginx/conf.d/ directory.
sudo nano /etc/nginx/conf.d/mail.your-domain.com.conf
Put the following text into the file. Replace the domain name.
server {
listen 80;
server_name mail.your-domain.com;
root /usr/share/nginx/roundcubemail/;
index index.php index.html index.htm;
error_log /var/log/nginx/roundcube.error;
access_log /var/log/nginx/roundcube.access;
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
try_files $uri $uri/ /index.php;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/(bin|SQL)/ {
deny all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /.well-known/acme-challenge {
allow all;
}
}
Save and close the file. Then reload Nginx for the changes to take effect.
sudo systemctl reload nginx
Get a Free TLS Certificate from Let’s Encrypt
It’s highly recommended that you use TLS to encrypt your webmail. If Roundcube, Postfix and Dovecot are installed on the same machine, then you can reuse the TLS certificate you created for Postfix and Dovecot . If Roundcube is installed on a separate machine, then you can always get a new cert for free.
First, install certbot client.
sudo apt install letsencrypt
Then use the webroot plugin to obtain a TLS certificate from Let’s Encrypt.
sudo letsencrypt certonly --webroot --agree-tos --email your-email-address -d mail.your-domain.com -w /usr/share/nginx/roundcubemail/
Your certificate and private key will be saved at /etc/letsencrypt/live/mail.your-domain.com/. Next, configure Nginx to use TLS encryption.
sudo nano /etc/nginx/conf.d/mail.your-domain.com.conf
Change the configuration to the following.
server {
listen 80;
server_name mail.your-domain.com;
return 301 https://mail.your-domain.com/$request_uri;
}
server {
listen 443 ssl http2;
server_name mail.your-domain.com;
root /usr/share/nginx/roundcubemail/;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/mail.your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.your-domain.com/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
error_log /var/log/nginx/roundcube.error;
access_log /var/log/nginx/roundcube.access;
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
try_files $uri $uri/ /index.php;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/(bin|SQL)/ {
deny all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /.well-known/acme-challenge {
allow all;
}
}
Save and close the file. Then reload Nginx.
sudo systemctl reload nginx
Finish the Installation in Web Browser
In your web browser, go to
mail.your-domain.com/installer
Please replace the domain name and don’t left /installer out. If you go directly to your domain name, you will see the following error.
CONFIGURATION ERROR config.inc.php was not found. Please read the INSTALL instructions!
The web installer will first check if PHP extensions, database and 3rd party libraries are installed.
Execute the following command to install all required and optional PHP extensions.
sudo apt install php7.0-mbstring php7.0-xml php7.0-mysql php7.0-common php7.0-gd php7.0-json php7.0-cli php7.0-curl php7.0-intl
Then refresh the page and click Next. In the 2nd step, you need to fill in MariaDB database details that you created earlier.
In the IMAP and SMTP section, Enter the details of your own postfix SMTP server and Dovecot IMAP server. You can also use Gmail, hotmail or any other email service provider. To use SSL/TLS connection on SMTP, enter hostname with prefix ssl:// or tls://. To use SSL/TLS connection on IMAP, enter hostname with prefix ssl://, tls:// or imaps://.
Once that’s done, click create config button which will create configuration based on the information you entered. You need to copy the configuration and save it as config.inc.php within the /usr/share/nginx/roundcube/config/ directory.
Click continue button. In the final step, test your SMTP and IMAP settings by sending a test email and checking IMAP login.
After the test, go to your Webmail domain without /installer and login.
Roundcube Webmail interface
Now you should remove the whole installer folder from the document root or make sure that enable_installer option in config.inc.php is disabled.
sudo rm /usr/share/nginx/roundcubemail/installer/ -r
These files may expose sensitive configuration data like server passwords and encryption keys to the public. Make sure you cannot access this installer from your browser.
That’s it!
I hope this tutorial helped you install Roundcube Webmail on Ubuntu 16.04 with Nginx, MariaDB and PHP7. As always, if you found this post useful, subscribe to our free newsletter or follow us on Google+, Twitter or like our Facebook page.
Previous Post
Next Post
