Mailserver: Postfix+Dovecot+Roundcube installation guide

Today I’m going to install mail server on my EC2 instance. Here is step-by-step guide how I did it.
Lets start with switching to root user:

  1. sudo -i
sudo -i

Step 1. Install packages

Lets install required packages:
apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-lmtpd dovecot-mysql

During installation do not generate certificate, we will do it later.

Postfix installation start screen. Select Internet site

2.postfix_conf_screen
Postfix. select domain name.

2.1.Postfix

Step 2. Create database, its structure. Insert requited data:

Create database «servermail».

  1. mysqladmin -p create servermail
mysqladmin -p create servermail

Login as mysql admin

  1. mysql -u root -p
mysql -u root -p

Create a new user, specific for mail authentication with select permission

  1. GRANT SELECT ON servermail.* TO 'usermail'@'127.0.0.1' IDENTIFIED BY 'USERMAIL_PASSWORD';
  2.  FLUSH PRIVILEGES;
GRANT SELECT ON servermail.* TO 'usermail'@'127.0.0.1' IDENTIFIED BY 'USERMAIL_PASSWORD';
 FLUSH PRIVILEGES;

Switch to new database

  1. USE servermail;
USE servermail;

Create DB structure:

  1. CREATE TABLE `virtual_domains` (
  2.  `id` INT NOT NULL AUTO_INCREMENT,
  3.  `name` VARCHAR(50) NOT NULL,
  4.  PRIMARY KEY (`id`)
  5.  ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `virtual_domains` (
 `id` INT NOT NULL AUTO_INCREMENT,
 `name` VARCHAR(50) NOT NULL,
 PRIMARY KEY (`id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  1. CREATE TABLE `virtual_users` (
  2.  `id` INT NOT NULL AUTO_INCREMENT,
  3.  `domain_id` INT NOT NULL,
  4.  `password` VARCHAR(106) NOT NULL,
  5.  `email` VARCHAR(120) NOT NULL,
  6.  PRIMARY KEY (`id`),
  7.  UNIQUE KEY `email` (`email`),
  8.  FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
  9.  ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `virtual_users` (
 `id` INT NOT NULL AUTO_INCREMENT,
 `domain_id` INT NOT NULL,
 `password` VARCHAR(106) NOT NULL,
 `email` VARCHAR(120) NOT NULL,
 PRIMARY KEY (`id`),
 UNIQUE KEY `email` (`email`),
 FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  1. CREATE TABLE `virtual_aliases` (
  2.  `id` INT NOT NULL AUTO_INCREMENT,
  3.  `domain_id` INT NOT NULL,
  4.  `source` varchar(100) NOT NULL,
  5.  `destination` varchar(100) NOT NULL,
  6.  PRIMARY KEY (`id`),
  7.  FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
  8.  ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `virtual_aliases` (
 `id` INT NOT NULL AUTO_INCREMENT,
 `domain_id` INT NOT NULL,
 `source` varchar(100) NOT NULL,
 `destination` varchar(100) NOT NULL,
 PRIMARY KEY (`id`),
 FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Fill up DB

  1. INSERT INTO `servermail`.`virtual_domains`
  2.  (`id` ,`name`)
  3.  VALUES
  4.  ('1', 'domain.com'),
  5.  ('2', 'mail.domain.com')
  6.  ;
INSERT INTO `servermail`.`virtual_domains`
 (`id` ,`name`)
 VALUES
 ('1', 'domain.com'),
 ('2', 'mail.domain.com')
 ;
  1. INSERT INTO `servermail`.`virtual_users`
  2.  (`id`, `domain_id`, `password` , `email`)
  3.  VALUES
  4.  ('1', '1', ENCRYPT('USER1_PASS', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'user1@domain.com'),
  5.  ('2', '1', ENCRYPT('USER2_PASS', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'user2@domain.com')
  6.  ;
INSERT INTO `servermail`.`virtual_users`
 (`id`, `domain_id`, `password` , `email`)
 VALUES
 ('1', '1', ENCRYPT('USER1_PASS', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'user1@domain.com'),
 ('2', '1', ENCRYPT('USER2_PASS', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'user2@domain.com')
 ;
  1. /* CREATE ALIAS FOR user1@domain.com */
  2.  INSERT INTO `servermail`.`virtual_aliases`
  3.  (`id`, `domain_id`, `source`, `destination`)
  4.  VALUES
  5.  ('1', '1', 'aliasFor_user1@domain.com', 'user1@domain.com')
  6.  ;
/* CREATE ALIAS FOR user1@domain.com */
 INSERT INTO `servermail`.`virtual_aliases`
 (`id`, `domain_id`, `source`, `destination`)
 VALUES
 ('1', '1', 'aliasFor_user1@domain.com', 'user1@domain.com')
 ;

Step 3: Configure Postfix

Make backups

  1. cp /etc/postfix/main.cf /etc/postfix/main.cf.orig
cp /etc/postfix/main.cf /etc/postfix/main.cf.orig

Lets edit postfix main.cf

  1. vim /etc/postfix/main.cf
vim /etc/postfix/main.cf

Find and remove\comment lines

  1.  smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
  2.  smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
  3.  smtpd_use_tls=yes
  4.  smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
  5.  smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 smtpd_use_tls=yes
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

Add next lines:

  1.  smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem
  2.  smtpd_tls_key_file=/etc/ssl/private/dovecot.pem
  3.  smtpd_use_tls=yes
  4.  smtpd_tls_auth_only = yes
  5.  smtpd_sasl_type = dovecot
  6.  smtpd_sasl_path = private/auth
  7.  smtpd_sasl_auth_enable = yes
  8.  smtpd_recipient_restrictions =
  9.      permit_sasl_authenticated,
  10.      permit_mynetworks,
  11.      reject_unauth_destination
 smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem
 smtpd_tls_key_file=/etc/ssl/private/dovecot.pem
 smtpd_use_tls=yes
 smtpd_tls_auth_only = yes
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth
 smtpd_sasl_auth_enable = yes
 smtpd_recipient_restrictions =
     permit_sasl_authenticated,
     permit_mynetworks,
     reject_unauth_destination

Find mydestination and make changes:

  1. #mydestination = domain.com, ip-172-31-21-31.eu-central-1.compute.internal, localhost.eu-central-1.compute.internal, localhost
  2. mydestination = localhost
#mydestination = domain.com, ip-172-31-21-31.eu-central-1.compute.internal, localhost.eu-central-1.compute.internal, localhost
 mydestination = localhost

Append the following line for local mail delivery to all virtual domains listed inside the MySQL table.

  1. virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_transport = lmtp:unix:private/dovecot-lmtp

Add these three parameters to tell Postfix to configure the virtual domains, users and aliases.

  1.  virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
  2.  virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
  3.  virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
 virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
 virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
 virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf

We added three configuration files in main.cf config. Lets create these files:

  1. vim /etc/postfix/mysql-virtual-mailbox-domains.cf
vim /etc/postfix/mysql-virtual-mailbox-domains.cf

Put there content:

  1.  user = usermail
  2.  password = USERMAIL_PASSWORD
  3.  hosts = 127.0.0.1
  4.  dbname = servermail
  5.  query = SELECT 1 FROM virtual_domains WHERE name='%s'
 user = usermail
 password = USERMAIL_PASSWORD
 hosts = 127.0.0.1
 dbname = servermail
 query = SELECT 1 FROM virtual_domains WHERE name='%s'

Then, lets edit virtualboxes config

  1. vim /etc/postfix/mysql-virtual-mailbox-maps.cf
vim /etc/postfix/mysql-virtual-mailbox-maps.cf

Insert next lines:

  1.  user = usermail
  2.  password = USERMAIL_PASSWORD
  3.  hosts = 127.0.0.1
  4.  dbname = servermail
  5.  query = SELECT 1 FROM virtual_users WHERE email='%s'
 user = usermail
 password = USERMAIL_PASSWORD
 hosts = 127.0.0.1
 dbname = servermail
 query = SELECT 1 FROM virtual_users WHERE email='%s'

And last config

  1. vim /etc/postfix/mysql-virtual-alias-maps.cf
vim /etc/postfix/mysql-virtual-alias-maps.cf

Put there

  1.  user = usermail
  2.  password = USERMAIL_PASSWORD
  3.  hosts = 127.0.0.1
  4.  dbname = servermail
  5.  query = SELECT destination FROM virtual_aliases WHERE source='%s'
 user = usermail
 password = USERMAIL_PASSWORD
 hosts = 127.0.0.1
 dbname = servermail
 query = SELECT destination FROM virtual_aliases WHERE source='%s'

Lets check if settings that we did are working. First we have to restart postfix to apply all changes

  1. service postfix restart
service postfix restart

Then lets check configs. If settings are correct, you should see «1» in responses

  1.  postmap -q domain.com mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
  2.  postmap -q user1@domain.com mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
  3.  postmap -q user2@domain.com mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
 postmap -q domain.com mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
 postmap -q user1@domain.com mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
 postmap -q user2@domain.com mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf

And lets check alias (aliasFor_user1@domain.com). In response you must see parent email (user1@domain.com):

  1. postmap -q aliasFor_user1@domain.com mysql:/etc/postfix/mysql-virtual-alias-maps.cf
postmap -q aliasFor_user1@domain.com mysql:/etc/postfix/mysql-virtual-alias-maps.cf

Enable port 587 to connect securely with email clients:

  1. vim /etc/postfix/master.cf
vim /etc/postfix/master.cf

Uncomment\modify following lines:

  1. submission inet n - - - - smtpd
  2.  -o syslog_name=postfix/submission
  3.  -o smtpd_tls_security_level=encrypt
  4.  -o smtpd_sasl_auth_enable=yes
  5.  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
submission inet n - - - - smtpd
 -o syslog_name=postfix/submission
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject

Restart postfix again

  1. service postfix restart
service postfix restart

Step 4: Configure Dovecot

First, make backups. Its a good practice to have backup of original files

  1. cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
  2.  cp /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf.orig
  3.  cp /etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf.orig
  4.  cp /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext.orig
  5.  cp /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf.orig
  6.  cp /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.orig
cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
 cp /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf.orig
 cp /etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf.orig
 cp /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext.orig
 cp /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf.orig
 cp /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.orig

And lets start

  1. vim /etc/dovecot/dovecot.conf
vim /etc/dovecot/dovecot.conf

Find line !include_try /usr/share/dovecot/protocols.d/*.protocol
And add below this line next string:

  1.  protocols = imap lmtp
 protocols = imap lmtp

Uncomment line. It may be already uncommented

  1. !include conf.d/*.conf
!include conf.d/*.conf

Lets edit mail config file

  1. vim /etc/dovecot/conf.d/10-mail.conf
vim /etc/dovecot/conf.d/10-mail.conf

Find mail_location and update its value

  1.  mail_location = maildir:/var/mail/vhosts/%d/%n
 mail_location = maildir:/var/mail/vhosts/%d/%n

Find mail_privileged_group

  1. mail_privileged_group = mail
mail_privileged_group = mail

Check permissions:

  1.  ls -ld /var/mail
 ls -ld /var/mail

drwxrwsr-x 2 root mail 4096 Sep 27 10:35 /var/mail

Create a folder for each domain that we register in the MySQL table

  1. mkdir -p /var/mail/vhosts/domain.com
mkdir -p /var/mail/vhosts/domain.com

Create group «vmail», user and change folder owner:

  1.  groupadd -g 5000 vmail
  2.  useradd -g vmail -u 5000 vmail -d /var/mail
  3.  chown -R vmail:vmail /var/mail
 groupadd -g 5000 vmail
 useradd -g vmail -u 5000 vmail -d /var/mail
 chown -R vmail:vmail /var/mail

Lets edit auth file:

  1. vim /etc/dovecot/conf.d/10-auth.conf
vim /etc/dovecot/conf.d/10-auth.conf

Check and update next lines:

  1.  disable_plaintext_auth = yes
  2.  auth_mechanisms = plain login
  3.  #!include auth-system.conf.ext
  4. !include auth-sql.conf.ext
 disable_plaintext_auth = yes
 auth_mechanisms = plain login
 #!include auth-system.conf.ext
 !include auth-sql.conf.ext

Update /etc/dovecot/dovecot-sql.conf.ext file with your information for auth:

  1. vim /etc/dovecot/conf.d/auth-sql.conf.ext
vim /etc/dovecot/conf.d/auth-sql.conf.ext

Update file content to next:

  1.  passdb {
  2.      driver  = sql
  3.      args    = /etc/dovecot/dovecot-sql.conf.ext
  4.  }
  5.  userdb {
  6.      driver  = static
  7.      args    = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
  8.  }
 passdb {
     driver  = sql
     args    = /etc/dovecot/dovecot-sql.conf.ext
 }
 userdb {
     driver  = static
     args    = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
 }

We saw in this config file «/etc/dovecot/dovecot-sql.conf.ext«. Lets update it too:

  1. vim /etc/dovecot/dovecot-sql.conf.ext
vim /etc/dovecot/dovecot-sql.conf.ext

Uncomment/update/add lines:

  1.  driver = mysql
  2.  connect = host=127.0.0.1 dbname=servermail user=usermail password=USERMAIL_PASSWORD
  3.  default_pass_scheme = SHA512-CRYPT
  4.  password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';
 driver = mysql
 connect = host=127.0.0.1 dbname=servermail user=usermail password=USERMAIL_PASSWORD
 default_pass_scheme = SHA512-CRYPT
 password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';

Change owner\group for dovecot folder

  1.  chown -R vmail:dovecot /etc/dovecot
  2.  chmod -R o-rwx /etc/dovecot
 chown -R vmail:dovecot /etc/dovecot
 chmod -R o-rwx /etc/dovecot

Lets continue config updates:

  1. vim /etc/dovecot/conf.d/10-master.conf
vim /etc/dovecot/conf.d/10-master.conf

Modify block imap-login:

  1.  service imap-login {
  2.      inet_listener imap {
  3.          port = 0
  4.      }
  5.      inet_listener imaps {
  6.          port = 993
  7.          ssl = yes
  8.      }
  9. }
 service imap-login {
     inet_listener imap {
         port = 0
     }
     inet_listener imaps {
         port = 993
         ssl = yes
     }
}

Modify block lmtp:

  1.  service lmtp {
  2.      unix_listener /var/spool/postfix/private/dovecot-lmtp {
  3.          mode = 0600
  4.          user = postfix
  5.          group = postfix
  6.      }
  7.      # Create inet listener only if you can't use the above UNIX socket
  8.     #inet_listener lmtp {
  9.         # Avoid making LMTP visible for the entire internet
  10.         #address =
  11.         #port =
  12.     #}
  13. }
 service lmtp {
     unix_listener /var/spool/postfix/private/dovecot-lmtp {
         mode = 0600
         user = postfix
         group = postfix
     }
     # Create inet listener only if you can't use the above UNIX socket
     #inet_listener lmtp {
         # Avoid making LMTP visible for the entire internet
         #address =
         #port =
     #}
}

Modify auth block:

  1. service auth {
  2.   unix_listener /var/spool/postfix/private/auth {
  3.       mode = 0666
  4.       user = postfix
  5.       group = postfix
  6.   }
  7.   unix_listener auth-userdb {
  8.       mode = 0600
  9.       user = vmail
  10.       #group =
  11.  }
  12.   #unix_listener /var/spool/postfix/private/auth {
  13.      # mode = 0666
  14.  #}
  15.  user = dovecot
  16. }
service auth {
  unix_listener /var/spool/postfix/private/auth {
      mode = 0666
      user = postfix
      group = postfix
  }
  unix_listener auth-userdb {
      mode = 0600
      user = vmail
      #group =
  }
  #unix_listener /var/spool/postfix/private/auth {
      # mode = 0666
  #}
  user = dovecot
}

Modify auth-worker block:

  1. service auth-worker {
  2.      # Auth worker process is run as root by default, so that it can access
  3.     # /etc/shadow. If this isn't necessary, the user should be changed to
  4.     # $default_internal_user.
  5.     user = vmail
  6. }
service auth-worker {
     # Auth worker process is run as root by default, so that it can access
     # /etc/shadow. If this isn't necessary, the user should be changed to
     # $default_internal_user.
     user = vmail
}

Next, Lets configure SSL:

  1. vim /etc/dovecot/conf.d/10-ssl.conf
vim /etc/dovecot/conf.d/10-ssl.conf

Update/create next lines:

  1. ssl      = required
  2. ssl_cert = /etc/ssl/certs/dovecot.pem
  3. ssl_key  = /etc/ssl/private/dovecot.pem
ssl      = required
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key  = /etc/ssl/private/dovecot.pem

Lets generate self-signed certificate:

  1.  openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/dovecot.pem -keyout /etc/ssl/private/dovecot.pem
 openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/dovecot.pem -keyout /etc/ssl/private/dovecot.pem

During generation, the most important part is «Common Name«. Type there your domain.

Step 5. Install roundcube

  1. apt-get install roundcube roundcube-plugins roundcube-plugins-extra
apt-get install roundcube roundcube-plugins roundcube-plugins-extra

roundcube1

Then lets select database type:

roundcube2

vim /var/lib/roundcube/config/main.inc.php

  1. // The mail host chosen to perform the log-in.
  2. // Leave blank to show a textbox at login, give a list of hosts
  3. // to display a pulldown menu or set one host as string.
  4. // To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
  5. // Supported replacement variables:
  6. // %n - hostname ($_SERVER['SERVER_NAME'])
  7. // %t - hostname without the first part
  8. // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
  9. // %s - domain name after the '@' from e-mail address provided at login screen
  10. // For example %n = mail.domain.tld, %t = domain.tld
  11. // WARNING: After hostname change update of mail_host column in users table is
  12. //          required to match old user data records with the new host.
  13. $rcmail_config['default_host'] = 'ssl://localhost';
  14.  
  15. // TCP port used for IMAP connections
  16. $rcmail_config['default_port'] = 993;
  17.  
  18. // enforce connections over https
  19. // with this option enabled, all non-secure connections will be redirected.
  20. // set the port for the ssl connection as value of this option if it differs from the default 443
  21. $rcmail_config['force_https'] = true;
  22.  
  23. // tell PHP that it should work as under secure connection
  24. // even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set)
  25. // e.g. when you're running Roundcube behind a https proxy
  26. // this option is mutually exclusive to 'force_https' and only either one of them should be set to true.
  27. $rcmail_config['use_https'] = true;
// The mail host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
// WARNING: After hostname change update of mail_host column in users table is
//          required to match old user data records with the new host.
$rcmail_config['default_host'] = 'ssl://localhost';

// TCP port used for IMAP connections
$rcmail_config['default_port'] = 993;

// enforce connections over https
// with this option enabled, all non-secure connections will be redirected.
// set the port for the ssl connection as value of this option if it differs from the default 443
$rcmail_config['force_https'] = true;

// tell PHP that it should work as under secure connection
// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set)
// e.g. when you're running Roundcube behind a https proxy
// this option is mutually exclusive to 'force_https' and only either one of them should be set to true.
$rcmail_config['use_https'] = true;

Lets name symlink to http folder

  1. ln -s /var/lib/roundcube /home/ubuntu/httpd/roundcube
ln -s /var/lib/roundcube /home/ubuntu/httpd/roundcube

Create virtualhost for roundcube. I’ll use port 3001 for roundcube, accessible via HTTPS , you can choose another one or use subdomain.

  1. sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/roundcube<span class="highlight">.com</span>.conf
  2. vim /etc/apache2/sites-available/roundcube.com.conf
sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/roundcube<span class="highlight">.com</span>.conf
vim /etc/apache2/sites-available/roundcube.com.conf

And paste there config. You will have something like this:

  1. <IfModule mod_ssl.c>
  2.         <VirtualHost _default_:3001>
  3.                 ServerAdmin admin@domain.com
  4.                 DocumentRoot /home/ubuntu/httpd/roundcube
  5.                 ServerName domain.com
  6.  
  7.                 ErrorLog /home/ubuntu/httpd/logs/roundcube.errors.loc
  8.                 CustomLog /home/ubuntu/httpd/logs/roundcube.access.log combined
  9.  
  10.                 <Directory /home/ubuntu/httpd/roundcube>
  11.                         AllowOverride All
  12.                         Options Indexes FollowSymLinks
  13.                         Require all granted
  14.                 </Directory>
  15.  
  16.                 #   SSL Engine Switch:
  17.                #   Enable/Disable SSL for this virtual host.
  18.                SSLEngine on
  19.  
  20.                 #   If both key and certificate are stored in the same file, only the
  21.                #   SSLCertificateFile directive is needed.
  22.                SSLCertificateFile      /etc/apache2/ssl/apache.crt
  23.                 SSLCertificateKeyFile   /etc/apache2/ssl/apache.key
  24.  
  25.                 #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
  26.                <FilesMatch "\.(cgi|shtml|phtml|php)$">
  27.                                 SSLOptions +StdEnvVars
  28.                 </FilesMatch>
  29.                 <Directory /usr/lib/cgi-bin>
  30.                                 SSLOptions +StdEnvVars
  31.                 </Directory>
  32.  
  33.                 BrowserMatch "MSIE [2-6]" \
  34.                                 nokeepalive ssl-unclean-shutdown \
  35.                                 downgrade-1.0 force-response-1.0
  36.                 # MSIE 7 and newer should be able to use keepalive
  37.                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
  38.  
  39.         </VirtualHost>
  40. </IfModule>
<IfModule mod_ssl.c>
        <VirtualHost _default_:3001>
                ServerAdmin admin@domain.com
                DocumentRoot /home/ubuntu/httpd/roundcube
                ServerName domain.com

                ErrorLog /home/ubuntu/httpd/logs/roundcube.errors.loc
                CustomLog /home/ubuntu/httpd/logs/roundcube.access.log combined

                <Directory /home/ubuntu/httpd/roundcube>
                        AllowOverride All
                        Options Indexes FollowSymLinks
                        Require all granted
                </Directory>

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   If both key and certificate are stored in the same file, only the
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile      /etc/apache2/ssl/apache.crt
                SSLCertificateKeyFile   /etc/apache2/ssl/apache.key

                #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0
                # MSIE 7 and newer should be able to use keepalive
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

        </VirtualHost>
</IfModule>

Lets activate it

  1. a2ensite roundcube.com
a2ensite roundcube.com

Enable listening port 3001 in apache:

  1. vim /etc/apache2/ports.conf
vim /etc/apache2/ports.conf
  1. Listen 80
  2.  
  3. <IfModule ssl_module>
  4.         Listen 443
  5.         Listen 3001
  6. </IfModule>
  7.  
  8. <IfModule mod_gnutls.c>
  9.         Listen 443
  10. </IfModule>
Listen 80

<IfModule ssl_module>
        Listen 443
        Listen 3001
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

Then we have to restart apache

  1. service apache2 restart
service apache2 restart

Do not forget to allow port 3001 in server firewall settings.

If you have 500 error after login, try this:

  1. sudo php5enmod mcrypt
  2. sudo service apache2 restart
sudo php5enmod mcrypt
sudo service apache2 restart

It helped me =)

It's only fair to share...Share on FacebookShare on Google+Tweet about this on TwitterEmail this to someoneShare on LinkedIn

Aboutalex

Вэб-программист. Занимаюсь разработкой cервисов, написанием API, вэб-приложений. Интересна разработка приложений для высоконагруженных систем, анализ данных..

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *

один × два =