In this post we will see How to Install Roundcube with nginx, php-fpm and mysql.

This Installation is done on Debian 7. The FQDN of my webmail server is “mail.example.com“. Roundcube webmail is a free and open source webmail solution with a desktop-like user interface which is easy to install/configure and that runs on a LAMP/LEMP server. We will run it on LEMP here. The installation requirements are described in the official roundcube documentation.

Lets install the packages. I am using the standard debian 7 repositories. It installs nginx 1.2.1, php5.4.x mysql5.5.x. During the installation process, you will be prompted to assign mysql root password. Assign a strong password.

sudo apt-get install mysql-server nginx php5-fpm php5-mysql php5-pspell php5-curl

Preparing Mysql for storing Rouncube webmail database

Install mysql tables

sudo mysql_install_db

Secure mysql installation with the following command (More information on the command below is available here.)

sudo mysql_secure_installation

Lets create a database, that will be used by the roundcube webmail application. Login to mysql as root user, with the password assigned to mysql root user

sudo mysql -u root -p

Create a database called “roundcube” and grant all the privileges of it to a user called “roundcubeuser”. Replace somepaswd with a strong password below.

create database roundcube; grant all on roundcube.* to 'roundcubeuser'@'localhost' identified by 'somepaswd'; flush privileges; quit

Tuning php5-fpm

Back up the php.ini configuration file

sudo cp -R /etc/php5/fpm/php.ini /etc/php5/fpm/php.ini.bak

Find the parameter that sets “cgi.fix_pathinfo”. This will be commented out with a semi-colon (;) and set to “1” by default.

This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if a PHP file does not match exactly. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn’t be allowed to execute.

We will change both of these conditions by uncommenting the line and setting it to “0” like this:

cgi.fix_pathinfo=0

You should also change the date.timezone parameter which is commented out with a semi-colon, remove comment and assign your time zone. Otherwise roundcube will not show date and time information of the mails in your mailbox. I have changed it something like this

date.timezone = Asia/Kolkata

Aditionally, you might also have a look at these two parameters “upload_max_filesize = 2M” and “post_max_size = 2M“. these values are set to 2 MB each the first parameter defines the size of files that may be attached to mails and second parameter defines the maximum size of the overall mail that can be sent/received. Change it to a higher value (based the maximum mail size supported by your smtp server).

Restart php5-fpm service

sudo php5-fpm restart

Create self signed ssl certificate for http to https URL redirection

sudo cd /etc/ssl sudo openssl genrsa -out ca.key 1024 sudo openssl req -new -key ca.key -out ca.csr sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

This will create your private key “ca.key” and the server certificate “ca.crt”

Installing Roundcube Webmail

Navigate inside /tmp, download the latest roundcube tarball, extract it, rename it as roundcube and copy the renamed directory to the webroot “/usr/share/nginx“. Change ownership of “/usr/share/nginx/roundcube” to “www-data” so that it is writable by the web-server user.

cd /tmp wget http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/1.0.5/roundcubemail-1.0.5.tar.gz tar -xf roundcubemail-1.0.5.tar.gz mv roundcubemail-1.0.5 roundcube sudo cp -R roundcube /usr/share/nginx sudo chown -R www-data.root /usr/share/nginx/roundcube

Create an nginx virtual host for your mail server such that all the http requests to its URL are permanently redirected to https. (We have already created the self signed ssl certificates for this purpose)

sudo cd /etc/nginx/sites-available sudo vi mail.example.com

The contents of my virtual host look like this:

server { listen 80; server_name mail.example.com; return 301 https://mail.example.com$request_uri; } server { # llisten 80 is modified to listen 443 ssl; listen 443 ssl; server_name mail.example.com; root /usr/share/nginx/roundcube; index index.php index.html index.htm; access_log /var/log/nginx/roundcube_access.log; error_log /var/log/nginx/roundcube_error.log; location / { try_files $uri $uri/ /index.php?q=$uri&$args; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/www; } location ~ ^/(README.md|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ { deny all; } location ~ ^/(config|temp|logs)/ { deny all; } location ~ /\. { deny all; access_log off; log_not_found off; } # pass the PHP scripts to FastCGI server listening on /var/run/php5-fpm.sock location ~ \.php$ { try_files $uri =404; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } ssl_certificate /etc/ssl/ca.crt; ssl_certificate_key /etc/ssl/ca.key; ssl_prefer_server_ciphers On; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; ssl_session_cache shared:SSL:20m; ssl_session_timeout 10m; add_header Strict-Transport-Security "max-age=31536000"; }

make a link of the virtual host file to “/etc/nginx/sites-enabled” and restart nginx. if any error is reported, check it for errors.

sudo cd /etc/nginx/sites-enabled sudo ln -s ../sites-available/mail.example.com sudo service nginx restart

Open the URL “http://mail.example.com/installer” to initialize roundcube installation. (You may see a connetion error beacuse we are using self signed ssl certificate. choose to contitue to the site option in you web-browser)

The installer will do an environment check first as shown in pic below

Once this is done click next it will take you to create config page. You can assign your database details created earlier as well as you imap and smtp server details.

The next screen will sown you the message about config creation status, here click continue.

In the next screen, you will be asked to initialize the database

Once this is done in the next screen you can test your mail server’s smtp and imap featues. once this is done, close the browser. There are just a two more steps before we access our webmail.

1) Move the “installer” directory inside “/usr/share/nginx/roundcube” to your home directory. This is primarily done keeping the security of roundcube in mind.

sudo mv /usr/share/nginx/roundcube/installer ~

2) Roundcube webmail tends to append “@localhost” to your username in webmail. So your mail-id becomes “username@localhost” instead of “username@example.com”. In order to make roundcube use you domain name (like username@example.com), we need to insert a line in “/usr/share/nginx/roundcube/config/config.inc.php“. Open the file in your favourite editor, and paste a line at the end of the file as described below and save it. Then restart your nginx server.

sudo vi /usr/share/nginx/roundcube/config/config.inc.php

$config['mail_domain'] = '%d';

sudo service nginx restart

Thats it..!!! This is How to Install Roundcube with nginx. We are done..!!! Access your webmail now with the url “http://mail.example.com” (You will put your own server FQDN here)