Easy RoundCube (Over SSL) And Webmin With fail2ban For ISPConfig 3 On Debian Squeeze

Want to support HowtoForge? Become a subscriber!
 
Submitted by 8omas (Contact Author) (Forums) on Wed, 2011-03-02 17:59. :: Debian | ISPConfig | Monitoring

Easy RoundCube (Over SSL) And Webmin With fail2ban For ISPConfig 3 On Debian Squeeze

Author: Thomas (http://iopen.gr)
Last edited: 2011-03-09

I prefer the RoundCube solution over the default in ISPConfig 3. I also find it useful to have the webmin installed in all my systems. In this post you can see a very fast way to have both of them installed, in companion with the great support of fail2ban. Finally I want to access all of them over SSL (even phpmyadmin -- see the tip in the end).

I assume that you have followed falko's guide:

The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Courier [ISPConfig 3]

If you want to access ISPConfig Panel and webmail through SSL I also assume that you followed the chapter 6.2 Enabling SSL For The ISPConfig Web Interface of The ISPConfig 3 manual  or this post (this is only needed if you want to access the control panel AND the webmail interface through ssl on port 8080).

If you followed the above (and chapter 6.3 -- enabling SuExec), then I finally assume that you read the workaround in this post.

 

Webmin

Download the latest webmin from http://www.webmin.com/download.html...

wget http://prdownloads.sourceforge.net/webadmin/webmin_1.530_all.deb

... and install it:

dpkg -i webmin_1.530_all.deb

 

RoundCube

If you don't want Squirrelmail remove it...

apt-get remove squirrelmail

... and delete the file /etc/apache2/conf.d/squirrelmail.conf:

rm /etc/apache2/conf.d/squirrelmail.conf

OR if you want it edit the /etc/apache2/conf.d/squirrelmail.conf and change the alias to something like 'webmail1'.

Install RoundCube (you MUST have the mysql administrator's password before you proceed) :

apt-get install roundcube roundcube-mysql

You will be asked some questions about the password of the db administrator and the new user for roundcube and his database (and the password). Answer those questions and continue. If something goes wrong you can always run:

dpkg-reconfigure roundcube-core

For more information, please see this post.

For everyone to be able to access his webmail (under his domain name) you have to create or edit the file /etc/apache2/conf.d/roundcube.conf so as to set the alias to 'webmail'. If you want SSL you should include the last two directives to have Apache ALWAYS redirect to your ssl installation of ISPConfig 3.

# Those aliases do not work properly with several hosts on your apache server
# Uncomment them to use it or adapt them to your configuration
# Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
Alias /webmail /var/lib/roundcube
Alias /roundcube /var/lib/roundcube

# Access to tinymce files
<Directory "/usr/share/tinymce/www/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
allow from all
</Directory>

<Directory /var/lib/roundcube/>
Options +FollowSymLinks
# This is needed to parse /var/lib/roundcube/.htaccess. See its
# content before setting AllowOverride to None.
AllowOverride All
order allow,deny
allow from all
</Directory>

# Protecting basic directories:
<Directory /var/lib/roundcube/config>
Options -FollowSymLinks
AllowOverride None
</Directory>

<Directory /var/lib/roundcube/temp>
Options -FollowSymLinks
AllowOverride None
Order allow,deny
Deny from all
</Directory>

<Directory /var/lib/roundcube/logs>
Options -FollowSymLinks
AllowOverride None
Order allow,deny
Deny from all
</Directory>




<IfModule mod_rewrite.c>
<IfModule mod_ssl.c>
<Location /webmail>
RewriteEngine on
RewriteCond %{HTTPS} !^on$ [NC]
RewriteRule . https://%{HTTP_HOST}:8080%{REQUEST_URI} [L]

</Location>
</IfModule>
</IfModule>

<IfModule mod_rewrite.c>
<IfModule mod_ssl.c>
<Location /roundcube>
RewriteEngine on
RewriteCond %{HTTPS} !^on$ [NC]
RewriteRule . https://%{HTTP_HOST}:8080%{REQUEST_URI} [L]
</Location>
</IfModule>
</IfModule>

Edit /var/lib/roundcube/config/main.inc.php and EDIT some variables in the file:

auto_create_user = TRUE;
$rcmail_config['default_host'] = 'localhost';

If you want to install the following plugin (the logger that helps fail2ban) you have to extend the list of plugins in the same file. If the only plugin is the one that will be istalled right afterward you have to edit the line as below:

$rcmail_config['plugins'] = array('fail2ban'); 

Install the roundcube logger plugin form http://mattrude.com/projects/roundcube-fail2ban-plugin/.

Basically you have to download the above file (fail2ban.php) and paste it in the fail2ban folder in the plugins folder of roundcube: /usr/share/roundcube/plugins/fail2ban/fail2ban.php

This plugin will first create and then update the log file with each login attempt: /var/log/roundcube/userlogins

 

Fail2ban

Extend the jail.local file that Falko suggests in The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Courier [ISPConfig 3]: /etc/fail2ban/jail.local

You have to paste:

[roundcube]
enabled  = true
port     = http,8080
filter   = roundcube
logpath  = /var/log/roundcube/userlogins
maxretry = 5
[webmin-auth]
enabled = true
port    = 10000
filter  = webmin-auth
logpath  = /var/log/auth.log
maxretry = 3 

The 8080 port in roundcube is only needed if you enabled the redirection to https.

Last (and very important) don't forget to create the roundcube.conf file /etc/fail2ban/filter.d/roundcube.conf with the contents below:

[Definition]
failregex = FAILED login for .*. from <host>
ignoreregex =

Lucky us the webmin-auth filter is already done for us by the fail2ban guys. Restart fail2ban:

/etc/init.d/fail2ban restart

 

phpMyAdmin (SSL Tip)

If you want to access phpMyAdmin over ssl, you can apply the same tip as with RoundCube. Edit the file /etc/apache2/conf.d/phpmyadmin.conf and paste the following lines at the end of the file:

<IfModule mod_rewrite.c>
<IfModule mod_ssl.c>
<Location /phpmyadmin>
RewriteEngine on
RewriteCond %{HTTPS} !^on$ [NC]
RewriteRule . https://%{HTTP_HOST}:8080%{REQUEST_URI} [L]
</Location>
</IfModule>
</IfModule>

After this, restart Apache:

/etc/init.d/apache2 restart


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by suther (not registered) on Tue, 2013-11-05 11:06.
You write that the config-file is 

/etc/apache2/conf.d/roundcube.conf 

On my squeeze it was on:

/etc/apache2/conf.d/roundcube  and this link to: /etc/roundcube/apache.conf

 /var/lib/roundcube/config/main.inc.php: the var is not named auto_create_user but $rcmail_config['auto_create_user'] and is still set to TRUE

But the End of the Game, I can't reach the webmail by enter mydomain.de/webmail/.

The Apache error-Log say: SoftException in Application.cpp:221: File "/usr/share/roundcube/index.php" is not in document root of Vhost "/var/www/ispconfig/"

This is of using suPHP module. To fix this, I have add this to /etc/apache2/conf.d/roundcube:

 <IfModule mod_php5.c>

AddType application/x-httpd-php .php

php_flag magic_quotes_gpc Off

php_flag track_vars On

php_admin_flag allow_url_fopen Off

php_value include_path .:/usr/share/php:/usr/share/pear

php_admin_value upload_tmp_dir /var/lib/roundcube/temp

php_admin_value open_basedir /usr/share/php:/usr/share/pear:/usr/lib/roundcube:/etc/roundcube:/usr/share/roundcube:/var/lib/roundcube:/var/log/roundcube

php_flag register_globals off

</IfModule>



Submitted by djkoelkast (not registered) on Thu, 2011-12-08 19:42.

I would install webmin like this:

aptitude install webmin

because this will install all dependencies as well as the latest version of webmin.

Submitted by Anonymous (not registered) on Tue, 2011-04-26 23:12.
[quote]apt-get install roundcube roundcube-mysql[/quote] Problem here is : Reading package lists... Done Building dependency tree Reading state information... Done Package roundcube is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package roundcube has no installation candidate I cant find any roundcube packafe with apt-get. So what shall i do ?1 o.O greetings