Running Roundcube 0.7.1 On Nginx (LEMP) On Debian Squeeze/Ubuntu 11.10

Want to support HowtoForge? Become a subscriber!
 
Submitted by falko (Contact Author) (Forums) on Sun, 2012-03-04 21:09. :: Debian | Ubuntu | Web Server | nginx

Running Roundcube 0.7.1 On Nginx (LEMP) On Debian Squeeze/Ubuntu 11.10

Version 1.0
Author: Falko Timme <ft [at] falkotimme [dot] com>
Follow me on Twitter
Last edited 02/29/2012

This tutorial shows how you can install and run Roundcube webmail (version 0.7.1) web site on a Debian Squeeze or Ubuntu 11.10 system that has nginx installed instead of Apache (LEMP = Linux + nginx (pronounced "engine x") + MySQL + PHP). Roundcube webmail is a browser-based multilingual IMAP client with an application-like user interface. nginx is a HTTP server that uses much less resources than Apache and delivers pages a lot of faster, especially static files.

I do not issue any guarantee that this will work for you!

 

1 Preliminary Note

I want to install Roundcube in a vhost called www.example.com/example.com here with the document root /var/www/www.example.com/web.

You should have a working LEMP installation, as shown in these tutorials:

A note for Ubuntu users:

Because we must run all the steps from this tutorial with root privileges, we can either prepend all commands in this tutorial with the string sudo, or we become root right now by typing

sudo su

 

2 Installing APC

APC is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It's similar to other PHP opcode cachers, such as eAccelerator and XCache. It is strongly recommended to have one of these installed to speed up your PHP page.

APC can be installed as follows:

apt-get install php-apc

Now we must configure the default timezone in PHP. Open your php.ini - if you use PHP-FPM, it is /etc/php5/fpm/php.ini...

vi /etc/php5/fpm/php.ini

... and if you use spawn-fcgi, it is /etc/php5/cli/php.ini:

vi /etc/php5/cli/php.ini

[...]
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
;date.timezone =
date.timezone = "Europe/Berlin"
[...]

You can find out the correct timezone by taking a look at /etc/timezone:

cat /etc/timezone

root@server1:~# cat /etc/timezone
Europe/Berlin
root@server1:~#

If you use PHP-FPM as your FastCGI daemon (like in Installing Nginx With PHP5 (And PHP-FPM) And MySQL Support On Ubuntu 11.10), restart it as follows:

/etc/init.d/php5-fpm restart

If you use lighttpd's spawn-fcgi program as your FastCGI daemon (like in Installing Nginx With PHP5 And MySQL Support On Debian Squeeze), we must kill the current spawn-fcgi process (running on port 9000) and create a new one. Run

netstat -tap

to find out the PID of the current spawn-fcgi process:

root@server1:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:sunrpc                *:*                     LISTEN      734/portmap
tcp        0      0 *:www                   *:*                     LISTEN      2987/nginx
tcp        0      0 *:ssh                   *:*                     LISTEN      1531/sshd
tcp        0      0 *:57174                 *:*                     LISTEN      748/rpc.statd
tcp        0      0 localhost.localdom:smtp *:*                     LISTEN      1507/exim4
tcp        0      0 localhost.localdom:9000 *:*                     LISTEN      1542/php5-cgi
tcp        0      0 localhost.localdo:mysql *:*                     LISTEN      1168/mysqld
tcp        0     52 server1.example.com:ssh 192.168.0.198:2462      ESTABLISHED 1557/0
tcp6       0      0 [::]:www                [::]:*                  LISTEN      2987/nginx
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      1531/sshd
tcp6       0      0 ip6-localhost:smtp      [::]:*                  LISTEN      1507/exim4
root@server1:~#

In the above output, the PID is 1542, so we can kill the current process as follows:

kill -9 1542

Afterwards we create a new spawn-fcgi process:

/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -g www-data -f /usr/bin/php5-cgi -P /var/run/fastcgi-php.pid

 

3 Installing Roundcube

The document root of my www.example.com web site is /var/www/www.example.com/web - if it doesn't exist, create it as follows:

mkdir -p /var/www/www.example.com/web

Next we download Roundcube as a .tar.gz file from http://roundcube.net/download and place it in our document root:

cd /tmp
wget http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/0.7.1/roundcubemail-0.7.1.tar.gz
tar xvfz roundcubemail-0.7.1.tar.gz
cd roundcubemail-0.7.1/
mv * /var/www/www.example.com/web/
mv .htaccess /var/www/www.example.com/web/

It is recommended to make the document root and the Roundcube files in it writable by the nginx daemon which is running as user www-data and group www-data:

chown -R www-data:www-data /var/www/www.example.com/web

If you haven't already created a MySQL database for Roundcube (including a MySQL Roundcube user), you can do that as follows (I name the database roundcube in this example, and the user is called roundcube_admin, and his password is roundcube_admin_password):

mysqladmin -u root -p create roundcube

mysql -u root -p

GRANT ALL PRIVILEGES ON roundcube.* TO 'roundcube_admin'@'localhost' IDENTIFIED BY 'roundcube_admin_password';
GRANT ALL PRIVILEGES ON roundcube.* TO 'roundcube_admin'@'localhost.localdomain' IDENTIFIED BY 'roundcube_admin_password';

FLUSH PRIVILEGES;

quit;

Next we create an nginx vhost configuration for our www.example.com vhost in the /etc/nginx/sites-available/ directory as follows:

vi /etc/nginx/sites-available/www.example.com.vhost

server {
       listen 80;
       server_name www.example.com example.com;
       root /var/www/www.example.com/web;

       if ($http_host != "www.example.com") {
                 rewrite ^ http://www.example.com$request_uri permanent;
       }

       index index.php index.html;

       location ~ ^/favicon.ico$ {
                root /var/www/www.example.com/web/skins/default/images;
                log_not_found off;
                access_log off;
                expires max;
       }

       location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
       }

       location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
                deny all;
       }
       location ~ ^/(bin|SQL)/ {
                deny all;
       }

       # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
       location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
       }

       location ~ \.php$ {
                try_files $uri =404;
                include /etc/nginx/fastcgi_params;
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_index index.php;
       }
}

To enable the vhost, we create a symlink to it from the /etc/nginx/sites-enabled/ directory:

cd /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/www.example.com.vhost www.example.com.vhost

Reload nginx for the changes to take effect:

/etc/init.d/nginx reload


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by henrixd (not registered) on Fri, 2012-06-01 18:07.

I have this working well in my box. First default deny and then start allowing stuff.
index.php is only php that needs to handle with fcgi. Others are only static files.
part of nginx.conf:
root /usr/local/www/roundcube;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
location / { deny all; }
location = / { index index.php; }
location = /index.php {
fastcgi_pass unix:/var/run/spawn_fcgi.socket;
}
location /program/blacnk.gif {}
location /program/blocked.gif {}
location ~ ^/program/js/.*\.js$ {}
location ~ ^/skins/.*\.jpg|jpeg|gif|png|html|css|js$ {}
location ~ ^/plugins/.*\.jpg|jpeg|gif|png|html|css|js$ {}