The Perfect Server - Ubuntu 16.04 (Nginx, MySQL, PHP, Postfix, BIND, Dovecot, Pure-FTPD and ISPConfig 3.1) - Page 3

15. Install Roundcube Webmail

To install Roundcube Webmail, run:

apt-get -y install roundcube roundcube-core roundcube-mysql roundcube-plugins roundcube-plugins-extra javascript-common libjs-jquery-mousewheel php-net-sieve tinymce

The installer will ask the following questions:

Configure database for roundcube with dbconfig-common? <-- Yes
MySQL application password for roundcube: <-- Press enter

Then edit the RoundCube config.inc.php configuration file:

nano /etc/roundcube/config.inc.php

and change the default host to localhost:

$config['default_host'] = 'localhost';

This prevents that Roundcube will show server name input field in the login form.

No create a symlibk so that we can use the SquirrelMail configuration in ISPConfig for Roundcube:

ln -s /usr/share/roundcube /usr/share/squirrelmail

After you have installed ISPConfig 3, you can access Roundcube as follows:

The ISPConfig apps vhost on port 8081 for nginx comes with a Roundcube configuration, so you can use http://server1.example.com:8081/webmail to access Roundcube.

If you want to use a /webmail alias that you can use from your web sites, this is a bit more complicated than for Apache because nginx does not have global aliases (i.e., aliases that can be defined for all vhosts). Therefore you have to define these aliases for each vhost from which you want to access Roundcube.

To do this, paste the following into the nginx Directives field on the Options tab of the web site in ISPConfig:

        location /roundcube {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/roundcube/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $request_filename;
                       include /etc/nginx/fastcgi_params;
                       fastcgi_param PATH_INFO $fastcgi_script_name;
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
                       fastcgi_intercept_errors on;
               }
               location ~* ^/roundcube/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /webmail {
               rewrite ^/* /roundcube last;
        }

If you use https instead of http for your vhost, you should add the line fastcgi_param HTTPS on; to your SquirrelMail configuration like this:

        location /roundcube {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/roundcube/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                       fastcgi_param HTTPS on; # <-- add this line
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $request_filename;
                       include /etc/nginx/fastcgi_params;
                       fastcgi_param PATH_INFO $fastcgi_script_name;
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
                       fastcgi_intercept_errors on;
               }
               location ~* ^/roundcube/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /webmail {
               rewrite ^/* /roundcube last;
        }

If you use both http and https for your vhost, you need to add the following section to the http {} section in /etc/nginx/nginx.conf (before any include lines) which determines if the visitor uses http or https and sets the $fastcgi_https variable (which we will use in our Roundcube configuration) accordingly:

nano /etc/nginx/nginx.conf

[...]
http {
[...]
        ## Detect when HTTPS is used
        map $scheme $fastcgi_https {
          default off;
          https on;

        }
[...]
}
[...]

Don't forget to reload nginx afterwards:

service nginx reload

Then go to the nginx Directives field again, and instead of fastcgi_param HTTPS on; you add the line fastcgi_param HTTPS $fastcgi_https; so that you can use Roundcube for both http and https requests:

        location /roundcube {
               root /usr/share/;
               index index.php index.html index.htm;
               location ~ ^/roundcube/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                       fastcgi_param HTTPS $fastcgi_https; # <-- add this line
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME $request_filename;
                       include /etc/nginx/fastcgi_params;
                       fastcgi_param PATH_INFO $fastcgi_script_name;
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
                       fastcgi_intercept_errors on;
               }
               location ~* ^/roundcube/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }
        location /webmail {
               rewrite ^/* /roundcube last;
        }

 

16. Install ISPConfig 3.1

Before you start the ISPConfig installation, make sure that Apache is stopped (if it is installed - it is possible that some of your installed packages have installed Apache as a dependency without you knowing). If Apache2 is already installed on the system, stop it now...

service apache2 stop

... and remove Apache's system startup links:

update-rc.d -f apache2 remove

Make sure that nginx is running:

service nginx restart

(If you have both Apache and nginx installed, the installer asks you which one you want to use: Apache and nginx detected. Select server to use for ISPConfig: (apache,nginx) [apache]:

Type nginx. If only Apache or Nginx are installed, this is automatically detected by the installer, and no question is asked.)

To install ISPConfig 3.1 from GIT stable branch, do this:

cd /tmp
wget -O ispconfig.tar.gz https://git.ispconfig.org/ispconfig/ispconfig3/repository/archive.tar.gz?ref=stable-3.1
tar xfz ispconfig.tar.gz
cd ispconfig3*/install/

The next step is to run

php -q install.php

This will start the ISPConfig 3.1 installer. The installer will configure all services like Postfix, Dovecot, etc. for you.

root@server1:/tmp/ispconfig3-stable-3.1-3f1331062193a94fbd64a7e39c00cb8d77eb7484/install# php install.php


--------------------------------------------------------------------------------
_____ ___________ _____ __ _ ____
|_ _/ ___| ___ \ / __ \ / _(_) /__ \
| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _ _/ /
| | `--. \ __/ | | / _ \| '_ \| _| |/ _` | |_ |
_| |_/\__/ / | | \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_| \____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
--------------------------------------------------------------------------------


>> Initial configuration

Operating System: Ubuntu 16.04.1 LTS (Xenial Xerus)

Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in "quit" (without the quotes) to stop the installer.


Select language (en,de) [en]: <-- ENTER

Installation mode (standard,expert) [standard]: <-- ENTER

Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server1.example.com]: <-- ENTER

MySQL server hostname [localhost]: <-- ENTER

MySQL server port [3306]: <-- ENTER

MySQL root username [root]: <-- ENTER

MySQL root password []: <--enter the MySQL root password here

MySQL database to create [dbispconfig]: <-- ENTER

MySQL charset [utf8]: <-- ENTER

Configuring Postgrey
Configuring Postfix
Generating a 4096 bit RSA private key
.................................................................................................................................................................................................................................................................................................................................................................................................................++
...++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- enter your 2 letter country code, e.g. DE in my case
State or Province Name (full name) [Some-State]: <-- Enter your home state
Locality Name (eg, city) []:  <-- Enter your city, in my case Lueneburg
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter your company name, in my case ISPConfig UG
Organizational Unit Name (eg, section) []: <-- Enter your Organisational unit name, I use IT here
Common Name (e.g. server FQDN or YOUR name) []: <-- Enter the server hostname, in my case server1.example.com
Email Address []: <-- Enter an email address, e.g. hostmaster@server1.example.com
Configuring Mailman
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Jailkit
Configuring Pureftpd
Configuring BIND
Configuring nginx
[INFO] service OpenVZ not detected
Configuring Ubuntu Firewall
Configuring Metronome XMPP Server
writing new private key to 'localhost.key'
-----
Country Name (2 letter code) [AU]: <-- Enter your 2 letter country code, e.g. DE in my case

Locality Name (eg, city) [City Name]: <-- Enter your city, in my case Lueneburg

Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter your company name, in my case ISPConfig UG

Organizational Unit Name (eg, section) [Infrastructure]: <-- Enter your Organisational unit name, I use IT here

Common Name (e.g. server FQDN or YOUR name) [server1.example.com]: <-- Enter the server hostname, in my case server1.example.com

Email Address [hostmaster@server1.example.com]: <-- Enter an email address, e.g. hostmaster@server1.example.com

IMPORTANT:
Localhost Key, Csr and a self-signed Cert have been saved to /etc/metronome/certs
In order to work with all clients, the server must have a trusted certificate, so use the Csr
to get a trusted certificate from your CA or replace Key and Cert with already signed files for
your domain. Clients like Pidgin dont allow to use untrusted self-signed certificates.

Configuring Fail2ban
Configuring Apps vhost
Installing ISPConfig
ISPConfig Port [8080]: <-- ENTER

Admin password [admin]: <-- Enter your desired admin password

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: <-- ENTER

Generating RSA private key, 4096 bit long modulus
....................................................++
........................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: <-- enter your 2 letter country code, e.g. DE in my case
State or Province Name (full name) [Some-State]: <-- Enter your home state
Locality Name (eg, city) []:  <-- Enter your city, in my case Lueneburg
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter your company name, in my case ISPConfig UG
Organizational Unit Name (eg, section) []: <-- Enter your Organisational unit name, I use IT here
Common Name (e.g. server FQDN or YOUR name) []: <-- Enter the server hostname, in my case server1.example.com
Email Address []: <-- Enter an email address, e.g. hostmaster@server1.example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <-- ENTER
An optional company name []: <-- ENTER
writing RSA key


Configuring DBServer
Installing ISPConfig crontab
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Detect IP addresses
Restarting services ...
Installation completed.

The installer automatically configures all underlying services, so there is no manual configuration needed.

Afterwards you can access ISPConfig 3 under http(s)://server1.example.com:8080/ or http(s)://192.168.1.100:8080/ ( http or https depends on what you chose during installation). Log in with the username admin and the password admin (you should change the default password after your first login):

The system is now ready to be used.

 

17. Additional Notes

18.1 OpenVZ

If the Ubuntu server that you've just set up in this tutorial is an OpenVZ container (virtual machine), you should do this on the host system (I'm assuming that the ID of the OpenVZ container is 101 - replace it with the correct VPSID on your system):

VPSID=101
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
  vzctl set $VPSID --capability ${CAP}:on --save
done

18.2 Virtual machine image download of this tutorial

This tutorial is available as ready to use virtual machine image in ovf/ova format that is compatible with VMWare and Virtualbox. The virtual machine image uses the following login details:

SSH / Shell Login

Username: administrator
Password: howtoforge

This user has sudo rights.

ISPConfig Login

Username: admin
Password: howtoforge

MySQL Login

Username: admin
Password: howtoforge

or login with:

sudo mysql

on th shell.

The IP of the VM is 192.168.1.100, it can be changed in the file /etc/network/interfaces. Please change all the above passwords to secure the virtual machine.

19. Links

Share this page:

Suggested articles

1 Comment(s)

Add comment

Comments

From: Gwyneth Llewelyn at: 2017-02-05 12:56:33

I was expecting this tutorial for a long, long time, mostly because of one issue: installing roundcube! I have attempted to do so several times using the older configuration (and adapting to deal with HHVM, PHP 7.0, etc.), but roundcube always eluded me. Unfortunately, it still does: somehow the database password (which is generated automatically) is not correctly set. In my case, I had to open /etc/roundcube/debian-db.php, see what the password actually was, and change it via phpMyAdmin, to allow the configuration to complete successfully.