2014-10-20 20:20:24 +00:00
|
|
|
#!/bin/bash
|
2014-09-21 20:05:11 +00:00
|
|
|
# Webmail with Roundcube
|
|
|
|
# ----------------------
|
2013-09-07 20:53:25 +00:00
|
|
|
|
2014-06-03 11:12:38 +00:00
|
|
|
source setup/functions.sh # load our functions
|
2014-03-17 00:46:59 +00:00
|
|
|
source /etc/mailinabox.conf # load global vars
|
|
|
|
|
2014-09-21 20:05:11 +00:00
|
|
|
# ### Installing Roundcube
|
|
|
|
|
|
|
|
# We install Roundcube from sources, rather than from Ubuntu, because:
|
|
|
|
#
|
|
|
|
# 1. Ubuntu's `roundcube-core` package has dependencies on Apache & MySQL, which we don't want.
|
2014-07-08 00:37:53 +00:00
|
|
|
#
|
2014-09-21 20:05:11 +00:00
|
|
|
# 2. The Roundcube shipped with Ubuntu is consistently out of date.
|
2014-07-08 00:37:53 +00:00
|
|
|
#
|
2014-09-21 20:05:11 +00:00
|
|
|
# 3. It's packaged incorrectly --- it seems to be missing a directory of files.
|
2014-07-08 00:37:53 +00:00
|
|
|
#
|
|
|
|
# So we'll use apt-get to manually install the dependencies of roundcube that we know we need,
|
|
|
|
# and then we'll manually install roundcube from source.
|
2014-04-25 12:25:47 +00:00
|
|
|
|
2014-09-21 20:05:11 +00:00
|
|
|
# These dependencies are from `apt-cache showpkg roundcube-core`.
|
2015-08-19 19:58:35 +00:00
|
|
|
echo "Installing Roundcube (webmail)..."
|
2014-05-01 19:13:00 +00:00
|
|
|
apt_install \
|
2015-02-12 19:53:17 +00:00
|
|
|
dbconfig-common \
|
2019-12-01 21:10:04 +00:00
|
|
|
php-cli php-sqlite3 php-intl php-json php-common php-curl php-ldap \
|
2022-04-22 23:20:41 +00:00
|
|
|
php-gd php-pspell libjs-jquery libjs-jquery-mousewheel libmagic1 php-mbstring
|
2017-07-10 20:56:59 +00:00
|
|
|
|
2014-09-24 12:46:42 +00:00
|
|
|
# Install Roundcube from source if it is not already present or if it is out of date.
|
2017-07-10 21:30:08 +00:00
|
|
|
# Combine the Roundcube version number with the commit hash of plugins to track
|
|
|
|
# whether we have the latest version of everything.
|
2022-01-08 13:21:54 +00:00
|
|
|
# For the latest versions, see:
|
|
|
|
# https://github.com/roundcube/roundcubemail/releases
|
|
|
|
# https://github.com/mfreiholz/persistent_login/commits/master
|
|
|
|
# https://github.com/stremlau/html5_notifier/commits/master
|
|
|
|
# https://github.com/mstilkerich/rcmcarddav/releases
|
|
|
|
# The easiest way to get the package hashes is to run this script and get the hash from
|
|
|
|
# the error message.
|
|
|
|
VERSION=1.5.2
|
|
|
|
HASH=208ce4ca0be423cc0f7070ff59bd03588b4439bf
|
2021-11-04 22:59:10 +00:00
|
|
|
PERSISTENT_LOGIN_VERSION=59ca1b0d3a02cff5fa621c1ad581d15f9d642fe8
|
2021-04-13 07:50:23 +00:00
|
|
|
HTML5_NOTIFIER_VERSION=68d9ca194212e15b3c7225eb6085dbcf02fd13d7 # version 0.6.4+
|
2021-12-29 21:27:15 +00:00
|
|
|
CARDDAV_VERSION=4.3.0
|
|
|
|
CARDDAV_HASH=4ad7df8843951062878b1375f77c614f68bc5c61
|
2022-02-01 20:02:18 +00:00
|
|
|
CONTEXT_MENU_VERSION=602a3812922fb8f71814eb3b8d91e9b7859aab7e # version 3.2.1
|
2022-04-20 22:08:28 +00:00
|
|
|
TWOFACT_COMMIT=06e21b0c03aeeb650ee4ad93538873185f776f8b # master @ 21-04-2022
|
2017-01-15 15:46:33 +00:00
|
|
|
|
2021-10-28 19:56:50 +00:00
|
|
|
UPDATE_KEY=$VERSION:$PERSISTENT_LOGIN_VERSION:$HTML5_NOTIFIER_VERSION:$CARDDAV_VERSION:$CONTEXT_MENU_VERSION:$TWOFACT_COMMIT
|
2017-01-15 15:46:33 +00:00
|
|
|
|
|
|
|
# paths that are often reused.
|
|
|
|
RCM_DIR=/usr/local/lib/roundcubemail
|
|
|
|
RCM_PLUGIN_DIR=${RCM_DIR}/plugins
|
|
|
|
RCM_CONFIG=${RCM_DIR}/config/config.inc.php
|
|
|
|
|
2014-09-24 12:46:42 +00:00
|
|
|
needs_update=0 #NODOC
|
|
|
|
if [ ! -f /usr/local/lib/roundcubemail/version ]; then
|
2014-10-04 21:57:26 +00:00
|
|
|
# not installed yet #NODOC
|
2014-09-24 12:46:42 +00:00
|
|
|
needs_update=1 #NODOC
|
2021-05-03 23:28:23 +00:00
|
|
|
elif [[ "$UPDATE_KEY" != $(cat /usr/local/lib/roundcubemail/version) ]]; then
|
2014-09-24 12:46:42 +00:00
|
|
|
# checks if the version is what we want
|
|
|
|
needs_update=1 #NODOC
|
|
|
|
fi
|
|
|
|
if [ $needs_update == 1 ]; then
|
2019-12-01 21:10:04 +00:00
|
|
|
# if upgrading from 1.3.x, clear the temp_dir
|
|
|
|
if [ -f /usr/local/lib/roundcubemail/version ]; then
|
|
|
|
if [ "$(cat /usr/local/lib/roundcubemail/version | cut -c1-3)" == '1.3' ]; then
|
|
|
|
find /var/tmp/roundcubemail/ -type f ! -name 'RCMTEMP*' -delete
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2015-03-08 19:02:49 +00:00
|
|
|
# install roundcube
|
2015-04-11 19:21:38 +00:00
|
|
|
wget_verify \
|
2017-07-10 21:30:08 +00:00
|
|
|
https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz \
|
2015-04-11 19:21:38 +00:00
|
|
|
$HASH \
|
|
|
|
/tmp/roundcube.tgz
|
2016-01-09 14:17:20 +00:00
|
|
|
tar -C /usr/local/lib --no-same-owner -zxf /tmp/roundcube.tgz
|
2014-10-20 12:48:12 +00:00
|
|
|
rm -rf /usr/local/lib/roundcubemail
|
2017-01-15 15:46:33 +00:00
|
|
|
mv /usr/local/lib/roundcubemail-$VERSION/ $RCM_DIR
|
2014-07-08 00:37:53 +00:00
|
|
|
rm -f /tmp/roundcube.tgz
|
2013-09-07 20:53:25 +00:00
|
|
|
|
2015-05-29 19:49:40 +00:00
|
|
|
# install roundcube persistent_login plugin
|
2017-01-15 15:46:33 +00:00
|
|
|
git_clone https://github.com/mfreiholz/Roundcube-Persistent-Login-Plugin.git $PERSISTENT_LOGIN_VERSION '' ${RCM_PLUGIN_DIR}/persistent_login
|
2015-05-29 19:49:40 +00:00
|
|
|
|
2015-09-05 21:33:19 +00:00
|
|
|
# install roundcube html5_notifier plugin
|
2017-01-15 15:46:33 +00:00
|
|
|
git_clone https://github.com/kitist/html5_notifier.git $HTML5_NOTIFIER_VERSION '' ${RCM_PLUGIN_DIR}/html5_notifier
|
|
|
|
|
2021-12-29 21:27:15 +00:00
|
|
|
# download and verify the full release of the carddav plugin. Can't use git_clone because repository does not include all dependencies
|
2021-08-02 20:47:42 +00:00
|
|
|
wget_verify \
|
|
|
|
https://github.com/mstilkerich/rcmcarddav/releases/download/v${CARDDAV_VERSION}/carddav-v${CARDDAV_VERSION}.tar.gz \
|
|
|
|
$CARDDAV_HASH \
|
|
|
|
/tmp/carddav.tar.gz
|
|
|
|
|
|
|
|
# unzip and cleanup
|
|
|
|
tar -C ${RCM_PLUGIN_DIR} --no-same-owner -zxf /tmp/carddav.tar.gz
|
|
|
|
rm -f /tmp/carddav.tar.gz
|
|
|
|
|
2021-08-02 20:09:04 +00:00
|
|
|
# install roundcube context menu plugin
|
2021-08-01 22:44:47 +00:00
|
|
|
git_clone https://github.com/johndoh/roundcube-contextmenu.git $CONTEXT_MENU_VERSION '' ${RCM_PLUGIN_DIR}/contextmenu
|
|
|
|
|
2021-10-28 19:56:50 +00:00
|
|
|
# install two factor totp authenticator
|
|
|
|
git_clone https://github.com/alexandregz/twofactor_gauthenticator.git $TWOFACT_COMMIT '' ${RCM_PLUGIN_DIR}/twofactor_gauthenticator
|
|
|
|
|
2015-03-08 19:02:49 +00:00
|
|
|
# record the version we've installed
|
2017-01-15 15:46:33 +00:00
|
|
|
echo $UPDATE_KEY > ${RCM_DIR}/version
|
2014-07-08 00:37:53 +00:00
|
|
|
fi
|
2013-09-07 20:53:25 +00:00
|
|
|
|
2014-09-21 20:05:11 +00:00
|
|
|
# ### Configuring Roundcube
|
|
|
|
|
2021-04-23 21:02:31 +00:00
|
|
|
# Generate a secret key of PHP-string-safe characters appropriate
|
|
|
|
# for the cipher algorithm selected below.
|
|
|
|
SECRET_KEY=$(dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 | sed s/=//g)
|
2014-07-08 00:37:53 +00:00
|
|
|
|
|
|
|
# Create a configuration file.
|
|
|
|
#
|
|
|
|
# For security, temp and log files are not stored in the default locations
|
|
|
|
# which are inside the roundcube sources directory. We put them instead
|
|
|
|
# in normal places.
|
2017-01-15 15:46:33 +00:00
|
|
|
cat > $RCM_CONFIG <<EOF;
|
2014-07-08 00:37:53 +00:00
|
|
|
<?php
|
|
|
|
/*
|
|
|
|
* Do not edit. Written by Mail-in-a-Box. Regenerated on updates.
|
|
|
|
*/
|
|
|
|
\$config = array();
|
|
|
|
\$config['log_dir'] = '/var/log/roundcubemail/';
|
2017-12-18 13:12:45 +00:00
|
|
|
\$config['temp_dir'] = '/var/tmp/roundcubemail/';
|
2014-07-08 00:37:53 +00:00
|
|
|
\$config['db_dsnw'] = 'sqlite:///$STORAGE_ROOT/mail/roundcube/roundcube.sqlite?mode=0640';
|
2016-05-16 11:14:45 +00:00
|
|
|
\$config['default_host'] = 'ssl://localhost';
|
2014-07-08 00:37:53 +00:00
|
|
|
\$config['default_port'] = 993;
|
2017-07-10 20:56:59 +00:00
|
|
|
\$config['imap_conn_options'] = array(
|
|
|
|
'ssl' => array(
|
|
|
|
'verify_peer' => false,
|
|
|
|
'verify_peer_name' => false,
|
|
|
|
),
|
|
|
|
);
|
2021-04-17 21:00:14 +00:00
|
|
|
\$config['imap_timeout'] = 180;
|
2016-05-06 13:06:52 +00:00
|
|
|
\$config['smtp_server'] = 'tls://127.0.0.1';
|
2017-07-10 20:56:59 +00:00
|
|
|
\$config['smtp_conn_options'] = array(
|
|
|
|
'ssl' => array(
|
|
|
|
'verify_peer' => false,
|
|
|
|
'verify_peer_name' => false,
|
|
|
|
),
|
|
|
|
);
|
2014-07-08 00:37:53 +00:00
|
|
|
\$config['support_url'] = 'https://mailinabox.email/';
|
2016-04-09 08:23:20 +00:00
|
|
|
\$config['product_name'] = '$PRIMARY_HOSTNAME Webmail';
|
2021-04-23 21:02:31 +00:00
|
|
|
\$config['cipher_method'] = 'AES-256-CBC'; # persistent login cookie and potentially other things
|
|
|
|
\$config['des_key'] = '$SECRET_KEY'; # 37 characters -> ~256 bits for AES-256, see above
|
2021-10-28 19:56:50 +00:00
|
|
|
\$config['plugins'] = array('html5_notifier', 'archive', 'zipdownload', 'password', 'managesieve', 'jqueryui', 'persistent_login', 'carddav', 'markasjunk', 'contextmenu', 'twofactor_gauthenticator');
|
2019-12-01 21:10:04 +00:00
|
|
|
\$config['skin'] = 'elastic';
|
2014-07-08 00:37:53 +00:00
|
|
|
\$config['login_autocomplete'] = 2;
|
2021-10-19 21:07:02 +00:00
|
|
|
\$config['login_username_filter'] = 'email';
|
2014-07-08 00:37:53 +00:00
|
|
|
\$config['password_charset'] = 'UTF-8';
|
|
|
|
\$config['junk_mbox'] = 'Spam';
|
|
|
|
?>
|
|
|
|
EOF
|
|
|
|
|
2017-01-15 15:46:33 +00:00
|
|
|
# Configure CardDav
|
|
|
|
cat > ${RCM_PLUGIN_DIR}/carddav/config.inc.php <<EOF;
|
|
|
|
<?php
|
|
|
|
/* Do not edit. Written by Mail-in-a-Box. Regenerated on updates. */
|
2017-03-27 12:16:36 +00:00
|
|
|
\$prefs['_GLOBAL']['hide_preferences'] = true;
|
|
|
|
\$prefs['_GLOBAL']['suppress_version_warning'] = true;
|
2017-01-15 15:46:33 +00:00
|
|
|
\$prefs['ownCloud'] = array(
|
|
|
|
'name' => 'ownCloud',
|
2017-03-27 12:16:36 +00:00
|
|
|
'username' => '%u', // login username
|
|
|
|
'password' => '%p', // login password
|
2021-04-11 10:14:41 +00:00
|
|
|
'url' => 'https://${PRIMARY_HOSTNAME}/cloud/remote.php/dav/addressbooks/users/%u/contacts',
|
2017-01-15 15:46:33 +00:00
|
|
|
'active' => true,
|
|
|
|
'readonly' => false,
|
|
|
|
'refresh_time' => '02:00:00',
|
2021-11-07 21:55:48 +00:00
|
|
|
'fixed' => array('username'),
|
2017-01-15 15:46:33 +00:00
|
|
|
'preemptive_auth' => '1',
|
|
|
|
'hide' => false,
|
|
|
|
);
|
2018-08-05 13:27:35 +00:00
|
|
|
?>
|
2017-01-15 15:46:33 +00:00
|
|
|
EOF
|
|
|
|
|
2014-07-08 00:37:53 +00:00
|
|
|
# Create writable directories.
|
2017-12-18 13:12:45 +00:00
|
|
|
mkdir -p /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
|
|
|
|
chown -R www-data.www-data /var/log/roundcubemail /var/tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
|
2013-09-07 20:53:25 +00:00
|
|
|
|
2016-08-18 12:32:14 +00:00
|
|
|
# Ensure the log file monitored by fail2ban exists, or else fail2ban can't start.
|
2020-06-07 13:50:04 +00:00
|
|
|
sudo -u www-data touch /var/log/roundcubemail/errors.log
|
2016-08-18 12:32:14 +00:00
|
|
|
|
2014-04-30 17:07:15 +00:00
|
|
|
# Password changing plugin settings
|
2017-01-15 15:46:33 +00:00
|
|
|
# The config comes empty by default, so we need the settings
|
2014-04-30 17:07:15 +00:00
|
|
|
# we're not planning to change in config.inc.dist...
|
2017-01-15 15:46:33 +00:00
|
|
|
cp ${RCM_PLUGIN_DIR}/password/config.inc.php.dist \
|
|
|
|
${RCM_PLUGIN_DIR}/password/config.inc.php
|
2014-04-30 17:07:15 +00:00
|
|
|
|
2021-03-11 22:25:58 +00:00
|
|
|
tools/editconf.py ${RCM_PLUGIN_DIR}/password/config.inc.php \
|
2017-02-14 19:24:59 +00:00
|
|
|
"\$config['password_minimum_length']=8;" \
|
2014-07-08 00:37:53 +00:00
|
|
|
"\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \
|
|
|
|
"\$config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \
|
|
|
|
"\$config['password_dovecotpw']='/usr/bin/doveadm pw';" \
|
|
|
|
"\$config['password_dovecotpw_method']='SHA512-CRYPT';" \
|
|
|
|
"\$config['password_dovecotpw_with_method']=true;"
|
2013-09-07 20:53:25 +00:00
|
|
|
|
2014-07-08 00:37:53 +00:00
|
|
|
# so PHP can use doveadm, for the password changing plugin
|
2014-04-30 17:07:15 +00:00
|
|
|
usermod -a -G dovecot www-data
|
|
|
|
|
|
|
|
# set permissions so that PHP can use users.sqlite
|
|
|
|
# could use dovecot instead of www-data, but not sure it matters
|
|
|
|
chown root.www-data $STORAGE_ROOT/mail
|
|
|
|
chmod 775 $STORAGE_ROOT/mail
|
2017-01-15 15:46:33 +00:00
|
|
|
chown root.www-data $STORAGE_ROOT/mail/users.sqlite
|
|
|
|
chmod 664 $STORAGE_ROOT/mail/users.sqlite
|
|
|
|
|
|
|
|
# Fix Carddav permissions:
|
|
|
|
chown -f -R root.www-data ${RCM_PLUGIN_DIR}/carddav
|
|
|
|
# root.www-data need all permissions, others only read
|
|
|
|
chmod -R 774 ${RCM_PLUGIN_DIR}/carddav
|
2014-04-30 17:07:15 +00:00
|
|
|
|
2016-09-19 15:10:44 +00:00
|
|
|
# Run Roundcube database migration script (database is created if it does not exist)
|
2017-01-15 15:46:33 +00:00
|
|
|
${RCM_DIR}/bin/updatedb.sh --dir ${RCM_DIR}/SQL --package roundcube
|
2016-12-05 22:31:20 +00:00
|
|
|
chown www-data:www-data $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
|
|
|
|
chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
|
2016-06-02 11:47:32 +00:00
|
|
|
|
2014-04-18 00:17:24 +00:00
|
|
|
# Enable PHP modules.
|
2018-08-24 12:46:08 +00:00
|
|
|
phpenmod -v php mcrypt imap
|
2020-07-15 14:28:02 +00:00
|
|
|
restart_service php$(php_version)-fpm
|