mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2025-06-09 19:10:54 +00:00
Merge 3b4830f05b into 61105b1ec3
This commit is contained in:
jvolkenant
GitHub
commit
226061c60a
@ -19,23 +19,22 @@
|
||||
alias /var/lib/mailinabox/mozilla-autoconfig.xml;
|
||||
}
|
||||
|
||||
# Roundcube Webmail configuration.
|
||||
# Rainloop Webmail configuration.
|
||||
rewrite ^/mail$ /mail/ redirect;
|
||||
rewrite ^/mail/$ /mail/index.php;
|
||||
location /mail/ {
|
||||
index index.php;
|
||||
alias /usr/local/lib/roundcubemail/;
|
||||
alias /usr/local/lib/rainloop/;
|
||||
}
|
||||
location ~ /mail/config/.* {
|
||||
# A ~-style location is needed to give this precedence over the next block.
|
||||
return 403;
|
||||
location ~ /mail/data/.* {
|
||||
deny all;
|
||||
}
|
||||
location ~ /mail/.*\.php {
|
||||
# note: ~ has precendence over a regular location block
|
||||
include fastcgi_params;
|
||||
fastcgi_split_path_info ^/mail(/.*)()$;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
|
||||
fastcgi_param SCRIPT_FILENAME /usr/local/lib/rainloop/$fastcgi_script_name;
|
||||
fastcgi_pass php-fpm;
|
||||
|
||||
# Outgoing mail also goes through this endpoint, so increase the maximum
|
||||
|
||||
225
setup/webmail.sh
225
setup/webmail.sh
@ -1,29 +1,23 @@
|
||||
#!/bin/bash
|
||||
# Webmail with Roundcube
|
||||
# Webmail with Rainloop
|
||||
# ----------------------
|
||||
|
||||
source setup/functions.sh # load our functions
|
||||
source /etc/mailinabox.conf # load global vars
|
||||
|
||||
# ### Installing Roundcube
|
||||
# ### Installing Rainloop
|
||||
|
||||
# We install Roundcube from sources, rather than from Ubuntu, because:
|
||||
#
|
||||
# 1. Ubuntu's `roundcube-core` package has dependencies on Apache & MySQL, which we don't want.
|
||||
#
|
||||
# 2. The Roundcube shipped with Ubuntu is consistently out of date.
|
||||
#
|
||||
# 3. It's packaged incorrectly --- it seems to be missing a directory of files.
|
||||
#
|
||||
# So we'll use apt-get to manually install the dependencies of roundcube that we know we need,
|
||||
# and then we'll manually install roundcube from source.
|
||||
# Rainloop's webpage (http://www.rainloop.net/downloads/) does not easily #
|
||||
# list versions as the need for VERSION_FILENAME below. #
|
||||
|
||||
# These dependencies are from `apt-cache showpkg roundcube-core`.
|
||||
echo "Installing Roundcube (webmail)..."
|
||||
#
|
||||
# Dependancies are from Roundcube, not all may be needed for Rainloop #
|
||||
|
||||
echo "Installing Rainloop (webmail)..."
|
||||
apt_install \
|
||||
dbconfig-common \
|
||||
php5 php5-sqlite php5-mcrypt php5-intl php5-json php5-common php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg php5-gd php5-pspell \
|
||||
tinymce libjs-jquery libjs-jquery-mousewheel libmagic1
|
||||
unzip \
|
||||
php5 php5-mcrypt php5-cli php5-curl php5-sqlite php-net-sieve php5-common \
|
||||
crudini
|
||||
apt_get_quiet remove php-mail-mimedecode # no longer needed since Roundcube 1.1.3
|
||||
|
||||
# We used to install Roundcube from Ubuntu, without triggering the dependencies #NODOC
|
||||
@ -34,135 +28,120 @@ apt-get purge -qq -y roundcube* #NODOC
|
||||
# Install Roundcube from source if it is not already present or if it is out of date.
|
||||
# Combine the Roundcube version number with the commit hash of vacation_sieve to track
|
||||
# whether we have the latest version.
|
||||
VERSION=1.2.1
|
||||
HASH=81fbfba4683522f6e54006d0300a48e6da3f3bbd
|
||||
VACATION_SIEVE_VERSION=91ea6f52216390073d1f5b70b5f6bea0bfaee7e5
|
||||
PERSISTENT_LOGIN_VERSION=1e9d724476a370ce917a2fcd5b3217b0c306c24e
|
||||
HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
|
||||
UPDATE_KEY=$VERSION:$VACATION_SIEVE_VERSION:$PERSISTENT_LOGIN_VERSION:$HTML5_NOTIFIER_VERSION:a
|
||||
VERSION=v1.10.2.145
|
||||
VERSION_FILENAME="rainloop-community-1.10.2.145-74dc686dd82d9f29b0fef8ceb11c2903.zip"
|
||||
HASH=ee1b9cd4c2494aaecf7d291500aee9b455bbee58
|
||||
UPDATE_KEY=$VERSION
|
||||
needs_update=0 #NODOC
|
||||
if [ ! -f /usr/local/lib/roundcubemail/version ]; then
|
||||
first_install=0
|
||||
if [ ! -f /usr/local/lib/rainloop/version ]; then
|
||||
# not installed yet #NODOC
|
||||
needs_update=1 #NODOC
|
||||
elif [[ "$UPDATE_KEY" != `cat /usr/local/lib/roundcubemail/version` ]]; then
|
||||
first_install=1
|
||||
elif [[ "$UPDATE_KEY" != "$(cat /usr/local/lib/rainloop/version)" ]]; then
|
||||
# checks if the version is what we want
|
||||
needs_update=1 #NODOC
|
||||
fi
|
||||
if [ $needs_update == 1 ]; then
|
||||
# install roundcube
|
||||
# install rainloop
|
||||
wget_verify \
|
||||
https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION.tar.gz \
|
||||
https://github.com/RainLoop/rainloop-webmail/releases/download/$VERSION/$VERSION_FILENAME \
|
||||
$HASH \
|
||||
/tmp/roundcube.tgz
|
||||
tar -C /usr/local/lib --no-same-owner -zxf /tmp/roundcube.tgz
|
||||
rm -rf /usr/local/lib/roundcubemail
|
||||
mv /usr/local/lib/roundcubemail-$VERSION/ /usr/local/lib/roundcubemail
|
||||
rm -f /tmp/roundcube.tgz
|
||||
/tmp/rainloop.zip
|
||||
# Per documentation, updates can overwrite existing files
|
||||
unzip -q -o /tmp/rainloop.zip -d /usr/local/lib/rainloop
|
||||
rm -f /tmp/rainloop.zip
|
||||
|
||||
# install roundcube autoreply/vacation plugin
|
||||
git_clone https://github.com/arodier/Roundcube-Plugins.git $VACATION_SIEVE_VERSION plugins/vacation_sieve /usr/local/lib/roundcubemail/plugins/vacation_sieve
|
||||
|
||||
# install roundcube persistent_login plugin
|
||||
git_clone https://github.com/mfreiholz/Roundcube-Persistent-Login-Plugin.git $PERSISTENT_LOGIN_VERSION '' /usr/local/lib/roundcubemail/plugins/persistent_login
|
||||
|
||||
# install roundcube html5_notifier plugin
|
||||
git_clone https://github.com/kitist/html5_notifier.git $HTML5_NOTIFIER_VERSION '' /usr/local/lib/roundcubemail/plugins/html5_notifier
|
||||
|
||||
# record the version we've installed
|
||||
echo $UPDATE_KEY > /usr/local/lib/roundcubemail/version
|
||||
echo $UPDATE_KEY > /usr/local/lib/rainloop/version
|
||||
fi
|
||||
|
||||
# ### Configuring Roundcube
|
||||
|
||||
# Generate a safe 24-character secret key of safe characters.
|
||||
SECRET_KEY=$(dd if=/dev/urandom bs=1 count=18 2>/dev/null | base64 | fold -w 24 | head -n 1)
|
||||
# ### Configuring Rainloop
|
||||
|
||||
# Create a configuration file.
|
||||
#
|
||||
# For security, temp and log files are not stored in the default locations
|
||||
# which are inside the roundcube sources directory. We put them instead
|
||||
# in normal places.
|
||||
cat > /usr/local/lib/roundcubemail/config/config.inc.php <<EOF;
|
||||
<?php
|
||||
/*
|
||||
* Do not edit. Written by Mail-in-a-Box. Regenerated on updates.
|
||||
*/
|
||||
\$config = array();
|
||||
\$config['log_dir'] = '/var/log/roundcubemail/';
|
||||
\$config['temp_dir'] = '/tmp/roundcubemail/';
|
||||
\$config['db_dsnw'] = 'sqlite:///$STORAGE_ROOT/mail/roundcube/roundcube.sqlite?mode=0640';
|
||||
\$config['default_host'] = 'ssl://localhost';
|
||||
\$config['default_port'] = 993;
|
||||
\$config['imap_timeout'] = 15;
|
||||
\$config['smtp_server'] = 'tls://127.0.0.1';
|
||||
\$config['smtp_port'] = 587;
|
||||
\$config['smtp_user'] = '%u';
|
||||
\$config['smtp_pass'] = '%p';
|
||||
\$config['support_url'] = 'https://mailinabox.email/';
|
||||
\$config['product_name'] = '$PRIMARY_HOSTNAME Webmail';
|
||||
\$config['des_key'] = '$SECRET_KEY';
|
||||
\$config['plugins'] = array('html5_notifier', 'archive', 'zipdownload', 'password', 'managesieve', 'jqueryui', 'vacation_sieve', 'persistent_login');
|
||||
\$config['skin'] = 'classic';
|
||||
\$config['login_autocomplete'] = 2;
|
||||
\$config['password_charset'] = 'UTF-8';
|
||||
\$config['junk_mbox'] = 'Spam';
|
||||
?>
|
||||
|
||||
# Some application paths are not created until the application is launched
|
||||
# this should include the internal process it has when upgrading between versions
|
||||
|
||||
# Fix permissions
|
||||
find /usr/local/lib/rainloop -type d -exec chmod 755 {} \;
|
||||
find /usr/local/lib/rainloop -type f -exec chmod 644 {} \;
|
||||
chown -R www-data:www-data /usr/local/lib/rainloop
|
||||
|
||||
# Fixing permissions needs to happen first or else curl gets
|
||||
# this error: [105] Missing version directory
|
||||
|
||||
/usr/bin/php /usr/local/lib/rainloop/index.php > /dev/null
|
||||
|
||||
|
||||
if [ $first_install == 1 ]; then
|
||||
|
||||
# Set customized configuration
|
||||
# Rainloop has a default password set, not sure yet how to integrate with userlist
|
||||
# for now we should change it from the default
|
||||
# Methods for changing password: https://github.com/RainLoop/rainloop-webmail/issues/28
|
||||
#
|
||||
# Using the Rainloop API:
|
||||
random_admin_pw=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
|
||||
|
||||
echo "<?php
|
||||
|
||||
\$_ENV['RAINLOOP_INCLUDE_AS_API'] = true;
|
||||
include '/usr/local/lib/rainloop/index.php';
|
||||
|
||||
\$oConfig = \RainLoop\Api::Config();
|
||||
\$oConfig->SetPassword('$random_admin_pw');
|
||||
echo \$oConfig->Save() ? 'Done' : 'Error';
|
||||
|
||||
?>" | /usr/bin/php
|
||||
|
||||
|
||||
crudini --set --existing /usr/local/lib/rainloop/data/_data_/_default_/configs/application.ini \
|
||||
contacts enable On
|
||||
crudini --set --existing /usr/local/lib/rainloop/data/_data_/_default_/configs/application.ini \
|
||||
contacts allow_sync On
|
||||
crudini --set --existing /usr/local/lib/rainloop/data/_data_/_default_/configs/application.ini \
|
||||
login determine_user_domain On
|
||||
crudini --set --existing /usr/local/lib/rainloop/data/_data_/_default_/configs/application.ini \
|
||||
login default_domain $PRIMARY_HOSTNAME
|
||||
|
||||
# Disable google imap login in Rainloop
|
||||
echo -n ",gmail.com" >> /usr/local/lib/rainloop/data/_data_/_default_/domains/disabled
|
||||
|
||||
# Add localhost imap/smtp
|
||||
|
||||
cat > /usr/local/lib/rainloop/data/_data_/_default_/domains/default.ini <<EOF;
|
||||
imap_host = "127.0.0.1"
|
||||
imap_port = 993
|
||||
imap_secure = "SSL"
|
||||
imap_short_login = Off
|
||||
sieve_use = On
|
||||
sieve_allow_raw = Off
|
||||
sieve_host = "127.0.0.1"
|
||||
sieve_port = 4190
|
||||
sieve_secure = "None"
|
||||
smtp_host = "127.0.0.1"
|
||||
smtp_port = 587
|
||||
smtp_secure = "TLS"
|
||||
smtp_short_login = Off
|
||||
smtp_auth = On
|
||||
smtp_php_mail = Off
|
||||
EOF
|
||||
|
||||
# Configure vaction_sieve.
|
||||
cat > /usr/local/lib/roundcubemail/plugins/vacation_sieve/config.inc.php <<EOF;
|
||||
<?php
|
||||
/* Do not edit. Written by Mail-in-a-Box. Regenerated on updates. */
|
||||
\$rcmail_config['vacation_sieve'] = array(
|
||||
'date_format' => 'd/m/Y',
|
||||
'working_hours' => array(8,18),
|
||||
'msg_format' => 'text',
|
||||
'logon_transform' => array('#([a-z])[a-z]+(\.|\s)([a-z])#i', '\$1\$3'),
|
||||
'transfer' => array(
|
||||
'mode' => 'managesieve',
|
||||
'ms_activate_script' => true,
|
||||
'host' => '127.0.0.1',
|
||||
'port' => '4190',
|
||||
'usetls' => false,
|
||||
'path' => 'vacation',
|
||||
)
|
||||
);
|
||||
EOF
|
||||
|
||||
# Create writable directories.
|
||||
mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
|
||||
chown -R www-data.www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
|
||||
# Fix permissions after editing configs
|
||||
|
||||
# Ensure the log file monitored by fail2ban exists, or else fail2ban can't start.
|
||||
sudo -u www-data touch /var/log/roundcubemail/errors
|
||||
find /usr/local/lib/rainloop -type d -exec chmod 755 {} \;
|
||||
find /usr/local/lib/rainloop -type f -exec chmod 644 {} \;
|
||||
chown -R www-data:www-data /usr/local/lib/rainloop
|
||||
|
||||
# Password changing plugin settings
|
||||
# The config comes empty by default, so we need the settings
|
||||
# we're not planning to change in config.inc.dist...
|
||||
cp /usr/local/lib/roundcubemail/plugins/password/config.inc.php.dist \
|
||||
/usr/local/lib/roundcubemail/plugins/password/config.inc.php
|
||||
|
||||
tools/editconf.py /usr/local/lib/roundcubemail/plugins/password/config.inc.php \
|
||||
"\$config['password_minimum_length']=6;" \
|
||||
"\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \
|
||||
"\$config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \
|
||||
"\$config['password_dovecotpw']='/usr/bin/doveadm pw';" \
|
||||
"\$config['password_dovecotpw_method']='SHA512-CRYPT';" \
|
||||
"\$config['password_dovecotpw_with_method']=true;"
|
||||
|
||||
# so PHP can use doveadm, for the password changing plugin
|
||||
usermod -a -G dovecot www-data
|
||||
|
||||
# set permissions so that PHP can use users.sqlite
|
||||
# could use dovecot instead of www-data, but not sure it matters
|
||||
chown root.www-data $STORAGE_ROOT/mail
|
||||
chmod 775 $STORAGE_ROOT/mail
|
||||
chown root.www-data $STORAGE_ROOT/mail/users.sqlite
|
||||
chmod 664 $STORAGE_ROOT/mail/users.sqlite
|
||||
|
||||
# Run Roundcube database migration script (database is created if it does not exist)
|
||||
/usr/local/lib/roundcubemail/bin/updatedb.sh --dir /usr/local/lib/roundcubemail/SQL --package roundcube
|
||||
fi
|
||||
|
||||
# Enable PHP modules.
|
||||
php5enmod mcrypt
|
||||
restart_service php5-fpm
|
||||
|
||||
# remove Roundcube
|
||||
rm -rf /usr/local/lib/roundcube
|
||||
|
||||
46
tools/rainloop-unlockadmin.sh
Executable file
46
tools/rainloop-unlockadmin.sh
Executable file
@ -0,0 +1,46 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# This allows for resetting the password for
|
||||
# access to Rainloop's Admin panel:
|
||||
# https://yourdomain.com/mail/?admin
|
||||
#
|
||||
|
||||
source /etc/mailinabox.conf
|
||||
|
||||
|
||||
echo "Tool for resetting Rainloop Admin Password"
|
||||
echo
|
||||
echo "Password must be 8 characters or longer."
|
||||
echo
|
||||
echo -n "Please provide a new admin password (ctrl-c to cancel):"
|
||||
read -s newpassword
|
||||
echo
|
||||
|
||||
if [ -z $newpassword ]
|
||||
then
|
||||
echo "Error: Password can not be blank."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ${#newpassword} -lt 8 ]
|
||||
then
|
||||
echo "Error: Password length must be 8 characters or longer."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
echo "<?php
|
||||
|
||||
\$_ENV['RAINLOOP_INCLUDE_AS_API'] = true;
|
||||
include '/usr/local/lib/rainloop/index.php';
|
||||
|
||||
\$oConfig = \RainLoop\Api::Config();
|
||||
\$oConfig->SetPassword('$newpassword');
|
||||
echo \$oConfig->Save() ? 'Done' : 'Error';
|
||||
|
||||
?>" | /usr/bin/php
|
||||
|
||||
echo ""
|
||||
echo "Login to Rainloop Admin Panel here using your new password:"
|
||||
echo "Username: admin"
|
||||
echo "https://$PRIMARY_HOSTNAME/mail/?admin"
|
||||
Loading…
Reference in New Issue
Block a user