315 lines
13 KiB
Text
315 lines
13 KiB
Text
INTRODUCTION
|
|
============
|
|
|
|
This file describes the basic steps to install Roundcube Webmail on your
|
|
web server. For additional information, please also consult the project's
|
|
wiki page at https://github.com/roundcube/roundcubemail/wiki
|
|
|
|
|
|
REQUIREMENTS
|
|
============
|
|
|
|
* An IMAP, HTTP and SMTP server
|
|
* .htaccess support allowing overrides for DirectoryIndex
|
|
* PHP Version 5.4 or greater, but not PHP8 including:
|
|
- PCRE, DOM, JSON, Session, Sockets, OpenSSL, Mbstring, Filter, Ctype (required)
|
|
- PHP PDO with driver for either MySQL, PostgreSQL, SQL Server, Oracle or SQLite (required)
|
|
- Iconv, Zip, Fileinfo, Intl, Exif (recommended)
|
|
- LDAP for LDAP addressbook support (optional)
|
|
- GD, Imagick (optional thumbnails generation, QR-code)
|
|
* PEAR and PEAR packages distributed with Roundcube or external:
|
|
- Mail_Mime 1.10.0 or newer
|
|
- Net_SMTP 1.8.1 or newer
|
|
- Net_Socket 1.0.12 or newer
|
|
- Net_IDNA2 0.1.1 or newer
|
|
- Auth_SASL 1.0.6 or newer
|
|
- Net_Sieve 1.4.3 or newer (for managesieve plugin)
|
|
- Crypt_GPG 1.6.3 or newer (for enigma plugin)
|
|
- Endroid/QrCode 1.6.0 or newer (https://github.com/endroid/QrCode)
|
|
- Kolab/Net_LDAP3 1.0.6 or newer (for LDAP addressbook)
|
|
- Masterminds/HTML5 2.5.x (optional HTML parser)
|
|
* php.ini options:
|
|
- error_reporting E_ALL & ~E_NOTICE & ~E_STRICT
|
|
- memory_limit > 16MB
|
|
- file_uploads enabled (for uploading attachments and import files)
|
|
- session.auto_start disabled
|
|
- suhosin.session.encrypt disabled
|
|
- mbstring.func_overload disabled
|
|
- pcre.backtrack_limit >= 100000
|
|
* A MySQL, PostgreSQL, MS SQL Server (2005 or newer), Oracle database
|
|
or SQLite support in PHP - with permission to create tables
|
|
* Composer installed either locally or globally (https://getcomposer.org)
|
|
|
|
|
|
INSTALLATION
|
|
============
|
|
|
|
1. Decompress and put this folder somewhere inside your document root.
|
|
Note: Make sure files have proper owner/group for your setup. If you use
|
|
tar command `--no-same-owner` option might be helpful.
|
|
2. In case you don't use the so-called "complete" release package,
|
|
you have to install PHP and javascript dependencies.
|
|
2.1. Install PHP dependencies using composer:
|
|
- get composer from https://getcomposer.org/download/
|
|
- rename the composer.json-dist file into composer.json
|
|
- if you want to use LDAP address books, enable the LDAP libraries in your
|
|
composer.json file by moving the items from "suggest" to the "require"
|
|
section (remove the explanation texts after the version!).
|
|
- run `php composer.phar install --no-dev`
|
|
2.2. Install Javascript dependencies by executing `bin/install-jsdeps.sh` script.
|
|
3. Make sure that the following directories (and the files within)
|
|
are writable by the webserver
|
|
- /temp
|
|
- /logs
|
|
4. Create a new database and a database user for Roundcube (see DATABASE SETUP)
|
|
5. Point your browser to http://url-to-roundcube/installer/
|
|
6. Follow the instructions of the install script (or see MANUAL CONFIGURATION)
|
|
7. After creating and testing the configuration, remove the installer directory
|
|
------------------------------------------
|
|
IMPORTANT: REMOVE THE INSTALLER DIRECTORY!
|
|
------------------------------------------
|
|
8. If you use git sources compile css files for the Elastic skin (required
|
|
lessc >= 1.5.0):
|
|
$ cd skins/elastic
|
|
$ lessc -x styles/styles.less > styles/styles.css
|
|
$ lessc -x styles/print.less > styles/print.css
|
|
$ lessc -x styles/embed.less > styles/embed.css
|
|
9. Check Known Issues section of this file
|
|
|
|
|
|
CONFIGURATION HINTS
|
|
===================
|
|
|
|
IMPORTANT! Read all comments in defaults.inc.php, understand them
|
|
and configure your installation to be not surprised by default behaviour.
|
|
|
|
Roundcube writes internal errors to the 'errors.log' log file located in the logs
|
|
directory which can be configured in config/config.inc.php. If you want ordinary
|
|
PHP errors to be logged there as well, set error_log in php.ini or .htaccess file.
|
|
|
|
Roundcube forces display_errors=Off and log_errors=On.
|
|
|
|
By default the session cookie settings of PHP are not modified by Roundcube.
|
|
However if you want to limit the session cookies to the directory where
|
|
Roundcube resides you can set session.cookie_path in the php.ini or .htaccess file.
|
|
|
|
More about PHP settings: https://github.com/roundcube/roundcubemail/wiki/Installation#php-configuration
|
|
|
|
|
|
DATABASE SETUP
|
|
==============
|
|
|
|
Note: Database for Roundcube must use UTF-8 character set.
|
|
Note: See defaults.inc.php file for examples of DSN configuration.
|
|
|
|
* MySQL
|
|
-------
|
|
Setting up the mysql database can be done by creating an empty database,
|
|
importing the table layout and granting the proper permissions to the
|
|
roundcube user. Here is an example of that procedure:
|
|
|
|
# mysql
|
|
> CREATE DATABASE roundcubemail CHARACTER SET utf8 COLLATE utf8_general_ci;
|
|
> CREATE USER roundcube@localhost IDENTIFIED BY 'password';
|
|
> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost;
|
|
> quit
|
|
|
|
# mysql roundcubemail < SQL/mysql.initial.sql
|
|
|
|
Note 1: 'password' is the master password for the roundcube user. It is strongly
|
|
recommended you replace this with a more secure password. Please keep in
|
|
mind: You need to specify this password later in 'config/db.inc.php'.
|
|
|
|
|
|
* SQLite
|
|
--------
|
|
Versions of sqlite database engine older than 3 aren't supported.
|
|
Database file and structure is created automatically by Roundcube.
|
|
Make sure your configuration points to some file location and that the
|
|
webserver can write to the file and the directory containing the file.
|
|
|
|
|
|
* PostgreSQL
|
|
------------
|
|
To use Roundcube with PostgreSQL support you have to follow these
|
|
simple steps, which have to be done as the postgres system user (or
|
|
which ever is the database superuser):
|
|
|
|
$ createuser -P roundcube
|
|
$ createdb -O roundcube -E UNICODE roundcubemail
|
|
$ psql -U roundcube -f SQL/postgres.initial.sql roundcubemail
|
|
|
|
Note: in some system configurations you might need to add '-U postgres' to
|
|
createuser and createdb commands.
|
|
|
|
|
|
* Microsoft SQL Server
|
|
----------------------
|
|
Language/locale of the database must be set to us_english (1033). More info
|
|
on this at https://github.com/roundcube/roundcubemail/issues/4078.
|
|
|
|
|
|
Database cleaning
|
|
-----------------
|
|
To keep your database slick and clean we recommend to periodically execute
|
|
bin/cleandb.sh which finally removes all records that are marked as deleted.
|
|
Best solution is to install a cronjob running this script daily.
|
|
|
|
|
|
MANUAL CONFIGURATION
|
|
====================
|
|
|
|
First of all, copy the sample configuration file config/config.inc.php.sample
|
|
to config/config.inc.php and make the necessary adjustments according to your
|
|
environment and your needs. More configuration options can be copied from the
|
|
config/defaults.inc.php file into your local config.inc.php file as needed.
|
|
Read the comments above the individual configuration options to find out what
|
|
they do or read https://github.com/roundcube/roundcubemail/wiki/Installation
|
|
for even more guidance.
|
|
|
|
The maximum size of email attachments and other file uploads is controlled by
|
|
PHP settings: upload_max_filesize and post_max_size. Read more about PHP
|
|
settings at https://github.com/roundcube/roundcubemail/wiki/Installation#php-configuration.
|
|
|
|
|
|
SECURE YOUR INSTALLATION
|
|
========================
|
|
|
|
Access through the webserver to the following directories should be denied:
|
|
|
|
/config
|
|
/temp
|
|
/logs
|
|
|
|
Roundcube uses .htaccess files to protect these directories, so be sure to
|
|
allow override of the Limit directives to get them taken into account. The
|
|
package also ships a .htaccess file in the root directory which defines some
|
|
rewrite rules. In order to properly secure your installation, please enable
|
|
mod_rewrite for Apache webserver and double check access to the above listed
|
|
directories and their contents is denied.
|
|
|
|
NOTE: In Apache 2.4, support for .htaccess files has been disabled by
|
|
default. Therefore you first need to enable this in your Apache main or
|
|
virtual host config by with:
|
|
|
|
AllowOverride all
|
|
|
|
For non-apache web servers add equivalent configuration parameters to deny
|
|
direct access to these private resources.
|
|
|
|
It is also recommended to change the document root to <install path>/public_html
|
|
after installation if Roundcube runs at root of a dedicated virtual host. This
|
|
will automatically keep sensitive files out of reach for http requests.
|
|
|
|
|
|
UPGRADING
|
|
=========
|
|
|
|
If you already have a previous version of Roundcube installed,
|
|
please refer to the instructions in UPGRADING guide.
|
|
|
|
|
|
OPTIMISING
|
|
==========
|
|
|
|
There are two forms of optimisation here, compression and caching, both aimed
|
|
at increasing an end user's experience using Roundcube Webmail. Compression
|
|
allows the static web pages to be delivered with less bandwidth. The index.php
|
|
of Roundcube Webmail already enables compression on its output. The settings
|
|
below allow compression to occur for all static files. Caching sets HTTP
|
|
response headers that enable a user's web client to understand what is static
|
|
and how to cache it.
|
|
|
|
The caching directives used are:
|
|
* Etags - sets at tag so the client can request is the page has changed
|
|
* Cache-control - defines the age of the page and that the page is 'public'
|
|
This enables clients to cache javascript files that don't have private
|
|
information between sessions even if using HTTPS. It also allows proxies
|
|
to share the same cached page between users.
|
|
* Expires - provides another hint to increase the lifetime of static pages.
|
|
|
|
For more information refer to RFC 2616.
|
|
|
|
Side effects:
|
|
-------------
|
|
These directives are designed for production use. If you are using this in
|
|
a development environment you may get horribly confused if your webclient
|
|
is caching stuff that you changed on the server. Disabling the expires
|
|
parts below should save you some grief.
|
|
|
|
If you are changing the skins, it is recommended that you copy content to
|
|
a different directory apart from 'default'.
|
|
|
|
Apache:
|
|
-------
|
|
To enable these features in apache the following modules need to be enabled:
|
|
* mod_deflate
|
|
* mod_expires
|
|
* mod_headers
|
|
|
|
The optimisation is already included in the .htaccess file in the top
|
|
directory of your installation.
|
|
|
|
If you are using Apache version 2.2.9 and later, in the .htaccess file
|
|
change the 'append' word to 'merge' for a more correct response. Keeping
|
|
as 'append' shouldn't cause any problems though changing to merge will
|
|
eliminate the possibility of duplicate 'public' headers in Cache-control.
|
|
|
|
Lighttpd:
|
|
---------
|
|
With Lightty the addition of Expire: tags by mod_expire is incompatible with
|
|
the addition of "Cache-control: public". Using Cache-control 'public' is
|
|
used below as it is assumed to give a better caching result.
|
|
|
|
Enable modules in server.modules:
|
|
"mod_setenv"
|
|
"mod_compress"
|
|
|
|
Mod_compress is a server side cache of compressed files to improve its performance.
|
|
|
|
$HTTP["host"] == "www.example.com" {
|
|
|
|
static-file.etags = "enable"
|
|
# http://redmine.lighttpd.net/projects/lighttpd/wiki/Etag.use-mtimeDetails
|
|
etag.use-mtime = "enable"
|
|
|
|
# http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModSetEnv
|
|
$HTTP["url"] =~ "^/roundcubemail/(plugins|skins|program)" {
|
|
setenv.add-response-header = ( "Cache-Control" => "public, max-age=2592000")
|
|
}
|
|
|
|
# http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModCompress
|
|
# set compress.cache-dir to somewhere outside the docroot.
|
|
compress.cache-dir = var.statedir + "/cache/compress"
|
|
|
|
compress.filetype = ("text/plain", "text/html", "text/javascript", "text/css", "text/xml", "image/gif", "image/png")
|
|
}
|
|
|
|
|
|
KNOWN ISSUES
|
|
============
|
|
|
|
Installations with uw-imap server should set imap_disabled_caps = array('ESEARCH')
|
|
in main configuration file. ESEARCH implementation in this server is broken (#1489184).
|
|
|
|
PHP >= 5.6 validates the ssl certificates by default. It means that
|
|
if IMAP/SMTP certificates are self-signed or use wrong host name you'll get
|
|
connection errors. A solution in such cases is to set imap_conn_options,
|
|
smtp_conn_options and managesieve_conn_options in a way described in config/defaults.inc.php.
|
|
|
|
If you have problems with temp files or non-working logs make sure temp and logs folders
|
|
are writeable to the user used by http server. Access to them may also be blocked by
|
|
SELINUX. Here's some sample commands for SELINUX:
|
|
|
|
$ semanage fcontext -a -t httpd_sys_rw_content_t "/path_to_roundcube/logs(/.*)?"
|
|
$ semanage fcontext -a -t httpd_sys_rw_content_t "/path_to_roundcube/temp(/.*)?"
|
|
$ restorecon -Rv /path_to_roundcube/
|
|
|
|
Microsoft IIS Server by default does not support WOFF fonts used in Elastic skin. It might be
|
|
needed to add following MIME Types definitions (via web.config or IIS Manager):
|
|
|
|
.woff application/font-woff
|
|
.woff2 application/font-woff2
|
|
|
|
When installing on Windows be aware we're using symbolic links which may need an additional
|
|
attention. See https://github.com/roundcube/roundcubemail/issues/7151.
|