diff --git a/conf/nginx.conf b/conf/nginx.conf index 24dd0c3..7414cd3 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -31,13 +31,17 @@ server { rewrite ^/mail/$ /mail/index.php; location /mail/ { index index.php; - alias /var/lib/roundcube/; + alias /usr/local/lib/roundcubemail/; + } + location ~ /mail/config/.* { + # A ~-style location is needed to give this precedence over the next block. + return 403; } location ~ /mail/.*\.php { include fastcgi_params; fastcgi_split_path_info ^/mail(/.*)()$; fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME /var/lib/roundcube/$fastcgi_script_name; + fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name; fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; client_max_body_size 20M; } diff --git a/setup/webmail.sh b/setup/webmail.sh index 2379490..2b20262 100755 --- a/setup/webmail.sh +++ b/setup/webmail.sh @@ -5,9 +5,14 @@ source setup/functions.sh # load our functions source /etc/mailinabox.conf # load global vars # Ubuntu's roundcube-core has dependencies on Apache & MySQL, which we don't want, so we can't -# install roundcube directly via apt-get install. We'll use apt-get to manually install the -# dependencies of roundcube that we know we need, and then we'll manually install debs for -# roundcube using dpkg so that dependencies aren't triggered. +# install roundcube directly via apt-get install. +# +# Additionally, the Roundcube shipped with Ubuntu is consistently out of date. +# +# And it's packaged incorrectly --- it seems to be missing a directory of files. +# +# So we'll use apt-get to manually install the dependencies of roundcube that we know we need, +# and then we'll manually install roundcube from source. # These dependencies are from 'apt-cache showpkg roundcube-core'. apt_install \ @@ -15,67 +20,75 @@ apt_install \ php5 php5-sqlite php5-mcrypt php5-intl php5-json php5-common php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg php5-gd php5-pspell \ tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 -mkdir -p /tmp/roundcube_debs -pushd /tmp/roundcube_debs -apt-get download roundcube roundcube-core roundcube-sqlite3 roundcube-plugins -DEBIAN_FRONTEND=noninteractive dpkg -Gi *.deb -popd -rm -rf /tmp/roundcube_debs -apt-mark hold roundcube-core # hopefully apt-get won't attempt to upgrade it, which might trigger dependenciees? +# We used to install Roundcube from Ubuntu, without triggering the dependencies +# on Apache and MySQL, by downloading the debs and installing them manually. +# Now that we're beyond that, get rid of those debs before installing from source. +apt-get purge -qq -y roundcube* -# Buuuut.... the .deb is missing things? -src_fn=roundcube_0.9.5.orig.tar.gz -src_dir=roundcubemail-0.9.5-dep -mkdir -p externals -wget -nc -P externals http://ftp.debian.org/debian/pool/main/r/roundcube/$src_fn -tar -C /tmp -xzf $(pwd)/externals/$src_fn -if [ ! -d /var/lib/roundcube/SQL ]; then mv /tmp/$src_dir/SQL/ /var/lib/roundcube/; fi -rm -rf /tmp/$src_dir +# Install Roundcube from source if it is not already present. +# TODO: Check version? +if [ ! -d /usr/local/lib/roundcubemail ]; then + rm -f /tmp/roundcube.tgz + wget -O /tmp/roundcube.tgz http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/1.0.1/roundcubemail-1.0.1.tar.gz + tar -C /usr/local/lib -zxf /tmp/roundcube.tgz + mv /usr/local/lib/roundcubemail-1.0.1/ /usr/local/lib/roundcubemail + rm -f /tmp/roundcube.tgz +fi -# Settings -tools/editconf.py /etc/roundcube/main.inc.php \ - "\$rcmail_config['default_host']='ssl://localhost';" \ - "\$rcmail_config['default_port']=993;" \ - "\$rcmail_config['imap_timeout']=30;" \ - "\$rcmail_config['smtp_server']='tls://localhost';"\ - "\$rcmail_config['smtp_user']='%u';"\ - "\$rcmail_config['smtp_pass']='%p';"\ - "\$rcmail_config['smtp_timeout']=30;" \ - "\$rcmail_config['use_https']=true;" \ - "\$rcmail_config['session_lifetime']=60*24*3;" \ - "\$rcmail_config['password_charset']='utf8';" \ - "\$rcmail_config['message_sort_col']='arrival';" \ - "\$rcmail_config['junk_mbox']='Spam';" \ - "\$rcmail_config['default_folders']=array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash');" \ - "\$rcmail_config['draft_autosave']=30;" \ - "\$rcmail_config['plugins']=array('password');" +# Generate a safe 24-character secret key of safe characters. +SECRET_KEY=$(dd if=/dev/urandom bs=20 count=1 2>/dev/null | base64 | fold -w 24 | head -n 1) + +# Create a configuration file. +# +# For security, temp and log files are not stored in the default locations +# which are inside the roundcube sources directory. We put them instead +# in normal places. +cat - > /usr/local/lib/roundcubemail/config/config.inc.php < +EOF + +# Create writable directories. +mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube +chown -R www-data.www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube # Password changing plugin settings # The config comes empty by default, so we need the settings # we're not planning to change in config.inc.dist... -cp /usr/share/roundcube/plugins/password/config.inc.php.dist \ - /etc/roundcube/plugins/password/config.inc.php +cp /usr/local/lib/roundcubemail/plugins/password/config.inc.php.dist \ + /usr/local/lib/roundcubemail/plugins/password/config.inc.php -tools/editconf.py /etc/roundcube/plugins/password/config.inc.php \ - "\$rcmail_config['password_minimum_length']=6;" \ - "\$rcmail_config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \ - "\$rcmail_config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \ - "\$rcmail_config['password_dovecotpw']='/usr/bin/doveadm pw';" \ - "\$rcmail_config['password_dovecotpw_method']='SHA512-CRYPT';" \ - "\$rcmail_config['password_dovecotpw_with_method']=true;" +tools/editconf.py /usr/local/lib/roundcubemail/plugins/password/config.inc.php \ + "\$config['password_minimum_length']=6;" \ + "\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \ + "\$config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \ + "\$config['password_dovecotpw']='/usr/bin/doveadm pw';" \ + "\$config['password_dovecotpw_method']='SHA512-CRYPT';" \ + "\$config['password_dovecotpw_with_method']=true;" -# Configure storage of user preferences. -mkdir -p $STORAGE_ROOT/mail/roundcube -cat - > /etc/roundcube/debian-db.php < -EOF -chown -R www-data.www-data $STORAGE_ROOT/mail/roundcube - -# so PHP can use doveadm +# so PHP can use doveadm, for the password changing plugin usermod -a -G dovecot www-data # set permissions so that PHP can use users.sqlite