diff --git a/README.md b/README.md index 766b716..c5dfb49 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Then run the post-install checklist command to see what you need to do next: In addition to above once finished you need to: - Goto https://., and make a admin account. By default you don't need to edit the advanced settings + Goto https://./cloud, and make an ownCloud admin account. By default you don't need to edit the advanced settings Once logged in, click the "Files" link beside the cloud in the top left corner and then click Apps button Goto the "External user support" and activate it, do the same thing with the mail app diff --git a/conf/nginx.conf b/conf/nginx.conf index 20be9e2..9f83d01 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -2,10 +2,6 @@ ## Do not edit this file. It will be replaced each time ## Mail-in-a-Box needs up update the web configuration. -upstream php-fpm { - server unix:/var/run/php5-fpm.sock; -} - # Redirect all HTTP to HTTPS. server { listen 80; @@ -26,89 +22,84 @@ server { ssl_certificate_key $SSL_KEY; include /etc/nginx/nginx-ssl.conf; - # TODO: This is bad, we shouldnt hack it like this. - root /usr/local/lib/owncloud; + # Expose this directory as static files. + root $ROOT; index index.html index.htm; - # ownCloud configuration - client_max_body_size 16G; # set max upload size - fastcgi_buffers 64 4K; - - rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; - rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; - rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; - - index index.php; - error_page 403 /core/templates/403.php; - error_page 404 /core/templates/404.php; - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; + # Roundcube Webmail configuration. + rewrite ^/mail$ /mail/ redirect; + rewrite ^/mail/$ /mail/index.php; + location /mail/ { + index index.php; + alias /usr/local/lib/roundcubemail/; + } + location ~ /mail/config/.* { + # A ~-style location is needed to give this precedence over the next block. + return 403; + } + location ~ /mail/.*\.php { + # note: ~ has precendence over a regular location block + include fastcgi_params; + fastcgi_split_path_info ^/mail(/.*)()$; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name; + fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; + client_max_body_size 20M; } - location ~ ^/(data|config|\.ht|db_structure\.xml|README) { - deny all; + # ownCloud configuration. + rewrite ^/caldav(.*)$ /cloud/remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /cloud/remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /cloud/remote.php/webdav$1 redirect; + rewrite ^/cloud$ /cloud/ redirect; + rewrite ^/cloud/$ /cloud/index.php; + rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html; + location /cloud/ { + alias /usr/local/lib/owncloud/; + location ~ ^/(data|config|\.ht|db_structure\.xml|README) { + deny all; + } } - - location / { - # The following 2 rules are only needed with webfinger - rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - - rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; - rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; - - rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; - - try_files $uri $uri/ index.php; - } - - location ~ ^(.+?\.php)(/.*)?$ { - try_files $1 = 404; - - # PHP specific configuration to deal with large file uploads + location ~ ^(/cloud)(/.+\.php)(/.*)?$ { + # note: ~ has precendence over a regular location block + include fastcgi_params; fastcgi_param PHP_VALUE "upload_max_filesize = 16G"; fastcgi_param PHP_VALUE "post_max_size = 16G"; fastcgi_param PHP_VALUE "output_buffering = 16384"; fastcgi_param PHP_VALUE "memory_limit = 512M"; - - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$1; - fastcgi_param PATH_INFO $2; - fastcgi_param HTTPS on; + fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2; + fastcgi_param SCRIPT_NAME $1$2; + fastcgi_param PATH_INFO $3; fastcgi_pass php-fpm; + error_page 403 /cloud/core/templates/403.php; + error_page 404 /cloud/core/templates/404.php; + client_max_body_size 1G; + fastcgi_buffers 64 4K; } - - # Optional: set long EXPIRES header on static assets - location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { - expires 30d; - # Optional: Don't log access to assets - access_log off; - } + rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect; # Webfinger configuration. - # TODO: fix this for owncloud location = /.well-known/webfinger { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-webfinger.php; - fastcgi_pass php-fpm; + fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; } # Microsoft Exchange autodiscover.xml for email location /autodiscover/autodiscover.xml { include fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/bin/mailinabox-exchange-autodiscover.php; - fastcgi_pass php-fpm; + fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; } # Z-Push (Microsoft Exchange ActiveSync) location /Microsoft-Server-ActiveSync { - include /etc/nginx/fastcgi_params; - fastcgi_param PHP_VALUE "include_path=/usr/share/awl/inc"; + include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php; - fastcgi_pass php-fpm; + fastcgi_pass unix:/tmp/php-fastcgi.www-data.sock; } # ADDITIONAL DIRECTIVES HERE diff --git a/conf/zpush/backend_caldav.php b/conf/zpush/backend_caldav.php index ebe27ac..309a181 100644 --- a/conf/zpush/backend_caldav.php +++ b/conf/zpush/backend_caldav.php @@ -7,7 +7,7 @@ define('CALDAV_SERVER', 'https://localhost'); define('CALDAV_PORT', '443'); -define('CALDAV_PATH', '/remote.php/caldav/calendars/%u/'); +define('CALDAV_PATH', '/caldav/calendars/%u/'); define('CALDAV_PERSONAL', ''); // If the CalDAV server supports the sync-collection operation diff --git a/conf/zpush/backend_carddav.php b/conf/zpush/backend_carddav.php index 4dd1a74..f3e8937 100644 --- a/conf/zpush/backend_carddav.php +++ b/conf/zpush/backend_carddav.php @@ -9,9 +9,9 @@ define('CARDDAV_PROTOCOL', 'https'); /* http or https */ define('CARDDAV_SERVER', 'localhost'); define('CARDDAV_PORT', '443'); -define('CARDDAV_PATH', '/remote.php/carddav/addressbooks/%u/'); -define('CARDDAV_DEFAULT_PATH', '/remote.php/carddav/addressbooks/%u/contacts/'); /* subdirectory of the main path */ -define('CARDDAV_GAL_PATH', '/caldav.php/%d/GAL/'); /* readonly, searchable, not syncd */ +define('CARDDAV_PATH', '/carddav/addressbooks/%u/'); +define('CARDDAV_DEFAULT_PATH', '/carddav/addressbooks/%u/contacts/'); /* subdirectory of the main path */ +define('CARDDAV_GAL_PATH', ''); /* readonly, searchable, not syncd */ define('CARDDAV_GAL_MIN_LENGTH', 5); define('CARDDAV_CONTACTS_FOLDER_NAME', '%u Addressbook'); diff --git a/setup/start.sh b/setup/start.sh index 3998740..469f616 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -273,6 +273,7 @@ EOF . setup/dkim.sh . setup/spamassassin.sh . setup/web.sh +. setup/webmail.sh . setup/owncloud.sh . setup/zpush.sh . setup/management.sh diff --git a/setup/webmail.sh b/setup/webmail.sh new file mode 100755 index 0000000..fbb489f --- /dev/null +++ b/setup/webmail.sh @@ -0,0 +1,103 @@ +# Webmail: Using roundcube +########################## + +source setup/functions.sh # load our functions +source /etc/mailinabox.conf # load global vars + +# Ubuntu's roundcube-core has dependencies on Apache & MySQL, which we don't want, so we can't +# install roundcube directly via apt-get install. +# +# Additionally, the Roundcube shipped with Ubuntu is consistently out of date. +# +# And it's packaged incorrectly --- it seems to be missing a directory of files. +# +# So we'll use apt-get to manually install the dependencies of roundcube that we know we need, +# and then we'll manually install roundcube from source. + +# These dependencies are from 'apt-cache showpkg roundcube-core'. +apt_install \ + dbconfig-common \ + php5 php5-sqlite php5-mcrypt php5-intl php5-json php5-common php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg php5-gd php5-pspell \ + tinymce libjs-jquery libjs-jquery-mousewheel libmagic1 + +# We used to install Roundcube from Ubuntu, without triggering the dependencies +# on Apache and MySQL, by downloading the debs and installing them manually. +# Now that we're beyond that, get rid of those debs before installing from source. +apt-get purge -qq -y roundcube* + +# Install Roundcube from source if it is not already present. +# TODO: Check version? +if [ ! -d /usr/local/lib/roundcubemail ]; then + rm -f /tmp/roundcube.tgz + wget -qO /tmp/roundcube.tgz http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/1.0.1/roundcubemail-1.0.1.tar.gz + tar -C /usr/local/lib -zxf /tmp/roundcube.tgz + mv /usr/local/lib/roundcubemail-1.0.1/ /usr/local/lib/roundcubemail + rm -f /tmp/roundcube.tgz +fi + +# Generate a safe 24-character secret key of safe characters. +SECRET_KEY=$(dd if=/dev/random bs=20 count=1 2>/dev/null | base64 | fold -w 24 | head -n 1) + +# Create a configuration file. +# +# For security, temp and log files are not stored in the default locations +# which are inside the roundcube sources directory. We put them instead +# in normal places. +cat - > /usr/local/lib/roundcubemail/config/config.inc.php < +EOF + +# Create writable directories. +mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube +chown -R www-data.www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube + +# Password changing plugin settings +# The config comes empty by default, so we need the settings +# we're not planning to change in config.inc.dist... +cp /usr/local/lib/roundcubemail/plugins/password/config.inc.php.dist \ + /usr/local/lib/roundcubemail/plugins/password/config.inc.php + +tools/editconf.py /usr/local/lib/roundcubemail/plugins/password/config.inc.php \ + "\$config['password_minimum_length']=6;" \ + "\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \ + "\$config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \ + "\$config['password_dovecotpw']='/usr/bin/doveadm pw';" \ + "\$config['password_dovecotpw_method']='SHA512-CRYPT';" \ + "\$config['password_dovecotpw_with_method']=true;" + +# so PHP can use doveadm, for the password changing plugin +usermod -a -G dovecot www-data + +# set permissions so that PHP can use users.sqlite +# could use dovecot instead of www-data, but not sure it matters +chown root.www-data $STORAGE_ROOT/mail +chmod 775 $STORAGE_ROOT/mail +chown root.www-data $STORAGE_ROOT/mail/users.sqlite +chmod 664 $STORAGE_ROOT/mail/users.sqlite + +# Enable PHP modules. +php5enmod mcrypt +restart_service php5-fpm