webmail.sh 7.67 KB
Newer Older
1
#!/bin/bash
Joshua Tauberer's avatar
Joshua Tauberer committed
2 3
# Webmail with Roundcube
# ----------------------
4

5
source setup/functions.sh # load our functions
6 7
source /etc/mailinabox.conf # load global vars

Joshua Tauberer's avatar
Joshua Tauberer committed
8 9 10 11 12
# ### Installing Roundcube

# We install Roundcube from sources, rather than from Ubuntu, because:
#
# 1. Ubuntu's `roundcube-core` package has dependencies on Apache & MySQL, which we don't want.
13
#
Joshua Tauberer's avatar
Joshua Tauberer committed
14
# 2. The Roundcube shipped with Ubuntu is consistently out of date.
15
#
Joshua Tauberer's avatar
Joshua Tauberer committed
16
# 3. It's packaged incorrectly --- it seems to be missing a directory of files.
17 18 19
#
# So we'll use apt-get to manually install the dependencies of roundcube that we know we need,
# and then we'll manually install roundcube from source.
20

Joshua Tauberer's avatar
Joshua Tauberer committed
21
# These dependencies are from `apt-cache showpkg roundcube-core`.
22
echo "Installing Roundcube (webmail)..."
23
apt_install \
24
	dbconfig-common \
25 26 27 28
	php7.0-cli php7.0-sqlite php7.0-mcrypt php7.0-intl php7.0-json php7.0-common \
	php-auth php-net-smtp php-net-socket php-net-sieve php-mail-mime php-crypt-gpg \
	php7.0-gd php7.0-pspell tinymce libjs-jquery libjs-jquery-mousewheel libmagic1

29
apt_get_quiet remove php-mail-mimedecode # no longer needed since Roundcube 1.1.3
30

31 32 33 34
# We used to install Roundcube from Ubuntu, without triggering the dependencies #NODOC
# on Apache and MySQL, by downloading the debs and installing them manually. #NODOC
# Now that we're beyond that, get rid of those debs before installing from source. #NODOC
apt-get purge -qq -y roundcube* #NODOC
35

36
# Install Roundcube from source if it is not already present or if it is out of date.
37 38 39 40
# Combine the Roundcube version number with the commit hash of plugins to track
# whether we have the latest version of everything.
VERSION=1.3.0
HASH=634c89b9c51c44fb757bb19c77ad5083cf7aa030
41
PERSISTENT_LOGIN_VERSION=c4516c4be37d12ef653de86497304e073a863c2a
42
HTML5_NOTIFIER_VERSION=4b370e3cd60dabd2f428a26f45b677ad1b7118d5
43 44 45
CARDDAV_VERSION=2.0.4
CARDDAV_HASH=d93f3cfb3038a519e71c7c3212c1d16f5da609a4

46
UPDATE_KEY=$VERSION:$PERSISTENT_LOGIN_VERSION:$HTML5_NOTIFIER_VERSION:$CARDDAV_VERSION
47 48 49 50 51 52

# paths that are often reused.
RCM_DIR=/usr/local/lib/roundcubemail
RCM_PLUGIN_DIR=${RCM_DIR}/plugins
RCM_CONFIG=${RCM_DIR}/config/config.inc.php

53 54
needs_update=0 #NODOC
if [ ! -f /usr/local/lib/roundcubemail/version ]; then
55
	# not installed yet #NODOC
56
	needs_update=1 #NODOC
57
elif [[ "$UPDATE_KEY" != `cat /usr/local/lib/roundcubemail/version` ]]; then
58 59 60 61
	# checks if the version is what we want
	needs_update=1 #NODOC
fi
if [ $needs_update == 1 ]; then
62
	# install roundcube
63
	wget_verify \
64
		https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz \
65 66
		$HASH \
		/tmp/roundcube.tgz
67
	tar -C /usr/local/lib --no-same-owner -zxf /tmp/roundcube.tgz
68
	rm -rf /usr/local/lib/roundcubemail
69
	mv /usr/local/lib/roundcubemail-$VERSION/ $RCM_DIR
70
	rm -f /tmp/roundcube.tgz
71

72
	# install roundcube persistent_login plugin
73
	git_clone https://github.com/mfreiholz/Roundcube-Persistent-Login-Plugin.git $PERSISTENT_LOGIN_VERSION '' ${RCM_PLUGIN_DIR}/persistent_login
74

75
	# install roundcube html5_notifier plugin
76 77 78 79 80 81 82 83 84 85 86
	git_clone https://github.com/kitist/html5_notifier.git $HTML5_NOTIFIER_VERSION '' ${RCM_PLUGIN_DIR}/html5_notifier

	# download and verify the full release of the carddav plugin
	wget_verify \
		https://github.com/blind-coder/rcmcarddav/releases/download/v${CARDDAV_VERSION}/carddav-${CARDDAV_VERSION}.zip \
		$CARDDAV_HASH \
		/tmp/carddav.zip

	# unzip and cleanup
	unzip -q /tmp/carddav.zip -d ${RCM_PLUGIN_DIR}
	rm -f /tmp/carddav.zip
87

88
	# record the version we've installed
89
	echo $UPDATE_KEY > ${RCM_DIR}/version
90
fi
91

Joshua Tauberer's avatar
Joshua Tauberer committed
92 93
# ### Configuring Roundcube

94
# Generate a safe 24-character secret key of safe characters.
95
SECRET_KEY=$(dd if=/dev/urandom bs=1 count=18 2>/dev/null | base64 | fold -w 24 | head -n 1)
96 97 98 99 100 101

# Create a configuration file.
#
# For security, temp and log files are not stored in the default locations
# which are inside the roundcube sources directory. We put them instead
# in normal places.
102
cat > $RCM_CONFIG <<EOF;
103 104 105 106 107 108 109 110
<?php
/*
 * Do not edit. Written by Mail-in-a-Box. Regenerated on updates.
 */
\$config = array();
\$config['log_dir'] = '/var/log/roundcubemail/';
\$config['temp_dir'] = '/tmp/roundcubemail/';
\$config['db_dsnw'] = 'sqlite:///$STORAGE_ROOT/mail/roundcube/roundcube.sqlite?mode=0640';
111
\$config['default_host'] = 'ssl://localhost';
112
\$config['default_port'] = 993;
113 114 115 116 117 118
\$config['imap_conn_options'] = array(
  'ssl'         => array(
     'verify_peer'  => false,
     'verify_peer_name'  => false,
   ),
 );
119
\$config['imap_timeout'] = 15;
120
\$config['smtp_server'] = 'tls://127.0.0.1';
121 122 123
\$config['smtp_port'] = 587;
\$config['smtp_user'] = '%u';
\$config['smtp_pass'] = '%p';
124 125 126 127 128 129
\$config['smtp_conn_options'] = array(
  'ssl'         => array(
     'verify_peer'  => false,
     'verify_peer_name'  => false,
   ),
 );
130
\$config['support_url'] = 'https://mailinabox.email/';
aspdye's avatar
aspdye committed
131
\$config['product_name'] = '$PRIMARY_HOSTNAME Webmail';
132
\$config['des_key'] = '$SECRET_KEY';
133
\$config['plugins'] = array('html5_notifier', 'archive', 'zipdownload', 'password', 'managesieve', 'jqueryui', 'persistent_login', 'carddav');
134
\$config['skin'] = 'larry';
135 136 137 138 139 140
\$config['login_autocomplete'] = 2;
\$config['password_charset'] = 'UTF-8';
\$config['junk_mbox'] = 'Spam';
?>
EOF

141 142 143 144
# Configure CardDav
cat > ${RCM_PLUGIN_DIR}/carddav/config.inc.php <<EOF;
<?php
/* Do not edit. Written by Mail-in-a-Box. Regenerated on updates. */
145 146
\$prefs['_GLOBAL']['hide_preferences'] = true;
\$prefs['_GLOBAL']['suppress_version_warning'] = true;
147 148
\$prefs['ownCloud'] = array(
	 'name'         =>  'ownCloud',
149 150
	 'username'     =>  '%u', // login username
	 'password'     =>  '%p', // login password
151 152 153 154 155 156 157 158 159 160
	 'url'          =>  'https://${PRIMARY_HOSTNAME}/cloud/remote.php/carddav/addressbooks/%u/contacts',
	 'active'       =>  true,
	 'readonly'     =>  false,
	 'refresh_time' => '02:00:00',
	 'fixed'        =>  array('username','password'),
	 'preemptive_auth' => '1',
	 'hide'        =>  false,
);
EOF

161 162 163
# Create writable directories.
mkdir -p /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
chown -R www-data.www-data /var/log/roundcubemail /tmp/roundcubemail $STORAGE_ROOT/mail/roundcube
164

165 166 167
# Ensure the log file monitored by fail2ban exists, or else fail2ban can't start.
sudo -u www-data touch /var/log/roundcubemail/errors

168
# Password changing plugin settings
169
# The config comes empty by default, so we need the settings
170
# we're not planning to change in config.inc.dist...
171 172
cp ${RCM_PLUGIN_DIR}/password/config.inc.php.dist \
	${RCM_PLUGIN_DIR}/password/config.inc.php
173

174
tools/editconf.py ${RCM_PLUGIN_DIR}/password/config.inc.php \
175
	"\$config['password_minimum_length']=8;" \
176 177 178 179 180
	"\$config['password_db_dsn']='sqlite:///$STORAGE_ROOT/mail/users.sqlite';" \
	"\$config['password_query']='UPDATE users SET password=%D WHERE email=%u';" \
	"\$config['password_dovecotpw']='/usr/bin/doveadm pw';" \
	"\$config['password_dovecotpw_method']='SHA512-CRYPT';" \
	"\$config['password_dovecotpw_with_method']=true;"
181

182
# so PHP can use doveadm, for the password changing plugin
183 184 185 186 187 188
usermod -a -G dovecot www-data

# set permissions so that PHP can use users.sqlite
# could use dovecot instead of www-data, but not sure it matters
chown root.www-data $STORAGE_ROOT/mail
chmod 775 $STORAGE_ROOT/mail
189 190 191 192 193 194 195
chown root.www-data $STORAGE_ROOT/mail/users.sqlite
chmod 664 $STORAGE_ROOT/mail/users.sqlite

# Fix Carddav permissions:
chown -f -R root.www-data ${RCM_PLUGIN_DIR}/carddav
# root.www-data need all permissions, others only read
chmod -R 774 ${RCM_PLUGIN_DIR}/carddav
196

197
# Run Roundcube database migration script (database is created if it does not exist)
198
${RCM_DIR}/bin/updatedb.sh --dir ${RCM_DIR}/SQL --package roundcube
199 200
chown www-data:www-data $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
chmod 664 $STORAGE_ROOT/mail/roundcube/roundcube.sqlite
201

202
# Enable PHP modules.
203 204
phpenmod -v php7.0 mcrypt imap
restart_service php7.0-fpm