Author Topic: [Solved] Configure roundcube with nginx on raspbian  (Read 2225 times)

Offline inuit

  • Newbie
  • *
  • Posts: 3
[Solved] Configure roundcube with nginx on raspbian
« on: October 31, 2021, 11:27:24 AM »
Hello everyone,

I'm bulding a home mailserver (postfix - dovecot) and wish to install roundcube on it. I have nginx 1.18.0 as http server.

Like there's no preconfigured file for nginx in /etc/roundcube I searched on internet how to configure it and then I wrote this file:

Code: [Select]
server {
  listen 80;
  server_name mail.server.com;
  return 301 https://mail.server.com/$request_uri;
}

server {
  listen 443 ssl http2;
  server_name mail.server.com;
  root /var/www/roundcube;
  index index.php index.html index.htm;

  ssl_certificate /etc/letsencrypt/live/mail.server.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/mail.server.com/privkey.pem;

  ssl_session_timeout 1h;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;
  ssl_protocols TLSv1.3;

  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
  ssl_prefer_server_ciphers on;
  error_log /var/log/nginx/roundcube.error;
  access_log /var/log/nginx/roundcube.access;

  location = /50x.html {
    root /usr/share/nginx/html;
  }
  location / {
    try_files $uri $uri/ /index.php;
  }

  error_page 404 /404.html;
  error_page 500 502 503 504 /50x.html;

  location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
    deny all;
  }
  location ~ ^/(bin|SQL)/ {
    deny all;
   }

 location ~ \.php$ {
   try_files $uri =404;
   fastcgi_pass unix:/run/php/php7.0-fpm.sock;
   fastcgi_index index.php;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   include fastcgi_params;
 }

 location ~ /.well-known/acme-challenge {
   allow all;
 }
}

But when I go on mail.server.com with my web browser I got a 404 not found. No matter how hard I look, I can't find what's wrong.

Thanks for your help
« Last Edit: November 04, 2021, 03:35:24 AM by inuit »

Offline SKaero

  • Administrator
  • Hero Member
  • *****
  • Posts: 5,876
    • SKaero - Custom Roundcube development
Re: Configure roundcube with nginx on raspbian
« Reply #1 on: November 02, 2021, 09:54:05 AM »
There isn't anything special that is needed for Roundcube a typical php-fpm config should work. The only thing I find odd in the nginx config is the "try_files $uri =404;" in the "location ~ \.php$" I don't typically see it there. Otherwise check the nginx log and see what it says there.

Offline inuit

  • Newbie
  • *
  • Posts: 3
Re: Configure roundcube with nginx on raspbian
« Reply #2 on: November 02, 2021, 04:14:27 PM »
There isn't anything special that is needed for Roundcube a typical php-fpm config should work. The only thing I find odd in the nginx config is the "try_files $uri =404;" in the "location ~ \.php$" I don't typically see it there. Otherwise check the nginx log and see what it says there.

Thank you SKaero, now I have the login page of roundcube !

Unfortunately, I now have the same problem I had before on Apache (one of the reasons that made me change to Nginx but not the only one): When attempting to connect I get an "Could not connect to storage server" error.


The package php7.4-sqlite3 is already installed

The logs says:

Code: [Select]
/var/log/roundcube/errors.log
Code: [Select]
[02-Nov-2021 20:29:00 +0100]: <qtkpev9m> IMAP Error: Login failed for user@server.com against localhost from 192.168.1.8. Could not connect to ssl://localhost:993: Unknown reason in /usr/share/roundcube/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)
It seems to be related to the SQL database (I'm using sqlite3)

Code: [Select]
/etc/roundcube/debian-db.php
Code: (php) [Select]
<?php
##
## database access settings in php format
## automatically generated from /etc/dbconfig-common/roundcube.conf
## by /usr/sbin/dbconfig-generate-include
##
## by default this file is managed via ucf, so you shouldn't have to
## worry about manual changes being silently discarded.  *however*,
## you'll probably also want to edit the configuration file mentioned
## above too.
##
$dbuser='roundcube';
$dbpass='';
$basepath='/var/lib/dbconfig-common/sqlite3/roundcube';
$dbname='roundcube';
$dbserver='';
$dbport='';
$dbtype='sqlite3';

Code: [Select]
/etc/roundcube/debian-db-roundcube.php
Code: (php) [Select]
<?php
include_once("/etc/roundcube/debian-db.php");

switch (
$dbtype) {
 case 
"sqlite":
 case 
"sqlite3":
   
$config['db_dsnw'] = "sqlite:///$basepath/$dbname?mode=0640";
   break;
 default:
   if (
$dbport != ''$dbport=":$dbport";
   if (
$dbserver == ''$dbserver="localhost";
   
$config['db_dsnw'] = "$dbtype://$dbuser:$dbpass@$dbserver$dbport/$dbname";
   break;
 }
?>


The database file well exists and has the following permissions:
Code: [Select]
-rw-rw---- 1 www-data www-data 167936  2 nov.  21:06 roundcube
« Last Edit: November 02, 2021, 04:23:54 PM by inuit »

Offline alec

  • Hero Member
  • *****
  • Posts: 1,363
Re: Configure roundcube with nginx on raspbian
« Reply #3 on: November 03, 2021, 02:07:30 AM »
This is an imap connection problem. Probably certificate validation fails. Look at imap_conn_options in config/defaults.inc.php

Offline inuit

  • Newbie
  • *
  • Posts: 3
Re: [Solved] Configure roundcube with nginx on raspbian
« Reply #4 on: November 03, 2021, 03:43:22 AM »
This is an imap connection problem. Probably certificate validation fails. Look at imap_conn_options in config/defaults.inc.php

It was by default :
Code: (php) [Select]
$config['imap_conn_options'] = null;
After reading your message I searched and found this wiki : https://wiki.archlinux.org/title/Roundcube#Setting_Roundcube_up_for_use_with_an_IMAP/SMTP_server_that_only_allows_TLS_authentication and then I modified the settings as follows:

Code: (php) [Select]
$config['imap_conn_options'] = array(
        'ssl' => array(
                'verify_peer' => true,
                'allow_self_signed' => false,
                'ssl_cert' => '/etc/letsencrypt/live/server.com/fullchain
.pem',
                'ssl_key' => '/etc/letsencrypt/live/server.com/privkey.pe
m',
                'ciphers' => 'TLSv3+HIGH:!aNull:@STRENGTH',
                'peer_name' => 'server.com',
        ),
);

But I got the error when attempting to connect, and now the logs give two errors:
Code: [Select]
[03-Nov-2021 08:42:06 Europe/Berlin] PHP Warning:  stream_socket_client(): unable to connect to ssl://localhost:993 (Unknown error) in /usr/share/roundcube/program/lib/Roundcube/rcube_imap_generic.php on line 1025
[03-Nov-2021 08:42:06 +0100]: <1cis36lt> IMAP Error: Login failed for user@server.com against localhost from 192.168.1.8. Could not connect to ssl://localhost:993: Unknown reason in /usr/share/roundcube/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)



EDIT: EUREKA ! Wanting make sure I have the latest TLS version, I have marked TLSv3, which does not yet exist  ::)
Now Roundcube is running and accessible trough my browser, thanks for your help
« Last Edit: November 04, 2021, 03:34:31 AM by inuit »