Roundcube Community Forum
Release Support => Pending Issues => Topic started by: inuit on October 31, 2021, 11:27:24 AM
-
Hello everyone,
I'm bulding a home mailserver (postfix - dovecot) and wish to install roundcube on it. I have nginx 1.18.0 as http server.
Like there's no preconfigured file for nginx in /etc/roundcube I searched on internet how to configure it and then I wrote this file:
server {
listen 80;
server_name mail.server.com;
return 301 https://mail.server.com/$request_uri;
}
server {
listen 443 ssl http2;
server_name mail.server.com;
root /var/www/roundcube;
index index.php index.html index.htm;
ssl_certificate /etc/letsencrypt/live/mail.server.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mail.server.com/privkey.pem;
ssl_session_timeout 1h;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
error_log /var/log/nginx/roundcube.error;
access_log /var/log/nginx/roundcube.access;
location = /50x.html {
root /usr/share/nginx/html;
}
location / {
try_files $uri $uri/ /index.php;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|UPGRADING)$ {
deny all;
}
location ~ ^/(bin|SQL)/ {
deny all;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /.well-known/acme-challenge {
allow all;
}
}
But when I go on mail.server.com with my web browser I got a 404 not found. No matter how hard I look, I can't find what's wrong.
Thanks for your help
-
There isn't anything special that is needed for Roundcube a typical php-fpm config should work. The only thing I find odd in the nginx config is the "try_files $uri =404;" in the "location ~ \.php$" I don't typically see it there. Otherwise check the nginx log and see what it says there.
-
There isn't anything special that is needed for Roundcube a typical php-fpm config should work. The only thing I find odd in the nginx config is the "try_files $uri =404;" in the "location ~ \.php$" I don't typically see it there. Otherwise check the nginx log and see what it says there.
Thank you SKaero, now I have the login page of roundcube !
Unfortunately, I now have the same problem I had before on Apache (one of the reasons that made me change to Nginx but not the only one): When attempting to connect I get an "Could not connect to storage server" error.
The package php7.4-sqlite3 is already installed
The logs says:
/var/log/roundcube/errors.log
[02-Nov-2021 20:29:00 +0100]: <qtkpev9m> IMAP Error: Login failed for user@server.com against localhost from 192.168.1.8. Could not connect to ssl://localhost:993: Unknown reason in /usr/share/roundcube/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)
It seems to be related to the SQL database (I'm using sqlite3)
/etc/roundcube/debian-db.php
<?php
##
## database access settings in php format
## automatically generated from /etc/dbconfig-common/roundcube.conf
## by /usr/sbin/dbconfig-generate-include
##
## by default this file is managed via ucf, so you shouldn't have to
## worry about manual changes being silently discarded. *however*,
## you'll probably also want to edit the configuration file mentioned
## above too.
##
$dbuser='roundcube';
$dbpass='';
$basepath='/var/lib/dbconfig-common/sqlite3/roundcube';
$dbname='roundcube';
$dbserver='';
$dbport='';
$dbtype='sqlite3';
/etc/roundcube/debian-db-roundcube.php
<?php
include_once("/etc/roundcube/debian-db.php");
switch ($dbtype) {
case "sqlite":
case "sqlite3":
$config['db_dsnw'] = "sqlite:///$basepath/$dbname?mode=0640";
break;
default:
if ($dbport != '') $dbport=":$dbport";
if ($dbserver == '') $dbserver="localhost";
$config['db_dsnw'] = "$dbtype://$dbuser:$dbpass@$dbserver$dbport/$dbname";
break;
}
?>
The database file well exists and has the following permissions:
-rw-rw---- 1 www-data www-data 167936 2 nov. 21:06 roundcube
-
This is an imap connection problem. Probably certificate validation fails. Look at imap_conn_options in config/defaults.inc.php
-
This is an imap connection problem. Probably certificate validation fails. Look at imap_conn_options in config/defaults.inc.php
It was by default :
$config['imap_conn_options'] = null;
After reading your message I searched and found this wiki : https://wiki.archlinux.org/title/Roundcube#Setting_Roundcube_up_for_use_with_an_IMAP/SMTP_server_that_only_allows_TLS_authentication and then I modified the settings as follows:
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => true,
'allow_self_signed' => false,
'ssl_cert' => '/etc/letsencrypt/live/server.com/fullchain
.pem',
'ssl_key' => '/etc/letsencrypt/live/server.com/privkey.pe
m',
'ciphers' => 'TLSv3+HIGH:!aNull:@STRENGTH',
'peer_name' => 'server.com',
),
);
But I got the error when attempting to connect, and now the logs give two errors:
[03-Nov-2021 08:42:06 Europe/Berlin] PHP Warning: stream_socket_client(): unable to connect to ssl://localhost:993 (Unknown error) in /usr/share/roundcube/program/lib/Roundcube/rcube_imap_generic.php on line 1025
[03-Nov-2021 08:42:06 +0100]: <1cis36lt> IMAP Error: Login failed for user@server.com against localhost from 192.168.1.8. Could not connect to ssl://localhost:993: Unknown reason in /usr/share/roundcube/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)
EDIT: EUREKA ! Wanting make sure I have the latest TLS version, I have marked TLSv3, which does not yet exist ::)
Now Roundcube is running and accessible trough my browser, thanks for your help