Hi,
I have a working email setup on Ubuntu 24.04.2 LTS with Roundcube (I believe back-end uses Nginx) configured as Webmail. I can access HTTPS Roundcube Webmail from local LAN and from internet.
All the accesses are working as expected.
My question:
I want to fully disable "Roundcube Webmail" from internet for security reasons and only allow from LAN (or when VPN in). How can I do this?
My Internet router (Synology RT2600AC) does provide a basic firewall and configured port forwarding for port 80, 443, 587 & 993.
Port 80 and 443 is required for lets encrypt to work for certificate renewal. Therefore, it is not possible to block 80 and 443 to stop access Roundcube from internet.
I hope someone have the answer to my questions from their implementation with restricted access from Internet/outside.
You can restrict external access to Roundcube by configuring Nginx to allow only local LAN IPs. Edit your Nginx config file (e.g., /etc/nginx/sites-available/roundcube) and add:
location / {
allow 192.168.1.0/24; # Replace with your LAN subnet
deny all;
}
Restart Nginx (sudo systemctl restart nginx) to apply changes. For remote access, use a VPN instead of exposing Roundcube to the internet.
I hope my answer will help you. (https://grandprotectivesecurity.com/services/)