forked from roundcube/roundcubemail
-
Notifications
You must be signed in to change notification settings - Fork 1
/
INSTALL
305 lines (230 loc) · 12.1 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
INTRODUCTION
============
This file describes the basic steps to install Roundcube Webmail on your
web server. For additional information, please also consult the project's
wiki page at https://github.com/roundcube/roundcubemail/wiki
REQUIREMENTS
============
* An IMAP, HTTP and SMTP server
* .htaccess support allowing overrides for DirectoryIndex
* PHP Version 7.3 or greater including:
- PCRE, DOM, JSON, Session, Sockets, OpenSSL, Mbstring, Filter, Ctype, Intl (required)
- PHP PDO with driver for either MySQL, PostgreSQL or SQLite (required)
- Iconv, Zip, Fileinfo, Exif (recommended)
- LDAP for LDAP addressbook support (optional)
- GD, Imagick, XMLWriter (optional: thumbnails generation, QR-code)
* PEAR and PEAR packages distributed with Roundcube or external.
See composer.json for the list of required packages.
* php.ini options:
- memory_limit > 16MB
- file_uploads enabled (for uploading attachments and import files)
- session.auto_start disabled
- suhosin.session.encrypt disabled
- mbstring.func_overload disabled
- pcre.backtrack_limit >= 100000
* A MySQL, PostgreSQL, or SQLite v3 support in PHP - with permission to create tables
* Composer installed either locally or globally (https://getcomposer.org)
INSTALLATION
============
1. Decompress and put this folder somewhere inside your document root.
Note: Make sure files have proper owner/group for your setup. If you use
tar command `--no-same-owner` option might be helpful.
2. In case you don't use the so-called "complete" release package,
you have to install PHP and javascript dependencies.
2.1. Install PHP dependencies using composer:
- get composer from https://getcomposer.org/download/
- if you want to use LDAP address books, enable the LDAP libraries in your
composer.json file by moving the items from "suggest" to the "require"
section (remove the explanation texts after the version!).
- run `php composer.phar update --no-dev`
2.2. Install Javascript dependencies by executing `bin/install-jsdeps.sh` script.
2.3. Install some developer tools by executing `npm install`.
3. Make sure that the following directories (and the files within)
are writable by the webserver
- /temp
- /logs
4. Create a new database and a database user for Roundcube (see DATABASE SETUP)
5. Point your browser to http://url-to-roundcube/installer/
6. Follow the instructions of the install script (or see MANUAL CONFIGURATION)
7. After creating and testing the configuration, remove the installer directory
------------------------------------------
IMPORTANT: REMOVE THE INSTALLER DIRECTORY!
------------------------------------------
8. If you use git sources, compile css files for the Elastic skin as described
in the skins/elastic/README.md file.
9. Check Known Issues section of this file
CONFIGURATION HINTS
===================
IMPORTANT! Read all comments in defaults.inc.php, understand them
and configure your installation to be not surprised by default behaviour.
Roundcube writes internal errors to the 'errors.log' log file located in the logs
directory which can be configured in config/config.inc.php. If you want ordinary
PHP errors to be logged there as well, set error_log in php.ini or .htaccess file.
Roundcube forces display_errors=Off and log_errors=On.
By default the session cookie settings of PHP are not modified by Roundcube.
However if you want to limit the session cookies to the directory where
Roundcube resides you can set session.cookie_path in the php.ini or .htaccess file.
More about PHP settings: https://github.com/roundcube/roundcubemail/wiki/Installation#php-configuration
DATABASE SETUP
==============
Note: Database for Roundcube must use UTF-8 character set.
Note: See defaults.inc.php file for examples of DSN configuration.
* MySQL
-------
Setting up the mysql database can be done by creating an empty database,
importing the table layout and granting the proper permissions to the
roundcube user. Here is an example of that procedure:
# mysql
> CREATE DATABASE roundcubemail CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
> CREATE USER roundcube@localhost IDENTIFIED BY 'password';
> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost;
> quit
Note 1: 'password' is the master password for the roundcube user. It is strongly
recommended you replace this with a more secure password. Please keep in
mind that you must specify this password later in 'config/config.inc.php'.
Note 2: When using MySQL < 5.7.7 or MariaDB < 10.2.2 it is required to configure
the database engine with:
innodb_large_prefix=1
innodb_file_per_table=1
innodb_file_format=Barracuda
Now you can run the Installer or configure the database access options in
'config/config.inc.php' and run: `bin/initdb.sh --dir=SQL`.
* SQLite
--------
Versions of sqlite database engine older than 3.6.19 aren't supported.
Database file and structure is created automatically by Roundcube.
Make sure your configuration points to some file location and that the
webserver can write to the file and the directory containing the file.
* PostgreSQL
------------
To use Roundcube with PostgreSQL support you have to follow these
simple steps, which have to be done as the postgres system user (or
which ever is the database superuser):
$ createuser -P roundcube
$ createdb -O roundcube -E UNICODE roundcubemail
Note: in some system configurations you might need to add '-U postgres' to
createuser and createdb commands.
Now you can run the Installer or configure the database access options in
'config/config.inc.php' and run: `bin/initdb.sh --dir=SQL`.
Database cleaning
-----------------
To keep your database slick and clean we recommend to periodically execute
bin/cleandb.sh which finally removes all records that are marked as deleted.
Best solution is to install a cronjob running this script daily.
MANUAL CONFIGURATION
====================
First of all, copy the sample configuration file config/config.inc.php.sample
to config/config.inc.php and make the necessary adjustments according to your
environment and your needs. More configuration options can be copied from the
config/defaults.inc.php file into your local config.inc.php file as needed.
Read the comments above the individual configuration options to find out what
they do or read https://github.com/roundcube/roundcubemail/wiki/Installation
for even more guidance.
The maximum size of email attachments and other file uploads is controlled by
PHP settings: upload_max_filesize and post_max_size. Read more about PHP
settings at https://github.com/roundcube/roundcubemail/wiki/Installation#php-configuration.
SECURE YOUR INSTALLATION
========================
Access through the webserver to the following directories should be denied:
/config
/temp
/logs
Roundcube uses .htaccess files to protect these directories, so be sure to
allow override of the Limit directives to get them taken into account. The
package also ships a .htaccess file in the root directory which defines some
rewrite rules. In order to properly secure your installation, please enable
mod_rewrite for Apache webserver and double check access to the above listed
directories and their contents is denied.
NOTE: In Apache 2.4, support for .htaccess files has been disabled by
default. Therefore you first need to enable this in your Apache main or
virtual host config by with:
AllowOverride all
For non-apache web servers add equivalent configuration parameters to deny
direct access to these private resources.
It is also recommended to change the document root to <install path>/public_html
after installation if Roundcube runs at root of a dedicated virtual host. This
will automatically keep sensitive files out of reach for http requests.
CONTENT-SECURITY-POLICY
-----------------------
If you use a Content-Security-Policy, please note that Roundcube *requires* the
`script-src` parameter to include `'unsafe-inline' 'unsafe-eval'`. No external
sources are required (by default).
UPGRADING
=========
If you already have a previous version of Roundcube installed,
please refer to the instructions in UPGRADING guide.
OPTIMISING
==========
There are two forms of optimization here, compression and caching, both aimed
at increasing an end user's experience using Roundcube Webmail. Compression
allows the static web pages to be delivered with less bandwidth. The index.php
of Roundcube Webmail already enables compression on its output. The settings
below allow compression to occur for all static files. Caching sets HTTP
response headers that enable a user's web client to understand what is static
and how to cache it.
The caching directives used are:
* Etags - sets at tag so the client can request is the page has changed
* Cache-control - defines the age of the page and that the page is 'public'
This enables clients to cache javascript files that don't have private
information between sessions even if using HTTPS. It also allows proxies
to share the same cached page between users.
* Expires - provides another hint to increase the lifetime of static pages.
For more information refer to RFC 2616.
Side effects:
-------------
These directives are designed for production use. If you are using this in
a development environment you may get horribly confused if your webclient
is caching stuff that you changed on the server. Disabling the expires
parts below should save you some grief.
If you are changing the skins, it is recommended that you copy content to
a different directory apart from 'default'.
Apache:
-------
To enable these features in apache the following modules need to be enabled:
* mod_deflate
* mod_expires
* mod_headers
The optimization is already included in the .htaccess file in the top
directory of your installation.
Lighttpd:
---------
With Lighttpd the addition of Expire: tags by mod_expire is incompatible with
the addition of "Cache-control: public". Using Cache-control 'public' is
used below as it is assumed to give a better caching result.
Enable modules in server.modules:
"mod_setenv"
"mod_compress"
Mod_compress is a server side cache of compressed files to improve its performance.
$HTTP["host"] == "www.example.com" {
static-file.etags = "enable"
# http://redmine.lighttpd.net/projects/lighttpd/wiki/Etag.use-mtimeDetails
etag.use-mtime = "enable"
# http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModSetEnv
$HTTP["url"] =~ "^/roundcubemail/(plugins|skins|program)" {
setenv.add-response-header = ( "Cache-Control" => "public, max-age=2592000")
}
# http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ModCompress
# set compress.cache-dir to somewhere outside the docroot.
compress.cache-dir = var.statedir + "/cache/compress"
compress.filetype = ("text/plain", "text/html", "text/javascript", "text/css", "text/xml", "image/gif", "image/png")
}
KNOWN ISSUES
============
Installations with uw-imap server should set imap_disabled_caps = array('ESEARCH')
in main configuration file. ESEARCH implementation in this server is broken (#1489184).
PHP >= 5.6 validates the ssl certificates by default. It means that
if IMAP/SMTP certificates are self-signed or use wrong host name you'll get
connection errors. A solution in such cases is to set imap_conn_options,
smtp_conn_options and managesieve_conn_options in a way described in config/defaults.inc.php.
If you have problems with temp files or non-working logs make sure temp and logs folders
are writeable to the user used by http server. Access to them may also be blocked by
SELINUX. Here's some sample commands for SELINUX:
$ semanage fcontext -a -t httpd_sys_rw_content_t "/path_to_roundcube/logs(/.*)?"
$ semanage fcontext -a -t httpd_sys_rw_content_t "/path_to_roundcube/temp(/.*)?"
$ restorecon -Rv /path_to_roundcube/
Microsoft IIS Server by default does not support WOFF fonts used in Elastic skin. It might be
needed to add following MIME Types definitions (via web.config or IIS Manager):
.woff application/font-woff
.woff2 application/font-woff2
When installing on Windows be aware we're using symbolic links which may need an additional
attention. See https://github.com/roundcube/roundcubemail/issues/7151.