Creating a custom hostname for webmail on Mail-In-A-Box
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Jay b6f917d423 Add A Word 2 years ago
README.md Add A Word 2 years ago

README.md

Custom Hostname for Mail-In-A-Box Webmail (Roundcube)

Typically when you access webmail for MIAB systems it's hostname/mail. That's neat and all...but I've complicated things by the fact the server running my MIAB installation isn't the same as my main webserver, so this winds up being mail.hostname/mail.

But what if I wanted webmail.hostname?

Custom configs "not supported".

One of the upsides with MIAB is that it does everything for you...even more so if you let it run as the NS server for your domain. Even if you have to punch in all the records to your existing server, it configures the mta-sts and DKIM stuff for you. This comes at a price as virtually every single configuration is locked-down and overwritten frequently. So any nginx config changes you make will disappear...that is, except for /etc/sites-available stuff. After studying the various scripts that run this thing, it doesn't seem to make any changes to confs in this directory; instead it just modifies the main nginx conf file and sticks host names in there. Thankfully...that doesn't disable nginx from reading custom hosts as normal. So we can just create the hostname in our DNS records and load as normal.

/etc/nginx/sites-available/webmail.conf

server {

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.php;

        server_name webmail.domain;


        rewrite ^/mail$ /mail/ redirect;
        rewrite ^/mail/$ /mail/index.php;
        location = / {
                return 301 https://webmail.domain/mail;
        }
        location /mail/ {
                index index.php;
                alias /usr/local/lib/roundcubemail/;
        }
        location ~ /mail/config/.* {
                # A ~-style location is needed to give this precedence over the next block.
                return 403;
        }
        location ~ /mail/.*\.php {
                # note: ~ has precendence over a regular location block
                include fastcgi_params;
                fastcgi_split_path_info ^/mail(/.*)()$;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
                fastcgi_pass php-fpm;

                # Outgoing mail also goes through this endpoint, so increase the maximum
                # file upload limit to match the corresponding Postfix limit.
                client_max_body_size 128M;
        }

        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}

We still have to redirect webmail.host to webmail.host/mail or Roundcube won't work. Now you just need to add SSL.

Adding SSL

You'll have to install the nginx plugin for certbot as MIAB usually does certs itself. It will not be aware of our webmail directive...and that's okay.

sudo apt install python3-certbot-nginx

Then you need to run certbot as normal, making sure you pick your webmail host for cert.

sudo certbot

That's All

Once SSL is installed you should be able to visit webmail.domain which will automatically redirect to webmail.domain/mail and load Roundcube.