b6f917d423
|
1 year ago | |
|---|---|---|
| README.md | 1 year ago | |
README.md
Custom Hostname for Mail-In-A-Box Webmail (Roundcube)
Typically when you access webmail for MIAB systems it's hostname/mail. That's neat and all...but I've complicated things by the fact the server running
my MIAB installation isn't the same as my main webserver, so this winds up being mail.hostname/mail.
But what if I wanted webmail.hostname?
Custom configs "not supported".
One of the upsides with MIAB is that it does everything for you...even more so if you let it run as the NS server for your domain. Even if you have to punch
in all the records to your existing server, it configures the mta-sts and DKIM stuff for you. This comes at a price as virtually every single configuration
is locked-down and overwritten frequently. So any nginx config changes you make will disappear...that is, except for /etc/sites-available stuff. After
studying the various scripts that run this thing, it doesn't seem to make any changes to confs in this directory; instead it just modifies the main nginx
conf file and sticks host names in there. Thankfully...that doesn't disable nginx from reading custom hosts as normal. So we can just create the hostname in
our DNS records and load as normal.
/etc/nginx/sites-available/webmail.conf
server {
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.php;
server_name webmail.domain;
rewrite ^/mail$ /mail/ redirect;
rewrite ^/mail/$ /mail/index.php;
location = / {
return 301 https://webmail.domain/mail;
}
location /mail/ {
index index.php;
alias /usr/local/lib/roundcubemail/;
}
location ~ /mail/config/.* {
# A ~-style location is needed to give this precedence over the next block.
return 403;
}
location ~ /mail/.*\.php {
# note: ~ has precendence over a regular location block
include fastcgi_params;
fastcgi_split_path_info ^/mail(/.*)()$;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
fastcgi_pass php-fpm;
# Outgoing mail also goes through this endpoint, so increase the maximum
# file upload limit to match the corresponding Postfix limit.
client_max_body_size 128M;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
We still have to redirect webmail.host to webmail.host/mail or Roundcube won't work. Now you just need to add SSL.
Adding SSL
You'll have to install the nginx plugin for certbot as MIAB usually does certs itself. It will not be aware of our webmail directive...and that's okay.
sudo apt install python3-certbot-nginx
Then you need to run certbot as normal, making sure you pick your webmail host for cert.
sudo certbot
That's All
Once SSL is installed you should be able to visit webmail.domain which will automatically redirect to webmail.domain/mail and load Roundcube.