From a68b92401467a03256a7b5b03e3d2341738377f7 Mon Sep 17 00:00:00 2001 From: CodeShell <122738806+CodeShellDev@users.noreply.github.com> Date: Tue, 3 Jun 2025 17:04:08 +0200 Subject: [PATCH 1/5] revert EOCONFIG changes --- .../roundcube/third_party-roundcube.en.md | 362 ++++++++++++++++-- 1 file changed, 333 insertions(+), 29 deletions(-) diff --git a/docs/third_party/roundcube/third_party-roundcube.en.md b/docs/third_party/roundcube/third_party-roundcube.en.md index 51fb419a1..4eb79bf57 100644 --- a/docs/third_party/roundcube/third_party-roundcube.en.md +++ b/docs/third_party/roundcube/third_party-roundcube.en.md @@ -1,9 +1,14 @@ ## Installing Roundcube + !!! note - Unless otherwise stated, all of the given commands are expected to be executed in the mailcow installation directory, - i.e., the directory containing `mailcow.conf` etc. Please do not blindly execute the commands but understand what they - do. None of the commands is supposed to produce an error, so if you encounter an error, fix it if necessary before - continuing with the subsequent commands. +Unless otherwise stated, all of the given commands are expected to be executed in the mailcow installation directory, +i.e., the directory containing `mailcow.conf` etc. Please do not blindly execute the commands but understand what they +do. None of the commands is supposed to produce an error, so if you encounter an error, fix it if necessary before +continuing with the subsequent commands. + +=== "Integrated" + +### Integrated Installation ### Note on composer usage @@ -29,6 +34,7 @@ docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer dump ``` ### Preparation + First we load `mailcow.conf` so we have access to the mailcow configuration settings for the following commands. ```bash @@ -46,6 +52,7 @@ docker exec -it $(docker ps -f name=php-fpm-mailcow -q) chmod 750 /web/rc/logs / ``` ### Optional: Spellchecking + If you need spell check features, create a file `data/hooks/phpfpm/aspell.sh` with the following content, then `chmod +x data/hooks/phpfpm/aspell.sh`. This installs a local spell check engine. Note, most modern web browsers have built in spell check, so you may not want/need this. @@ -57,6 +64,7 @@ apk add aspell-en # or any other language ``` ### Install mime type mappings + Download the `mime.types` file as it is not included in the php-fpm container. ```bash @@ -64,6 +72,7 @@ wget -O data/web/rc/config/mime.types http://svn.apache.org/repos/asf/httpd/http ``` ### Create roundcube database + Create a database for roundcube in the mailcow MySQL container. This creates a new `roundcube` database user with a random password, which will be echoed to the shell and stored in a shell variable for use by later commands. Note that when you interrupt the process and continue in a new shell, you must set the `DBROUNDCUBE` @@ -78,20 +87,22 @@ docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} - ``` ### Roundcube configuration + Create a file `data/web/rc/config/config.inc.php` with the following content. - - The `des_key` option is set to a random value. It is used to temporarily store your IMAP password. - - The plugins list can be adapted to your preference. I added a set of standard plugins that I consider of common - usefulness and which work well together with mailcow: - - The archive plugin adds an archive button that moves selected messages to a user-configurable archive folder. - - The managesieve plugin provides a user-friendly interface to manage server-side mail filtering and vacation / out - of office notification. - - The acl plugin allows to manage access control lists on IMAP folders, including the ability to share IMAP folders - to other users. - - The markasjunk plugin adds buttons to mark selected messages as junk (or messages in the junk folder not as junk) - and moves them to the junk folder or back to the inbox. The sieve filters included with mailcow will take care - that action triggers a learn as spam/ham action in rspamd, so no further configuration of the plugin is needed. - - The zipdownload plugin allows to download multiple message attachments or messages as a zip file. - - If you didn't install spell check in the above step, remove `spellcheck_engine` parameter. + +- The `des_key` option is set to a random value. It is used to temporarily store your IMAP password. +- The plugins list can be adapted to your preference. I added a set of standard plugins that I consider of common + usefulness and which work well together with mailcow: + - The archive plugin adds an archive button that moves selected messages to a user-configurable archive folder. + - The managesieve plugin provides a user-friendly interface to manage server-side mail filtering and vacation / out + of office notification. + - The acl plugin allows to manage access control lists on IMAP folders, including the ability to share IMAP folders + to other users. + - The markasjunk plugin adds buttons to mark selected messages as junk (or messages in the junk folder not as junk) + and moves them to the junk folder or back to the inbox. The sieve filters included with mailcow will take care + that action triggers a learn as spam/ham action in rspamd, so no further configuration of the plugin is needed. + - The zipdownload plugin allows to download multiple message attachments or messages as a zip file. +- If you didn't install spell check in the above step, remove `spellcheck_engine` parameter. ```bash cat <data/web/rc/config/config.inc.php @@ -127,6 +138,7 @@ docker exec -it $(docker ps -f name=php-fpm-mailcow -q) chmod 640 /web/rc/config ``` ### Initialize database + Point your browser to `https://myserver/rc/installer`. Check that the website shows no "NOT OK" check results on any of the steps, some "NOT AVAILABLE" are expected regarding different database extensions of which we only need MySQL. Initialize the database and leave the installer. It is not necessary to update the configuration with @@ -206,7 +218,184 @@ services: ofelia.enabled: "true" ofelia.job-exec.roundcube_cleandb.schedule: "@every 168h" ofelia.job-exec.roundcube_cleandb.user: "www-data" - ofelia.job-exec.roundcube_cleandb.command: "/bin/bash -c \"[ -f /web/rc/bin/cleandb.sh ] && /web/rc/bin/cleandb.sh\"" + ofelia.job-exec.roundcube_cleandb.command: '/bin/bash -c "[ -f /web/rc/bin/cleandb.sh ] && /web/rc/bin/cleandb.sh"' +``` + +=== "Standalone Container" + +### Standalone Installation + +For a Standalone Roundcube installation you will need to edit your `docker-compose.yml` file OR create a `docker-compose.override.yml` file. + +- Roundcube stores its html inside of `var/www/html`, which is mounted inside of `./data/rc/html` +- Configuration files are mounted inside of `./data/rc/config` + +`docker-compose.yml` + +```yml +roundcube: + image: roundcube/roundcubemail:latest + environment: + DBROUNDCUBE: ${DBROUNDCUBE} + IPV4_NETWORK: ${IPV4_NETWORK:-172.22.1} + IPV6_NETWORK: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64} + ROUNDCUBEMAIL_DB_TYPE: mysql + ROUNDCUBEMAIL_DB_HOST: mysql + ROUNDCUBEMAIL_DB_USER: roundcube + ROUNDCUBEMAIL_DB_PASSWORD: ${DBROUNDCUBE} + ROUNDCUBEMAIL_DB_NAME: roundcubemail + ROUNDCUBEMAIL_DEFAULT_HOST: ssl://dovecot:143 + ROUNDCUBEMAIL_SMTP_SERVER: ssl://postfix:587 + ROUNDCUBEMAIL_PLUGINS: archive, managesieve, acl, markasjunk, zipdownload + ports: + - "80:80" + volumes: + - ./data/rc/html:/var/www/html + - ./data/rc/config:/var/roundcube/config + # - ./data/rc/db:/var/roundcube/db # Optionally Mount Roundcube Database on the host + depends_on: + - mysql-mailcow + - dovecot-mailcow + restart: unless-stopped + networks: + mailcow-network: + aliases: + - roundcube +``` + +### Create roundcube database + +Create a database for roundcube in the mailcow MySQL container. This creates a new `roundcube` database user +with a random password, which will be echoed to the shell and stored in a shell variable for use by later +commands. Note that when you interrupt the process and continue in a new shell, you must set the `DBROUNDCUBE` +shell variable manually to the password output by the following commands. + +```bash +DBROUNDCUBE=$(LC_ALL=C /dev/null | head -c 28) +echo Database password for user roundcube is $DBROUNDCUBE +docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE DATABASE roundcubemail CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" +docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE USER 'roundcube'@'%' IDENTIFIED BY '${DBROUNDCUBE}';" +docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'%';" +``` + +#### Now start the roundcube Docker Container + +=== "docker compose (Plugin)" + + ``` bash + docker compose up -d + ``` + +=== "docker-compose (Standalone)" + + ``` bash + docker-compose up -d + ``` + +### Initialize Database + +Point your browser to `https://roundcube.example.com/installer`. Check that the website shows no "NOT OK" check results on +any of the steps, some "NOT AVAILABLE" are expected regarding different database extensions of which we only need MySQL. +Initialize the database and leave the installer. It is not necessary to update the configuration with +the downloaded one, unless you made some settings in the installer you would like to take over. + +### Ofelia job for roundcube housekeeping + +Roundcube needs to clean some stale information from the database every once in a while, +for which we will create an ofelia job that runs the roundcube `cleandb.sh` script. + +To do this, add the following to `docker-compose.override.yml` (if you already have some +adaptations for the php-fpm container, add the labels to the existing section): + +```yml +services: + roundcube: + labels: + ofelia.enabled: "true" + ofelia.job-exec.roundcube_cleandb.schedule: "@every 168h" + ofelia.job-exec.roundcube_cleandb.user: "www-data" + ofelia.job-exec.roundcube_cleandb.command: '/bin/bash -c "[ -f /var/www/html/bin/cleandb.sh ] && /var/www/htm/bin/cleandb.sh"' +``` + +### Plugins + +To add Plugins you have to specify them inside of the environment variables +`ROUNDCUBEMAIL_PLUGINS` AND +`ROUNDCUBEMAIL_COMPOSER_PLUGINS`, this will actually download not installed plugins + +```yml +services: + roundcube: + volumes: + ROUNDCUBEMAIL_PLUGINS: dovecot_client_ip, archive, managesieve, acl,markasjunk, zipdownload + ROUNDCUBEMAIL_COMPOSER_PLUGINS: "foorschtbar/dovecot_client_ip:~2" +``` + +### Optional: Reverse Proxy + +To put Roundcube behind a Reverse Proxy like traefik you must add this to your `docker-compose.yml`file + +`docker-compose.yml` + +```yml + roundcube: + image: roundcube/roundcubemail:latest + environment: + DBROUNDCUBE: ${DBROUNDCUBE} + IPV4_NETWORK: ${IPV4_NETWORK:-172.22.1} + IPV6_NETWORK: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64} + ROUNDCUBEMAIL_DB_TYPE: mysql + ROUNDCUBEMAIL_DB_HOST: mysql + ROUNDCUBEMAIL_DB_USER: roundcube + ROUNDCUBEMAIL_DB_PASSWORD: ${DBROUNDCUBE} + ROUNDCUBEMAIL_DB_NAME: roundcubemail + ROUNDCUBEMAIL_DEFAULT_HOST: ssl://dovecot:143 + ROUNDCUBEMAIL_SMTP_SERVER: ssl://postfix:587 + ROUNDCUBEMAIL_PLUGINS: archive, managesieve, acl, markasjunk, zipdownload + labels: + - traefik.enable=true + - traefik.http.routers.roundcube-mail-secure.entrypoints=websecure + - traefik.http.routers.roundcube-mail-secure.rule=Host(`roundcube.example.com`) + - traefik.http.routers.roundcube-mail-secure.tls=true + - traefik.http.routers.roundcube-mail-secure.tls.certresolver=resolver + - traefik.http.routers.roundcube-mail-secure.service=roundcube-svc + - traefik.http.services.roundcube-svc.loadbalancer.server.port=80 + + - traefik.docker.network=proxy + volumes: + - ./data/rc/html:/var/www/html + - ./data/rc/config:/var/roundcube/config + # - ./data/rc/db:/var/roundcube/db # Optionally Mount Roundcube Database on the host + depends_on: + - mysql-mailcow + - dovecot-mailcow + restart: unless-stopped + networks: + mailcow-network: + aliases: + - roundcube + proxy: + +networks: + proxy: + external: true +``` + +Now your Roundcube instance can be securily accessed from `https://roundcube.example.com`. + +If you want to access your Roundcube Instance on a subpath like `/rc`, you will need to add +`ROUNDCUBEMAIL_REQUEST_PATH=/rc` to your environment, if that doesn't work, try the following: +Create `data/web/conf/nginx/site.roundcube.custom` + +```nginx + location /rc/ { # /rc: your subpath + proxy_pass http://roundcube:80/; # Replace with the correct upstream + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_redirect off; + } ``` ## Optional extra functionality @@ -231,7 +420,7 @@ $config['plugins'] = array( ); ``` -Configure the password plugin (be sure to adapt __\*\*API_KEY\*\*__ to you mailcow read/write API key): +Configure the password plugin (be sure to adapt **\*\*API_KEY\*\*** to you mailcow read/write API key): ```bash cat <data/web/rc/plugins/password/config.inc.php @@ -287,7 +476,7 @@ cat <data/web/rc/plugins/carddav/config.inc.php EOCONFIG ``` -RCMCardDAV will add all addressbooks of the user on login, including __subscribed__ addressbooks shared to the user by +RCMCardDAV will add all addressbooks of the user on login, including **subscribed** addressbooks shared to the user by other users. If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks @@ -353,6 +542,112 @@ $MAILCOW_APPS = [ ]; ``` +### Let users authenticate with mailcow (oauth) + +First, we have to define some placeholders: + +- roundcube.example.com (your roundcube host) +- mail.example.com (your mailcow host) + +Before continuing, you will have to have an externally managed Roundcube instance, in a seperate docker container behind a Reverse Proxy. +[(See Standalone Installation)](https://docs.mailcow.email/third_party/roundcube/third_party-roundcube/#standalone-installation) + +In mailcow UI under `Admin > Oauth2 Apps`, create a new oauth2 App. +Set the redirect uri to `https://roundcube.example.com/index.php/login/oauth`. +Take note of the Client ID and SECRET. + +Create a Roundcube config file under `./data/rc/config/config.oauth.inc.php`. +`./data/rc/config/config.oauth.inc.php` + +```php + Roundcube'; + item.action += + '' } ``` Add the following line to the array $template_data: -* `data/web/admin/mailbox.php` [`$template_data`](https://github.com/mailcow/mailcow-dockerized/blob/master/data/web/admin/mailbox.php#L43-L56) -* `data/web/domainadmin/mailbox.php` [`$template_data`](https://github.com/mailcow/mailcow-dockerized/blob/master/data/web/domainadmin/mailbox.php#L43-L56) + +- `data/web/admin/mailbox.php` [`$template_data`](https://github.com/mailcow/mailcow-dockerized/blob/master/data/web/admin/mailbox.php#L43-L56) +- `data/web/domainadmin/mailbox.php` [`$template_data`](https://github.com/mailcow/mailcow-dockerized/blob/master/data/web/domainadmin/mailbox.php#L43-L56) ```php 'allow_admin_email_login_roundcube' => (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false', @@ -418,10 +717,11 @@ Edit `data/web/templates/mailbox.twig` and add this code to the bottom of the [j Copy the contents of the following files from this [Snippet](https://gitlab.com/-/snippets/2038244): -* `data/web/inc/lib/RoundcubeAutoLogin.php` -* `data/web/rc-auth.php` +- `data/web/inc/lib/RoundcubeAutoLogin.php` +- `data/web/rc-auth.php` ## Finish installation + Finally, restart mailcow === "docker compose (Plugin)" @@ -610,6 +910,7 @@ rm -r data/web/rc/plugins/carddav ### Switch roundcube to new database First adapt the roundcube configuration to use the new database. + ```bash sed -i "/\$config\['db_dsnw'\].*$/d" data/web/rc/config/config.inc.php cat <>data/web/rc/config/config.inc.php @@ -618,6 +919,7 @@ EOCONFIG ``` ### Re-enable roundcube web access + Execute the chown and chmod commands on sensitive roundcube directories listed in [Preparation](#preparation), to make sure the nginx webserver cannot access files it is not supposed to serve. @@ -629,6 +931,7 @@ docker compose exec nginx-mailcow nginx -s reload ``` ### Other changes + You must also adapt the configuration of the roundcube password plugin according to this instruction, specifically if you use the password changing functionality, since the old instruction directly changed the password in the database, whereas this version of the instruction uses the mailcow API for the password change. @@ -638,10 +941,11 @@ installation instructions and adapt your configuration accordingly or perform th additions. Specifically, consider the following sections: - - [Ofelia job for roundcube housekeeping](#ofelia-job-for-roundcube-housekeeping) - - [Allow plaintext authentication in dovecot](#allow-plaintext-authentication-for-the-php-fpm-container-without-using-tls), - if you adapt the roundcube configuration to contact dovecot via non-encrypted IMAP connection. - - [Forward the client network address to dovecot](#forward-the-client-network-address-to-dovecot) + +- [Ofelia job for roundcube housekeeping](#ofelia-job-for-roundcube-housekeeping) +- [Allow plaintext authentication in dovecot](#allow-plaintext-authentication-for-the-php-fpm-container-without-using-tls), + if you adapt the roundcube configuration to contact dovecot via non-encrypted IMAP connection. +- [Forward the client network address to dovecot](#forward-the-client-network-address-to-dovecot) ### Removing roundcube tables from mailcow database From bd9b8d58cd5e43f321a1f6355e00fda284fb4e43 Mon Sep 17 00:00:00 2001 From: CodeShell <122738806+CodeShellDev@users.noreply.github.com> Date: Thu, 7 Aug 2025 19:30:09 +0200 Subject: [PATCH 2/5] only included essentials --- .../roundcube/third_party-roundcube.en.md | 193 +----------------- 1 file changed, 5 insertions(+), 188 deletions(-) diff --git a/docs/third_party/roundcube/third_party-roundcube.en.md b/docs/third_party/roundcube/third_party-roundcube.en.md index 4eb79bf57..e8c8f61d4 100644 --- a/docs/third_party/roundcube/third_party-roundcube.en.md +++ b/docs/third_party/roundcube/third_party-roundcube.en.md @@ -6,10 +6,6 @@ i.e., the directory containing `mailcow.conf` etc. Please do not blindly execute do. None of the commands is supposed to produce an error, so if you encounter an error, fix it if necessary before continuing with the subsequent commands. -=== "Integrated" - -### Integrated Installation - ### Note on composer usage This guide uses composer to update roundcube dependencies or install / update roundcube plugins. @@ -221,183 +217,6 @@ services: ofelia.job-exec.roundcube_cleandb.command: '/bin/bash -c "[ -f /web/rc/bin/cleandb.sh ] && /web/rc/bin/cleandb.sh"' ``` -=== "Standalone Container" - -### Standalone Installation - -For a Standalone Roundcube installation you will need to edit your `docker-compose.yml` file OR create a `docker-compose.override.yml` file. - -- Roundcube stores its html inside of `var/www/html`, which is mounted inside of `./data/rc/html` -- Configuration files are mounted inside of `./data/rc/config` - -`docker-compose.yml` - -```yml -roundcube: - image: roundcube/roundcubemail:latest - environment: - DBROUNDCUBE: ${DBROUNDCUBE} - IPV4_NETWORK: ${IPV4_NETWORK:-172.22.1} - IPV6_NETWORK: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64} - ROUNDCUBEMAIL_DB_TYPE: mysql - ROUNDCUBEMAIL_DB_HOST: mysql - ROUNDCUBEMAIL_DB_USER: roundcube - ROUNDCUBEMAIL_DB_PASSWORD: ${DBROUNDCUBE} - ROUNDCUBEMAIL_DB_NAME: roundcubemail - ROUNDCUBEMAIL_DEFAULT_HOST: ssl://dovecot:143 - ROUNDCUBEMAIL_SMTP_SERVER: ssl://postfix:587 - ROUNDCUBEMAIL_PLUGINS: archive, managesieve, acl, markasjunk, zipdownload - ports: - - "80:80" - volumes: - - ./data/rc/html:/var/www/html - - ./data/rc/config:/var/roundcube/config - # - ./data/rc/db:/var/roundcube/db # Optionally Mount Roundcube Database on the host - depends_on: - - mysql-mailcow - - dovecot-mailcow - restart: unless-stopped - networks: - mailcow-network: - aliases: - - roundcube -``` - -### Create roundcube database - -Create a database for roundcube in the mailcow MySQL container. This creates a new `roundcube` database user -with a random password, which will be echoed to the shell and stored in a shell variable for use by later -commands. Note that when you interrupt the process and continue in a new shell, you must set the `DBROUNDCUBE` -shell variable manually to the password output by the following commands. - -```bash -DBROUNDCUBE=$(LC_ALL=C /dev/null | head -c 28) -echo Database password for user roundcube is $DBROUNDCUBE -docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE DATABASE roundcubemail CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" -docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "CREATE USER 'roundcube'@'%' IDENTIFIED BY '${DBROUNDCUBE}';" -docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -e "GRANT ALL PRIVILEGES ON roundcubemail.* TO 'roundcube'@'%';" -``` - -#### Now start the roundcube Docker Container - -=== "docker compose (Plugin)" - - ``` bash - docker compose up -d - ``` - -=== "docker-compose (Standalone)" - - ``` bash - docker-compose up -d - ``` - -### Initialize Database - -Point your browser to `https://roundcube.example.com/installer`. Check that the website shows no "NOT OK" check results on -any of the steps, some "NOT AVAILABLE" are expected regarding different database extensions of which we only need MySQL. -Initialize the database and leave the installer. It is not necessary to update the configuration with -the downloaded one, unless you made some settings in the installer you would like to take over. - -### Ofelia job for roundcube housekeeping - -Roundcube needs to clean some stale information from the database every once in a while, -for which we will create an ofelia job that runs the roundcube `cleandb.sh` script. - -To do this, add the following to `docker-compose.override.yml` (if you already have some -adaptations for the php-fpm container, add the labels to the existing section): - -```yml -services: - roundcube: - labels: - ofelia.enabled: "true" - ofelia.job-exec.roundcube_cleandb.schedule: "@every 168h" - ofelia.job-exec.roundcube_cleandb.user: "www-data" - ofelia.job-exec.roundcube_cleandb.command: '/bin/bash -c "[ -f /var/www/html/bin/cleandb.sh ] && /var/www/htm/bin/cleandb.sh"' -``` - -### Plugins - -To add Plugins you have to specify them inside of the environment variables -`ROUNDCUBEMAIL_PLUGINS` AND -`ROUNDCUBEMAIL_COMPOSER_PLUGINS`, this will actually download not installed plugins - -```yml -services: - roundcube: - volumes: - ROUNDCUBEMAIL_PLUGINS: dovecot_client_ip, archive, managesieve, acl,markasjunk, zipdownload - ROUNDCUBEMAIL_COMPOSER_PLUGINS: "foorschtbar/dovecot_client_ip:~2" -``` - -### Optional: Reverse Proxy - -To put Roundcube behind a Reverse Proxy like traefik you must add this to your `docker-compose.yml`file - -`docker-compose.yml` - -```yml - roundcube: - image: roundcube/roundcubemail:latest - environment: - DBROUNDCUBE: ${DBROUNDCUBE} - IPV4_NETWORK: ${IPV4_NETWORK:-172.22.1} - IPV6_NETWORK: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64} - ROUNDCUBEMAIL_DB_TYPE: mysql - ROUNDCUBEMAIL_DB_HOST: mysql - ROUNDCUBEMAIL_DB_USER: roundcube - ROUNDCUBEMAIL_DB_PASSWORD: ${DBROUNDCUBE} - ROUNDCUBEMAIL_DB_NAME: roundcubemail - ROUNDCUBEMAIL_DEFAULT_HOST: ssl://dovecot:143 - ROUNDCUBEMAIL_SMTP_SERVER: ssl://postfix:587 - ROUNDCUBEMAIL_PLUGINS: archive, managesieve, acl, markasjunk, zipdownload - labels: - - traefik.enable=true - - traefik.http.routers.roundcube-mail-secure.entrypoints=websecure - - traefik.http.routers.roundcube-mail-secure.rule=Host(`roundcube.example.com`) - - traefik.http.routers.roundcube-mail-secure.tls=true - - traefik.http.routers.roundcube-mail-secure.tls.certresolver=resolver - - traefik.http.routers.roundcube-mail-secure.service=roundcube-svc - - traefik.http.services.roundcube-svc.loadbalancer.server.port=80 - - - traefik.docker.network=proxy - volumes: - - ./data/rc/html:/var/www/html - - ./data/rc/config:/var/roundcube/config - # - ./data/rc/db:/var/roundcube/db # Optionally Mount Roundcube Database on the host - depends_on: - - mysql-mailcow - - dovecot-mailcow - restart: unless-stopped - networks: - mailcow-network: - aliases: - - roundcube - proxy: - -networks: - proxy: - external: true -``` - -Now your Roundcube instance can be securily accessed from `https://roundcube.example.com`. - -If you want to access your Roundcube Instance on a subpath like `/rc`, you will need to add -`ROUNDCUBEMAIL_REQUEST_PATH=/rc` to your environment, if that doesn't work, try the following: -Create `data/web/conf/nginx/site.roundcube.custom` - -```nginx - location /rc/ { # /rc: your subpath - proxy_pass http://roundcube:80/; # Replace with the correct upstream - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_redirect off; - } -``` - ## Optional extra functionality ### Enable change password function in Roundcube @@ -546,12 +365,10 @@ $MAILCOW_APPS = [ First, we have to define some placeholders: -- roundcube.example.com (your roundcube host) +- roundcube.example.com + (can also be hosted on the `/rc` subpath on you mailcow host) - mail.example.com (your mailcow host) -Before continuing, you will have to have an externally managed Roundcube instance, in a seperate docker container behind a Reverse Proxy. -[(See Standalone Installation)](https://docs.mailcow.email/third_party/roundcube/third_party-roundcube/#standalone-installation) - In mailcow UI under `Admin > Oauth2 Apps`, create a new oauth2 App. Set the redirect uri to `https://roundcube.example.com/index.php/login/oauth`. Take note of the Client ID and SECRET. @@ -605,7 +422,7 @@ $config['oauth_identity_fields'] = ['email']; $config['oauth_login_redirect'] = false; ``` -To reference the newly created config add +Load the newly created config file by adding ```php include(__DIR__ . "/config.oauth.inc.php"); @@ -615,7 +432,7 @@ At the bottom of `/config.inc.php`. You will now be able to see a `SSO` button on your Roundcube login page. -To setup Dovecot to accept `XOAUTH` as authentication method, create a file under `./data/conf/dovecot/extra.conf`. +To setup Dovecot to accept `XOAUTH` as an Authentication method, create a file under `./data/conf/dovecot/extra.conf`. `./data/conf/dovecot/extra.conf` ``` @@ -646,7 +463,7 @@ use_grant_password = no username_attribute = email ``` -Then restart dovecot. And then you should be able to login to Roundcube via mailcow. +Make sure to restart Dovecot to load the new configuration. ### Let admins log into Roundcube without password From 6da27703ed1a117f10c020d28aeb9dfd41c33fc4 Mon Sep 17 00:00:00 2001 From: CodeShell <122738806+CodeShellDev@users.noreply.github.com> Date: Fri, 15 Aug 2025 22:30:13 +0200 Subject: [PATCH 3/5] Update mkdocs.yml added new filename of Traefik R.P. v3 file --- mkdocs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mkdocs.yml b/mkdocs.yml index 83e612c94..473cd9fb6 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -103,7 +103,7 @@ nav: - 'Apache 2.4': 'post_installation/reverse-proxy/r_p-apache24.md' - 'Nginx': 'post_installation/reverse-proxy/r_p-nginx.md' - 'HAProxy (community supported)': 'post_installation/reverse-proxy/r_p-haproxy.md' - - 'Traefik v2 (community supported)': 'post_installation/reverse-proxy/r_p-traefik2.md' + - 'Traefik v3 (community supported)': 'post_installation/reverse-proxy/r_p-traefik3.md' - 'Caddy v2 (community supported)': 'post_installation/reverse-proxy/r_p-caddy2.md' - 'SNAT': 'post_installation/firststeps-snat.md' - 'Sync job migration': 'post_installation/firststeps-sync_jobs_migration.md' @@ -262,7 +262,7 @@ plugins: ### Reverse Proxy Subsection 'Overview': 'Übersicht' 'HAProxy (community supported)': 'HAProxy (von der Community unterstützt)' - 'Traefik v2 (community supported)': 'Traefik v2 (von der Community unterstützt)' + 'Traefik v3 (community supported)': 'Traefik v3 (von der Community unterstützt)' 'Caddy v2 (community supported)': 'Caddy v2 (von der Community unterstützt)' 'Sync job migration': 'Migration mit Sync Jobs' ### Models Section From e7662e0dccf59b1d556877fd8e122b98b4d5e19c Mon Sep 17 00:00:00 2001 From: CodeShell <122738806+CodeShellDev@users.noreply.github.com> Date: Fri, 15 Aug 2025 22:43:33 +0200 Subject: [PATCH 4/5] reverted last commit [wrong branch :( ] the last commit was accidentally pushed to the wrong branch :facepalm: --- mkdocs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mkdocs.yml b/mkdocs.yml index 473cd9fb6..83e612c94 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -103,7 +103,7 @@ nav: - 'Apache 2.4': 'post_installation/reverse-proxy/r_p-apache24.md' - 'Nginx': 'post_installation/reverse-proxy/r_p-nginx.md' - 'HAProxy (community supported)': 'post_installation/reverse-proxy/r_p-haproxy.md' - - 'Traefik v3 (community supported)': 'post_installation/reverse-proxy/r_p-traefik3.md' + - 'Traefik v2 (community supported)': 'post_installation/reverse-proxy/r_p-traefik2.md' - 'Caddy v2 (community supported)': 'post_installation/reverse-proxy/r_p-caddy2.md' - 'SNAT': 'post_installation/firststeps-snat.md' - 'Sync job migration': 'post_installation/firststeps-sync_jobs_migration.md' @@ -262,7 +262,7 @@ plugins: ### Reverse Proxy Subsection 'Overview': 'Übersicht' 'HAProxy (community supported)': 'HAProxy (von der Community unterstützt)' - 'Traefik v3 (community supported)': 'Traefik v3 (von der Community unterstützt)' + 'Traefik v2 (community supported)': 'Traefik v2 (von der Community unterstützt)' 'Caddy v2 (community supported)': 'Caddy v2 (von der Community unterstützt)' 'Sync job migration': 'Migration mit Sync Jobs' ### Models Section From faa4f4be513ef1e63f110f3ee278f9b2b9e64f79 Mon Sep 17 00:00:00 2001 From: CodeShell <122738806+CodeShellDev@users.noreply.github.com> Date: Fri, 15 Aug 2025 23:17:25 +0200 Subject: [PATCH 5/5] added Oauth Documentation --- .../roundcube/third_party-roundcube.en.md | 139 +++++++++++++++--- 1 file changed, 120 insertions(+), 19 deletions(-) diff --git a/docs/third_party/roundcube/third_party-roundcube.en.md b/docs/third_party/roundcube/third_party-roundcube.en.md index 99c07b1ce..8ef2de24d 100644 --- a/docs/third_party/roundcube/third_party-roundcube.en.md +++ b/docs/third_party/roundcube/third_party-roundcube.en.md @@ -403,15 +403,15 @@ EOCONFIG ### Integrate CardDAV addressbooks in Roundcube === "Integrated" - Install the latest v5 version (the config below is compatible with v5 releases) using composer. - Answer `Y` when asked if you want to activate the plugin. +Install the latest v5 version (the config below is compatible with v5 releases) using composer. +Answer `Y` when asked if you want to activate the plugin. ```bash docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer require --update-no-dev -o "roundcube/carddav:~5" ``` === "Standalone" - Install the latest version of CardDAV (config based on v5 releases) by adding `carddav` to `ROUNDCUBEMAIL_PLUGINS`: +Install the latest version of CardDAV (config based on v5 releases) by adding `carddav` to `ROUNDCUBEMAIL_PLUGINS`: ```yaml ROUNDCUBEMAIL_PLUGINS: archive, managesieve, acl, markasjunk, zipdownload, carddav @@ -517,16 +517,16 @@ $MAILCOW_APPS = [ First, install plugin [dovecot_impersonate](https://github.com/corbosman/dovecot_impersonate/) and add Roundcube as an app (see above). === "Integrated" - ```bash +`bash docker exec -it -w /web/rc/plugins $(docker ps -f name=php-fpm-mailcow -q) git clone https://github.com/corbosman/dovecot_impersonate.git - ``` + ` === "Standalone" - ```bash +`bash docker exec -it -w /var/www/html/plugins $(docker ps -f name=roundcube -q) git clone https://github.com/corbosman/dovecot_impersonate.git - ``` + ` -Open `data/web/rc/config/config.inc.php` and enable the dovecot_impersonate plugin by adding it to the `$config['plugins']` array or by adding it to `ROUNDCUBEMAIL_PLUGINS`. +Open `data/web/rc/config/config.inc.php` and enable the dovecot_impersonate plugin by adding it to the `$config['plugins']` array or by adding it to `ROUNDCUBEMAIL_PLUGINS`. for example: === "Integrated" @@ -599,6 +599,110 @@ Copy the contents of the following files from this [Snippet](https://gitlab.com/ - `data/web/inc/lib/RoundcubeAutoLogin.php` - `data/web/rc-auth.php` +### Let users authenticate with mailcow (oauth) + +First, we have to define some placeholders: + +- roundcube.example.com + (can also be hosted on the `/rc` subpath on you mailcow host) +- mail.example.com (your mailcow host) + +In mailcow UI under `Admin > Oauth2 Apps`, create a new oauth2 App. +Set the redirect uri to `https://roundcube.example.com/index.php/login/oauth`. +Take note of the Client ID and SECRET. + +Create a Roundcube config file under `./data/rc/config/config.oauth.inc.php`. +`./data/rc/config/config.oauth.inc.php` + +```php + 1.6.X (in the futur: 1.7.X) @@ -667,15 +771,15 @@ Finally, restart mailcow ### Upgrade composer plugins === "Integrated" - To upgrade roundcube plugins installed using composer and dependencies (e.g. RCMCardDAV plugin), you can simply run - composer in the container: +To upgrade roundcube plugins installed using composer and dependencies (e.g. RCMCardDAV plugin), you can simply run +composer in the container: ```bash docker exec -it -w /web/rc $(docker ps -f name=php-fpm-mailcow -q) composer update --no-dev -o ``` === "Standalone" - To update composer plugins increase the version number at the end of a import: +To update composer plugins increase the version number at the end of a import: ```yaml ROUNDCUBEMAIL_COMPOSER_PLUGINS: "roundcube/carddav:~4" # increase to v5 @@ -721,7 +825,7 @@ place else instead of deleting it. docker-compose down ``` - Then you can safely delete `data/web/rc` / `data/rc/`. + Then you can safely delete `data/web/rc` / `data/rc/`. ### Remove the database @@ -872,6 +976,3 @@ the roundcube tables from the mailcow database using the following command: ```bash docker exec -it $(docker ps -f name=mysql-mailcow -q) mysql -uroot -p${DBROOT} -sN mailcow -e "SET SESSION foreign_key_checks = 0; DROP TABLE IF EXISTS $(echo $RCTABLES | sed -e 's/ \+/,/g');" ``` - - -