This is the first time successfully for me installing a program, any program, in a minimal CentOS.  It took a little time to understand how to install it without a GUI and using only a command line though, but I got it.

You can download roundcubemail using git on the CentOS directly but that’s only roundcubemail and not the dependencies, so I downloaded the zip completed file with the dependencies for roundcube.net on to my Linux Mint, extracted it and using scp command I transferred to my CentOS.

I installed minimal CentOS with the default ‘root’ and ‘jeff’ username for testing on Linux VMware Workstation Player, and using the root for a ssh command I updated CentOS by using this command:

yum update

Reboot by doing this command.

shutdown -r now

Then I disabled the firewall:

systemctl disable firewalld

Then I installed ‘nano’ because I don’t like using ‘vi’ command.  Using nano I disabled selinux by replaced ‘enforcing’ with ‘disabled’:

nano /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Install Apache:

First install Apache.

yum install httpd

Then start the Apache.

systemctl start httpd

Then enable it.

systemctl enable httpd

Install MariaDB:

Second install MariaDB.

yum install mariadb-server mariadb

Then start MariaDB.

systemctl start mariadb

Now that my mariadb database is running, I run a simple security script that will remove some dangerous defaults and lock down access to my database system.

mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
 SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] 
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] 
 ... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] 
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] 
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] 
 ... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
 

Then enable it.

 systemctl enable mariadb

Install PHP:

Third install PHP and some other PHP modules.

yum install php php-mysql php-pear php-mbstring php-intl

Install Dovecot:

Fourth and last, install Dovecot.

yum install dovecot

Then start it.

systemctl start dovecot

Then enable it.

systemctl enable dovecot

Reboot.

Configure CentOS for Roundcube:

Start and enable Postfix.  Minimal CentOS has the Postfix program but by default it is disabled.

systemctl start postfix
systemctl enable postfix

There are three changes to Dovecot to make and two of the changes for Dovecot to allow it work with plain-text password. Since I’m using a non-domain server for roundcube I can’t make the server using only SSL for the password, but there are several blogs how to do that.

First change Dovecot not to accept SSL.

nano /etc/dovecot/conf.d/10-ssl.conf
# line 8: change 'required' to 'no'
ssl = no

Second change Dovecot to allow plain-text password.

nano /etc/dovecot/conf.d/10-auth.conf
# line 10: uncomment and change from'yes' to 'no'
disable_plaintext_auth = no

Third tell Dovecot where the mail goes.

nano /etc/dovecot/conf.d/10-mail.conf
# line 30: uncomment and add
mail_location = maildir:~/Maildir

Reboot.

Install and Configure Roundcubemail:

Since I downloaded and extracted the complete roundcubemail.zip for roundcube.net on my Mint, I used scp to transfer it to /var/www/html/.

scp -r jeff@192.168.2.60:/home/jeff/Documents/roundcubemail-1.2.3/* /var/www/html/

Then I made apache the owner and group to html, and changed the permission to allow it change the logs and temp file.

chown -R apache:apache /var/www/
chmod -R 755 /var/www/

Then I setup mariadb for roundcubemail.

mysql -u root -p
CREATE DATABASE roundcubemail;
GRANT ALL PRIVILEGES ON roundcubemail.* TO username@localhost IDENTIFIED BY 'passwrd';
FLUSH PRIVILEGES;
exit

I used ’roundcube’ for the username and ‘usmc1234’ for the password.

Then go to the IP address/installer for roundcube on your browser; mine is http://192.168.2.100/installer.  It checks it’s ready to be installed.

Checking if it's ready
Checking if it’s ready
Click Next and then it allows to put in the password and/or other changes if needed.

Allowing you to create a config file
Allowing you to create a config file
At the way bottom of the page is “Create Config” button and click on it.

Config file was created
Config file was created
About half and half it says either

The config file was saved successfully into RCMAIL_CONFIG_DIR directory of your Roundcube installation.

or config file was created and either download or save in a tmp file. It says this one, downloaded in your working Linux and scp the file to /var/www/html/config/.

And then Continue button near the top to test the config file.

Testing the config file
Testing the config file

The only step you have to do that DB schema is not initialized and click on Initial Database.   You can also at the bottom Test STMP config and/or Test IMAP config to make it should work.  If it works go to the roundcube IP address and really make sure it’s worked.

Note:  If you want the default folders to show in roundcube webmail (sent, trash, inbox, etc.) place the following at the end of webmail/config/config.inc.php at the webserver:

// automatically create the default folders on login
$rcmail_config['create_default_folders'] = TRUE;

Jeff email with default folders
Jeff email with default folders
Finish!

When you are completely finished remove your installer folder; it may expose some of your password(s).

rm -rf /var/www/html/installer

Now your are really finished!

Refereneces:

https://github.com/roundcube/roundcubemail/wiki/Installation
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-centos-7
https://www.server-world.info/en/note?os=CentOS_7&p=mail&f=2

Advertisements

3 thoughts on “Installing non-virtual Roundcube 1.2.3 on CentOS 7.1611

  1. You can disable a couple of ports in the firewall but this easiest way to get it work. Also this only an internal server and not external… I tried taking the default of SElinux, enforcing, but it does not work. The only way to get roundcube to work by disabled it.

  2. Opening just needed ports in firewalld is not much complexer as disabling firewall:

    firewall-cmd –permanent –add-service={http,https,imaps,smtp}
    firewall-cmd –reload

    Changing SElinux-context on copied files and changing some booleans should be enough:
    setsebool -P httpd_can_network_connect
    setsebool -P httpd_can_network_connect_db # only if you want to connect MySQL over network
    chcon -R system_u:object_r:httpd_log_t:s0 /var/log/roundcubemail
    chcon -R httpd_sys_content_t /var/www/html/
    # and for files, that should be written by apache extra
    chcon -R httpd_sys_rw_content_t /var/www/html/file_to_be_written

    Alternatively you could set RW context to the whole roundcube folder

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s