diff --git a/INSTALL.md b/INSTALL.md new file mode 100644 index 0000000..5210a73 --- /dev/null +++ b/INSTALL.md @@ -0,0 +1,36 @@ +Certificates Requirements +========================= +``` +# apt install nginx certbot certbot-nginx +# certbot certonly --nginx -d mail.a-lec.org +``` + +Mail Requirements +================= + +``` +# apt install fail2ban postfix postfix-pcre opendkim spamassassin dovecot-imap dovecot-sieve +``` + +Restore config files + + +Webmail Requirements +==================== + +``` +# apt install nginx certbot certbot-nginx +``` + + + +Restore nginx configuraiton in /etc/nginx/sites-available and enable with + +` cd /etc/nginx/sites-enabled && ln -s ../sites-available/default . + +Download Rouncube from https://github.com/roundcube/roundcubemail + +Install in /var/www/html/roundcube + +Restore roundcube configuration in /var/www/html/roundcube/config/ + diff --git a/config/nginx/default b/config/nginx/default new file mode 100644 index 0000000..d225fa7 --- /dev/null +++ b/config/nginx/default @@ -0,0 +1,74 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + set_real_ip_from 192.169.1.1; + real_ip_header proxy_protocol; + + listen 443 ssl proxy_protocol; + listen [::]:443 ssl; + ssl_certificate /etc/letsencrypt/live/mail.a-lec.org/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/mail.a-lec.org/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + # Add index.php to the list if you are using PHP + root /var/www/html/roundcube; + + server_name mail.a-lec.org; + + client_max_body_size 100M; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.php; + + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ /index.php?q=$uri&$args; + } + + # pass PHP scripts to FastCGI server + # + location ~ \.php$ { + include snippets/fastcgi-php.conf; + # # With php-fpm (or other unix sockets): + fastcgi_pass unix:/run/php/php7.4-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + + location ^~ /data { + deny all; + } + +} + +server { + listen 80; + listen [::]:80; + + server_name a-lec.org; + + return 302 https://mail.a-lec.org$request_uri; +} diff --git a/config/roundcube/config.inc.php b/config/roundcube/config.inc.php new file mode 100644 index 0000000..f08deb8 --- /dev/null +++ b/config/roundcube/config.inc.php @@ -0,0 +1,146 @@ + "/images/logo_login_small.png", + // show the image /images/logo_login.png for the Login screen in the Elastic skin + "elastic:login" => "/images/logo_login.png", + // show the image /images/logo_small.png in the Elastic skin + "elastic:*[small]" => "/images/logo_small.png", + // show the image /images/larry.png in the Larry skin + "larry:*" => "/images/larry.png", + // show the image /images/logo_login.png on the login template in all skins + "login" => "/images/logo_login.png", + // show the image /images/logo_print.png for all print type logos in all skins + "[print]" => "/images/logo_print.png", + ); +*/$config['skin_logo'] = './logo_a-lec.svg'; + +// check client IP in session authorization +$config['ip_check'] = true; + +// This key is used for encrypting purposes, like storing of imap password +// in the session. For historical reasons it's called DES_key, but it's used +// with any configured cipher_method (see below). +// For the default cipher_method a required key length is 24 characters. +$config['des_key'] = 'GAVmASV5xdwSdt83cYVquyeo'; + +// Name your service. This is displayed on the login screen and in the window title +$config['product_name'] = 'Webmail des membres de Libre en Communs'; + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +// 4 - one identity with possibility to edit only signature +$config['identities_level'] = 0; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- +// List of active plugins (in plugins/ directory) +$config['plugins'] = array('acl', 'additional_message_headers', 'archive', 'attachment_reminder', 'autologon', 'database_attachments', 'emoticons', 'enigma', 'help', 'identicon', 'identity_select', 'jqueryui', 'new_user_dialog', 'newmail_notifier', 'password', 'show_additional_headers', 'subscriptions_option', 'userinfo', 'vcard_attachments', 'zipdownload', 'managesieve'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$config['language'] = 'fr_FR'; + +// compose html formatted messages by default +// 0 - never, +// 1 - always, +// 2 - on reply to HTML message, +// 3 - on forward or reply to HTML message +// 4 - always, except when replying to plain text message +$config['htmleditor'] = 2; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$config['mime_param_folding'] = 0; + +$config['mail_domain'] = '%d';