Table des matières

Installation de apache et roundcube

(source : http://www.starbridge.org/spip/spip.php?article12&artsuite=6#sommaire_1)

installation de apache,mysql,php :

aptitude install apache2 mysql-server php5 php5-mysql phpmyadmin

paramétrage du mode sécurisé pour apache :

Activation du ssl :

a2enmod ssl

Création du virtualhost :

cd /etc/apache2/sites-available/
vi ssl

Et on colle :

NameVirtualHost *:443
<VirtualHost *:443>
        ServerAdmin webmaster@mdl29.net
        ServerName www.mdl29.net
        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                # Commented out for Ubuntu
                #RedirectMatch ^/$ /apache2-default/
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride AuthConfig
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/mdl29-certkey-www.pem

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>

Edition du fichier ports.conf afin de vérifier que le port 443 y figure (ce qui devrait être le cas) :

vi /etc/apache2/ports.conf

et on ajoute la ligne (si besoin)

listen 443

Activation du virtualhost :

a2ensite ssl

Génération des certificats :

On édite la configuration de ssl pour pouvoir signer des certificats sur 10 ans, au lieu d’1 an par défaut (comme çà, on est tranquille plus longtemps) :

vi /etc/ssl/openssl.cnf 

on change la ligne default_days en

default_days    = 3650

Création du Certificat Racine :

cd ~
mkdir CERT
/usr/lib/ssl/misc/CA.pl -newca

Entrez les paramètres requis et choississez un pass phrase laissez “challenge password” vide.

CA certificate filename (or enter to create)

Making CA certificate ...
Generating a 1024 bit RSA private key
.......
.........................................
writing new private key to './demoCA/private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Brest 
Locality Name (eg, city) []:Brest
Organization Name (eg, company) [Internet Widgits Pty Ltd]:mdl29.net
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:mdl29.net
Email Address []:tech@mdl29.net

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
        //blablabla//
Data Base Updated

Création d'une clé privée pour le serveur et d'’un certificat public non signé.

Il est important de créer un certificat avec le même nom que celui utilisé pour la connexion (ex : si on se connecte au serveur web par www.mdl29.net, il faut créer un certificat avec un “Common Name” en www.mdl29.net) .

Création d'un certificat public non signé et une clé, puis signature avec le CA :

cd ~/CERT
openssl req -new -nodes -keyout mdl29-key-www.pem -out mdl29-req-www.pem -days 3650

On entre les informations en prenant soin de bien spécifier le Common Name en www.mdl29.net. Il faut également mettre les mêmes informations entrées dans le CA plus tôt.

cd ~
openssl ca -out CERT/mdl29-cert-www.pem -infiles CERT/mdl29-req-www.pem
cd CERT/
cat mdl29-key-www.pem mdl29-cert-www.pem >mdl29-certkey-www.pem
mkdir /etc/apache2/ssl
cp mdl29-certkey-www.pem /etc/apache2/ssl/
chmod 600 /etc/apache2/ssl/mdl29-certkey-www.pem

On redémarre Apache :

/etc/init.d/apache2 restart

On peut vérifier la connexion en ssl sur l'adresse https://ip_de_la_machine

Installation et paramétrage de roundcube

installation de roundcube :

aptitude install roundcube php5-ldap roundcube-mysql

on redémarre apache :

/etc/init.d/apache2 restart

(voir si l'installation de php5-ldap est nécessaire car pas de connexion ldap avec roundcube)

L'autorisation d'accès à roundcube étant gérée par dovecot, la configuration de roundcube sera assez basique.

paramétrage de roundcube :

ouverture de l'accès avec apache :

vi /etc/rouncube/apache.conf

décommentez les 2 lignes d'alias au début du fichier pour donner :

# Those aliases do not work properly with several hosts on your apache server
# Uncomment them to use it or adapt them to your configuration
    Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
    Alias /roundcube /var/lib/roundcube

Il faut adapter le fichier de configuration (/etc/roundcube/main.inc.php) en fonction de vos souhaits. Ce fichier contient beaucoup de commentaire qui explique chaque paramètre. En voici un fonctionnel (purgé des commentaires pour une lecture plus facile sur la doc) :

<?php

/*
 +-----------------------------------------------------------------------+
 | Main configuration file                                               |
 |                                                                       |
 | This file is part of the RoundCube Webmail client                     |
 | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                 |
 | Licensed under the GNU GPL                                            |
 |                                                                       |
 +-----------------------------------------------------------------------+

*/
$rcmail_config = array();
$rcmail_config['debug_level'] = 1;
$rcmail_config['log_driver'] = 'file';
$rcmail_config['log_date_format'] = 'd-M-Y H:i:s O';
$rcmail_config['syslog_id'] = 'roundcube';
$rcmail_config['syslog_facility'] = LOG_USER;
$rcmail_config['log_dir'] = 'logs/';
$rcmail_config['temp_dir'] = 'temp/';
$rcmail_config['plugins'] = array();
$rcmail_config['enable_caching'] = FALSE;
$rcmail_config['message_cache_lifetime'] = '10d';
$rcmail_config['force_https'] = TRUE;
$rcmail_config['auto_create_user'] = TRUE;
$rcmail_config['default_host'] = 'imap://mdl29.net:143';
$rcmail_config['default_port'] = 143;
$rcmail_config['imap_auth_type'] = null;
$rcmail_config['imap_root'] = null;
$rcmail_config['imap_delimiter'] = null;
$rcmail_config['username_domain'] = '';
$rcmail_config['mail_domain'] = '';
$rcmail_config['virtuser_file'] = '';
$rcmail_config['virtuser_query'] = '';
$rcmail_config['smtp_server'] = '';
$rcmail_config['smtp_port'] = 25;
$rcmail_config['smtp_user'] = '';
$rcmail_config['smtp_pass'] = '';
$rcmail_config['smtp_auth_type'] = '';
$rcmail_config['smtp_helo_host'] = '';
$rcmail_config['smtp_log'] = TRUE;
$rcmail_config['sql_debug'] = false;
$rcmail_config['imap_debug'] = false;
$rcmail_config['ldap_debug'] = false;
$rcmail_config['smtp_debug'] = false;
$rcmail_config['sendmail_delay'] = 0;
$rcmail_config['list_cols'] = array('subject', 'from', 'date', 'size', 'flag', 'attachment');
$rcmail_config['skin_include_php'] = FALSE;
$rcmail_config['session_lifetime'] = 10;
$rcmail_config['ip_check'] = false;
$rcmail_config['double_auth'] = false;
$rcmail_config['des_key'] = 'rcmail-!24ByteDESkey*Str';
$rcmail_config['language'] = 'fr_FR';
$rcmail_config['date_short'] = 'D H:i';
$rcmail_config['date_long'] = 'd.m.Y H:i';
$rcmail_config['date_today'] = 'H:i';
$rcmail_config['useragent'] = 'RoundCube Webmail/'.RCMAIL_VERSION;
$rcmail_config['product_name'] = 'RoundCube Webmail';
$rcmail_config['drafts_mbox'] = 'Drafts';
$rcmail_config['junk_mbox'] = 'Junk';
$rcmail_config['sent_mbox'] = 'Sent';
$rcmail_config['trash_mbox'] = 'Trash';
$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash');
$rcmail_config['create_default_folders'] = TRUE;
$rcmail_config['protect_default_folders'] = TRUE;
$rcmail_config['quota_zero_as_unlimited'] = TRUE;
$rcmail_config['mdn_requests'] = 0;
$rcmail_config['default_charset'] = 'ISO-8859-1';
$rcmail_config['enable_spellcheck'] = TRUE;
$rcmail_config['spellcheck_engine'] = 'pspell';
$rcmail_config['spellcheck_uri'] = '';
$rcmail_config['spellcheck_languages'] = NULL;
$rcmail_config['generic_message_footer'] = '';
$rcmail_config['http_received_header'] = false;
$rcmail_config['http_received_header_encrypt'] = false;
$rcmail_config['mail_header_delimiter'] = NULL;
$rcmail_config['session_domain'] = '';
$rcmail_config['address_book_type'] = 'sql';
$rcmail_config['ldap_public'] = array();
$rcmail_config['autocomplete_addressbooks'] = array('sql');
$rcmail_config['dont_override'] = array();
$rcmail_config['identities_level'] = 1;
$rcmail_config['include_host_config'] = false;
$rcmail_config['max_pagesize'] = 200;
$rcmail_config['mime_magic'] = '/usr/share/file/magic';
$rcmail_config['message_sort_col'] = 'date';
$rcmail_config['message_sort_order'] = 'DESC';
$rcmail_config['enable_installer'] = false;
$rcmail_config['log_logins'] = false;
$rcmail_config['delete_always'] = false;
$rcmail_config['min_keep_alive'] = 60;
$rcmail_config['email_dns_check'] = false;
$rcmail_config['skin'] = 'default';
$rcmail_config['pagesize'] = 40;
$rcmail_config['timezone'] = 'auto';
$rcmail_config['dst_active'] = (bool)date('I');
$rcmail_config['prefer_html'] = TRUE;
$rcmail_config['show_images'] = 0;
$rcmail_config['htmleditor'] = FALSE;
$rcmail_config['prettydate'] = TRUE;
$rcmail_config['draft_autosave'] = 300;
$rcmail_config['preview_pane'] = FALSE;
$rcmail_config['focus_on_new_message'] = true;
$rcmail_config['logout_purge'] = FALSE;
$rcmail_config['logout_expunge'] = FALSE;
$rcmail_config['inline_images'] = TRUE;
$rcmail_config['mime_param_folding'] = 1;
$rcmail_config['skip_deleted'] = FALSE;
$rcmail_config['read_when_deleted'] = TRUE;
$rcmail_config['flag_for_deletion'] = FALSE;
$rcmail_config['keep_alive'] = 60;
$rcmail_config['check_all_folders'] = FALSE;
$rcmail_config['display_next'] = FALSE;
$rcmail_config['index_sort'] = TRUE;
?>

il faut modifier le fichier /etc/roundcube/db.inc.php en indiquant le bon mot de passe sur la ligne (attention à la modif sur la fin de la ligne aussi) :

$rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcube';

(pas forcement à faire)

On redémarre apache :

/etc/init.d/apache2 restart

Il ne reste plus qu'à tester la connexion avec roundcube sur https://ip_de_la_machine/roundcube .

Récupération d'un carnet d'adresses de Thunderbird vers Roundcube

il faut installer le paquet 2vcard.

Puis exporter le carnet d'adresses de Thunderbird (au format ldif - format par défaut).

Ensuite dans un terminal :

2vcard -f ldif -i fichier.ldif -o fichier.vcard

(en remplaçant fichier par le nom du fichier)

Il ne reste plus qu'à importer le carnet d'adresses sous Roundcube (le fichier.vcard).