Table des matières

Doc en cours de construction !

Installation de apache et roundcube sous lenny

(source : http://www.starbridge.org/spip/spip.php?article12&artsuite=6#sommaire_1) http://howto.landure.fr/gnu-linux/debian-4-0-etch/creer-un-certificat-ssl-multi-domaines installation de apache,mysql,php :

aptitude install apache2 mysql-server php5 php5-mysql phpmyadmin

paramétrage du mode sécurisé pour apache :

Activation du ssl :

a2enmod ssl

Création du virtualhost :

cd /etc/apache2/sites-available/
vi ssl

Et on colle :

NameVirtualHost *:443
<VirtualHost *:443>
        ServerAdmin webmaster@mdl29.net
        ServerName www.mdl29.net
        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                # Commented out for Ubuntu
                #RedirectMatch ^/$ /apache2-default/
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride AuthConfig
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/mdl29-certkey-www.pem

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>

Edition du fichier ports.conf afin de vérifier que le port 443 y figure (ce qui devrait être le cas) :

vi /etc/apache2/ports.conf

et on ajoute la ligne (si besoin)

listen 443

Activation du virtualhost :

a2ensite ssl

Génération des certificats :

On édite la configuration de ssl pour pouvoir signer des certificats sur 10 ans, au lieu d’1 an par défaut (comme çà, on est tranquille plus longtemps) :

vi /etc/ssl/openssl.cnf 

on change la ligne default_days en

default_days    = 3650

Création du Certificat Racine :

cd ~
mkdir CERT
/usr/lib/ssl/misc/CA.pl -newca

Entrez les paramètres requis et choississez un pass phrase laissez “challenge password” vide.

CA certificate filename (or enter to create)

Making CA certificate ...
Generating a 1024 bit RSA private key
.......
.........................................
writing new private key to './demoCA/private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Brest 
Locality Name (eg, city) []:Brest
Organization Name (eg, company) [Internet Widgits Pty Ltd]:mdl29.net
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:mdl29.net
Email Address []:tech@mdl29.net

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/lib/ssl/openssl.cnf
Enter pass phrase for ./demoCA/private/cakey.pem:
Check that the request matches the signature
Signature ok
Certificate Details:
        //blablabla//
Data Base Updated

Création d'une clé privée pour le serveur et d'’un certificat public non signé.

Il est important de créer un certificat avec le même nom que celui utilisé pour la connexion (ex : si on se connecte au serveur web par www.mdl29.net, il faut créer un certificat avec un “Common Name” en www.mdl29.net) .

Création d'un certificat public non signé et une clé, puis signature avec le CA :

cd ~/CERT
openssl req -new -nodes -keyout mdl29-key-www.pem -out mdl29-req-www.pem -days 3650

On entre les informations en prenant soin de bien spécifier le Common Name en www.mdl29.net. Il faut également mettre les mêmes informations entrées dans le CA plus tôt.

cd ~
openssl ca -out CERT/mdl29-cert-www.pem -infiles CERT/mdl29-req-www.pem
cd CERT/
cat mdl29-key-www.pem mdl29-cert-www.pem >mdl29-certkey-www.pem
mkdir /etc/apache2/ssl
cp mdl29-certkey-www.pem /etc/apache2/ssl/
chmod 600 /etc/apache2/ssl/mdl29-certkey-www.pem

On redémarre Apache :

/etc/init.d/apache2 restart

On peut vérifier la connexion en ssl sur l'adresse https://ip_de_la_machine

Installation et paramétrage de roundcube

installation de roundcube :

aptitude install php5-ldap

on redémarre apache :

/etc/init.d/apache2 restart

(voir si cette partie est nécessaire car pas de connexion ldap avec roundcube)

sous lenny, il n'y a pas de paquet pour roundcube, nous allons récupérer la dernière version (0.3.1) :

cd /var/www
wget http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/0.3.1/roundcubemail-0.3.1.tar.gz?use_mirror=freefr
tar -xzvf roundcubemail-0.3.1.tar.gz 

L'autorisation d'accès à roundcube étant gérée par dovecot, la configuration de roundcube sera assez basique.

On renomme le répertoire (histoire de rendre plus facile l'accès) :

mv roundcubemail-0.3.1 roundcube

paramétrage de roundcube :

cd /var/www/roundcube/config
mv db.inc.php.dist db.inc.php
mv main.inc.php.dist main.inc.php

On créé la base et l'utilisateur :

mysql -u root -p
create database roundcube;
GRANT SELECT, INSERT, UPDATE, DELETE ON roundcube.* TO 'roundcube'@'localhost' IDENTIFIED BY '*****';
FLUSH PRIVILEGES;
quit

(remplacer les '* * * * *' par votre mot de passe)

On importe la base de données :

mysql -u root -p roundcube < ../SQL/mysql.initial.sql

Il faut adapter les fichiers de configuration (/var/www/roundcube/config/db.inc.php et main.inc.php) en fonction de vos souhaits.

db.inc.php : il faut modifier le fichier en indiquant le mot de passe choisi pour l'utilisateur sql de roundcube :

vi /var/www/roundcube/config/db.inc.php

et modifier la ligne :

$rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcube';

en remplaçant pass par le password choisi plus haut (attention à la modification de la fin de la ligne aussi).

main.inc.php : ce fichier contient beaucoup de commentaire qui explique chaque paramètre. En voici un fonctionnel (purgé des commentaires pour une lecture plus facile sur la doc) :

<?php

/*
 +-----------------------------------------------------------------------+
 | Main configuration file                                               |
 |                                                                       |
 | This file is part of the RoundCube Webmail client                     |
 | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                 |
 | Licensed under the GNU GPL                                            |
 |                                                                       |
 +-----------------------------------------------------------------------+

*/
$rcmail_config = array();
$rcmail_config['debug_level'] = 1;
$rcmail_config['log_driver'] = 'file';
$rcmail_config['log_date_format'] = 'd-M-Y H:i:s O';
$rcmail_config['syslog_id'] = 'roundcube';
$rcmail_config['syslog_facility'] = LOG_USER;
$rcmail_config['log_dir'] = 'logs/';
$rcmail_config['temp_dir'] = 'temp/';
$rcmail_config['plugins'] = array();
$rcmail_config['enable_caching'] = FALSE;
$rcmail_config['message_cache_lifetime'] = '10d';
$rcmail_config['force_https'] = TRUE;
$rcmail_config['auto_create_user'] = TRUE;
$rcmail_config['default_host'] = 'imap://mdl29.net:143';
$rcmail_config['default_port'] = 143;
$rcmail_config['imap_auth_type'] = null;
$rcmail_config['imap_root'] = null;
$rcmail_config['imap_delimiter'] = null;
$rcmail_config['username_domain'] = '';
$rcmail_config['mail_domain'] = '';
$rcmail_config['virtuser_file'] = '';
$rcmail_config['virtuser_query'] = '';
$rcmail_config['smtp_server'] = '';
$rcmail_config['smtp_port'] = 25;
$rcmail_config['smtp_user'] = '';
$rcmail_config['smtp_pass'] = '';
$rcmail_config['smtp_auth_type'] = '';
$rcmail_config['smtp_helo_host'] = '';
$rcmail_config['smtp_log'] = TRUE;
$rcmail_config['sql_debug'] = false;
$rcmail_config['imap_debug'] = false;
$rcmail_config['ldap_debug'] = false;
$rcmail_config['smtp_debug'] = false;
$rcmail_config['sendmail_delay'] = 0;
$rcmail_config['list_cols'] = array('subject', 'from', 'date', 'size', 'flag', 'attachment');
$rcmail_config['skin_include_php'] = FALSE;
$rcmail_config['session_lifetime'] = 10;
$rcmail_config['ip_check'] = false;
$rcmail_config['double_auth'] = false;
$rcmail_config['des_key'] = 'rcmail-!24ByteDESkey*Str';
$rcmail_config['language'] = 'fr_FR';
$rcmail_config['date_short'] = 'D H:i';
$rcmail_config['date_long'] = 'd.m.Y H:i';
$rcmail_config['date_today'] = 'H:i';
$rcmail_config['useragent'] = 'RoundCube Webmail/'.RCMAIL_VERSION;
$rcmail_config['product_name'] = 'RoundCube Webmail';
$rcmail_config['drafts_mbox'] = 'Drafts';
$rcmail_config['junk_mbox'] = 'Junk';
$rcmail_config['sent_mbox'] = 'Sent';
$rcmail_config['trash_mbox'] = 'Trash';
$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash');
$rcmail_config['create_default_folders'] = TRUE;
$rcmail_config['protect_default_folders'] = TRUE;
$rcmail_config['quota_zero_as_unlimited'] = TRUE;
$rcmail_config['mdn_requests'] = 0;
$rcmail_config['default_charset'] = 'ISO-8859-1';
$rcmail_config['enable_spellcheck'] = TRUE;
$rcmail_config['spellcheck_engine'] = 'pspell';
$rcmail_config['spellcheck_uri'] = '';
$rcmail_config['spellcheck_languages'] = NULL;
$rcmail_config['generic_message_footer'] = '';
$rcmail_config['http_received_header'] = false;
$rcmail_config['http_received_header_encrypt'] = false;
$rcmail_config['mail_header_delimiter'] = NULL;
$rcmail_config['session_domain'] = '';
$rcmail_config['address_book_type'] = 'sql';
$rcmail_config['ldap_public'] = array();
$rcmail_config['autocomplete_addressbooks'] = array('sql');
$rcmail_config['dont_override'] = array();
$rcmail_config['identities_level'] = 1;
$rcmail_config['include_host_config'] = false;
$rcmail_config['max_pagesize'] = 200;
$rcmail_config['mime_magic'] = '/usr/share/file/magic';
$rcmail_config['message_sort_col'] = 'date';
$rcmail_config['message_sort_order'] = 'DESC';
$rcmail_config['enable_installer'] = false;
$rcmail_config['log_logins'] = false;
$rcmail_config['delete_always'] = false;
$rcmail_config['min_keep_alive'] = 60;
$rcmail_config['email_dns_check'] = false;
$rcmail_config['skin'] = 'default';
$rcmail_config['pagesize'] = 40;
$rcmail_config['timezone'] = 'auto';
$rcmail_config['dst_active'] = (bool)date('I');
$rcmail_config['prefer_html'] = TRUE;
$rcmail_config['show_images'] = 0;
$rcmail_config['htmleditor'] = FALSE;
$rcmail_config['prettydate'] = TRUE;
$rcmail_config['draft_autosave'] = 300;
$rcmail_config['preview_pane'] = FALSE;
$rcmail_config['focus_on_new_message'] = true;
$rcmail_config['logout_purge'] = FALSE;
$rcmail_config['logout_expunge'] = FALSE;
$rcmail_config['inline_images'] = TRUE;
$rcmail_config['mime_param_folding'] = 1;
$rcmail_config['skip_deleted'] = FALSE;
$rcmail_config['read_when_deleted'] = TRUE;
$rcmail_config['flag_for_deletion'] = FALSE;
$rcmail_config['keep_alive'] = 60;
$rcmail_config['check_all_folders'] = FALSE;
$rcmail_config['display_next'] = FALSE;
$rcmail_config['index_sort'] = TRUE;
?>

enfin il reste à faire :

chown -R www-data:www-data /var/www/roundcube

Il ne reste plus qu'à tester la connexion avec roundcube sur https://ip_de_la_machine/roundcube .

Récupération du carnet d'adresses de Thunderbird vers Roundcube

il faut installer le paquet 2vcard.

Puis exporter le carnet d'adresses de Thunderbird (au format ldif - format par défaut).

Ensuite dans un terminal :

2vcard -f ldif -i fichier.ldif -o fichier.vcard

(en remplaçant fichier par le nom du fichier)

Il ne reste plus qu'à importer le carnet d'adresses sous Roundcube (le fichier.vcard).