(source : http://www.starbridge.org/spip/spip.php?article12&artsuite=6#sommaire_1)
installation de apache,mysql,php :
aptitude install apache2 mysql-server php5 php5-mysql phpmyadmin
paramétrage du mode sécurisé pour apache :
Activation du ssl :
a2enmod ssl
Création du virtualhost :
cd /etc/apache2/sites-available/ vi ssl
Et on colle :
NameVirtualHost *:443 <VirtualHost *:443> ServerAdmin webmaster@mdl29.net ServerName www.mdl29.net DocumentRoot /var/www/ <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all # This directive allows us to have apache2's default start page # in /apache2-default/, but still have / go to the right place # Commented out for Ubuntu #RedirectMatch ^/$ /apache2-default/ </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride AuthConfig Options ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On SSLEngine On SSLCertificateFile /etc/apache2/ssl/mdl29-certkey-www.pem SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </VirtualHost>
Edition du fichier ports.conf afin de vérifier que le port 443 y figure (ce qui devrait être le cas) :
vi /etc/apache2/ports.conf
et on ajoute la ligne (si besoin)
listen 443
Activation du virtualhost :
a2ensite ssl
Génération des certificats :
On édite la configuration de ssl pour pouvoir signer des certificats sur 10 ans, au lieu d’1 an par défaut (comme çà, on est tranquille plus longtemps) :
vi /etc/ssl/openssl.cnf
on change la ligne default_days en
default_days = 3650
Création du Certificat Racine :
cd ~ mkdir CERT /usr/lib/ssl/misc/CA.pl -newca
Entrez les paramètres requis et choississez un pass phrase laissez “challenge password” vide.
CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key ....... ......................................... writing new private key to './demoCA/private/cakey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. Country Name (2 letter code) [AU]:FR State or Province Name (full name) [Some-State]:Brest Locality Name (eg, city) []:Brest Organization Name (eg, company) [Internet Widgits Pty Ltd]:mdl29.net Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:mdl29.net Email Address []:tech@mdl29.net Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: Check that the request matches the signature Signature ok Certificate Details: //blablabla// Data Base Updated
Création d'une clé privée pour le serveur et d'’un certificat public non signé.
Il est important de créer un certificat avec le même nom que celui utilisé pour la connexion (ex : si on se connecte au serveur web par www.mdl29.net, il faut créer un certificat avec un “Common Name” en www.mdl29.net) .
Création d'un certificat public non signé et une clé, puis signature avec le CA :
cd ~/CERT openssl req -new -nodes -keyout mdl29-key-www.pem -out mdl29-req-www.pem -days 3650
On entre les informations en prenant soin de bien spécifier le Common Name en www.mdl29.net. Il faut également mettre les mêmes informations entrées dans le CA plus tôt.
cd ~ openssl ca -out CERT/mdl29-cert-www.pem -infiles CERT/mdl29-req-www.pem cd CERT/ cat mdl29-key-www.pem mdl29-cert-www.pem >mdl29-certkey-www.pem mkdir /etc/apache2/ssl cp mdl29-certkey-www.pem /etc/apache2/ssl/ chmod 600 /etc/apache2/ssl/mdl29-certkey-www.pem
On redémarre Apache :
/etc/init.d/apache2 restart
On peut vérifier la connexion en ssl sur l'adresse https://ip_de_la_machine
installation de roundcube :
aptitude install roundcube php5-ldap roundcube-mysql
on redémarre apache :
/etc/init.d/apache2 restart
(voir si l'installation de php5-ldap est nécessaire car pas de connexion ldap avec roundcube)
L'autorisation d'accès à roundcube étant gérée par dovecot, la configuration de roundcube sera assez basique.
paramétrage de roundcube :
ouverture de l'accès avec apache :
vi /etc/rouncube/apache.conf
décommentez les 2 lignes d'alias au début du fichier pour donner :
# Those aliases do not work properly with several hosts on your apache server # Uncomment them to use it or adapt them to your configuration Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ Alias /roundcube /var/lib/roundcube
Il faut adapter le fichier de configuration (/etc/roundcube/main.inc.php) en fonction de vos souhaits. Ce fichier contient beaucoup de commentaire qui explique chaque paramètre. En voici un fonctionnel (purgé des commentaires pour une lecture plus facile sur la doc) :
<?php /* +-----------------------------------------------------------------------+ | Main configuration file | | | | This file is part of the RoundCube Webmail client | | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland | | Licensed under the GNU GPL | | | +-----------------------------------------------------------------------+ */ $rcmail_config = array(); $rcmail_config['debug_level'] = 1; $rcmail_config['log_driver'] = 'file'; $rcmail_config['log_date_format'] = 'd-M-Y H:i:s O'; $rcmail_config['syslog_id'] = 'roundcube'; $rcmail_config['syslog_facility'] = LOG_USER; $rcmail_config['log_dir'] = 'logs/'; $rcmail_config['temp_dir'] = 'temp/'; $rcmail_config['plugins'] = array(); $rcmail_config['enable_caching'] = FALSE; $rcmail_config['message_cache_lifetime'] = '10d'; $rcmail_config['force_https'] = TRUE; $rcmail_config['auto_create_user'] = TRUE; $rcmail_config['default_host'] = 'imap://mdl29.net:143'; $rcmail_config['default_port'] = 143; $rcmail_config['imap_auth_type'] = null; $rcmail_config['imap_root'] = null; $rcmail_config['imap_delimiter'] = null; $rcmail_config['username_domain'] = ''; $rcmail_config['mail_domain'] = ''; $rcmail_config['virtuser_file'] = ''; $rcmail_config['virtuser_query'] = ''; $rcmail_config['smtp_server'] = ''; $rcmail_config['smtp_port'] = 25; $rcmail_config['smtp_user'] = ''; $rcmail_config['smtp_pass'] = ''; $rcmail_config['smtp_auth_type'] = ''; $rcmail_config['smtp_helo_host'] = ''; $rcmail_config['smtp_log'] = TRUE; $rcmail_config['sql_debug'] = false; $rcmail_config['imap_debug'] = false; $rcmail_config['ldap_debug'] = false; $rcmail_config['smtp_debug'] = false; $rcmail_config['sendmail_delay'] = 0; $rcmail_config['list_cols'] = array('subject', 'from', 'date', 'size', 'flag', 'attachment'); $rcmail_config['skin_include_php'] = FALSE; $rcmail_config['session_lifetime'] = 10; $rcmail_config['ip_check'] = false; $rcmail_config['double_auth'] = false; $rcmail_config['des_key'] = 'rcmail-!24ByteDESkey*Str'; $rcmail_config['language'] = 'fr_FR'; $rcmail_config['date_short'] = 'D H:i'; $rcmail_config['date_long'] = 'd.m.Y H:i'; $rcmail_config['date_today'] = 'H:i'; $rcmail_config['useragent'] = 'RoundCube Webmail/'.RCMAIL_VERSION; $rcmail_config['product_name'] = 'RoundCube Webmail'; $rcmail_config['drafts_mbox'] = 'Drafts'; $rcmail_config['junk_mbox'] = 'Junk'; $rcmail_config['sent_mbox'] = 'Sent'; $rcmail_config['trash_mbox'] = 'Trash'; $rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Junk', 'Trash'); $rcmail_config['create_default_folders'] = TRUE; $rcmail_config['protect_default_folders'] = TRUE; $rcmail_config['quota_zero_as_unlimited'] = TRUE; $rcmail_config['mdn_requests'] = 0; $rcmail_config['default_charset'] = 'ISO-8859-1'; $rcmail_config['enable_spellcheck'] = TRUE; $rcmail_config['spellcheck_engine'] = 'pspell'; $rcmail_config['spellcheck_uri'] = ''; $rcmail_config['spellcheck_languages'] = NULL; $rcmail_config['generic_message_footer'] = ''; $rcmail_config['http_received_header'] = false; $rcmail_config['http_received_header_encrypt'] = false; $rcmail_config['mail_header_delimiter'] = NULL; $rcmail_config['session_domain'] = ''; $rcmail_config['address_book_type'] = 'sql'; $rcmail_config['ldap_public'] = array(); $rcmail_config['autocomplete_addressbooks'] = array('sql'); $rcmail_config['dont_override'] = array(); $rcmail_config['identities_level'] = 1; $rcmail_config['include_host_config'] = false; $rcmail_config['max_pagesize'] = 200; $rcmail_config['mime_magic'] = '/usr/share/file/magic'; $rcmail_config['message_sort_col'] = 'date'; $rcmail_config['message_sort_order'] = 'DESC'; $rcmail_config['enable_installer'] = false; $rcmail_config['log_logins'] = false; $rcmail_config['delete_always'] = false; $rcmail_config['min_keep_alive'] = 60; $rcmail_config['email_dns_check'] = false; $rcmail_config['skin'] = 'default'; $rcmail_config['pagesize'] = 40; $rcmail_config['timezone'] = 'auto'; $rcmail_config['dst_active'] = (bool)date('I'); $rcmail_config['prefer_html'] = TRUE; $rcmail_config['show_images'] = 0; $rcmail_config['htmleditor'] = FALSE; $rcmail_config['prettydate'] = TRUE; $rcmail_config['draft_autosave'] = 300; $rcmail_config['preview_pane'] = FALSE; $rcmail_config['focus_on_new_message'] = true; $rcmail_config['logout_purge'] = FALSE; $rcmail_config['logout_expunge'] = FALSE; $rcmail_config['inline_images'] = TRUE; $rcmail_config['mime_param_folding'] = 1; $rcmail_config['skip_deleted'] = FALSE; $rcmail_config['read_when_deleted'] = TRUE; $rcmail_config['flag_for_deletion'] = FALSE; $rcmail_config['keep_alive'] = 60; $rcmail_config['check_all_folders'] = FALSE; $rcmail_config['display_next'] = FALSE; $rcmail_config['index_sort'] = TRUE; ?>
il faut modifier le fichier /etc/roundcube/db.inc.php en indiquant le bon mot de passe sur la ligne (attention à la modif sur la fin de la ligne aussi) :
$rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcube';
(pas forcement à faire)
On redémarre apache :
/etc/init.d/apache2 restart
Il ne reste plus qu'à tester la connexion avec roundcube sur https://ip_de_la_machine/roundcube .
il faut installer le paquet 2vcard.
Puis exporter le carnet d'adresses de Thunderbird (au format ldif - format par défaut).
Ensuite dans un terminal :
2vcard -f ldif -i fichier.ldif -o fichier.vcard
(en remplaçant fichier par le nom du fichier)
Il ne reste plus qu'à importer le carnet d'adresses sous Roundcube (le fichier.vcard).