Installer Roundcube(Apache: certificat ssl let’s encrypt )

-Télécharger l’archive .tar.gz

# wget https://downloads.sourceforge.net/project/roundcubemail/roundcubemail/1.1.3/roundcubemail-1.1.3-complete.tar.gz

-Décompresser le fichier:

# tar xfz roundcubemail-1.1.3-complete.tar.gz

-Déplacer les fichiers vers le dossier du serveur web:

# mv roundcubemail-1.1.3/* /home/webmail.domaine.tld/

# chown -R www-data:www-data /home/webmail.domaine.tld/

-Créer la base de données roundcube (avec utilisateur roundcube):

mysql> CREATE DATABASE roundcube;

mysql> GRANT ALL PRIVILEGES ON roundcube.* TO roundcube@localhost IDENTIFIED BY ‘PASSWD’;

mysql> FLUSH PRIVILEGES;

-Importer le fichier de dump:

mysql -u root -p roundcube < /home/webmail.domaine.tld/SQL/mysql.initial.sql

-Créer le vhost (/etc/apache2/site-available/) :

DocumentRoot /home/webmail.domaine.tld
ServerName webmail.domaine.tld

Options FollowSymLinks
AllowOverride All

Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all

-Activer le vhost et relancer apache2

# a2ensite webmail.domaine.tld

# service apache2 reload

-Lancer la page d’installation:

https://webmail.domaine.tld/installer/?_step=1

-Dans la section smtp « SMTP Settings »:

smtp_server: localhost

smtp_port :25

-Créer le certificat SSL « Installer un certificat SSL let’s encrypt (Serveur Apache) »:

./certbot-auto certonly –webroot –webroot-path /home/webmail.domaine.tld/ –domain webmail.domaine.tld –email adressemail

-Ajouter au fichier vhost:

DocumentRoot /home/webmail.domaine.tld
ServerName /home/webmail.domaine.tld

Options FollowSymLinks
AllowOverride All

Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/webmail.domaine.tld/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/webmail.domaine.tld/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/webmail.domaine.tld/chain.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
Header always set Strict-Transport-Security « max-age=31536000; includeSubDomains »

-Relancer apache2

# service apache2 restart