Table of Contents
- Intro
- Installation
- Configuration
- Screenshots
This is a Nextcloud app app which embeds an separate Roundcube web-mailer installation by means of an IFrame into you Nextcloud server installation.
The app can be configured to do some sort of single sign on (SSO) if the email-server and Nextcloud share a common user and authentication framework. Otherwise the users can configure their email credentials in the app's personal settings.
This was originally a fork from
https://github.com/LeonardoRM/owncloud-roundcube
which in turn is based on a very early Owncloud app (discontinued)
https://github.com/hypery2k/owncloud
However, now this fork just concentrates to embed an external Roundcube installation into a Nextcloud installation, there is no intent to keep compatibility with Owncloud.
Knowning that there is nowaday a dedicated native Nextcloud email app this might be questionable. OTOH, Roundcube is a very mature email web app with many nice plugins.
Currently the focus is on Roundcube version v1.6 and Nextcloud version 25 and on pushing this fork into the Nextcloud app-store.
Hopefully an installation is possible by one of the following alternatives:
-
install from the Nextcloud app-store
-
download a (pre-)release tarball and extract it into you app directory
-
pre-compiled assets are also contained in the git repository, but only on the release branches. The master branch typically does not contain any files which could be generated. So simply cloning the git-repo into your app folder and checking out an appropriate release branch like
stable25maybe just works. Maybe not ... -
clone into your app-folder and compile from source, do a
make devormake build. You needcomposer,node(npm),jqandpython-tabulate.make helpor justmakewill list the available targets.
Please refere to the Roundcube documentation for general installation instructions.
Please refere to the Roundcube documentation for configuration instructions.
Due to the technology used -- Roundcube just runs in an iframe -- there are some restrictions caused by the same origin policy which at least nowadays is widely in use.
In principle this boils down to the point that the Nextcloud server installation and the Roundcube installation must be served in the same DNS domain.
In this case nothing special has to be done. The administrator can simply enter the location of the Roundcube installation in the adminstrator settings of the app.
In this case the simplest thing is to just map the Roundcube
installation a second time by a simple Alias directive.
Example for Apache mod_alias:
Alias /SOME_WEB_PATH PATH_TO_EXISTING_ROUNDCUBE_INSTALLATION
This directive should be placed in the virtual host definition of the Nextcloud server installation.
In the administration settings for the NC app you can then enter
whatever you have chosen for /SOME_WEB_PATH.
As part of your Nextcloud nginx configuration:
Disable this line:
#add_header X-Content-Type-Options "nosniff" always;
And add:
location /roundcube/ {
alias /srv/http/mail.example.com/;
index index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;
# The following lines might be optional depending on your setup:
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
# Handle static assets
location ~ ^/roundcube/(.+)$ {
try_files /$1 =404;
}
}
In this case it is possible to map the existing external Roundcube installation into the Nextcloud server domain by means of a proxy configuration mapping a local web-path to the external Roundcube server.
If you try this then please first check the proxy settings independent from the use of it in this app, i.e. just open the proxied-location in you web-browser, log-in manually and check if it works.
Caused by changes in the transition from Roundcube verison 1.5 to Roundcube version 1.6 we have now the problem that all web-paths used by Roundcube are absolute. And this severely breaks any reverse proxy setup unless you have access to the Roundcube installation. The point is the new configuration directive
$config['request_path'] = REPLACE_ME_WITH_SOMETHING_WORKING;
Please have a look at the explanations in defaults.inc.php.
Please note that the configuration directive is only available since Roundcube 1.6.1. But the proxy setup has been broken before in the progress of moving to 1.6.0.
A working setting -- but I suppose it undermines the security improvements which were the cause for the new setting -- is the following which in essence restores the previous behaviour to have only relative links:
$config['request_path'] = '.';
BIG FAT NOTE: if you use Roundcube 1.6 and do nothing then proxying will just not work (but please feel free to convince me from the opposite by providing a configuration example ;)).
Place something like the following into the virtual host setup for your Nextcloud server:
ProxyRequests Off
SSLProxyEngine on
<Location /SOME_WEB_PATH/>
ProxyPass https://webmail.my-domain.tld/
ProxyPassReverse https://webmail.my-domain.tld/
ProxyPreserveHost Off
</Location>
Please note that you probably have ProxyPreserveHost On in the
configuration for the push notifications service.
location /roundcube/ {
proxy_pass https://YOURroundcubeINSTALL.tld/;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
The "location /roundcube/" folder paramter is used only as example. This is the location you have to enter in Administrator seetings of this nextcloud module. The "https://YOURroundcubeINSTALL.tld" domain is used only as example. Point to the domain where your Roundcube is served from.
Please have also a look at the screenshot.
This is just a text-box for the web-address of the Roundcube installation. Please read the notes about the web-server setup.
The default is "User's Choice". Please note that the term "address-selection" is a bit misleading: here you configure the login-id into the email-server which may or may not be an email-address.
Use the user-id of the logged-in user and add a to-be-configured email-domain to the login-name. The idea here is that in a single-sign-on (SSO) scenario the email accounts and cloud login-ids more-or-less naturally coincide. Checking this option disables the email address choice in the personal preferences of this Roundcube-integration app.
Just take the email-address from the Nextcloud user preferences. Checking this option disabled the email address choice in the personal preferences of this Roundcube-integration app.
Make the login-id into the email server freely configurable by the user through the personal settings page of this app.
Checking this option disables the custom password setting in the user's preferences section and enforces it to coincide with the cloud password.
Checking this option keeps the information bar -- including the logout button -- of the Roundcube web-mailer. Concerning logout: the default is to log-out the user out of Roundcube if it logs out of the cloud.
Uncheck to disable SSL certificate verification, e.g. in a setup using self-signed certificates.
If checked the user configurable values are encrypted with the user password. Otherwise they are encrypted with the server password. The extra gain in security is questionable as any installed app has access to the password of the currently logged in user.
If you install the RCM CardDAV plugin then it is possible to autoconfigure the plugin such that the Nextcloud contacts are accessible from inside Roundcube. In order to do so, you have to define a "RoundCube CardDAV Tag" in the respective text-input of this app and copy the configuration snippet shown there to the RCM CardDAV plugin config. This should be
PATH_TO_ROUNDCUBE/plugins/carddav/config.inc.phpThe configuration snippet looks similar to this one:
$prefs['cloud'] = [
'accountname' => 'cloud',
'discovery_url' => 'https://nextcloud.example.com/remote.php/dav/addressbooks/users/%l',
'username' => '%l',
'password' => '%p',
'name' => '%N (%a)',
'active' => true,
'readonly' => false,
'refresh_time' => '00:15:00',
'fixed' => ['discovery_url',],
'hide' => false,
'use_categories' => true,
]Please note that the password-setting "%p" will not work if 2FA is enabled. If this app detects that this is the case, it will try to generate a suitable app-token automatically and register it with the RoundCube CardDAV plugin -- which may work or not. In order to have auto-configuration working it is vital to not include "username" and "password" into the "fixed" array.
Please have also a look at the screenshot.
Configure the login-id into the email-server, or to be more precise: into the Roundcube web-mailer. This setting is not available if the administrator has pinned the login-id to the email-address specified in the user-preferences. Of course, the users may be able to change their email addresses there, but the setting in this app is not available in this case. Likewise, for a single-sign-on (SSO) setup this choice is disabled if the email login-id is pinned to coincide with the cloud login-id.
Configure the login-password for the email-server. This setting is not available if the administrator has configured this app to attempt single-sign-on in which case use of the Nextcloud password is enforced for the login into the email-server.
