User Tools
web_интерфейс_к_почте
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
web_интерфейс_к_почте [2024/02/05 13:40] val [Roundcube] |
web_интерфейс_к_почте [2025/10/26 08:14] (current) val |
||
|---|---|---|---|
| Line 21: | Line 21: | ||
| $config['default_host'] = 'localhost'; | $config['default_host'] = 'localhost'; | ||
| $rcmail_config['mail_domain'] = 'corpX.un'; | $rcmail_config['mail_domain'] = 'corpX.un'; | ||
| + | ... | ||
| + | //https://treeone.ru/roundcube-smtp-error-code-1-connection-failed-after-upgrade-debian/ | ||
| + | //or add port 587 to mta | ||
| + | $config['smtp_server'] = 'localhost:25'; | ||
| ... | ... | ||
| </code><code> | </code><code> | ||
| Line 50: | Line 54: | ||
| 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. | 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. | ||
| - | 'base_dn' => 'ou=People,dc=corpX,dc=un', | + | // 'base_dn' => 'ou=People,dc=corpX,dc=un', |
| - | //// 'base_dn' => 'cn=Users,dc=corpX,dc=un', | + | 'base_dn' => 'cn=Users,dc=corpX,dc=un', |
| // 'base_dn' => 'dc=corpX,dc=un', | // 'base_dn' => 'dc=corpX,dc=un', | ||
| - | // 'bind_dn' => 'cn=Administrator,cn=Users,dc=corpX,dc=un', | + | 'bind_dn' => 'cn=Administrator,cn=Users,dc=corpX,dc=un', |
| - | // 'bind_pass' => 'Pa$$w0rd', | + | 'bind_pass' => 'Pa$$w0rd', |
| 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' | 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' | ||
| Line 104: | Line 108: | ||
| </code> | </code> | ||
| - | === OAuth2 аутентификация === | + | === OpenID аутентификация === |
| * [[https://goauthentik.io/integrations/services/roundcube/|This integration describes how to use Roundcube's oauth support with authentik to automatically sign into an email account]] | * [[https://goauthentik.io/integrations/services/roundcube/|This integration describes how to use Roundcube's oauth support with authentik to automatically sign into an email account]] | ||
| Line 116: | Line 120: | ||
| ... | ... | ||
| $config['oauth_provider'] = 'generic'; | $config['oauth_provider'] = 'generic'; | ||
| - | $config['oauth_provider_name'] = 'Keycloak corp20'; | + | $config['oauth_provider_name'] = 'Keycloak corp13'; |
| $config['oauth_client_id'] = "any-client"; | $config['oauth_client_id'] = "any-client"; | ||
| $config['oauth_client_secret'] = "anystring"; | $config['oauth_client_secret'] = "anystring"; | ||
| - | $config['oauth_auth_uri'] = "https://server.corp20.un:8443/realms/corp20/protocol/openid-connect/auth"; | + | $config['oauth_auth_uri'] = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/auth"; |
| - | $config['oauth_token_uri'] = "https://server.corp20.un:8443/realms/corp20/protocol/openid-connect/token"; | + | $config['oauth_token_uri'] = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/token"; |
| - | $config['oauth_identity_uri'] = "https://server.corp20.un:8443/realms/corp20/protocol/openid-connect/userinfo"; | + | $config['oauth_identity_uri'] = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/userinfo"; |
| $config['oauth_verify_peer'] = false; | $config['oauth_verify_peer'] = false; | ||
| $config['oauth_scope'] = "email profile openid"; | $config['oauth_scope'] = "email profile openid"; | ||
| Line 137: | Line 141: | ||
| //$oauth_identity_uri = $this->options['identity_uri']; | //$oauth_identity_uri = $this->options['identity_uri']; | ||
| - | $oauth_token_uri = "https://server.corp20.un:8443/realms/corp20/protocol/openid-connect/token"; | + | $oauth_token_uri = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/token"; |
| $oauth_client_id = "any-client"; | $oauth_client_id = "any-client"; | ||
| $oauth_client_secret = "anystring"; | $oauth_client_secret = "anystring"; | ||
| - | $oauth_identity_uri = "https://server.corp20.un:8443/realms/corp20/protocol/openid-connect/userinfo"; | + | $oauth_identity_uri = "https://keycloak.corp13.un/realms/corp13/protocol/openid-connect/userinfo"; |
| ... | ... | ||
| </code> | </code> | ||
| * Сервер dovecot [[Сервер dovecot#OAuth аутентификация]] | * Сервер dovecot [[Сервер dovecot#OAuth аутентификация]] | ||
| + | |||
| + | === Roundcube PGP Enigma === | ||
| + | <code> | ||
| + | # apt install roundcube-plugins php-crypt-gpg | ||
| + | |||
| + | # find /var/lib/roundcube/plugins/enigma/ | ||
| + | |||
| + | # cat /var/lib/roundcube/config/config.inc.php | ||
| + | ... | ||
| + | $config['plugins'] = array( | ||
| + | 'enigma' | ||
| + | ); | ||
| + | $config['enigma_pgp_homedir']='/tmp/' ??? | ||
| + | ... | ||
| + | |||
| + | # tail -f /var/log/roundcube/errors.log | ||
| + | |||
| + | |||
| + | # gpg --output public.pgp --armor --export user1@corp13.un | ||
| + | |||
| + | # gpg --output private.pgp --armor --export-secret-key user1@corp13.un | ||
| + | |||
| + | # cat public.pgp private.pgp > /disk2/samba/user1.pubpriv | ||
| + | </code> | ||
| ===== Дополнительные материалы ===== | ===== Дополнительные материалы ===== | ||
| + | ==== В новой версии roundcube может понадобиться ==== | ||
| + | <code> | ||
| + | 1. права доступа к директории /var/lib/roundcube: | ||
| + | |||
| + | chown -R www-data:www-data /var/lib/roundcube | ||
| + | chmod -R 755 /var/lib/roundcube | ||
| + | |||
| + | |||
| + | 2. в конфигурационном файле `/etc/apache2/conf-enabled/roundcube.conf` добавить | ||
| + | Alias /mail /var/lib/roundcube | ||
| + | |||
| + | <Directory /var/lib/roundcube> | ||
| + | Options Indexes FollowSymLinks MultiViews | ||
| + | AllowOverride All | ||
| + | Require all granted | ||
| + | </Directory> | ||
| + | |||
| + | 3. проверить, что модуль Apache `mod_alias` включен: | ||
| + | sudo a2enmod alias | ||
| + | |||
| + | 4. Проверить в /etc/apache2/apache2.conf наличие правил для `/var/lib/roundcube`. | ||
| + | |||
| + | <Directory /var/lib/roundcube> | ||
| + | Options Indexes FollowSymLinks | ||
| + | AllowOverride None | ||
| + | Require all granted | ||
| + | </Directory> | ||
| + | |||
| + | 5. systemctl restart apache2 | ||
| + | </code> | ||
| ==== squirrelmail ==== | ==== squirrelmail ==== | ||
web_интерфейс_к_почте.1707129627.txt.gz · Last modified: 2024/02/05 13:40 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
