Resolved Roundcube 1.4 released

[Bogdan1]

Does anyone have a working tutorial how to upgrade roundcube to 1.4?

 

[vefeind]

Does anyone have a working tutorial how to upgrade roundcube to 1.4?

+1 for that

 

[vefeind]

Does anyone have a working tutorial how to upgrade roundcube to 1.4?

 

[Reboot]

Don't overwrite anything in the default Roundcube directory (/usr/share/psa-roundcube), it might break future updates!

The way to go is by overriding config (templates). Make sure you backup every file (before) you touch (it).

 

[Bogdan1]

Don't overwrite anything in the default Roundcube directory (/usr/share/psa-roundcube), it might break future updates!

The way to go is by overriding config (templates). Make sure you backup every file (before) you touch (it).

Thanks

 

[Denis Gomes Franco]

Yeah, this situation is getting stranger every day. Roundcube 1.4.3 was released february 19th and no word from Plesk yet even though there were several updates to it ever since RC1.4 was released. Let's just hope they don't walk the greedy path, as someone mentioned earlier that the Premium mail module includes RC1.4.

In the meantime, manual installation is a easy peasy but is there any way to run it from the WEBMAIL subdomain of each customer? That is, "replacing" the old RC with the new one, but of course without having to install an instance for every customer? Manual installation would also give me the advantage of setting up RC as I want, with some extra plugins, without the fear of panel updates resetting everything to the "factory defaults".

 

[Reboot]

In the meantime, manual installation is a easy peasy but is there any way to run it from the WEBMAIL subdomain of each customer? That is, "replacing" the old RC [..]

I will check if there is a way to do that without breaking updates in the future. Expect a update later tonight or tomorrow.

 

[MicheleB]

I think it's incredible that a company that sells one of the most expensive control panel on the market, forces its customers to get their hands on the code (with all the consequences of the case) to update one of its most important modules such as webmail.
My personal opinion, of course.

 

[Reboot]

As promised, here is my setup. It does not touch any Plesk files, except ones that we are allowed to change by design. However, it's late and it is a quick write-up. Keep that in mind.

Make sure you have root access on the server. If you don't know how to handle it, please, don't continue. I am not responsible for damage of any kind. Use at your own risk! The following commands are issued on a CentOS 7.7 machine (RHEL and CloudLinux should be quite the same, but haven't tested). For Debian users: the paths might vary. Please handle with care!

First, we create the roundcube user and group:

mkdir /usr/share/custom-roundcube
groupadd custom_roundcube_sysgroup
useradd custom_roundcube_sysuser -N -g custom_roundcube_sysgroup -c "custom roundcube webmail user" -M -d /usr/share/custom-roundcube -s /sbin/nologin

Deploy Roundcube:

cd /usr/share/custom-roundcube/
wget https://github.com/roundcube/roundcubemail/releases/download/1.4.3/roundcubemail-1.4.3-complete.tar.gz
tar xfz roundcubemail-1.4.3-complete.tar.gz --strip-components=1
rm -f roundcubemail-1.4.3-complete.tar.gz
rm -rf CHANGELOG INSTALL LICENSE README.md UPGRADING composer.*  public_html temp logs
rm -f installer/*  installer/.htaccess
mv .htaccess /etc/httpd/conf/plesk.conf.d/custom.roundcube.htaccess.inc
cp /usr/share/psa-roundcube/installer/.htaccess installer

Create a custom roundcube config and and log dir:

mkdir -p /etc/custom-webmail/roundcube
cd /etc/custom-webmail/roundcube
cp /etc/psa-webmail/roundcube/php.ini .
mkdir /var/log/custom-roundcube
chown custom_roundcube_sysuser:root /var/log/custom-roundcube
chmod 0750 /var/log/custom-roundcube/

Next, the database section.

In Plesk (ISP View), go to Tools & Settings -> Database Servers -> MariaDB -> Click the icon next to 'Databases' in the table. It should open phpMyAdmin as root.

Create a user custom_roundcube, do not grant any permissions yet, nor use the create database with same name option. Use the generate function of PMA to create a password or use your own random one, mark down the password (not the one you're using everywhere else, do you? ;-)).

Next, create a database custom_roundcubemail.

Then, go to the custom_roundcube user you just created (PMA Home -> User accounts -> edit privileges for custom_roundcube, click the databases tab, select custom_roundcubemail in the list and click 'Go'.

Grant everything under the 'Data' tab, 'CREATE, ALTER, INDEX, DROP' under 'Structure' and 'REFERENCES' under Administration. Click 'Go'.

Now, navigate to the custom_roundcubemail database page and click import. Import the SQL file in /usr/share/custom-roundcube/SQL/mysql.initial.sql. Use SCP to get the file on your computer or download the tar file and extract the corresponding file from it.


Next, we configure Roundcube:

cd /usr/share/custom-roundcube/config/
mv defaults.inc.php defaults.inc.php.pkg-default
rm -f .htaccess
cp ../../psa-roundcube/config/config.inc.php .
chown root:custom_roundcube_sysgroup config.inc.php
cp ../../psa-roundcube/config/defaults.inc.php .
chown root:custom_roundcube_sysgroup defaults.inc.php
cp ../../psa-roundcube/config/.htaccess .

# Plugin configs:
cp /usr/share/psa-roundcube/plugins/password/config.inc.php /usr/share/custom-roundcube/plugins/password
chown root:custom_roundcube_sysgroup /usr/share/custom-roundcube/plugins/password/config.inc.php
cp /usr/share/psa-roundcube/plugins/managesieve/config.inc.php /usr/share/custom-roundcube/plugins/managesieve
chown root:custom_roundcube_sysgroup /usr/share/custom-roundcube/plugins/managesieve/config.inc.php
cp /usr/share/psa-roundcube/plugins/markasjunk2/config.inc.php /usr/share/custom-roundcube/plugins/markasjunk
chown root:custom_roundcube_sysgroup /usr/share/custom-roundcube/plugins/markasjunk/config.inc.php

We need to edit /usr/share/custom-roundcube/config/config.inc.php:

$config['db_dsnw'] = 'mysql://custom_roundcube:your_unique_password@localhost/custom_roundcubemail';

Next, save the mysql password (single line) in /usr/share/custom-roundcube/config/.roundcube.shadow

Next, we need to edit /usr/share/custom-roundcube/config/defaults.inc.php (lines to change, use search):

// yep, no password this time
$config['db_dsnw'] = 'mysql://custom_roundcube:@localhost/custom_roundcubemail';
// change the logging directory to the one we created before
$config['log_dir'] = '/var/log/custom-roundcube/';
// markasjunk and markasjunk2 plugins have been merged
$config['plugins'] = array('password', 'markasjunk', 'managesieve');
// enable that sweet, slick looking responsive goodness...
$config['skin'] = 'elastic';

At this point, we need to make sure plesk serves us our own, custom roundcube. Luckily, Plesk allows us to modify the templates that are used to generate config files on the fly. (Overriding generated configs is pointless as they will be overwritten by every action)

mkdir -p /usr/local/psa/admin/conf/templates/custom/webmail/

Please note that files we want to touch go inside the templates/custom folder, always leave templates/default untouched. You can, off course, copy files from the default to custom folder and change to your likings. But never edit a file inside the default folder.

Create the file /usr/local/psa/admin/conf/templates/custom/webmail/roundcube.php with the following content (if you followed the above instructions exactly, this should suffice):

<?php
    /** @var Template_VariableAccessor $VAR */
    $roundcubeDocroot = "/usr/share/custom-roundcube";
    $roundcubeConfD = "/etc/custom-webmail/roundcube";
    $roundcubeSysUser = "custom_roundcube_sysuser";
    $roundcubeSysGroup = "custom_roundcube_sysgroup";
    $roundcubeHtaccess = $VAR->server->webserver->httpConfDir . "/plesk.conf.d/custom.roundcube.htaccess.inc";
    $roundcubePhpIni = $roundcubeConfD . "/php.ini";
?>
    DocumentRoot "<?php echo $roundcubeDocroot ?>"
    Alias /roundcube/ "<?php echo $roundcubeDocroot ?>/"

    <IfModule mod_suexec.c>
        SuexecUserGroup <?php echo $roundcubeSysUser; ?> <?php echo $roundcubeSysGroup; ?>

    </IfModule>

    <IfModule mod_fcgid.c>
            FcgidInitialEnv PP_CUSTOM_PHP_CGI_INDEX plesk-php73-fastcgi
            FcgidInitialEnv PP_CUSTOM_PHP_INI "<?php echo $roundcubePhpIni; ?>"
            FcgidMaxRequestLen 134217728
        <Directory "<?php echo $roundcubeDocroot ?>">
            Options -Indexes +FollowSymLinks
            AllowOverride FileInfo
        <?php if ($VAR->server->webserver->apache->useRequireOption): ?>
            Require all granted
        <?php else: ?>
            Order allow,deny
            Allow from all
        <?php endif; ?>
            Include "<?php echo $roundcubeHtaccess ?>"

            <Files ~ (\.php$)>
                SetHandler fcgid-script
                FCGIWrapper <?php echo $VAR->server->webserver->apache->phpCgiBin ?> .php
                Options +ExecCGI
            </Files>
        </Directory>
    </IfModule>

Next, run: /usr/local/psa/admin/sbin/httpdmng --reconfigure-all

If everything went well, you should see a brand new Roundcube instance when going to webmail.<domain>.

As pointed out by @HHawk , I overlooked the fail2ban part. Enabling it is easy:

In "/etc/fail2ban/jail.d/plesk.conf" duplicate the [plesk-roundcube] section and change to:

[custom-roundcube]
action = iptables-multiport[name="plesk-roundcube", port="http,https,7080,7081"]
filter = plesk-roundcube
logpath = /var/log/custom-roundcube/errors.log

Next, issue service fail2ban restart

Ad pointed out by @justinmacleod, I forgot to symlink the well-known folder to keep LetsEncrypt functioning correctly. I ran into this issue myself and fixed it, but forgot to mention it here:

ln -s /usr/share/psa-roundcube/.well-known /usr/share/custom-roundcube/.well-known

Also, check if there are log files (error and sendmail) in /var/log/custom-roundcube (the latter gets created after sending a mail).

Congrats, you just beat the Plesk marketing team.

How to undo? Should be as easy as:

userdel custom_roundcube_sysuser
groupdel custom_rouncube_sysgroup
rm -rf /usr/share/custom-roundcube /etc/custom-webmail /var/log/custom-roundcube
rm -f /usr/local/psa/admin/conf/templates/custom/webmail/roundcube.php /etc/httpd/conf/plesk.conf.d/custom.roundcube.htaccess.inc
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

For completeness, remove the database and corresponding user and remove the [custom-roundcube] section from fail2ban's config.

Really, that's it. I still need to look to proper log rotation and maybe SELinux policies. But let's hope Plesk updates Roundcube for us, as they should do as a company that cares about their users... Right? ;-)

 

[HHawk]

@Reboot Wow!! Just wow!

More than excellent tutorial! Highly appreciated! Plesk should hire you! Really! This is the first really very useful answer on this forum I have seen in months! Sorry to say and I don't mean any offence. I am really pleased that I discovered this today! I cannot say how much this is appreciated!

Plesk should be really, really should be ashamed of themselves! With Plesk you can only use the latest version of Roundcube (and the great 'Elastic' skin) by purchasing their Kolab software. Why should we have to pay for that in order to get the latest Roundcube version along with the 'Elastic'-skin? You can really notice that Oakley Capital is pulling the strings nowadays. Plesk is only out there to make profit. The same reason why they increased their pricing (for us) by 700% / 800%!!

Seriously, why Plesk? Listen to your paying customers or at least the ones you still have. Heck, even DirectAdmin is progressing really good as of late. Better pricing, their new 'Evolution'-skin is nice (though it needs getting used to after all these many years) and guess what? It supports Roundcube 1.4 with the 'Elastic'-skin straight out of the box. And Plesk says it's not possible or being added and the only solution to get that (officially) working is by purchasing Kolab?! Sheesh... Anyways, getting off-topic here obviously...

Back on topic; in addition to your excellent tutorial, I want to add one minor thing (which you have probably overlooked). Enabling Fail2Ban for this custom Roundcube! I have no clue if this is the correct procedure, but here goes.

If you have followed Reboot's excellent tutorial on how to enable Roundcube 1.4 along with the 'Elastic'-skin you can do the following to make Fail2Ban work with this new Roundcube installation:

Open "/etc/fail2ban/jail.d/plesk.conf" and copy and paste the following:

[plesk-roundcube]
action = iptables-multiport[name="plesk-roundcube", port="http,https,7080,7081"]
filter = plesk-roundcube
logpath  = /var/log/plesk-roundcube/errors

And modify it so it looks like this:

[custom-roundcube]
action = iptables-multiport[name="plesk-roundcube", port="http,https,7080,7081"]
filter = plesk-roundcube
logpath = /var/log/custom-roundcube/errors.log

Note: make sure you add ".log" to the last line! Otherwise it will spit out an error.

Next enter the command: service fail2ban restart
Log now back into Plesk and check the Fail2Ban jails and it should have added the "custom-roundcube"-jail here.
Now enable it and you're done! Also your new (custom) Roundcube is protected against wannabe hackers.

I have no clue if this is the correct approach, but I am guessing it is. And no, I don't deserver any credit for this!
Only Reboot deserves all the credit!

Thank you once again Reboot! Really appreciated!!

Cheers.
HHawk

 

[MicheleB]

I noticed that @IgorG left an appreciation for the above tutorial so should we consider these instructions officially approved by Plesk Team as the only valid ones to update the old 1.3 version of RoundCube?
Just to understand how I have to behave as I'm required to get my hands on the code and I don't want to cause any problems in terms of licensing as well.

 

[HHawk]

I noticed that @IgorG left an appreciation for the above tutorial so should we consider these instructions officially approved by Plesk Team as the only valid ones to update the old 1.3 version of RoundCube?
Just to understand how I have to behave as I'm required to get my hands on the code and I don't want to cause any problems in terms of licensing as well.

Plesk does not care about this. Roundcube 1.4 works in Plesk (supported) when you purchase their Kolab mess. So if you want the new Roundcube supported by Plesk, then:

• Wait a couple of months or even years before Plesk finally adds official support (probably Roundcube 1.5 is released by then)
• Sponsor Oakley Capital and purchase the Plesk Kolab solution in order to get Roundcube 1.4 offcially
• Or ignore the above two lines and just follow Reboot's excellent tutorial, as it works and the rest remains untouched

Hopefully this helps.

 

[Denis Gomes Franco]

@Reboot Man, that is awesome! Thanks for your great article! Plesk should pay you to have this how-to as an official support article.

One question: how about users' settings in Roundcube, such as contacts or email signatures? Guess I need to dig into the current database and retrieve them, or re-configure the accounts manually...

 

[MicheleB]

Plesk does not care about this. Roundcube 1.4 works in Plesk (supported) when you purchase their Kolab mess. So if you want the new Roundcube supported by Plesk, then:

• Wait a couple of months or even years before Plesk finally adds official support (probably Roundcube 1.5 is released by then)
• Sponsor Oakley Capital and purchase the Plesk Kolab solution in order to get Roundcube 1.4 offcially
• Or ignore the above two lines and just follow Reboot's excellent tutorial, as it works and the rest remains untouched

Hopefully this helps.

I don't agree, I chose to use Plesk precisely to avoid manually installing things like webmail, so it's my right to demand a constant its update in exchange for my monthly subscription payment.
Anyway, it's very difficult for me to apply the above instruction because almost all of my RoundCube webmail clients have in their individual accounts various contacts/signatures and configurations that would be very complicated for me to export in a new installation.

 

[Reboot]

@Reboot Man, that is awesome! Thanks for your great article! Plesk should pay you to have this how-to as an official support article.

One question: how about users' settings in Roundcube, such as contacts or email signatures? Guess I need to dig into the current database and retrieve them, or re-configure the accounts manually...

You could export the current database of Plesk's Roundcube, import it in the new one and then use Roudcube's migration script to update the database version. Should be easy. However - I don't recommend migrating it back after Plesk's webmail maintenance is on schedule again because I don't know if they do some things under the bonnet I'm not aware of.

 

[Denis Gomes Franco]

precisely to avoid manually installing things like webmail

Yes, that's the main purpose of having a control panel installed on your server, and you are right, we should be making these demands as Plesk is subscription-based, but we also need a solution that is other than "waiting forever".

 

[HHawk]

Obviously you are free to not follow the excellent tutorial by Reboot.
If you want to wait for Plesk to add this feature, you can (as Plesk support always state) vote for this feature here: Support for Roundcube 1.4 (includes responsive support)

But good luck with that. If you are lucky it will be added in 2021 when Roundcube 1.5 is available.

I am using Reboot's solution and it's working flawlessly! Thanks again for this.

 

[Denis Gomes Franco]

vote for this feature here

And let's not forget that at that link someone from the support staff said that v1.4 will be supported in *one* of the next updates of Plesk. And that was in may of 2019

 

[MicheleB]

Obviously you are free to not follow the excellent tutorial by Reboot.
I am using Reboot's solution and it's working flawlessly! Thanks again for this.

Ok but remember that Reboot is a nickname, he/she doesn't offer any guarantee of correct operation, in fact he/she said "I am not responsible for damage of any kind". Instead my server and my customers are real, I can't install something on a production environment without a proven operational guarantee.

Anyway, I just regret that no one from the Plesk Team has intervened here to give more clarity on the technical indication of intervention on their control panel given by a stranger (certainly very capable but I have no idea who is Reboot).
Last thing, I suggest to @Reboot to create an extension for Plesk for the installation of RoundCube in order to give more security/warranty to everything proposed.

 

[HHawk]

We host over 400 Plesk servers, so I am happy with this solution.

I would recommend you to vote for the feature and hope Plesk will include it around 2021 or maybe even 2022!
Good luck!