Sync iRedMail upgrade tutorial.

This commit is contained in:
Zhang Huangbin 2018-07-19 21:43:08 +02:00
parent 3387c0e863
commit f3cc1d70a6
4 changed files with 84 additions and 16 deletions

View File

@ -13,7 +13,7 @@ find it, you can still download one from iRedMail project:
This file must be owned by user `vmail` and group `vmail`, permission `0500`.
Now open Dovecot config file `/etc/dovecot/dovecot.conf` (on Linux/OpenBSD)
or `/usr/local/etc/dovecot/dovecot.conf` (FreeBSD), find parameter `sieve_before =`
or `/usr/local/etc/dovecot/dovecot.conf` (FreeBSD), make sure you have setting
like below:
```
@ -21,18 +21,11 @@ like below:
plugin {
...
#sieve_before =
sieve_before = /var/vmail/sieve/dovecot.sieve
...
}
```
Uncomment it and set its value to `/var/vmail/sieve/dovecot.sieve` (Note:
use the correct path on your server).
```
sieve_before = /var/vmail/sieve/dovecot.sieve
```
Restart Dovecot service to enable it.
Note: we don't use `sieve_default =` for global sieve script, because it

View File

@ -65,6 +65,51 @@ chown mlmmj:mlmmj /opt/mlmmjadmin/settings.py
chmod 0400 /opt/mlmmjadmin/settings.py
```
### Fix improper Nginx config files for Roundcube
Accurate Nginx url match helps avoid namespace conflicts, we need some fixes
for Roundcube to get accurate url match.
Please open file `/etc/nginx/templates/roundcube.tmpl`, find `location`
directives like below:
```
location ~ /mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
location ~ /mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
location ~ /mail/plugins/.*/config.inc.php.* { deny all; }
location ~ /mail/plugins/enigma/home($|/.*) { deny all; }
```
Add a `^` symbol before url path, this will exactly match the url begins
with the path.
```
+location ~ ^/mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
+location ~ ^/mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
+location ~ ^/mail/plugins/.*/config.inc.php.* { deny all; }
+location ~ ^/mail/plugins/enigma/home($|/.*) { deny all; }
```
Open file `/etc/nginx/templates/roundcube-subdomain.tmpl`, find `location`
directives like below:
```
location ~ /(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
location ~ /(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
location ~ /plugins/.*/config.inc.php.* { deny all; }
location ~ /plugins/enigma/home($|/.*) { deny all; }
```
Add `^` symbol like below:
```
location ~ ^/(bin|config|installer|logs|SQL|temp|vendor)/.* { deny all; }
location ~ ^/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)$ { deny all; }
location ~ ^/plugins/.*/config.inc.php.* { deny all; }
location ~ ^/plugins/enigma/home($|/.*) { deny all; }
```
## OpenLDAP special
### Update iRedMail LDAP schema file

View File

@ -26,22 +26,17 @@ find it, you can still download one from iRedMail project:
<a href="https://bitbucket.org/zhb/iredmail/src/default/iRedMail/samples/dovecot/dovecot.sieve">here</a></p>
<p>This file must be owned by user <code>vmail</code> and group <code>vmail</code>, permission <code>0500</code>.</p>
<p>Now open Dovecot config file <code>/etc/dovecot/dovecot.conf</code> (on Linux/OpenBSD)
or <code>/usr/local/etc/dovecot/dovecot.conf</code> (FreeBSD), find parameter <code>sieve_before =</code>
or <code>/usr/local/etc/dovecot/dovecot.conf</code> (FreeBSD), make sure you have setting
like below:</p>
<pre><code># Part of file: /etc/dovecot/dovecot.conf
plugin {
...
#sieve_before =
sieve_before = /var/vmail/sieve/dovecot.sieve
...
}
</code></pre>
<p>Uncomment it and set its value to <code>/var/vmail/sieve/dovecot.sieve</code> (Note:
use the correct path on your server).</p>
<pre><code> sieve_before = /var/vmail/sieve/dovecot.sieve
</code></pre>
<p>Restart Dovecot service to enable it.</p>
<p>Note: we don't use <code>sieve_default =</code> for global sieve script, because it
will be ignored if users have their own personal sieve rule files.</p><div class="footer">

View File

@ -26,6 +26,7 @@
<li><a href="#upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-10">Upgrade iRedAdmin (open source edition) to the latest stable release (1.0)</a></li>
<li><a href="#upgrade-roundcube-webmail-to-the-latest-stable-release-136">Upgrade Roundcube webmail to the latest stable release (1.3.6)</a></li>
<li><a href="#fix-incorrect-file-ownergroup-of-mlmmjadmin-config-file">Fix incorrect file owner/group of mlmmjadmin config file</a></li>
<li><a href="#fix-improper-nginx-config-files-for-roundcube">Fix improper Nginx config files for Roundcube</a></li>
</ul>
</li>
<li><a href="#openldap-special">OpenLDAP special</a><ul>
@ -102,6 +103,40 @@ latest stable release immediately:</p>
chmod 0400 /opt/mlmmjadmin/settings.py
</code></pre>
<h3 id="fix-improper-nginx-config-files-for-roundcube">Fix improper Nginx config files for Roundcube</h3>
<p>Accurate Nginx url match helps avoid namespace conflicts, we need some fixes
for Roundcube to get accurate url match.</p>
<p>Please open file <code>/etc/nginx/templates/roundcube.tmpl</code>, find <code>location</code>
directives like below:</p>
<pre><code>location ~ /mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
location ~ /mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
location ~ /mail/plugins/.*/config.inc.php.* { deny all; }
location ~ /mail/plugins/enigma/home($|/.*) { deny all; }
</code></pre>
<p>Add a <code>^</code> symbol before url path, this will exactly match the url begins
with the path.</p>
<pre><code>+location ~ ^/mail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
+location ~ ^/mail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
+location ~ ^/mail/plugins/.*/config.inc.php.* { deny all; }
+location ~ ^/mail/plugins/enigma/home($|/.*) { deny all; }
</code></pre>
<p>Open file <code>/etc/nginx/templates/roundcube-subdomain.tmpl</code>, find <code>location</code>
directives like below:</p>
<pre><code>location ~ /(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }
location ~ /(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }
location ~ /plugins/.*/config.inc.php.* { deny all; }
location ~ /plugins/enigma/home($|/.*) { deny all; }
</code></pre>
<p>Add <code>^</code> symbol like below:</p>
<pre><code>location ~ ^/(bin|config|installer|logs|SQL|temp|vendor)/.* { deny all; }
location ~ ^/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)$ { deny all; }
location ~ ^/plugins/.*/config.inc.php.* { deny all; }
location ~ ^/plugins/enigma/home($|/.*) { deny all; }
</code></pre>
<h2 id="openldap-special">OpenLDAP special</h2>
<h3 id="update-iredmail-ldap-schema-file">Update iRedMail LDAP schema file</h3>
<p>iRedMail-0.9.9 introduces 2 new LDAP attributes for mail user account:</p>