From 16f30813c9ea2695e419e84bab79c35016945715 Mon Sep 17 00:00:00 2001
From: Pierre Jaury <pierre@jaury.eu>
Date: Sat, 20 Feb 2016 21:55:22 +0100
Subject: [PATCH] Setup a roundcube Webmail

---
 Dockerfile                         | 25 ++++++++++++++++++++-----
 config/nginx/nginx.conf            | 24 ++++++++++++++++++++++++
 config/roundcube.inc.php           | 18 ++++++++++++++++++
 config/supervisor/supervisord.conf |  3 +++
 start.sh                           | 25 +++++++++++++++++++++++++
 5 files changed, 90 insertions(+), 5 deletions(-)
 create mode 100644 config/roundcube.inc.php
 create mode 100755 start.sh

diff --git a/Dockerfile b/Dockerfile
index aa862af4..86cf8ad4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,25 +1,40 @@
 FROM python:3
 
+# Install required system packages
 RUN export DEBIAN_FRONTEND=noninteractive \
  && apt-get update \
  && apt-get install -y --no-install-recommends \
       postfix dovecot-imapd dovecot-sqlite dovecot-lmtpd \
       dovecot-sieve dovecot-managesieved \
       dovecot-antispam spamassassin spamc clamav \
+      php5-fpm php5-mysql php5-imap php5-sqlite \
       supervisor rsyslog nginx \
  && apt-get clean
 
-# When installed non-interactively, the file does not get copied to the
-# postfix chroot, thus causing smtpd to fail.
-RUN cp /etc/services /var/spool/postfix/etc/
+# Install the Webmail from source
+ENV ROUNDCUBE_VERSION 1.1.4-complete
+RUN curl -L -O https://downloads.sourceforge.net/project/roundcubemail/roundcubemail/1.1.4/roundcubemail-${ROUNDCUBE_VERSION}.tar.gz \
+ && tar -xf roundcubemail-${ROUNDCUBE_VERSION}.tar.gz \
+ && rm -f roundcubemail-${ROUNDCUBE_VERSION}.tar.gz \
+ && mv roundcubemail-* /webmail
 
 # Install the Web admin panel
 COPY admin /admin
-RUN pip install -r /admin/requirements.txt 
+RUN pip install -r /admin/requirements.txt
+
+# Configure the webmail
+RUN cd /webmail \
+ && rm -rf CHANGELOG INSTALL LICENSE README.md UPDGRADING composer.json-dist temp logs \
+ && ln -s /data/logs/webmail logs \
+ && ln -s /data/webmail/temp temp \
+ && ln -s /etc/roundcube.inc.php config/config.inc.php
 
 # Load the configuration
 COPY config /etc/
 
+# Copy the entrypoint
+COPY start.sh /start.sh
+
 # Explicitely specify the configuration file to avoid problems when
 # the default configuration path changes.
-CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/supervisord.conf"]
+CMD "/start.sh"
diff --git a/config/nginx/nginx.conf b/config/nginx/nginx.conf
index a77523eb..80c13b77 100644
--- a/config/nginx/nginx.conf
+++ b/config/nginx/nginx.conf
@@ -18,6 +18,30 @@ http {
 
     server {
       listen 80;
+      listen 443 ssl;
+
+      ssl_protocols TLSv1.1 TLSv1.2;
+      ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+      ssl_prefer_server_ciphers on;
+      ssl_session_timeout 5m;
+      ssl_session_cache shared:SSL:50m;
+      ssl_certificate /data/ssl/cert.pem;
+      ssl_certificate_key /data/ssl/key.pem;
+
+      if ($scheme = http) {
+    		return 301 https://$host$request_uri;
+    	}
+
+      root /webmail;
+      index index.php;
+
+      location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_pass unix:/var/run/php5-fpm.sock;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+      }
 
       location /admin {
         include uwsgi_params;
diff --git a/config/roundcube.inc.php b/config/roundcube.inc.php
new file mode 100644
index 00000000..a366708c
--- /dev/null
+++ b/config/roundcube.inc.php
@@ -0,0 +1,18 @@
+<?php
+
+$config = array();
+
+$config['db_dsnw'] = 'sqlite:////data/webmail/roundcube.db';
+$config['default_host'] = 'localhost';
+$config['smtp_server'] = 'localhost';
+$config['smtp_port'] = 25;
+$config['des_key'] = 'rcmail-!24ByteDESkey*Str';
+
+// List of active plugins (in plugins/ directory)
+$config['plugins'] = array(
+    'archive',
+    'zipdownload',
+);
+
+// skin name: folder from skins/
+$config['skin'] = 'larry';
diff --git a/config/supervisor/supervisord.conf b/config/supervisor/supervisord.conf
index fafabffd..489b6dd6 100644
--- a/config/supervisor/supervisord.conf
+++ b/config/supervisor/supervisord.conf
@@ -19,3 +19,6 @@ command = uwsgi --yaml /etc/uwsgi/apps-enabled/freeposte.yml
 
 [program:nginx]
 command = nginx -g 'daemon off;'
+
+[program:webmail]
+command = php5-fpm -F
diff --git a/start.sh b/start.sh
new file mode 100755
index 00000000..fde5726b
--- /dev/null
+++ b/start.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# When postfix is installed non-interactively, the file does not get copied to
+# the postfix chroot, thus causing smtpd to fail, fix this at runtime
+cp /etc/services /var/spool/postfix/etc/
+
+# Fix permissions inside data and create necessary directories if not already
+# present
+mkdir -p \
+ /data/mail \
+ /data/webmail/tmp \
+ /data/logs \
+ /data/ssl
+
+chown -R mail:mail /data/mail
+chown -R www-data:www-data /data/webmail /data/logs/webmail
+
+# Copy the system snakeoil certificate if none is provided
+if [ ! -f /data/ssl/cert.pem ]; then
+  cp /etc/ssl/private/ssl-cert-snakeoil.key /data/ssl/key.pem
+  cp /etc/ssl/certs/ssl-cert-snakeoil.pem /data/ssl/cert.pem
+fi
+
+# Finally run the server
+/usr/bin/supervisord -c /etc/supervisor/supervisord.conf