From a4216a27177c3ef5fb9b4a0f8ff270aff91e9cdb Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Sun, 21 Dec 2014 08:37:20 +0100 Subject: roundcubemail: add nginx, php-fpm support (F21+) --- roundcubemail.conf | 49 ------------------------------------------------- roundcubemail.httpd | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ roundcubemail.nginx | 47 +++++++++++++++++++++++++++++++++++++++++++++++ roundcubemail.spec | 37 ++++++++++++++++++++++++++++++------- 4 files changed, 126 insertions(+), 56 deletions(-) delete mode 100644 roundcubemail.conf create mode 100644 roundcubemail.httpd create mode 100644 roundcubemail.nginx diff --git a/roundcubemail.conf b/roundcubemail.conf deleted file mode 100644 index 5b67c20..0000000 --- a/roundcubemail.conf +++ /dev/null @@ -1,49 +0,0 @@ -# -# Round Cube Webmail is a browser-based multilingual IMAP client -# - -Alias /roundcubemail /usr/share/roundcubemail - -# Define who can access the Webmail -# You can enlarge permissions once configured - - - - # Apache 2.4 - Require local - - - # Apache 2.2 - Order Deny,Allow - Deny from all - Allow from 127.0.0.1 - Allow from ::1 - - - -# Define who can access the installer -# keep this secured once configured - - - - # Apache 2.4 - Require local - - - # Apache 2.2 - Order Deny,Allow - Deny from all - Allow from 127.0.0.1 - Allow from ::1 - - - -# Those directories should not be viewed by Web clients. - - Order Allow,Deny - Deny from all - - - Order Allow,Deny - Deny from all - diff --git a/roundcubemail.httpd b/roundcubemail.httpd new file mode 100644 index 0000000..5b67c20 --- /dev/null +++ b/roundcubemail.httpd @@ -0,0 +1,49 @@ +# +# Round Cube Webmail is a browser-based multilingual IMAP client +# + +Alias /roundcubemail /usr/share/roundcubemail + +# Define who can access the Webmail +# You can enlarge permissions once configured + + + + # Apache 2.4 + Require local + + + # Apache 2.2 + Order Deny,Allow + Deny from all + Allow from 127.0.0.1 + Allow from ::1 + + + +# Define who can access the installer +# keep this secured once configured + + + + # Apache 2.4 + Require local + + + # Apache 2.2 + Order Deny,Allow + Deny from all + Allow from 127.0.0.1 + Allow from ::1 + + + +# Those directories should not be viewed by Web clients. + + Order Allow,Deny + Deny from all + + + Order Allow,Deny + Deny from all + diff --git a/roundcubemail.nginx b/roundcubemail.nginx new file mode 100644 index 0000000..8866792 --- /dev/null +++ b/roundcubemail.nginx @@ -0,0 +1,47 @@ +location = /roundcubemail { + alias /usr/share/roundcubemail/; +} + +location /roundcubemail/ { + root /usr/share; + index index.php; + + location ~ ^/roundcubemail/bin/(.+)$ { + deny all; + } + location ~ ^/roundcubemail/plugins/enigma/home/(.+)$ { + deny all; + } + + # Define who can access the installer + # keep this secured once configured + + location ~ ^/roundcubemail/installer/(.+\.php)$ { + allow 127.0.0.1; + allow ::1; + deny all; + + try_files $uri =404; + fastcgi_intercept_errors on; + include fastcgi_params; + fastcgi_param SERVER_NAME $host; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass php-fpm; + } + + # Define who can access the Webmail + # You can enlarge permissions once configured + + location ~ ^/roundcubemail/(.+\.php)$ { + allow 127.0.0.1; + allow ::1; + deny all; + + try_files $uri =404; + fastcgi_intercept_errors on; + include fastcgi_params; + fastcgi_param SERVER_NAME $host; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass php-fpm; + } +} diff --git a/roundcubemail.spec b/roundcubemail.spec index b72a69d..73333a8 100644 --- a/roundcubemail.spec +++ b/roundcubemail.spec @@ -1,8 +1,15 @@ +%if 0%{?fedora} >= 21 +# support for apache / nginx / php-fpm +%global with_phpfpm 1 +%else +%global with_phpfpm 0 +%endif + %define roundcubedir %{_datadir}/roundcubemail %global _logdir /var/log Name: roundcubemail Version: 1.0.4 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Round Cube Webmail is a browser-based multilingual IMAP client Group: Applications/System @@ -20,7 +27,8 @@ Group: Applications/System License: GPLv3+ with exceptions and GPLv3+ and GPLv2 and LGPLv2+ and CC-BY-SA and (MIT or GPLv2) URL: http://www.roundcube.net Source0: https://downloads.sourceforge.net/roundcubemail/roundcubemail-%{version}-dep.tar.gz -Source1: roundcubemail.conf +Source1: roundcubemail.httpd +Source3: roundcubemail.nginx Source2: roundcubemail.logrotate Source4: roundcubemail-README.rpm # Elegantly handle removal of moxieplayer Flash binary in tinymce @@ -32,8 +40,15 @@ Patch1: roundcubemail-1.0.3-confpath.patch BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root%(%{__id_u} -n) +%if %{with_phpfpm} +Requires: webserver +Requires: nginx-filesystem +Requires: httpd-filesystem +Requires: php(httpd) +%else Requires: httpd Requires: mod_php +%endif Requires: php-curl Requires: php-date Requires: php-dom @@ -135,8 +150,13 @@ rm -rf %{buildroot} install -d %{buildroot}%{roundcubedir} cp -pr * %{buildroot}%{roundcubedir} -mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d -cp -pr %SOURCE1 %{buildroot}%{_sysconfdir}/httpd/conf.d +# Apache with mod_php or php-fpm +install -Dpm 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/httpd/conf.d/%{name}.conf + +%if %{with_phpfpm} +# Nginx with php-fpm +install -Dpm 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/nginx/default.d/%{name}.conf +%endif mkdir -p %{buildroot}%{_sysconfdir}/roundcubemail mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d @@ -193,15 +213,18 @@ rm -rf %{buildroot} %attr(0640,root,apache) %{_sysconfdir}/%{name}/mimetypes.php %attr(0640,root,apache) %{_sysconfdir}/%{name}/defaults.inc.php %attr(0640,root,apache) %{_sysconfdir}/%{name}/config.inc.php.sample -%config(noreplace) %{_sysconfdir}/httpd/conf.d/roundcubemail.conf +%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf +%if %{with_phpfpm} +%config(noreplace) %{_sysconfdir}/nginx/default.d/%{name}.conf +%endif %attr(0775,root,apache) %dir /var/log/roundcubemail %attr(0775,root,apache) %dir /var/lib/roundcubemail %config(noreplace) %{_sysconfdir}/logrotate.d/roundcubemail %changelog -* Sun Dec 21 2014 Remi Collet - 1.0.4-2 -- sync with rawhide (drop tinymce bbcode plugin) +* Sun Dec 21 2014 Remi Collet - 1.0.4-3 +- provide Nginx configuration * Sat Dec 20 2014 Adam Williamson - 1.0.4-2 - drop tinymce bbcode plugin for safety (CVE-2012-4230) -- cgit