The Modoboa install script installs the Nginx web server by default. Nginx is best for static content and Apache is better for dynamic content (like php). The key advantage to using Nginx is it commands less system resources due to its architecture. Still, if your web traffic is low, the performance gains by using Nginx is negligible. I decided my website would be best served with Apache alone, though I still wanted to use Modoboa as my email server.
Since the installation script installs Nginx by default, a few modifications to the script file are needed. The following instructions assume a fresh Ubuntu 18.04 with Apache already installed. Also, make sure DNS MX record is already configured with mail.your-domain.com.
Modoboa Installer
First install mod_wsgi then restart Apache
$ sudo apt-get install libapache2-mod-wsgi $ sudo systemctl restart apache2The installation script is available from GitHub.
$ git clone https://github.com/modoboa/modoboa-installerInstall the necessary perl scripts
$ sudo apt-get install python-virtualenv python-pipNavigate to the installer directory
$ cd modoboa-installerRun the following command.
$ sudo ./run.py --stop-after-configfile-check your-domain.comYou'll get a warning that the installer.cfg file was not found so a new one was created. installer.cfg file allows you to customize certain elements of the installation. The default contents include the following:
$ [general] hostname = mail.%(domain)s [certificate] generate = true type = self-signed [letsencrypt] email = admin@your-domain.com [database] engine = postgres host = 127.0.0.1 install = true [postgres] user = postgres password =Leave the certificate type to self-signed. We will install a Let's Encrypt certificate manually later.
If you want to use MariaDB instead of postgres, change the engine type under database to mysql. Scroll down and change the instruction to install nginx to false.
[nginx]
enabled = false
Make the desired changes and save the file. Next we'll re-run the installation routine using --interactive.$ sudo ./run.py --interactive your-domain.com
If you have problems with the installation, rerun the script with the debug option:$ sudo ./run.py --interactive --debug your-domain.com
If all goes well, the completed installation should look similar to the following:Welcome to Modoboa installer! Warning: Before you start the installation, please make sure the following DNS records exist for domain 'microsmith.net': mail IN A <IP ADDRESS OF YOUR SERVER> IN MX mail.your-domain.com Your mail server will be installed with the following components: modoboa automx amavis clamav dovecot razor postfix postwhite spamassassin uwsgi radicale opendkim Do you confirm? (Y/n) The process can be long, feel free to take a coffee and come back later ;) Starting... Generating new self-signed certificate Installing amavis Installing spamassassin Installing razor Installing clamav Installing modoboa Installing automx Installing radicale Installing uwsgi Installing opendkim Installing postfix Installing postwhite Installing dovecot Congratulations! You can enjoy Modoboa at https://mail.your-domain.com (admin:password)
Apache Configuration
Next we need to create an Apache config file for mail.your-domain.com Here is the file I created in the /etc/apache2/sites-available directory and named mail.your-domain.com.conf :
<VirtualHost *:80> ServerName mail.microsmith.net DocumentRoot /srv/modoboa/instance/ Alias /media/ /srv/modoboa/instance/media/ <Directory /srv/modoboa/instance/media> Order deny,allow Allow from all </Directory> Alias /sitestatic/ /srv/modoboa/instance/sitestatic/ <Directory /srv/modoboa/instance/sitestatic> Order deny,allow Allow from all </Directory> </VirtualHost>Next we need to configure the Apache config file.
$ sudo nano /etc/apache2/apache2.confScroll down the page and uncomment (or add if it's missing) the following lines.
<Directory /srv/> Options Indexes FollowSymLinks AllowOverride None Require all granted </Directory>In addition, we need to configure WSGI. Add the following lines to the Apache config file:
WSGIScriptAlias / /srv/modoboa/instance/instance/wsgi.py WSGIPythonHome /srv/modoboa/env/ WSGIPythonPath /srv/modoboa/instance/ <Directory /srv/modoboa/instance/instance> <Files wsgi.py> Require all granted </Files> </Directory> WSGIPassAuthorization OnSave the file and reboot.
Install Lets Encrypt Certificate
Make sure the https port 443 is included in your firewall configuration. See Install Firewall (ufw).
Install certbot
Add the PPA and install certbot (install software-properties-common if necessary)
$ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt update
Install certbot packages:
$ sudo apt install python-certbot-apache
Install certificate:
Install the certificate as shown
$ sudo certbot --apache -d mail.your-domain.com
Answer any prompts and wait for the confirmation that the certificate has been issued. If you have problems getting the certificate issue, try visiting the website https://letsdebug.net/. The Let's Encrypt Certificate is only valid for 90 days. However the certbot installation includes a cron script that auto renews the certificate 30 days before expiration. The script is located at /etc/cron.d.You can test the renewal process by running the following command again:
$ sudo certbot renew --dry-run
Manual installation of the Let's Encrypt certificate as instructed will automatically result in the creation of an ssl version of the Apache conf files for your site. Here are the contents of my site's ssl config file (mail.your-domain-le-ssl.conf) after a successful letsencrypt installation in the /etc/apache2/sites-available/ path:
There are two additional lines we need to add to the Apache config file file. Add the two following lines after the WSGIScriptAlias.
<IfModule mod_ssl.c> <VirtualHost *:443> ServerName mail.your-domain.com DocumentRoot /srv/modoboa/instance/ Alias /media/ /srv/modoboa/instance/media/ <Directory </srv/modoboa/instance/media> Order deny,allow Allow from all </Directory> Alias /sitestatic/ /srv/modoboa/instance/sitestatic/ <Directory /srv/modoboa/instance/sitestatic> Order deny,allow Allow from all </Directory> SSLCertificateFile /etc/letsencrypt/live/your-domain.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/your-domain.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule>Note your certificate file path may vary.
There are two additional lines we need to add to the Apache config file file. Add the two following lines after the WSGIScriptAlias.
WSGIDaemonProcess your-domain.com python-path=/srv/modoboa/instance:/srv/modoboa/env/lib/python2.7/site-packages WSGIProcessGroup your-domain.com
Modoboa Log-In Panel
Modoboa is programmed to work with IMAP. If you want to connect to your mail server via pop3 to another email service, you need to make configuration changes. The easiest was to do this is to install dovecot-pop3d.
$ sudo apt install dovecot-pop3dOpen firewall ports for 25, 587, 993, 995.
We're now ready to log into the Modoboa panel. Go to https://mail.your-domain.com. Your log-in is Admin and the password is password. Once you're logged in change your username and/or password. Click on the user name in the top right of the menu panel, then go to settings>>profile to make the changes.
To set up domains for the server, click Domains from the top menu bar then click the Add+ button. Be sure to enable dkim signing. Once the domain is setup, you can retrieve the public key for DKIM by selecting Domains from the top menu bar, then click the domain name. Click the Show key button in the DNS box on the top right. You will need to add the domain key to your DNS settings.
If you plan to use Modoboa's webmail (I used it for testing) you should change the IMAP and SMTP ports and enable ssl/tls. Click Modoboa in the menu bar, then select the Webmail tab. Under IMAP settings, click the radio button to use a secure connection and change the port to 993. Under SMTP settings, click the radio button to enable STARTTLS, change the server port to 587, then click the "Yes" radio button to require authentication. Click save.