How to Install Rainloop Webmail on Ubuntu 22.04

Rainloop is an open-source, web-based email client written in PHP. It is fast, lightweight, and supports SMTP and IMAP protocols.

This guide will teach you to install the Rainloop client on a Ubuntu 22.04 server.

Prerequisites

  • A server running Ubuntu 22.04.

  • A domain name pointing to the server. For our tutorial, we will use the rainloop.example.com domain.

  • A non-root user with sudo privileges.

  • Make sure everything is updated.

    $ sudo apt update && sudo apt upgrade
    
  • Install basic utility packages. Some of them may already be installed.

    $ sudo apt install wget curl nano unzip -y
    

Step 1 - Configure Firewall

The first step before installing Rainloop is to configure the firewall. Check the status of the firewall.

$ sudo ufw status

You should see something like the following.

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)

Rainloop needs HTTP and HTTPs ports to function.

$ sudo ufw allow http
$ sudo ufw allow https

Open ports for the mail accounts you use.

$ sudo ufw allow 587/tcp
$ sudo ufw allow 993/tcp
$ sudo ufw allow 465/tcp

Check the status again to confirm.

$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443                        ALLOW       Anywhere
587/tcp                    ALLOW       Anywhere
993/tcp                    ALLOW       Anywhere
465/tcp                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
587/tcp (v6)               ALLOW       Anywhere (v6)
993/tcp (v6)               ALLOW       Anywhere (v6)
465/tcp (v6)               ALLOW       Anywhere (v6)

Step 2 - Install Nginx

Ubuntu 22.04 ships with an older version of Nginx. To install the latest version, you need to download the official Nginx repository.

Import Nginx's signing key.

$ curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

Add the repository for Nginx's stable version.

$ echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg arch=amd64] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list

Update the system repositories.

$ sudo apt update

Install Nginx.

$ sudo apt install nginx

Verify the installation.

$ nginx -v
nginx version: nginx/1.22.0

Step 3 - Install and Configure PHP

Ubuntu 22.04 ships with PHP 8.1 by default. But for Rainloop to work, we need to install PHP 8.0. The first step is to add Ondrej's PHP repository.

$ sudo add-apt-repository ppa:ondrej/php

Install PHP and the required extensions required by Rainloop.

 $ sudo dnf install php8.0-fpm php8.0-curl php8.0-mbstring php8.0-mysql php8.0-xml php8.0-cli

Verify the installation.

$ php --version
PHP 8.0.20 (cli) (built: Jun 25 2022 08:12:05) ( NTS )
Copyright (c) The PHP Group
Zend Engine v4.0.20, Copyright (c) Zend Technologies
    with Zend OPcache v8.0.20, Copyright (c), by Zend Technologies

Check the status of the PHP service.

$ sudo systemctl status php8.0-fpm
? php8.0-fpm.service - The PHP 8.0 FastCGI Process Manager
     Loaded: loaded (/lib/systemd/system/php8.0-fpm.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2022-07-04 01:52:55 UTC; 1min 22s ago
       Docs: man:php-fpm8.0(8)
    Process: 12463 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm.sock /etc/php/8.0/fpm/pool.d/www.conf 80 (code=exited, status=0/SUCCESS)
   Main PID: 12460 (php-fpm8.0)
     Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
      Tasks: 3 (limit: 2241)
     Memory: 8.7M
        CPU: 89ms
     CGroup: /system.slice/php8.0-fpm.service
             ??12460 "php-fpm: master process (/etc/php/8.0/fpm/php-fpm.conf)

Open the php.ini file for editing.

$ sudo nano /etc/php/8.0/fpm/php.ini

Change the values of the following variables to set the mail attachment size to 25MB.

upload_max_filesize = 25M
post_max_size = 25M

Save the file by pressing Ctrl + X and entering Y when prompted.

Open the file /etc/php/8.0/fpm/pool.d/www.conf.

$ sudo nano /etc/php/8.0/fpm/pool.d/www.conf

Find the user=apache and group=apache lines in the file and change them as follows.

...
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
...

Also, find the lines listen.owner = www-data and listen.group = www-data and change them as follows.

...
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions. The owner
; and group can be specified either by name or by their numeric IDs.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = nginx
listen.group = nginx
...

Save the file by pressing Ctrl + X and entering Y when prompted.

Restart the PHP-FPM service.

$ sudo systemctl restart php8.0-fpm

Step 4 - Install MySQL

Ubuntu 22.04 ships with the latest version of MySQL. You can install it with a single command.

$ sudo apt install mysql-server

Check the version of MySQL.

$ mysql --version
mysql  Ver 8.0.29-0ubuntu0.22.04.2 for Linux on x86_64 ((Ubuntu))

This step is necessary for MySQL versions 8.0.28 and above. Enter the MySQL Shell.

$ sudo mysql

Run the following command to set the password for your root user. Make sure it has a mix of numbers, uppercase, lowercase, and special characters.

mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'YourPassword12!';

Exit the shell.

mysql> exit

Run the MySQL secure install script.

$ sudo mysql_secure_installation

First, you will be asked for your root password. Enter it. Next, you will be asked to install the Validate Password Component. It checks the strength of passwords used in MySQL. Press Y to install it.

Next, you will be asked to set the level of the password validation policy. Choose 2 as it is the strongest one.

Next, Press N to refuse to change your root password. Also, press Y to remove anonymous users, disallow remote root logins, remove the test database, and reload the privilege tables.

Step 5 - Configure MySQL

Log in to the MySQL shell. Enter your root password when prompted.

$ sudo mysql -u root -p

Create a database for Rainloop.

mysql> CREATE DATABASE rainloop;

Create an SQL user to access the database. Replace yourpassword with a password of your choice.

mysql> CREATE USER 'rainuser'@'localhost' IDENTIFIED BY 'YourPassword23!';

Grant rainuser access to the database.

mysql> GRANT ALL ON rainloop.* TO 'rainuser'@'localhost';

Reload the privilege table.

mysql> FLUSH PRIVILEGES;

Exit the shell.

mysql> exit

Step 6 - Install Rainloop

Create the public directory for Rainloop.

$ sudo mkdir /var/www/html/rainloop -p

Download the latest version of Rainloop.

$ wget http://www.rainloop.net/repository/webmail/rainloop-community-latest.zip

Unzip the downloaded file to the public directory.

$ sudo unzip rainloop-community-latest.zip -d /var/www/html/rainloop

Change the ownership of the directory to Nginx.

$ sudo chown -R nginx:nginx /var/www/html/rainloop

Set read and write permissions required by Rainloop.

$ sudo find /var/www/html/rainloop -type d -exec chmod 755 {} \;
$ sudo find /var/www/html/rainloop -type f -exec chmod 644 {} \;

Step 7 - Install SSL

We need to install Certbot to generate free SSL certificates offered by Let's Encrypt.

You can either install Certbot using Ubuntu's repository or grab the latest version using the Snapd tool. We will be using the Snapd version.

Ubuntu 22.04 comes with Snapd installed by default. Run the following command to ensure that your version of Snapd is up to date.

$ sudo snap install core

Install Certbot.

$ sudo snap install --classic certbot

Use the following command to ensure that the Certbot command can be run by creating a symbolic link to the /usr/bin directory.

$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

Generate an SSL Certificate for Rainloop.

$ sudo certbot certonly --standalone --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d rainloop.example.com

Generate a Diffie-Hellman group certificate.

$ sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096

Open the file /etc/letsencrypt/renewal/rainloop.example.com.conf for editing.

$ sudo nano /etc/letsencrypt/renewal/rainloop.example.com.conf

Paste the following code at the bottom.

pre_hook = systemctl stop nginx
post_hook = systemctl start nginx

Save the file by pressing Ctrl + X and entering Y when prompted.

We have generated the SSL certificate using the standalone option of Certbot. It runs its web server to create the certificate which means Nginx should be shut off during the renewal. The pre_hook and post_hook commands run before and after the renewal to automatically shut and restart the Nginx server thereby requiring no manual intervention.

To check whether the SSL renewal is working fine, do a dry run of the process.

$ sudo certbot renew --dry-run

If you see no errors, you are all set. Your certificate will renew automatically.

Step 8 - Configure Nginx

Open the file nginx.conf for editing.

$ sudo nano /etc/nginx/nginx.conf

Find the line include /etc/nginx/conf.d/*.conf; and paste the following code below it.

server_names_hash_bucket_size  64;

Save the file by pressing Ctrl + X and entering Y when prompted.

Create the Rainloop configuration file for Nginx and open it for editing.

$ sudo nano /etc/nginx/conf.d/rainloop.conf

Paste the following code in it.

server {

    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name rainloop.example.com;
    root /var/www/html/rainloop;

    index index.php;
    client_max_body_size 25M;

    access_log  /var/log/nginx/rainloop.access.log;
    error_log   /var/log/nginx/rainloop.error.log;

    ssl_certificate      /etc/letsencrypt/live/rainloop.example.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/rainloop.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/rainloop.example.com/chain.pem;
    
    ssl_session_timeout  5m;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_index index.php;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_keep_conn on;
        include fastcgi_params;
        fastcgi_pass unix:/run/php/php8.0-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    location ~ /\.ht {
        deny all;
    }

    location ^~ /data {
        deny all;
    }
}
# enforce HTTPS
server {
    listen 80;
    listen [::]:80;
    server_name  rainloop.example.com;
    return 301   https://$host$request_uri;
}

Save the file by pressing Ctrl + X and entering Y when prompted.

Verify Nginx configuration syntax.

$ sudo nginx -t

Restart the Nginx service.

$ sudo systemctl restart nginx

Step 9 - Configure and Access Rainloop

Open Rainloop's Administrator page via the URL https://rainloop.example.com/?admin and you will get the following login screen.

Rainloop Administrator Login

Enter the following credentials and press enter to log in.

Username: admin
Password: 12345

The Rainloop administrator dashboard will open with a warning to change your default password.

Rainloop Administrator Password Warning

Change the default password by using the link in the dashboard.

Rainloop Change Password Screen

Enter your new password and click the Update Password button to proceed.

Rainloop uses MySQL to store contact information. Open the Contacts page and select MySQL from the dropdown menu.

Rainloop Contacts Page

Enter the database credentials created earlier.

Rainloop MySQL details

Press the Test button to check the connection and install the tables. If the button turns green, it means the connection is successful.

You can start using Rainloop by adding your mail accounts.

Conclusion

You have installed Rainloop successfully on a Ubuntu 22.04 server. If you have any questions, post them in the comments below.

Share this page:

3 Comment(s)