...
Editorial Staff
How to install roundcube on rocky linux vps
Discover how to install roundcube on rocky linux vps!

This article explains how to install Roundcube on Rocky Linux VPS.

Table of Contents

What is Roundcube?

Roundcube is a free, open-source webmail applicationβ€”a browser-based email client you host on your own server. It provides a modern, Gmail-like UI on top of your existing IMAP/SMTP mail server (e.g., Dovecot/Postfix), so users can read, compose, search, and manage mail from any browser.

Key points

  • Runs on: PHP with a database (MariaDB/MySQL, PostgreSQL, or SQLite) behind Nginx/Apache.
  • Connects to: IMAP for mailbox access; SMTP for sending.
  • UI/UX: Responsive β€œElastic” theme, drag-and-drop, keyboard shortcuts, rich-text editor.
  • Features: Folders, filters, identities, signatures, address book (with LDAP support), contact groups, threaded view, spellcheck, attachments, vacation/forwarding plugins.
  • Extensible: Robust plugin/skin system (calendars, carddav/caldav, S/MIME, two-factor via plugins, etc.).
  • Admin-friendly: Config via config.inc.php, fine-grained logging, caching, and localization.
  • Why use it: Self-hosted control/privacy, integrates cleanly with standard Linux mail stacks, low resource footprint, easy theming/branding.

These steps target Rocky Linux 9 on a fresh VPS and deploy Roundcube Webmail with Nginx + PHP-FPM + MariaDB. You’ll end up with https://webmail.example.com running Roundcube 1.6.x (current series). Commands are root unless noted.

Prerequisites

  • A Rocky Linux VPS with SSH access
  • A domain or subdomain (e.g., webmail.example.com) pointing to your server’s IP
  • Ports 80/443 reachable
# Become root if needed
sudo -i

Launch 100% ssd fedora vps from $2. 49/mo!

How to Install Roundcube on Rocky Linux VPS (Step-by-Step)

To install Roundcube on Rocky Linux VPS, follow the steps provided below:

  1. Update OS & enable repos

    dnf -y update
dnf -y install epel-release
# Optional: tools we’ll use
dnf -y install curl unzip policycoreutils-python-utils

  2. Install Nginx, PHP-FPM, and required PHP extensions

    Roundcube needs PHP (with mbstring, intl, xml, pdo, etc.) and either MySQL/MariaDB, PostgreSQL, or SQLite. We’ll use MariaDB.

    dnf -y install nginx php php-fpm \
  php-cli php-common php-mbstring php-intl php-xml php-json \
  php-gd php-zip php-opcache php-pdo php-mysqlnd php-ldap

    Tune PHP-FPM (recommended defaults for webmail):

    # Make sure PHP-FPM listens on the default socket
sed -ri 's|^;?listen\s*=\s*.*|listen = /run/php-fpm/www.sock|' /etc/php-fpm.d/www.conf
# Set Unix socket ownership for Nginx <-> PHP-FPM
sed -ri 's|^;?listen\.owner\s*=.*|listen.owner = nginx|' /etc/php-fpm.d/www.conf
sed -ri 's|^;?listen\.group\s*=.*|listen.group = nginx|' /etc/php-fpm.d/www.conf
sed -ri 's|^;?listen\.mode\s*=.*|listen.mode = 0660|' /etc/php-fpm.d/www.conf

# Set PHP memory limit & upload sizes (Roundcube attachments)
cp /etc/php.ini /etc/php.ini.bak
sed -ri 's/^memory_limit\s*=.*/memory_limit = 256M/' /etc/php.ini
sed -ri 's/^post_max_size\s*=.*/post_max_size = 32M/' /etc/php.ini
sed -ri 's/^upload_max_filesize\s*=.*/upload_max_filesize = 32M/' /etc/php.ini

    Enable and start services:

    systemctl enable --now php-fpm nginx

  3. Install and secure MariaDB

    dnf -y install mariadb-server
systemctl enable --now mariadb

# Secure the installation (set root password, remove test DB, etc.)
mysql_secure_installation

    Create Roundcube database and user:

    mysql -u root -p <<'SQL'
CREATE DATABASE roundcube CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
CREATE USER 'roundcube'@'localhost' IDENTIFIED BY 'StrongRandomPassword!';
GRANT ALL PRIVILEGES ON roundcube.* TO 'roundcube'@'localhost';
FLUSH PRIVILEGES;
SQL

  4. Get Roundcube (stable release)

    Two common ways:

    • A. DNF package (EPEL): dnf -y install roundcubemail (fast, opinionated paths, Apache-centric sample configs).
    • B. Tarball (official): most flexible and Nginx-friendly. We’ll use tarball.
    cd /var/www
curl -LO https://github.com/roundcube/roundcubemail/releases/download/1.6.7/roundcubemail-1.6.7-complete.tar.gz
tar xzf roundcubemail-1.6.7-complete.tar.gz
mv roundcubemail-1.6.7 roundcube
chown -R nginx:nginx /var/www/roundcube

    Tip: Replace version 1.6.7 above with the latest β€œcomplete” tarball when you deploy.

    Create directories writable by the web server:

    mkdir -p /var/www/roundcube/{logs,temp}
chown -R nginx:nginx /var/www/roundcube/{logs,temp}

  5. Initialize Roundcube database schema

    # Import schema into the DB you created in step 3
mysql -u root -p roundcube < /var/www/roundcube/SQL/mysql.initial.sql

  6. Configure Nginx virtual host

    Create an Nginx server block for webmail.example.com:

    cat >/etc/nginx/conf.d/webmail.conf <<'NGINX'
server {
    listen 80;
    server_name webmail.example.com;

    root /var/www/roundcube;
    index index.php index.html;

    # Security headers (basic)
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header Referrer-Policy no-referrer-when-downgrade;

    # Deny access to sensitive files
    location ~ ^/(README|INSTALL|LICENSE|CHANGELOG|composer\.(json|lock)|\.git) {
        deny all;
    }

    # Block direct access to config, temp, logs
    location ~ ^/(config|temp|logs)/ {
        deny all;
    }

    # Static assets (cache)
    location ~* \.(?:css|js|jpg|jpeg|gif|png|svg|ico|woff2?)$ {
        expires 30d;
        access_log off;
        try_files $uri =404;
    }

    location / {
        try_files $uri /index.php?$query_string;
    }

    location ~ \.php$ {
        include        fastcgi_params;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass   unix:/run/php-fpm/www.sock;
        fastcgi_read_timeout 300;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
    }
}
NGINX

    Test and reload Nginx:

    nginx -t && systemctl reload nginx

  7. (Recommended) Enable HTTPS with Let’s Encrypt

    Install Certbot and request a certificate:

    dnf -y install certbot python3-certbot-nginx
certbot --nginx -d webmail.example.com --redirect -m admin@example.com --agree-tos -n

    This updates your Nginx server block for 443 and configures HTTP→HTTPS redirects.

  8. Firewalld rules

    # Open HTTP/HTTPS if firewalld is active
systemctl is-active --quiet firewalld && \
  firewall-cmd --permanent --add-service=http && \
  firewall-cmd --permanent --add-service=https && \
  firewall-cmd --reload

  9. SELinux adjustments (if Enforcing)

    Allow Nginx/PHP-FPM to connect to DB (local TCP) and write to Roundcube’s temp and logs:

    # Allow web server to connect to network databases
setsebool -P httpd_can_network_connect_db 1

# Label writable paths
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/roundcube/(logs|temp)(/.*)?"
restorecon -Rv /var/www/roundcube/{logs,temp}

    If you send mail through the local MTA from PHP, you may also need:

    setsebool -P httpd_can_sendmail 1

  10. Run Roundcube installer

    1. Browse to: https://webmail.example.com/installer/
    2. The installer checks PHP extensions and file permissions. Fix any red items it reports.
    3. Under Database setup, choose MySQL and enter:
      • DSN: mysql://roundcube:StrongRandomPassword!@localhost/roundcube
    4. Create config/config.inc.php from the installer (it will offer to save the file).
    5. Test IMAP and SMTP connectivity (use your mail server hostnames/ports, TLS settings, and credentials).
    6. When everything passes, remove the installer: 
      rm -rf /var/www/roundcube/installer

  11. Tighten permissions

    # Root owns code; nginx owns writable dirs
chown -R root:root /var/www/roundcube
chown -R nginx:nginx /var/www/roundcube/{logs,temp}
find /var/www/roundcube -type d -exec chmod 755 {} \;
find /var/www/roundcube -type f -exec chmod 644 {} \;

  12. Configure defaults (optional but useful)

    Edit /var/www/roundcube/config/config.inc.php:

    • Product name: 
      $config['product_name'] = 'Webmail';
    • Default host (forces IMAP host, hides host field on login): 
      $config['default_host'] = 'ssl://imap.example.com';
  $config['default_port'] = 993;
    • SMTP: 
      $config['smtp_server'] = 'tls://smtp.example.com';
  $config['smtp_port']   = 587;
  $config['smtp_user']   = '%u';
  $config['smtp_pass']   = '%p';
    • Skin / language / timezone: 
      $config['skin'] = 'elastic';
  $config['language'] = 'en_US';
  $config['timezone'] = 'UTC';
    • Attachment size (match PHP limits): 
      $config['max_message_size'] = '32M';

      Restart services if you change PHP settings:

      systemctl reload nginx
systemctl restart php-fpm

  13. Log rotation & maintenance

    • Roundcube logs: /var/www/roundcube/logs/
    • Nginx logs: /var/log/nginx/
    • PHP-FPM logs: /var/log/php-fpm/

    Set a cron to run Roundcube’s maintenance (caches, etc.):

    # As root, open crontab
crontab -e
# Add (runs hourly):
17 * * * * php -d detect_unicode=0 /var/www/roundcube/bin/cleandb.sh >/dev/null 2>&1

    If using SQLite, Roundcube also provides bin/gc.sh to garbage-collect caches.

  14. Optional hardening & polish

    • Force HSTS (only after HTTPS is stable): 
      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    • Disable PHP execution in upload/temp directories:
      Add to server block:

      location ~* ^/(logs|temp)/.*\.php$ { return 404; }
    • Dovecot/IMAP tuning: Make sure your IMAP server’s SSL/TLS is valid and ciphers modern.
    • Fail2ban: Protect /login against brute force.

  15. Quick Apache (httpd) alternative

    If you prefer Apache:

    dnf -y install httpd mod_ssl
systemctl enable --now httpd

# Minimal vhost
cat >/etc/httpd/conf.d/webmail.conf <<'APACHE'
<VirtualHost *:80>
  ServerName webmail.example.com
  DocumentRoot /var/www/roundcube
  <Directory /var/www/roundcube>
    AllowOverride All
    Require all granted
  </Directory>
  # Security
  <LocationMatch "^/(README|INSTALL|LICENSE|CHANGELOG|composer\.(json|lock)|\.git)">
    Require all denied
  </LocationMatch>
  <LocationMatch "^/(config|temp|logs)/">
    Require all denied
  </LocationMatch>
  DirectoryIndex index.php
  ProxyTimeout 300
</VirtualHost>
APACHE

# SELinux booleans are the same (httpd_can_network_connect_db / sendmail)
setsebool -P httpd_can_network_connect_db 1

# Reload
systemctl reload httpd

    Then run Certbot with --apache instead of --nginx.

  16. Verify

    • Visit https://webmail.example.com
    • Log in with a valid mailbox (IMAP/SMTP working)
    • Send/receive a test email and attach a file
    • Confirm logs are clean:
    tail -f /var/www/roundcube/logs/errors
  journalctl -u nginx -u php-fpm -f

That’s it!

You’ve completed the steps to install Roundcube on Rocky Linux VPS with production-grade web, PHP, DB, HTTPS, firewall, and SELinux settings.
Launch 100% ssd fedora vps from $2. 49/mo!

Conclusion

You now know how to install Roundcube on Rocky Linux VPS.

Add as Preferred Source on Google
Avatar of editorial staff

Editorial Staff

Rad Web Hosting is a leading provider of web hosting, Cloud VPS, and Dedicated Servers in Dallas, TX.

One thought on β€œπŸš€ How to Install Roundcube on Rocky Linux VPS (5 Minute Quick-Start Guide)”

  1. Running A Full-Stack Email Server With Docker-Mailbox On Rocky Linux VPS - VPS Hosting Blog | Dedicated Servers | Reseller Hosting
    30 seconds ago

    […] Roundcube: You can either use a Docker image for Roundcube or install it manually on a web server. If you’re going with Docker, you can find a suitable image on Docker […]

Comments are closed.

lg