currently installing a whole new multi-server ispconfig install for a new company.. using ubuntu 22.04 and installed using the auto-installer.. for configuring roundcube access, (it's all working, sending and receiving file, ispconfig roundcube plugins configured and working) roundcube is currently installed, via the auto-installer, using apt, to the default folder locations. roundcube is enabled by roundcube.conf in /etc/apache2/conf-enabled. i know i can set the /webmail alias, so it can be accessed by anyone using <theirowndomain.tld>/webmail, or via <server.domain.tld>:8080/webmail but i've never really been keen on those methods.. i'd like to just create the vhost webmail.mymaindomain.tld and have all our clients use that single clean address for accessing roundcube. i know there's various different ways to get this working.. configure reverse proxy to <server.domain.tld>:8080/webmail, symlink from the vhost docroot to /var/lib/roundcube/public_html/ change the docroot to /var/lib/roundcube/public_html just remove roundcube completely and then manually install it in the vhost /web directory. what's the recommended / most secure / best supported method of doing this these days?
I have used just mycompanydomain.tld/webmail. I find this straightforward and users have not complained.
Default already covers that and @Taleman already confirmed he had no complaints. It is the recommended one. This works fine too IMV and can be secured as well but since it is not default, it may not be fully supported.
yep, i know this, we have been doing this for years, i'm just not a fan of having to use the /webmail extension on the address. or keep having to tell everyone to use port 8080 or 8081 for control panel / apps access as well.. too many customers keep forgetting about it.. or just don't seem to get the concept of port numbers... also this doesn't work out of the box if the mycompanydomain.tld vhost is using a chrooted php-fpm. i know there's solutions to that too, including just not chrooting the php-fpm. put simply.. going forward, we're going to move away from having roundcube on every webserver. so clients using <customerdomain.tld>/webmail isn't going to be an option for them anyway. plus if they have sites on different servers, or use our mycompanydomain.tld/webmail.. then they access different roundcube databases, and then get even more confused when their contact list doesn't show up.. i could mirror a single roundcube database across the servers or use a central db server for it, but that's even more of a pain. i''ve already setup the new system so i have the main company website on mycompanydomain.tld, and have mypanel.mycompanydomain.com setup as a subdomain vhost reverse proxying to hostname.mycompanydomain.tld:8080 would also just prefer to use webmail.mycompanydomain.tld for roundcube, they'll just be a single roundcube instance on a single server. to start with the same server running the interface and our own main site, completely separate from client / shared webservers. if the load on this server / webmail usage starts becoming an issue, we'd then look at having a dedicated webmail server. i just find that eg https://mypanel.mydomain.tld looks cleaner than https://hostname.mydomain.tld:8080 and https://webmail.mydomain.tld looks cleaner than https://mydomain.tld/webmail a bit pedantic, i know, but it's surprising how much little details like than can change the user experience.
There is no need to change anything in ISPConfig code to have a webmail URL https://webmail.yourdomain.tld, the webmail URL is freely configurable for years now. So if you like to have that URL, just use it. 1) Create a website webmail.yourdomain.tld in ISPConfig and install any webmail client you like into that website. 2) Change webmail URL under System > Interface > main config in ISPConfig to that new URL. That's all. Webmail has never been a part of ISPConfig code, it has always been a separate package of the OS that gets installed, and the Debian and Ubuntu maintainers of the RoundCube package decided that they want to show their software using a global alias and not by using a website, that's why there is a URL like /webmail by default. And back to the original question "recommended roundcube access", there is no recommended way to access Roundcube, you can freely decide how you like it best and then set the URL under system > Interface > main config. So if you dislike using a port or a alias and prefer a website, then use a website. Other prefer an alias or the port based version and they will use that. And on new setups, setting up a website automatically does not work anyway as such a setup requires setting up a domain for this website upfront which most users will fail to do, many fail even setting up their hostname correctly as you can see in the forum, so asking them to set up another independent domain upfront for webmail will just cause more failed setups. Using port 8081 for the apps vhost is a workaround or way to provide a setup that's working for everyone after installation, webmail is available there and it solves also the problem with chrooted sites you mentioned, that's why there is a dedicated apps vhost which provides URL https://serverhostname:8081/webmail, a guaranteed working environment for globally installed apps, independent from individual website configurations.
Since you say you are on a multiserver setup, create a new webserver (webmail) and you are done. webmail.domain.com will be the main site, All other customer/client webmail sites will be alias of the main server.
