This is my experiment to get iRedMail to work with Nginx. In the end I got everything to work other than awstats, although with some caveats. I don’t like awstats very much and it seemed quite troublesome to get it setup. There is a mode to run awstats in that lets it just generate static files, which to me seem to be a better solution. I did testing only on Debian 6.0.7, although it should also work in Ubuntu just fine. It was also limited testing on brand new VMs.
So I am starting out with a brand new Debian 6.0.7 system. First things first we setup our hosts and hostname file. For my test environment I used mail.debian.test as my test environment. Then I grabbed the latest iRedMail which happened to be 0.8.3 at the time of writing this. I did this via wget in a ssh session. I had to install bzip2 to “tar -xf” it, so a quick “apt-get install bzip2” resolved that. I then ran the iRedMail installer and let it complete.
Now to stop apache services for good:
update-rc.d -f apache2 remove service apache2 stop
Optionally we can run “apt-get remove apache2” to get rid of apache binaries as well.
Now, I needed Nginx and php5-fpm (as I prefer fpm). This takes a little work as Debian 6.0.7 doesn’t have it in its default sources. This would have been easier on Ubuntu.
yes | apt-get install nginx curl echo "" >> /etc/apt/sources.list echo "# dotdeb packages" >> /etc/apt/sources.list echo "deb http://packages.dotdeb.org stable all" >> /etc/apt/sources.list echo "deb-src http://packages.dotdeb.org stable all" >> /etc/apt/sources.list curl -0 http://www.dotdeb.org/dotdeb.gpg | apt-key add - apt-get update yes | apt-get install php5-fpm
What I did her is first install nginx and curl. Then I added dotdeb to the sources list, added its key and then updated my sources. Finally I was able to install fpm.
Now that the applications are in place, I need to write their configuration files. Here is the list of files I will be using:
Nginx’s iRedMail site configuration file
php5’s FPM iRedMail web pool file
iRedMail init.d file to launch the iredadmin pyton webservice
During additional testing I uploaded the files and just used curl to put them into place. The init.d script is borrowed from the web (exactly where I can’t remember as I used bites and pieces from multiple places). However I don’t feel the need to write out or explain in great detail all off the changes.
curl -0 http://sleepycode.com/wordpress/wp-content/uploads/2013/03/iRedMail.nginx_.txt > /etc/nginx/sites-available/iRedMail curl -0 http://sleepycode.com/wordpress/wp-content/uploads/2013/03/iRedMail.fpm_.txt > /etc/php5/fpm/pool.d/iRedMail.conf curl -0 http://sleepycode.com/wordpress/wp-content/uploads/2013/03/iRedMail.initd_.txt > /etc/init.d/iredadmin
You will need to modify the nginx file (/etc/nginx/sites-available/iRedMail) to contain the correct domain. As well you will need an additional dns enter for iredadmin.domain.tld (in my case iredadmin.debian.test). If this is your only/first ssl site or you prefer it to be default you will need to adjust the ssl section. I added comments to explain that. Nginx expects a default website and if none exist it won’t start.
As for the additional domain, I tried my best, but it seems there is no way to have the perl script to be aware its in a sub directory and pass the correct urls to its output templates. Although the template has the capability to do a homepath variable, this seems to be set from ctx in perl which from my limited knowledge I don’t believe is changeable via environment/server variables. I also didn’t see a way to change that in any setting. Hopefully the iRedMail developers can make this change in future versions.
The good news is the iRedMail developers had foresight to setup the script to run very smoothly as a stanalone python web server via a cgi socket. So no additional work to make that run is needed. I had hoped to use the iredapd service to launch this, but it appears to crash and fail horribly. So I setup a second instance to do this.
Now just a little more work to activate the new service, link the file as a live nginx site and restart some services.
chmod a+x /etc/init.d/iredadmin ln -s /etc/nginx/sites-available/iRedMail /etc/nginx/sites-enabled/ service apache2 stop service php5-fpm restart service nginx restart service iredadmin start
Thats it. Now when I hit mail.debian.test I get the webmail portal. When I access iredadmin.debian.test I get the admin portal. phpmyadmin is also setup on mail.debian.test/phpmyadmin
Setting this up for Ubuntu should be easier, as 12.04 has php5-fpm in its packages so there is no need to add in the dotdeb resources. Everything else would be the same for it.
Nginx has always been flaky for me while doing Ipv6 services. I intended to include them but it just wasn’t playing nicely enough. Sometimes just doing [::]:80 to a listen will make it listen. Other times I have to specify it twice (and it doesn’t complain). Then again if I try it on 443 using [::]:443 nginx may not want to start at all, while it accepted [::]:80 just fine. So because of how picky it can be at times, I just opted to go with ipv4 only support here.
So does iRedAdmin work? In the file a commented section says it doesn’t work yet. And when I go to the subdomain, I just see the nginx “it works” page.
Yes it does work, with a few minor details at the moment.
The commented code is because we can’t do the admin panel on the same domain/ip address as the rest (or the mail section). The iRedMail Admin panel does not include a way or detect properly that it is in a sub folder. My own perl scripting skills are weak, but I didn’t see a way to change this without having to maintain those edits on each update. So I opted for moving the admin panel to its own subdomain and having it operate there.
There is a variable in his templates that appears to try to detect the path, but it seems this doesn’t work or Nginx isn’t passing the proper environment varibles over. Again, my knowledge of perl is ok, but very limited when it comes to working with it from a running web service aspect.
If you are seeing the “It Works” page, you are hitting the nginx default page, which means its not detecting the subdomain being hit. Don’t forget to enable those subdomains in the nginx configuration file.
I attempted to contact the iRedMail admin for more information and to share him this blog post, but the support email seems to be broken. I am hoping he would be able to adjust the admin panel code to detect its sub folder or add a setting for its base url, which then we can simply edit the default nginx configuration file and not need to worry about applying the subdomains/ips.
This was only done in a testing environment as well, I do intend to use it live someday, but at the moment it destroys/breaks down if any other setup has been done to the server. Which makes it unusable for deploying in existing web/mail servers.
Yes, I have the config file set up and moved, but it does not detect the subdomain. Maybe it’e because i’ve made it a subdomain of another domain on another box/IP? So when I go to iredmail.mydomain.tld I get the nginx default index.html page, but when I go to /mail or /phpmyadmin, they both work.
That sounds like it might be a cached page result. I had it set in the configuration to move you over to the /webmail by default.
I would want to guess a your browser is caching the page here.
The way you run iRedAdmin under Nginx is not recommended. iRedAdmin is written with web.py web framework, it’s not recommended to use web.py builtin web server for production use.
The best way to run iRedAdmin under Nginx should be with wsgi module (the default way configured by iRedMail with Apache + mod_wsgi) because it has best performance. Or as fastcgi application.
You can reach me directly via email if you want: zhb at iredmail dot org.
At the time Debian didn’t include a wsgi in the nginx packages. The only way to introduce it would be compiling your own. Which defeats the purpose of using a package maintainers version to get the latest and greatest.
Corrected your typo you mentioned. Will gladly contact you, I would like to see this use Nginx and quite possibly work on non fresh systems. I would like to deploy it here on my VPS, but I already have MySQL and other things already configured.
Sorry, typo error in my email address, it’s .org, not .com.