So you've read up on what Roundcube is, and what it can do. But of course, you can't really know if you like it or not, unless you install it and use it for yourself for a week or two. This document will help guide you through a standard installation of Roundcube. We recommend you read this guide to familiarize yourself with how to install Roundcube, but for those who just want to get up and going, there is a shell script at the bottom to automate the installation and have you running almost instantly.

Other tutorials

There's a nice how-to about the installation of Roundcube on a Windows box with IIS6 and hMailServer. NOTE: Make sure you set temp_dir in to an absolute path as otherwise users may run into issues with attaching files to emails.

A Debian-specific step-by-step how-to in Russian language also exists. It's a little bit outdated and not perfectly correct, but still can be useful.


Get Roundcube!

To get started, you need to download Roundcube. The easiest way to get it is to visit and click on "Downloads". Download the archive file containing Roundcube (name should end in .tar.gz) and extract its contents (on Windows, with WinZip or 7-Zip, on Mac/Unix? with tar xfz roundcubemail-xx.tar.gz or gunzip -c roundcube-xx.tar.gz | tar xf -) in the current directory. Verify that after extracting all of the files, you have a directory structure like in Dev_Docs.

Get it ready

Now that we've got our files, we can upload the whole directory to the web server (using your favorite scp or FTP program) in case you're not already working there.

Roundcube needs to save some temp files and it also writes logs. Therefore make sure that the following directories (and the files within) are writable by the web server user:

  • temp
  • logs

Database Configuration

Next thing we need to do is decide what database backend we'll use. The most common is MySQL but others are PostgreSQL and SQLite. So once you decide, create a database with any name you want and grant privileges to a separate database user. It's recommended not to use an existing user or root.

With MySQL you can set up the database by issuing the following commands:

CREATE DATABASE roundcubemail;
GRANT ALL PRIVILEGES ON roundcubemail.* TO username@localhost IDENTIFIED BY 'password';

(of course you have to replace the database, username and password accordingly)

See the INSTALL file for information about setting up PostgreSQL or SQLite

If you are using MySQL, be sure to flush the users privileges when you add a new user or you will get a database connection error:


Note that preconfigured database tables are included in the SQL folder. Import or restore your version or you may get a 500 Error.

Configuring Roundcube

After uploading the files point your browser to http://url-to-roundcube/installer/ to start the install wizard. The first page shows some requirements, and when you click "START INSTALLATION", the installer checks if everything is there. In case you see some red NOT OK messages, you need to install or enable something. Follow the links or find out more by searching your web site for your server's operating system or

Once your web server is ready to run Roundcube you can start creating the config files on the next step. Click "NEXT" to get there. Get through the form and change the settings according to your needs. Don't forget to enter the database credentials within the "Database Setup" section. All the config parameter are described with a few words. If you don't know that a setting means, find out more on the Howto_Config page or just trust the defaults.

When finished the configuration hit the "CREATE CONFIG" button at the bottom of the page. You now get a text box on top of your browser window showing the configuration. Copy the content of that text box and save it into a file named and copy/upload that into the config/ directory of your Roundcube installation. Warning: Pasting directly into an editor such as nano may not work due to word-wrapping. Please use vi or download the file directly instead.

Finally click "CONTINUE" and get to the last step of the install process. Now your configuration is being verified tested against your webserver. Click the "Initialize database" button in you're requested to in order to create the necessary tables in your database.

If there are no red NOT OK messages, you can also try to send a mail in order to test the SMTP settings.

Last but not least you have to remove the whole installer directory from the webserver. If this remains active it can expose the configuration including passwords.

Protect your installation

Access through your webserver to at least the following directories should be denied:

  • /config
  • /temp
  • /logs

Roundcube use .htaccess files to protect this directories, be sure to allow override of the Limit directives to get them taken into account.


This is a very basic setup to get you up and running with Roundcube in less than twenty minutes. There are plenty of other options, and a lot more options to investigate. See Howto_Config or browse the forums for other tricks and modifications, as well as support if you just can't get it working.

Have fun with your new Roundcube installation!!


500 Internal Server Error::

This is a very common problem. The likely cause is AllowOverride Apache directive is in effect. Try to comment all the lines in .htaccess in the document root and then uncomment one line at a time to find which directives in .htaccess cause the error. If these directives protect some critical files from downloading, ask your hoster or administrator to give you more AllowOverride rights or include the problem directives from .htaccess file into administrator maintained configuration file.

Using MySQL - Database Error | Failed Connection

Make sure your database connection string is correct. If you are using MySQL 4.1 or above, your client libraries may not support the new password encryption protocol:

Other Issues

If you're still having trouble after following the steps above, check out the support page where you'll find information about our forum or the mailing list. We also answered some Frequently Asked Questions concerning Roundcube.

Shell Script


This shell script is written for CentOS/RHEL and assumes Apache is installed in a default way, with your MySQL, SMTP and IMAP servers running on the localhost. You will also need to install wget (yum install -y wget) if you haven't already. Once the script is finished, you can access roundcube by http://{your_web_server}/roundcube or http://{your_web_server}/webmail.



if [ -z "${mysql_roundcube_password}" ]; then
  tmp=$(</dev/urandom tr -dc A-Za-z0-9 | head -c12)
  read -p "MySQL roundcube user password [${tmp}]:" mysql_roundcube_password
  echo "MySQL roundcube: ${mysql_roundcube_password}" >> .passwords

if [ -z "${mysql_root_password}" ]; then
  read -p "MySQL root password []:" mysql_root_password

wget -P /var/www/html
tar -C /var/www/html -zxvf /var/www/html/roundcubemail-*.tar.gz
rm -f /var/www/html/roundcubemail-*.tar.gz 
mv /var/www/html/roundcubemail-* /var/www/html/roundcube 
chown root:root -R /var/www/html/roundcube 
chmod 777 -R /var/www/html/roundcube/temp/ 
chmod 777 -R /var/www/html/roundcube/logs/

cat <<'EOF' > /etc/httpd/conf.d/20-roundcube.conf
Alias /webmail /var/www/html/roundcube

<Directory /var/www/html/roundcube>
  Options -Indexes
  AllowOverride All

<Directory /var/www/html/roundcube/config>
  Order Deny,Allow
  Deny from All

<Directory /var/www/html/roundcube/temp>
  Order Deny,Allow
  Deny from All

<Directory /var/www/html/roundcube/logs>
  Order Deny,Allow
  Deny from All

sed -e "s|mypassword|${mysql_roundcube_password}|" <<'EOF' | mysql -u root -p"${mysql_root_password}"
USE mysql;
CREATE USER 'roundcube'@'localhost' IDENTIFIED BY 'mypassword';
GRANT USAGE ON * . * TO 'roundcube'@'localhost' IDENTIFIED BY 'mypassword';
GRANT ALL PRIVILEGES ON `roundcube` . * TO 'roundcube'@'localhost';

mysql -u root -p"${mysql_root_password}" 'roundcube' < /var/www/html/roundcube/SQL/mysql.initial.sql

cp /var/www/html/roundcube/config/ /var/www/html/roundcube/config/

sed -i "s|^\(\$rcmail_config\['default_host'\] =\).*$|\1 \'localhost\';|" /var/www/html/roundcube/config/
sed -i "s|^\(\$rcmail_config\['smtp_server'\] =\).*$|\1 \'localhost\';|" /var/www/html/roundcube/config/
sed -i "s|^\(\$rcmail_config\['smtp_user'\] =\).*$|\1 \'%u\';|" /var/www/html/roundcube/config/
sed -i "s|^\(\$rcmail_config\['smtp_pass'\] =\).*$|\1 \'%p\';|" /var/www/html/roundcube/config/
#sed -i "s|^\(\$rcmail_config\['support_url'\] =\).*$|\1 \'mailto:${E}\';|" /var/www/html/roundcube/config/
sed -i "s|^\(\$rcmail_config\['quota_zero_as_unlimited'\] =\).*$|\1 true;|" /var/www/html/roundcube/config/
sed -i "s|^\(\$rcmail_config\['preview_pane'\] =\).*$|\1 true;|" /var/www/html/roundcube/config/
sed -i "s|^\(\$rcmail_config\['read_when_deleted'\] =\).*$|\1 false;|" /var/www/html/roundcube/config/
sed -i "s|^\(\$rcmail_config\['check_all_folders'\] =\).*$|\1 true;|" /var/www/html/roundcube/config/
sed -i "s|^\(\$rcmail_config\['display_next'\] =\).*$|\1 true;|" /var/www/html/roundcube/config/
sed -i "s|^\(\$rcmail_config\['top_posting'\] =\).*$|\1 true;|" /var/www/html/roundcube/config/
sed -i "s|^\(\$rcmail_config\['sig_above'\] =\).*$|\1 true;|" /var/www/html/roundcube/config/
sed -i "s|^\(\$rcmail_config\['login_lc'\] =\).*$|\1 2;|" /var/www/html/roundcube/config/

cp /var/www/html/roundcube/config/ /var/www/html/roundcube/config/

sed -i "s|^\(\$rcmail_config\['db_dsnw'\] =\).*$|\1 \'mysqli://roundcube:${mysql_roundcube_password}@localhost/roundcube\';|" /var/www/html/roundcube/config/

rm -rf /var/www/html/roundcube/installer

service httpd reload


This shell script is written for Debian with MySQL, SMTP and IMAP servers running on the localhost (SSL/TLS enabled and unauthenticated SMTP allowed from localhost). It will set up roundcube-1.0-rc in a virtual host accessible by roundcube.yourdomain.tld.

The script will:

  • download and extract roundube-1.0-rc
  • make /temp and /logs writable by the webserver
  • create an apache-site configuration (virtualhost)
  • create a mysql user and database
  • create a
  • remove the installer directory
  • create a cronjob to run /bin/ daily
  • enable apache modules 'deflate', 'expires' and 'headers'

Install apache2:

# apt-get install apache2

Install php5:

# apt-get install php5 php-pear php5-mysql

Install php5-mcrypt and mhp5-intl (as recommended in the installation instructions):

# apt-get install php5-mcrypt php5-intl

Set default time zone in php.ini (examples: UTC, Europe/Zurich, or see for more):

sed -i -e "s/^;date\.timezone =.*$/date\.timezone = 'UTC'/" /etc/php5/apache2/php.ini

Run the script:


[ -z "${log}" ] && log="install-roundcube.log"
[ -z "${errorprefix}" ] && errorprefix="${0}: "

if [ -d bup ]; then
  echo "${errorprefix}directory bup already exists!" 1>&2
  exit 1
  mkdir -p bup

# mysql root password
[ -z "${mysqlrootpasswd}" ] && read -s -p "mysqlrootpasswd []:" mysqlrootpasswd
echo ''

if [ -z "${mysqlroundcubepasswd}" ]; then
  tmp=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1)
  read -p "mysqlroundcubepassword [${tmp}]:" mysqlroundcubepasswd
  unset tmp

# apache webserver root
if [ -z "${httproot}" ]; then
  read -p "httproot [${tmp}]: " httproot
  unset tmp

# name for roundcube root and apache site
if [ -z "${roundcubesitename}" ]; then
  read -p "roundcubesitename [${tmp}]: " roundcubesitename
  unset tmp

# displayed name on the website
if [ -z "${roundcubeproductname}" ]; then
  tmp="Roundcube Webmail"
  read -p "roundcubeproductname [${tmp}]: " roundcubeproductname
  unset tmp

# leave empty to autodetect from user agent
if [ -z "${roundcubelanguage}" ]; then
  read -p "roundcubelanguage [${tmp}]: " roundcubelanguage
  unset tmp

# linux username (required for cronjob)
if [ -z "${user}" ]; then
  read -p "user [${tmp}]: " user
  unset tmp

# domain name
if [ -z "${domain}" ]; then
  read -p "domain [${tmp}]: " domain
  unset tmp

wget -O /tmp/roundcubemail-1.0-rc.tar.gz 2>> "${log}"
[ -e /tmp/roundcubemail-1.0-rc.tar.gz ] || {
  echo "${errorprefix}/tmp/roundcubemail-1.0-rc.tar.gz not found - exiting"
  exit 1
mkdir -p bup"${httproot}"
[ -d "${roundcuberoot}" ] && mv "${roundcuberoot}" bup"${httproot}"
tar -C "${httproot}" -zxpf /tmp/roundcubemail-*.tar.gz
rm -f /tmp/roundcubemail-*.tar.gz 
mv "${httproot}"/roundcubemail-* "${roundcuberoot}"
[ -d "${roundcuberoot}" ] || {
  echo "${errorprefix}${roundcuberoot} not found - exiting"
  exit 1
[ -e "${roundcuberoot}"/config/ ] || {
  echo "${errorprefix}${roundcuberoot}/config/ not found - exiting"
  exit 1
[ -d "${roundcuberoot}"/installer ] || {
  echo "${errorprefix}${roundcuberoot}/installer not found - exiting"
  exit 1
chown -R "${user}":www-data "${roundcuberoot}"
chmod -R 775 "${roundcuberoot}"/temp
chmod -R 775 "${roundcuberoot}"/logs

mkdir -p bup/etc/apache2/sites-available
[ -e /etc/apache2/sites-available/"${roundcubesitename}" ] && cp -a /etc/apache2/sites-available/"${roundcubesitename}" bup/etc/apache2/sites-available/

sed -e "s/roundcubesitename/${roundcubesitename}/g;s/yourusername/${user}/g;s/yourdomain\.tld/${domain}/g" << 'EOF' > /etc/apache2/sites-available/"${roundcubesitename}"
<VirtualHost *:80>
	ServerAdmin yourusername@yourdomain.tld
	ServerName roundcubesitename.yourdomain.tld

sed -e "s/\/var\/www\/roundcube/$(echo ${roundcuberoot} | sed -e 's/\//\\\//g')/g" << 'EOF' >> /etc/apache2/sites-available/"${roundcubesitename}"
	DocumentRoot /var/www/roundcube

	<Directory /var/www/roundcube>
		Options +FollowSymLinks
		# AddDefaultCharset     UTF-8
		AddType text/x-component .htc

		<IfModule mod_php5.c>
			php_flag        display_errors  Off
			php_flag        log_errors      On
			# php_value     error_log       logs/errors
			php_value       upload_max_filesize     10M
			php_value       post_max_size           12M
			php_value       memory_limit            64M
			php_flag        zlib.output_compression         Off
			php_flag        magic_quotes_gpc                Off
			php_flag        magic_quotes_runtime            Off
			php_flag        zend.ze1_compatibility_mode     Off
			php_flag        suhosin.session.encrypt         Off
			#php_value      session.cookie_path             /
			php_flag        session.auto_start      Off
			php_value       session.gc_maxlifetime  21600
			php_value       session.gc_divisor      500
			php_value       session.gc_probability  1

		<IfModule mod_rewrite.c>
			RewriteEngine On
			RewriteRule ^favicon\.ico$ skins/larry/images/favicon.ico
			# security rules:
			# - deny access to files not containing a dot or starting with a dot
			#   in all locations except installer directory
			RewriteRule ^(?!installer)(\.?[^\.]+)$ - [F]
			# - deny access to some locations
			RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
			# - deny access to some documentation files
			RewriteRule /?(README\.md|composer\.json-dist|composer\.json|package\.xml)$ - [F]

		<IfModule mod_deflate.c>
			SetOutputFilter DEFLATE

		<IfModule mod_headers.c>
			# replace 'append' with 'merge' for Apache version 2.2.9 and later
			# Header append Cache-Control public env=!NO_CACHE

		<IfModule mod_expires.c>
			ExpiresActive On
			ExpiresDefault "access plus 1 month"

		FileETag MTime Size

		<IfModule mod_autoindex.c>
			Options -Indexes

		AllowOverride None
		Order allow,deny
		Allow from all
	<Directory /var/www/roundcube/plugins/enigma/home>
		Options -FollowSymLinks
		AllowOverride None
		Order allow,deny
		Deny from all

	<Directory /var/www/roundcube/config>
		Options -FollowSymLinks
		AllowOverride None
		Order allow,deny
		Deny from all

	<Directory /var/www/roundcube/temp>
		Options -FollowSymLinks
		AllowOverride None
		Order allow,deny
		Deny from all

	<Directory /var/www/roundcube/logs>
		Options -FollowSymLinks
		AllowOverride None
		Order allow,deny
		Deny from all

sed -e "s/roundcubesitename/${roundcubesitename}/g" << 'EOF' >> /etc/apache2/sites-available/"${roundcubesitename}"
	ErrorLog /var/log/apache2/error_roundcubesitename.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog /var/log/apache2/access_roundcubesitename.log combined

mkdir -p bup/sql
mysqldump -u root -p"${mysqlrootpasswd}" 'roundcube' > bup/sql/roundcube.sql 2>> "${log}"

mysql --user=root --password="${mysqlrootpasswd}" -e "CREATE DATABASE IF NOT EXISTS \`roundcube\`;"
mysql --user=root --password="${mysqlrootpasswd}" -e "GRANT ALL PRIVILEGES ON \`roundcube\`.* TO 'roundcube'@'localhost' IDENTIFIED BY '${mysqlroundcubepasswd}';"
mysql --user=root --password="${mysqlrootpasswd}" -e "FLUSH PRIVILEGES;"

mysql -u root -p"${mysqlrootpasswd}" 'roundcube' < "${roundcuberoot}"/SQL/mysql.initial.sql 2>> "${log}"

cp -a "${roundcuberoot}"/config/ "${roundcuberoot}"/config/

deskey=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9-_#&!*%?' | fold -w 24 | head -n 1)

sed -e "s/mysqlroundcubepasswd/$(echo ${mysqlroundcubepasswd} | sed -e 's/\&/\\\&/g')/;s/roundcubeproductname/${roundcubeproductname}/;s/deskey/$(echo ${deskey} | sed -e 's/\&/\\\&/g')/;s/roundcubelanguage/${roundcubelanguage}/" << 'EOF' > "${roundcuberoot}"/config/
$config['db_dsnw'] = 'mysql://roundcube:mysqlroundcubepasswd@localhost/roundcube';
$config['log_driver'] = 'syslog';
$config['default_host'] = 'ssl://localhost';
$config['default_port'] = 993;
$config['smtp_server'] = 'ssl://localhost';
$config['smtp_port'] = 465;
$config['smtp_user'] = '';
$config['smtp_pass'] = '';
$config['support_url'] = '';
$config['ip_check'] = true;
$config['des_key'] = 'deskey';
$config['product_name'] = 'roundcubeproductname';
$config['plugins'] = array('archive','zipdownload');
$config['language'] = 'roundcubelanguage';
$config['enable_spellcheck'] = false;
$config['mail_pagesize'] = 50;
$config['draft_autosave'] = 300;
$config['mime_param_folding'] = 0;
$config['mdn_requests'] = 2;
$config['skin'] = 'larry';

rm -rf "${roundcuberoot}"/installer

tmp="$(mktemp -t crontab.tmp.XXXXXXXXXX)"
crontab -u "${user}" -l | sed "/$(echo ${roundcuberoot} | sed -e 's/\//\\\//g')\/bin\/cleandb\.sh/d" > "${tmp}"
echo "18 11 * * * ${roundcuberoot}/bin/ > /dev/null" >> "${tmp}"
crontab -u "${user}" "${tmp}"
rm -f "${tmp}"
unset tmp

a2enmod deflate
a2enmod expires
a2enmod headers
a2ensite "${roundcubesitename}"
service apache2 restart

## uninstall
echo '' >> "${log}"
echo 'uninstall roundcube using:' >> "${log}"
echo '' >> "${log}"
echo "mysql --user=root --password=yourpasswd -e \"DROP DATABASE \\\`roundcube\\\`;\"" >> "${log}"
echo "mysql --user=root --password=yourpasswd -e \"DROP USER 'roundcube'@'localhost';\"" >> "${log}"
echo "a2dissite ${roundcubesitename}" >> "${log}"
echo 'a2dismod expires' >> "${log}"
echo 'a2dismod headers' >> "${log}"
echo 'service apache2 restart' >> "${log}"
echo "rm /etc/apache2/sites-available/${roundcubesitename}" >> "${log}"
echo '' >> "${log}"
echo "remove the installation directory (${roundcuberoot})" >> "${log}"

echo ''
echo "check ${log} for erros"
Last modified 5 months ago Last modified on Mar 10, 2014 1:45:25 PM