Install web app
If you installed the {tm} service, you should not install the web application. The {tm} service is a better choice and has better security.
Use this installation method only if you cannot install the service.
Setting up Nginx
The recommended way to install the web application is to use an Nginx instance that is set up for serving flat files and dealing with the TLS/SSL certificate for the respective domain.
This can be accomplished by adding a file /etc/nginx/conf.d/mailbox.ticrypt.conf with the content:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mailbox.example.com;
root /var/www/ticrypt-mailbox;
ssl_certificate /etc/pki/tls/certs/mailbox_bundle.crt;
ssl_certificate_key /etc/pki/tls/private/mailbox_key.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;
ssl_dhparam /etc/pki/tls/dhparam.pem;
# intermediate configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000" always;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "script-src 'unsafe-inline' 'unsafe-eval' 'self' https://code.getmdl.io;
ssl_stapling on;
ssl_stapling_verify on;
resolver 208.67.222.222 1.1.1.1;
resolver_timeout 5s;
}
Notice that you have to make the following changes:
server_nameto the actual domain hosting the mailboxssl_certificateto the file containing the TLS/SSL certificate (not the key)ssl_certificate_keyto the file containing the corresponding private key
If you need a more sophisticated setup, please consult the Nginx documentation at the link: https://nginx.org/en/docs/
Download and extract the web application
The next step is to download the mailbox web app and place it in the /var/www/ticrypt-mailbox directory.
[source,bash,subs="attributes+"]
mkdir -p /var/www/ticrypt-mailbox
cd /var/www/ticrypt-mailbox
wget {tcurl}/mailbox/{mbfile}
unzip {mbfile}
rm {mbfile}
The above instructions assume that the web app is placed in the root of the virtual domain.
This is the recommended method of installation.
If you want to place the web app in a sub-directory, the same procedure applies (w.r.t. the subdirectory), but the file inbox.html needs to be edited.
The line
[source,html] <base href="/"/>
becomes [source,html] <base href=""/>
or [source,html] <base href="https://example.com/mailbox/"/>
If you want to simplify the inbox URL (so that it does not contain inbox.html), in the directory where you installed the mailbox web app, create the following symbolic link:
[source,bash]
ln -sf inbox.html index.html
Since index.html is loaded by default, the URL for the inbox will now be: link:https://mailbox.example.com instead of link:https://mailbox.example.com/inbox.html
At this point, the mailbox files are installed. The only remaining task is writing the configuration file that indicates to the mailbox where the backend server is.
Writing the config.js file
To easily integrate into the web app, the configuration information is provided in the form of a JavaScript file.
The file config.js has to be placed in the root of the web app (where the file inbox.html is).
Please keep the format below and only change the location of the server:
[source,JavaScript]
const settings = {
"baseUrl": "https://ticrypt.example.com"
}