Rainloop Webmail on OpenBSD 6.9

( modified )


rainloop screenshot

Rainloop is a “simple, modern & fast web-based email client”, written in PHP. It’s also open source licensed under AGPL v3. I installed it in OpenBSD server. It was really simple.


  • OS: OpenBSD 6.9
  • Web server: OpenBSD httpd
  • App server: PHP-FPM based on PHP 7.4
  • Webmail: Rainloop 1.16


Installation steps

Get the package

First, get the latest package. There are two ways: its official website or GitHub releases. Here, the former is adopted.

Prepare the document root:

$ cd /var/www
$ mkdir <rainloop-dir>
$ cd <rainloop-dir>

Get the package:

$ ftp https://www.rainloop.net/repository/webmail/rainloop-community-latest.zip

unzip it:

$ # doas pkg_add unzip # do beforehand if necessary
$ unzip rainloop-community-latest.zip

You will see:

$ ls
data/        index.php    rainloop/

Besides, all what to do in order to upgrade in the future will be to add “rainloop/v/<next-version>” and update “data/VERSION”.


Set the permissions for App server to access “data/”:

$ doas chown -R www: data

Configure httpd server via httpd.conf:

$ doas nvim /etc/httpd.conf

Edit it like below. <fqdn> means the host aka “https:// some.domain /…” Be careful not to allow web access to “data/”. location "/data/*" { block } is important.

server "<fqdn>" {
    listen on $ext_addr tls port 443
    tls {
        certificate "/etc/ssl/*.pem"
        key         "/etc/ssl/private/*.key"
    log {
        access  "<fqdn>-access.log"
        error   "<fqdn>-error.log"

    root "/<rainloop-dir>"
    directory index index.php

    # security
    location "*/.git*"              { block }
    ## app specific (ref: https://www.rainloop.net/docs/permissions/ )
    location "/data/*"              { block }
    # robots.txt
    location "/robots.txt"          { pass }

    location "/*.php" {
        fastcgi socket "/run/php-fpm.sock"

Restart the daemon:

$ doas rcctl restart httpd



Now you can access the webmail via web browsers:

user login

Well, custom domains are not allowed by default. It is able to configure them in the admin panel. Also, you must change admin id/password there.

Comments or feedbacks are welcomed and appreciated.