Announcement

Collapse
No announcement yet.

Force /webmail, /roundcube, etc. to SSL

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Hi Bertie

    Many thanks, yes that was what I was asking and sorry it did not work

    It goes to page unknown because it does not exist - https handles things differently

    I would think (and apologies, I'm losing site of issue) if you put the redirects also in the vhost file, that it may work and trigger correctly, but I cannot test it as I do not have a test server set using a sub domain

    Many thanks

    John

    Comment


    • #17
      I hate to bring this back up - I honestly don't know why they don't just build this into Interworx like cPanel when you apply a service SSL. Anyway it seems when users go to: serverdomain.com/webmail it will take them to the non-SSL version of the site. When I want them to be taken to the HTTPS version.

      The following is already set in the iworx.conf:

      RewriteRule ^/siteworx(/)?$ https://%{HTTP_HOST}:2443/siteworx/\?domain=%{HTTP_HOST} [R,L]
      RewriteRule ^/nodeworx(/)?$ https://%{HTTP_HOST}:2443/nodeworx/ [R,L]
      RewriteRule ^/webmail(/)?$ https://%{HTTP_HOST}:2443/webmail/ [R,L]

      But it seems you are still able to load the non-SSL version of the above. Especially when port numbers are not typed into the URL.

      If someone could share the edits they have made to force siteworx/nodeworx/webmail to use SSL when the client types in the URL:

      http://serverdomain.com/webmail
      http://serverdomain.com/siteworx
      http://serverdomain.com/nodeworx

      That would be appreciated. I thought it was all setup but it seems not.
      Last edited by Bertie; 08-24-2018, 02:01 AM.

      Comment


      • #18
        Hi Bertie

        Many thanks and I have PM you with 2 test domains. If you could post if they work as you expect and if so, I will post exactly how I did it

        John

        Comment


        • #19
          Hi Bertie

          Many thanks, seem your pm so will update when Iím back later today or tomorrow if alright

          Many thanks

          John

          Comment


          • #20
            Hi Bertie

            Please see the change that I made to iworx.com, so SSH into server and either run as root or su

            vi /etc/httpd/conf.d/iworx.conf

            RewriteRule ^/siteworx(/)?$ https://myserver.url:2443/siteworx/\?domain=%{HTTP_HOST} [R,L]
            RewriteRule ^/nodeworx(/)?$ https://myserver.url:2443/nodeworx/ [R,L]
            RewriteRule ^/webmail(/)?$ https://myserver.url:2443/webmail/ [R,L]
            RewriteRule ^/roundcube(/)?$ https://myserver.url:2443/roundcube/ [R,L]
            RewriteRule ^/horde(/)?$ https://myserver.url:2443/horde/ [R,L]
            RewriteRule ^/squirrelmail(/)?$ https://myserver.url:2443/squirrelmail/ [R,L]

            Please note myserver.url would be changed to your nodeworx URL domain, which lets say you use
            mynwdomain.co.uk as your main Interworx server FQDN for nodeworx/siteworx/webmail and it has a SSL (which you can use Lets Encrypt for SSL), the additions would be as follows

            RewriteRule ^/siteworx(/)?$ https://mynwdomain.co.uk:2443/siteworx/\?domain=%{HTTP_HOST} [R,L]
            RewriteRule ^/nodeworx(/)?$ https://mynwdomain.co.uk:2443/nodeworx/ [R,L]
            RewriteRule ^/webmail(/)?$ https://mynwdomain.co.uk:2443/webmail/ [R,L]
            RewriteRule ^/roundcube(/)?$ https://mynwdomain.co.uk:2443/roundcube/ [R,L]
            RewriteRule ^/horde(/)?$ https://mynwdomain.co.uk:2443/horde/ [R,L]
            RewriteRule ^/squirrelmail(/)?$ https://mynwdomain.co.uk:2443/squirrelmail/ [R,L]

            Please either then reboot server, or restart interworx (service iworx restart) and restart apache (service httpd restart), then test but you may have to clear browser cache first

            I hope that helps

            Many thanks

            John

            Comment


            • #21
              Originally posted by d2d4j View Post
              Hi Bertie

              Please see the change that I made to iworx.com, so SSH into server and either run as root or su

              vi /etc/httpd/conf.d/iworx.conf

              RewriteRule ^/siteworx(/)?$ https://myserver.url:2443/siteworx/\?domain=%{HTTP_HOST} [R,L]
              RewriteRule ^/nodeworx(/)?$ https://myserver.url:2443/nodeworx/ [R,L]
              RewriteRule ^/webmail(/)?$ https://myserver.url:2443/webmail/ [R,L]
              RewriteRule ^/roundcube(/)?$ https://myserver.url:2443/roundcube/ [R,L]
              RewriteRule ^/horde(/)?$ https://myserver.url:2443/horde/ [R,L]
              RewriteRule ^/squirrelmail(/)?$ https://myserver.url:2443/squirrelmail/ [R,L]

              Please note myserver.url would be changed to your nodeworx URL domain, which lets say you use
              mynwdomain.co.uk as your main Interworx server FQDN for nodeworx/siteworx/webmail and it has a SSL (which you can use Lets Encrypt for SSL), the additions would be as follows

              RewriteRule ^/siteworx(/)?$ https://mynwdomain.co.uk:2443/siteworx/\?domain=%{HTTP_HOST} [R,L]
              RewriteRule ^/nodeworx(/)?$ https://mynwdomain.co.uk:2443/nodeworx/ [R,L]
              RewriteRule ^/webmail(/)?$ https://mynwdomain.co.uk:2443/webmail/ [R,L]
              RewriteRule ^/roundcube(/)?$ https://mynwdomain.co.uk:2443/roundcube/ [R,L]
              RewriteRule ^/horde(/)?$ https://mynwdomain.co.uk:2443/horde/ [R,L]
              RewriteRule ^/squirrelmail(/)?$ https://mynwdomain.co.uk:2443/squirrelmail/ [R,L]

              Please either then reboot server, or restart interworx (service iworx restart) and restart apache (service httpd restart), then test but you may have to clear browser cache first

              I hope that helps

              Many thanks

              John
              Hmm, still doesn't seem to be taking non-SSL requests over to the SSL page for some reason. Even after restarting iworx and apache. I wonder if there is another file somewhere that might be controlling what is currently happening? Tried all different kind of browsers, cache clearing and private browsing to make sure.

              This is what I have in the iworx.conf file:

              HTML Code:
              ##
              # InterWorx Apache Supplement
              ##
              
              ##
              ## legacy suexec loading
              <IfModule !mod_suexec.c>
                LoadModule suexec_module /usr/lib/httpd/modules/mod_suexec.so
              </IfModule>
              
              ##
              # Enable CGIs
              ##
              
              AddHandler cgi-script .cgi
              AddHandler cgi-script .pl
              
              ##
              # setup the basic redirects
              ##
              RewriteEngine on
              #RewriteRule ^/siteworx(/)?$ https://%{HTTP_HOST}:2443/siteworx/\?domain=%{HTTP_HOST} [R,L]
              #RewriteRule ^/nodeworx(/)?$ https://%{HTTP_HOST}:2443/nodeworx/ [R,L]
              #RewriteRule ^/webmail(/)?$ https://%{HTTP_HOST}:2443/webmail/ [R,L]
              #RewriteRule ^/roundcube(/)?$ https://sub.domain.com.com:2443/roundcube/ [R,L]
              
              RewriteRule ^/siteworx(/)?$ https://sub.domain.com:2443/siteworx/\?domain=%{HTTP_HOST} [R,L]
              RewriteRule ^/nodeworx(/)?$ https://sub.domain.com:2443/nodeworx/ [R,L]
              RewriteRule ^/webmail(/)?$ https://sub.domain.com:2443/webmail/ [R,L]
              RewriteRule ^/roundcube(/)?$ https://sub.domain.com:2443/roundcube/ [R,L]
              RewriteRule ^/horde(/)?$ https://sub.domain.com:2443/horde/ [R,L]
              RewriteRule ^/squirrelmail(/)?$ https://sub.domain.com:2443/squirrelmail/ [R,L]
              
              
              
              ##
              # proxy access to avoid non-standard ports
              ##
              
              ProxyRequests Off
              
              ProxyPass /webmail https://127.0.0.1:2080/webmail
              ProxyPassReverse /webmail https://127.0.0.1:2080/webmail
              
              ProxyPass /horde http://127.0.0.1:2080/horde
              ProxyPassReverse /horde http://127.0.0.1:2080/horde
              
              ProxyPass /squirrelmail http://127.0.0.1:2080/squirrelmail
              ProxyPassReverse /squirrelmail http://127.0.0.1:2080/squirrelmail
              
              ProxyPass /roundcube http://127.0.0.1:2080/roundcube
              ProxyPassReverse /roundcube http://127.0.0.1:2080/roundcube
              
              <IfModule !mod_version.c>
                LoadModule version_module modules/mod_version.so
              </IfModule>
              
              <IfModule !mod_logio.c>
                LoadModule logio_module modules/mod_logio.so
              </IfModule>
              
              <IfModule !mod_watch.c>
                LogFormat "%v %I %O" iworxio
                <IfVersion >= 2.4>
                  GlobalLog "|/usr/local/interworx/bin/iw-bw-logger" iworxio
                </IfVersion>
              </IfModule>
              Last edited by Bertie; 08-28-2018, 05:47 AM.

              Comment


              • #22
                Hi Bertie

                Many thanks

                I have changed one of our servers as test, to make sure if subdomain rewrites works as expected.

                There is a SSL cert error warning, as I have not changed IW SSL certs (just needed to check the rewrite on http and https)

                This works lovely, so I will PM you the domains to test yourself if alright.

                What version of IW and distro are you using

                Is the DNS correctly setup

                did you restart iworx and Apache (or restart server) as both iworx and Apache need restarting for changes to happen

                Many thanks

                John

                Comment


                • #23
                  Originally posted by d2d4j View Post
                  Hi Bertie

                  Many thanks

                  I have changed one of our servers as test, to make sure if subdomain rewrites works as expected.

                  There is a SSL cert error warning, as I have not changed IW SSL certs (just needed to check the rewrite on http and https)

                  This works lovely, so I will PM you the domains to test yourself if alright.

                  What version of IW and distro are you using

                  Is the DNS correctly setup

                  did you restart iworx and Apache (or restart server) as both iworx and Apache need restarting for changes to happen

                  Many thanks

                  John
                  I'll have to double check the IW version but its one of the recent versions. This is also running on Centos - I rebooted Apache and iworx after making the changes but it didn't seem to have any affect on the redirects. I feel like something might be overriding it maybe? Or it's just not looking at the redirects in the file. The DNS is fine - It's not a new server, I just didn't realise users could still get to the non-secure pages of the webmail facility/siteworx/nodeworx etc if they didn't type in https.

                  Comment


                  • #24
                    Hi Bertie

                    Many thanks

                    They should not be able to unless using 2080, and if you want to stop that, justec posted earlier on thread a how to

                    I would try deleting your hash redirects, saving and restarting iWorx and Apache. Actually if restarting, do you get any errors

                    The only other thing I could think right now is are there any other redirects setup anywhere or are you load balancing or running through a proxy

                    Is the issue that http://mydomain.url/siteworx not redirecting to https//myserver.url:/443/siteworx but to http://myserver.url:2080/siteworx

                    Is that correct

                    On my test, does it work correctly as expected

                    Many thanks

                    John

                    Comment


                    • #25
                      Originally posted by d2d4j View Post
                      Hi Bertie

                      Many thanks

                      They should not be able to unless using 2080, and if you want to stop that, justec posted earlier on thread a how to

                      I would try deleting your hash redirects, saving and restarting iWorx and Apache. Actually if restarting, do you get any errors

                      The only other thing I could think right now is are there any other redirects setup anywhere or are you load balancing or running through a proxy

                      Is the issue that http://mydomain.url/siteworx not redirecting to https//myserver.url:/443/siteworx but to http://myserver.url:2080/siteworx

                      Is that correct

                      On my test, does it work correctly as expected

                      Many thanks

                      John
                      I should have mentioned your redirects domain.com/webmail takes you to the webmail with a port number included. But on my server it's not putting the port numbers into the URL.

                      Comment


                      • #26
                        Just to add onto this - I have removed the redirects that were hashed out just to be on the safe side. Restarted iworx again, no errors and restarted Apache, no errors. 3 warnings regarding certain folders for sites not existing but nothing that would stop redirects from working on interworx.

                        Running the following:

                        InterWorx-CP v6.1.23
                        Centos 6

                        Comment


                        • #27
                          Hi Bertie

                          Many thanks

                          Your settings look to be correct so should just work

                          I am not sure why the port numbers are not been displayed. Perhaps this points to some port number changes, and if using main server url for webmail, requires the port /2443

                          I would fully restart the server, clear browser cache and test

                          If this does not resolve issue, as it needs more information and correct domain url to be given, which you do not want to do on the forum, I would open a support ticket and let IW have a proper look to see whatís happening/going wrong

                          To be sure I had set our test up correctly, I have changed IW-CP ssl certs so there is no error on SSL and it still works lovely

                          If you could update thread it would be appreciated

                          Many thanks

                          John

                          Comment


                          • #28
                            Hi Bertie

                            Many thanks and answer same as you have found, except when using /roundcube /horde, then it works

                            Could you add your server FQDN as a siteworx account and then using vhost file to auto change to https

                            I can post later the detail you need for this http to https using vhost file for domain

                            This then may well work or not, but it is worth a try

                            Many thanks

                            John

                            Comment


                            • #29
                              Originally posted by d2d4j View Post
                              Hi Bertie

                              Many thanks and answer same as you have found, except when using /roundcube /horde, then it works

                              Could you add your server FQDN as a siteworx account and then using vhost file to auto change to https

                              I can post later the detail you need for this http to https using vhost file for domain

                              This then may well work or not, but it is worth a try

                              Many thanks

                              John
                              Thanks John, If you should share the changes you would make to the vhost file and I'll give it a go.

                              Comment


                              • #30
                                Hi Bertie

                                Many thanks and please see below for http to https for vhost file

                                RewriteEngine On
                                RewriteCond %{ENV:HTTPS} !on
                                RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

                                This I place between the following lines

                                ServerAdmin webmaster@mydomain.url

                                RewriteEngine On
                                RewriteCond %{ENV:HTTPS} !on
                                RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

                                # subdomain logic

                                You need to restart apache for this to come live

                                I was thinking though, prior to adding the server FQDN as a siteworx account, if you just browse to your server FQDn, it takes you to the siteworx login page, which should not happen.

                                Are you sure you have not made any other changes anywhere

                                Apologies if I am wrong and it is default action, but I do not think it is

                                so if you browse to http://my.server.url this then I am sure took me to http://my.server.url/siteworx

                                Sorry, just checking and it appears to be working lovely now when browsing to http://my.server.url, it is going to https://my.server.url/nodeworx, and if trying http://my.server.url/siteworx goes to https://my.server.url/siteworx

                                port 2080 shows page cannot be displayed

                                Please, what have you changed

                                I hope that makes sense

                                Many thanks

                                John

                                Comment

                                Working...
                                X