Announcement

Collapse
No announcement yet.

Force /webmail, /roundcube, etc. to SSL

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by d2d4j View Post
    Hi Bertie

    Many thanks and please see below for http to https for vhost file

    RewriteEngine On
    RewriteCond %{ENV:HTTPS} !on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    This I place between the following lines

    ServerAdmin webmaster@mydomain.url

    RewriteEngine On
    RewriteCond %{ENV:HTTPS} !on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # subdomain logic

    You need to restart apache for this to come live

    I was thinking though, prior to adding the server FQDN as a siteworx account, if you just browse to your server FQDn, it takes you to the siteworx login page, which should not happen.

    Are you sure you have not made any other changes anywhere

    Apologies if I am wrong and it is default action, but I do not think it is

    so if you browse to http://my.server.url this then I am sure took me to http://my.server.url/siteworx

    Sorry, just checking and it appears to be working lovely now when browsing to http://my.server.url, it is going to https://my.server.url/nodeworx, and if trying http://my.server.url/siteworx goes to https://my.server.url/siteworx

    port 2080 shows page cannot be displayed

    Please, what have you changed

    I hope that makes sense

    Many thanks

    John
    Hi John,

    I gave that a go but doesn't seem to have made much of a difference. I feel the person who originally set this Interworx server up as done some changes somewhere that is effecting this. Sadly I can't go and ask them regarding it. But as you have mentioned going to the server FQDN it takes you to /nodeworx. I may have to go and do some digging around but not sure where to start as the file could be in various different places.

    Comment


    • #32
      Update - Interworx Support looked into the issue:


      It looks like *IP Address* was configured to listen on port 80 and 443 for the internal iworx-web server and not the normal web server. I corrected this by commenting out these line in ~iworx/etc/httpd/httpd-custom.conf

      #Listen *IP Address*:80
      # Listen *IP Address*:443

      and adding this line in /etc/httpd/conf/httpd.conf:

      Listen *IP Address*:80

      and this line in /etc/httpd/conf.d/ssl.conf:

      Listen *IP Address*:443

      I then restarted the iworx-web server and reloaded httpd.
      Which is great and did seem to get the following working: http://sub.domain/webmail to redirect to: https://sub.domain.com:2443/webmail/. But the problem I have now is that anyone who tries and types in: https://sub.domain.com/webmail (notice the https) and also /siteworx and /nodeworx will get a Not Found error instead of them redirecting to the correct place. I have the following in iworx.conf:

      RewriteRule ^/(webmail/?.*) https://%{HTTP_HOST}:2443/$1 [R,L]
      RewriteRule ^/(roundcube/?.*) https://%{HTTP_HOST}:2443/$1 [R,L]
      RewriteRule ^/(squirrelmail/?.*) https://%{HTTP_HOST}:2443/$1 [R,L]
      RewriteRule ^/(horde/?.*) https://%{HTTP_HOST}:2443/$1 [R,L]
      RewriteRule ^/siteworx(/)?$ https://%{HTTP_HOST}:2443/siteworx/\?domain=%{HTTP_HOST} [R,L]
      RewriteRule ^/nodeworx(/)?$ https://%{HTTP_HOST}:2443/nodeworx/ [R,L]
      I have replied to Interworx to see if they have any suggestions but if anyone else has any ideas then please throw them this way.

      Comment


      • #33
        Hi Bertie

        Many thanks for update and kudos to IW.

        I am sure you have, but have you fully restarted server and cleared your browser cache

        I will check later today to see what I bring up in browser for you

        Many thanks

        John

        Comment


        • #34
          Originally posted by d2d4j View Post
          Hi Bertie

          Many thanks for update and kudos to IW.

          I am sure you have, but have you fully restarted server and cleared your browser cache

          I will check later today to see what I bring up in browser for you

          Many thanks

          John
          I have tried on different browsers as well and another network. It seems anything like https://sub.domain.com/webmail and https://sub.domain.com/siteworx will just return a Not Found page. Rather than redirecting to the correct areas.

          I'll update if that changes during the day.

          Comment


          • #35
            Hi Bertie

            I have just checked on one of our servers, and if I understand correctly, you have set your IP address for 80 and 443

            Please could you edit them and just set as

            /etc/httpd/conf/httpd.conf

            Listen 80

            /etc/httpd/conf.d/ssl.conf

            Listen 443

            service iworx stop

            service iworx start

            service httpd stop

            service httpd start

            clear your browser cache and test

            Many thanks

            John

            Comment


            • #36
              Originally posted by d2d4j View Post
              Hi Bertie

              I have just checked on one of our servers, and if I understand correctly, you have set your IP address for 80 and 443

              Please could you edit them and just set as

              /etc/httpd/conf/httpd.conf

              Listen 80

              /etc/httpd/conf.d/ssl.conf

              Listen 443

              service iworx stop

              service iworx start

              service httpd stop

              service httpd start

              clear your browser cache and test

              Many thanks

              John
              Well, it was Interworx Support who made the change. I could give what you have suggested a go I suppose?

              Edit: Ah, I don't think I can have that change in the files because there are multiple IPs being mentioned in the file to listen to these ports. For example:


              #Listen 443
              Listen 127.0.0.1:443
              Listen X.X.X.X:443
              Listen X.X.X.X:443
              Listen X.X.X.X:443

              Same as in the normal httpd.conf file as well. So hashing the Listen 443 out for example, same as 80. Apache doesn't like it as it complains it can't bind to an address.
              Last edited by Bertie; 09-05-2018, 03:44 AM.

              Comment


              • #37
                Hi Bertie

                Many thanks

                I am not sure why you have differnt IP shown for listen, as I just checked on one of our servers with multiple IP, and we have not explicitly included them, just set global for listen to 80 and 443 in respective files

                Apache will complain if you have global listen 80 and defined IP to listen to I think from memory, or it could be some vhost files are explicitly defined for listen ip ports perhaps

                This is why direct access to server helps, as it can be checked quickly

                You could also just try hashing out all listen on all IP, and uncomment Listen 80, same with ssl.conf, then stop/start apache and test

                Have you reopened your ticket with IW, so they can have a look

                Many thanks

                John

                Comment


                • #38
                  Originally posted by d2d4j View Post
                  Hi Bertie

                  Many thanks

                  I am not sure why you have differnt IP shown for listen, as I just checked on one of our servers with multiple IP, and we have not explicitly included them, just set global for listen to 80 and 443 in respective files

                  Apache will complain if you have global listen 80 and defined IP to listen to I think from memory, or it could be some vhost files are explicitly defined for listen ip ports perhaps

                  This is why direct access to server helps, as it can be checked quickly

                  You could also just try hashing out all listen on all IP, and uncomment Listen 80, same with ssl.conf, then stop/start apache and test

                  Have you reopened your ticket with IW, so they can have a look

                  Many thanks

                  John
                  Hi John,

                  I will give that a go and will update on what happens.

                  Update: Didn't seem to make much difference.

                  I replied to the email they sent. Although the ticket was opened via the reseller. So I'm hoping they will receive the reply to the email? I haven't dealt with Interworx support before so I'm not sure how their system works.I originally contacted Interworx via their contact form and they replied back with a suggestion. It didn't work and they also mentioned about opening a ticket via the reseller. Which I did do in the end, then the same guy replied back via email again who accessed the server and did the changes mentioned in the previous posts. I have replied back to the email and now I'm just waiting.
                  Last edited by Bertie; 09-05-2018, 04:12 AM.

                  Comment


                  • #39
                    Hi Bertie

                    Many thanks

                    IW rock but I do not know who your reseller is sorry. I do not work for IW or have any access to any data

                    If you check the 2 servers which are working as expected, is there any difference to those 2 conf files

                    I am sure your reseller will reply or IW may well reply, but there is a set procedure to go through before IW directly can help. Also, please understand IW start work at USA time, which uk is about 5 - 7 hours in front of USA

                    Many thanks

                    John

                    Comment


                    • #40
                      This has been fixed by Interworx support - Thanks again (if they read this). They did the following changes:

                      I added the following Proxypass information to iworx.conf, which allowed /webmail to work as expected from https:


                      ProxyPass /webmail http://127.0.0.1:2080/webmail ProxyPassReverse /webmail http://127.0.0.1:2080/webmail

                      ProxyPass /horde http://127.0.0.1:2080/horde ProxyPassReverse /horde http://127.0.0.1:2080/horde

                      ProxyPass /squirrelmail http://127.0.0.1:2080/squirrelmail
                      ProxyPassReverse /squirrelmail http://127.0.0.1:2080/squirrelmail

                      ProxyPass /roundcube http://127.0.0.1:2080/roundcube ProxyPassReverse /roundcube http://127.0.0.1:2080/roundcube


                      The dev team then added the line "RewriteOptions inherit" to /etc/httpd/conf.d/ssl.conf under the <VirtualHost _default_:443> section:

                      ## SSL Virtual Host Context
                      ##

                      <VirtualHost _default_:443>

                      # General setup for the virtual host, inherited from global configuration #DocumentRoot "/var/www/html"
                      #ServerName www.example.com:443

                      # Use separate log files for the SSL virtual host; note that LogLevel # is not inherited from httpd.conf.
                      ErrorLog logs/ssl_error_log
                      TransferLog logs/ssl_access_log
                      LogLevel warn
                      RewriteOptions inherit

                      # SSL Engine Switch:
                      # Enable/Disable SSL for this virtual host.
                      SSLEngine on

                      Comment

                      Working...
                      X