Announcement

Collapse
No announcement yet.

Force /webmail, /roundcube, etc. to SSL

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Justec
    started a topic Force /webmail, /roundcube, etc. to SSL

    Force /webmail, /roundcube, etc. to SSL

    If you try to go to SiteWorx for a domain it will force you to SSL on port 2443. But if you try the same with webmail, it allows you to connect using HTTP. Is there a way to add this same redirect for /siteworx to all the webmail paths?

    Also, since most sites won't have SSL can it be redirected to a main domain I have an SSL for?
    Last edited by Justec; 01-07-2017, 02:25 PM.

  • Bertie
    replied
    This has been fixed by Interworx support - Thanks again (if they read this). They did the following changes:

    I added the following Proxypass information to iworx.conf, which allowed /webmail to work as expected from https:


    ProxyPass /webmail http://127.0.0.1:2080/webmail ProxyPassReverse /webmail http://127.0.0.1:2080/webmail

    ProxyPass /horde http://127.0.0.1:2080/horde ProxyPassReverse /horde http://127.0.0.1:2080/horde

    ProxyPass /squirrelmail http://127.0.0.1:2080/squirrelmail
    ProxyPassReverse /squirrelmail http://127.0.0.1:2080/squirrelmail

    ProxyPass /roundcube http://127.0.0.1:2080/roundcube ProxyPassReverse /roundcube http://127.0.0.1:2080/roundcube


    The dev team then added the line "RewriteOptions inherit" to /etc/httpd/conf.d/ssl.conf under the <VirtualHost _default_:443> section:

    ## SSL Virtual Host Context
    ##

    <VirtualHost _default_:443>

    # General setup for the virtual host, inherited from global configuration #DocumentRoot "/var/www/html"
    #ServerName www.example.com:443

    # Use separate log files for the SSL virtual host; note that LogLevel # is not inherited from httpd.conf.
    ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    LogLevel warn
    RewriteOptions inherit

    # SSL Engine Switch:
    # Enable/Disable SSL for this virtual host.
    SSLEngine on

    Leave a comment:


  • d2d4j
    replied
    Hi Bertie

    Many thanks

    IW rock but I do not know who your reseller is sorry. I do not work for IW or have any access to any data

    If you check the 2 servers which are working as expected, is there any difference to those 2 conf files

    I am sure your reseller will reply or IW may well reply, but there is a set procedure to go through before IW directly can help. Also, please understand IW start work at USA time, which uk is about 5 - 7 hours in front of USA

    Many thanks

    John

    Leave a comment:


  • Bertie
    replied
    Originally posted by d2d4j View Post
    Hi Bertie

    Many thanks

    I am not sure why you have differnt IP shown for listen, as I just checked on one of our servers with multiple IP, and we have not explicitly included them, just set global for listen to 80 and 443 in respective files

    Apache will complain if you have global listen 80 and defined IP to listen to I think from memory, or it could be some vhost files are explicitly defined for listen ip ports perhaps

    This is why direct access to server helps, as it can be checked quickly

    You could also just try hashing out all listen on all IP, and uncomment Listen 80, same with ssl.conf, then stop/start apache and test

    Have you reopened your ticket with IW, so they can have a look

    Many thanks

    John
    Hi John,

    I will give that a go and will update on what happens.

    Update: Didn't seem to make much difference.

    I replied to the email they sent. Although the ticket was opened via the reseller. So I'm hoping they will receive the reply to the email? I haven't dealt with Interworx support before so I'm not sure how their system works.I originally contacted Interworx via their contact form and they replied back with a suggestion. It didn't work and they also mentioned about opening a ticket via the reseller. Which I did do in the end, then the same guy replied back via email again who accessed the server and did the changes mentioned in the previous posts. I have replied back to the email and now I'm just waiting.
    Last edited by Bertie; 09-05-2018, 04:12 AM.

    Leave a comment:


  • d2d4j
    replied
    Hi Bertie

    Many thanks

    I am not sure why you have differnt IP shown for listen, as I just checked on one of our servers with multiple IP, and we have not explicitly included them, just set global for listen to 80 and 443 in respective files

    Apache will complain if you have global listen 80 and defined IP to listen to I think from memory, or it could be some vhost files are explicitly defined for listen ip ports perhaps

    This is why direct access to server helps, as it can be checked quickly

    You could also just try hashing out all listen on all IP, and uncomment Listen 80, same with ssl.conf, then stop/start apache and test

    Have you reopened your ticket with IW, so they can have a look

    Many thanks

    John

    Leave a comment:


  • Bertie
    replied
    Originally posted by d2d4j View Post
    Hi Bertie

    I have just checked on one of our servers, and if I understand correctly, you have set your IP address for 80 and 443

    Please could you edit them and just set as

    /etc/httpd/conf/httpd.conf

    Listen 80

    /etc/httpd/conf.d/ssl.conf

    Listen 443

    service iworx stop

    service iworx start

    service httpd stop

    service httpd start

    clear your browser cache and test

    Many thanks

    John
    Well, it was Interworx Support who made the change. I could give what you have suggested a go I suppose?

    Edit: Ah, I don't think I can have that change in the files because there are multiple IPs being mentioned in the file to listen to these ports. For example:


    #Listen 443
    Listen 127.0.0.1:443
    Listen X.X.X.X:443
    Listen X.X.X.X:443
    Listen X.X.X.X:443

    Same as in the normal httpd.conf file as well. So hashing the Listen 443 out for example, same as 80. Apache doesn't like it as it complains it can't bind to an address.
    Last edited by Bertie; 09-05-2018, 03:44 AM.

    Leave a comment:


  • d2d4j
    replied
    Hi Bertie

    I have just checked on one of our servers, and if I understand correctly, you have set your IP address for 80 and 443

    Please could you edit them and just set as

    /etc/httpd/conf/httpd.conf

    Listen 80

    /etc/httpd/conf.d/ssl.conf

    Listen 443

    service iworx stop

    service iworx start

    service httpd stop

    service httpd start

    clear your browser cache and test

    Many thanks

    John

    Leave a comment:


  • Bertie
    replied
    Originally posted by d2d4j View Post
    Hi Bertie

    Many thanks for update and kudos to IW.

    I am sure you have, but have you fully restarted server and cleared your browser cache

    I will check later today to see what I bring up in browser for you

    Many thanks

    John
    I have tried on different browsers as well and another network. It seems anything like https://sub.domain.com/webmail and https://sub.domain.com/siteworx will just return a Not Found page. Rather than redirecting to the correct areas.

    I'll update if that changes during the day.

    Leave a comment:


  • d2d4j
    replied
    Hi Bertie

    Many thanks for update and kudos to IW.

    I am sure you have, but have you fully restarted server and cleared your browser cache

    I will check later today to see what I bring up in browser for you

    Many thanks

    John

    Leave a comment:


  • Bertie
    replied
    Update - Interworx Support looked into the issue:


    It looks like *IP Address* was configured to listen on port 80 and 443 for the internal iworx-web server and not the normal web server. I corrected this by commenting out these line in ~iworx/etc/httpd/httpd-custom.conf

    #Listen *IP Address*:80
    # Listen *IP Address*:443

    and adding this line in /etc/httpd/conf/httpd.conf:

    Listen *IP Address*:80

    and this line in /etc/httpd/conf.d/ssl.conf:

    Listen *IP Address*:443

    I then restarted the iworx-web server and reloaded httpd.
    Which is great and did seem to get the following working: http://sub.domain/webmail to redirect to: https://sub.domain.com:2443/webmail/. But the problem I have now is that anyone who tries and types in: https://sub.domain.com/webmail (notice the https) and also /siteworx and /nodeworx will get a Not Found error instead of them redirecting to the correct place. I have the following in iworx.conf:

    RewriteRule ^/(webmail/?.*) https://%{HTTP_HOST}:2443/$1 [R,L]
    RewriteRule ^/(roundcube/?.*) https://%{HTTP_HOST}:2443/$1 [R,L]
    RewriteRule ^/(squirrelmail/?.*) https://%{HTTP_HOST}:2443/$1 [R,L]
    RewriteRule ^/(horde/?.*) https://%{HTTP_HOST}:2443/$1 [R,L]
    RewriteRule ^/siteworx(/)?$ https://%{HTTP_HOST}:2443/siteworx/\?domain=%{HTTP_HOST} [R,L]
    RewriteRule ^/nodeworx(/)?$ https://%{HTTP_HOST}:2443/nodeworx/ [R,L]
    I have replied to Interworx to see if they have any suggestions but if anyone else has any ideas then please throw them this way.

    Leave a comment:


  • Bertie
    replied
    Originally posted by d2d4j View Post
    Hi Bertie

    Many thanks and please see below for http to https for vhost file

    RewriteEngine On
    RewriteCond %{ENV:HTTPS} !on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    This I place between the following lines

    ServerAdmin webmaster@mydomain.url

    RewriteEngine On
    RewriteCond %{ENV:HTTPS} !on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # subdomain logic

    You need to restart apache for this to come live

    I was thinking though, prior to adding the server FQDN as a siteworx account, if you just browse to your server FQDn, it takes you to the siteworx login page, which should not happen.

    Are you sure you have not made any other changes anywhere

    Apologies if I am wrong and it is default action, but I do not think it is

    so if you browse to http://my.server.url this then I am sure took me to http://my.server.url/siteworx

    Sorry, just checking and it appears to be working lovely now when browsing to http://my.server.url, it is going to https://my.server.url/nodeworx, and if trying http://my.server.url/siteworx goes to https://my.server.url/siteworx

    port 2080 shows page cannot be displayed

    Please, what have you changed

    I hope that makes sense

    Many thanks

    John
    Hi John,

    I gave that a go but doesn't seem to have made much of a difference. I feel the person who originally set this Interworx server up as done some changes somewhere that is effecting this. Sadly I can't go and ask them regarding it. But as you have mentioned going to the server FQDN it takes you to /nodeworx. I may have to go and do some digging around but not sure where to start as the file could be in various different places.

    Leave a comment:


  • d2d4j
    replied
    Hi Bertie

    Many thanks and please see below for http to https for vhost file

    RewriteEngine On
    RewriteCond %{ENV:HTTPS} !on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    This I place between the following lines

    ServerAdmin webmaster@mydomain.url

    RewriteEngine On
    RewriteCond %{ENV:HTTPS} !on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # subdomain logic

    You need to restart apache for this to come live

    I was thinking though, prior to adding the server FQDN as a siteworx account, if you just browse to your server FQDn, it takes you to the siteworx login page, which should not happen.

    Are you sure you have not made any other changes anywhere

    Apologies if I am wrong and it is default action, but I do not think it is

    so if you browse to http://my.server.url this then I am sure took me to http://my.server.url/siteworx

    Sorry, just checking and it appears to be working lovely now when browsing to http://my.server.url, it is going to https://my.server.url/nodeworx, and if trying http://my.server.url/siteworx goes to https://my.server.url/siteworx

    port 2080 shows page cannot be displayed

    Please, what have you changed

    I hope that makes sense

    Many thanks

    John

    Leave a comment:


  • Bertie
    replied
    Originally posted by d2d4j View Post
    Hi Bertie

    Many thanks and answer same as you have found, except when using /roundcube /horde, then it works

    Could you add your server FQDN as a siteworx account and then using vhost file to auto change to https

    I can post later the detail you need for this http to https using vhost file for domain

    This then may well work or not, but it is worth a try

    Many thanks

    John
    Thanks John, If you should share the changes you would make to the vhost file and I'll give it a go.

    Leave a comment:


  • d2d4j
    replied
    Hi Bertie

    Many thanks and answer same as you have found, except when using /roundcube /horde, then it works

    Could you add your server FQDN as a siteworx account and then using vhost file to auto change to https

    I can post later the detail you need for this http to https using vhost file for domain

    This then may well work or not, but it is worth a try

    Many thanks

    John

    Leave a comment:


  • d2d4j
    replied
    Hi Bertie

    Many thanks

    Your settings look to be correct so should just work

    I am not sure why the port numbers are not been displayed. Perhaps this points to some port number changes, and if using main server url for webmail, requires the port /2443

    I would fully restart the server, clear browser cache and test

    If this does not resolve issue, as it needs more information and correct domain url to be given, which you do not want to do on the forum, I would open a support ticket and let IW have a proper look to see what’s happening/going wrong

    To be sure I had set our test up correctly, I have changed IW-CP ssl certs so there is no error on SSL and it still works lovely

    If you could update thread it would be appreciated

    Many thanks

    John

    Leave a comment:

Working...
X