If you try to go to SiteWorx for a domain it will force you to SSL on port 2443. But if you try the same with webmail, it allows you to connect using HTTP. Is there a way to add this same redirect for /siteworx to all the webmail paths?
Also, since most sites won’t have SSL can it be redirected to a main domain I have an SSL for?
Hi Justin
Yes, both of your requirements can be completed
Sorry, I’m out with the family but from memory, webmail can be set in iworx.conf as it has been for nodeworx/siteworx and you can use whatever domain you choose. Usually server hostname I guess, which makes sense
You could also just give out the hostname webmail for login
If I have time tommorow when I’m back, I’ll test it out
Many thanks
John
Editing the iworx.conf in the “public httpd” area I was able to accomplish this to a degree.
RewriteRule ^/roundcube(/)?$ https://mycustomdomain.com:2443/roundcube/ [R,L]
The only time this didn’t work is if someone went to the URL with the 2080 port: http://customerdomain.com:2080/roundcube/
With that 2080 in there, it would just load it non-secure.
So then I added this to the iworx.conf
RewriteEngine on
RewriteCond %{SERVER_PORT} 2080
RewriteRule ^(.*)$ https://mycustomdomain.com:2443$1 [R,L]
This didn’t do anything, but then I realized that if you put in the 2080 port it is running on the interworx “private” http server.
So I added that code into /home/interworx/etc/httpd/httpd-custom.conf, did an iworx restart and now it works.
I know most people wouldn’t put in 2080, but trying to make my server PCI Compliant and I think they have some links direct to that. I guess I could just disable 2080 listening port on the “private” iworx httpd.conf as well and that would work.
Hi Justin
Many thanks
My original thought was to have the same as /nodeworx or /siteworx, and set one up as /webmail, so it directs to your chosen site.
This is based on the access to webmail, as in mydomain.url/webmail
I have not tried this though sorry, and you have it working now, but would that work for horde and the other one
Many thanks
John
I realize my post above was confusing because it was following my train of thought, let me break it down by each conf file and why what goes where. Please keep an eye out for System Apache vs Interworx Apache below, as this is key.
iworx.conf
RewriteEngine on
RewriteRule ^/siteworx(/)?$ https://%{HTTP_HOST}:2443/siteworx/\?domain=%{HTTP_HOST} [R,L]
RewriteRule ^/nodeworx(/)?$ https://%{HTTP_HOST}:2443/nodeworx/ [R,L]
RewriteRule ^/webmail(/)?$ https://%{HTTP_HOST}:2443/webmail/ [R,L]
RewriteRule ^/roundcube(/)?$ https://maindomainwithssl.com:2443/roundcube/ [R,L]
RewriteRule ^/horde(/)?$ https://maindomainwithssl.com:2443/horde/ [R,L]
RewriteRule ^/squirrelmail(/)?$ https://maindomainwithssl.com:2443/squirrelmail/ [R,L]
In addition to the ones that were there already, this will redirect…
mydomain.url/roundcube maindomainwithssl:2443/roundcube
mydomain.url/horde maindomainwithssl:2443/horde
mydomain.url/squirrelmail maindomainwithssl:2443/squirrelmail
So this is basically redirecting from standard System Apache (port HTTP 80 and HTTPS 443) to the Interworx Apache on port HTTPS 2443.
The only time this doesn’t work is if someone goes direct to a URL with port HTTP 2080 or HTTP 2443. When this happens someone is connecting directly to the Interworx setup and bypasses the iworx.conf.
So in in the case of 2443 it doesn’t really matter, they will get a certificate name mismatch, but it will be secure.
But if they go to 2080, then they would be allowed to connect without being secure.
To get around the 2080 problem I updated the Interworx Apache config file
/home/interworx/etc/httpd/httpd-custom.conf
RewriteEngine on
RewriteCond %{SERVER_PORT} 2080
RewriteRule ^(.*)$ https://mycustomdomain.com:2443$1 [R,L]
This tells the Interworx Apache that anything coming in on port 2080 will be redirected to 2443. Basically allowing connection on the standard Interworx HTTP port of 2080, but forcing it to the secure HTTPS 2443 before it can do anything.
The other option is just disabling port 2080 on Interworx Apache so no one can connect insecurely in the first place.
Not sure why one wouldn’t work. If the server setup is the same as the others it should. Have you tried doing a reboot?
On the other note, if I go to https://somedomain.com/siteworx it will redirect to my main domain that has SSL and show the login page.
If I do https://sub.somedomain.com/siteworx it gives me a certificate error (before redirect), if I just say to ignore it, then the redirect goes through and I’m on the correct page.
I’m really not sure why having a subdomain throws it off.
Hi Justin and Bertie
I know https is handled differently to that of http, and I cannot test on live with a live domain, but would think the subdomain cert error is because the subdomain needs to match its SSL including private key with nodeworx SSL and siteworx hostname SSL, thereby all certs match
I could be wrong though sorry.
Many thanks
John
John, the difference here for me is the sub.domain.com not redirecting to the correct SSL domain, lets call it ssldomain.com.
If I do https://domainnossl.com/siteworx before I can even get a certificate error it redirects to https://ssldomain.com:2443/siteworx/?domain=domainnossl.com as expected.
But do https://sub.domainnossl.com/siteworx and you get the error.
Hi Justin
Many thanks
Sorry, it’s late here and just having a cold beer watching pbs American showing world trade centre 1, very interesting as we visited the WTC site in 2004 and paid our respects
I think I’m beginning to understand and just a thought, are subdomain handled the same way as subdomain SSL, which I guess so
On your test, does the subdomain match fully with the private key etc on the SSL
Have you tried with htaccess
I’ll have to think about this a little more, but it’s in the back of my mind that because it’s https, some details are hidden to the logic, if that makes sense
Have a lovely night
Many thanks
John
In this example, the subdomain domain does not have SSL. It is supposed to redirect to the correct host which I’ve setup in NodeWorx SSL screen.
The redirect from https:// or http:// for a domain with no SSL works fine, but with the subdomain it doesn’t redirect.
Not a big deal for me, but since it was brought up by Bertie I was trying to understand it.
Hi Bertie
Many thanks
Hashing those redirects would cause a page not found, which is correct as the siteworx/nodeworx do not have these folders in the root directory.
The webmail worked still because you did not hash them out
As I said previous, with https, if the page or redirect does not exist, I believe it reverts to Apache https folder
A quick question, so apologies if I am wrong in advance, but on your rewrite rule, can you test using the actual suddomain url in full and not http_host for the server part, leaving domain=%(HTTP_HOST) [R,L]
Many thanks
John
Hi Bertie
Many thanks, yes that was what I was asking and sorry it did not work
It goes to page unknown because it does not exist - https handles things differently
I would think (and apologies, I’m losing site of issue) if you put the redirects also in the vhost file, that it may work and trigger correctly, but I cannot test it as I do not have a test server set using a sub domain
Many thanks
John
Hi Bertie
Many thanks and I have PM you with 2 test domains. If you could post if they work as you expect and if so, I will post exactly how I did it
John
Hi Bertie
Many thanks, seem your pm so will update when I?m back later today or tomorrow if alright
Many thanks
John
Hi Bertie
Please see the change that I made to iworx.com, so SSH into server and either run as root or su
vi /etc/httpd/conf.d/iworx.conf
RewriteRule ^/siteworx(/)?$ https://myserver.url:2443/siteworx/?domain=%{HTTP_HOST} [R,L]
RewriteRule ^/nodeworx(/)?$ https://myserver.url:2443/nodeworx/ [R,L]
RewriteRule ^/webmail(/)?$ https://myserver.url:2443/webmail/ [R,L]
RewriteRule ^/roundcube(/)?$ https://myserver.url:2443/roundcube/ [R,L]
RewriteRule ^/horde(/)?$ https://myserver.url:2443/horde/ [R,L]
RewriteRule ^/squirrelmail(/)?$ https://myserver.url:2443/squirrelmail/ [R,L]
Please note myserver.url would be changed to your nodeworx URL domain, which lets say you use
mynwdomain.co.uk as your main Interworx server FQDN for nodeworx/siteworx/webmail and it has a SSL (which you can use Lets Encrypt for SSL), the additions would be as follows
RewriteRule ^/siteworx(/)?$ https://mynwdomain.co.uk:2443/siteworx/?domain=%{HTTP_HOST} [R,L]
RewriteRule ^/nodeworx(/)?$ https://mynwdomain.co.uk:2443/nodeworx/ [R,L]
RewriteRule ^/webmail(/)?$ https://mynwdomain.co.uk:2443/webmail/ [R,L]
RewriteRule ^/roundcube(/)?$ https://mynwdomain.co.uk:2443/roundcube/ [R,L]
RewriteRule ^/horde(/)?$ https://mynwdomain.co.uk:2443/horde/ [R,L]
RewriteRule ^/squirrelmail(/)?$ https://mynwdomain.co.uk:2443/squirrelmail/ [R,L]
Please either then reboot server, or restart interworx (service iworx restart) and restart apache (service httpd restart), then test but you may have to clear browser cache first
I hope that helps
Many thanks
John
Hi Bertie
Many thanks
I have changed one of our servers as test, to make sure if subdomain rewrites works as expected.
There is a SSL cert error warning, as I have not changed IW SSL certs (just needed to check the rewrite on http and https)
This works lovely, so I will PM you the domains to test yourself if alright.
What version of IW and distro are you using
Is the DNS correctly setup
did you restart iworx and Apache (or restart server) as both iworx and Apache need restarting for changes to happen
Many thanks
John
Hi Bertie
Many thanks
They should not be able to unless using 2080, and if you want to stop that, justec posted earlier on thread a how to
I would try deleting your hash redirects, saving and restarting iWorx and Apache. Actually if restarting, do you get any errors
The only other thing I could think right now is are there any other redirects setup anywhere or are you load balancing or running through a proxy
Is the issue that http://mydomain.url/siteworx not redirecting to https//myserver.url:/443/siteworx but to http://myserver.url:2080/siteworx
Is that correct
On my test, does it work correctly as expected
Many thanks
John
Hi Bertie
Many thanks
Your settings look to be correct so should just work
I am not sure why the port numbers are not been displayed. Perhaps this points to some port number changes, and if using main server url for webmail, requires the port /2443
I would fully restart the server, clear browser cache and test
If this does not resolve issue, as it needs more information and correct domain url to be given, which you do not want to do on the forum, I would open a support ticket and let IW have a proper look to see what?s happening/going wrong
To be sure I had set our test up correctly, I have changed IW-CP ssl certs so there is no error on SSL and it still works lovely
If you could update thread it would be appreciated
Many thanks
John
Hi Bertie
Many thanks and answer same as you have found, except when using /roundcube /horde, then it works
Could you add your server FQDN as a siteworx account and then using vhost file to auto change to https
I can post later the detail you need for this http to https using vhost file for domain
This then may well work or not, but it is worth a try
Many thanks
John
Hi Bertie
Many thanks and please see below for http to https for vhost file
RewriteEngine On
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This I place between the following lines
ServerAdmin webmaster@mydomain.url
RewriteEngine On
RewriteCond %{ENV:HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
You need to restart apache for this to come live
I was thinking though, prior to adding the server FQDN as a siteworx account, if you just browse to your server FQDn, it takes you to the siteworx login page, which should not happen.
Are you sure you have not made any other changes anywhere
Apologies if I am wrong and it is default action, but I do not think it is
so if you browse to http://my.server.url this then I am sure took me to http://my.server.url/siteworx
Sorry, just checking and it appears to be working lovely now when browsing to http://my.server.url, it is going to https://my.server.url/nodeworx, and if trying http://my.server.url/siteworx goes to https://my.server.url/siteworx
port 2080 shows page cannot be displayed
Please, what have you changed
I hope that makes sense
Many thanks
John