I realize my post above was confusing because it was following my train of thought, let me break it down by each conf file and why what goes where. Please keep an eye out for System Apache vs Interworx Apache below, as this is key.
iworx.conf
RewriteEngine on
RewriteRule ^/siteworx(/)?$ https://%{HTTP_HOST}:2443/siteworx/\?domain=%{HTTP_HOST} [R,L]
RewriteRule ^/nodeworx(/)?$ https://%{HTTP_HOST}:2443/nodeworx/ [R,L]
RewriteRule ^/webmail(/)?$ https://%{HTTP_HOST}:2443/webmail/ [R,L]
RewriteRule ^/roundcube(/)?$ https://maindomainwithssl.com:2443/roundcube/ [R,L]
RewriteRule ^/horde(/)?$ https://maindomainwithssl.com:2443/horde/ [R,L]
RewriteRule ^/squirrelmail(/)?$ https://maindomainwithssl.com:2443/squirrelmail/ [R,L]
In addition to the ones that were there already, this will redirect…
mydomain.url/roundcube maindomainwithssl:2443/roundcube
mydomain.url/horde maindomainwithssl:2443/horde
mydomain.url/squirrelmail maindomainwithssl:2443/squirrelmail
So this is basically redirecting from standard System Apache (port HTTP 80 and HTTPS 443) to the Interworx Apache on port HTTPS 2443.
The only time this doesn’t work is if someone goes direct to a URL with port HTTP 2080 or HTTP 2443. When this happens someone is connecting directly to the Interworx setup and bypasses the iworx.conf.
So in in the case of 2443 it doesn’t really matter, they will get a certificate name mismatch, but it will be secure.
But if they go to 2080, then they would be allowed to connect without being secure.
To get around the 2080 problem I updated the Interworx Apache config file
/home/interworx/etc/httpd/httpd-custom.conf
RewriteEngine on
RewriteCond %{SERVER_PORT} 2080
RewriteRule ^(.*)$ https://mycustomdomain.com:2443$1 [R,L]
This tells the Interworx Apache that anything coming in on port 2080 will be redirected to 2443. Basically allowing connection on the standard Interworx HTTP port of 2080, but forcing it to the secure HTTPS 2443 before it can do anything.
The other option is just disabling port 2080 on Interworx Apache so no one can connect insecurely in the first place.