<div dir="ltr"><div><div><div><div>Hi Johannes,<br><br></div>well as I said I was not expecting adding X-Forwarded-Proto to fix it, since the protocol is anyway hardcoded in the config file, but I was not sure 100% since I did this long time ago when chwala was introduced.<br><br></div>Other than that I have nothing to share since I run 100% kolab default generated configs for roundcube. I just changed http to https references in olab_files.inc.php and libkolab.inc.php. my kolab_files.inc.php content (stripped out) is<br><br>$config['kolab_files_url'] = 'https://' . $_SERVER['HTTP_HOST'] . '/chwala/';<br>$config['kolab_files_list_cols'] = array('name', 'mtime', 'size');<br>$config['kolab_files_sort_col'] = 'name';<br>$config['kolab_files_sort_order'] = 'asc';<br><br></div>Please also keep in mind I use kolab 3.2, not kolab 3.3 as you are doing, so it might just be the situation got worst. And to be fair chwala doesn't seems to be supported behind a proxy, but I can be wrong.<br><br></div><div>I'm afraid the only way to fix this is ultimately look at the code, and run roundcube with debug_level to 9 (see config.inc.php).<br><br></div><div>Sorry I can't be of more help.<br><br></div><div>Good luck<br><br>Enrico<br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 26 September 2014 14:40, Johannes Graumann <span dir="ltr"><<a href="mailto:johannes_graumann@web.de" target="_blank">johannes_graumann@web.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">Hello Enrico,<br>
<br>
Thank you for your help. Sadly including the X-Forwarded-Proto bit does not<br>
fix my situation.<br>
<br>
Would you be willing to share the content of your<br>
kolab_files.inc.php<br>
config.inc.php<br>
defaults.inc.php<br>
(in an anonymized manner)?<br>
<br>
Thank you fro your time and effort.<br>
<br>
Sincerely, Joh<br>
<br>
Enrico Tagliavini wrote:<br>
<br>
> Hi Johannes,<br>
><br>
> I'm doing something quite similar to you, but with VMs instead of LXC<br>
> containers. I have one machine with nginx and a VM with the full kolab<br>
> install. All running on CentOS 6 though, not 7 and this is still kolab<br>
> 3.2. I have a difference between my config and yours:<br>
><br>
> location /chwala {<br>
> proxy_pass http://<backend>/chwala;<br>
> proxy_set_header X-Real-IP $remote_addr; # this is<br>
> not really needed<br>
> proxy_set_header X-Forwarded-For<br>
> $proxy_add_x_forwarded_for;<br>
> proxy_set_header Host $host;<br>
> proxy_set_header X-Forwarded-Proto $scheme;<br>
> }<br>
><br>
> The X-Forwarded-Proto header is something not present in your config. That<br>
> said I don't remember anymore if this is just a try which I forgot to<br>
> remove or if it is something actually useful. Since the protocol is<br>
> hardcoded in the config file anyway this should not make a difference.<br>
> Nevertheless it is correct to add it.<br>
><br>
> Even with this Chwala doesn't work 100% behind a proxy for me. It lists<br>
> files and folders, I can upload and download them, but the preview is<br>
> broken. The preview generates some http:// URL for some odd reason I'm not<br>
> able to determine. Since I enable HSTS http:// traffic is not redirected<br>
> to HTTPS, the browser simply blocks it, as it should.<br>
><br>
> If you want to debug this issue further I would also recommend to use the<br>
> firefox builtin network analyser, the web-console and, if this is not<br>
> enough, the firebug addon (providing more or less the same functions, but<br>
> in a different way). You can look for client side errors or http:// URLs,<br>
> something not directly triggering errors<br>
><br>
> Unrelated note: RC4 ciphers are considered insecure. I would recommend<br>
> ECDHE based ciphers instead with higher priority. You might still need RC4<br>
> support for some very old (and now likely deprecated) clients.<br>
><br>
> Best regards.<br>
> Enrico<br>
><br>
><br>
> On 24 September 2014 11:59, Johannes Graumann <<a href="mailto:johannes_graumann@web.de">johannes_graumann@web.de</a>><br>
> wrote:<br>
><br>
</div></div><div class="HOEnZb"><div class="h5">>> Hello,<br>
>><br>
>> I have a setup in which a centos lxc-container runs kolab and another<br>
>> (debian -based) lxc container runs nginx, proxying (https-rewriting) all<br>
>> http(s) traffic. I have attached the (slightly obfuscated) corresponding<br>
>> nginx configuration below - 10.10.10.4 is the address of the<br>
>> kolab-running container.<br>
>><br>
>> With this setup, I have access to roundcube, kolab-webadmin, ActiveSync<br>
>> and Chwala (via explicit */chwala) just fine (the other protocols haven't<br>
>> been tested).<br>
>><br>
>> For the "Files" tab in roundcube the default config doesn't work as<br>
>> everything is being rewritten to https ...<br>
>> When I edit (on the kolab server)<br>
>> "/etc/roundcubemail/kolab_files.inc.php" to<br>
>> > $config['kolab_files_url'] = 'https://' . $_SERVER['HTTP_HOST'] .<br>
>> '/chwala/';<br>
>> and run "service httpd restart", a roundcube instance that was<br>
>> open/logged in before that shows the expected folder structure in "Files"<br>
>> - saving to cloud still fails with "Saving 1 file(s) failed.".<br>
>><br>
>> Upon logging out of roundcube and logging back in, the "Files" tab is<br>
>> empty once more, not delivering the existing folder tree and restarting<br>
>> httpd does<br>
>> not bring it back.<br>
>><br>
>> This is plain weird. Where is there caching going on here and why? I am<br>
>> unable to find any meaningful logging information accompanying these<br>
>> events.<br>
>><br>
>> Any idea what's going on, what to try, where to look?<br>
>><br>
>> Thanks, Joh<br>
>><br>
>> > server {<br>
>> > listen 80;<br>
>> > # Rewrite to ssl (https)<br>
>> > server_name mail.<MYDOMAIN>.org www.mail.<MYDOMAIN>.org<br>
>> kolab.<MYDOMAIN>.org www.kolab.<MYDOMAIN>.org <a href="http://mail.MY.HOSTER.net" target="_blank">mail.MY.HOSTER.net</a><br>
>> <a href="http://www.mail.MY.HOSTER.net" target="_blank">www.mail.MY.HOSTER.net</a>;<br>
>> > #rewrite ^ https://$server_name$request_uri? permanent;<br>
>> > rewrite ^ <a href="https://mail.MY.HOSTER.net" target="_blank">https://mail.MY.HOSTER.net</a>$request_uri? permanent;<br>
>> > }<br>
>> > server {<br>
>> > listen 443;<br>
>> > server_name mail.<MYDOMAIN>.org www.mail.<MYDOMAIN>.org<br>
>> kolab.<MYDOMAIN>.org www.kolab.<MYDOMAIN>.org <a href="http://mail.MY.HOSTER.net" target="_blank">mail.MY.HOSTER.net</a><br>
>> <a href="http://www.mail.MY.HOSTER.net" target="_blank">www.mail.MY.HOSTER.net</a>;<br>
>> > client_max_body_size 40M;<br>
>> > # SSL is using CACert credentials<br>
>> > ssl on;<br>
>> > ssl_certificate /etc/ssl/private/cacert.<MYDOMAIN>.org.pem;<br>
>> > ssl_certificate_key<br>
>> /etc/ssl/private/cacert.<MYDOMAIN>.org_privatkey.pem;<br>
>> > ssl_session_timeout 5m;<br>
>> > ssl_protocols SSLv3 TLSv1;<br>
>> > ssl_ciphers<br>
>> ALL:!ADH:!EXPORT56:!LOW:RC4+RSA:+HIGH:+MEDIUM:+SSLv3:<br>
>> +EXP;<br>
>> > ssl_prefer_server_ciphers on;<br>
>> > # Proxy the "kolab.<MYDOMAIN>.org" lxc container<br>
>> > location / {<br>
>> > proxy_pass <a href="http://10.10.10.14/roundcubemail/" target="_blank">http://10.10.10.14/roundcubemail/</a>;<br>
>> > # proxy_pass <a href="http://10.10.10.14" target="_blank">http://10.10.10.14</a>;<br>
>> > proxy_set_header Host $host;<br>
>> > proxy_set_header X-Real-IP $remote_addr;<br>
>> > proxy_set_header X-Forwarded-For<br>
>> $proxy_add_x_forwarded_for;<br>
>> > }<br>
>> > location /kolab-webadmin/ {<br>
>> > proxy_pass <a href="http://10.10.10.14/kolab-webadmin/" target="_blank">http://10.10.10.14/kolab-webadmin/</a>;<br>
>> > proxy_set_header Host $host;<br>
>> > proxy_set_header X-Real-IP $remote_addr;<br>
>> > proxy_set_header X-Forwarded-For<br>
>> $proxy_add_x_forwarded_for;<br>
>> > }<br>
>> > location /freebusy/ {<br>
>> > proxy_pass <a href="http://10.10.10.14/freebusy/" target="_blank">http://10.10.10.14/freebusy/</a>;<br>
>> > proxy_set_header Host $host;<br>
>> > proxy_set_header X-Real-IP $remote_addr;<br>
>> > proxy_set_header X-Forwarded-For<br>
>> $proxy_add_x_forwarded_for;<br>
>> > }<br>
>> > location /chwala/ {<br>
>> > proxy_pass <a href="http://10.10.10.14/chwala/" target="_blank">http://10.10.10.14/chwala/</a>;<br>
>> > proxy_set_header Host $host;<br>
>> > proxy_set_header X-Real-IP $remote_addr;<br>
>> > proxy_set_header X-Forwarded-For<br>
>> $proxy_add_x_forwarded_for;<br>
>> > }<br>
>> > location /iRony/ {<br>
>> > proxy_pass <a href="http://10.10.10.14/iRony/" target="_blank">http://10.10.10.14/iRony/</a>;<br>
>> > proxy_set_header Host $host;<br>
>> > proxy_set_header X-Real-IP $remote_addr;<br>
>> > proxy_set_header X-Forwarded-For<br>
>> $proxy_add_x_forwarded_for;<br>
>> > }<br>
>> > location /Microsoft-Server-ActiveSync/ {<br>
>> > proxy_pass<br>
>> <a href="http://10.10.10.14/Microsoft-Server-ActiveSync/" target="_blank">http://10.10.10.14/Microsoft-Server-ActiveSync/</a>;<br>
>> > proxy_set_header Host $host;<br>
>> > proxy_set_header X-Real-IP $remote_addr;<br>
>> > proxy_set_header X-Forwarded-For<br>
>> $proxy_add_x_forwarded_for;<br>
>> > }<br>
>> > }<br>
>> ><br>
>><br>
>><br>
>> _______________________________________________<br>
>> users mailing list<br>
>> <a href="mailto:users@lists.kolab.org">users@lists.kolab.org</a><br>
>> <a href="https://lists.kolab.org/mailman/listinfo/users" target="_blank">https://lists.kolab.org/mailman/listinfo/users</a><br>
>><br>
<br>
<br>
_______________________________________________<br>
users mailing list<br>
<a href="mailto:users@lists.kolab.org">users@lists.kolab.org</a><br>
<a href="https://lists.kolab.org/mailman/listinfo/users" target="_blank">https://lists.kolab.org/mailman/listinfo/users</a><br>
</div></div></blockquote></div><br></div>