Kolab 2.2, Horde and reverse proxy

Gunnar Wrobel wrobel at pardus.de
Tue Aug 5 10:42:40 CEST 2008 

Sylvain MEDEOT <symedeot at yahoo.fr> writes:

> Hi,
>
> I have a running kolab.
>
> I was running a previous version of horde on an apache server hosted on a different server.
>
> This version of horde is accessible from the internet through an apache reverse proxy :
>
> WAN   <=====> WEB SERVER  <=======>  INTERNAL-SERVER HOSTING HORDE  <===>  KOLAB SERVER
> 	www.mydomain.com (rev.proxy)					kolab.mydomain.com
>
> With the introduction of horde in kolab 2.2, this architecture is now :
>
> WAN   <=====> WEB SERVER  <=======>  HORDE ON KOLAB SERVER
> 	www.mydomain.com (rev.proxy)   kolab.mydomain.com
>
> Horde on kolab is working fine and can be accessed normally by 
> http://kolab.mydomain.com/horde/
>
> The reverse proxy (apache 2.2.3-4+etch5) is configured in this way :
>
> NameVirtualHost *:80
> <VirtualHost *:80>
>          ServerAdmin webmaster at localhost
>          DocumentRoot /var/www/
>          <Directory />
>                  Options FollowSymLinks
>                  AllowOverride None
>          </Directory>
>
>      <Proxy *>
>      Order deny,allow
>      Allow from all
>      </Proxy>
>      ProxyPass        /horde/ http://kolab.mydomain.com/horde/
>      ProxyPassReverse /horde/ http://kolab.mydomain.com/horde/
> </VirtualHost>
>
> NameVirtualHost *:443
> <VirtualHost *:443>
> ServerAdmin webmaster at localhost
>      SSLEngine on
>      SSLProxyEngine On
>      ProxyPreserveHost Off
>      DocumentRoot /var/www/
>      <Directory />
>      Options FollowSymLinks
>      AllowOverride None
>      </Directory>
>
>      <Directory /var/www/>
>      Options Indexes FollowSymLinks MultiViews
>      AllowOverride None
>      Order allow,deny
>      allow from all
>
>      # This directive allows us to have apache2's default start page
>      # in /apache2-default/, but still have / go to the right place
>      RedirectMatch ^/$ /index.php
>      RedirectMatch ^/$ /apache2-default/
>      </Directory>
>
>      ProxyRequests Off
>
>      <Proxy *>
>      Order deny,allow
>      Allow from all
>      </Proxy>
>      ProxyPass        /horde/ http://kolab.mydomain.com/horde/
>      ProxyPassReverse /horde/ http://kolab.mydomain.com/horde/
>
> </VirtualHost>
>
> I then changed /kolab/var/kolab/www/horde/config.php to adapt horde to the reverse proxy 
> setup :
>
> In /kolab/var/kolab/www/horde/config.php :
> $conf['use_ssl'] = 2;
> $conf['server']['name'] = 'www.mydomain.com';    //$_SERVER['SERVER_NAME'];
> $conf['cookie']['domain'] =  'www.mydomain.com';
> $conf['cookie']['path'] = '/horde';
>
> In /kolab/var/kolab/www/horde/kolab.php, I also have :
> $conf['cookie']['domain'] = 'www.mydomain.com';
> (by the way, running kolabconf replaces the original in kolab.php setting but I don't know 
> where to fix this setting...)
>
> When I try to access http://www.mydomain.com/horde/, I see the browser accessing 
> www.mydomain.com and then kolab.mydomain.com (???) several times... and then I got an 
> error message.
>
> /kolab/var/apache/log/apache-access.log
> www.mydomain.com - - [03/Aug/2008:18:28:33 +0200] "GET /horde/ HTTP/1.1" 302 26
> www.mydomain.com - - [03/Aug/2008:18:28:33 +0200] "GET 
> /horde/login.php?Horde=0d157821702de8ca429b9c3da501eb72 HTTP/1.1" 302 358
>
> /kolab/var/apache/log/apache-error.log
> Sun Aug 03 18:28:33 2008] [error] [client myip...] access to 
> /kolab/var/kolab/www/horde/login.php failed, reason: SSL connection required

I don't know much about the reverse proxy setup so my answer may not
be very precise. But this looks like the redirect to the SSL-Version
of the site is not working.

Make sure your proxy requires SSL for the connection to horde and
redirect the SSL connection from the proxy to
https://kolab.mydomain.com/horde/

Or - if you don't care about security :) - remove the SSL requirement
from the Apache config on the Kolab server.

Cheers,

Gunnar

>
> I look at my previous horde config on the external server and there is nothing more... 
> Horde can be accessed on this server when I revert the original setup so there is 
> something to adapt in kolab 2.2 but I can't find what...
>
> Any help welcome,
>
> Kind regards,
>
> Sylvainpo
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users

-- 
______ http://kdab.com _______________ http://kolab-konsortium.com _

p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium

____ http://www.pardus.de _________________ http://gunnarwrobel.de _
E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
Tel.   : +49 700 6245 0000                          Bundesstrasse 29
Fax    : +49 721 1513 52322                          D-20146 Hamburg
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   >> Mail at ease - Rent a kolab groupware server at p at rdus <<                 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

More information about the users mailing list