Problem with https and roundcube
Enrico Tagliavini
enrico.tagliavini at gmail.com
Fri Sep 12 08:55:57 CEST 2014
Hi Urban,
you are right about the redundant feeling of including a config file again
in the SSL vhost, but that's exactly how apache httpd works. vhosts are
completely independent by each other. If the roundcube config file in
included in the main plain http vhost it is not included in the https vhost
and so on. It also very much depend the way you configure your SSL vhost
and, unfortunately, in the order you do so. So it is pretty normal to have
to replicate the same config over and over between vhosts in apache httpd.
That's where "include" comes very handy.
There is an alternative solution to enable https which is using an SSL
accelerator (and this can even be a vhost in apache httpd itself, or a
completely different program) working in reverse proxy configuration. This
way you have no problems on the apache httpd side, about including kolab
directory rules in the SSL vhost.... but you'll have problem in other ways,
namely applications not being very happy of being used behind a reverse
proxy. chwala for example doesn't work 100% behind such a proxy, it is not
able to, for example, display txt file content on the web interface because
it generates an http:// link in the web page. If you enforce https with
HSTS, modern web browser will refuse to connect. So at the end of the day
better to get apache SSL config right and not make your life harder with a
reverse SSL proxy if you can.
Cheers
Enrico
On 11 September 2014 20:00, Urban Emanuel <urban.emanuel.ml at gmail.com>
wrote:
> Hi,
>
> On 09/11/2014 06:22 PM, Pasi Kärkkäinen wrote:
> [...]
> > You're correct with your analysis.
> >
> > When you add the new SSL vhost, you also need to add the necessary
> rewrite-rules there,
> > otherwise they're not applied, and you get missing logos etc.
>
> Thanks for clearing that up!
>
> Before I try my luck with submitting a patch for the documentation:
> There are several Kolab-specific configurations in /etc/httpd/conf.d.
> Are the rewrite-rules in roundcubemail.conf the only thing relevant for
> an SSL vhost? I am accessing the host only with https, so I am not sure
> why everything else seems to work (webadmin, chwala...).
>
> Thanks again
> Urban
>
> P.S. OT: I admit I am a little bit confused with the way CentOS handles
> apache config - I am used to the debian way, where configuration and
> sites are handled separately.
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20140912/d964080f/attachment-0001.html>
More information about the users
mailing list