roundcube/chwala interaction inconsistencies (and nginx?)

Enrico Tagliavini enrico.tagliavini at gmail.com
Fri Sep 26 15:35:50 CEST 2014 

Hi Johannes,

well as I said I was not expecting adding X-Forwarded-Proto to fix it,
since the protocol is anyway hardcoded in the config file, but I was not
sure 100% since I did this long time ago when chwala was introduced.

Other than that I have nothing to share since I run 100% kolab default
generated configs for roundcube. I just changed http to https references in
olab_files.inc.php and libkolab.inc.php. my kolab_files.inc.php content
(stripped out) is

$config['kolab_files_url'] = 'https://' . $_SERVER['HTTP_HOST'] .
'/chwala/';
$config['kolab_files_list_cols'] = array('name', 'mtime', 'size');
$config['kolab_files_sort_col'] = 'name';
$config['kolab_files_sort_order'] = 'asc';

Please also keep in mind I use kolab 3.2, not kolab 3.3 as you are doing,
so it might just be the situation got worst. And to be fair chwala doesn't
seems to be supported behind a proxy, but I can be wrong.

I'm afraid the only way to fix this is ultimately look at the code, and run
roundcube with debug_level to 9 (see config.inc.php).

Sorry I can't be of more help.

Good luck

Enrico


On 26 September 2014 14:40, Johannes Graumann <johannes_graumann at web.de>
wrote:

> Hello Enrico,
>
> Thank you for your help. Sadly including the X-Forwarded-Proto bit does not
> fix my situation.
>
> Would you be willing to share the content of your
> kolab_files.inc.php
> config.inc.php
> defaults.inc.php
> (in an anonymized manner)?
>
> Thank you fro your time and effort.
>
> Sincerely, Joh
>
> Enrico Tagliavini wrote:
>
> > Hi Johannes,
> >
> > I'm doing something quite similar to you, but with VMs instead of LXC
> > containers. I have one machine with nginx and a VM with the full kolab
> > install. All running on CentOS 6 though, not 7 and this is still kolab
> > 3.2. I have a difference between my config and yours:
> >
> >         location /chwala {
> >                 proxy_pass              http://<backend>/chwala;
> >                 proxy_set_header        X-Real-IP $remote_addr;  # this
> is
> > not really needed
> >                 proxy_set_header        X-Forwarded-For
> > $proxy_add_x_forwarded_for;
> >                 proxy_set_header        Host $host;
> >                 proxy_set_header        X-Forwarded-Proto $scheme;
> >         }
> >
> > The X-Forwarded-Proto header is something not present in your config.
> That
> > said I don't remember anymore if this is just a try which I forgot to
> > remove or if it is something actually useful. Since the protocol is
> > hardcoded in the config file anyway this should not make a difference.
> > Nevertheless it is correct to add it.
> >
> > Even with this Chwala doesn't work 100% behind a proxy for me. It lists
> > files and folders, I can upload and download them, but the preview is
> > broken. The preview generates some http:// URL for some odd reason I'm
> not
> > able to determine. Since I enable HSTS http:// traffic is not redirected
> > to HTTPS, the browser simply blocks it, as it should.
> >
> > If you want to debug this issue further I would also recommend to use the
> > firefox builtin network analyser, the web-console and, if this is not
> > enough, the firebug addon (providing more or less the same functions, but
> > in a different way). You can look for client side errors or http://
> URLs,
> > something not directly triggering errors
> >
> > Unrelated note: RC4 ciphers are considered insecure. I would recommend
> > ECDHE based ciphers instead with higher priority. You might still need
> RC4
> > support for some very old (and now likely deprecated) clients.
> >
> > Best regards.
> > Enrico
> >
> >
> > On 24 September 2014 11:59, Johannes Graumann <johannes_graumann at web.de>
> > wrote:
> >
> >> Hello,
> >>
> >> I have a setup in which a centos lxc-container runs kolab and another
> >> (debian -based) lxc container runs nginx, proxying (https-rewriting) all
> >> http(s) traffic. I have attached the (slightly obfuscated) corresponding
> >> nginx configuration below - 10.10.10.4 is the address of the
> >> kolab-running container.
> >>
> >> With this setup, I have access to roundcube, kolab-webadmin, ActiveSync
> >> and Chwala (via explicit */chwala) just fine (the other protocols
> haven't
> >> been tested).
> >>
> >> For the "Files" tab in roundcube the default config doesn't work as
> >> everything is being rewritten to https ...
> >> When I edit (on the kolab server)
> >> "/etc/roundcubemail/kolab_files.inc.php" to
> >> >  $config['kolab_files_url'] = 'https://' . $_SERVER['HTTP_HOST'] .
> >> '/chwala/';
> >> and run "service httpd restart", a roundcube instance that was
> >> open/logged in before that shows the expected folder structure in
> "Files"
> >> - saving to cloud still fails with "Saving 1 file(s) failed.".
> >>
> >> Upon logging out of roundcube and logging back in, the "Files" tab is
> >> empty once more, not delivering the existing folder tree and restarting
> >> httpd does
> >> not bring it back.
> >>
> >> This is plain weird. Where is there caching going on here and why? I am
> >> unable to find any meaningful logging information accompanying these
> >> events.
> >>
> >> Any idea what's going on, what to try, where to look?
> >>
> >> Thanks, Joh
> >>
> >> > server {
> >> >         listen   80;
> >> >         # Rewrite to ssl (https)
> >> >         server_name  mail.<MYDOMAIN>.org www.mail.<MYDOMAIN>.org
> >> kolab.<MYDOMAIN>.org www.kolab.<MYDOMAIN>.org mail.MY.HOSTER.net
> >> www.mail.MY.HOSTER.net;
> >> >         #rewrite ^ https://$server_name$request_uri? permanent;
> >> >         rewrite ^ https://mail.MY.HOSTER.net$request_uri? permanent;
> >> > }
> >> > server {
> >> >         listen   443;
> >> >         server_name  mail.<MYDOMAIN>.org www.mail.<MYDOMAIN>.org
> >> kolab.<MYDOMAIN>.org www.kolab.<MYDOMAIN>.org mail.MY.HOSTER.net
> >> www.mail.MY.HOSTER.net;
> >> >         client_max_body_size 40M;
> >> >         # SSL is using CACert credentials
> >> >         ssl  on;
> >> >         ssl_certificate  /etc/ssl/private/cacert.<MYDOMAIN>.org.pem;
> >> >         ssl_certificate_key
> >> /etc/ssl/private/cacert.<MYDOMAIN>.org_privatkey.pem;
> >> >         ssl_session_timeout  5m;
> >> >         ssl_protocols  SSLv3 TLSv1;
> >> >         ssl_ciphers
> >> ALL:!ADH:!EXPORT56:!LOW:RC4+RSA:+HIGH:+MEDIUM:+SSLv3:
> >> +EXP;
> >> >         ssl_prefer_server_ciphers   on;
> >> >         # Proxy the "kolab.<MYDOMAIN>.org" lxc container
> >> >         location / {
> >> >                 proxy_pass http://10.10.10.14/roundcubemail/;
> >> >  #              proxy_pass http://10.10.10.14;
> >> >                 proxy_set_header Host $host;
> >> >                 proxy_set_header X-Real-IP $remote_addr;
> >> >                 proxy_set_header X-Forwarded-For
> >> $proxy_add_x_forwarded_for;
> >> >         }
> >> >         location /kolab-webadmin/ {
> >> >                 proxy_pass http://10.10.10.14/kolab-webadmin/;
> >> >                 proxy_set_header Host $host;
> >> >                 proxy_set_header X-Real-IP $remote_addr;
> >> >                 proxy_set_header X-Forwarded-For
> >> $proxy_add_x_forwarded_for;
> >> >         }
> >> >         location /freebusy/ {
> >> >                 proxy_pass http://10.10.10.14/freebusy/;
> >> >                 proxy_set_header Host $host;
> >> >                 proxy_set_header X-Real-IP $remote_addr;
> >> >                 proxy_set_header X-Forwarded-For
> >> $proxy_add_x_forwarded_for;
> >> >         }
> >> >         location /chwala/ {
> >> >                 proxy_pass http://10.10.10.14/chwala/;
> >> >                 proxy_set_header Host $host;
> >> >                 proxy_set_header X-Real-IP $remote_addr;
> >> >                 proxy_set_header X-Forwarded-For
> >> $proxy_add_x_forwarded_for;
> >> >         }
> >> >         location /iRony/ {
> >> >                 proxy_pass http://10.10.10.14/iRony/;
> >> >                 proxy_set_header Host $host;
> >> >                 proxy_set_header X-Real-IP $remote_addr;
> >> >                 proxy_set_header X-Forwarded-For
> >> $proxy_add_x_forwarded_for;
> >> >         }
> >> >         location /Microsoft-Server-ActiveSync/ {
> >> >                 proxy_pass
> >> http://10.10.10.14/Microsoft-Server-ActiveSync/;
> >> >                 proxy_set_header Host $host;
> >> >                 proxy_set_header X-Real-IP $remote_addr;
> >> >                 proxy_set_header X-Forwarded-For
> >> $proxy_add_x_forwarded_for;
> >> >         }
> >> > }
> >> >
> >>
> >>
> >> _______________________________________________
> >> users mailing list
> >> users at lists.kolab.org
> >> https://lists.kolab.org/mailman/listinfo/users
> >>
>
>
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20140926/b91ac81c/attachment-0001.html>

More information about the users mailing list