Difference between revisions of "Scalix with https"
From Scalix Wiki
Line 46: | Line 46: | ||
root@scalix:/var/myCA# /etc/init.d/httpd restart | root@scalix:/var/myCA# /etc/init.d/httpd restart | ||
− | root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf.old | + | Create a backup |
− | root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf.old | + | |
+ | root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf.old | ||
+ | root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf.old | ||
+ | |||
+ | Configure Scalix | ||
+ | |||
+ | root@scalix:~# vi /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf | ||
− | |||
#<VirtualHost scalix.ilba.cat:80> | #<VirtualHost scalix.ilba.cat:80> | ||
# Include /etc/opt/scalix-tomcat/connector/jk/app-scalix.*.conf | # Include /etc/opt/scalix-tomcat/connector/jk/app-scalix.*.conf | ||
Line 73: | Line 78: | ||
JkWorkerProperty worker.scalix.recycle_timeout=300 | JkWorkerProperty worker.scalix.recycle_timeout=300 | ||
− | root@scalix:~# vi /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf | + | root@scalix:~# vi /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf |
+ | |||
#<VirtualHost scalix.ilba.cat:80> | #<VirtualHost scalix.ilba.cat:80> | ||
# Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf | # Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf | ||
Line 89: | Line 95: | ||
</VirtualHost> | </VirtualHost> | ||
− | root@scalix:~# /etc/init.d/scalix-tomcat restart | + | root@scalix:~# /etc/init.d/scalix-tomcat restart |
− | root@scalix:~# /etc/init.d/httpd restart | + | root@scalix:~# /etc/init.d/httpd restart |
¿ Como hacer para que funcione https://xxx/webmail ? | ¿ Como hacer para que funcione https://xxx/webmail ? | ||
root@scalix:~# vi /etc/httpd/conf.d/ssl.conf | root@scalix:~# vi /etc/httpd/conf.d/ssl.conf | ||
− | # | + | |
+ | # at the end of the file | ||
Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf | Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf | ||
</VirtualHost> | </VirtualHost> |
Revision as of 11:57, 11 November 2007
Install openssl
root@scalix:~# yum install -y mod_ssl.i386 openssl.i386 openssl-devel.i386
Modify file of openssl
root@scalix:~# vi /etc/pki/tls/openssl.cnf
countryName_default = SP stateOrProvinceName_default = Barcelona localityName_default = Sabadell 0.organizationName_default = Ilba organizationalUnitName_default = Ilba
Change directory and create the certificate
root@scalix:~# cd /etc/pki/tls/misc/ root@scalix:/etc/pki/tls/misc# ./CA -newca root@scalix:/etc/pki/tls/misc# ./CA -newreq root@scalix:/etc/pki/tls/misc# ./CA -sign root@scalix:/etc/pki/tls/misc# mkdir /var/myCA root@scalix:/var/myCA# cp -a /etc/pki/CA/cacert.pem cacert.pem <- Clave pública (CA) root@scalix:/var/myCA# cp -a /etc/pki/CA/private/cakey.pem cakey.pem <- Clave privada (CA) root@scalix:/var/myCA# cp -a /etc/pki/tls/cert.pem cert.pem <- Certificado Servidor root@scalix:/var/myCA# cp -a /etc/pki/tls/misc/newcert.pem newcert.pem
Verify:
root@scalix:/var/myCA# cat cacert.pem -----BEGIN CERTIFICATE----- MIIC6zCCAlSgAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJTUDES -----END CERTIFICATE----- root@scalix:/var/myCA# cat cakey.pem -----BEGIN CERTIFICATE----- MIIC6zCCAlSgAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJTUDES -----END CERTIFICATE-----
root@scalix:/var/myCA# vi /etc/httpd/conf.d/ssl.conf SSLCertificateFile /var/myCA/cacert.pem SSLCertificateKeyFile /var/myCA/cakey.pem root@scalix:/var/myCA# cp cakey.pem cakey.bak root@scalix:/var/myCA# openssl rsa -in cakey.bak -out cakey.pem Enter pass phrase for cakey.bak: writing RSA key root@scalix:/var/myCA# /etc/init.d/httpd restart
Create a backup
root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf.old root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf.old
Configure Scalix
root@scalix:~# vi /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf
- <VirtualHost scalix.ilba.cat:80>
- Include /etc/opt/scalix-tomcat/connector/jk/app-scalix.*.conf
- </VirtualHost>
<VirtualHost *:443>
Include /etc/opt/scalix-tomcat/connector/jk/app-scalix.*.conf <LocationMatch "^/sac/*"> RewriteEngine on RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L] </LocationMatch> <LocationMatch "^/webmail/*"> RewriteEngine on RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L] </LocationMatch>
</VirtualHost> JkWorkerProperty worker.scalix.type=ajp13 JkWorkerProperty worker.scalix.host=scalix.ilba.cat JkWorkerProperty worker.scalix.port=8009 JkWorkerProperty worker.scalix.lbfactor=50 JkWorkerProperty worker.scalix.cachesize=10 JkWorkerProperty worker.scalix.cache_timeout=600 JkWorkerProperty worker.scalix.socket_keepalive=1 JkWorkerProperty worker.scalix.recycle_timeout=300
root@scalix:~# vi /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf
- <VirtualHost scalix.ilba.cat:80>
- Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf
- </VirtualHost>
<VirtualHost *:80>
Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf <LocationMatch "^/sac/*"> RewriteEngine on RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L] </LocationMatch> <LocationMatch "^/webmail/*"> RewriteEngine on RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L] </LocationMatch>
</VirtualHost>
root@scalix:~# /etc/init.d/scalix-tomcat restart root@scalix:~# /etc/init.d/httpd restart
¿ Como hacer para que funcione https://xxx/webmail ?
root@scalix:~# vi /etc/httpd/conf.d/ssl.conf
# at the end of the file
Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf </VirtualHost>