Page 1 of 2
Yes, a topic that seems to be repeated like bad beans here..
Posted: Mon Jan 15, 2007 11:44 am
by fthomas
Sorry,
But I need to re-bring up the setup of https for scalix. I've followed ALL the recommendations within the forum as well as in the manuals and the faq's and I CANNOT get https working properly. I must say that I am very impressed with everything about scalix, EXCEPT, the lack of clear cut instructions on setting up ssl for it. That surprises me too. I would think that ssl would be the default for using the web client and anything else a change from the default. Please, please, please, offer a procedure to properly setup https for the web client and I'm sure you will put some of us out of our misery. Also, how to completely disable the normal port 80 for the scalix software would be of help too. To offer my configuration, I am running centos 4 (rhel4) with the latest community software, version 11.
Thanks in advance,
Frank.
Posted: Mon Jan 15, 2007 12:59 pm
by dkelly
Have you read the FAQs that are posted at the top of each forum ? One in particular talks about the Apache set up.
Please come back if you have any more questions after you've read it.
Cheers
Dave
Posted: Mon Jan 15, 2007 2:24 pm
by fthomas
yes I did and it was of no help to me. I looked into the faq's and discovered it talked a lot about ver 10, but not 11. But I did try to use the faq's with no results.
Frank.
Posted: Mon Jan 15, 2007 2:30 pm
by dkelly
Do you mean
http://www.scalix.com/forums/viewtopic.php?t=5651 at the top of this forum ? That's the Scalix 11 FAQs. They don't talk about 10 other than to describe what changed.
In particular, you want ot look at
http://www.scalix.com/wiki/index.php?title=HowTos/ApacheConfiguration
Cheers
Dave
Posted: Mon Jan 15, 2007 2:54 pm
by fthomas
First off, thanks so far for the help. I don't call out for help, unless I've looked for as much as possible.
Ok, I did go to this fact, and used it to alter the two files (instance-mail.conf) under /etc/opt/scalix-tomcat/connector/ajp and .../jk to read the following:
<VirtualHost mail.thethomasproject.com:443>
Include /etc/opt/scalix-tomcat/connector/ajp/app-mail.*.conf
</VirtualHost>
And it doesn't work at all. I get a "page cannot be found" error in IE.
Help.
Frank.
Posted: Mon Jan 15, 2007 3:05 pm
by dkelly
Does the URL that you are using match up with the hostname in the VirtualHost entry ?
Cheers
Dave
Posted: Mon Jan 15, 2007 3:06 pm
by dkelly
Is it also the case that you removed the SSL settings from the :443 entry or that they were never there ?
Cheers
Dave
Posted: Mon Jan 15, 2007 4:23 pm
by fthomas
Yes to question number 1 and I have no idea what you mean in question number 2.
Cheers,
Frank.
Posted: Mon Jan 15, 2007 4:27 pm
by dkelly
For question 2, the VirtualHost entry should look something like this:
Code: Select all
<VirtualHost domain.com:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Include /etc/opt/scalix-tomcat/connector/ajp/app-instance.*.conf
</VirtualHost>Cheers
Dave
Posted: Mon Jan 15, 2007 4:37 pm
by fthomas
Hi Dave,
In what file is this supposed to be? My entries in the two files for scalix are as I posted them earlier...
All I did was change the :80 in each file to :443.
Thanks!
Posted: Mon Jan 15, 2007 5:15 pm
by fthomas
By the way, this is what I just tried in my two files: /etc/opt/scalix-tomcat/connector/ajp/instance-mail.confand /etc/opt/scalix-tomcat/connector/jk/instance-mail.conf.
<VirtualHost mail.domain.com:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
Include /etc/opt/scalix-tomcat/connector/ajp/app-instance.*.conf
</VirtualHost>
Still displays that page cannot be found. (404).
Frank.
Posted: Tue Jan 16, 2007 1:40 pm
by fthomas
Any ideas?
Thanks,
Frank.
Posted: Wed Jan 17, 2007 4:22 pm
by fthomas
Sorry to bug, but does anyone know how to fix this simple issue?
Thanks,
Frank.
Posted: Thu Jan 18, 2007 6:27 pm
by jryden
You need to first read up on how to configure an SSL virtual host with Apache. Changing :80 to :443 is not enough by a far stretch.
Posted: Fri Jan 19, 2007 1:26 am
by masterclyde
Try getting ssl working first with apache. This is done with your vhost.conf file in apache2. Once that works correctly, edit the vhost.conf and remove reference to 443 (I just removed the whole file). Finally edit the /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf with the configurations Dave mentioned earlier.
<VirtualHost domain.com:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Include /etc/opt/scalix-tomcat/connector/ajp/app-instance.*.conf
</VirtualHost>
Also make sure the include line is properly configured in /etc/apache2/conf.d/ -->
# ---------------------------------------------------------------------------
# mod_proxy_ajp connector configuration
# ---------------------------------------------------------------------------
<IfModule mod_proxy_ajp.c>
Include /etc/opt/scalix-tomcat/connector/ajp/instance-*.conf
</IfModule>