Page 1 of 2
redirect http to https
Posted: Thu May 03, 2007 5:52 am
by neelendhar
hi all,
how to redirect http request of scalix pages to https.
i followed the steps given in setup guide but i did not get it.
Posted: Thu May 03, 2007 8:24 am
by ScalixSupport
Hi!
Modify this file: /etc/opt/scalix-tomcat/connector/ajp/instance-*.conf
Replace these lines...
Code: Select all
<VirtualHost *:80>
Include /etc/opt/scalix-tomcat/connector/ajp/app-XXX.*.conf
</VirtualHost>with the following ones...
Code: Select all
<VirtualHost *:80>
Include /etc/opt/scalix-tomcat/connector/ajp/app-<server-hostname>.*.conf
<LocationMatch "^/sac/*">
RewriteEngine on
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</LocationMatch>
<LocationMatch "^/webmail/*">
RewriteEngine on
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</LocationMatch>
</VirtualHost>
Restart services scalix-tomcat and apache. I am sure this would help.
Thanks,
Subir
Posted: Thu May 03, 2007 9:00 am
by neelendhar
hi Subir
Code: Select all
http://www.scalix.com/wiki/index.php?title=HowTos/ScalixSecurityin the above link its there to add those lines in ssl.conf
and according ot setup guide it there to shift the files instance*.conf to appache folder
now is it enough to change in instance*.conf with that lines given by you?
Posted: Thu May 03, 2007 9:09 am
by ScalixSupport
Hi!
I tried this on my test server and just making the changes was enough.
Thanks,
Subir
Posted: Fri May 04, 2007 5:36 am
by neelendhar
hi subir
i have done everythig what u mentioned here
1.changed instance-server.conf file in
Code: Select all
/etc/opt/scalix-tomcat/connector/ajp2. service scalix-tomcat restart
3. service httpd restart
though i am unable to see certificate or link as https when iam opening the sac or webmail pages on server.
Posted: Fri May 04, 2007 6:51 am
by ScalixSupport
Hi!
I have updated the link below:
http://www.scalix.com/wiki/index.php?ti ... _use_https
Check the steps mentioned there again, I am sure this should be helpful. Make sure mod_ssl
is installed on the server.
Thanks,
Subir
Posted: Fri May 04, 2007 7:22 am
by neelendhar
thanks
subir
now i modified in both the directories ajp and jk
done...
Posted: Tue May 08, 2007 6:40 pm
by obrodkin
quote
quote
Posted: Wed May 09, 2007 8:29 am
by jeffs
Two questions:
(1) Does https already work?
(2) Is Apache loading mod_rewrite at startup? Look for the APACHE_MODULES line in your config (for SLES 9 it's at /etc/sysconfig/apache2, yours may vary) and see if "rewrite" is included. That tripped me up until I added it and restarted Apache.
hth
Jeff
Posted: Wed May 09, 2007 2:57 pm
by obrodkin
1) https does work
2) apache2 config file reads...
Code: Select all
# block to the fully qualified domain name (see /etc/HOSTNAME).
#
# * if your server certificate is protected by a passphrase you should increase the
# APACHE_START_TIMEOUT (see above)
#
# * modules listed here will be ignored if they are not installed
#
#
# EXAMPLES:
#
# fairly minimal
# APACHE_MODULES="authz_host alias auth dir log_config mime setenvif"
#
# apache's default installation
# APACHE_MODULES="authz_host actions alias asis auth autoindex cgi dir imap include log_config mime negotiatio\
n setenvif status userdir"
# your settings
# Added by Scalix installer: proxy proxy_ajp deflate
APACHE_MODULES="authz_host actions alias auth_basic authz_groupfile authn_file authz_user autoindex cgi dir in\
clude log_config mime negotiation setenvif status userdir asis imagemap ssl php5 authz_default proxy proxy_ajp\
deflate"
... so it does not look like it loads rewrite module
Posted: Wed May 09, 2007 3:16 pm
by jeffs
OK then - add "rewrite" somewhere in that block, maybe after "deflate", save file and restart Apache. What happens? If it can't find mod_rewrite it should let you know on the restart.
Jeff
Posted: Wed May 09, 2007 7:39 pm
by obrodkin
thanks, adding "rewrite" module in /etc/sysconfig/apache2 (in SLES10) solved the problem with forwarding http to https.
Oleg B
Posted: Fri May 11, 2007 3:55 am
by ScalixSupport
Hi Oleg,
Thanks for the information, I have filed a bug for this:
http://bugzilla.scalix.com/show_bug.cgi?id=15352
Regards,
Subir
Posted: Thu May 24, 2007 2:49 am
by hkphooey
I've just set up a new server running 11.0.4 on Centos 5. I previously got this working on 10, 11.0, 11.0.1, 11.0.2, 11.0.3, but can't seem to crack it this time.
I've altered the instance file exactly as i did in 11.0.3
I've checked that https is working
I've restarted the apache and tomcat and indeed the whole server
I've looked in /etc/httpd/conf/httpd.conf and checked that mod_rewrite is loading. (also used httpd -M )
I've checked that the module is present in the modules directory.
I've added the v10 changes to httpd.conf file in case that was the problem.
I've checked that httpd is in fact using the correct file.
Stumped once again. Anything else I can try?
Posted: Thu May 24, 2007 10:54 pm
by hkphooey
OK, got this now. In my instance*.conf files the VirtualHost directive was using my domain name ie.
<VirtualHost mailserver.mydomain.com:80>
However I was accessing the server via the IP address (as the domain change hasn't propagated yet)
I changed this to the generic
<VirtualHost *:80>
and it all seems happy. Although I do get an error when I restart httpd
[warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Fri May 25 10:46:58 2007]
[warn] _default_ VirtualHost overlap on port 80, the first has precedence