Hi,
Since my upgrade from scalix 10 to scalix 11 two weeks ago, I can't access secure webmail anymore.
I did the following tests:
Surf to http://server.org/ => works
Surf to https://server.org/ => works
Surf to http://server.org/webmail => works
Surf to https://server.org/webmail => DOES NOT WORK => Message: "The requested URL /webmail/ was not found on this server."
Also the automatic redirect from http to https as described in the security howto does not work anymore.
This probably has to do with the extensive apache/tomcat changes in scalix 11, but I can't figure it out. Who can help me fix these problems, they are among the last to go live with scalix 11.
Regards,
Joost.
Can't access secure webmail anymore
Moderators: ScalixSupport, admin
-
joaster
- Posts: 101
- Joined: Wed Aug 02, 2006 9:08 am
Addition to the previous post:
# tail -30 /var/log/httpd/ssl_request_log
# tail -30 /var/log/httpd/ssl_error_log
Shouldn't it reference a directory instead of a file (with trailing slash)?
Regards,
Joost.
# tail -30 /var/log/httpd/ssl_request_log
[20/Mar/2007:23:38:32 +0100] 192.168.100.11 SSLv3 RC4-MD5 "GET /webmail/ HTTP/1.1" 180
[20/Mar/2007:23:38:53 +0100] 192.168.100.11 SSLv3 RC4-MD5 "GET /sac/ HTTP/1.1" 177
[20/Mar/2007:23:38:58 +0100] 192.168.100.11 SSLv3 RC4-MD5 "GET /m HTTP/1.1" 175
# tail -30 /var/log/httpd/ssl_error_log
[Tue Mar 20 23:47:56 2007] [error] [client 192.168.100.11] File does not exist: /var/www/html/webmail
[Tue Mar 20 23:38:53 2007] [error] [client 192.168.100.11] File does not exist: /var/www/html/sac
[Tue Mar 20 23:38:58 2007] [error] [client 192.168.100.11] File does not exist: /var/www/html/m
Shouldn't it reference a directory instead of a file (with trailing slash)?
Regards,
Joost.
-
joaster
- Posts: 101
- Joined: Wed Aug 02, 2006 9:08 am
Update to previous posts:
Today i remembered that last year i created a more complex installation with port sharing on port 443.
OpenVPN is sharing port 443 and redirects packages that are not for itself to port 442 where the secure webserver is listening. Mod-jk/tomcat is catching packets to port 443 but they never arrive there cause OpenVPN already send it to port 442 (which only handles the existing folders on the drive). Therefore I change the file /etc/opt/scalix-tomcat/connector/jk/instance-server-em1.conf to catch all packages on port 442 (now all virtual folders are handled as well).
One warning is issued that i didn't resolve yet (don't know were to look): Starting httpd: [Sat Mar 24 13:09:27 2007] [warn] _default_ VirtualHost overlap on port 442, the first has precedence.
However everything works correctly, so it seems.
Is there anyone out there who can tell me or give me a reference how tomcat integrates with apache/scalix exactly. I really like to know the internals about why this solution solved the problem.
Regards,
Joost.
Today i remembered that last year i created a more complex installation with port sharing on port 443.
OpenVPN is sharing port 443 and redirects packages that are not for itself to port 442 where the secure webserver is listening. Mod-jk/tomcat is catching packets to port 443 but they never arrive there cause OpenVPN already send it to port 442 (which only handles the existing folders on the drive). Therefore I change the file /etc/opt/scalix-tomcat/connector/jk/instance-server-em1.conf to catch all packages on port 442 (now all virtual folders are handled as well).
One warning is issued that i didn't resolve yet (don't know were to look): Starting httpd: [Sat Mar 24 13:09:27 2007] [warn] _default_ VirtualHost overlap on port 442, the first has precedence.
However everything works correctly, so it seems.
Is there anyone out there who can tell me or give me a reference how tomcat integrates with apache/scalix exactly. I really like to know the internals about why this solution solved the problem.
Regards,
Joost.
-
ScalixSupport
- Scalix
- Posts: 5503
- Joined: Thu Mar 25, 2004 8:15 pm
Hi Joost!
Did you refer to the page http://www.scalix.com/wiki/index.php?ti ... _use_https
Thanks,
Subir
Did you refer to the page http://www.scalix.com/wiki/index.php?ti ... _use_https
Thanks,
Subir
-
joaster
- Posts: 101
- Joined: Wed Aug 02, 2006 9:08 am
Subir,
Yes I refered to that page (wrote it myself august last year). However in my more complex configuration it is not working anymore.
Happily https acces works for scalix, BUT the automatic redirect doesn't.
For that I need to have more inside information how apache, scalix and tomcat are calling eachother.
This remains an issue before going live, since users don't remember to type https:// instead of http:// (and they don't have to be bothered with those issues I think).
Regards,
Joost.
Yes I refered to that page (wrote it myself august last year). However in my more complex configuration it is not working anymore.
Happily https acces works for scalix, BUT the automatic redirect doesn't.
For that I need to have more inside information how apache, scalix and tomcat are calling eachother.
This remains an issue before going live, since users don't remember to type https:// instead of http:// (and they don't have to be bothered with those issues I think).
Regards,
Joost.
Who is online
Users browsing this forum: No registered users and 4 guests