HTTPS Access to /webmail & /sac

[etchesou]

Hello everyone,

I'm trying to get Scalix working over https, but it seems i've hit a wall now. It works just fine over normal http, but when i change the files in /etc/opt/scalix-tomcat/connector/ajp/instance-server.conf and /etc/opt/scalix-tomcat/connector/jk/instance-server.conf as described in the Wiki, i just get a 404 Error when i try to access the pages.

The rewriting itself seems to work just fine, i have to accept the certificate and everything, but then BAM, 404.

I'm running the latest Scalix on CentOS 5.

Anyone have some pointers what might be wrong?

Thanks!
Jan

[kcsc]

404 is content not found. make sure that you are correctly rewriting. If you post your two .conf files we can help you check it.

[etchesou]

the ajp one:

Code: Select all

#<VirtualHost pozzuoli.srv.comosoft.de:80>
#    Include /etc/opt/scalix-tomcat/connector/ajp/app-pozzuoli.*.conf
#</VirtualHost>

<VirtualHost *:80>
  Include /etc/opt/scalix-tomcat/connector/ajp/app-pozzuoli.*.conf
  <LocationMatch "^/sac/*">
    RewriteEngine on
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
  </LocationMatch>
  <LocationMatch "^/webmail/*">
    RewriteEngine on
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
  </LocationMatch>
</VirtualHost>

the jk one:

Code: Select all

#<VirtualHost pozzuoli.srv.comosoft.de:80>
#    Include /etc/opt/scalix-tomcat/connector/jk/app-pozzuoli.*.conf
#</VirtualHost>

<VirtualHost *:80>
  Include /etc/opt/scalix-tomcat/connector/jk/app-pozzuoli.*.conf
  <LocationMatch "^/sac/*">
    RewriteEngine on
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
  </LocationMatch>
  <LocationMatch "^/webmail/*">
    RewriteEngine on
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
  </LocationMatch>
</VirtualHost>

JkWorkerProperty worker.pozzuoli.type=ajp13
JkWorkerProperty worker.pozzuoli.host=pozzuoli.srv.comosoft.de
JkWorkerProperty worker.pozzuoli.port=8009
JkWorkerProperty worker.pozzuoli.lbfactor=50
JkWorkerProperty worker.pozzuoli.cachesize=10
JkWorkerProperty worker.pozzuoli.cache_timeout=600
JkWorkerProperty worker.pozzuoli.socket_keepalive=1
JkWorkerProperty worker.pozzuoli.recycle_timeout=300

ideas, anyone?

[delumax]

Have you enabled mod_ssl? Have you enabled the port 443 in the listen.conf?

[etchesou]

Have you enabled mod_ssl? Have you enabled the port 443 in the listen.conf?

yes. also i can reach the server via https and i get the certificate warning and so on.

[jangi]

The config you posted only enables automatic redirection from http to https... it doesn't actually configure https, which you should get working before trying redirection.

Something like:

Code: Select all

<VirtualHost mail.domain:443>
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLCertificateFile /etc/pki/tls/certs/mail.domain.com.crt
    SSLCertificateKeyFile /etc/pki/tls/private/mail.domain.com.key
    Include /etc/opt/scalix-tomcat/connector/ajp/app-mail.*.conf
</VirtualHost>


[etchesou]

Thanks jangi, i actually forgot to include the app-server.webmail.conf file...

now it's working just fine. thanks!

[fossibaer]

I'm trying to reach also. Can someone explain step by step on a new installation how to reach accessing the server by https.

I'm a webserver newbie, and by additing the /etc/opt/scalix-tomcat/connctor/ ... files i didn't reach.

Thanks a lot.

[acodring]

@fossibear - Have you already seen the info on this page? http://www.scalix.com/wiki/index.php?title=SSL#Use_secure_protocols

[fossibaer]

Yes, i found it yesterday. Tomorrow i will try it out.

[fossibaer]

I didn't reach. Thats what I tried on thursday evening.

I found another discription: http://www.scalix.com/wiki/index.php?title=Scalix_with_https

But this did't works with the CentOS 5.3 which I installed. Must I generate the certs or not?

Please excuse my English. I'm German.