Page 1 of 1
Can't access secure webmail anymore
Posted: Tue Mar 20, 2007 5:02 pm
by joaster
Hi,
Since my upgrade from scalix 10 to scalix 11 two weeks ago, I can't access secure webmail anymore.
I did the following tests:
Surf to
http://server.org/ => works
Surf to
https://server.org/ => works
Surf to
http://server.org/webmail => works
Surf to
https://server.org/webmail => DOES NOT WORK => Message: "The requested URL /webmail/ was not found on this server."
Also the automatic redirect from http to https as described in the security howto does not work anymore.
This probably has to do with the extensive apache/tomcat changes in scalix 11, but I can't figure it out. Who can help me fix these problems, they are among the last to go live with scalix 11.
Regards,
Joost.
Posted: Tue Mar 20, 2007 7:41 pm
by joaster
Addition to the previous post:
# tail -30 /var/log/httpd/ssl_request_log
[20/Mar/2007:23:38:32 +0100] 192.168.100.11 SSLv3 RC4-MD5 "GET /webmail/ HTTP/1.1" 180
[20/Mar/2007:23:38:53 +0100] 192.168.100.11 SSLv3 RC4-MD5 "GET /sac/ HTTP/1.1" 177
[20/Mar/2007:23:38:58 +0100] 192.168.100.11 SSLv3 RC4-MD5 "GET /m HTTP/1.1" 175
# tail -30 /var/log/httpd/ssl_error_log
[Tue Mar 20 23:47:56 2007] [error] [client 192.168.100.11] File does not exist: /var/www/html/webmail
[Tue Mar 20 23:38:53 2007] [error] [client 192.168.100.11] File does not exist: /var/www/html/sac
[Tue Mar 20 23:38:58 2007] [error] [client 192.168.100.11] File does not exist: /var/www/html/m
Shouldn't it reference a directory instead of a file (with trailing slash)?
Regards,
Joost.
Posted: Sat Mar 24, 2007 9:07 am
by joaster
Update to previous posts:
Today i remembered that last year i created a more complex installation with port sharing on port 443.
OpenVPN is sharing port 443 and redirects packages that are not for itself to port 442 where the secure webserver is listening. Mod-jk/tomcat is catching packets to port 443 but they never arrive there cause OpenVPN already send it to port 442 (which only handles the existing folders on the drive). Therefore I change the file /etc/opt/scalix-tomcat/connector/jk/instance-server-em1.conf to catch all packages on port 442 (now all virtual folders are handled as well).
One warning is issued that i didn't resolve yet (don't know were to look): Starting httpd: [Sat Mar 24 13:09:27 2007] [warn] _default_ VirtualHost overlap on port 442, the first has precedence.
However everything works correctly, so it seems.
Is there anyone out there who can tell me or give me a reference how tomcat integrates with apache/scalix exactly. I really like to know the internals about why this solution solved the problem.
Regards,
Joost.
Posted: Wed Mar 28, 2007 3:21 am
by ScalixSupport
Posted: Wed Mar 28, 2007 7:33 am
by joaster
Subir,
Yes I refered to that page (wrote it myself august last year). However in my more complex configuration it is not working anymore.
Happily https acces works for scalix, BUT the automatic redirect doesn't.
For that I need to have more inside information how apache, scalix and tomcat are calling eachother.
This remains an issue before going live, since users don't remember to type https:// instead of http:// (and they don't have to be bothered with those issues I think).
Regards,
Joost.