redirect http to https

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

neelendhar
Posts: 21
Joined: Thu Apr 12, 2007 3:23 am
Contact:

redirect http to https

Postby neelendhar » Thu May 03, 2007 5:52 am

hi all,
how to redirect http request of scalix pages to https.
i followed the steps given in setup guide but i did not get it.

ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Thu May 03, 2007 8:24 am

Hi!

Modify this file: /etc/opt/scalix-tomcat/connector/ajp/instance-*.conf

Replace these lines...

Code: Select all

<VirtualHost *:80>
    Include /etc/opt/scalix-tomcat/connector/ajp/app-XXX.*.conf
</VirtualHost>


with the following ones...

Code: Select all

<VirtualHost *:80>
    Include /etc/opt/scalix-tomcat/connector/ajp/app-<server-hostname>.*.conf
  <LocationMatch "^/sac/*">
    RewriteEngine on
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
  </LocationMatch>
  <LocationMatch "^/webmail/*">
    RewriteEngine on
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
  </LocationMatch>
</VirtualHost>


Restart services scalix-tomcat and apache. I am sure this would help.

Thanks,
Subir

neelendhar
Posts: 21
Joined: Thu Apr 12, 2007 3:23 am
Contact:

Postby neelendhar » Thu May 03, 2007 9:00 am

hi Subir

Code: Select all

http://www.scalix.com/wiki/index.php?title=HowTos/ScalixSecurity

in the above link its there to add those lines in ssl.conf
and according ot setup guide it there to shift the files instance*.conf to appache folder

now is it enough to change in instance*.conf with that lines given by you?

ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Thu May 03, 2007 9:09 am

Hi!

I tried this on my test server and just making the changes was enough.

Thanks,
Subir

neelendhar
Posts: 21
Joined: Thu Apr 12, 2007 3:23 am
Contact:

Postby neelendhar » Fri May 04, 2007 5:36 am

hi subir

i have done everythig what u mentioned here

1.changed instance-server.conf file in

Code: Select all

/etc/opt/scalix-tomcat/connector/ajp

2. service scalix-tomcat restart
3. service httpd restart

though i am unable to see certificate or link as https when iam opening the sac or webmail pages on server.

ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Fri May 04, 2007 6:51 am

Hi!

I have updated the link below:
http://www.scalix.com/wiki/index.php?ti ... _use_https

Check the steps mentioned there again, I am sure this should be helpful. Make sure mod_ssl
is installed on the server.

Thanks,
Subir

neelendhar
Posts: 21
Joined: Thu Apr 12, 2007 3:23 am
Contact:

Postby neelendhar » Fri May 04, 2007 7:22 am

thanks
subir

now i modified in both the directories ajp and jk

done...

obrodkin
Posts: 69
Joined: Mon Oct 16, 2006 9:22 pm
Location: Fremont CA

Postby obrodkin » Tue May 08, 2007 6:40 pm

quote

quote
Last edited by obrodkin on Thu Apr 03, 2008 6:33 pm, edited 1 time in total.

jeffs
Posts: 30
Joined: Thu Mar 08, 2007 5:37 pm
Location: Cincinnati, OH

Postby jeffs » Wed May 09, 2007 8:29 am

Two questions:

(1) Does https already work?

(2) Is Apache loading mod_rewrite at startup? Look for the APACHE_MODULES line in your config (for SLES 9 it's at /etc/sysconfig/apache2, yours may vary) and see if "rewrite" is included. That tripped me up until I added it and restarted Apache.

hth

Jeff

obrodkin
Posts: 69
Joined: Mon Oct 16, 2006 9:22 pm
Location: Fremont CA

Postby obrodkin » Wed May 09, 2007 2:57 pm

1) https does work

2) apache2 config file reads...

Code: Select all

#   block to the fully qualified domain name (see /etc/HOSTNAME).
#
# * if your server certificate is protected by a passphrase you should increase the
#   APACHE_START_TIMEOUT (see above)
#
# * modules listed here will be ignored if they are not installed
#
#
# EXAMPLES:
#
# fairly minimal
# APACHE_MODULES="authz_host alias auth dir log_config mime setenvif"
#
# apache's default installation
# APACHE_MODULES="authz_host actions alias asis auth autoindex cgi dir imap include log_config mime negotiatio\
n setenvif status userdir"
# your settings
# Added by Scalix installer: proxy proxy_ajp deflate
APACHE_MODULES="authz_host actions alias auth_basic authz_groupfile authn_file authz_user autoindex cgi dir in\
clude log_config mime negotiation setenvif status userdir asis imagemap ssl php5 authz_default proxy proxy_ajp\
 deflate"

... so it does not look like it loads rewrite module

jeffs
Posts: 30
Joined: Thu Mar 08, 2007 5:37 pm
Location: Cincinnati, OH

Postby jeffs » Wed May 09, 2007 3:16 pm

OK then - add "rewrite" somewhere in that block, maybe after "deflate", save file and restart Apache. What happens? If it can't find mod_rewrite it should let you know on the restart.

Jeff

obrodkin
Posts: 69
Joined: Mon Oct 16, 2006 9:22 pm
Location: Fremont CA

Postby obrodkin » Wed May 09, 2007 7:39 pm

thanks, adding "rewrite" module in /etc/sysconfig/apache2 (in SLES10) solved the problem with forwarding http to https.

Oleg B

ScalixSupport
Scalix
Scalix
Posts: 5503
Joined: Thu Mar 25, 2004 8:15 pm

Postby ScalixSupport » Fri May 11, 2007 3:55 am

Hi Oleg,

Thanks for the information, I have filed a bug for this:
http://bugzilla.scalix.com/show_bug.cgi?id=15352

Regards,
Subir

hkphooey
Posts: 70
Joined: Tue Aug 29, 2006 5:03 am

Postby hkphooey » Thu May 24, 2007 2:49 am

I've just set up a new server running 11.0.4 on Centos 5. I previously got this working on 10, 11.0, 11.0.1, 11.0.2, 11.0.3, but can't seem to crack it this time.

I've altered the instance file exactly as i did in 11.0.3
I've checked that https is working
I've restarted the apache and tomcat and indeed the whole server
I've looked in /etc/httpd/conf/httpd.conf and checked that mod_rewrite is loading. (also used httpd -M )
I've checked that the module is present in the modules directory.
I've added the v10 changes to httpd.conf file in case that was the problem.
I've checked that httpd is in fact using the correct file.

Stumped once again. Anything else I can try?

hkphooey
Posts: 70
Joined: Tue Aug 29, 2006 5:03 am

Postby hkphooey » Thu May 24, 2007 10:54 pm

OK, got this now. In my instance*.conf files the VirtualHost directive was using my domain name ie.
<VirtualHost mailserver.mydomain.com:80>

However I was accessing the server via the IP address (as the domain change hasn't propagated yet)

I changed this to the generic
<VirtualHost *:80>

and it all seems happy. Although I do get an error when I restart httpd
[warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Fri May 25 10:46:58 2007]
[warn] _default_ VirtualHost overlap on port 80, the first has precedence


Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 2 guests

cron