Difference between revisions of "Scalix with https"

From Scalix Wiki
Jump to: navigation, search
 
(3 intermediate revisions by one other user not shown)
Line 1: Line 1:
 +
This howto is for Fedora Core. Works with RHEL 5 with Scalix 11.3
 +
Replace <server name> with your servers real name.
 +
 
Install openssl
 
Install openssl
  
Line 35: Line 38:
 
         MIIC6zCCAlSgAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJTUDES
 
         MIIC6zCCAlSgAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJTUDES
 
         -----END CERTIFICATE-----
 
         -----END CERTIFICATE-----
 +
 +
Modify the path of apache to accept SSL
  
 
  root@scalix:/var/myCA# vi /etc/httpd/conf.d/ssl.conf
 
  root@scalix:/var/myCA# vi /etc/httpd/conf.d/ssl.conf
Line 41: Line 46:
 
   
 
   
 
  root@scalix:/var/myCA# cp cakey.pem cakey.bak
 
  root@scalix:/var/myCA# cp cakey.pem cakey.bak
 +
 +
No password when restart apache
 +
 
  root@scalix:/var/myCA# openssl rsa -in cakey.bak -out cakey.pem
 
  root@scalix:/var/myCA# openssl rsa -in cakey.bak -out cakey.pem
 
  Enter pass phrase for cakey.bak:
 
  Enter pass phrase for cakey.bak:
 
  writing RSA key
 
  writing RSA key
 +
 
  root@scalix:/var/myCA# /etc/init.d/httpd restart
 
  root@scalix:/var/myCA# /etc/init.d/httpd restart
  
 
Create a backup
 
Create a backup
  
  root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf.old
+
  root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/jk/instance-<server name>.conf /etc/opt/scalix-tomcat/connector/jk/instance-<server name>.conf.old
  root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf.old
+
  root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/ajp/instance-<server name>.conf /etc/opt/scalix-tomcat/connector/ajp/instance-<server name>.conf.old
  
Configure Scalix
+
Configure Scalix to accept HTTPS
  
  root@scalix:~# vi /etc/opt/scalix-tomcat/connector/jk/instance-scalix.conf
+
  root@scalix:~# vi /etc/opt/scalix-tomcat/connector/jk/instance-<server name>.conf
  
#<VirtualHost scalix.ilba.cat:80>
+
#<VirtualHost scalix.ilba.cat:80>
#    Include /etc/opt/scalix-tomcat/connector/jk/app-scalix.*.conf
+
#    Include /etc/opt/scalix-tomcat/connector/jk/app-<server name>.*.conf
#</VirtualHost>
+
#</VirtualHost>
<VirtualHost *:443>
+
<VirtualHost *:443>
  Include /etc/opt/scalix-tomcat/connector/jk/app-scalix.*.conf
+
Include /etc/opt/scalix-tomcat/connector/jk/app-<server name>.*.conf
  <LocationMatch "^/sac/*">
+
<LocationMatch "^/sac/*">
    RewriteEngine on
+
RewriteEngine on
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
+
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
  </LocationMatch>
+
</LocationMatch>
  <LocationMatch "^/webmail/*">
+
<LocationMatch "^/webmail/*">
    RewriteEngine on
+
RewriteEngine on
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
+
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
  </LocationMatch>
+
</LocationMatch>
</VirtualHost>
+
</VirtualHost>
JkWorkerProperty worker.scalix.type=ajp13
+
JkWorkerProperty worker.scalix.type=ajp13
JkWorkerProperty worker.scalix.host=scalix.ilba.cat
+
JkWorkerProperty worker.scalix.host=scalix.ilba.cat
JkWorkerProperty worker.scalix.port=8009
+
JkWorkerProperty worker.scalix.port=8009
JkWorkerProperty worker.scalix.lbfactor=50
+
JkWorkerProperty worker.scalix.lbfactor=50
JkWorkerProperty worker.scalix.cachesize=10
+
JkWorkerProperty worker.scalix.cachesize=10
JkWorkerProperty worker.scalix.cache_timeout=600
+
JkWorkerProperty worker.scalix.cache_timeout=600
JkWorkerProperty worker.scalix.socket_keepalive=1
+
JkWorkerProperty worker.scalix.socket_keepalive=1
JkWorkerProperty worker.scalix.recycle_timeout=300
+
JkWorkerProperty worker.scalix.recycle_timeout=300
  
  root@scalix:~# vi /etc/opt/scalix-tomcat/connector/ajp/instance-scalix.conf
+
  root@scalix:~# vi /etc/opt/scalix-tomcat/connector/ajp/instance-<server name>.conf
  
#<VirtualHost scalix.ilba.cat:80>
+
#<VirtualHost scalix.ilba.cat:80>
#    Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf
+
#    Include /etc/opt/scalix-tomcat/connector/ajp/app-<server name>.*.conf
#</VirtualHost>
+
#</VirtualHost>
<VirtualHost *:80>
+
<VirtualHost *:80>
  Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf
+
Include /etc/opt/scalix-tomcat/connector/ajp/app-<server name>.*.conf
  <LocationMatch "^/sac/*">
+
<LocationMatch "^/sac/*">
    RewriteEngine on
+
RewriteEngine on
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
+
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
  </LocationMatch>
+
</LocationMatch>
  <LocationMatch "^/webmail/*">
+
<LocationMatch "^/webmail/*">
    RewriteEngine on
+
RewriteEngine on
    RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
+
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
  </LocationMatch>
+
</LocationMatch>
</VirtualHost>
+
</VirtualHost>
  
root@scalix:~# /etc/init.d/scalix-tomcat restart
+
Configure apache for HTTPS
root@scalix:~# /etc/init.d/httpd restart
+
  
¿ Como hacer para que funcione https://xxx/webmail  ?
+
root@scalix:~# vi /etc/httpd/conf.d/ssl.conf
  
root@scalix:~# vi /etc/httpd/conf.d/ssl.conf
+
# at the end of the file
 +
Include /etc/opt/scalix-tomcat/connector/ajp/app-<server name>.*.conf
 +
</VirtualHost>
  
        # at the end of the file
+
root@scalix:~# /etc/init.d/scalix-tomcat restart
 
+
root@scalix:~# /etc/init.d/httpd restart
        Include /etc/opt/scalix-tomcat/connector/ajp/app-scalix.*.conf
+
        </VirtualHost>
+

Latest revision as of 19:49, 14 December 2007

This howto is for Fedora Core. Works with RHEL 5 with Scalix 11.3 Replace <server name> with your servers real name.

Install openssl 

root@scalix:~# yum install -y mod_ssl.i386 openssl.i386 openssl-devel.i386

Modify file of openssl 

root@scalix:~# vi /etc/pki/tls/openssl.cnf

       countryName_default             = SP
       stateOrProvinceName_default     = Barcelona
       localityName_default            = Sabadell
       0.organizationName_default      = Ilba
       organizationalUnitName_default  = Ilba

Change directory and create the certificate 

root@scalix:~# cd /etc/pki/tls/misc/
root@scalix:/etc/pki/tls/misc# ./CA -newca
root@scalix:/etc/pki/tls/misc# ./CA -newreq
root@scalix:/etc/pki/tls/misc# ./CA -sign
root@scalix:/etc/pki/tls/misc# mkdir /var/myCA
root@scalix:/var/myCA# cp -a /etc/pki/CA/cacert.pem cacert.pem          <- Clave pública (CA)
root@scalix:/var/myCA# cp -a /etc/pki/CA/private/cakey.pem cakey.pem    <- Clave privada (CA)
root@scalix:/var/myCA# cp -a /etc/pki/tls/cert.pem cert.pem             <- Certificado Servidor
root@scalix:/var/myCA# cp -a /etc/pki/tls/misc/newcert.pem newcert.pem

Verify: 

root@scalix:/var/myCA# cat cacert.pem
       -----BEGIN CERTIFICATE-----
       MIIC6zCCAlSgAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJTUDES
       -----END CERTIFICATE-----
root@scalix:/var/myCA# cat cakey.pem
       -----BEGIN CERTIFICATE-----
       MIIC6zCCAlSgAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJTUDES
       -----END CERTIFICATE-----

Modify the path of apache to accept SSL 

root@scalix:/var/myCA# vi /etc/httpd/conf.d/ssl.conf
       SSLCertificateFile /var/myCA/cacert.pem
       SSLCertificateKeyFile /var/myCA/cakey.pem

root@scalix:/var/myCA# cp cakey.pem cakey.bak

No password when restart apache 

root@scalix:/var/myCA# openssl rsa -in cakey.bak -out cakey.pem
Enter pass phrase for cakey.bak:
writing RSA key

root@scalix:/var/myCA# /etc/init.d/httpd restart

Create a backup 

root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/jk/instance-<server name>.conf /etc/opt/scalix-tomcat/connector/jk/instance-<server name>.conf.old
root@scalix:~# cp -a /etc/opt/scalix-tomcat/connector/ajp/instance-<server name>.conf /etc/opt/scalix-tomcat/connector/ajp/instance-<server name>.conf.old

Configure Scalix to accept HTTPS 

root@scalix:~# vi /etc/opt/scalix-tomcat/connector/jk/instance-<server name>.conf

#<VirtualHost scalix.ilba.cat:80>
#    Include /etc/opt/scalix-tomcat/connector/jk/app-<server name>.*.conf
#</VirtualHost>
<VirtualHost *:443>
Include /etc/opt/scalix-tomcat/connector/jk/app-<server name>.*.conf
<LocationMatch "^/sac/*">
RewriteEngine on
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</LocationMatch>
<LocationMatch "^/webmail/*">
RewriteEngine on
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</LocationMatch>
</VirtualHost>
JkWorkerProperty worker.scalix.type=ajp13
JkWorkerProperty worker.scalix.host=scalix.ilba.cat
JkWorkerProperty worker.scalix.port=8009
JkWorkerProperty worker.scalix.lbfactor=50
JkWorkerProperty worker.scalix.cachesize=10
JkWorkerProperty worker.scalix.cache_timeout=600
JkWorkerProperty worker.scalix.socket_keepalive=1
JkWorkerProperty worker.scalix.recycle_timeout=300

root@scalix:~# vi /etc/opt/scalix-tomcat/connector/ajp/instance-<server name>.conf

#<VirtualHost scalix.ilba.cat:80>
#    Include /etc/opt/scalix-tomcat/connector/ajp/app-<server name>.*.conf
#</VirtualHost>
<VirtualHost *:80>
Include /etc/opt/scalix-tomcat/connector/ajp/app-<server name>.*.conf
<LocationMatch "^/sac/*">
RewriteEngine on
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</LocationMatch>
<LocationMatch "^/webmail/*">
RewriteEngine on
RewriteRule ^(.*) https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</LocationMatch>
</VirtualHost>

Configure apache for HTTPS 

root@scalix:~# vi /etc/httpd/conf.d/ssl.conf

# at the end of the file
Include /etc/opt/scalix-tomcat/connector/ajp/app-<server name>.*.conf
</VirtualHost>

root@scalix:~# /etc/init.d/scalix-tomcat restart
root@scalix:~# /etc/init.d/httpd restart
Retrieved from "https://www.scalix.com/wiki/index.php?title=Scalix_with_https&oldid=3714"