Reverse-proxy NGINX + Apache on Directadmin powered server with CB 2.x

Ok I'm using it now. :)

I want to redirect roundcube from http to https, I've tried to put redirects at several places,

e.g.

Code:
if ($server_port = 80) {
    return 301 https://$host$request_uri;
}

Inside roundcube's location at /etc/nginx/webapps.conf

But nothing I do seems to be working. Got any ideas?
 
If you're running it as a reverse proxy, you don't need to edit nginx configuration at all. Just edit /etc/httpd/conf/extra/httpd-alias.conf for it and /var/www/html/roundcube/.htaccess.
 
I was having the idea that https detection under apache isn't working, I used this from http://forum.directadmin.com/showthread.php?t=43500:

<location /roundcube>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</location>

But that kept redirecting forever; I also found a roundcube config setting: $config['force_https'] - That also keeps redirecting.

So I thought it should be done at nginx?
 
Please remove all of your customizations and try the following in /var/www/html/roundcube/.htaccess:
Code:
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} (.*/roundcube/.*)
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
 
May I know the contents of /etc/httpd/conf/extra/httpd-alias.conf ? It might be the cause...
 
Haven't touched it though:

Alias /config /var/www/html/redirect.php
Alias /roundcube /var/www/html/roundcube
Alias /phpMyAdmin /var/www/html/phpMyAdmin
Alias /phpmyadmin /var/www/html/phpMyAdmin
Alias /pma /var/www/html/phpMyAdmin
 
Would I be able to check that on the server? (free of charge) As I think something is misconfigured in nginx or apache configs.
 
But nothing I do seems to be working. Got any ideas?

I've got these on apache's side:

Code:
<Directory /var/www/html/>
    RewriteEngine  on
    RewriteBase     /
    RewriteCond     %{HTTPS} off
    RewriteCond     %{REQUEST_URI} ^/roundcube [OR]
    RewriteCond     %{REQUEST_URI} ^/webmail [OR]
    RewriteCond     %{REQUEST_URI} ^/afterlogic [OR]
    RewriteCond     %{REQUEST_URI} ^/atmail
    RewriteRule     (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>
 
Or even these:

Code:
<Directory /var/www/html>
    RewriteEngine on
    RewriteBase /
    RewriteOptions Inherit
    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} ^/roundcube/ [OR]
    RewriteCond %{REQUEST_URI} ^/roundcube$ [OR]
    RewriteCond %{REQUEST_URI} ^/atmail/ [OR]
    RewriteCond %{REQUEST_URI} ^/atmail$ [OR]
    RewriteCond %{REQUEST_URI} ^/webmail/ [OR]
    RewriteCond %{REQUEST_URI} ^/webmail$ [OR]
    RewriteCond %{REQUEST_URI} ^/afterlogic/ [OR]
    RewriteCond %{REQUEST_URI} ^/afterlogic$ [OR]
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</Directory>


Note RewriteOptions Inherit in this example, as roundcube has its own rewrite rules.
 
Thanks zEitEr, but in this case it was a bug with this specific combination of apache/nginx/webapps ssl. smtalk had fixed it and said the fix will be in pre release of DA soon.
 
It's fixed in latest version of DA pre-release binaries now :) That was just a small change, in SSL templates (used by nginx) webapps.conf include was changed to webapps.ssl.conf. Thank you for the report! I'd like to mention that the problem existed only for webapps, and only for redirections from HTTP to HTTPS.
 
nginx+apache with varnish cache?

hi!
how to use varnish cache for dynamic content with webserver nginx_apache?
 
Install Varnish by your favourite guide (or any from the official site)

1. Copy

/usr/local/directadmin/data/templates/nginx_server.conf
/usr/local/directadmin/data/templates/nginx_server_sub.conf

to

/usr/local/directadmin/data/templates/custom/nginx_server.conf
/usr/local/directadmin/data/templates/custom/nginx_server_sub.conf

2. Modify the files

/usr/local/directadmin/data/templates/custom/nginx_server.conf
/usr/local/directadmin/data/templates/custom/nginx_server_sub.conf

change line:

Code:
proxy_pass http://|IP|:|PORT_8080|;

to

Code:
proxy_pass http://|IP|:6081;

Change 6081 to any other value of TCP post where Varnish is accepting connections.

3. Rewrite nginx virtual hosts:

Code:
echo "action=rewrite&value=nginx" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq



P.S. As for now varnish does not support SSL, so it will cache only requests to plain HTTP.
 
Make sure you have your main server IP instead of 127.0.0.1 in /etc/nginx/webapps.conf and /etc/httpd/conf/extra/httpd-vhosts.conf. We've changed that to fix SSL problems for webmail and proxy. However, there should be no 127.0.0.1 there, if there are no customized files in /usr/local/directadmin/custombuild/custom/ (webapps.conf in nginx/conf and httpd-vhosts.conf in httpd/conf/extra).
 
[root@box10 custombuild]# more /etc/nginx/webapps.conf
location /squirrelmail {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/squirrelmail/ {
access_log off;
proxy_pass http://67.215.11.18:8080;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /squirrelmail/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/squirrelmail/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location /roundcube {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/roundcube/ {
access_log off;
proxy_pass http://67.215.11.18:8080;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /roundcube/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/roundcube/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location /phpMyAdmin {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/phpMyAdmin/ {
access_log off;
proxy_pass http://67.215.11.18:8080;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /phpMyAdmin/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/phpMyAdmin/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location /phpmyadmin {
rewrite ^/* /phpMyAdmin last;
}
location /pma {
rewrite ^/* /phpMyAdmin last;
}
location /webmail {
rewrite ^/* /roundcube last;
}
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
location ~ /(\.ht|\.user\.ini) {
deny all;
}

#############

[root@box10 custombuild]# more /etc/httpd/conf/extra/httpd-vhosts.conf
#
# Virtual Hosts
#
# Required modules: mod_log_config
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

##########################################################
# Use name-based virtual hosting. #
# All NameVirtualHost lines are in this file #
# Don't remove this line or apache will generate errors. #
##########################################################
Include /etc/httpd/conf/ips.conf

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost 67.215.11.18:8080>
ServerAdmin webmaster@localhost
UserDir public_html
DocumentRoot /var/www/html
ServerName localhost
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
CustomLog /var/log/httpd/homedir.log homedir

<IfModule !mod_ruid2.c>
SuexecUserGroup webapps webapps
</IfModule>
</VirtualHost>

<VirtualHost 67.215.11.18:8081>
ServerAdmin webmaster@localhost
UserDir public_html
DocumentRoot /var/www/html
ServerName localhost
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
CustomLog /var/log/httpd/homedir.log homedir

SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/server.ca

<IfModule !mod_ruid2.c>
SuexecUserGroup webapps webapps
</IfModule>
</VirtualHost>

###################

[root@box10 custombuild]# more /etc/httpd/conf/extra/httpd-alias.conf
Alias /config /var/www/html/redirect.php
Alias /squirrelmail /var/www/html/squirrelmail
Alias /roundcube /var/www/html/roundcube
Alias /webmail /var/www/html/roundcube
Alias /phpMyAdmin /var/www/html/phpMyAdmin
Alias /phpmyadmin /var/www/html/phpMyAdmin
Alias /pma /var/www/html/phpMyAdmin
[root@box10 custombuild]#


so ? :)
 
Please chek /var/log/nginx/domains/cpacendrillon.ca.error.log then. Nginx might not have enough of permissions to read the images in /var/www/html/roundcube. Probably "chmod +x /var/www/html"or "chmod +x /var/www" might help, but of course the error log could show us more details.
 
Back
Top