Reverse-proxy NGINX + Apache on Directadmin powered server with CB 2.x
- Thread starter zEitEr
- Start date
Arieh
Verified User
Ok I'm using it now. 
I want to redirect roundcube from http to https, I've tried to put redirects at several places,
e.g.
Inside roundcube's location at /etc/nginx/webapps.conf
But nothing I do seems to be working. Got any ideas?
I want to redirect roundcube from http to https, I've tried to put redirects at several places,
e.g.
Code:
if ($server_port = 80) {
return 301 https://$host$request_uri;
}Inside roundcube's location at /etc/nginx/webapps.conf
But nothing I do seems to be working. Got any ideas?
Arieh
Verified User
I was having the idea that https detection under apache isn't working, I used this from http://forum.directadmin.com/showthread.php?t=43500:
But that kept redirecting forever; I also found a roundcube config setting: $config['force_https'] - That also keeps redirecting.
So I thought it should be done at nginx?
But that kept redirecting forever; I also found a roundcube config setting: $config['force_https'] - That also keeps redirecting.
So I thought it should be done at nginx?
Please remove all of your customizations and try the following in /var/www/html/roundcube/.htaccess:
Code:
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} (.*/roundcube/.*)
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]Arieh
Verified User
That's also causing a endless redirect.
Arieh
Verified User
Haven't touched it though:
zEitEr
Super Moderator
I've got these on apache's side:
Code:
<Directory /var/www/html/>
RewriteEngine on
RewriteBase /
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/roundcube [OR]
RewriteCond %{REQUEST_URI} ^/webmail [OR]
RewriteCond %{REQUEST_URI} ^/afterlogic [OR]
RewriteCond %{REQUEST_URI} ^/atmail
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>zEitEr
Super Moderator
Or even these:
Note RewriteOptions Inherit in this example, as roundcube has its own rewrite rules.
Code:
<Directory /var/www/html>
RewriteEngine on
RewriteBase /
RewriteOptions Inherit
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/roundcube/ [OR]
RewriteCond %{REQUEST_URI} ^/roundcube$ [OR]
RewriteCond %{REQUEST_URI} ^/atmail/ [OR]
RewriteCond %{REQUEST_URI} ^/atmail$ [OR]
RewriteCond %{REQUEST_URI} ^/webmail/ [OR]
RewriteCond %{REQUEST_URI} ^/webmail$ [OR]
RewriteCond %{REQUEST_URI} ^/afterlogic/ [OR]
RewriteCond %{REQUEST_URI} ^/afterlogic$ [OR]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</Directory>Note RewriteOptions Inherit in this example, as roundcube has its own rewrite rules.
Arieh
Verified User
Thanks zEitEr, but in this case it was a bug with this specific combination of apache/nginx/webapps ssl. smtalk had fixed it and said the fix will be in pre release of DA soon.
It's fixed in latest version of DA pre-release binaries now That was just a small change, in SSL templates (used by nginx) webapps.conf include was changed to webapps.ssl.conf. Thank you for the report! I'd like to mention that the problem existed only for webapps, and only for redirections from HTTP to HTTPS.
That was just a small change, in SSL templates (used by nginx) webapps.conf include was changed to webapps.ssl.conf. Thank you for the report! I'd like to mention that the problem existed only for webapps, and only for redirections from HTTP to HTTPS.
zEitEr
Super Moderator
Install Varnish by your favourite guide (or any from the official site)
1. Copy
/usr/local/directadmin/data/templates/nginx_server.conf
/usr/local/directadmin/data/templates/nginx_server_sub.conf
to
/usr/local/directadmin/data/templates/custom/nginx_server.conf
/usr/local/directadmin/data/templates/custom/nginx_server_sub.conf
2. Modify the files
/usr/local/directadmin/data/templates/custom/nginx_server.conf
/usr/local/directadmin/data/templates/custom/nginx_server_sub.conf
change line:
to
Change 6081 to any other value of TCP post where Varnish is accepting connections.
3. Rewrite nginx virtual hosts:
P.S. As for now varnish does not support SSL, so it will cache only requests to plain HTTP.
1. Copy
/usr/local/directadmin/data/templates/nginx_server.conf
/usr/local/directadmin/data/templates/nginx_server_sub.conf
to
/usr/local/directadmin/data/templates/custom/nginx_server.conf
/usr/local/directadmin/data/templates/custom/nginx_server_sub.conf
2. Modify the files
/usr/local/directadmin/data/templates/custom/nginx_server.conf
/usr/local/directadmin/data/templates/custom/nginx_server_sub.conf
change line:
Code:
proxy_pass http://|IP|:|PORT_8080|;to
Code:
proxy_pass http://|IP|:6081;Change 6081 to any other value of TCP post where Varnish is accepting connections.
3. Rewrite nginx virtual hosts:
Code:
echo "action=rewrite&value=nginx" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskqP.S. As for now varnish does not support SSL, so it will cache only requests to plain HTTP.
duke28
Verified User
ok
now all is fine with nginx_apache
but i have problem with roundcube and squirrelmail
one test : http://cpacendrillon.ca/roundcube/
so how to fix it ??
now all is fine with nginx_apache
but i have problem with roundcube and squirrelmail
one test : http://cpacendrillon.ca/roundcube/
so how to fix it ??
Make sure you have your main server IP instead of 127.0.0.1 in /etc/nginx/webapps.conf and /etc/httpd/conf/extra/httpd-vhosts.conf. We've changed that to fix SSL problems for webmail and proxy. However, there should be no 127.0.0.1 there, if there are no customized files in /usr/local/directadmin/custombuild/custom/ (webapps.conf in nginx/conf and httpd-vhosts.conf in httpd/conf/extra).
duke28
Verified User
[root@box10 custombuild]# more /etc/nginx/webapps.conf
location /squirrelmail {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/squirrelmail/ {
access_log off;
proxy_pass http://67.215.11.18:8080;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /squirrelmail/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/squirrelmail/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location /roundcube {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/roundcube/ {
access_log off;
proxy_pass http://67.215.11.18:8080;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /roundcube/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/roundcube/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location /phpMyAdmin {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/phpMyAdmin/ {
access_log off;
proxy_pass http://67.215.11.18:8080;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /phpMyAdmin/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/phpMyAdmin/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location /phpmyadmin {
rewrite ^/* /phpMyAdmin last;
}
location /pma {
rewrite ^/* /phpMyAdmin last;
}
location /webmail {
rewrite ^/* /roundcube last;
}
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
location ~ /(\.ht|\.user\.ini) {
deny all;
}
#############
[root@box10 custombuild]# more /etc/httpd/conf/extra/httpd-vhosts.conf
#
# Virtual Hosts
#
# Required modules: mod_log_config
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
##########################################################
# Use name-based virtual hosting. #
# All NameVirtualHost lines are in this file #
# Don't remove this line or apache will generate errors. #
##########################################################
Include /etc/httpd/conf/ips.conf
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost 67.215.11.18:8080>
ServerAdmin webmaster@localhost
UserDir public_html
DocumentRoot /var/www/html
ServerName localhost
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
CustomLog /var/log/httpd/homedir.log homedir
<IfModule !mod_ruid2.c>
SuexecUserGroup webapps webapps
</IfModule>
</VirtualHost>
<VirtualHost 67.215.11.18:8081>
ServerAdmin webmaster@localhost
UserDir public_html
DocumentRoot /var/www/html
ServerName localhost
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
CustomLog /var/log/httpd/homedir.log homedir
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/server.ca
<IfModule !mod_ruid2.c>
SuexecUserGroup webapps webapps
</IfModule>
</VirtualHost>
###################
[root@box10 custombuild]# more /etc/httpd/conf/extra/httpd-alias.conf
Alias /config /var/www/html/redirect.php
Alias /squirrelmail /var/www/html/squirrelmail
Alias /roundcube /var/www/html/roundcube
Alias /webmail /var/www/html/roundcube
Alias /phpMyAdmin /var/www/html/phpMyAdmin
Alias /phpmyadmin /var/www/html/phpMyAdmin
Alias /pma /var/www/html/phpMyAdmin
[root@box10 custombuild]#
so ?
location /squirrelmail {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/squirrelmail/ {
access_log off;
proxy_pass http://67.215.11.18:8080;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /squirrelmail/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/squirrelmail/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location /roundcube {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/roundcube/ {
access_log off;
proxy_pass http://67.215.11.18:8080;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /roundcube/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/roundcube/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location /phpMyAdmin {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/phpMyAdmin/ {
access_log off;
proxy_pass http://67.215.11.18:8080;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /phpMyAdmin/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/phpMyAdmin/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location /phpmyadmin {
rewrite ^/* /phpMyAdmin last;
}
location /pma {
rewrite ^/* /phpMyAdmin last;
}
location /webmail {
rewrite ^/* /roundcube last;
}
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
location ~ /(\.ht|\.user\.ini) {
deny all;
}
#############
[root@box10 custombuild]# more /etc/httpd/conf/extra/httpd-vhosts.conf
#
# Virtual Hosts
#
# Required modules: mod_log_config
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
##########################################################
# Use name-based virtual hosting. #
# All NameVirtualHost lines are in this file #
# Don't remove this line or apache will generate errors. #
##########################################################
Include /etc/httpd/conf/ips.conf
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost 67.215.11.18:8080>
ServerAdmin webmaster@localhost
UserDir public_html
DocumentRoot /var/www/html
ServerName localhost
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
CustomLog /var/log/httpd/homedir.log homedir
<IfModule !mod_ruid2.c>
SuexecUserGroup webapps webapps
</IfModule>
</VirtualHost>
<VirtualHost 67.215.11.18:8081>
ServerAdmin webmaster@localhost
UserDir public_html
DocumentRoot /var/www/html
ServerName localhost
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
CustomLog /var/log/httpd/homedir.log homedir
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/server.ca
<IfModule !mod_ruid2.c>
SuexecUserGroup webapps webapps
</IfModule>
</VirtualHost>
###################
[root@box10 custombuild]# more /etc/httpd/conf/extra/httpd-alias.conf
Alias /config /var/www/html/redirect.php
Alias /squirrelmail /var/www/html/squirrelmail
Alias /roundcube /var/www/html/roundcube
Alias /webmail /var/www/html/roundcube
Alias /phpMyAdmin /var/www/html/phpMyAdmin
Alias /phpmyadmin /var/www/html/phpMyAdmin
Alias /pma /var/www/html/phpMyAdmin
[root@box10 custombuild]#
so ?
Please chek /var/log/nginx/domains/cpacendrillon.ca.error.log then. Nginx might not have enough of permissions to read the images in /var/www/html/roundcube. Probably "chmod +x /var/www/html"or "chmod +x /var/www" might help, but of course the error log could show us more details.
duke28
Verified User
no error into logs about it
and i did "
chmod +x /var/www/html
chmod +x /var/www
without success
and i did "
chmod +x /var/www/html
chmod +x /var/www
without success