Reverse-proxy NGINX + Apache on Directadmin powered server with CB 2.x

Arieh

Verified User
Joined
May 27, 2008
Messages
1,200
Location
The Netherlands
Ok I'm using it now. :)

I want to redirect roundcube from http to https, I've tried to put redirects at several places,

e.g.

Code:
if ($server_port = 80) {
    return 301 https://$host$request_uri;
}
Inside roundcube's location at /etc/nginx/webapps.conf

But nothing I do seems to be working. Got any ideas?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,328
Location
LT, EU
If you're running it as a reverse proxy, you don't need to edit nginx configuration at all. Just edit /etc/httpd/conf/extra/httpd-alias.conf for it and /var/www/html/roundcube/.htaccess.
 

Arieh

Verified User
Joined
May 27, 2008
Messages
1,200
Location
The Netherlands
I was having the idea that https detection under apache isn't working, I used this from http://forum.directadmin.com/showthread.php?t=43500:

<location /roundcube>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</location>
But that kept redirecting forever; I also found a roundcube config setting: $config['force_https'] - That also keeps redirecting.

So I thought it should be done at nginx?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,328
Location
LT, EU
Please remove all of your customizations and try the following in /var/www/html/roundcube/.htaccess:
Code:
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} (.*/roundcube/.*)
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,328
Location
LT, EU
May I know the contents of /etc/httpd/conf/extra/httpd-alias.conf ? It might be the cause...
 

Arieh

Verified User
Joined
May 27, 2008
Messages
1,200
Location
The Netherlands
Haven't touched it though:

Alias /config /var/www/html/redirect.php
Alias /roundcube /var/www/html/roundcube
Alias /phpMyAdmin /var/www/html/phpMyAdmin
Alias /phpmyadmin /var/www/html/phpMyAdmin
Alias /pma /var/www/html/phpMyAdmin
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,328
Location
LT, EU
Would I be able to check that on the server? (free of charge) As I think something is misconfigured in nginx or apache configs.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
But nothing I do seems to be working. Got any ideas?
I've got these on apache's side:

Code:
<Directory /var/www/html/>
    RewriteEngine  on
    RewriteBase     /
    RewriteCond     %{HTTPS} off
    RewriteCond     %{REQUEST_URI} ^/roundcube [OR]
    RewriteCond     %{REQUEST_URI} ^/webmail [OR]
    RewriteCond     %{REQUEST_URI} ^/afterlogic [OR]
    RewriteCond     %{REQUEST_URI} ^/atmail
    RewriteRule     (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
Or even these:

Code:
<Directory /var/www/html>
    RewriteEngine on
    RewriteBase /
    RewriteOptions Inherit
    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} ^/roundcube/ [OR]
    RewriteCond %{REQUEST_URI} ^/roundcube$ [OR]
    RewriteCond %{REQUEST_URI} ^/atmail/ [OR]
    RewriteCond %{REQUEST_URI} ^/atmail$ [OR]
    RewriteCond %{REQUEST_URI} ^/webmail/ [OR]
    RewriteCond %{REQUEST_URI} ^/webmail$ [OR]
    RewriteCond %{REQUEST_URI} ^/afterlogic/ [OR]
    RewriteCond %{REQUEST_URI} ^/afterlogic$ [OR]
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</Directory>

Note RewriteOptions Inherit in this example, as roundcube has its own rewrite rules.
 

Arieh

Verified User
Joined
May 27, 2008
Messages
1,200
Location
The Netherlands
Thanks zEitEr, but in this case it was a bug with this specific combination of apache/nginx/webapps ssl. smtalk had fixed it and said the fix will be in pre release of DA soon.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,328
Location
LT, EU
It's fixed in latest version of DA pre-release binaries now :) That was just a small change, in SSL templates (used by nginx) webapps.conf include was changed to webapps.ssl.conf. Thank you for the report! I'd like to mention that the problem existed only for webapps, and only for redirections from HTTP to HTTPS.
 

danial

Verified User
Joined
Sep 24, 2014
Messages
6
nginx+apache with varnish cache?

hi!
how to use varnish cache for dynamic content with webserver nginx_apache?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
Install Varnish by your favourite guide (or any from the official site)

1. Copy

/usr/local/directadmin/data/templates/nginx_server.conf
/usr/local/directadmin/data/templates/nginx_server_sub.conf

to

/usr/local/directadmin/data/templates/custom/nginx_server.conf
/usr/local/directadmin/data/templates/custom/nginx_server_sub.conf

2. Modify the files

/usr/local/directadmin/data/templates/custom/nginx_server.conf
/usr/local/directadmin/data/templates/custom/nginx_server_sub.conf

change line:

Code:
proxy_pass http://|IP|:|PORT_8080|;
to

Code:
proxy_pass http://|IP|:6081;
Change 6081 to any other value of TCP post where Varnish is accepting connections.

3. Rewrite nginx virtual hosts:

Code:
echo "action=rewrite&value=nginx" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq


P.S. As for now varnish does not support SSL, so it will cache only requests to plain HTTP.
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,328
Location
LT, EU
Make sure you have your main server IP instead of 127.0.0.1 in /etc/nginx/webapps.conf and /etc/httpd/conf/extra/httpd-vhosts.conf. We've changed that to fix SSL problems for webmail and proxy. However, there should be no 127.0.0.1 there, if there are no customized files in /usr/local/directadmin/custombuild/custom/ (webapps.conf in nginx/conf and httpd-vhosts.conf in httpd/conf/extra).
 

duke28

Verified User
Joined
Oct 30, 2005
Messages
303
Location
Montreal - Canada
[root@box10 custombuild]# more /etc/nginx/webapps.conf
location /squirrelmail {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/squirrelmail/ {
access_log off;
proxy_pass http://67.215.11.18:8080;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /squirrelmail/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/squirrelmail/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location /roundcube {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/roundcube/ {
access_log off;
proxy_pass http://67.215.11.18:8080;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /roundcube/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/roundcube/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location /phpMyAdmin {
root /var/www/html/;
index index.php index.html index.htm;
location ~ ^/phpMyAdmin/ {
access_log off;
proxy_pass http://67.215.11.18:8080;
proxy_set_header X-Client-IP $remote_addr;
proxy_set_header X-Accel-Internal /phpMyAdmin/nginx_static_files;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location ~ ^/phpMyAdmin/nginx_static_files/ {
access_log /var/log/nginx/access_log_proxy;
alias /var/www/html/;
internal;
}
}
location /phpmyadmin {
rewrite ^/* /phpMyAdmin last;
}
location /pma {
rewrite ^/* /phpMyAdmin last;
}
location /webmail {
rewrite ^/* /roundcube last;
}
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
location ~ /(\.ht|\.user\.ini) {
deny all;
}

#############

[root@box10 custombuild]# more /etc/httpd/conf/extra/httpd-vhosts.conf
#
# Virtual Hosts
#
# Required modules: mod_log_config
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

##########################################################
# Use name-based virtual hosting. #
# All NameVirtualHost lines are in this file #
# Don't remove this line or apache will generate errors. #
##########################################################
Include /etc/httpd/conf/ips.conf

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost 67.215.11.18:8080>
ServerAdmin webmaster@localhost
UserDir public_html
DocumentRoot /var/www/html
ServerName localhost
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
CustomLog /var/log/httpd/homedir.log homedir

<IfModule !mod_ruid2.c>
SuexecUserGroup webapps webapps
</IfModule>
</VirtualHost>

<VirtualHost 67.215.11.18:8081>
ServerAdmin webmaster@localhost
UserDir public_html
DocumentRoot /var/www/html
ServerName localhost
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
CustomLog /var/log/httpd/homedir.log homedir

SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCACertificateFile /etc/httpd/conf/ssl.crt/server.ca

<IfModule !mod_ruid2.c>
SuexecUserGroup webapps webapps
</IfModule>
</VirtualHost>

###################

[root@box10 custombuild]# more /etc/httpd/conf/extra/httpd-alias.conf
Alias /config /var/www/html/redirect.php
Alias /squirrelmail /var/www/html/squirrelmail
Alias /roundcube /var/www/html/roundcube
Alias /webmail /var/www/html/roundcube
Alias /phpMyAdmin /var/www/html/phpMyAdmin
Alias /phpmyadmin /var/www/html/phpMyAdmin
Alias /pma /var/www/html/phpMyAdmin
[root@box10 custombuild]#


so ? :)
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,328
Location
LT, EU
Please chek /var/log/nginx/domains/cpacendrillon.ca.error.log then. Nginx might not have enough of permissions to read the images in /var/www/html/roundcube. Probably "chmod +x /var/www/html"or "chmod +x /var/www" might help, but of course the error log could show us more details.
 
Top