Debian 9 NGINX perfect server questions

Discussion in 'ISPConfig 3 Priority Support' started by conductive, Mar 6, 2018.

  1. conductive

    conductive Member

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Try this one (untested):

    Code:
    location /squirrelmail {
                   root /usr/share/;
                   index index.php index.html index.htm;
                   location ~ ^/squirrelmail/(.+\.php)$ {
                           try_files $uri =404;
                           root /usr/share/;
                           fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                           fastcgi_param HTTPS on; # <-- add this line
                           fastcgi_index index.php;
                           fastcgi_param SCRIPT_FILENAME $request_filename;
                           include /etc/nginx/fastcgi_params;
                           fastcgi_param PATH_INFO $fastcgi_script_name;
                           fastcgi_buffer_size 128k;
                           fastcgi_buffers 256 4k;
                           fastcgi_busy_buffers_size 256k;
                           fastcgi_temp_file_write_size 256k;
                           fastcgi_intercept_errors on;
                   }
                   location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                           root /usr/share/;
                   }
            }
            location /webmail {
                   rewrite ^/* /squirrelmail last;
            }
    There is a checkbox for that on the rewrite tab of websites, alias- and subdomains.
     
    conductive likes this.
  3. conductive

    conductive Member

    Code:
    location /squirrelmail {
      root /usr/share/;
      index index.php index.html index.htm;
      location ~ ^/squirrelmail/(.+\.php)$ {
      try_files $uri =404;
      root /usr/share/;
      fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
      fastcgi_param HTTPS on; # <-- add this line
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $request_filename;
      include /etc/nginx/fastcgi_params;
      fastcgi_param PATH_INFO $fastcgi_script_name;
      fastcgi_buffer_size 128k;
      fastcgi_buffers 256 4k;
      fastcgi_busy_buffers_size 256k;
      fastcgi_temp_file_write_size 256k;
      fastcgi_intercept_errors on;
      }
      location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
      root /usr/share/;
      }
      }
      location /webmail {
      rewrite ^/* /squirrelmail last;
      }
    mydomain.com/webmail >> https://mydomain.com/roundcube/ >>> ERROR 404 - Not Found!

    Perfect

    It doesn't like sometext.mydomain.com
    Your connection is not secure, ...... Browser wants a security exception
    www. is OK
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You have to add sometext.mydomain.com as aliasdomain to the website if you want to use it with ssl.
     
    conductive likes this.
  5. conductive

    conductive Member

    Thanks. I was afraid of that. sometext is coming from a database. Is there a god way to handle large volumes of aliasdomains?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Domains have to be in the ssl cert to be able to use them with ssl. If all domains are subdomains of the same domain, then you can use a wildcard ssl cert fron any vendor. If the domains are different domains r you want to use letsencrypt with subdomains in ispconfig instead of a wildcard ssl cert, then you'll have to add them to the ssl cert individually, which happens e.g. when you add them as aliasdomain to the website.
     
  7. conductive

    conductive Member

    What needs to be done for webmail? I set Redirect to Rewrite HTTP to HTTPS and now when I go to mydomain.com:8081/webmail I get:

    Secure Connection Failed

    An error occurred during a connection to rip1.com:8081. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    The apps vhost has no ssl by default. If you want to use https in the apps vhost, then you will have to add a ssl cert and key directive in the apps vhost file.
     
  9. conductive

    conductive Member

    Thanks for the reply.

    I must be missing something here. Didn't the Debian 8.6 perfect server simply work with a directive an a self signed cert? Is the same problem I am having with secure phpmyadmin?
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    The paas vhost has no ssl at all unless you configure it.
     
    ahrasis likes this.

Share This Page