Load Webmail via SSL Problem

Discussion in 'Installation/Configuration' started by sunghost, Jul 28, 2016.

  1. sunghost

    sunghost Member

    Hi,
    if i call the Webmail from the Panel i got some kind of config output error, which beginns like that:
    If i call the webmail via http, i have no problems. phpMyAdmin from Panel is ok. Any idea?
     
  2. Jesse Norell

    Jesse Norell Active Member

    don't run phpmyadmin from the ispconfig vhost, you can simply create another vhost on the same server and use port 443
     
  3. sunghost

    sunghost Member

    Hi,
    why not? What is the reason for it, since it is offered from the panel as an button / icon? And far as i tested it works normal. My Problem is Webmail which throws above errors - any idea? In the net i found, that php is not enabled. Could this the reason? I think not, while phpmyadmin is running.
     
  4. Jesse Norell

    Jesse Norell Active Member

    Sorry, I got that mixed up - don't run roundcube on the ispconfig vhost, just create another vhost within ispconfig and run it there. Why = simplicity, as it doesn't work out of the box (as you see). You can make it work, I think all you need to do is set the right handler for php file names; for an example, create a vhost using fastcgi and look at the config file generated for it.
     
  5. Jesse Norell

    Jesse Norell Active Member

    Last edited: Aug 4, 2016
  6. sunghost

    sunghost Member

    Hi Jesse,
    ok read this. Meanwhile i search a bit and found out that the link from the panel to webmail is like this: https://fqdn:8080/webmail/ but actually it only works as http://fqdn/webmail/ Perhaps some misconfiguration? I think i can solve this by only use ssl for phpmyadmin and roundcube, but how to setup this?
     
  7. Jesse Norell

    Jesse Norell Active Member

    That is set under System > Main Config > Mail > Webmail URL
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Port 8080 is reserved for ISPConfig, no other software is accessed trough that port.
     
  9. sunghost

    sunghost Member

    with /webmail thats correct. I think the redirect with Port 8080 is wrong. 2 Other Questions for this:
    1. What is the preferred way to call the url for phpmyadmin and webmail - ispconfig-url/webmail or client-dom/webmail or doenst it matter?
    -> as far as i understand if i whould have a multiserver setup with e.g. 4 Server, i whould only have one panel on one server, or does any server has a panel and the client can login in on every one off them?
    2. How can i only allow ssl for phpmyadmin and webmail and how can i use an lets encrypt cert. for this? Option System Config -> Mail -> Web Mail -> SSL/TLS Option <- this?
     
  10. Jesse Norell

    Jesse Norell Active Member

    You can just specify the full url there, https://your-preferred-name.com/webmail/

    It's your preference. As @till mentioned above, don't use port 8080 if that's what ispconfig is using, but you could use the ispconfig control panel hostname eg. on port 443. I think in the setup I have here, both /webmail and /phpmyadmin work on every customer website as well, which you may or may not want (it's easier to brute-force or exploit webmail/phpmyadmin if it's available in more places).

    One control panel (though you can access it via multiple names/servers if you setup a proxy). You could have webmail/phpmyadmin on more than one server if you wish. It's pretty flexible/configurable, so you might figure out how you'd prefer it were setup, then go about implementing that.

    Eg. the setup here is multi-server, with one server dedicated to running the ispconfig control (on port 443), with no other services. I setup a LetsEncrypt certificate there, so https://control-panel.tld/ works fine. I have phpmyadmin installed on the control panel for my own use/convenience (it has ip access control). Every web server will also have phpmyadmin and roundcube installed, so any customer can access https://their-domain.tld/phpmyadmin/ to get access to their own database server, and https://webmail.their-domain.tld/ will redirect to the local roundcube install (I haven't actually set that bit up yet).

    Soon I'll add a reseller to this and I plan on adding 4 slave servers for them, 1 web+mysql, 1 email, 2 ns. I'll setup a vhost on the reseller's domain to access the control panel with - ie. I'll enable letsencrypt for that vhost, and then setup a proxy config in the back end so the https://reseller-panel.tld/ url works but transparently connects to the single ispconfig control panel at https://control-panel.tld/

    Add/configure the default vhost for the server to redirect /phpmyadmin and /webmail to an https url. I don't have a snippet handy for this exactly, but might set that up and get back here with tested config. I believe roundcube has a config setting to do that itself, which would also be worth turning on as a safeguard.

    Get letsencrypt setup for the server's hostname via: https://www.howtoforge.com/communit...fig-admin-from-letsencrypt.73097/#post-344008
     
  11. Jesse Norell

    Jesse Norell Active Member

    Here is tested config. I had a default vhost setup to serve a landing page/help site out of /var/www/html, so just added the bit to redirect phpmyadmin/webmail locations. You may find a few others you'd want to add, eg. maybe mailman and any other general services.
    Code:
    <VirtualHost *:80>
        ServerName default
        ServerAdmin [email protected]
    
        DocumentRoot /var/www/html
    
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
    
        <LocationMatch ^/(phpmyadmin|webmail|roundcube|squirrelmail)>
            <IfModule mod_rewrite.c>
                RewriteEngine on
                RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/
                RewriteRule ^ - [END]
                RewriteCond %{HTTPS} off
                RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
            </IfModule>
        </LocationMatch>
    
    </VirtualHost>
    
     

Share This Page