SSL Connection Error and Squirrelmail

Discussion in 'Installation/Configuration' started by dayjahone, Jan 28, 2014.

  1. dayjahone

    dayjahone Member

    I just did the perfect setup for Debian Wheezy. I opted for a secure login and can't get to the login page. It errors out on every browser and says it can't establish a secure connection. If I enter the same url without the 's' (http://), it goes to the squirrelmail login. Please help.
     
  2. rosehosting

    rosehosting Member

    Create a new virtual host, for example:

    <IfModule mod_ssl.c>
    NameVirtualHost *:443
    <VirtualHost yourIP:443>
    DocumentRoot /usr/share/squirrelmail
    ServerName webmail.yourdomain.com

    <Directory /usr/share/squirrelmail>
    Options FollowSymLinks
    <IfModule mod_php5.c>
    php_flag register_globals off
    </IfModule>
    <IfModule mod_dir.c>
    DirectoryIndex index.php
    </IfModule>

    <Files configtest.php>
    order deny,allow
    deny from all
    allow from 127.0.0.1
    </Files>
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/your-ssl-certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/your-ssl-certificate.key
    </VirtualHost>
    <IfModule>



    Or, you can redirect all http requests to https:

    vi /etc/apache2/conf.d/squirrelmail.conf

    <VirtualHost yourIP:80>
    DocumentRoot /usr/share/squirrelmail
    ServerName webmail.yourdomain.com
    <Location />
    RewriteEngine on
    RewriteCond %{HTTPS} !^on$ [NC]
    RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI} [L]
    </Location>
    </VirtualHost>

    Do not forget to restart your Apache service for the changes to take effect:

    /etc/init.d/apache2 restart
     
  3. dayjahone

    dayjahone Member

    I think I followed the Perfect Setup exactly. I'd happily uninstall Squirrelmail if it is causing a problem...
     
    Last edited: Jan 29, 2014
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    It is not nescessary to create a vhost file or to uninstal squirrelmail.

    Which port did you select when you installed ispconfig? the default is 8080. You can use any free port there, but not 90 0r 443 off course, as they are already in use by the webserver. so if you ued 80 or 443 instead of using the default port 8080, then your ispconfig login must fail.
     
  5. dayjahone

    dayjahone Member

    I am almost positive I confirmed that the default was [8080] and just hit enter.

    I thought it was a security certificate issue since that is the browser error I get. I thought it might be due to the fact that I just hit enter through all the questions for the security certificate.

    If I do need to re-install, what do I do?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    check the ispconfig.vhost in /etc/apache2/sites-available/, it should contain these lines:


    Listen 8080
    NameVirtualHost *:8080

    <VirtualHost _default_:8080>
     
  7. dayjahone

    dayjahone Member

    It does indeed. The first lines:

    Code:
     Listen 8080
    NameVirtualHost *:8080
    
    <VirtualHost _default_:8080>
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    ok, then please post your /etc/apache2/conf.d/squirrelmail file.
     
  9. dayjahone

    dayjahone Member

    Here it is:

    Code:
    Alias /squirrelmail /usr/share/squirrelmail
    Alias /webmail /usr/share/squirrelmail
    
    <Directory /usr/share/squirrelmail>
      Options FollowSymLinks
      <IfModule mod_php5.c>
        AddType application/x-httpd-php .php
        php_flag magic_quotes_gpc Off
        php_flag track_vars On
        php_admin_flag allow_url_fopen Off
        php_value include_path .
        php_admin_value upload_tmp_dir /var/lib/squirrelmail/tmp
        php_admin_value open_basedir /usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/etc/hostname:/etc/mailname
        php_flag register_globals off
      </IfModule>
      <IfModule mod_dir.c>
        DirectoryIndex index.php
      </IfModule>
    
      # access to configtest is limited by default to prevent information leak
      <Files configtest.php>
        order deny,allow
        deny from all
        allow from 127.0.0.1
      </Files>
    </Directory>
    
    # users will prefer a simple URL like http://webmail.example.com
    <VirtualHost 173.8.196.155>
      DocumentRoot /usr/share/squirrelmail
      ServerName webmail.rwhm.net
    </VirtualHost>
    
    # redirect to https when available (thanks [email protected])
    #
    #  Note: There are multiple ways to do this, and which one is suitable for
    #  your site's configuration depends. Consult the apache documentation if
    #  you're unsure, as this example might not work everywhere.
    #
    #<IfModule mod_rewrite.c>
    #  <IfModule mod_ssl.c>
    #    <Location /squirrelmail>
    #      RewriteEngine on
    #      RewriteCond %{HTTPS} !^on$ [NC]
    #      RewriteRule . https://%{HTTP_HOST}%{REQUEST_URI}  [L]
    #    </Location>
    #  </IfModule>
    #</IfModule>
    
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Please comment out or remove these lines:

    <VirtualHost 173.8.196.155>
    DocumentRoot /usr/share/squirrelmail
    ServerName webmail.rwhm.net
    </VirtualHost>

    and restart apache.
     
  11. dayjahone

    dayjahone Member

    that worked. I thought that was important to have in the file for webmail.mydomain.com?
     

Share This Page