I just did a new install of RoundCube Mail, and definitely some huge improvements since i tried it a few months ago...
I was wondering if it was planned to have a SSL option in the config? At the moment i want all my webmail stuff to go over SSL, so i just added the following lines at the top of index.php:
if (empty($_SERVER['HTTPS'])) { header('Location: https://%27.$_SERVER%5B%27SERVER_NAME%27%5D.$_SERVER%5B%27REQUEST_URI%27%5D....']); }
I'm sure there is a much more convenient place to put this, but I think it would definitely be a good idea to at least have an option to make logins go over SSL.
-- Alan Briolat alan@dotphp.org
You should do this redirection with your webserver configuration. With Apache you can use the RewriteRules to achieve this. I don't thinks it's something that RoundCube needs to handle but more a task for the webserver environment.
Regards, Thomas
Alan Briolat wrote:
I just did a new install of RoundCube Mail, and definitely some huge improvements since i tried it a few months ago...
I was wondering if it was planned to have a SSL option in the config? At the moment i want all my webmail stuff to go over SSL, so i just added the following lines at the top of index.php:
if (empty($_SERVER['HTTPS'])) { header('Location: https://%27.$_SERVER%5B%27SERVER_NAME%27%5D.$_SERVER%5B%27REQUEST_URI%27%5D....']); }
I'm sure there is a much more convenient place to put this, but I think it would definitely be a good idea to at least have an option to make logins go over SSL.
-- Alan Briolat alan@dotphp.org
On Thu, 6 Apr 2006 04:08:37 +0100, Alan Briolat alan@dotphp.org wrote:
I just did a new install of RoundCube Mail, and definitely some huge improvements since i tried it a few months ago...
I was wondering if it was planned to have a SSL option in the config? At the moment i want all my webmail stuff to go over SSL, so i just added the following lines at the top of index.php:
if (empty($_SERVER['HTTPS'])) { header('Location: https://%27.$_SERVER%5B%27SERVER_NAME%27%5D.$_SERVER%5B%27REQUEST_URI%27%5D....']); }
This is unnecesary. Just edit the apache configuration and redirect the http request to https.
Hmmm, that actually makes sense now i think about it. Well, I might do that then, because of course the next CVS update will undo my little mod :)
On Thu, 06 Apr 2006 08:43:27 +0200 Thomas Bruederli roundcube@gmail.com wrote:
You should do this redirection with your webserver configuration. With Apache you can use the RewriteRules to achieve this. I don't thinks it's something that RoundCube needs to handle but more a task for the webserver environment.
Regards, Thomas
Alan Briolat wrote:
I just did a new install of RoundCube Mail, and definitely some huge improvements since i tried it a few months ago...
I was wondering if it was planned to have a SSL option in the config? At the moment i want all my webmail stuff to go over SSL, so i just added the following lines at the top of index.php:
if (empty($_SERVER['HTTPS'])) { header('Location: https://%27.$_SERVER%5B%27SERVER_NAME%27%5D.$_SERVER%5B%27REQUEST_URI%27%5D....']); }
I'm sure there is a much more convenient place to put this, but I think it would definitely be a good idea to at least have an option to make logins go over SSL.
-- Alan Briolat alan@dotphp.org
On Thu, 06 Apr 2006 08:43:27 +0200, Thomas Bruederli roundcube@gmail.com wrote:
You should do this redirection with your webserver configuration. With Apache you can use the RewriteRules to achieve this. I don't thinks it's something that RoundCube needs to handle but more a task for the webserver environment.
I'll second that emotion, there's plenty of ways to do it, but here's how I did it with Apache2 - edit http.conf and add something like this (change the roundcube path to your own):
<Directory /usr/local/www/data-dist/roundcubemail-cvs> RewriteEngine on RewriteBase / RewriteRule ^.*$ https://%%7BHTTP_HOST%7D%%7BREQUEST_URI%7D [R=permanent]
</Directory>
You need to have that mod_rewrite vodoo running on Apache for this to work, but work it does.
P
Regards, Thomas
Alan Briolat wrote:
I just did a new install of RoundCube Mail, and definitely some huge improvements since i tried it a few months ago...
I was wondering if it was planned to have a SSL option in the config? At the moment i want all my webmail stuff to go over SSL, so i just added the following lines at the top of index.php:
if (empty($_SERVER['HTTPS'])) { header('Location:
https://%27.$_SERVER%5B%27SERVER_NAME%27%5D.$_SERVER%5B%27REQUEST_URI%27%5D....']);
}
I'm sure there is a much more convenient place to put this, but I think
it would
definitely be a good idea to at least have an option to make logins go
over SSL.
-- Alan Briolat alan@dotphp.org
On Thu, 6 Apr 2006 10:19:04 -0500, phil phil@cryer.us wrote:
You need to have that mod_rewrite vodoo running on Apache for this to work, but work it does.
I'm wondering about IIS users. Is there a thing similar to mod_rewrite to force https connections?
Fizban
Corrado 'Fizban' Ignoti - "Un coglione che va a sinistra" http://www.corradoignoti.it Skype: thefizban
On Thu, 6 Apr 2006 16:37:36 +0200, Corrado 'Fizban' Ignoti fizban@fizbannet wrote:
On Thu, 6 Apr 2006 10:19:04 -0500, phil phil@cryer.us wrote:
You need to have that mod_rewrite vodoo running on Apache for this to work, but work it does.
I'm wondering about IIS users. Is there a thing similar to mod_rewrite to force https connections?
I don't know IIS at all, but a cheap way would just be to create an app/ directory, move all of the roundcube stuff in there, then create an indexhtml file in your roundcube direcotry that says:
<META http-equiv="refresh" content="1; URL=https://YOUR_URL/roundcube/app">
P
Fizban
Corrado 'Fizban' Ignoti - "Un coglione che va a sinistra" http://www.corradoignoti.it Skype: thefizban
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Corrado 'Fizban' Ignoti wrote:
On Thu, 6 Apr 2006 10:19:04 -0500, phil phil@cryer.us wrote:
You need to have that mod_rewrite vodoo running on Apache for this to work, but work it does.
I'm wondering about IIS users. Is there a thing similar to mod_rewrite to force https connections?
Assuming you've already figured out how to generate an SSL cert using MS's cute and cuddly GUIs and enabled it...
In your IIS configuration snap-in under Computer Management:
- Expand Web Sites, bring up the properties of your RoundCube site
- Go to Directory Security
- In the Secure communications section click "Edit..."
- Check the box marked "Require secure channel (SSL)".
And...
"The page must be viewed over a secure channel The page you are trying to access is secured with Secure Sockets Layer (SSL). "
I don't now how to do an automatic redirect, but I suspect theres a friendly GUI to do it. Hose yourself down afterwards to remove all that nasty IIS gunk that oozed out of your windows machine.
Chris
Chris Horry KG4TSM "I've got nothing against God, it's his fan zerbey@wibble.co.uk clubs that I can't stand". http://www.wibble.co.uk -- Anonymous
On Apr 6, 2006, at 7:37 AM, Corrado 'Fizban' Ignoti wrote:
On Thu, 6 Apr 2006 10:19:04 -0500, phil phil@cryer.us wrote:
You need to have that mod_rewrite vodoo running on Apache for this to work, but work it does.
I'm wondering about IIS users. Is there a thing similar to mod_rewrite to force https connections?
Another approach is to not use mod_rewrite to enforce https. I
simply setup two virtual servers, one on 80 and one on 443, then
redirect any request from http -> https. As such:
NameVirtualHost 192.168.2.1:80 NameVirtualHost 192.168.2.1:443
# Redirect webmail requests to ssl <VirtualHost 192.168.2.1:80> ServerName webmail.myhost.org RedirectPermanent / https://webmail.myhost.org/
</VirtualHost>
# Serve webmail requests <VirtualHost 192.168.2.1:443> SSLEngine on ServerName webmail.myhost.org ...
</VirtualHost> -----------------------------------------
The same approach will easily work for IIS.
Ethan
On Thu, 6 Apr 2006 16:37:36 +0200, Corrado 'Fizban' Ignoti fizban@fizbannet wrote:
On Thu, 6 Apr 2006 10:19:04 -0500, phil phil@cryer.us wrote:
You need to have that mod_rewrite vodoo running on Apache for this to work, but work it does.
I'm wondering about IIS users. Is there a thing similar to mod_rewrite to force https connections?
For what I have seen, the only way is to bye a commercial product to do this.
You can also migrate to apache. :-)
Thank you very much! That definitely looks like the most convenient way for me to do it under this apache configuration. Just saved me a few mins of RTFM ^_^
On Thu, 6 Apr 2006 08:56:40 -0700 Ethan Erchinger ethan@plaxo.com wrote:
On Apr 6, 2006, at 7:37 AM, Corrado 'Fizban' Ignoti wrote:
On Thu, 6 Apr 2006 10:19:04 -0500, phil phil@cryer.us wrote:
You need to have that mod_rewrite vodoo running on Apache for this to work, but work it does.
I'm wondering about IIS users. Is there a thing similar to mod_rewrite to force https connections?
Another approach is to not use mod_rewrite to enforce https. I
simply setup two virtual servers, one on 80 and one on 443, then
redirect any request from http -> https. As such:
NameVirtualHost 192.168.2.1:80 NameVirtualHost 192.168.2.1:443
# Redirect webmail requests to ssl <VirtualHost 192.168.2.1:80> ServerName webmail.myhost.org RedirectPermanent / https://webmail.myhost.org/
</VirtualHost>
# Serve webmail requests <VirtualHost 192.168.2.1:443> SSLEngine on ServerName webmail.myhost.org ...
</VirtualHost> -----------------------------------------
The same approach will easily work for IIS.
Ethan
On Thu, 6 Apr 2006 08:56:40 -0700, Ethan Erchinger ethan@plaxo.com wrote:
On Apr 6, 2006, at 7:37 AM, Corrado 'Fizban' Ignoti wrote:
On Thu, 6 Apr 2006 10:19:04 -0500, phil phil@cryer.us wrote:
You need to have that mod_rewrite vodoo running on Apache for this to work, but work it does.
I'm wondering about IIS users. Is there a thing similar to mod_rewrite to force https connections?
Another approach is to not use mod_rewrite to enforce https. I simply setup two virtual servers, one on 80 and one on 443, then redirect any request from http -> https. As such:
NameVirtualHost 192.168.2.1:80 NameVirtualHost 192.168.2.1:443
# Redirect webmail requests to ssl <VirtualHost 192.168.2.1:80> ServerName webmail.myhost.org RedirectPermanent / https://webmail.myhost.org/
</VirtualHost>
# Serve webmail requests <VirtualHost 192.168.2.1:443> SSLEngine on ServerName webmail.myhost.org ...
</VirtualHost> ---------------------------------------
That's a good solution too - however if you're running websites on your server you likely won't want them all to be servered up via SSL - and I assume this setup would only allow HTTPS for all on :80?
P
http://fak3r.com - you dont have to kick it
Here's another way:
RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*) https://%%7BSERVER_NAME%7D$1 [R,L]
-- RewriteEngine on RewriteCond %{REQUEST_URI} /login/* [NC] RewriteRule ^(.*) https://%%7BSERVER_NAME%7D$1 [R,L]
-- RewriteEngine on RewriteCond %{HTTP_HOST} foo.bar.com [NC] RewriteRule ^(.*) https://%%7BSERVER_NAME%7D$1 [R,L]
There's lots of other ways as well.
Regards,
Pen
On Thu, 2006-04-06 at 22:23 -0500, phil wrote:
On Thu, 6 Apr 2006 08:56:40 -0700, Ethan Erchinger ethan@plaxo.com wrote:
RewriteRule ^(.*) https://%%7BSERVER_NAME%7D$1 [R,L]
-- RewriteEngine on RewriteCond %{REQUEST_URI} /login/* [NC] RewriteRule ^(.*) https://%%7BSERVER_NAME%7D$1 [R,L]
-- RewriteEngine on RewriteCond %{HTTP_HOST} foo.bar.com [NC] RewriteRule ^(.*) https://%%7BSERVER_NAME%7D$1 [R,L] RewriteRule ^(.*) https://%%7BSERVER_NAME%7D$1 [R,L]
-- RewriteEngine on RewriteCond %{REQUEST_URI} /login/* [NC] RewriteRule ^(.*) https://%%7BSERVER_NAME%7D$1 [R,L]
-- RewriteEngine on RewriteCond %{HTTP_HOST} foo.bar.com [NC] RewriteRule ^(.*) https://%%7BSERVER_NAME%7D$1 [R,L]
There's lots of other ways as well.
Regarsd,
There's lots of other ways as well.
Regarsd,
On Apr 6, 2006, at 7:37 AM, Corrado 'Fizban' Ignoti wrote:
On Thu, 6 Apr 2006 10:19:04 -0500, phil phil@cryer.us wrote:
You need to have that mod_rewrite vodoo running on Apache for this to work, but work it does.
I'm wondering about IIS users. Is there a thing similar to mod_rewrite to force https connections?
Another approach is to not use mod_rewrite to enforce https. I simply setup two virtual servers, one on 80 and one on 443, then redirect any request from http -> https. As such:
NameVirtualHost 192.168.2.1:80 NameVirtualHost 192.168.2.1:443
# Redirect webmail requests to ssl <VirtualHost 192.168.2.1:80> ServerName webmail.myhost.org RedirectPermanent / https://webmail.myhost.org/
</VirtualHost>
# Serve webmail requests <VirtualHost 192.168.2.1:443> SSLEngine on ServerName webmail.myhost.org ...
</VirtualHost> ---------------------------------------
That's a good solution too - however if you're running websites on your server you likely won't want them all to be servered up via SSL - and I assume this setup would only allow HTTPS for all on :80?
P
That's a good solution too - however if you're running websites on
your server you likely won't want them all to be servered up via
SSL - and I assume this setup would only allow HTTPS for all on :80?
Ok well this topic has been beat to death, but just for clarity. The
examples I gave are named based virtual hosts, so they should only
affect virtual servers being served under that Virtual. If you are
running www.myhost.org, then it'd likely be a separate virtual, and
it would not be affected.
Ethan
-
Alan Briolat -
Chris Horry -
Corrado 'Fizban' Ignoti -
Ethan Erchinger -
Martin Marques -
Pen -
phil -
Thomas Bruederli