For proxying Roundcube, nginx works great.
My nginx server is TLS-only, and proxies everything for another server, hence the location of "/", such as "nginx-server.tld/roundcube => rc-server.tld/roundcube". It looks like you might want "/webmail" on the proxy, and "/" on the roundcube host, so replace my "location /" with "location /webmail/" below.
If this works: https://nginx-server.tld/webmail/ but not: https://nginx-server.tld/webmail (no trailing /) then add another location directive with a rewrite:
location /webmail { rewrite ^/webmail /webmail/ permanent; }
location /webmail/ { proxy_pass http://127.0.2.4; ... }
My example config:
# # HTTPS only server # server { listen 443; server_name your.hostname.tld;
error_log /var/log/nginx/error.log warn;
ssl on; ssl_certificate /etc/ssl/your-certs/your-cert.pem; ssl_certificate_key /etc/ssl/your-certs/your-cert.key; ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "HIGH:MEDIUM:!aNULL:!MD5:!3DES"; ssl_prefer_server_ciphers on;
# Public Key Pinning # https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning add_header Public-Key-Pins 'pin-sha256="key-fingerprint...=; max-age=5184000; includeSubDomains';
location / { # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass proxy_pass https://some-roundcube-server.tld; proxy_http_version 1.1; proxy_redirect default; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwared-For $proxy_add_x_forwarded_for; } }
Good luck!
On Thu, Sep 24, 2015 at 2:33 AM, Niklaas Baudet von Gersdorff < niklaas@kulturflatrate.net> wrote:
On 24/09/15 09:16, A.L.E.C wrote:
"Invalid request! No data was saved" indicates CSRF security token check fails. Something is wrong with session or something (proxy?) removes X-Roundcube-Request header (or less likely POST parameter).
I am quite sure that that it's related to proxying roundcube. I got it working by moving it outside of the proxy. Since then I don't get the error message anymore.
What is necessary to setup roundcube behind an Apache proxy? I tried to get it work with a simple
# proxy the connection to webmail ProxyPass /webmail/ http://127.0.2.4/ ProxyPassReverse /webmail/ http://127.0.2.4/ ProxyPassReverseCookiePath /webmail/ /
I am not sure about the
ProxyPassReverseCookiePath
setting.I haven't tried it with nginx yet though. Maybe a simple
location / { proxy_pass http://127.0.2.4; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; }
does it. Any experience?
--
Niklaas
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users