For proxying Roundcube, nginx works great.

My nginx server is TLS-only, and proxies everything for another server, hence the location of "/", such as "nginx-server.tld/roundcube => rc-server.tld/roundcube".  It looks like you might want "/webmail" on the proxy, and "/" on the roundcube host, so replace my "location /" with "location /webmail/" below.

If this works: https://nginx-server.tld/webmail/ but not: https://nginx-server.tld/webmail (no trailing /) then add another location directive with a rewrite:

  location /webmail {
    rewrite ^/webmail /webmail/ permanent;
  }

  location /webmail/ {
   proxy_pass http://127.0.2.4;
   ...
  }

My example config:

#
# HTTPS only server
#
server {
  listen 443;
  server_name your.hostname.tld;

  error_log /var/log/nginx/error.log warn;

  ssl on;
  ssl_certificate /etc/ssl/your-certs/your-cert.pem;
  ssl_certificate_key /etc/ssl/your-certs/your-cert.key;
  ssl_session_timeout 5m;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers "HIGH:MEDIUM:!aNULL:!MD5:!3DES";
  ssl_prefer_server_ciphers on;

  # Public Key Pinning
  # https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning
  add_header Public-Key-Pins 'pin-sha256="key-fingerprint...=; max-age=5184000; includeSubDomains';

  location / {
    # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
    proxy_pass https://some-roundcube-server.tld;
    proxy_http_version 1.1;
    proxy_redirect default;
    proxy_set_header X-Real-IP       $remote_addr;
    proxy_set_header X-Forwared-For  $proxy_add_x_forwarded_for;
  }
}


Good luck!

On Thu, Sep 24, 2015 at 2:33 AM, Niklaas Baudet von Gersdorff <niklaas@kulturflatrate.net> wrote:
On 24/09/15 09:16, A.L.E.C wrote:
> "Invalid request! No data was saved" indicates CSRF security token check
> fails. Something is wrong with session or something (proxy?) removes
> X-Roundcube-Request header (or less likely POST parameter).

I am quite sure that that it's related to proxying roundcube. I got it
working by moving it outside of the proxy. Since then I don't get the
error message anymore.

What is necessary to setup roundcube behind an Apache proxy? I tried to
get it work with a simple

> # proxy the connection to webmail
> ProxyPass /webmail/ http://127.0.2.4/
> ProxyPassReverse /webmail/ http://127.0.2.4/
> ProxyPassReverseCookiePath /webmail/ /

I am not sure about the `ProxyPassReverseCookiePath` setting.

I haven't tried it with nginx yet though. Maybe a simple

> location / {
>     proxy_pass       http://127.0.2.4;
>     proxy_set_header Host      $host;
>     proxy_set_header X-Real-IP $remote_addr;
> }

does it. Any experience?

--

    Niklaas
_______________________________________________
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users