On 12/31/2012 10:01 PM, Reindl Harald wrote:
Am 01.01.2013 03:55, schrieb Arne Berglund:
On 2012-12-31 17:23, Robert Moskowitz wrote:
I can't claim any real skill in configuring apache, all I can do is read readmes and copy and paste for examples and things I have running... So I SEEM to have made some real headway, but have not gotten wireshark going to see if it is really behaving as it seems. I would appreciate any input on a cleaner way to setup Roundcube as a virtual host only over TLS.
<snipped>
Robert, here's the setup I have, partially inherited and partially refined over the years. My ReWrite is in a directory declaration, and has never thrown any errors.
<Directory "/"> RewriteEngine on ReWriteCond %{HTTP_HOST} =webmail.example.org [NC] RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://webmail.example.org%%7BREQUEST_URI%7D [L,R]
</Directory>
I am not quite getting this. Or maybe I barely am... This is saying if the URL of webmail.example.org is recieved, this rewrite occurs, and the virtualhost envelope is not needed. What if the URL is webmail.example.org/something ???
the next one missing that without "secure only" flag the browser will send the cookies unencrypted because they are part of he request headers and the redirect happens after them
Oh, I think I see. Noel pointed out that the session.cookie_secure can go in the virtual_host envelope....
So I get:
NameVirtualHost *:80 NameVirtualHost *:443
<VirtualHost *:80>
ServerName webmail
ServerAlias webmail.foo.com
php_admin_flag session.cookie_secure "1"
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
ExpiresDefault "access plus 10 years"
AddOutputFilterByType DEFLATE text/html text/plain text/xml
</VirtualHost>
<VirtualHost *:443>
ServerName webmail
ServerAlias webmail.foo.com
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/foo.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/foo.com.key
DocumentRoot /usr/share/roundcubemail
<Directory /usr/share/roundcubemail/>
Order Deny,Allow
Allow from all
php_admin_flag session.cookie_secure "1"
</Directory>
</VirtualHost>