Hello everyone,
I have recently upgraded Roundcube from release-1.2 to release-1.3.
Roundcube is running behind HA-Proxy with SSL-Termination, which means that the traffic is encrypted between the client and haproxy but not between haproxy and roundcube(served by nginx).
It seems that after the upgrade, the variable $_SERVER['HTTPS'] is not being set to 'on', and some plugins that use this variable are serving resources over http, which causes the browser to complain about Mixed Content and connection not fully secure.
Not all domains are set to redirect to SSL port, so I can't force https, but the ones who use it are set up in nginx like this:
server { listen 80; server_name webmail.domain_name; return 301 https://$server_name/; }
server { listen 443; root /var/www; index index.php; server_name webmail.domain_name; access_log off;
location / { try_files $uri $uri/ =404; }
location ~ .php$ { root /var/www; fastcgi_pass php; fastcgi_read_timeout 120; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; }
}
the port 443 here is just a different port but traffic is not encrypted because the HA-Proxy does the encryption with the client.
Any suggestions to fix this? Thanks!
Regards,
Webert Lima DevOps Engineer at MAV Tecnologia *Belo Horizonte - Brasil* *IRC NICK - WebertRLZ*
On 12/18/2017 04:59 PM, Webert de Souza Lima wrote:
the port 443 here is just a different port but traffic is not encrypted because the HA-Proxy does the encryption with the client.
Any suggestions to fix this? Thanks!
$config['use_https'] = true;
Hi, thanks for replying.
Isn't this force https? Some domains do not use http redirection.
Regards,
Webert Lima DevOps Engineer at MAV Tecnologia *Belo Horizonte - Brasil* *IRC NICK - WebertRLZ*
On Mon, Dec 18, 2017 at 5:01 PM, A.L.E.C alec@alec.pl wrote:
On 12/18/2017 04:59 PM, Webert de Souza Lima wrote:
the port 443 here is just a different port but traffic is not encrypted because the HA-Proxy does the encryption with the client.
Any suggestions to fix this? Thanks!
$config['use_https'] = true;
-- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net]
PGP: 19359DC1 # Blog: https://kolabian.wordpress.com _______________________________________________ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
I have just tested this and it seems not to do the trick. Set in config.inc.php and also in the domain_name.inc.php. I would like to reinforce that haproxy-nginx_roundcube connection is not encrypted in port 443.
Thanks.
Regards,
Webert Lima DevOps Engineer at MAV Tecnologia *Belo Horizonte - Brasil* *IRC NICK - WebertRLZ*
On Mon, Dec 18, 2017 at 5:07 PM, Webert de Souza Lima <webert.boss@gmail.com
wrote:
Hi, thanks for replying.
Isn't this force https? Some domains do not use http redirection.
Regards,
Webert Lima DevOps Engineer at MAV Tecnologia *Belo Horizonte - Brasil* *IRC NICK - WebertRLZ*
On Mon, Dec 18, 2017 at 5:01 PM, A.L.E.C alec@alec.pl wrote:
On 12/18/2017 04:59 PM, Webert de Souza Lima wrote:
the port 443 here is just a different port but traffic is not encrypted because the HA-Proxy does the encryption with the client.
Any suggestions to fix this? Thanks!
$config['use_https'] = true;
-- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net]
PGP: 19359DC1 # Blog: https://kolabian.wordpress.com _______________________________________________ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
-
A.L.E.C -
Webert de Souza Lima