I can't claim any real skill in configuring apache, all I can do is read readmes and copy and paste for examples and things I have running... So I SEEM to have made some real headway, but have not gotten wireshark going to see if it is really behaving as it seems. I would appreciate any input on a cleaner way to setup Roundcube as a virtual host only over TLS.
NameVirtualHost *:80 NameVirtualHost *:443
<VirtualHost *:80>
ServerName webmail
ServerAlias webmail.foo.com
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
ExpiresDefault "access plus 10 years"
AddOutputFilterByType DEFLATE text/html text/plain text/xml
</VirtualHost>
<VirtualHost *:443>
ServerName webmail
ServerAlias webmail.foo.com
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/foo.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/foo.com.key
DocumentRoot /usr/share/roundcubemail
<Directory /usr/share/roundcubemail/>
Order Deny,Allow
Allow from all
php_admin_flag session.cookie_secure "1"
</Directory>
</VirtualHost>
I am seeing the following in /var/log/httpd/error_log
[Mon Dec 31 20:13:25 2012] [error] avahi_entry_group_add_service_strlst("webmail") failed: Invalid host name
Googling this message does not point me to any wisdom on what it means and what to do about it. I cannot find a string "avahi " in any of the config files, so it is coming from some module. "webmail" only appears in the entries I posted above.
Thank you for your help.
And have a good new year.
On 2012-12-31 17:23, Robert Moskowitz wrote:
I can't claim any real skill in configuring apache, all I can do is read readmes and copy and paste for examples and things I have running... So I SEEM to have made some real headway, but have not gotten wireshark going to see if it is really behaving as it seems. I would appreciate any input on a cleaner way to setup Roundcube as a virtual host only over TLS.
<snipped>
Robert, here's the setup I have, partially inherited and partially refined over the years. My ReWrite is in a directory declaration, and has never thrown any errors.
<Directory "/"> RewriteEngine on ReWriteCond %{HTTP_HOST} =webmail.example.org [NC] RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://webmail.example.org%%7BREQUEST_URI%7D [L,R]
</Directory>
Hope this helps.
-- Arne Berglund System Administrator, Internet Services Lane Education Service District Eugene, OR ____________
Am 01.01.2013 03:55, schrieb Arne Berglund:
On 2012-12-31 17:23, Robert Moskowitz wrote:
I can't claim any real skill in configuring apache, all I can do is read readmes and copy and paste for examples and things I have running... So I SEEM to have made some real headway, but have not gotten wireshark going to see if it is really behaving as it seems. I would appreciate any input on a cleaner way to setup Roundcube as a virtual host only over TLS.
<snipped>
Robert, here's the setup I have, partially inherited and partially refined over the years. My ReWrite is in a directory declaration, and has never thrown any errors.
<Directory "/"> RewriteEngine on ReWriteCond %{HTTP_HOST} =webmail.example.org [NC] RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://webmail.example.org%%7BREQUEST_URI%7D [L,R]
</Directory>
the next one missing that without "secure only" flag the browser will send the cookies unencrypted because they are part of he request headers and the redirect happens after them
On 12/31/2012 10:01 PM, Reindl Harald wrote:
Am 01.01.2013 03:55, schrieb Arne Berglund:
On 2012-12-31 17:23, Robert Moskowitz wrote:
I can't claim any real skill in configuring apache, all I can do is read readmes and copy and paste for examples and things I have running... So I SEEM to have made some real headway, but have not gotten wireshark going to see if it is really behaving as it seems. I would appreciate any input on a cleaner way to setup Roundcube as a virtual host only over TLS.
<snipped>
Robert, here's the setup I have, partially inherited and partially refined over the years. My ReWrite is in a directory declaration, and has never thrown any errors.
<Directory "/"> RewriteEngine on ReWriteCond %{HTTP_HOST} =webmail.example.org [NC] RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://webmail.example.org%%7BREQUEST_URI%7D [L,R]
</Directory>
I am not quite getting this. Or maybe I barely am... This is saying if the URL of webmail.example.org is recieved, this rewrite occurs, and the virtualhost envelope is not needed. What if the URL is webmail.example.org/something ???
the next one missing that without "secure only" flag the browser will send the cookies unencrypted because they are part of he request headers and the redirect happens after them
Oh, I think I see. Noel pointed out that the session.cookie_secure can go in the virtual_host envelope....
So I get:
NameVirtualHost *:80 NameVirtualHost *:443
<VirtualHost *:80>
ServerName webmail
ServerAlias webmail.foo.com
php_admin_flag session.cookie_secure "1"
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
ExpiresDefault "access plus 10 years"
AddOutputFilterByType DEFLATE text/html text/plain text/xml
</VirtualHost>
<VirtualHost *:443>
ServerName webmail
ServerAlias webmail.foo.com
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/foo.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/foo.com.key
DocumentRoot /usr/share/roundcubemail
<Directory /usr/share/roundcubemail/>
Order Deny,Allow
Allow from all
php_admin_flag session.cookie_secure "1"
</Directory>
</VirtualHost>
Robert Moskowitz skrev den 2013-01-01 02:23:
[Mon Dec 31 20:13:25 2012] [error] avahi_entry_group_add_service_strlst("webmail") failed: Invalid host name
means that avahi needs this name as a fqdn or the name should exists in dns globaly
And have a good new year.
and 13 is a lucky number ? :=)
On 12/31/2012 11:57 PM, Benny Pedersen wrote:
Robert Moskowitz skrev den 2013-01-01 02:23:
[Mon Dec 31 20:13:25 2012] [error] avahi_entry_group_add_service_strlst("webmail") failed: Invalid host name
means that avahi needs this name as a fqdn or the name should exists in dns globaly
How do I get avahi to append domain name here? I don't see anything in the httpd.conf or avahi-daemon.conf. Or is the practice of doing:
ServerName webmail
ServerAlias webmail.foo.com
broken by avahi behavior and you should just have ServerName be the fqdn and drop use of ServerAlias?
But then again, what do I need avahi-deamon for on a dedicated mail server??? :)
And have a good new year.
and 13 is a lucky number ? :=)
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Am 01.01.2013 15:17, schrieb Robert Moskowitz:
On 12/31/2012 11:57 PM, Benny Pedersen wrote:
Robert Moskowitz skrev den 2013-01-01 02:23:
[Mon Dec 31 20:13:25 2012] [error] avahi_entry_group_add_service_strlst("webmail") failed: Invalid host name
means that avahi needs this name as a fqdn or the name should exists in dns globaly
How do I get avahi to append domain name here? I don't see anything in the httpd.conf or avahi-daemon.conf. Or is the practice of doing:
ServerName webmail ServerAlias webmail.foo.combroken by avahi behavior and you should just have ServerName be the fqdn and drop use of ServerAlias? But then again, what do I need avahi-deamon for on a dedicated mail server??? :)
you do not need avahi-daemon on any machine even if it is running - how does it affect httpd/mail-daemons?
[root@mail:~]$ rpm -qa | grep -i avahi [root@mail:~]$
On 01/01/2013 09:33 AM, Reindl Harald wrote:
Am 01.01.2013 15:17, schrieb Robert Moskowitz:
On 12/31/2012 11:57 PM, Benny Pedersen wrote:
Robert Moskowitz skrev den 2013-01-01 02:23:
[Mon Dec 31 20:13:25 2012] [error] avahi_entry_group_add_service_strlst("webmail") failed: Invalid host name
means that avahi needs this name as a fqdn or the name should exists in dns globaly
How do I get avahi to append domain name here? I don't see anything in the httpd.conf or avahi-daemon.conf. Or is the practice of doing:
ServerName webmail ServerAlias webmail.foo.combroken by avahi behavior and you should just have ServerName be the fqdn and drop use of ServerAlias? But then again, what do I need avahi-deamon for on a dedicated mail server??? :)
you do not need avahi-daemon on any machine
Well if the machine is your streaming video server, it is supposedly worthwhile.
even if it is running - how does it affect httpd/mail-daemons?
Takes up resources. And one more potential security threat.
I am turning it off, and will remove it from the production server install.
One more warning message cleaned up!
[root@mail:~]$ rpm -qa | grep -i avahi [root@mail:~]$
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Robert Moskowitz skrev den 2013-01-01 15:17:
ServerName webmail ServerAlias webmail.foo.com
broken by avahi behavior and you should just have ServerName be the fqdn and drop use of ServerAlias?
yes, remove serveralias, and add the fqdn as servername, then avahi would not complain, if you really like to have the hostname local only, add localhost.localdomain to webmail non fqdn servername
But then again, what do I need avahi-deamon for on a dedicated mail server??? :)
+1
-
Arne Berglund -
Benny Pedersen -
Reindl Harald -
Robert Moskowitz