Hello, I'm interested in forcing SSL for users at a new rouncube install. I've tried an entry in the .htaccess file but it's not working. I see something in the roundcube config file but I'm not sure how to implement it that way. My site will serve the login page if you type https://(my url) so I know that is working. Any help appreciated.
Chas
P.s. The url www.roundcubeforum.net does not seem to work, is the forum still active? _______________________________________________ List info: http://lists.roundcube.net/users/
Hi Chas
Did you think of using the Redirect parameter in your apache vhost configuration? you could also make a rewrite condition.
this is all set for apache though, not in roundcube.
On Mon, Feb 2, 2009 at 6:57 PM, chas@digital-journal.com wrote:
Hello, I'm interested in forcing SSL for users at a new rouncube install. I've tried an entry in the .htaccess file but it's not working. I see something in the roundcube config file but I'm not sure how to implement it that way. My site will serve the login page if you type https://(my url) so I know that is working. Any help appreciated.
Chas
P.s. The url www.roundcubeforum.net does not seem to work, is the forum still active? _______________________________________________ List info: http://lists.roundcube.net/users/
List info: http://lists.roundcube.net/users/
On Feb 2, 2009, at 12:04 PM, Claudio Kuenzler wrote:
this is all set for apache though, not in roundcube.
Do a Google for "apache redirect https"
Some examples, not sure which one best fits your environment :
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%%7BHTTP_HOST%7D%%7BREQUEST_URI%7D
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/secret(.*)$ https://www. example.com/secret/$1 [L,R]
Where any of those goes in the config files is important, it has to
load before the SSL directives.
Le Mon, 2 Feb 2009 12:57:54 -0500 (EST), chas@digital-journal.com a écrit :
Hello, I'm interested in forcing SSL for users at a new rouncube install. I've tried an entry in the .htaccess file but it's not working. I see something in the roundcube config file but I'm not sure how to implement it that way. My site will serve the login page if you type https://(my url) so I know that is working. Any help appreciated.
This is my apache configuration :
# for emails : full https RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} (.*/roundcube/.*) RewriteRule (.*) https://%%7BHTTP_HOST%7D%%7BREQUEST_URI%7D [R]
Makes http://myserver/roundcube/ to https://myserver/roundcube
--- 8< --- detachments --- 8< --- The following attachments have been detached and are available for viewing. http://detached.gigo.com/rc/ya/BnRjzonv/signature.asc Only click these links if you trust the sender, as well as this message. --- 8< --- detachments --- 8< ---
List info: http://lists.roundcube.net/users/
chas@digital-journal.com wrote on Monday 02 February 2009:
Hello, I'm interested in forcing SSL for users at a new rouncube install. I've tried an entry in the .htaccess file but it's not working. I see something in the roundcube config file but I'm not sure how to implement it that way. My site will serve the login page if you type https://(my url) so I know that is working. Any help appreciated.
Chas
P.s. The url www.roundcubeforum.net does not seem to work, is the forum still active? _______________________________________________ List info: http://lists.roundcube.net/users/
This is how I do it (whole config):
<VirtualHost 11.22.33.44:443> DocumentRoot /var/www/webmail ServerName webmail.example.com ServerAdmin info@example.com
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl/CA/certs/webserver.cert.pem
SSLCertificateKeyFile /etc/ssl/CA/private/webserver.key.pem
SSLCACertificateFile /etc/ssl/CA/certs/cacert.pem
SSLCACertificatePath /etc/ssl/CA/certs/
SSLCARevocationPath /etc/ssl/CA/
SSLVerifyClient none
SSLVerifyDepth 10
SSLOptions +ExportCertData +StrictRequire
CustomLog /var/log/apache2/ssl_request_log_webmail "%t %h %{SSL_PROTOCOL}x
%{SSL_CIPHER}x "%r" %b" env=!gif-image
</Virtualhost>
<Directory /var/www/webmail> SSLRequireSSL
</Directory>
# THIS IS THE ACTUAL REDIRECT TO YOUR HTTPS: <VirtualHost 11.22.33.44:80> DocumentRoot /var/www/webmail ServerName webmail.example.com ServerAdmin info@example.com RedirectMatch permanent (/.*) https://webmail.example.com$1
</VirtualHost>
Hope it helps!
Cheers, Daniel _______________________________________________ List info: http://lists.roundcube.net/users/
Le Mon, 2 Feb 2009 12:57:54 -0500 (EST), chas@digital-journal.com a écrit :
Hello, I'm interested in forcing SSL for users at a new rouncube install. I've tried an entry in the .htaccess file but it's not working. I see something in the roundcube config file but I'm not sure how to implement it that way. My site will serve the login page if you type https://(my url) so I know that is working. Any help appreciated.
This is my apache configuration :
# for emails : full https RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} (.*/roundcube/.*) RewriteRule (.*) https://%%7BHTTP_HOST%7D%%7BREQUEST_URI%7D [R]
Makes http://myserver/roundcube/ to https://myserver/roundcube
Hi, Thanks to all for the help on this issue. This particular method (above) was the one that I used on the test server and it worked fine. I will try the more lengthy virtual solution on my production server where there are several virtual hosts.
thanks, Chas.
List info: http://lists.roundcube.net/users/