httpd - mod_ssl

netforce_nl · 10-30-2006, 04:33 AM

hi all,

im having a hard time to get my webmail to https. This is what i have done already:

Redirecting http://mail.netforce-is.nl to https://mail.netforce-is.nl with mod_rewrite in the conf/httpd.conf as shown here:

Code:

<VirtualHost *:80>
   ServerName mail.netforce-is.nl
   RewriteEngine on
   RewriteCond %{SERVER_PORT} =80
   RewriteRule ^(.*) https://mail.netforce-is.nl
<VirtualHost>

pulled above from other howto....

Adding an virtualhost to the conf.d/ssl.conf:

Code:

LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin


<VirtualHost *:443>
    DocumentRoot "/home/apache/vhost/mail.netforce-is.nl"
    ServerName mail.netforce-is.nl:443
    ServerAdmin eelco.bel@netforce-is.nl
    ErrorLog logs/mail.netforce-is.nl_ssl_error_log
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
</VirtualHost>

Now when im trying to view http://mail.... it is indeed redirected to https://mail... but i get my main site instead of the squirrelmail webmail page....

what im i missing here?

Berhanie · 10-30-2006, 10:55 AM

Your DocumentRoot should contain squirrelmail's index file, index.php. So you can add the following line
to your VirtualHost container:

Code:

DirectoryIndex index.php

Berhanie · 10-30-2006, 11:11 AM

Also, did you double-check your syntax? I don't think you can specify a port with ServerName.

netforce_nl · 10-31-2006, 11:34 AM

even if i change the documentroot to vhosts/mail.netforce-is.nl/src /src is the directory where SQM finaly runs from. The the index.php in the dir mail.netforce-is.nl is a config=true check and a redirect to the index in /src/

I removed the :443 from the ServerName and added the DirectoryIndex. But im still viewing my main webpage..

someone any other idea?

netforce_nl · 10-31-2006, 02:32 PM

hmz, maybe this helps...

Code:

[root@core ~]# httpd -D DUMP_VHOSTS
VirtualHost configuration:
10.1.1.107:443         mail.netforce-is.nl (/etc/httpd/conf.d/ssl.conf:82)
wildcard NameVirtualHosts and _default_ servers:
_default_:443          core.netforce-is.nl (/etc/httpd/conf.d/ssl.conf:92)
*:80                   is a NameVirtualHost
         default server www.netforce-is.nl (/etc/httpd/conf/httpd.conf:1015)
         port 80 namevhost www.netforce-is.nl (/etc/httpd/conf/httpd.conf:1015)
         port 80 namevhost ftp.netforce-is.nl (/etc/httpd/conf/httpd.conf:1020)
         port 80 namevhost bacula.netforce-is.nl (/etc/httpd/conf/httpd.conf:1025)
         port 80 namevhost ist2011.nl (/etc/httpd/conf/httpd.conf:1030)
         port 80 namevhost mrtg.netforce-is.nl (/etc/httpd/conf/httpd.conf:1035)
         port 80 namevhost gallery.netforce-is.nl (/etc/httpd/conf/httpd.conf:1040)
         port 80 namevhost mysql.netforce-is.nl (/etc/httpd/conf/httpd.conf:1045)
         port 80 namevhost mail.netforce-is.nl (/etc/httpd/conf/httpd.conf:1050)
         port 80 namevhost wota.netforce-is.nl (/etc/httpd/conf/httpd.conf:1061)
         port 80 namevhost mirror.netforce-is.nl (/etc/httpd/conf/httpd.conf:1066)
Syntax OK
[root@core ~]#

the webserver is resolving mail.netforce-is.nl to another server in the network. But, i use a imap connection between the webserver and the mailserver to have external webmail trough sqirrlemail. My internal DNS is resolving mail.netforce-is.nl to, as expected, the other server, who servers mail...

Maybe in some way the webserver is trying to pipe me trough to the mailserver, but the external DNS resolves mail.netforce-is.nl to the same IP

I can forward port 443 to the mailserver, but then i cant use https on the webserver.....