Re: [qmailtoaster] Re: Webmail SSL

Thu, 03 Jun 2010 13:08:44 -0700

I realize that it's a bit of a hack and I don't like it, but I cannot get it to work correctly otherwise. I just tried your config and it didn't work either.
You are using the webmail suffix where I am not. I am trying to get mail.myserver.com to work using SNI. I should be able to have multiple virtual servers using https and I cannot get it to work. I think part of the problem is openssl 0.9.8e SNI requires f and newer. I upgraded on my test server, but I'm still having problems getting it to work correctly. 


I'll figure it out, it's just frustrating when you read the  
documentation and it doesn't quite work that way.  Then where do you  
start to troubleshoot.


Quoting Eric Shubert <e...@shubes.net>:


I'm not saying that ErrorDocument won't work, just that it's a bit of a hack.


The conventional way (and 'better' for a number of reasons) is to  
use the RewriteEngine. I seem to recall that there's a way to turn  
on logging for the rewrite engine if you're having a problem with it.


Here's the RewriteRule I'm presently using:
RewriteRule ^/(webmail.*)$ https://%{SERVER_NAME}/$1 [R=301,L]

Upon closer examination, I see that
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
appears to be missing a period after webmail. I believe that it should be:
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]

Subtle, but big difference. I believe this would work, the same as  
the one I'm using above.

--
-Eric 'shubes'

Maxwell Smart wrote:

That's exactly where I am having problems and that's the only way I  
can get it to work.  If I have the welcome.conf enabled it goes to  
the apache welcome page instead of redirecting and the log file  
says failed, reason: SSL connection required.  If I disable the  
welcome.conf and include the Error 403 line it works.  I was just  
testing it with the variable when I received this e mail.Quoting  
Eric Shubert <e...@shubes.net>:



Maxwell Smart wrote:

It appears as though you have a default configuration.  Replace  
this in your squirrelmail.conf file.


<Directory /usr/share/squirrelmail>
 Options None
 Order allow,deny
 allow from all
</Directory>

with this

<Directory "/usr/share/squirrelmail">
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
allow from all
Options
SSLRequireSSL
ErrorDocument 403 "https://your.server.com/webmail/";
</Directory>

You will need to change the your.server.com to your server name.

CJ



You shouldn't need the ErrorDocument line.


In addision, if you were to use that hack, it'd be better to use  
the %{SERVER_NAME} variable instead of hard coding your domain name.


--
-Eric 'shubes'



--------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group  
(www.vickersconsulting.com)

  Vickers Consulting Group offers Qmailtoaster support and installations.
    If you need professional help with your setup, contact them today!

---------------------------------------------------------------------------------     Please visit qmailtoaster.com for the latest news, updates, and  
packages.
        To unsubscribe, e-mail:  
qmailtoaster-list-unsubscr...@qmailtoaster.com

   For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com







Cecil Yother, Jr. "cj"
cj's
2318 Clement Ave
Alameda, CA  94501

tel 510.865.2787
http://yother.com

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.



--------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group  
(www.vickersconsulting.com)

  Vickers Consulting Group offers Qmailtoaster support and installations.
    If you need professional help with your setup, contact them today!



---------------------------------------------------------------------------------

Qmailtoaster is sponsored by Vickers Consulting Group  
(www.vickersconsulting.com)

   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.

         To unsubscribe, e-mail:  
qmailtoaster-list-unsubscr...@qmailtoaster.com

    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com







Cecil Yother, Jr. "cj"
cj's
2318 Clement Ave
Alameda, CA  94501

tel 510.865.2787
http://yother.com

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.

    
     To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com































					Reply via email to