Re: [SOGo] Unable to get access to SOGo for unknown reason.
On 20.02.19 14:20, Christian Mack (christian.m...@uni-konstanz.de) wrote: Is Apache module headers active? What is in /etc/letsencrypt/options-ssl-apache.conf ? Hello Christian, Thank you for your answer! As far as I see 'headers' module is active: root@kntest3:~# apachectl -M Loaded Modules: core_module (static) so_module (static) watchdog_module (static) http_module (static) log_config_module (static) logio_module (static) version_module (static) unixd_module (static) access_compat_module (shared) alias_module (shared) auth_basic_module (shared) authn_core_module (shared) authn_file_module (shared) authz_core_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) expires_module (shared) filter_module (shared) headers_module (shared) mime_module (shared) mpm_prefork_module (shared) negotiation_module (shared) php7_module (shared) proxy_module (shared) proxy_http_module (shared) reqtimeout_module (shared) rewrite_module (shared) setenvif_module (shared) socache_shmcb_module (shared) ssl_module (shared) status_module (shared) Also here's content of 'options-ssl-apache.conf': root@kntest3:~# grep -Ev '^(#|$)' < /etc/letsencrypt/options-ssl-apache.conf SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on SSLCompression off SSLOptions +StrictRequire LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common root@kntest3:~# -- Kind regards, Dmytro Lysytsyn -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Unable to get access to SOGo for unknown reason.
Hello Is Apache module headers active? What is in /etc/letsencrypt/options-ssl-apache.conf ? Kind regards, Christian Mack Am 20.02.19 um 09:10 schrieb Dmytro Lysytsyn (dmytro.lysyt...@gmail.com): > On 19.02.19 22:05, Andrey Cherepanov (c...@altlinux.org) wrote: >> From mail from Julian Kippels at 21.09.2018 in users@sogo.nu: >> I found the problem. It wasn't anything in the /etc/sogo/sogo.conf at >> all. The problem was with the Apache configuration. When I comment out >> this line RequestHeader set "x-webobjects-server-url" >> "https://%{HTTP_HOST}e"env=HTTP_HOST >> >> from /etc/httpd/conf.d/SOGo.conf everything works as it should. See >> also fix in package: >> http://git.altlinux.org/people/cas/packages/sogo.git?p=sogo.git;a=commit;h=6003f42429088b092ace1944d8d9b92fc48a7507 >> > > Hello Andrey, > > Thank you for your answer! > > I tried to comment out line you've mentioned but that doesn't change > SOGO's behavior at all. > And of course I did restart Apache after config changes. > And also cleared browser's cache just in case. > > Here is my whole Apache configuration for SOGo and FD site: > --- 8< - > > ServerName kntest3.ldvtest.org.ua > ServerAdmin webmas...@kntest3.ldvtest.org.ua > ErrorLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_http_error.log > CustomLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_http_access.log > combined > Redirect "/" "https://kntest3.ldvtest.org.ua; > > > > > ServerName kntest3.ldvtest.org.ua > DocumentRoot /var/www/html/kntest3.ldvtest.org.ua > ServerAdmin webmas...@kntest3.ldvtest.org.ua > ErrorLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_https_error.log > CustomLog > ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_https_access.log combined > SSLEngine on > SSLCertificateFile > /etc/letsencrypt/live/kntest3.ldvtest.org.ua/cert.pem > SSLCertificateKeyFile > /etc/letsencrypt/live/kntest3.ldvtest.org.ua/privkey.pem > Include /etc/letsencrypt/options-ssl-apache.conf > > Options Indexes FollowSymLinks > AllowOverride None > Require all granted > > Alias /fusiondirectory /usr/share/fusiondirectory/html > > SSLOptions +StdEnvVars > > > SSLOptions +StdEnvVars > > BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown > downgrade-1.0 force-response-1.0 > BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown > > > php_admin_flag engine on > php_admin_flag register_globals off > php_admin_flag allow_call_time_pass_reference off > php_admin_flag expose_php off > php_admin_flag zend.ze1_compatibility_mode off > php_admin_flag register_long_arrays off > php_admin_value upload_tmp_dir /var/spool/fusiondirectory/ > php_admin_value session.cookie_lifetime 0 > > > > Order Allow,Deny > # Changed IP here > Allow from 1.2.3.4 > > Alias /SOGo.woa/WebServerResources/ > /usr/lib/GNUstep/SOGo/WebServerResources/ > Alias /SOGo/WebServerResources/ > /usr/lib/GNUstep/SOGo/WebServerResources/ > > AllowOverride None > > Order deny,allow > Allow from all > > = 2.4> > Require all granted > > > ExpiresActive On > ExpiresDefault "access plus 1 year" > > > ProxyRequests Off > SetEnv proxy-nokeepalive 1 > ProxyPreserveHost On > ProxyPass /SOGo http://127.0.0.1:2/SOGo retry=0 > http://127.0.0.1:2/SOGo> > > RequestHeader set "x-webobjects-server-port" "443" > SetEnvIf Host (.*) HTTP_HOST=$1 > RequestHeader set "x-webobjects-server-name" > "%{HTTP_HOST}e" env=HTTP_HOST > RequestHeader unset "x-webobjects-remote-user" > RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0" > > AddDefaultCharset UTF-8 > Order allow,deny > Allow from all > > > RewriteEngine On > RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301] > RewriteRule ^/.well-known/carddav/?$ /SOGo/dav [R=301] > > > > --- 8< - > > -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung Basisdienste 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: [SOGo] Unable to get access to SOGo for unknown reason.
On 19.02.19 22:05, Andrey Cherepanov (c...@altlinux.org) wrote: From mail from Julian Kippels at 21.09.2018 in users@sogo.nu: I found the problem. It wasn't anything in the /etc/sogo/sogo.conf at all. The problem was with the Apache configuration. When I comment out this line RequestHeader set "x-webobjects-server-url" "https://%{HTTP_HOST}e"env=HTTP_HOST from /etc/httpd/conf.d/SOGo.conf everything works as it should. See also fix in package: http://git.altlinux.org/people/cas/packages/sogo.git?p=sogo.git;a=commit;h=6003f42429088b092ace1944d8d9b92fc48a7507 Hello Andrey, Thank you for your answer! I tried to comment out line you've mentioned but that doesn't change SOGO's behavior at all. And of course I did restart Apache after config changes. And also cleared browser's cache just in case. Here is my whole Apache configuration for SOGo and FD site: --- 8< - ServerName kntest3.ldvtest.org.ua ServerAdmin webmas...@kntest3.ldvtest.org.ua ErrorLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_http_error.log CustomLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_http_access.log combined Redirect "/" "https://kntest3.ldvtest.org.ua; ServerName kntest3.ldvtest.org.ua DocumentRoot /var/www/html/kntest3.ldvtest.org.ua ServerAdmin webmas...@kntest3.ldvtest.org.ua ErrorLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_https_error.log CustomLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_https_access.log combined SSLEngine on SSLCertificateFile /etc/letsencrypt/live/kntest3.ldvtest.org.ua/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/kntest3.ldvtest.org.ua/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf Options Indexes FollowSymLinks AllowOverride None Require all granted Alias /fusiondirectory /usr/share/fusiondirectory/html SSLOptions +StdEnvVars SSLOptions +StdEnvVars BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown php_admin_flag engine on php_admin_flag register_globals off php_admin_flag allow_call_time_pass_reference off php_admin_flag expose_php off php_admin_flag zend.ze1_compatibility_mode off php_admin_flag register_long_arrays off php_admin_value upload_tmp_dir /var/spool/fusiondirectory/ php_admin_value session.cookie_lifetime 0 Order Allow,Deny # Changed IP here Allow from 1.2.3.4 Alias /SOGo.woa/WebServerResources/ /usr/lib/GNUstep/SOGo/WebServerResources/ Alias /SOGo/WebServerResources/ /usr/lib/GNUstep/SOGo/WebServerResources/ AllowOverride None Order deny,allow Allow from all = 2.4> Require all granted ExpiresActive On ExpiresDefault "access plus 1 year" ProxyRequests Off SetEnv proxy-nokeepalive 1 ProxyPreserveHost On ProxyPass /SOGo http://127.0.0.1:2/SOGo retry=0 http://127.0.0.1:2/SOGo> RequestHeader set "x-webobjects-server-port" "443" SetEnvIf Host (.*) HTTP_HOST=$1 RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e" env=HTTP_HOST RequestHeader unset "x-webobjects-remote-user" RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0" AddDefaultCharset UTF-8 Order allow,deny Allow from all RewriteEngine On RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301] RewriteRule ^/.well-known/carddav/?$ /SOGo/dav [R=301] --- 8< - -- Kind regards, Dmytro Lysytsyn -- users@sogo.nu https://inverse.ca/sogo/lists