Re: [SOGo] Unable to get access to SOGo for unknown reason.
On 20.02.19 14:20, Christian Mack (christian.m...@uni-konstanz.de) wrote:
Is Apache module headers active? What is in
/etc/letsencrypt/options-ssl-apache.conf ?
Hello Christian,
Thank you for your answer!
As far as I see 'headers' module is active:
root@kntest3:~# apachectl -M
Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
deflate_module (shared)
dir_module (shared)
env_module (shared)
expires_module (shared)
filter_module (shared)
headers_module (shared)
mime_module (shared)
mpm_prefork_module (shared)
negotiation_module (shared)
php7_module (shared)
proxy_module (shared)
proxy_http_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
socache_shmcb_module (shared)
ssl_module (shared)
status_module (shared)
Also here's content of 'options-ssl-apache.conf':
root@kntest3:~# grep -Ev '^(#|$)' < /etc/letsencrypt/options-ssl-apache.conf
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
root@kntest3:~#
--
Kind regards,
Dmytro Lysytsyn
--
users@sogo.nu
https://inverse.ca/sogo/lists
Re: [SOGo] Unable to get access to SOGo for unknown reason.
Hello
Is Apache module headers active?
What is in /etc/letsencrypt/options-ssl-apache.conf ?
Kind regards,
Christian Mack
Am 20.02.19 um 09:10 schrieb Dmytro Lysytsyn (dmytro.lysyt...@gmail.com):
> On 19.02.19 22:05, Andrey Cherepanov (c...@altlinux.org) wrote:
>> From mail from Julian Kippels at 21.09.2018 in users@sogo.nu:
>> I found the problem. It wasn't anything in the /etc/sogo/sogo.conf at
>> all. The problem was with the Apache configuration. When I comment out
>> this line RequestHeader set "x-webobjects-server-url"
>> "https://%{HTTP_HOST}e"env=HTTP_HOST
>>
>> from /etc/httpd/conf.d/SOGo.conf everything works as it should. See
>> also fix in package:
>> http://git.altlinux.org/people/cas/packages/sogo.git?p=sogo.git;a=commit;h=6003f42429088b092ace1944d8d9b92fc48a7507
>>
>
> Hello Andrey,
>
> Thank you for your answer!
>
> I tried to comment out line you've mentioned but that doesn't change
> SOGO's behavior at all.
> And of course I did restart Apache after config changes.
> And also cleared browser's cache just in case.
>
> Here is my whole Apache configuration for SOGo and FD site:
> --- 8< -
>
> ServerName kntest3.ldvtest.org.ua
> ServerAdmin webmas...@kntest3.ldvtest.org.ua
> ErrorLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_http_error.log
> CustomLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_http_access.log
> combined
> Redirect "/" "https://kntest3.ldvtest.org.ua;
>
>
>
>
> ServerName kntest3.ldvtest.org.ua
> DocumentRoot /var/www/html/kntest3.ldvtest.org.ua
> ServerAdmin webmas...@kntest3.ldvtest.org.ua
> ErrorLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_https_error.log
> CustomLog
> ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_https_access.log combined
> SSLEngine on
> SSLCertificateFile
> /etc/letsencrypt/live/kntest3.ldvtest.org.ua/cert.pem
> SSLCertificateKeyFile
> /etc/letsencrypt/live/kntest3.ldvtest.org.ua/privkey.pem
> Include /etc/letsencrypt/options-ssl-apache.conf
>
> Options Indexes FollowSymLinks
> AllowOverride None
> Require all granted
>
> Alias /fusiondirectory /usr/share/fusiondirectory/html
>
> SSLOptions +StdEnvVars
>
>
> SSLOptions +StdEnvVars
>
> BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown
> downgrade-1.0 force-response-1.0
> BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
>
>
> php_admin_flag engine on
> php_admin_flag register_globals off
> php_admin_flag allow_call_time_pass_reference off
> php_admin_flag expose_php off
> php_admin_flag zend.ze1_compatibility_mode off
> php_admin_flag register_long_arrays off
> php_admin_value upload_tmp_dir /var/spool/fusiondirectory/
> php_admin_value session.cookie_lifetime 0
>
>
>
> Order Allow,Deny
> # Changed IP here
> Allow from 1.2.3.4
>
> Alias /SOGo.woa/WebServerResources/
> /usr/lib/GNUstep/SOGo/WebServerResources/
> Alias /SOGo/WebServerResources/
> /usr/lib/GNUstep/SOGo/WebServerResources/
>
> AllowOverride None
>
> Order deny,allow
> Allow from all
>
> = 2.4>
> Require all granted
>
>
> ExpiresActive On
> ExpiresDefault "access plus 1 year"
>
>
> ProxyRequests Off
> SetEnv proxy-nokeepalive 1
> ProxyPreserveHost On
> ProxyPass /SOGo http://127.0.0.1:2/SOGo retry=0
> http://127.0.0.1:2/SOGo>
>
> RequestHeader set "x-webobjects-server-port" "443"
> SetEnvIf Host (.*) HTTP_HOST=$1
> RequestHeader set "x-webobjects-server-name"
> "%{HTTP_HOST}e" env=HTTP_HOST
> RequestHeader unset "x-webobjects-remote-user"
> RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
>
> AddDefaultCharset UTF-8
> Order allow,deny
> Allow from all
>
>
> RewriteEngine On
> RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301]
> RewriteRule ^/.well-known/carddav/?$ /SOGo/dav [R=301]
>
>
>
> --- 8< -
>
>
--
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung Basisdienste
78457 Konstanz
+49 7531 88-4416
smime.p7s
Description: S/MIME Cryptographic Signature
Re: [SOGo] Unable to get access to SOGo for unknown reason.
On 19.02.19 22:05, Andrey Cherepanov (c...@altlinux.org) wrote:
From mail from Julian Kippels at 21.09.2018 in users@sogo.nu:
I found the problem. It wasn't anything in the /etc/sogo/sogo.conf at
all. The problem was with the Apache configuration. When I comment out
this line RequestHeader set "x-webobjects-server-url"
"https://%{HTTP_HOST}e"env=HTTP_HOST
from /etc/httpd/conf.d/SOGo.conf everything works as it should. See
also fix in package:
http://git.altlinux.org/people/cas/packages/sogo.git?p=sogo.git;a=commit;h=6003f42429088b092ace1944d8d9b92fc48a7507
Hello Andrey,
Thank you for your answer!
I tried to comment out line you've mentioned but that doesn't change
SOGO's behavior at all.
And of course I did restart Apache after config changes.
And also cleared browser's cache just in case.
Here is my whole Apache configuration for SOGo and FD site:
--- 8< -
ServerName kntest3.ldvtest.org.ua
ServerAdmin webmas...@kntest3.ldvtest.org.ua
ErrorLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_http_error.log
CustomLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_http_access.log
combined
Redirect "/" "https://kntest3.ldvtest.org.ua;
ServerName kntest3.ldvtest.org.ua
DocumentRoot /var/www/html/kntest3.ldvtest.org.ua
ServerAdmin webmas...@kntest3.ldvtest.org.ua
ErrorLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_https_error.log
CustomLog
${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_https_access.log combined
SSLEngine on
SSLCertificateFile
/etc/letsencrypt/live/kntest3.ldvtest.org.ua/cert.pem
SSLCertificateKeyFile
/etc/letsencrypt/live/kntest3.ldvtest.org.ua/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
Alias /fusiondirectory /usr/share/fusiondirectory/html
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
php_admin_flag engine on
php_admin_flag register_globals off
php_admin_flag allow_call_time_pass_reference off
php_admin_flag expose_php off
php_admin_flag zend.ze1_compatibility_mode off
php_admin_flag register_long_arrays off
php_admin_value upload_tmp_dir /var/spool/fusiondirectory/
php_admin_value session.cookie_lifetime 0
Order Allow,Deny
# Changed IP here
Allow from 1.2.3.4
Alias /SOGo.woa/WebServerResources/
/usr/lib/GNUstep/SOGo/WebServerResources/
Alias /SOGo/WebServerResources/
/usr/lib/GNUstep/SOGo/WebServerResources/
AllowOverride None
Order deny,allow
Allow from all
= 2.4>
Require all granted
ExpiresActive On
ExpiresDefault "access plus 1 year"
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
ProxyPass /SOGo http://127.0.0.1:2/SOGo retry=0
http://127.0.0.1:2/SOGo>
RequestHeader set "x-webobjects-server-port" "443"
SetEnvIf Host (.*) HTTP_HOST=$1
RequestHeader set "x-webobjects-server-name"
"%{HTTP_HOST}e" env=HTTP_HOST
RequestHeader unset "x-webobjects-remote-user"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
AddDefaultCharset UTF-8
Order allow,deny
Allow from all
RewriteEngine On
RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301]
RewriteRule ^/.well-known/carddav/?$ /SOGo/dav [R=301]
--- 8< -
--
Kind regards,
Dmytro Lysytsyn
--
users@sogo.nu
https://inverse.ca/sogo/lists
