September 18, 20178 yr Hello, I am hoping someone on here has experienced an odd issue with SSL/HTTPS when using the webmail URL, in my case, https://my.froxlorserver.com/webmail. I can't prove it for sure however, I believe it is working for some in a different country to me but I can't connect to the above URL using https, it will connect with http on port 80. I get the below error. Forbidden You don't have permission to access /webmail on this server. I have confirmed this on different devices using different internet connections and I have cleared the cache/browsing data. Using Digicert's tool (https://www.digicert.com/help/) the https://Froxlor admin page comes back as a success with zero issues. If I try https://froxlor/webmail I get the below error message Error: my.froxlor.com/webmail is not a fully qualified public domain name or public IP address. The above error message does not make sense as using port 80 I can get to the /webmail page, so the above might be a red herring. Has anyone seen this issue? Thanks in advance.
September 19, 20178 yr please provide vhost of IP/Port for port 80 and 443 and also a "ls -la" of the froxlor directory to see whether webmail is located in there or an alias is used
September 19, 20178 yr Author 3 hours ago, d00p said: please provide vhost of IP/Port for port 80 and 443 and also a "ls -la" of the froxlor directory to see whether webmail is located in there or an alias is used Hi D00p, thanks for your help again. 1). root@post:/var/www/froxlor# ls -la drwxr-xr-x 13 froxlor froxlor 4096 Sep 4 20:03 webmail 2). root@post:/var/www/froxlor# cat 35_froxlor_ssl_vhost_mydomain.com.conf <VirtualHost x.x.x.x:443 [x:x:x:x::x:x]:443> ServerName mydomain.com ServerAlias *.mydomain.com ServerAdmin myname@mydomain.com SSLEngine On SSLProtocol -ALL +TLSv1 +TLSv1.2 SSLCompression Off SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH SSLVerifyDepth 10 SSLCertificateFile /usr/local/ssl/post.mydomain.com.crt SSLCertificateKeyFile /usr/local/ssl/post.mydomain.com.key-nopass SSLCACertificateFile /usr/local/ssl/alphassl.pem SSLCertificateChainFile /usr/local/ssl/post.mydomain.com.intermediate.txt <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=0" </IfModule> DocumentRoot "/var/customers/webs/myname/mydomain.com/" FcgidIdleTimeout 30 SuexecUserGroup "myname" "myname" <Directory "/var/customers/webs/myname/mydomain.com/"> <FilesMatch "\.(php)$"> SetHandler fcgid-script FcgidWrapper /var/www/php-fcgi-scripts/myname/mydomain.com/php-fcgi-starter .php Options +ExecCGI </FilesMatch> Require all granted AllowOverride All </Directory> Alias /webalizer "/var/customers/webs/myname/webalizer" ErrorLog "/var/customers/logs/myname-error.log" CustomLog "/var/customers/logs/myname-access.log" combined </VirtualHost> 3). <VirtualHost x.x.x.x:80 [x:x:x:x::x:x]:80> ServerName mydomain.com ServerAlias *.mydomain.com ServerAdmin myname@mydomain.com <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R=301;L,NE] </IfModule> <IfModule !mod_rewrite.c> Redirect 301 / https://mydomain.com/ </IfModule> </VirtualHost>
September 22, 20178 yr Author AhHa! With your help I have temporarily fixed it. root@me:/etc/apache2/sites-enabled# cat 10_froxlor_ipandport_138.68.188.75.443.conf <VirtualHost 138.68.188.75:443> DocumentRoot "/var/www/froxlor/" ServerName post.mydomain.com FcgidIdleTimeout 30 SuexecUserGroup "froxlor" "froxlor" <Directory "/var/www/froxlor/"> <FilesMatch "\.(php)$"> SetHandler fcgid-script FcgidWrapper /var/www/php-fcgi-scripts/froxlor.panel/post.onyourcloud.zone/php-fcgi-starter .php Options +ExecCGI </FilesMatch> Require all granted AllowOverride All </Directory> Alias /webmail /var/lib/roundcube SSLEngine On SSLProtocol -ALL +TLSv1 +TLSv1.2 SSLCompression Off SSLHonorCipherOrder On SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH SSLVerifyDepth 10 SSLCertificateFile /usr/local/ssl/post.mydomain.com.crt SSLCertificateKeyFile /usr/local/ssl/post.mydomain.com.key-nopass SSLCACertificateFile /usr/local/ssl/alphassl.pem SSLCertificateChainFile /usr/local/ssl/post.mydomain.com.intermediate.txt </VirtualHost> I hashed out the Alias line like the below #Alias /webmail /var/lib/roundcube Then service apache2 reload && service apache2 restart I was then able to connect to the web mail server using https://post.mydomain.com/webmail. I believe, when some were able to access the webmail using https and some were not, the people who were able to were using IPV6 not IPv4. The problem I have is the comment in that file says not to manually updated the file as it will be overwritten, as per the below. # 10_froxlor_ipandport_X.X.X.X.443.conf # Created 19.09.2017 10:10 # Do NOT manually edit this file, all changes will be deleted after the next domain change at the panel. What do I need to do to make this a permanent change? Thanks in advance.
September 22, 20178 yr Author I also have a question with regards to how to permanently redirect http > https. I modified the below file and added the bold redirect line. Redirect / https://post.onyourcloud.zone/ <VirtualHost X.X.X.X:80> DocumentRoot "/var/www/froxlor/" ServerName post.mydomain.com Redirect / https://post.mydomain.com/ FcgidIdleTimeout 30 SuexecUserGroup "froxlor" "froxlor" <Directory "/var/www/froxlor/"> <FilesMatch "\.(php)$"> SetHandler fcgid-script FcgidWrapper /var/www/php-fcgi-scripts/froxlor.panel/post.onyourcloud.zone/php-fcgi-starter .php Options +ExecCGI </FilesMatch> Require all granted AllowOverride All </Directory> </VirtualHost> FcgidIdleTimeout 30 SuexecUserGroup "froxlor" "froxlor" <Directory "/var/www/froxlor/"> <FilesMatch "\.(php)$"> SetHandler fcgid-script FcgidWrapper /var/www/php-fcgi-scripts/froxlor.panel/post.onyourcloud.zone/php-fcgi-starter .php Options +ExecCGI </FilesMatch> Require all granted AllowOverride All </Directory> </VirtualHost> Again, this file will be overwritten so I need to know how to make the permanent change.
September 22, 20178 yr Author 18 minutes ago, d00p said: Edit the IP/Port as Admin as in add line to this free text field 'Default vHost-settings for every domain container: '? I have tried that and it had no effect.
September 25, 20178 yr There should be the line "Alias /webmail /var/lib/roundcube" somewhere in the ip/port settings, you do not want to ADD this line, you want to remove it
September 25, 20178 yr Author Thanks d00p. That has now sorted it. If anyone else comes across this problem where webmail was either not working or only working for some, hopefully this will help. The server was migrated from one service provider to another. There was a line in the Froxlor config, Resources > Ips and Ports > x.x.x.x:443 that was Alias /webmail /var/lib/roundcube Once this was removed, webmail starting working properly. The reason it was working for some and not all is that on the old platform it did not have IPV6 hence on the new platform it was fresh and working fine.
Archived
This topic is now archived and is closed to further replies.