Roundcube 1.3 and _SERVER['HTTPS']

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Roundcube 1.3 and _SERVER['HTTPS']

Webert de Souza Lima
Hello everyone,

I have recently upgraded Roundcube from release-1.2 to release-1.3.

Roundcube is running behind HA-Proxy with SSL-Termination, which means that the traffic is encrypted between the client and haproxy but not between haproxy and roundcube(served by nginx).

It seems that after the upgrade, the variable $_SERVER['HTTPS'] is not being set to 'on', and some plugins that use this variable are serving resources over http, which causes the browser to complain about Mixed Content and connection not fully secure.

Not all domains are set to redirect to SSL port, so I can't force https, but the ones who use it are set up in nginx like this:

server {
  listen 80;
  server_name webmail.domain_name;
  return 301 https://$server_name/;
}

server {
  listen 443;
  root /var/www;
  index index.php;
  server_name webmail.domain_name;
  access_log off;

  location / {
    try_files $uri $uri/ =404;
  }

  location ~ .php$ {
    root /var/www;
    fastcgi_pass php;
    fastcgi_read_timeout 120;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }

}

the port 443 here is just a different port but traffic is not encrypted because the HA-Proxy does the encryption with the client.

Any suggestions to fix this? Thanks!

Regards,

Webert Lima
DevOps Engineer at MAV Tecnologia
Belo Horizonte - Brasil
IRC NICK - WebertRLZ

_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Roundcube 1.3 and _SERVER['HTTPS']

A.L.E.C
On 12/18/2017 04:59 PM, Webert de Souza Lima wrote:
> the port 443 here is just a different port but traffic is not encrypted
> because the HA-Proxy does the encryption with the client.
>
> Any suggestions to fix this? Thanks!

$config['use_https'] = true;

--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer         [http://kolab.org]
Roundcube Webmail Developer   [http://roundcube.net]
----------------------------------------------------
PGP: 19359DC1 # Blog: https://kolabian.wordpress.com
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Roundcube 1.3 and _SERVER['HTTPS']

Webert de Souza Lima
Hi, thanks for replying.

Isn't this force https? Some domains do not use http redirection.



Regards,

Webert Lima
DevOps Engineer at MAV Tecnologia
Belo Horizonte - Brasil
IRC NICK - WebertRLZ

On Mon, Dec 18, 2017 at 5:01 PM, A.L.E.C <[hidden email]> wrote:
On 12/18/2017 04:59 PM, Webert de Souza Lima wrote:
> the port 443 here is just a different port but traffic is not encrypted
> because the HA-Proxy does the encryption with the client.
>
> Any suggestions to fix this? Thanks!

$config['use_https'] = true;

--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer         [http://kolab.org]
Roundcube Webmail Developer   [http://roundcube.net]
----------------------------------------------------
PGP: 19359DC1 # Blog: https://kolabian.wordpress.com
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users


_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: Roundcube 1.3 and _SERVER['HTTPS']

Webert de Souza Lima
I have just tested this and it seems not to do the trick. Set in config.inc.php and also in the domain_name.inc.php.
I would like to reinforce that haproxy-nginx_roundcube connection is not encrypted in port 443.

Thanks.


Regards,

Webert Lima
DevOps Engineer at MAV Tecnologia
Belo Horizonte - Brasil
IRC NICK - WebertRLZ

On Mon, Dec 18, 2017 at 5:07 PM, Webert de Souza Lima <[hidden email]> wrote:
Hi, thanks for replying.

Isn't this force https? Some domains do not use http redirection.



Regards,

Webert Lima
DevOps Engineer at MAV Tecnologia
Belo Horizonte - Brasil
IRC NICK - WebertRLZ

On Mon, Dec 18, 2017 at 5:01 PM, A.L.E.C <[hidden email]> wrote:
On 12/18/2017 04:59 PM, Webert de Souza Lima wrote:
> the port 443 here is just a different port but traffic is not encrypted
> because the HA-Proxy does the encryption with the client.
>
> Any suggestions to fix this? Thanks!

$config['use_https'] = true;

--
Aleksander 'A.L.E.C' Machniak
Kolab Groupware Developer         [http://kolab.org]
Roundcube Webmail Developer   [http://roundcube.net]
----------------------------------------------------
PGP: 19359DC1 # Blog: https://kolabian.wordpress.com
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users



_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users