use_https issue

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

use_https issue

Brendan Kearney
i have 2 apache instances behind HAProxy, where HAProxy is running the
HTTPS and load balancing to RCM in the clear.  i have set the
'use_https' option to true, and it works in most cases.  i have found an
exception and i wanted to see if this has been fixed in more recent
versions.

if i browse to https://host.domain.tld/roundcubemail (note https, with
no trailing slash), i am redirected to
http://host.domain.tld/roundcubemail/ (note not https, with trailing slash).

if i correct the http:// to https:// everything works and all pages are
secured.  it seems that only the redirect to the URI with the trailing
slash is where this comes up.  i am running RCM 1.1.1-2 on fedora20.  i
will be upgrading in the near future, but wanted to see if this was
already fixed.

thank you,

brendan
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: use_https issue

Thomas Bruederli-2
On Mon, Jan 18, 2016 at 1:55 AM, Brendan Kearney <[hidden email]> wrote:

> i have 2 apache instances behind HAProxy, where HAProxy is running the HTTPS
> and load balancing to RCM in the clear.  i have set the 'use_https' option
> to true, and it works in most cases.  i have found an exception and i wanted
> to see if this has been fixed in more recent versions.
>
> if i browse to https://host.domain.tld/roundcubemail (note https, with no
> trailing slash), i am redirected to
> http://host.domain.tld/roundcubemail/ (note not https, with trailing slash).
>
> if i correct the http:// to https:// everything works and all pages are
> secured.  it seems that only the redirect to the URI with the trailing slash
> is where this comes up.

The redirect from /roundcubemail to /roundcubemail/ is done by Apache
and doesn't yet hit Roundcube and its use_https logic. Thus not a
Roundcube issue and nothing we could fix on our side. You need to
teach Apache to redirect to https.

~Thomas
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: use_https issue

Brendan Kearney

I am not understanding this.  Apache is doing nothing with https.  The https is being handled on the load balancer and everything apache sees is http only.

Does that mean the load balancing needs to be changed?

On Jan 18, 2016 4:45 AM, "Thomas Bruederli" <[hidden email]> wrote:
On Mon, Jan 18, 2016 at 1:55 AM, Brendan Kearney <[hidden email]> wrote:
> i have 2 apache instances behind HAProxy, where HAProxy is running the HTTPS
> and load balancing to RCM in the clear.  i have set the 'use_https' option
> to true, and it works in most cases.  i have found an exception and i wanted
> to see if this has been fixed in more recent versions.
>
> if i browse to https://host.domain.tld/roundcubemail (note https, with no
> trailing slash), i am redirected to
> http://host.domain.tld/roundcubemail/ (note not https, with trailing slash).
>
> if i correct the http:// to https:// everything works and all pages are
> secured.  it seems that only the redirect to the URI with the trailing slash
> is where this comes up.

The redirect from /roundcubemail to /roundcubemail/ is done by Apache
and doesn't yet hit Roundcube and its use_https logic. Thus not a
Roundcube issue and nothing we could fix on our side. You need to
teach Apache to redirect to https.

~Thomas
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users

_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: use_https issue

Jari Fredriksson

 

(Sorry for top posting, my MUA does not somehow allow posting properly in *this* message)

It is the Apache that does the redirection request for browser. This has nothing to do with the fact that it only handles http sockets. If Apache does not do it, nothing does.

 

br. jarif

 

brendan kearney kirjoitti 18.1.2016 15:29:

I am not understanding this.  Apache is doing nothing with https.  The https is being handled on the load balancer and everything apache sees is http only.

 

Does that mean the load balancing needs to be changed?

On Jan 18, 2016 4:45 AM, "Thomas Bruederli" <[hidden email]> wrote:
On Mon, Jan 18, 2016 at 1:55 AM, Brendan Kearney <[hidden email]> wrote:
> i have 2 apache instances behind HAProxy, where HAProxy is running the HTTPS
> and load balancing to RCM in the clear.  i have set the 'use_https' option
> to true, and it works in most cases.  i have found an exception and i wanted
> to see if this has been fixed in more recent versions.
>
> if i browse to https://host.domain.tld/roundcubemail (note https, with no
> trailing slash), i am redirected to
> http://host.domain.tld/roundcubemail/ (note not https, with trailing slash).
>
> if i correct the http:// to https:// everything works and all pages are
> secured.  it seems that only the redirect to the URI with the trailing slash
> is where this comes up.

The redirect from /roundcubemail to /roundcubemail/ is done by Apache
and doesn't yet hit Roundcube and its use_https logic. Thus not a
Roundcube issue and nothing we could fix on our side. You need to
teach Apache to redirect to https.

~Thomas
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users

_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users

 

-- 
jarif.bit

_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: use_https issue

gnul
In reply to this post by Brendan Kearney


On Jan 18, 2016 6:30 AM, "brendan kearney" wrote:
>
> I am not understanding this.  Apache is doing nothing with https.  The https is being handled on the load balancer and everything apache sees is http only.
>
> Does that mean the load balancing needs to be changed?
>

In some default configs, Apache will implement that redirect (append trailing /). If so, your load balancer/proxy should rewrite them; alternately the Apache config can do it.

Investigate the configuration in HAProxy to only redirect using https for all rewritten urls under that location. Stack Overflow has many examples.

Good luck.


_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: use_https issue

Emma Mulkearns
If no one can answer my question then Please take me off this 

Sent from my iPhone

On 19 Jan 2016, at 8:04 AM, Gnul Char <[hidden email]> wrote:


On Jan 18, 2016 6:30 AM, "brendan kearney" wrote:
>
> I am not understanding this.  Apache is doing nothing with https.  The https is being handled on the load balancer and everything apache sees is http only.
>
> Does that mean the load balancing needs to be changed?
>

In some default configs, Apache will implement that redirect (append trailing /). If so, your load balancer/proxy should rewrite them; alternately the Apache config can do it.

Investigate the configuration in HAProxy to only redirect using https for all rewritten urls under that location. Stack Overflow has many examples.

Good luck.

_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users

_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: use_https issue

Noel Butler

So what is your question?

Or are you posting from a ghost account as I suspect, since you did not ask this question, nor have you commented in this thread.

Either way you have been given the answer already, I suggest you subscribe to apache httpd users list (  [hidden email] ) and ask their if you can not understand google's responses on how to configure httpd.  But I warn you, the patience their for helping people who wont help themselves is like everywhere, rather thin.

AS to your request to leave this list, you may do so on your own accord any time you want by following the footer link.

 

 

On 19/01/2016 07:28, emma mulkearns wrote:

If no one can answer my question then Please take me off this 

Sent from my iPhone

On 19 Jan 2016, at 8:04 AM, Gnul Char <[hidden email]> wrote:


On Jan 18, 2016 6:30 AM, "brendan kearney" wrote:
>
> I am not understanding this.  Apache is doing nothing with https.  The https is being handled on the load balancer and everything apache sees is http only.
>
> Does that mean the load balancing needs to be changed?
>

In some default configs, Apache will implement that redirect (append trailing /). If so, your load balancer/proxy should rewrite them; alternately the Apache config can do it.

Investigate the configuration in HAProxy to only redirect using https for all rewritten urls under that location. Stack Overflow has many examples.

Good luck.

--
If you have the urge to reply to all rather than reply to list, you best first read  http://members.ausics.net/qwerty/

_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users