Hi Zhang,
i can't get it to work. SOGo is accesible under the sogo.domain.de and redirected to https, but the login is not possible and it misses any style sheet info, see attachment. The redirect from http to https is generally working.. also for roundcube or iredadmin. But under the hostname stromberg.domain.de, SOGo is not reachable: i get a 404 now.
FYI: "domain" is just a mask for the real domain here in all these files.
For the record i post my configs here:
Inside sites-enabled i have now:
lrwxrwxrwx 1 root root 35 Jun 5 01:26 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root 35 Jun 5 01:03 default-ssl.conf -> ../sites-available/default-ssl.conf
lrwxrwxrwx 1 root root 42 Jun 5 00:39 sogo-domain-de.conf -> ../sites-available/sogo-domain-de.conf
lrwxrwxrwx 1 root root 46 Jun 5 00:39 sogo-domain-de-ssl.conf -> ../sites-available/sogo-domain-de-ssl.conf
lrwxrwxrwx 1 root root 47 Jun 5 00:39 stromberg-domain-de.conf -> ../sites-available/stromberg-domain-de.conf
lrwxrwxrwx 1 root root 51 Jun 5 00:39 stromberg-domain-de-ssl.conf -> ../sites-available/stromberg-domain-de-ssl.conf
(stromberg is the hostname)
000-default.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName stromberg.domain.de
RewriteEngine on
RewriteRule /SOGo(.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>default-ssl.conf
IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCipherSuite -----
SSLHonorCipherOrder on
SSLCertificateFile /etc/ssl/certs/iRedMail.crt
SSLCertificateKeyFile /etc/ssl/private/iRedMail.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
Alias /iredadmin/static "/opt/www/iredadmin/static/"
WSGIScriptAlias /iredadmin "/opt/www/iredadmin/iredadmin.py/"
Alias /mail "/opt/www/roundcubemail/"
Alias /awstats/icon "/usr/share/awstats/icon/"
Alias /awstatsicon "/usr/share/awstats/icon/"
ScriptAlias /awstats "/usr/lib/cgi-bin/"
</VirtualHost>
</IfModule>sogo-domain-de.conf
<VirtualHost *:80>
ServerName sogo.domain.de
ServerAdmin admin@domain.de
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>sogo-domain-de-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin admin@domain.de
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCipherSuite -----
SSLHonorCipherOrder on
SSLCertificateFile /etc/ssl/certs/iRedMail.crt
SSLCertificateKeyFile /etc/ssl/private/iRedMail.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
ServerName sogo.domain.de
ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync retry=60 connectiontimeout=5 timeout=3540
</VirtualHost>
</IfModule>For the hostname stromberg the files for http and https are identical to the hostname sogo.
SOGo.con inside conf-available (linked inside -enable)
Alias /SOGo.woa/WebServerResources/ PH_SOGO_GNUSTEP_DIR/WebServerResources/
Alias /SOGo/WebServerResources/ PH_SOGO_GNUSTEP_DIR/WebServerResources/
<Directory PH_SOGO_GNUSTEP_DIR/>
AllowOverride None
<IfVersion < 2.4>
Order deny,allow
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
# Explicitly allow caching of static content to avoid browser specific behavior.
# A resource's URL MUST change in order to have the client load the new version.
<IfModule expires_module>
ExpiresActive On
ExpiresDefault "access plus 1 year"
</IfModule>
</Directory>
## Uncomment the following to enable proxy-side authentication, you will then
## need to set the "SOGoTrustProxyAuthentication" SOGo user default to YES and
## adjust the "x-webobjects-remote-user" proxy header in the "Proxy" section
## below.
#
## For full proxy-side authentication:
#<Location /SOGo>
# AuthType XXX
# Require valid-user
# SetEnv proxy-nokeepalive 1
# Allow from all
#</Location>
#
## For proxy-side authentication only for CardDAV and GroupDAV from external
## clients:
#<Location /SOGo/dav>
# AuthType XXX
# Require valid-user
# SetEnv proxy-nokeepalive 1
# Allow from all
#</Location>
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
# When using CAS, you should uncomment this and install cas-proxy-validate.py
# in /usr/lib/cgi-bin to reduce server overloading
#
# ProxyPass /SOGo/casProxy http://localhost/cgi-bin/cas-proxy-validate.py
# <Proxy http://localhost/app/cas-proxy-validate.py>
# Order deny,allow
# Allow from your-cas-host-addr
# </Proxy>
#
# You should enable 2 `ProxyPass` directives in https
#
# Enable to use Microsoft ActiveSync support
# Note that you MUST have many sogod workers to use ActiveSync.
# See the SOGo Installation and Configuration guide for more details.
#
#ProxyPass /Microsoft-Server-ActiveSync \
# http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
# retry=60 connectiontimeout=5 timeout=3540
#
#ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
<Proxy http://127.0.0.1:20000/SOGo>
# Redirect http access of /SOGo to https
RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e" env=HTTP_HOST
RequestHeader set "x-webobjects-server-url" "https://%{HTTP_HOST}e" env=HTTP_HOST
## When using proxy-side autentication, you need to uncomment and
## adjust the following line:
RequestHeader unset "x-webobjects-remote-user"
#RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e" env=REMOTE_USER
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
AddDefaultCharset UTF-8
</Proxy>
<IfModule rewrite_module>
RewriteEngine On
# For Apple autoconfiguration
RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301]
RewriteRule ^/.well-known/carddav/?$ /SOGo/dav [R=301]
</IfModule>I hope you can find anything which might be misconfigured.
Could it be better to just work with ServerAlias in the default vhost file?
Thanks! Alex