Re: [SOGo] Apache modules?

2015-02-22 Thread Chris Coleman 

From here:
https://wiki.debian.org/SOGo
and here:
http://www.openchange.org/cookbook/backends/sogo/webui.html

These 4 apache modules required:

# add some apache modules
a2enmod proxy
a2enmod proxy_http
a2enmod headers
a2enmod rewrite
# restart apache
/etc/init.d/apache2 restart



On 2/22/2015 3:56 PM, Kai-Uwe Rommel wrote:

No response so far ... did nobody explore this yet?

Kai-Uwe Rommel

kai-uwe.rom...@ars.de
Telefon+Mobil +49 89 32468-120


__

Hello,

I would like to "harden" my SOGo server a bit since it is accessible 
on the Internet.
Is there some documentation available which Apache modules are 
required for SOGo and
which modules can be disabled? The SOGo configuration guide does not 
mention anything

about this topic. Thanks!

Kai-Uwe Rommel

kai-uwe.rom...@ars.de
Telefon+Mobil +49 89 32468-120




ARS Computer und Consulting GmbH, http://www.ars.de 
Ridlerstrasse 55, 80339 Muenchen, Deutschland

Application Development Services, Business Transformation Services, IT 
Infrastruktur Services

Beratung und Vertrieb zu IBM Software, System x, POWER Systems, Storage
License Management Services, IBM Passport Advantage Lizenzierung

Handelsregister Muenchen, HRB 101829, USt-ID: DE 155 068 909
Geschaeftsfuehrer: Michael Arbesmeier, Kai-Uwe Rommel, Roland Schock, 
Joachim Gucker




--
users@sogo.nu
https://inverse.ca/sogo/lists

[SOGo] Apache modules?

2015-02-22 Thread Kai-Uwe Rommel 
No response so far ... did nobody explore this yet?

Kai-Uwe Rommel

kai-uwe.rom...@ars.de
Telefon+Mobil +49 89 32468-120


__

Hello,

I would like to "harden" my SOGo server a bit since it is accessible on 
the Internet.
Is there some documentation available which Apache modules are required 
for SOGo and
which modules can be disabled? The SOGo configuration guide does not 
mention anything
about this topic. Thanks!

Kai-Uwe Rommel

kai-uwe.rom...@ars.de
Telefon+Mobil +49 89 32468-120



ARS Computer und Consulting GmbH, http://www.ars.de
Ridlerstrasse 55, 80339 Muenchen, Deutschland

Application Development Services, Business Transformation Services, IT 
Infrastruktur Services
Beratung und Vertrieb zu IBM Software, System x, POWER Systems, Storage
License Management Services, IBM Passport Advantage Lizenzierung

Handelsregister Muenchen, HRB 101829, USt-ID: DE 155 068 909
Geschaeftsfuehrer: Michael Arbesmeier, Kai-Uwe Rommel, Roland Schock, 
Joachim Gucker

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Aw: Re: [SOGo] using nginx

2015-02-22 Thread Infoomatic 
thanks for the replies, it's still not working, my config:

location = /principals/
{
rewrite ^ 'https://$server_name/SOGo/dav';
allow all;
}
location ^~/SOGo
{
proxy_pass 'http://127.0.0.1:2';
proxy_redirect 'http://127.0.0.1:2' default;
# forward user's IP address
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header x-webobjects-server-protocol HTTP/1.0;
proxy_set_header x-webobjects-remote-host 127.0.0.1;
proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $scheme://$host;
proxy_set_header x-webobjects-server-port $server_port;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
client_max_body_size 50m;
break;
}

location ^~ /Microsoft-Server-ActiveSync {
proxy_pass
http://127.0.0.1:2/SOGo/Microsoft-Server-ActiveSync;
proxy_redirect
http://127.0.0.1:2/Microsoft-Server-ActiveSync /;
}

location /SOGo.woa/WebServerResources/
{
alias /usr/lib/GNUstep/SOGo/WebServerResources/;
allow all;
}

location /SOGo/WebServerResources/
{
alias /usr/lib/GNUstep/SOGo/WebServerResources/;
allow all;
}

location (^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$)
{
alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
}
location 
(^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$)
{
alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
}


regards,
infoomatic


> Gesendet: Sonntag, 22. Februar 2015 um 20:34 Uhr
> Von: "Jens Erat" 
> An: users@sogo.nu
> Betreff: Re: [SOGo] using nginx
>
> Hi!
> 
> My nginx configuration (which proxies to an Apache inside a Docker
> container) also sets `X-Forwarded-For`:
> 
> proxy_set_header X-Real-IP  $remote_addr;
> proxy_set_header X-Forwarded-For $remote_addr;
> 
> I didn't test what happens if you directly interface SOGo with nginx,
> though.
> 
> Regards from Lake Constance, Germany,
> Jens
> 
> 
> On 22.02.2015 18:43, Infoomatic wrote:
> > hi,
> > I wanted to use nginx with sogo and apply the fail2ban rules. Basically, 
> > everything is working fine with nginx, but:
> > with the suggested nginx config (including "proxy_set_header X-Real-IP 
> > $remote_addr;" from the sogo wiki) and nginx version 1.6.2, the
> > logfile only creates entries like:
> > SOGoRootPage Login from '127.0.0.1' for user 'afd' might not have worked - 
> > password policy: 65535  grace: -1  expire: -1  bound: 0
> > 
> > The same host, with the suggested apache2 configuration gives me:
> > SOGoRootPage Login from 'XXX.XX.XX.XXX' for user 'aasd' might not have 
> > worked - password policy: 65535  grace: -1  expire: -1  bound: 0
> > 
> > with my real IP and thus fail2ban working.
> > 
> > Is there a workaround or some variables to change in source and recompile 
> > to have this working? Or better: a configuration option I did not see?
> > 
> > regards,
> > infoomatic
> > 
> 
> 
> -- 
> Jens Erat
> 
>  [phone]: tel:+49-151-56961126
>   [mail]: mailto:em...@jenserat.de
> [jabber]: xmpp:jab...@jenserat.de
>[web]: http://www.jenserat.de
> 
>  OpenPGP: 0D69 E11F 12BD BA07 7B37  26AB 4E1F 799A A4FF 2279
> 
> 
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] using nginx

2015-02-22 Thread FoxNET 
Hello 

Config 

…...

proxy_http_version 1.1;
   
location = / {
rewrite ^ http://$server_name/SOGo; 
allow all; 
}
   
# For IOS 7 

location = /principals/ {
rewrite ^ http://$server_name/SOGo/dav; 
allow all; 
}
   
location ^~/SOGo {
proxy_pass http://127.0.0.1:2; 
proxy_redirect http://127.0.0.1:2 default; 
  
# forward user's IP address 
proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
proxy_set_header Host $host; 
proxy_set_header x-webobjects-server-protocol HTTP/1.0; 
proxy_set_header x-webobjects-remote-host 127.0.0.1; 
proxy_set_header x-webobjects-server-name $server_name; 
proxy_set_header x-webobjects-server-url $scheme://$host; 
proxy_set_header x-webobjects-server-port $server_port; 
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 630;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
client_max_body_size 50m;
client_body_buffer_size 128k;
break;
}
   
location ^~/Microsoft-Server-ActiveSync {
proxy_pass 
http://127.0.0.1:2/SOGo/Microsoft-Server-ActiveSync;
proxy_redirect 
http://127.0.0.1:2/Microsoft-Server-ActiveSync /;
}
   
location ^~/ActiveSync {
proxy_pass 
http://127.0.0.1:2/SOGo/Microsoft-Server-ActiveSync;
proxy_redirect 
http://127.0.0.1:2/Microsoft-Server-ActiveSync /;
}

location /SOGo.woa/WebServerResources/ {
alias /usr/lib/GNUstep/SOGo/WebServerResources/;
allow all;
}

location /SOGo/WebServerResources/ {
alias /usr/lib/GNUstep/SOGo/WebServerResources/; 
allow all; 
}

location (^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$) {
alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2; 
}

location 
(^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$) {
alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2; 
}
}


> Le 22 févr. 2015 à 18:43, Infoomatic  a écrit :
> 
> hi,
> I wanted to use nginx with sogo and apply the fail2ban rules. Basically, 
> everything is working fine with nginx, but:
> with the suggested nginx config (including "proxy_set_header X-Real-IP 
> $remote_addr;" from the sogo wiki) and nginx version 1.6.2, the
> logfile only creates entries like:
> SOGoRootPage Login from '127.0.0.1' for user 'afd' might not have worked - 
> password policy: 65535  grace: -1  expire: -1  bound: 0
> 
> The same host, with the suggested apache2 configuration gives me:
> SOGoRootPage Login from 'XXX.XX.XX.XXX' for user 'aasd' might not have worked 
> - password policy: 65535  grace: -1  expire: -1  bound: 0
> 
> with my real IP and thus fail2ban working.
> 
> Is there a workaround or some variables to change in source and recompile to 
> have this working? Or better: a configuration option I did not see?
> 
> regards,
> infoomatic
> 
> -- 
> users@sogo.nu
> https://inverse.ca/sogo/lists
> 
> 
> __ Information from ESET Mail Security, version of virus signature 
> database 11215 (20150222) __
> 
> The message was checked by ESET Mail Security.
> http://www.eset.com
> 
> 



smime.p7s
Description: S/MIME cryptographic signature

Re: [SOGo] using nginx

2015-02-22 Thread Chris Coleman 

Did you use the config from this page?
http://wiki.sogo.nu/nginxSettings


Make sure you have both "X-Real-IP" and "X-Forwarded-For" headers.
Like these:

# set headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;

# Optional:
# Let the web service know that we're using HTTPS, otherwise
# it will generate URL using http:// and not https://
# proxy_set_header X-Forwarded-Proto https;






On 2/22/2015 12:43 PM, Infoomatic wrote:

hi,
I wanted to use nginx with sogo and apply the fail2ban rules. Basically, 
everything is working fine with nginx, but:
with the suggested nginx config (including "proxy_set_header X-Real-IP 
$remote_addr;" from the sogo wiki) and nginx version 1.6.2, the
logfile only creates entries like:
SOGoRootPage Login from '127.0.0.1' for user 'afd' might not have worked - 
password policy: 65535  grace: -1  expire: -1  bound: 0

The same host, with the suggested apache2 configuration gives me:
SOGoRootPage Login from 'XXX.XX.XX.XXX' for user 'aasd' might not have worked - 
password policy: 65535  grace: -1  expire: -1  bound: 0

with my real IP and thus fail2ban working.

Is there a workaround or some variables to change in source and recompile to 
have this working? Or better: a configuration option I did not see?

regards,
infoomatic



--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] using nginx

2015-02-22 Thread Jens Erat 
Hi!

My nginx configuration (which proxies to an Apache inside a Docker
container) also sets `X-Forwarded-For`:

proxy_set_header X-Real-IP  $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;

I didn't test what happens if you directly interface SOGo with nginx,
though.

Regards from Lake Constance, Germany,
Jens


On 22.02.2015 18:43, Infoomatic wrote:
> hi,
> I wanted to use nginx with sogo and apply the fail2ban rules. Basically, 
> everything is working fine with nginx, but:
> with the suggested nginx config (including "proxy_set_header X-Real-IP 
> $remote_addr;" from the sogo wiki) and nginx version 1.6.2, the
> logfile only creates entries like:
> SOGoRootPage Login from '127.0.0.1' for user 'afd' might not have worked - 
> password policy: 65535  grace: -1  expire: -1  bound: 0
> 
> The same host, with the suggested apache2 configuration gives me:
> SOGoRootPage Login from 'XXX.XX.XX.XXX' for user 'aasd' might not have worked 
> - password policy: 65535  grace: -1  expire: -1  bound: 0
> 
> with my real IP and thus fail2ban working.
> 
> Is there a workaround or some variables to change in source and recompile to 
> have this working? Or better: a configuration option I did not see?
> 
> regards,
> infoomatic
> 


-- 
Jens Erat

 [phone]: tel:+49-151-56961126
  [mail]: mailto:em...@jenserat.de
[jabber]: xmpp:jab...@jenserat.de
   [web]: http://www.jenserat.de

 OpenPGP: 0D69 E11F 12BD BA07 7B37  26AB 4E1F 799A A4FF 2279



smime.p7s
Description: S/MIME Cryptographic Signature

[SOGo] using nginx

2015-02-22 Thread Infoomatic 
hi,
I wanted to use nginx with sogo and apply the fail2ban rules. Basically, 
everything is working fine with nginx, but:
with the suggested nginx config (including "proxy_set_header X-Real-IP 
$remote_addr;" from the sogo wiki) and nginx version 1.6.2, the
logfile only creates entries like:
SOGoRootPage Login from '127.0.0.1' for user 'afd' might not have worked - 
password policy: 65535  grace: -1  expire: -1  bound: 0

The same host, with the suggested apache2 configuration gives me:
SOGoRootPage Login from 'XXX.XX.XX.XXX' for user 'aasd' might not have worked - 
password policy: 65535  grace: -1  expire: -1  bound: 0

with my real IP and thus fail2ban working.

Is there a workaround or some variables to change in source and recompile to 
have this working? Or better: a configuration option I did not see?

regards,
infoomatic

-- 
users@sogo.nu
https://inverse.ca/sogo/lists