[SOGo] https, carddav and caldav config with SSL - any working example

2013-01-11 Thread Götz Reinicke - IT Koordinator 
Hi,

we do have a running SOGo 2.0.3a test system with some basic configurations.

For the LIVE system we like to have sogo running as a virtual apache
host and secure as much as possible by using ssl.

And there is the request to use nearly all possibilities that SOGo
offers; that means calendar and addressbook sync to iphones too :-)

We run Centos/Red Hat 6.x servers and may be somewone has an working
configuration example to share?

I found some wiki docs etc, but putting all pieces together by my own is
a bit complex.

Thanks for any help and best regards . Götz
-- 
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 82 420
Fax  +49 7141 969 55 420
E-Mail goetz.reini...@filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016

Vorsitzender des Aufsichtsrats: Jürgen Walter MdL
Staatssekretär im Ministerium für Wissenschaft,
Forschung und Kunst Baden-Württemberg

Geschäftsführer: Prof. Thomas Schadt



smime.p7s
Description: S/MIME Kryptografische Unterschrift

Re: [SOGo] https, carddav and caldav config with SSL - any working example

2013-01-11 Thread Thoralf Schulze 
hi,

Am 11.01.2013 10:41 schrieb Götz Reinicke - IT Koordinator:
 For the LIVE system we like to have sogo running as a virtual apache
 host and secure as much as possible by using ssl.

hth, we are using debian squeeze.

with kind regards,
t.
-- 
users@sogo.nu
https://inverse.ca/sogo/lists### non-ssl wird auf ssl umgeleitet
### sonst läuft auf port 80 nicht viel …
virtualhost sogo.ourdomain.de:80

serveradmin webmas...@ourdomain.de
documentroot/var/www

ifmodule mod_rewrite.c
rewriteengine   on
rewritecond %{SERVER_PORT} !^443$
rewriterule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
rewritelog  /var/log/apache2/rewrite.log
/ifmodule

directory /
options followsymlinks
allowoverride   none
/directory

#   include includes/generic-sogo-stuff

/virtualhost


### das web-interface, auch: caldav/carddav, auch: updates
VirtualHost sogo.ourdomain.de:443

ServerAdmin webmas...@ourdomain.de
DocumentRoot /var/www

include includes/generic-ssl-stuff

include includes/generic-sogo-stuff

ErrorLog${APACHE_LOG_DIR}/error.log
CustomLog   ${APACHE_LOG_DIR}/sogo_access.log combined

# sogo lebt unter /SOGo, andere unspezifizierte requests dorthin 
umschreiben
IfModule mod_rewrite.c
RewriteEngine   on
RewriteCond %{REQUEST_URI} ^/index.(htm|html)$ [OR]
RewriteCond %{REQUEST_URI} ^/$
RewriteRule (.*) /SOGo/ [R=301,L]
/IfModule

Directory /
Options FollowSymLinks
AllowOverride None
/Directory
Directory /var/www/
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
/Directory

# unter plugins/ wird php per fastcgi gebraucht
directory /var/www/plugins/
ifmodule mod_fcgid.c  
AddHandler fcgid-script .php
FCGIWrapper /usr/lib/cgi-bin/php5 .php
Options +ExecCGI
/ifmodule
/directory

# sogo-requests verarzten
Proxy http://127.0.0.1:2/SOGo
RequestHeader set x-webobjects-server-port 443
RequestHeader set x-webobjects-server-name 
sogo.ourdomain.de:443
RequestHeader set x-webobjects-server-url 
https://sogo.ourdomain.de:443;
RequestHeader set x-webobjects-server-protocol HTTP/1.0
RequestHeader set x-webobjects-remote-host %{REMOTE_HOST}e 
env=REMOTE_HOST
AddDefaultCharset UTF-8
Order allow,deny
Allow from all
/Proxy

/VirtualHost


### 8443 ist apfel-standard für verschlüsseltes carddav 
virtualhost sogo.ourdomain.de:8443

ServerAdmin webmas...@ourdomain.de
DocumentRoot /var/www

include includes/generic-ssl-stuff
include includes/generic-sogo-stuff

ProxyPassInterpolateEnv On
ProxyPass   /principals 
http://127.0.0.1:2/SOGo/dav/ interpolate
ProxyPass   /SOGo/dav/ 
http://127.0.0.1:2/SOGo/dav/ interpolate
ProxyPass   / http://127.0.0.1:2/SOGo/dav/ 
interpolate

Proxy http://127.0.0.1:2/SOGo
RequestHeader set x-webobjects-server-port 8443
RequestHeader set x-webobjects-server-name 
sogo.ourdomain.de:8443
RequestHeader set x-webobjects-server-url 
https://sogo.ourdomain.de:8443;
RequestHeader set x-webobjects-server-protocol HTTP/1.0
RequestHeader set x-webobjects-remote-host %{REMOTE_HOST}e 
env=REMOTE_HOST
AddDefaultCharset UTF-8
Order allow,deny
Allow from all
/Proxy

ErrorLog${APACHE_LOG_DIR}/error.log
CustomLog   ${APACHE_LOG_DIR}/sogo_apfeldav_access.log combined

/virtualhost

### und 8843 ist apfelstandard für verschlüsseltes caldav
virtualhost sogo.ourdomain.de:8843

ServerAdmin webmas...@ourdomain.de
DocumentRoot /var/www

include includes/generic-ssl-stuff
include includes/generic-sogo-stuff

ProxyPassInterpolateEnv On
ProxyPass   /principals 
http://127.0.0.1:2/SOGo/dav/ interpolate
ProxyPass   /SOGo/dav/ 
http://127.0.0.1:2/SOGo/dav/ interpolate
ProxyPass   / http://127.0.0.1:2/SOGo/dav/ 
interpolate

Proxy http://127.0.0.1:2/SOGo
RequestHeader set x-webobjects-server-port 8843
RequestHeader

Re: [SOGo] https, carddav and caldav config with SSL - any working example

2013-01-11 Thread Götz Reinicke - IT Koordinator 
Am 11.01.13 10:55, schrieb Thoralf Schulze:
 hi,
 
 Am 11.01.2013 10:41 schrieb Götz Reinicke - IT Koordinator:
 For the LIVE system we like to have sogo running as a virtual apache
 host and secure as much as possible by using ssl.
 
 hth, we are using debian squeeze.
 
 with kind regards,
 t.
 

Wow hi big kòutóu :) I think that will help a lot!

Thanks and regards . Götz
-- 
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 82 420
Fax  +49 7141 969 55 420
E-Mail goetz.reini...@filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016

Vorsitzender des Aufsichtsrats: Jürgen Walter MdL
Staatssekretär im Ministerium für Wissenschaft,
Forschung und Kunst Baden-Württemberg

Geschäftsführer: Prof. Thomas Schadt



smime.p7s
Description: S/MIME Kryptografische Unterschrift

Re: [SOGo] https, carddav and caldav config with SSL - any working example

2013-01-11 Thread Anselm Martin Hoffmeister 

Am 11.01.2013 11:13, schrieb Götz Reinicke - IT Koordinator:

Am 11.01.13 10:55, schrieb Thoralf Schulze:

hi,

Am 11.01.2013 10:41 schrieb Götz Reinicke - IT Koordinator:

For the LIVE system we like to have sogo running as a virtual apache
host and secure as much as possible by using ssl.


hth, we are using debian squeeze.

with kind regards,
t.



Wow hi big kòutóu :) I think that will help a lot!

Thanks and regards . Götz


Hi Götz, hi Thoralf,

that setup looks quite similar to mine, but with two obvious differences:

1st/ I had to restrict my setup to one port for HTTPS. So I do not
have those additional HTTPS ports available.

2nd/ For those iDevices out there, and also the Android CalDAV
connector that I can highly recommend, I implemented the .well-known
setting in the web root. You can do that with Apache config files,
or just create a directory .well-known in the web root and add
some mini PHP files that redirect to the intended location as
caldav.php and carddav.php (I have multiviews on in that VM, so
the request /.well-known/carddav works). Files might look like
? header(Location: https://sogo.-mydomain-.de/SOGo/dav/;); ?

This might also be handy when you have a multi-domain setup where
everyone just enters his own domain name (where the web-space
lives on HTTP only, probably, and no multi-domain certificate is
availble for) and is magically redirected to the SOGo service on the
right domain name, such that certificates work correctly etc.

BR
AMH
--
users@sogo.nu
https://inverse.ca/sogo/lists