[SOGo] https, carddav and caldav config with SSL - any working example
Hi, we do have a running SOGo 2.0.3a test system with some basic configurations. For the LIVE system we like to have sogo running as a virtual apache host and secure as much as possible by using ssl. And there is the request to use nearly all possibilities that SOGo offers; that means calendar and addressbook sync to iphones too :-) We run Centos/Red Hat 6.x servers and may be somewone has an working configuration example to share? I found some wiki docs etc, but putting all pieces together by my own is a bit complex. Thanks for any help and best regards . Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Jürgen Walter MdL Staatssekretär im Ministerium für Wissenschaft, Forschung und Kunst Baden-Württemberg Geschäftsführer: Prof. Thomas Schadt smime.p7s Description: S/MIME Kryptografische Unterschrift
Re: [SOGo] https, carddav and caldav config with SSL - any working example
hi, Am 11.01.2013 10:41 schrieb Götz Reinicke - IT Koordinator: For the LIVE system we like to have sogo running as a virtual apache host and secure as much as possible by using ssl. hth, we are using debian squeeze. with kind regards, t. -- users@sogo.nu https://inverse.ca/sogo/lists### non-ssl wird auf ssl umgeleitet ### sonst läuft auf port 80 nicht viel ⦠virtualhost sogo.ourdomain.de:80 serveradmin webmas...@ourdomain.de documentroot/var/www ifmodule mod_rewrite.c rewriteengine on rewritecond %{SERVER_PORT} !^443$ rewriterule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] rewritelog /var/log/apache2/rewrite.log /ifmodule directory / options followsymlinks allowoverride none /directory # include includes/generic-sogo-stuff /virtualhost ### das web-interface, auch: caldav/carddav, auch: updates VirtualHost sogo.ourdomain.de:443 ServerAdmin webmas...@ourdomain.de DocumentRoot /var/www include includes/generic-ssl-stuff include includes/generic-sogo-stuff ErrorLog${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/sogo_access.log combined # sogo lebt unter /SOGo, andere unspezifizierte requests dorthin umschreiben IfModule mod_rewrite.c RewriteEngine on RewriteCond %{REQUEST_URI} ^/index.(htm|html)$ [OR] RewriteCond %{REQUEST_URI} ^/$ RewriteRule (.*) /SOGo/ [R=301,L] /IfModule Directory / Options FollowSymLinks AllowOverride None /Directory Directory /var/www/ Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all /Directory # unter plugins/ wird php per fastcgi gebraucht directory /var/www/plugins/ ifmodule mod_fcgid.c AddHandler fcgid-script .php FCGIWrapper /usr/lib/cgi-bin/php5 .php Options +ExecCGI /ifmodule /directory # sogo-requests verarzten Proxy http://127.0.0.1:2/SOGo RequestHeader set x-webobjects-server-port 443 RequestHeader set x-webobjects-server-name sogo.ourdomain.de:443 RequestHeader set x-webobjects-server-url https://sogo.ourdomain.de:443; RequestHeader set x-webobjects-server-protocol HTTP/1.0 RequestHeader set x-webobjects-remote-host %{REMOTE_HOST}e env=REMOTE_HOST AddDefaultCharset UTF-8 Order allow,deny Allow from all /Proxy /VirtualHost ### 8443 ist apfel-standard für verschlüsseltes carddav virtualhost sogo.ourdomain.de:8443 ServerAdmin webmas...@ourdomain.de DocumentRoot /var/www include includes/generic-ssl-stuff include includes/generic-sogo-stuff ProxyPassInterpolateEnv On ProxyPass /principals http://127.0.0.1:2/SOGo/dav/ interpolate ProxyPass /SOGo/dav/ http://127.0.0.1:2/SOGo/dav/ interpolate ProxyPass / http://127.0.0.1:2/SOGo/dav/ interpolate Proxy http://127.0.0.1:2/SOGo RequestHeader set x-webobjects-server-port 8443 RequestHeader set x-webobjects-server-name sogo.ourdomain.de:8443 RequestHeader set x-webobjects-server-url https://sogo.ourdomain.de:8443; RequestHeader set x-webobjects-server-protocol HTTP/1.0 RequestHeader set x-webobjects-remote-host %{REMOTE_HOST}e env=REMOTE_HOST AddDefaultCharset UTF-8 Order allow,deny Allow from all /Proxy ErrorLog${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/sogo_apfeldav_access.log combined /virtualhost ### und 8843 ist apfelstandard für verschlüsseltes caldav virtualhost sogo.ourdomain.de:8843 ServerAdmin webmas...@ourdomain.de DocumentRoot /var/www include includes/generic-ssl-stuff include includes/generic-sogo-stuff ProxyPassInterpolateEnv On ProxyPass /principals http://127.0.0.1:2/SOGo/dav/ interpolate ProxyPass /SOGo/dav/ http://127.0.0.1:2/SOGo/dav/ interpolate ProxyPass / http://127.0.0.1:2/SOGo/dav/ interpolate Proxy http://127.0.0.1:2/SOGo RequestHeader set x-webobjects-server-port 8843 RequestHeader
Re: [SOGo] https, carddav and caldav config with SSL - any working example
Am 11.01.13 10:55, schrieb Thoralf Schulze: hi, Am 11.01.2013 10:41 schrieb Götz Reinicke - IT Koordinator: For the LIVE system we like to have sogo running as a virtual apache host and secure as much as possible by using ssl. hth, we are using debian squeeze. with kind regards, t. Wow hi big kòutóu :) I think that will help a lot! Thanks and regards . Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Jürgen Walter MdL Staatssekretär im Ministerium für Wissenschaft, Forschung und Kunst Baden-Württemberg Geschäftsführer: Prof. Thomas Schadt smime.p7s Description: S/MIME Kryptografische Unterschrift
Re: [SOGo] https, carddav and caldav config with SSL - any working example
Am 11.01.2013 11:13, schrieb Götz Reinicke - IT Koordinator: Am 11.01.13 10:55, schrieb Thoralf Schulze: hi, Am 11.01.2013 10:41 schrieb Götz Reinicke - IT Koordinator: For the LIVE system we like to have sogo running as a virtual apache host and secure as much as possible by using ssl. hth, we are using debian squeeze. with kind regards, t. Wow hi big kòutóu :) I think that will help a lot! Thanks and regards . Götz Hi Götz, hi Thoralf, that setup looks quite similar to mine, but with two obvious differences: 1st/ I had to restrict my setup to one port for HTTPS. So I do not have those additional HTTPS ports available. 2nd/ For those iDevices out there, and also the Android CalDAV connector that I can highly recommend, I implemented the .well-known setting in the web root. You can do that with Apache config files, or just create a directory .well-known in the web root and add some mini PHP files that redirect to the intended location as caldav.php and carddav.php (I have multiviews on in that VM, so the request /.well-known/carddav works). Files might look like ? header(Location: https://sogo.-mydomain-.de/SOGo/dav/;); ? This might also be handy when you have a multi-domain setup where everyone just enters his own domain name (where the web-space lives on HTTP only, probably, and no multi-domain certificate is availble for) and is magically redirected to the SOGo service on the right domain name, such that certificates work correctly etc. BR AMH -- users@sogo.nu https://inverse.ca/sogo/lists