Re: [RCU] progress on locking in https

Mon, 31 Dec 2012 19:57:38 -0800 


On 12/31/2012 10:01 PM, Reindl Harald wrote:


Am 01.01.2013 03:55, schrieb Arne Berglund:

On 2012-12-31 17:23, Robert Moskowitz wrote:

I can't claim any real skill in configuring apache, all I can do is
read readmes and copy and paste for examples and things I have
running...  So I SEEM to have made some real headway, but have not
gotten wireshark going to see if it is really behaving as it seems. I
would appreciate any input on a cleaner way to setup Roundcube as a
virtual host only over TLS.

<snipped>

Robert, here's the setup I have, partially inherited and partially refined over 
the years. My ReWrite is in a
directory declaration, and has never thrown any errors.

<Directory "/">
         RewriteEngine on
         ReWriteCond %{HTTP_HOST} =webmail.example.org [NC]
         RewriteCond %{SERVER_PORT} !^443$
         RewriteRule ^.*$ https://webmail.example.org%{REQUEST_URI} [L,R]
</Directory>

I am not quite getting this.  Or maybe I barely am...  This is saying if 
the URL of webmail.example.org is recieved, this rewrite occurs, and the 
virtualhost envelope is not needed.  What if the URL is 
webmail.example.org/something  ???



the next one missing that without "secure only" flag the browser
will send the cookies unencrypted because they are part of he
request headers and the redirect happens after them



Oh, I think I see.  Noel pointed out that the session.cookie_secure can 
go in the virtual_host envelope....


So I get:

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>

    ServerName webmail
    ServerAlias webmail.foo.com
    php_admin_flag session.cookie_secure "1"
    RewriteEngine On
        RewriteCond  %{SERVER_PORT} !^443$
        RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
        ExpiresDefault "access plus 10 years"
        AddOutputFilterByType DEFLATE text/html text/plain text/xml

</VirtualHost>

<VirtualHost *:443>

    ServerName webmail
    ServerAlias webmail.foo.com
    SSLEngine On
    SSLCertificateFile /etc/pki/tls/certs/foo.com.crt
    SSLCertificateKeyFile /etc/pki/tls/private/foo.com.key
    DocumentRoot /usr/share/roundcubemail
    <Directory /usr/share/roundcubemail/>
            Order Deny,Allow
            Allow from all
        php_admin_flag session.cookie_secure "1"
    </Directory>

</VirtualHost>



_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users





















					Reply via email to