Thanks very much Gordon Messner for pointing this out, setting HTTP_HOST solved my problem. It is working perfectly on https now, no plain http anymore :) I agree on this being a good enhancement to the default config.
@Christian Mack thanks as well for the explanation. I already changed the RequestHeader set directives in sogo.conf to https, so that's why I concluded SOGo switched to plain http itself. It's all clear now. Kind regards, Jesper --------------------------------------- Van: [email protected] [mailto:[email protected]] Namens Gordon Messmer Verzonden: donderdag 16 maart 2017 18:31 Aan: [email protected] Onderwerp: Re: [SOGo] Use https in stead of http, port 80 not available On 03/16/2017 09:21 AM, Christian Mack" ([email protected]) wrote: SOGo switches to plain http after login. No, it does not, if you configured your apache correctly :-) Well, let's say that it does as it is distributed, and the reason for that is *really* not obvious. The SOGo.conf file provided by the vendor includes two lines: RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e" env=HTTP_HOST RequestHeader set "x-webobjects-server-url" "https://%{HTTP_HOST}e"; env=HTTP_HOST The problem is that HTTP_HOST isn't normally set unless you're using mod_rewrite for the request. Users probably expect this to work by default, but it doesn't. You can fix that by setting the variable: SetEnvIf Host (.*) HTTP_HOST=$1 RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e" env=HTTP_HOST RequestHeader set "x-webobjects-server-url" "https://%{HTTP_HOST}e"; env=HTTP_HOST But really, this *should* be secure by default, and it isn't. I'd think this should be reported as a bug, and if that's rejected, then refiled as a request for enhancement. The default behavior is not good. -- [email protected] https://inverse.ca/sogo/lists -- [email protected] https://inverse.ca/sogo/lists
