Dec 29, 2023: iRedMail-1.6.8 has been released.

**alexp** · 2016-06-03 17:54:52

alexp
Member
Offline

Registered: 2011-03-24
Posts: 22

Topic: how can i make SOGo Webmail available under second hostname/alias?

======== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: ubuntu 14.04.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue:
====

Hello!

I have successfully installed iRedMail on a fresh Ubuntu 14.04.

Now i would like to make the SOGo Web Interface available under a different address as well.

During installation i used "hostname-a" so all services are available under "hostname-a.domain.de", but i would like to give users the possibility to reach the SOGo Web Page under "sogo.domain.de" as well.
Services should generally be available under http and https, preferably the latter.

How can i achieve this?

I have added a Virtualhost for http :80 and https :443 file with the second hostname in apache and also enabled it.
What to do with SOGo.conf in conf-available? Do i have to copy it as well? To use SSL, i had to set the ServerName and URL there:

RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "hostname-a.domain.de"
RequestHeader set "x-webobjects-server-url" "https://hostname-a.domain.de"

How to add the second Header set?

This is the VirtualHost for the second hostname: (sogo.domain.de.conf)

<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName sogo.domain.de
Redirect permanent / https://sogo.domain.de/
</VirtualHost>

and for SSL: (sogo.domain.de-ssl.conf)

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCipherSuite ----- commented out ---------
SSLHonorCipherOrder on
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
ServerName sogo.domain.de
</VirtualHost>
</IfModule>

Thanks a lot for your help. Alex

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2016-06-03 19:09:32

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,789

Re: how can i make SOGo Webmail available under second hostname/alias?

Try steps below (note: this is default settings in next iRedMail release):

*) Open file /etc/apache2/conf-enabled/SOGo.conf, comment out 3 lines:

  RequestHeader set "x-webobjects-server-port" "443"
  RequestHeader set "x-webobjects-server-name" "hostname-a.domain.de"
  RequestHeader set "x-webobjects-server-url" "https://hostname-a.domain.de"

Replace them by lines below (NOTE: just copy and paste, no need to set a domain name):

    RequestHeader set "x-webobjects-server-port" "443"
    RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e" env=HTTP_HOST
    RequestHeader set "x-webobjects-server-url" "https://%{HTTP_HOST}e" env=HTTP_HOST

This way we don't need to hard-code any domain name, and it supports multiple web domains.

*) [OPTIONAL] Comment out 2 "ProxyPass ..." lines like below:

ProxyPass /Microsoft-Server-ActiveSync http://...
ProxyPass /SOGo http://...

Because settings in /etc/apache2/conf-enabled/* are available for both http and https, so we disable SOGo access by default (by commenting out `ProxyPass`).

*) Now go to /etc/apache2/sites-enabled/, if you want to enable SOGo for that domain, just add 2 "ProxyPass" directives in its https web host like this:

ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync retry=60 connectiontimeout=5 timeout=360

Note: the value in "timeout=" must be same as parameter 'SOGoMaximumPingInterval' in SOGo config file (/etc/sogo/sogo.conf).

let me know whether or not it works for you.

FYI: template file of /etc/apache2/conf.d/SOGo.conf:
https://bitbucket.org/zhb/iredmail/src/ … pache.conf

**alexp** · 2016-06-04 00:44:45

alexp
Member
Offline

Registered: 2011-03-24
Posts: 22

Re: how can i make SOGo Webmail available under second hostname/alias?

Hi Zhang,

thanks for your quick reply. Actually i cannot make it work. I have been trying for three hours with this now i reverted to the original state without any other Virtual Hosts for now.

A main problem was that after login to https://sogo.domain.de/SOGo it got redirected to http instead again and the sogo page was either messed up (apparently missing style sheets) or did not even load further. Manually adding https: in front og the domain was making it accessible again.

So the new domain was semi-working, but the original domain hostname-a.domain.de was not accessible anymore. I had created an additional Virtual host file for 80 and 443 for both and made them available via a2ensite.

I will try next week from start again as maybe now i messed up too much and see if i can collect better debug info for you then.

Thanks, Alex

**ZhangHuangbin** · 2016-06-04 07:56:35

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,789

Re: how can i make SOGo Webmail available under second hostname/alias?

Oh, i forgot one setting which you should add in the default http (not https) virtual host:

RewriteRule /SOGo(.*) https://%{HTTP_HOST}%{REQUEST_URI}

On Ubuntu, it should be file /etc/apache2/sites-enabled/000-default.conf.

Please try again, it should work.

**alexp** · 2016-06-05 07:49:12

alexp
Member
Offline

Registered: 2011-03-24
Posts: 22

Re: how can i make SOGo Webmail available under second hostname/alias?

Hi Zhang,

i can't get it to work. SOGo is accesible under the sogo.domain.de and redirected to https, but the login is not possible and it misses any style sheet info, see attachment. The redirect from http to https is generally working.. also for roundcube or iredadmin. But under the hostname stromberg.domain.de, SOGo is not reachable: i get a 404 now.

FYI: "domain" is just a mask for the real domain here in all these files.

For the record i post my configs here:

Inside sites-enabled i have now:
lrwxrwxrwx 1 root root 35 Jun 5 01:26 000-default.conf -> ../sites-available/000-default.conf
lrwxrwxrwx 1 root root 35 Jun 5 01:03 default-ssl.conf -> ../sites-available/default-ssl.conf
lrwxrwxrwx 1 root root 42 Jun 5 00:39 sogo-domain-de.conf -> ../sites-available/sogo-domain-de.conf
lrwxrwxrwx 1 root root 46 Jun 5 00:39 sogo-domain-de-ssl.conf -> ../sites-available/sogo-domain-de-ssl.conf
lrwxrwxrwx 1 root root 47 Jun 5 00:39 stromberg-domain-de.conf -> ../sites-available/stromberg-domain-de.conf
lrwxrwxrwx 1 root root 51 Jun 5 00:39 stromberg-domain-de-ssl.conf -> ../sites-available/stromberg-domain-de-ssl.conf
(stromberg is the hostname)

000-default.conf

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ServerName stromberg.domain.de
        RewriteEngine on
        RewriteRule /SOGo(.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

default-ssl.conf

IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCipherSuite ----- 
        SSLHonorCipherOrder on

        SSLCertificateFile /etc/ssl/certs/iRedMail.crt
        SSLCertificateKeyFile /etc/ssl/private/iRedMail.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0

        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

        Alias /iredadmin/static "/opt/www/iredadmin/static/"
        WSGIScriptAlias /iredadmin "/opt/www/iredadmin/iredadmin.py/"
        Alias /mail "/opt/www/roundcubemail/"
        Alias /awstats/icon "/usr/share/awstats/icon/"
        Alias /awstatsicon "/usr/share/awstats/icon/"
        ScriptAlias /awstats "/usr/lib/cgi-bin/"
    </VirtualHost>
</IfModule>

sogo-domain-de.conf

<VirtualHost *:80>
    ServerName sogo.domain.de
    ServerAdmin admin@domain.de
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

sogo-domain-de-ssl.conf

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@domain.de
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCipherSuite -----
        SSLHonorCipherOrder on
        SSLCertificateFile /etc/ssl/certs/iRedMail.crt
        SSLCertificateKeyFile /etc/ssl/private/iRedMail.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        ServerName sogo.domain.de
        ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
        ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync retry=60 connectiontimeout=5 timeout=3540
        </VirtualHost>
</IfModule>

For the hostname stromberg the files for http and https are identical to the hostname sogo.

SOGo.con inside conf-available (linked inside -enable)

Alias /SOGo.woa/WebServerResources/ PH_SOGO_GNUSTEP_DIR/WebServerResources/
Alias /SOGo/WebServerResources/ PH_SOGO_GNUSTEP_DIR/WebServerResources/

<Directory PH_SOGO_GNUSTEP_DIR/>
    AllowOverride None

    <IfVersion < 2.4>      
        Order deny,allow
        Allow from all
    </IfVersion>
    <IfVersion >= 2.4>
        Require all granted
    </IfVersion>

    # Explicitly allow caching of static content to avoid browser specific behavior.
    # A resource's URL MUST change in order to have the client load the new version.
    <IfModule expires_module>
      ExpiresActive On
      ExpiresDefault "access plus 1 year"
    </IfModule>
</Directory>

## Uncomment the following to enable proxy-side authentication, you will then
## need to set the "SOGoTrustProxyAuthentication" SOGo user default to YES and
## adjust the "x-webobjects-remote-user" proxy header in the "Proxy" section
## below.
#
## For full proxy-side authentication:
#<Location /SOGo>
#  AuthType XXX
#  Require valid-user
#  SetEnv proxy-nokeepalive 1
#  Allow from all
#</Location>
#
## For proxy-side authentication only for CardDAV and GroupDAV from external
## clients:
#<Location /SOGo/dav>
#  AuthType XXX
#  Require valid-user
#  SetEnv proxy-nokeepalive 1
#  Allow from all
#</Location>

ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On

# When using CAS, you should uncomment this and install cas-proxy-validate.py
# in /usr/lib/cgi-bin to reduce server overloading
#
# ProxyPass /SOGo/casProxy http://localhost/cgi-bin/cas-proxy-validate.py
# <Proxy http://localhost/app/cas-proxy-validate.py>
#   Order deny,allow
#   Allow from your-cas-host-addr
# </Proxy>

#
# You should enable 2 `ProxyPass` directives in https
#
# Enable to use Microsoft ActiveSync support
# Note that you MUST have many sogod workers to use ActiveSync.
# See the SOGo Installation and Configuration guide for more details.
#
#ProxyPass /Microsoft-Server-ActiveSync \
# http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
# retry=60 connectiontimeout=5 timeout=3540
#
#ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0

<Proxy http://127.0.0.1:20000/SOGo>
    # Redirect http access of /SOGo to https
    RequestHeader set "x-webobjects-server-port" "443"
    RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e" env=HTTP_HOST
    RequestHeader set "x-webobjects-server-url" "https://%{HTTP_HOST}e" env=HTTP_HOST

    ## When using proxy-side autentication, you need to uncomment and
    ## adjust the following line:
    RequestHeader unset "x-webobjects-remote-user"
    #RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e" env=REMOTE_USER

    RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"

    AddDefaultCharset UTF-8
</Proxy>

<IfModule rewrite_module>
    RewriteEngine On
    # For Apple autoconfiguration
    RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301]
    RewriteRule ^/.well-known/carddav/?$ /SOGo/dav [R=301]
</IfModule>

I hope you can find anything which might be misconfigured.

Could it be better to just work with ServerAlias in the default vhost file?

Thanks! Alex

Post's attachments

Bildschirmfoto 2016-06-05 um 01.22.36.png
Bildschirmfoto 2016-06-05 um 01.22.36.png 21.76 kb, 1 downloads since 2016-06-04

You don't have the permssions to download the attachments of this post.

**ZhangHuangbin** · 2016-06-05 08:26:42

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 30,789

Re: how can i make SOGo Webmail available under second hostname/alias?

Please add the line "RewriteRule /SOGo(.*) https://%{HTTP_HOST}%{REQUEST_URI}" in sogo-domain-de.conf too.

Since we don't hard-code the server name or url in "x-webobjects-server-name" and "x-webobjects-server-url", SOGo will always tries to access current http host name in URL (the one in your web browser, https://<host>/SOGo), so you should make the SOGo http access redirected to https.

**alexp** · 2016-06-08 05:04:16

alexp
Member
Offline

Registered: 2011-03-24
Posts: 22

Re: how can i make SOGo Webmail available under second hostname/alias?

Hi Zhang,

it took me a bit to come back on this topic but i got it solved i think.

I went a bit different way but now i can choose my hostnames like i want.

The solution for me was to use "ServerAlias" to make SOGo available under "sogo" instead of "hostname" in the default virtual host:

000-default.conf

 ServerName hostname-a.domain.de
 ServerAlias hostname-b.domain.de hostname-c.domain.de
 RewriteEngine on
 RewriteRule /SOGo(.*) https://%{HTTP_HOST}%{REQUEST_URI}

SOGo.conf

ProxyPass /Microsoft-Server-ActiveSync \
 http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
 retry=60 connectiontimeout=5 timeout=3540

ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0

<Proxy http://127.0.0.1:20000/SOGo>
<IfModule headers_module>
  RequestHeader set "x-webobjects-server-port" "443"
  RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e" env=HTTP_HOST
  RequestHeader set "x-webobjects-server-url" "https://%{HTTP_HOST}e" env=HTTP_HOST
  RequestHeader unset "x-webobjects-remote-user"
  RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
</IfModule>

So i kept the ProxyPass in the SOGO.conf like it was in the original file original and did not move it to the https virtual hosts.

So far i would say it is resolved, now i am diving into letsencrypt.org to have all valid certs for the different hostnames..

Best, Alex

**Dr. Kisow** · 2017-10-14 03:05:07

Dr. Kisow
Member
Offline

From: Greater Pittsburgh Region
Registered: 2017-10-14
Posts: 10

Re: how can i make SOGo Webmail available under second hostname/alias?

I solved it like this...

Disable the SOGo.conf and create this one at /etc/apache2/sites-available

# cat sogo.example.org.conf

<VirtualHost *:80>
ServerName sogo.example.org
ServerAdmin admin@example.org

RedirectMatch permanent ^/ https://sogo.example.org/SOGo
RedirectMatch permanent ^/SOGo https://sogo.example.org/SOGo

ErrorLog ${APACHE_LOG_DIR}/sogo.example.org.error.log
CustomLog ${APACHE_LOG_DIR}/sogo.example.org.access.log combined
ServerSignature Off
</VirtualHost>

<VirtualHost *:443>
ServerName sogo.example.org
ServerAdmin admin@example.org
DocumentRoot /usr/lib/GNUstep/SOGo/WebServerResources/

RewriteEngine On
RewriteRule ^/SOGo/(.*)$ /SOGo/$1 [env=REMOTE_HOST:%{REMOTE_ADDR},PT]

Redirect permanent /index.html https://sogo.example.org/SOGo

Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

SSLEngine on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on

SSLCertificateFile /etc/letsencrypt/live/iredadmin.example.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/iredadmin.example.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/iredadmin.example.org/chain.pem

Alias /SOGo.woa/WebServerResources/ /usr/lib/GNUstep/SOGo/WebServerResources/
Alias /SOGo/WebServerResources/ /usr/lib/GNUstep/SOGo/WebServerResources/
AliasMatch /SOGo/so/ControlPanel/Products/(.*)/Resources/(.*) /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2

<Directory /usr/lib/GNUstep/SOGo/>
AllowOverride None

<IfVersion < 2.4>
Order deny,allow
Allow from all
</IfVersion>

<IfVersion >= 2.4>
Require all granted
</IfVersion>

<IfModule expires_module>
ExpiresActive On
ExpiresDefault "access plus 1 year"
</IfModule>
</Directory>

<LocationMatch "^/SOGo/so/ControlPanel/Products/.*UI/Resources/.*\.(jpg|png|gif|css|js)">
SetHandler default-handler
</LocationMatch>

ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0

<Proxy http://127.0.0.1:20000/SOGo>
RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "sogo.example.org"
RequestHeader set "x-webobjects-server-url" "https://sogo.example.org"
RequestHeader set "x-webobjects-remote-host" %{REMOTE_HOST}e env=REMOTE_HOST

RequestHeader unset "x-webobjects-remote-user"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"

AddDefaultCharset UTF-8

Order allow,deny
Allow from all
</Proxy>

<IfModule rewrite_module>
RewriteEngine On
# For Apple autoconfiguration
RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301]
RewriteRule ^/.well-known/carddav/?$ /SOGo/dav [R=301]
</IfModule>

ErrorLog ${APACHE_LOG_DIR}/sogo.example.org.error.log
CustomLog ${APACHE_LOG_DIR}/sogo.example.org.access.log combined
ServerSignature Off
</VirtualHost>

Dec 29, 2023: iRedMail-1.6.8 has been released.

[ Closed ] how can i make SOGo Webmail available under second hostname/alias?

Posts: 8

1 Topic by alexp 2016-06-03 17:54:52 (edited by alexp 2016-06-03 17:55:26)

Topic: how can i make SOGo Webmail available under second hostname/alias?

2 Reply by ZhangHuangbin 2016-06-03 19:09:32

Re: how can i make SOGo Webmail available under second hostname/alias?

3 Reply by alexp 2016-06-04 00:44:45

Re: how can i make SOGo Webmail available under second hostname/alias?

4 Reply by ZhangHuangbin 2016-06-04 07:56:35

Re: how can i make SOGo Webmail available under second hostname/alias?

5 Reply by alexp 2016-06-05 07:49:12 (edited by alexp 2016-06-05 07:50:30)

Re: how can i make SOGo Webmail available under second hostname/alias?

6 Reply by ZhangHuangbin 2016-06-05 08:26:42

Re: how can i make SOGo Webmail available under second hostname/alias?

7 Reply by alexp 2016-06-08 05:04:16

Re: how can i make SOGo Webmail available under second hostname/alias?

8 Reply by Dr. Kisow 2017-10-14 03:05:07

Re: how can i make SOGo Webmail available under second hostname/alias?

Posts: 8