1 Topic by duy_dang2110

  • duy_dang2110
  • Member
  • Offline
  • Registered: 2013-12-09
  • Posts: 43

Topic: Securing RoundCube login to https

==== Required information ====
- iRedMail version (check /etc/iredmail-release):     v1.8.1 (MySQL)
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====
Hi all ,
I have a probelm with roundcube secure login use https , I only want to allow user use https to login , I have changed /var/www/html/index.html file and point the url to https :
<html>
    <head>
        <meta HTTP-EQUIV="REFRESH" content="0; url=https://mydomain.com/mail/">
    </head>
</html>
I also config roundcube to only use https $config['force_https'] = true; but I still can access direct to  mydomain.com/mail (http still work), please help to redirect http to https or prenvent user to access through http . thank you .

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,789

Re: Securing RoundCube login to https

duy_dang2110 wrote:

$config['force_https'] = true;

With this setting, Roundcube will redirect to https.
Which Roundcube config file did you modify (to add this setting)?

3 Reply by duy_dang2110

  • duy_dang2110
  • Member
  • Offline
  • Registered: 2013-12-09
  • Posts: 43

Re: Securing RoundCube login to https

Hi Zhang , here is the Rouncube  config file /var/www/roundcubemail/config/defaults.inc.php  , have you got any idle .

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,789

Re: Securing RoundCube login to https

All your customizations MUST be placed in /var/www/roundcubemail/config/config.inc.php instead, so that it won't be removed after upgrading Roundcube.

5 Reply by duy_dang2110

  • duy_dang2110
  • Member
  • Offline
  • Registered: 2013-12-09
  • Posts: 43

Re: Securing RoundCube login to https

ZhangHuangbin wrote:

All your customizations MUST be placed in /var/www/roundcubemail/config/config.inc.php instead, so that it won't be removed after upgrading Roundcube.

Hi Zhang , it worked , thank you very much . My mistake , I don't read config.inc.php file carefully .