1

Topic: SSL issues SOGo and ActiveSync

I'm having a problem getting SSL to work with SOGo and ActiveSync.

In Apache I redirect everything to SSL in 000-default.conf:

<VirtualHost *:80>
ServerName mail.mydomain.com
Redirect permanent / https://mail.mydomain.com/
</VirtualHost>

This works great for everything but SOGo.
For SOGo, login page loads https correctly, but as soon as you login you end up getting redirected to http and the page doesn't load properly because of mixed http and https calls.
After getting redirected to http I can I can add "https:" in the URL bar and force it, then it will load correctly.

I think the problem is the http ProxyPass statements in the Apache SOGo.conf file:

ProxyPass /Microsoft-Server-ActiveSync \
 http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
 retry=60 connectiontimeout=5 timeout=3540

ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0

I have tried changing these ProxyPass statements to https (and turning on SSLProxyEngine).
This failed.
I have also changed 127.0.0.1 to mail.mydomain.com (which resolves locally to 127.0.0.1) and this still fails with internal server error.

How can I force SSL for everything?



==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5.1
- Linux/BSD distribution name and version: Ubuntu 14.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: SSL issues SOGo and ActiveSync

Please set correct values for "x-webobjects-server-name" and "x-webobjects-server-url" settings in Apache SOGo.conf.

Also, you may want to comment out "ProxyPass /SOGo ..." and "ProxyPass /Microsoft-Server-ActiveSync ..." and move them to Apache default-ssl site config, so that no http:// access for SOGo.

3 (edited by ottoman 2016-05-27 00:27:40)

Re: SSL issues SOGo and ActiveSync

ZhangHuangbin wrote:

Please set correct values for "x-webobjects-server-name" and "x-webobjects-server-url" settings in Apache SOGo.conf.

Also, you may want to comment out "ProxyPass /SOGo ..." and "ProxyPass /Microsoft-Server-ActiveSync ..." and move them to Apache default-ssl site config, so that no http:// access for SOGo.

Thank you, headers were set correctly but it still did not fix the issue. Moving the ProxyPass statements into my <VirtualHost *:443> container fixed the issue.

Cup of coffee sent to you!

4

Re: SSL issues SOGo and ActiveSync

Hi @ottoman,

Thanks for your coffee.

Just want to share, i replied your thread in SOGo mailing list, and suggest SOGo team to use 2 flexible Apache settings. You may want to give it a try.