How to access SOGo and ActiveSync not through SSL (i.e. port 80)

NethServer Version: 7.6.1810
Module: SOGo, ActiveSync

Hi All,

My NethServer install sits behind a firewall with a proxy (pfSense with HAProxy). Ideally, I would like to configure a vhost that can present the SOGo web interface and ActiveSync unencrypted on port 80.

I know this is probably going to involve some ‘e-smith’ templates but could someone help with some clear instructions?

Many Thanks,

Jonathan

First why?

This is really risky, your password will be sent in clear on the network

After that do you want to use sogo with a virtual host or not, without a virtualhost it will be simple

This is what it makes the redirection to 443

2 Likes

Can’t help myself to agree…

Thanks for your help.

I do understand your point about it being risky but the NethServer is on a separate vlan connected only to the firewall so I feel that would be fairly safe. LAN and WAN hosts can only access my NetServer through the firewall (port 80 is blocked for them) and then only a non-standard port. Only the firewall will have access to port 80 and HAProxy allows me to easily deploy some extra filters. One of the things I have noticed is that Fail2ban does not ban repeated bad ActiveSync attempts.

Looking at the code snippet, this looks like the original template. If I comment out (or delete) the lines:
$OUT.= “RewriteCond %{HTTPS} !=on\n”;
$OUT.= “RewriteRule ^/SOGo(/.*)?$ https://%{HTTP_HOST}/SOGo$1 [R=301,L]\n”;
and regenerate the files with: signal-event nethserver-sogo-update
will that achieve what I am looking to do?
I just thought that having a new virtualhost would allow me to keep the existing default config and create a new one to play around with. In the first instance, just having ActiveSync on port 80 would be enough. I realise it will need to be SSLified to be used with client software but I thought that would be handled with HAProxy.

hum, indeed we have no jails for that, do you have something in log relative to this

Yes but you should create a custom-template, else the next update will overwrite your changes, for a vhost check the /etc/e-smith/templates/etc.httpd/conf.d/zzz_sogo.conf, you will find a redirection to redirect the 80 to 443

I have seen the info on creating custom templates and can handle that bit (I think!) I know that creating customised vhosts templates is more complicated so (at least to begin with) will just work with the default vhost. I get a bit lost with Apache directives and would be grateful for any help you can give on that part of the problem. default-virtalhost.inc has RewriteRule and zzz_SOGo.con has RequestHeader set. I did see this post:

which seems to be fairly close to what I am looking for but is a bit old. I thought that the actual redirect took place in 30SOGo part of default-virtualhost.inc. Nevertheless, I will give it a go and report back.

Thanks for your support and the great product that NethServer is!