Hi,
the situation: NS “A” and NS “B” are placed into a DMZ behind a pfsense.
NS “A” is the Mailserver. SOGo3 runs on this machine. This machine is NOT directly available from the web: the port forwarding for “80” and “443” redirects to the machine NS “B”.
NS “B” is the Webserver and gets all the requests for port “80” and port “443”.
The target: I would like that the NS “B” redirects the requests “webmail.domain.tld” to “NS_A.domain.tld/SOGo” (this url tested from “inside” works well).
Therefore I set this into the “reverse proxy” of the server-manager of NS “B”.
“webmail.domain.tld” redirects the request but the displayed web page is totally destroyed: I can hardly recognize the login folders of SOGo webmail but thats all. The CSS seems to be not existing and the login doesn’t work.
“webmail.domain.tld”, “NS_A.domain.tld” and “NS_B.domain.tld” have a valid certificate from Letsencrypt.
Who has an idea? Who has already solved this?
Thanks.
Arnaud
Hi Michael,
Many thanks for this link: you are right, it looks very close to what happens by me.
Unfortunately, I still haven’t had the possibility t(=“ich habe noch kein Möglichkeit gehabt” - for people who don’t understand my global English…) to test it, maybe this WE with some luck.
I’ll report in any case.
Bye
Arnaud
Also, the reverse proxy module in nethserver has been updated and is much much more powerful. The only reason you would need to use the method described in that post is if you have options that are not available in the web gui. I have actually moved all my reverse proxy sites to the gui and it works very well! Let me know if you have any questions about it.
Most things work, except sogo because of an ssl issue. But I am working on it! Plex, Nextcloud, PiHole, Subsonic, any remote server pretty much. The only thing that does not work properly is sogo and the actual gateway because of ssl. I will figure it out though, going to be installing a new nethserver instance on an APU2C4 box so it will be much more stable for me than it used to be.
Hi, @Jclendineng many thanks for the spontaneous help !
I think that I will need it: even if the instructions look clear, I haven’t got it working.
For remembering:
NS1.domain.tld/SOGo is where sogo is running. Not directely from the WAN available
NS2.domain.tld is the reverse-proxy. From the WAN available
webmail.domain.tld is the wished url to use to reach sogo from the WAN
What I’ve done on NS2, according to your instructions:
creating /etc/httpd/sites-available and /etc/httpd/sites-enabled with reading permissions for all and creating the conf file webmail.domain.tld.conf in “sites-available”: # ls -l sites-available/ total 4 -rw-r--r-- 1 root root 664 Jun 14 21:09 webmail.domain.tld.conf
creating the link from sites-enabled:
'# ls -l sites-enabled/
total 0
lrwxrwxrwx 1 root root 49 Jun 14 21:08 webmail.domain.tld.conf -> /etc/httpd/sites-available/webmail.domain.tld.conf`
entering into /etc/httpd/sites-available/webmail.domain.tld.conf:
nano /etc/httpd/conf/httpd.conf and add at the end of the file: IncludeOptional sites-enabled/*.conf
systemctl restart httpd to restart apache
The result is an error of apache by calling “webmail.domain.tld”:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Entering “NS1.domain.tld” instead of the IP of NS1 doesn’t change anything.
=> I’ll try to find details into the logs of apache.
Bye
Arnaud
PS: how to disable the auto-format of the police for commands or conf files? I selected “preformated text” but it seems not to disable the function?
Into the logs of httpd/error of NS2 (=the reverse proxy) after calling “https://webmail.domain.tld”: [Thu Jun 14 21:46:04.851063 2018] [ssl:error] [pid 6082] [remote IP_NS1:443] AH01961: SSL Proxy requested for NS1.domain.tld:80 but not enabled [Hint: SSLProxyEngine] [Thu Jun 14 21:46:04.851123 2018] [proxy:error] [pid 6082] AH00961: HTTPS: failed to enable ssl support for IP_NS1:443 (IP_NS1)
so, I’ve added the “SSL” parameters into the conf file => there is no error from apache any more, but I’ve the same result than using the “ReverseProxy” from the server-manager: I can hardly recognize the login screen of sogo because the css is completely destroyed.
Of course, as with the ReverseProxy, the login doesn’t work.
Question1: what should be done? Asking by sogo how to configure a reverse proxy?
Question2 : is it possible to set Sogo (installed as a module) having it’s web site available over another port?
[code]
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301]
ProxyPreserveHost On
ServerName webmail.domain.tld
ProxyPass / http://IP_NS1/SOGo/
ProxyPassReverse / http://IP_NS1/SOGo/
# RewriteEngine on
# RewriteCond %{HTTPS} !on
# RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301]
# RewriteRule ^ https://%{INTERNAL_IP/}%{REQUEST_URI} [END,QSA,R=permanent]
SSLEngine On
SSLProxyEngine On
ProxyPreserveHost On
ServerName webmail.domain.tld
ProxyPass / https://IP_NS1/SOGo/
ProxyPassReverse / https://IP_NS1/SOGo/
[/code]
EDIT: do you mean “webmail.domain.tld” should only point to “NS1.domain.tld” and then “webmail.domain.tld/SOGo” should be used to reach sogo?
I try immediately!