On my new Web- and Mailserver, based on Nethserver for sure, I am trying to accessing the Roundcube Website but I fail in “Too many redirects”-Error. This only happens, if I am accessing the site via DNS Name (https://something.com/webmail). If I am using the internal IP address from an internal PC I have no problems with it. I am using Nethserver 7 with all updates installed.
Any Ideas how I can figure out what is causing the endless-redirects?
And after one more test I belive the Problem is here. Because: If I am accessing a subdomain I registered (mail.*) with the /webmail-Suffix, it works:
In both cases (with or without the “mail.” in front) the same IP is resolved and directed to the Nethserver. The difference is that the mail.-Subdomain has no Virtual Host.
Maybe it is a Bug?
What is the result of the issue that we know that there is a loop? I have absolutly no idea how I can investigate the reason for it. I checked the apache configs but I don’t see a reason in there why here is a loop like this. Any suggestions or ideas how to go on?
Don’t ask me why but it works when editing /etc/roundcubemail/config.inc.php
// enforce connections over https
// with this option enabled, all non-secure connections will be redirected.
// set the port for the ssl connection as value of this option if it differs from the default 443 $config[‘force_https’] = false;// originally set to true
// tell PHP that it should work as under secure connection
// even if it doesn’t recognize it as secure ($_SERVER[‘HTTPS’] is not set)
// e.g. when you’re running Roundcube behind a https proxy
// this option is mutually exclusive to ‘force_https’ and only either one of them should be set to true. $config[‘use_https’] = true;// originally set to false
Other errors:
[autoindex:error] [pid 6609] [client 192.168.25.13:52776] AH01276: Cannot serve directory /var/lib/nethserver/vhost/testvhost/: No matching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive
Probably unrelated, but this error showed up when expanding-templates:
esmith::event[3259]: ERROR in /etc/e-smith/db/networks/migrate//trafficshaping.el7: Program fragment delivered error <<Can’t call method “delete” on an undefined value at /etc/e-smith/db/networks/migrate//trafficshaping.el7 line 22.>> at template line 1
esmith::event[3259]: ERROR: Template processing failed for /: 1 fragment generated errors
esmith::event[3259]: at /usr/share/perl5/vendor_perl/esmith/DB.pm line 459.
@dnutan Great work
So we have a workaround for it and we know that it is a common problem and not only my problem that should be fixed until the release of NS7.
My bad, I didn’t drive attention towards the http -> https redirection issue.
I also prefer the first option for the FQDN to prevail.
In addition to the roundcube config changes, yesterday tried an additional change, this time on /etc/httpd/conf.d/default-virtualhost.inc file, removing the \ escape chars:
RewriteEngine On
RewriteRule ^/webmail(/.*)?$ https://%{HTTP_HOST}/webmail$1 [R=301,L]
RewriteRule ^/roundcubemail(/.*)?$ https://%{HTTP_HOST}/roundcubemail$1 [R=301,L]
And the http to https worked with the FQDN and with the virtualhost.
Bear in mind I’ve no clue neither about rewrite rules nor vhosts, so if this is wrong… shame on me.
P.S. with other virtual hosts redirections (i.e. /server-manager) it’s looking for it on /var/lib/nethserver/vhost/whatever/server-manager, which might be the expected behavior.
[details=See log excerpt]
[ssl:debug] Connection closed to child 6 with standard shutdown (server pippo.org:80)
[rewrite:trace2] init rewrite engine with requested uri /server-manager
[rewrite:trace3] applying pattern ‘(.)’ to uri ‘/server-manager’
[rewrite:trace4] RewriteCond: input=‘off’ pattern=’!=on’ => matched
[rewrite:trace2] rewrite ‘/server-manager’ -> ‘https://pippo.org/server-manager’
[rewrite:trace2] explicitly forcing redirect with https://pippo.org/server-manager
[rewrite:trace1] escaping https://pippo.org/server-manager for redirect
[rewrite:trace1] redirect to https://pippo.org/server-manager [REDIRECT/302]
[ssl:debug] Connection closed to child 0 with standard shutdown (server pippo.org:80)
[ssl:debug] HTTPS request received for child 4 (server pippo.org:80)
[rewrite:trace2] init rewrite engine with requested uri /server-manager
[rewrite:trace3] applying pattern '(.)’ to uri ‘/server-manager’
[rewrite:trace4] RewriteCond: input=‘on’ pattern=’!=on’ => not-matched
[rewrite:trace1] pass through /server-manager
[authz_core:debug] AH01626: authorization result of Require ip 127.0.0.1 192.168.0.0/255.255.255.0: granted
[authz_core:debug] AH01626: authorization result of : granted
[authz_core:debug] AH01626: authorization result of : granted
[core:info] AH00128: File does not exist: /var/lib/nethserver/vhost/pippo/server-manager
[ssl:debug] AH02001: Connection closed to child 4 with standard shutdown (server pippo.org:80)
Removing the \ in front of the $ is a correct bugfix I think.
Why?
The whole string looks like RegEx (except that the / is not escaped).
The $ would mean “Dollar Character”.
Only $ would mean “End of String”.
So the whole part ^/webmail(/.*)?$ means ^ = String starts here /webmail = followed by the string “/webmail” /.* = followed by any characters between count of zero and unlimited ? = the statement before (/.*) can be zero or one time
Check by yourself at www.regex101.com and paste ^\/webmail(\/.*)?$ (with correctly escaped slashes).
Additionally the second rule in that files, as @dnutan mentioned, don’t have the escaped $.
WRONG AFTER EDIT:
As a result it sounds reasonable for me, that the remove of the \ is the solution.
Edit:
After I removed the \ at the end of the first and the second RegEx Statement and executed signal-event nethserver-httpd-update I still have the same problem…
The file I modified was /etc/e-smith/templates/etc/httpd/conf.d/default-virtualhost.inc/30roundcubemail and the change is also available in /etc/httpd/conf.d/default-virtualhost.inc after the signal event
@Hunv, the changes I made just for testing where in /etc/httpd/conf.d/default-virtualhost.inc.
If the changes are applied to the e-smith template then some additional escaping could be required.
Applied the changes proposed by Mark, in a custom template. The resulting file looks good, no expansion error in the log.
A recap. There were two workarounds involved:
For the too many redirects (redirect loop) in roundcube: changes on /etc/roundcubemail/config.inc.php
$config['force_https'] = false; //default was true. This change was the workaround
$config['use_https'] = true; //default was false. Seemed unnecessary for the workaround, but was changed as adviced by the doc comments.
For the http to https redirection:
virtual host set to “Require SSL encrypted connection”
Change in rewrite rules (then template expansion, httpd restart)
Additionally, browser’s DNS cache was cleaned.
Maybe it’s not the proper fix, but worked in my tests when accessing from LAN, without proxy.
me too!
And Kudos to 