1 Topic by braindeadgenius (edited by braindeadgenius 2018-02-08 10:10:38)

  • braindeadgenius
  • Member
  • Offline
  • Registered: 2018-01-26
  • Posts: 15

Topic: SQL Structure & Apache VHost Conf

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Ubuntu 16.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
====

It would be nice to see an updated SQL structure in the docs for those who try to install iRedMail on an existing server.

Something is up with my VHost configuration and won't allow me to connect to RoundCube or the administration panel. I get a 403 Forbidden error when I try to connect to the administration panel. And I get an error of too many redirects by trying to visit RoundCube. I tried this on a fresh server install and access the applications worked, but that was without modifying the apache conf file, or the VHost. iRedMail was the first thing I installed on a fresh Ubuntu 16 server where I am having these issues.

There is no error when trying to access RoundCube. Trying to access the administration panel throws the following error:
Cannot serve directory /opt/www/iredadmin/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive

Here is apache2.conf
https://pastebin.com/nsvqE0m8

Here is my VHost
https://pastebin.com/8TeWAAZm

There are a couple subdomains, but those don't really matter for the purpose of this. All traffic is routed through port 80, but https is served through an ELB I have set up on AWS, and the certificate is served with ACM.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: SQL Structure & Apache VHost Conf

What's the related error message in Apache log file?

Also, please run iRedAdmin with https, sending login password to a http site is not secure.

3 Reply by braindeadgenius

  • braindeadgenius
  • Member
  • Offline
  • Registered: 2018-01-26
  • Posts: 15

Re: SQL Structure & Apache VHost Conf

The only error specified anywhere was the following

Sat Jan 27 15:25:52.568078 2018] [autoindex:error] [pid 19309] [client 10.0.0.31:14220] AH01276: Cannot serve directory /opt/www/iredadmin/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive


I am not using the SSL Apache configuration file created by iRedMail, but I copied the contents over to my VHost.
Also, the ELB is serving and handling the https connection, not the server itself.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: SQL Structure & Apache VHost Conf

Do you have file "/etc/apache2/conf-availables/iredadmin.conf" and /etc/apache2/conf-enabled/iredadmin.conf (this one is a symbol link to the former one)?

5 Reply by braindeadgenius

  • braindeadgenius
  • Member
  • Offline
  • Registered: 2018-01-26
  • Posts: 15

Re: SQL Structure & Apache VHost Conf

Yes, both files are there.

I just disabled iredadmin.conf for shits and giggles and re-enabled it, and now it works.

RoundCubeMail still has an endless re-direct though.

6 Reply by braindeadgenius

  • braindeadgenius
  • Member
  • Offline
  • Registered: 2018-01-26
  • Posts: 15

Re: SQL Structure & Apache VHost Conf

I was able to access /mail (on the IP) with the default SSL Apache conf file. When I enabled my site conf file, and disabled the default SSL conf, I was no longer able to access /mail due to too many redirects. I used grep to see if there were any reason it was referenced multiple times and I don't see anything odd. The conf files in the original post still hold true.

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: SQL Structure & Apache VHost Conf

Do you have correct ssl related settings? e.g. ssl key/cert.
Another other Apache config files did you modify?

8 Reply by braindeadgenius (edited by braindeadgenius 2018-02-08 10:17:03)

  • braindeadgenius
  • Member
  • Offline
  • Registered: 2018-01-26
  • Posts: 15

Re: SQL Structure & Apache VHost Conf

I did not move SSL settings over from the default-ssl.conf file to my VHost. I did however, copy most everything else. /mail worked before adding my VHost file, and disabling default-ssl.conf and 000-default.conf. The only other Apache config file I modified was apache2.conf, which I included in the original post.

Below is my full VHost file. SSL for the website itself is handled by AWS, and /mail shows it's secure, but it's redirecting. And I'm not sure what is doing the redirecting.
https://pastebin.com/8TeWAAZm

The line below is what causes the "too many redirects" error.
Alias /mail "/opt/www/roundcubemail/"

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: SQL Structure & Apache VHost Conf

Did you test without config below?

<IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
        Header always set X-Frame-Options "SAMEORIGIN"
        Header always set X-Xss-Protection "1; mode=block"
        Header always set X-Content-Type-Options "nosniff"
        Header always set Referrer-Policy "strict-origin"
        Header always set Content-Security-Policy "default-src 'self'"
</IfModule>

10 Reply by braindeadgenius

  • braindeadgenius
  • Member
  • Offline
  • Registered: 2018-01-26
  • Posts: 15

Re: SQL Structure & Apache VHost Conf

Yes, without the mod_headers section, I still get the redirect error. I have also tried removing the mod rewrite settings as well, which did nothing.