1 (edited by tplancon 2018-07-27 22:58:48)

Topic: Set Sogo/Nginx to also use alternate SSL port, and keep using it!

======== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): v0.9.8
- Linux/BSD distribution name and version: Centos 7.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi All,

This may be similar the the post " Other SSL sites by christophk", but I wasn't sure and didn't want to hijack his thread.

All users on my LAN can access Sogo fine using a local IP/web address. But I'm trying to make it available over the internet. I already have another application using SSL that can be accessed over the web witha port forwarding rule set in my firewall. So in my 00-default-ssl.conf I added a listen:
HTTPS
server {
    listen 443;
    listen 8443;
    server_name _;

    root /var/www/html;
    index index.php index.html;

An added a port forwarding rule on the firewall to send 8443 to the iRedMail server. It sort of works but breaks halfway through the log in process. See attached images.

Question - How do I get Sogo to use port 8443 through the full log in process?

Thanks!

Post's attachments

sogoLogIn_crop800x557anno.jpg
sogoLogIn_crop800x557anno.jpg 121.55 kb, file has never been downloaded. 

sogoLogIn_OOPs_crop800x474ANNO.jpg
sogoLogIn_OOPs_crop800x474ANNO.jpg 135.55 kb, file has never been downloaded. 

sogoLogIn_Success_crop800x531ANNO.jpg
sogoLogIn_Success_crop800x531ANNO.jpg 163.19 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Set Sogo/Nginx to also use alternate SSL port, and keep using it!

Open file /etc/nginx/templates/sogo.tmpl, find lines below:

    proxy_set_header x-webobjects-server-port $server_port;
    ...
    proxy_set_header x-webobjects-server-url  https://$host;

Set the port numbers here.

3

Re: Set Sogo/Nginx to also use alternate SSL port, and keep using it!

Zhang,

Thanks for the reply! Your solution appears to be working from the web, but I don't quite understand why - this is my first experience with Nginx.

I first added my port/host as an additional parameter:
    proxy_set_header x-webobjects-server-port $server_port 8443;
    ...
    proxy_set_header x-webobjects-server-url  https://$host https//:my.ip.add.ress;

Nginx didn't like that and would not reload. So I removed the $server_port and https://$host and just left my settings. Nginx reloaded and I can connect over the web. But will these settings break my LAN connection? I'll can't check until tomorrow. I'll post the status.

Thanks again for the support!

4

Re: Set Sogo/Nginx to also use alternate SSL port, and keep using it!

Hi All,

i have a same issue and the answer is:


    proxy_set_header x-webobjects-server-url  https://$host:8443;    #and here you can set the port


tplancon use the command:   nginx -t    to test nginx conf file... if there is a problem nginx help you to find the line. smile

Thank you guys! This post was help me to find the line... i test it on ubuntu 16.04 LTS work fine!




tplancon wrote:

Zhang,

Thanks for the reply! Your solution appears to be working from the web, but I don't quite understand why - this is my first experience with Nginx.

I first added my port/host as an additional parameter:
    proxy_set_header x-webobjects-server-port $server_port 8443;
    ...
    proxy_set_header x-webobjects-server-url  https://$host https//:my.ip.add.ress;

Nginx didn't like that and would not reload. So I removed the $server_port and https://$host and just left my settings. Nginx reloaded and I can connect over the web. But will these settings break my LAN connection? I'll can't check until tomorrow. I'll post the status.

Thanks again for the support!