Announcement

Collapse
No announcement yet.

How to deploy OX over SSL (HTTPS) ?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to deploy OX over SSL (HTTPS) ?

    Hello,

    I'm new to OX community and i've just installed it after few testing in my community. I'm experiencing problems to enable https and don't know where going to find a fix.

    OX domain apache configuration :
    Code:
    <VirtualHost _default_:443>
            ServerAdmin admin@momcards.fr
            ServerName mail.momcards.fr
            ServerAlias mail.momcards.fr
    
            RequestHeader set X-Forwarded-Proto "https"
    
            DocumentRoot /var/www
    
            <Directory /var/www>
                    Options Indexes FollowSymLinks MultiViews
                    AllowOverride None
                    Order allow,deny
                    allow from all
                    RedirectMatch ^/$ /appsuite/
            </Directory>
    
            <Directory /var/www/appsuite>
                    Options None +SymLinksIfOwnerMatch
                    AllowOverride Indexes FileInfo
            </Directory>
    
            ErrorLog /home/mailbox/logs/error.log
            LogLevel warn
            CustomLog /home/mailbox/logs/access.log combined
    
            SSLEngine on
            SSLCertificateFile    /etc/ssl/certs/mail.momcards.fr/ssl.crt
            SSLCertificateKeyFile /etc/ssl/private/mail.momcards.fr/ssl.key
            SSLCertificateChainFile /etc/ssl/sub.class1.server.ca.pem
    </VirtualHost>
    OX apache proxy configuration :
    Code:
    # Please note that the servlet path to the soap API has changed:
    <Location /webservices>
        # restrict access to the soap provisioning API
        Order Deny,Allow
        Deny from all
        Allow from 127.0.0.1
        # you might add more ip addresses / networks here
        # Allow from 192.168 10 172.16
    </Location>
    
    # the old path is kept for compatibility reasons
    <Location /servlet/axis2/services>
        # restrict access to the soap provisioning API
        Order Deny,Allow
        Deny from all
        Allow from 127.0.0.1
        # you might add more ip addresses / networks here
        # Allow from 192.168 10 172.16
    </Location>
    
    <IfModule mod_proxy_http.c>
       ProxyRequests Off
       # When enabled, this option will pass the Host: line from the incoming request to the proxied host.
       ProxyPreserveHost On
       <Proxy balancer://oxcluster>
           Order deny,allow
           Allow from all
           # multiple server setups need to have the hostname inserted instead localhost
           BalancerMember http://localhost:8009 timeout=100 smax=0 ttl=60 retry=60 loadfactor=50 route=OX1
           # Enable and maybe add additional hosts running OX here
           # BalancerMember http://oxhost2:8009 timeout=100  smax=0 ttl=60 retry=60 loadfactor=50 route=OX2
          ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
          SetEnv proxy-initial-not-pooled
          SetEnv proxy-sendchunked
       </Proxy>
       # Microsoft recommends a minimum timeout value of 15 minutes for eas connections
       <Proxy balancer://eas_oxcluster>
          Order deny,allow
          Allow from all
          # multiple server setups need to have the hostname inserted instead localhost
          BalancerMember http://localhost:8009 timeout=1800 smax=0 ttl=60 retry=60 loadfactor=50 route=OX1
          # Enable and maybe add additional hosts running OX here
          # BalancerMember http://oxhost2:8009 timeout=1800  smax=0 ttl=60 retry=60 loadfactor=50 route=OX2
          ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
          SetEnv proxy-initial-not-pooled
          SetEnv proxy-sendchunked
       </Proxy>
       # OX AppSuite frontend
       <Proxy /appsuite/api>
           ProxyPass balancer://oxcluster/ajax
       </Proxy>
    
       # OX frontend
       <Proxy /ajax>
           ProxyPass balancer://oxcluster/ajax
       </Proxy>
       <Proxy /servlet>
           ProxyPass balancer://oxcluster/servlet
       </Proxy>
       <Proxy /infostore>
           ProxyPass balancer://oxcluster/infostore
       </Proxy>
       <Proxy /publications>
           ProxyPass balancer://oxcluster/publications
       </Proxy>
       # USM
       <Proxy /usm-json>
           ProxyPass balancer://oxcluster/usm-json
       </Proxy>
       # SOAP
       <Proxy /webservices>
           ProxyPass balancer://oxcluster/webservices
      </Proxy>
      <Proxy /realtime>
           ProxyPass balancer://oxcluster/realtime
      </Proxy>
       # OXtender/EAS specific proxy container with higher timeout
       <Proxy /Microsoft-Server-ActiveSync>
           ProxyPass balancer://eas_oxcluster/Microsoft-Server-ActiveSync
       </Proxy>
    </IfModule>
    Certificates are working, but when i'm going to https://mail.momcards.fr, it's redirecting to https://mail.momcards.fr/appsuite i see shortly the loading screen (with 3 square) and when it redirect me to the signup, the whole page is display in html =/

    I don't hunderstand what i'm miss configuring.

    The Open-Xchange Server version :
    UI: 7.4.2-8
    Server: 7.4.2-9

    The operating system and version :
    Debian Wheezy 7.4

    The client and its version :
    UI: 7.4.2-8
    Browser: 33.0.1750

    The Java vendor and version :
    java version "1.6.0_27"
    OpenJDK Runtime Environment (IcedTea6 1.12.6) (6b27-1.12.6-1~deb7u1)
    OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode)

    OXLog :
    Code:
    2014-02-28T16:00:03,084+0100 INFO  [OXWorker-0000031] com.openexchange.login.internal.LoginPerformer.logLoginRequest(LoginPerformer.java:510)
    Login:null IP:2a02:8420:5988:7c00:4c56:6a5b:dc87:a91f AuthID:0616e83f0638481eb1d37f3145ee4387 Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 Client:open-xchange-appsui$
     com.openexchange.ajax.action=autologin
     com.openexchange.ajax.requestNumber=116
     com.openexchange.grizzly.remoteAddress=2a02:8420:5988:7c00:4c56:6a5b:dc87:a91f
     com.openexchange.grizzly.remotePort=46561
     com.openexchange.grizzly.requestIp=2a02:8420:5988:7c00:4c56:6a5b:dc87:a91f
     com.openexchange.grizzly.requestURI=/ajax/login
     com.openexchange.grizzly.serverName=mail.momcards.fr
     com.openexchange.grizzly.servletPath=/ajax/login
     com.openexchange.grizzly.threadName=OXWorker-0000031
     com.openexchange.grizzly.userAgent=Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36
     com.openexchange.request.trackingId=1fc60ece534d49b5b437004e0a122b65
Working...
X