How to force Webmail ssl?

[rasheid]

How do i force webmail to use https, instead of http . I tried .htaccess in the domain root but it did not work, i think this is because yourdomain.com/webmail is an alias instead of an actual folder. I just realized that both Phpmyadmin & PhpPGAdmin can be accessed with regular http. Please help

[AdamiPL]

Log in to VestaCP, go to:
SERVER > Configure > Mail > Webmail URL



there you can set up new URLs for phpmyadmin as well.

[rasheid]

Thank you so much. With this information i was able to edit both webmail and phpmyadmin. However postgre was not showing in url settings for phppgamdin. I know it is installed because i created postger db already. The option for postgre support is un-editable (greyed out) with the option [no] selected. Im using VestaCP 0.9.8-15

[arafatx]

doesn't force SSL after following the step.

[rasheid]

Arafatx is correct

[joem]

Before I start I am using centos 7 with nginx and phpfpm.

To force webmail to use ssl you need to do the follow,

Edit /etc/roundcubemail/main.inc.php

Find

Code: Select all

$rcmail_config['force_https'] = false;
$rcmail_config['use_https'] = false;

Change To

Code: Select all

$rcmail_config['force_https'] = true;
$rcmail_config['use_https'] = true;

This will not allow users to login unless they are using a https url round cube will display "Invalid request! no data was saved" ever time you try and login without https. Now you need to setup a redirect in apache or nginx webmail.inc file.

Edit /etc/nginx/conf.d/webmail.inc

Find

Code: Select all

location ~ /(config|temp|logs) {

Add Above

Code: Select all

    if ($scheme = http) {
        return 301 https://$server_name$request_uri;
    }

Now restart nginx

Code: Select all

service nginx restart

The option for postgre support is un-editable (greyed out) with the option [no] selected.

Are you able to login to phppgadmin? I just noticed on my fresh install of vestacp phppgadmin is not configured right. The reason I asked is before the vesta team had that greyed out not sure if its that way still in the new release.

[Aliraza521]

My server is sending thousands of unauthorized emails. And what I realized some robot takes advantage of exim's relay is open.????


Ali

[tjebbeke]

My server is sending thousands of unauthorized emails. And what I realized some robot takes advantage of exim's relay is open.????


Ali

Check email message header. Maybe someone has placed a script on your server to send the mails.

[shiruken]

Didn't work for me. Instead I added this to /var/lib/roundcube/.htaccess in the RewriteRule section:

Code: Select all

#force SSL usage
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Before I start I am using centos 7 with nginx and phpfpm.

To force webmail to use ssl you need to do the follow,

Edit /etc/roundcubemail/main.inc.php

Find

Code: Select all

$rcmail_config['force_https'] = false;
$rcmail_config['use_https'] = false;

Change To

Code: Select all

$rcmail_config['force_https'] = true;
$rcmail_config['use_https'] = true;

This will not allow users to login unless they are using a https url round cube will display "Invalid request! no data was saved" ever time you try and login without https. Now you need to setup a redirect in apache or nginx webmail.inc file.

Edit /etc/nginx/conf.d/webmail.inc

Find

Code: Select all

location ~ /(config|temp|logs) {

Add Above

Code: Select all

    if ($scheme = http) {
        return 301 https://$server_name$request_uri;
    }

Now restart nginx

Code: Select all

service nginx restart

The option for postgre support is un-editable (greyed out) with the option [no] selected.

Are you able to login to phppgadmin? I just noticed on my fresh install of vestacp phppgadmin is not configured right. The reason I asked is before the vesta team had that greyed out not sure if its that way still in the new release.

[disc_over]

Hello,

In case anyone needs to solve this in 2020 [vesta 0.9.8] using apache httpd:

1) Create a .htaccess file at webmail root folder (located in CentOS at /usr/share/roundcubemail/, maybe path is different in other distros) with:

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]

2) Modify /etc/httpd/conf.d/roundcubemail.conf in order to allow loading of .htaccess in that directory by using directive override:

Code: Select all

#
# Round Cube Webmail is a browser-based multilingual IMAP client
#

Alias /roundcubemail /usr/share/roundcubemail
Alias /webmail /usr/share/roundcubemail

<Directory /usr/share/roundcubemail/>
# allow htaccess in folder
        AllowOverride All
        Order Deny,Allow
        Deny from all
        Allow from all
</Directory>

Restart httpd and every attempt to load webmail in any domain should redirect to HTTPS version. Hope it helps.