We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
How to force Webmail ssl?
How to force Webmail ssl?
How do i force webmail to use https, instead of http . I tried .htaccess in the domain root but it did not work, i think this is because yourdomain.com/webmail is an alias instead of an actual folder. I just realized that both Phpmyadmin & PhpPGAdmin can be accessed with regular http. Please help
Re: How to force Webmail ssl?
Log in to VestaCP, go to:
SERVER > Configure > Mail > Webmail URL
there you can set up new URLs for phpmyadmin as well.
SERVER > Configure > Mail > Webmail URL
there you can set up new URLs for phpmyadmin as well.
Re: How to force Webmail ssl?
Thank you so much. With this information i was able to edit both webmail and phpmyadmin. However postgre was not showing in url settings for phppgamdin. I know it is installed because i created postger db already. The option for postgre support is un-editable (greyed out) with the option [no] selected. Im using VestaCP 0.9.8-15
Re: How to force Webmail ssl?
doesn't force SSL after following the step.
Re: How to force Webmail ssl?
Arafatx is correct
Re: How to force Webmail ssl?
Before I start I am using centos 7 with nginx and phpfpm.
To force webmail to use ssl you need to do the follow,
Edit /etc/roundcubemail/main.inc.php
Find
Change To
This will not allow users to login unless they are using a https url round cube will display "Invalid request! no data was saved" ever time you try and login without https. Now you need to setup a redirect in apache or nginx webmail.inc file.
Edit /etc/nginx/conf.d/webmail.inc
Find
Add Above
Now restart nginx
To force webmail to use ssl you need to do the follow,
Edit /etc/roundcubemail/main.inc.php
Find
Code: Select all
$rcmail_config['force_https'] = false;
$rcmail_config['use_https'] = false;
Code: Select all
$rcmail_config['force_https'] = true;
$rcmail_config['use_https'] = true;
Edit /etc/nginx/conf.d/webmail.inc
Find
Code: Select all
location ~ /(config|temp|logs) {
Code: Select all
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
Code: Select all
service nginx restart
Are you able to login to phppgadmin? I just noticed on my fresh install of vestacp phppgadmin is not configured right. The reason I asked is before the vesta team had that greyed out not sure if its that way still in the new release.The option for postgre support is un-editable (greyed out) with the option [no] selected.
-
- Posts: 2
- Joined: Wed Jan 13, 2016 5:30 am
Re: How to force Webmail ssl?
My server is sending thousands of unauthorized emails. And what I realized some robot takes advantage of exim's relay is open.????
Ali
Ali
-
- Collaborator
- Posts: 783
- Joined: Mon May 11, 2015 8:43 am
- Contact:
- Os: CentOS 6x
- Web: apache + nginx
Re: How to force Webmail ssl?
Check email message header. Maybe someone has placed a script on your server to send the mails.Aliraza521 wrote:My server is sending thousands of unauthorized emails. And what I realized some robot takes advantage of exim's relay is open.????
Ali
Re: How to force Webmail ssl?
Didn't work for me. Instead I added this to /var/lib/roundcube/.htaccess in the RewriteRule section:
Code: Select all
#force SSL usage
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
joem wrote: ↑Sat Jan 09, 2016 7:01 amBefore I start I am using centos 7 with nginx and phpfpm.
To force webmail to use ssl you need to do the follow,
Edit /etc/roundcubemail/main.inc.php
FindChange ToCode: Select all
$rcmail_config['force_https'] = false; $rcmail_config['use_https'] = false;
This will not allow users to login unless they are using a https url round cube will display "Invalid request! no data was saved" ever time you try and login without https. Now you need to setup a redirect in apache or nginx webmail.inc file.Code: Select all
$rcmail_config['force_https'] = true; $rcmail_config['use_https'] = true;
Edit /etc/nginx/conf.d/webmail.inc
FindAdd AboveCode: Select all
location ~ /(config|temp|logs) {
Now restart nginxCode: Select all
if ($scheme = http) { return 301 https://$server_name$request_uri; }
Code: Select all
service nginx restart
Are you able to login to phppgadmin? I just noticed on my fresh install of vestacp phppgadmin is not configured right. The reason I asked is before the vesta team had that greyed out not sure if its that way still in the new release.The option for postgre support is un-editable (greyed out) with the option [no] selected.
Re: How to force Webmail ssl?
Hello,
In case anyone needs to solve this in 2020 [vesta 0.9.8] using apache httpd:
1) Create a .htaccess file at webmail root folder (located in CentOS at /usr/share/roundcubemail/, maybe path is different in other distros) with:
2) Modify /etc/httpd/conf.d/roundcubemail.conf in order to allow loading of .htaccess in that directory by using directive override:
Restart httpd and every attempt to load webmail in any domain should redirect to HTTPS version. Hope it helps.
In case anyone needs to solve this in 2020 [vesta 0.9.8] using apache httpd:
1) Create a .htaccess file at webmail root folder (located in CentOS at /usr/share/roundcubemail/, maybe path is different in other distros) with:
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]
Code: Select all
#
# Round Cube Webmail is a browser-based multilingual IMAP client
#
Alias /roundcubemail /usr/share/roundcubemail
Alias /webmail /usr/share/roundcubemail
<Directory /usr/share/roundcubemail/>
# allow htaccess in folder
AllowOverride All
Order Deny,Allow
Deny from all
Allow from all
</Directory>