Allow zarafa webapp GUI to work only on port 80

[olidel]

Hello,

      I have enabled port forwarding for the port 443 on my firewall/router. This firewall is not the zentyal server. I have done that to allow d-push/z-push to work over SSL However, I would like to keep the webapp interface to still work and so it wouldn't be accessible from the internet. By default, in the /etc/apache2/sites-available/zarafa-webapp file nothing is specified about the port that this application should listen at. That means in this case that it listen on the port define on the default and default-ssl file which means port 80 and 443. Of course I just want to have the d-push service to be able to respond from the internet and not the webapp application. So, how can we configure  /etc/apache2/sites-available/zarafa-webapp to define that it must listen only on port 80 althought both default and default-ssl are enabled?

Thank you.

OD

[olidel]

Hello,

      I have found a solution which may not be the best as I may have problems when zentyal is upgraded. The solution that I found is in fact to get rid of the 2 defaults configurations as it looks like that it merge everything which is located in the sites-enabled directory. So, what I have done it is the merge of the d-push file and the default-ssl file into a newly created d-push-ssl file. Also I have done the same between the default file and the zarafa-webapp and I have called the resulting file zarafa-webapp-dft. I have then enable those two site with a2ensite. Now I have only the d-push application which is reachable from the internet (listen only on port 443) and the webapp (listen on port 80) which is only avaiilable from the local network or through a VPN connection.

     If there is a better solution, please let me know.

Thank you.

OD.

 

[olidel]

Hello,

     To improve this setup, I have added the following script in /etc/zentyal/hooks.

Code: [Select]

#!/bin/sh

# This is a sample postservice script.

# postservice scripts are run after the services associated to a given service
# module are run. The module will check if an _executable_ file called
# <module>.postservice exists in /etc/zentyal/hooks and will try to run it.

# The script will receive a command line argument indicating whether the
# module is enabled (1) or not (0).

# Copy this file or create a script with the appropriate name if you want
# to run some customization script after a module runs its services.

# Hook scripts need to be executable by root (note that examples are not).

a2dissite default
a2dissite default-ssl
a2dissite zarafa-webaccess
a2dissite zarafa-webapp
a2ensite  d-push-ssl
a2ensite  zarafa-webapp-dft
service apache2 reload

exit 0


  This way when the configuration is applied by zentyal again, I still keep my valid configuration.

Thank you.

OD

[olidel]

Hello,

      I have forgotten to say that the script is called webserver.postservice.

Thank you.

OD