3.5 Openchange/Sogo default http question

[royceb]

Hey Zentyal crew,

Over the weekend I was successful in setting up a new Zentyal 3.5 Openchange/SoGo webmail server for my new domain and have some random questions/observations.

When setting up the domain I notice that allwebmail going to your SoGo webmail is defaulted to http.  You click on the Zentyal suggested "OpenChange Webmail" from the OpenChange module it opens in http by default.  If you manually change the http to https while logging in with your user credentials, it defaults to back to the http service.  If you log out of your https (manually change back) session it reverts back to http.  Basically all items point back to http where https should be the shipping standard.

I can't enable remote access to a web based email solution via firewall policy if I expect all users to only use https.  Do you guys have a future plan to implement this as a standard when you ship 3.5?

[StuartNaylor]

Contents of /etc/apache2/conf-available/zentyal-sogo.conf

Code: [Select]

Alias /SOGo.woa/WebServerResources/       /usr/lib/GNUstep/SOGo/WebServerResources/
Alias /SOGo/WebServerResources/       /usr/lib/GNUstep/SOGo/WebServerResources/
AliasMatch /SOGo/so/ControlPanel/Products/(.*)/Resources/(.*)            /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2

<Directory /usr/lib/GNUstep/SOGo/>
    AllowOverride None
    Require all granted

    # Explicitly allow caching of static content to avoid browser specific behavior.
    # A resource's URL MUST change in order to have the client load the new version.
    <IfModule expires_module>
      ExpiresActive On
      ExpiresDefault "access plus 1 year"
    </IfModule>
</Directory>

<LocationMatch "^/SOGo/so/ControlPanel/Products/.*UI/Resources/.*\.(jpg|png|gif|css|js)">
  SetHandler default-handler
</LocationMatch>

## Uncomment the following to enable proxy-side authentication, you will then
## need to set the "SOGoTrustProxyAuthentication" SOGo user default to YES and
## adjust the "x-webobjects-remote-user" proxy header in the "Proxy" section
## below.
#<Location /SOGo>
#  AuthType XXX
#  Require valid-user
#  SetEnv proxy-nokeepalive 1
#  Allow from all
#</Location>

ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On

# When using CAS, you should uncomment this and install cas-proxy-validate.py
# in /usr/lib/cgi-bin to reduce server overloading
#
# ProxyPass /SOGo/casProxy http://localhost/cgi-bin/cas-proxy-validate.py
# <Proxy http://localhost/app/cas-proxy-validate.py>
#   Order deny,allow
#   Allow from your-cas-host-addr
# </Proxy>

ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
ProxyPass /sogo/ http://127.0.0.1:20000/SOGo
ProxyPass /sogo http://127.0.0.1:20000/SOGo

<Proxy http://127.0.0.1:20000/SOGo>
## When using proxy-side autentication, you need to uncomment and
## adjust the following line:
#  RequestHeader set "x-webobjects-remote-user" "%{REMOTE_USER}e"

  RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"

  AddDefaultCharset UTF-8

  Require all granted
</Proxy>

# For apple autoconfiguration
<IfModule rewrite_module>
  RewriteEngine On
  RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301]
</IfModule>


Usually I am pretty on the ball with Apache. It's slightly complex conf file that I am going to have play with before I can give a definitive answer.

I am the same its really got to be https: I am not really bothered about the RPC mechanism as client setup costs money. The security of the web interface is very important though.

I also like what roundcube are doing as its come on in leaps and bounds at the moment and is also mobile ready.

I am presuming its the proxy that is redirecting and returning http but the proxy is all new to me and until I try I am unsure what results I will get.