cpanelproxy

[cPanelDavidG]

Hi,

Yes, cPanelProxy works fine now
The problem is: Horde is still not SSL encrypted...

Queston: how can I forward all "http://webmail.domain.tld" requests to "https://webmail.domain.tld"?

thanks,
JamesG

There shouldn't be a need to use the third party cPanel Proxy product anymore.

Instead, you should simply use the proxying capabilities built into cPanel 11.23 and later.

Users are welcome to use https://webmail.example.com (substituting example.com with their domain) if they are concerned about SSL encryption.

[JamesG]

There shouldn't be a need to use the third party cPanel Proxy product anymore.

Instead, you should simply use the proxying capabilities built into cPanel 11.23 and later.

Users are welcome to use https://webmail.example.com (substituting example.com with their domain)

Yes but they will get browser warnings since there is no way to install a SSL-Cert especially for webmail... (example; a cert for: "https://webmail.example.com".)
When I use a third party cPanel Proxy installed on a "stand-alone" sub-domain (a sub-domain installed as "domain"), I'm able to install a separate cert for my webmail: this is not possible using the default cPanel Proxy.... not true??

thanks,
Damian

[cPanelDavidG]

Yes but they will get browser warnings since there is no way to install a SSL-Cert especially for webmail... (example; a cert for: "https://webmail.example.com".)
When I use a third party cPanel Proxy installed on a "stand-alone" sub-domain (a sub-domain installed as "domain"), I'm able to install a separate cert for my webmail: this is not possible using the default cPanel Proxy.... not true??

thanks,
Damian

If you get a wildcard SSL certificate, that would cover *.example.com including cpanel.example.com, webmail.example.com and whm.example.com.

At this time, there is no native method for adding 2 IP addresses to a single cPanel account, thus no ability to have multiple SSL certificates for a single domain.

[sparek-3]

Create the webmail sub account as you normally would.

Install the certificate for the webmail sub account as you normally would.

Then create the directory:

mkdir -p /usr/local/apache/conf/userdata/ssl/2/<user>/webmail.domain.com

Where <user> refers to the owner of the webmail.domain.com account.

Then create a file in this directory:

/usr/local/apache/conf/userdata/ssl/2/<user>/webmail.domain.com/proxy.conf

In that file add:

Code:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/(.*) http://127.0.0.1:2095/$1 [P]
UseCanonicalName Off
</IfModule>

Save the file and run:

/scripts/ensure_vhost_includes --user=<user>

Now when users need to access the webmail via proxy, you can just tell them to go to:

https://webmail.domain.com


For an added bonus you can insure that SSL is always used.

Create the directory:

mkdir -p /usr/local/apache/conf/userdata/std/2/<user>/webmail.domain.com

Create a file:

/usr/local/apache/conf/userdata/std/2/<user>/webmail.domain.com/rewrite.conf

In that file add:

Code:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>

Save the file and again run the command:

/scripts/ensure_vhost_includes --user=<user>

This will redirect traffic to http://webmail.domain.com to https://webmail.domain.com therefore insuring that the site is always accessed via SSL.

[JamesG]

@sparek-3: works great!

thank you very much!!.

JamesG

[whplus]

Users are welcome to use https://webmail.example.com (substituting example.com with their domain) if they are concerned about SSL encryption.

It would be better if WHM has option "Always redirect users to the ssl/tls ports when visiting cPanelProxy (cpanel.*, webmail.*, webdisk.* and whm.*) on Tweak Settings.

Susan,

[nyoman]

I have problem if we use proxy server (squid) to access horde webmail.

When we use firefox we got error:
"Firefox can't establish a connection to the server at 127.0.0.1:2095."

When use IE: Page Cannot Display

But when we open directly to http://webmail.domain:2095/ we dont have problem. My server running phpSuExec

Is there any way to fix this problem ?

Thanks

[wonker]

It would be better if WHM has option "Always redirect users to the ssl/tls ports when visiting cPanelProxy (cpanel.*, webmail.*, webdisk.* and whm.*) on Tweak Settings.

Susan,

Is there any news about this ? Actually I'm not worried about proxy, but would like to simply redirect all webmail.*, webdisk.* and whm.* to hostname:2096, hostname:2083, hostname:2087

I see at the beginning of this topic people complaining about redirecting. I have the latest release version of cPanel and have blocked non https ports (2095, 2086 ...) in the firewall, but the proxy gets around them. I'm sure that it used to automaticaly redirect to https ports with the subdomains and would like to get it to do this again or at least only allow https for cpanel and whm ...

[Infopro]

Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc.

Has been in Tweak Settings for some time now. See the redirection section.

[whplus]

It would be better if WHM has option "Always redirect users to the ssl/tls ports when visiting cPanelProxy (cpanel.*, webmail.*, webdisk.* and whm.*) on Tweak Settings.

Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc.

Has been in Tweak Settings for some time now. See the redirection section.

they are different thing.
first is about redirect the http://cpanel.domain.com (cpanelproxy) to the ssl/tls port, and the second is about redirect the http://domain.com/cpanel (non-secure cpanel) to the ssl/tls port.

susan,