The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Custom webmail URL

Discussion in 'Workarounds and Optimization' started by anton_latvia, Feb 17, 2017.

  1. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    354
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    Hi,
    Due SSL issues, we are redirecting all customers, who want to use webmail and cPanel to domain https://cpanel-server-ID.our-domain.com/ where the requests are proxies.

    For webmail we have similar URL - https://webmail-server-ID.our-domain.com/, which is again proxied.

    Everything works fine if used separately, but...

    The problem is, that if customer tries to access webmail from within cpanel - they are redirected to https://webmail.cpanel-server-ID.our-domain.com/ - which is wrong. :)

    I understand, this is custom to our solution, but is there any way to predefine where to redirect customers, who want to access webamil to?

    Thanks!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you elaborate on the specific SSL issues you are facing that's requiring you to setup custom proxy subdomains? Also, how are you configuring the custom entries?

    Thank you.
     
  3. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    354
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    Sure.

    There are several reasons for that:
    1. we have autoSSL disabled
    2. many our customers are unable to access custom port, due to firewall configuration.
    3. since last Chrome update they get disturbed by "Not secure" message and contact our support (therefore we want them to go through secure port)
    4. many get disturbed by "invalid SSL", when they are redirected to https://webmail.their-domain.com.

    Each server has, of course, valid wildcard SSL for *.ourcompany.com.
    Therefore in pre-virtual host include file we have setup redirect from webmail.* (port 80) to webmail-server-ID.ourcompany.com (port 443) which, as I wrote - is proxied to local port (i took configuration from your configuration in httpd.conf).

    this way we just tell all our customers to use webmail.their-domain.com and they will get secure webmail with correct server name.

    Offtopic: You might ask, why are we not using redirection service from cPanel. Actually it seemed, that it's functionality has been changed. If we select "require SSL" - then webmail.domain.com is simply redirected to https://webmail.domain.com and visitor gets SSL validation error. If "ssl required" option is not enabled, people are not redirected at all. :(
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    This type of customization may conflict with new functionality in cPanel version 64, as that version will include AutoSSL support for proxy subdomains (e.g. webmail.domain.tld):

    Allow to make certificate for subdomains like cPanel.example.com and mail.Example.com

    Is there any reason you prefer not to use the AutoSSL feature? The direction of the product is headed towards TLS-Only, and as of cPanel version 62, self-signed SSL certificates are automatically installed for domain names that do not utilize the AutoSSL feature:

    Is there a particular aspect of the AutoSSL feature that we could help troubleshoot?

    Thank you.
     
  5. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    354
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    Basically because we can not enable autoSSL for just subdomains. if enabled, AutoSSL would be not just for helper-subdomains, like webmail, cpanel, mail, (hopefully autodiscover), but also for main domain and as other people state - we are also making some money on it. It is, no doubt, great service that we receive for free and this would help a lot, if there would be an option to only have it on subdomains - and to add here - for all account and not only for those, which are pointing to the server, since we have many customers, who have webpages elsewhere, but use mail services at our servers.

    as for now it looks we might have to switch down to non-ssl for cpanel and webmail in our redirect rules.

    Besides that (might sound as offtopic, sorry) - with enabled autoSSL feature - number of outdated certificates grows rapidly and pollutes cpanel as well as confirmation text files, that some people are wondering about - i think those should be somehow automatically be deleted, just to keep everything clean and nice.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I recommend testing your custom configuration on a non-production server running the latest version published to the EDGE build tier (currently 63.9999.74). This is the development build for what will become cPanel version 64 and includes changes to how proxy subdomains operate compared to previous versions:

    Implemented case CPANEL-10694: AutoSSL for proxy subdomains.

    Let us know if you encounter the same issue with your custom workaround that you are facing on cPanel 62 or older.

    Thank you.
     
  7. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    354
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    Yes, we did test and I can see, that free certificate includes webmail, cpanel, mail.. But nothing else was changed. Our setup won't work - visitor gets redirected to wrong subdomain, if accessing custom cpanel-subdomain. - but this I understand is probably not easy to fix with current tools, unless there will option to specify domain name for cpanel proxy and webmail proxy.

    well, the problem with all this is just that we do not want autoSSL to be for main-domain, just for proxy, helper domains.

    Important update: if some account has valid SSL for domain.com and www.domain.com, autoSSL will not generate new SSL certificate. That means that helper-subdomains will have invalid SSL. I fully understand why it is like this, since webmail.domain.com shares same virtual host as domain.com and therefore - the same certificate is applied. But let's be honest - this really great feature lacks few points and some bits are a bit wrong - which after all make whole thing "strange". Customers who payed for SSL - will still have troubles with cpanel and webmail. People who did not pay - will benefit. I don't mind people getting nice feature for free, but I would like for us, as company, still have option to sell some service without loosing anything.


    May I explain how it should work in its best? What cPanel lacks now is:
    1. option to select for which subdomains autoSSL should work (all, webmail, cpanel, etc)
    2. have webmail and cpanel as separate virtual host, so that SSL from cPanel would not conflict with SSL from other registries
    3. (optional, but still good idea) - let cPanel users have some control or overview, similar what people from letsencrypt-for-cpanel.com/ offer.
     
    #7 anton_latvia, Feb 23, 2017
    Last edited by a moderator: Feb 23, 2017
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I encourage you to open a feature request for any improvement you'd like to see via:

    Submit A Feature Request

    Additionally, you may want to vote and add feedback to the following feature requests:

    AutoSSL: Prevent specific domains from being issued free SSL certificates
    AutoSSL cPanel interface for end user control

    I'll leave this thread open for additional feedback from others that might have implemented a similar setup.

    Thank you.
     
Loading...

Share This Page