logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Set up SSL (vhost) for mailman
Author
user123



Joined: 18 Jun 2015
Posts: 6
PostPosted: Thu 18 Jun '15 15:40    Post subject: Set up SSL (vhost) for mailman Reply with quote
Hello everybody,

we are going to setup SSL on a server which host mailman (and the Webgui).

It's a SLES11 system and we configured a vhost with ssl. How do we have to combine the vhost and the mailman config?

Thank you very much!
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
PostPosted: Mon 22 Jun '15 10:25    Post subject: Reply with quote
It would help if you can post the both configs, since my glas ball shows nothing Wink

If the configs are longer then use pastebin
Back to top
user123



Joined: 18 Jun 2015
Posts: 6
PostPosted: Mon 22 Jun '15 11:31    Post subject: Reply with quote
Hello James,

here the configs:

/etc/apache2/vhosts.d/test.conf

Code:
<VirtualHost *:443>

        ServerName lists.*.de
        ServerAdmin *@*.de
#       DocumentRoot "/srv/www/htdocs/ssite"
        # Only allow "high" and "medium" security key lengths REMOVE the others.
        SSLCipherSuite HIGH:MEDIUM

        # Force SSLv3 and TLSv1 Only!
        SSLProtocol all -SSLv2

        #   Server Certificate:
        SSLCertificateFile /etc/apache2/ssl.crt/CRT

        #   Server Private Key:
        SSLCertificateKeyFile /etc/apache2/ssl.key/KEY

        #   Server Certificate Chain:
        SSLCertificateChainFile /etc/apache2/ssl.crt/Bundle-CRT

        #   Certificate Authority (CA):
#       SSLCACertificateFile /etc/apache2/ssl.crt/newca.crt


<IfDefine MAILMAN>

ScriptAlias     /mailman/       /usr/lib/mailman/cgi-bin/
Alias           /mailmanicons/  /usr/lib/mailman/icons/
Alias           /pipermail/     /var/lib/mailman/archives/public/

<Directory /usr/lib/mailman/cgi-bin>
        order allow,deny
        allow from all
</Directory>

<Directory /usr/lib/mailman/icons>
        order allow,deny
        allow from all
</Directory>

<Directory /var/lib/mailman/archives/>
#        Options +FollowSymLinks
         Options Indexes MultiViews FollowSymLinks
         AllowOverride None
        order allow,deny
        allow from all
</Directory>

</IfDefine>

</VirtualHost>


/etc/apache2/conf.d/mailman.conf:

Code:
<IfDefine MAILMAN>

ScriptAlias     /mailman/       /usr/lib/mailman/cgi-bin/
Alias           /mailmanicons/  /usr/lib/mailman/icons/
Alias           /pipermail/     /var/lib/mailman/archives/public/

<Directory /usr/lib/mailman/cgi-bin>
        order allow,deny
        allow from all
</Directory>

<Directory /usr/lib/mailman/icons>
        order allow,deny
        allow from all
</Directory>

<Directory /var/lib/mailman/archives/>
#        Options +FollowSymLinks
         Options Indexes MultiViews FollowSymLinks
         AllowOverride None
        order allow,deny
        allow from all
</Directory>

</IfDefine>
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
PostPosted: Mon 22 Jun '15 17:39    Post subject: Reply with quote
If I see it correctly you simply can remove / disable the /etc/apache2/conf.d/mailman.conf since all of it is in the new test vhost.

Did you test it yet? Do you have any troubles with it?
Back to top
user123



Joined: 18 Jun 2015
Posts: 6
PostPosted: Tue 23 Jun '15 7:45    Post subject: Reply with quote
Hi James,

i already tried it. I moved the mainman.conf and restartet the apache.

The errorlog throws:
Code:
File does not exist: /srv/www/htdocs/mailman
and befor the SSL start:
Code:
[warn] Init: Session Cache is not configured [hint: SSLSessionCache]


Any clue how i can fix that?

Greetings
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
PostPosted: Tue 23 Jun '15 10:41    Post subject: Reply with quote
Both errors are easy

Code:
SSLSessionCache shmcb:/var/logs/apache2/ssl_gcache_data(512000)




For the first issue you may adjust the (Script)Aliases by removing the trailing slash

Code:
ScriptAlias     /mailman       /usr/lib/mailman/cgi-bin
Alias           /mailmanicons  /usr/lib/mailman/icons/
Alias           /pipermail     /var/lib/mailman/archives/public
Back to top
user123



Joined: 18 Jun 2015
Posts: 6
PostPosted: Mon 29 Jun '15 8:47    Post subject: Reply with quote
finally i got i working with:

Code:

<IfDefine SSL>
<IfDefine !NOSSL>
<IfDefine MAILMAN>

<VirtualHost *:443>

        DocumentRoot /srv/www/htdocs
        ServerName lists.*.de:443
        ServerAdmin *@*.de
        ErrorLog /var/log/apache2/error_log
        TransferLog /var/log/apache2/access_log
        SSLEngine on
        SSLProtocol -all +TLSv1
        SSLCipherSuite ALL:!aNULL:!eNULL:!SSLv2:!LOW:!EXP:!MD5:@STRENGTH
        SSLCertificateFile /etc/apache2/ssl.crt/CRT
        SSLCertificateKeyFile /etc/apache2/ssl.key/KEY
        SSLCertificateChainFile /etc/apache2/ssl.crt/Bundle-CRT
        CustomLog /var/log/apache2/ssl_request_log   ssl_combined

        ScriptAlias     /mailman/       /usr/lib/mailman/cgi-bin/
        Alias           /mailmanicons/  /usr/lib/mailman/icons/
        Alias           /pipermail/     /var/lib/mailman/archives/public/

<Directory /usr/lib/mailman/cgi-bin>
        order allow,deny
        allow from all
</Directory>

<Directory /usr/lib/mailman/icons>
        order allow,deny
        allow from all
</Directory>

<Directory /var/lib/mailman/archives/>
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        order allow,deny
        allow from all
</Directory>

</VirtualHost>

</IfDefine>
</IfDefine>
</IfDefine>


The last Step is to force a rewrite to https combined with a redirect if someone calls the hostname only (lists.*.de)

So i placed a .htaccess under /srv/www/htdocs

Code:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://lists.*.de/mailman/$1 [R,L]
RedirectMatch 301 /(.*) /mailman/listinfo/$1


How can i get this working? Or is it better to place it in the apache config? How can i do this?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
PostPosted: Mon 29 Jun '15 11:20    Post subject: Reply with quote
Untested, but it should work

Code:
RewriteCond %{HTTP_HOST} lists\.(.*)\.de
Back to top
user123



Joined: 18 Jun 2015
Posts: 6
PostPosted: Mon 29 Jun '15 11:38    Post subject: Reply with quote
no sry,

redirects the http calls to the "full" URL, that't correct but doesn't work with https:

Code:
Directory index forbidden by Options directive: /srv/www/htdocs/
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
PostPosted: Mon 29 Jun '15 15:04    Post subject: Reply with quote
If the rewrite rule itself works,

you may try to add

RewriteCond %{HTTP_HOST} lists.*.de
Back to top
user123



Joined: 18 Jun 2015
Posts: 6
PostPosted: Mon 29 Jun '15 15:23    Post subject: Reply with quote
This config only works with http, https throws a 403 as written in my last post.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
PostPosted: Mon 29 Jun '15 16:33    Post subject: Reply with quote
you need to define AllowOverride in the SSL vhost.
Back to top


Reply to topic   Topic: Set up SSL (vhost) for mailman View previous topic :: View next topic
Post new topic   Forum Index -> Apache