Apache2 configuration for SOGo and MediaWiki: Difference between revisions
From WickyWiki
mNo edit summary |
mNo edit summary |
||
| Line 4: | Line 4: | ||
[[Category:MediaWiki]] | [[Category:MediaWiki]] | ||
Here I keep the most up-to-date script for server wilbertvolkers. | Here I keep the most up-to-date script for server wilbertvolkers.linkpc.net for both mediawiki and SOGo. | ||
* MediaWiki on http (80) and https (443). Force secure SSL login. | * MediaWiki on http (80) and https (443). Force secure SSL login. | ||
* SOGo only on https (443) redirect http (80) to https (443) | * SOGo only on https (443) redirect http (80) to https (443) | ||
| Line 19: | Line 19: | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
sudo gedit /etc/apache2/sites-available/wilbertvolkers. | sudo gedit /etc/apache2/sites-available/wilbertvolkers.linkpc.net | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 29: | Line 29: | ||
<VirtualHost *:80> | <VirtualHost *:80> | ||
Servername wilbertvolkers. | Servername wilbertvolkers.linkpc.net | ||
SSLEngine Off | SSLEngine Off | ||
SSLSessionCacheTimeout 600 | SSLSessionCacheTimeout 600 | ||
| Line 62: | Line 62: | ||
<VirtualHost *:443> | <VirtualHost *:443> | ||
Servername wilbertvolkers. | Servername wilbertvolkers.linkpc.net | ||
SSLEngine On | SSLEngine On | ||
SSLOptions +StrictRequire | SSLOptions +StrictRequire | ||
| Line 111: | Line 111: | ||
<Proxy http://127.0.0.1:20000/SOGo> | <Proxy http://127.0.0.1:20000/SOGo> | ||
RequestHeader set "x-webobjects-server-port" "443" | RequestHeader set "x-webobjects-server-port" "443" | ||
RequestHeader set "x-webobjects-server-name" "wilbertvolkers. | RequestHeader set "x-webobjects-server-name" "wilbertvolkers.linkpc.net" | ||
RequestHeader set "x-webobjects-server-url" "https://wilbertvolkers. | RequestHeader set "x-webobjects-server-url" "https://wilbertvolkers.linkpc.net" | ||
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0" | RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0" | ||
RequestHeader set "x-webobjects-remote-host" %{REMOTE_HOST}e env=REMOTE_HOST | RequestHeader set "x-webobjects-remote-host" %{REMOTE_HOST}e env=REMOTE_HOST | ||
| Line 148: | Line 148: | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
sudo a2ensite wilbertvolkers. | sudo a2ensite wilbertvolkers.linkpc.net | ||
sudo service apache2 reload | sudo service apache2 reload | ||
</syntaxhighlight> | </syntaxhighlight> | ||
To test if everything is working go to: | To test if everything is working go to: | ||
* https://wilbertvolkers. | * https://wilbertvolkers.linkpc.net/SOGo | ||
* http://wilbertvolkers. | * http://wilbertvolkers.linkpc.net/SOGo | ||
** You should go to https | ** You should go to https | ||
* http://wilbertvolkers. | * http://wilbertvolkers.linkpc.net/mediawiki | ||
* https://wilbertvolkers. | * https://wilbertvolkers.linkpc.net/mediawiki | ||
* http://wilbertvolkers. | * http://wilbertvolkers.linkpc.net/mediawiki/index.php?title=Special:UserLogin | ||
** You should go to https | ** You should go to https | ||
Revision as of 19:43, 14 August 2014
Here I keep the most up-to-date script for server wilbertvolkers.linkpc.net for both mediawiki and SOGo.
- MediaWiki on http (80) and https (443). Force secure SSL login.
- SOGo only on https (443) redirect http (80) to https (443)
Configuration
Disable default SOGo configuration of Apache:
sudo mv /etc/apache2/conf.d/SOGo.conf ~/SOGo.conf-backup
Create new configuration in 'sites-available':
sudo gedit /etc/apache2/sites-available/wilbertvolkers.linkpc.net
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
SSLSessionCache shm:/usr/local/apache2/logs/ssl_cache_shm
<VirtualHost *:80>
Servername wilbertvolkers.linkpc.net
SSLEngine Off
SSLSessionCacheTimeout 600
SSLVerifyClient none
SSLProxyEngine off
ServerSignature Off
RewriteEngine On
#mediawiki on port 80
#redirect UserLogin page to https
RewriteCond %{REQUEST_URI} ^/mediawiki/index.php$
RewriteCond %{QUERY_STRING} ^title=Special:UserLogin
RewriteCond %{REQUEST_METHOD} ^GET$
RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [R]
DocumentRoot /var/www/
Alias /mediawiki/ /var/www/mediawiki/
<Directory /var/www/mediawiki/>
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
#SOGo redirect http://../SOGo to https://../SOGo
RewriteCond %{REQUEST_URI} ^/SOGo(.*)$
RewriteCond %{REQUEST_METHOD} ^GET$
RewriteRule ^(.*)$ https://%{SERVER_NAME}/SOGo$1 [R]
</virtualhost>
<VirtualHost *:443>
Servername wilbertvolkers.linkpc.net
SSLEngine On
SSLOptions +StrictRequire
SSLProtocol -all +TLSv1 +SSLv3
# Support only for strong cryptography:
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
SSLSessionCacheTimeout 600
SSLVerifyClient none
SSLProxyEngine off
ServerSignature Off
SSLCertificateFile /root/apache2ssl/server.cer
SSLCertificateKeyFile /root/apache2ssl/server.key
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
#mediawiki login via https
Alias /mediawiki/ /var/www/mediawiki/
<Directory /var/www/mediawiki/>
SSLRequireSSL
AllowOverride None
Order deny,allow
Allow from all
</Directory>
#SOGo
DocumentRoot /usr/lib/GNUstep/SOGo/WebServerResources/
<IfModule mpm_itk_module>
AssignUserId sogo-a sogo-a
</IfModule>
Alias /SOGo.woa/WebServerResources/ /usr/lib/GNUstep/SOGo/WebServerResources/
Alias /SOGo/WebServerResources/ /usr/lib/GNUstep/SOGo/WebServerResources/
AliasMatch /SOGo/so/ControlPanel/Products/(.*)/Resources/(.*) /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2
<Directory /usr/lib/GNUstep/SOGo/>
SSLRequireSSL
AllowOverride None
Order deny,allow
Allow from all
</Directory>
<LocationMatch "^/SOGo/so/ControlPanel/Products/.*UI/Resources/.*\.(jpg|png|gif|css|js)">
SetHandler default-handler
</LocationMatch>
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
<Proxy http://127.0.0.1:20000/SOGo>
RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "wilbertvolkers.linkpc.net"
RequestHeader set "x-webobjects-server-url" "https://wilbertvolkers.linkpc.net"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
RequestHeader set "x-webobjects-remote-host" %{REMOTE_HOST}e env=REMOTE_HOST
AddDefaultCharset UTF-8
Order allow,deny
Allow from all
</Proxy>
# use mod_rewrite to pass remote address to the SOGo proxy.
# The remote address will appear in SOGo's log files and in the X-Forward
# header of emails.
RewriteEngine On
RewriteRule ^/SOGo/(.*)$ /SOGo/$1 [env=REMOTE_HOST:%{REMOTE_ADDR},PT]
# redirect https://../ to https://../SOGo
Redirect temp /index.html https://%{SERVER_NAME}/SOGo
</virtualhost>
Enable Apache modules and website
Enable needed Apache2 modules:
sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod headers sudo a2enmod rewrite sudo a2enmod ssl sudo service apache2 restart
Enable the site:
sudo a2ensite wilbertvolkers.linkpc.net sudo service apache2 reload
To test if everything is working go to:
- https://wilbertvolkers.linkpc.net/SOGo
- http://wilbertvolkers.linkpc.net/SOGo
- You should go to https
- http://wilbertvolkers.linkpc.net/mediawiki
- https://wilbertvolkers.linkpc.net/mediawiki
- http://wilbertvolkers.linkpc.net/mediawiki/index.php?title=Special:UserLogin
- You should go to https
