Hi, if i call the Webmail from the Panel i got some kind of config output error, which beginns like that: If i call the webmail via http, i have no problems. phpMyAdmin from Panel is ok. Any idea?
don't run phpmyadmin from the ispconfig vhost, you can simply create another vhost on the same server and use port 443
Hi, why not? What is the reason for it, since it is offered from the panel as an button / icon? And far as i tested it works normal. My Problem is Webmail which throws above errors - any idea? In the net i found, that php is not enabled. Could this the reason? I think not, while phpmyadmin is running.
Sorry, I got that mixed up - don't run roundcube on the ispconfig vhost, just create another vhost within ispconfig and run it there. Why = simplicity, as it doesn't work out of the box (as you see). You can make it work, I think all you need to do is set the right handler for php file names; for an example, create a vhost using fastcgi and look at the config file generated for it.
On a related note, this may work out of the box in 3.1, see https://www.howtoforge.com/communit...undcube-ghost-with-php-fpm.73632/#post-346522
Hi Jesse, ok read this. Meanwhile i search a bit and found out that the link from the panel to webmail is like this: https://fqdn:8080/webmail/ but actually it only works as http://fqdn/webmail/ Perhaps some misconfiguration? I think i can solve this by only use ssl for phpmyadmin and roundcube, but how to setup this?
with /webmail thats correct. I think the redirect with Port 8080 is wrong. 2 Other Questions for this: 1. What is the preferred way to call the url for phpmyadmin and webmail - ispconfig-url/webmail or client-dom/webmail or doenst it matter? -> as far as i understand if i whould have a multiserver setup with e.g. 4 Server, i whould only have one panel on one server, or does any server has a panel and the client can login in on every one off them? 2. How can i only allow ssl for phpmyadmin and webmail and how can i use an lets encrypt cert. for this? Option System Config -> Mail -> Web Mail -> SSL/TLS Option <- this?
You can just specify the full url there, https://your-preferred-name.com/webmail/ It's your preference. As @till mentioned above, don't use port 8080 if that's what ispconfig is using, but you could use the ispconfig control panel hostname eg. on port 443. I think in the setup I have here, both /webmail and /phpmyadmin work on every customer website as well, which you may or may not want (it's easier to brute-force or exploit webmail/phpmyadmin if it's available in more places). One control panel (though you can access it via multiple names/servers if you setup a proxy). You could have webmail/phpmyadmin on more than one server if you wish. It's pretty flexible/configurable, so you might figure out how you'd prefer it were setup, then go about implementing that. Eg. the setup here is multi-server, with one server dedicated to running the ispconfig control (on port 443), with no other services. I setup a LetsEncrypt certificate there, so https://control-panel.tld/ works fine. I have phpmyadmin installed on the control panel for my own use/convenience (it has ip access control). Every web server will also have phpmyadmin and roundcube installed, so any customer can access https://their-domain.tld/phpmyadmin/ to get access to their own database server, and https://webmail.their-domain.tld/ will redirect to the local roundcube install (I haven't actually set that bit up yet). Soon I'll add a reseller to this and I plan on adding 4 slave servers for them, 1 web+mysql, 1 email, 2 ns. I'll setup a vhost on the reseller's domain to access the control panel with - ie. I'll enable letsencrypt for that vhost, and then setup a proxy config in the back end so the https://reseller-panel.tld/ url works but transparently connects to the single ispconfig control panel at https://control-panel.tld/ Add/configure the default vhost for the server to redirect /phpmyadmin and /webmail to an https url. I don't have a snippet handy for this exactly, but might set that up and get back here with tested config. I believe roundcube has a config setting to do that itself, which would also be worth turning on as a safeguard. Get letsencrypt setup for the server's hostname via: https://www.howtoforge.com/communit...fig-admin-from-letsencrypt.73097/#post-344008
Here is tested config. I had a default vhost setup to serve a landing page/help site out of /var/www/html, so just added the bit to redirect phpmyadmin/webmail locations. You may find a few others you'd want to add, eg. maybe mailman and any other general services. Code: <VirtualHost *:80> ServerName default ServerAdmin [email protected] DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined <LocationMatch ^/(phpmyadmin|webmail|roundcube|squirrelmail)> <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/ RewriteRule ^ - [END] RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </IfModule> </LocationMatch> </VirtualHost>
