Hello, I change the default alias in file /etc/roundcube/apache.conf from Alias /webmail /var/lib/roundcube to Alias /random_string /var/lib/roundcube Then, when I browse https://server1.example.com:8080/random_string/ Roundcube interface is blocked. Browser shows 403 error. It used to work after I had changed the default webmail url. How do I correct it? My system is Ubuntu 20.04, ISPConfig 3.2.5.
What you probably want is the builtin 'use_secure_urls' feature rather than just a fixed random_string in the path. Set this in roundcube config: Code: $config['force_https'] = true; $config['http_received_header'] = true; $config['http_received_header_encrypt'] = true; $config['log_logins'] = true; $config['use_secure_urls'] = true; $config['assets_path'] = '/assets/'; Incorporate these /etc/apache2/conf-available/roundcube.conf settings: Code: # this is so use_secure_urls works, though in practice these must be added to the virtualhost as well: RewriteEngine on RewriteRule ^/roundcube/[a-zA-Z0-9]{16}/(.*)$ /roundcube/$1 [PT] # do not rewrite all 16char base paths, only use /roundcube/ paths #RewriteRule ^/[a-zA-Z0-9]{16}/(.*)$ /roundcube/$1 [PT] # this is for /roundcube path and above passthrough when roundcube is document root Alias /roundcube /var/lib/roundcube #Alias /roundcube /var/lib/roundcube/public_html # proxy /webmail paths to /roundcube #Alias /webmail /var/lib/roundcube RewriteRule "^/webmail/(.*)$" "https://server1.example.com/roundcube/$1" [P] ProxyPassReverse "/webmail/" "https://server1.example.com/roundcube/" # this is for assets_path set to /assets Alias /assets /var/lib/roundcube <Directory /var/lib/roundcube/> .... standard roundcube.conf stuff after this And these in /etc/apache2/sites-available/ispconfig.vhost (remember to make these update-safe using a conf-custom file): Code: <VirtualHost _default_:443> ServerAdmin [email protected] ServerName server1.example.com Alias /mail /var/www/ispconfig/mail RewriteEngine On RewriteRule ^/roundcube/[a-zA-Z0-9]{16}/(.*) /roundcube/$1 [PT] # do not rewrite all 16char base paths, only use /roundcube/ paths # RewriteRule ^/roundcube/[a-zA-Z0-9]{16}/(.*) /$1 [PT] # RewriteRule ^/[a-zA-Z0-9]{16}/(.*) /$1 [P] RewriteRule "^/webmail/(.*)$" "https://server1.example.com/roundcube/$1" [P] ProxyPassReverse "/webmail/" "https://server1.example.com/roundcube/" <Directory /var/www/ispconfig/> ... standard ispconfig.vhost stuff from here And not necessary for secure urls, but if you like the extra functionality, create /etc/apache2/conf-enabled/webmail.conf with: Code: # This makes the 'webmail.*' convenience hostname work on each domain. # We redirect to the local server's hostname to avoid SSL errors. # (This only catches https sites, the default port 80 vhost config # will catch these subdomain names on http.) <If "%{HTTP_HOST} =~ /^(webmail|roundcube)\./"> RedirectMatch permanent "(.*)" https://server1.example.com/webmail/ </If> # Same for /webmail paths unless the site is already using https <If "%{HTTPS} == 'off'"> RedirectMatch permanent "^/webmail(/.*)?$" https://server1.example.com/webmail/ </If> <Directory /var/lib/roundcube/> <IfModule mod_headers.c> Header setifempty Strict-Transport-Security "max-age=15768000" Header always set X-Content-Type-Options: nosniff Header always set X-Frame-Options: SAMEORIGIN Header always set X-XSS-Protection: "1; mode=block" Header unset Content-Security-Policy Header add Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval';connect-src https: wss:" Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure" </IfModule> </Directory> And ensure you have the proxy and proxy_http apache modules enabled.
It used to be very simple in Ubuntu 18.04. For Ubuntu 20.04, these 2 lines become indispensible: Code: $config['use_secure_urls'] = true; $config['assets_path'] = '/assets/';
Sorry; getting that working took a bit, but cut & paste of the working config should be pretty simple? I should note that the server that came from is running the ispconfig interface on port 443, not 8080, which is why that's in that config snippet - you will need to adjust the server1.example.com urls to include the port number.
I have found a much simpler working method but it may not be as secure as yours. I set in file /etc/roundcube/config.inc.php $config['use_secure_urls'] = false; Then, in file /etc/roundcube/apache.conf, add these 2 lines: RewriteRule ^/roundcubemail/[a-zA-Z0-9]{16}/(.*) /roundcubemail/$1 [PT] Alias /roundcubemail /var/lib/roundcube/ "roundcubemail" can be any random string. Then, run: systemctl reload apache2.service Now, visit https://yourdomain.tld/roundcubemail/ Your mail box is right there!