Roundcube gets 403 error after I have changed its default Webmail URL

What you probably want is the builtin 'use_secure_urls' feature rather than just a fixed random_string in the path. Set this in roundcube config:

Code:

$config['force_https'] = true;
$config['http_received_header'] = true;
$config['http_received_header_encrypt'] = true;
$config['log_logins'] = true;
$config['use_secure_urls'] = true;
$config['assets_path'] = '/assets/';

Incorporate these /etc/apache2/conf-available/roundcube.conf settings:

Code:

# this is so use_secure_urls works, though in practice these must be added to the virtualhost as well:
RewriteEngine on
RewriteRule ^/roundcube/[a-zA-Z0-9]{16}/(.*)$ /roundcube/$1 [PT]
# do not rewrite all 16char base paths, only use /roundcube/ paths
#RewriteRule ^/[a-zA-Z0-9]{16}/(.*)$ /roundcube/$1 [PT]

# this is for /roundcube path and above passthrough when roundcube is document root
Alias /roundcube /var/lib/roundcube
#Alias /roundcube /var/lib/roundcube/public_html

# proxy /webmail paths to /roundcube
#Alias /webmail /var/lib/roundcube
RewriteRule    "^/webmail/(.*)$"  "https://server1.example.com/roundcube/$1"  [P]
ProxyPassReverse "/webmail/" "https://server1.example.com/roundcube/"

# this is for assets_path set to /assets
Alias /assets /var/lib/roundcube

<Directory /var/lib/roundcube/>
.... standard roundcube.conf stuff after this

And these in /etc/apache2/sites-available/ispconfig.vhost (remember to make these update-safe using a conf-custom file):

Code:

<VirtualHost _default_:443>
  ServerAdmin [email protected]
  ServerName server1.example.com

  Alias /mail /var/www/ispconfig/mail

  RewriteEngine On
  RewriteRule ^/roundcube/[a-zA-Z0-9]{16}/(.*) /roundcube/$1 [PT]
# do not rewrite all 16char base paths, only use /roundcube/ paths
#  RewriteRule ^/roundcube/[a-zA-Z0-9]{16}/(.*) /$1 [PT]
#  RewriteRule ^/[a-zA-Z0-9]{16}/(.*) /$1 [P]

  RewriteRule    "^/webmail/(.*)$"  "https://server1.example.com/roundcube/$1"  [P]
  ProxyPassReverse "/webmail/" "https://server1.example.com/roundcube/"

  <Directory /var/www/ispconfig/>
... standard ispconfig.vhost stuff from here

And not necessary for secure urls, but if you like the extra functionality, create
/etc/apache2/conf-enabled/webmail.conf with:

Code:

# This makes the 'webmail.*' convenience hostname work on each domain.
# We redirect to the local server's hostname to avoid SSL errors.
# (This only catches https sites, the default port 80 vhost config
#  will catch these subdomain names on http.)

<If "%{HTTP_HOST} =~ /^(webmail|roundcube)\./">
       RedirectMatch permanent "(.*)" https://server1.example.com/webmail/
</If>

# Same for /webmail paths unless the site is already using https
<If "%{HTTPS} == 'off'">
       RedirectMatch permanent "^/webmail(/.*)?$" https://server1.example.com/webmail/
</If>

<Directory /var/lib/roundcube/>
       <IfModule mod_headers.c>
               Header setifempty Strict-Transport-Security "max-age=15768000"
               Header always set X-Content-Type-Options: nosniff
               Header always set X-Frame-Options: SAMEORIGIN
               Header always set X-XSS-Protection: "1; mode=block"
               Header unset Content-Security-Policy
               Header add Content-Security-Policy "default-src https: 'unsafe-inline' 'unsafe-eval';connect-src https: wss:"
               Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
       </IfModule>
</Directory>

And ensure you have the proxy and proxy_http apache modules enabled.

 

Sorry; getting that working took a bit, but cut & paste of the working config should be pretty simple? I should note that the server that came from is running the ispconfig interface on port 443, not 8080, which is why that's in that config snippet - you will need to adjust the server1.example.com urls to include the port number.