Roundcube with https only

Discussion in 'Installation/Configuration' started by Stefan Schumacher, Jul 21, 2021.

  1. Hi,

    I have installed Roundcube but it seems ISPconfig generates a configuration which listens per default only on Port 80. What I want is it to listen to Port 80 and then forward directly to port 443. I have found no entry in either sites-enabled or sites-available, only an entry in conf-enabled but it is missing - which at least to me is confusing - a listening directive. I have a working installation of certbot, so getting a certificate and renewing it is not a problem. How can I achieve what I want with ISPconfig.
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Enable SSL for the site, and under the redirect tab, enable the HTTPS redirect.
  3. I don't see any entry under "Sites" for Roundcube. Could you please point out the right entry where I have to make these settings?
    It seem I have accidentally managed to make my situation even worse: I cant connect to Roundcube even more: "This site cant provide a secure connection." Roundcube is working, I can connect with lynx from localhost. It seems I now have a second problem to fix :-(
  4. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Roundcube is and should normally be installed on a server with a shared instance, eg. under the server's hostname or a dedicated webmail type hostname, not as a shared path in individual sites. Enabling SSL for a site with an HTTPS redirect is heading in the direction of running directly on individual sites. Start with setting
    $config['force_https'] = true;
    in roundcube config and see where you're at.
    If you are trying to make roundcube available on each individual site, consider proxying the path to a shared roundcube install. Trying to run it directly then makes roundcube use the php interpreter of each individual site, which can be problematic in itself (ie. if you have sites with a wide range of php versions), but also requires setting open_basedir to read the roundcube files and - critically - the roundcube config. Ie. each individual site would be able to access the database username and password for the single roundcube database - which gives access to all roundcube user settings, in addition to roundcube session info (which includes everyone's imap password). And if that weren't bad enough, most installs are also using the roundcube ispconfig plugins, so each website will have access to the remote api username/password, which is an absolute security nightmare situation (it allows takeover of every email account by setting a password, and a generally a lot more).
    Stefan Schumacher likes this.
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The configuration you refer to is not from ISPConfig. It's from the OS that you have chosen to install ISPConfig on. PHPMyAdmin is not a part of ISPConfig and not configured by ISPConfig.

Share This Page