0

I have set up roundcube on a mail.mydomain.com subdomain using the Apache config example roundcube comes with. Now when I try to reach the root domain on https, it displays the roundcube interface (without redirecting to the subdomain).

# Apache2 vhost configuration sample for Roundcube
# https://linode.com/docs/email/clients/installing-roundcube-on-ubuntu-14-04/

<VirtualHost *:80>
  # Virtual host configuration + information (replicate changes to *:443 below)
  ServerAdmin tehnic@luckypizza.ro
  ServerName mail.luckypizza.ro
  ServerAlias mail.laiancu.ro
  DocumentRoot /var/www/roundcube
  ErrorLog /var/log/apache2/webmail/error.log
  CustomLog /var/log/apache2/webmail/access.log combined

  # Permanently redirect all HTTP requests to HTTPS
  RewriteEngine on
  RewriteCond %{SERVER_PORT} !^443$
  RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
  # Virtual host configuration + information (replicate changes to *:80 above)
  ServerAdmin tehnic@mydomain.ro
  ServerName mail.mydomain.ro
  ServerAlias mail.myotherdomain.ro
  DocumentRoot /var/www/roundcube
  # ErrorLog /var/log/apache2/webmail/error.log
  # CustomLog /var/log/apache2/webmail/access.log combined

  # SSL certificate + engine configuration
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/mail.mydomain.ro/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/mail.mydomain.ro/privkey.pem

  # Roundcube directory permissions + restrictions
  <Directory /var/www/roundcube>
    Options -Indexes
    AllowOverride All
  </Directory>
  <Directory /var/www/roundcube/config>
    Order Deny,Allow
    Deny from All
  </Directory>
  <Directory /var/www/roundcube/temp>
    Order Deny,Allow
    Deny from All
  </Directory>
  <Directory /var/www/roundcube/logs>
    Order Deny,Allow
    Deny from All
  </Directory>
</VirtualHost>
</IfModule>

I have replicated this configuration for the root website, like so:

<VirtualHost *:80>
  # Virtual host configuration + information (replicate changes to *:443 below)
  ServerAdmin tehnic@mydomain.ro
  ServerName mydomain.ro
  ServerAlias www.mydomain.ro
  DocumentRoot /var/www/mydomain/root/public
  ErrorLog /var/log/apache2/lucky_error.log
  CustomLog /var/log/apache2/lucky_access.log combined

  # Permanently redirect all HTTP requests to HTTPS
  RewriteEngine on
  RewriteCond %{SERVER_PORT} !^443$
  RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
  # Virtual host configuration + information (replicate changes to *:80 above)
  ServerAdmin tehnic@mydomain.ro
  ServerName mydomain.ro
  ServerAlias www.mydomain.ro
  DocumentRoot /var/www/mydomain/root/public
  # ErrorLog /var/log/apache2/lucky_error.log
  # CustomLog /var/log/apache2/lucky_access.log combined

  # SSL certificate + engine configuration
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/mydomain.ro/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.ro/privkey.pem

  # Roundcube directory permissions + restrictions
  <Directory /var/www/mydomain/root/public>
    Options -Indexes
    AllowOverride All
  </Directory>
  </VirtualHost>
</IfModule>

What seems to be wrong with the configurations?

Sergiu
  • 345
  • 2
  • 5
  • 18
  • Did you place new Virtual Hosts in the same .conf file with the old ones? If they are in the separate, in which folder exactly did you put the new .conf file? – Dusan Bajic Nov 27 '17 at 14:05
  • @Dusan Bajic same folder, same file actually, the old ones have been replaced so I have mydomain.ro.conf and mail.mydomain.ro.conf – Sergiu Nov 27 '17 at 14:08
  • Sorry, I did not get it: first you say that they are in the same file, then you say you have two files. If you have two .conf files (one for mail domain, one for root domain), what is the exact location (full path to that folder) where .conf file reside? – Dusan Bajic Nov 27 '17 at 14:14
  • It seems like I did not get your question in the first place. I have 2 files: 1. `mail.mydomain.ro.conf` - containing the first code sample in my original post and 2. `mydomain.ro.conf` - containing the second code sample, both of them are in `/etc/apache2/sites_available`. – Sergiu Nov 27 '17 at 14:15
  • Ah, you need to enable those new sites, read this for example (the part about sites): https://2buntu.com/articles/1537/enablingdisabling-modules-and-sites-in-apache/ – Dusan Bajic Nov 27 '17 at 14:22
  • They are enabled, I did the a2dissite/a2ensite thing and restarted apache, so I think there's a configuration issue. I could reach the root with plain http before I rewrote the config to redirect to https, the problem is Roundcube catches the https on root too, while it should not. – Sergiu Nov 27 '17 at 14:26
  • So instead of reading from `/var/www/mydomain/root/public` while accessing `mydomain.ro`, it reads from `/var/www/roundcube`, even if I specified otherwise in `mydomain.ro.conf` – Sergiu Nov 27 '17 at 14:32
  • I can't see anything wrong in your config. Can you uncomment ErrorLog and CustomLog in all configs, than (restart apache and) access root site and see if the request is logged in correct virtualhost's logfile (that way you will at least be certain if correct VHost is accessed) – Dusan Bajic Nov 27 '17 at 14:44

1 Answers1

0

The problem can be related to the lack of SNI support on server-side, leading all requests to the same Virtual Host. You can check the prerequisites here : https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI Or you can also test by removing one of the two Virtual Hosts, test, bring it back and remove the second, test.

Eugène Adell
  • 3,089
  • 2
  • 18
  • 34
  • If I disable mail.mydomain.ro.conf, the root works on https. This confirms that the mail config overwrites previous virtual host's settings. – Sergiu Nov 27 '17 at 19:21
  • There are some little differences when configuring Virtual Hosts, according to the Apache version (2.2 or 2.4). In 2.2, you need a NameVirtualHost directive. – Eugène Adell Nov 27 '17 at 20:47
  • I put `NameVirtualHost *:443` at the beginning of both `.conf` file, I still get the email view when I visit the root. – Sergiu Nov 28 '17 at 14:38