sim4biz
By:
sim4biz

NginX reverse proxy with iRedMail Apache2

April 15, 2014 3.3k views
On an empty VPS hosting (Ubuntu 13.10 x64), I managed to run the base iRedMail installation with Apache2 and LDAP and my roundcubemail was accessible at: `https://www.mydomain.com/mail` then I installed NginX, shutdown Apache2, reconfigured iRedMail (without adding any extra A record in the DNS entry) and managed to run it on NginX base installation as well with roundcubemail accessible at: `https://mail.mydomain.com` Now, I want to run NginX reverse proxy with the base iRedMail Apache2 installation with roundcubemail accessible at: `https://mail.mydomain.com` and I'm kinda stuck with the following Apache2 config files: `/etc/apache2/ports.conf` > Listen 8080 `/etc/apahce2/sites-available/my-iredmail.conf` > `` > DocumentRoot /var/www/ > ServerName mail.mydomain.com > > Alias / "/usr/share/apache2/roundcubemail/" > `` > Options Indexes FollowSymlinks MultiViews > AllowOverride All > Order allow,deny > Allow from all > `` > `` and following NginX config file: `/etc/nginx/sites-available/default` > server { listen 80 default_server; listen [::]:80; > root /usr/share/nginx/html; index index.html index.htm index.php; > server_name mydomain.com www.mydomain.com mail.mydomain.com; > location / { try_files $uri $uri/ /index.html; } > location ~ \.php$ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080/; } > location ~ /\.ht { deny all; } } > server { listen 443 ssl; > root /var/www; index index.html index.htm index.php; > server_name mydomain.com www.mydomain.com mail.mydomain.com; > ssl on; ssl_certificate /etc/ssl/certs/iRedMail_CA.pem; ssl_certificate_key /etc/ssl/private/iRedMail.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; > location / { # Apache is listening here proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > } >} Hitting in browser: `https://mail.mydomain.com` gives the usual `SSL Connection Error`. Kindly advise.
4 Answers
Check nginx's error logs, it usually says what the error with the certificate is:
tail -15 /var/log/nginx/error.log


Make sure these paths are correct:
ssl_certificate /etc/ssl/certs/iRedMail_CA.pem;

ssl_certificate_key /etc/ssl/private/iRedMail.key;

I'm not sure if iRedMail_CA.pem is the proper file -- what other files are in /etc/ssl/certs?
Could you post any error messages that you are seeing in /var/log/nginx/error.log or /var/log/apache/error.log ?

The paths to ssl_certificate and ssl_certificate_key are correct but this path wasn't accessible from my current_user.
Since, I installed iRedMail from root user and NginX from my current_user therefore I made current_user chown /etc/ssl
Do I need to make any modifications to permissions of www-data web server user as well?

/etc/ssl/certs has tons of Verisign, StartCom etc. symlinks to /usr/share/ca-certificates/mozilla/xxxx-yyyy.crt files

/var/log/nginx/error.log is:
2014/04/15 20:43:31 [emerg] 26997#0: "proxy_pass" cannot have URI part in location given by regular expression, or inside named location, or inside "if" statement, or inside "limit_except" block in /etc/nginx/sites-enabled/default:37

/val/log/apache2/error.log is:
[Tue Apr 15 20:43:40.712133 2014] [mpm_prefork:notice] [pid 20325] AH00169: caught SIGTERM, shutting down
[Tue Apr 15 20:43:42.030066 2014] [mpm_prefork:notice] [pid 27041] AH00163: Apache/2.4.6 (Ubuntu) OpenSSL/1.0.1e mod_wsgi/3.4 Python/2.7.5+ configured -- resuming normal operations
[Tue Apr 15 20:43:42.030265 2014] [core:notice] [pid 27041] AH00094: Command line: '/usr/sbin/apache2'
I changed the faulty line in NginX default config file to:

server {
listen 80 default_server;
listen [::]:80;

root /usr/share/nginx/html;
index index.html index.htm index.php;

server_name mydomain.com www.mydomain.com;

location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}

location ~ /\.ht {
deny all;
}
}

So now, on hitting in the browser:
https://mail.mydomain.com

I get the error on the browser:
This webpage has a redirect loop
The webpage at https://mail.mydomain.com/ has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

The NginX error is gone but the Apache error remains the same.
I think it's some config problem with setup of iRedMail so I'm going to decommission Apache2 for iRedMail setup and move the entire iRedMail setup on NginX directly.
Have another answer? Share your knowledge.