Question

NginX reverse proxy with iRedMail Apache2

  • Posted on April 15, 2014
  • sim4bizAsked by sim4biz

On an empty VPS hosting (Ubuntu 13.10 x64), I managed to run the base iRedMail installation with Apache2 and LDAP and my roundcubemail was accessible at:
https://www.mydomain.com/mail

then I installed NginX, shutdown Apache2, reconfigured iRedMail (without adding any extra A record in the DNS entry) and managed to run it on NginX base installation as well with roundcubemail accessible at:
https://mail.mydomain.com

Now, I want to run NginX reverse proxy with the base iRedMail Apache2 installation with roundcubemail accessible at:
https://mail.mydomain.com
and I’m kinda stuck with the following Apache2 config files:
/etc/apache2/ports.conf

Listen 8080

/etc/apahce2/sites-available/my-iredmail.conf

<VirtualHost *:8080>
DocumentRoot /var/www/
ServerName mail.mydomain.com

Alias / “/usr/share/apache2/roundcubemail/”
<Directory "/usr/share/apache2/roundcubemail">
Options Indexes FollowSymlinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

and following NginX config file:

/etc/nginx/sites-available/default

server {
listen 80 default_server;
listen [::]:80;

    root /usr/share/nginx/html;
    index index.html index.htm index.php;
    server_name mydomain.com www.mydomain.com mail.mydomain.com;
    location / {
            try_files $uri $uri/ /index.html;
    }
    location ~ \.php$ {
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $host;
            proxy_pass http://127.0.0.1:8080/;
    }
    location ~ /\.ht {
            deny all;
    }

}

server {
listen 443 ssl;

    root /var/www;
    index index.html index.htm index.php;
    server_name mydomain.com www.mydomain.com mail.mydomain.com;
    ssl                  on;
    ssl_certificate      /etc/ssl/certs/iRedMail_CA.pem;
    ssl_certificate_key  /etc/ssl/private/iRedMail.key;
    ssl_session_timeout  5m;
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;
    location / {
            # Apache is listening here
            proxy_pass http://127.0.0.1:8080/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   }

}

Hitting in browser:
https://mail.mydomain.com gives the usual SSL Connection Error.
Kindly advise.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

I changed the faulty line in NginX default config file to: <br> <br>server { <br> listen 80 default_server; <br> listen [::]:80; <br> <br> root /usr/share/nginx/html; <br> index index.html index.htm index.php; <br> <br> server_name mydomain.com www.mydomain.com; <br> <br> location / { <br> proxy_set_header X-Real-IP $remote_addr; <br> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; <br> proxy_set_header Host $host; <br> proxy_pass http://127.0.0.1:8080; <br> } <br> <br> location ~ /.ht { <br> deny all; <br> } <br>} <br> <br>So now, on hitting in the browser: <br>https://mail.mydomain.com <br> <br>I get the error on the browser: <br>This webpage has a redirect loop <br>The webpage at https://mail.mydomain.com/ has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer. <br> <br>The NginX error is gone but the Apache error remains the same. <br>I think it’s some config problem with setup of iRedMail so I’m going to decommission Apache2 for iRedMail setup and move the entire iRedMail setup on NginX directly.

The paths to ssl_certificate and ssl_certificate_key are correct but this path wasn’t accessible from my current_user. <br>Since, I installed iRedMail from root user and NginX from my current_user therefore I made current_user chown /etc/ssl <br>Do I need to make any modifications to permissions of www-data web server user as well? <br> <br>/etc/ssl/certs has tons of Verisign, StartCom etc. symlinks to /usr/share/ca-certificates/mozilla/xxxx-yyyy.crt files <br> <br>/var/log/nginx/error.log is: <br>2014/04/15 20:43:31 [emerg] 26997#0: “proxy_pass” cannot have URI part in location given by regular expression, or inside named location, or inside “if” statement, or inside “limit_except” block in /etc/nginx/sites-enabled/default:37 <br> <br>/val/log/apache2/error.log is: <br>[Tue Apr 15 20:43:40.712133 2014] [mpm_prefork:notice] [pid 20325] AH00169: caught SIGTERM, shutting down <br>[Tue Apr 15 20:43:42.030066 2014] [mpm_prefork:notice] [pid 27041] AH00163: Apache/2.4.6 (Ubuntu) OpenSSL/1.0.1e mod_wsgi/3.4 Python/2.7.5+ configured – resuming normal operations <br>[Tue Apr 15 20:43:42.030265 2014] [core:notice] [pid 27041] AH00094: Command line: ‘/usr/sbin/apache2’

Could you post any error messages that you are seeing in /var/log/nginx/error.log or /var/log/apache/error.log ? <br> <br>