Question

NginX reverse proxy with iRedMail Apache2

Posted April 15, 2014 5.8k views
On an empty VPS hosting (Ubuntu 13.10 x64), I managed to run the base iRedMail installation with Apache2 and LDAP and my roundcubemail was accessible at: `https://www.mydomain.com/mail` then I installed NginX, shutdown Apache2, reconfigured iRedMail (without adding any extra A record in the DNS entry) and managed to run it on NginX base installation as well with roundcubemail accessible at: `https://mail.mydomain.com` Now, I want to run NginX reverse proxy with the base iRedMail Apache2 installation with roundcubemail accessible at: `https://mail.mydomain.com` and I'm kinda stuck with the following Apache2 config files: `/etc/apache2/ports.conf` > Listen 8080 `/etc/apahce2/sites-available/my-iredmail.conf` > `` > DocumentRoot /var/www/ > ServerName mail.mydomain.com > > Alias / "/usr/share/apache2/roundcubemail/" > `` > Options Indexes FollowSymlinks MultiViews > AllowOverride All > Order allow,deny > Allow from all > `` > `` and following NginX config file: `/etc/nginx/sites-available/default` > server { listen 80 default_server; listen [::]:80; > root /usr/share/nginx/html; index index.html index.htm index.php; > server_name mydomain.com www.mydomain.com mail.mydomain.com; > location / { try_files $uri $uri/ /index.html; } > location ~ \.php$ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080/; } > location ~ /\.ht { deny all; } } > server { listen 443 ssl; > root /var/www; index index.html index.htm index.php; > server_name mydomain.com www.mydomain.com mail.mydomain.com; > ssl on; ssl_certificate /etc/ssl/certs/iRedMail_CA.pem; ssl_certificate_key /etc/ssl/private/iRedMail.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; > location / { # Apache is listening here proxy_pass http://127.0.0.1:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > } >} Hitting in browser: `https://mail.mydomain.com` gives the usual `SSL Connection Error`. Kindly advise.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

4 answers
Check nginx's error logs, it usually says what the error with the certificate is:
tail -15 /var/log/nginx/error.log


Make sure these paths are correct:
ssl_certificate /etc/ssl/certs/iRedMail_CA.pem;

ssl_certificate_key /etc/ssl/private/iRedMail.key;

I'm not sure if iRedMail_CA.pem is the proper file -- what other files are in /etc/ssl/certs?
Could you post any error messages that you are seeing in /var/log/nginx/error.log or /var/log/apache/error.log ?

The paths to ssl_certificate and ssl_certificate_key are correct but this path wasn't accessible from my current_user.
Since, I installed iRedMail from root user and NginX from my current_user therefore I made current_user chown /etc/ssl
Do I need to make any modifications to permissions of www-data web server user as well?

/etc/ssl/certs has tons of Verisign, StartCom etc. symlinks to /usr/share/ca-certificates/mozilla/xxxx-yyyy.crt files

/var/log/nginx/error.log is:
2014/04/15 20:43:31 [emerg] 26997#0: "proxy_pass" cannot have URI part in location given by regular expression, or inside named location, or inside "if" statement, or inside "limit_except" block in /etc/nginx/sites-enabled/default:37

/val/log/apache2/error.log is:
[Tue Apr 15 20:43:40.712133 2014] [mpm_prefork:notice] [pid 20325] AH00169: caught SIGTERM, shutting down
[Tue Apr 15 20:43:42.030066 2014] [mpm_prefork:notice] [pid 27041] AH00163: Apache/2.4.6 (Ubuntu) OpenSSL/1.0.1e mod_wsgi/3.4 Python/2.7.5+ configured -- resuming normal operations
[Tue Apr 15 20:43:42.030265 2014] [core:notice] [pid 27041] AH00094: Command line: '/usr/sbin/apache2'
I changed the faulty line in NginX default config file to:

server {
listen 80 default_server;
listen [::]:80;

root /usr/share/nginx/html;
index index.html index.htm index.php;

server_name mydomain.com www.mydomain.com;

location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}

location ~ /\.ht {
deny all;
}
}

So now, on hitting in the browser:
https://mail.mydomain.com

I get the error on the browser:
This webpage has a redirect loop
The webpage at https://mail.mydomain.com/ has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

The NginX error is gone but the Apache error remains the same.
I think it's some config problem with setup of iRedMail so I'm going to decommission Apache2 for iRedMail setup and move the entire iRedMail setup on NginX directly.
Submit an Answer