Using Custom Vhost Entries for Webmail, MySQL, Etc.

[TGates]

But Roundcube giving me a :
"CONFIGURATION ERROR

config.inc.php was not found.
Please read the INSTALL instructions!"

I will first check the if customer has e-mail configured in the panel.

Also double check the file and folder locations (and that the files even exist) for roundcube (/etc/sentora/panel/etc/apps/webmail/).

My rerouting from onsecure to secure when http://panel.topmatica.nl  is used is not working. I come to the old Joomla site which is offline. Despite the the Vhost override   

Secure website and panel is working and reacting on https://panel.topmatica.nl

The port forward is not working properly, or the main domain vhost is not set properly. PM me your httpd-vhosts.conf.

[inkoop@topmatica.nl]

Also double check the file and folder locations (and that the files even exist) for roundcube (/etc/sentora/panel/etc/apps/webmail/).


The port forward is not working properly, or the main domain vhost is not set properly. PM me your httpd-vhosts.conf.

 Sorry that it takes so long.

/etc/sentora/panel/etc/apps/webmail/   does exists and is accessible when you use the complete path in URL in browser.

But i will send you my httpd-vhost.conf.

Has it something to do with rights on the config files?  Has this influence on how you access the Roundcube?!
domain/webmail   not working
domain/etc/apps/webmail/   is working !

[inkoop@topmatica.nl]

 Sorry that it takes so long.

/etc/sentora/panel/etc/apps/webmail/   does exists and is accessible when you use the complete path in URL in browser.

But i will send you my httpd-vhost.conf.

Has it something to do with rights on the config files?  Has this influence on how you access the Roundcube?!
domain/webmail   not working
domain/etc/apps/webmail/   is working !

I think I messed up the httpd-vhost.conf.

To get rid of the "config.inc.php not found " in Roundcube webmail  i comment out the php_admin value open_basedir 
in the vhost for my panel domain. My panel is panel.topmatica.nl and I have a vhost www.topmatica.nl .
This did not work for my other vhost. I am getting a gray screen on my http://www.customers.nl/webmail page.
Still figure out where it goes wrong

[inkoop@topmatica.nl]

Some were last year I upgraded Roundcube to 1.3.7 .  Is it compatible with Sentora 1.0.3 ?
That's why I got these 

CONFIGURATION ERROR

config.inc.php was not found.
Please read the INSTALL instructions!

Or is it something else or is there a solution for getting Roundcube 1.3.7 work with Sentora?

[fearworks]

Some were last year I upgraded Roundcube to 1.3.7 .  Is it compatible with Sentora 1.0.3 ?
That's why I got these 

Or is it something else or is there a solution for getting Roundcube 1.3.7 work with Sentora?

Yes, 1.3.7 should work with Sentora, if installed/upgraded correctly. In my experience, this error means you have either not upgraded correctly, or you have destroyed one of Sentora's symbolic links (possibly both).

Tell me, did you run the upgrade script to perform the Roundcube upgrade or did you just go ahead and copy the new files over the old?

Keith

[TGates]

There should be a config.inc.php in /etc/sentora/panel/etc/apps/webmail/config if roundcube was upgraded properly. I believe they changed the location and name of the config file.

[inkoop@topmatica.nl]

There should be a config.inc.php in /etc/sentora/panel/etc/apps/webmail/config if roundcube was upgraded properly. I believe they changed the location and name of the config file.

Yes but it's a link to  /etc/sentora/configs/roundcube/roundcube_config.inc.php 

Code:

4 drwxrwxrwx  2 www-data www-data  4096 Aug 17 13:47 .
4 drwxrwxrwx 12 www-data www-data  4096 Aug 17 13:52 ..
0 lrwxrwxrwx  1 www-data www-data    55 Apr 29  2015 config.inc.php -> /etc/sentora/configs/roundcube/roundcube_config.inc.php
52 -rw-r--r--  1 www-data www-data 52615 Jul 29  2018 defaults.inc.php
4 -rwxrwxrwx  1 www-data www-data  2815 Jan 30  2015 mimetypes.php
root@server:/etc/sentora/panel/etc/apps/webmail/config#

It is only woking from the link in Sentora panel. panel.server.nl/etc/apps/webmail/  Not from www.customer.nl/webmail 
var/sentora/temp is writable , my Global VHOST:

Code:

# Global Vhost Entry

#Alias

for MySQL login
Alias "/mysql" "/etc/sentora/panel/etc/apps/phpmyadmin"
<Directory "/etc/sentora/panel/etc/apps/phpmyadmin/">
  php_admin_value open_basedir /etc/sentora/panel/etc/apps/phpmyadmin
  Options +FollowSymLinks -Indexes
  AllowOverride All
  Require all granted
</Directory>
# Alias for roundcube WebMail login
Alias "/webmail" "/etc/sentora/panel/etc/apps/webmail"
<Directory "/etc/sentora/panel/etc/apps/webmail/">
  php_admin_value

 
Now I am going to try if Apache can handle the .../webmail directory. I see new files are set to 501:80 and not to www-data:www-data.

No , it doesn't matter 

[inkoop@topmatica.nl]

This could be a new thread.

The installer needs full acces. Now I did a chown www-data:www-data -R   in /etc/sentora/panel/etc/apps/webmail
, run the installer again,  and did a test.
But you have to copy specific Sentora config db table and loginkey in config.inc.php to get it work.

Now its also working on www.customer.nl/webmail   

[iraqiboy90]

NOTICE: This could be vulnerable as the sub domains are not locked down using suhosin. Use at your own risk!

Hi
Is this still a possibility?

I used the following code to lock it down with a wildcard certificate I already use for the main domain, which works fine, visually. I also changed it to 443 on the first part and added an http to https redirect with the last part. Is there anything behind that scene about security this might affect?

Code:

</VirtualHost>
# Configuration for WebMail
<VirtualHost *:443>
ServerName webmail.somedomain.com
DocumentRoot "/etc/sentora/panel/etc/apps/webmail/"
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/etc/apps/webmail/">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/somedomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/somedomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/somedomain.com/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
</VirtualHost>

<virtualhost *:80>
ServerName webmail.somedomain.com
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

Does adding this solves the issue?

Code:

php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"

Also, do I need this?

Code:

php_admin_value open_basedir /var/sentora/temp/:/etc/sentora/panel/etc/apps/webmail:/var/sentora/logs/roundcube

[Jettaman]

Hi
Is this still a possibility?

I used the following code to lock it down with a wildcard certificate I already use for the main domain, which works fine, visually. I also changed it to 443 on the first part and added an http to https redirect with the last part. Is there anything behind that scene about security this might affect?

Code:

</VirtualHost>
# Configuration for WebMail
<VirtualHost *:443>
ServerName webmail.somedomain.com
DocumentRoot "/etc/sentora/panel/etc/apps/webmail/"
AddType application/x-httpd-php .php
<Directory "/etc/sentora/panel/etc/apps/webmail/">
Options +FollowSymLinks -Indexes
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/somedomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/somedomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/somedomain.com/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
SSLCompression off
</VirtualHost>

<virtualhost *:80>
ServerName webmail.somedomain.com
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

Does adding this solves the issue?

Code:

php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"

Also, do I need this?

Code:

php_admin_value open_basedir /var/sentora/temp/:/etc/sentora/panel/etc/apps/webmail:/var/sentora/logs/roundcube

 
The code you added 

php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec"

 
fixes the security issue above for custom vhosts.

Adding Open_basedir to webmail you will need to change the logs dir from /var/sentora/logs/roundcube to /etc/sentora/panel/etc/webmail/logs in roundcube config because open_basedir will lock you in the vhost directory. Other than that you should be good.