Webert de Souza Lima
2017-12-18 15:59:41 UTC
Hello everyone,
I have recently upgraded Roundcube from release-1.2 to release-1.3.
Roundcube is running behind HA-Proxy with SSL-Termination, which means that
the traffic is encrypted between the client and haproxy but not between
haproxy and roundcube(served by nginx).
It seems that after the upgrade, the variable $_SERVER['HTTPS'] is not
being set to 'on', and some plugins that use this variable are serving
resources over http, which causes the browser to complain about Mixed
Content and connection not fully secure.
Not all domains are set to redirect to SSL port, so I can't force https,
but the ones who use it are set up in nginx like this:
server {
listen 80;
server_name webmail.domain_name;
return 301 https://$server_name/;
}
server {
listen 443;
root /var/www;
index index.php;
server_name webmail.domain_name;
access_log off;
location / {
try_files $uri $uri/ =404;
}
location ~ .php$ {
root /var/www;
fastcgi_pass php;
fastcgi_read_timeout 120;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
the port 443 here is just a different port but traffic is not encrypted
because the HA-Proxy does the encryption with the client.
Any suggestions to fix this? Thanks!
Regards,
Webert Lima
DevOps Engineer at MAV Tecnologia
*Belo Horizonte - Brasil*
*IRC NICK - WebertRLZ*
I have recently upgraded Roundcube from release-1.2 to release-1.3.
Roundcube is running behind HA-Proxy with SSL-Termination, which means that
the traffic is encrypted between the client and haproxy but not between
haproxy and roundcube(served by nginx).
It seems that after the upgrade, the variable $_SERVER['HTTPS'] is not
being set to 'on', and some plugins that use this variable are serving
resources over http, which causes the browser to complain about Mixed
Content and connection not fully secure.
Not all domains are set to redirect to SSL port, so I can't force https,
but the ones who use it are set up in nginx like this:
server {
listen 80;
server_name webmail.domain_name;
return 301 https://$server_name/;
}
server {
listen 443;
root /var/www;
index index.php;
server_name webmail.domain_name;
access_log off;
location / {
try_files $uri $uri/ =404;
}
location ~ .php$ {
root /var/www;
fastcgi_pass php;
fastcgi_read_timeout 120;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
the port 443 here is just a different port but traffic is not encrypted
because the HA-Proxy does the encryption with the client.
Any suggestions to fix this? Thanks!
Regards,
Webert Lima
DevOps Engineer at MAV Tecnologia
*Belo Horizonte - Brasil*
*IRC NICK - WebertRLZ*