Resolved How to create a permanent redirect for webmail from HTTP to HTTPS?

[MicheleB]

Hello,
I've activated more SSL certifications (Rapid SSL) for some domain to protect the webmail.

Now, Plesk allow to redirect automatically the main domain with "SEO-safe 301 permanent redirect from HTTP to HTTPS" in the control panel but isn't possible to do the same thing with the subdomain "webmail.domain.com".

Obviously, I need to set the redirect only for the domains in the server with the ssl certification for subdomain "webmail".

How can I force the redirect for the webmail?
Maybe with some DNS customisation (or creating a subdomain for "webmail")?

Thanks in advance for any useful information/instruction.

 

[Bitpalast]

I think there is no feature for this. My suggestion is to edit the /usr/local/psa/admin/conf/templates/default/webmail/webmail.php file for it and then # httpdmng --reconfigure-all afterwards to reconfigure the web server configuration files from the new template. Make a backup of the file before you edit it to a location outside the Plesk path.

From the non-SSL section of /usr/local/psa/admin/conf/templates/default/webmail/webmail.php you need to remove the existing includes and replace the content with a redirect to the SSL version of the domain.

Example: Change this section

<VirtualHost <?php
    echo "{$ipAddress->escapedAddress}:{$VAR->server->webserver->httpPort}";
    echo $VAR->server->webserver->proxyActive ? " 127.0.0.1:{$VAR->server->webserver->httpPort}" : "";
    ?>>

    ServerName "webmail.<?php echo $VAR->domain->asciiName ?>"
    <?php foreach ($VAR->domain->mailAliases as $alias): ?>
        ServerAlias  "webmail.<?php echo $alias->asciiName ?>"
    <?php endforeach; ?>

    UseCanonicalName Off

    <?php switch ($VAR->domain->webmail->type) {
        case 'atmail':
            echo $VAR->includeTemplate('webmail/atmail.php');
            break;
        case 'horde':
            echo $VAR->includeTemplate('webmail/horde.php');
            break;
        case 'roundcube':
            echo $VAR->includeTemplate('webmail/roundcube.php');
            break;
    } ?>

    <?php echo $VAR->includeTemplate('domain/PCI_compliance.php') ?>

</VirtualHost>

to this:

<VirtualHost <?php
    echo "{$ipAddress->escapedAddress}:{$VAR->server->webserver->httpPort}";
    echo $VAR->server->webserver->proxyActive ? " 127.0.0.1:{$VAR->server->webserver->httpPort}" : "";
    ?>>

    ServerName "webmail.<?php echo $VAR->domain->asciiName ?>"
    <?php foreach ($VAR->domain->mailAliases as $alias): ?>
        ServerAlias  "webmail.<?php echo $alias->asciiName ?>"
    <?php endforeach; ?>

    UseCanonicalName Off

   Redirect permanent / https://webmail.<?php echo $VAR->domain->asciiName ?>

</VirtualHost>

Do not change the SSL-section, only the non-SSL section.

No guarantees.

 

[MicheleB]

Thanks Peter... a question, the above configuration create permanent redirect for all domains available in the sever or only for those that have a ssl certification for "webmail" (if the domain not have https://webmail, open the normal http://webmail...)? Thanks

 

[Bitpalast]

This is for ALL domains. If you want this for only some domains, you need to enter PHP code into the template to create a case switch and provide an array of domain names that the extra configuraton is for, so that the default configuration is written for domains that are not in the array and the other configuraton is written for domains in the array.

Example:

$webmail_ssl_domain_r = array('mydomain.xx', 'myotherdomain.xx', 'mythirddomain.xx');
if (in_array($VAR->domain->asciiName, $webmail_ssl_domain_r)) {
// insert PHP code to create correct template for permanent redirect
else {
// insert PHP code to create correct template for default Plesk non-SSL
}

 

[MicheleB]

Ok, thanks!

I think that I'll wait next updates from Parallels ("https" will become very soon a standard and I think will be necessary for Plesk manage these behaviours without dangerous manual intervention on the code).

 

[UFHH01]

Hi MicheleB,

I think that you should as well know, that Roundcube for example has as well a basic configuration file, located at:

=> /usr/share/psa-roundcube/config/defaults.inc.php​

...

// ----------------------------------
// SYSTEM
// ----------------------------------

...

// enforce connections over https
// with this option enabled, all non-secure connections will be redirected.
// set the port for the ssl connection as value of this option if it differs from the default 443
$config['force_https'] = false;

// tell PHP that it should work as under secure connection
// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set)
// e.g. when you're running Roundcube behind a https proxy
// this option is mutually exclusive to 'force_https' and only either one of them should be set to true.
$config['use_https'] = false;

...

If you desire a permanent "HTTPS" - usage, you could ADD at "/usr/share/psa-roundcube/config/config.inc.php" ( why at "config.inc.php" ? Because Plesk might update/upgrade the Plesk - roundcube - package from time to time and you might want your unique modifications even after updates/upgrades! ):

$config['force_https'] = true;

 

[MicheleB]

If you desire a permanent "HTTPS" - usage, you could ADD at "/usr/share/psa-roundcube/config/config.inc.php" ( why at "config.inc.php" ? Because Plesk might update/upgrade the Plesk - roundcube - package from time to time and you might want your unique modifications even after updates/upgrades! ):

$config['force_https'] = true;

Thanks!

 

[JAjun]

Thanks for the hint with the template file.
Used it for Horde Active Sync and Autodiscover

 

[mr-wolf]

Alas, I can't implement this as I have some mail-only domains on that server for which I can't create a LetsEncrypt certificate.

 

[finbarr69]

@mr-wolf why not use only one domain for webmail and redirect all other webmails to that. For example, webmail.customer1.org or webmail.customer2.org both redirect to https://webmail.yourmaindomain.org

It doesn't matter which webmail domain you log into as long as the user logs in with the full email address.

 

[mr-wolf]

I know that you can use another domain as long as you are on the right server.

But that's the thing, I want to give my clients server addresses when they become a client.
From then on these should never change, not even when I migrate them to another server.

It's therefore always https://webmail.clientdomain

 

[OverWolf]

I've read this discussion, but I didn't find any info about horde webmail. Where can I force https for those domains that have a SSL certificate ?

Thank you

 

[UFHH01]

Another provided suggestion comes directly from Plesk, so pls. consider to read an follow:

=> How to redirect webmail HTTP to HTTPS​

 

[OverWolf]

Thanks UFHH01. But if I have understood, this solution redirect all domains even if there isn't any certificate. So, this is the problem: what can I do when I have a domain without ssl support ?

 

[UFHH01]

Hi OverWolf,

So, this is the problem: what can I do when I have a domain without ssl support ?

In this case, you should consider to manually add an additional domain - specific webmail - configuration file at "/etc/apache2/plesk.conf.d/webmails" or "/etc/httpd/plesk.conf.d/webmails" ( depending your operating system ) for domains WITH a valid certificate, with the recommended http - to -https - redirect inside a "VirtualHost" - configuration for your webmail - domain and port 7080.

The other option is to wait until 2018 ( that's only 3 months and a few days from now ), because Let's Encrypt announced wildcard - certificates from there on.