• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved How to create a permanent redirect for webmail from HTTP to HTTPS?

MicheleB

Regular Pleskian
Hello,
I've activated more SSL certifications (Rapid SSL) for some domain to protect the webmail.

Now, Plesk allow to redirect automatically the main domain with "SEO-safe 301 permanent redirect from HTTP to HTTPS" in the control panel but isn't possible to do the same thing with the subdomain "webmail.domain.com".

Obviously, I need to set the redirect only for the domains in the server with the ssl certification for subdomain "webmail".

How can I force the redirect for the webmail?
Maybe with some DNS customisation (or creating a subdomain for "webmail")?

Thanks in advance for any useful information/instruction.
 
I think there is no feature for this. My suggestion is to edit the /usr/local/psa/admin/conf/templates/default/webmail/webmail.php file for it and then # httpdmng --reconfigure-all afterwards to reconfigure the web server configuration files from the new template. Make a backup of the file before you edit it to a location outside the Plesk path.

From the non-SSL section of /usr/local/psa/admin/conf/templates/default/webmail/webmail.php you need to remove the existing includes and replace the content with a redirect to the SSL version of the domain.

Example: Change this section
Code:
<VirtualHost <?php
    echo "{$ipAddress->escapedAddress}:{$VAR->server->webserver->httpPort}";
    echo $VAR->server->webserver->proxyActive ? " 127.0.0.1:{$VAR->server->webserver->httpPort}" : "";
    ?>>

    ServerName "webmail.<?php echo $VAR->domain->asciiName ?>"
    <?php foreach ($VAR->domain->mailAliases as $alias): ?>
        ServerAlias  "webmail.<?php echo $alias->asciiName ?>"
    <?php endforeach; ?>

    UseCanonicalName Off

    <?php switch ($VAR->domain->webmail->type) {
        case 'atmail':
            echo $VAR->includeTemplate('webmail/atmail.php');
            break;
        case 'horde':
            echo $VAR->includeTemplate('webmail/horde.php');
            break;
        case 'roundcube':
            echo $VAR->includeTemplate('webmail/roundcube.php');
            break;
    } ?>

    <?php echo $VAR->includeTemplate('domain/PCI_compliance.php') ?>

</VirtualHost>

to this:
Code:
<VirtualHost <?php
    echo "{$ipAddress->escapedAddress}:{$VAR->server->webserver->httpPort}";
    echo $VAR->server->webserver->proxyActive ? " 127.0.0.1:{$VAR->server->webserver->httpPort}" : "";
    ?>>

    ServerName "webmail.<?php echo $VAR->domain->asciiName ?>"
    <?php foreach ($VAR->domain->mailAliases as $alias): ?>
        ServerAlias  "webmail.<?php echo $alias->asciiName ?>"
    <?php endforeach; ?>

    UseCanonicalName Off

   Redirect permanent / https://webmail.<?php echo $VAR->domain->asciiName ?>

</VirtualHost>

Do not change the SSL-section, only the non-SSL section.

No guarantees.
 
This is for ALL domains. If you want this for only some domains, you need to enter PHP code into the template to create a case switch and provide an array of domain names that the extra configuraton is for, so that the default configuration is written for domains that are not in the array and the other configuraton is written for domains in the array.

Example:
Code:
$webmail_ssl_domain_r = array('mydomain.xx', 'myotherdomain.xx', 'mythirddomain.xx');
if (in_array($VAR->domain->asciiName, $webmail_ssl_domain_r)) {
// insert PHP code to create correct template for permanent redirect
else {
// insert PHP code to create correct template for default Plesk non-SSL
}
 
Ok, thanks!

I think that I'll wait next updates from Parallels ("https" will become very soon a standard and I think will be necessary for Plesk manage these behaviours without dangerous manual intervention on the code).
 
Hi MicheleB,

I think that you should as well know, that Roundcube for example has as well a basic configuration file, located at:

=> /usr/share/psa-roundcube/config/defaults.inc.php​

Code:
...

// ----------------------------------
// SYSTEM
// ----------------------------------

...

// enforce connections over https
// with this option enabled, all non-secure connections will be redirected.
// set the port for the ssl connection as value of this option if it differs from the default 443
$config['force_https'] = false;

// tell PHP that it should work as under secure connection
// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set)
// e.g. when you're running Roundcube behind a https proxy
// this option is mutually exclusive to 'force_https' and only either one of them should be set to true.
$config['use_https'] = false;

...


If you desire a permanent "HTTPS" - usage, you could ADD at "/usr/share/psa-roundcube/config/config.inc.php" ( why at "config.inc.php" ? Because Plesk might update/upgrade the Plesk - roundcube - package from time to time and you might want your unique modifications even after updates/upgrades! ):

Code:
$config['force_https'] = true;
 
If you desire a permanent "HTTPS" - usage, you could ADD at "/usr/share/psa-roundcube/config/config.inc.php" ( why at "config.inc.php" ? Because Plesk might update/upgrade the Plesk - roundcube - package from time to time and you might want your unique modifications even after updates/upgrades! ):
Code:
$config['force_https'] = true;

Thanks!
 
Alas, I can't implement this as I have some mail-only domains on that server for which I can't create a LetsEncrypt certificate.
 
I know that you can use another domain as long as you are on the right server.

But that's the thing, I want to give my clients server addresses when they become a client.
From then on these should never change, not even when I migrate them to another server.

It's therefore always https://webmail.clientdomain
 
I've read this discussion, but I didn't find any info about horde webmail. Where can I force https for those domains that have a SSL certificate ?

Thank you
 
Thanks UFHH01. But if I have understood, this solution redirect all domains even if there isn't any certificate. So, this is the problem: what can I do when I have a domain without ssl support ?
 
Hi OverWolf,

So, this is the problem: what can I do when I have a domain without ssl support ?
In this case, you should consider to manually add an additional domain - specific webmail - configuration file at "/etc/apache2/plesk.conf.d/webmails" or "/etc/httpd/plesk.conf.d/webmails" ( depending your operating system ) for domains WITH a valid certificate, with the recommended http - to -https - redirect inside a "VirtualHost" - configuration for your webmail - domain and port 7080.

The other option is to wait until 2018 ( that's only 3 months and a few days from now ), because Let's Encrypt announced wildcard - certificates from there on. ;)
 
Back
Top