Resolved redirect webmail from HTTP to HTTPS not working

[SMAHI]

Hi,
I am trying to redirect webmail from http to https on Plesk Onyx, I have followed this thread but without success.
What did i miss ?
Knowing that i am using roundcube.

Please help.

 

[UFHH01]

Hi SMAHI,

first, you should be informed, that the mentioned KB - article 129260 has been written for "Plesk 12.5 for Linux" and not for Plesk Onyx!
The "Solution 2" for example differs for Plesk Onyx, because the templates - locations and names changed in some cases. The file "domainWebmail.php" is now named as "webmail.php" located at "/usr/local/psa/admin/conf/templates/default/webmail" and you would certainly copy your CUSTOM template at "/usr/local/psa/admin/conf/templates/custom/webmail". This leads as well to the fact, that you would create the folder in the step 1 at "Solution 2" with the command:

mkdir -p /usr/local/psa/admin/conf/templates/custom/webmail

In addition, you should be aware of the fact, that you could use NGINX as well on your server, which leads to an additional step for "Solution 2", where you can edit the CUSTOM template "nginxWebmailPartial.php" with additional http-to-https redirects. Example:

• Create a custom template for NGINX:
  

  mkdir -p /usr/local/psa/admin/conf/templates/custom/webmail
  cp -p /usr/local/psa/admin/conf/templates/default/webmail/nginxWebmailPartial.php /usr/local/psa/admin/conf/templates/custom/webmail/

  add following to your CUSTOM template :

      if ($host ~* ^<?php echo $alias->asciiName ?>$) {
          rewrite ^(.*)$ https://webmail.<?php echo $alias->asciiName ?>$1 permanent;
      }

  It would then look like this:

  <?php /** @var Template_VariableAccessor $VAR */ ?>
  <?php
  if (!$VAR->domain->webmail->isActive) {
      echo "# Webmail is not enabled on the domain\n";
      return;
  }
  ?>
  <?php foreach ($VAR->domain->webmail->ipAddresses as $ipAddress): ?>
  server {
      listen <?php echo $ipAddress->escapedAddress . ':' . $OPT['frontendPort'] . ($OPT['ssl'] ? ' ssl' : '') ?>;
      server_name "webmail.<?php echo $VAR->domain->asciiName ?>";
      <?php foreach ($VAR->domain->mailAliases as $alias): ?>
          server_name  "webmail.<?php echo $alias->asciiName ?>";
      <?php endforeach; ?>
  
  <?php if ($OPT['ssl']): ?>
  <?php $sslCertificate = $VAR->server->sni && $VAR->domain->webmail->sslCertificate
          ? $VAR->domain->webmail->sslCertificate
          : $ipAddress->sslCertificate; ?>
  <?php   if ($sslCertificate->ce): ?>
      ssl_certificate             <?php echo $sslCertificate->ceFilePath ?>;
      ssl_certificate_key         <?php echo $sslCertificate->ceFilePath ?>;
  <?php       if ($sslCertificate->ca): ?>
      ssl_client_certificate      <?php echo $sslCertificate->caFilePath ?>;
  <?php       endif ?>
  <?php   endif ?>
  <?php endif ?>
  
      client_max_body_size 128m;
  
      location / {
  <?php if ($OPT['ssl']): ?>
          proxy_pass https://<?php echo $ipAddress->proxyEscapedAddress . ':' . $OPT['backendPort'] ?>;
  <?php else: ?>
          proxy_pass http://<?php echo $ipAddress->proxyEscapedAddress . ':' . $OPT['backendPort'] ?>;
  <?php endif ?>
          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      }
     
      if ($host ~* ^<?php echo $alias->asciiName ?>$) {
          rewrite ^(.*)$ https://webmail.<?php echo $alias->asciiName ?>$1 permanent;
      }
  }
  
  <?php endforeach; ?>

• Reconfigure all domains:

  plesk sbin httpdmng --reconfigure-all

WARNING: please avoid execution of httpdmng utility with "--reconfigure-all" option in case of a big number of hosted domains. Instead, reconfigure it by bunches using "--reconfigure-domains" option. Start this utility with "--help" option to find more information about its usage.

 

[SMAHI]

@UFHH01 thank very much, it works like a charm

For those who are so lazy to learn @UFHH01 beautiful explanation do as follow ( for roundcude )

cp /usr/local/psa/admin/conf/templates/default/webmail/roundcube.php /usr/local/psa/admin/conf/templates/custom/webmail/

then edit the file

vim /usr/local/psa/admin/conf/templates/custom/webmail/roundcube.php

then add the following code snippets at the end of roundcube.php

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

then type in Terminal ( do this if you have a small amount of web site on your server )

/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

then hit enter, et Voila

Thank you again @UFHH01

 

[swaan]

I just did the nginx version (1:1 copy-paste) with the latest Onyx but nothing at all changed. I just checked that the webmail is served by nginx and not apache. Has something changed in the config?

 

[UFHH01]

Hi swaan,

if you could provide the content of YOUR corresponding default and custom templates, people willing to help you could investigate possible issues/errors/problems because of possible misconfiguration or depending Plesk version changes.
It could help as well to name YOUR current used Plesk version ( incl. #MU ), as templates may differ, depending to your Plesk version.

 

[swaan]

Thanks for the prompt reply!
The Plesk, Version 17.5.3 Update #24, is only a week old.

here is /usr/local/psa/admin/conf/templates/custom/webmail/nginxWebmailPartial.php

<?php /** @var Template_VariableAccessor $VAR */ ?>
<?php
if (!$VAR->domain->webmail->isActive) {
    echo "# Webmail is not enabled on the domain\n";
    return;
}
?>
<?php foreach ($VAR->domain->webmail->ipAddresses as $ipAddress): ?>
server {
    listen <?php echo $ipAddress->escapedAddress . ':' . $OPT['frontendPort'] . ($OPT['ssl'] ? ' ssl' : '') ?>;
    server_name "webmail.<?php echo $VAR->domain->asciiName ?>";
    <?php foreach ($VAR->domain->mailAliases as $alias): ?>
        server_name  "webmail.<?php echo $alias->asciiName ?>";
    <?php endforeach; ?>

<?php if ($OPT['ssl']): ?>
<?php $sslCertificate = $VAR->server->sni && $VAR->domain->webmail->sslCertificate
        ? $VAR->domain->webmail->sslCertificate
        : $ipAddress->sslCertificate; ?>
<?php   if ($sslCertificate->ce): ?>
    ssl_certificate             <?php echo $sslCertificate->ceFilePath ?>;
    ssl_certificate_key         <?php echo $sslCertificate->ceFilePath ?>;
<?php       if ($sslCertificate->ca): ?>
    ssl_client_certificate      <?php echo $sslCertificate->caFilePath ?>;
<?php       endif ?>
<?php   endif ?>
<?php endif ?>

    client_max_body_size 128m;

    location / {
<?php if ($OPT['ssl']): ?>
        proxy_pass https://<?php echo $ipAddress->proxyEscapedAddress . ':' . $OPT['backendPort'] ?>;
<?php else: ?>
        proxy_pass http://<?php echo $ipAddress->proxyEscapedAddress . ':' . $OPT['backendPort'] ?>;
<?php endif ?>
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

    if ($host ~* ^<?php echo $alias->asciiName ?>$) {
      rewrite ^(.*)$ https://webmail.<?php echo $alias->asciiName ?>$1 permanent;
    }
}

<?php endforeach; ?>

Additional nginx directives:

if (!-f $request_filename){
    set $rule_1 1$rule_1;
}
if (!-d $request_filename){
    set $rule_1 2$rule_1;
}
if ($rule_1 = "21"){
    rewrite /. /index.php last;
}
location / {
    try_files $uri $uri/ /index.php?$args;
}

There shouldn't be anything else anywhere that is custom.

Afterwards I did:

root@plesk:/etc# plesk sbin httpdmng --reconfigure-all

Warning: Current locale is unusable. Using 'C' instead.

It completed without further info.

 

[UFHH01]

Hi swaan,

did you create the subdomain "webmail.YOUR-DOMAIN.COM" at your subscriptions? ( I asked this, because you added "Additional nginx directives" ).

In addition, pls. note, that the Plesk KB - article has been updated by now, to cover as well Plesk Onyx resolutions:

=> How to redirect webmail HTTP to HTTPS​

 

[swaan]

Hi swaan,

did you create the subdomain "webmail.YOUR-DOMAIN.COM" at your subscriptions? ( I asked this, because you added "Additional nginx directives" ).

In addition, pls. note, that the Plesk KB - article has been updated by now, to cover as well Plesk Onyx resolutions:

=> How to redirect webmail HTTP to HTTPS​

No there are no subdomains for any of the domain subscription.

 

[UFHH01]

Hi swaan,

and did you try the resolution from the Plesk KB article, as it is now the recommended way, instead of the above suggested work-around from Dez. 2016 ?

 

[swaan]

Well I could try. But what is the point because I don't use Apache? I don't see anything related to Nginx in that KB. Am I mistaken?

 

[UFHH01]

Hi swaan,

pls. note:

Note: Plesk services (for example, Webmail) continue working using Apache and are not affected by switching to nginx-only hosting.

=> Apache and Nginx Settings​

 

[swaan]

You were correct

I did a HTTP header check for the subdomain:

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Oct 2017 16:03:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Expires: Wed, 11 Oct 2017 16:03:17 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-DNS-Prefetch-Control: off
X-Frame-Options: sameorigin
Content-Language: en
Set-Cookie: roundcube_sessid=cahe950l734e7m3glcrj1nq5n5; path=/; HttpOnly
Last-Modified: Wed, 11 Oct 2017 16:03:17 GMT

That led me to believe it was delivered by nginx.

I followed the KB mentioned above and it works as it should.

Thanks for your quick help!