EFA webgui (MailWatch) change to HTTPS

Report bugs and workarounds
Post Reply
paegg
Posts: 2
Joined: 12 Apr 2014 17:28

EFA webgui (MailWatch) change to HTTPS

Post by paegg »

Hi,

I've installed the EFA 3.0.0.1 VM image, updated all available packages & upgraded to EFA 3.0.0.4 & rebooted.

So far all seems okay, except when I want to activate HTTPS (& reroute port 80 to 443 as well).
I go into EFA configuration (SSH) via option 11 (Apache settings) and activate HTTPS.

After that it's adios webinterface for MailWatch, neither HTTP nor HTTPS respond anymore. (IP, hostname, etc).
Only webmin is still responsive (https://ipaddress:10000)
Whatever I then try to change back via SSH or do a reboot, MailWatch webgui stays unavailable.

I tried several times by restoring a VM snapshot, try a slightly different approach, but same result each time

Not sure if this is a bug or some config issue at my end, any suggestions would be great :)

Thanks!
Paul.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: EFA webgui (MailWatch) change to HTTPS

Post by shawniverson »

What does the following reveal?

Code: Select all

sudo iptables -L
and the following

Code: Select all

sudo service httpd status
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: EFA webgui (MailWatch) change to HTTPS

Post by shawniverson »

Found the bugs

The iptables-save command is writing to stdout instead of the config file

Edit /etc/sysconfig/iptables

Add the following after the port 80 line:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

Code: Select all

sudo service iptables reload
paegg
Posts: 2
Joined: 12 Apr 2014 17:28

Re: EFA webgui (MailWatch) change to HTTPS

Post by paegg »

Hi,

That did the trick indeed, HTTPS is now accessible, thanks very much!

But now both HTTP (80) and HTTPS (443) are accepted if I'm not mistaken?
If I want to disable HTTP, can I just delete or remark the 'port 80' line out?

A cleaner solution would be to redirect HTTP to HTTPS, would the following addition to iptables be correct?

Code: Select all

-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 443
Thanks!
Paul.
Mr. Happy
Posts: 51
Joined: 03 Jan 2014 17:07

Re: EFA webgui (MailWatch) change to HTTPS

Post by Mr. Happy »

I'm interested in this too...
Anybody??
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: EFA webgui (MailWatch) change to HTTPS

Post by shawniverson »

That looks good. It should work.

Wouldn't need to rewrite the URL with that prerouting directive...
Post Reply