Hi,
I've installed the EFA 3.0.0.1 VM image, updated all available packages & upgraded to EFA 3.0.0.4 & rebooted.
So far all seems okay, except when I want to activate HTTPS (& reroute port 80 to 443 as well).
I go into EFA configuration (SSH) via option 11 (Apache settings) and activate HTTPS.
After that it's adios webinterface for MailWatch, neither HTTP nor HTTPS respond anymore. (IP, hostname, etc).
Only webmin is still responsive (https://ipaddress:10000)
Whatever I then try to change back via SSH or do a reboot, MailWatch webgui stays unavailable.
I tried several times by restoring a VM snapshot, try a slightly different approach, but same result each time
Not sure if this is a bug or some config issue at my end, any suggestions would be great
Thanks!
Paul.
EFA webgui (MailWatch) change to HTTPS
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA webgui (MailWatch) change to HTTPS
What does the following reveal?
and the following
Code: Select all
sudo iptables -L
Code: Select all
sudo service httpd status
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA webgui (MailWatch) change to HTTPS
Found the bugs
The iptables-save command is writing to stdout instead of the config file
Edit /etc/sysconfig/iptables
Add the following after the port 80 line:
The iptables-save command is writing to stdout instead of the config file
Edit /etc/sysconfig/iptables
Add the following after the port 80 line:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
Code: Select all
sudo service iptables reload
Re: EFA webgui (MailWatch) change to HTTPS
Hi,
That did the trick indeed, HTTPS is now accessible, thanks very much!
But now both HTTP (80) and HTTPS (443) are accepted if I'm not mistaken?
If I want to disable HTTP, can I just delete or remark the 'port 80' line out?
A cleaner solution would be to redirect HTTP to HTTPS, would the following addition to iptables be correct?
Thanks!
Paul.
That did the trick indeed, HTTPS is now accessible, thanks very much!
But now both HTTP (80) and HTTPS (443) are accepted if I'm not mistaken?
If I want to disable HTTP, can I just delete or remark the 'port 80' line out?
A cleaner solution would be to redirect HTTP to HTTPS, would the following addition to iptables be correct?
Code: Select all
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 443
Paul.
Re: EFA webgui (MailWatch) change to HTTPS
I'm interested in this too...
Anybody??
Anybody??
- shawniverson
- Posts: 3644
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: EFA webgui (MailWatch) change to HTTPS
That looks good. It should work.
Wouldn't need to rewrite the URL with that prerouting directive...
Wouldn't need to rewrite the URL with that prerouting directive...