Solved

https support for subdomain or sub folder on my site

Posted on 2012-03-21
19
365 Views
Last Modified: 2012-06-27
I have one VPS server running for my domain, www.xxxx.com
Now, I setup our company email server webaccess portal, it is www.xxxx.com/webmail
How can I do the right configuration so that we can access mail via https://www.xxxx.com/webmail or http://webmail.xxxx.com for staff email service?
I do not want home page access via: https://www.xxxx.com , please take it into account.
Our server is the Zend server ce version.

Thanks!
matiascx
0
Comment
Question by:matiascx
  • 10
  • 9
19 Comments
 
LVL 6

Expert Comment

by:netjgrnaut
Comment Utility
You need to configure name-based virtual hosts on Apache - and configure  webmail.xxxx.com as a DNS CNAME pointing to your web server.

You can configure each virtual host to listen (or not) on http (TCP 80), https (TCP 443), or both.  Technically each is it's own vhost entry.  Not sure if I'm parsing what you want correctly - but I think you're saying...

1.

http://www.xxxx.com <- home page

2.

https://www.xxxx.com/webmail <- webmail

3.

http://webmail.xxxx.com <- webmail

4.

https://www.xxxx.com <-nothing (?!)
That's a problem.  2 & 4 above conflict.  Either a vhost listen on https/443 - or it doesn't.  You can't have it both ways.  You might be able to point the https vhost of www.xxxx.com directly to the webmail folder, though.

A look at your httpd.conf would help, but here's the basics...

First, you need to enable your virtual host config file from the main httpd.conf file. This is generally located towards the bottom of the file, and looks like this:
# Virtual hosts  
#Include conf/extra/httpd-vhosts.conf 

Open in new window

Remove the # from the second line to include your vhost config.

Then, find the httpd-vhosts.conf file.  In that file, you need to un-comment (remove the # in front of) the line that reads:
NameVirtualHost *:80 

Open in new window


In that file are some example on how to set up a proper Name Based Virtual Host. Update the settings in one of those virtual host containers to match the file paths, host name, etc.
<VirtualHost *:80> 
    ServerAdmin webmaster@dummy-host.example.com 
    DocumentRoot "C:\xampp\htdocs\zend_projects\YOUR_HTML_DIR" 
    ServerName vhostname.lo 
    ErrorLog "logs/vhostname.lo-error.log" 
    CustomLog "logs/vhostname.lo-access.log" common 
</VirtualHost> 

Open in new window


There are some extra bits for https, but you're basically looking for the following <VirtualHost> sections...

<VirtualHost *:80>

Open in new window

point to the homepage content
this will enable http access to www.xxxx.com/webmail - there is no avoiding this; if you want to force https access to webmail (and you should, IMHO) - that's a different discussion
<VirtualHost webmail.xxxx.com:80>

Open in new window

point to the /webmail content
enables http access using DNS CNAME webmail.xxxx.com -> www.xxxx.com (are you sure you want this?)
<VirtualHost webmail.xxxx.com:443>

Open in new window

point to the /webmail content
enables https access using DNS CNAME webmail.xxxx.com -> www.xxxx.com
<VirtualHost www.xxxx.com:443>

Open in new window

point to the /webmail content
a possible workaround to your desire to *not* serve the homepage via https; note that https://www.xxxx.com/webmail still won't work (unless you make a /webmail/webmail directory with an HTTP-redirect page - again, another conversation

Hopefully that's enough to get you started.

This document may also be helpful...
http://files.zend.com/help/Zend-Server-Community-Edition/configuring_zend_framework.htm
0
 
LVL 6

Expert Comment

by:netjgrnaut
Comment Utility
Sorry... I should've said

but you're basically looking to add and configure the following <VirtualHost> sections...
0
 

Author Comment

by:matiascx
Comment Utility
Hi,  netjgrnaut,
Thanks for your detail info, I will do some test configuration based on your comments.
Wait a while.
Thanks!
matiascx
0
 

Author Comment

by:matiascx
Comment Utility
netjgrnaut,
You have totally caught what problem should I fix.
Firstly, I must let the http://webmail.xxxx.com work.
Unfortunately, when I access webmail.xxxx.com, it leads me to the home page of www.xxxx.com.
Why?
I have configured the DNS and virtual host according to your proposal.
Can you have a review on my virutual host settings:

#
NameVirtualHost *:80
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost www.xxxx.com:80>
    ServerAdmin webmaster@xxxx.com
    DocumentRoot "C:\Zend\Apache2\htdocs"
    ServerName xxxx.com
    ServerAlias www.xxxx.com
    ErrorLog "logs/dummy-host.example.com-error.log"
    CustomLog "logs/dummy-host.example.com-access.log" common
</VirtualHost>
<VirtualHost webmail.xxxx.com:80>
    ServerAdmin webmaster@xxxx.com
    DocumentRoot "C:\Zend\Apache2\htdocs\webmail"
    ServerName webmail.guozhiyin.com
    ErrorLog "logs/dummy-host2.example.com-error.log"
    CustomLog "logs/dummy-host2.example.com-access.log" common
</VirtualHost>
0
 
LVL 6

Assisted Solution

by:netjgrnaut
netjgrnaut earned 500 total points
Comment Utility
Sorry... I wrote those examples blind.  It's been a while since I've maintained Apache.  The host name doesn't go in the <VirtualHost> definition, as I originally wrote.  D'oh!

Here's what you want...

NameVirtualHost *:80

<VirtualHost *:80>
 ServerName www.guozhiyin.com
 ServerAlias guozhiyin.com
 ServerAdmin webmaster@guozhiyin.com
 DocumentRoot "C:\Zend\Apache2\htdocs"
 ErrorLog "logs/www.guozhiyin.com-error.log"
 CustomLog "logs/www.guozhiyin.com-access.log" common
</VirtualHost>

<VirtualHost *:80>
 ServerName webmail.guozhiyin.com
 ServerAdmin webmaster@guozhiyin.com
 DocumentRoot "C:\Zend\Apache2\htdocs\webmail"
 ErrorLog "logs/webmail.guozhiyin.com-error.log"
 CustomLog "logs/webmail.guozhiyin.com-access.log" common
</VirtualHost>

Open in new window


Detailed Apache guide here:
http://httpd.apache.org/docs/2.0/vhosts/name-based.html
0
 
LVL 6

Expert Comment

by:netjgrnaut
Comment Utility
Uh... you probably need your / to be \ in the log config directives.
0
 

Author Comment

by:matiascx
Comment Utility
Hi, netjgrnaut,
I have configured right for the http://webmail.guozhiyin.com ,it works!
Now, the https://webmail.guozhiyin.com can not work. Here I pasted the httpd-vhost.conf
for your help.

NameVirtualHost *:80
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
    ServerAdmin webmaster@guozhiyin.com
    DocumentRoot "C:\Zend\Apache2\htdocs"
    ServerName guozhiyin.com
    ServerAlias www.guozhiyin.com
    ErrorLog "logs/dummy-host.example.com-error.log"
    CustomLog "logs/dummy-host.example.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
    DocumentRoot "C:\Zend\Apache2\htdocs\webmail"
    ServerName webmail.guozhiyin.com
    ServerAdmin webmaster@guozhiyin.com
    ErrorLog "logs/webmail.guozhiyin.com-error.log"
    CustomLog "logs/webmail.guozhiyin.com-access.log" common
</VirtualHost>
<VirtualHost *:443>
    DocumentRoot "C:\Zend\Apache2\htdocs\webmail"
    ServerName webmail.guozhiyin.com
    ServerAdmin webmaster@guozhiyin.com
    ErrorLog "logs/webmail.guozhiyin.com-error.log"
    CustomLog "logs/webmail.guozhiyin.com-access.log" common
</VirtualHost>
0
 
LVL 6

Expert Comment

by:netjgrnaut
Comment Utility
This could be a number of things, most of them not related to Apache at all...

First off, you also need to add
NameVirtualHost *:443

Open in new window


to your httpd-vhost.conf file.

Try that first.  If it still isn't working, proceed to the following questions...

Now... on to the "why can't I access my site via HTTPS" questions...

Are you testing from the web server's local network?  If not, then we have to first look at firewall-related issues...
Is HTTPS (TCP port 443) enabled to this host through the network firewall?
Is HTTPS (TCP port 443) accepted from remote networks by the host firewall?

If you're on the same network segment and subnet as the web server, or if you've confirmed the answer to the above questions is "yes," then we move on to the web server question.
Is SSL enabled with the Apache server?

Look for the following lines in your httpd.conf
Listen 443
SSLEngine On
SSLCertificateFile /etc/....
SSLCertificateKeyFile /etc/.....

Open in new window


If you have to add these lines to your httpd.conf, then there will be more work (like generating a certificate) to be done.

If you find these lines, but they are commented out, then your installation may have some default self-signed certificates that we can at least test with.

So... happy hunting, my friend.  Let me know how it goes!
0
 

Author Comment

by:matiascx
Comment Utility
Dear netjgrnaut,
Thanks for your kind expertise proposal.
I will go through your advise for it and feedback it to you.

Thanks!
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:matiascx
Comment Utility
Dear netjgrnaut,
Unfortunately, the webserver of mine has not the following lines:

Listen 443
SSLEngine On
...

Seems that is a little complex.
My server is zend ce which runs under windows.
Any idea for me?

Thanks!
0
 
LVL 6

Assisted Solution

by:netjgrnaut
netjgrnaut earned 500 total points
Comment Utility
http://files.zend.com/help/Zend-Server-Community-Edition/appendix_f_-_loading_the_mod_ssl_odule.htm

Uncomment this line in your httpd.conf...
Include conf/extra/httpd-ssl.conf

Open in new window


Per the link above, you'll also need to generate a self-signed cert (unless you've acquired one from an SSL certificate provider).  The following covers that pretty clearly...

http://superuser.com/questions/249698/generating-self-signed-ssl-certificate-for-apache-on-windows-vista

You will probably find a NameVirtualHost *:443 statement in the httpd-ssl.conf file, as well as <VirtualHost: *:443> section.  Not sure on that, as I don't have a Zend distro available to check...

If so, I'd recommend moving your https/ssl VirtualHost section we built earlier from httpd-vhost.conf to httpd-ssl.conf.  So long as httpd-ssl.conf is included before httpd-vhost.conf in the main httpd.conf file, the VirtualHost stuff should work in either place.  You just want to be sure you don't have conflicting HTTPS VirtualHost definitions in different files.
0
 

Author Comment

by:matiascx
Comment Utility
Dear netjgrnaut,
Thanks for so much information you provide for me.
I am not very clear about what should I do for the ssl setup for my webmail.guozhiyin.com
Can you simplify the process and give some explaination what that specific step is doing for me?
BTW, is there free vendor for ssl certificate?

Thanks so much!
0
 
LVL 6

Expert Comment

by:netjgrnaut
Comment Utility
Free SSL = self-signed SSL. This will require your users to click through security warnings about unknown publisher/untested certificate, or to install your certificate. This is not a good business model. If you are only providing a webmail interface for employees, it might be manageable. But if you're providing webmail (or any kind of encrypted/secured web service) to customers or business partners, then self-signed SSL might not be the best idea.

However - that's a non-technical business decision that you'll need to make a the appropriate level. Probably better not to get off in the weeds here.

Do you see a line in your httpd.conf  like the one I posted above? To include httpd-ssl.conf - much like the line to include httpd-vhost.conf?

Uncomment that, restart Apache, try connecting to https://webmail and https://www again. Let me know the results. Please be specific.
0
 
LVL 6

Expert Comment

by:netjgrnaut
Comment Utility
If it doesn't work (and I suspect it won't), you can save time by attaching a sanitized copy of your httpd-ssl.conf here. I can then walk you through the same directions I posted above, using your specific setup as a reference.
0
 

Author Comment

by:matiascx
Comment Utility
Dear netjgrnaut,
Thanks for your explaination on the Free ssl. It helped me out on my business website setup!
Currently, I will use the free ssl to test it work. When I bring it online, I will select the commercial ssl service. Can you recomment vendors for free and commercial ssl service provider?
Firstly, I must make clear to bring my https://webmail.guozhiyin.com to work using "free"ssl so that I have enough knowhow for further commercial website setup.
Unfortunately, when I un-comment out the #Include conf/extra/httpd-ssl.conf,
appache can not start!
I have a dig into the httpd-ssl.conf, there are so many information which confuse me.
Can you help me out on this important issue? I will attach the httpd.conf and httpd-ssl.conf here.
Thanks a lot for your great help with great patiency!
httpd.conf.txt
httpd-ssl.conf.txt
0
 
LVL 6

Accepted Solution

by:
netjgrnaut earned 500 total points
Comment Utility
First, remove this from httpd-vhosts.conf

<VirtualHost *:443>
    DocumentRoot "C:\Zend\Apache2\htdocs\webmail"
    ServerName webmail.guozhiyin.com
    ServerAdmin webmaster@guozhiyin.com
    ErrorLog "logs/webmail.guozhiyin.com-error.log"
    CustomLog "logs/webmail.guozhiyin.com-access.log" common
</VirtualHost>

Open in new window


Next... find openssl.exe.  It should be in the apache2/bin directory, but if not you can find it by opening a command prompt and searching for it...

C:\Zend\Apache2> dir /s opensll.exe

Open in new window


Assuming it's in C:\Zend\Apache2\bin, you would next run...

C:\Zend\apache2\bin> openssl.exe req -x509 -newkey rsa:2048 -keyout server.key -out server.crt -days 1000 -nodes

Open in new window


Now copy server.crt and server.key to C:\Zend\Apache2\conf - overwrite what's there, if prompted to do so.

Backup your current httpd-ssl.conf and use the one I've attached instead.

Uncomment the following line in httpd.conf...
Include conf/extra/httpd-ssl.conf

Open in new window


Give it a try.  You should be prompted to enter the passphrase for the server SSL key at the console when you start.

If you're still having problems, please review the application log for errors, as well as the various logfiles specified in the three httpd conf files.
httpd-ssl.conf.txt
0
 

Author Comment

by:matiascx
Comment Utility
Dear netjgrnaut,
Thanks for your great help!
The https://webmail.guozhiyin.com can be access now!!
But I do not know what is each step you teach me is doing for.
Can you give some small explaination on what I am doing for these steps?
Thanks!
matiascx
0
 
LVL 6

Assisted Solution

by:netjgrnaut
netjgrnaut earned 500 total points
Comment Utility
First, remove this from httpd-vhosts.conf

You can only specify the https/ssl vhost in one place.  We'd already defined it with the rest of the vhosts.  In this set of steps, we move that definition to the httpd-ssl.conf file instead (because that's where the rest of the sll-related configuration takes place).

Next... find openssl.exe [...] Assuming it's in C:\Zend\Apache2\bin, you would next run...

This step creates a self-singed SSL certificate for your host, using the openssl.exe binary included with the Zend apache distribution.

Now copy server.crt and server.key to C:\Zend\Apache2\conf

This step puts the key/certificate pair that you just created into the location specified in the httpd-ssl.conf file.

Backup your current httpd-ssl.conf and use the one I've attached instead.

The httpd-ssl.conf file I provided integrates the vhost definition (that we removed from the httpd-vhosts.conf file in the first step) with the other options necessary to enable SSL on Apache (that were already in the httpd-ssl.conf file).

Uncomment the following line in httpd.conf...

This includes the httpd-ssl.conf file we just put in place.

More detailed descriptions of all the work necessary to a) enable vhosts and b) enable SSL is available at these links.

Glad to hear everything is working for you!
0
 

Author Closing Comment

by:matiascx
Comment Utility
Thanks to netjgrnaut's great help! I have solved the issue step by step under guide from him. What is more, I learn a lot from the expertise knowledge from him.
Thanks again!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now