Using HTTPS
By default, the Administration Console does not support SSL/TLS and is accessed via HTTP from a Web browser. However, it is possible to access via HTTPS by preparing proper settings.
This section describes an example of the configuration for HTTPS.
Deploy certificate files
For HTTPS support, it is assumed that a server certificate, a server private key, and a server certificate chain are prepared and placed below.
| file path | owner | group | permission | |
|---|---|---|---|---|
| Directory | /opt/maildepot3/etc/ssl | root | root | 0755 |
| Server Certificate | /opt/maildepot3/etc/ssl/server-cert.pem | maildepot | maildepot | 0600 |
| Server Private Key | /opt/maildepot3/etc/ssl/server-key.pem | maildepot | maildepot | 0600 |
| Server Certificate Chain | /opt/maildepot3/etc/ssl/chain.pem | maildepot | maildepot | 0600 |
Apache httpd settings
Add Include
The configuration file for the apache httpd bundled with MailDepot is located /opt/maildepot3/etc/httpd.conf. In addition, a configuration file for HTTPS is provided as /opt/maildepot3/etc/extra/httpd-ssl.conf.
First, add the following Include to httpd.conf :
Include etc/extra/httpd-ssl.conf
Then edit httpd-ssl.conf.
Protocols
You can change these settings if you want to enable old SSL protocols.SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLProxyProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
ServerName
You can set server hostnane as following. The hostname should match the domain name of ssl certification file.
ServerName {{hostname}}:443
Log rotation
You can change these settings if you want to chage the filename of log files.
ErrorLog "|/opt/maildepot3/sbin/rotatelogs -l /opt/maildepot3/var/log/httpd/ssl-error-%Y-%m-%d.log 86400"
TransferLog "|/opt/maildepot3/sbin/rotatelogs -l /opt/maildepot3/var/log/httpd/ssl-access-log-%Y-%m-%d.log 86400"
CustomLog "|/opt/maildepot3/sbin/rotatelogs -l /opt/maildepot3/var/log/httpd/ssl-request-%Y-%m-%d.log 86400" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Certificate files
You can change these settings if you want to chage the filename of certificate files.SSLCertificateFile /opt/maildepot3/etc/ssl/server-cert.pem SSLCertificateKeyFile /opt/maildepot3/etc/ssl/server-key.pem SSLCertificateChainFile /opt/maildepot3/etc/ssl/chain.pem
Redirect
You can remove these settings if you want to disable the automatic redirection from HTTP to HTTPS.
<VirtualHost _default_:80>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
</VirtualHost>
Apply the changes
Restart the service for the changes described in this section to take effect.
# systemctl restart maildepot3-httpd