Force Traffic Over HTTPS when using a Reverse Proxy

SmarterMail > Server Configuration and Management

To enhance security and ensure all traffic is encrypted, you can configure your server to redirect all HTTP requests to HTTPS. This guide provides step-by-step instructions to configure HTTPS redirects for SmarterMail when using a reverse proxy. For servers utilizing the built-in web server (Linux) or IIS (Windows), you can force HTTPS within the web interface under Settings > General > [Server Info] > (Force all traffic over HTTPS). Alternatively you can follow the steps in this KB: https://portal.smartertools.com/kb/a3246/force-webmail-traffic-over-https.aspx.

To start, you’ll need to setup a suitable web server as a reverse proxy. This linked guide details how to configure Nginx and Apache, two of the most popular web servers:

https://portal.smartertools.com/kb/a3652/configure-an-alternative-linux-web-server-for-smartermail.aspx

After you’ve set up your reverse proxy, the process will differ depending on the web server you’re using:

Nginx

  1. Stop the Nginx service
    sudo service nginx stop
  2. Open the config file for your site, which can be found at /etc/nginx/sites-available
  3. Remove “listen 80;” from your server block
  4. Create a new server block and add “listen 80;”, as well as your hostnames (e.g. mail.domain.com and autodiscover.domain.com):
    server { listen 80; server_name mail.domain.com autodiscover.domain.com domain.com; return 301 https://$host$request_uri; }

  1. Validate the Nginx config:
    sudo nginx -t
  2. Start the Nginx service: 
    sudo service nginx start
  3. Test the following URLs (substituting in your own domain name) to ensure the redirects are working:
    • http://mail.domain.com
    • http://autodiscover.domain.com

Apache

  1. Stop the Apache service
    sudo service apache2 stop
  2. Open the config file for your site which can be found at /etc/apache2/sites-available
  3. Pick one port 80 virtual host to keep, then delete the rest
  4. Remove the “ProxyPass” and “ProxyPassReverse” entries from the virtual host listening on port 80
  5. Add ServerAlias entries for each hostname you’ll be redirecting to that isn’t the virtual host’s ServerName (e.g ‘ServerAlias autodiscover.domain.com’)
  6. Validate the Apache config:
    sudo apache2ctl configtest
  7. Start the Apache service
    sudo service apache2 start
  8. Test the following URLs (substituting in your own domain name) to ensure the redirects are working:
    • http://mail.domain.com
    • http://autodiscover.domain.com
Article ID: 3705, , Modified: 8/28/2024 at 2:15 PM

Was this article helpful?

Share this article