General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] SOGo and Outlook 2013


Chronological Thread 
  • From: Andreas Hainke < >
  • To:
  • Subject: Re: [SOGo] SOGo and Outlook 2013
  • Date: Thu, 06 Aug 2015 19:14:01 +0200

Hi Daniel

Am 06.08.2015 um 17:14 schrieb Daniel Bareiro:
> Hi, Andreas.
>
> On 05/08/15 19:39, Daniel Bareiro wrote:
>
>>> I traced it down, like you suggested, not using SSL could be the
>>> problem. I tried to setup Outlook 2013 with plain http and get an error
>>> while account configuration dialog. I captured the traffic with
>>> wireshark. Outlook 2013 only tries to connect to port 443 in my case
>>> even if I supply the server address including port. That seems to be the
>>> problem. Try to enable SSL.
>>>
>>> Surprisingly using Windows Mail (shipped with Windows 10) and ActiveSync
>>> works with plain http.
>> Interesting. With this I can say that I see some light at the end of the
>> tunnel :-) I also appreciate that you've taken the time to make a
>> Wireshark capture. It was something that today crossed my mind (I was
>> running out my choices).
>>
>> I'll do a test configuring the access to SOGo with https and I'll let
>> you know the results. Have you had any problems in Outlook using
>> self-signed certificates?
> Yesterday I configured an Apache HTTPS access to SOGo and it was great
> to see that Outlook could connect to the server. I had some warnings
> because the certificate was self-signed but after installing the
> certificate in Outlook, I had no such pop up. The synchronization of
> calendar and address book ran smoothly.
Same for my test installation because of self signed certificate.
However Outlook asks only once after startup :).
>
> For curiosity I installed Wireshark today in the Windows virtual machine
> for see the traffic from Outlook. I tried filtering by the servername of
> the SOGo server, by port 443, by IP address and I could not get packages
> with some of these filters. Which filter you used to isolate the packets?
I'm using (ip.addr == 10.10.10.171) && (tcp.port == 443) as filter for
wireshark, see screenshot attached.
>
> But now, to my surprise, I erased the ActiveSync account and after to
> create it again I can not synchronize data at all :-(
I have no such problems while erasing and reconfiguring accounts in
Outlook. Only once I was unable to synchronize, after restarting SOGo in
between without restarting Outlook. Later I found a log message in the
SOGo logs, that a port was already in use => One SOGo process got stuck
while restarting. After killing it by hand and restarting SOGo
everything was working normal again.
>
> Any idea what might be going? Even I do not see entries in Apache.
Unfortunately not. For the Apache configuration I have wrapped a
VirtualHost around my SOGo.conf to make sure SOGo is only reachable
using this hostname. Additionally I added a dedicated log file for
better overview.

See site configuration attached. sogo.piraten.lan.conf is permanently
redirecting to HTTPS and ssl_sogo.piraten.lan.conf is my site
configuration for SOGo. Both stored in /etc/apache2/sites-available/. If
you use the virtual host configuration you have to disable the default
configuration in /etc/apache2/conf-available/SOGo.conf

>
> Update: while I write this email I tried restarting the SOGo server and
> even memcached and Outlook has synchronized again. For some reason it
> now appears that Apache is now writing the log in
> /var/log/apache2/other_vhosts_access.log. I'll add CustomLog and
> ErrorLog directives to have separate entries in the specified files.
That was my suggesting with the virtual host in the previous paragraph :).
>
> Thanks for your time.
Your welcome.
>
>
> Best regards,
> Daniel
>
Regards,
Andreas

Attachment: captue.png
Description: PNG image

<VirtualHost *:80>
ServerName sogo.piraten.lan
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

<IfModule mod_alias.c>
Redirect permanent / https://sogo.piraten.lan/
</IfModule>

</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
<VirtualHost *:443>
ServerName sogo.piraten.lan
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html

SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>


BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown



Alias /SOGo.woa/WebServerResources/
/usr/lib/GNUstep/SOGo/WebServerResources/
Alias /SOGo/WebServerResources/
/usr/lib/GNUstep/SOGo/WebServerResources/

<Directory /usr/lib/GNUstep/SOGo/>
AllowOverride None
<IfVersion < 2.4>
Order deny,allow
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>

# Explicitly allow caching of static content to avoid browser
specific behavior.
# A resource's URL MUST change in order to have the client
load the new version.
<IfModule expires_module>
ExpiresActive On
ExpiresDefault "access plus 1 year"
</IfModule>
</Directory>

ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On

# When using CAS, you should uncomment this and install
cas-proxy-validate.py
# in /usr/lib/cgi-bin to reduce server overloading
#
#ProxyPass /SOGo/casProxy
http://localhost/cgi-bin/cas-proxy-validate.py
#<Proxy http://localhost/app/cas-proxy-validate.py>
# Order deny,allow
# Allow from your-cas-host-addr
#</Proxy>

ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0

# Enable to use Microsoft ActiveSync support
# Note that you MUST have many sogod workers to use ActiveSync.
# See the SOGo Installation and Configuration guide for more details.
#
ProxyPass /Microsoft-Server-ActiveSync
http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync retry=60
connectiontimeout=5 timeout=360

<Proxy http://127.0.0.1:20000/SOGo>
## adjust the following to your configuration
RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name"
"sogo.piraten.lan"
RequestHeader set "x-webobjects-server-url"
"https://sogo.piraten.lan";

## When using proxy-side autentication, you need to uncomment
and
## adjust the following line:
RequestHeader unset "x-webobjects-remote-user"
# RequestHeader set "x-webobjects-remote-user"
"%{REMOTE_USER}e" env=REMOTE_USER
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
AddDefaultCharset UTF-8
Order allow,deny
Allow from all
</Proxy>

# For Apple autoconfiguration
<IfModule rewrite_module>
RewriteEngine On
RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301]
</IfModule>

ErrorLog ${APACHE_LOG_DIR}/error_ssl_sogo.log
CustomLog ${APACHE_LOG_DIR}/access_ssl_sogo.log combined

<IfModule rewrite_module>
RewriteRule ^/$ /SOGo [R]
</IfModule>

</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.18.

Top of page