I have an NGINX server with Horde installed so I can use webmail, and am getting two different errors depending on whether I'm using http -or- httpS. I have setup debug within nginx and am not getting any inclination as to what the source of the error is. Mail error/access logs have no errors. I have successfully setup Postfix, and Dovecot (both tested/connected from telnet and Open_ssl from CLI). My IP-ports are open (as needed).
Http works fine (h--p://www.mydomain.not/index.php). HttpS does NOT work with this same URL.
HttpS does load the webmail loginPage BUT... 1. The page doesn't look right. It looks nothing like what it did when I was using Apache2 which leads me to believe something is not processing PHP correctly. 2. I cannot login directly through this webmail login page, BUT I can login using the Horde-TEST.php page provided by Horde. Note: webmail h--p://www.mydomain.not/webmail/login.php Horde-Test h--p://www.mydomain.not/webmail/test.php
So.... A) regular loginPage (loads, but can't login) (h--pS://www.mydomain.not/webmail/login.php) B) Horde-Mail Test page (non-httpS) does load and the test(s) login is working for all imap/imapS and pop3/pop3S in the browser. h--p://www.mydomain.not/webmail/test.php
-however, the test login page does not load at all if swtiched to httpS h--pS://www.mydomain.not/webmail/test.php
H--pS will load if a specific URL is typed (h--pS://www.mydomain.not/webmail/login.php) -but I noticed that the page is graphically inaccurate. The structure of the page does not look like the Horde/Mail login page that I had when I was using Apache2.
When I setup a redirect for http to force https, the main website page not load "h--pS://www.mydomain.not/index.php", but the webmail login page still does load...-but as before it will not let me log in...keeps giving me "Error ERR_CONNECTION_TIMED_OUT".
Lastly, I have verified that my php5-fpm config file "/etc/php5/fpm/pool.d/www.conf" user/group statement (nginx) and the listen statement (listen = /tmp/php5-fpm.sock) are in agreement with what's setup in my nginx.conf configuration "fastcgi_pass unix:/tmp/php5-fpm.sock;".
And I should mention, I also have prestashop loaded in the root website directory and there are no PHP errors with any of its functionality...-but I'm not suing any httpS on it at this time either...just http.
In summary: I have errors when trying to use HTTPS. 1. httpS will not load the main webpage. 2. httpS will load the Horde_test page., AND the test tools connects successfully to imap/imaps/pop3/pop3s. 3. http will load the webmail login page, but gives "Error ERR_CONNECTION_TIMED_OUT".
The only known error that I am getting is from the CLI after reloading nginx whenever I've made a change to nginx.conf (even if I just add a comment line and change nothing else!) this is what happens:
/etc/init.d/nginx: 2: /etc/init.d/nginx: Syntax error: newline unexpected
-and sadly, once this happens...even the regualr main page without httpS now gives "ERR_TOO_MANY_REDIRECTS"...only rebooting starts this http working again.
Here's my nginx.conf file.
...PREFACE...THIS !@#$ TOOL WONT LET ME POST REGULAR CONFIG WITH CONTROL CHAR'S!! -not my fault if it looks stupid.
user nginx worker_processes 4 pid varrunnginx.pid
events worker_connections 768 multi_accept on
error_log varlognginxdebuglog debug
http
Basic Settings
sendfile on
tcp_nopush on
tcp_nodelay on
keepalive_timeout 65
types_hash_max_size 2048
include etcnginxmime.types
default_type applicationoctet-stream
access_log varlognginxaccess.log
error_log varlognginxerror.log
server listen 80 listen for ipv4 this line is default and implied listen 80 default ipv6only=on listen for ipv6
server_name mydomain.not *.mydomain.not
Force http to use httpS
NOTE I've turned this on ONLY to test...-same errors output for httpS noted in posting
rewrite ^ h--ps$http_host$request_uri? permanent force redirect http to https
HTTPS server server listen 443 keepalive_timeout 70 ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2 ssl_ciphers AES128-SHAAES256-SHARC4-SHADES-CBC3-SHARC4-MD5 ssl_prefer_server_ciphers on ssl on ssl_certificate etcnginxsslserver.crt ssl_certificate_key etcnginxsslserver.key server_name mydomain.com *.mydomain.com
ssl_ciphers ALL!ADH!EXPORT56RC4+RSA+HIGH+MEDIUM+LOW+SSLv3+EXP
pass the PHP scripts to FastCGI server
location .php$
fastcgi_split_path_info ^(.+?.php)(.*)$
if (!-f $document_root$fastcgi_script_name)
return 404
fastcgi_pass 127.0.0.19000
fastcgi_pass unixvarrunphp5-fpm.sock
fastcgi_pass unixtmpphp5-fpm.sock
fastcgi_index index.php
include fastcgi_params
root usrsharenginxwwwwcrc
index index.php index.html index.htm
I'm not using the direct mail ports below as I'm using TLS through the browserHorde-webmail instead.
mail See sample authentication script at httpwiki.nginx.orgImapAuthenticateWithApachePhpScript
auth_http localhostauth.php
pop3_capabilities "TOP" "USER"
imap_capabilities "IMAP4rev1" "UIDPLUS"
server
listen localhost110
protocol pop3
proxy on
server
listen localhost143
protocol imap
proxy on
PORTS OPEN $ sudo netstat -ntlp | grep LISTEN tcp 0 0 0.0.0.0443 0.0.0.0* LISTEN 1744nginx tcp 0 0 0.0.0.0993 0.0.0.0* LISTEN 938dovecot tcp 0 0 0.0.0.0995 0.0.0.0* LISTEN 938dovecot tcp 0 0 127.0.0.13306 0.0.0.0* LISTEN 985mysqld tcp 0 0 0.0.0.0110 0.0.0.0* LISTEN 938dovecot tcp 0 0 0.0.0.0143 0.0.0.0* LISTEN 938dovecot tcp 0 0 0.0.0.080 0.0.0.0* LISTEN 1744nginx tcp 0 0 0.0.0.021 0.0.0.0* LISTEN 831vsftpd tcp 0 0 0.0.0.022 0.0.0.0* LISTEN 800sshd tcp 0 0 0.0.0.025 0.0.0.0* LISTEN 1215master tcp6 0 0 22 * LISTEN 800sshd
