Applicable to:
- Plesk for Linux
Question
How to enable/disable HTTPS redirection (force webmail to use SSL) for webmail in Plesk for Linux?
Answer
A redirection in Webmail from HTTP to HTTPS on a Plesk for Linux server can be configured either via SSL It! extension, by creating a Plesk custom configuration template, modifying the webmail native configuration file or modifying the webmail .htaccess file:
Solution 1:
-
Go to Domains > example.com > SSL/TLS Certificates >
-
Under the Options, enable Redirect from HTTP to HTTPS > click Configure > select/deselect Apply to webmail > click on Update to apply the changes.
Solution 2:
The HTTPS redirection for webmail can be disabled via Plesk configuration file panel.ini for all domains:
-
Connect to a Plesk server via SSH.
-
Open the file in an editor:
# plesk conf panel.ini
Add the following lines at the end of the file:
CONFIG_TEXT: [mail]
webmail.forceHttp = true -
Save the changes and close the file.
Solution 3:
-
Connect to a Plesk server via SSH.
-
Create a directory for custom configuration templates:
# mkdir -p /usr/local/psa/admin/conf/templates/custom/webmail
-
Copy the original file
webmail.phpto the created directory:# cp -p /usr/local/psa/admin/conf/templates/default/webmail/webmail.php /usr/local/psa/admin/conf/templates/custom/webmail/
-
Open the file
/usr/local/psa/admin/conf/templates/custom/webmail/webmail.phpin a text editor (for example, vi editor) and insert the records below right before the first </VirtualHost> string:CONFIG_TEXT: RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA] -
Save the changes and close the file.
-
Regenerate configuration files for all domains:
Note: During this operation, the websites will be unavailable for a short period of time. The execution time of this command depends on the number of domains on the server.
# plesk sbin httpdmng --reconfigure-all
To disable this redirect, remove the/usr/local/psa/admin/conf/templates/custom/webmail/webmail.phpfile and repeat step 6.
-
Connect to a Plesk server via SSH.
-
Edit the custom configuration template
/usr/local/psa/admin/conf/templates/custom/webmail/roundcube.phpcreated by Plesk Premium Email and locate the following text:CONFIG_TEXT: RewriteEngine On
RewriteRule ^/[a-zA-Z0-9]{16}/(.*) /$1 [PT,L] -
Add the following lines after the text block identified in the previous step:
CONFIG_TEXT: RewriteEngine On
RewriteRule ^/[a-zA-Z0-9]{16}/(.*) /$1 [PT,L]
# Redirect Kolab from HTTP to HTTPS
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA] -
Save the changes and close the file.
-
Regenerate configuration files for all domains:
Note: During this operation, the websites will be unavailable for a short period of time. The execution time of this command depends on the number of domains on the server.
# plesk sbin httpdmng --reconfigure-all
To disable this redirect, remove the lines in bold added on step 3 and repeat step 5.
Solution 4:
-
Connect to a Plesk server via SSH.
-
Open the file
/usr/share/psa-roundcube/config/config.inc.phpin a text editor (for example, "vi" editor) and add the following line at the end of the file:CONFIG_TEXT: $config['force_https'] = true;
-
Save the changes and close the file.
To disable this redirect, set 'force_https' to 'false':
CONFIG_TEXT: $config['force_https'] = false;
-
Connect to a Plesk server via SSH.
-
Open the file
/etc/psa-webmail/horde/horde/conf.phpin a text editor (for example, "vi" editor) and change the value of$conf['use_ssl']to 1:CONFIG_TEXT: $conf['use_ssl'] = 1;
-
Save the changes and close the file.
To disable this redirect, set 'force_https' to 2:
CONFIG_TEXT: $conf['use_ssl'] = 2;
Solution 5:
-
Connect to a Plesk server via SSH.
-
Open the file
roundcube.htaccess.incin a text editor (for example, vi editor). The location of this file is:-
for CentOS/RHEL-based distributions:
MYSQL_LIN: /etc/httpd/conf/plesk.conf.d/roundcube.htaccess.inc
-
for Debian/Ubuntu-based distributions:
MYSQL_LIN: /etc/apache2/plesk.conf.d/roundcube.htaccess.inc
-
-
Insert the text below in the <IfModule mod_rewrite.c> section:
CONFIG_TEXT: <IfModule mod_rewrite.c>
...
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA]
</IfModule> -
Save the changes and close the file.
-
Restart Apache:
-
for CentOS/RHEL-based distributions:# service httpd restart
-
for Debian/Ubuntu-based distributions:# service apache2 restart
To disable this redirect, remove the lines added on step 3 and restart Apache.
-
-
Connect to a Plesk server via SSH.
-
Create a directory for custom configuration templates:# mkdir -p /usr/local/psa/admin/conf/templates/custom/webmail
-
Copy the original file
horde.phpto the created directory:# cp -p /usr/local/psa/admin/conf/templates/default/webmail/horde.php /usr/local/psa/admin/conf/templates/custom/webmail/ -
Open the created file
/usr/local/psa/admin/conf/templates/custom/webmail/horde.phpin a text editor (for example, "vi" editor) and:-
Add the
$hordeHtaccessrecord (line 6):CONFIG_TEXT: <?php
/** @var Template_VariableAccessor $VAR */
$hordeDocroot = $VAR->server->webserver->horde->docroot;
$hordeSysUser = "horde_sysuser";
$hordeSysGroup = "horde_sysgroup";
$hordeHtaccess = $VAR->server->webserver->httpConfDir . "/plesk.conf.d/horde.htaccess.inc";
$hordePhpIni = $VAR->server->webserver->horde->confD . "/horde/php.ini";
?> -
Add the
Includerecord right before </Directory> (line 33):CONFIG_TEXT: <?php endif; ?>
Include "<?php echo $hordeHtaccess ?>"
</Directory>
</IfModule>
-
- Create the file
horde.htaccess.inc:-
for CentOS/RHEL-based distributions:# touch /etc/httpd/conf/plesk.conf.d/horde.htaccess.inc
-
for Debian/Ubuntu-based distributions:# touch /etc/apache2/plesk.conf.d/roundcube.htaccess.inc
-
-
Regenerate configuration files for all domains (required once):Note: During this operation websites will be unavailable for a short period of time. The execution time of this command depends on the number of domains on the server.# /usr/local/psa/admin/sbin/httpdmng --reconfigure-all
-
Open the created file
horde.htaccess.incand add rewrite rules:CONFIG_TEXT: <IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA]
</IfModule> -
Save the changes and close the file.
-
Restart Apache:
-
for CentOS/RHEL-based distributions:
# service httpd restart
-
for Debian/Ubuntu-based distributions:
# service apache2 restart
To disable this redirect, remove the lines added on step 7 and restart Apache.
-
Comments
16 comments
Hi!
I've followed the solution 2.2 (Onyx) without luck.
I've also restarted the services after the reconfigure.
apache2.service
nginx.service
plesk.phpxx.fpm.service
Can you help please?
Please ignore, I've inserted the code below, not above </virtualhost>.
my bad, it's working
@João Alves Glad to know:)
Thank you for this how to !
Regards
Adding this line works for me obtaining the Let's Encrypt certificate
ProxyPass /.well-known/acme-challenge/ !
Thank you for this article. I was able to make this redirect and experienced no downtime for my client's sites. I'm wondering, however, if creating the Plesk configuration template undid configuration changes I made probably in httpd.conf file? DirectoryIndex changed and loads html files first whereas it had been loading php files first.
@Jeffrey Zeunert
Hello!
This is expected behavior.
Applying configuration template deletes all changes done manually in Apache/Nginx configuration files.
I think the best solution to this would have a checkbox on the "mail settings" page for domains to enable 301 redirect when applying a SSL cert, just like there is on the "hosting settings" page.
Please vote for this!
https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/31900489-redirect-from-http-to-https-for-secured-webmails
it will fix all these problems without admins having to mess around in config files that could get overwritten by updates.
In Solution 3 for Roundcube below you should really add the $config['force_https'] = true; to /usr/share/psa-roundcube/config/config.inc.php instead so that if you do an update it won't be overwritten.
Solution 3: Using native configuration file of Roundcube/Horde
For Plesk: Roundcube webmail
Connect to a Plesk server via SSH.
Open the file /usr/share/psa-roundcube/config/defaults.inc.php in any text editor and change the value of "$config['force_https']" to "true":
$config['force_https'] = true;
Save the changes and close the file.
Hi Christopher,
Thanks for your input. I added it to the article.
I had done this webmail redirect back in February and see that now it no longer works. I tried to redo this and am getting an error "no such file or directory" when i try to copy it to the newly created folder. Have the locations changed since this article was written?
@Jeffrey
Please re-check the path. On the screenshot I see that you have created the /usr/local/psa/admin/conf/templates/webmail folder, not the /usr/local/psa/admin/conf/templates/custom/webmail one.
Thank you Alisa. That worked once I created the second folder.
For me all of the 3 suggested solutions did not work (ubuntu 18.04) together with Lets Encrypt!
The problem:
If you try to secure the domain with lets encrypt and you also want to include "webmail.yourdomain.com" in the certificate, you'll get an error that one or more additional domains have not been secured... I've tried all 3 solutions and it's the same for all. As soon as I disabled the HTTP to HTTPS redirect for webmail, the cert issued without any errors.
My solution: I changed the RewriteCond to this:
Hello everyone,
just a small notice, Version 1.1.3-561 of SSL It!, doesn't seem to have the Configure link that is mentioned in Solution 1 (Apply redirect to webmail). I believe this version is the latest for Plesk Onyx, since there isn't an update at the time of writing this comment. Is there a reason it's not there or are we missing something? I've noticed that other people have complained about the same thing at the User's Voice Thread comments.
Either way, I prefered Solution 3, to secure the webmail interface.
@Alexandros Rapsomanikis
At the moment, the latest version of SSL It! is 1.1.4-570.
When the "Redirect from http to http" option is disabled, there is no "Configure" link there. However, as soon as you enable it, the link appears (and the webmail checkbox as well).
Please sign in to leave a comment.