[horde] Struggling with two issues using ActiveSync
kevo at gatorgraphics.com
Sat Aug 11 13:44:01 UTC 2018
> On Aug 11, 2018, at 7:19 AM, Ad-Min <admin at 123.dynu.com> wrote:
> Kevin wrote
>> The first problem is that when setting up an iPhone using autodiscover the
>> iPhone wants to use http instead of https by default. I can switch on
>> https later in the phone and everything works fine. I think the problem is
>> that the autodiscover.xml file is being returned with http in the Server
>> URL inside the xml instead of https. I'm not sure how Horde is determining
>> this or if it's a setting I need to change somewhere. I'm assuming that if
>> that URL was https that the phone would use SSL automatically. I don't
>> want any users having to set that up manually because some of them surely
>> won't and then there would be no encryption and that would be a bad thing
> You should be able to force redirect to https from your web server. This has
> nothing to do with horde. Do this in Apache virtual host if you're using
So I changed my Apache config to redirect to https. While it does accomplish the goal of ensuring some security by not passing all email data in the clear, it's not a great solution. Capturing packets on the server shows that the client still makes the initial request to http and gets the redirect and then goes to https?
So after thinking about this some more and looking at the Autodiscover.php file I think I know what's going on. I'm running Horde on Univention Corporate Server and it's installed in a docker container. The container is reached via proxy from the main server and that communication takes place over http. So when the request reaches Horde it doesn't show up as https, only http.
So I ended up editing the php code.
$httpsurl = str_replace( 'http://', 'https://', $properties['url'] );
<Url>' . $httpsurl . '</Url>
<Name>' . $httpsurl . '</Name>
Now the result is correct and the client uses https automatically. I'll post this on the Univention forum to see if there is a good solution for this without editing code. They have a Let's Encrypt integration so maybe when that is turned on it can automatically link in the existing cert into the container and turn on https for the container as well.
Thanks for pushing me in a good direction.
More information about the horde