Hi Guys,
I am new at this forum.
I have just installed a brand new Citadel server, and it is running like a charm.
OS is Ubuntu 22.04.
I would appreciate if someone would tell me how the web server of Webcit can be configured to redirect all the http requests to https requests automatically.
I am running Webcit without any proxy in between. No Apache or Nginx installed, just bared Citadel.
Carlos
Subject: Re: How to redirect http to https for Webcit
A LXC on Proxmox running "Nginx Proxy Manager" (NPM)
I installed it using this script: https://tteck.github.io/Proxmox/
Later, I plan to install it in a VM with Docker to learn more about Docker.
If you are using Citadel in Docker, I guess you will have no problem to
create another container for NPM.
On 1/25/24 13:27, CarlosEVC63 wrote:
Hi Guys,
I am new at this forum.
I have just installed a brand new Citadel server, and it is running
like a charm.
OS is Ubuntu 22.04.
I would appreciate if someone would tell me how the web server of
Webcit can be configured to redirect all the http requests to https
requests automatically.
I am running Webcit without any proxy in between. No Apache or Nginx
installed, just bared Citadel.
Carlos
For what its worth, that is how i run everything at home that has an incoming connection so i can get SSL. Works well, not a lot of setup overhead. Pretty bullet proof.
Only difference is i use full VMs.
My personal solution:
A LXC on Proxmox running "Nginx Proxy Manager" (NPM)
Subject: Re: How to redirect http to https for Webcit
Right ... unfortunately WebCit does not have HTTP-to-HTTPS redirection built in. If that is something you need you will have to generate the redirect from another web service.
On it! Server option completed already (it was just a couple extra
lines of code) so we just need to go through the user interfaces adding
that switch in. Look for it in the next release.
Look for Citadel 997 arriving tomorrow (January 30) with your requested feature available. The SMTP server will have a configurable option to offer STARTTLS.
If I haven't mentioned it yet, the reason we don't offer STARTTLS by default on port 25 is because offering TLS with an invalid certificate will cause a lot of senders to refuse to talk to your server. So definitely only enable this option if you have a valid and trusted certificate.
Subject: Re: How to redirect http to https for Webcit
Sat Jan 27 2024 17:13:05 EST from IGnatius T Foobar Subject: Re: How to redirect http to https for Webcit
Right ... unfortunately WebCit does not have HTTP-to-HTTPS redirection built in. If that is something you need you will have to generate the redirect from another web service.
Thank you for your answer.
Yes, this is what I am looking for. May be it would be worth to add this feature in the future to the webserver imbedded into Webcit.
It seems that the only solution of this kind now would be to proxy via Nginx. (I don't have experience with Docker)
But I prefer to have as little middlemen as possible. :-)
On it! Server option completed already (it was just a couple extra
lines of code) so we just need to go through the user interfaces adding
that switch in. Look for it in the next release.
Look for Citadel 997 arriving tomorrow (January 30) with your requested feature available. The SMTP server will have a configurable option to offer STARTTLS.
If I haven't mentioned it yet, the reason we don't offer STARTTLS by default on port 25 is because offering TLS with an invalid certificate will cause a lot of senders to refuse to talk to your server. So definitely only enable this option if you have a valid and trusted certificate.
This is good news!
I have a trusted certificate and would keep it only that way.
Would you tell me where to find the setting of this feature?
On it! Server option completed already (it was just a couple extra
lines of code) so we just need to go through the user interfaces adding
that switch in. Look for it in the next release.
Look for Citadel 997 arriving tomorrow (January 30) with your requested feature available. The SMTP server will have a configurable option to offer STARTTLS.
If I haven't mentioned it yet, the reason we don't offer STARTTLS by default on port 25 is because offering TLS with an invalid certificate will cause a lot of senders to refuse to talk to your server. So definitely only enable this option if you have a valid and trusted certificate.
This is good news!
I have a trusted certificate and would keep it only that way.
Would you tell me where to find the setting of this feature?
Subject: Problems when choosing a non-standard installation location.
Dear developers, dear community,
I usually install citadel by build script file "install.sh" to a non-standard location. The 'install.sh" defines at the beginning three basic path variables, namely SUPPORT, CITADEL and WEBCIT that hold the basic pathes to ctdlsupport, citadel and webcit, respectively. So in order to install to a non-standard location ideally I only have to change the values of the three path variables. But unfortunately "install.sh" uses some pathes that don't rely on those path variables like those listed below:
PERMSTESTDIR=/usr/local/ctdltest.$$
mkdir /usr/local/ctdlsupport 2>/dev/null
mkdir /usr/local/citadel 2>/dev/null
mkdir /usr/local/webcit 2>/dev/null
find /usr/local/ctdlsupport | grep -i ical | xargs rm -v 2>/dev/null
find /usr/local/ctdlsupport | grep -i expat | xargs rm -v 2>/dev/null
find /usr/local/ctdlsupport | grep -i curl | xargs rm -v 2>/dev/null
find /usr/local/ctdlsupport | grep -i sieve | xargs rm -v 2>/dev/null
/usr/local/citadel/setup </dev/tty >/dev/tty 2>/dev/tty || die
ExecStart=/usr/local/webcit/webcit -pWEBCIT_PORT uds /usr/local/citadel
ExecStart=/usr/local/webcit/webcit -s -pWEBCITS_PORT uds /usr/local/citadel
And thats the reason why the installtion proces allways stopes unsuccessfully.
Could you please make all does pathes rely on the basic path variables mentioned above? So whenever my installation pathes differ from the standard pathes the build script runs smoothly and installs all software successfully.
Thanks and good night
Sukram
Would you tell me where to find the setting of this feature?
You can find it in WebCit on the System Administration screen, and in the text client under <.A>dmin <S>ystem-configuration <G>eneral. The option is called "
Advertise STARTTLS on the SMTP port" or "Offer STARTTLS".
Subject: Re: Problems when choosing a non-standard installation location.
Could you please make all does pathes rely on the basic path
variables mentioned above? So whenever my installation pathes differ
from the standard pathes the build script runs smoothly and installs
all software successfully.
Easy Install wasn't intended to be used like that ... but if you want to submit a patch we can consider it.
hello all, where do I go to change the ports used for https? I want to change the port I used for the initial setup, and I can't find this option anywhere.
Thanks,
Mark
hello all, where do I go to change the ports used for https? I want
to change the port I used for the initial setup, and I can't find
this option anywhere.
You can either run setup again (from /usr/local/webcit) or you can simply edit the port number in /etc/systemd/system/webcit-https and reload that service.
Hi, Today it was happen, i'was upgrade my Citadel Instance to the new 998 Version with easyinstall. All was going smoth ... thx to all Developer ...
Hi, Today it was happen, i'was upgrade my Citadel Instance to the new 998 Version with easyinstall. All was going smoothly ... thx to all Developer
Hi, I'm new to Citadel, and was wondering if it'd be possible to rebrand the citadel web page to possibly have custom images and colors?
If not that's understandable but it'd be nice to know how to do that.
Thanks in advance,
Station
Hi, I'm new to Citadel, and was wondering if it'd be possible to
rebrand the citadel web page to possibly have custom images and
colors?
All of the web assets are in the static/ directory. You can override the CSS template with a local one and make whatever customizations you like.
Subject: Sending mail to restictive sites like gmail (DKIM?)
I have issues where sending mail to @gmail addresses never gets delivered but doesn't bounce. I think I need to set up the DNS to allow this but I don't know how to set it up. Any tips?
Marisa
Hello,
if I restart from webinterface citadel crashes and web isn't reachable
after server reboot citadel is up and running again and webinterface is reachable