Ensuring the security of your InterWorx server is paramount, and one crucial step is enforcing HTTPS connections. By redirecting HTTP traffic to HTTPS, you protect sensitive data and enhance user trust. This guide outlines how to configure redirects for common InterWorx access paths, ensuring secure connections to your server management panels and webmail services. We will explore the necessary configurations within InterWorx configuration files to achieve this.
To begin, let’s address the redirection of standard web access paths to the secure HTTPS port used by InterWorx, which is typically 2443. This involves modifying the iworx.conf file. This configuration ensures that attempts to access Siteworx, Nodeworx, or webmail via standard HTTP or HTTPS ports are automatically redirected to the secure port 2443.
RewriteEngine on
RewriteRule ^/siteworx(/)?$ https://%{HTTP_HOST}:2443/siteworx/?domain=%{HTTP_HOST} [R,L]
RewriteRule ^/nodeworx(/)?$ https://%{HTTP_HOST}:2443/nodeworx/ [R,L]
RewriteRule ^/webmail(/)?$ https://%{HTTP_HOST}:2443/webmail/ [R,L]
RewriteRule ^/roundcube(/)?$ https://maindomainwithssl.com:2443/roundcube/ [R,L]
RewriteRule ^/horde(/)?$ https://maindomainwithssl.com:2443/horde/ [R,L]
RewriteRule ^/squirrelmail(/)?$ https://maindomainwithssl.com:2443/squirrelmail/ [R,L]This configuration block within iworx.conf redirects several key paths:
/siteworx: For Siteworx control panel access./nodeworx: For Nodeworx server administration panel./webmail,/roundcube,/horde,/squirrelmail: For webmail services, ensuring secure access to email.
These rules redirect from standard ports (80 for HTTP, 443 for HTTPS) to the InterWorx Apache instance running on port 2443 for HTTPS. It’s important to note that direct access attempts using port 2080 (standard HTTP for InterWorx) or 2443 will bypass these iworx.conf redirects, directly connecting to the InterWorx setup. While 2443 is secure, accessing via 2080 poses a security risk as it’s an insecure HTTP connection.
To mitigate the risk of insecure connections via port 2080, you can configure a redirect within the InterWorx Apache configuration file, located at /home/interworx/etc/httpd/httpd-custom.conf.
RewriteEngine on
RewriteCond %{SERVER_PORT} 2080
RewriteRule ^(.*)$ https://mycustomdomain.com:2443$1 [R,L]This configuration block ensures that any incoming traffic on port 2080 is immediately redirected to the secure HTTPS port 2443. This effectively forces all connections through the secure port, regardless of the initial port used. An alternative, and potentially more secure approach, is to completely disable port 2080 within the InterWorx Apache configuration, preventing any insecure HTTP connections from being established in the first place.
By implementing these redirection strategies, you significantly enhance the security posture of your InterWorx server, ensuring that all administrative and webmail access is conducted over secure HTTPS connections.
