Is avahi used?

User avatar
rgmhtt
Posts: 421
Joined: Sun Jan 11, 2009 9:26 am

Is avahi used?

Postby rgmhtt » Wed Jan 02, 2013 2:19 pm

I am working on a mailserver setup that I will share here at some point.

My roundcube.conf file is generating Avahi errors. Since I am setting up a dedicated mailserver, I will just remove Avahi. But if I want to work with Amahi's use of Avahi, then I probably should fix this (it has to do with ServerName not being an FQDN).

Oh, I am using Postfix, MySQL, PostfixAdmin, Dovecot, and RoundCube. This is a bit more involved than what I worked with Bigfoot65 a couple years ago. Also automx.org looks like an interesting tool, but more than I probably need.

User avatar
bigfoot65
Project Manager
Posts: 11866
Joined: Mon May 25, 2009 4:31 pm

Re: Is avahi used?

Postby bigfoot65 » Wed Jan 02, 2013 7:49 pm

Not sure of it's tie in with Amahi, but it appears to be a requirement. Recommend you do not remove it unless you accept the risk of breaking Amahi.

We have packaged Roundcube and I never noticed any errors tied to Avahi during testing.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

User avatar
rgmhtt
Posts: 421
Joined: Sun Jan 11, 2009 9:26 am

Re: Is avahi used?

Postby rgmhtt » Wed Jan 02, 2013 9:09 pm

Not sure of it's tie in with Amahi, but it appears to be a requirement. Recommend you do not remove it unless you accept the risk of breaking Amahi.

We have packaged Roundcube and I never noticed any errors tied to Avahi during testing.
My roundcube.conf is:

Code: Select all

<VirtualHost *:80> ServerName webmail ServerAlias webmail.foo.com RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] ExpiresDefault "access plus 10 years" AddOutputFilterByType DEFLATE text/html text/plain text/xml </VirtualHost> <VirtualHost *:443> ServerName webmail ServerAlias webmail.foo.com SSLEngine On SSLCertificateFile /etc/pki/tls/certs/foo.com.crt SSLCertificateKeyFile /etc/pki/tls/private/foo.com.key DocumentRoot /usr/share/roundcubemail <Directory /usr/share/roundcubemail/> Order Deny,Allow Allow from all php_admin_flag session.cookie_secure "1" </Directory> </VirtualHost>
And the message in the error_log is:

[Mon Dec 31 20:13:25 2012] [error] avahi_entry_group_add_service_strlst("webmail") failed: Invalid host name

I have been told that is due to the "ServerName webmail"

User avatar
bigfoot65
Project Manager
Posts: 11866
Joined: Mon May 25, 2009 4:31 pm

Re: Is avahi used?

Postby bigfoot65 » Thu Jan 03, 2013 5:45 am

It could be the naming. I used rcmail for my instance. Did you follow wiki guidance for the .conf file using SSL?

http://wiki.amahi.org/index.php/Secure_App_Access

This requires two .conf files.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

User avatar
rgmhtt
Posts: 421
Joined: Sun Jan 11, 2009 9:26 am

Re: Is avahi used?

Postby rgmhtt » Thu Jan 03, 2013 12:48 pm

It could be the naming. I used rcmail for my instance. Did you follow wiki guidance for the .conf file using SSL?
I reversed the order of ServerName and ServerAlias (ie ServerName got the fqdn) and the error went away. Unfortunately there is no nice tool to tell you what services your avahi-daemon is advertising. Seems all you can do is grep /var/log/messages.
Well, it does not require two .conf files. I have worked out to put both of my virtualhosts (ports 80 & 443) in a single .conf file, making it easier to track everything. What I posted earlier was all from my single roundcube.conf file.

Now some comments on the wiki you pointed me to:

Code: Select all

openssl genrsa -out filename.key 1024 openssl req -new -key filename.key -x509 -days 1000 -out filename.crt​
This cert would not display with:

Code: Select all

openssl x509 -in filename.crt -text -nameopt multiline -noout
So I wonder what is going on. Anyway, from discussions on the postfix and openssl lists, I have worked out to use:

Code: Select all

openssl req -new -outform PEM -out filename.crt -newkey rsa:2048 -nodes -keyout filename.key -keyform PEM -days 3650 -x509 -extensions v3_req
Try it, you might like it. Only 'issue'; with this command is it sets keyUsage, but this does not seem to be an issue.

Code: Select all

NameVirtualHost *:443​
This should be a permanent addition to 00-init.conf instead of customizing httpd.conf.

If this is a php app, there is a problem with clients sending the cookie, which MAY have important stuff over an unencrypted http connection. In fact (discussion on this recently on the Roundcube list) if the user sends http://service.hda.com and gets https://service.hda.com with some nice login screen, the cookie was already sent in that initial transmission. To block this see above where I included the following line:

Code: Select all

php_admin_flag session.cookie_secure "1"
Oh, and that should go in BOTH virtualhost declarations. I had pasted an earlier copy above where it was not in my port 80 virtualhost and I was 'corrected' about it on the Roundcube list.

So anyway, I SEEM to have the basics working, now on to the anti stuff.

User avatar
bigfoot65
Project Manager
Posts: 11866
Joined: Mon May 25, 2009 4:31 pm

Re: Is avahi used?

Postby bigfoot65 » Thu Jan 03, 2013 3:09 pm

Good to hear it's working. If you have a better solution than listed in the wiki, please update it. We would greatly appreciate it.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

User avatar
rgmhtt
Posts: 421
Joined: Sun Jan 11, 2009 9:26 am

Re: Is avahi used?

Postby rgmhtt » Thu Jan 03, 2013 5:24 pm

Good to hear it's working. If you have a better solution than listed in the wiki, please update it. We would greatly appreciate it.
Perhaps eventually. First I have to get working what I am working on. Still have all the anti-stuff to configure then test. Then, I really can't test out this specific app the wiki references. Finally one item is really a feature fix for Amahi in a change to the 00-init.conf file. I will submit that soon.

I just wanted to ensure what I am working on would work on Amahi.

Who is online

Users browsing this forum: No registered users and 1 guest