Is avahi used?

Postby **rgmhtt** » Wed Jan 02, 2013 2:19 pm

I am working on a mailserver setup that I will share here at some point.

My roundcube.conf file is generating Avahi errors. Since I am setting up a dedicated mailserver, I will just remove Avahi. But if I want to work with Amahi's use of Avahi, then I probably should fix this (it has to do with ServerName not being an FQDN).

Oh, I am using Postfix, MySQL, PostfixAdmin, Dovecot, and RoundCube. This is a bit more involved than what I worked with Bigfoot65 a couple years ago. Also automx.org looks like an interesting tool, but more than I probably need.

Postby **bigfoot65** » Wed Jan 02, 2013 7:49 pm

Not sure of it's tie in with Amahi, but it appears to be a requirement. Recommend you do not remove it unless you accept the risk of breaking Amahi.

We have packaged Roundcube and I never noticed any errors tied to Avahi during testing.

Postby **rgmhtt** » Wed Jan 02, 2013 9:09 pm

Not sure of it's tie in with Amahi, but it appears to be a requirement. Recommend you do not remove it unless you accept the risk of breaking Amahi.

We have packaged Roundcube and I never noticed any errors tied to Avahi during testing.

My roundcube.conf is:

Code: Select all

<VirtualHost *:80>

    ServerName webmail
    ServerAlias webmail.foo.com
    RewriteEngine On
        RewriteCond  %{SERVER_PORT} !^443$
        RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
        ExpiresDefault "access plus 10 years"
        AddOutputFilterByType DEFLATE text/html text/plain text/xml

</VirtualHost>

<VirtualHost *:443>

    ServerName webmail
    ServerAlias webmail.foo.com
    SSLEngine On
    SSLCertificateFile /etc/pki/tls/certs/foo.com.crt
    SSLCertificateKeyFile /etc/pki/tls/private/foo.com.key
    DocumentRoot /usr/share/roundcubemail
    <Directory /usr/share/roundcubemail/>
            Order Deny,Allow
            Allow from all
        php_admin_flag session.cookie_secure "1"
    </Directory>

</VirtualHost>

And the message in the error_log is:

[Mon Dec 31 20:13:25 2012] [error] avahi_entry_group_add_service_strlst("webmail") failed: Invalid host name

I have been told that is due to the "ServerName webmail"

Postby **bigfoot65** » Thu Jan 03, 2013 5:45 am

It could be the naming. I used rcmail for my instance. Did you follow wiki guidance for the .conf file using SSL?

http://wiki.amahi.org/index.php/Secure_App_Access

This requires two .conf files.

Postby **rgmhtt** » Thu Jan 03, 2013 12:48 pm

It could be the naming. I used rcmail for my instance. Did you follow wiki guidance for the .conf file using SSL?

I reversed the order of ServerName and ServerAlias (ie ServerName got the fqdn) and the error went away. Unfortunately there is no nice tool to tell you what services your avahi-daemon is advertising. Seems all you can do is grep /var/log/messages.

http://wiki.amahi.org/index.php/Secure_App_Access

This requires two .conf files.

Well, it does not require two .conf files. I have worked out to put both of my virtualhosts (ports 80 & 443) in a single .conf file, making it easier to track everything. What I posted earlier was all from my single roundcube.conf file.

Now some comments on the wiki you pointed me to:

Code: Select all

openssl genrsa -out filename.key 1024
openssl req -new -key filename.key -x509 -days 1000 -out filename.crt

This cert would not display with:

Code: Select all

openssl x509 -in filename.crt -text -nameopt multiline -noout

So I wonder what is going on. Anyway, from discussions on the postfix and openssl lists, I have worked out to use:

Code: Select all

openssl req -new -outform PEM -out filename.crt -newkey rsa:2048 -nodes -keyout filename.key -keyform PEM -days 3650 -x509 -extensions v3_req

Try it, you might like it. Only 'issue'; with this command is it sets keyUsage, but this does not seem to be an issue.

Code: Select all

NameVirtualHost *:443

This should be a permanent addition to 00-init.conf instead of customizing httpd.conf.

If this is a php app, there is a problem with clients sending the cookie, which MAY have important stuff over an unencrypted http connection. In fact (discussion on this recently on the Roundcube list) if the user sends http://service.hda.com and gets https://service.hda.com with some nice login screen, the cookie was already sent in that initial transmission. To block this see above where I included the following line:

Code: Select all

php_admin_flag session.cookie_secure "1"

Oh, and that should go in BOTH virtualhost declarations. I had pasted an earlier copy above where it was not in my port 80 virtualhost and I was 'corrected' about it on the Roundcube list.

So anyway, I SEEM to have the basics working, now on to the anti stuff.

Postby **bigfoot65** » Thu Jan 03, 2013 3:09 pm

Good to hear it's working. If you have a better solution than listed in the wiki, please update it. We would greatly appreciate it.

Postby **rgmhtt** » Thu Jan 03, 2013 5:24 pm

Good to hear it's working. If you have a better solution than listed in the wiki, please update it. We would greatly appreciate it.

Perhaps eventually. First I have to get working what I am working on. Still have all the anti-stuff to configure then test. Then, I really can't test out this specific app the wiki references. Finally one item is really a feature fix for Amahi in a change to the 00-init.conf file. I will submit that soon.

I just wanted to ensure what I am working on would work on Amahi.

Is avahi used?

Is avahi used?

Re: Is avahi used?

Re: Is avahi used?

Re: Is avahi used?

Re: Is avahi used?

Re: Is avahi used?

Re: Is avahi used?

Who is online