Info Force HTTPS connections to Mail Station

Currently reading
Info Force HTTPS connections to Mail Station

fredbert

Moderator
NAS Support
Subscriber
5,122
2,072
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
  4. WRX560
Operating system
  1. macOS
Mobile operating system
  1. iOS
Another irritation with Mail Station is that it permits connections using HTTP. I've set all other web portals to redirect to HTTPS and have SSL certificates configured for these based on domain names from my personal domain.

You can modify Mail Station to force it to redirect HTTP connections to HTTPS by editing its config.inc.php file.

sudo vi "/volume1/@appstore/MailStation/mail/config/config.inc.php"

Look for this section.
PHP:
// enforce connections over https
// with this option enabled, all non-secure connections will be redirected.
// set the port for the ssl connection as value of this option if it differs from the default 443
$config['force_https'] = false;
And change it to this.
PHP:
// enforce connections over https
// with this option enabled, all non-secure connections will be redirected.
// set the port for the ssl connection as value of this option if it differs from the default 443
$config['force_https'] = true;

Save (:wq) and reload and Mail Station browser sessions.
 
That's exactly what I do but that doesn't stop a direct connection (non-reverse proxy) to http://www.mydomain.com/mail. I keep HTTP port forwarded to the NAS as, I believe, Let's Encrypt needs it and I'm using certificate creation/renewal using the built-in HTTP-01 mechanism.

Haven't checked at what point the config file gets overwritten.
 
Another irritation with Mail Station is that it permits connections using HTTP. I've set all other web portals to redirect to HTTPS and have SSL certificates configured for these based on domain names from my personal domain.

You can modify Mail Station to force it to redirect HTTP connections to HTTPS by editing its config.inc.php file.

sudo vi "/volume1/@appstore/MailStation/mail/config/config.inc.php"

Look for this section.
PHP:
// enforce connections over https
// with this option enabled, all non-secure connections will be redirected.
// set the port for the ssl connection as value of this option if it differs from the default 443
$config['force_https'] = false;
And change it to this.
PHP:
// enforce connections over https
// with this option enabled, all non-secure connections will be redirected.
// set the port for the ssl connection as value of this option if it differs from the default 443
$config['force_https'] = true;

Save (:wq) and reload and Mail Station browser sessions.
Thank you very much for youor answer it was hellpful for me!
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top