Here is my current entry in httpd.conf for this app. It works fine for HTTP, but NOT for HTTPS:
# SugarCRM
Alias /crm /opt/SugarCRM
<Directory /opt/SugarCRM>
Options -Indexes
AllowOverride all
First of all I would change this to
AllowOverride None as this prevents your settings being overwritten by the use of .htaccess files and so on.
order deny,allow
deny from all
allow from all
Satisfy all
Denying from all, to after that allow from all makes not much sense to me. Perhaps you should allow specific users or specific domains/hosts. I use the user principle a lot, for instance in my subversion contrib. This way you can setup the location to uise SME Server based groups and users and the passwords set for the users.
AddType application/x-httpd-php .php .php3
php_admin_value open_basedir /opt/SugarCRM/:/tmp
Opening the /tmp dir for access makes your system more vulnerable, if you really need space to store tempoerary files you'd better create a temporary/var directory in the tree of your webspace and set the proper security for that (meaning that only your system user under which apache runs has a limited source of access to this folder and no one else.
php_flag magic_quotes_gpc on
php_flag track_vars on
</Directory>
I would like to make it work with SSL and, optionally, use rewrite to force SSL for all users all of the time.
I realize that .htaccess affects this, so I include it here for reference:
# BEGIN SUGARCRM RESTRICTIONS
RedirectMatch /crm/sugarcrm.log.* http://linus/crm/log_file_restricted.html
RedirectMatch /crm/emailman.log http://linus/crm/log_file_restricted.html
RedirectMatch /crm/not_imported_(.*).txt http://linus/crm/log_file_restricted.html
RedirectMatch /crm/XTemplate/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/data/(.*).php http://linus/crm/index.php
RedirectMatch /crm/examples/(.*).php http://linus/crm/index.php
RedirectMatch /crm/include/(.*).php http://linus/crm/index.php
RedirectMatch /crm/include/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/log4php/(.*).php http://linus/crm/index.php
RedirectMatch /crm/log4php/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/metadata/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/modules/(.*)/(.*).php http://linus/crm/index.php
RedirectMatch /crm/soap/(.*).php http://linus/crm/index.php
RedirectMatch /crm/emailmandelivery.php http://linus/crm/index.php
# END SUGARCRM RESTRICTIONS
Thanks in advance,
G
Your .htaccess file makes clear to me why it does not work from outside, as you have sepcified a local domain name and not a Full Qualified Domain Name (FQDN) like
http://linus.domain.country/...
Hosts from outside are not able to resolve the linus host and will fail to access the system.
If you would like https you should add a https entry as well, for the port you use (probably 443), have a look at the way things are done with the server-manager in the /etc/httpd/conf/httpd/conf file and templates, this will probably help you a lot.
2 Replies
1469 Views