Caddy and (mail)Piler -- converrting Apache rewrite rules?

Help
1

I was planning to use Piler (see: http://www.mailpiler.org/) together with Caddy. The project recommends using Apache2 but I have no love for that HTTPd no more and try to use Caddy or nginx whenever possible.

I have not tried Piler with Caddy, yet. However, it (requires?) the following rewrite rules for Apache2 and I was wondering if there is a simple way to convert them so that they would be compatible with Caddy, or if somebody has run Piler with Caddy without the rewrite rules could shed their thoughts on how they got it running.

This is the .htaccess shipped with Piler:

DirectoryIndex index.php

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^search.php /index.php?route=search/search&type=simple [L]
RewriteRule ^advanced.php /index.php?route=search/search&type=advanced [L]
RewriteRule ^expert.php /index.php?route=search/search&type=expert [L]
RewriteRule ^search-helper.php /index.php?route=search/helper [L]
RewriteRule ^audit-helper.php /index.php?route=audit/helper [L]
RewriteRule ^message.php /index.php?route=message/view [L]
RewriteRule ^bulkrestore.php /index.php?route=message/bulkrestore [L]
RewriteRule ^bulkremove.php /index.php?route=message/bulkremove [L]
RewriteRule ^bulkpdf.php /index.php?route=message/bulkpdf [L]
RewriteRule ^folders.php /index.php?route=folder/list& [QSA,L]
RewriteRule ^settings.php /index.php?route=user/settings [L]
RewriteRule ^login.php /index.php?route=login/login [L]
RewriteRule ^logout.php /index.php?route=login/logout [L]
RewriteRule ^google.php /index.php?route=login/google [QSA,L]
RewriteRule ^domain.php /index.php?route=domain/domain [QSA,L]
RewriteRule ^ldap.php /index.php?route=ldap/list [QSA,L]
RewriteRule ^customer.php /index.php?route=customer/list [QSA,L]
RewriteRule ^retention.php /index.php?route=policy/retention [QSA,L]
RewriteRule ^archiving.php /index.php?route=policy/archiving [QSA,L]
RewriteRule ^legalhold.php /index.php?route=policy/legalhold [QSA,L]
RewriteRule ^view/javascript/piler.js /js.php [QSA,L]
</IfModule>

<IfModule auth_ntlm_winbind_module>
   <FilesMatch "sso\.php$">
      AuthName "piler NTLM authentication"
      NTLMAuth on
      NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
      NTLMBasicAuthoritative on
      AuthType NTLM
      require valid-user
   </FilesMatch>
</IfModule>

Thanks in advance for any suggestions or help.

Best wishes,
-k0nsl

2

Hi @k0nsl, luckily these are all super simple rewrites.

Each rewrite in that .htaccess file takes the form:

RewriteRule ^[FROM] [TO]

You can alter each of them to suit a Caddyfile like so:

rewrite /[FROM] {
  [TO]
}

Note the lack of ^ (the regex start of line anchor), which is implied for the basepath [FROM] in Caddy’s rewrite directive, and the / which replaces it, as Caddy is testing against the request URI. I would recommend this method over the simpler one-liner rewrite [FROM] [TO] because the one-line version will only rewrite if the request is exactly equal to [FROM].

You can safely ignore the [L] flags, but [QSA] instructs Apache to combine the request query string with the query you’re rewriting to (instead of discarding the client’s query entirely). To do this, for rewrites with the [QSA] flag, you’ll want to alter your Caddyfile variant to the form:

rewrite [FROM] {
  [TO]&{query}
}

The above relies on the fact that the rewritten [TO] already contains a query marker (?), you just need to append the client’s queries after it.

As an example, RewriteRule ^folders.php /index.php?route=folder/list& [QSA,L] becomes:

rewrite /folders.php {
  /index.php?route=folder/list&{query}
}

Caddy does not, as far as I know, have any middleware that implements authentication against Active Directory/winbind, so the auth_ntlm_winbind_module configuration is not able to be replicated in a Caddyfile.

3

Hello, @Whitestrake. Thanks for the clarification with regards to the rewrites – indeed, it is quite straight-forward, especially now that I’ve had a short nap and look at it again. It all makes sense.

And unfortunately I had somehow completely overlooked what is probably the most crucial part, the NTLM authentication bit. It appears to be something which is required…so I guess I’ll be stuck with Apache after all :frowning:

Still, thank you for helping me out with the rewrites! :thumbsup:

Best wishes,
-k0nsl

1 Like
4

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.