oprago
2nd May 2009, 10:32
Hi,
i created a small work-a-round to use ISPConfig with gnutls.
Install gnutls and disable SSL:
aptitude install libapache2-mod-gnutls
a2enmod gnutls
a2dismod ssl
The next step is to modify the ISPConfig Apache template /usr/local/ispconfig/server/conf/vhost.conf.master to use gnuTLS:
Change:
[...]
<tmpl_if name='ssl_enabled'>
<IfModule mod_ssl.c>
[...]
[...]
SSLEngine on
SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='domain'>.crt
SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='domain'>.key
<tmpl_if name='has_bundle_cert'>
SSLCACertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='domain'>.bundle
</tmpl_if>
[...]
to:
[...]
<tmpl_if name='ssl_enabled'>
<IfModule mod_gnutls.c>
[...]
[...]
GnuTLSEnable on
GnuTLSPriorities NORMAL
GnuTLSCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='domain'>.crt
GnuTLSKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='domain'>.key
[...]
I don't use the ssl bundles, so i hide the form field. Edit /usr/local/ispconfig/interface/web/sites/form/web_domain.tform.php and change it to an hidden field:
'ssl_bundle' => array (
'datatype' => 'TEXT',
'formtype' => 'HIDDEN',
'default' => '',
'value' => '',
'cols' => '30',
'rows' => '10'
),
and modify the template /usr/local/ispconfig/interface/web/sites/templates/web_domain_ssl.htm:
<div class="ctrlHolder" style="display:none;">
<label for="ssl_bundle">{tmpl_var name='ssl_bundle_txt'}</label>
<textarea name="ssl_bundle" id="ssl_bundle" rows='10' cols='30'>{tmpl_var name='ssl_bundle'}</textarea>
</div>
GnuTLS requires an ip address in the virtual host definition. So i had to disable the "*". First add the IP of the server into the isp config admin interface. Now disable the "*" in the file /usr/local/ispconfig/interface/web/sites/web_domain_edit.php by removing all $ip_select = "<option value='*'>*</option>"; entries.
i created a small work-a-round to use ISPConfig with gnutls.
Install gnutls and disable SSL:
aptitude install libapache2-mod-gnutls
a2enmod gnutls
a2dismod ssl
The next step is to modify the ISPConfig Apache template /usr/local/ispconfig/server/conf/vhost.conf.master to use gnuTLS:
Change:
[...]
<tmpl_if name='ssl_enabled'>
<IfModule mod_ssl.c>
[...]
[...]
SSLEngine on
SSLCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='domain'>.crt
SSLCertificateKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='domain'>.key
<tmpl_if name='has_bundle_cert'>
SSLCACertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='domain'>.bundle
</tmpl_if>
[...]
to:
[...]
<tmpl_if name='ssl_enabled'>
<IfModule mod_gnutls.c>
[...]
[...]
GnuTLSEnable on
GnuTLSPriorities NORMAL
GnuTLSCertificateFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='domain'>.crt
GnuTLSKeyFile <tmpl_var name='document_root'>/ssl/<tmpl_var name='domain'>.key
[...]
I don't use the ssl bundles, so i hide the form field. Edit /usr/local/ispconfig/interface/web/sites/form/web_domain.tform.php and change it to an hidden field:
'ssl_bundle' => array (
'datatype' => 'TEXT',
'formtype' => 'HIDDEN',
'default' => '',
'value' => '',
'cols' => '30',
'rows' => '10'
),
and modify the template /usr/local/ispconfig/interface/web/sites/templates/web_domain_ssl.htm:
<div class="ctrlHolder" style="display:none;">
<label for="ssl_bundle">{tmpl_var name='ssl_bundle_txt'}</label>
<textarea name="ssl_bundle" id="ssl_bundle" rows='10' cols='30'>{tmpl_var name='ssl_bundle'}</textarea>
</div>
GnuTLS requires an ip address in the virtual host definition. So i had to disable the "*". First add the IP of the server into the isp config admin interface. Now disable the "*" in the file /usr/local/ispconfig/interface/web/sites/web_domain_edit.php by removing all $ip_select = "<option value='*'>*</option>"; entries.