https on new v3 port 8080
installed ispconfig v126.96.36.199 and noticed that access to admin interface was clear text ..
Wanting ssl, I did some research and came up with the following quick how to.
I'm using ubuntu 8.04 and had followed falko's perfect install.... yeah I now read I shouldn't have, but I didn't know at the time that v3beta didn't want this :).
It seems to be working... had to change out proftpd for pureftp etc ..
any way .. the steps I used to get the admin interface to be on https was:
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
insert the fallowing near the top:
if you are doing a update, then the "default" vhost-file overrides the old one. to avoid these, do not change the ispconfig.vhost but create your OWN file (with a different name). do this inside the sites-available. then CHANGE the soft-link inside the sites-enabled - directory (to link to YOUR file instead of the default one.).
the update.php script overrdes the ispcongif-FILE but NEVER the soft-link. so after a update, the FILE ist overriden, but not the link (pointing to YOUR file).
hope it is clear, what i mean. if not - ask!
Thanks for the above info. Personally I think https should be the default for a connection to a control panel. I think this could be done in a htaccess file but I'm new to ISPC3 and I need to have a poke around to see why its configured the way it is before I start bending it.
I guess the described method is still the only valid way to do it, right?
I also think, that ISPConfig should only be accessible by https, the same goes for phpmyadmin and webmail.
Is this still the way to do this? I ask because all of this is already in my conf file (or maybe im not clear if that is "add the following AFTER this lines...)
Besides that, now I get this from apache when i try to start it:
BTW, this is the output of netstat -an, oddly enough, there is nothing listening on 80 or 443....
Since it seems i'm the only one reading this post.
I found my problem for apache not starting...
I had installed mod_ssl through yum...and it started to conflict with something that was already installed for ssl, although I have NFI of what can be providing ssl to apache if not mod_ssl... so anyways, I uninstalled the mod_ssl that I installed through yum and that was it. Now apache starts again.
However, I still don't have ssl enabled anywhere...This is really upsetting. I'm not sure what the major malfunction is. I don't seem to find any meaningful errors from apache when I try to access anything https on my server.
I have not dealt with apache besides getting it up and running...(and usually it just comes up with ssl working).
It seems to me that THIS ISSUE is a great candidate for a good How-to.
(If I do figure it out, I will post my steps here)
My previous questions still stand.
Assuming you have ISPCONFIG installed correctly just do as it says.
The first part of the howto deals with generating a key pair using OPENSSL and loading the apache mod ssl.
Then edit your conf file so that the begining of it looks the same as the howto.
Did you read and see what I pasted?
Assumption correct, however your post does not help the situation...
Besides changing the path (changing /etc/apache2/ to /etc/httpd/)
I have installed a bunch of apps and have had to create crazy ssh-tunnels to be able to login to the control pannels since I won't login in plain text to them.
So, when I put the content mentioned above and it fails misserably...meanning that apache won't start at all...
Also the line for with "a2enmod ssl" wont run at all...
Thanks in advance for any help.
Edit: "a2enmod" seems to be for debian based systems...
if your apache will not restart it is in most cases because of a dammaged ssl-certificate (the private key and the public key do not correspond together). So try to comment our the ssl section in the vhost file and restart the apache2. if this works, try regenerating your ssl-files (for me, this works fine!)
|All times are GMT +2. The time now is 22:02.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.