HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   SSL on port 8080 (http://www.howtoforge.com/forums/showthread.php?t=54204)

laptop_user 20th September 2011 21:54

SSL on port 8080
 
Hi everyone,

I need help with this. I successfully install SSL on ISPConfig 3. Love it. It's so easy.:p

Now when I try to access the control panel the https://www.mydomain.com:8080 it does not work but without the SSL it works http://www.mydomain.com:8080

Anyway after further googling I found this tutorial http://www.faqforge.com/linux/contro...-controlpanel/ but since I already install the SSL cert on ispconfig and the cert is not self signed I wasn't sure to start at which step..

If anyone already had this covered I appreciated if you guys/gals could guide me with this.

Thanks in advance:)

xaver 20th September 2011 23:14

Hello,

update your interface, if next version is out or install in expert mode and say yes to ssl and ispconfig do everything for you.

Regards,
Xaver

laptop_user 21st September 2011 02:53

Quote:

Originally Posted by xaver (Post 263850)
Hello,

update your interface, if next version is out or install in expert mode and say yes to ssl and ispconfig do everything for you.

Regards,
Xaver

hey appreciate your help. :) I guess I will try reinstalling ispconfig again since update need to wait for new release.

Code:

root@server1:~# ispconfig_update.sh


--------------------------------------------------------------------------------
 _____ ___________  _____              __ _
|_  _/  ___| ___ \ /  __ \            / _(_)
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |
 _| |_/\__/ / |    | \__/\ (_) | | | | | | | (_| |
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, |
                                              __/ |
                                            |___/
--------------------------------------------------------------------------------


>> Update

Please choose the update method. For production systems select 'stable'.
The update from svn is only for development systems and may break your current setup.

Select update method (stable,svn) [stable]:

There are no updates available for ISPConfig 3.0.3.3
root@server1:~#

Also do you know is there anyway I could just use the control panel php page without the port 8080 thing? because in theory that would automatically solve SSL on port 8080 problem.

thank you.

EDIT
So I blindly followed the steps here with no knowledge with what I'm doing http://www.faqforge.com/linux/contro...-controlpanel/

On the final step I was greeted with this error:

Code:

root@server1:/etc/apache2/ssl# /etc/init.d/apache2 restart
Syntax error on line 48 of /etc/apache2/sites-enabled/000-ispconfig.vhost:
SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.
 failed!
root@server1:/etc/apache2/ssl# /etc/init.d/apache2 restart
Syntax error on line 48 of /etc/apache2/sites-enabled/000-ispconfig.vhost:
SSLCertificateFile: file '/usr/local/ispconfig/interface/ssl/ispserver.crt' does not exist or is empty
Action 'configtest' failed.
The Apache error log may have more information.
 failed!

I always have this question in my mind. Either updating or using the step from the link above I need to create a new SSL Request cert. So in other word my current provided cert is useless because I need to paste the new cert request to my cert provider and pasting the provided cert to ispconfig. Am I correct?

I appreciate if anyone could help me with the error above.

Thanks in advance

till 21st September 2011 09:33

Please do what xaver suggested and run a ispconfig update where you select to create new ssl certs. If your ispconfig is up to date, then download the ispconfig tar.gz manually from ispconfig.org, unpack it and run the update.php script.

Quote:

I always have this question in my mind. Either updating or using the step from the link above I need to create a new SSL Request cert. So in other word my current provided cert is useless because I need to paste the new cert request to my cert provider and pasting the provided cert to ispconfig. Am I correct?
You can use a existing cert as well, but only after you did the step with the update that xaver described. Afterwards you can replace the key and crt file in /usr/local/ispconfig/interface/ssl/ directory with your existing cert and key.

laptop_user 21st September 2011 12:36

Quote:

Originally Posted by till (Post 263870)
If your ispconfig is up to date, then download the ispconfig tar.gz manually from ispconfig.org, unpack it and run the update.php script.

I did actually. I search the forum and found the your same advice over here http://www.howtoforge.com/forums/sho...light=ssl+port but I was greeted with error:
Code:

root@server1:~/ispconfig3_install/install# php -q update.php


--------------------------------------------------------------------------------
 _____ ___________  _____              __ _        ____
|_  _/  ___| ___ \ /  __ \            / _(_)      /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
 _| |_/\__/ / |    | \__/\ (_) | | | | | | | (_| | ___\ \
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                            |___/
--------------------------------------------------------------------------------


>> Update

Operating System: Debian 6.0 (Squeeze/Sid) or compatible

This application will update ISPConfig 3 on your server.
mysqldump: Got error: 1045: Access denied for user 'root'@'localhost' (using password: YES) when trying to connect
PHP Warning:  mysql_connect(): Access denied for user 'root'@'localhost' (using password: YES) in /root/ispconfig3_install/install/lib/mysql.lib.php on line 78
PHP Notice:  Uninitialized string offset: 0 in /root/ispconfig3_install/install/lib/update.lib.php on line 98
PHP Fatal error:  Cannot use string offset as an array in /root/ispconfig3_install/install/lib/update.lib.php on line 98

This is what in mysql.lib.php in line 78:
Code:

$this->linkId = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass);


I assume the first error is mysql error so I add all new credentials in mysql.lib.php (at the top section):
Code:

class db
{
        var $dbHost = "localhost";                // hostname of the MySQL server
        var $dbName = "dbispconfig";              // logical database name on that server
        var $dbUser = "root";            // database authorized user
        var $dbPass = "mydbpass";                // user's password
        var $dbCharset = "utf8";      // what charset comes and goes to mysql: utf8 / latin1
        var $linkId = 0;                  // last result of mysql_connect()
        var $queryId = 0;                // last result of mysql_query()
        var $record    = array();        // last record fetched
    var $autoCommit = 1;      // Autocommit Transactions
        var $currentRow;                  // current row number
        var $errorNumber = 0;    // last error number
        var $errorMessage = "";  // last error message
        var $errorLocation = "";  // last error location
        var $show_error_messages = false;


but still got the same error.


Please help:o Thank you.

till 21st September 2011 13:29

Please undo all changes that you made in the file mysql.lib.php. Make sure that the file is exactly as it was before! If you want that we are able help you, dont do any hectic changes in the sources of ispconfig as thats not required and you will mess up our setup more and more by doing that.

Your problem is that you changed the mysql root password without changing it in the file /usr/local/ispconfig/server/lib/mysql_clientdb.conf. So edit only this one file and set the new root password there.

laptop_user 21st September 2011 16:28

hey thanks. My apologies but I had to minimize from asking support here because I'm embarrassed I only active here in this forum when I need support. I don't like to see as a lechers you know:o That's why I prefer to goongling/search and DIY:o

The update works great and ispconfig created the self signed SSL. Now the problem is SSL. I want to use my own CA issued cert. In
Code:

/usr/local/ispconfig/interface/ssl
I found 4 files.

For the cert I paste in SSL bundle text form in Sites >> Web Domain >> SSL
Where should I paste the SSL bundle cert in
Code:

/usr/local/ispconfig/interface/ssl
I could upload screenshot if you want to. I hope I explain everything clear. Thank you.

till 21st September 2011 16:58

Take a look into the ssl directory of the website where you created the signed certificate. There you find a key and a crt file. Kopy the content of the key file into the ispconfig key file, the content of the crt file into the ispconfig crt file. Then create a new file for the bundle certificate in the ispconfig ssl directory and insert the bundle certificate(s) there.
Then add a line a line like:

SSLCACertificateFile /path/to/my/bundle/certificate

into the ispconfig vhost file as ispconfig as no support for bundles builtin and then restart apache.

laptop_user 22nd September 2011 20:37

Quote:

Originally Posted by till (Post 263923)
Take a look into the ssl directory of the website where you created the signed certificate. There you find a key and a crt file. Kopy the content of the key file into the ispconfig key file, the content of the crt file into the ispconfig crt file. Then create a new file for the bundle certificate in the ispconfig ssl directory and insert the bundle certificate(s) there.
Then add a line a line like:

SSLCACertificateFile /path/to/my/bundle/certificate

into the ispconfig vhost file as ispconfig as no support for bundles builtin and then restart apache.

Yes I copy the text from my website SSL directory and paste it to ISPConfig SSL directory. This is the exact step I did.

My website SSL directory
Code:

www.mydomain.com.crt
www.mydomain.com.csr
www.mydomain.com.key
www.mydomain.com.key.org


ISPconfig SSL directory. Noted that cert from key.org is pasted to key.secure
Code:

ispserver.crt
ispserver.csr
ispserver.key
ispserver.key.secure

After that I restart apache and SSL appears to be working across all browsers. I guess bundle certificate is not needed for ispconfig SSL directory :/

Appreciate your help Xaver and Till :) Hope it helps anyone.


All times are GMT +2. The time now is 22:40.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.