HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   SSL on port 8080 and 8081 (http://www.howtoforge.com/forums/showthread.php?t=58166)

EckyBrazz 2nd August 2012 23:54
SSL on port 8080 and 8081
 
Hi,

When I use https on port 8080 every thing is fine, but when I use https on port 8081 I get

Code:
Secure Connection Failed     
An error occurred during a connection to XXXX.com.br:8081.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)

  The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
  Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

till 3rd August 2012 09:11
There is no ssl for port 8081 enabled, so if you access a http vhost by https, you get the error message that you posted above.

EckyBrazz 3rd August 2012 15:38
How to enabel ssl on port 8081.

My apps.vhost looks like this

Code:
        listen 8081;

        server_name _;

        root  /var/www/apps;

        client_max_body_size 20M;

        location / {
              index index.php index.html;
        }

        # serve static files directly
        location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
              access_log        off;
        }

        location ~ \.php$ {
              try_files $uri =404;
              include /etc/nginx/fastcgi_params;
              fastcgi_pass unix:/var/lib/php5-fpm/apps.sock;
              fastcgi_index index.php;
              fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
              fastcgi_param PATH_INFO $fastcgi_script_name;
              fastcgi_buffer_size 128k;
              fastcgi_buffers 256 4k;
              fastcgi_busy_buffers_size 256k;
              fastcgi_temp_file_write_size 256k;
        }

        location ~ /\. {
              deny  all;
        }

        location /phpmyadmin {
              root /usr/share/;
              index index.php index.html index.htm;
              location ~ ^/phpmyadmin/(.+\.php)$ {
                      try_files $uri =404;
                      root /usr/share/;
                      include /etc/nginx/fastcgi_params;
                      # To access phpMyAdmin, the default user (like www-data on Debian/Ubuntu) must be used
                      fastcgi_pass 127.0.0.1:9000;
                      fastcgi_param HTTPS on; # <-- add this line
                      fastcgi_param HTTPS $fastcgi_https; # <-- add this line
                      fastcgi_index index.php;
                      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                      fastcgi_buffer_size 128k;
                      fastcgi_buffers 256 4k;
                      fastcgi_busy_buffers_size 256k;
                      fastcgi_temp_file_write_size 256k;
                      fastcgi_read_timeout 240;
              }
              location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                      root /usr/share/;
              }
        }
        location /phpMyAdmin {
              rewrite ^/* /phpmyadmin last;
        }

falko 3rd August 2012 16:29
Take a look at the ISPConfig vhost and copy over the SSL lines to the apps vhost (that way you will be using the same SSL cert as the ISPConfig interface).

EckyBrazz 3rd August 2012 18:19
Thanks for your reply Falko,

It works, but had to take the lines out again, because the clients don't know that they have to use https now.

Is it possible to configure it that they can choose either http or https ?

falko 4th August 2012 10:49
No, not on the same port.

Trixor 7th November 2012 19:24
apps.vhost
 
Hi,

I am able to make it work by adjusting apps.vhost, but whenever I change
something in the ISPConfig configuration, it overwrite's apps.vhost defaulting it back to a non-ssl connection. How can I configure it in ISPConfig so that it remains ssl, or if that is not possible, what action should I refrain from doing so it does not rewrite apps.vhost.

Thanks,
Trixor

EDIT: And I figured something out that works:
Put this in your Server config -> Web -> Apps-vhost port

8081 ssl; ssl_certificate /usr/local/ispconfig/interface/ssl/ispserver.crt; ssl_certificate_key /usr/local/ispconfig/interface/ssl/ispserver.key


All times are GMT +2. The time now is 23:22.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.