HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   How to configure multiple SSL with one IP (http://www.howtoforge.com/forums/showthread.php?t=60446)

Erjen 5th February 2013 15:17

How to configure multiple SSL with one IP
 
Hi,

In the first place, thanks for the great product!

I am trying to configure multiple SSL websites on one IP address.
So I checked SNI and configured an IP address to a client and in the website I changed IPv4 * to IPv4 [IP address]. And the last step I did also on my other website.

But after that, if I use just http in the browser, it's not connecting to the website but to the "It Works!" Apache page. And if I use https it connects to the first configured website with SSL.

What am I doing wrong? It should work with SNI right?

Thanks in advance for the help!


--------------------
I am using Debian with ISPConfig 3.0.4.6 and Apache 2.2.16
--------------------

falko 6th February 2013 13:18

Can you post both vhost configurations?

Erjen 6th February 2013 14:24

Thanks for your response Falko.

Can I PM those files to you? I don't like to make them public.

And I found out that if I use the same IP address on the same website, both aren't working, nor the SSL connection, unlike i said before.

Thanks again.

Erjen 9th February 2013 10:55

I still can't figure it out.. And I guess I can't PM you the files so then I will just post them here and changed the two domains with [domain] and [domain2].

I would really appreciate it if you can help me out!
Thanks!

[domain].vhost
Code:

<Directory /var/www/[domain].nl>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<VirtualHost [external IP address]:80>
      DocumentRoot /var/www/[domain].nl/web
 
    ServerName [domain].nl
    ServerAlias www.[domain].nl
    ServerAdmin webmaster@[domain].nl

    ErrorLog /var/log/ispconfig/httpd/[domain].nl/error.log

    Alias /error/ "/var/www/[domain].nl/web/error/"
    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 502 /error/502.html
    ErrorDocument 503 /error/503.html

    <IfModule mod_ssl.c>
    </IfModule>

    <Directory /var/www/[domain].nl/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client3/web14/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>



    # suexec enabled
    <IfModule mod_suexec.c>
      SuexecUserGroup web14 client3
    </IfModule>
    # Clear PHP settings of this website
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler None
    </FilesMatch>
    # php as fast-cgi enabled
        # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
    <IfModule mod_fcgid.c>
        IdleTimeout 300
        ProcessLifeTime 3600
        # MaxProcessCount 1000
        DefaultMinClassProcessCount 0
        DefaultMaxClassProcessCount 100
        IPCConnectTimeout 3
        IPCCommTimeout 360
        BusyTimeout 300
    </IfModule>
    <Directory /var/www/[domain].nl/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web14/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client3/web14/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web14/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>


    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId web14 client3
    </IfModule>

    <IfModule mod_dav_fs.c>
          # Do not execute PHP files in webdav directory
      <Directory /var/www/clients/client3/web14/webdav>
            <FilesMatch "\.ph(p3?|tml)$">
          SetHandler None
        </FilesMatch>
      </Directory>
      DavLockDB /var/www/clients/client3/web14/tmp/DavLock
      # DO NOT REMOVE THE COMMENTS!
      # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
      # WEBDAV END
    </IfModule>


</VirtualHost>
<VirtualHost [external IP address]:443>
      DocumentRoot /var/www/[domain].nl/web
 
    ServerName [domain].nl
    ServerAlias www.[domain].nl
    ServerAdmin webmaster@[domain].nl

    ErrorLog /var/log/ispconfig/httpd/[domain].nl/error.log

    Alias /error/ "/var/www/[domain].nl/web/error/"
    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 502 /error/502.html
    ErrorDocument 503 /error/503.html

    <IfModule mod_ssl.c>
        SSLEngine on
    SSLCertificateFile /var/www/clients/client3/web14/ssl/www.[domain].nl.crt
    SSLCertificateKeyFile /var/www/clients/client3/web14/ssl/www.[domain].nl.key
    </IfModule>

    <Directory /var/www/[domain].nl/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client3/web14/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>



    # suexec enabled
    <IfModule mod_suexec.c>
      SuexecUserGroup web14 client3
    </IfModule>
    # Clear PHP settings of this website
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler None
    </FilesMatch>
    # php as fast-cgi enabled
        # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
    <IfModule mod_fcgid.c>
        IdleTimeout 300
        ProcessLifeTime 3600
        # MaxProcessCount 1000
        DefaultMinClassProcessCount 0
        DefaultMaxClassProcessCount 100
        IPCConnectTimeout 3
        IPCCommTimeout 360
        BusyTimeout 300
    </IfModule>
    <Directory /var/www/[domain].nl/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web14/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client3/web14/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web14/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>


    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId web14 client3
    </IfModule>

    <IfModule mod_dav_fs.c>
          # Do not execute PHP files in webdav directory
      <Directory /var/www/clients/client3/web14/webdav>
            <FilesMatch "\.ph(p3?|tml)$">
          SetHandler None
        </FilesMatch>
      </Directory>
      DavLockDB /var/www/clients/client3/web14/tmp/DavLock
      # DO NOT REMOVE THE COMMENTS!
      # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
      # WEBDAV END
    </IfModule>


</VirtualHost>

[domain2].vhost
Code:

<Directory /var/www/[domain2].nl>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<VirtualHost [external IP address]:80>
      DocumentRoot /var/www/[domain2].nl/web
 
    ServerName [domain2].nl
    ServerAlias www.[domain2].nl
    ServerAdmin webmaster@[domain2].nl

    ErrorLog /var/log/ispconfig/httpd/[domain2].nl/error.log

    Alias /error/ "/var/www/[domain2].nl/web/error/"
    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 502 /error/502.html
    ErrorDocument 503 /error/503.html

    <IfModule mod_ssl.c>
    </IfModule>

    <Directory /var/www/[domain2].nl/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/210220203/web15/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>



    # suexec enabled
    <IfModule mod_suexec.c>
      SuexecUserGroup web15 client3
    </IfModule>
    # Clear PHP settings of this website
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler None
    </FilesMatch>
    # php as fast-cgi enabled
        # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
    <IfModule mod_fcgid.c>
        IdleTimeout 300
        ProcessLifeTime 3600
        # MaxProcessCount 1000
        DefaultMinClassProcessCount 0
        DefaultMaxClassProcessCount 100
        IPCConnectTimeout 3
        IPCCommTimeout 360
        BusyTimeout 300
    </IfModule>
    <Directory /var/www/[domain2].nl/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web15/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/210220203/web15/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web15/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>


    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId web15 client3
    </IfModule>

    <IfModule mod_dav_fs.c>
          # Do not execute PHP files in webdav directory
      <Directory /var/www/clients/210220203/web15/webdav>
            <FilesMatch "\.ph(p3?|tml)$">
          SetHandler None
        </FilesMatch>
      </Directory>
      DavLockDB /var/www/clients/210220203/web15/tmp/DavLock
      # DO NOT REMOVE THE COMMENTS!
      # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
      # WEBDAV END
    </IfModule>


</VirtualHost>
<VirtualHost [external IP address]:443>
      DocumentRoot /var/www/[domain2].nl/web
 
    ServerName [domain2].nl
    ServerAlias www.[domain2].nl
    ServerAdmin webmaster@[domain2].nl

    ErrorLog /var/log/ispconfig/httpd/[domain2].nl/error.log

    Alias /error/ "/var/www/[domain2].nl/web/error/"
    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 502 /error/502.html
    ErrorDocument 503 /error/503.html

    <IfModule mod_ssl.c>
        SSLEngine on
    SSLCertificateFile /var/www/clients/210220203/web15/ssl/www.[domain2].nl.crt
    SSLCertificateKeyFile /var/www/clients/210220203/web15/ssl/www.[domain2].nl.key
    </IfModule>

    <Directory /var/www/[domain2].nl/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/210220203/web15/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>



    # suexec enabled
    <IfModule mod_suexec.c>
      SuexecUserGroup web15 client3
    </IfModule>
    # Clear PHP settings of this website
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler None
    </FilesMatch>
    # php as fast-cgi enabled
        # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
    <IfModule mod_fcgid.c>
        IdleTimeout 300
        ProcessLifeTime 3600
        # MaxProcessCount 1000
        DefaultMinClassProcessCount 0
        DefaultMaxClassProcessCount 100
        IPCConnectTimeout 3
        IPCCommTimeout 360
        BusyTimeout 300
    </IfModule>
    <Directory /var/www/[domain2].nl/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web15/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/210220203/web15/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web15/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>


    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId web15 client3
    </IfModule>

    <IfModule mod_dav_fs.c>
          # Do not execute PHP files in webdav directory
      <Directory /var/www/clients/210220203/web15/webdav>
            <FilesMatch "\.ph(p3?|tml)$">
          SetHandler None
        </FilesMatch>
      </Directory>
      DavLockDB /var/www/clients/210220203/web15/tmp/DavLock
      # DO NOT REMOVE THE COMMENTS!
      # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
      # WEBDAV END
    </IfModule>


</VirtualHost>


Erjen 12th February 2013 12:56

Well, I just installed ISPConfig 3.0.5 RC1, very interesting version. It solves a lot of problems like now I can choose if the user may use SSL.

But still, I can't figure out how to configure SSL on one IP-address. it's still not working, even in 3.0.5 RC1 I can't get it to work properly with multiple sites on 1 IP address. Can someone please explain how I have to configure it?

Thanks thanks.

Erjen 14th February 2013 13:33

Its finally working.. pff not really much help here but that's probably just me.

The problem was with the current stable version (3.0.4.6) that you can bring the Apache server down by signing a wrong .crt.
So before, I deleted everything related to SSL to be able to start the Apache server again. But I also deleted
Code:

NameVirtualHost *:443
from /etc/apache2/ports.conf.

I replaced that rule and everything is working fine now! And also, you shouldn't choose an IP in sites in ISPConfig, just leave the *.

cheers


All times are GMT +2. The time now is 01:28.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.