HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   ISPConfig 3 Priority Support (http://www.howtoforge.com/forums/forumdisplay.php?f=35)
-   -   OpenVPN portshare not working correct (http://www.howtoforge.com/forums/showthread.php?t=61680)

g00fy 1st May 2013 15:29

OpenVPN portshare not working correct
 
Hello,

I setup a new server with ISPCONFIG and setup the nginx webserver. I changed the port nginx listening on for ssl connections to 44334 and setup openvpn with the port-share option to listen on 443 for incoming connections and redirect it to nginx when it is https traffic.
This works well on a server without ISPConfig, but on this server it always connects to the first enabled virtual server that is listening on port 44334. and not to the website the browser is asking for.

Is there something in this setup that is preventing using the port-share option of openvpn?

falko 2nd May 2013 15:37

I guess OpenVPN isn't forwarding the requested hostname to the web server.

g00fy 2nd May 2013 23:11

It seems it doesn't have anything to do with openvpn after all. Sorry for this.

What is happening is when you connect to a website that wasn't configured to use ssl, but try to connect via https://, it connects to the first vhost that is configured to use ssl.
May be this is by design, but I would like it more to get no connection at all (or maybe a page saying there is no website on this url).
Would something like this be posiible?

till 3rd May 2013 07:48

Quote:

What is happening is when you connect to a website that wasn't configured to use ssl, but try to connect via https://, it connects to the first vhost that is configured to use ssl.
Thats ok and the default behaviour of webservers. If a vhost is requested that does not exist, the first vhost on the saem IP is shown.

Quote:

May be this is by design, but I would like it more to get no connection at all (or maybe a page saying there is no website on this url).
Would something like this be posiible?
Add a default vhost which has ssl enabled by ading a site with the domain "000default.tld".It does not matter that the domain exists, it just ahs to be the first in alphabetical order on your servers. Or you ensure that ssl websites do not share the IP address with other sites.


All times are GMT +2. The time now is 10:25.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.