Old 13th October 2008, 17:29
tom88 tom88 is offline
Junior Member
Join Date: Oct 2008
Posts: 2
Thanks: 0
Thanked 7 Times in 1 Post
Default https on new v3 port 8080

installed ispconfig v3.0.0.7 and noticed that access to admin interface was clear text ..
Wanting ssl, I did some research and came up with the following quick how to.
I'm using ubuntu 8.04 and had followed falko's perfect install.... yeah I now read I shouldn't have, but I didn't know at the time that v3beta didn't want this .
It seems to be working... had to change out proftpd for pureftp etc ..
any way .. the steps I used to get the admin interface to be on https was:
mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
a2enmod ssl
vi /etc/apache2/sites-available/ispconfig.vhost
insert the fallowing near the top:
<VirtualHost _default_:8080>
ServerAdmin webmaster@localhost
DocumentRoot /usr/local/ispconfig/interface/web/

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
restart apache2
/etc/init.d/apache2 restart
Reply With Quote
The Following 7 Users Say Thank You to tom88 For This Useful Post:
admins (31st July 2009), falko (14th October 2008), kalua (7th November 2008), m0se5 (10th March 2009), Nicke (21st June 2009), till (13th October 2008), torusturtle (29th October 2008)
Sponsored Links
Old 25th March 2009, 21:52
vogelor vogelor is offline
ISPConfig Developer
Join Date: Jan 2007
Location: Wernau, Germany
Posts: 219
Thanks: 42
Thanked 34 Times in 24 Posts
Default attention

if you are doing a update, then the "default" vhost-file overrides the old one. to avoid these, do not change the ispconfig.vhost but create your OWN file (with a different name). do this inside the sites-available. then CHANGE the soft-link inside the sites-enabled - directory (to link to YOUR file instead of the default one.).

the update.php script overrdes the ispcongif-FILE but NEVER the soft-link. so after a update, the FILE ist overriden, but not the link (pointing to YOUR file).

hope it is clear, what i mean. if not - ask!

Der neue Luxus heit Zeit, nicht Geld!

Firma : http://www.muv.com, http://www.computerandservice.de
Privat : http://www.vogelor.de
Reply With Quote
The Following User Says Thank You to vogelor For This Useful Post:
Nicke (21st June 2009)
Old 16th June 2009, 13:20
bazza bazza is offline
Junior Member
Join Date: Feb 2006
Posts: 13
Thanks: 4
Thanked 0 Times in 0 Posts
Default SSL Enforced

Thanks for the above info. Personally I think https should be the default for a connection to a control panel. I think this could be done in a htaccess file but I'm new to ISPC3 and I need to have a poke around to see why its configured the way it is before I start bending it.
Reply With Quote
Old 25th June 2009, 21:52
Master One Master One is offline
Junior Member
Join Date: Mar 2008
Posts: 23
Thanks: 1
Thanked 0 Times in 0 Posts

I guess the described method is still the only valid way to do it, right?

I also think, that ISPConfig should only be accessible by https, the same goes for phpmyadmin and webmail.
Reply With Quote
Old 26th June 2009, 20:00
TokyNET TokyNET is offline
Junior Member
Join Date: Jun 2009
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts

Is this still the way to do this? I ask because all of this is already in my conf file (or maybe im not clear if that is "add the following AFTER this lines...)

<VirtualHost _default_:8080>
ServerAdmin webmaster@localhost
DocumentRoot /usr/local/ispconfig/interface/web/
So, this is the top of my ispconfig.vhost file, please tell me what and where i should add what you mentioned on the "how-to".

<VirtualHost _default_:8080>
ServerAdmin webmaster@localhost
  <IfModule mod_fcgid.c>
    DocumentRoot /var/www/ispconfig/
    SuexecUserGroup ispconfig ispconfig
    <Directory /var/www/ispconfig/>
      Options Indexes FollowSymLinks MultiViews +ExecCGI
      AllowOverride AuthConfig Indexes Limit Options FileInfo
      AddHandler fcgid-script .php
      FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
      Order allow,deny
      Allow from all

  <IfModule mod_php5.c>
    DocumentRoot /usr/local/ispconfig/interface/web/
    AddType application/x-httpd-php .php
    <Directory /usr/local/ispconfig/interface/web>
      Options FollowSymLinks
      AllowOverride None
      Order allow,deny
      Allow from all
          php_value magic_quotes_gpc        0

  # ErrorLog /var/log/apache2/error.log
  # CustomLog /var/log/apache2/access.log combined
  ServerSignature Off


Besides that, now I get this from apache when i try to start it:
[root@cornpops ~]# /etc/init.d/httpd start
Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443
(98)Address already in use: make_sock: could not bind to address
no listening sockets available, shutting down
Unable to open logs
Thanks for any assistance in this matter.
Reply With Quote
Old 26th June 2009, 20:05
TokyNET TokyNET is offline
Junior Member
Join Date: Jun 2009
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts

BTW, this is the output of netstat -an, oddly enough, there is nothing listening on 80 or 443....

netstat -an | grep LISTEN | grep -v ACC
tcp        0      0 XX.XX.189.148:53 *                   LISTEN
tcp        0      0 XX.XXX.189.123:53 *                   LISTEN
tcp        0      0      *                   LISTEN
tcp        0      0        *                   LISTEN
tcp        0      0   *                   LISTEN
tcp        0      0   *                   LISTEN
tcp        0      0      *                   LISTEN
tcp        0      0    *                   LISTEN
tcp        0      0 ::1:53                      :::*                        LISTEN
tcp        0      0 :::21                       :::*                        LISTEN
tcp        0      0 :::22                       :::*                        LISTEN
tcp        0      0 :::993                      :::*                        LISTEN
tcp        0      0 :::995                      :::*                        LISTEN
tcp        0      0 :::110                      :::*                        LISTEN
tcp        0      0 :::143                      :::*                        LISTEN

Last edited by TokyNET; 27th June 2009 at 19:51. Reason: Blocking part of the public IP
Reply With Quote


https v3beta ssl cert gen

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mail Question: installed smf forum on centos perfect server setup with ispconfig happz Installation/Configuration 7 22nd August 2008 14:15
Getting e-mail working hansoffate Installation/Configuration 29 13th August 2008 17:33
ISP Blocking port 80 & 8080 grandpagenocide Installation/Configuration 4 18th June 2007 12:48
http to https redirection for port 81 - ISPConfig TheMaximumWeasel Installation/Configuration 6 31st May 2007 00:30
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 23:40

All times are GMT +2. The time now is 23:37.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.