https on new v3 port 8080

[tom88]

installed ispconfig v3.0.0.7 and noticed that access to admin interface was clear text ..
Wanting ssl, I did some research and came up with the following quick how to.
I'm using ubuntu 8.04 and had followed falko's perfect install.... yeah I now read I shouldn't have, but I didn't know at the time that v3beta didn't want this .
It seems to be working... had to change out proftpd for pureftp etc ..
any way .. the steps I used to get the admin interface to be on https was:
mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
a2enmod ssl
vi /etc/apache2/sites-available/ispconfig.vhost
insert the fallowing near the top:
<VirtualHost _default_:8080>
ServerAdmin webmaster@localhost
DocumentRoot /usr/local/ispconfig/interface/web/

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
restart apache2
/etc/init.d/apache2 restart
https://myispconfig.ipaddress:8080

[vogelor]

if you are doing a update, then the "default" vhost-file overrides the old one. to avoid these, do not change the ispconfig.vhost but create your OWN file (with a different name). do this inside the sites-available. then CHANGE the soft-link inside the sites-enabled - directory (to link to YOUR file instead of the default one.).

the update.php script overrdes the ispcongif-FILE but NEVER the soft-link. so after a update, the FILE ist overriden, but not the link (pointing to YOUR file).

hope it is clear, what i mean. if not - ask!

Olli

[bazza]

Thanks for the above info. Personally I think https should be the default for a connection to a control panel. I think this could be done in a htaccess file but I'm new to ISPC3 and I need to have a poke around to see why its configured the way it is before I start bending it.

[Master One]

I guess the described method is still the only valid way to do it, right?

I also think, that ISPConfig should only be accessible by https, the same goes for phpmyadmin and webmail.

[TokyNET]

Is this still the way to do this? I ask because all of this is already in my conf file (or maybe im not clear if that is "add the following AFTER this lines...)

Code:

<VirtualHost _default_:8080>
ServerAdmin webmaster@localhost
DocumentRoot /usr/local/ispconfig/interface/web/

So, this is the top of my ispconfig.vhost file, please tell me what and where i should add what you mentioned on the "how-to".

Code:

<VirtualHost _default_:8080>
ServerAdmin webmaster@localhost
  <IfModule mod_fcgid.c>
    DocumentRoot /var/www/ispconfig/
    SuexecUserGroup ispconfig ispconfig
    <Directory /var/www/ispconfig/>
      Options Indexes FollowSymLinks MultiViews +ExecCGI
      AllowOverride AuthConfig Indexes Limit Options FileInfo
      AddHandler fcgid-script .php
      FCGIWrapper /var/www/php-fcgi-scripts/ispconfig/.php-fcgi-starter .php
      Order allow,deny
      Allow from all
    </Directory>
  </IfModule>

  <IfModule mod_php5.c>
    DocumentRoot /usr/local/ispconfig/interface/web/
    AddType application/x-httpd-php .php
    <Directory /usr/local/ispconfig/interface/web>
      Options FollowSymLinks
      AllowOverride None
      Order allow,deny
      Allow from all
          php_value magic_quotes_gpc        0
    </Directory>
  </IfModule>

  # ErrorLog /var/log/apache2/error.log
  # CustomLog /var/log/apache2/access.log combined
  ServerSignature Off

</VirtualHost>

Besides that, now I get this from apache when i try to start it:

Code:

[root@cornpops ~]# /etc/init.d/httpd start
Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:443
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs
                                                           [FAILED]

Thanks for any assistance in this matter.

[TokyNET]

BTW, this is the output of netstat -an, oddly enough, there is nothing listening on 80 or 443....

Code:

netstat -an | grep LISTEN | grep -v ACC
tcp        0      0 XX.XX.189.148:53           0.0.0.0:*                   LISTEN
tcp        0      0 XX.XXX.189.123:53           0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:10024             0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:10025             0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN
tcp        0      0 127.0.0.1:3310              0.0.0.0:*                   LISTEN
tcp        0      0 ::1:53                      :::*                        LISTEN
tcp        0      0 :::21                       :::*                        LISTEN
tcp        0      0 :::22                       :::*                        LISTEN
tcp        0      0 :::993                      :::*                        LISTEN
tcp        0      0 :::995                      :::*                        LISTEN
tcp        0      0 :::110                      :::*                        LISTEN
tcp        0      0 :::143                      :::*                        LISTEN