#1  
Old 21st February 2012, 08:09
pfahrun pfahrun is offline
Junior Member
 
Join Date: Feb 2012
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default Using SSL with ISPConfig3

Dear ISPConfig3 admins,

I installed my ISPConfig3 recently on a Debain server based on the common HowTo HowTo.

Everything is working fine (PureFTPd, Postfix, Apache2, etc.). However I am experiencing trouble in using SSL on a website. I followed this instruction - but it will not work properly. As outlined in the instruction and the manual I assigned the server IP to the website. Although SSL is working now, I cannot reach my other websites, which i configured in ISPConfig3. I get always reditirected to the SSL website. If I leave the IP, SSL is not working, but at least my other websites are working.

Do you have any idea how to solve it? It is driving me crazy...

System:
Debian Server on a virtual machine with VMWare | One unique physical IP

In the following you find the config Files.
httpd.conf - kein Inhalt

port.conf
Code:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
Listen 443
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>
ISPConfig.config
Code:
################################################
# ISPConfig Logfile configuration for vlogger
################################################

LogFormat "%v %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" -d \"/etc/vlogger-dbi.conf\" /var/log/ispconfig/httpd" combined_ispconfig

<Directory /var/www/clients>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

# Do not allow access to the root file system of the server for security reasons
<Directory />
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<Directory /var/www/conf>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

# Except of the following directories that contain website scripts
<Directory /usr/share/phpmyadmin>
        Order allow,deny
        Allow from all
</Directory>

<Directory /usr/share/phpMyAdmin>
        Order allow,deny
        Allow from all
</Directory>

<Directory /usr/share/squirrelmail>
        Order allow,deny
        Allow from all
</Directory>

# allow path to awstats and alias for awstats icons
<Directory /usr/share/awstats>
        Order allow,deny
        Allow from all
</Directory>

Alias /awstats-icon "/usr/share/awstats/icon"


NameVirtualHost *:80 
NameVirtualHost *:443
vhost file for the SSL website:
Code:

    # suexec enabled
    SuexecUserGroup web8 client1
    # Clear PHP settings of this website
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler None
    </FilesMatch>
    # php as fast-cgi enabled
	# For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
    <IfModule mod_fcgid.c>
        IdleTimeout 300
        ProcessLifeTime 3600
        # MaxProcessCount 1000
        DefaultMinClassProcessCount 0
        DefaultMaxClassProcessCount 100
        IPCConnectTimeout 3
        IPCCommTimeout 360
        BusyTimeout 300
    </IfModule>
    <Directory /var/www/login1.tld/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client1/web8/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>


    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId web8 client1
    </IfModule>

    <IfModule mod_dav_fs.c>
	  # Do not execute PHP files in webdav directory
      <Directory /var/www/clients/client1/web8/webdav>
	    <FilesMatch "\.ph(p3?|tml)$">
          SetHandler None
        </FilesMatch>
      </Directory>
      # DO NOT REMOVE THE COMMENTS!
      # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
      # WEBDAV END
    </IfModule>


</VirtualHost>
<VirtualHost *:443>
      DocumentRoot /var/www/login1.tld/web
  
    ServerName login1.tld
    ServerAlias www.login1.tld
    ServerAdmin webmaster@login1.tld

    ErrorLog /var/log/ispconfig/httpd/login1.tld/error.log


    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 502 /error/502.html
    ErrorDocument 503 /error/503.html

    <IfModule mod_ssl.c>
	SSLEngine on
    SSLCertificateFile /var/www/clients/client1/web8/ssl/login1.tld.crt
    SSLCertificateKeyFile /var/www/clients/client1/web8/ssl/login1.tld.key
    </IfModule>
    <Directory /var/www/login1.tld/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client1/web8/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>



    # suexec enabled
    SuexecUserGroup web8 client1
    # Clear PHP settings of this website
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler None
    </FilesMatch>
    # php as fast-cgi enabled
	# For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
    <IfModule mod_fcgid.c>
        IdleTimeout 300
        ProcessLifeTime 3600
        # MaxProcessCount 1000
        DefaultMinClassProcessCount 0
        DefaultMaxClassProcessCount 100
        IPCConnectTimeout 3
        IPCCommTimeout 360
        BusyTimeout 300
    </IfModule>
    <Directory /var/www/login1.tld/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client1/web8/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>


    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId web8 client1
    </IfModule>

    <IfModule mod_dav_fs.c>
	  # Do not execute PHP files in webdav directory
      <Directory /var/www/clients/client1/web8/webdav>
	    <FilesMatch "\.ph(p3?|tml)$">
          SetHandler None
        </FilesMatch>
      </Directory>
      # DO NOT REMOVE THE COMMENTS!
      # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
      # WEBDAV END
    </IfModule>


</VirtualHost>
Reply With Quote
Sponsored Links
  #2  
Old 21st February 2012, 09:11
pfahrun pfahrun is offline
Junior Member
 
Join Date: Feb 2012
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Warum ist die httpd.conf eigetnlcih leer? Ist das normal bei ISPConfig3?
Reply With Quote
  #3  
Old 21st February 2012, 11:31
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,653 Times in 4,462 Posts
Default

Dont mix * and IP in the website settings. Set all websites to use the IP address and not *.



Quote:
Warum ist die httpd.conf eigetnlcih leer? Ist das normal bei ISPConfig3?
Thats normal on Debian Linux and not related to ISPConfig. The file exists on Debian for legacy reasons and is not used anymore.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
pfahrun (21st February 2012)
  #4  
Old 21st February 2012, 13:59
pfahrun pfahrun is offline
Junior Member
 
Join Date: Feb 2012
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default

Thank you Till.

I assigned the IP to all websites. But I still have the weird problem that independently from the entered domain only one (my joomla page) is opened. Except when I use the prefix https:// for my ssl website - Than the website will be opened. Any ideas?

I associated the domains with the IP address of my server in the host file of my windows client (C:\Windows\System32\drivers\etc) to access the websites. I do not think that there is something wrong as it worked fine without SSL.
Reply With Quote
  #5  
Old 21st February 2012, 14:25
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,653 Times in 4,462 Posts
Default

SSL is a IP based protocol, so when you use https, then the only ssl based website will get opned that is defoned on that IP. The domain name does not matter here.

If you use http, then apache should show the website based on the Domain name. You should ensure that all domains point to that IP in dns and that they have a a record for the domain and a a or cname record for the www subdomain and that auto subdomain www is enabled in the website in all sites.

The behaviour that I described here is the normal behaviour of apache when you use ssl, for that reason you use normally a dedicated IP address for the SSL website which is not used by any other site.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 21st February 2012, 19:05
pfahrun pfahrun is offline
Junior Member
 
Join Date: Feb 2012
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default

It is kind of weird - even if I disable SSL and assign IPs to my various webistes only the first website, I assigned the IP to is shown for every domain. Kind of funny that it is working (without SSL) if I use * for the IP....I have the feeling ISPConfig 3 attempts to drive me crazy...

Do I realy need to use DNS? TO be honest I have no idea how to configure it properly. What do I enter for ns1 and ns2?

Thank you very much in advance.
Reply With Quote
  #7  
Old 21st February 2012, 19:49
pfahrun pfahrun is offline
Junior Member
 
Join Date: Feb 2012
Posts: 5
Thanks: 1
Thanked 0 Times in 0 Posts
Default

I also added DNS entries for every domain - still nothing is working. A ssoon as I use the static IP for one website every domain request shows the same website....I have no clue what I am doing wrong
Reply With Quote
  #8  
Old 22nd February 2012, 20:02
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,752 Times in 2,582 Posts
 
Default

Can you check if your hostnames/domains point to the correct IP addresses? You can check like this:
Code:
dig www.yourdomain.com
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
haproxy with stunnel problem abubin Server Operation 6 10th April 2012 16:08
Need help with ISPConfig 3 Update midcarolina Installation/Configuration 36 8th November 2011 23:07
Adding SSL certificate to Site snowfly Installation/Configuration 2 31st May 2011 13:54
Creating a SSL certificate - Quick guide SamTzu Tips/Tricks/Mods 22 4th January 2011 14:38
amavis rejects all inbound emails aclhkaclhk Installation/Configuration 5 28th February 2010 05:24


All times are GMT +2. The time now is 20:53.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.