This Is just a small how to have multiple SSL client sites hosts. This setup is port based, because apache2 only allows 1 SSL in port 443. This means each client SSL website will have a port that responds to https requests.
Having more than one SSL responding on port 443, also relatively easy to accomplish but implies having several eth cards or eth0 virtual clones (with individual LAN ip's) eth0 = lan ip1, eth0:1 =lan ip2, eth0:2 = lan ip3, etc. and several external WAN ip's pointing to each individual LAN Ip clone on port 443. But again not covered here.
Initial recommendations:
1. Don't use ISPConfig3 SSL features to create the SSL virtual host. It overrides the ports. Just create the normal http site, leave SSL off.
2. In this setup I will use example.org as domain and port 444 for the SSL.
3. Remember to open / NAT your firewall / router port 444 and point it at your webserver LAN IP.
4. This will cover 1 host setup, if you have many websites like I do just repeat the instructions for each website domain and assign a different port to each one.
Lets Start:
1. in /etc/apache2sites-available/ create a new vhost file and name it example.org.https.vhost
Code:
cd /etc/apache2sites-available/
sudo nano example.org.https.vhost
copy the below text into the file
replace all instances of example.org and insert your domain name
replace all instance of /var/www/clients/client1/web8 and insert the path to your ispconfig3 website root location
PHP Code:
<Directory /var/www/example.org>
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>
<VirtualHost example.org:444>
DocumentRoot /var/www/example.org/web
ServerName example.org
ServerAlias www.example.org
ServerAdmin webmaster@example.org
ErrorLog /var/log/ispconfig/httpd/example.org/error.log
Alias /error/ "/var/www/example.org/web/error/"
ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 405 /error/405.html
ErrorDocument 500 /error/500.html
ErrorDocument 502 /error/502.html
ErrorDocument 503 /error/503.html
<IfModule mod_ssl.c>
SSLEngine on
SSLCertificateFile /var/www/clients/client1/web8/ssl/example.org.crt
SSLCertificateKeyFile /var/www/clients/client1/web8/ssl/example.org.key
SSLCertificateChainFile /var/www/clients/client1/web8/ssl/sub.class1.server.ca.pem
SSLCACertificateFile /var/www/clients/client1/web8/ssl/ca.pem
</IfModule>
<Directory /var/www/example.org/web>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<Directory /var/www/clients/client1/web8/web>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
# suexec enabled
<IfModule mod_suexec.c>
SuexecUserGroup web8 client1
</IfModule>
# Clear PHP settings of this website
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
# php as fast-cgi enabled
# For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
<IfModule mod_fcgid.c>
IdleTimeout 300
ProcessLifeTime 3600
# MaxProcessCount 1000
DefaultMinClassProcessCount 0
DefaultMaxClassProcessCount 100
IPCConnectTimeout 3
IPCCommTimeout 360
BusyTimeout 300
</IfModule>
<Directory /var/www/example.org/web>
AddHandler fcgid-script .php .php3 .php4 .php5
FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php
Options +ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<Directory /var/www/clients/client1/web8/web>
AddHandler fcgid-script .php .php3 .php4 .php5
FCGIWrapper /var/www/php-fcgi-scripts/web8/.php-fcgi-starter .php
Options +ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>
# add support for apache mpm_itk
<IfModule mpm_itk_module>
AssignUserId web8 client1
</IfModule>
<IfModule mod_dav_fs.c>
# Do not execute PHP files in webdav directory
<Directory /var/www/clients/client1/web8/webdav>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
</Directory>
DavLockDB /var/www/clients/client1/web8/tmp/DavLock
# DO NOT REMOVE THE COMMENTS!
# IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
# WEBDAV BEGIN
# WEBDAV END
</IfModule>
</VirtualHost>
save with ctrl-x
2. Now let's make a symbolik link of this file into apache2 sites-enabled
Code:
sudo ln -s /etc/apache2/sites-available/example.org.https.vhost /etc/apache2/sites-enabled/100-example.org.https.vhost
3.Proceed to copy all the website SSL files into the ispconfig3 website folder. As you may in the above vhost file, the example.org website is using the folder /var/www/clients/client1/web8/ ... the SSL files need to be copied into the ssl folder /var/www/clients/client1/web8/ssl/
Once done rename the ssl.key and ssl.crt file into example.org.key and example.org.crt
Code:
cd /var/www/clients/client1/web8/ssl/
sudo mv ssl.key example.org.key
sudo mv ssl.crt example.org.crt
4. You are done and just need to restart apache2
Code:
sudo /etc/init.d/apache2 restart
Not necessary but useful:
You probably notice each time you restart apache2 with the command:
Code:
sudo /etc/init.d/apache2 restart
you get a bunch of warnings like this:
Code:
[warn] NameVirtualHost *:80 has no VirtualHosts
They are not critical but they tick me off and create a huge error log. Unfortunately ISPConfig3 uses a basic vhost config that we can change by editing the master vhost template file vhost.conf.master located in /usr/local/ispconfig/server/conf/
1. create a backup file:
Code:
cp /usr/local/ispconfig/server/conf/vhost.conf.master /usr/local/ispconfig/server/conf/vhost.conf.master.bk
2. open vhost.conf.master file:
Code:
sudo nano /usr/local/ispconfig/server/conf/vhost.conf.master
around line 9 you will see:
Code:
<VirtualHost {tmpl_var name='ip_address'}:{tmpl_var name='port'}>
delete
Code:
:{tmpl_var name='port'}
so the line looks like:
Code:
<VirtualHost {tmpl_var name='ip_address'}>
3. save the file, ctrl-x
English | 
Deutsch
ISPConfig3 How to have multiple manually created port based SSL client sites hosts
Threaded Mode
Recent comments
8 hours 25 min ago
15 hours 6 min ago
18 hours 57 min ago
20 hours 35 min ago
1 day 5 hours ago
1 day 14 hours ago
1 day 15 hours ago
1 day 18 hours ago
1 day 23 hours ago
1 day 23 hours ago