Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th May 2010, 14:35
yoplait yoplait is offline
Senior Member
 
Join Date: Dec 2009
Posts: 139
Thanks: 46
Thanked 9 Times in 9 Posts
Default What are the changes of adding a IP for a domain ?

Hi all,
In the continuation of this thread ( http://www.howtoforge.com/forums/showthread.php?t=45898 ) I really wonder how ispconfig changes his configuration.
I can notice some behavior I don't understand (surely because of ONE thing I can't understand, but which one !)

1- I can see that all symbolic links of web software can't work with the domain which is now attached to this new IP address : squirrelmail, roundcube, phpmyadmin, munin... One solution was to add the folder of theses folders in the "PHP open_basedir" field (which is limited ! Is it normal ?) But why is it now a necessity whereas it wasn't with the "main" IP ?

2 - I can see that the wiki of this website (a dokuwiki) is now in readonly, but no file were modify to do this, except the new IP in Ispconfig...

3 - In addition, the ispconfig interface is not under the new certificat (on port 444 for example), I don't know how to use the new certificat for ispconfig interface, because when I do the change in the ispconfig vhost file, I fall on an error in firefox...

4 - I would like to force people to use the https of this domain, I think I can do this by erase all about the port 80 in the domain's vhost file, but can't it be possible by ispconfig ?

5 - I'm searching a way to use the new certificat for courier, postfix, pureftpd, for this domain... Is it possible to define which domain goes with which certificat ?

Please, tell me I'm wrong somewhere !
Reply With Quote
Sponsored Links
  #2  
Old 19th May 2010, 15:18
yoplait yoplait is offline
Senior Member
 
Join Date: Dec 2009
Posts: 139
Thanks: 46
Thanked 9 Times in 9 Posts
Default

And maybe the all-in-one answer :
What does the field "HTTP NameVirtualHost" mean in the ip addresses menu ?

I untick that, and it seems to be really good .
Reply With Quote
  #3  
Old 19th May 2010, 15:27
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

The misunderstanding is that you try to access services trough the domain of your customers instead of using our company domain or the hostname of the server.

For example: ISPConfig has to be accessed always with serverhostname:8080 or IP:8080 and never clientdomain:8080 if you want to use SSL as SSL cert is only for the domain you registered it for. Same for webmail, phpmyadmin etc. You access all these services trough the server hostname or a dedicated site and never trough the domain of a client. Accessing them trough the domain of the client and adding the path to the open_basedir is a security risk that makes it possible to read even mysql passwords under some circumstances as you give your clients control over these directories which are shared to all other clients.

Quote:
And maybe the all-in-one answer :
What does the field "HTTP NameVirtualHost" mean in the ip addresses menu ?

I untick that, and it seems to be really good .
It enables you to use IP based vhosts. Thats e.g. nescessary to use SSL.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 19th May 2010, 15:57
yoplait yoplait is offline
Senior Member
 
Join Date: Dec 2009
Posts: 139
Thanks: 46
Thanked 9 Times in 9 Posts
Default

I've never changed the open_basedir field before today, but I can see that without the "HTTP NameVirtualHost" option, everything seems to work great now.
That's why I'm wondering about your last sentence... it wouldn't be working, is it ?

Your opinion about "central access" is a good point of view, but by default, every domain can access to squirrelmail, roundcube, phpmyadmin and munin. I surely have to change this but ispconfig seems to be configured like this by default, isn't it ?

last comment : This is effectively the "main" website that has this new SSL certificat and the goal is to protect this central services... In fact, I agree with you for all you said, the difficulty is to make it works !
Reply With Quote
  #5  
Old 20th May 2010, 14:32
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,256
Thanks: 210
Thanked 648 Times in 294 Posts
Send a message via Skype™ to Hans
Default https only

@Yoplait,

Quote:
4 - I would like to force people to use the https of this domain, I think I can do this by erase all about the port 80 in the domain's vhost file, but can't it be possible by ispconfig ?
If you want to force your clients to use SSL (https) for your website, then add these lines to the "Options" tab of your website with SSL certicate in ISPConfig3:

Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
__________________
Hans

BB-Hosting | Quality Web Hosting since 2005
Reply With Quote
The Following User Says Thank You to Hans For This Useful Post:
yoplait (20th May 2010)
  #6  
Old 20th May 2010, 18:51
yoplait yoplait is offline
Senior Member
 
Join Date: Dec 2009
Posts: 139
Thanks: 46
Thanked 9 Times in 9 Posts
 
Default

That works great ! Thanks a lot !
I will try to understand these lines now .
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help required in adding Domain Users to Local Powers Users group skirao Server Operation 0 28th August 2009 10:49
domain name already in use when adding Mahalo General 4 23rd February 2009 21:44
OpenLDAP + Samba Domain Controller On Ubuntu 7.10 bootzcat HOWTO-Related Questions 7 21st March 2008 15:31
Strato Server - Restoring with SystemImager popper2001 HOWTO-Related Questions 5 28th July 2007 10:18
Creating image with Systemimager cuongtim HOWTO-Related Questions 3 18th November 2006 13:55


All times are GMT +2. The time now is 12:05.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.