#1  
Old 22nd February 2011, 22:00
menahem menahem is offline
Member
 
Join Date: Aug 2006
Posts: 40
Thanks: 0
Thanked 1 Time in 1 Post
Default howto implement ssl

Hi All,

How can this tutorial http://howtoforge.net/hosting-multip...s-debian-lenny can be implemented foe websites managed by ispconfig 3.x.x?

Thank you.

Menahem
Reply With Quote
Sponsored Links
  #2  
Old 23rd February 2011, 15:39
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

I haven't tried this. I guess you will have to change your vhost configurations manually (maybe it can also be done using ISPConfig's Apache Directives field).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 23rd February 2011, 21:18
menahem menahem is offline
Member
 
Join Date: Aug 2006
Posts: 40
Thanks: 0
Thanked 1 Time in 1 Post
Default

falko,

It is working but i need your eyes over it to help me do it on another server.
What i did is:
preliminary notes:

A. I used ispconfig manual in order to have SSL configured.
B. The server i used has 1 IP address with numerous virtual hosts on it. That meas that (With accordance to the ispconfig manual) only one Vhost can have the SSL certificate.

The Howto:
I set to one of the Vhosts it own SSL certificate.
then:
Code:
vi /etc/apache2/sites-available/default-ssl
And chanced it from:
Code:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
	ServerAdmin webmaster@localhost
	
	DocumentRoot /var/www/
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
to:
Code:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
	ServerAdmin webmaster@localhost
	
	DocumentRoot /var/www/example.com/web
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/example.com/web>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
And then restarted apache with:
Code:
/etc/init.d/apache2 restart
I ended with the following:
When ever i do https://example.com, i get an answer feom the server and everything looks o.k. - But: when ever i do https://hostname.com i am redirected by the server to example.com or ,if you like, to /var/www/example.com/web.
As far as i can see with this server configuration only one Vhost can have SSL access because there is only 1 SSL certificate to it IP address.
That is fine.

Now i need your help/opinion regarding another server who have 4 ip address and many Vhosts on any IP address. This server is a production server and i do not and can not play with it.

I think that it can be done by adding multiple data to default-ssl it might look like this (but i am not shure about that):
Code:
<VirtualHost _default_:443>
	ServerAdmin webmaster@localhost
	
	DocumentRoot /var/www/example.com/web
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/example.com/web>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
<VirtualHost _default_:443>
	ServerAdmin webmaster@localhost
	
	DocumentRoot /var/www/domain.com/web
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/domain.com/web>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
<VirtualHost _default_:443>
	ServerAdmin webmaster@localhost
	
	DocumentRoot /var/www/domain2.com/web
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/domain2.com/web>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
	</Directory>
Thank`s for your help. Please advice.
Menahem
Reply With Quote
  #4  
Old 23rd March 2011, 12:24
i-chat i-chat is offline
Member
 
Join Date: Jan 2011
Posts: 31
Thanks: 3
Thanked 0 Times in 0 Posts
Default

would it be posible to include a patch that we can apply to the code (or a module of some kind) to be able to do this standaard for all users.

an alternative option - but im not sure if that could even work, would be to allow both methods,

sinse we already have 1ip we might want to enable default ssl for the ISPConfig pannel so that we're sure that that's always safe (including older browsers),

> we could enable it on a non default port as webmin or plesk has it.
so you would do server1.mywebhostingcompany.com:12322/ to get to your ssl protected management panel, and we could than still use sni on port 433 (with a warning (or a gracefull degradation), to users who want there websites protected.
Reply With Quote
  #5  
Old 23rd March 2011, 17:22
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,769
Thanks: 840
Thanked 5,608 Times in 4,419 Posts
Default

Quote:
> we could enable it on a non default port as webmin or plesk has it.
Thats what ISPConfig is doing already, you can enable ssl when you run a ispconfig update on your system in the ispconfig installer. You dont need the approach described above for that, as you can rin as many ssl certs as you like with openssl when they use different ports. The above approach is only about using multi ssl certs on the same port and same IP.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 23rd March 2011, 19:27
i-chat i-chat is offline
Member
 
Join Date: Jan 2011
Posts: 31
Thanks: 3
Thanked 0 Times in 0 Posts
 
Default

sorry if i wasn't being clear enought, what i meen is, 1cert to rule them all (no really, just for the admin interface), and SNI for the rest of it.

i would like to have none-sni supporting browers still at least to be able to use the admin interface, while users who dont care so mutch about backwardcompatiblillity can have ssl based websites also (for say joomla's admin interface or stuf like OScommerce.

this however would require some php code (i think) that could manage SNI, and its certs,

i think that ano 2011 not supporting sni is like building a website in ms word '98 it mostly works but its not what you'd expect.

on a client side i would probly write some jscript or php+jscript warning msg that detects ms win xp, and recomends updating to at least firefox 3.6 or upgrading their os to supporting versions.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating a SSL certificate - Quick guide SamTzu Tips/Tricks/Mods 22 4th January 2011 14:38
need howto on using SNI - nultiple ssl on one IP id10t Suggest HOWTO 0 29th September 2009 16:26
Howto integrate SSL Proxy Feature into ISPConfig 3? Master One Installation/Configuration 6 12th June 2009 10:37
howto renew SelfSigned SSL Certificates rick z Installation/Configuration 1 12th March 2008 20:35
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 18:59


All times are GMT +2. The time now is 01:33.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.