Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th September 2012, 00:48
quest quest is offline
Junior Member
 
Join Date: Apr 2009
Posts: 6
Thanks: 0
Thanked 2 Times in 1 Post
Default Multiple SSL w/ Multiple Internal IP's

Hello,

I run: Ubuntu 12.04, Ispconfig 3, Amazon EC2 in VPC.

I've successfully

1) Added several internal IP addresses to the Network Interface (per manual 5.18):

Code:
# ifconfig
eth0      Link encap:Ethernet  HWaddr 0a:c3:f2:f5:c8:2d
          inet addr:10.0.0.15  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::8c3:f2ff:fef5:c82d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:117236 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44138 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:156602804 (156.6 MB)  TX bytes:5148130 (5.1 MB)
          Interrupt:27

eth0:1    Link encap:Ethernet  HWaddr 0a:c3:f2:f5:c8:2d
          inet addr:10.0.0.110  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:27

eth0:2    Link encap:Ethernet  HWaddr 0a:c3:f2:f5:c8:2d
          inet addr:10.0.0.167  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:27

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1138 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1138 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:89528 (89.5 KB)  TX bytes:89528 (89.5 KB)
2) Manually updated Ispconfig with the internal ip addresses (per manual 4.9.2.3)

3) Created an SSL site (per manual 5.4) pointing to internal ip address 10.0.0.110

4) Implemented a public ip address that points to the eth0 internal ip address 10.0.0.15

Upon visiting port 80 of the new site I receive the standard Apache HTML= "It works!" Indicating the site is not routed to its domain folder. Upon visiting port 443 of the site I receive an ssl error = "SSL connection error. Unable to make a secure connection to the server".

An additional site set up utilizing the second ip address 10.0.0.167 and not using ssl also displays the apache index.html.

Any Ideas about what may be the issue here?

Thank you.

Last edited by quest; 17th September 2012 at 00:58.
Reply With Quote
Sponsored Links
  #2  
Old 17th September 2012, 03:53
quest quest is offline
Junior Member
 
Join Date: Apr 2009
Posts: 6
Thanks: 0
Thanked 2 Times in 1 Post
Default

Ok. I figured this out. Ill post some info here because I notice this thread is already ranking high for searches including: Multiple SSL certificates Ispconfig Amazon EC2 running in VPC.

The Ispconfig manual does a very good job outlining the steps to set up additional internal ip adresses - which are required for running more than one SSL certificate on a single server (EC2 instance in this case).

If you require multiple internal ip address on an Amazon ec2 instance this article is a very good starting point:
http://about.silkapp.com/page/Multip...20Amazon%20EC2

My above post was nearly correct - but I was trying to use only one external IP address mapped to several unique internal IP addresses.

I'm not sure if this is possible.

My work around included assigning additional External IP addresses to each internal IP address that requires an SSL certificate. In this case I attached an additional external IP address to the internal IP address 10.0.0.110.

It is important to note that you use internal ip addresses to initiate the website and ssl certificate in Ispconfig and an External IP address for DNS purposes.

Last edited by quest; 17th September 2012 at 04:02.
Reply With Quote
The Following 2 Users Say Thank You to quest For This Useful Post:
falko (17th September 2012), till (17th September 2012)
  #3  
Old 3rd January 2013, 16:49
DaRKNeSS666NL DaRKNeSS666NL is offline
HowtoForge Supporter
 
Join Date: Nov 2006
Posts: 207
Thanks: 17
Thanked 5 Times in 4 Posts
 
Default

Quote:
Originally Posted by quest View Post
My above post was nearly correct - but I was trying to use only one external IP address mapped to several unique internal IP addresses.

I'm not sure if this is possible.

My work around included assigning additional External IP addresses to each internal IP address that requires an SSL certificate. In this case I attached an additional external IP address to the internal IP address 10.0.0.110.

It is important to note that you use internal ip addresses to initiate the website and ssl certificate in Ispconfig and an External IP address for DNS purposes.
I am working on putting 2 extra IPv4 up for use with 2 websites that need SSL I have configured these 2 in network interfaces like this:

Code:
| # The primary network interface
 #allow-hotplug eth0
 #iface eth0 inet dhcp
 auto eth0
 iface eth0 inet static
         address xx.xxx.244.62
         netmask 255.255.255.0
         network xx.xxx.244.0
         broadcast xx.xxx.244.255
         gateway xx.xxx.244.254
 
 auto eth0:0
 iface eth0:0 inet static
         address xx.xxx.242.174
         netmask 255.255.255.255
         network xx.xxx.242.0
         broadcast xx.xxx.242.255
         gateway xx.xxx.242.254
 
 auto eth0:1
 iface eth0:1 inet static
         address xx.xxx.242.175
         netmask 255.255.255.255
         network xx.xxx.242.0
         broadcast xx.xxx.242.255
         gateway xx.xxx.242.254
And added them in the server settings if I restart the netwerk interface

Code:
server1:~# /etc/init.d/networking restart
Reconfiguring network interfaces...if-up.d/mountnfs[eth0]: waiting for interface eth0:0 before doing NFS mounts (warning).
if-up.d/mountnfs[eth0]: waiting for interface eth0:1 before doing NFS mounts (warning).
SIOCADDRT: No such process
Failed to bring up eth0:0.
SIOCADDRT: No such process
Failed to bring up eth0:1.
done.
server1:~#
As you can see the 2 ip's don't work, could it be that I must use also 2 internal ip for eth0:1 and eth0:0 and point the 2 external to those 2 internal?
But there is not mention about this in the manual so I don't know how to do it.

Also the data ceter has mentioned to use the loopback interface instead but as mentioned in the manual were not supposed to use this lines??
TIA
__________________
Updating my server to Debian Squeeze, so here I go again...
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help with ISPConfig 3 Update midcarolina Installation/Configuration 36 8th November 2011 22:07
Using Heartbeat w/no load balancer multiple IP's wxman Server Operation 0 11th September 2009 17:06
SSL and IPs problem. debian-lover General 7 21st April 2008 11:59
ssl on multiple internal IPs bruma Installation/Configuration 1 9th October 2006 11:30
Multiple IPs running SSL: config error benbalbo Installation/Configuration 2 18th November 2005 11:34


All times are GMT +2. The time now is 20:19.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.