Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st March 2013, 04:29
Xtreme2damax Xtreme2damax is offline
Junior Member
 
Join Date: Jun 2012
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default A Couple Questions

I recently followed this guide to set up a CentOS server with ISPCOnfig3.

One things I noticed is that secure traffic isn't redirected to port *443 which means if I try to access a secure page with http:// instead of https:// I either get a blank page or with the ISPConfig 3 control panel get some html informing me I am trying to access a secure page and to try typing https:// instead.

Another thing since I've followed the tutorial to the end I am wondering what's left to do to secure/harden the server?
Reply With Quote
Sponsored Links
  #2  
Old 1st March 2013, 14:46
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by Xtreme2damax View Post
One things I noticed is that secure traffic isn't redirected to port *443 which means if I try to access a secure page with http:// instead of https:// I either get a blank page or with the ISPConfig 3 control panel get some html informing me I am trying to access a secure page and to try typing https:// instead.
Do you use rewrite rules that redirect http traffic to https?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 1st March 2013, 20:45
Xtreme2damax Xtreme2damax is offline
Junior Member
 
Join Date: Jun 2012
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
Do you use rewrite rules that redirect http traffic to https?
No, not currently but I was wondering how to do this on the server level so it applies to all websites and domains hosted on the system.
Reply With Quote
  #4  
Old 1st March 2013, 21:27
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,202
Thanks: 829
Thanked 5,420 Times in 4,262 Posts
Default

You can add the rewrite rule in the apache vhost master template which is used to create ne vhosts. You find the templates in /usr/local/ispconfig/server/conf/
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 1st March 2013, 22:58
Xtreme2damax Xtreme2damax is offline
Junior Member
 
Join Date: Jun 2012
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
You can add the rewrite rule in the apache vhost master template which is used to create ne vhosts. You find the templates in /usr/local/ispconfig/server/conf/
What's the name of the file I need to edit? Is it apache_apps.vhost.master or apache_ispconfig.conf.master?
Reply With Quote
  #6  
Old 1st March 2013, 23:38
Xtreme2damax Xtreme2damax is offline
Junior Member
 
Join Date: Jun 2012
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Just to be a bit clearer I would like to set this on a server level so when any website/domain hosted on the server tries to access a secure page using http:// instead of https:// (such as the ISPConfig panel) they are auto redirected to https:// and can login to the panel. I don't want to redirect normal http traffic accessing non-secure pages.

I am a bit confused how to do this and was wondering if someone can post instructions on how to accomplish this? I don't have much experience with setting up and configuring a webserver from scratch.

Last edited by Xtreme2damax; 1st March 2013 at 23:41.
Reply With Quote
  #7  
Old 2nd March 2013, 09:07
Xtreme2damax Xtreme2damax is offline
Junior Member
 
Join Date: Jun 2012
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

For some reason mail isn't working. I set up a forum and created a new user but the welcome/verification email never arrives.
Reply With Quote
  #8  
Old 2nd March 2013, 11:17
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by Xtreme2damax View Post
For some reason mail isn't working. I set up a forum and created a new user but the welcome/verification email never arrives.
Any errors in your mail log?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 2nd March 2013, 15:08
Xtreme2damax Xtreme2damax is offline
Junior Member
 
Join Date: Jun 2012
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
Any errors in your mail log?
Don't think there's any errors but this is what's in /var/log/maillog

Quote:
Mar 2 01:41:01 host postfix/smtpd[4237]: disconnect from localhost[::1]
Mar 2 01:41:01 host imapd: Connection, ip=[::1]
Mar 2 01:41:01 host pop3d: Connection, ip=[::1]
Mar 2 01:41:01 host pop3d: Disconnected, ip=[::1]
Mar 2 01:41:01 host imapd: Disconnected, ip=[::1], time=0
Edit: Do I need PHP-Sendmail? The forum script's mail settings gives an option of either PHP-Mail or SMTP.

Edit: Alright, I did find the proper mail log.

Quote:
Mar 2 03:43:52 host postfix/smtpd[2212]: connect from unknown[127.0.0.1]
Mar 2 03:43:52 host postfix/smtpd[2212]: 6273D20096F: client=unknown[127.0.0.1]
Mar 2 03:43:52 host postfix/cleanup[2155]: 6273D20096F: message-id=<20130302084349.AAD1B20083F@host.domain.com>
Mar 2 03:43:52 host postfix/qmgr[2060]: 6273D20096F: from=<fail2ban@example.com>, size=812, nrcpt=1 (queue active)
Mar 2 03:43:52 host amavis[2207]: (02207-01) Passed CLEAN, <fail2ban@example.com> -> <root@host.xtemu.com>, Message-ID: <20130302084349.AAD1B20083F@host.domain.com>, mail_id: w0twF10RpqQs, Hits: -0.001, size: 382, queued_as: 6273D20096F, 682 ms
Mar 2 03:43:52 host postfix/smtp[2161]: AAD1B20083F: to=<****@host.xtemu.com>, orig_to=<root>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.9, delays=0.22/0.03/1.9/0.68, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02207-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 6273D20096F)
Mar 2 03:43:52 host postfix/qmgr[2060]: AAD1B20083F: removed
Mar 2 03:43:52 host postfix/local[2218]: 6273D20096F: to=<****@host.domain.com>, relay=local, delay=0.12, delays=0.06/0.02/0/0.04, dsn=2.0.0, status=sent (delivered to mailbox)
Mar 2 03:43:52 host postfix/local[2218]: warning: host not found: localhost
Mar 2 03:43:52 host postfix/qmgr[2060]: 6273D20096F: removed
Mar 2 03:48:52 host postfix/smtpd[2212]: timeout after END-OF-MESSAGE from unknown[127.0.0.1]
Mar 2 03:48:52 host postfix/smtpd[2212]: disconnect from unknown[127.0.0.1]
Mar 2 03:53:52 host clamd[1927]: No stats for Database check - forcing reload
Mar 2 03:53:52 host clamd[1927]: Reading databases from /var/lib/clamav
Mar 2 03:53:58 host clamd[1927]: Database correctly reloaded (1908666 signatures)
Mar 2 03:58:48 host postfix/qmgr[2060]: 0CB53200A6F: from=<*******@host.domain.com>, size=1017, nrcpt=1 (queue active)
Mar 2 03:58:49 host postfix/smtp[2833]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400d:c00::1a]:25: Network is unreachable
Mar 2 03:59:19 host postfix/smtp[2833]: connect to gmail-smtp-in.l.google.com[173.194.68.26]:25: Connection timed out
Mar 2 03:59:19 host postfix/smtp[2833]: connect to alt1.gmail-smtp-in.l.google.com[2a00:1450:400c:c00::1a]:25: Network is unreachable
Mar 2 03:59:49 host postfix/smtp[2833]: connect to alt1.gmail-smtp-in.l.google.com[173.194.78.26]:25: Connection timed out
Mar 2 03:59:49 host postfix/smtp[2833]: connect to alt2.gmail-smtp-in.l.google.com[2a00:1450:4013:c00::1a]:25: Network is unreachable
Mar 2 03:59:49 host postfix/smtp[2833]: 0CB53200A6F: to=<X*******@gmail.com>, relay=none, delay=6892, delays=6831/0.07/61/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2a00:1450:4013:c00::1a]:25: Network is unreachable)
Mar 2 04:03:48 host postfix/qmgr[2060]: 4D1482009E8: from=<ispconfig@host.xtemu.com>, size=858, nrcpt=1 (queue active)
Mar 2 04:03:48 host postfix/smtp[3078]: connect to gmail-smtp-in.l.google.com[2607:f8b0:400d:c00::1a]:25: Network is unreachable
Mar 2 04:03:58 host clamd[1927]: SelfCheck: Database status OK.
Mar 2 04:04:18 host postfix/smtp[3078]: connect to gmail-smtp-in.l.google.com[173.194.68.26]:25: Connection timed out
Mar 2 04:04:18 host postfix/smtp[3078]: connect to alt1.gmail-smtp-in.l.google.com[2a00:1450:400c:c00::1a]:25: Network is unreachable
Mar 2 04:04:48 host postfix/smtp[3078]: connect to alt1.gmail-smtp-in.l.google.com[173.194.78.26]:25: Connection timed out
Mar 2 04:04:48 host postfix/smtp[3078]: connect to alt2.gmail-smtp-in.l.google.com[2a00:1450:4013:c00::1a]:25: Network is unreachable
Mar 2 04:04:48 host postfix/smtp[3078]: 4D1482009E8: to=<********@gmail.com>, relay=none, delay=21391, delays=21331/0.08/60/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2a00:1450:4013:c00::1a]:25: Network is unreachable)
Another question, what should /etc/hosts and /etc/resolv.conf contain? I am a bit confused with those so any help would be appreciated.

My current /etc/hosts:

Quote:
127.0.0.1 host.mydomain.com host
::1 host.mydomain.com host
This is what I currently have in /etc/resolv.conf:

Quote:
nameserver 192.168.1.1
# Generated by NetworkManager
domain mydomain.com
search mydomain.com

Last edited by Xtreme2damax; 3rd March 2013 at 01:12.
Reply With Quote
  #10  
Old 3rd March 2013, 08:19
Xtreme2damax Xtreme2damax is offline
Junior Member
 
Join Date: Jun 2012
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Another problem I am experiencing is with Mybb (bulletin board), whenever I try to upload attachments I get a 500 internal server error.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Couple questions foxsrv Installation/Configuration 6 30th January 2011 00:06
Couple of ISPconfig/Perfect Server general questions Heeter General 5 9th February 2009 15:53
Couple of questions on virtual users Stampy HOWTO-Related Questions 6 27th October 2008 22:43
Couple of questions about Ubuntu Vmware install kokpelli Installation/Configuration 3 27th December 2006 13:57
Just a Couple of Questions brainz Installation/Configuration 9 2nd March 2006 10:02


All times are GMT +2. The time now is 02:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.